2013-04-11 18:14:53 +00:00
|
|
|
/* Do not modify this file. Changes will be overwritten. */
|
|
|
|
/* Generated automatically by the ASN.1 to Wireshark dissector compiler */
|
2011-09-30 15:21:16 +00:00
|
|
|
/* packet-credssp.c */
|
2016-03-09 03:17:51 +00:00
|
|
|
/* asn2wrs.py -b -C -p credssp -c ./credssp.cnf -s ./packet-credssp-template -D . -O ../.. CredSSP.asn */
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
/* Input file: packet-credssp-template.c */
|
|
|
|
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 1 "./asn1/credssp/packet-credssp-template.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
/* packet-credssp.c
|
|
|
|
* Routines for CredSSP (Credential Security Support Provider) packet dissection
|
|
|
|
* Graeme Lunt 2011
|
|
|
|
*
|
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2011-09-30 15:21:16 +00:00
|
|
|
*/
|
|
|
|
|
2012-09-20 02:03:38 +00:00
|
|
|
#include "config.h"
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
#include <epan/packet.h>
|
|
|
|
#include <epan/asn1.h>
|
2013-06-18 01:13:07 +00:00
|
|
|
#include <epan/tap.h>
|
|
|
|
#include <epan/exported_pdu.h>
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
#include "packet-ber.h"
|
|
|
|
#include "packet-credssp.h"
|
|
|
|
|
|
|
|
|
|
|
|
#define PNAME "Credential Security Support Provider"
|
|
|
|
#define PSNAME "CredSSP"
|
|
|
|
#define PFNAME "credssp"
|
|
|
|
|
|
|
|
#define TS_PASSWORD_CREDS 1
|
|
|
|
#define TS_SMARTCARD_CREDS 2
|
|
|
|
static gint creds_type;
|
|
|
|
|
2013-06-18 01:13:07 +00:00
|
|
|
static gint exported_pdu_tap = -1;
|
|
|
|
|
2011-09-30 15:21:16 +00:00
|
|
|
/* Initialize the protocol and registered fields */
|
|
|
|
static int proto_credssp = -1;
|
|
|
|
|
|
|
|
/* List of dissectors to call for negoToken data */
|
|
|
|
static heur_dissector_list_t credssp_heur_subdissector_list;
|
|
|
|
|
|
|
|
static int hf_credssp_TSPasswordCreds = -1; /* TSPasswordCreds */
|
|
|
|
static int hf_credssp_TSSmartCardCreds = -1; /* TSSmartCardCreds */
|
|
|
|
static int hf_credssp_TSCredentials = -1; /* TSCredentials */
|
|
|
|
|
|
|
|
/*--- Included file: packet-credssp-hf.c ---*/
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 1 "./asn1/credssp/packet-credssp-hf.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
static int hf_credssp_TSRequest_PDU = -1; /* TSRequest */
|
|
|
|
static int hf_credssp_NegoData_item = -1; /* NegoData_item */
|
|
|
|
static int hf_credssp_negoToken = -1; /* T_negoToken */
|
|
|
|
static int hf_credssp_domainName = -1; /* OCTET_STRING */
|
|
|
|
static int hf_credssp_userName = -1; /* OCTET_STRING */
|
|
|
|
static int hf_credssp_password = -1; /* OCTET_STRING */
|
|
|
|
static int hf_credssp_keySpec = -1; /* INTEGER */
|
|
|
|
static int hf_credssp_cardName = -1; /* OCTET_STRING */
|
|
|
|
static int hf_credssp_readerName = -1; /* OCTET_STRING */
|
|
|
|
static int hf_credssp_containerName = -1; /* OCTET_STRING */
|
|
|
|
static int hf_credssp_cspName = -1; /* OCTET_STRING */
|
|
|
|
static int hf_credssp_pin = -1; /* OCTET_STRING */
|
|
|
|
static int hf_credssp_cspData = -1; /* TSCspDataDetail */
|
|
|
|
static int hf_credssp_userHint = -1; /* OCTET_STRING */
|
|
|
|
static int hf_credssp_domainHint = -1; /* OCTET_STRING */
|
|
|
|
static int hf_credssp_credType = -1; /* T_credType */
|
|
|
|
static int hf_credssp_credentials = -1; /* T_credentials */
|
|
|
|
static int hf_credssp_version = -1; /* INTEGER */
|
|
|
|
static int hf_credssp_negoTokens = -1; /* NegoData */
|
|
|
|
static int hf_credssp_authInfo = -1; /* T_authInfo */
|
|
|
|
static int hf_credssp_pubKeyAuth = -1; /* OCTET_STRING */
|
|
|
|
|
|
|
|
/*--- End of included file: packet-credssp-hf.c ---*/
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 55 "./asn1/credssp/packet-credssp-template.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
/* Initialize the subtree pointers */
|
|
|
|
static gint ett_credssp = -1;
|
|
|
|
|
|
|
|
/*--- Included file: packet-credssp-ett.c ---*/
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 1 "./asn1/credssp/packet-credssp-ett.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
