Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1233 lines
39 KiB

  1. //=============================================================================
  2. //
  3. // MODULE: Globals.cxx
  4. //
  5. // Description:
  6. //
  7. // Globals used by the Kerberos parser
  8. //
  9. // Modification History
  10. //
  11. // Mark Pustilnik Date: 06/08/02 - created
  12. //
  13. //=============================================================================
  14. #include "ASN1Parser.hxx"
  15. #define FORMAT_BUFFER_SIZE 132
  16. //
  17. // Kerberos message types
  18. //
  19. LABELED_DWORD g_PacketType[] =
  20. {
  21. { 0xFFFFFFFF, NULL },
  22. { ASN1_KRB_AS_REQ, "KRB_AS_REQ (0x0A)" },
  23. { ASN1_KRB_AS_REP, "KRB_AS_REP (0x0B)" },
  24. { ASN1_KRB_TGS_REQ, "KRB_TGS_REQ (0x0C)" },
  25. { ASN1_KRB_TGS_REP, "KRB_TGS_REP (0x0D)" },
  26. { ASN1_KRB_AP_REQ, "KRB_AP_REQ (0x0E)" },
  27. { ASN1_KRB_AP_REP, "KRB_AP_REP (0x0F)" },
  28. { ASN1_KRB_SAFE, "KRB_SAFE (0x14)" },
  29. { ASN1_KRB_PRIV, "KRB_PRIV (0x15)" },
  30. { ASN1_KRB_CRED, "KRB_CRED (0x16)" },
  31. { ASN1_KRB_ERROR, "KRB_ERROR (0x1E)" },
  32. };
  33. SET g_PacketTypeSet = SET_OF( g_PacketType );
  34. //
  35. // Boolean values
  36. //
  37. LABELED_DWORD g_Boolean[] =
  38. {
  39. { 0xFFFFFFFF, NULL },
  40. { FALSE, "False" },
  41. { TRUE, "True" },
  42. };
  43. SET g_BooleanSet = SET_OF( g_Boolean );
  44. //
  45. // Kerberos encryption types
  46. //
  47. LABELED_DWORD g_EncryptionType[] =
  48. {
  49. { 0xFFFFFFFF, NULL },
  50. { ( 0xFFFF & KERB_ETYPE_RC4_HMAC_OLD ), "RC4-HMAC-OLD" },
  51. { ( 0xFFFF & KERB_ETYPE_RC4_PLAIN_OLD ), "RC4-PLAIN-OLD" },
  52. { ( 0xFFFF & KERB_ETYPE_RC4_HMAC_OLD_EXP ), "RC4-HMAC-OLD-EXP" },
  53. { ( 0xFFFF & KERB_ETYPE_RC4_PLAIN_OLD_EXP ), "RC4-PLAIN-OLD-EXP" },
  54. { ( 0xFFFF & KERB_ETYPE_RC4_PLAIN ), "RC4-PLAIN" },
  55. { ( 0xFFFF & KERB_ETYPE_RC4_PLAIN_EXP ), "RC4-PLAIN-EXP" },
  56. { ( 0xFFFF & KERB_ETYPE_NULL ), "NULL" },
  57. { ( 0xFFFF & KERB_ETYPE_DES_CBC_CRC ), "DES-CBC-CRC" },
  58. { ( 0xFFFF & KERB_ETYPE_DES_CBC_MD4 ), "DES-CBC-MD4" },
  59. { ( 0xFFFF & KERB_ETYPE_DES_CBC_MD5 ), "DES-CBC-MD5" },
  60. { ( 0xFFFF & KERB_ETYPE_DES3_CBC_MD5 ), "DES3-CBC-MD5" },
  61. { ( 0xFFFF & KERB_ETYPE_DES3_CBC_SHA1 ), "DES3-CBC-SHA1" },
  62. { ( 0xFFFF & KERB_ETYPE_DSA_SHA1_CMS ), "DSA-SHA1-CMS" },
  63. { ( 0xFFFF & KERB_ETYPE_RSA_MD5_CMS ), "RSA-MD5-CMS" },
  64. { ( 0xFFFF & KERB_ETYPE_RSA_SHA1_CMS ), "RSA-SHA1-CMS" },
  65. { ( 0xFFFF & KERB_ETYPE_RC2_CBC_ENV ), "RC2-CBC-ENV" },
  66. { ( 0xFFFF & KERB_ETYPE_RSA_ENV ), "RSA-ENV" },
  67. { ( 0xFFFF & KERB_ETYPE_RSA_ES_OEAP_ENV ), "RSA-ES-OEAP-ENV" },
  68. { ( 0xFFFF & KERB_ETYPE_DES_EDE3_CBC_ENV ), "DES-EDE3-CBC-ENV" },
  69. { ( 0xFFFF & KERB_ETYPE_DES3_CBC_SHA1_KD ), "DES3-CBC-SHA1-KD" },
  70. { ( 0xFFFF & KERB_ETYPE_DES_CBC_MD5_NT ), "DES-CBC-MD5-NT" },
  71. { ( 0xFFFF & KERB_ETYPE_RC4_HMAC_NT ), "RC4-HMAC-NT" },
  72. { ( 0xFFFF & KERB_ETYPE_RC4_HMAC_NT_EXP ), "RC4-HMAC-NT-EXP" },
  73. { ( 0xFFFF & KERB_ETYPE_OLD_RC4_MD4 ), "RC4-MD4-OLD" },
  74. { ( 0xFFFF & KERB_ETYPE_OLD_RC4_PLAIN ), "RC4-PLAIN-OLD" },
  75. { ( 0xFFFF & KERB_ETYPE_OLD_RC4_LM ), "RC4-LM-OLD" },
  76. { ( 0xFFFF & KERB_ETYPE_OLD_RC4_SHA ), "RC4-SHA-OLD" },
  77. { ( 0xFFFF & KERB_ETYPE_OLD_DES_PLAIN ), "DES-PLAIN-OLD" },
  78. { ( 0xFFFF & KERB_ETYPE_RC4_MD4 ), "RC4-MD4" },
  79. { ( 0xFFFF & KERB_ETYPE_RC4_PLAIN2 ), "RC4-PLAIN2" },
  80. { ( 0xFFFF & KERB_ETYPE_RC4_LM ), "RC4-LM" },
  81. { ( 0xFFFF & KERB_ETYPE_RC4_SHA ), "RC4-SHA" },
  82. { ( 0xFFFF & KERB_ETYPE_DES_PLAIN ), "DES-PLAIN" },
  83. { ( 0xFFFF & KERB_ETYPE_RC4_HMAC_OLD ), "RC4-HMAC-OLD" },
  84. { ( 0xFFFF & KERB_ETYPE_RC4_PLAIN_OLD ), "RC4-PLAIN-OLD" },
  85. { ( 0xFFFF & KERB_ETYPE_RC4_HMAC_OLD_EXP ), "RC4-HMAC-OLD-EXP" },
  86. { ( 0xFFFF & KERB_ETYPE_RC4_PLAIN_OLD_EXP ), "RC4-PLAIN-OLD-EXP" },
  87. { ( 0xFFFF & KERB_ETYPE_RC4_PLAIN ), "RC4-PLAIN" },
  88. { ( 0xFFFF & KERB_ETYPE_RC4_PLAIN_EXP ), "RC4-PLAIN-EXP" },
  89. };
  90. SET g_EncryptionTypeSet = SET_OF( g_EncryptionType );
  91. //
  92. // Kerberos checksum types
  93. //
  94. LABELED_DWORD g_ChecksumType[] =
  95. {
  96. { 0xFFFFFFFF, NULL },
  97. { ( 0xFFFF & KERB_CHECKSUM_NONE ), "KERB-CHECKSUM-NONE" },
  98. { ( 0xFFFF & KERB_CHECKSUM_CRC32 ), "KERB-CHECKSUM-CRC32" },
  99. { ( 0xFFFF & KERB_CHECKSUM_MD4 ), "KERB-CHECKSUM-MD4" },
  100. { ( 0xFFFF & KERB_CHECKSUM_KRB_DES_MAC ), "KERB-CHECKSUM-KRB-DES-MAC" },
