2002-08-21 20:52:40 +00:00
/* packet-gssapi.c
* Dissector for GSS - API tokens as described in rfc2078 , section 3.1
* Copyright 2002 , Tim Potter < tpot @ samba . org >
2010-05-13 18:28:34 +00:00
* Copyright 2002 , Richard Sharpe < rsharpe @ samba . org > Added a few
2002-09-08 01:07:40 +00:00
* bits and pieces . . .
2002-08-21 20:52:40 +00:00
*
2006-05-21 04:49:01 +00:00
* Wireshark - Network traffic analyzer
* By Gerald Combs < gerald @ wireshark . org >
2002-08-21 20:52:40 +00:00
* Copyright 1998 Gerald Combs
2002-08-28 21:04:11 +00:00
*
2002-08-21 20:52:40 +00:00
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation ; either version 2
* of the License , or ( at your option ) any later version .
2002-08-28 21:04:11 +00:00
*
2002-08-21 20:52:40 +00:00
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
2002-08-28 21:04:11 +00:00
*
2002-08-21 20:52:40 +00:00
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
2012-06-28 22:56:06 +00:00
* Foundation , Inc . , 51 Franklin Street , Fifth Floor , Boston , MA 02110 - 1301 USA .
2002-08-21 20:52:40 +00:00
*/
2012-09-20 02:03:38 +00:00
# include "config.h"
2002-08-21 20:52:40 +00:00
2002-09-29 18:58:56 +00:00
2002-08-21 20:52:40 +00:00
# include <epan/packet.h>
2015-01-03 03:19:53 +00:00
# include <epan/expert.h>
2013-11-10 15:59:37 +00:00
# include <epan/exceptions.h>
2009-08-21 20:25:24 +00:00
# include <epan/prefs.h>
# include <epan/reassemble.h>
Move show_exception() and show_reported_bounds_error() to
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
2013-02-27 22:43:54 +00:00
# include <epan/show_exception.h>
2016-01-25 01:10:20 +00:00
# include <epan/proto_data.h>
Move show_exception() and show_reported_bounds_error() to
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
2013-02-27 22:43:54 +00:00
2014-12-20 21:23:59 +00:00
# include "packet-ber.h"
# include "packet-dcerpc.h"
# include "packet-gssapi.h"
2002-08-21 20:52:40 +00:00
2013-12-15 23:44:12 +00:00
void proto_register_gssapi ( void ) ;
void proto_reg_handoff_gssapi ( void ) ;
2002-08-21 20:52:40 +00:00
static int proto_gssapi = - 1 ;
2015-01-03 03:19:53 +00:00
static int hf_gssapi_token_object = - 1 ;
static int hf_gssapi_auth_verifier = - 1 ;
static int hf_gssapi_auth_credentials = - 1 ;
2005-06-20 04:44:39 +00:00
static int hf_gssapi_oid = - 1 ;
2006-09-02 11:46:15 +00:00
static int hf_gssapi_segments = - 1 ;
static int hf_gssapi_segment = - 1 ;
static int hf_gssapi_segment_overlap = - 1 ;
static int hf_gssapi_segment_overlap_conflict = - 1 ;
static int hf_gssapi_segment_multiple_tails = - 1 ;
static int hf_gssapi_segment_too_long_fragment = - 1 ;
static int hf_gssapi_segment_error = - 1 ;
2011-01-30 21:01:07 +00:00
static int hf_gssapi_segment_count = - 1 ;
2006-09-02 11:46:15 +00:00
static int hf_gssapi_reassembled_in = - 1 ;
2010-02-02 16:01:52 +00:00
static int hf_gssapi_reassembled_length = - 1 ;
2002-08-21 20:52:40 +00:00
static gint ett_gssapi = - 1 ;
2006-09-02 11:46:15 +00:00
static gint ett_gssapi_segment = - 1 ;
static gint ett_gssapi_segments = - 1 ;
2015-01-03 03:19:53 +00:00
static expert_field ei_gssapi_unknown_header = EI_INIT ;
2006-09-02 11:46:15 +00:00
static gboolean gssapi_reassembly = TRUE ;
2002-08-21 20:52:40 +00:00
2006-09-02 02:03:26 +00:00
typedef struct _gssapi_conv_info_t {
gssapi_oid_value * oid ;
2006-09-02 11:46:15 +00:00
2014-10-03 14:13:07 +00:00
wmem_tree_t * frags ;
2006-09-02 11:46:15 +00:00
gboolean do_reassembly ; /* this field is used on first sequential scan of packets to help indicate when the next blob is a fragment continuing a previous one */
int first_frame ;
2010-05-13 18:28:34 +00:00
int frag_offset ;
2006-09-02 02:03:26 +00:00
} gssapi_conv_info_t ;
2006-09-02 11:46:15 +00:00
typedef struct _gssapi_frag_info_t {
guint32 first_frame ;
guint32 reassembled_in ;
} gssapi_frag_info_t ;
static const fragment_items gssapi_frag_items = {
& ett_gssapi_segment ,
& ett_gssapi_segments ,
& hf_gssapi_segments ,
& hf_gssapi_segment ,
& hf_gssapi_segment_overlap ,
& hf_gssapi_segment_overlap_conflict ,
& hf_gssapi_segment_multiple_tails ,
& hf_gssapi_segment_too_long_fragment ,
& hf_gssapi_segment_error ,
2011-01-30 21:01:07 +00:00
& hf_gssapi_segment_count ,
2006-09-02 11:46:15 +00:00
NULL ,
2010-02-02 16:01:52 +00:00
& hf_gssapi_reassembled_length ,
2012-09-07 02:09:59 +00:00
/* Reassembled data field */
NULL ,
2006-09-02 11:46:15 +00:00
" fragments "
} ;
2013-03-22 23:59:54 +00:00
