2 * Copyright (c) 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 * Initial contribution from John Hawkinson (jhawk@mit.edu).
25 static const char rcsid[] _U_ =
26 "@(#) $Header: /tcpdump/master/tcpdump/print-krb.c,v 1.21.2.2 2003/11/16 08:51:30 guy Exp $";
33 #include <tcpdump-stdinc.h>
37 #include "interface.h"
38 #include "addrtoname.h"
41 static const u_char *c_print(register const u_char *, register const u_char *);
42 static const u_char *krb4_print_hdr(const u_char *);
43 static void krb4_print(const u_char *);
45 #define AUTH_MSG_KDC_REQUEST 1<<1
46 #define AUTH_MSG_KDC_REPLY 2<<1
47 #define AUTH_MSG_APPL_REQUEST 3<<1
48 #define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1
49 #define AUTH_MSG_ERR_REPLY 5<<1
50 #define AUTH_MSG_PRIVATE 6<<1
51 #define AUTH_MSG_SAFE 7<<1
52 #define AUTH_MSG_APPL_ERR 8<<1
53 #define AUTH_MSG_DIE 63<<1
56 #define KERB_ERR_NAME_EXP 1
57 #define KERB_ERR_SERVICE_EXP 2
58 #define KERB_ERR_AUTH_EXP 3
59 #define KERB_ERR_PKT_VER 4
60 #define KERB_ERR_NAME_MAST_KEY_VER 5
61 #define KERB_ERR_SERV_MAST_KEY_VER 6
62 #define KERB_ERR_BYTE_ORDER 7
63 #define KERB_ERR_PRINCIPAL_UNKNOWN 8
64 #define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9
65 #define KERB_ERR_NULL_KEY 10
68 u_int8_t pvno; /* Protocol Version */
69 u_int8_t type; /* Type+B */
72 static char tstr[] = " [|kerberos]";
74 static struct tok type2str[] = {
75 { AUTH_MSG_KDC_REQUEST, "KDC_REQUEST" },
76 { AUTH_MSG_KDC_REPLY, "KDC_REPLY" },
77 { AUTH_MSG_APPL_REQUEST, "APPL_REQUEST" },
78 { AUTH_MSG_APPL_REQUEST_MUTUAL, "APPL_REQUEST_MUTUAL" },
79 { AUTH_MSG_ERR_REPLY, "ERR_REPLY" },
80 { AUTH_MSG_PRIVATE, "PRIVATE" },
81 { AUTH_MSG_SAFE, "SAFE" },
82 { AUTH_MSG_APPL_ERR, "APPL_ERR" },
83 { AUTH_MSG_DIE, "DIE" },
87 static struct tok kerr2str[] = {
88 { KERB_ERR_OK, "OK" },
89 { KERB_ERR_NAME_EXP, "NAME_EXP" },
90 { KERB_ERR_SERVICE_EXP, "SERVICE_EXP" },
91 { KERB_ERR_AUTH_EXP, "AUTH_EXP" },
92 { KERB_ERR_PKT_VER, "PKT_VER" },
93 { KERB_ERR_NAME_MAST_KEY_VER, "NAME_MAST_KEY_VER" },
94 { KERB_ERR_SERV_MAST_KEY_VER, "SERV_MAST_KEY_VER" },
95 { KERB_ERR_BYTE_ORDER, "BYTE_ORDER" },
96 { KERB_ERR_PRINCIPAL_UNKNOWN, "PRINCIPAL_UNKNOWN" },
97 { KERB_ERR_PRINCIPAL_NOT_UNIQUE,"PRINCIPAL_NOT_UNIQUE" },
98 { KERB_ERR_NULL_KEY, "NULL_KEY"},
102 static const u_char *
103 c_print(register const u_char *s, register const u_char *ep)
121 c ^= 0x40; /* DEL to ?, others to alpha */
131 static const u_char *
132 krb4_print_hdr(const u_char *cp)
136 #define PRINT if ((cp = c_print(cp, snapend)) == NULL) goto trunc
153 krb4_print(const u_char *cp)
155 register const struct krb *kp;
159 #define PRINT if ((cp = c_print(cp, snapend)) == NULL) goto trunc
160 /* True if struct krb is little endian */
161 #define IS_LENDIAN(kp) (((kp)->type & 0x01) != 0)
162 #define KTOHSP(kp, cp) (IS_LENDIAN(kp) ? EXTRACT_LE_16BITS(cp) : EXTRACT_16BITS(cp))
164 kp = (struct krb *)cp;
166 if ((&kp->type) >= snapend) {
171 type = kp->type & (0xFF << 1);
174 IS_LENDIAN(kp) ? "le" : "be", tok2str(type2str, NULL, type));
178 case AUTH_MSG_KDC_REQUEST:
179 if ((cp = krb4_print_hdr(cp)) == NULL)
183 printf(" %dmin ", *cp++ * 5);
189 case AUTH_MSG_APPL_REQUEST:
192 printf("v%d ", *cp++);
195 printf(" (%d)", *cp++);
197 printf(" (%d)", *cp);
200 case AUTH_MSG_KDC_REPLY:
201 if ((cp = krb4_print_hdr(cp)) == NULL)
203 cp += 10; /* timestamp + n + exp + kvno */
204 TCHECK2(*cp, sizeof(short));
205 len = KTOHSP(kp, cp);
206 printf(" (%d)", len);
209 case AUTH_MSG_ERR_REPLY:
210 if ((cp = krb4_print_hdr(cp)) == NULL)
212 cp += 4; /* timestamp */
213 TCHECK2(*cp, sizeof(short));
214 printf(" %s ", tok2str(kerr2str, NULL, KTOHSP(kp, cp)));
220 fputs("(unknown)", stdout);
230 krb_print(const u_char *dat)
232 register const struct krb *kp;
234 kp = (struct krb *)dat;
236 if (dat >= snapend) {
246 printf(" v%d", kp->pvno);
250 printf(" v%d", kp->pvno);
251 krb4_print((const u_char *)kp);
256 fputs(" v5", stdout);
257 /* Decode ASN.1 here "someday" */