Ethereal-dev: [Ethereal-dev] kerberos patch
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Will Fiveash <William.Fiveash@xxxxxxx>
Date: Fri, 7 Oct 2005 13:52:54 -0500
I've modified the packet-kerberos.c to support PA-ETYPE-INFO2 type and the new aes128-cts-hmac-sha1-96 and aes256-cts-hmac-sha1-96 enctypes. The patch (for 0.10.12) is attached. -- Will Fiveash Sun Microsystems Inc. Austin, TX, USA (TZ=CST6CDT)
--- /export/willf/src/ethereal/orig/ethereal-0.10.12/epan/dissectors/packet-kerberos.c Tue Jul 26 14:26:41 2005
+++ packet-kerberos.c Fri Oct 7 11:02:00 2005
@@ -142,6 +142,8 @@
static gint hf_krb_PA_DATA_type = -1;
static gint hf_krb_PA_DATA_value = -1;
static gint hf_krb_etype_info_salt = -1;
+static gint hf_krb_etype_info2_salt = -1;
+static gint hf_krb_etype_info2_s2kparams = -1;
static gint hf_krb_SAFE_BODY_user_data = -1;
static gint hf_krb_PRIV_BODY_user_data = -1;
static gint hf_krb_realm = -1;
@@ -843,6 +845,8 @@
#define KRB5_ENCTYPE_RSA_ES_OEAP_ENV 14
#define KRB5_ENCTYPE_DES_EDE3_CBC_ENV 15
#define KRB5_ENCTYPE_DES3_CBC_SHA1 16
+#define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 17
+#define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 18
#define KRB5_ENCTYPE_DES_CBC_MD5_NT 20
#define KERB_ENCTYPE_RC4_HMAC 23
#define KERB_ENCTYPE_RC4_HMAC_EXP 24
@@ -909,6 +913,7 @@
#define KRB5_PA_PK_AS_REQ 14
#define KRB5_PA_PK_AS_REP 15
#define KRB5_PA_DASS 16
+#define KRB5_PA_ENCTYPE_INFO2 19
#define KRB5_PA_USE_SPECIFIED_KVNO 20
#define KRB5_PA_SAM_REDIRECT 21
#define KRB5_PA_GET_FROM_TYPED_DATA 22
@@ -1145,6 +1150,7 @@
{ KRB5_PA_CYBERSAFE_SECUREID , "PA-CYBERSAFE-SECURID" },
{ KRB5_PA_AFS3_SALT , "PA-AFS3-SALT" },
{ KRB5_PA_ENCTYPE_INFO , "PA-ENCTYPE-INFO" },
+ { KRB5_PA_ENCTYPE_INFO2 , "PA-ENCTYPE-INFO2" },
{ KRB5_PA_SAM_CHALLENGE , "PA-SAM-CHALLENGE" },
{ KRB5_PA_SAM_RESPONSE , "PA-SAM-RESPONSE" },
{ KRB5_PA_PK_AS_REQ , "PA-PK-AS-REQ" },
@@ -1187,6 +1193,8 @@
{ KRB5_ENCTYPE_RSA_ES_OEAP_ENV, "rsa-es-oeap-env" },
{ KRB5_ENCTYPE_DES_EDE3_CBC_ENV, "des-ede3-cbc-env" },
{ KRB5_ENCTYPE_DES3_CBC_SHA1 , "des3-cbc-sha1" },
+ { KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 , "aes128-cts-hmac-sha1-96" },
+ { KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 , "aes256-cts-hmac-sha1-96" },
{ KRB5_ENCTYPE_DES_CBC_MD5_NT , "des-cbc-md5-nt" },
{ KERB_ENCTYPE_RC4_HMAC , "rc4-hmac" },
{ KERB_ENCTYPE_RC4_HMAC_EXP , "rc4-hmac-exp" },
@@ -1947,6 +1955,20 @@
return offset;
}
+int
+dissect_krb5_etype_info2_salt(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_etype_info2_salt, NULL, 0);
+ return offset;
+}
+
+static int
+dissect_krb5_etype_info2_s2kparams(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_etype_info2_s2kparams, NULL);
+ return offset;
+}
+
static ber_sequence_t PA_ENCTYPE_INFO_ENTRY_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_etype },
@@ -1973,6 +1995,34 @@
return offset;
}
+static ber_sequence_t PA_ENCTYPE_INFO2_ENTRY_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_etype },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_etype_info2_salt },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_etype_info2_s2kparams },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_PA_ENCTYPE_INFO2_ENTRY(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_ENCTYPE_INFO2_ENTRY_sequence, -1, -1);
+
+ return offset;
+}
+
+static ber_sequence_t PA_ENCTYPE_INFO2_sequence_of[1] = {
+ { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_ENCTYPE_INFO2_ENTRY },
+};
+static int
+dissect_krb5_PA_ENCTYPE_INFO2(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, PA_ENCTYPE_INFO2_sequence_of, -1, -1);
+
+ return offset;
+}
+
/*
* PA-DATA ::= SEQUENCE {
* padata-type[1] INTEGER,
@@ -2026,6 +2076,9 @@
case KRB5_PA_ENCTYPE_INFO:
offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENCTYPE_INFO);
break;
+ case KRB5_PA_ENCTYPE_INFO2:
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENCTYPE_INFO2);
+ break;
default:
offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, NULL);
}
@@ -4141,6 +4194,12 @@
{ &hf_krb_etype_info_salt, {
"Salt", "kerberos.etype_info.salt", FT_BYTES, BASE_HEX,
NULL, 0, "Salt", HFILL }},
+ { &hf_krb_etype_info2_salt, {
+ "Salt", "kerberos.etype_info2.salt", FT_BYTES, BASE_HEX,
+ NULL, 0, "Salt", HFILL }},
+ { &hf_krb_etype_info2_s2kparams, {
+ "Salt", "kerberos.etype_info.s2kparams", FT_BYTES, BASE_HEX,
+ NULL, 0, "S2kparams", HFILL }},
{ &hf_krb_SAFE_BODY_user_data, {
"User Data", "kerberos.SAFE_BODY.user_data", FT_BYTES, BASE_HEX,
NULL, 0, "SAFE BODY userdata field", HFILL }},
Attachment:
pgpVI50F5lizw.pgp
Description: PGP signature
- Follow-Ups:
- [Ethereal-dev] Re: kerberos patch
- From: ronnie sahlberg
- [Ethereal-dev] Re: kerberos patch
- Prev by Date: Re: [Ethereal-dev] Updates and a new feature
- Next by Date: [Ethereal-dev] Re: [Ethereal-cvs] rev 16131:
- Previous by thread: [Ethereal-dev] Re: New dissector for PVFS2
- Next by thread: [Ethereal-dev] Re: kerberos patch
- Index(es):
