14edb46e9SPaul Traina /*
24644f044SBill Fenner * Copyright (c) 1995, 1996, 1997
34edb46e9SPaul Traina * The Regents of the University of California. All rights reserved.
44edb46e9SPaul Traina *
54edb46e9SPaul Traina * Redistribution and use in source and binary forms, with or without
64edb46e9SPaul Traina * modification, are permitted provided that: (1) source code distributions
74edb46e9SPaul Traina * retain the above copyright notice and this paragraph in its entirety, (2)
84edb46e9SPaul Traina * distributions including binary code include the above copyright notice and
94edb46e9SPaul Traina * this paragraph in its entirety in the documentation or other materials
104edb46e9SPaul Traina * provided with the distribution, and (3) all advertising materials mentioning
114edb46e9SPaul Traina * features or use of this software display the following acknowledgement:
124edb46e9SPaul Traina * ``This product includes software developed by the University of California,
134edb46e9SPaul Traina * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
144edb46e9SPaul Traina * the University nor the names of its contributors may be used to endorse
154edb46e9SPaul Traina * or promote products derived from this software without specific prior
164edb46e9SPaul Traina * written permission.
174edb46e9SPaul Traina * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
184edb46e9SPaul Traina * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
194edb46e9SPaul Traina * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
204edb46e9SPaul Traina *
214edb46e9SPaul Traina * Initial contribution from John Hawkinson (jhawk@mit.edu).
224edb46e9SPaul Traina */
234edb46e9SPaul Traina
243340d773SGleb Smirnoff /* \summary: Kerberos printer */
253340d773SGleb Smirnoff
26ee67461eSJoseph Mingrone #include <config.h>
274edb46e9SPaul Traina
28ee67461eSJoseph Mingrone #include "netdissect-stdinc.h"
294edb46e9SPaul Traina
303340d773SGleb Smirnoff #include "netdissect.h"
315b0fe478SBruce M Simpson #include "extract.h"
324edb46e9SPaul Traina
33ee67461eSJoseph Mingrone /*
34ee67461eSJoseph Mingrone * Kerberos 4:
35ee67461eSJoseph Mingrone *
36ee67461eSJoseph Mingrone * Athena Technical Plan
37ee67461eSJoseph Mingrone * Section E.2.1
38ee67461eSJoseph Mingrone * Kerberos Authentication and Authorization System
39ee67461eSJoseph Mingrone * by S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer
40ee67461eSJoseph Mingrone *
41ee67461eSJoseph Mingrone * https://web.mit.edu/Saltzer/www/publications/athenaplan/e.2.1.pdf
42ee67461eSJoseph Mingrone *
43ee67461eSJoseph Mingrone * 7. Appendix I Design Specifications
44ee67461eSJoseph Mingrone *
45ee67461eSJoseph Mingrone * Kerberos 5:
46ee67461eSJoseph Mingrone *
47ee67461eSJoseph Mingrone * RFC 1510, RFC 2630, etc.
48ee67461eSJoseph Mingrone */
493c602fabSXin LI
50ee67461eSJoseph Mingrone
51ee67461eSJoseph Mingrone static const u_char *c_print(netdissect_options *, const u_char *, const u_char *);
523c602fabSXin LI static const u_char *krb4_print_hdr(netdissect_options *, const u_char *);
