1 |
|
|
/* $OpenBSD: print-krb.c,v 1.11 2015/11/16 00:16:39 mmcc Exp $ */ |
2 |
|
|
|
3 |
|
|
/* |
4 |
|
|
* Copyright (c) 1995, 1996, 1997 |
5 |
|
|
* The Regents of the University of California. All rights reserved. |
6 |
|
|
* |
7 |
|
|
* Redistribution and use in source and binary forms, with or without |
8 |
|
|
* modification, are permitted provided that: (1) source code distributions |
9 |
|
|
* retain the above copyright notice and this paragraph in its entirety, (2) |
10 |
|
|
* distributions including binary code include the above copyright notice and |
11 |
|
|
* this paragraph in its entirety in the documentation or other materials |
12 |
|
|
* provided with the distribution, and (3) all advertising materials mentioning |
13 |
|
|
* features or use of this software display the following acknowledgement: |
14 |
|
|
* ``This product includes software developed by the University of California, |
15 |
|
|
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of |
16 |
|
|
* the University nor the names of its contributors may be used to endorse |
17 |
|
|
* or promote products derived from this software without specific prior |
18 |
|
|
* written permission. |
19 |
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED |
20 |
|
|
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF |
21 |
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
22 |
|
|
* |
23 |
|
|
* Initial contribution from John Hawkinson (jhawk@mit.edu). |
24 |
|
|
*/ |
25 |
|
|
|
26 |
|
|
#include <sys/time.h> |
27 |
|
|
#include <sys/socket.h> |
28 |
|
|
|
29 |
|
|
#include <netinet/in.h> |
30 |
|
|
#include <netinet/ip.h> |
31 |
|
|
#include <netinet/ip_var.h> |
32 |
|
|
#include <netinet/udp.h> |
33 |
|
|
#include <netinet/udp_var.h> |
34 |
|
|
|
35 |
|
|
#include <ctype.h> |
36 |
|
|
#include <errno.h> |
37 |
|
|
#include <stdio.h> |
38 |
|
|
|
39 |
|
|
#include "interface.h" |
40 |
|
|
#include "addrtoname.h" |
41 |
|
|
|
42 |
|
|
const u_char *c_print(const u_char *, const u_char *); |
43 |
|
|
const u_char *krb4_print_hdr(const u_char *); |
44 |
|
|
void krb4_print(const u_char *); |
45 |
|
|
void krb_print(const u_char *, u_int); |
46 |
|
|
|
47 |
|
|
|
48 |
|
|
#define AUTH_MSG_KDC_REQUEST 1<<1 |
49 |
|
|
#define AUTH_MSG_KDC_REPLY 2<<1 |
50 |
|
|
#define AUTH_MSG_APPL_REQUEST 3<<1 |
51 |
|
|
#define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1 |
52 |
|
|
#define AUTH_MSG_ERR_REPLY 5<<1 |
53 |
|
|
