osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Further refactor GSS_API dissectors to pass gssapi_encrypt_info_t structure between dissectors instead of using packet_info.h 

The only remaining explicit user of the packet_info members is the NTLMSSP dissector.  However, there may be "hidden" use of it in the spnego dissector passing between ASN.1 functions.
Someone more familiar with the protocols could possibly trim some of the "extra copies" between packet_info and gssapi_encrypt_info_t structure, but I went the "better safe than sorry" route.

Change-Id: I160d2cfccadc5f49b128609223cdff0162c3ca85
Reviewed-on: https://code.wireshark.org/review/11575
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Michael Mann 2015-11-03 22:25:36 -05:00
parent e6a2f17237
commit 31f004f1ca
8 changed files with 483 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
asn1/kerberos/packet-kerberos-template.h
View File

@ -100,6 +100,41 @@ void read_keytab_file_from_preferences(void);
#endif /* HAVE_KERBEROS */
/* encryption type constants */
#define KRB5_ENCTYPE_NULL 0
#define KRB5_ENCTYPE_DES_CBC_CRC 1
#define KRB5_ENCTYPE_DES_CBC_MD4 2
#define KRB5_ENCTYPE_DES_CBC_MD5 3
#define KRB5_ENCTYPE_DES_CBC_RAW 4
#define KRB5_ENCTYPE_DES3_CBC_SHA 5
#define KRB5_ENCTYPE_DES3_CBC_RAW 6
#define KRB5_ENCTYPE_DES_HMAC_SHA1 8
#define KRB5_ENCTYPE_DSA_SHA1_CMS 9
#define KRB5_ENCTYPE_RSA_MD5_CMS 10
#define KRB5_ENCTYPE_RSA_SHA1_CMS 11
#define KRB5_ENCTYPE_RC2_CBC_ENV 12
#define KRB5_ENCTYPE_RSA_ENV 13
#define KRB5_ENCTYPE_RSA_ES_OEAP_ENV 14
#define KRB5_ENCTYPE_DES_EDE3_CBC_ENV 15
#define KRB5_ENCTYPE_DES3_CBC_SHA1 16
#define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 17
#define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 18
#define KRB5_ENCTYPE_DES_CBC_MD5_NT 20
#define KERB_ENCTYPE_RC4_HMAC 23
#define KERB_ENCTYPE_RC4_HMAC_EXP 24
#define KRB5_ENCTYPE_UNKNOWN 0x1ff
#define KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 0x7007
#define KRB5_ENCTYPE_RC4_PLAIN_EXP 0xffffff73
#define KRB5_ENCTYPE_RC4_PLAIN 0xffffff74
#define KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP 0xffffff78
#define KRB5_ENCTYPE_RC4_HMAC_OLD_EXP 0xffffff79
#define KRB5_ENCTYPE_RC4_PLAIN_OLD 0xffffff7a
#define KRB5_ENCTYPE_RC4_HMAC_OLD 0xffffff7b
#define KRB5_ENCTYPE_DES_PLAIN 0xffffff7c
#define KRB5_ENCTYPE_RC4_SHA 0xffffff7d
#define KRB5_ENCTYPE_RC4_LM 0xffffff7e
#define KRB5_ENCTYPE_RC4_PLAIN2 0xffffff7f
#define KRB5_ENCTYPE_RC4_MD4 0xffffff80
#include "packet-kerberos-exp.h"

