]> The Tcpdump Group git mirrors - tcpdump/blob - print-krb.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Use more the EXTRACT_8BITS() macro to fetch a one-byte value (22/n)
[tcpdump] / print-krb.c
1 /*
2 * Copyright (c) 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Initial contribution from John Hawkinson (jhawk@mit.edu).
22 */
23
24 /* \summary: Kerberos printer */
25
26 #ifdef HAVE_CONFIG_H
27 #include "config.h"
28 #endif
29
30 #include <netdissect-stdinc.h>
31
32 #include "netdissect.h"
33 #include "extract.h"
34
35 /*
36 * Kerberos 4:
37 *
38 * Athena Technical Plan
39 * Section E.2.1
40 * Kerberos Authentication and Authorization System
41 * by S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer
42 *
43 * http://web.mit.edu/Saltzer/www/publications/athenaplan/e.2.1.pdf
44 *
45 * 7. Appendix I Design Specifications
46 *
47 * Kerberos 5:
48 *
49 * RFC 1510, RFC 2630, etc.
50 */
51
52 static const char tstr[] = " [|kerberos]";
53
54 static const u_char *c_print(netdissect_options *, register const u_char *, register const u_char *);
55 static const u_char *krb4_print_hdr(netdissect_options *, const u_char *);
56 static void krb4_print(netdissect_options *, const u_char *);
57
58 #define AUTH_MSG_KDC_REQUEST 1<<1
59 #define AUTH_MSG_KDC_REPLY 2<<1
60 #define AUTH_MSG_APPL_REQUEST 3<<1
61 #define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1
62 #define AUTH_MSG_ERR_REPLY 5<<1
63 #define AUTH_MSG_PRIVATE 6<<1
64 #define AUTH_MSG_SAFE 7<<1
65 #define AUTH_MSG_APPL_ERR 8<<1
66 #define AUTH_MSG_DIE 63<<1
67
68 #define KERB_ERR_OK 0
69 #define KERB_ERR_NAME_EXP 1
70 #define KERB_ERR_SERVICE_EXP 2
71 #define KERB_ERR_AUTH_EXP 3
72 #define KERB_ERR_PKT_VER 4
73 #define KERB_ERR_NAME_MAST_KEY_VER 5
74 #define KERB_ERR_SERV_MAST_KEY_VER 6
75 #define KERB_ERR_BYTE_ORDER 7
76 #define KERB_ERR_PRINCIPAL_UNKNOWN 8
77 #define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9
78 #define KERB_ERR_NULL_KEY 10
79
80 struct krb {
81 uint8_t pvno; /* Protocol Version */
82 uint8_t type; /* Type+B */
83 };
84
85 static const struct tok type2str[] = {
86 { AUTH_MSG_KDC_REQUEST, "KDC_REQUEST" },
87 { AUTH_MSG_KDC_REPLY, "KDC_REPLY" },
88 { AUTH_MSG_APPL_REQUEST, "APPL_REQUEST" },
89 { AUTH_MSG_APPL_REQUEST_MUTUAL, "APPL_REQUEST_MUTUAL" },
90 { AUTH_MSG_ERR_REPLY, "ERR_REPLY" },
91 { AUTH_MSG_PRIVATE, "PRIVATE" },
92 { AUTH_MSG_SAFE, "SAFE" },
93 { AUTH_MSG_APPL_ERR, "APPL_ERR" },
94 { AUTH_MSG_DIE, "DIE" },
95 { 0, NULL }
96 };
97
98 static const struct tok kerr2str[] = {
99 { KERB_ERR_OK, "OK" },
100 { KERB_ERR_NAME_EXP, "NAME_EXP" },
101 { KERB_ERR_SERVICE_EXP, "SERVICE_EXP" },
102 { KERB_ERR_AUTH_EXP, "AUTH_EXP" },
103 { KERB_ERR_PKT_VER, "PKT_VER" },
104 { KERB_ERR_NAME_MAST_KEY_VER, "NAME_MAST_KEY_VER" },
105 { KERB_ERR_SERV_MAST_KEY_VER, "SERV_MAST_KEY_VER" },
106 { KERB_ERR_BYTE_ORDER, "BYTE_ORDER" },
107 { KERB_ERR_PRINCIPAL_UNKNOWN, "PRINCIPAL_UNKNOWN" },
108 { KERB_ERR_PRINCIPAL_NOT_UNIQUE,"PRINCIPAL_NOT_UNIQUE" },
109 { KERB_ERR_NULL_KEY, "NULL_KEY"},
110 { 0, NULL}
111 };
112
113 static const u_char *
114 c_print(netdissect_options *ndo,
115 register const u_char *s, register const u_char *ep)
116 {
117 register u_char c;
118 register int flag;
119
120 flag = 1;
121 while (s < ep) {
122 c = EXTRACT_8BITS(s);
123 s++;