static reassembly_table gssapi_reassembly_table ;
2006-09-02 11:46:15 +00:00
static void
gssapi_reassembly_init ( void )
{
2013-03-22 23:59:54 +00:00
reassembly_table_init ( & gssapi_reassembly_table ,
& addresses_reassembly_table_functions ) ;
2006-09-02 11:46:15 +00:00
}
2015-06-28 11:06:31 +00:00
static void
gssapi_reassembly_cleanup ( void )
{
reassembly_table_destroy ( & gssapi_reassembly_table ) ;
}
2002-08-28 21:04:11 +00:00
/*
2002-08-21 20:52:40 +00:00
* Subdissectors
*/
2008-09-27 14:02:23 +00:00
static dissector_handle_t ntlmssp_handle ;
2009-10-06 09:13:57 +00:00
static dissector_handle_t ntlmssp_payload_handle ;
static dissector_handle_t ntlmssp_verf_handle ;
static dissector_handle_t ntlmssp_data_only_handle ;
2008-09-29 18:52:17 +00:00
static dissector_handle_t spnego_krb5_wrap_handle ;
2005-03-17 02:27:26 +00:00
2002-09-08 01:43:44 +00:00
static GHashTable * gssapi_oids ;
2002-08-21 20:52:40 +00:00
2010-10-08 17:48:22 +00:00
static gint
gssapi_oid_equal ( gconstpointer k1 , gconstpointer k2 )
2002-08-21 20:52:40 +00:00
{
2002-12-02 20:04:07 +00:00
const char * key1 = ( const char * ) k1 ;
const char * key2 = ( const char * ) k2 ;
2002-08-21 20:52:40 +00:00
return strcmp ( key1 , key2 ) = = 0 ;
}
static guint
gssapi_oid_hash ( gconstpointer k )
{
2002-12-02 20:04:07 +00:00
const char * key = ( const char * ) k ;
2002-08-21 20:52:40 +00:00
guint hash = 0 , i ;
2012-05-28 15:59:00 +00:00
for ( i = 0 ; key [ i ] ; i + + )
2002-08-21 20:52:40 +00:00
hash + = key [ i ] ;
return hash ;
}
void
2005-08-05 00:23:22 +00:00
gssapi_init_oid ( const char * oid , int proto , int ett , dissector_handle_t handle ,
dissector_handle_t wrap_handle , const gchar * comment )
2002-08-21 20:52:40 +00:00
{
char * key = g_strdup ( oid ) ;
2013-03-18 20:44:36 +00:00
gssapi_oid_value * value = ( gssapi_oid_value * ) g_malloc ( sizeof ( * value ) ) ;
2002-08-21 20:52:40 +00:00
2003-11-16 23:17:27 +00:00
value - > proto = find_protocol_by_id ( proto ) ;
2002-08-21 20:52:40 +00:00
value - > ett = ett ;
2002-08-31 22:22:29 +00:00
value - > handle = handle ;
2002-11-28 06:48:42 +00:00
value - > wrap_handle = wrap_handle ;
2002-09-04 21:34:38 +00:00
value - > comment = comment ;
2002-08-21 20:52:40 +00:00
g_hash_table_insert ( gssapi_oids , key , value ) ;
2005-06-20 04:44:39 +00:00
register_ber_oid_dissector_handle ( key , handle , proto , comment ) ;
2002-08-21 20:52:40 +00:00
}
2005-06-20 04:44:39 +00:00
/*
* This takes an OID in text string form as
* an argument .
*/
gssapi_oid_value *
2005-11-14 10:02:31 +00:00
gssapi_lookup_oid_str ( const char * oid_key )
2002-08-21 20:52:40 +00:00
{
2005-06-20 04:44:39 +00:00
gssapi_oid_value * value ;
2006-04-04 07:53:39 +00:00
if ( ! oid_key ) {
return NULL ;
}
2013-03-18 20:44:36 +00:00
value = ( gssapi_oid_value * ) g_hash_table_lookup ( gssapi_oids , oid_key ) ;
2005-06-20 04:44:39 +00:00
return value ;
2002-08-21 20:52:40 +00:00
}
2002-11-28 06:48:42 +00:00
static int
2002-11-05 21:41:27 +00:00
dissect_gssapi_work ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree ,
2015-11-04 03:25:36 +00:00
gboolean is_verifier , gssapi_encrypt_info_t * encrypt_info )
2002-08-21 20:52:40 +00:00
{
2008-11-22 15:55:01 +00:00
proto_item * volatile item ;
proto_tree * volatile subtree ;
2007-04-13 00:50:23 +00:00
volatile int return_offset = 0 ;
2007-03-27 22:50:11 +00:00
gssapi_conv_info_t * volatile gss_info ;
2006-09-02 02:03:26 +00:00
gssapi_oid_value * oidvalue ;
2006-09-02 00:24:31 +00:00
dissector_handle_t handle ;
conversation_t * conversation ;
2002-11-05 21:41:27 +00:00
tvbuff_t * oid_tvb ;
2007-04-13 00:50:23 +00:00
int len , start_offset , oid_start_offset ;
volatile int offset ;
2013-03-18 20:44:36 +00:00
gint8 appclass ;
2005-06-20 04:44:39 +00:00
gboolean pc , ind_field ;
gint32 tag ;
guint32 len1 ;
2005-11-14 10:02:31 +00:00
const char * oid ;
2013-07-17 21:12:24 +00:00
fragment_head * fd_head = NULL ;
2006-09-02 11:46:15 +00:00
gssapi_frag_info_t * fi ;
2007-04-13 00:50:23 +00:00
tvbuff_t * volatile gss_tvb = NULL ;
2007-05-15 05:49:43 +00:00
asn1_ctx_t asn1_ctx ;
2005-06-20 04:44:39 +00:00
start_offset = 0 ;
2006-09-02 11:46:15 +00:00
offset = 0 ;
2007-05-15 05:49:43 +00:00
asn1_ctx_init ( & asn1_ctx , ASN1_ENC_BER , TRUE , pinfo ) ;
2005-03-16 21:59:25 +00:00
/*
* We don ' t know whether the data is encrypted , so say it ' s
* not , for now . The subdissector must set gssapi_data_encrypted
* if it is .