251
asn1/spnego/packet-spnego-template.c
View File

@ -164,14 +164,36 @@ static const value_string spnego_krb5_seal_alg_vals[] = {
static int
dissect_spnego_krb5_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree);
static int
dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id);
dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id, gssapi_encrypt_info_t* gssapi_encrypt);
static int
dissect_spnego_krb5_cfx_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree);
static int
dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id);
dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id, gssapi_encrypt_info_t* gssapi_encrypt);
static void
dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
/* XXX - This should be TEMPORARY until these members in are removed from packet_info */
static void packet_info_to_gssapi_encrypt(packet_info *pinfo, gssapi_encrypt_info_t* encrypt_info)
{
encrypt_info->decrypt_gssapi_tvb = pinfo->decrypt_gssapi_tvb;
encrypt_info->gssapi_wrap_tvb = pinfo->gssapi_wrap_tvb;
encrypt_info->gssapi_encrypted_tvb = pinfo->gssapi_encrypted_tvb;
encrypt_info->gssapi_decrypted_tvb = pinfo->gssapi_decrypted_tvb;
encrypt_info->gssapi_data_encrypted = pinfo->gssapi_data_encrypted;
}
static void gssapi_encrypt_to_packet_info(packet_info *pinfo, gssapi_encrypt_info_t* encrypt_info)
{
pinfo->decrypt_gssapi_tvb = encrypt_info->decrypt_gssapi_tvb;
pinfo->gssapi_wrap_tvb = encrypt_info->gssapi_wrap_tvb;
pinfo->gssapi_encrypted_tvb = encrypt_info->gssapi_encrypted_tvb;
pinfo->gssapi_decrypted_tvb = encrypt_info->gssapi_decrypted_tvb;
pinfo->gssapi_data_encrypted = encrypt_info->gssapi_data_encrypted;
}
static int
dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
{
proto_item *item;
proto_tree *subtree;
@ -183,6 +205,8 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
gboolean pc, ind = 0;
gint32 tag;
guint32 len;
gssapi_encrypt_info_t* encrypt_info = (gssapi_encrypt_info_t*)data;
gssapi_encrypt_info_t pass_encrypt_info;
asn1_ctx_t asn1_ctx;
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
@ -254,7 +278,7 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
* return.
*/
dissect_kerberos_main(tvb, pinfo, subtree, FALSE, NULL);
return;
return tvb_captured_length(tvb);
default:
proto_tree_add_expert_format(subtree, pinfo, &ei_spnego_unknown_header, tvb, offset, 0,
@ -286,7 +310,28 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
break;
case KRB_TOKEN_WRAP:
offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id);
/* XXX - This is setup to hopefully remove the need for these members in packet_info
* If data is supplied to dissector, use it. Otherwise convert to packet_info
*/
if (encrypt_info != NULL)
{
pass_encrypt_info = *encrypt_info;
}
else
{
packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info);
}
offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info);
if (encrypt_info != NULL)
{
*encrypt_info = pass_encrypt_info;
}
else
{
gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info);
}
break;
case KRB_TOKEN_DELETE_SEC_CONTEXT:
@ -298,7 +343,28 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
break;
case KRB_TOKEN_CFX_WRAP:
offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id);
/* XXX - This is setup to hopefully remove the need for these members in packet_info
* If data is supplied to dissector, use it. Otherwise convert to packet_info
*/
if (encrypt_info != NULL)
{
pass_encrypt_info = *encrypt_info;
}
else
{
packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info);
}
offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info);
if (encrypt_info != NULL)
{
*encrypt_info = pass_encrypt_info;
}
else
{
gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info);
}
break;
default:
@ -308,7 +374,7 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
done:
proto_item_set_len(item, offset);
return;
return tvb_captured_length(tvb);
}
#ifdef HAVE_KERBEROS
@ -443,9 +509,7 @@ gssapi_verify_pad(guint8 *wrapped_data, int wrapped_length,
}
static int
decrypt_arcfour(packet_info *pinfo,
guint8 *input_message_buffer,
guint8 *output_message_buffer,
decrypt_arcfour(gssapi_encrypt_info_t* gssapi_encrypt, guint8 *input_message_buffer, guint8 *output_message_buffer,
guint8 *key_value, int key_size, int key_type)
{
guint8 Klocaldata[16];
@ -459,22 +523,22 @@ decrypt_arcfour(packet_info *pinfo,
int conf_flag;
int padlen = 0;
datalen = tvb_captured_length(pinfo->gssapi_encrypted_tvb);
datalen = tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb);
if(tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 4)==0x1000){
if(tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 4)==0x1000){
conf_flag=1;
} else if (tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 4)==0xffff){
} else if (tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 4)==0xffff){
conf_flag=0;
} else {
return -3;
}
if(tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 6)!=0xffff){
if(tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 6)!=0xffff){
return -4;
}
ret = arcfour_mic_key(key_value, key_size, key_type,
tvb_get_ptr(pinfo->gssapi_wrap_tvb, 16, 8),
tvb_get_ptr(gssapi_encrypt->gssapi_wrap_tvb, 16, 8),
8, /* SGN_CKSUM */
k6_data);
if (ret) {
@ -485,7 +549,7 @@ decrypt_arcfour(packet_info *pinfo,
rc4_state_struct rc4_state;
crypt_rc4_init(&rc4_state, k6_data, sizeof(k6_data));
tvb_memcpy(pinfo->gssapi_wrap_tvb, SND_SEQ, 8, 8);
tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, SND_SEQ, 8, 8);
crypt_rc4(&rc4_state, (guint8 *)SND_SEQ, 8);
memset(k6_data, 0, sizeof(k6_data));
@ -514,12 +578,12 @@ decrypt_arcfour(packet_info *pinfo,
rc4_state_struct rc4_state;
crypt_rc4_init(&rc4_state, k6_data, sizeof(k6_data));
tvb_memcpy(pinfo->gssapi_wrap_tvb, Confounder, 24, 8);
tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, Confounder, 24, 8);
crypt_rc4(&rc4_state, Confounder, 8);
memcpy(output_message_buffer, input_message_buffer, datalen);
crypt_rc4(&rc4_state, output_message_buffer, datalen);
} else {
tvb_memcpy(pinfo->gssapi_wrap_tvb, Confounder, 24, 8);
tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, Confounder, 24, 8);
memcpy(output_message_buffer,
input_message_buffer,
datalen);
@ -527,7 +591,7 @@ decrypt_arcfour(packet_info *pinfo,
memset(k6_data, 0, sizeof(k6_data));
/* only normal (i.e. non DCE style wrapping use padding ? */
if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
if(gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
ret = gssapi_verify_pad(output_message_buffer,datalen,datalen, &padlen);
if (ret) {
return -9;
@ -536,11 +600,11 @@ decrypt_arcfour(packet_info *pinfo,
}
/* don't know what the checksum looks like for dce style gssapi */
if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
if(gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
ret = arcfour_mic_cksum(key_value, key_size,
KRB5_KU_USAGE_SEAL,
cksum_data,
tvb_get_ptr(pinfo->gssapi_wrap_tvb, 0, 8), 8,
tvb_get_ptr(gssapi_encrypt->gssapi_wrap_tvb, 0, 8), 8,
Confounder, sizeof(Confounder),
output_message_buffer,
datalen + padlen);
@ -548,7 +612,7 @@ decrypt_arcfour(packet_info *pinfo,
return -10;
}
cmp = tvb_memeql(pinfo->gssapi_wrap_tvb, 16, cksum_data, 8); /* SGN_CKSUM */
cmp = tvb_memeql(gssapi_encrypt->gssapi_wrap_tvb, 16, cksum_data, 8); /* SGN_CKSUM */
if (cmp) {
return -11;
}
@ -562,7 +626,7 @@ decrypt_arcfour(packet_info *pinfo,
#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
static void
decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff_t *tvb, int keytype)
decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff_t *tvb, int keytype, gssapi_encrypt_info_t* gssapi_encrypt)
{
int ret;
enc_key_t *ek;
@ -572,8 +636,8 @@ decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff
guint8 *cryptocopy=NULL; /* workaround for pre-0.6.1 heimdal bug */
guint8 *output_message_buffer;
length=tvb_captured_length(pinfo->gssapi_encrypted_tvb);
original_data=tvb_get_ptr(pinfo->gssapi_encrypted_tvb, 0, length);
length=tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb);
original_data=tvb_get_ptr(gssapi_encrypt->gssapi_encrypted_tvb, 0, length);
/* don't do anything if we are not attempting to decrypt data */
/*
@ -600,26 +664,24 @@ decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff
This has been seen for RC4-HMAC blobs.
*/
memcpy(cryptocopy, original_data, length);
ret=decrypt_arcfour(pinfo,
ret=decrypt_arcfour(gssapi_encrypt,
cryptocopy,
output_message_buffer,
ek->keyvalue,
ek->keylength,
ek->keytype
);
ek->keytype);
if (ret >= 0) {
expert_add_info_format(pinfo, NULL, &ei_spnego_decrypted_keytype,
"Decrypted keytype %d in frame %u using %s",
ek->keytype, pinfo->fd->num, ek->key_origin);
pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb,
gssapi_encrypt->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb,
output_message_buffer,
ret, ret);
add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
add_new_data_source(pinfo, gssapi_encrypt->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
return;
}
}