533c602fabSXin LI static void krb4_print(netdissect_options *, const u_char *);
544edb46e9SPaul Traina
554edb46e9SPaul Traina #define AUTH_MSG_KDC_REQUEST 1<<1
564edb46e9SPaul Traina #define AUTH_MSG_KDC_REPLY 2<<1
574edb46e9SPaul Traina #define AUTH_MSG_APPL_REQUEST 3<<1
584edb46e9SPaul Traina #define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1
594edb46e9SPaul Traina #define AUTH_MSG_ERR_REPLY 5<<1
604edb46e9SPaul Traina #define AUTH_MSG_PRIVATE 6<<1
614edb46e9SPaul Traina #define AUTH_MSG_SAFE 7<<1
624edb46e9SPaul Traina #define AUTH_MSG_APPL_ERR 8<<1
634edb46e9SPaul Traina #define AUTH_MSG_DIE 63<<1
644edb46e9SPaul Traina
654edb46e9SPaul Traina #define KERB_ERR_OK 0
664edb46e9SPaul Traina #define KERB_ERR_NAME_EXP 1
674edb46e9SPaul Traina #define KERB_ERR_SERVICE_EXP 2
684edb46e9SPaul Traina #define KERB_ERR_AUTH_EXP 3
694edb46e9SPaul Traina #define KERB_ERR_PKT_VER 4
704edb46e9SPaul Traina #define KERB_ERR_NAME_MAST_KEY_VER 5
714edb46e9SPaul Traina #define KERB_ERR_SERV_MAST_KEY_VER 6
724edb46e9SPaul Traina #define KERB_ERR_BYTE_ORDER 7
734edb46e9SPaul Traina #define KERB_ERR_PRINCIPAL_UNKNOWN 8
744edb46e9SPaul Traina #define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9
754edb46e9SPaul Traina #define KERB_ERR_NULL_KEY 10
764edb46e9SPaul Traina
774edb46e9SPaul Traina struct krb {
78ee67461eSJoseph Mingrone nd_uint8_t pvno; /* Protocol Version */
79ee67461eSJoseph Mingrone nd_uint8_t type; /* Type+B */
804edb46e9SPaul Traina };
814edb46e9SPaul Traina
823c602fabSXin LI static const struct tok type2str[] = {
834edb46e9SPaul Traina { AUTH_MSG_KDC_REQUEST, "KDC_REQUEST" },
844edb46e9SPaul Traina { AUTH_MSG_KDC_REPLY, "KDC_REPLY" },
854edb46e9SPaul Traina { AUTH_MSG_APPL_REQUEST, "APPL_REQUEST" },
864edb46e9SPaul Traina { AUTH_MSG_APPL_REQUEST_MUTUAL, "APPL_REQUEST_MUTUAL" },
874edb46e9SPaul Traina { AUTH_MSG_ERR_REPLY, "ERR_REPLY" },
884edb46e9SPaul Traina { AUTH_MSG_PRIVATE, "PRIVATE" },
894edb46e9SPaul Traina { AUTH_MSG_SAFE, "SAFE" },
904edb46e9SPaul Traina { AUTH_MSG_APPL_ERR, "APPL_ERR" },
914edb46e9SPaul Traina { AUTH_MSG_DIE, "DIE" },
924edb46e9SPaul Traina { 0, NULL }
934edb46e9SPaul Traina };
944edb46e9SPaul Traina
953c602fabSXin LI static const struct tok kerr2str[] = {
964edb46e9SPaul Traina { KERB_ERR_OK, "OK" },
974edb46e9SPaul Traina { KERB_ERR_NAME_EXP, "NAME_EXP" },
984edb46e9SPaul Traina { KERB_ERR_SERVICE_EXP, "SERVICE_EXP" },
994edb46e9SPaul Traina { KERB_ERR_AUTH_EXP, "AUTH_EXP" },
1004edb46e9SPaul Traina { KERB_ERR_PKT_VER, "PKT_VER" },
1014edb46e9SPaul Traina { KERB_ERR_NAME_MAST_KEY_VER, "NAME_MAST_KEY_VER" },
1024edb46e9SPaul Traina { KERB_ERR_SERV_MAST_KEY_VER, "SERV_MAST_KEY_VER" },
1034edb46e9SPaul Traina { KERB_ERR_BYTE_ORDER, "BYTE_ORDER" },
1044edb46e9SPaul Traina { KERB_ERR_PRINCIPAL_UNKNOWN, "PRINCIPAL_UNKNOWN" },
1054edb46e9SPaul Traina { KERB_ERR_PRINCIPAL_NOT_UNIQUE,"PRINCIPAL_NOT_UNIQUE" },
1064edb46e9SPaul Traina { KERB_ERR_NULL_KEY, "NULL_KEY"},
1074edb46e9SPaul Traina { 0, NULL}
1084edb46e9SPaul Traina };
1094edb46e9SPaul Traina
1105b0fe478SBruce M Simpson static const u_char *
