//============================================================================= // MODULE: kdcrep.c // // Description: // // Bloodhound Parser DLL for Kerberos Authentication Protocol // // Modification History // // Michael Webb & Kris Frost Date: 06/04/99 //============================================================================= //#define KDCREP_H //#include "kerbparser.h" #include "kerbGlob.h" #include "kdcrep.h" // Definitions BYTE CheckForOptional; LPBYTE TempFrameRep; ; // Need to find out why error compiling without the semicolon LPBYTE KdcResponse(HFRAME hFrame, LPBYTE TempFrame) { // 1st attach command displays the 1st Identifier frame // Display SEQUENCE (First frame we handle in this file. TempFrame = DispASNTypes(hFrame, TempFrame, 3, ASN1UnivTagSumID, ASN1UnivTag); // Display Length Octet TempFrame = CalcLengthSummary(hFrame, TempFrame, 5); // Incrementing TempFrame based on the number of octets // taken up by the Length octet TempFrame = IncTempFrame(TempFrame); // Display Protocol Version value at the Top level TempFrame = DispSum(hFrame, TempFrame, 0x02, 0x30, 1, DispProtocolVer); // Displays pvno[0] TempFrame = KdcRepTypes(hFrame, TempFrame, 2); // Display Message Type value at the Top level TempFrame = DispSum(hFrame, TempFrame, 0x02, 0x30, 1, DispKerbMsgType); // Displays kdc-rep msg-type[1] TempFrame = KdcRepTypes(hFrame, TempFrame, 2); // Display padata[2] if present THIS CODE HASN'T BEEN // VERIFIED AGAINST A CAPTURE TO TEST IT'S VALIDITY // Start code to break down pa-data if(*(TempFrame+1) == 0xA2) { // Display Pre-Authentication Data at the Top level TempFrame = DispTopSum(hFrame, TempFrame, 1, DispSumPreAuth); // Display padata[2] TempFrame = HandlePaData(hFrame, TempFrame, 2, PaDataSummary); } // Bring comment back here // Display Client Realm value at the Top level TempFrame = DispSum(hFrame, TempFrame, 0x1B, 0x30, 1, DispStringCliRealm); // Next function handles displaying crealm[3] TempFrame = KdcRepTypes(hFrame, TempFrame, 2); // Display Client Name value at the Top level TempFrame = DispSum(hFrame, TempFrame, 0x1B, 0x30, 1, DispStringCliName); // Next function handles displaying cname[4] TempFrame = KdcRepTypes(hFrame, TempFrame, 2); // Display Kerberos Ticket at the Top level TempFrame = DispTopSum(hFrame, TempFrame, 1, DispSumKerbTix); // Next call handles displaying ticket[5] TempFrame = KdcHandleTix(hFrame, TempFrame, 2); // Display Ciper Text at the Top level TempFrame = DispTopSum(hFrame, TempFrame, 1, DispCipherText); // Display enc-part[6] of Ticket TempFrame = DispASNTypes(hFrame, TempFrame, 2, KdcRepTagID, lblTagNumber); // Display Long form Length Octet TempFrame = CalcLengthSummary(hFrame, TempFrame, 5); // Incrementing TempFrame based on the number of octets // taken up by the Length octet TempFrame = IncTempFrame(TempFrame); // Display SEQUENCE TempFrame = DispASNTypes(hFrame, TempFrame, 4, ASN1UnivTagSumID, ASN1UnivTag); // Display Long form Length Octet TempFrame = CalcLengthSummary(hFrame, TempFrame, 7); // Incrementing TempFrame based on the number of octets // taken up by the Length octet TempFrame = IncTempFrame(TempFrame); // Handle EncryptedData Needs to start with A0 TempFrame = HandleEncryptedData(hFrame, TempFrame, 2); /* kf 11/9/99 FIXING PADATA *///kf 11/9/99 FIXING PADATA return TempFrame; }; LPBYTE KdcRepTypes(HFRAME hFrame, LPBYTE TempFrame, int OffSet) { TempFrame = DispASNTypes(hFrame, TempFrame, OffSet, KdcRepTagID, lblTagNumber); // Next statement checks for crealm or cname in order to display a string // Value for TempAsnMsg is assigned in DispASNTypes if(( *(TempFrame) & 0x1F) == 3 || (*(TempFrame) & 0x1F) == 4) { // The next function breaks down PrincipalName if((*(TempFrame) & 0x1F) == 4) { //Display Length Octet TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+3); // Incrementing TempFrame based on the number of octets // taken up by the Length octet TempFrame = IncTempFrame(TempFrame); // Display SEQUENCE TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+2, ASN1UnivTagSumID, ASN1UnivTag); // Print out Length Octet TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+5); // Incrementing TempFrame based on the number of octets // taken up by the Length octet TempFrame = IncTempFrame(TempFrame); // This call breaks down PrincipalName defined in cname[4] TempFrame =DefinePrincipalName(hFrame, TempFrame, OffSet+2, DispString); } else TempFrame = DefineValue(hFrame, TempFrame, OffSet+2, DispString); } else TempFrame = DefineValue(hFrame, TempFrame, OffSet+2, KdcContentsValue); return