2002-08-21 20:52:40 +00:00
/* packet-gssapi.c
* Dissector for GSS - API tokens as described in rfc2078 , section 3.1
* Copyright 2002 , Tim Potter < tpot @ samba . org >
2002-09-08 01:07:40 +00:00
* Copyright 2002 , Richard Sharpe < rsharpe @ samba . org > Added a few
* bits and pieces . . .
2002-08-21 20:52:40 +00:00
*
2004-07-18 00:24:25 +00:00
* $ Id $
2002-08-21 20:52:40 +00:00
*
2006-05-21 04:49:01 +00:00
* Wireshark - Network traffic analyzer
* By Gerald Combs < gerald @ wireshark . org >
2002-08-21 20:52:40 +00:00
* Copyright 1998 Gerald Combs
2002-08-28 21:04:11 +00:00
*
2002-08-21 20:52:40 +00:00
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation ; either version 2
* of the License , or ( at your option ) any later version .
2002-08-28 21:04:11 +00:00
*
2002-08-21 20:52:40 +00:00
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
2002-08-28 21:04:11 +00:00
*
2002-08-21 20:52:40 +00:00
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 59 Temple Place - Suite 330 , Boston , MA 02111 - 1307 , USA .
*/
# ifdef HAVE_CONFIG_H
# include "config.h"
# endif
# ifdef HAVE_SYS_TYPES_H
# include <sys / types.h>
# endif
2002-09-29 18:58:56 +00:00
# include <string.h>
2002-08-21 20:52:40 +00:00
# include <glib.h>
# include <epan/packet.h>
2004-07-18 18:06:47 +00:00
# include <epan/dissectors/packet-dcerpc.h>
# include <epan/dissectors/packet-gssapi.h>
# include <epan/dissectors/packet-frame.h>
2002-08-29 16:36:16 +00:00
# include "epan/conversation.h"
2006-09-02 02:03:26 +00:00
# include "epan/emem.h"
2006-09-02 11:46:15 +00:00
# include "epan/prefs.h"
# include "epan/reassemble.h"
2007-05-15 05:49:43 +00:00
# include <epan/asn1.h>
2005-06-20 04:44:39 +00:00
# include "packet-ber.h"
2005-06-21 09:38:59 +00:00
# include "to_str.h"
2002-08-21 20:52:40 +00:00
static int proto_gssapi = - 1 ;
2005-06-20 04:44:39 +00:00
static int hf_gssapi_oid = - 1 ;
2006-09-02 11:46:15 +00:00
static int hf_gssapi_segments = - 1 ;
static int hf_gssapi_segment = - 1 ;
static int hf_gssapi_segment_overlap = - 1 ;
static int hf_gssapi_segment_overlap_conflict = - 1 ;
static int hf_gssapi_segment_multiple_tails = - 1 ;
static int hf_gssapi_segment_too_long_fragment = - 1 ;
static int hf_gssapi_segment_error = - 1 ;
static int hf_gssapi_reassembled_in = - 1 ;
2002-08-21 20:52:40 +00:00
static gint ett_gssapi = - 1 ;
2006-09-02 11:46:15 +00:00
static gint ett_gssapi_segment = - 1 ;
static gint ett_gssapi_segments = - 1 ;
static gboolean gssapi_reassembly = TRUE ;
2002-08-21 20:52:40 +00:00
2006-09-02 02:03:26 +00:00
typedef struct _gssapi_conv_info_t {
gssapi_oid_value * oid ;
2006-09-02 11:46:15 +00:00
emem_tree_t * frags ;
gboolean do_reassembly ; /* this field is used on first sequential scan of packets to help indicate when the next blob is a fragment continuing a previous one */
int first_frame ;
int frag_offset ;
2006-09-02 02:03:26 +00:00
} gssapi_conv_info_t ;
2006-09-02 11:46:15 +00:00
typedef struct _gssapi_frag_info_t {
guint32 first_frame ;
guint32 reassembled_in ;
} gssapi_frag_info_t ;
static const fragment_items gssapi_frag_items = {
& ett_gssapi_segment ,
& ett_gssapi_segments ,
& hf_gssapi_segments ,
& hf_gssapi_segment ,
& hf_gssapi_segment_overlap ,
& hf_gssapi_segment_overlap_conflict ,
& hf_gssapi_segment_multiple_tails ,
& hf_gssapi_segment_too_long_fragment ,
& hf_gssapi_segment_error ,
NULL ,
" fragments "
} ;
static GHashTable * gssapi_fragment_table = NULL ;