static gint ett_credssp_NegoData = -1;
|
|
|
|
static gint ett_credssp_NegoData_item = -1;
|
|
|
|
static gint ett_credssp_TSPasswordCreds = -1;
|
|
|
|
static gint ett_credssp_TSCspDataDetail = -1;
|
|
|
|
static gint ett_credssp_TSSmartCardCreds = -1;
|
|
|
|
static gint ett_credssp_TSCredentials = -1;
|
|
|
|
static gint ett_credssp_TSRequest = -1;
|
|
|
|
|
|
|
|
/*--- End of included file: packet-credssp-ett.c ---*/
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 59 "./asn1/credssp/packet-credssp-template.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
|
|
|
/*--- Included file: packet-credssp-fn.c ---*/
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 1 "./asn1/credssp/packet-credssp-fn.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
dissect_credssp_T_negoToken(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 45 "./asn1/credssp/credssp.cnf"
|
2011-09-30 15:21:16 +00:00
|
|
|
tvbuff_t *token_tvb = NULL;
|
2014-05-20 10:54:20 +00:00
|
|
|
heur_dtbl_entry_t *hdtbl_entry;
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
&token_tvb);
|
|
|
|
|
|
|
|
|
|
|
|
if(token_tvb != NULL)
|
2014-02-26 19:29:17 +00:00
|
|
|
dissector_try_heuristic(credssp_heur_subdissector_list,
|
2014-05-20 10:54:20 +00:00
|
|
|
token_tvb, actx->pinfo, proto_tree_get_root(tree), &hdtbl_entry, NULL);
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t NegoData_item_sequence[] = {
|
|
|
|
{ &hf_credssp_negoToken , BER_CLASS_CON, 0, 0, dissect_credssp_T_negoToken },
|
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
|
|
|
dissect_credssp_NegoData_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
NegoData_item_sequence, hf_index, ett_credssp_NegoData_item);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t NegoData_sequence_of[1] = {
|
|
|
|
{ &hf_credssp_NegoData_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_credssp_NegoData_item },
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
|
|
|
dissect_credssp_NegoData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
NegoData_sequence_of, hf_index, ett_credssp_NegoData);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
dissect_credssp_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t TSPasswordCreds_sequence[] = {
|
|
|
|
{ &hf_credssp_domainName , BER_CLASS_CON, 0, 0, dissect_credssp_OCTET_STRING },
|
|
|
|
{ &hf_credssp_userName , BER_CLASS_CON, 1, 0, dissect_credssp_OCTET_STRING },
|
|
|
|
{ &hf_credssp_password , BER_CLASS_CON, 2, 0, dissect_credssp_OCTET_STRING },
|
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
|
|
|
dissect_credssp_TSPasswordCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
TSPasswordCreds_sequence, hf_index, ett_credssp_TSPasswordCreds);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
dissect_credssp_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t TSCspDataDetail_sequence[] = {
|
|
|
|
{ &hf_credssp_keySpec , BER_CLASS_CON, 0, 0, dissect_credssp_INTEGER },
|
|
|
|
{ &hf_credssp_cardName , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_credssp_OCTET_STRING },
|
|
|
|
{ &hf_credssp_readerName , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_credssp_OCTET_STRING },
|
|
|
|
{ &hf_credssp_containerName, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_credssp_OCTET_STRING },
|
|
|
|
{ &hf_credssp_cspName , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_credssp_OCTET_STRING },
|
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
|
|
|
dissect_credssp_TSCspDataDetail(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
TSCspDataDetail_sequence, hf_index, ett_credssp_TSCspDataDetail);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t TSSmartCardCreds_sequence[] = {
|
|
|
|
{ &hf_credssp_pin , BER_CLASS_CON, 0, 0, dissect_credssp_OCTET_STRING },
|
|
|
|
{ &hf_credssp_cspData , BER_CLASS_CON, 1, 0, dissect_credssp_TSCspDataDetail },
|
|
|
|
{ &hf_credssp_userHint , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_credssp_OCTET_STRING },
|
|
|
|
{ &hf_credssp_domainHint , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_credssp_OCTET_STRING },
|