*/
2015-11-04 03:25:36 +00:00
encrypt_info - > gssapi_data_encrypted = FALSE ;
2005-03-16 21:59:25 +00:00
2006-09-02 00:17:35 +00:00
2002-08-29 17:20:31 +00:00
/*
2006-09-02 00:17:35 +00:00
* We need a conversation for later
2002-08-29 17:20:31 +00:00
*/
2010-05-13 18:28:34 +00:00
conversation = find_or_create_conversation ( pinfo ) ;
2013-03-18 20:44:36 +00:00
gss_info = ( gssapi_conv_info_t * ) conversation_get_proto_data ( conversation , proto_gssapi ) ;
2006-09-02 02:03:26 +00:00
if ( ! gss_info ) {
2013-08-31 15:47:04 +00:00
gss_info = wmem_new ( wmem_file_scope ( ) , gssapi_conv_info_t ) ;
2006-09-02 02:03:26 +00:00
gss_info - > oid = NULL ;
2006-09-02 11:46:15 +00:00
gss_info - > do_reassembly = FALSE ;
2013-08-31 15:47:04 +00:00
gss_info - > frags = wmem_tree_new ( wmem_file_scope ( ) ) ;
2006-09-02 02:03:26 +00:00
conversation_add_proto_data ( conversation , proto_gssapi , gss_info ) ;
}
2006-09-02 00:17:35 +00:00
2002-08-21 20:52:40 +00:00
item = proto_tree_add_item (
2011-10-21 02:10:19 +00:00
tree , proto_gssapi , tvb , offset , - 1 , ENC_NA ) ;
2002-08-21 20:52:40 +00:00
subtree = proto_item_add_subtree ( item , ett_gssapi ) ;
2002-08-31 20:09:26 +00:00
/*
* Catch the ReportedBoundsError exception ; the stuff we ' ve been
* handed doesn ' t necessarily run to the end of the packet , it ' s
* an item inside a packet , so if it happens to be malformed ( or
* we , or a dissector we call , has a bug ) , so that an exception
* is thrown , we want to report the error , but return and let
* our caller dissect the rest of the packet .
*
* If it gets a BoundsError , we can stop , as there ' s nothing more
* in the packet after our blob to see , so we just re - throw the
* exception .
*/
TRY {
2006-09-02 11:46:15 +00:00
gss_tvb = tvb ;
2013-02-26 01:06:19 +00:00
/* First of all, if it's the first time we see this packet
2006-09-02 11:46:15 +00:00
* then check whether we are in the middle of reassembly or not
*/
if ( ( ! pinfo - > fd - > flags . visited )
& & ( gss_info - > do_reassembly )
& & ( gssapi_reassembly ) ) {
2013-08-31 15:47:04 +00:00
fi = ( gssapi_frag_info_t * ) wmem_tree_lookup32 ( gss_info - > frags , gss_info - > first_frame ) ;
2006-09-02 11:46:15 +00:00
if ( ! fi ) {
goto done ;
}
2016-01-24 03:40:51 +00:00
wmem_tree_insert32 ( gss_info - > frags , pinfo - > num , fi ) ;
2013-03-22 23:59:54 +00:00
fd_head = fragment_add ( & gssapi_reassembly_table ,
tvb , 0 , pinfo , fi - > first_frame , NULL ,
gss_info - > frag_offset ,
2015-06-24 04:30:15 +00:00
tvb_captured_length ( tvb ) , TRUE ) ;
gss_info - > frag_offset + = tvb_captured_length ( tvb ) ;
2006-09-02 11:46:15 +00:00
/* we need more fragments */
if ( ! fd_head ) {
goto done ;
}
/* this blob is now fully reassembled */
gss_info - > do_reassembly = FALSE ;
2016-01-24 03:40:51 +00:00
fi - > reassembled_in = pinfo - > num ;
2006-09-02 11:46:15 +00:00
2013-07-14 14:42:05 +00:00
gss_tvb = tvb_new_chain ( tvb , fd_head - > tvb_data ) ;
2006-09-02 11:46:15 +00:00
add_new_data_source ( pinfo , gss_tvb , " Reassembled GSSAPI " ) ;
}
/* We have seen this packet before.
* Is this blob part of reassembly or a normal blob ?
*/
if ( ( pinfo - > fd - > flags . visited )
2010-05-13 18:28:34 +00:00
& & ( gssapi_reassembly ) ) {
2016-01-24 03:40:51 +00:00
fi = ( gssapi_frag_info_t * ) wmem_tree_lookup32 ( gss_info - > frags , pinfo - > num ) ;
2006-09-02 11:46:15 +00:00
if ( fi ) {
2013-03-22 23:59:54 +00:00
fd_head = fragment_get ( & gssapi_reassembly_table ,
pinfo , fi - > first_frame , NULL ) ;
2006-09-02 11:46:15 +00:00
if ( fd_head & & ( fd_head - > flags & FD_DEFRAGMENTED ) ) {
2016-01-24 03:40:51 +00:00
if ( pinfo - > num = = fi - > reassembled_in ) {
2006-09-02 11:46:15 +00:00
proto_item * frag_tree_item ;
2013-07-14 14:42:05 +00:00
gss_tvb = tvb_new_chain ( tvb , fd_head - > tvb_data ) ;
2006-09-02 11:46:15 +00:00
add_new_data_source ( pinfo , gss_tvb , " Reassembled GSSAPI " ) ;
