diff --git a/asn1/kerberos/packet-kerberos-template.h b/asn1/kerberos/packet-kerberos-template.h index 871a1211a1..4ed6a6e8cc 100644 --- a/asn1/kerberos/packet-kerberos-template.h +++ b/asn1/kerberos/packet-kerberos-template.h @@ -100,6 +100,41 @@ void read_keytab_file_from_preferences(void); #endif /* HAVE_KERBEROS */ +/* encryption type constants */ +#define KRB5_ENCTYPE_NULL 0 +#define KRB5_ENCTYPE_DES_CBC_CRC 1 +#define KRB5_ENCTYPE_DES_CBC_MD4 2 +#define KRB5_ENCTYPE_DES_CBC_MD5 3 +#define KRB5_ENCTYPE_DES_CBC_RAW 4 +#define KRB5_ENCTYPE_DES3_CBC_SHA 5 +#define KRB5_ENCTYPE_DES3_CBC_RAW 6 +#define KRB5_ENCTYPE_DES_HMAC_SHA1 8 +#define KRB5_ENCTYPE_DSA_SHA1_CMS 9 +#define KRB5_ENCTYPE_RSA_MD5_CMS 10 +#define KRB5_ENCTYPE_RSA_SHA1_CMS 11 +#define KRB5_ENCTYPE_RC2_CBC_ENV 12 +#define KRB5_ENCTYPE_RSA_ENV 13 +#define KRB5_ENCTYPE_RSA_ES_OEAP_ENV 14 +#define KRB5_ENCTYPE_DES_EDE3_CBC_ENV 15 +#define KRB5_ENCTYPE_DES3_CBC_SHA1 16 +#define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 17 +#define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 18 +#define KRB5_ENCTYPE_DES_CBC_MD5_NT 20 +#define KERB_ENCTYPE_RC4_HMAC 23 +#define KERB_ENCTYPE_RC4_HMAC_EXP 24 +#define KRB5_ENCTYPE_UNKNOWN 0x1ff +#define KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 0x7007 +#define KRB5_ENCTYPE_RC4_PLAIN_EXP 0xffffff73 +#define KRB5_ENCTYPE_RC4_PLAIN 0xffffff74 +#define KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP 0xffffff78 +#define KRB5_ENCTYPE_RC4_HMAC_OLD_EXP 0xffffff79 +#define KRB5_ENCTYPE_RC4_PLAIN_OLD 0xffffff7a +#define KRB5_ENCTYPE_RC4_HMAC_OLD 0xffffff7b +#define KRB5_ENCTYPE_DES_PLAIN 0xffffff7c +#define KRB5_ENCTYPE_RC4_SHA 0xffffff7d +#define KRB5_ENCTYPE_RC4_LM 0xffffff7e +#define KRB5_ENCTYPE_RC4_PLAIN2 0xffffff7f +#define KRB5_ENCTYPE_RC4_MD4 0xffffff80 #include "packet-kerberos-exp.h" diff --git a/asn1/spnego/packet-spnego-template.c b/asn1/spnego/packet-spnego-template.c index 262eef5386..6041d4fedb 100644 --- a/asn1/spnego/packet-spnego-template.c +++ b/asn1/spnego/packet-spnego-template.c @@ -164,14 +164,36 @@ static const value_string spnego_krb5_seal_alg_vals[] = { static int dissect_spnego_krb5_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree); static int -dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id); +dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id, gssapi_encrypt_info_t* gssapi_encrypt); static int dissect_spnego_krb5_cfx_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree); static int -dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id); +dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id, gssapi_encrypt_info_t* gssapi_encrypt); -static void -dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + +/* XXX - This should be TEMPORARY until these members in are removed from packet_info */ +static void packet_info_to_gssapi_encrypt(packet_info *pinfo, gssapi_encrypt_info_t* encrypt_info) +{ + encrypt_info->decrypt_gssapi_tvb = pinfo->decrypt_gssapi_tvb; + encrypt_info->gssapi_wrap_tvb = pinfo->gssapi_wrap_tvb; + encrypt_info->gssapi_encrypted_tvb = pinfo->gssapi_encrypted_tvb; + encrypt_info->gssapi_decrypted_tvb = pinfo->gssapi_decrypted_tvb; + encrypt_info->gssapi_data_encrypted = pinfo->gssapi_data_encrypted; +} + +static void gssapi_encrypt_to_packet_info(packet_info *pinfo, gssapi_encrypt_info_t* encrypt_info) +{ + pinfo->decrypt_gssapi_tvb = encrypt_info->decrypt_gssapi_tvb; + pinfo->gssapi_wrap_tvb = encrypt_info->gssapi_wrap_tvb; + pinfo->gssapi_encrypted_tvb = encrypt_info->gssapi_encrypted_tvb; + pinfo->gssapi_decrypted_tvb = encrypt_info->gssapi_decrypted_tvb; + pinfo->gssapi_data_encrypted = encrypt_info->gssapi_data_encrypted; +} + + + +static int +dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) { proto_item *item; proto_tree *subtree; @@ -183,6 +205,8 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) gboolean pc, ind = 0; gint32 tag; guint32 len; + gssapi_encrypt_info_t* encrypt_info = (gssapi_encrypt_info_t*)data; + gssapi_encrypt_info_t pass_encrypt_info; asn1_ctx_t asn1_ctx; asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); @@ -254,7 +278,7 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * return. */ dissect_kerberos_main(tvb, pinfo, subtree, FALSE, NULL); - return; + return tvb_captured_length(tvb); default: proto_tree_add_expert_format(subtree, pinfo, &ei_spnego_unknown_header, tvb, offset, 0, @@ -286,7 +310,28 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) break; case KRB_TOKEN_WRAP: - offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id); + /* XXX - This is setup to hopefully remove the need for these members in packet_info + * If data is supplied to dissector, use it. Otherwise convert to packet_info + */ + if (encrypt_info != NULL) + { + pass_encrypt_info = *encrypt_info; + } + else + { + packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info); + } + + offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info); + + if (encrypt_info != NULL) + { + *encrypt_info = pass_encrypt_info; + } + else + { + gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info); + } break; case KRB_TOKEN_DELETE_SEC_CONTEXT: @@ -298,7 +343,28 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) break; case KRB_TOKEN_CFX_WRAP: - offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id); + /* XXX - This is setup to hopefully remove the need for these members in packet_info + * If data is supplied to dissector, use it. Otherwise convert to packet_info + */ + if (encrypt_info != NULL) + { + pass_encrypt_info = *encrypt_info; + } + else + { + packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info); + } + + offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info); + + if (encrypt_info != NULL) + { + *encrypt_info = pass_encrypt_info; + } + else + { + gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info); + } break; default: @@ -308,7 +374,7 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) done: proto_item_set_len(item, offset); - return; + return tvb_captured_length(tvb); } #ifdef HAVE_KERBEROS @@ -443,9 +509,7 @@ gssapi_verify_pad(guint8 *wrapped_data, int wrapped_length, } static int -decrypt_arcfour(packet_info *pinfo, - guint8 *input_message_buffer, - guint8 *output_message_buffer, +decrypt_arcfour(gssapi_encrypt_info_t* gssapi_encrypt, guint8 *input_message_buffer, guint8 *output_message_buffer, guint8 *key_value, int key_size, int key_type) { guint8 Klocaldata[16]; @@ -459,22 +523,22 @@ decrypt_arcfour(packet_info *pinfo, int conf_flag; int padlen = 0; - datalen = tvb_captured_length(pinfo->gssapi_encrypted_tvb); + datalen = tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb); - if(tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 4)==0x1000){ + if(tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 4)==0x1000){ conf_flag=1; - } else if (tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 4)==0xffff){ + } else if (tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 4)==0xffff){ conf_flag=0; } else { return -3; } - if(tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 6)!=0xffff){ + if(tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 6)!