return;
}
/* borrowed from heimdal */
@ -670,13 +732,12 @@ rrc_rotate(guint8 *data, int len, guint16 rrc, int unrotate)
#define KRB5_KU_USAGE_INITIATOR_SIGN 25
static void
decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
decrypt_gssapi_krb_cfx_wrap(proto_tree *tree,
packet_info *pinfo,
tvbuff_t *checksum_tvb,
tvbuff_t *encrypted_tvb,
gssapi_encrypt_info_t* gssapi_encrypt,
guint16 ec,
guint16 rrc,
gboolean is_dce,
int keytype,
unsigned int usage)
{
@ -690,22 +751,22 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
return;
}
datalen = tvb_captured_length(checksum_tvb) + tvb_captured_length(encrypted_tvb);
datalen = tvb_captured_length(checksum_tvb) + tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb);
rotated = (guint8 *)wmem_alloc(pinfo->pool, datalen);
tvb_memcpy(checksum_tvb, rotated,
0, tvb_captured_length(checksum_tvb));
tvb_memcpy(encrypted_tvb, rotated + tvb_captured_length(checksum_tvb),
0, tvb_captured_length(encrypted_tvb));
tvb_memcpy(gssapi_encrypt->gssapi_encrypted_tvb, rotated + tvb_captured_length(checksum_tvb),
0, tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb));
if (is_dce) {
if (gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE) {
rrc += ec;
}
rrc_rotate(rotated, datalen, rrc, TRUE);
next_tvb=tvb_new_child_real_data(encrypted_tvb, rotated,
next_tvb=tvb_new_child_real_data(gssapi_encrypt->gssapi_encrypted_tvb, rotated,
datalen, datalen);
add_new_data_source(pinfo, next_tvb, "GSSAPI CFX");
@ -715,18 +776,16 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
if (output) {
guint8 *outdata;
outdata = (guint8 *)g_memdup(output, tvb_captured_length(encrypted_tvb));
outdata = (guint8 *)g_memdup(output, tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb));
g_free(output);
pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(encrypted_tvb,
gssapi_encrypt->gssapi_decrypted_tvb=tvb_new_child_real_data(gssapi_encrypt->gssapi_encrypted_tvb,
outdata,
tvb_captured_length(encrypted_tvb),
tvb_captured_length(encrypted_tvb));
add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
tvb_set_free_cb(pinfo->gssapi_decrypted_tvb, g_free);
return;
tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb),
tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb));
add_new_data_source(pinfo, gssapi_encrypt->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
tvb_set_free_cb(gssapi_encrypt->gssapi_decrypted_tvb, g_free);
}
return;
}
#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
@ -746,7 +805,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
#ifndef HAVE_KERBEROS
_U_
#endif
)
, gssapi_encrypt_info_t* gssapi_encrypt
)
{
guint16 sgn_alg, seal_alg;
#ifdef HAVE_KERBEROS
@ -809,15 +869,15 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
}
/* Is the data encrypted? */
pinfo->gssapi_data_encrypted=(seal_alg!=KRB_SEAL_ALG_NONE);
gssapi_encrypt->gssapi_data_encrypted=(seal_alg!=KRB_SEAL_ALG_NONE);
#ifdef HAVE_KERBEROS
#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
if(pinfo->decrypt_gssapi_tvb){
if(gssapi_encrypt->decrypt_gssapi_tvb){
/* if the caller did not provide a tvb, then we just use
whatever is left of our current tvb.
*/
if(!pinfo->gssapi_encrypted_tvb){
if(!gssapi_encrypt->gssapi_encrypted_tvb){
int len;
len=tvb_reported_length_remaining(tvb,offset);
if(len>tvb_captured_length_remaining(tvb, offset)){
@ -826,7 +886,7 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
*/
return offset;
}
pinfo->gssapi_encrypted_tvb = tvb_new_subset_length(
gssapi_encrypt->gssapi_encrypted_tvb = tvb_new_subset_length(
tvb, offset, len);
}
@ -837,8 +897,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
/* do we need to create a tvb for the wrapper
as well ?
*/
if(!pinfo->gssapi_wrap_tvb){
pinfo->gssapi_wrap_tvb = tvb_new_subset_length(
if(!gssapi_encrypt->gssapi_wrap_tvb){
gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length(
tvb, start_offset-2,
GSS_ARCFOUR_WRAP_TOKEN_SIZE);
}
@ -846,7 +906,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
decrypt_gssapi_krb_arcfour_wrap(tree,
pinfo,
tvb,
23 /* rc4-hmac */);
KERB_ENCTYPE_RC4_HMAC,
gssapi_encrypt);
#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
}
}
@ -958,6 +1019,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
_U_
#endif
, proto_tree *tree, guint16 token_id _U_
, gssapi_encrypt_info_t* gssapi_encrypt
)
{
guint8 flags;
@ -979,7 +1041,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
flags = tvb_get_guint8(tvb, offset);
offset = dissect_spnego_krb5_cfx_flags(tvb, offset, tree, flags);
pinfo->gssapi_data_encrypted=(flags & 2);
gssapi_encrypt->gssapi_data_encrypted=(flags & 2);
/* Skip the filler */
@ -1009,7 +1071,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
/* Checksum of plaintext padded data */
if (pinfo->gssapi_data_encrypted) {
if (gssapi_encrypt->gssapi_data_encrypted) {
checksum_size = 44 + ec;
proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
@ -1046,7 +1108,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
#endif
returned_offset = offset;
pinfo->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset,
gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset,
inner_token_len);
offset += inner_token_len;
@ -1067,11 +1129,11 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
return returned_offset;
}
if(pinfo->decrypt_gssapi_tvb){
if(gssapi_encrypt->decrypt_gssapi_tvb){
/* if the caller did not provide a tvb, then we just use
whatever is left of our current tvb.
*/
if(!pinfo->gssapi_encrypted_tvb){
if(!gssapi_encrypt->gssapi_encrypted_tvb){
int len;
len=tvb_reported_length_remaining(tvb,offset);
if(len>tvb_captured_length_remaining(tvb, offset)){
@ -1080,16 +1142,16 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
*/
return offset;
}
pinfo->gssapi_encrypted_tvb = tvb_new_subset(
gssapi_encrypt->gssapi_encrypted_tvb = tvb_new_subset(
tvb, offset, len, len);
}
if (pinfo->gssapi_data_encrypted) {
if (gssapi_encrypt->gssapi_data_encrypted) {
/* do we need to create a tvb for the wrapper
as well ?
*/
if(!pinfo->gssapi_wrap_tvb){
pinfo->gssapi_wrap_tvb = tvb_new_subset_length(
if(!gssapi_encrypt->gssapi_wrap_tvb){
gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length(
tvb, start_offset-2,
offset - (start_offset-2));
}
@ -1100,15 +1162,14 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
{
tvbuff_t *checksum_tvb = tvb_new_subset_length(tvb, 16, checksum_size);
if (pinfo->gssapi_data_encrypted) {
if(pinfo->gssapi_encrypted_tvb){
if (gssapi_encrypt->gssapi_data_encrypted) {
if(gssapi_encrypt->gssapi_encrypted_tvb){
decrypt_gssapi_krb_cfx_wrap(tree,
pinfo,
checksum_tvb,
pinfo->gssapi_encrypted_tvb,
gssapi_encrypt,
ec,
rrc,
(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE)?TRUE:FALSE,
-1,
(flags & 0x0001)?
KRB5_KU_USAGE_ACCEPTOR_SEAL:
@ -1186,12 +1247,14 @@ dissect_spnego_krb5_cfx_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinf
* getting it accepted.
*/
static int
dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data)
{
proto_item *item;
proto_tree *subtree;
int offset = 0;
guint16 token_id;
gssapi_encrypt_info_t* encrypt_info = (gssapi_encrypt_info_t*)data;
gssapi_encrypt_info_t pass_encrypt_info;
item = proto_tree_add_item(tree, hf_spnego_krb5, tvb, 0, -1, ENC_NA);
@ -1217,7 +1280,28 @@ dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree
break;
case KRB_TOKEN_WRAP:
offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id);
/* XXX - This is setup to hopefully remove the need for these members in packet_info
* If data is supplied to dissector, use it. Otherwise convert to packet_info
*/
if (encrypt_info != NULL)
{
pass_encrypt_info = *encrypt_info;
}
else
{
packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info);
}
offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info);
if (encrypt_info != NULL)
{
*encrypt_info = pass_encrypt_info;
}
else
{
gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info);
}
break;
case KRB_TOKEN_CFX_GETMIC:
@ -1225,7 +1309,28 @@ dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree
break;
case KRB_TOKEN_CFX_WRAP:
offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id);
/* XXX - This is setup to hopefully remove the need for these members in packet_info
* If data is supplied to dissector, use it. Otherwise convert to packet_info
*/
if (encrypt_info != NULL)
{
pass_encrypt_info = *encrypt_info;
}
else
{
packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info);
}
offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info);
if (encrypt_info != NULL)
{
*encrypt_info = pass_encrypt_info;
}
else
{
gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info);
}
break;
default:
@ -1439,7 +1544,7 @@ void proto_register_spnego(void) {
"SPNEGO-KRB5",
"spnego-krb5");
register_dissector("spnego-krb5", dissect_spnego_krb5, proto_spnego_krb5);
new_register_dissector("spnego-krb5", dissect_spnego_krb5, proto_spnego_krb5);
new_register_dissector("spnego-krb5-wrap", dissect_spnego_krb5_wrap, proto_spnego_krb5);
/* Register fields and subtrees */