show_fragment_tree ( fd_head , & gssapi_frag_items , tree , pinfo , tvb , & frag_tree_item ) ;
} else {
proto_item * it ;
it = proto_tree_add_uint ( tree , hf_gssapi_reassembled_in , tvb , 0 , 0 , fi - > reassembled_in ) ;
PROTO_ITEM_SET_GENERATED ( it ) ;
goto done ;
}
}
}
}
2002-08-31 20:09:26 +00:00
/* Read header */
2013-03-18 20:44:36 +00:00
offset = get_ber_identifier ( gss_tvb , offset , & appclass , & pc , & tag ) ;
2007-08-24 07:12:04 +00:00
offset = get_ber_length ( gss_tvb , offset , & len1 , & ind_field ) ;
2006-09-02 11:46:15 +00:00
2013-03-18 20:44:36 +00:00
if ( ! ( appclass = = BER_CLASS_APP & & pc & & tag = = 0 ) ) {
2010-05-13 18:28:34 +00:00
/* It could be NTLMSSP, with no OID. This can happen
2006-12-14 10:11:40 +00:00
for anything that microsoft calls ' Negotiate ' or GSS - SPNEGO */
2015-06-24 04:30:15 +00:00
if ( ( tvb_captured_length_remaining ( gss_tvb , start_offset ) > 7 ) & & ( tvb_strneql ( gss_tvb , start_offset , " NTLMSSP " , 7 ) = = 0 ) ) {
2009-10-06 09:13:57 +00:00
return_offset = call_dissector ( ntlmssp_handle ,
tvb_new_subset_remaining ( gss_tvb , start_offset ) ,
pinfo , subtree ) ;
goto done ;
}
/* Maybe it's new NTLMSSP payload */
2015-06-24 04:30:15 +00:00
if ( ( tvb_captured_length_remaining ( gss_tvb , start_offset ) > 16 ) & &
2009-10-06 09:13:57 +00:00
( ( tvb_memeql ( gss_tvb , start_offset , " \x01 \x00 \x00 \x00 " , 4 ) = = 0 ) ) ) {
return_offset = call_dissector ( ntlmssp_payload_handle ,
2013-02-19 23:17:07 +00:00
tvb_new_subset_remaining ( gss_tvb , start_offset ) ,
2009-10-06 09:13:57 +00:00
pinfo , subtree ) ;
2015-11-04 03:25:36 +00:00
encrypt_info - > gssapi_data_encrypted = TRUE ;
2009-10-06 09:13:57 +00:00
goto done ;
}
2015-06-24 04:30:15 +00:00
if ( ( tvb_captured_length_remaining ( gss_tvb , start_offset ) = = 16 ) & &
2009-10-06 09:13:57 +00:00
( ( tvb_memeql ( gss_tvb , start_offset , " \x01 \x00 \x00 \x00 " , 4 ) = = 0 ) ) ) {
if ( is_verifier ) {
2010-05-13 18:28:34 +00:00
return_offset = call_dissector ( ntlmssp_verf_handle ,
2013-02-19 23:17:07 +00:00
tvb_new_subset_remaining ( gss_tvb , start_offset ) ,
2009-10-06 09:13:57 +00:00
pinfo , subtree ) ;
}
2015-11-04 03:25:36 +00:00
else if ( encrypt_info - > gssapi_encrypted_tvb ) {
2015-11-27 15:59:09 +00:00
return_offset = call_dissector_with_data ( ntlmssp_data_only_handle ,
2015-11-04 03:25:36 +00:00
tvb_new_subset_remaining ( encrypt_info - > gssapi_encrypted_tvb , 0 ) ,
2015-11-27 15:59:09 +00:00
pinfo , subtree , & encrypt_info - > gssapi_decrypted_tvb ) ;
2015-11-04 03:25:36 +00:00
encrypt_info - > gssapi_data_encrypted = TRUE ;
2009-10-06 09:13:57 +00:00
}
goto done ;
}
2008-09-29 18:52:17 +00:00
/* Maybe it's new GSSKRB5 CFX Wrapping */
2015-06-24 04:30:15 +00:00
if ( ( tvb_captured_length_remaining ( gss_tvb , start_offset ) > 2 ) & &
2008-09-29 18:52:17 +00:00
( ( tvb_memeql ( gss_tvb , start_offset , " \04 \x04 " , 2 ) = = 0 ) | |
( tvb_memeql ( gss_tvb , start_offset , " \05 \x04 " , 2 ) = = 0 ) ) ) {
2015-11-04 03:25:36 +00:00
return_offset = call_dissector_with_data ( spnego_krb5_wrap_handle ,
2009-08-16 12:36:22 +00:00
tvb_new_subset_remaining ( gss_tvb , start_offset ) ,
2015-11-04 03:25:36 +00:00
pinfo , subtree , encrypt_info ) ;
2006-12-14 10:11:40 +00:00
goto done ;
}
2010-05-13 18:28:34 +00:00
/*
2002-09-04 21:34:38 +00:00
* If we do not recognise an Application class ,
2002-08-31 20:09:26 +00:00
* then we are probably dealing with an inner context
2002-11-28 06:48:42 +00:00
* token or a wrap token , and we should retrieve the
* gssapi_oid_value pointer from the per - frame data or ,
* if there is no per - frame data ( as would be the case
* the first time we dissect this frame ) , from the
* conversation that exists or that we created from
* pinfo ( and then make it per - frame data ) .
2002-11-06 23:36:25 +00:00
* We need to make it per - frame data as there can be
* more than one GSS - API negotiation in a conversation .