#define AUTH_MSG_PRIVATE 6<<1 |
54 |
|
|
#define AUTH_MSG_SAFE 7<<1 |
55 |
|
|
#define AUTH_MSG_APPL_ERR 8<<1 |
56 |
|
|
#define AUTH_MSG_DIE 63<<1 |
57 |
|
|
|
58 |
|
|
#define KERB_ERR_OK 0 |
59 |
|
|
#define KERB_ERR_NAME_EXP 1 |
60 |
|
|
#define KERB_ERR_SERVICE_EXP 2 |
61 |
|
|
#define KERB_ERR_AUTH_EXP 3 |
62 |
|
|
#define KERB_ERR_PKT_VER 4 |
63 |
|
|
#define KERB_ERR_NAME_MAST_KEY_VER 5 |
64 |
|
|
#define KERB_ERR_SERV_MAST_KEY_VER 6 |
65 |
|
|
#define KERB_ERR_BYTE_ORDER 7 |
66 |
|
|
#define KERB_ERR_PRINCIPAL_UNKNOWN 8 |
67 |
|
|
#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 |
68 |
|
|
#define KERB_ERR_NULL_KEY 10 |
69 |
|
|
|
70 |
|
|
struct krb { |
71 |
|
|
u_char pvno; /* Protocol Version */ |
72 |
|
|
u_char type; /* Type+B */ |
73 |
|
|
}; |
74 |
|
|
|
75 |
|
|
static char tstr[] = " [|kerberos]"; |
76 |
|
|
|
77 |
|
|
static struct tok type2str[] = { |
78 |
|
|
{ AUTH_MSG_KDC_REQUEST, "KDC_REQUEST" }, |
79 |
|
|
{ AUTH_MSG_KDC_REPLY, "KDC_REPLY" }, |
80 |
|
|
{ AUTH_MSG_APPL_REQUEST, "APPL_REQUEST" }, |
81 |
|
|
{ AUTH_MSG_APPL_REQUEST_MUTUAL, "APPL_REQUEST_MUTUAL" }, |
82 |
|
|
{ AUTH_MSG_ERR_REPLY, "ERR_REPLY" }, |
83 |
|
|
{ AUTH_MSG_PRIVATE, "PRIVATE" }, |
84 |
|
|
{ AUTH_MSG_SAFE, "SAFE" }, |
85 |
|
|
{ AUTH_MSG_APPL_ERR, "APPL_ERR" }, |
86 |
|
|
{ AUTH_MSG_DIE, "DIE" }, |
87 |
|
|
{ 0, NULL } |
88 |
|
|
}; |
89 |
|
|
|
90 |
|
|
static struct tok kerr2str[] = { |
91 |
|
|
{ KERB_ERR_OK, "OK" }, |
92 |
|
|
{ KERB_ERR_NAME_EXP, "NAME_EXP" }, |
93 |
|
|
{ KERB_ERR_SERVICE_EXP, "SERVICE_EXP" }, |
94 |
|
|
{ KERB_ERR_AUTH_EXP, "AUTH_EXP" }, |
95 |
|
|
{ KERB_ERR_PKT_VER, "PKT_VER" }, |
96 |
|
|
{ KERB_ERR_NAME_MAST_KEY_VER, "NAME_MAST_KEY_VER" }, |
97 |
|
|
{ KERB_ERR_SERV_MAST_KEY_VER, "SERV_MAST_KEY_VER" }, |
98 |
|
|
{ KERB_ERR_BYTE_ORDER, "BYTE_ORDER" }, |
99 |
|
|
{ KERB_ERR_PRINCIPAL_UNKNOWN, "PRINCIPAL_UNKNOWN" }, |
100 |
|
|
{ KERB_ERR_PRINCIPAL_NOT_UNIQUE,"PRINCIPAL_NOT_UNIQUE" }, |
101 |
|
|
{ KERB_ERR_NULL_KEY, "NULL_KEY"}, |
102 |
|
|
{ 0, NULL} |
103 |
|
|
}; |
104 |
|
|
|
105 |
|
|
|
106 |
|
|
/* little endian (unaligned) to host byte order */ |
107 |
|
|
/* XXX need to look at this... */ |
108 |
|
|
#define vtohlp(x) ((( ((char *)(x))[0] ) ) | \ |
109 |
|
|
(( ((char *)(x))[1] ) << 8) | \ |
110 |
|
|
(( ((char *)(x))[2] ) << 16) | \ |
111 |
|
|
(( ((char *)(x))[3] ) << 24)) |
112 |
|
|
#define vtohsp(x) ((( ((char *)(x))[0] ) ) | \ |
113 |
|
|