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
|
|
|
dissect_credssp_TSSmartCardCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
TSSmartCardCreds_sequence, hf_index, ett_credssp_TSSmartCardCreds);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
dissect_credssp_T_credType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
&creds_type);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
dissect_credssp_T_credentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 23 "./asn1/credssp/credssp.cnf"
|
2011-09-30 15:21:16 +00:00
|
|
|
tvbuff_t *creds_tvb = NULL;
|
|
|
|
tvbuff_t *decr_tvb = NULL;
|
|
|
|
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
&creds_tvb);
|
|
|
|
|
|
|
|
|
2014-02-26 19:29:17 +00:00
|
|
|
if((decr_tvb != NULL) &&
|
2011-09-30 15:21:16 +00:00
|
|
|
((creds_type == TS_PASSWORD_CREDS) || (creds_type == TS_SMARTCARD_CREDS))) {
|
|
|
|
|
|
|
|
switch(creds_type) {
|
|
|
|
case TS_PASSWORD_CREDS:
|
|
|
|
offset = dissect_credssp_TSPasswordCreds(FALSE, decr_tvb, 0, actx, tree, hf_credssp_TSPasswordCreds);
|
|
|
|
break;
|
|
|
|
case TS_SMARTCARD_CREDS:
|
|
|
|
offset = dissect_credssp_TSSmartCardCreds(FALSE, decr_tvb, 0, actx, tree, hf_credssp_TSSmartCardCreds);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t TSCredentials_sequence[] = {
|
|
|
|
{ &hf_credssp_credType , BER_CLASS_CON, 0, 0, dissect_credssp_T_credType },
|
|
|
|
{ &hf_credssp_credentials , BER_CLASS_CON, 1, 0, dissect_credssp_T_credentials },
|
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
|
|
|
dissect_credssp_TSCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
TSCredentials_sequence, hf_index, ett_credssp_TSCredentials);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
dissect_credssp_T_authInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 10 "./asn1/credssp/credssp.cnf"
|
2011-09-30 15:21:16 +00:00
|
|
|
tvbuff_t *auth_tvb = NULL;
|
|
|
|
tvbuff_t *decr_tvb = NULL;
|
|
|
|
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
&auth_tvb);
|
|
|
|
|
|
|
|
|
|
|
|
if(decr_tvb != NULL)
|
|
|
|
offset = dissect_credssp_TSCredentials(FALSE, decr_tvb, 0, actx, tree, hf_credssp_TSCredentials);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t TSRequest_sequence[] = {
|
|
|
|
{ &hf_credssp_version , BER_CLASS_CON, 0, 0, dissect_credssp_INTEGER },
|
|
|
|
{ &hf_credssp_negoTokens , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_credssp_NegoData },
|
|
|
|
{ &hf_credssp_authInfo , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_credssp_T_authInfo },
|
|
|
|
{ &hf_credssp_pubKeyAuth , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_credssp_OCTET_STRING },
|
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
|
|
|
dissect_credssp_TSRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
TSRequest_sequence, hf_index, ett_credssp_TSRequest);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*--- PDUs ---*/
|
|
|
|
|
2014-10-06 13:31:47 +00:00
|
|
|
static int dissect_TSRequest_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
|
|
|
|
int offset = 0;
|
2011-09-30 15:21:16 +00:00
|
|
|
asn1_ctx_t asn1_ctx;
|
|
|
|
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
|
2014-10-06 13:31:47 +00:00
|
|
|
offset = dissect_credssp_TSRequest(FALSE, tvb, offset, &asn1_ctx, tree, hf_credssp_TSRequest_PDU);
|
|
|
|
return offset;
|
2011-09-30 15:21:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*--- End of included file: packet-credssp-fn.c ---*/
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 61 "./asn1/credssp/packet-credssp-template.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Dissect CredSSP PDUs
|
|
|
|
*/
|
2014-10-06 13:31:47 +00:00
|
|
|
static int
|
|
|
|
dissect_credssp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void *data)
|
2011-09-30 15:21:16 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_item(parent_tree, proto_credssp, tvb, 0, -1, ENC_NA);
|
|
|
|
tree = proto_item_add_subtree(item, ett_credssp);
|
|
|
|
}
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "CredSSP");
|
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
|
|
|
|
|
|
|
creds_type = -1;
|
2014-10-06 13:31:47 +00:00