=0xffff){ return -4; } ret = arcfour_mic_key(key_value, key_size, key_type, - tvb_get_ptr(pinfo->gssapi_wrap_tvb, 16, 8), + tvb_get_ptr(gssapi_encrypt->gssapi_wrap_tvb, 16, 8), 8, /* SGN_CKSUM */ k6_data); if (ret) { @@ -485,7 +549,7 @@ decrypt_arcfour(packet_info *pinfo, rc4_state_struct rc4_state; crypt_rc4_init(&rc4_state, k6_data, sizeof(k6_data)); - tvb_memcpy(pinfo->gssapi_wrap_tvb, SND_SEQ, 8, 8); + tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, SND_SEQ, 8, 8); crypt_rc4(&rc4_state, (guint8 *)SND_SEQ, 8); memset(k6_data, 0, sizeof(k6_data)); @@ -514,12 +578,12 @@ decrypt_arcfour(packet_info *pinfo, rc4_state_struct rc4_state; crypt_rc4_init(&rc4_state, k6_data, sizeof(k6_data)); - tvb_memcpy(pinfo->gssapi_wrap_tvb, Confounder, 24, 8); + tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, Confounder, 24, 8); crypt_rc4(&rc4_state, Confounder, 8); memcpy(output_message_buffer, input_message_buffer, datalen); crypt_rc4(&rc4_state, output_message_buffer, datalen); } else { - tvb_memcpy(pinfo->gssapi_wrap_tvb, Confounder, 24, 8); + tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, Confounder, 24, 8); memcpy(output_message_buffer, input_message_buffer, datalen); @@ -527,7 +591,7 @@ decrypt_arcfour(packet_info *pinfo, memset(k6_data, 0, sizeof(k6_data)); /* only normal (i.e. non DCE style wrapping use padding ? */ - if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){ + if(gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){ ret = gssapi_verify_pad(output_message_buffer,datalen,datalen, &padlen); if (ret) { return -9; @@ -536,11 +600,11 @@ decrypt_arcfour(packet_info *pinfo, } /* don't know what the checksum looks like for dce style gssapi */ - if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){ + if(gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){ ret = arcfour_mic_cksum(key_value, key_size, KRB5_KU_USAGE_SEAL, cksum_data, - tvb_get_ptr(pinfo->gssapi_wrap_tvb, 0, 8), 8, + tvb_get_ptr(gssapi_encrypt->gssapi_wrap_tvb, 0, 8), 8, Confounder, sizeof(Confounder), output_message_buffer, datalen + padlen); @@ -548,7 +612,7 @@ decrypt_arcfour(packet_info *pinfo, return -10; } - cmp = tvb_memeql(pinfo->gssapi_wrap_tvb, 16, cksum_data, 8); /* SGN_CKSUM */ + cmp = tvb_memeql(gssapi_encrypt->gssapi_wrap_tvb, 16, cksum_data, 8); /* SGN_CKSUM */ if (cmp) { return -11; } @@ -562,7 +626,7 @@ decrypt_arcfour(packet_info *pinfo, #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) static void -decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff_t *tvb, int keytype) +decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff_t *tvb, int keytype, gssapi_encrypt_info_t* gssapi_encrypt) { int ret; enc_key_t *ek; @@ -572,8 +636,8 @@ decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff guint8 *cryptocopy=NULL; /* workaround for pre-0.6.1 heimdal bug */ guint8 *output_message_buffer; - length=tvb_captured_length(pinfo->gssapi_encrypted_tvb); - original_data=tvb_get_ptr(pinfo->gssapi_encrypted_tvb, 0, length); + length=tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb); + original_data=tvb_get_ptr(gssapi_encrypt->gssapi_encrypted_tvb, 0, length); /* don't do anything if we are not attempting to decrypt data */ /* @@ -600,26 +664,24 @@ decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff This has been seen for RC4-HMAC blobs. */ memcpy(cryptocopy, original_data, length); - ret=decrypt_arcfour(pinfo, + ret=decrypt_arcfour(gssapi_encrypt, cryptocopy, output_message_buffer, ek->keyvalue, ek->keylength, - ek->keytype - ); + ek->keytype); if (ret >= 0) { expert_add_info_format(pinfo, NULL, &ei_spnego_decrypted_keytype, "Decrypted keytype %d in frame %u using %s", ek->keytype, pinfo->fd->num, ek->key_origin); - pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb, + gssapi_encrypt->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb, output_message_buffer, ret, ret); - add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5"); + add_new_data_source(pinfo, gssapi_encrypt->gssapi_decrypted_tvb, "Decrypted GSS-Krb5"); return; } } - return; } /* borrowed from heimdal */ @@ -670,13 +732,12 @@ rrc_rotate(guint8 *data, int len, guint16 rrc, int unrotate) #define KRB5_KU_USAGE_INITIATOR_SIGN 25 static void -decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, +decrypt_gssapi_krb_cfx_wrap(proto_tree *tree, packet_info *pinfo, tvbuff_t *checksum_tvb, - tvbuff_t *encrypted_tvb, + gssapi_encrypt_info_t* gssapi_encrypt, guint16 ec, guint16 rrc, - gboolean is_dce, int keytype, unsigned int usage) { @@ -690,22 +751,22 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, return; } - datalen = tvb_captured_length(checksum_tvb) + tvb_captured_length(encrypted_tvb); + datalen = tvb_captured_length(checksum_tvb) + tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb); rotated = (guint8 *)wmem_alloc(pinfo->pool, datalen); tvb_memcpy(checksum_tvb, rotated, 0, tvb_captured_length(checksum_tvb)); - tvb_memcpy(encrypted_tvb, rotated + tvb_captured_length(checksum_tvb), - 0, tvb_captured_length(encrypted_tvb)); + tvb_memcpy(gssapi_encrypt->gssapi_encrypted_tvb, rotated + tvb_captured_length(checksum_tvb), + 0, tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb)); - if (is_dce) { + if (gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE) { rrc += ec; } rrc_rotate(rotated, datalen, rrc, TRUE); - next_tvb=tvb_new_child_real_data(encrypted_tvb, rotated, + next_tvb=tvb_new_child_real_data(gssapi_encrypt->gssapi_encrypted_tvb, rotated, datalen, datalen); add_new_data_source(pinfo, next_tvb, "GSSAPI CFX"); @@ -715,18 +776,16 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, if (output) { guint8 *outdata; - outdata = (guint8 *)g_memdup(output, tvb_captured_length(encrypted_tvb)); + outdata = (guint8 *)g_memdup(output, tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb)); g_free(output); - pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(encrypted_tvb, + gssapi_encrypt->gssapi_decrypted_tvb=tvb_new_child_real_data(gssapi_encrypt->gssapi_encrypted_tvb, outdata, - tvb_captured_length(encrypted_tvb), - tvb_captured_length(encrypted_tvb)); - add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5"); - tvb_set_free_cb(pinfo->gssapi_decrypted_tvb, g_free); - return; + tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb), + tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb)); + add_new_data_source(pinfo, gssapi_encrypt->gssapi_decrypted_tvb, "Decrypted GSS-Krb5"); + tvb_set_free_cb(gssapi_encrypt->gssapi_decrypted_tvb, g_free); } - return; } #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */ @@ -746,7 +805,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo #ifndef HAVE_KERBEROS _U_ #endif - ) + , gssapi_encrypt_info_t* gssapi_encrypt + ) { guint16 sgn_alg, seal_alg; #ifdef HAVE_KERBEROS @@ -809,15 +869,15 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo } /* Is the data encrypted? */ - pinfo->gssapi_data_encrypted=(seal_alg!=KRB_SEAL_ALG_NONE); + gssapi_encrypt->gssapi_data_encrypted=(seal_alg!