  101. { ( 0xFFFF & KERB_CHECKSUM_KRB_DES_MAC_K ), "KERB-CHECKSUM-KRB-DES-MAC-K" },
  102. { ( 0xFFFF & KERB_CHECKSUM_MD5 ), "KERB-CHECKSUM-MD5" },
  103. { ( 0xFFFF & KERB_CHECKSUM_MD5_DES ), "KERB-CHECKSUM-MD5-DES" },
  104. { ( 0xFFFF & KERB_CHECKSUM_LM ), "KERB-CHECKSUM-LM" },
  105. { ( 0xFFFF & KERB_CHECKSUM_SHA1 ), "KERB-CHECKSUM-SHA1" },
  106. { ( 0xFFFF & KERB_CHECKSUM_REAL_CRC32 ), "KERB-CHECKSUM-REAL-CRC32" },
  107. { ( 0xFFFF & KERB_CHECKSUM_DES_MAC ), "KERB-CHECKSUM-DES-MAC" },
  108. { ( 0xFFFF & KERB_CHECKSUM_DES_MAC_MD5 ), "KERB-CHECKSUM-DES-MAC-MD5" },
  109. { ( 0xFFFF & KERB_CHECKSUM_MD25 ), "KERB-CHECKSUM-MD25" },
  110. { ( 0xFFFF & KERB_CHECKSUM_RC4_MD5 ), "KERB-CHECKSUM-RC4-MD5" },
  111. { ( 0xFFFF & KERB_CHECKSUM_MD5_HMAC ), "KERB-CHECKSUM-MD5-HMAC" },
  112. { ( 0xFFFF & KERB_CHECKSUM_HMAC_MD5 ), "KERB-CHECKSUM-HMAC-MD5" },
  113. };
  114. SET g_ChecksumTypeSet = SET_OF( g_ChecksumType );
  115. //
  116. // Kerberos pre-authentication data types
  117. //
  118. LABELED_DWORD g_PaDataType[] =
  119. {
  120. { 0xFFFFFFFF, NULL },
  121. { PA_NONE, "None" },
  122. { PA_APTGS_REQ, "PA-{AP|TGS}-REQ" },
  123. { PA_ENC_TIMESTAMP, "PA-ENC-TIMESTAMP" },
  124. { PA_PW_SALT, "PA-PW-SALT" },
  125. { PA_RESERVED, "Reserved Value" },
  126. { PA_ENC_UNIX_TIME, "PA-END-UNIX-TIME" },
  127. { PA_SANDIA_SECUREID, "PA-SANDIA-SECUREID" },
  128. { PA_SESAME, "PA-SESAME" },
  129. { PA_OSF_DCE, "PA-OSF-DCE" },
  130. { PA_CYBERSAFE_SECUREID, "PA-CYBERSAFE-SECUREID" },
  131. { PA_AFS3_SALT, "PA-AFS3-SALT" },
  132. { PA_ETYPE_INFO, "PA-ETYPE-INFO" },
  133. { SAM_CHALLENGE, "SAM-CHALLENGE" },
  134. { SAM_RESPONSE, "SAM-RESPONSE" },
  135. { PA_PK_AS_REQ, "PA-PK-AS-REQ" },
  136. { PA_PK_AS_REP, "PA-PK-AS-REP" },
  137. { PA_PK_AS_SIGN, "PA-PK-AS-SIGN" },
  138. { PA_PK_KEY_REQ, "PA-PK-KEY-REQ" },
  139. { PA_PK_KEY_REP, "PA-PK-KEY-REP" },
  140. { PA_USE_SPECIFIED_KVNO, "PA-USE-SPECIFIED-KVNO" },
  141. { SAM_REDIRECT, "SAM-REDIRECT" },
  142. { PA_GET_FROM_TYPED_DATA, "PA-GET-FROM-TYPED-DATA" },
  143. { PA_SAM_ETYPE_INFO, "PA-SAM-ETYPE-INFO" },
  144. { PA_ALT_PRINC, "PA-ALT-PRINC" },
  145. { PA_REFERRAL_INFO, "PA-REFERRAL-INFO" },
  146. { TD_PKINIT_CMS_CERTIFICATES, "TD-PKINIT-CMS-CERTIFICATES" },
  147. { TD_KRB_PRINCIPAL, "TD-KRB-PRINCIPAL" },
  148. { TD_KRB_REALM, "TD-KRB-REALM" },
  149. { TD_TRUSTED_CERTIFIERS, "TD-TRUSTED-CERTIFIERS" },
  150. { TD_CERTIFICATE_INDEX, "TD-CERTIFICATE-INDEX" },
  151. { TD_APP_DEFINED_ERROR, "TD-APP-DEFINED-ERROR" },
  152. { TD_REQ_NONCE, "TD-REQ-NONCE" },
  153. { TD_REQ_SEQ, "TD-REQ-SEQ" },
  154. { PA_PAC_REQUEST, "PA-PAC-REQUEST" },
  155. { PA_FOR_USER, "PA-FOR-USER" },
  156. { PA_COMPOUND_IDENTITY, "PA-COMPOUND-IDENTITY" },
  157. { PA_PAC_REQUEST_EX, "PA-PAC-REQUEST-EX" },
  158. { PA_CLIENT_VERSION, "PA-CLIENT-VERSION" },
  159. { PA_XBOX_SERVICE_REQUEST, "PA-XBOX-SERVICE-REQUEST" },
  160. { PA_XBOX_SERVICE_ADDRESS, "PA-XBOX-SERVICE-ADDRESS" },
  161. { PA_XBOX_ACCOUNT_CREATION, "PA-XBOX-ACCOUNT-CREATION" },
  162. { PA_XBOX_PPA, "PA-XBOX-PPA" },
  163. { PA_XBOX_ECHO, "PA-XBOX-ECHO" },
  164. };
  165. SET g_PadataTypeSet = SET_OF( g_PaDataType );
  166. //
  167. // Principal name type
  168. //
  169. #define KRB_NT_X500_PRINCIPAL 6 // not in kerbcon.w for instance
  170. LABELED_DWORD g_PrincipalNameType[] =
  171. {
  172. { 0xFFFFFFFF, NULL },
  173. { ( 0xFFFF & KRB_NT_UNKNOWN ), "KRB_NT_UNKNOWN (Name Type not Known)" },
  174. { ( 0xFFFF & KRB_NT_PRINCIPAL ), "KRB_NT_PRINCIPAL (Name of Principal)" },
  175. { ( 0xFFFF & KRB_NT_SRV_INST ), "KRB_NT_SRV_INST (Service & other unique instance)" },
  176. { ( 0xFFFF & KRB_NT_SRV_HST ), "KRB_NT_SRV_HST (Serv with host name as instance)" },
  177. { ( 0xFFFF & KRB_NT_SRV_XHST ), "KRB_NT_SRV_XHST (Service with host as remaining components)" },
  178. { ( 0xFFFF & KRB_NT_UID ), "KRB_NT_UID (Unique ID)" },
  179. { ( 0xFFFF & KRB_NT_X500_PRINCIPAL ), "KRB_NT_X500_PRINCIPAL (Encoded X.509 Distinguished Name)" },
  180. { ( 0xFFFF & KRB_NT_ENTERPRISE_PRINCIPAL ), "KRB_NT_ENTERPRISE_PRINCIPAL (UPN or SPN)" },
  181. { ( 0xFFFF & KRB_NT_ENT_PRINCIPAL_AND_ID ), "KRB_NT_ENT_PRINCIPAL_AND_ID (UPN or SPN and its SID)" },
  182. { ( 0xFFFF & KRB_NT_PRINCIPAL_AND_ID ), "KRB_NT_PRINCIPAL_AND_ID (Name of principal and its SID)" },
  183. { ( 0xFFFF & KRB_NT_SRV_INST_AND_ID ), "KRB_NT_SRV_INST_AND_ID (SPN and SID)" },
  184. };
  185. SET g_PrincipalNameTypeSet = SET_OF( g_PrincipalNameType );