c_print(netdissect_options * ndo,const u_char * s,const u_char * ep)1113c602fabSXin LI c_print(netdissect_options *ndo,
112ee67461eSJoseph Mingrone const u_char *s, const u_char *ep)
1134edb46e9SPaul Traina {
114ee67461eSJoseph Mingrone u_char c;
115ee67461eSJoseph Mingrone int flag;
1164edb46e9SPaul Traina
1174edb46e9SPaul Traina flag = 1;
1184644f044SBill Fenner while (s < ep) {
119ee67461eSJoseph Mingrone c = GET_U_1(s);
120ee67461eSJoseph Mingrone s++;
1214edb46e9SPaul Traina if (c == '\0') {
1224edb46e9SPaul Traina flag = 0;
1234edb46e9SPaul Traina break;
1244edb46e9SPaul Traina }
125ee67461eSJoseph Mingrone fn_print_char(ndo, c);
1264edb46e9SPaul Traina }
1274edb46e9SPaul Traina if (flag)
1284edb46e9SPaul Traina return NULL;
1294edb46e9SPaul Traina return (s);
1304edb46e9SPaul Traina }
1314edb46e9SPaul Traina
1325b0fe478SBruce M Simpson static const u_char *
krb4_print_hdr(netdissect_options * ndo,const u_char * cp)1333c602fabSXin LI krb4_print_hdr(netdissect_options *ndo,
1343c602fabSXin LI const u_char *cp)
1354edb46e9SPaul Traina {
1364edb46e9SPaul Traina cp += 2;
1374edb46e9SPaul Traina
1383c602fabSXin LI #define PRINT if ((cp = c_print(ndo, cp, ndo->ndo_snapend)) == NULL) goto trunc
1394edb46e9SPaul Traina
1404edb46e9SPaul Traina PRINT;
141ee67461eSJoseph Mingrone ND_PRINT(".");
1424644f044SBill Fenner PRINT;
143ee67461eSJoseph Mingrone ND_PRINT("@");
1444644f044SBill Fenner PRINT;
1454edb46e9SPaul Traina return (cp);
1464edb46e9SPaul Traina
1474edb46e9SPaul Traina trunc:
148ee67461eSJoseph Mingrone nd_print_trunc(ndo);
1494edb46e9SPaul Traina return (NULL);
1504edb46e9SPaul Traina
1514edb46e9SPaul Traina #undef PRINT
1524edb46e9SPaul Traina }
1534edb46e9SPaul Traina
1545b0fe478SBruce M Simpson static void
krb4_print(netdissect_options * ndo,const u_char * cp)1553c602fabSXin LI krb4_print(netdissect_options *ndo,
1563c602fabSXin LI const u_char *cp)
1574edb46e9SPaul Traina {
158ee67461eSJoseph Mingrone const struct krb *kp;
1594edb46e9SPaul Traina u_char type;
1604edb46e9SPaul Traina u_short len;
1614edb46e9SPaul Traina
1623c602fabSXin LI #define PRINT if ((cp = c_print(ndo, cp, ndo->ndo_snapend)) == NULL) goto trunc
1634edb46e9SPaul Traina /* True if struct krb is little endian */
164ee67461eSJoseph Mingrone #define IS_LENDIAN(kp) ((GET_U_1((kp)->type) & 0x01) != 0)
165ee67461eSJoseph Mingrone #define KTOHSP(kp, cp) (IS_LENDIAN(kp) ? GET_LE_U_2(cp) : GET_BE_U_2(cp))
1664edb46e9SPaul Traina
1673340d773SGleb Smirnoff kp = (const struct krb *)cp;
1684edb46e9SPaul Traina
169ee67461eSJoseph Mingrone type = GET_U_1(kp->type) & (0xFF << 1);
1704edb46e9SPaul Traina
171ee67461eSJoseph Mingrone ND_PRINT(" %s %s: ",
172ee67461eSJoseph Mingrone IS_LENDIAN(kp) ? "le" : "be", tok2str(type2str, NULL, type));
1734edb46e9SPaul Traina
1744edb46e9SPaul Traina switch (type) {
1754edb46e9SPaul Traina
1764edb46e9SPaul Traina case AUTH_MSG_KDC_REQUEST:
1773c602fabSXin LI if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
1784edb46e9SPaul Traina return;
1794edb46e9SPaul Traina cp += 4; /* ctime */