2002-08-31 20:09:26 +00:00
*
2002-11-28 06:48:42 +00:00
* Note ! We " cheat " . Since we only need the pointer ,
* we store that as the data . ( That ' s not really
* " cheating " - the per - frame data and per - conversation
* data code doesn ' t care what you supply as a data
* pointer ; it just treats it as an opaque pointer , it
* doesn ' t dereference it or free what it points to . )
2002-08-31 20:09:26 +00:00
*/
2013-11-23 02:20:13 +00:00
oidvalue = ( gssapi_oid_value * ) p_get_proto_data ( wmem_file_scope ( ) , pinfo , proto_gssapi , 0 ) ;
2006-09-02 02:03:26 +00:00
if ( ! oidvalue & & ! pinfo - > fd - > flags . visited )
2002-11-06 23:36:25 +00:00
{
/* No handle attached to this frame, but it's the first */
/* pass, so it'd be attached to the conversation. */
2006-09-02 02:03:26 +00:00
oidvalue = gss_info - > oid ;
if ( gss_info - > oid )
2013-11-23 02:20:13 +00:00
p_add_proto_data ( wmem_file_scope ( ) , pinfo , proto_gssapi , 0 , gss_info - > oid ) ;
2002-11-06 23:36:25 +00:00
}
2006-09-02 02:03:26 +00:00
if ( ! oidvalue )
2002-11-06 23:36:25 +00:00
{
2015-01-03 03:19:53 +00:00
proto_tree_add_expert_format ( subtree , pinfo , & ei_gssapi_unknown_header , gss_tvb , start_offset , 0 ,
2014-10-03 14:13:07 +00:00
" Unknown header (class=%d, pc=%d, tag=%d) " ,
appclass , pc , tag ) ;
2015-06-24 04:30:15 +00:00
return_offset = tvb_captured_length ( gss_tvb ) ;
2002-11-06 23:36:25 +00:00
goto done ;
2005-03-17 02:27:26 +00:00
} else {
2008-06-28 21:09:57 +00:00
tvbuff_t * oid_tvb_local ;
2002-08-31 20:09:26 +00:00
2009-08-16 12:36:22 +00:00
oid_tvb_local = tvb_new_subset_remaining ( gss_tvb , start_offset ) ;
2002-11-28 06:48:42 +00:00
if ( is_verifier )
2006-09-02 02:03:26 +00:00
handle = oidvalue - > wrap_handle ;
2002-11-28 06:48:42 +00:00
else
2006-09-02 02:03:26 +00:00
handle = oidvalue - > handle ;
2015-11-04 03:25:36 +00:00
len = call_dissector_with_data ( handle , oid_tvb_local , pinfo , subtree , encrypt_info ) ;
2002-11-28 06:48:42 +00:00
if ( len = = 0 )
2015-06-24 04:30:15 +00:00
return_offset = tvb_captured_length ( gss_tvb ) ;
2002-11-28 06:48:42 +00:00
else
2005-06-20 04:44:39 +00:00
return_offset = start_offset + len ;
2002-08-31 20:50:08 +00:00
goto done ; /* We are finished here */
2002-08-31 20:09:26 +00:00
}
}
2002-08-21 20:52:40 +00:00
2002-08-31 20:09:26 +00:00
/* Read oid */
2005-06-20 04:44:39 +00:00
oid_start_offset = offset ;
2007-05-15 05:49:43 +00:00
offset = dissect_ber_object_identifier_str ( FALSE , & asn1_ctx , subtree , gss_tvb , offset , hf_gssapi_oid , & oid ) ;
2006-09-02 02:03:26 +00:00
oidvalue = gssapi_lookup_oid_str ( oid ) ;
2002-08-26 18:52:50 +00:00
2006-09-02 11:46:15 +00:00
/* Check if we need reassembly of this blob.
* Only try reassembly for OIDs we recognize
* and when we have the entire tvb
*
* SMB will sometimes split one large GSSAPI blob
* across multiple SMB / SessionSetup commands .
* While we should look at the uid returned in the response
* to the first SessionSetup and use that as a key
* instead for simplicity we assume there will not be several
* such authentication at once on a single tcp session
*/
if ( ( ! pinfo - > fd - > flags . visited )
& & ( oidvalue )
2015-06-24 04:30:15 +00:00
& & ( tvb_captured_length ( gss_tvb ) = = tvb_reported_length ( gss_tvb ) )
& & ( len1 > ( guint32 ) tvb_captured_length_remaining ( gss_tvb , oid_start_offset ) )
2010-05-13 18:28:34 +00:00
& & ( gssapi_reassembly ) ) {
2013-08-31 15:47:04 +00:00
fi = wmem_new ( wmem_file_scope ( ) , gssapi_frag_info_t ) ;
2016-01-24 03:40:51 +00:00
fi - > first_frame = pinfo - > num ;
2006-09-02 11:46:15 +00:00
fi - > reassembled_in = 0 ;
2016-01-24 03:40:51 +00:00
wmem_tree_insert32 ( gss_info - > frags , pinfo - > num , fi ) ;
2006-09-02 11:46:15 +00:00
2013-03-22 23:59:54 +00:00
fragment_add ( & gssapi_reassembly_table ,
2016-01-24 03:40:51 +00:00
gss_tvb , 0 , pinfo , pinfo - > num , NULL ,
2015-06-24 04:30:15 +00:00
0 , tvb_captured_length ( gss_tvb ) , TRUE ) ;
2013-03-22 23:59:54 +00:00
fragment_set_tot_len ( & gssapi_reassembly_table ,
2016-01-24 03:40:51 +00:00
pinfo , pinfo - > num , NULL , len1 + oid_start_offset ) ;
2006-09-02 11:46:15 +00:00
gss_info - > do_reassembly = TRUE ;
2016-01-24 03:40:51 +00:00
gss_info - > first_frame = pinfo - > num ;
2015-06-24 04:30:15 +00:00
gss_info - > frag_offset = tvb_captured_length ( gss_tvb ) ;
2006-09-02 11:46:15 +00:00
goto done ;
}
2002-08-31 20:09:26 +00:00
/*
* Hand off to subdissector .
*/
2002-09-04 21:34:38 +00:00
2006-09-02 02:03:26 +00:00
if ( ( oidvalue = = NULL ) | |
! proto_is_protocol_enabled ( oidvalue - > proto ) ) {
2002-08-31 20:09:26 +00:00
/* No dissector for this oid */
2015-01-03 03:19:53 +00:00
proto_tree_add_item ( subtree , hf_gssapi_token_object , gss_tvb , oid_start_offset , - 1 , ENC_NA ) ;
2002-08-29 17:20:31 +00:00
2015-06-24 04:30:15 +00:00
return_offset = tvb_captured_length ( gss_tvb ) ;
2002-08-31 20:09:26 +00:00
goto done ;
2002-08-29 17:20:31 +00:00
}
2006-09-02 00:17:35 +00:00
/* Save a pointer to the data for the OID for the
* GSSAPI protocol for this conversation .
2002-11-05 21:41:27 +00:00
*/
2002-08-31 20:09:26 +00:00
2002-11-05 21:41:27 +00:00
/*
2010-05-13 18:28:34 +00:00
* Now add the proto data . . .
2002-11-05 21:41:27 +00:00
* but only if it is not already there .
