xref: /aosp_15_r20/external/tcpdump/print-krb.c (revision 05b00f6010a2396e3db2409989fc67270046269f) 
1*05b00f60SXin Li /*
2*05b00f60SXin Li  * Copyright (c) 1995, 1996, 1997
3*05b00f60SXin Li  *	The Regents of the University of California.  All rights reserved.
4*05b00f60SXin Li  *
5*05b00f60SXin Li  * Redistribution and use in source and binary forms, with or without
6*05b00f60SXin Li  * modification, are permitted provided that: (1) source code distributions
7*05b00f60SXin Li  * retain the above copyright notice and this paragraph in its entirety, (2)
8*05b00f60SXin Li  * distributions including binary code include the above copyright notice and
9*05b00f60SXin Li  * this paragraph in its entirety in the documentation or other materials
10*05b00f60SXin Li  * provided with the distribution, and (3) all advertising materials mentioning
11*05b00f60SXin Li  * features or use of this software display the following acknowledgement:
12*05b00f60SXin Li  * ``This product includes software developed by the University of California,
13*05b00f60SXin Li  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14*05b00f60SXin Li  * the University nor the names of its contributors may be used to endorse
15*05b00f60SXin Li  * or promote products derived from this software without specific prior
16*05b00f60SXin Li  * written permission.
17*05b00f60SXin Li  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18*05b00f60SXin Li  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19*05b00f60SXin Li  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20*05b00f60SXin Li  *
21*05b00f60SXin Li  * Initial contribution from John Hawkinson ([email protected]).
22*05b00f60SXin Li  */
23*05b00f60SXin Li 
24*05b00f60SXin Li /* \summary: Kerberos printer */
25*05b00f60SXin Li 
26*05b00f60SXin Li #ifdef HAVE_CONFIG_H
27*05b00f60SXin Li #include <config.h>
28*05b00f60SXin Li #endif
29*05b00f60SXin Li 
30*05b00f60SXin Li #include "netdissect-stdinc.h"
31*05b00f60SXin Li 
32*05b00f60SXin Li #include "netdissect.h"
33*05b00f60SXin Li #include "extract.h"
34*05b00f60SXin Li 
35*05b00f60SXin Li /*
36*05b00f60SXin Li  * Kerberos 4:
37*05b00f60SXin Li  *
38*05b00f60SXin Li  * Athena Technical Plan
39*05b00f60SXin Li  * Section E.2.1
40*05b00f60SXin Li  * Kerberos Authentication and Authorization System
41*05b00f60SXin Li  * by S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer
42*05b00f60SXin Li  *
43*05b00f60SXin Li  * https://web.mit.edu/Saltzer/www/publications/athenaplan/e.2.1.pdf
44*05b00f60SXin Li  *
45*05b00f60SXin Li  * 7. Appendix I Design Specifications
46*05b00f60SXin Li  *
47*05b00f60SXin Li  * Kerberos 5:
48*05b00f60SXin Li  *
49*05b00f60SXin Li  * RFC 1510, RFC 2630, etc.
50*05b00f60SXin Li  */
51*05b00f60SXin Li 
52*05b00f60SXin Li 
53*05b00f60SXin Li static const u_char *c_print(netdissect_options *, const u_char *, const u_char *);