static void
gssapi_reassembly_init ( void )
{
fragment_table_init ( & gssapi_fragment_table ) ;
}
2002-08-28 21:04:11 +00:00
/*
2002-08-21 20:52:40 +00:00
* Subdissectors
*/
2005-03-17 02:27:26 +00:00
static dissector_handle_t ntlmssp_handle = NULL ;
2002-09-08 01:43:44 +00:00
static GHashTable * gssapi_oids ;
2002-08-21 20:52:40 +00:00
static gint gssapi_oid_equal ( gconstpointer k1 , gconstpointer k2 )
{
2002-12-02 20:04:07 +00:00
const char * key1 = ( const char * ) k1 ;
const char * key2 = ( const char * ) k2 ;
2002-08-21 20:52:40 +00:00
return strcmp ( key1 , key2 ) = = 0 ;
}
static guint
gssapi_oid_hash ( gconstpointer k )
{
2002-12-02 20:04:07 +00:00
const char * key = ( const char * ) k ;
2002-08-21 20:52:40 +00:00
guint hash = 0 , i ;
for ( i = 0 ; i < strlen ( key ) ; i + + )
hash + = key [ i ] ;
return hash ;
}
void
2005-08-05 00:23:22 +00:00
gssapi_init_oid ( const char * oid , int proto , int ett , dissector_handle_t handle ,
dissector_handle_t wrap_handle , const gchar * comment )
2002-08-21 20:52:40 +00:00
{
char * key = g_strdup ( oid ) ;
gssapi_oid_value * value = g_malloc ( sizeof ( * value ) ) ;
2003-11-16 23:17:27 +00:00
value - > proto = find_protocol_by_id ( proto ) ;
2002-08-21 20:52:40 +00:00
value - > ett = ett ;
2002-08-31 22:22:29 +00:00
value - > handle = handle ;
2002-11-28 06:48:42 +00:00
value - > wrap_handle = wrap_handle ;
2002-09-04 21:34:38 +00:00
value - > comment = comment ;
2002-08-21 20:52:40 +00:00
g_hash_table_insert ( gssapi_oids , key , value ) ;
2005-06-20 04:44:39 +00:00
register_ber_oid_dissector_handle ( key , handle , proto , comment ) ;
2002-08-21 20:52:40 +00:00
}
2005-06-20 04:44:39 +00:00
/*
* This takes an OID in text string form as
* an argument .
*/
gssapi_oid_value *
2005-11-14 10:02:31 +00:00
gssapi_lookup_oid_str ( const char * oid_key )
2002-08-21 20:52:40 +00:00
{
2005-06-20 04:44:39 +00:00
gssapi_oid_value * value ;
2006-04-04 07:53:39 +00:00
if ( ! oid_key ) {
return NULL ;
}
2005-06-20 04:44:39 +00:00
value = g_hash_table_lookup ( gssapi_oids , oid_key ) ;
return value ;
2002-08-21 20:52:40 +00:00
}
2002-11-28 06:48:42 +00:00
static int
2002-11-05 21:41:27 +00:00
dissect_gssapi_work ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree ,
gboolean is_verifier )
2002-08-21 20:52:40 +00:00
{
proto_item * item ;
proto_tree * subtree ;
2007-04-13 00:50:23 +00:00
volatile int return_offset = 0 ;
2007-03-27 22:50:11 +00:00
gssapi_conv_info_t * volatile gss_info ;
2006-09-02 02:03:26 +00:00
gssapi_oid_value * oidvalue ;
2006-09-02 00:24:31 +00:00
dissector_handle_t handle ;
conversation_t * conversation ;
2002-11-05 21:41:27 +00:00
tvbuff_t * oid_tvb ;
2007-04-13 00:50:23 +00:00
int len , start_offset , oid_start_offset ;
volatile int offset ;
2005-06-20 04:44:39 +00:00
gint8 class ;
gboolean pc , ind_field ;
gint32 tag ;
guint32 len1 ;
2005-11-14 10:02:31 +00:00
const char * oid ;
2006-09-02 11:46:15 +00:00
fragment_data * fd_head = NULL ;
gssapi_frag_info_t * fi ;
2007-04-13 00:50:23 +00:00
tvbuff_t * volatile gss_tvb = NULL ;
2007-05-15 05:49:43 +00:00
asn1_ctx_t asn1_ctx ;
2005-06-20 04:44:39 +00:00
start_offset = 0 ;
2006-09-02 11:46:15 +00:00
offset = 0 ;
2007-05-15 05:49:43 +00:00
asn1_ctx_init ( & asn1_ctx , ASN1_ENC_BER , TRUE , pinfo ) ;
2005-03-16 21:59:25 +00:00
/*
* We don ' t know whether the data is encrypted , so say it ' s
* not , for now . The subdissector must set gssapi_data_encrypted
* if it is .