*/
2006-09-02 02:03:26 +00:00
if ( ! gss_info - > oid ) {
gss_info - > oid = oidvalue ;
2002-08-29 17:20:31 +00:00
}
2002-11-05 21:41:27 +00:00
if ( is_verifier ) {
2006-09-02 02:03:26 +00:00
handle = oidvalue - > wrap_handle ;
2002-11-28 06:48:42 +00:00
if ( handle ! = NULL ) {
2009-08-16 12:36:22 +00:00
oid_tvb = tvb_new_subset_remaining ( gss_tvb , offset ) ;
2015-11-04 03:25:36 +00:00
len = call_dissector_with_data ( handle , oid_tvb , pinfo , subtree , encrypt_info ) ;
2002-11-28 06:48:42 +00:00
if ( len = = 0 )
2015-06-24 04:30:15 +00:00
return_offset = tvb_captured_length ( gss_tvb ) ;
2002-11-28 06:48:42 +00:00
else
return_offset = offset + len ;
} else {
2015-01-03 03:19:53 +00:00
proto_tree_add_item ( subtree , hf_gssapi_auth_verifier , gss_tvb , offset , - 1 , ENC_NA ) ;
2015-06-24 04:30:15 +00:00
return_offset = tvb_captured_length ( gss_tvb ) ;
2002-11-28 06:48:42 +00:00
}
2002-11-05 21:41:27 +00:00
} else {
2006-09-02 02:03:26 +00:00
handle = oidvalue - > handle ;
2002-11-05 21:41:27 +00:00
if ( handle ! = NULL ) {
2009-08-16 12:36:22 +00:00
oid_tvb = tvb_new_subset_remaining ( gss_tvb , offset ) ;
2015-11-04 03:25:36 +00:00
len = call_dissector_with_data ( handle , oid_tvb , pinfo , subtree , encrypt_info ) ;
2002-11-28 06:48:42 +00:00
if ( len = = 0 )
2015-06-24 04:30:15 +00:00
return_offset = tvb_captured_length ( gss_tvb ) ;
2002-11-28 06:48:42 +00:00
else
return_offset = offset + len ;
2002-11-05 21:41:27 +00:00
} else {
2015-01-03 03:19:53 +00:00
proto_tree_add_item ( subtree , hf_gssapi_auth_credentials , gss_tvb , offset , - 1 , ENC_NA ) ;
2015-06-24 04:30:15 +00:00
return_offset = tvb_captured_length ( gss_tvb ) ;
2002-11-05 21:41:27 +00:00
}
2002-08-31 20:09:26 +00:00
}
2002-08-21 20:52:40 +00:00
2002-08-31 20:09:26 +00:00
done :
2005-06-20 04:44:39 +00:00
;
Move show_exception() and show_reported_bounds_error() to
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
2013-02-27 22:43:54 +00:00
} CATCH_NONFATAL_ERRORS {
/*
* Somebody threw an exception that means that there
* was a problem dissecting the payload ; that means
* that a dissector was found , so we don ' t need to
* dissect the payload as data or update the protocol
* or info columns .
*
* Just show the exception and then drive on to show
* the trailer , after noting that a dissector was found
* and restoring the protocol value that was in effect
* before we called the subdissector .
2010-10-08 17:48:22 +00:00
*/
Move show_exception() and show_reported_bounds_error() to
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
2013-02-27 22:43:54 +00:00
show_exception ( gss_tvb , pinfo , tree , EXCEPT_CODE , GET_MESSAGE ) ;
2002-08-31 20:09:26 +00:00
} ENDTRY ;
2002-11-28 06:48:42 +00:00
proto_item_set_len ( item , return_offset ) ;
return return_offset ;
2002-08-21 20:52:40 +00:00
}
2015-11-02 21:47:26 +00:00
static int
dissect_gssapi_work_wrapper ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree , gssapi_encrypt_info_t * encrypt_info , gboolean is_verifier )
{
int ret ;
2015-11-04 03:25:36 +00:00
gssapi_encrypt_info_t pass_encrypt_info ;
2015-11-02 21:47:26 +00:00
2015-11-27 15:59:09 +00:00
/* Ensure a non-null encryption structure */
2015-11-02 21:47:26 +00:00
if ( encrypt_info ! = NULL )
{
2015-11-04 03:25:36 +00:00
pass_encrypt_info = * encrypt_info ;
}
else
{
2015-11-27 15:59:09 +00:00
memset ( & pass_encrypt_info , 0 , sizeof ( pass_encrypt_info ) ) ;
2015-11-02 21:47:26 +00:00
}
2015-11-04 03:25:36 +00:00
ret = dissect_gssapi_work ( tvb , pinfo , tree , is_verifier , & pass_encrypt_info ) ;
2015-11-02 21:47:26 +00:00
2015-11-27 15:59:09 +00:00
/* Restore any changes to provided encryption structure */
2015-11-02 21:47:26 +00:00
if ( encrypt_info ! = NULL )
{
2015-11-04 03:25:36 +00:00
* encrypt_info = pass_encrypt_info ;
}
2015-11-02 21:47:26 +00:00
return ret ;
}
static int
dissect_gssapi ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree , void * data )
2002-11-05 21:41:27 +00:00
{
2015-11-02 21:47:26 +00:00
return dissect_gssapi_work_wrapper ( tvb , pinfo , tree , ( gssapi_encrypt_info_t * ) data , FALSE ) ;
2002-11-05 21:41:27 +00:00
}
2002-11-28 06:48:42 +00:00
static int
2015-11-02 21:47:26 +00:00
dissect_gssapi_verf ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree , void * data )
2002-11-05 21:41:27 +00:00
{
2015-11-02 21:47:26 +00:00
return dissect_gssapi_work_wrapper ( tvb , pinfo , tree , ( gssapi_encrypt_info_t * ) data , TRUE ) ;
2002-11-05 21:41:27 +00:00
}
2002-08-21 20:52:40 +00:00
void
proto_register_gssapi ( void )
{
static hf_register_info hf [ ] = {
2010-05-13 18:28:34 +00:00
{ & hf_gssapi_oid ,
2015-01-03 03:19:53 +00:00