=KRB_SEAL_ALG_NONE); #ifdef HAVE_KERBEROS #define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32 - if(pinfo->decrypt_gssapi_tvb){ + if(gssapi_encrypt->decrypt_gssapi_tvb){ /* if the caller did not provide a tvb, then we just use whatever is left of our current tvb. */ - if(!pinfo->gssapi_encrypted_tvb){ + if(!gssapi_encrypt->gssapi_encrypted_tvb){ int len; len=tvb_reported_length_remaining(tvb,offset); if(len>tvb_captured_length_remaining(tvb, offset)){ @@ -826,7 +886,7 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo */ return offset; } - pinfo->gssapi_encrypted_tvb = tvb_new_subset_length( + gssapi_encrypt->gssapi_encrypted_tvb = tvb_new_subset_length( tvb, offset, len); } @@ -837,8 +897,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo /* do we need to create a tvb for the wrapper as well ? */ - if(!pinfo->gssapi_wrap_tvb){ - pinfo->gssapi_wrap_tvb = tvb_new_subset_length( + if(!gssapi_encrypt->gssapi_wrap_tvb){ + gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length( tvb, start_offset-2, GSS_ARCFOUR_WRAP_TOKEN_SIZE); } @@ -846,7 +906,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo decrypt_gssapi_krb_arcfour_wrap(tree, pinfo, tvb, - 23 /* rc4-hmac */); + KERB_ENCTYPE_RC4_HMAC, + gssapi_encrypt); #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */ } } @@ -958,6 +1019,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo _U_ #endif , proto_tree *tree, guint16 token_id _U_ + , gssapi_encrypt_info_t* gssapi_encrypt ) { guint8 flags; @@ -979,7 +1041,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo flags = tvb_get_guint8(tvb, offset); offset = dissect_spnego_krb5_cfx_flags(tvb, offset, tree, flags); - pinfo->gssapi_data_encrypted=(flags & 2); + gssapi_encrypt->gssapi_data_encrypted=(flags & 2); /* Skip the filler */ @@ -1009,7 +1071,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo /* Checksum of plaintext padded data */ - if (pinfo->gssapi_data_encrypted) { + if (gssapi_encrypt->gssapi_data_encrypted) { checksum_size = 44 + ec; proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset, @@ -1046,7 +1108,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo #endif returned_offset = offset; - pinfo->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset, + gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset, inner_token_len); offset += inner_token_len; @@ -1067,11 +1129,11 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo return returned_offset; } - if(pinfo->decrypt_gssapi_tvb){ + if(gssapi_encrypt->decrypt_gssapi_tvb){ /* if the caller did not provide a tvb, then we just use whatever is left of our current tvb. */ - if(!pinfo->gssapi_encrypted_tvb){ + if(!gssapi_encrypt->gssapi_encrypted_tvb){ int len; len=tvb_reported_length_remaining(tvb,offset); if(len>tvb_captured_length_remaining(tvb, offset)){ @@ -1080,16 +1142,16 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo */ return offset; } - pinfo->gssapi_encrypted_tvb = tvb_new_subset( + gssapi_encrypt->gssapi_encrypted_tvb = tvb_new_subset( tvb, offset, len, len); } - if (pinfo->gssapi_data_encrypted) { + if (gssapi_encrypt->gssapi_data_encrypted) { /* do we need to create a tvb for the wrapper as well ? */ - if(!pinfo->gssapi_wrap_tvb){ - pinfo->gssapi_wrap_tvb = tvb_new_subset_length( + if(!gssapi_encrypt->gssapi_wrap_tvb){ + gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length( tvb, start_offset-2, offset - (start_offset-2)); } @@ -1100,15 +1162,14 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo { tvbuff_t *checksum_tvb = tvb_new_subset_length(tvb, 16, checksum_size); - if (pinfo->gssapi_data_encrypted) { - if(pinfo->gssapi_encrypted_tvb){ + if (gssapi_encrypt->gssapi_data_encrypted) { + if(gssapi_encrypt->gssapi_encrypted_tvb){ decrypt_gssapi_krb_cfx_wrap(tree, pinfo, checksum_tvb, - pinfo->gssapi_encrypted_tvb, + gssapi_encrypt, ec, rrc, - (pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE)?TRUE:FALSE, -1, (flags & 0x0001)? KRB5_KU_USAGE_ACCEPTOR_SEAL: @@ -1186,12 +1247,14 @@ dissect_spnego_krb5_cfx_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinf * getting it accepted. */ static int -dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_) +dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data) { proto_item *item; proto_tree *subtree; int offset = 0; guint16 token_id; + gssapi_encrypt_info_t* encrypt_info = (gssapi_encrypt_info_t*)data; + gssapi_encrypt_info_t pass_encrypt_info; item = proto_tree_add_item(tree, hf_spnego_krb5, tvb, 0, -1, ENC_NA); @@ -1217,7 +1280,28 @@ dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree break; case KRB_TOKEN_WRAP: - offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id); + /* XXX - This is setup to hopefully remove the need for these members in packet_info + * If data is supplied to dissector, use it. Otherwise convert to packet_info + */ + if (encrypt_info != NULL) + { + pass_encrypt_info = *encrypt_info; + } + else + { + packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info); + } + + offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info); + + if (encrypt_info != NULL) + { + *encrypt_info = pass_encrypt_info; + } + else + { + gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info); + } break; case KRB_TOKEN_CFX_GETMIC: @@ -1225,7 +1309,28 @@ dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree break; case KRB_TOKEN_CFX_WRAP: - offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id); + /* XXX - This is setup to hopefully remove the need for these members in packet_info + * If data is supplied to dissector, use it. Otherwise convert to packet_info + */ + if (encrypt_info != NULL) + { + pass_encrypt_info = *encrypt_info; + } + else + { + packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info); + } + + offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info); + + if (encrypt_info != NULL) + { + *encrypt_info = pass_encrypt_info; + } + else + { + gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info); + } break; default: @@ -1439,7 +1544,7 @@ void proto_register_spnego(void) { "SPNEGO-KRB5", "spnego-krb5"); - register_dissector("spnego-krb5", dissect_spnego_krb5, proto_spnego_krb5); + new_register_dissector("spnego-krb5", dissect_spnego_krb5, proto_spnego_krb5); new_register_dissector("spnego-krb5-wrap", dissect_spnego_krb5_wrap, proto_spnego_krb5); /* Register fields and subtrees */ diff --git a/epan/dissectors/packet-gssapi.c b/epan/dissectors/packet-gssapi.c index 4f41cbf47f..ec0c54e8f9 100644 --- a/epan/dissectors/packet-gssapi.c +++ b/epan/dissectors/packet-gssapi.c @@ -182,7 +182,7 @@ gssapi_lookup_oid_str(const char *oid_key) static int dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, - gboolean is_verifier) + gboolean is_verifier, gssapi_encrypt_info_t* encrypt_info) { proto_item *volatile item; proto_tree *volatile subtree; @@ -212,7 +212,7 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, * not, for now. The subdissector must set gssapi_data_encrypted * if it is. */ - pinfo->gssapi_data_encrypted = FALSE; + encrypt_info->gssapi_data_encrypted = FALSE; /* @@ -325,7 +325,7 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, return_offset = call_dissector(ntlmssp_payload_handle, tvb_new_subset_remaining(gss_tvb, start_offset), pinfo, subtree); - pinfo->gssapi_data_encrypted = TRUE; + encrypt_info->gssapi_data_encrypted = TRUE; goto done; } if ((tvb_captured_length_remaining(gss_tvb, start_offset)==16) && @@ -335,11 +335,11 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, tvb_new_subset_remaining(gss_tvb, start_offset), pinfo, subtree); } - else if( pinfo->gssapi_encrypted_tvb ) { + else if( encrypt_info->gssapi_encrypted_tvb ) { return_offset = call_dissector(ntlmssp_data_only_handle, - tvb_new_subset_remaining(pinfo->gssapi_encrypted_tvb, 