*/
pinfo - > gssapi_data_encrypted = FALSE ;
2006-09-02 00:17:35 +00:00
2002-08-29 17:20:31 +00:00
/*
2006-09-02 00:17:35 +00:00
* We need a conversation for later
2002-08-29 17:20:31 +00:00
*/
2005-02-02 20:07:03 +00:00
conversation = find_conversation ( pinfo - > fd - > num , & pinfo - > src , & pinfo - > dst ,
2002-08-29 17:20:31 +00:00
pinfo - > ptype , pinfo - > srcport ,
pinfo - > destport , 0 ) ;
2006-09-02 00:17:35 +00:00
if ( ! conversation ) {
conversation = conversation_new ( pinfo - > fd - > num , & pinfo - > src ,
& pinfo - > dst ,
pinfo - > ptype ,
pinfo - > srcport ,
pinfo - > destport , 0 ) ;
}
2006-09-02 02:03:26 +00:00
gss_info = conversation_get_proto_data ( conversation , proto_gssapi ) ;
if ( ! gss_info ) {
gss_info = se_alloc ( sizeof ( gssapi_conv_info_t ) ) ;
gss_info - > oid = NULL ;
2006-09-02 11:46:15 +00:00
gss_info - > do_reassembly = FALSE ;
gss_info - > frags = se_tree_create_non_persistent ( EMEM_TREE_TYPE_RED_BLACK , " gssapi_frags " ) ;
2006-09-02 02:03:26 +00:00
conversation_add_proto_data ( conversation , proto_gssapi , gss_info ) ;
}
2006-09-02 00:17:35 +00:00
2002-08-21 20:52:40 +00:00
item = proto_tree_add_item (
2005-06-20 04:44:39 +00:00
tree , proto_gssapi , tvb , offset , - 1 , FALSE ) ;
2002-08-21 20:52:40 +00:00
subtree = proto_item_add_subtree ( item , ett_gssapi ) ;
2002-08-31 20:09:26 +00:00
/*
* Catch the ReportedBoundsError exception ; the stuff we ' ve been
* handed doesn ' t necessarily run to the end of the packet , it ' s
* an item inside a packet , so if it happens to be malformed ( or
* we , or a dissector we call , has a bug ) , so that an exception
* is thrown , we want to report the error , but return and let
* our caller dissect the rest of the packet .
*
* If it gets a BoundsError , we can stop , as there ' s nothing more
* in the packet after our blob to see , so we just re - throw the
* exception .
*/
TRY {
2006-09-02 11:46:15 +00:00
gss_tvb = tvb ;
/* First of all, if its the first time we see this packet
* then check whether we are in the middle of reassembly or not
*/
if ( ( ! pinfo - > fd - > flags . visited )
& & ( gss_info - > do_reassembly )
& & ( gssapi_reassembly ) ) {
fi = se_tree_lookup32 ( gss_info - > frags , gss_info - > first_frame ) ;
if ( ! fi ) {
goto done ;
}
se_tree_insert32 ( gss_info - > frags , pinfo - > fd - > num , fi ) ;
fd_head = fragment_add ( tvb , 0 , pinfo , fi - > first_frame ,
gssapi_fragment_table , gss_info - > frag_offset ,
tvb_length ( tvb ) , TRUE ) ;
gss_info - > frag_offset + = tvb_length ( tvb ) ;
/* we need more fragments */
if ( ! fd_head ) {
goto done ;
}
/* this blob is now fully reassembled */
gss_info - > do_reassembly = FALSE ;
fi - > reassembled_in = pinfo - > fd - > num ;
gss_tvb = tvb_new_real_data ( fd_head - > data , fd_head - > datalen , fd_head - > datalen ) ;
tvb_set_child_real_data_tvbuff ( tvb , gss_tvb ) ;
add_new_data_source ( pinfo , gss_tvb , " Reassembled GSSAPI " ) ;
}
/* We have seen this packet before.
* Is this blob part of reassembly or a normal blob ?
