Small Kerberos tweaks and fixes.

src/analyzer/protocol/CMakeLists.txt

@@ -18,6 +18,7 @@ add_subdirectory(icmp)
 add_subdirectory(ident)
 add_subdirectory(interconn)
 add_subdirectory(irc)
+add_subdirectory(krb)
 add_subdirectory(login)
 add_subdirectory(mime)
 add_subdirectory(modbus)

src/analyzer/protocol/krb/CMakeLists.txt

@@ -1,7 +1,8 @@
 
 include(BroPlugin)
 
-include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
+include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}
+                           ${CMAKE_CURRENT_BINARY_DIR})
 
 bro_plugin_begin(Bro KRB)
 bro_plugin_cc(KRB.cc Plugin.cc)

src/analyzer/protocol/krb/KRB.cc

@@ -1,12 +1,13 @@
-#include "KRB.h"
+// See the file "COPYING" in the main distribution directory for copyright.
 
+#include "KRB.h"
 #include "types.bif.h"
 #include "events.bif.h"
 
 using namespace analyzer::krb;
 
 KRB_Analyzer::KRB_Analyzer(Connection* conn)
-: Analyzer("KRB", conn)
+	: Analyzer("KRB", conn)
 	{
 	interp = new binpac::KRB::KRB_Conn(this);
 	}
@@ -21,17 +22,18 @@ void KRB_Analyzer::Done()
 	Analyzer::Done();
 	}
 
-void KRB_Analyzer::DeliverPacket(int len, const u_char* data,
-			bool orig, uint64 seq, const IP_Hdr* ip, int caplen)
+void KRB_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
+								 uint64 seq, const IP_Hdr* ip, int caplen)
 	{
 	Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);
+
 	try
 		{
 		interp->NewData(orig, data, data + len);
 		}
 	catch ( const binpac::Exception& e )
 		{
-		printf(fmt("Binpac exception: %s\n", e.c_msg()));
+		ProtocolViolation(e.c_msg());
 		}
 	}
 

src/analyzer/protocol/krb/KRB.h

@@ -1,25 +1,28 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
 #ifndef ANALYZER_PROTOCOL_KRB_KRB_H
 #define ANALYZER_PROTOCOL_KRB_KRB_H
 
-#include "analyzer/protocol/udp/UDP.h"
-
 #include "krb_pac.h"
 
 namespace analyzer { namespace krb {
 
 class KRB_Analyzer : public analyzer::Analyzer {
+
 public:
+
 	KRB_Analyzer(Connection* conn);
 	virtual ~KRB_Analyzer();
 
 	virtual void Done();
 	virtual void DeliverPacket(int len, const u_char* data, bool orig,
-					uint64 seq, const IP_Hdr* ip, int caplen);
+							   uint64 seq, const IP_Hdr* ip, int caplen);
 
 	static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn)
 		{ return new KRB_Analyzer(conn); }
 
 protected:
+	
 	binpac::KRB::KRB_Conn* interp;
 };
 

src/analyzer/protocol/krb/Plugin.cc

@@ -1,6 +1,5 @@
 
 #include "plugin/Plugin.h"
-
 #include "KRB.h"
 
 BRO_PLUGIN_BEGIN(Bro, KRB)

src/analyzer/protocol/krb/krb-protocol.pac

@@ -55,7 +55,7 @@ type KRB_KDC_REQ = record {
 	padata_meta: ASN1EncodingMeta;
 	tmp1       : case has_padata of {
 		true  -> padata	: KRB_PA_Data_Sequence &length=padata_meta.length;
-		false -> n1		: empty;
+		false -> n1	: empty;
 	};
 	tmp2       : case has_padata of {
 		true  -> meta2	: ASN1EncodingMeta;
@@ -73,7 +73,7 @@ type KRB_PA_Data_Sequence = record {
 };
 
 type KRB_PA_Data = record {
-	seq_meta			: ASN1EncodingMeta;
+	seq_meta		: ASN1EncodingMeta;
 	pa_data_type     	: SequenceElement(true);
 	pa_data_elem_meta	: ASN1EncodingMeta;
 	pa_data_element  	: KRB_PA_Data_Element(data_type);
@@ -82,10 +82,10 @@ type KRB_PA_Data = record {
 };
 
 type KRB_PA_Data_Element(type: int64) = case type of {
-	1       -> pa_tgs_req			: KRB_AP_REQ;
-	2       -> pa_enc_timestamp		: KRB_Encrypted_Data;
-	3       -> pa_pw_salt			: ASN1OctetString;
-	default -> unknown				: bytestring &restofdata;
+	1       -> pa_tgs_req		: KRB_AP_REQ;
+	2       -> pa_enc_timestamp	: KRB_Encrypted_Data;
+	3       -> pa_pw_salt		: ASN1OctetString;
+	default -> unknown		: bytestring &restofdata;
 };
 