59
epan/dissectors/packet-gssapi.c
View File

@ -182,7 +182,7 @@ gssapi_lookup_oid_str(const char *oid_key)
static int
dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
gboolean is_verifier)
gboolean is_verifier, gssapi_encrypt_info_t* encrypt_info)
{
proto_item *volatile item;
proto_tree *volatile subtree;
@ -212,7 +212,7 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
* not, for now. The subdissector must set gssapi_data_encrypted
* if it is.
*/
pinfo->gssapi_data_encrypted = FALSE;
encrypt_info->gssapi_data_encrypted = FALSE;
/*
@ -325,7 +325,7 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
return_offset = call_dissector(ntlmssp_payload_handle,
tvb_new_subset_remaining(gss_tvb, start_offset),
pinfo, subtree);
pinfo->gssapi_data_encrypted = TRUE;
encrypt_info->gssapi_data_encrypted = TRUE;
goto done;
}
if ((tvb_captured_length_remaining(gss_tvb, start_offset)==16) &&
@ -335,11 +335,11 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
tvb_new_subset_remaining(gss_tvb, start_offset),
pinfo, subtree);
}
else if( pinfo->gssapi_encrypted_tvb ) {
else if( encrypt_info->gssapi_encrypted_tvb ) {
return_offset = call_dissector(ntlmssp_data_only_handle,
tvb_new_subset_remaining(pinfo->gssapi_encrypted_tvb, 0),
tvb_new_subset_remaining(encrypt_info->gssapi_encrypted_tvb, 0),
pinfo, subtree);
pinfo->gssapi_data_encrypted = TRUE;
encrypt_info->gssapi_data_encrypted = TRUE;
}
goto done;
}
@ -348,9 +348,9 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
if ((tvb_captured_length_remaining(gss_tvb, start_offset)>2) &&
((tvb_memeql(gss_tvb, start_offset, "\04\x04", 2) == 0) ||
(tvb_memeql(gss_tvb, start_offset, "\05\x04", 2) == 0))) {
return_offset = call_dissector(spnego_krb5_wrap_handle,
return_offset = call_dissector_with_data(spnego_krb5_wrap_handle,
tvb_new_subset_remaining(gss_tvb, start_offset),
pinfo, subtree);
pinfo, subtree, encrypt_info);
goto done;
}
@ -397,7 +397,7 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
handle = oidvalue->wrap_handle;
else
handle = oidvalue->handle;
len = call_dissector(handle, oid_tvb_local, pinfo, subtree);
len = call_dissector_with_data(handle, oid_tvb_local, pinfo, subtree, encrypt_info);
if (len == 0)
return_offset = tvb_captured_length(gss_tvb);
else
@ -475,8 +475,7 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
handle = oidvalue->wrap_handle;
if (handle != NULL) {
oid_tvb = tvb_new_subset_remaining(gss_tvb, offset);
len = call_dissector(handle, oid_tvb, pinfo,
subtree);
len = call_dissector_with_data(handle, oid_tvb, pinfo, subtree, encrypt_info);
if (len == 0)
return_offset = tvb_captured_length(gss_tvb);
else
@ -489,8 +488,7 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
handle = oidvalue->handle;
if (handle != NULL) {
oid_tvb = tvb_new_subset_remaining(gss_tvb, offset);
len = call_dissector(handle, oid_tvb, pinfo,
subtree);
len = call_dissector_with_data(handle, oid_tvb, pinfo, subtree, encrypt_info);
if (len == 0)
return_offset = tvb_captured_length(gss_tvb);
else
@ -523,10 +521,21 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
return return_offset;
}
/* XXX - This should be TEMPORARY until these members in are removed from packet_info */
static void packet_info_to_gssapi_encrypt(packet_info *pinfo, gssapi_encrypt_info_t* encrypt_info)
{
encrypt_info->decrypt_gssapi_tvb = pinfo->decrypt_gssapi_tvb;
encrypt_info->gssapi_wrap_tvb = pinfo->gssapi_wrap_tvb;
encrypt_info->gssapi_encrypted_tvb = pinfo->gssapi_encrypted_tvb;
encrypt_info->gssapi_decrypted_tvb = pinfo->gssapi_decrypted_tvb;
encrypt_info->gssapi_data_encrypted = pinfo->gssapi_data_encrypted;
}
static int
dissect_gssapi_work_wrapper(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gssapi_encrypt_info_t* encrypt_info, gboolean is_verifier)
{
int ret;
gssapi_encrypt_info_t pass_encrypt_info;
/* XXX - This is setup to hopefully remove the need for these members in packet_info
* Setup the dissector to take them as arguments and for now, convert to
@ -534,24 +543,22 @@ dissect_gssapi_work_wrapper(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
*/
if (encrypt_info != NULL)
{
pinfo->decrypt_gssapi_tvb = encrypt_info->decrypt_gssapi_tvb;
pinfo->gssapi_wrap_tvb = encrypt_info->gssapi_wrap_tvb;
pinfo->gssapi_encrypted_tvb = encrypt_info->gssapi_encrypted_tvb;
pinfo->gssapi_decrypted_tvb = encrypt_info->gssapi_decrypted_tvb;
pinfo->gssapi_data_encrypted = encrypt_info->gssapi_data_encrypted;
pass_encrypt_info = *encrypt_info;
}
else
{
packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info);
}
ret = dissect_gssapi_work(tvb, pinfo, tree, is_verifier);
ret = dissect_gssapi_work(tvb, pinfo, tree, is_verifier, &pass_encrypt_info);
if (encrypt_info != NULL)
{
/* Reassign the data from packet_info and clean up */
encrypt_info->gssapi_data_encrypted = pinfo->gssapi_data_encrypted;
encrypt_info->decrypt_gssapi_tvb = pinfo->decrypt_gssapi_tvb;
encrypt_info->gssapi_wrap_tvb = pinfo->gssapi_wrap_tvb;
encrypt_info->gssapi_encrypted_tvb = pinfo->gssapi_encrypted_tvb;
encrypt_info->gssapi_decrypted_tvb = pinfo->gssapi_decrypted_tvb;
*encrypt_info = pass_encrypt_info;
}
else
{
/* Just clean up */
pinfo->decrypt_gssapi_tvb=0;
pinfo->gssapi_wrap_tvb=NULL;
pinfo->gssapi_encrypted_tvb=NULL;