  186. //
  187. // PAC section
  188. //
  189. LABELED_DWORD g_PACSection[] =
  190. {
  191. { 0xFFFFFFFF, NULL },
  192. { PAC_LOGON_INFO, "Authorization data (1)" },
  193. { PAC_CREDENTIAL_TYPE, "Supplemental credentials (2)" },
  194. { PAC_SERVER_CHECKSUM, "Server checksum (6)" },
  195. { PAC_PRIVSVR_CHECKSUM, "Privsvr checksum (7)" },
  196. { PAC_CLIENT_INFO_TYPE, "Client name and ticket ID (10)" },
  197. { PAC_DELEGATION_INFO, "S4U delegation info (11)" },
  198. { PAC_CLIENT_IDENTITY, "Client identity (13)" },
  199. { PAC_COMPOUND_IDENTITY, "Compound identity (14)" },
  200. };
  201. SET g_PACSectionSet = SET_OF( g_PACSection );
  202. //
  203. // AP-Options
  204. //
  205. LABELED_BIT g_ApOptions[] =
  206. {
  207. { // Bit 0 - Reserved
  208. 31,
  209. "Reserved (Bit 0) Not Set",
  210. "Reserved (Bit 0) Set" },
  211. { // Bit 1 - use-session-key
  212. 30,
  213. "Use-Session-Key (Bit 1) Not Set",
  214. "Use-Session-Key (Bit 1) Set" },
  215. { // Bit 2 - mutual-required
  216. 29,
  217. "Mutual-Required (Bit 2) Not Set",
  218. "Mutual-Required (Bit 2) Set" },
  219. };
  220. SET g_ApOptionsSet = SET_OF( g_ApOptions );
  221. //
  222. // KDC-Options
  223. //
  224. LABELED_BIT g_KdcOptionFlags[] =
  225. {
  226. // { // Bit 0 - Reserved
  227. // 31,
  228. // "Reserved (Bit 0) Not Set",
  229. // "Reserved (Bit 0) Set" },
  230. { // Bit 1 - Forwardable
  231. 30,
  232. "Forwardable Bit Not Set (Bit 1)",
  233. "Forwardable Bit Set (Bit 1)" },
  234. { // Bit 2 - Forwarded
  235. 29,
  236. "Forwarded Bit Not Set (Bit 2)",
  237. "Fowarded Bit Set (Bit 2)" },
  238. { // Bit 3 - Proxiable
  239. 28,
  240. "Proxiable Bit Not Set (Bit 3)",
  241. "Proxiable Bit Set (Bit 3)" },
  242. { // Bit 4 - Proxy
  243. 27,
  244. "Proxy Bit Not Set (Bit 4)",
  245. "Proxy Bit Set (Bit 4)" },
  246. { // Bit 5 - Allow-Postdate
  247. 26,
  248. "Allow-PostDate Bit Not Set (Bit 5)",
  249. "May-Postdate Bit Set (Bit 5)" },
  250. { // Bit 6 - Postdated
  251. 25,
  252. "PostDated Bit Not Set (Bit 6)",
  253. "Postdated Bit Set (Bit 6)" },
  254. { // Bit 7 - Unused
  255. 24,
  256. "Unused Bit Not Set (Bit 7)",
  257. "Unused Bit Set (Bit 7)" },
  258. { // Bit 8 - Renewable
  259. 23,
  260. "Renewable Bit Not Set (Bit 8)",
  261. "Renewable Bit Set (Bit 8)" },
  262. // { // Bit 9 - Reserved
  263. // 22,
  264. // "Reserved (Bit 9) Not Set",
  265. // "Reserved (Bit 9) Set" },
  266. // { // Bit 10 - Reserved
  267. // 21,
  268. // "Reserved (Bit 10) Not Set",
  269. // "Reserved (Bit 10) Set" },
  270. // { // Bit 11 - Reserved
  271. // 20,
  272. // "Reserved (Bit 11) Not Set",
  273. // "Reserved (Bit 11) Set" },
  274. // { // Bit 12 - Reserved
  275. // 19,
  276. // "Reserved (Bit 12) Not Set",
  277. // "Reserved (Bit 12) Set" },
  278. // { // Bit 13 - Reserved
  279. // 18,
  280. // "Reserved (Bit 13) Not Set",
  281. // "Reserved (Bit 13) Set" },
  282. // { // Bit 14 - Reserved
  283. // 17,
  284. // "Reserved (Bit 14) Not Set",
  285. // "Reserved (Bit 14) Set" },
  286. { // Bit 15 - Name-Canonicalize
  287. 16,
  288. "Name-Canonicalize Bit Not Set (Bit 15)",
  289. "Name-Canonicalize Bit Set (Bit 15)" },
  290. // { // Bit 16 - Reserved
  291. // 15,
  292. // "Reserved (Bit 16) Not Set",
  293. // "Reserved (Bit 16) Set" },
  294. // { // Bit 17 - Reserved
  295. // 14,
  296. // "Reserved (Bit 17) Not Set",
  297. // "Reserved (Bit 17) Set" },
  298. // { // Bit 18 - Reserved
  299. // 13,
  300. // "Reserved (Bit 18) Not Set",
  301. // "Reserved (Bit 18)" },
  302. // { // Bit 19 - Reserved
  303. // 12,
  304. // "Reserved (Bit 19) Not Set",
  305. // "Reserved (Bit 19) Set" },
  306. // { // Bit 20 - Reserved
  307. // 11,
  308. // "Reserved (Bit 20) Not Set",
  309. // "Reserved (Bit 20) Set" },
  310. // { // Bit 21 - Reserved
  311. // 10,
  312. // "Reserved (Bit 21) Not Set",
  313. // "Reserved (Bit 21) Set" },
  314. // { // Bit 22 - Reserved
  315. // 9,
  316. // "Reserved (Bit 9) Not Set",
  317. // "Reserved (Bit 9) Set" },
  318. // { // Bit 23 - Reserved
  319. // 8,
  320. // "Reserved (Bit 8) Not Set",
  321. // "Reserved (Bit 8) Set" },
  322. // { // Bit 24 - Reserved
  323. // 7,
  324. // "Reserved (Bit 7) Not Set",
  325. // "Reserved (Bit 7) Set" },
  326. // { // Bit 25 - Reserved
  327. // 6,
  328. // "Reserved (Bit 6) Not Set",
  329. // "Reserved (Bit 6) Set" },
  330. { // Bit 26 - Disable-Transited-Check