 type KRB_REQ_Body = record {
@@ -99,47 +99,47 @@ type KRB_REQ_Arg = record {
 };
 
 type KRB_REQ_Arg_Data(index: uint8) = case index of {
-	0  		-> options		: KRB_KDC_Options;
-	1  		-> principal	: KRB_Principal_Name;
-	2  		-> realm		: ASN1OctetString;
-	3  		-> sname		: KRB_Principal_Name;
-	4  		-> from			: KRB_Time;
-	5  		-> till			: KRB_Time;
-	6  		-> rtime		: KRB_Time;
-	7  		-> nonce		: ASN1Integer;
-	8  		-> etype		: Array;
-	9  		-> addrs		: KRB_Host_Addresses;
-	10 		-> auth_data 	: ASN1OctetString; # TODO
-	11 		-> addl_tkts 	: KRB_Ticket_Sequence;
-	default -> unknown		: bytestring &restofdata;
+	0 	-> options	: KRB_KDC_Options;
+	1  	-> principal	: KRB_Principal_Name;
+	2  	-> realm	: ASN1OctetString;
+	3  	-> sname	: KRB_Principal_Name;
+	4  	-> from		: KRB_Time;
+	5  	-> till		: KRB_Time;
+	6  	-> rtime	: KRB_Time;
+	7  	-> nonce	: ASN1Integer;
+	8  	-> etype	: Array;
+	9  	-> addrs	: KRB_Host_Addresses;
+	10 	-> auth_data 	: ASN1OctetString; # TODO
+	11 	-> addl_tkts 	: KRB_Ticket_Sequence;
+	default -> unknown	: bytestring &restofdata;
 };
 
 type KRB_KDC_Options = record {
 	meta : ASN1EncodingMeta;
 	flags: uint32;
 } &let {
-	reserved				: bool	= flags & 0x80000000;
-	forwardable				: bool	= flags & 0x40000000;
-	forwarded				: bool	= flags & 0x20000000;
-	proxiable				: bool	= flags & 0x10000000;
-	proxy					: bool	= flags &  0x8000000;
-	allow_postdate			: bool	= flags &  0x4000000;
-	postdated				: bool	= flags &  0x2000000;
-	unused7					: bool	= flags &  0x1000000;
-	renewable				: bool	= flags &   0x800000;
-	unused9					: bool	= flags &   0x400000;
-	unused10				: bool	= flags &   0x200000;
-	opt_hardware_auth		: bool	= flags &   0x100000;
-	unused12				: bool	= flags &    0x80000;
-	unused13				: bool	= flags &    0x40000;
+	reserved		: bool	= flags & 0x80000000;
+	forwardable		: bool	= flags & 0x40000000;
+	forwarded		: bool	= flags & 0x20000000;
+	proxiable		: bool	= flags & 0x10000000;
+	proxy			: bool	= flags &  0x8000000;
+	allow_postdate		: bool	= flags &  0x4000000;
+	postdated		: bool	= flags &  0x2000000;
+	unused7			: bool	= flags &  0x1000000;
+	renewable		: bool	= flags &   0x800000;
+	unused9			: bool	= flags &   0x400000;
+	unused10		: bool	= flags &   0x200000;
+	opt_hardware_auth	: bool	= flags &   0x100000;
+	unused12		: bool	= flags &    0x80000;
+	unused13		: bool	= flags &    0x40000;
 	# ...
-	unused15				: bool	= flags &    0x10000;
+	unused15		: bool	= flags &    0x10000;
 	# ...
 	disable_transited_check	: bool	= flags &       0x10;
-	renewable_ok			: bool	= flags &        0x8;
-	enc_tkt_in_skey			: bool	= flags &        0x4;
-	renew					: bool	= flags &        0x2;
-	validate				: bool	= flags &        0x1;
+	renewable_ok		: bool	= flags &        0x8;
+	enc_tkt_in_skey		: bool	= flags &        0x4;
+	renew			: bool	= flags &        0x2;
+	validate		: bool	= flags &        0x1;
 };
 
 type KRB_Principal_Name = record {
@@ -167,7 +167,7 @@ type KRB_Host_Address = record {
 };
 
 type KRB_Ticket(in_sequence: bool) = record {
-    have_seq  : case in_sequence of {
+    	have_seq  : case in_sequence of {
 		true  -> meta: ASN1EncodingMeta;
 		false -> none: empty;
 	};
@@ -187,24 +187,24 @@ type KRB_Ticket_Sequence = record {
 
