static int
krb5rpc_dissect_sendto_kdc_rqst (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
guint8 *drep)
{
guint32 keysize, spare1, remain;
proto_item *item;
tvbuff_t *krb5_tvb;
proto_tree *subtree;
/*
* [in] handle_t h,
* [in] unsigned32 len,
* [in, size_is(len)]
* byte message[],
* [in] unsigned32 out_buf_len,
*/
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_krb5rpc_sendto_kdc_rqst_keysize, &keysize);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_krb5rpc_sendto_kdc_rqst_spare1, &spare1);
item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, ENC_NA);
subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5);
remain = tvb_length_remaining(tvb, offset);
krb5_tvb = tvb_new_subset (tvb, offset, remain, remain);
offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE, NULL);
return offset;
}
static void
dissect_payload_kink_ap_rep(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree){
proto_tree *payload_kink_ap_rep_tree;
proto_item *ti;
guint8 next_payload;
guint payload_length;
guint16 krb_ap_rep_length;
int start_payload_offset = 0; /* Keep beginning of payload offset */
payload_length = tvb_get_ntohs(tvb, offset + TO_PAYLOAD_LENGTH);
start_payload_offset = offset;
/* Make the subtree */
ti = proto_tree_add_text(tree, tvb, offset, payload_length,"KINK_AP_REP");
payload_kink_ap_rep_tree = proto_item_add_subtree(ti, ett_payload_kink_ap_rep);
next_payload = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(payload_kink_ap_rep_tree, hf_kink_next_payload, tvb, offset, 1, next_payload);
offset ++;
proto_tree_add_item(payload_kink_ap_rep_tree, hf_kink_reserved8, tvb, offset, 1, ENC_BIG_ENDIAN);
offset ++;
ti = proto_tree_add_uint(payload_kink_ap_rep_tree, hf_kink_payload_length, tvb, offset, 2, payload_length);
if(payload_length <= PAYLOAD_HEADER){
expert_add_info_format(pinfo, ti, PI_PROTOCOL, PI_WARN, "This Payload Length is too small");
}
offset += 2;
/* Show time as UTC, not local time. */
proto_tree_add_item(payload_kink_ap_rep_tree, hf_kink_epoch, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
if(payload_length > PAYLOAD_HEADER){
tvbuff_t *krb_tvb;
krb_ap_rep_length = payload_length - PAYLOAD_HEADER;
krb_tvb=tvb_new_subset(tvb, offset, (krb_ap_rep_length>tvb_length_remaining(tvb, offset))?tvb_length_remaining(tvb, offset):krb_ap_rep_length, krb_ap_rep_length);
keytype=kerberos_output_keytype();
dissect_kerberos_main(krb_tvb, pinfo, payload_kink_ap_rep_tree, FALSE, NULL);
offset += krb_ap_rep_length;
}
/* This part consider the padding. Payload_length don't contain the padding. */
if(payload_length % PADDING != 0){
payload_length += (PADDING - (payload_length % PADDING));
}
offset = start_payload_offset + payload_length;
if(payload_length > 0) {
control_payload(pinfo, tvb, offset, next_payload, tree); /* Recur control_payload() */
}
}
static void
dissect_payload_kink_krb_error(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree){
proto_tree *payload_kink_krb_error_tree;
proto_item *ti;
guint8 next_payload;
guint8 reserved;
guint payload_length;
guint16 krb_error_length;
int start_payload_offset = 0; /* Keep the begining of the payload offset */
payload_length = tvb_get_ntohs(tvb, offset + TO_PAYLOAD_LENGTH);
start_payload_offset = offset;
/* Make the subtree */
ti = proto_tree_add_text(tree, tvb, offset, payload_length,"KINK_KRB_ERROR");
payload_kink_krb_error_tree = proto_item_add_subtree(ti, ett_payload_kink_krb_error);
next_payload = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(payload_kink_krb_error_tree, hf_kink_next_payload, tvb, offset, 1, next_payload);
offset ++;
reserved = tvb_get_guint8(tvb, offset);
proto_tree_add_text(payload_kink_krb_error_tree, tvb, offset, 1, "RESERVED: %u", reserved);
offset ++;
if(payload_length <= KINK_KRB_ERROR_HEADER){
proto_tree_add_text(payload_kink_krb_error_tree, tvb, offset, 2, "This Payload Length is too small.: %u", payload_length);
}
else{
proto_tree_add_text(payload_kink_krb_error_tree, tvb, offset, 2, "Payload Length: %u", payload_length);
offset += 2;
}
if(payload_length > KINK_KRB_ERROR_HEADER){
tvbuff_t *krb_tvb;
krb_error_length = payload_length - KINK_KRB_ERROR_HEADER;