  331. 5,
  332. "Disable-Transited-Check Bit Not Set (Bit 26)",
  333. "Disable-Transited-Check Bit Set (Bit 26)" },
  334. { // Bit 27 - Renewable-OK
  335. 4,
  336. "Renewable-OK Bit Not Set (Bit 27)",
  337. "Renewable-OK Bit Set (Bit 27)" },
  338. { // Bit 28 - Enc-Tkt-In-Skey
  339. 3,
  340. "Enc-Tkt-In-Skey Bit Not Set (Bit 28)",
  341. "Enc-Tkt-In-Skey Bit Not Set (Bit 28)" },
  342. // { // Bit 29 - Reserved
  343. // 2,
  344. // "Reserved (Bit 29) Not Set",
  345. // "Reserved (Bit 29) Set" },
  346. { // Bit 30 - Renew
  347. 1,
  348. "Renew Bit Not Set (Bit 30)",
  349. "Renew Bit Set (Bit 30)" },
  350. { // Bit 31 - Validate
  351. 0,
  352. "Validate Bit Not Set (Bit 31)",
  353. "Validate Bit Set (Bit 31)" }
  354. };
  355. SET g_KdcOptionFlagsSet = SET_OF( g_KdcOptionFlags );
  356. //
  357. // Error codes
  358. //
  359. LABELED_DWORD g_KrbErrCode[] =
  360. {
  361. { 0xFFFFFFFF, NULL},
  362. { KDC_ERR_NONE, "No error" },
  363. { KDC_ERR_NAME_EXP, "Client's entry in database has expired" },
  364. { KDC_ERR_SERVICE_EXP, "Server's entry in database has expired" },
  365. { KDC_ERR_BAD_PVNO, "Requested protocol ver. number not supported" },
  366. { KDC_ERR_C_OLD_MAST_KVNO, "Client's key encrypted in old master key" },
  367. { KDC_ERR_S_OLD_MAST_KVNO, "Server's key encrypted in old master key" },
  368. { KDC_ERR_C_PRINCIPAL_UNKNOWN, "Client not found in Kerberos database" },
  369. { KDC_ERR_S_PRINCIPAL_UNKNOWN, "Server not found in Kerberos database" },
  370. { KDC_ERR_PRINCIPAL_NOT_UNIQUE, "Multiple principal entries in database" },
  371. { KDC_ERR_NULL_KEY, "The client or server has a null key" },
  372. { KDC_ERR_CANNOT_POSTDATE, "Ticket not eligible for postdating" },
  373. { KDC_ERR_NEVER_VALID, "Requested start time is later than end time" },
  374. { KDC_ERR_POLICY, "KDC policy rejects request" },
  375. { KDC_ERR_BADOPTION, "KDC cannot accommodate requested option" },
  376. { KDC_ERR_ETYPE_NOTSUPP, "KDC has no support for encryption type" },
  377. { KDC_ERR_SUMTYPE_NOSUPP, "KDC has no support for checksum type" },
  378. { KDC_ERR_PADATA_TYPE_NOSUPP, "KDC has no support for padata type" },
  379. { KDC_ERR_TRTYPE_NO_SUPP, "KDC has no support for transited type" },
  380. { KDC_ERR_CLIENT_REVOKED, "Clients credentials have been revoked" },
  381. { KDC_ERR_SERVICE_REVOKED, "Credentials for server have been revoked" },
  382. { KDC_ERR_TGT_REVOKED, "TGT has been revoked" },
  383. { KDC_ERR_CLIENT_NOTYET, "Client not yet valid try again later" },
  384. { KDC_ERR_SERVICE_NOTYET, "Server not yet valid try again later" },
  385. { KDC_ERR_KEY_EXPIRED, "Password has expired change password to reset"},
  386. { KDC_ERR_PREAUTH_FAILED, "Pre-authentication information was invalid" },
  387. { KDC_ERR_PREAUTH_REQUIRED, "Additional preauthentication required" },
  388. { KDC_ERR_SERVER_NOMATCH, "Requested Server and ticket don't match" },
  389. { KDC_ERR_MUST_USE_USER2USER, "Server principal valid for user2user only" },
  390. { KDC_ERR_PATH_NOT_ACCEPTED, "KDC Policy rejects transited patth" },
  391. { KDC_ERR_SVC_UNAVAILABLE, "A service is not available" },
  392. { KRB_AP_ERR_BAD_INTEGRITY, "Integrity check on decrypted field failed" },
  393. { KRB_AP_ERR_TKT_EXPIRED, "Ticket expired" },
  394. { KRB_AP_ERR_TKT_NYV, "Ticket not yet valid" },
  395. { KRB_AP_ERR_REPEAT, "Request is a replay" },
  396. { KRB_AP_ERR_NOT_US, "The ticket isn't for us" },
  397. { KRB_AP_ERR_BADMATCH, "Ticket and authenticator don't match" },
  398. { KRB_AP_ERR_SKEW, "Clock skew too great" },
  399. { KRB_AP_ERR_BADADDR, "Incorrect net address" },
  400. { KRB_AP_ERR_BADVERSION, "Protocol version mismatch" },
  401. { KRB_AP_ERR_MSG_TYPE, "Invalid msg type" },
  402. { KRB_AP_ERR_MODIFIED, "Message stream modified" },
  403. { KRB_AP_ERR_BADORDER, "Message out of order" },
  404. { KRB_AP_ERR_BADKEYVER, "Specified version of key is not available" },
  405. { KRB_AP_ERR_NOKEY, "Service key not available" },
  406. { KRB_AP_ERR_MUT_FAIL, "Mutual authentication failed" },
  407. { KRB_AP_ERR_BADDIRECTION, "Incorrect message direction" },
  408. { KRB_AP_ERR_METHOD, "Alternative authentication method required" },
  409. { KRB_AP_ERR_BADSEQ, "Incorrect sequence number in message" },
  410. { KRB_AP_ERR_INAPP_CKSUM, "Inappropriate type of checksum in message" },
  411. { KRB_AP_PATH_NOT_ACCEPTED, "Policy rejects transited path" },