*/
if ( ( pinfo - > fd - > flags . visited )
& & ( gssapi_reassembly ) ) {
fi = se_tree_lookup32 ( gss_info - > frags , pinfo - > fd - > num ) ;
if ( fi ) {
fd_head = fragment_get ( pinfo , fi - > first_frame , gssapi_fragment_table ) ;
if ( fd_head & & ( fd_head - > flags & FD_DEFRAGMENTED ) ) {
if ( pinfo - > fd - > num = = fi - > reassembled_in ) {
proto_item * frag_tree_item ;
gss_tvb = tvb_new_real_data ( fd_head - > data , fd_head - > datalen , fd_head - > datalen ) ;
tvb_set_child_real_data_tvbuff ( tvb , gss_tvb ) ;
add_new_data_source ( pinfo , gss_tvb , " Reassembled GSSAPI " ) ;
show_fragment_tree ( fd_head , & gssapi_frag_items , tree , pinfo , tvb , & frag_tree_item ) ;
} else {
proto_item * it ;
it = proto_tree_add_uint ( tree , hf_gssapi_reassembled_in , tvb , 0 , 0 , fi - > reassembled_in ) ;
PROTO_ITEM_SET_GENERATED ( it ) ;
goto done ;
}
}
}
}
2002-08-31 20:09:26 +00:00
/* Read header */
2006-09-02 11:46:15 +00:00
offset = get_ber_identifier ( gss_tvb , offset , & class , & pc , & tag ) ;
2007-08-24 07:12:04 +00:00
offset = get_ber_length ( gss_tvb , offset , & len1 , & ind_field ) ;
2006-09-02 11:46:15 +00:00
2005-06-20 04:44:39 +00:00
if ( ! ( class = = BER_CLASS_APP & & pc & & tag = = 0 ) ) {
2006-12-14 10:11:40 +00:00
/* It could be NTLMSSP, with no OID. This can happen
for anything that microsoft calls ' Negotiate ' or GSS - SPNEGO */
if ( ( tvb_length_remaining ( gss_tvb , start_offset ) > 7 ) & & ( tvb_strneql ( gss_tvb , start_offset , " NTLMSSP " , 7 ) = = 0 ) ) {
call_dissector ( ntlmssp_handle , tvb_new_subset ( gss_tvb , start_offset , - 1 , - 1 ) , pinfo , subtree ) ;
return_offset = tvb_length ( gss_tvb ) ;
goto done ;
}
2002-08-31 20:09:26 +00:00
/*
2002-09-04 21:34:38 +00:00
* If we do not recognise an Application class ,
2002-08-31 20:09:26 +00:00
* then we are probably dealing with an inner context
2002-11-28 06:48:42 +00:00
* token or a wrap token , and we should retrieve the
* gssapi_oid_value pointer from the per - frame data or ,
* if there is no per - frame data ( as would be the case
* the first time we dissect this frame ) , from the
* conversation that exists or that we created from
* pinfo ( and then make it per - frame data ) .
2002-11-06 23:36:25 +00:00
* We need to make it per - frame data as there can be
* more than one GSS - API negotiation in a conversation .
2002-08-31 20:09:26 +00:00
*
2002-11-28 06:48:42 +00:00
* Note ! We " cheat " . Since we only need the pointer ,
* we store that as the data . ( That ' s not really
* " cheating " - the per - frame data and per - conversation
* data code doesn ' t care what you supply as a data
* pointer ; it just treats it as an opaque pointer , it
* doesn ' t dereference it or free what it points to . )
2002-08-31 20:09:26 +00:00
*/
2006-09-02 02:03:26 +00:00
oidvalue = p_get_proto_data ( pinfo - > fd , proto_gssapi ) ;
if ( ! oidvalue & & ! pinfo - > fd - > flags . visited )
2002-11-06 23:36:25 +00:00
{
/* No handle attached to this frame, but it's the first */
/* pass, so it'd be attached to the conversation. */
2006-09-02 02:03:26 +00:00
oidvalue = gss_info - > oid ;
if ( gss_info - > oid )
p_add_proto_data ( pinfo - > fd , proto_gssapi , gss_info - > oid ) ;
2002-11-06 23:36:25 +00:00
}
2006-09-02 02:03:26 +00:00
if ( ! oidvalue )
2002-11-06 23:36:25 +00:00
{
2006-12-14 10:11:40 +00:00
