mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-11-27 20:14:12 +08:00
269 lines
6.3 KiB
C
269 lines
6.3 KiB
C
/*
|
|
* Copyright (c) 1995, 1996, 1997
|
|
* The Regents of the University of California. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that: (1) source code distributions
|
|
* retain the above copyright notice and this paragraph in its entirety, (2)
|
|
* distributions including binary code include the above copyright notice and
|
|
* this paragraph in its entirety in the documentation or other materials
|
|
* provided with the distribution, and (3) all advertising materials mentioning
|
|
* features or use of this software display the following acknowledgement:
|
|
* ``This product includes software developed by the University of California,
|
|
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
|
|
* the University nor the names of its contributors may be used to endorse
|
|
* or promote products derived from this software without specific prior
|
|
* written permission.
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
|
|
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
|
*
|
|
* Initial contribution from John Hawkinson (jhawk@mit.edu).
|
|
*/
|
|
|
|
/* \summary: Kerberos printer */
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
|
|
#include "netdissect-stdinc.h"
|
|
|
|
#include "netdissect.h"
|
|
#include "extract.h"
|
|
|
|
/*
|
|
* Kerberos 4:
|
|
*
|
|
* Athena Technical Plan
|
|
* Section E.2.1
|
|
* Kerberos Authentication and Authorization System
|
|
* by S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer
|
|
*
|
|
* http://web.mit.edu/Saltzer/www/publications/athenaplan/e.2.1.pdf
|
|
*
|
|
* 7. Appendix I Design Specifications
|
|
*
|
|
* Kerberos 5:
|
|
*
|
|
* RFC 1510, RFC 2630, etc.
|
|
*/
|
|
|
|
|
|
static const u_char *c_print(netdissect_options *, const u_char *, const u_char *);
|
|
static const u_char *krb4_print_hdr(netdissect_options *, const u_char *);
|
|
static void krb4_print(netdissect_options *, const u_char *);
|
|
|
|
#define AUTH_MSG_KDC_REQUEST 1<<1
|
|
#define AUTH_MSG_KDC_REPLY 2<<1
|
|
#define AUTH_MSG_APPL_REQUEST 3<<1
|
|
#define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1
|
|
#define AUTH_MSG_ERR_REPLY 5<<1
|
|
#define AUTH_MSG_PRIVATE 6<<1
|
|
#define AUTH_MSG_SAFE 7<<1
|
|
#define AUTH_MSG_APPL_ERR 8<<1
|
|
#define AUTH_MSG_DIE 63<<1
|
|
|
|
#define KERB_ERR_OK 0
|
|
#define KERB_ERR_NAME_EXP 1
|
|
#define KERB_ERR_SERVICE_EXP 2
|
|
#define KERB_ERR_AUTH_EXP 3
|
|
#define KERB_ERR_PKT_VER 4
|
|
#define KERB_ERR_NAME_MAST_KEY_VER 5
|
|
#define KERB_ERR_SERV_MAST_KEY_VER 6
|
|
#define KERB_ERR_BYTE_ORDER 7
|
|
#define KERB_ERR_PRINCIPAL_UNKNOWN 8
|
|
#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9
|
|
#define KERB_ERR_NULL_KEY 10
|
|
|
|
struct krb {
|
|
nd_uint8_t pvno; /* Protocol Version */
|
|
nd_uint8_t type; /* Type+B */
|
|
};
|
|
|
|
static const struct tok type2str[] = {
|
|
{ AUTH_MSG_KDC_REQUEST, "KDC_REQUEST" },
|
|
{ AUTH_MSG_KDC_REPLY, "KDC_REPLY" },
|
|
{ AUTH_MSG_APPL_REQUEST, "APPL_REQUEST" },
|
|
{ AUTH_MSG_APPL_REQUEST_MUTUAL, "APPL_REQUEST_MUTUAL" },
|
|
{ AUTH_MSG_ERR_REPLY, "ERR_REPLY" },
|
|
{ AUTH_MSG_PRIVATE, "PRIVATE" },
|
|
{ AUTH_MSG_SAFE, "SAFE" },
|
|
{ AUTH_MSG_APPL_ERR, "APPL_ERR" },
|
|
{ AUTH_MSG_DIE, "DIE" },
|
|
{ 0, NULL }
|
|
};
|
|
|
|
static const struct tok kerr2str[] = {
|
|
{ KERB_ERR_OK, "OK" },
|
|
{ KERB_ERR_NAME_EXP, "NAME_EXP" },
|
|
{ KERB_ERR_SERVICE_EXP, "SERVICE_EXP" },
|
|
{ KERB_ERR_AUTH_EXP, "AUTH_EXP" },
|
|
{ KERB_ERR_PKT_VER, "PKT_VER" },