  412. { KRB_ERR_RESPONSE_TOO_BIG, "Response too big for UDP, retry with TCP" },
  413. { KRB_ERR_GENERIC, "Generic error" },
  414. { KRB_ERR_FIELD_TOOLONG, "Field is too long for this implementation" },
  415. { KDC_ERR_CLIENT_NOT_TRUSTED, "Client is not trusted" },
  416. { KDC_ERR_KDC_NOT_TRUSTED, "KDC is not trusted" },
  417. { KDC_ERR_INVALID_SIG, "Invalid signature" },
  418. { KDC_ERR_KEY_TOO_WEAK, "Key is too weak" },
  419. { KDC_ERR_CERTIFICATE_MISMATCH, "Certificate does not match" },
  420. { KRB_AP_ERR_NO_TGT, "No TGT" },
  421. { KDC_ERR_WRONG_REALM, "Wrong realm" },
  422. { KRB_AP_ERR_USER_TO_USER_REQUIRED, "User to User required" },
  423. { KDC_ERR_CANT_VERIFY_CERTIFICATE, "Can't verify certificate" },
  424. { KDC_ERR_INVALID_CERTIFICATE, "Invalid certificate" },
  425. { KDC_ERR_REVOKED_CERTIFICATE, "Revoked certificate" },
  426. { KDC_ERR_REVOCATION_STATUS_UNKNOWN, "Revocation status unknown" },
  427. { KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "Revocation status unavailable" },
  428. { KDC_ERR_CLIENT_NAME_MISMATCH, "Client name mismatch" },
  429. { KDC_ERR_KDC_NAME_MISMATCH, "KDC name mismatch" },
  430. };
  431. SET g_KrbErrCodeSet = SET_OF( g_KrbErrCode );
  432. //
  433. // MAKE_PROP is a shortcut macro for defining PROPERTYINFO structures
  434. //
  435. // l - Label
  436. // c - Comment
  437. // t - type
  438. // q - qualifier
  439. // v - value
  440. //
  441. #define MAKE_PROP( l,c,t,q,v ) { 0, 0, l, c, t, q, v, FORMAT_BUFFER_SIZE, FormatPropertyInstance }
  442. #define MAKE_PROP_SIZE( l,c,t,q,v,s ) { 0, 0, l, c, t, q, v, s, FormatPropertyInstance }
  443. //
  444. // IMPORTANT!!!
  445. // Contents of this array MUST be kept in sync with the enum in asn1parser.h
  446. //
  447. PROPERTYINFO g_KerberosDatabase[MAX_PROP_VALUE] =
  448. {
  449. // KRB_AS_REQ
  450. MAKE_PROP(
  451. "KRB_AS_REQ",
  452. "Kerberos authentication service (AS) request",
  453. PROP_TYPE_SUMMARY,
  454. PROP_QUAL_NONE,
  455. 0 ),
  456. // KRB_AS_REP
  457. MAKE_PROP(
  458. "KRB_AS_REP",
  459. "Kerberos authentication service (AS) reply",
  460. PROP_TYPE_SUMMARY,
  461. PROP_QUAL_NONE,
  462. 0 ),
  463. // KRB_TGS_REQ
  464. MAKE_PROP(
  465. "KRB_TGS_REQ",
  466. "Kerberos ticket-granting service (TGS) request",
  467. PROP_TYPE_SUMMARY,
  468. PROP_QUAL_NONE,
  469. 0 ),
  470. // KRB_TGS_REP
  471. MAKE_PROP(
  472. "KRB_TGS_REP",
  473. "Kerberos ticket-granting service (TGS) reply",
  474. PROP_TYPE_SUMMARY,
  475. PROP_QUAL_NONE,
  476. 0 ),
  477. // KRB_AP_REQ
  478. MAKE_PROP(
  479. "KRB_AP_REQ",
  480. "Kerberos application (AP) request",
  481. PROP_TYPE_SUMMARY,
  482. PROP_QUAL_NONE,
  483. 0 ),
  484. // KRB_AP_REP
  485. MAKE_PROP(
  486. "KRB_AP_REP",
  487. "Kerberos application (AP) reply",
  488. PROP_TYPE_SUMMARY,
  489. PROP_QUAL_NONE,
  490. 0 ),
  491. // KRB_SAFE
  492. MAKE_PROP(
  493. "KRB_SAFE",
  494. "Kerberos data integrity (SAFE) message",
  495. PROP_TYPE_SUMMARY,
  496. PROP_QUAL_NONE,
  497. 0 ),
  498. // KRB_PRIV
  499. MAKE_PROP(
  500. "KRB_PRIV",
  501. "Kerberos data privacy (PRIV) message",
  502. PROP_TYPE_SUMMARY,
  503. PROP_QUAL_NONE,
  504. 0 ),
  505. // KRB_CRED
  506. MAKE_PROP(
  507. "KRB_CRED",
  508. "Kerberos credentials (CRED) message",
  509. PROP_TYPE_SUMMARY,
  510. PROP_QUAL_NONE,
  511. 0 ),
  512. // KRB_ERROR
  513. MAKE_PROP(
  514. "KRB_ERROR",
  515. "Kerberos error message",
  516. PROP_TYPE_SUMMARY,
  517. PROP_QUAL_NONE,
  518. 0 ),
  519. // HostAddresses_HostAddress
  520. MAKE_PROP(
  521. "Host address",
  522. "Individual host address",
  523. PROP_TYPE_STRING,
  524. PROP_QUAL_NONE,
  525. 0 ),
  526. // EncryptedData_etype
  527. MAKE_PROP(
  528. "Encryption type (etype[0])",
  529. "Encryption type",
  530. PROP_TYPE_DWORD,
  531. PROP_QUAL_LABELED_SET,
  532. &g_EncryptionTypeSet ),
  533. // EncryptedData_kvno
  534. MAKE_PROP(
  535. "Key version number (kvno[1])",
  536. "Key version number",
  537. PROP_TYPE_DWORD,
  538. PROP_QUAL_NONE,
  539. 0 ),
  540. // EncryptedData_cipher
  541. MAKE_PROP(
  542. "Ciphertext (cipher[2])",
  543. "Ciphertext",
  544. PROP_TYPE_COMMENT,
  545. PROP_QUAL_NONE,
  546. 0 ),
  547. // PA_DATA_type
  548. MAKE_PROP(
  549. "Data type",
  550. "Pre-authentication data type (padata-type[1])",
  551. PROP_TYPE_DWORD,
  552. PROP_QUAL_LABELED_SET,
  553. &g_PadataTypeSet ),
  554. // PA_DATA_value
  555. MAKE_PROP(
  556. "Data value (parser not available yet)",