proto_tree_add_text ( subtree , gss_tvb , start_offset , 0 ,
2005-06-20 04:44:39 +00:00
" Unknown header (class=%d, pc=%d, tag=%d) " ,
class , pc , tag ) ;
2006-09-02 11:46:15 +00:00
return_offset = tvb_length ( gss_tvb ) ;
2002-11-06 23:36:25 +00:00
goto done ;
2005-03-17 02:27:26 +00:00
} else {
2002-08-31 20:09:26 +00:00
tvbuff_t * oid_tvb ;
2006-09-02 11:46:15 +00:00
oid_tvb = tvb_new_subset ( gss_tvb , start_offset , - 1 , - 1 ) ;
2002-11-28 06:48:42 +00:00
if ( is_verifier )
2006-09-02 02:03:26 +00:00
handle = oidvalue - > wrap_handle ;
2002-11-28 06:48:42 +00:00
else
2006-09-02 02:03:26 +00:00
handle = oidvalue - > handle ;
2002-11-28 06:48:42 +00:00
len = call_dissector ( handle , oid_tvb , pinfo , subtree ) ;
if ( len = = 0 )
2006-09-02 11:46:15 +00:00
return_offset = tvb_length ( gss_tvb ) ;
2002-11-28 06:48:42 +00:00
else
2005-06-20 04:44:39 +00:00
return_offset = start_offset + len ;
2002-08-31 20:50:08 +00:00
goto done ; /* We are finished here */
2002-08-31 20:09:26 +00:00
}
}
2002-08-21 20:52:40 +00:00
2002-08-31 20:09:26 +00:00
/* Read oid */
2005-06-20 04:44:39 +00:00
oid_start_offset = offset ;
2007-05-15 05:49:43 +00:00
offset = dissect_ber_object_identifier_str ( FALSE , & asn1_ctx , subtree , gss_tvb , offset , hf_gssapi_oid , & oid ) ;
2006-09-02 02:03:26 +00:00
oidvalue = gssapi_lookup_oid_str ( oid ) ;
2002-08-26 18:52:50 +00:00
2006-09-02 11:46:15 +00:00
/* Check if we need reassembly of this blob.
* Only try reassembly for OIDs we recognize
* and when we have the entire tvb
*
* SMB will sometimes split one large GSSAPI blob
* across multiple SMB / SessionSetup commands .
* While we should look at the uid returned in the response
* to the first SessionSetup and use that as a key
* instead for simplicity we assume there will not be several
* such authentication at once on a single tcp session
*/
if ( ( ! pinfo - > fd - > flags . visited )
& & ( oidvalue )
& & ( tvb_length ( gss_tvb ) = = tvb_reported_length ( gss_tvb ) )
& & ( len1 > ( guint32 ) tvb_length_remaining ( gss_tvb , oid_start_offset ) )
& & ( gssapi_reassembly ) ) {
fi = se_alloc ( sizeof ( gssapi_frag_info_t ) ) ;
fi - > first_frame = pinfo - > fd - > num ;
fi - > reassembled_in = 0 ;
se_tree_insert32 ( gss_info - > frags , pinfo - > fd - > num , fi ) ;
fragment_add ( gss_tvb , 0 , pinfo , pinfo - > fd - > num ,
gssapi_fragment_table , 0 ,
tvb_length ( gss_tvb ) , TRUE ) ;
fragment_set_tot_len ( pinfo , pinfo - > fd - > num , gssapi_fragment_table , len1 + oid_start_offset ) ;
gss_info - > do_reassembly = TRUE ;
gss_info - > first_frame = pinfo - > fd - > num ;
gss_info - > frag_offset = tvb_length ( gss_tvb ) ;
goto done ;
}
2002-08-31 20:09:26 +00:00
/*
* Hand off to subdissector .
*/
2002-09-04 21:34:38 +00:00
2006-09-02 02:03:26 +00:00
if ( ( oidvalue = = NULL ) | |
! proto_is_protocol_enabled ( oidvalue - > proto ) ) {
2002-08-31 20:09:26 +00:00
/* No dissector for this oid */
2006-09-02 11:46:15 +00:00
proto_tree_add_text ( subtree , gss_tvb , oid_start_offset , - 1 ,
2002-08-31 20:09:26 +00:00
" Token object " ) ;
2002-08-29 17:20:31 +00:00
2006-09-02 11:46:15 +00:00
return_offset = tvb_length ( gss_tvb ) ;
2002-08-31 20:09:26 +00:00
goto done ;
2002-08-29 17:20:31 +00:00
}
2006-09-02 00:17:35 +00:00
/* Save a pointer to the data for the OID for the
* GSSAPI protocol for this conversation .
