archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/kerberos/parser/kdcreq.c

312 lines
9.0 KiB
Raw Normal View History

Add source files
4 years ago
  1. //=============================================================================
  2. // MODULE: kdcreq.c
  3. //
  4. // Description:
  5. //
  6. // Bloodhound Parser DLL for Kerberos Authentication Protocol
  7. //
  8. // Modification History
  9. //
  10. // Michael Webb & Kris Frost Date: 06/04/99
  11. //=============================================================================
  13. //#include "kerbparser.h"
  14. #include "kerbGlob.h"
  15. #include "kdcreq.h"
  18. LPBYTE KdcRequest(HFRAME hFrame, LPBYTE TempFrame)
  19. {
  21. // 1st attach command displays the 1st Identifier frame
  22. TempFrame = DispSeqOctets(hFrame, TempFrame, 3, ASN1UnivTagSumID, ASN1UnivTag);
  24. // Incrementing TempFrame by one to get to the correct frame.
  25. TempFrame+=CalcLenOctet(--TempFrame);
  27. // Display Protocol Version value at the Top level
  28. TempFrame = DispSum(hFrame, TempFrame, 0x02, 0x30, 1, DispProtocolVer);
  30. // Display pvno[1]
  31. TempFrame = KdcReqTypes(hFrame, TempFrame, KdcReqTagID, KdcReqSeq, KdcContentsValue);
  34. // Display Message Type value at the Top level
  35. TempFrame = DispSum(hFrame, TempFrame, 0x02, 0x30, 1, DispKerbMsgType);
  37. // Display msg-type[2]
  38. TempFrame = KdcReqTypes(hFrame, TempFrame, KdcReqTagID, KdcReqSeq, KrbMsgTypeID);
  40. // Start code to break down pa-data
  41. if(*(TempFrame+1) == 0xA3)
  42. {
  44. // Display Pre-Authentication Data at the Top level
  45. TempFrame = DispTopSum(hFrame, TempFrame, 1, DispSumPreAuth);
  47. // Display padata[3]
  48. TempFrame = HandlePaData(hFrame, TempFrame, 2, PaDataSummary);
  50. }
  53. // Display KDC Request Body at the Top level
  54. TempFrame = DispTopSum(hFrame, TempFrame, 1, DispSumReqBody);
  56. // Display req-body[4]
  57. TempFrame = DispASNTypes(hFrame, TempFrame, 2, KdcReqTagID, KdcReqSeq);
  59. // Calculate Length Octet
  60. TempFrame = CalcLengthSummary(hFrame, TempFrame, 4);
  62. // Incrementing TempFrame based on the number of octets
  63. // taken up by the Length octet
  64. TempFrame = IncTempFrame(TempFrame);
  66. // Display SEQUENCE
  67. TempFrame = DispSeqOctets(hFrame, TempFrame, 4, ASN1UnivTagSumID, ASN1UnivTag);
  69. // Following call breaks handles displaying req-body[4]
  70. TempFrame = HandleReqBody(hFrame, TempFrame, 2);
  72. return ++TempFrame;
  73. };
  77. LPBYTE KdcReqTypes(HFRAME hFrame, LPBYTE TempFrame, DWORD TypeVal, DWORD TypeVal2, DWORD TypeVal3)
  78. {
  79. // Display ASN.1 Identifier
  80. TempFrame = DispASNTypes(hFrame, TempFrame, 2, TypeVal, TypeVal2);
  82. // Break Down INTEGER values
  83. TempFrame = DefineValue(hFrame, TempFrame, 4, TypeVal3);
  87. return TempFrame;
  88. }
  90. LPBYTE HandleReqBody(HFRAME hFrame, LPBYTE TempFrame, int OffSet)
  91. {
  92. // Display kdc-options[0]
  93. TempFrame = DispASNTypes(hFrame, TempFrame, OffSet, DispStringTixFlag, KdcReqBodyBitF);
  95. // Display Length Octet
  96. TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+3);
  98. // Incrementing TempFrame based on the number of octets
  99. // taken up by the Length octet
  100. TempFrame = IncTempFrame(TempFrame);
  102. // Display Universal Class Tag
  103. TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+2, ASN1UnivTagSumID, ASN1UnivTag);
  105. // Display Length Octet
  106. TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+5);
  108. // Must get TempFrame 2 bytes past Length octet 05
  109. TempFrame+=2;
  111. // Display KDC-Option Flags
  112. TempFrame = DefineKdcOptions(hFrame, TempFrame, OffSet+1, DispFlagKdcOptions);
  115. // Move Adjust TempFrame past KDC-Options to start at cname[1]
  116. TempFrame+=3;
  118. // Display cname[1] OPTIONAL
  120. if(*(TempFrame+1) == 0xA1)
  121. {
  122. // Display Client Name value at the Top level
  123. TempFrame = DispSum(hFrame, TempFrame, 0x1B, 0x30, OffSet, DispStringCliName);
  125. // Display cname[1].
  126. TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+1, KdcReqBodyID, KdcReqBodyBitF);
  128. // Display Length Octet
  129. TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+3);
  131. // Incrementing TempFrame based on the number of octets
  132. // taken up by the Length octet
  133. TempFrame = IncTempFrame(TempFrame);
  135. // Display SEQUENCE Octets
  136. TempFrame = DispSeqOctets(hFrame, TempFrame, OffSet+3, ASN1UnivTagSumID, ASN1UnivTag);
  138. // Display cname[1]
  139. TempFrame = DefinePrincipalName(hFrame, TempFrame, OffSet+3, DispStringCliName);
  141. TempFrame--;
  143. }
  148. // Display realm[2]
  149. // Display Realm name value at the Top level
  150. TempFrame = DispSum(hFrame, TempFrame, 0x1B, 0x30, OffSet, DispStringRealmName);
  153. TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+1, KdcReqBodyID, KdcReqBodyBitF);
  154. TempFrame = DefineValue(hFrame, TempFrame, OffSet+3, DispStringRealmName);
  157. // MUST FIND OUT WHY 8 IS GETTING APPENDED TO KRBTGT AT THE TOP LEVEL
  158. // Display sname[3] OPTIONAL
  159. if(*(TempFrame+1) == 0xA3)
  160. {
  161. // Display Server name value at the Top level
  162. TempFrame = DispSumString(hFrame, TempFrame, 0x1B, OffSet, DispStringServNameGS);
  164. // Display sname[3]
  165. TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+1, KdcReqBodyID, KdcReqBodyBitF);
  167. // Display Length Octet
  168. TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+4);
  170. // Incrementing TempFrame based on the number of octets
  171. // taken up by the Length octet
  172. TempFrame = IncTempFrame(TempFrame);
  174. // Display SEQUENCE Octets
  175. TempFrame = DispSeqOctets(hFrame, TempFrame, OffSet+3, ASN1UnivTagSumID, ASN1UnivTag);
  177. // Display sname[3]
  178. TempFrame = DefinePrincipalName(hFrame, TempFrame, OffSet+3, DispStringServerName);
  180. // --TempFrame;
  182. }
  186. // Display from[4] OPTIONAL
  187. if(*(TempFrame) == 0xA4)
  188. { //THIS CODE HASN'T BEEN TESTED. May need to put TempFrame-- on last line
  190. // Display Post Date value at the Top level
  191. TempFrame = DispSumTime(hFrame, TempFrame, 0x18, OffSet, DispStringPostDate);
  193. // Display from[4]
  194. TempFrame = DispASNTypes(hFrame, --TempFrame, OffSet+1, KdcReqBodyID, KdcReqBodyBitF);
  196. // Display KerberosTime
  197. TempFrame = DefineValue(hFrame, TempFrame, OffSet+2, DispString);
  199. //TempFrame--
  200. }
  202. // Display Expiration Date value at the Top level (till[5])
  203. TempFrame = DispSumTime(hFrame, TempFrame, 0x18, OffSet, DispStringExpDate);
  205. // 1/27/00 KKF TODAY I NOTICED THAT TILL[5] WAS OFF ONE OFFSET. HADN'T NOTICED THIS
  206. // BEFORE. WENT BACK AND CHECKED A BUILD FROM NOV. AND THE PROBLEM DIDN'T EXIST. HOWEVER
  207. // I MATCHED THE CODE AND DON'T SEE THE DIFFERENCE. GOING TO DECREMENT TEMPFRAME WHILE
  208. // SENDING TO DISPASNTYPES.