  557. "Pre-authentication data value (padata-value[2])",
  558. PROP_TYPE_COMMENT,
  559. PROP_QUAL_NONE,
  560. 0 ),
  561. // PrincipalName_type
  562. MAKE_PROP(
  563. "Principal name type (name-type[0])",
  564. "Principal name type",
  565. PROP_TYPE_DWORD,
  566. PROP_QUAL_LABELED_SET,
  567. &g_PrincipalNameTypeSet ),
  568. // PrincipalName_string
  569. MAKE_PROP(
  570. "Principal name value (name-string[1])",
  571. "Principal name value",
  572. PROP_TYPE_STRING,
  573. PROP_QUAL_NONE,
  574. 0 ),
  575. // Ticket_tkt_vno
  576. MAKE_PROP(
  577. "Ticket version number (tkt-vno[0])",
  578. "Ticket version number",
  579. PROP_TYPE_DWORD,
  580. PROP_QUAL_NONE,
  581. 0 ),
  582. // Ticket_realm
  583. MAKE_PROP(
  584. "Realm (realm[1])",
  585. "Realm name",
  586. PROP_TYPE_STRING,
  587. PROP_QUAL_NONE,
  588. 0 ),
  589. // Ticket_sname
  590. MAKE_PROP(
  591. "Server name (sname[2])",
  592. "Server name",
  593. PROP_TYPE_STRING,
  594. PROP_QUAL_NONE,
  595. 0 ),
  596. // Ticket_enc_part
  597. MAKE_PROP(
  598. "Encrypted part (enc-part[3])",
  599. "Encrypted part of the ticket",
  600. PROP_TYPE_COMMENT,
  601. PROP_QUAL_NONE,
  602. 0 ),
  603. // AP_REQ_pvno
  604. MAKE_PROP(
  605. "Protocol version numer (pvno[0])",
  606. "Protocol version number",
  607. PROP_TYPE_DWORD,
  608. PROP_QUAL_NONE,
  609. 0 ),
  610. // AP_REQ_msg_type
  611. MAKE_PROP(
  612. "Message type (msg-type[1])",
  613. "Message type",
  614. PROP_TYPE_DWORD,
  615. PROP_QUAL_NONE,
  616. 0 ),
  617. // AP_REQ_ap_options_summary
  618. MAKE_PROP(
  619. "AP options (ap-options[2])",
  620. "AP options",
  621. PROP_TYPE_SUMMARY,
  622. PROP_QUAL_NONE,
  623. 0 ),
  624. // AP_REQ_ap_options_value
  625. MAKE_PROP_SIZE(
  626. "AP options (ap-options[2])",
  627. "AP options",
  628. PROP_TYPE_DWORD,
  629. PROP_QUAL_FLAGS,
  630. &g_ApOptionsSet,
  631. 80 * 32 ),
  632. // AP_REQ_ticket
  633. MAKE_PROP(
  634. "Ticket (ticket[3])",
  635. "Ticket",
  636. PROP_TYPE_SUMMARY,
  637. PROP_QUAL_NONE,
  638. 0 ),
  639. // AP_REQ_authenticator
  640. MAKE_PROP(
  641. "Authenticator (authenticator[4])",
  642. "Authenticator",
  643. PROP_TYPE_SUMMARY,
  644. PROP_QUAL_NONE,
  645. 0 ),
  646. // KDC_REQ_BODY_kdc_options_summary
  647. MAKE_PROP(
  648. "KDC options (kdc-options[0])",
  649. "KDC options",
  650. PROP_TYPE_SUMMARY,
  651. PROP_QUAL_NONE,
  652. 0 ),
  653. // KDC_REQ_BODY_kdc_options_value
  654. MAKE_PROP_SIZE(
  655. "KDC options (kdc-options[0])",
  656. "KDC options",
  657. PROP_TYPE_DWORD,
  658. PROP_QUAL_FLAGS,
  659. &g_KdcOptionFlagsSet,
  660. 80 * 32 ),
  661. // KDC_REQ_BODY_cname
  662. MAKE_PROP(
  663. "Client name (cname[1])",
  664. "Client name",
  665. PROP_TYPE_STRING,
  666. PROP_QUAL_NONE,
  667. 0 ),
  668. // KDC_REQ_BODY_realm
  669. MAKE_PROP(
  670. "Realm (realm[2])",
  671. "Realm name",
  672. PROP_TYPE_STRING,
  673. PROP_QUAL_NONE,
  674. 0 ),
  675. // KDC_REQ_BODY_sname
  676. MAKE_PROP(
  677. "Server name (sname[3])",
  678. "Server name",
  679. PROP_TYPE_STRING,
  680. PROP_QUAL_NONE,
  681. 0 ),
  682. // KDC_REQ_BODY_from
  683. MAKE_PROP(
  684. "Valid-from time (rtime[4])",
  685. "Valid-from time",
  686. PROP_TYPE_TIME,
  687. PROP_QUAL_NONE,
  688. 0 ),
  689. // KDC_REQ_BODY_till
  690. MAKE_PROP(
  691. "Valid-till time (till[5])",
  692. "Valid-till time",
  693. PROP_TYPE_TIME,
  694. PROP_QUAL_NONE,
  695. 0 ),
  696. // KDC_REQ_BODY_rtime
  697. MAKE_PROP(
  698. "Renew-until time (rtime[6])",
  699. "Renew-until time",
  700. PROP_TYPE_TIME,
  701. PROP_QUAL_NONE,
  702. 0 ),
  703. // KDC_REQ_BODY_nonce
  704. MAKE_PROP(
  705. "Nonce (nonce[7])",
  706. "Nonce",
  707. PROP_TYPE_DWORD,
  708. PROP_QUAL_NONE,
  709. 0 ),
  710. // KDC_REQ_BODY_etype
  711. MAKE_PROP(
  712. "Encryption types (etype[8])",
  713. "List of encryption types in preference order",
  714. PROP_TYPE_SUMMARY,
  715. PROP_QUAL_NONE,
  716. 0 ),
  717. // KDC_REQ_BODY_addresses
  718. MAKE_PROP(
  719. "Host addresses (addresses[9])",
  720. "List of host addresses",
  721. PROP_TYPE_SUMMARY,
  722. PROP_QUAL_NONE,
  723. 0 ),
  724. // KDC_REQ_BODY_enc_authorization_data
  725. MAKE_PROP(
  726. "Encrypted authorization data (enc-authorization-data[10])",
  727. "Encrypted authorization data",
  728. PROP_TYPE_SUMMARY,
  729. PROP_QUAL_NONE,
  730. 0 ),
  731. // KDC_REQ_BODY_additional_tickets
  732. MAKE_PROP(
  733. "Additional tickets (additional-tickets[11])",