 type KRB_Encrypted_Data_in_Seq = record {
 	index_meta  : ASN1EncodingMeta;
-	data		: KRB_Encrypted_Data;
+	data	    : KRB_Encrypted_Data;
 };
 
 type KRB_Encrypted_Data = record {
-	seq_meta		: ASN1EncodingMeta;
-	etype			: SequenceElement(true);
-	kvno_meta		: ASN1EncodingMeta;
-	case_kvno		: case have_kvno of {
-		true   -> kvno: ASN1Integer;
-		false  -> none: empty;
+	seq_meta	: ASN1EncodingMeta;
+	etype		: SequenceElement(true);
+	kvno_meta	: ASN1EncodingMeta;
+	case_kvno	: case have_kvno of {
+		true   -> kvno	: ASN1Integer;
+		false  -> none	: empty;
 	};
 	grab_next_meta	: case have_kvno of {
 		true   -> next_meta: ASN1EncodingMeta;
 		false  -> none_meta: empty;
 	};
-	ciphertext		: bytestring &length=have_kvno ? next_meta.length : kvno_meta.length;
+	ciphertext	: bytestring &length=have_kvno ? next_meta.length : kvno_meta.length;
 } &let {
-	have_kvno		: bool = kvno_meta.index == 1;
+	have_kvno	: bool = kvno_meta.index == 1;
 };
 
 ### KDC_REP
@@ -216,18 +216,18 @@ type KRB_KDC_REP = record {
 	padata_meta : ASN1EncodingMeta;
 	tmp1        : case has_padata of {
 		true -> padata	: KRB_PA_Data_Sequence &length=padata_meta.length;
-		false -> n1		: empty;
+		false -> n1	: empty;
 	};
 	tmp2        : case has_padata of {
 		true -> meta2	: ASN1EncodingMeta;
-		false -> n2		: empty;
+		false -> n2	: empty;
 	};
 	client_realm: ASN1OctetString &length=realm_length;
 	client_name : KRB_Principal_Name;
 	ticket      : KRB_Ticket(true);
 	enc_part    : KRB_Encrypted_Data_in_Seq;
 } &let {
-	has_padata	: bool = padata_meta.index == 2;
+	has_padata  : bool = padata_meta.index == 2;
 	realm_length: uint8 = has_padata ? meta2.length : padata_meta.length;
 };
 
@@ -247,9 +247,9 @@ type KRB_AP_REQ = record {
 type KRB_AP_Options = record {
 	meta 	: SequenceElement(false);
 	flags	: uint32;
-			: padding[1];
+		: padding[1];
 } &let {
-	reserved		: bool = flags & 0x80000000;
+	reserved	: bool = flags & 0x80000000;
 	use_session_key	: bool = flags & 0x40000000;
 	mutual_required	: bool = flags & 0x20000000;
 };
@@ -276,17 +276,17 @@ type KRB_ERROR_Arg = record {
 };
 
 type KRB_ERROR_Arg_Data(index: uint8) = case index of {
-	0  -> pvno			: ASN1Integer;
+	0  -> pvno		: ASN1Integer;
 	1  -> msg_type		: ASN1Integer;
-	2  -> ctime			: KRB_Time;
-	3  -> cusec			: ASN1Integer;
-	4  -> stime			: KRB_Time;
-	5  -> susec			: ASN1Integer;
+	2  -> ctime		: KRB_Time;
+	3  -> cusec		: ASN1Integer;
+	4  -> stime		: KRB_Time;
+	5  -> susec		: ASN1Integer;
 	6  -> error_code	: ASN1Integer;
 	7  -> crealm		: ASN1OctetString;
-	8  -> cname			: KRB_Principal_Name;
-	9  -> realm			: ASN1OctetString;
-	10 -> sname			: KRB_Principal_Name;
+	8  -> cname		: KRB_Principal_Name;
+	9  -> realm		: ASN1OctetString;
+	10 -> sname		: KRB_Principal_Name;
 	11 -> e_text		: ASN1OctetString;
 	12 -> e_data		: ASN1OctetString;
 };
@@ -313,7 +313,7 @@ type KRB_SAFE_Arg = record {
 type KRB_SAFE_Arg_Data(index: uint8) = case index of {
 	0 -> user_data	: ASN1OctetString;
 	1 -> timestamp  : KRB_Time;
-	2 -> usec		: ASN1Integer;
+	2 -> usec	: ASN1Integer;
 	3 -> seq_number : ASN1Integer;
 	4 -> sender_addr: KRB_Host_Address;
 	5 -> recp_addr  : KRB_Host_Address;