54*05b00f60SXin Li static const u_char *krb4_print_hdr(netdissect_options *, const u_char *);
55*05b00f60SXin Li static void krb4_print(netdissect_options *, const u_char *);
56*05b00f60SXin Li 
57*05b00f60SXin Li #define AUTH_MSG_KDC_REQUEST			1<<1
58*05b00f60SXin Li #define AUTH_MSG_KDC_REPLY			2<<1
59*05b00f60SXin Li #define AUTH_MSG_APPL_REQUEST			3<<1
60*05b00f60SXin Li #define AUTH_MSG_APPL_REQUEST_MUTUAL		4<<1
61*05b00f60SXin Li #define AUTH_MSG_ERR_REPLY			5<<1
62*05b00f60SXin Li #define AUTH_MSG_PRIVATE			6<<1
63*05b00f60SXin Li #define AUTH_MSG_SAFE				7<<1
64*05b00f60SXin Li #define AUTH_MSG_APPL_ERR			8<<1
65*05b00f60SXin Li #define AUTH_MSG_DIE				63<<1
66*05b00f60SXin Li 
67*05b00f60SXin Li #define KERB_ERR_OK				0
68*05b00f60SXin Li #define KERB_ERR_NAME_EXP			1
69*05b00f60SXin Li #define KERB_ERR_SERVICE_EXP			2
70*05b00f60SXin Li #define KERB_ERR_AUTH_EXP			3
71*05b00f60SXin Li #define KERB_ERR_PKT_VER			4
72*05b00f60SXin Li #define KERB_ERR_NAME_MAST_KEY_VER		5
73*05b00f60SXin Li #define KERB_ERR_SERV_MAST_KEY_VER		6
74*05b00f60SXin Li #define KERB_ERR_BYTE_ORDER			7
75*05b00f60SXin Li #define KERB_ERR_PRINCIPAL_UNKNOWN		8
76*05b00f60SXin Li #define KERB_ERR_PRINCIPAL_NOT_UNIQUE		9
77*05b00f60SXin Li #define KERB_ERR_NULL_KEY			10
78*05b00f60SXin Li 
79*05b00f60SXin Li struct krb {
80*05b00f60SXin Li 	nd_uint8_t pvno;	/* Protocol Version */
81*05b00f60SXin Li 	nd_uint8_t type;	/* Type+B */
82*05b00f60SXin Li };
83*05b00f60SXin Li 
84*05b00f60SXin Li static const struct tok type2str[] = {
85*05b00f60SXin Li 	{ AUTH_MSG_KDC_REQUEST,		"KDC_REQUEST" },
86*05b00f60SXin Li 	{ AUTH_MSG_KDC_REPLY,		"KDC_REPLY" },
87*05b00f60SXin Li 	{ AUTH_MSG_APPL_REQUEST,	"APPL_REQUEST" },
88*05b00f60SXin Li 	{ AUTH_MSG_APPL_REQUEST_MUTUAL,	"APPL_REQUEST_MUTUAL" },
89*05b00f60SXin Li 	{ AUTH_MSG_ERR_REPLY,		"ERR_REPLY" },
90*05b00f60SXin Li 	{ AUTH_MSG_PRIVATE,		"PRIVATE" },
91*05b00f60SXin Li 	{ AUTH_MSG_SAFE,		"SAFE" },
92*05b00f60SXin Li 	{ AUTH_MSG_APPL_ERR,		"APPL_ERR" },
93*05b00f60SXin Li 	{ AUTH_MSG_DIE,			"DIE" },
94*05b00f60SXin Li 	{ 0,				NULL }
95*05b00f60SXin Li };
96*05b00f60SXin Li 
97*05b00f60SXin Li static const struct tok kerr2str[] = {
98*05b00f60SXin Li 	{ KERB_ERR_OK,			"OK" },
99*05b00f60SXin Li 	{ KERB_ERR_NAME_EXP,		"NAME_EXP" },
100*05b00f60SXin Li 	{ KERB_ERR_SERVICE_EXP,		"SERVICE_EXP" },
101*05b00f60SXin Li 	{ KERB_ERR_AUTH_EXP,		"AUTH_EXP" },
102*05b00f60SXin Li 	{ KERB_ERR_PKT_VER,		"PKT_VER" },
103*05b00f60SXin Li 	{ KERB_ERR_NAME_MAST_KEY_VER,	"NAME_MAST_KEY_VER" },
104*05b00f60SXin Li 	{ KERB_ERR_SERV_MAST_KEY_VER,	"SERV_MAST_KEY_VER" },
105*05b00f60SXin Li 	{ KERB_ERR_BYTE_ORDER,		"BYTE_ORDER" },
106*05b00f60SXin Li 	{ KERB_ERR_PRINCIPAL_UNKNOWN,	"PRINCIPAL_UNKNOWN" },
107*05b00f60SXin Li 	{ KERB_ERR_PRINCIPAL_NOT_UNIQUE,"PRINCIPAL_NOT_UNIQUE" },
108*05b00f60SXin Li 	{ KERB_ERR_NULL_KEY,		"NULL_KEY"},
109*05b00f60SXin Li 	{ 0,				NULL}
110*05b00f60SXin Li };