{ " OID " , " gss-api.OID " , FT_STRING , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0 , " This is a GSS-API Object Identifier " , HFILL } } ,
2015-01-03 03:19:53 +00:00
{ & hf_gssapi_token_object ,
{ " Token object " , " gss-api.token_object " , FT_BYTES , BASE_NONE ,
NULL , 0 , NULL , HFILL } } ,
{ & hf_gssapi_auth_verifier ,
{ " Authentication verifier " , " gss-api.auth_verifier " , FT_BYTES , BASE_NONE ,
NULL , 0 , NULL , HFILL } } ,
{ & hf_gssapi_auth_credentials ,
{ " Authentication credentials " , " gss-api.auth_credentials " , FT_BYTES , BASE_NONE ,
NULL , 0 , NULL , HFILL } } ,
2006-09-02 11:46:15 +00:00
{ & hf_gssapi_segment ,
2010-05-13 18:28:34 +00:00
{ " GSSAPI Segment " , " gss-api.segment " , FT_FRAMENUM , BASE_NONE ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , 0x0 , NULL , HFILL } } ,
2006-09-02 11:46:15 +00:00
{ & hf_gssapi_segments ,
2010-05-13 18:28:34 +00:00
{ " GSSAPI Segments " , " gss-api.segment.segments " , FT_NONE , BASE_NONE ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , 0x0 , NULL , HFILL } } ,
2006-09-02 11:46:15 +00:00
{ & hf_gssapi_segment_overlap ,
2010-05-13 18:28:34 +00:00
{ " Fragment overlap " , " gss-api.segment.overlap " , FT_BOOLEAN , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " Fragment overlaps with other fragments " , HFILL } } ,
{ & hf_gssapi_segment_overlap_conflict ,
2010-05-13 18:28:34 +00:00
{ " Conflicting data in fragment overlap " , " gss-api.segment.overlap.conflict " , FT_BOOLEAN , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " Overlapping fragments contained conflicting data " , HFILL } } ,
{ & hf_gssapi_segment_multiple_tails ,
2010-05-13 18:28:34 +00:00
{ " Multiple tail fragments found " , " gss-api.segment.multipletails " , FT_BOOLEAN , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " Several tails were found when defragmenting the packet " , HFILL } } ,
{ & hf_gssapi_segment_too_long_fragment ,
2010-05-13 18:28:34 +00:00
{ " Fragment too long " , " gss-api.segment.toolongfragment " , FT_BOOLEAN , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " Fragment contained data past end of packet " , HFILL } } ,
{ & hf_gssapi_segment_error ,
2010-05-13 18:28:34 +00:00
{ " Defragmentation error " , " gss-api.segment.error " , FT_FRAMENUM , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " Defragmentation error due to illegal fragments " , HFILL } } ,
2011-01-30 21:01:07 +00:00
{ & hf_gssapi_segment_count ,
{ " Fragment count " , " gss-api.segment.count " , FT_UINT32 , BASE_DEC ,
NULL , 0x0 , NULL , HFILL } } ,
2006-09-02 11:46:15 +00:00
{ & hf_gssapi_reassembled_in ,
2010-05-13 18:28:34 +00:00
{ " Reassembled In " , " gss-api.reassembled_in " , FT_FRAMENUM , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " The frame where this pdu is reassembled " , HFILL } } ,
2010-02-02 16:01:52 +00:00
{ & hf_gssapi_reassembled_length ,
2010-05-13 18:28:34 +00:00
{ " Reassembled GSSAPI length " , " gss-api.reassembled.length " , FT_UINT32 , BASE_DEC ,
2010-02-02 16:01:52 +00:00
NULL , 0x0 , " The total length of the reassembled payload " , HFILL } } ,
2002-08-21 20:52:40 +00:00
} ;
2002-08-28 21:04:11 +00:00
2002-08-21 20:52:40 +00:00
static gint * ett [ ] = {
& ett_gssapi ,
2006-09-02 11:46:15 +00:00
& ett_gssapi_segment ,
& ett_gssapi_segments ,
2002-08-21 20:52:40 +00:00
} ;
2015-01-03 03:19:53 +00:00
static ei_register_info ei [ ] = {
{ & ei_gssapi_unknown_header , { " gssapi.unknown_header " , PI_PROTOCOL , PI_WARN , " Unknown header " , EXPFILL } } ,
} ;
2006-09-02 11:46:15 +00:00
module_t * gssapi_module ;
2015-01-03 03:19:53 +00:00
expert_module_t * expert_gssapi ;
2002-08-28 21:04:11 +00:00
2002-08-21 20:52:40 +00:00
proto_gssapi = proto_register_protocol (
2005-06-20 05:28:56 +00:00
" GSS-API Generic Security Service Application Program Interface " ,
2002-08-21 20:52:40 +00:00
" GSS-API " , " gss-api " ) ;
2006-09-02 11:46:15 +00:00
gssapi_module = prefs_register_protocol ( proto_gssapi , NULL ) ;
prefs_register_bool_preference ( gssapi_module , " gssapi_reassembly " ,
" Reassemble fragmented GSSAPI blobs " ,
" Whether or not to try reassembling GSSAPI blobs spanning multiple (SMB/SessionSetup) PDUs " ,
& gssapi_reassembly ) ;
2002-08-21 20:52:40 +00:00
proto_register_field_array ( proto_gssapi , hf , array_length ( hf ) ) ;
proto_register_subtree_array ( ett , array_length ( ett ) ) ;
2015-01-03 03:19:53 +00:00
expert_gssapi = expert_register_protocol ( proto_gssapi ) ;
expert_register_field_array ( expert_gssapi , ei , array_length ( ei ) ) ;
2002-08-28 21:04:11 +00:00
2015-12-09 04:04:01 +00:00