124 if (c == '\0') {
125 flag = 0;
126 break;
127 }
128 if (!ND_ISASCII(c)) {
129 c = ND_TOASCII(c);
130 ND_PRINT((ndo, "M-"));
131 }
132 if (!ND_ISPRINT(c)) {
133 c ^= 0x40; /* DEL to ?, others to alpha */
134 ND_PRINT((ndo, "^"));
135 }
136 ND_PRINT((ndo, "%c", c));
137 }
138 if (flag)
139 return NULL;
140 return (s);
141 }
142
143 static const u_char *
144 krb4_print_hdr(netdissect_options *ndo,
145 const u_char *cp)
146 {
147 cp += 2;
148
149 #define PRINT if ((cp = c_print(ndo, cp, ndo->ndo_snapend)) == NULL) goto trunc
150
151 PRINT;
152 ND_PRINT((ndo, "."));
153 PRINT;
154 ND_PRINT((ndo, "@"));
155 PRINT;
156 return (cp);
157
158 trunc:
159 ND_PRINT((ndo, "%s", tstr));
160 return (NULL);
161
162 #undef PRINT
163 }
164
165 static void
166 krb4_print(netdissect_options *ndo,
167 const u_char *cp)
168 {
169 register const struct krb *kp;
170 u_char type;
171 u_short len;
172
173 #define PRINT if ((cp = c_print(ndo, cp, ndo->ndo_snapend)) == NULL) goto trunc
174 /* True if struct krb is little endian */
175 #define IS_LENDIAN(kp) (((kp)->type & 0x01) != 0)
176 #define KTOHSP(kp, cp) (IS_LENDIAN(kp) ? EXTRACT_LE_16BITS(cp) : EXTRACT_BE_16BITS(cp))
177
178 kp = (const struct krb *)cp;
179
180 if ((&kp->type) >= ndo->ndo_snapend) {
181 ND_PRINT((ndo, "%s", tstr));
182 return;
183 }
184
185 type = kp->type & (0xFF << 1);
186
187 ND_PRINT((ndo, " %s %s: ",
188 IS_LENDIAN(kp) ? "le" : "be", tok2str(type2str, NULL, type)));
189
190 switch (type) {
191
192 case AUTH_MSG_KDC_REQUEST:
193 if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
194 return;
195 cp += 4; /* ctime */
196 ND_TCHECK(*cp);
197 ND_PRINT((ndo, " %dmin ", *cp++ * 5));
198 PRINT;
199 ND_PRINT((ndo, "."));
200 PRINT;
201 break;
202
203 case AUTH_MSG_APPL_REQUEST:
204 cp += 2;
205 ND_TCHECK(*cp);
206 ND_PRINT((ndo, "v%d ", EXTRACT_8BITS(cp)));
207 cp++;
208 PRINT;
209 ND_TCHECK(*cp);
210 ND_PRINT((ndo, " (%d)", EXTRACT_8BITS(cp)));
211 cp++;
212 ND_TCHECK(*cp);
213 ND_PRINT((ndo, " (%d)", *cp));
214 break;
215
216 case AUTH_MSG_KDC_REPLY:
217 if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
218 return;
219 cp += 10; /* timestamp + n + exp + kvno */
220 ND_TCHECK2(*cp, sizeof(short));
221 len = KTOHSP(kp, cp);
222 ND_PRINT((ndo, " (%d)", len));
223 break;
224
225 case AUTH_MSG_ERR_REPLY:
226 if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
227 return;
228 cp += 4; /* timestamp */
229 ND_TCHECK2(*cp, sizeof(short));
230 ND_PRINT((ndo, " %s ", tok2str(kerr2str, NULL, KTOHSP(kp, cp))));
231 cp += 4;
232 PRINT;
233 break;
234
235 default:
236 ND_PRINT((ndo, "(unknown)"));
237 break;
238 }
239
240 return;
241 trunc:
242 ND_PRINT((ndo, "%s", tstr));
243 }
244
245 void
246 krb_print(netdissect_options *ndo,
247 const u_char *dat)
248 {
249 register const struct krb *kp;
250
251 kp = (const struct krb *)dat;
252
253 if (dat >= ndo->ndo_snapend) {
254 ND_PRINT((ndo, "%s", tstr));
255 return;
256 }
257
258 switch (kp->pvno) {
259
260 case 1:
261 case 2:
262 case 3:
263 ND_PRINT((ndo, " v%d", kp->pvno));
264 break;
265
266 case 4:
267 ND_PRINT((ndo, " v%d", kp->pvno));
268 krb4_print(ndo, (const u_char *)kp);
269 break;
270
271 case 106:
272 case 107:
273 ND_PRINT((ndo, " v5"));
274 /* Decode ASN.1 here "someday" */
275 break;
276 }
277 return;
278 }
[mirror] the TCPdump network dissector