180ee67461eSJoseph Mingrone ND_PRINT(" %umin ", GET_U_1(cp) * 5);
181ee67461eSJoseph Mingrone cp++;
1824edb46e9SPaul Traina PRINT;
183ee67461eSJoseph Mingrone ND_PRINT(".");
1844644f044SBill Fenner PRINT;
1854edb46e9SPaul Traina break;
1864edb46e9SPaul Traina
1874edb46e9SPaul Traina case AUTH_MSG_APPL_REQUEST:
1884edb46e9SPaul Traina cp += 2;
189ee67461eSJoseph Mingrone ND_PRINT("v%u ", GET_U_1(cp));
190ee67461eSJoseph Mingrone cp++;
1914edb46e9SPaul Traina PRINT;
192ee67461eSJoseph Mingrone ND_PRINT(" (%u)", GET_U_1(cp));
193ee67461eSJoseph Mingrone cp++;
194ee67461eSJoseph Mingrone ND_PRINT(" (%u)", GET_U_1(cp));
1954edb46e9SPaul Traina break;
1964edb46e9SPaul Traina
1974edb46e9SPaul Traina case AUTH_MSG_KDC_REPLY:
1983c602fabSXin LI if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
1994edb46e9SPaul Traina return;
2004edb46e9SPaul Traina cp += 10; /* timestamp + n + exp + kvno */
2014edb46e9SPaul Traina len = KTOHSP(kp, cp);
202ee67461eSJoseph Mingrone ND_PRINT(" (%u)", len);
2034edb46e9SPaul Traina break;
2044edb46e9SPaul Traina
2054edb46e9SPaul Traina case AUTH_MSG_ERR_REPLY:
2063c602fabSXin LI if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
2074edb46e9SPaul Traina return;
2084edb46e9SPaul Traina cp += 4; /* timestamp */
209ee67461eSJoseph Mingrone ND_PRINT(" %s ", tok2str(kerr2str, NULL, KTOHSP(kp, cp)));
2104edb46e9SPaul Traina cp += 4;
2114edb46e9SPaul Traina PRINT;
2124edb46e9SPaul Traina break;
2134edb46e9SPaul Traina
2144edb46e9SPaul Traina default:
215ee67461eSJoseph Mingrone ND_PRINT("(unknown)");
2164edb46e9SPaul Traina break;
2174edb46e9SPaul Traina }
2184edb46e9SPaul Traina
2194edb46e9SPaul Traina return;
2204edb46e9SPaul Traina trunc:
221ee67461eSJoseph Mingrone nd_print_trunc(ndo);
2224edb46e9SPaul Traina }
2234edb46e9SPaul Traina
2244edb46e9SPaul Traina void
krb_print(netdissect_options * ndo,const u_char * dat)2253c602fabSXin LI krb_print(netdissect_options *ndo,
2263c602fabSXin LI const u_char *dat)
2274edb46e9SPaul Traina {
228ee67461eSJoseph Mingrone const struct krb *kp;
2294edb46e9SPaul Traina
230*0a7e5f1fSJoseph Mingrone ndo->ndo_protocol = "kerberos";
231*0a7e5f1fSJoseph Mingrone nd_print_protocol(ndo);
2324edb46e9SPaul Traina
233*0a7e5f1fSJoseph Mingrone kp = (const struct krb *)dat;
2344edb46e9SPaul Traina
235ee67461eSJoseph Mingrone switch (GET_U_1(kp->pvno)) {
2364edb46e9SPaul Traina
2374edb46e9SPaul Traina case 1:
2384edb46e9SPaul Traina case 2:
2394edb46e9SPaul Traina case 3:
240ee67461eSJoseph Mingrone ND_PRINT(" v%u", GET_U_1(kp->pvno));
2414edb46e9SPaul Traina break;
2424edb46e9SPaul Traina
2434edb46e9SPaul Traina case 4:
244ee67461eSJoseph Mingrone ND_PRINT(" v%u", GET_U_1(kp->pvno));
2453c602fabSXin LI krb4_print(ndo, (const u_char *)kp);
2464edb46e9SPaul Traina break;
2474edb46e9SPaul Traina
2484edb46e9SPaul Traina case 106:
2494edb46e9SPaul Traina case 107:
250ee67461eSJoseph Mingrone ND_PRINT(" v5");
2514edb46e9SPaul Traina /* Decode ASN.1 here "someday" */
2524edb46e9SPaul Traina break;
2534edb46e9SPaul Traina }
2544edb46e9SPaul Traina }
255