2002-11-05 21:41:27 +00:00
*/
2002-08-31 20:09:26 +00:00
2002-11-05 21:41:27 +00:00
/*
* Now add the proto data . . .
* but only if it is not already there .
*/
2006-09-02 02:03:26 +00:00
if ( ! gss_info - > oid ) {
gss_info - > oid = oidvalue ;
2002-08-29 17:20:31 +00:00
}
2002-11-05 21:41:27 +00:00
if ( is_verifier ) {
2006-09-02 02:03:26 +00:00
handle = oidvalue - > wrap_handle ;
2002-11-28 06:48:42 +00:00
if ( handle ! = NULL ) {
2006-09-02 11:46:15 +00:00
oid_tvb = tvb_new_subset ( gss_tvb , offset , - 1 , - 1 ) ;
2002-11-28 06:48:42 +00:00
len = call_dissector ( handle , oid_tvb , pinfo ,
subtree ) ;
if ( len = = 0 )
2006-09-02 11:46:15 +00:00
return_offset = tvb_length ( gss_tvb ) ;
2002-11-28 06:48:42 +00:00
else
return_offset = offset + len ;
} else {
2006-09-02 11:46:15 +00:00
proto_tree_add_text ( subtree , gss_tvb , offset , - 1 ,
2002-11-28 06:48:42 +00:00
" Authentication verifier " ) ;
2006-09-02 11:46:15 +00:00
return_offset = tvb_length ( gss_tvb ) ;
2002-11-28 06:48:42 +00:00
}
2002-11-05 21:41:27 +00:00
} else {
2006-09-02 02:03:26 +00:00
handle = oidvalue - > handle ;
2002-11-05 21:41:27 +00:00
if ( handle ! = NULL ) {
2006-09-02 11:46:15 +00:00
oid_tvb = tvb_new_subset ( gss_tvb , offset , - 1 , - 1 ) ;
2002-11-28 06:48:42 +00:00
len = call_dissector ( handle , oid_tvb , pinfo ,
subtree ) ;
if ( len = = 0 )
2006-09-02 11:46:15 +00:00
return_offset = tvb_length ( gss_tvb ) ;
2002-11-28 06:48:42 +00:00
else
return_offset = offset + len ;
2002-11-05 21:41:27 +00:00
} else {
2006-09-02 11:46:15 +00:00
proto_tree_add_text ( subtree , gss_tvb , offset , - 1 ,
2002-11-05 21:41:27 +00:00
" Authentication credentials " ) ;
2006-09-02 11:46:15 +00:00
return_offset = tvb_length ( gss_tvb ) ;
2002-11-05 21:41:27 +00:00
}
2002-08-31 20:09:26 +00:00
}
2002-08-21 20:52:40 +00:00
2002-08-31 20:09:26 +00:00
done :
2005-06-20 04:44:39 +00:00
;
2002-08-31 20:09:26 +00:00
} CATCH ( BoundsError ) {
RETHROW ;
} CATCH ( ReportedBoundsError ) {
2006-09-02 11:46:15 +00:00
show_reported_bounds_error ( gss_tvb , pinfo , tree ) ;
2002-08-31 20:09:26 +00:00
} ENDTRY ;
2002-11-28 06:48:42 +00:00
proto_item_set_len ( item , return_offset ) ;
return return_offset ;
2002-08-21 20:52:40 +00:00
}
2002-11-05 21:41:27 +00:00
static void
dissect_gssapi ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree )
{
dissect_gssapi_work ( tvb , pinfo , tree , FALSE ) ;
}
2002-11-28 06:48:42 +00:00
static int
2003-07-16 04:20:33 +00:00
dissect_gssapi_verf ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree )
2002-11-05 21:41:27 +00:00
{
2002-11-28 06:48:42 +00:00
return dissect_gssapi_work ( tvb , pinfo , tree , TRUE ) ;
2002-11-05 21:41:27 +00:00
}
2002-08-21 20:52:40 +00:00
void
proto_register_gssapi ( void )
{
static hf_register_info hf [ ] = {
2006-09-02 11:46:15 +00:00
{ & hf_gssapi_oid ,
2008-01-10 16:35:54 +00:00
{ " OID " , " gss-api.OID " , FT_STRING , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0 , " This is a GSS-API Object Identifier " , HFILL } } ,
{ & hf_gssapi_segment ,
2008-01-10 16:35:54 +00:00
{ " GSSAPI Segment " , " gss-api.segment " , FT_FRAMENUM , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " GSSAPI Segment " , HFILL } } ,