111*05b00f60SXin Li 
112*05b00f60SXin Li static const u_char *
c_print(netdissect_options * ndo,const u_char * s,const u_char * ep)113*05b00f60SXin Li c_print(netdissect_options *ndo,
114*05b00f60SXin Li         const u_char *s, const u_char *ep)
115*05b00f60SXin Li {
116*05b00f60SXin Li 	u_char c;
117*05b00f60SXin Li 	int flag;
118*05b00f60SXin Li 
119*05b00f60SXin Li 	flag = 1;
120*05b00f60SXin Li 	while (s < ep) {
121*05b00f60SXin Li 		c = GET_U_1(s);
122*05b00f60SXin Li 		s++;
123*05b00f60SXin Li 		if (c == '\0') {
124*05b00f60SXin Li 			flag = 0;
125*05b00f60SXin Li 			break;
126*05b00f60SXin Li 		}
127*05b00f60SXin Li 		fn_print_char(ndo, c);
128*05b00f60SXin Li 	}
129*05b00f60SXin Li 	if (flag)
130*05b00f60SXin Li 		return NULL;
131*05b00f60SXin Li 	return (s);
132*05b00f60SXin Li }
133*05b00f60SXin Li 
134*05b00f60SXin Li static const u_char *
krb4_print_hdr(netdissect_options * ndo,const u_char * cp)135*05b00f60SXin Li krb4_print_hdr(netdissect_options *ndo,
136*05b00f60SXin Li                const u_char *cp)
137*05b00f60SXin Li {
138*05b00f60SXin Li 	cp += 2;
139*05b00f60SXin Li 
140*05b00f60SXin Li #define PRINT		if ((cp = c_print(ndo, cp, ndo->ndo_snapend)) == NULL) goto trunc
141*05b00f60SXin Li 
142*05b00f60SXin Li 	PRINT;
143*05b00f60SXin Li 	ND_PRINT(".");
144*05b00f60SXin Li 	PRINT;
145*05b00f60SXin Li 	ND_PRINT("@");
146*05b00f60SXin Li 	PRINT;
147*05b00f60SXin Li 	return (cp);
148*05b00f60SXin Li 
149*05b00f60SXin Li trunc:
150*05b00f60SXin Li 	nd_print_trunc(ndo);
151*05b00f60SXin Li 	return (NULL);
152*05b00f60SXin Li 
153*05b00f60SXin Li #undef PRINT
154*05b00f60SXin Li }
155*05b00f60SXin Li 
156*05b00f60SXin Li static void
krb4_print(netdissect_options * ndo,const u_char * cp)157*05b00f60SXin Li krb4_print(netdissect_options *ndo,
158*05b00f60SXin Li            const u_char *cp)
159*05b00f60SXin Li {
160*05b00f60SXin Li 	const struct krb *kp;
161*05b00f60SXin Li 	u_char type;
162*05b00f60SXin Li 	u_short len;
163*05b00f60SXin Li 
164*05b00f60SXin Li #define PRINT		if ((cp = c_print(ndo, cp, ndo->ndo_snapend)) == NULL) goto trunc
165*05b00f60SXin Li /*  True if struct krb is little endian */
166*05b00f60SXin Li #define IS_LENDIAN(kp)	((GET_U_1((kp)->type) & 0x01) != 0)
167*05b00f60SXin Li #define KTOHSP(kp, cp)	(IS_LENDIAN(kp) ? GET_LE_U_2(cp) : GET_BE_U_2(cp))
168*05b00f60SXin Li 
169*05b00f60SXin Li 	kp = (const struct krb *)cp;
170*05b00f60SXin Li 
171*05b00f60SXin Li 	type = GET_U_1(kp->type) & (0xFF << 1);
172*05b00f60SXin Li 
173*05b00f60SXin Li 	ND_PRINT(" %s %s: ",
174*05b00f60SXin Li 	    IS_LENDIAN(kp) ? "le" : "be", tok2str(type2str, NULL, type));
175*05b00f60SXin Li 
176*05b00f60SXin Li 	switch (type) {
177*05b00f60SXin Li 
178*05b00f60SXin Li 	case AUTH_MSG_KDC_REQUEST:
179*05b00f60SXin Li 		if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
180*05b00f60SXin Li 			return;
181*05b00f60SXin Li 		cp += 4;	/* ctime */