(( ((char *)(x))[1] ) << 8)) |
114 |
|
|
/* network (big endian) (unaligned) to host byte order */ |
115 |
|
|
#define ntohlp(x) ((( ((char *)(x))[3] ) ) | \ |
116 |
|
|
(( ((char *)(x))[2] ) << 8) | \ |
117 |
|
|
(( ((char *)(x))[1] ) << 16) | \ |
118 |
|
|
(( ((char *)(x))[0] ) << 24)) |
119 |
|
|
#define ntohsp(x) ((( ((char *)(x))[1] ) ) | \ |
120 |
|
|
(( ((char *)(x))[0] ) << 8)) |
121 |
|
|
|
122 |
|
|
|
123 |
|
|
|
124 |
|
|
const u_char * |
125 |
|
|
c_print(const u_char *s, const u_char *ep) |
126 |
|
|
{ |
127 |
|
|
u_char c; |
128 |
|
|
int flag; |
129 |
|
|
|
130 |
|
|
flag = 1; |
131 |
|
|
while (ep == NULL || s < ep) { |
132 |
|
|
c = *s++; |
133 |
|
|
if (c == '\0') { |
134 |
|
|
flag = 0; |
135 |
|
|
break; |
136 |
|
|
} |
137 |
|
|
if (!isascii(c)) { |
138 |
|
|
c = toascii(c); |
139 |
|
|
putchar('M'); |
140 |
|
|
putchar('-'); |
141 |
|
|
} |
142 |
|
|
if (!isprint(c)) { |
143 |
|
|
c ^= 0x40; /* DEL to ?, others to alpha */ |
144 |
|
|
putchar('^'); |
145 |
|
|
} |
146 |
|
|
putchar(c); |
147 |
|
|
} |
148 |
|
|
if (flag) |
149 |
|
|
return NULL; |
150 |
|
|
return (s); |
151 |
|
|
} |
152 |
|
|
|
153 |
|
|
const u_char * |
154 |
|
|
krb4_print_hdr(const u_char *cp) |
155 |
|
|
{ |
156 |
|
|
cp += 2; |
157 |
|
|
|
158 |
|
|
#define PRINT if ((cp = c_print(cp, snapend)) == NULL) goto trunc |
159 |
|
|
|
160 |
|
|
TCHECK2(cp, 0); |
161 |
|
|
PRINT; |
162 |
|
|
TCHECK2(cp, 0); |
163 |
|
|
putchar('.'); PRINT; |
164 |
|
|
TCHECK2(cp, 0); |
165 |
|
|
putchar('@'); PRINT; |
166 |
|
|
return(cp); |
167 |
|
|
|
168 |
|
|
trunc: |
169 |
|
|
fputs(tstr, stdout); |
170 |
|
|
return (NULL); |
171 |
|
|
|
172 |
|
|
#undef PRINT |
173 |
|
|
} |
174 |
|
|
|
175 |
|
|
void |
176 |
|
|
krb4_print(const u_char *cp) |
177 |
|
|
{ |
178 |
|
|
const struct krb *kp; |
179 |
|
|
u_char type; |
180 |
|
|
u_short len; |
181 |
|
|
|
182 |
|
|
#define PRINT if ((cp = c_print(cp, snapend)) == NULL) goto trunc |
183 |
|
|
/* True if struct krb is little endian */ |
184 |
|
|
#define IS_LENDIAN(kp) (((kp)->type & 0x01) != 0) |
185 |
|
|
#define KTOHSP(kp, cp) (IS_LENDIAN(kp) ? vtohsp(cp) : ntohsp(cp)) |
186 |
|
|
|
187 |
|
|
kp = (struct krb *)cp; |
188 |
|
|
|
189 |
|
|
if ((&kp->type) >= snapend) { |
190 |
|
|
fputs(tstr, stdout); |
191 |
|
|
return; |
192 |
|
|
} |
193 |
|
|
|
194 |
|
|
type = kp->type & (0xFF << 1); |
195 |
|
|
|
196 |
|
|
printf(" %s %s: ", |
197 |
|
|
IS_LENDIAN(kp) ? "le" : "be", tok2str(type2str, NULL, type)); |