krb_tvb=tvb_new_subset(tvb, offset, (krb_error_length>tvb_length_remaining(tvb, offset))?tvb_length_remaining(tvb, offset):krb_error_length, krb_error_length);
dissect_kerberos_main(krb_tvb, pinfo, payload_kink_krb_error_tree, FALSE, NULL);
offset += krb_error_length;
}
/* This part consider the padding. Payload_length don't contain the padding. */
if(payload_length % PADDING != 0){
payload_length += (PADDING - (payload_length % PADDING));
}
offset = start_payload_offset + payload_length;
if(payload_length > 0) {
control_payload(pinfo, tvb, offset, next_payload, tree); /* Recur control_payload() */
}
}
static int
krb5rpc_dissect_sendto_kdc_resp (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
guint8 *drep)
{
guint32 resp_len, maxsize, spare1, keysize, remain;
proto_item *item;
tvbuff_t *krb5_tvb;
proto_tree *subtree;
/*
*
* [out] unsigned32 *resp_len,
* [out, length_is(*resp_len), size_is(out_buf_len)]
* byte out_buf[],
* [out] error_status_t *st unsigned long
*
*/
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_krb5rpc_sendto_kdc_resp_len, &resp_len);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_krb5rpc_sendto_kdc_resp_max, &maxsize);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_krb5rpc_sendto_kdc_resp_spare1, &spare1);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_krb5rpc_sendto_kdc_resp_keysize, &keysize);
item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, ENC_NA);
subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5);
remain = tvb_length_remaining(tvb, offset);
krb5_tvb = tvb_new_subset (tvb, offset, remain, remain);
offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE, NULL);
offset += 16; /* no idea what this is, probably just extended encrypted text. */
return offset;
}
static void
dissect_payload_kink_ap_rep(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree){
proto_tree *payload_kink_ap_rep_tree;
proto_item *ti;
guint8 next_payload;
guint8 reserved;
guint payload_length;
guint16 krb_ap_rep_length;
time_t timer;
struct tm *tp;
int start_payload_offset = 0; /* Keep begining of payload offset */
payload_length = tvb_get_ntohs(tvb, offset + TO_PAYLOAD_LENGTH);
start_payload_offset = offset;
/* Make the subtree */
ti = proto_tree_add_text(tree, tvb, offset, payload_length,"KINK_AP_REP");
payload_kink_ap_rep_tree = proto_item_add_subtree(ti, ett_payload_kink_ap_rep);
next_payload = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(payload_kink_ap_rep_tree, hf_kink_next_payload, tvb, offset, 1, next_payload);
offset ++;
reserved = tvb_get_guint8(tvb, offset);
proto_tree_add_text(payload_kink_ap_rep_tree, tvb, offset, 1, "RESERVED: %u", reserved);
offset ++;
if(payload_length <= PAYLOAD_HEADER){
proto_tree_add_text(payload_kink_ap_rep_tree, tvb, offset, 2, "This Payload Length is too small.: %u", payload_length);
}
else{
proto_tree_add_text(payload_kink_ap_rep_tree, tvb, offset, 2, "Payload Length: %u", payload_length);
}
offset += 2;
/* Analize time by the utc. */
timer = tvb_get_ntohl(tvb, offset);
tp = gmtime(&timer);
if(tp){
proto_tree_add_text(payload_kink_ap_rep_tree, tvb, offset, 4, "EPOCH: month %u. day %u. year %u.%u.%u.%u by UTC",
(tp->tm_mon)+1, tp->tm_mday, (tp->tm_year)+1900, tp->tm_hour, tp->tm_min, tp->tm_sec);
} else {
proto_tree_add_text(payload_kink_ap_rep_tree, tvb, offset, 4, "EPOCH: value invalid");
}
offset += 4;
if(payload_length > PAYLOAD_HEADER){
tvbuff_t *krb_tvb;
krb_ap_rep_length = payload_length - PAYLOAD_HEADER;
krb_tvb=tvb_new_subset(tvb, offset, (krb_ap_rep_length>tvb_length_remaining(tvb, offset))?tvb_length_remaining(tvb, offset):krb_ap_rep_length, krb_ap_rep_length);
keytype=kerberos_output_keytype();
dissect_kerberos_main(krb_tvb, pinfo, payload_kink_ap_rep_tree, FALSE, NULL);
offset += krb_ap_rep_length;
}
/* This part consider the padding. Payload_length don't contain the padding. */
if(payload_length % PADDING != 0){
payload_length += (PADDING - (payload_length % PADDING));
}
offset = start_payload_offset + payload_length;
if(payload_length > 0) {
control_payload(pinfo, tvb, offset, next_payload, tree); /* Recur control_payload() */
}
}