  734. "List of additional tickets",
  735. PROP_TYPE_SUMMARY,
  736. PROP_QUAL_NONE,
  737. 0 ),
  738. // KDC_REQ
  739. MAKE_PROP(
  740. "KDC request (KDC-REQ)",
  741. "KDC request",
  742. PROP_TYPE_SUMMARY,
  743. PROP_QUAL_NONE,
  744. 0 ),
  745. // KDC_REQ_pvno
  746. MAKE_PROP(
  747. "Protocol version number (pvno[1])",
  748. "Kerberos protocol version number",
  749. PROP_TYPE_DWORD,
  750. PROP_QUAL_NONE,
  751. 0 ),
  752. // KDC_REQ_msg_type
  753. MAKE_PROP(
  754. "Message type (msg-type[2])",
  755. "Message type of the KDC request",
  756. PROP_TYPE_DWORD,
  757. PROP_QUAL_LABELED_SET,
  758. &g_PacketTypeSet ),
  759. // KDC_REQ_padata
  760. MAKE_PROP(
  761. "Pre-authentication Data (padata[3])",
  762. "Pre-authentication data inside a KDC request",
  763. PROP_TYPE_SUMMARY,
  764. PROP_QUAL_NONE,
  765. 0 ),
  766. // KDC_REQ_req_body
  767. MAKE_PROP(
  768. "Request body (req-body[4])",
  769. "Request body inside a KDC request",
  770. PROP_TYPE_SUMMARY,
  771. PROP_QUAL_NONE,
  772. 0 ),
  773. // KDC_REP_pvno
  774. MAKE_PROP(
  775. "Protocol version number (pvno[0])",
  776. "Kerberos protocol version number",
  777. PROP_TYPE_DWORD,
  778. PROP_QUAL_NONE,
  779. 0 ),
  780. // KDC_REP_msg_type
  781. MAKE_PROP(
  782. "Message type (msg-type[1])",
  783. "Message type of the KDC reply",
  784. PROP_TYPE_DWORD,
  785. PROP_QUAL_LABELED_SET,
  786. &g_PacketTypeSet ),
  787. // KDC_REP_padata
  788. MAKE_PROP(
  789. "Pre-authentication Data (padata[2])",
  790. "Pre-authentication data inside a KDC reply",
  791. PROP_TYPE_SUMMARY,
  792. PROP_QUAL_NONE,
  793. 0 ),
  794. // KDC_REP_crealm
  795. MAKE_PROP(
  796. "Client realm (crealm[3])",
  797. "Realm name",
  798. PROP_TYPE_STRING,
  799. PROP_QUAL_NONE,
  800. 0 ),
  801. // KDC_REP_cname
  802. MAKE_PROP(
  803. "Client name (cname[4])",
  804. "Client name",
  805. PROP_TYPE_STRING,
  806. PROP_QUAL_NONE,
  807. 0 ),
  808. // KDC_REP_ticket
  809. MAKE_PROP(
  810. "Ticket (ticket[5])",
  811. "Ticket inside a KDC reply",
  812. PROP_TYPE_SUMMARY,
  813. PROP_QUAL_NONE,
  814. 0 ),
  815. // KDC_REP_enc_part
  816. MAKE_PROP(
  817. "Encrypted part (enc-part[6])",
  818. "Encrypted part of the KDC reply",
  819. PROP_TYPE_COMMENT,
  820. PROP_QUAL_NONE,
  821. 0 ),
  822. // KRB_ERR_pvno
  823. MAKE_PROP(
  824. "Protocol version number (pvno[0])",
  825. "Kerberos protocol version number",
  826. PROP_TYPE_DWORD,
  827. PROP_QUAL_NONE,
  828. 0 ),
  829. // KRB_ERR_msg_type
  830. MAKE_PROP(
  831. "Message type (msg-type[1])",
  832. "Message type of the Kerberos error",
  833. PROP_TYPE_DWORD,
  834. PROP_QUAL_LABELED_SET,
  835. &g_PacketTypeSet ),
  836. // KRB_ERR_ctime
  837. MAKE_PROP(
  838. "Client time (ctime[2])",
  839. "Current time on the client's host",
  840. PROP_TYPE_TIME,
  841. PROP_QUAL_NONE,
  842. 0 ),
  843. // KRB_ERR_cusec
  844. MAKE_PROP(
  845. "Microseconds on client (cusec[3])",
  846. "Microsecond part of the client's timestamp",
  847. PROP_TYPE_DWORD,
  848. PROP_QUAL_NONE,
  849. 0 ),
  850. // KRB_ERR_stime
  851. MAKE_PROP(
  852. "Server time (stime[4])",
  853. "Current time on server",
  854. PROP_TYPE_TIME,
  855. PROP_QUAL_NONE,
  856. 0 ),
  857. // KRB_ERR_susec
  858. MAKE_PROP(
  859. "Microseconds on server (susec[5])",
  860. "Microsecond part of the server's timestamp",
  861. PROP_TYPE_DWORD,
  862. PROP_QUAL_NONE,
  863. 0 ),
  864. // KRB_ERR_error_code
  865. MAKE_PROP(
  866. "Error code (error-code[6])",
  867. "Error code",
  868. PROP_TYPE_DWORD,
  869. PROP_QUAL_LABELED_SET,
  870. &g_KrbErrCodeSet),
  871. // KRB_ERR_crealm
  872. MAKE_PROP(
  873. "Client realm (crealm[7])",
  874. "Client realm",
  875. PROP_TYPE_STRING,
  876. PROP_QUAL_NONE,
  877. 0 ),
  878. // KRB_ERR_cname
  879. MAKE_PROP(
  880. "Client name (cname[8])",
  881. "Client name",
  882. PROP_TYPE_STRING,
  883. PROP_QUAL_NONE,
  884. 0 ),
  885. // KRB_ERR_realm
  886. MAKE_PROP(
  887. "Correct realm (realm[9])",
  888. "Correct realm",
  889. PROP_TYPE_STRING,
  890. PROP_QUAL_NONE,
  891. 0 ),
  892. // KRB_ERR_sname
  893. MAKE_PROP(
  894. "Correct server name (sname[10])",
  895. "Correct server name",
  896. PROP_TYPE_STRING,
  897. PROP_QUAL_NONE,
  898. 0 ),
  899. // KRB_ERR_e_text
  900. MAKE_PROP(
  901. "Additional text (e-text[11])",
  902. "Additional text to help explain the error code",
  903. PROP_TYPE_STRING,