|
|
|
return dissect_TSRequest_PDU(tvb, pinfo, tree, data);
|
2011-09-30 15:21:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean
|
2012-09-10 21:40:21 +00:00
|
|
|
dissect_credssp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void *data _U_)
|
2011-09-30 15:21:16 +00:00
|
|
|
{
|
|
|
|
asn1_ctx_t asn1_ctx;
|
|
|
|
int offset = 0;
|
2013-03-03 21:22:25 +00:00
|
|
|
gint8 ber_class;
|
2011-09-30 15:21:16 +00:00
|
|
|
gboolean pc;
|
|
|
|
gint32 tag;
|
|
|
|
guint32 length;
|
2014-08-10 04:24:09 +00:00
|
|
|
gint8 ver;
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
|
|
|
|
|
2014-02-26 19:29:17 +00:00
|
|
|
/* Look for SEQUENCE, CONTEXT 0, and INTEGER 2 */
|
2014-06-19 19:55:27 +00:00
|
|
|
if(tvb_captured_length(tvb) > 7) {
|
2014-02-26 19:29:17 +00:00
|
|
|
offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
|
2013-03-03 21:22:25 +00:00
|
|
|
if((ber_class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_SEQUENCE) && (pc == TRUE)) {
|
2011-09-30 15:21:16 +00:00
|
|
|
offset = get_ber_length(tvb, offset, NULL, NULL);
|
2014-02-26 19:29:17 +00:00
|
|
|
offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
|
2013-03-03 21:22:25 +00:00
|
|
|
if((ber_class == BER_CLASS_CON) && (tag == 0)) {
|
2013-06-18 01:13:07 +00:00
|
|
|
offset = get_ber_length(tvb, offset, NULL, NULL);
|
2014-02-26 19:29:17 +00:00
|
|
|
offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
|
2013-06-18 01:13:07 +00:00
|
|
|
if((ber_class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_INTEGER)) {
|
|
|
|
offset = get_ber_length(tvb, offset, &length, NULL);
|
2014-08-10 04:24:09 +00:00
|
|
|
ver = tvb_get_guint8(tvb, offset);
|
|
|
|
if((length == 1) && ((ver == 2) || (ver == 3))) {
|
2013-06-18 01:13:07 +00:00
|
|
|
if (have_tap_listener(exported_pdu_tap)) {
|
2016-06-24 03:10:08 +00:00
|
|
|
exp_pdu_data_t *exp_pdu_data = export_pdu_create_common_tags(pinfo, "credssp", EXP_PDU_TAG_PROTO_NAME);
|
2013-06-18 01:13:07 +00:00
|
|
|
|
2014-03-18 22:01:22 +00:00
|
|
|
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
|
|
|
|
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);
|
2013-06-18 01:13:07 +00:00
|
|
|
exp_pdu_data->pdu_tvb = tvb;
|
|
|
|
|
|
|
|
tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data);
|
|
|
|
}
|
2014-10-06 13:31:47 +00:00
|
|
|
dissect_credssp(tvb, pinfo, parent_tree, NULL);
|
2013-06-18 01:13:07 +00:00
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
}
|
2011-09-30 15:21:16 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*--- proto_register_credssp -------------------------------------------*/
|
|
|
|
void proto_register_credssp(void) {
|
|
|
|
|
|
|
|
/* List of fields */
|
|
|
|
static hf_register_info hf[] =
|
|
|
|
{
|
|
|
|
{ &hf_credssp_TSPasswordCreds,
|
|
|
|
{ "TSPasswordCreds", "credssp.TSPasswordCreds",
|
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_credssp_TSSmartCardCreds,
|
|
|
|
{ "TSSmartCardCreds", "credssp.TSSmartCardCreds",
|
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_credssp_TSCredentials,
|
|
|
|
{ "TSCredentials", "credssp.TSCredentials",
|
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
/*--- Included file: packet-credssp-hfarr.c ---*/
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 1 "./asn1/credssp/packet-credssp-hfarr.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
{ &hf_credssp_TSRequest_PDU,
|
2013-05-27 20:26:49 +00:00
|
|
|
{ "TSRequest", "credssp.TSRequest_element",
|
2011-09-30 15:21:16 +00:00
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_credssp_NegoData_item,
|
2013-05-27 20:26:49 +00:00
|
|
|
{ "NegoData item", "credssp.NegoData_item_element",
|
2011-09-30 15:21:16 +00:00
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_credssp_negoToken,
|
|
|
|
{ "negoToken", "credssp.negoToken",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_credssp_domainName,
|
|
|
|
{ "domainName", "credssp.domainName",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
{ &hf_credssp_userName,
|
|
|
|
{ "userName", "credssp.userName",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
{ &hf_credssp_password,
|
|
|