|
|
{ KERB_ERR_NAME_MAST_KEY_VER, "NAME_MAST_KEY_VER" },
|
|
{ KERB_ERR_SERV_MAST_KEY_VER, "SERV_MAST_KEY_VER" },
|
|
{ KERB_ERR_BYTE_ORDER, "BYTE_ORDER" },
|
|
{ KERB_ERR_PRINCIPAL_UNKNOWN, "PRINCIPAL_UNKNOWN" },
|
|
{ KERB_ERR_PRINCIPAL_NOT_UNIQUE,"PRINCIPAL_NOT_UNIQUE" },
|
|
{ KERB_ERR_NULL_KEY, "NULL_KEY"},
|
|
{ 0, NULL}
|
|
};
|
|
|
|
static const u_char *
|
|
c_print(netdissect_options *ndo,
|
|
const u_char *s, const u_char *ep)
|
|
{
|
|
u_char c;
|
|
int flag;
|
|
|
|
flag = 1;
|
|
while (s < ep) {
|
|
c = EXTRACT_U_1(s);
|
|
s++;
|
|
if (c == '\0') {
|
|
flag = 0;
|
|
break;
|
|
}
|
|
fn_print_char(ndo, c);
|
|
}
|
|
if (flag)
|
|
return NULL;
|
|
return (s);
|
|
}
|
|
|
|
static const u_char *
|
|
krb4_print_hdr(netdissect_options *ndo,
|
|
const u_char *cp)
|
|
{
|
|
cp += 2;
|
|
|
|
#define PRINT if ((cp = c_print(ndo, cp, ndo->ndo_snapend)) == NULL) goto trunc
|
|
|
|
PRINT;
|
|
ND_PRINT(".");
|
|
PRINT;
|
|
ND_PRINT("@");
|
|
PRINT;
|
|
return (cp);
|
|
|
|
trunc:
|
|
nd_print_trunc(ndo);
|
|
return (NULL);
|
|
|
|
#undef PRINT
|
|
}
|
|
|
|
static void
|
|
krb4_print(netdissect_options *ndo,
|
|
const u_char *cp)
|
|
{
|
|
const struct krb *kp;
|
|
u_char type;
|
|
u_short len;
|
|
|
|
#define PRINT if ((cp = c_print(ndo, cp, ndo->ndo_snapend)) == NULL) goto trunc
|
|
/* True if struct krb is little endian */
|
|
#define IS_LENDIAN(kp) ((EXTRACT_U_1((kp)->type) & 0x01) != 0)
|
|
#define KTOHSP(kp, cp) (IS_LENDIAN(kp) ? EXTRACT_LE_U_2(cp) : EXTRACT_BE_U_2(cp))
|
|
|
|
kp = (const struct krb *)cp;
|
|
|
|
ND_TCHECK_1(kp->type);
|
|
|
|
type = EXTRACT_U_1(kp->type) & (0xFF << 1);
|
|
|
|
ND_PRINT(" %s %s: ",
|
|
IS_LENDIAN(kp) ? "le" : "be", tok2str(type2str, NULL, type));
|
|
|
|
switch (type) {
|
|
|
|
case AUTH_MSG_KDC_REQUEST:
|
|
if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
|
|
return;
|
|
cp += 4; /* ctime */
|
|
ND_TCHECK_1(cp);
|
|
ND_PRINT(" %umin ", EXTRACT_U_1(cp) * 5);
|
|
cp++;
|
|
PRINT;
|
|
ND_PRINT(".");
|
|
PRINT;
|
|
break;
|
|
|
|
case AUTH_MSG_APPL_REQUEST:
|
|
cp += 2;
|
|
ND_TCHECK_1(cp);
|
|
ND_PRINT("v%u ", EXTRACT_U_1(cp));
|
|
cp++;
|
|
PRINT;
|
|
ND_TCHECK_1(cp);
|
|
ND_PRINT(" (%u)", EXTRACT_U_1(cp));
|
|
cp++;
|
|
ND_TCHECK_1(cp);
|
|
ND_PRINT(" (%u)", EXTRACT_U_1(cp));
|
|
break;
|
|
|
|
case AUTH_MSG_KDC_REPLY:
|
|
if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
|
|
return;
|
|
cp += 10; /* timestamp + n + exp + kvno */
|
|
ND_TCHECK_LEN(cp, sizeof(short));
|
|
len = KTOHSP(kp, cp);
|
|
ND_PRINT(" (%u)", len);
|
|
break;
|
|
|
|
case AUTH_MSG_ERR_REPLY:
|
|
if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
|
|
return;
|
|
cp += 4; /* timestamp */
|
|
ND_TCHECK_LEN(cp, sizeof(short));
|
|
ND_PRINT(" %s ", tok2str(kerr2str, NULL, KTOHSP(kp, cp)));
|
|
cp += 4;
|
|
PRINT;
|
|
break;
|
|
|
|
default:
|
|
ND_PRINT("(unknown)");
|
|
break;
|
|
}
|
|
|
|
return;
|
|
trunc:
|
|
nd_print_trunc(ndo);
|
|
}
|
|
|
|
void
|
|
krb_print(netdissect_options *ndo,
|
|
const u_char *dat)
|
|
{
|
|
const struct krb *kp;
|
|
|
|
ndo->ndo_protocol = "krb";
|
|
kp = (const struct krb *)dat;
|
|
|
|
if (dat >= ndo->ndo_snapend) {
|
|
nd_print_trunc(ndo);
|
|
return;
|
|
}
|
|
|
|
switch (EXTRACT_U_1(kp->pvno)) {
|
|
|
|
case 1:
|
|
case 2:
|
|
case 3:
|
|
ND_PRINT(" v%u", EXTRACT_U_1(kp->pvno));
|
|
break;
|
|
|
|
case 4:
|
|
ND_PRINT(" v%u", EXTRACT_U_1(kp->pvno));
|
|
krb4_print(ndo, (const u_char *)kp);
|
|
break;
|
|
|
|
case 106:
|
|
case 107:
|
|
ND_PRINT(" v5");
|
|
/* Decode ASN.1 here "someday" */
|
|
break;
|
|
}
|
|
return;
|
|
}
|