Wireshark-dev: Re: [Wireshark-dev] Kerberos pre-auth type constants - MS extensions are wrong?
From: Kaul <mykaul@xxxxxxxxx>
Date: Mon, 3 May 2010 16:57:16 +0300


On Mon, May 3, 2010 at 4:47 PM, Anders Broman <anders.broman@xxxxxxxxxxxx> wrote:
Hi,
Note that packet-kerberos-template.c isn't used to generate packet-kerberos.c currently, I would guess
that the info in packet-kerberos-template.c is copied from the current hand written dissector.
Regards
Anders


Yes, I've just discovered that. And indeed, changing the value in packet-kerberos.c seems to solve the issue.
Y.
 


From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Kaul
Sent: den 3 maj 2010 14:04
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Kerberos pre-auth type constants - MS extensions are wrong?

It appears like MS extensions for Kerberos pre-auth type constants, such as:
#define KRB5_PA_PAC_REQUEST         -128  /* = 0xFFFFFF80 = (gint32)((gint8)0x80) MS extension */

are wrong - should be 128 (which is 0x80 btw), for example, based on a capture I've done and on http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-KILE%5D.pdf (see section 3.1.5.1)
Is it OK to fix them in packet-kerberos-template.c? Anyone knows where the mistake comes from?

TIA,
Y.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe