contrib/tcpdump/print-krb.c

   1 /*
   2  * Copyright (c) 1995, 1996, 1997
   3  *      The Regents of the University of California.  All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that: (1) source code distributions
   7  * retain the above copyright notice and this paragraph in its entirety, (2)
   8  * distributions including binary code include the above copyright notice and
   9  * this paragraph in its entirety in the documentation or other materials
  10  * provided with the distribution, and (3) all advertising materials mentioning
  11  * features or use of this software display the following acknowledgement:
  12  * ``This product includes software developed by the University of California,
  13  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
  14  * the University nor the names of its contributors may be used to endorse
  15  * or promote products derived from this software without specific prior
  16  * written permission.
  17  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
  18  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  20  *
  21  * Initial contribution from John Hawkinson (jhawk@mit.edu).
  22  */
  23
  24 /* \summary: Kerberos printer */
  25
  26 #ifdef HAVE_CONFIG_H
  27 #include <config.h>
  28 #endif
  29
  30 #include "netdissect-stdinc.h"
  31
  32 #include "netdissect.h"
  33 #include "extract.h"
  34
  35 /*
  36  * Kerberos 4:
  37  *
  38  * Athena Technical Plan
  39  * Section E.2.1
  40  * Kerberos Authentication and Authorization System
  41  * by S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer
  42  *
  43  * https://web.mit.edu/Saltzer/www/publications/athenaplan/e.2.1.pdf
  44  *
  45  * 7. Appendix I Design Specifications
  46  *
  47  * Kerberos 5:
  48  *
  49  * RFC 1510, RFC 2630, etc.
  50  */
  51
  52
  53 static const u_char *c_print(netdissect_options *, const u_char *, const u_char *);
  54 static const u_char *krb4_print_hdr(netdissect_options *, const u_char *);
  55 static void krb4_print(netdissect_options *, const u_char *);
  56
  57 #define AUTH_MSG_KDC_REQUEST                    1<<1
  58 #define AUTH_MSG_KDC_REPLY                      2<<1
  59 #define AUTH_MSG_APPL_REQUEST                   3<<1
  60 #define AUTH_MSG_APPL_REQUEST_MUTUAL            4<<1
  61 #define AUTH_MSG_ERR_REPLY                      5<<1
  62 #define AUTH_MSG_PRIVATE                        6<<1
  63 #define AUTH_MSG_SAFE                           7<<1
  64 #define AUTH_MSG_APPL_ERR                       8<<1
  65 #define AUTH_MSG_DIE                            63<<1
  66
  67 #define KERB_ERR_OK                             0
  68 #define KERB_ERR_NAME_EXP                       1
  69 #define KERB_ERR_SERVICE_EXP                    2
  70 #define KERB_ERR_AUTH_EXP                       3
  71 #define KERB_ERR_PKT_VER                        4
  72 #define KERB_ERR_NAME_MAST_KEY_VER              5
  73 #define KERB_ERR_SERV_MAST_KEY_VER              6
  74 #define KERB_ERR_BYTE_ORDER                     7
  75 #define KERB_ERR_PRINCIPAL_UNKNOWN              8
  76 #define KERB_ERR_PRINCIPAL_NOT_UNIQUE           9
  77 #define KERB_ERR_NULL_KEY                       10
  78
  79 struct krb {
  80         nd_uint8_t pvno;        /* Protocol Version */
  81         nd_uint8_t type;        /* Type+B */
  82 };
  83
  84 static const struct tok type2str[] = {
  85         { AUTH_MSG_KDC_REQUEST,         "KDC_REQUEST" },
  86         { AUTH_MSG_KDC_REPLY,           "KDC_REPLY" },
  87         { AUTH_MSG_APPL_REQUEST,        "APPL_REQUEST" },
  88         { AUTH_MSG_APPL_REQUEST_MUTUAL, "APPL_REQUEST_MUTUAL" },
  89         { AUTH_MSG_ERR_REPLY,           "ERR_REPLY" },
  90         { AUTH_MSG_PRIVATE,             "PRIVATE" },
  91         { AUTH_MSG_SAFE,                "SAFE" },
  92         { AUTH_MSG_APPL_ERR,            "APPL_ERR" },
  93         { AUTH_MSG_DIE,                 "DIE" },
  94         { 0,                            NULL }
  95 };
  96
  97 static const struct tok kerr2str[] = {
  98         { KERB_ERR_OK,                  "OK" },
  99         { KERB_ERR_NAME_EXP,            "NAME_EXP" },
 100         { KERB_ERR_SERVICE_EXP,         "SERVICE_EXP" },
 101         { KERB_ERR_AUTH_EXP,            "AUTH_EXP" },
 102         { KERB_ERR_PKT_VER,             "PKT_VER" },
 103         { KERB_ERR_NAME_MAST_KEY_VER,   "NAME_MAST_KEY_VER" },
 104         { KERB_ERR_SERV_MAST_KEY_VER,   "SERV_MAST_KEY_VER" },
 105         { KERB_ERR_BYTE_ORDER,          "BYTE_ORDER" },
 106         { KERB_ERR_PRINCIPAL_UNKNOWN,   "PRINCIPAL_UNKNOWN" },
