[Wireshark-dev] Kerberos pre-auth type constants - MS extensions are wrong?
It appears like MS extensions for Kerberos pre-auth type constants, such as: #define KRB5_PA_PAC_REQUEST -128 /* = 0xFF80 = (gint32)((gint8)0x80) MS extension */ are wrong - should be 128 (which is 0x80 btw), for example, based on a capture I've done and on http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-KILE%5D.pdf(see section 3.1.5.1) Is it OK to fix them in packet-kerberos-template.c? Anyone knows where the mistake comes from? TIA, Y. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Kerberos pre-auth type constants - MS extensions are wrong?
Hi, Note that packet-kerberos-template.c isn't used to generate packet-kerberos.c currently, I would guess that the info in packet-kerberos-template.c is copied from the current hand written dissector. Regards Anders From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Kaul Sent: den 3 maj 2010 14:04 To: Developer support list for Wireshark Subject: [Wireshark-dev] Kerberos pre-auth type constants - MS extensions are wrong? It appears like MS extensions for Kerberos pre-auth type constants, such as: #define KRB5_PA_PAC_REQUEST -128 /* = 0xFF80 = (gint32)((gint8)0x80) MS extension */ are wrong - should be 128 (which is 0x80 btw), for example, based on a capture I've done and on http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-KILE%5D.pdf (see section 3.1.5.1) Is it OK to fix them in packet-kerberos-template.c? Anyone knows where the mistake comes from? TIA, Y. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Kerberos pre-auth type constants - MS extensions are wrong?
On Mon, May 3, 2010 at 4:47 PM, Anders Broman anders.bro...@ericsson.comwrote: Hi, Note that packet-kerberos-template.c isn't used to generate packet-kerberos.c currently, I would guess that the info in packet-kerberos-template.c is copied from the current hand written dissector. Regards Anders Yes, I've just discovered that. And indeed, changing the value in packet-kerberos.c seems to solve the issue. Y. -- *From:* wireshark-dev-boun...@wireshark.org [mailto: wireshark-dev-boun...@wireshark.org] *On Behalf Of *Kaul *Sent:* den 3 maj 2010 14:04 *To:* Developer support list for Wireshark *Subject:* [Wireshark-dev] Kerberos pre-auth type constants - MS extensions are wrong? It appears like MS extensions for Kerberos pre-auth type constants, such as: #define KRB5_PA_PAC_REQUEST -128 /* = 0xFF80 = (gint32)((gint8)0x80) MS extension */ are wrong - should be 128 (which is 0x80 btw), for example, based on a capture I've done and on http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-KILE%5D.pdf(see section 3.1.5.1) Is it OK to fix them in packet-kerberos-template.c? Anyone knows where the mistake comes from? TIA, Y. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Kerberos pre-auth type constants - MS extensions are wrong?
Kaul wrote: On Mon, May 3, 2010 at 4:47 PM, Anders Broman anders.bro...@ericsson.comwrote: Hi, Note that packet-kerberos-template.c isn't used to generate packet-kerberos.c currently, I would guess that the info in packet-kerberos-template.c is copied from the current hand written dissector. Regards Anders Yes, I've just discovered that. And indeed, changing the value in packet-kerberos.c seems to solve the issue. Y. When I looked at this some time back, I convinced myself (ISTR via testing) that the 'dissect_ber_integer' in 'dissect_krb5_PA_DATA_type' returned a 32-bit 'FF80' for a KRB5_PA_PAC_REQUEST byte of 0x80. The same appeared to also be true for KRB5_PA_S4U2SELF KRB5_PA_PROV_SRV_LOCATION. Can you supply a capture so I can look into this ??? (Maybe the best way is to create a bug report and attach a capture file. You can mark the attachment as private if needed). Thanks Bill ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Kerberos pre-auth type constants - MS extensions are wrong?
Bill Meier wrote: Kaul wrote: On Mon, May 3, 2010 at 4:47 PM, Anders Broman anders.bro...@ericsson.comwrote: Hi, Note that packet-kerberos-template.c isn't used to generate packet-kerberos.c currently, I would guess that the info in packet-kerberos-template.c is copied from the current hand written dissector. Regards Anders Yes, I've just discovered that. And indeed, changing the value in packet-kerberos.c seems to solve the issue. Y. When I looked at this some time back, I convinced myself (ISTR via testing) that the 'dissect_ber_integer' in 'dissect_krb5_PA_DATA_type' returned a 32-bit 'FF80' for a KRB5_PA_PAC_REQUEST byte of 0x80. The same appeared to also be true for KRB5_PA_S4U2SELF KRB5_PA_PROV_SRV_LOCATION. Can you supply a capture so I can look into this ??? (Maybe the best way is to create a bug report and attach a capture file. You can mark the attachment as private if needed). Thanks Bill PS: remembering a bit more: This was my attempt to fix bug #4363. Suggestions are welcome as to a better fix ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