3
epan/dissectors/packet-gssapi.h
View File

@ -36,6 +36,9 @@ typedef struct _gssapi_oid_value {
/* Created as an attempt to remove members out of packet_info.
Data structure to be passed between dissectors */
#define DECRYPT_GSSAPI_NORMAL 1
#define DECRYPT_GSSAPI_DCE 2
typedef struct _gssapi_encrypt_info
{
guint16 decrypt_gssapi_tvb;

37
epan/dissectors/packet-kerberos.h
View File

@ -108,6 +108,41 @@ void read_keytab_file_from_preferences(void);
#endif /* HAVE_KERBEROS */
/* encryption type constants */
#define KRB5_ENCTYPE_NULL 0
#define KRB5_ENCTYPE_DES_CBC_CRC 1
#define KRB5_ENCTYPE_DES_CBC_MD4 2
#define KRB5_ENCTYPE_DES_CBC_MD5 3
#define KRB5_ENCTYPE_DES_CBC_RAW 4
#define KRB5_ENCTYPE_DES3_CBC_SHA 5
#define KRB5_ENCTYPE_DES3_CBC_RAW 6
#define KRB5_ENCTYPE_DES_HMAC_SHA1 8
#define KRB5_ENCTYPE_DSA_SHA1_CMS 9
#define KRB5_ENCTYPE_RSA_MD5_CMS 10
#define KRB5_ENCTYPE_RSA_SHA1_CMS 11
#define KRB5_ENCTYPE_RC2_CBC_ENV 12
#define KRB5_ENCTYPE_RSA_ENV 13
#define KRB5_ENCTYPE_RSA_ES_OEAP_ENV 14
#define KRB5_ENCTYPE_DES_EDE3_CBC_ENV 15
#define KRB5_ENCTYPE_DES3_CBC_SHA1 16
#define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 17
#define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 18
#define KRB5_ENCTYPE_DES_CBC_MD5_NT 20
#define KERB_ENCTYPE_RC4_HMAC 23
#define KERB_ENCTYPE_RC4_HMAC_EXP 24
#define KRB5_ENCTYPE_UNKNOWN 0x1ff
#define KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 0x7007
#define KRB5_ENCTYPE_RC4_PLAIN_EXP 0xffffff73
#define KRB5_ENCTYPE_RC4_PLAIN 0xffffff74
#define KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP 0xffffff78
#define KRB5_ENCTYPE_RC4_HMAC_OLD_EXP 0xffffff79
#define KRB5_ENCTYPE_RC4_PLAIN_OLD 0xffffff7a
#define KRB5_ENCTYPE_RC4_HMAC_OLD 0xffffff7b
#define KRB5_ENCTYPE_DES_PLAIN 0xffffff7c
#define KRB5_ENCTYPE_RC4_SHA 0xffffff7d
#define KRB5_ENCTYPE_RC4_LM 0xffffff7e
#define KRB5_ENCTYPE_RC4_PLAIN2 0xffffff7f
#define KRB5_ENCTYPE_RC4_MD4 0xffffff80
/*--- Included file: packet-kerberos-exp.h ---*/
@ -115,7 +150,7 @@ void read_keytab_file_from_preferences(void);
int dissect_kerberos_ChangePasswdData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
/*--- End of included file: packet-kerberos-exp.h ---*/
#line 105 "../../asn1/kerberos/packet-kerberos-template.h"
#line 140 "../../asn1/kerberos/packet-kerberos-template.h"
#ifdef __cplusplus
}

35
epan/dissectors/packet-rpc.c
View File

@ -42,6 +42,8 @@
#include "packet-rpc.h"
#include "packet-tcp.h"
#include "packet-nfs.h"
#include "packet-dcerpc.h"
#include "packet-gssapi.h"
/*
* See:
@ -1591,7 +1593,7 @@ dissect_rpc_authgss_integ_data(tvbuff_t *tvb, packet_info *pinfo,
static int
dissect_rpc_authgss_priv_data(tvbuff_t *tvb, proto_tree *tree, int offset,
packet_info *pinfo _U_)
packet_info *pinfo, gssapi_encrypt_info_t* gssapi_encrypt)
{
int length;
/* int return_offset; */
@ -1611,11 +1613,11 @@ dissect_rpc_authgss_priv_data(tvbuff_t *tvb, proto_tree *tree, int offset,
return offset;
}
/* return_offset = */ call_dissector(spnego_krb5_wrap_handle,
/* return_offset = */ call_dissector_with_data(spnego_krb5_wrap_handle,
tvb_new_subset_remaining(tvb, offset),
pinfo, tree);
pinfo, tree, gssapi_encrypt);
if (!pinfo->gssapi_decrypted_tvb) {
if (!gssapi_encrypt->gssapi_decrypted_tvb) {
/* failed to decrypt the data */
offset += length;
return offset;
@ -1994,7 +1996,7 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
gboolean dissect_rpc_flag = TRUE;
rpc_conv_info_t *rpc_conv_info=NULL;
gssapi_encrypt_info_t gssapi_encrypt;
/*
* Check to see whether this looks like an RPC call or reply.
@ -2728,24 +2730,23 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
/* If this is encrypted data we have to try to decrypt the data first before we
* we create a tree.
* the reason for this is because if we can decrypt the data we must create the
* item/tree for the next protocol using the decrypted tdb and not the current
* item/tree for the next protocol using the decrypted tvb and not the current
* tvb.
*/
pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
pinfo->gssapi_wrap_tvb=NULL;
pinfo->gssapi_encrypted_tvb=NULL;
pinfo->gssapi_decrypted_tvb=NULL;
memset(&gssapi_encrypt, 0, sizeof(gssapi_encrypt));
gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
if (flavor == FLAVOR_GSSAPI && gss_proc == RPCSEC_GSS_DATA && gss_svc == RPCSEC_GSS_SVC_PRIVACY) {
proto_tree *gss_tree;
gss_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_gss_wrap, NULL, "GSS-Wrap");
offset = dissect_rpc_authgss_priv_data(tvb, gss_tree, offset, pinfo);
if (pinfo->gssapi_decrypted_tvb) {
proto_tree_add_item(gss_tree, hf_rpc_authgss_seq, pinfo->gssapi_decrypted_tvb, 0, 4, ENC_BIG_ENDIAN);
offset = dissect_rpc_authgss_priv_data(tvb, gss_tree, offset, pinfo, &gssapi_encrypt);
if (gssapi_encrypt.gssapi_decrypted_tvb) {
proto_tree_add_item(gss_tree, hf_rpc_authgss_seq, gssapi_encrypt.gssapi_decrypted_tvb, 0, 4, ENC_BIG_ENDIAN);
/* Switcheroo to the new tvb that contains the decrypted payload */
tvb = pinfo->gssapi_decrypted_tvb;
tvb = gssapi_encrypt.gssapi_decrypted_tvb;
offset = 4;
}
}
@ -2860,13 +2861,13 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
progname, rpc_call);
}
else if (gss_svc == RPCSEC_GSS_SVC_PRIVACY) {
if (pinfo->gssapi_decrypted_tvb) {
if (gssapi_encrypt.gssapi_decrypted_tvb) {
call_dissect_function(
pinfo->gssapi_decrypted_tvb,
gssapi_encrypt.gssapi_decrypted_tvb,
pinfo, ptree, 4,
dissect_function,
progname, rpc_call);
offset = tvb_reported_length(pinfo->gssapi_decrypted_tvb);
offset = tvb_reported_length(gssapi_encrypt.gssapi_decrypted_tvb);
}
}
break;