{ & hf_gssapi_segments ,
2008-01-10 16:35:54 +00:00
{ " GSSAPI Segments " , " gss-api.segment.segments " , FT_NONE , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " GSSAPI Segments " , HFILL } } ,
{ & hf_gssapi_segment_overlap ,
2008-01-10 16:35:54 +00:00
{ " Fragment overlap " , " gss-api.segment.overlap " , FT_BOOLEAN , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " Fragment overlaps with other fragments " , HFILL } } ,
{ & hf_gssapi_segment_overlap_conflict ,
2008-01-10 16:35:54 +00:00
{ " Conflicting data in fragment overlap " , " gss-api.segment.overlap.conflict " , FT_BOOLEAN , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " Overlapping fragments contained conflicting data " , HFILL } } ,
{ & hf_gssapi_segment_multiple_tails ,
2008-01-10 16:35:54 +00:00
{ " Multiple tail fragments found " , " gss-api.segment.multipletails " , FT_BOOLEAN , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " Several tails were found when defragmenting the packet " , HFILL } } ,
{ & hf_gssapi_segment_too_long_fragment ,
2008-01-10 16:35:54 +00:00
{ " Fragment too long " , " gss-api.segment.toolongfragment " , FT_BOOLEAN , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " Fragment contained data past end of packet " , HFILL } } ,
{ & hf_gssapi_segment_error ,
2008-01-10 16:35:54 +00:00
{ " Defragmentation error " , " gss-api.segment.error " , FT_FRAMENUM , BASE_NONE ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " Defragmentation error due to illegal fragments " , HFILL } } ,
{ & hf_gssapi_reassembled_in ,
2008-01-10 16:35:54 +00:00
{ " Reassembled In " , " gss-api.reassembled_in " , FT_FRAMENUM , BASE_DEC ,
2006-09-02 11:46:15 +00:00
NULL , 0x0 , " The frame where this pdu is reassembled " , HFILL } } ,
2002-08-21 20:52:40 +00:00
} ;
2002-08-28 21:04:11 +00:00
2002-08-21 20:52:40 +00:00
static gint * ett [ ] = {
& ett_gssapi ,
2006-09-02 11:46:15 +00:00
& ett_gssapi_segment ,
& ett_gssapi_segments ,
2002-08-21 20:52:40 +00:00
} ;
2006-09-02 11:46:15 +00:00
module_t * gssapi_module ;
2002-08-28 21:04:11 +00:00
2002-08-21 20:52:40 +00:00
proto_gssapi = proto_register_protocol (
2005-06-20 05:28:56 +00:00
" GSS-API Generic Security Service Application Program Interface " ,
2002-08-21 20:52:40 +00:00
" GSS-API " , " gss-api " ) ;
2006-09-02 11:46:15 +00:00
gssapi_module = prefs_register_protocol ( proto_gssapi , NULL ) ;
prefs_register_bool_preference ( gssapi_module , " gssapi_reassembly " ,
" Reassemble fragmented GSSAPI blobs " ,
" Whether or not to try reassembling GSSAPI blobs spanning multiple (SMB/SessionSetup) PDUs " ,
& gssapi_reassembly ) ;
2002-08-21 20:52:40 +00:00
proto_register_field_array ( proto_gssapi , hf , array_length ( hf ) ) ;
proto_register_subtree_array ( ett , array_length ( ett ) ) ;
2002-08-28 21:04:11 +00:00
2002-08-21 20:52:40 +00:00
register_dissector ( " gssapi " , dissect_gssapi , proto_gssapi ) ;
2003-07-16 04:20:33 +00:00
new_register_dissector ( " gssapi_verf " , dissect_gssapi_verf , proto_gssapi ) ;
2002-08-21 20:52:40 +00:00
gssapi_oids = g_hash_table_new ( gssapi_oid_hash , gssapi_oid_equal ) ;
2006-09-02 11:46:15 +00:00
