Wireshark · Wireshark-dev: Re: [Wireshark-dev] Kerberos pre-auth type constants - MS extensions are wrong?

[Bill Meier <wmeier@xxxxxxxxxxx>]

Bill Meier wrote:
> Kaul wrote:
> > On Mon, May 3, 2010 at 4:47 PM, Anders Broman <anders.broman@xxxxxxxxxxxx>wrote:
> >
> > >  Hi,
> > > Note that packet-kerberos-template.c isn't used to generate
> > > packet-kerberos.c currently, I would guess
> > > that the info in packet-kerberos-template.c is copied from the current hand
> > > written dissector.
> > > Regards
> > > Anders
> >
> > Yes, I've just discovered that. And indeed, changing the value in
> > packet-kerberos.c seems to solve the issue.
> > Y.
>
> When I looked at this some time back, I convinced myself (ISTR via 
> testing) that the 'dissect_ber_integer' in 'dissect_krb5_PA_DATA_type'
> returned a 32-bit 'FFFFFF80' for a KRB5_PA_PAC_REQUEST byte of 0x80.
>
> The same appeared to also be true for KRB5_PA_S4U2SELF  & 
> KRB5_PA_PROV_SRV_LOCATION.
>
>
> Can you supply a capture so I can look into this ???
>
> (Maybe the best way is to create a bug report and attach a capture file. 
> You can mark the attachment as private if needed).
>
> Thanks
>
> Bill

PS: remembering a bit more:

This was my attempt to fix bug #4363.

Suggestions are welcome as to a better fix ....