255
epan/dissectors/packet-spnego.c
View File

@ -616,14 +616,36 @@ static const value_string spnego_krb5_seal_alg_vals[] = {
static int
dissect_spnego_krb5_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree);
static int
dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id);
dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id, gssapi_encrypt_info_t* gssapi_encrypt);
static int
dissect_spnego_krb5_cfx_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree);
static int
dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id);
dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id, gssapi_encrypt_info_t* gssapi_encrypt);
static void
dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
/* XXX - This should be TEMPORARY until these members in are removed from packet_info */
static void packet_info_to_gssapi_encrypt(packet_info *pinfo, gssapi_encrypt_info_t* encrypt_info)
{
encrypt_info->decrypt_gssapi_tvb = pinfo->decrypt_gssapi_tvb;
encrypt_info->gssapi_wrap_tvb = pinfo->gssapi_wrap_tvb;
encrypt_info->gssapi_encrypted_tvb = pinfo->gssapi_encrypted_tvb;
encrypt_info->gssapi_decrypted_tvb = pinfo->gssapi_decrypted_tvb;
encrypt_info->gssapi_data_encrypted = pinfo->gssapi_data_encrypted;
}
static void gssapi_encrypt_to_packet_info(packet_info *pinfo, gssapi_encrypt_info_t* encrypt_info)
{
pinfo->decrypt_gssapi_tvb = encrypt_info->decrypt_gssapi_tvb;
pinfo->gssapi_wrap_tvb = encrypt_info->gssapi_wrap_tvb;
pinfo->gssapi_encrypted_tvb = encrypt_info->gssapi_encrypted_tvb;
pinfo->gssapi_decrypted_tvb = encrypt_info->gssapi_decrypted_tvb;
pinfo->gssapi_data_encrypted = encrypt_info->gssapi_data_encrypted;
}
static int
dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
{
proto_item *item;
proto_tree *subtree;
@ -635,6 +657,8 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
gboolean pc, ind = 0;
gint32 tag;
guint32 len;
gssapi_encrypt_info_t* encrypt_info = (gssapi_encrypt_info_t*)data;
gssapi_encrypt_info_t pass_encrypt_info;
asn1_ctx_t asn1_ctx;
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
@ -706,7 +730,7 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
* return.
*/
dissect_kerberos_main(tvb, pinfo, subtree, FALSE, NULL);
return;
return tvb_captured_length(tvb);
default:
proto_tree_add_expert_format(subtree, pinfo, &ei_spnego_unknown_header, tvb, offset, 0,
@ -738,7 +762,28 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
break;
case KRB_TOKEN_WRAP:
offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id);
/* XXX - This is setup to hopefully remove the need for these members in packet_info
* If data is supplied to dissector, use it. Otherwise convert to packet_info
*/
if (encrypt_info != NULL)
{
pass_encrypt_info = *encrypt_info;
}
else
{
packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info);
}
offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info);
if (encrypt_info != NULL)
{
*encrypt_info = pass_encrypt_info;
}
else
{
gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info);
}
break;
case KRB_TOKEN_DELETE_SEC_CONTEXT:
@ -750,7 +795,28 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
break;
case KRB_TOKEN_CFX_WRAP:
offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id);
/* XXX - This is setup to hopefully remove the need for these members in packet_info
* If data is supplied to dissector, use it. Otherwise convert to packet_info
*/
if (encrypt_info != NULL)
{
pass_encrypt_info = *encrypt_info;
}
else
{
packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info);
}
offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info);
if (encrypt_info != NULL)
{
*encrypt_info = pass_encrypt_info;
}
else
{
gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info);
}
break;
default:
@ -760,7 +826,7 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
done:
proto_item_set_len(item, offset);
return;
return tvb_captured_length(tvb);
}
#ifdef HAVE_KERBEROS
@ -895,9 +961,7 @@ gssapi_verify_pad(guint8 *wrapped_data, int wrapped_length,
}
static int
decrypt_arcfour(packet_info *pinfo,
guint8 *input_message_buffer,
guint8 *output_message_buffer,
decrypt_arcfour(gssapi_encrypt_info_t* gssapi_encrypt, guint8 *input_message_buffer, guint8 *output_message_buffer,
guint8 *key_value, int key_size, int key_type)
{
guint8 Klocaldata[16];
@ -911,22 +975,22 @@ decrypt_arcfour(packet_info *pinfo,
int conf_flag;
int padlen = 0;
datalen = tvb_captured_length(pinfo->gssapi_encrypted_tvb);
datalen = tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb);
if(tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 4)==0x1000){
if(tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 4)==0x1000){
conf_flag=1;
} else if (tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 4)==0xffff){
} else if (tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 4)==0xffff){
conf_flag=0;
} else {
return -3;
}
if(tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 6)!=0xffff){
if(tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 6)!=0xffff){
return -4;
}
ret = arcfour_mic_key(key_value, key_size, key_type,
tvb_get_ptr(pinfo->gssapi_wrap_tvb, 16, 8),
tvb_get_ptr(gssapi_encrypt->gssapi_wrap_tvb, 16, 8),
8, /* SGN_CKSUM */
k6_data);
if (ret) {
@ -937,7 +1001,7 @@ decrypt_arcfour(packet_info *pinfo,
rc4_state_struct rc4_state;
crypt_rc4_init(&rc4_state, k6_data, sizeof(k6_data));
tvb_memcpy(pinfo->gssapi_wrap_tvb, SND_SEQ, 8, 8);
tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, SND_SEQ, 8, 8);
crypt_rc4(&rc4_state, (guint8 *)SND_SEQ, 8);
memset(k6_data, 0, sizeof(k6_data));
@ -966,12 +1030,12 @@ decrypt_arcfour(packet_info *pinfo,
rc4_state_struct rc4_state;
crypt_rc4_init(&rc4_state, k6_data, sizeof(k6_data));
tvb_memcpy(pinfo->gssapi_wrap_tvb, Confounder, 24, 8);
tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, Confounder, 24, 8);
crypt_rc4(&rc4_state, Confounder, 8);
memcpy(output_message_buffer, input_message_buffer, datalen);
crypt_rc4(&rc4_state, output_message_buffer, datalen);
} else {
tvb_memcpy(pinfo->gssapi_wrap_tvb, Confounder, 24, 8);
tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, Confounder, 24, 8);
memcpy(output_message_buffer,
input_message_buffer,
datalen);
@ -979,7 +1043,7 @@ decrypt_arcfour(packet_info *pinfo,
memset(k6_data, 0, sizeof(k6_data));
/* only normal (i.e. non DCE style wrapping use padding ? */