TempFrame; }; /*********************************************************************************************************** ** ** This function will break down ASN.1 PrincipalName. ** Ticket ::= [APPLICATION 1] { ** tkt-vno[0] INTEGER, Specifies the version # for the ticket format ** realm[1] Realm, Specifies the realm that issued the ticket ** sname[2] PrinicipalName, Specifies the name part of the Server Identity ** enc-part[3] EncryptedData, Holds encoding of the EncTicketPart sequence ** ** ** ** **************************************************************************************************************/ LPBYTE KdcHandleTix(HFRAME hFrame, LPBYTE TempFrame, int OffSet) { /* Need to make a function to call that displays the main variables of the Ticket structure and displays to save repitive code. */ //Display Ticket[5] TempFrame = DispASNTypes(hFrame, --TempFrame, OffSet, KdcRepTagID, lblTagNumber); // Display Length TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+2); // Incrementing TempFrame based on the number of octets // taken up by the Length octet TempFrame = IncTempFrame(TempFrame); // Display Identifier Octet for [APPLICATION 1] TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+2, KrbTixAppSumID, KrbTixApp1ID); // Display Long form Length Octet TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+3); // Incrementing TempFrame based on the number of octets // taken up by the Length octet TempFrame = IncTempFrame(TempFrame); // Display SEQUENCE TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+3, ASN1UnivTagSumID, ASN1UnivTag); // Display Long form Length Octet TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+3); // Incrementing TempFrame based on the number of octets // taken up by the Length octet TempFrame = IncTempFrame(TempFrame); // Display Ticket Version value at the Top level TempFrame = DispSum(hFrame, TempFrame, 0x02, 0x30, OffSet, DispSumTixVer); // Display tkt-vno[0] TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+1, KrbTicketSumID, KrbTicketID); // Breakdown and display tkt-vno[0] TempFrame = DefineValue(hFrame, TempFrame, OffSet+2, KdcContentsValue); // Display Realm name value at the Top level TempFrame = DispSum(hFrame, TempFrame, 0x1B, 0x30, OffSet, DispStringRealmName); // Display realm[1] TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+1, KrbTicketSumID, KrbTicketID); // Breakdown and display Realm name TempFrame = DefineValue(hFrame, TempFrame, OffSet+2, DispString); // Display Server name value at the Top level //KF 8/16 IN FRAME 4 OF MACHBOOT.CAP, THERE IS ONLY ONE NAME UNDER SNAME WHICH // BREAKS THE REST OF THE DISPLAY. NEED TO DO SOMETYPE OF CHECK TO SEE IF THERE ARE // MULTIPLE NAMES. MAYBE A COUNTER IN THE WHILE LOOP. TempFrame = DispSumString(hFrame, TempFrame, 0x1B, OffSet, DispStringServNameGS); // Process sname[2] PrincipalName portion TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+1, KrbTicketSumID, KrbTicketID); //Display short length TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+4); // Incrementing TempFrame based on the number of octets // taken up by the Length octet TempFrame = IncTempFrame(TempFrame); // Display SEQUENCE TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+4, ASN1UnivTagSumID, ASN1UnivTag); // Calculate short length TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+6); // Incrementing TempFrame based on the number of octets // taken up by the Length octet TempFrame = IncTempFrame(TempFrame); // This call will break down the PrincipalName portion of sname[2] TempFrame = DefinePrincipalName(hFrame, TempFrame, OffSet+4, DispString); // End code for displaying sname[2] // Display Ciper Text at the Top level TempFrame = DispTopSum(hFrame, TempFrame, OffSet, DispCipherText); // Display enc-data[3] of Ticket TempFrame = DispASNTypes(hFrame, --TempFrame, OffSet+1, KrbTicketSumID, KrbTicketID); // Display Long form Length Octet TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+4); // Incrementing TempFrame based on the number of octets // taken up by the Length octet TempFrame = IncTempFrame(TempFrame); // Display Sequence TempFrame = DispASNTypes(hFrame, TempFrame, OffSet+3, ASN1UnivTagSumID, ASN1UnivTag); // Display Long form Length Octet TempFrame = CalcLengthSummary(hFrame, TempFrame, OffSet+6); // Incrementing TempFrame based on the number of octets // taken up by the Length octet TempFrame = IncTempFrame(TempFrame); // Handling enc-data. // Handle EncryptedData Needs to start with A0 TempFrame = HandleEncryptedData( hFrame, TempFrame, OffSet+1); return TempFrame; }