198 |
|
|
|
199 |
|
|
switch (type) { |
200 |
|
|
|
201 |
|
|
case AUTH_MSG_KDC_REQUEST: |
202 |
|
|
if ((cp = krb4_print_hdr(cp)) == NULL) |
203 |
|
|
return; |
204 |
|
|
cp += 4; /* ctime */ |
205 |
|
|
TCHECK2(cp, 0); |
206 |
|
|
printf(" %dmin ", *cp++ * 5); |
207 |
|
|
TCHECK2(cp, 0); |
208 |
|
|
PRINT; |
209 |
|
|
TCHECK2(cp, 0); |
210 |
|
|
putchar('.'); PRINT; |
211 |
|
|
break; |
212 |
|
|
|
213 |
|
|
case AUTH_MSG_APPL_REQUEST: |
214 |
|
|
cp += 2; |
215 |
|
|
TCHECK2(cp, 0); |
216 |
|
|
printf("v%d ", *cp++); |
217 |
|
|
TCHECK2(cp, 0); |
218 |
|
|
PRINT; |
219 |
|
|
TCHECK2(cp, 0); |
220 |
|
|
printf(" (%d)", *cp++); |
221 |
|
|
TCHECK2(cp, 0); |
222 |
|
|
printf(" (%d)", *cp); |
223 |
|
|
TCHECK2(cp, 0); |
224 |
|
|
break; |
225 |
|
|
|
226 |
|
|
case AUTH_MSG_KDC_REPLY: |
227 |
|
|
if ((cp = krb4_print_hdr(cp)) == NULL) |
228 |
|
|
return; |
229 |
|
|
cp += 10; /* timestamp + n + exp + kvno */ |
230 |
|
|
TCHECK2(cp, 0); |
231 |
|
|
len = KTOHSP(kp, cp); |
232 |
|
|
printf(" (%d)", len); |
233 |
|
|
TCHECK2(cp, 0); |
234 |
|
|
break; |
235 |
|
|
|
236 |
|
|
case AUTH_MSG_ERR_REPLY: |
237 |
|
|
if ((cp = krb4_print_hdr(cp)) == NULL) |
238 |
|
|
return; |
239 |
|
|
cp += 4; /* timestamp */ |
240 |
|
|
TCHECK2(cp, 0); |
241 |
|
|
printf(" %s ", tok2str(kerr2str, NULL, KTOHSP(kp, cp))); |
242 |
|
|
cp += 4; |
243 |
|
|
TCHECK2(cp, 0); |
244 |
|
|
PRINT; |
245 |
|
|
break; |
246 |
|
|
|
247 |
|
|
default: |
248 |
|
|
fputs("(unknown)", stdout); |
249 |
|
|
break; |
250 |
|
|
} |
251 |
|
|
|
252 |
|
|
return; |
253 |
|
|
trunc: |
254 |
|
|
fputs(tstr, stdout); |
255 |
|
|
} |
256 |
|
|
|
257 |
|
|
void |
258 |
|
|
krb_print(const u_char *dat, u_int length) |
259 |
|
|
{ |
260 |
|
|
const struct krb *kp; |
261 |
|
|
|
262 |
|
|
kp = (struct krb *)dat; |
263 |
|
|
|
264 |
|
|
if (dat >= snapend) { |
265 |
|
|
fputs(tstr, stdout); |
266 |
|
|
return; |
267 |
|
|
} |
268 |
|
|
|
269 |
|
|
switch (kp->pvno) { |
270 |
|
|
|
271 |
|
|
case 1: |
272 |
|
|
case 2: |
273 |
|
|
case 3: |
274 |
|
|
printf(" v%d", kp->pvno); |
275 |
|
|
break; |
276 |
|
|
|
277 |
|
|
case 4: |
278 |
|
|
printf(" v%d", kp->pvno); |
279 |
|
|
krb4_print((const u_char *)kp); |
280 |
|
|
break; |
281 |
|
|
|
282 |
|
|
case 106: |
283 |
|
|
case 107: |
284 |
|
|
fputs(" v5", stdout); |
285 |
|
|
/* Decode ASN.1 here "someday" */ |
286 |
|
|
break; |
287 |
|
|
} |
288 |
|
|
return; |
289 |
|
|
} |