register_dissector ( " gssapi " , dissect_gssapi , proto_gssapi ) ;
register_dissector ( " gssapi_verf " , dissect_gssapi_verf , proto_gssapi ) ;
2002-08-21 20:52:40 +00:00
gssapi_oids = g_hash_table_new ( gssapi_oid_hash , gssapi_oid_equal ) ;
2006-09-02 11:46:15 +00:00
register_init_routine ( gssapi_reassembly_init ) ;
2015-06-28 11:06:31 +00:00
register_cleanup_routine ( gssapi_reassembly_cleanup ) ;
2002-08-21 20:52:40 +00:00
}
2010-10-08 17:48:22 +00:00
static int
wrap_dissect_gssapi ( tvbuff_t * tvb , int offset , packet_info * pinfo ,
2013-11-06 14:31:29 +00:00
proto_tree * tree , dcerpc_info * di _U_ , guint8 * drep _U_ )
2003-07-16 04:20:33 +00:00
{
tvbuff_t * auth_tvb ;
2009-08-16 12:36:22 +00:00
auth_tvb = tvb_new_subset_remaining ( tvb , offset ) ;
2003-07-16 04:20:33 +00:00
2015-11-02 21:47:26 +00:00
dissect_gssapi ( auth_tvb , pinfo , tree , NULL ) ;
2003-07-16 04:20:33 +00:00
2015-06-24 04:30:15 +00:00
return tvb_captured_length_remaining ( tvb , offset ) ;
2003-07-16 04:20:33 +00:00
}
2010-10-08 17:48:22 +00:00
int
wrap_dissect_gssapi_verf ( tvbuff_t * tvb , int offset , packet_info * pinfo ,
2013-11-06 14:31:29 +00:00
proto_tree * tree , dcerpc_info * di _U_ , guint8 * drep _U_ )
2003-07-16 04:20:33 +00:00
{
tvbuff_t * auth_tvb ;
2009-08-16 12:36:22 +00:00
auth_tvb = tvb_new_subset_remaining ( tvb , offset ) ;
2003-07-16 04:20:33 +00:00
2012-09-10 21:40:21 +00:00
return dissect_gssapi_verf ( auth_tvb , pinfo , tree , NULL ) ;
2003-07-16 04:20:33 +00:00
}
2005-03-10 10:16:49 +00:00
tvbuff_t *
2010-10-08 17:48:22 +00:00
wrap_dissect_gssapi_payload ( tvbuff_t * data_tvb , tvbuff_t * auth_tvb ,
int offset _U_ , packet_info * pinfo ,
dcerpc_auth_info * auth_info _U_ )
2005-03-10 10:16:49 +00:00
{
tvbuff_t * result ;
2015-11-02 21:47:26 +00:00
gssapi_encrypt_info_t gssapi_encrypt ;
2005-03-10 10:16:49 +00:00
2015-11-04 16:49:48 +00:00
memset ( & gssapi_encrypt , 0x0 , sizeof ( gssapi_encrypt_info_t ) ) ;
2014-09-16 13:43:06 +00:00
/* we need a full auth and a full data tvb or else we can't
2010-05-13 18:28:34 +00:00
decrypt anything
2005-03-10 10:16:49 +00:00
*/
if ( ( ! auth_tvb ) | | ( ! data_tvb ) ) {
return NULL ;
}
2015-11-02 21:47:26 +00:00
gssapi_encrypt . decrypt_gssapi_tvb = DECRYPT_GSSAPI_DCE ;
gssapi_encrypt . gssapi_encrypted_tvb = data_tvb ;
2015-11-04 16:49:48 +00:00
2015-11-02 21:47:26 +00:00
dissect_gssapi ( auth_tvb , pinfo , NULL , & gssapi_encrypt ) ;
result = gssapi_encrypt . gssapi_decrypted_tvb ;
2005-03-10 10:16:49 +00:00
return result ;
}
2003-07-16 04:20:33 +00:00
static dcerpc_auth_subdissector_fns gssapi_auth_fns = {
wrap_dissect_gssapi , /* Bind */
wrap_dissect_gssapi , /* Bind ACK */
wrap_dissect_gssapi , /* AUTH3 */
wrap_dissect_gssapi_verf , /* Request verifier */
wrap_dissect_gssapi_verf , /* Response verifier */
2006-06-09 08:54:23 +00:00
wrap_dissect_gssapi_payload , /* Request data */
wrap_dissect_gssapi_payload /* Response data */
2003-07-16 04:20:33 +00:00
} ;
2002-08-21 20:52:40 +00:00
void
proto_reg_handoff_gssapi ( void )
{
2005-12-25 12:03:18 +00:00
dissector_handle_t gssapi_handle ;
2016-03-16 13:02:52 +00:00
ntlmssp_handle = find_dissector_add_dependency ( " ntlmssp " , proto_gssapi ) ;
ntlmssp_payload_handle = find_dissector_add_dependency ( " ntlmssp_payload " , proto_gssapi ) ;
ntlmssp_verf_handle = find_dissector_add_dependency ( " ntlmssp_verf " , proto_gssapi ) ;
ntlmssp_data_only_handle = find_dissector_add_dependency ( " ntlmssp_data_only " , proto_gssapi ) ;
spnego_krb5_wrap_handle = find_dissector_add_dependency ( " spnego-krb5-wrap " , proto_gssapi ) ;
2005-03-17 02:27:26 +00:00
2005-03-04 12:28:00 +00:00
register_dcerpc_auth_subdissector ( DCE_C_AUTHN_LEVEL_CONNECT ,
DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO ,
& gssapi_auth_fns ) ;
register_dcerpc_auth_subdissector ( DCE_C_AUTHN_LEVEL_PKT_INTEGRITY ,
DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO ,
& gssapi_auth_fns ) ;
2003-07-16 04:20:33 +00:00
register_dcerpc_auth_subdissector ( DCE_C_AUTHN_LEVEL_PKT_PRIVACY ,
DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO ,
& gssapi_auth_fns ) ;
2005-12-25 12:03:18 +00:00
2008-09-27 14:02:23 +00:00
gssapi_handle = find_dissector ( " gssapi " ) ;
2005-12-25 12:03:18 +00:00
dissector_add_string ( " dns.tsig.mac " , " gss.microsoft.com " , gssapi_handle ) ;
2002-08-21 20:52:40 +00:00
}
2014-10-03 14:13:07 +00:00
/*
* Editor modelines - http : //www.wireshark.org/tools/modelines.html
*
* Local variables :
* c - basic - offset : 8
* tab - width : 8
* indent - tabs - mode : t
* End :
*
* vi : set shiftwidth = 8 tabstop = 8 noexpandtab :
* : indentSize = 8 : tabSize = 8 : noTabs = false :
*/