182*05b00f60SXin Li 		ND_PRINT(" %umin ", GET_U_1(cp) * 5);
183*05b00f60SXin Li 		cp++;
184*05b00f60SXin Li 		PRINT;
185*05b00f60SXin Li 		ND_PRINT(".");
186*05b00f60SXin Li 		PRINT;
187*05b00f60SXin Li 		break;
188*05b00f60SXin Li 
189*05b00f60SXin Li 	case AUTH_MSG_APPL_REQUEST:
190*05b00f60SXin Li 		cp += 2;
191*05b00f60SXin Li 		ND_PRINT("v%u ", GET_U_1(cp));
192*05b00f60SXin Li 		cp++;
193*05b00f60SXin Li 		PRINT;
194*05b00f60SXin Li 		ND_PRINT(" (%u)", GET_U_1(cp));
195*05b00f60SXin Li 		cp++;
196*05b00f60SXin Li 		ND_PRINT(" (%u)", GET_U_1(cp));
197*05b00f60SXin Li 		break;
198*05b00f60SXin Li 
199*05b00f60SXin Li 	case AUTH_MSG_KDC_REPLY:
200*05b00f60SXin Li 		if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
201*05b00f60SXin Li 			return;
202*05b00f60SXin Li 		cp += 10;	/* timestamp + n + exp + kvno */
203*05b00f60SXin Li 		len = KTOHSP(kp, cp);
204*05b00f60SXin Li 		ND_PRINT(" (%u)", len);
205*05b00f60SXin Li 		break;
206*05b00f60SXin Li 
207*05b00f60SXin Li 	case AUTH_MSG_ERR_REPLY:
208*05b00f60SXin Li 		if ((cp = krb4_print_hdr(ndo, cp)) == NULL)
209*05b00f60SXin Li 			return;
210*05b00f60SXin Li 		cp += 4;	  /* timestamp */
211*05b00f60SXin Li 		ND_PRINT(" %s ", tok2str(kerr2str, NULL, KTOHSP(kp, cp)));
212*05b00f60SXin Li 		cp += 4;
213*05b00f60SXin Li 		PRINT;
214*05b00f60SXin Li 		break;
215*05b00f60SXin Li 
216*05b00f60SXin Li 	default:
217*05b00f60SXin Li 		ND_PRINT("(unknown)");
218*05b00f60SXin Li 		break;
219*05b00f60SXin Li 	}
220*05b00f60SXin Li 
221*05b00f60SXin Li 	return;
222*05b00f60SXin Li trunc:
223*05b00f60SXin Li 	nd_print_trunc(ndo);
224*05b00f60SXin Li }
225*05b00f60SXin Li 
226*05b00f60SXin Li void
krb_print(netdissect_options * ndo,const u_char * dat)227*05b00f60SXin Li krb_print(netdissect_options *ndo,
228*05b00f60SXin Li           const u_char *dat)
229*05b00f60SXin Li {
230*05b00f60SXin Li 	const struct krb *kp;
231*05b00f60SXin Li 
232*05b00f60SXin Li 	ndo->ndo_protocol = "krb";
233*05b00f60SXin Li 	kp = (const struct krb *)dat;
234*05b00f60SXin Li 
235*05b00f60SXin Li 	if (dat >= ndo->ndo_snapend) {
236*05b00f60SXin Li 		nd_print_trunc(ndo);
237*05b00f60SXin Li 		return;
238*05b00f60SXin Li 	}
239*05b00f60SXin Li 
240*05b00f60SXin Li 	switch (GET_U_1(kp->pvno)) {
241*05b00f60SXin Li 
242*05b00f60SXin Li 	case 1:
243*05b00f60SXin Li 	case 2:
244*05b00f60SXin Li 	case 3:
245*05b00f60SXin Li 		ND_PRINT(" v%u", GET_U_1(kp->pvno));
246*05b00f60SXin Li 		break;
247*05b00f60SXin Li 
248*05b00f60SXin Li 	case 4:
249*05b00f60SXin Li 		ND_PRINT(" v%u", GET_U_1(kp->pvno));
250*05b00f60SXin Li 		krb4_print(ndo, (const u_char *)kp);
251*05b00f60SXin Li 		break;
252*05b00f60SXin Li 
253*05b00f60SXin Li 	case 106:
254*05b00f60SXin Li 	case 107:
255*05b00f60SXin Li 		ND_PRINT(" v5");
256*05b00f60SXin Li 		/* Decode ASN.1 here "someday" */
257*05b00f60SXin Li 		break;
258*05b00f60SXin Li 	}
259*05b00f60SXin Li }
260