 107         { KERB_ERR_PRINCIPAL_NOT_UNIQUE,"PRINCIPAL_NOT_UNIQUE" },
 108         { KERB_ERR_NULL_KEY,            "NULL_KEY"},
 109         { 0,                            NULL}
 110 };
 111
 112 static const u_char *
 113 c_print(netdissect_options *ndo,
 114         const u_char *s, const u_char *ep)
 115 {
 116         u_char c;
 117         int flag;
 118
 119         flag = 1;
 120         while (s < ep) {
 121                 c = GET_U_1(s);
 122                 s++;
 123                 if (c == '\0') {
 124                         flag = 0;
 125                         break;
 126                 }
 127                 fn_print_char(ndo, c);
 128         }
 129         if (flag)
 130                 return NULL;
 131         return (s);
 132 }
 133
 134 static const u_char *
 135 krb4_print_hdr(netdissect_options *ndo,
 136                const u_char *cp)
 137 {
 138         cp += 2;
 139
 140 #define PRINT           if ((cp = c_print(ndo, cp, ndo->ndo_snapend)) == NULL) goto trunc
 141
 142         PRINT;
 143         ND_PRINT(".");
 144         PRINT;
 145         ND_PRINT("@");
 146         PRINT;
 147         return (cp);
 148
 149 trunc:
 150         nd_print_trunc(ndo);
 151         return (NULL);
 152
 153 #undef PRINT
 154 }
 155
 156 static void
 157 krb4_print(netdissect_options *ndo,
 158            const u_char *cp)
 159 {
 160         const struct krb *kp;
 161         u_char type;
 162         u_short len;
 163
 164 #define PRINT           if ((cp = c_print(ndo, cp, ndo->ndo_snapend)) == NULL) goto trunc
 165 /*  True if struct krb is little endian */
 166 #define IS_LENDIAN(kp)  ((GET_U_1((kp)->type) & 0x01) != 0)
 167 #define KTOHSP(kp, cp)  (IS_LENDIAN(kp) ? GET_LE_U_2(cp) : GET_BE_U_2(cp))
 168
 169         kp = (const struct krb *)cp;
 170
 171         type = GET_U_1(kp->type) & (0xFF << 1);
 172
 173         ND_PRINT(" %s %s: ",
 174             IS_LENDIAN(kp) ? "le" : "be", tok2str(type2str, NULL, type));
 175
 176         switch (type) {
 177
 178         case AUTH_MSG_KDC_REQUEST:
 179                 if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
 180                         return;
 181                 cp += 4;        /* ctime */
 182                 ND_PRINT(" %umin ", GET_U_1(cp) * 5);
 183                 cp++;
 184                 PRINT;
 185                 ND_PRINT(".");
 186                 PRINT;
 187                 break;
 188
 189         case AUTH_MSG_APPL_REQUEST:
 190                 cp += 2;
 191                 ND_PRINT("v%u ", GET_U_1(cp));
 192                 cp++;
 193                 PRINT;
 194                 ND_PRINT(" (%u)", GET_U_1(cp));
 195                 cp++;
 196                 ND_PRINT(" (%u)", GET_U_1(cp));
 197                 break;
 198
 199         case AUTH_MSG_KDC_REPLY:
 200                 if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
 201                         return;
 202                 cp += 10;       /* timestamp + n + exp + kvno */
 203                 len = KTOHSP(kp, cp);
 204                 ND_PRINT(" (%u)", len);
 205                 break;
 206
 207         case AUTH_MSG_ERR_REPLY:
 208                 if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
 209                         return;
 210                 cp += 4;          /* timestamp */
 211                 ND_PRINT(" %s ", tok2str(kerr2str, NULL, KTOHSP(kp, cp)));
 212                 cp += 4;
 213                 PRINT;
 214                 break;
 215
 216         default:
 217                 ND_PRINT("(unknown)");
 218                 break;
 219         }
 220
 221         return;
 222 trunc:
 223         nd_print_trunc(ndo);
 224 }
 225
 226 void
 227 krb_print(netdissect_options *ndo,
 228           const u_char *dat)
 229 {
 230         const struct krb *kp;
 231
 232         ndo->ndo_protocol = "krb";
 233         kp = (const struct krb *)dat;
 234
 235         if (dat >= ndo->ndo_snapend) {
 236                 nd_print_trunc(ndo);
 237                 return;
 238         }
 239
 240         switch (GET_U_1(kp->pvno)) {
 241
 242         case 1:
 243         case 2:
 244         case 3:
 245                 ND_PRINT(" v%u", GET_U_1(kp->pvno));
 246                 break;
 247
 248         case 4:
 249                 ND_PRINT(" v%u", GET_U_1(kp->pvno));
 250                 krb4_print(ndo, (const u_char *)kp);
 251                 break;
 252
 253         case 106:
 254         case 107:
 255                 ND_PRINT(" v5");
 256                 /* Decode ASN.1 here "someday" */
 257                 break;
 258         }
 259 }