  210. // Display till[5]
  211. TempFrame = DispASNTypes(hFrame, --TempFrame, OffSet+1, KdcReqBodyID, KdcReqBodyBitF);
  214. // Display KerberosTime
  215. TempFrame = DefineValue(hFrame, TempFrame, OffSet+3, DispString);
  218. // Display rtime[6] OPTIONAL
  219. if(*(TempFrame+1) == 0xA6)
  220. {
  221. // Display Expiration Date value at the Top level
  222. TempFrame = DispSumTime(hFrame, TempFrame, 0x18, OffSet, DispStringRenewTill);
  224. // Display from[4]
  225. TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+1, KdcReqBodyID, KdcReqBodyBitF);
  227. // Display KerberosTime
  228. TempFrame = DefineValue(hFrame, TempFrame, OffSet+3, DispString);
  230. //TempFrame--
  231. }
  234. // Display Top level for nonce[7]
  235. TempFrame = DispSum(hFrame, TempFrame, 0x02, 0x30, OffSet, DispSumRandomNumber);
  237. // Display nonce[7]
  238. TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+1, KdcReqBodyID, KdcReqBodyBitF);
  240. //Display INTEGER
  241. TempFrame = DefineValue(hFrame, TempFrame, OffSet+3, DispSumRandomNumber);
  245. // SINCE THIS FIELD LISTS THE NUMEROUS ENCRYPTION OPTIONS A CLIENT
  246. // SUPPORTS, IT CAN BE CONFUSING DISPLAYING THE FIRST OPTION AT THE TOP
  247. // LEVEL SO I'M REMMING OUT THE NEXT LINE OF CODE.
  248. //Display Encryption Algorithm at the top Level etype[8]
  249. // TempFrame = DispSum(hFrame, TempFrame, 0x02, 0x02, OffSet, DispSumEtype2);
  251. //Display Encryption Type Option(s) at the top Level etype[8]
  252. TempFrame = DispTopSum(hFrame, TempFrame, 2, DispEncryptionOptions);
  253. // Display etype[8]
  254. TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+1, KdcReqBodyID, KdcReqBodyBitF);
  256. // Display Length Octet
  257. TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+4);
  259. // Incrementing TempFrame based on the number of octets
  260. // taken up by the Length octet
  261. TempFrame = IncTempFrame(TempFrame);
  263. // Display all the encryption types.
  264. TempFrame = DefineEtype(hFrame, TempFrame, OffSet+1, DispSumEtype2, ASN1UnivTagSumID, ASN1UnivTag);
  267. // Display addresses[9]
  269. if(*(TempFrame) == 0xA9)
  271. {
  272. // Display Expiration Date value at the Top level
  273. TempFrame = DispSum(hFrame, TempFrame, 0x04, 0x30, OffSet, DispStringAddresses);
  275. // Adjust TempFrame to proper octet
  276. --TempFrame;
  277. // Display addresses[9]
  278. TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+1, KdcReqBodyID, KdcReqBodyBitF);
  280. // Display Length Octet
  281. TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+4);
  283. // Incrementing TempFrame based on the number of octets
  284. // taken up by the Length octet
  285. TempFrame = IncTempFrame(TempFrame);
  287. // Display SEQUENCE OF Octets
  288. TempFrame = DispSeqOctets(hFrame, TempFrame, OffSet+3, ASN1UnivTagSumID, ASN1UnivTag);
  290. //Display addresses[9]
  291. TempFrame = DispHostAddresses(hFrame, TempFrame, OffSet+1);
  295. }
  298. /*
  299. LEFT OFF HERE BECAUSE THE SNIFFS I HAVE DON'T HAVE THE FINAL OPTIONS. FINISH HANDLING THE KDC-REQ PACKET
  300. IF/WHEN YOU GET A SNIFF WITH THE INFO, THEN GO BACK AND ADD CODE FOR THE OPTIONAL'S IN KRB-ERROR
  301. USING MIKE'S SNIFF.
  303. Missing enc-authorization-data[10] & additional-tickets[11]
  305. */
  308. return TempFrame;
  310. }