  904. PROP_QUAL_NONE,
  905. 0 ),
  906. // KRB_ERR_e_data
  907. MAKE_PROP(
  908. "Error data (e-data[12])",
  909. "Additional error data",
  910. PROP_TYPE_SUMMARY,
  911. PROP_QUAL_NONE,
  912. 0 ),
  913. // KERB_PA_PAC_REQUEST_include_pac
  914. MAKE_PROP(
  915. "Include PAC (include-pac[0])",
  916. "Include PAC",
  917. PROP_TYPE_DWORD,
  918. PROP_QUAL_LABELED_SET,
  919. &g_BooleanSet ),
  920. // KERB_PA_PAC_REQUEST_EX_include_pac
  921. MAKE_PROP(
  922. "Include PAC (include-pac[0])",
  923. "Include PAC",
  924. PROP_TYPE_DWORD,
  925. PROP_QUAL_LABELED_SET,
  926. &g_BooleanSet ),
  927. // KERB_PA_PAC_REQUEST_EX_pac_sections
  928. MAKE_PROP(
  929. "PAC sections (pac-sections[1])",
  930. "PAC sections",
  931. PROP_TYPE_SUMMARY,
  932. PROP_QUAL_NONE,
  933. 0 ),
  934. // KERB_PA_PAC_REQUEST_EX_pac_sections_desc
  935. MAKE_PROP(
  936. "PAC section",
  937. "PAC section",
  938. PROP_TYPE_DWORD,
  939. PROP_QUAL_LABELED_SET,
  940. &g_PACSectionSet ),
  941. // KERB_ETYPE_INFO_ENTRY_encryption_type
  942. MAKE_PROP(
  943. "Encryption type (encryption-type[0])",
  944. "Encryption type",
  945. PROP_TYPE_DWORD,
  946. PROP_QUAL_LABELED_SET,
  947. &g_EncryptionTypeSet ),
  948. // KERB_ETYPE_INFO_ENTRY_salt
  949. MAKE_PROP(
  950. "Salt (salt[1])",
  951. "Salt",
  952. PROP_TYPE_STRING,
  953. PROP_QUAL_NONE,
  954. 0 ),
  955. // KERB_PREAUTH_DATA_LIST
  956. MAKE_PROP(
  957. "Preauth data list",
  958. "Preauth data list",
  959. PROP_TYPE_SUMMARY,
  960. PROP_QUAL_NONE,
  961. 0 ),
  962. // TYPED_DATA_type
  963. MAKE_PROP(
  964. "Data type",
  965. "Typed data type (data-type[1])",
  966. PROP_TYPE_DWORD,
  967. PROP_QUAL_LABELED_SET,
  968. &g_PadataTypeSet ),
  969. // TYPED_DATA_value
  970. MAKE_PROP(
  971. "Data value (parser not available yet)",
  972. "Typed data value (data-value[2])",
  973. PROP_TYPE_COMMENT,
  974. PROP_QUAL_NONE,
  975. 0 ),
  976. // PA_PW_SALT_salt
  977. MAKE_PROP(
  978. "Salt value",
  979. "Salt value",
  980. PROP_TYPE_STRING,
  981. PROP_QUAL_NONE,
  982. 0 ),
  983. // PA_FOR_USER_userName
  984. MAKE_PROP(
  985. "User name (userName[0])",
  986. "User name",
  987. PROP_TYPE_STRING,
  988. PROP_QUAL_NONE,
  989. 0 ),
  990. // PA_FOR_USER_userRealm
  991. MAKE_PROP(
  992. "User realm (userRealm[1])",
  993. "User realm",
  994. PROP_TYPE_STRING,
  995. PROP_QUAL_NONE,
  996. 0 ),
  997. // PA_FOR_USER_cksum
  998. MAKE_PROP(
  999. "Checksum (cksum[2])",
  1000. "Checksum",
  1001. PROP_TYPE_COMMENT,
  1002. PROP_QUAL_NONE,
  1003. 0 ),
  1004. // PA_FOR_USER_authentication_package
  1005. MAKE_PROP(
  1006. "Authentication package (authentication-package[3])",
  1007. "Authentication package",
  1008. PROP_TYPE_STRING,
  1009. PROP_QUAL_NONE,
  1010. 0 ),
  1011. // PA_FOR_USER_authorization_data
  1012. MAKE_PROP(
  1013. "Authorization data (authorization-data[4])",
  1014. "Authorization data",
  1015. PROP_TYPE_COMMENT,
  1016. PROP_QUAL_NONE,
  1017. 0 ),
  1018. // KERB_CHECKSUM_type
  1019. MAKE_PROP(
  1020. "Checksum type (checksum-type[0])",
  1021. "Checksum type",
  1022. PROP_TYPE_DWORD,
  1023. PROP_QUAL_LABELED_SET,
  1024. &g_ChecksumTypeSet ),
  1025. // KERB_CHECKSUM_checksum
  1026. MAKE_PROP(
  1027. "Checksum (checksum[1])",
  1028. "Checksum",
  1029. PROP_TYPE_COMMENT,
  1030. PROP_QUAL_NONE,
  1031. 0 ),
  1032. // AdditionalTicket
  1033. MAKE_PROP(
  1034. "Additional ticket",
  1035. "Additional ticket",
  1036. PROP_TYPE_SUMMARY,
  1037. PROP_QUAL_NONE,
  1038. 0 ),
  1039. // EncryptionType
  1040. MAKE_PROP(
  1041. "Encryption type",
  1042. "Encryption type",
  1043. PROP_TYPE_DWORD,
  1044. PROP_QUAL_LABELED_SET,
  1045. &g_EncryptionTypeSet ),
  1046. // ContinuationPacket
  1047. MAKE_PROP(
  1048. "Kerberos Packet (Cont.) Use the Coalescer to view contents",
  1049. "Display Kerberos Continuation Packets",
  1050. PROP_TYPE_SUMMARY,
  1051. PROP_QUAL_NONE,
  1052. 0 ),
  1053. // INTEGER_NOT_IN_ASN
  1054. MAKE_PROP(
  1055. "Unexpected integer value",
  1056. "Unexpected integer",
  1057. PROP_TYPE_DWORD,
  1058. PROP_QUAL_NONE,
  1059. 0 ),
  1060. // CompoundIdentity
  1061. MAKE_PROP(
  1062. "Compound Identity",
  1063. "List of compound identities",
  1064. PROP_TYPE_SUMMARY,
  1065. PROP_QUAL_NONE,
  1066. 0 ),
  1067. // CompoundIdentityTicket
  1068. MAKE_PROP(
  1069. "Identity",
  1070. "Identity ticket",
  1071. PROP_TYPE_SUMMARY,
  1072. PROP_QUAL_NONE,
  1073. 0 ),
  1074. };