if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
if(gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
ret = gssapi_verify_pad(output_message_buffer,datalen,datalen, &padlen);
if (ret) {
return -9;
@ -988,11 +1052,11 @@ decrypt_arcfour(packet_info *pinfo,
}
/* don't know what the checksum looks like for dce style gssapi */
if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
if(gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
ret = arcfour_mic_cksum(key_value, key_size,
KRB5_KU_USAGE_SEAL,
cksum_data,
tvb_get_ptr(pinfo->gssapi_wrap_tvb, 0, 8), 8,
tvb_get_ptr(gssapi_encrypt->gssapi_wrap_tvb, 0, 8), 8,
Confounder, sizeof(Confounder),
output_message_buffer,
datalen + padlen);
@ -1000,7 +1064,7 @@ decrypt_arcfour(packet_info *pinfo,
return -10;
}
cmp = tvb_memeql(pinfo->gssapi_wrap_tvb, 16, cksum_data, 8); /* SGN_CKSUM */
cmp = tvb_memeql(gssapi_encrypt->gssapi_wrap_tvb, 16, cksum_data, 8); /* SGN_CKSUM */
if (cmp) {
return -11;
}
@ -1014,7 +1078,7 @@ decrypt_arcfour(packet_info *pinfo,
#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
static void
decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff_t *tvb, int keytype)
decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff_t *tvb, int keytype, gssapi_encrypt_info_t* gssapi_encrypt)
{
int ret;
enc_key_t *ek;
@ -1024,8 +1088,8 @@ decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff
guint8 *cryptocopy=NULL; /* workaround for pre-0.6.1 heimdal bug */
guint8 *output_message_buffer;
length=tvb_captured_length(pinfo->gssapi_encrypted_tvb);
original_data=tvb_get_ptr(pinfo->gssapi_encrypted_tvb, 0, length);
length=tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb);
original_data=tvb_get_ptr(gssapi_encrypt->gssapi_encrypted_tvb, 0, length);
/* don't do anything if we are not attempting to decrypt data */
/*
@ -1052,26 +1116,24 @@ decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff
This has been seen for RC4-HMAC blobs.
*/
memcpy(cryptocopy, original_data, length);
ret=decrypt_arcfour(pinfo,
ret=decrypt_arcfour(gssapi_encrypt,
cryptocopy,
output_message_buffer,
ek->keyvalue,
ek->keylength,
ek->keytype
);
ek->keytype);
if (ret >= 0) {
expert_add_info_format(pinfo, NULL, &ei_spnego_decrypted_keytype,
"Decrypted keytype %d in frame %u using %s",
ek->keytype, pinfo->fd->num, ek->key_origin);
pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb,
gssapi_encrypt->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb,
output_message_buffer,
ret, ret);
add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
add_new_data_source(pinfo, gssapi_encrypt->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
return;
}
}
return;
}
/* borrowed from heimdal */
@ -1122,13 +1184,12 @@ rrc_rotate(guint8 *data, int len, guint16 rrc, int unrotate)
#define KRB5_KU_USAGE_INITIATOR_SIGN 25
static void
decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
decrypt_gssapi_krb_cfx_wrap(proto_tree *tree,
packet_info *pinfo,
tvbuff_t *checksum_tvb,
tvbuff_t *encrypted_tvb,
gssapi_encrypt_info_t* gssapi_encrypt,
guint16 ec,
guint16 rrc,
gboolean is_dce,
int keytype,
unsigned int usage)
{
@ -1142,22 +1203,22 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
return;
}
datalen = tvb_captured_length(checksum_tvb) + tvb_captured_length(encrypted_tvb);
datalen = tvb_captured_length(checksum_tvb) + tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb);
rotated = (guint8 *)wmem_alloc(pinfo->pool, datalen);
tvb_memcpy(checksum_tvb, rotated,
0, tvb_captured_length(checksum_tvb));
tvb_memcpy(encrypted_tvb, rotated + tvb_captured_length(checksum_tvb),
0, tvb_captured_length(encrypted_tvb));
tvb_memcpy(gssapi_encrypt->gssapi_encrypted_tvb, rotated + tvb_captured_length(checksum_tvb),
0, tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb));
if (is_dce) {
if (gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE) {
rrc += ec;
}
rrc_rotate(rotated, datalen, rrc, TRUE);
next_tvb=tvb_new_child_real_data(encrypted_tvb, rotated,
next_tvb=tvb_new_child_real_data(gssapi_encrypt->gssapi_encrypted_tvb, rotated,
datalen, datalen);
add_new_data_source(pinfo, next_tvb, "GSSAPI CFX");
@ -1167,18 +1228,16 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
if (output) {
guint8 *outdata;
outdata = (guint8 *)g_memdup(output, tvb_captured_length(encrypted_tvb));
outdata = (guint8 *)g_memdup(output, tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb));
g_free(output);
pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(encrypted_tvb,
gssapi_encrypt->gssapi_decrypted_tvb=tvb_new_child_real_data(gssapi_encrypt->gssapi_encrypted_tvb,
outdata,
tvb_captured_length(encrypted_tvb),
tvb_captured_length(encrypted_tvb));
add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
tvb_set_free_cb(pinfo->gssapi_decrypted_tvb, g_free);
return;
tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb),
tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb));
add_new_data_source(pinfo, gssapi_encrypt->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
tvb_set_free_cb(gssapi_encrypt->gssapi_decrypted_tvb, g_free);
}
return;
}
#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
@ -1198,7 +1257,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
#ifndef HAVE_KERBEROS
_U_
#endif
)
, gssapi_encrypt_info_t* gssapi_encrypt
)
{
guint16 sgn_alg, seal_alg;
#ifdef HAVE_KERBEROS
@ -1261,15 +1321,15 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
}
/* Is the data encrypted? */
pinfo->gssapi_data_encrypted=(seal_alg!=KRB_SEAL_ALG_NONE);
gssapi_encrypt->gssapi_data_encrypted=(seal_alg!=KRB_SEAL_ALG_NONE);
#ifdef HAVE_KERBEROS
#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
if(pinfo->decrypt_gssapi_tvb){
if(gssapi_encrypt->decrypt_gssapi_tvb){
/* if the caller did not provide a tvb, then we just use
whatever is left of our current tvb.
*/
if(!pinfo->gssapi_encrypted_tvb){
if(!gssapi_encrypt->gssapi_encrypted_tvb){
int len;
len=tvb_reported_length_remaining(tvb,offset);
if(len>tvb_captured_length_remaining(tvb, offset)){
@ -1278,7 +1338,7 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
*/
return offset;
}
pinfo->gssapi_encrypted_tvb = tvb_new_subset_length(
gssapi_encrypt->gssapi_encrypted_tvb = tvb_new_subset_length(
tvb, offset, len);
}
@ -1289,8 +1349,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