register_init_routine ( gssapi_reassembly_init ) ;
2002-08-21 20:52:40 +00:00
}
2003-07-16 04:20:33 +00:00
static int wrap_dissect_gssapi ( tvbuff_t * tvb , int offset ,
packet_info * pinfo ,
2004-01-19 20:10:37 +00:00
proto_tree * tree , guint8 * drep _U_ )
2003-07-16 04:20:33 +00:00
{
tvbuff_t * auth_tvb ;
2004-07-18 04:01:23 +00:00
auth_tvb = tvb_new_subset ( tvb , offset , - 1 , - 1 ) ;
2003-07-16 04:20:33 +00:00
dissect_gssapi ( auth_tvb , pinfo , tree ) ;
return tvb_length_remaining ( tvb , offset ) ;
}
2004-07-18 03:46:34 +00:00
int wrap_dissect_gssapi_verf ( tvbuff_t * tvb , int offset ,
2003-07-16 04:20:33 +00:00
packet_info * pinfo ,
2004-01-19 20:10:37 +00:00
proto_tree * tree , guint8 * drep _U_ )
2003-07-16 04:20:33 +00:00
{
tvbuff_t * auth_tvb ;
2004-07-18 04:01:23 +00:00
auth_tvb = tvb_new_subset ( tvb , offset , - 1 , - 1 ) ;
2003-07-16 04:20:33 +00:00
return dissect_gssapi_verf ( auth_tvb , pinfo , tree ) ;
}
2005-03-10 10:16:49 +00:00
tvbuff_t *
wrap_dissect_gssapi_payload ( tvbuff_t * data_tvb ,
tvbuff_t * auth_tvb ,
2005-03-11 09:31:11 +00:00
int offset _U_ ,
2005-03-10 10:16:49 +00:00
packet_info * pinfo ,
2005-03-11 09:31:11 +00:00
dcerpc_auth_info * auth_info _U_ )
2005-03-10 10:16:49 +00:00
{
tvbuff_t * result ;
/* we need a full auth and a full data tvb or else we cant
decrypt anything
*/
if ( ( ! auth_tvb ) | | ( ! data_tvb ) ) {
return NULL ;
}
pinfo - > decrypt_gssapi_tvb = DECRYPT_GSSAPI_DCE ;
pinfo - > gssapi_wrap_tvb = NULL ;
pinfo - > gssapi_encrypted_tvb = data_tvb ;
pinfo - > gssapi_decrypted_tvb = NULL ;
dissect_gssapi_verf ( auth_tvb , pinfo , NULL ) ;
result = pinfo - > gssapi_decrypted_tvb ;
pinfo - > decrypt_gssapi_tvb = 0 ;
pinfo - > gssapi_wrap_tvb = NULL ;
pinfo - > gssapi_encrypted_tvb = NULL ;
pinfo - > gssapi_decrypted_tvb = NULL ;
return result ;
}
2003-07-16 04:20:33 +00:00
static dcerpc_auth_subdissector_fns gssapi_auth_fns = {
wrap_dissect_gssapi , /* Bind */
wrap_dissect_gssapi , /* Bind ACK */
wrap_dissect_gssapi , /* AUTH3 */
wrap_dissect_gssapi_verf , /* Request verifier */
wrap_dissect_gssapi_verf , /* Response verifier */
2006-06-09 08:54:23 +00:00
wrap_dissect_gssapi_payload , /* Request data */
wrap_dissect_gssapi_payload /* Response data */
2003-07-16 04:20:33 +00:00
} ;
2002-08-21 20:52:40 +00:00
void
proto_reg_handoff_gssapi ( void )
{
2005-12-25 12:03:18 +00:00
dissector_handle_t gssapi_handle ;
2005-03-17 02:27:26 +00:00
ntlmssp_handle = find_dissector ( " ntlmssp " ) ;
2005-03-04 12:28:00 +00:00
register_dcerpc_auth_subdissector ( DCE_C_AUTHN_LEVEL_CONNECT ,
DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO ,
& gssapi_auth_fns ) ;
register_dcerpc_auth_subdissector ( DCE_C_AUTHN_LEVEL_PKT_INTEGRITY ,
DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO ,
& gssapi_auth_fns ) ;
2003-07-16 04:20:33 +00:00
register_dcerpc_auth_subdissector ( DCE_C_AUTHN_LEVEL_PKT_PRIVACY ,
DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO ,
& gssapi_auth_fns ) ;
2005-12-25 12:03:18 +00:00
gssapi_handle = create_dissector_handle ( dissect_gssapi , proto_gssapi ) ;
dissector_add_string ( " dns.tsig.mac " , " gss.microsoft.com " , gssapi_handle ) ;
2002-08-21 20:52:40 +00:00
}