Bug 43472 – wireshark can't decode kerberos

Bug 43472 - wireshark can't decode kerberos


Summary:	wireshark can't decode kerberos

Status:	RESOLVED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	General
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:
Blocks:	43405
	Show dependency tree / graph

Reported:	2017-02-01 17:02 CET by Felix Botner
Modified:	2020-07-03 20:52 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	Development Internal
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2017-02-01 17:02:55 CET

The 4.2-0 wireshark version can't decode kerberos data, at least not AuthorizationData.

-> tshark -K "/tmp/key.tab" -r "/tmp/capture_file" -V -2  -R 'kerberos.msg_type==11'

...
                        authorization-data: 2 items
                            AuthorizationData item
                                ad-type: 1
                                ad-data: 308202a23082029ea00402020080a1820294048202900500...
                                    AuthorizationData item
                                        ad-type: 128
                                        ad-data: 050000000000000001000000c00100005800000000000000...
...


On my UCS 4.1 with

-> tshark -K "/tmp/key.tab" -r "/tmp/capture_file" -V -R 'kerberos.msg.type==11'

i get 

AuthorizationData AD-IF-RELEVANT
                        Type: AD-IF-RELEVANT (1)
                        Data: 30820302308202fea00402020080a18202f4048202f00500...
                            IF_RELEVANT AD-Win2k-PAC
                                Type: AD-Win2k-PAC (128)
                                Data: 050000000000000001000000000200005800000000000000...
                                    Num Entries: 5
                                    Version: 0
                                    Type: Logon Info (1)
                                        Size: 512
                                        Offset: 88
                                        PAC_LOGON_INFO: 01100800ccccccccf00100000000000000000200fca739a7...
                                            MES header
                                                Version: 1
                                                DREP
                                                    Byte order: Little-endian (1)
                                                HDR Length: 8
                                                Fill bytes: 0xcccccccc
                                                Blob Length: 496
                                            PAC_LOGON_INFO:
                                                Referent ID: 0x00020000
                                                Logon Time: Feb  1, 2017 15:01:15.477606000 CET
                                                Logoff Time

See /usr/share/ucs-test/51_samba4/59checkPrimaryGroupInPacInfo for more info.

This breaks the 59checkPrimaryGroupInPacInfo test.

Comment 1 Ingo Steuwer

2020-07-03 20:52:09 CEST

This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.