/* do we need to create a tvb for the wrapper
as well ?
*/
if(!pinfo->gssapi_wrap_tvb){
pinfo->gssapi_wrap_tvb = tvb_new_subset_length(
if(!gssapi_encrypt->gssapi_wrap_tvb){
gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length(
tvb, start_offset-2,
GSS_ARCFOUR_WRAP_TOKEN_SIZE);
}
@ -1298,7 +1358,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
decrypt_gssapi_krb_arcfour_wrap(tree,
pinfo,
tvb,
23 /* rc4-hmac */);
KERB_ENCTYPE_RC4_HMAC,
gssapi_encrypt);
#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
}
}
@ -1410,6 +1471,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
_U_
#endif
, proto_tree *tree, guint16 token_id _U_
, gssapi_encrypt_info_t* gssapi_encrypt
)
{
guint8 flags;
@ -1431,7 +1493,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
flags = tvb_get_guint8(tvb, offset);
offset = dissect_spnego_krb5_cfx_flags(tvb, offset, tree, flags);
pinfo->gssapi_data_encrypted=(flags & 2);
gssapi_encrypt->gssapi_data_encrypted=(flags & 2);
/* Skip the filler */
@ -1461,7 +1523,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
/* Checksum of plaintext padded data */
if (pinfo->gssapi_data_encrypted) {
if (gssapi_encrypt->gssapi_data_encrypted) {
checksum_size = 44 + ec;
proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
@ -1498,7 +1560,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
#endif
returned_offset = offset;
pinfo->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset,
gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset,
inner_token_len);
offset += inner_token_len;
@ -1519,11 +1581,11 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
return returned_offset;
}
if(pinfo->decrypt_gssapi_tvb){
if(gssapi_encrypt->decrypt_gssapi_tvb){
/* if the caller did not provide a tvb, then we just use
whatever is left of our current tvb.
*/
if(!pinfo->gssapi_encrypted_tvb){
if(!gssapi_encrypt->gssapi_encrypted_tvb){
int len;
len=tvb_reported_length_remaining(tvb,offset);
if(len>tvb_captured_length_remaining(tvb, offset)){
@ -1532,16 +1594,16 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
*/
return offset;
}
pinfo->gssapi_encrypted_tvb = tvb_new_subset(
gssapi_encrypt->gssapi_encrypted_tvb = tvb_new_subset(
tvb, offset, len, len);
}
if (pinfo->gssapi_data_encrypted) {
if (gssapi_encrypt->gssapi_data_encrypted) {
/* do we need to create a tvb for the wrapper
as well ?
*/
if(!pinfo->gssapi_wrap_tvb){
pinfo->gssapi_wrap_tvb = tvb_new_subset_length(
if(!gssapi_encrypt->gssapi_wrap_tvb){
gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length(
tvb, start_offset-2,
offset - (start_offset-2));
}
@ -1552,15 +1614,14 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
{
tvbuff_t *checksum_tvb = tvb_new_subset_length(tvb, 16, checksum_size);
if (pinfo->gssapi_data_encrypted) {
if(pinfo->gssapi_encrypted_tvb){
if (gssapi_encrypt->gssapi_data_encrypted) {
if(gssapi_encrypt->gssapi_encrypted_tvb){
decrypt_gssapi_krb_cfx_wrap(tree,
pinfo,
checksum_tvb,
pinfo->gssapi_encrypted_tvb,
gssapi_encrypt,
ec,
rrc,
(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE)?TRUE:FALSE,
-1,
(flags & 0x0001)?
KRB5_KU_USAGE_ACCEPTOR_SEAL:
@ -1638,12 +1699,14 @@ dissect_spnego_krb5_cfx_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinf
* getting it accepted.
*/
static int
dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data)
{
proto_item *item;
proto_tree *subtree;
int offset = 0;
guint16 token_id;
gssapi_encrypt_info_t* encrypt_info = (gssapi_encrypt_info_t*)data;
gssapi_encrypt_info_t pass_encrypt_info;
item = proto_tree_add_item(tree, hf_spnego_krb5, tvb, 0, -1, ENC_NA);
@ -1669,7 +1732,28 @@ dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree
break;
case KRB_TOKEN_WRAP:
offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id);
/* XXX - This is setup to hopefully remove the need for these members in packet_info
* If data is supplied to dissector, use it. Otherwise convert to packet_info
*/
if (encrypt_info != NULL)
{
pass_encrypt_info = *encrypt_info;
}
else
{
packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info);
}
offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info);
if (encrypt_info != NULL)
{
*encrypt_info = pass_encrypt_info;
}
else
{
gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info);
}
break;
case KRB_TOKEN_CFX_GETMIC:
@ -1677,7 +1761,28 @@ dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree
break;
case KRB_TOKEN_CFX_WRAP:
offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id);
/* XXX - This is setup to hopefully remove the need for these members in packet_info
* If data is supplied to dissector, use it. Otherwise convert to packet_info
*/
if (encrypt_info != NULL)
{
pass_encrypt_info = *encrypt_info;
}
else
{
packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info);
}
offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info);
if (encrypt_info != NULL)
{
*encrypt_info = pass_encrypt_info;
}
else
{
gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info);
}
break;
default:
@ -1959,7 +2064,7 @@ void proto_register_spnego(void) {
NULL, HFILL }},
/*--- End of included file: packet-spnego-hfarr.c ---*/
#line 1414 "../../asn1/spnego/packet-spnego-template.c"
#line 1519 "../../asn1/spnego/packet-spnego-template.c"
};
/* List of subtrees */
@ -1982,7 +2087,7 @@ void proto_register_spnego(void) {
&ett_spnego_InitialContextToken_U,
/*--- End of included file: packet-spnego-ettarr.c ---*/
#line 1424 "../../asn1/spnego/packet-spnego-template.c"
#line 1529 "../../asn1/spnego/packet-spnego-template.c"
};
static ei_register_info ei[] = {
@ -2001,7 +2106,7 @@ void proto_register_spnego(void) {
"SPNEGO-KRB5",
"spnego-krb5");
register_dissector("spnego-krb5", dissect_spnego_krb5, proto_spnego_krb5);
new_register_dissector("spnego-krb5", dissect_spnego_krb5, proto_spnego_krb5);
new_register_dissector("spnego-krb5-wrap", dissect_spnego_krb5_wrap, proto_spnego_krb5);
/* Register fields and subtrees */

2
epan/packet_info.h
View File

@ -140,8 +140,6 @@ typedef struct _packet_info {
whether the data was modified by a man in the middle) but not sealed
(i.e., the data itself wasn't encrypted).
*/
#define DECRYPT_GSSAPI_NORMAL 1
#define DECRYPT_GSSAPI_DCE 2
guint16 decrypt_gssapi_tvb;
tvbuff_t *gssapi_wrap_tvb;
tvbuff_t *gssapi_encrypted_tvb;