|
{ "password", "credssp.password",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
{ &hf_credssp_keySpec,
|
|
|
|
{ "keySpec", "credssp.keySpec",
|
|
|
|
FT_INT32, BASE_DEC, NULL, 0,
|
|
|
|
"INTEGER", HFILL }},
|
|
|
|
{ &hf_credssp_cardName,
|
|
|
|
{ "cardName", "credssp.cardName",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
{ &hf_credssp_readerName,
|
|
|
|
{ "readerName", "credssp.readerName",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
{ &hf_credssp_containerName,
|
|
|
|
{ "containerName", "credssp.containerName",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
{ &hf_credssp_cspName,
|
|
|
|
{ "cspName", "credssp.cspName",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
{ &hf_credssp_pin,
|
|
|
|
{ "pin", "credssp.pin",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
{ &hf_credssp_cspData,
|
2013-05-27 20:26:49 +00:00
|
|
|
{ "cspData", "credssp.cspData_element",
|
2011-09-30 15:21:16 +00:00
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
"TSCspDataDetail", HFILL }},
|
|
|
|
{ &hf_credssp_userHint,
|
|
|
|
{ "userHint", "credssp.userHint",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
{ &hf_credssp_domainHint,
|
|
|
|
{ "domainHint", "credssp.domainHint",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
{ &hf_credssp_credType,
|
|
|
|
{ "credType", "credssp.credType",
|
|
|
|
FT_INT32, BASE_DEC, NULL, 0,
|
|
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_credssp_credentials,
|
|
|
|
{ "credentials", "credssp.credentials",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_credssp_version,
|
|
|
|
{ "version", "credssp.version",
|
|
|
|
FT_INT32, BASE_DEC, NULL, 0,
|
|
|
|
"INTEGER", HFILL }},
|
|
|
|
{ &hf_credssp_negoTokens,
|
|
|
|
{ "negoTokens", "credssp.negoTokens",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0,
|
|
|
|
"NegoData", HFILL }},
|
|
|
|
{ &hf_credssp_authInfo,
|
|
|
|
{ "authInfo", "credssp.authInfo",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_credssp_pubKeyAuth,
|
|
|
|
{ "pubKeyAuth", "credssp.pubKeyAuth",
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
|
|
|
|
/*--- End of included file: packet-credssp-hfarr.c ---*/
|
2016-06-24 03:10:08 +00:00
|
|
|
#line 147 "./asn1/credssp/packet-credssp-template.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
/* List of subtrees */
|
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_credssp,
|
|
|
|
|
|
|
|
/*--- Included file: packet-credssp-ettarr.c ---*/
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 1 "./asn1/credssp/packet-credssp-ettarr.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
&ett_credssp_NegoData,
|
|
|
|
&ett_credssp_NegoData_item,
|
|
|
|
&ett_credssp_TSPasswordCreds,
|
|
|
|
&ett_credssp_TSCspDataDetail,
|
|
|
|
&ett_credssp_TSSmartCardCreds,
|
|
|
|
&ett_credssp_TSCredentials,
|
|
|
|
&ett_credssp_TSRequest,
|
|
|
|
|
|
|
|
/*--- End of included file: packet-credssp-ettarr.c ---*/
|
2016-06-24 03:10:08 +00:00
|
|
|
#line 153 "./asn1/credssp/packet-credssp-template.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* Register protocol */
|
|
|
|
proto_credssp = proto_register_protocol(PNAME, PSNAME, PFNAME);
|
2015-12-09 02:06:20 +00:00
|
|
|
register_dissector("credssp", dissect_credssp, proto_credssp);
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
/* Register fields and subtrees */
|
|
|
|
proto_register_field_array(proto_credssp, hf, array_length(hf));
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
|
|
|
|
|
|
/* heuristic dissectors for any premable e.g. CredSSP before RDP */
|
2016-03-13 11:51:45 +00:00
|
|
|
credssp_heur_subdissector_list = register_heur_dissector_list("credssp", proto_credssp);
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*--- proto_reg_handoff_credssp --- */
|
|
|
|
void proto_reg_handoff_credssp(void) {
|
|
|
|
|
2015-07-13 00:40:31 +00:00
|
|
|
heur_dissector_add("ssl", dissect_credssp_heur, "CredSSP over SSL", "credssp_ssl", proto_credssp, HEURISTIC_ENABLE);
|
2013-06-18 01:13:07 +00:00
|
|
|
exported_pdu_tap = find_tap_id(EXPORT_PDU_TAP_NAME_LAYER_7);
|
2011-09-30 15:21:16 +00:00
|
|
|
}
|
|
|
|
|