0), + tvb_new_subset_remaining(encrypt_info->gssapi_encrypted_tvb, 0), pinfo, subtree); - pinfo->gssapi_data_encrypted = TRUE; + encrypt_info->gssapi_data_encrypted = TRUE; } goto done; } @@ -348,9 +348,9 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, if ((tvb_captured_length_remaining(gss_tvb, start_offset)>2) && ((tvb_memeql(gss_tvb, start_offset, "\04\x04", 2) == 0) || (tvb_memeql(gss_tvb, start_offset, "\05\x04", 2) == 0))) { - return_offset = call_dissector(spnego_krb5_wrap_handle, + return_offset = call_dissector_with_data(spnego_krb5_wrap_handle, tvb_new_subset_remaining(gss_tvb, start_offset), - pinfo, subtree); + pinfo, subtree, encrypt_info); goto done; } @@ -397,7 +397,7 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, handle = oidvalue->wrap_handle; else handle = oidvalue->handle; - len = call_dissector(handle, oid_tvb_local, pinfo, subtree); + len = call_dissector_with_data(handle, oid_tvb_local, pinfo, subtree, encrypt_info); if (len == 0) return_offset = tvb_captured_length(gss_tvb); else @@ -475,8 +475,7 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, handle = oidvalue->wrap_handle; if (handle != NULL) { oid_tvb = tvb_new_subset_remaining(gss_tvb, offset); - len = call_dissector(handle, oid_tvb, pinfo, - subtree); + len = call_dissector_with_data(handle, oid_tvb, pinfo, subtree, encrypt_info); if (len == 0) return_offset = tvb_captured_length(gss_tvb); else @@ -489,8 +488,7 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, handle = oidvalue->handle; if (handle != NULL) { oid_tvb = tvb_new_subset_remaining(gss_tvb, offset); - len = call_dissector(handle, oid_tvb, pinfo, - subtree); + len = call_dissector_with_data(handle, oid_tvb, pinfo, subtree, encrypt_info); if (len == 0) return_offset = tvb_captured_length(gss_tvb); else @@ -523,10 +521,21 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, return return_offset; } +/* XXX - This should be TEMPORARY until these members in are removed from packet_info */ +static void packet_info_to_gssapi_encrypt(packet_info *pinfo, gssapi_encrypt_info_t* encrypt_info) +{ + encrypt_info->decrypt_gssapi_tvb = pinfo->decrypt_gssapi_tvb; + encrypt_info->gssapi_wrap_tvb = pinfo->gssapi_wrap_tvb; + encrypt_info->gssapi_encrypted_tvb = pinfo->gssapi_encrypted_tvb; + encrypt_info->gssapi_decrypted_tvb = pinfo->gssapi_decrypted_tvb; + encrypt_info->gssapi_data_encrypted = pinfo->gssapi_data_encrypted; +} + static int dissect_gssapi_work_wrapper(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gssapi_encrypt_info_t* encrypt_info, gboolean is_verifier) { int ret; + gssapi_encrypt_info_t pass_encrypt_info; /* XXX - This is setup to hopefully remove the need for these members in packet_info * Setup the dissector to take them as arguments and for now, convert to @@ -534,24 +543,22 @@ dissect_gssapi_work_wrapper(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, */ if (encrypt_info != NULL) { - pinfo->decrypt_gssapi_tvb = encrypt_info->decrypt_gssapi_tvb; - pinfo->gssapi_wrap_tvb = encrypt_info->gssapi_wrap_tvb; - pinfo->gssapi_encrypted_tvb = encrypt_info->gssapi_encrypted_tvb; - pinfo->gssapi_decrypted_tvb = encrypt_info->gssapi_decrypted_tvb; - pinfo->gssapi_data_encrypted = encrypt_info->gssapi_data_encrypted; + pass_encrypt_info = *encrypt_info; + } + else + { + packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info); } - ret = dissect_gssapi_work(tvb, pinfo, tree, is_verifier); + ret = dissect_gssapi_work(tvb, pinfo, tree, is_verifier, &pass_encrypt_info); if (encrypt_info != NULL) { - /* Reassign the data from packet_info and clean up */ - encrypt_info->gssapi_data_encrypted = pinfo->gssapi_data_encrypted; - encrypt_info->decrypt_gssapi_tvb = pinfo->decrypt_gssapi_tvb; - encrypt_info->gssapi_wrap_tvb = pinfo->gssapi_wrap_tvb; - encrypt_info->gssapi_encrypted_tvb = pinfo->gssapi_encrypted_tvb; - encrypt_info->gssapi_decrypted_tvb = pinfo->gssapi_decrypted_tvb; - + *encrypt_info = pass_encrypt_info; + } + else + { + /* Just clean up */ pinfo->decrypt_gssapi_tvb=0; pinfo->gssapi_wrap_tvb=NULL; pinfo->gssapi_encrypted_tvb=NULL; diff --git a/epan/dissectors/packet-gssapi.h b/epan/dissectors/packet-gssapi.h index 2dec82b7cd..1801bef07f 100644 --- a/epan/dissectors/packet-gssapi.h +++ b/epan/dissectors/packet-gssapi.h @@ -36,6 +36,9 @@ typedef struct _gssapi_oid_value { /* Created as an attempt to remove members out of packet_info. Data structure to be passed between dissectors */ +#define DECRYPT_GSSAPI_NORMAL 1 +#define DECRYPT_GSSAPI_DCE 2 + typedef struct _gssapi_encrypt_info { guint16 decrypt_gssapi_tvb; diff --git a/epan/dissectors/packet-kerberos.h b/epan/dissectors/packet-kerberos.h index c416952141..a6ff8a2a50 100644 --- a/epan/dissectors/packet-kerberos.h +++ b/epan/dissectors/packet-kerberos.h @@ -108,6 +108,41 @@ void read_keytab_file_from_preferences(void); #endif /* HAVE_KERBEROS */ +/* encryption type constants */ +#define KRB5_ENCTYPE_NULL 0 +#define KRB5_ENCTYPE_DES_CBC_CRC 1 +#define KRB5_ENCTYPE_DES_CBC_MD4 2 +#define KRB5_ENCTYPE_DES_CBC_MD5 3 +#define KRB5_ENCTYPE_DES_CBC_RAW 4 +#define KRB5_ENCTYPE_DES3_CBC_SHA 5 +#define KRB5_ENCTYPE_DES3_CBC_RAW 6 +#define KRB5_ENCTYPE_DES_HMAC_SHA1 8 +#define KRB5_ENCTYPE_DSA_SHA1_CMS 9 +#define KRB5_ENCTYPE_RSA_MD5_CMS 10 +#define KRB5_ENCTYPE_RSA_SHA1_CMS 11 +#define KRB5_ENCTYPE_RC2_CBC_ENV 12 +#define KRB5_ENCTYPE_RSA_ENV 13 +#define KRB5_ENCTYPE_RSA_ES_OEAP_ENV 14 +#define KRB5_ENCTYPE_DES_EDE3_CBC_ENV 15 +#define KRB5_ENCTYPE_DES3_CBC_SHA1 16 +#define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 17 +#define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 18 +#define KRB5_ENCTYPE_DES_CBC_MD5_NT 20 +#define KERB_ENCTYPE_RC4_HMAC 23 +#define KERB_ENCTYPE_RC4_HMAC_EXP 24 +#define KRB5_ENCTYPE_UNKNOWN 0x1ff +#define KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 0x7007 +#define KRB5_ENCTYPE_RC4_PLAIN_EXP 0xffffff73 +#define KRB5_ENCTYPE_RC4_PLAIN 0xffffff74 +#define KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP 0xffffff78 +#define KRB5_ENCTYPE_RC4_HMAC_OLD_EXP 0xffffff79 +#define KRB5_ENCTYPE_RC4_PLAIN_OLD 0xffffff7a +#define KRB5_ENCTYPE_RC4_HMAC_OLD 0xffffff7b +#define KRB5_ENCTYPE_DES_PLAIN 0xffffff7c +#define KRB5_ENCTYPE_RC4_SHA 0xffffff7d +#define KRB5_ENCTYPE_RC4_LM 0xffffff7e +#define KRB5_ENCTYPE_RC4_PLAIN2 0xffffff7f +#define KRB5_ENCTYPE_RC4_MD4 0xffffff80 /*--- Included file: packet-kerberos-exp.h ---*/ @@ -115,7 +150,7 @@ void read_keytab_file_from_preferences(void); int dissect_kerberos_ChangePasswdData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); /*--- End of included file: packet-kerberos-exp.h ---*/ -#line 105 "../../asn1/kerberos/packet-kerberos-template.h" +#line 140 "../../asn1/kerberos/packet-kerberos-template.h" #ifdef __cplusplus } diff --git a/epan/dissectors/packet-rpc.c b/epan/dissectors/packet-rpc.c index 6137c261db..32b25f341b 100644 --- a/epan/dissectors/packet-rpc.c +++ b/epan/dissectors/packet-rpc.c @@ -42,6 +42,8 @@ #include "packet-rpc.h" #include "packet-tcp.h" #include "packet-nfs.h" +#include "packet-dcerpc.h" +#include "packet-gssapi.h" /* * See: @@ -1591,7 +1593,7 @@ dissect_rpc_authgss_integ_data(tvbuff_t *tvb, packet_info *pinfo, static int dissect_rpc_authgss_priv_data(tvbuff_t *tvb, proto_tree *tree, int offset, - packet_info *pinfo _U_) + packet_info *pinfo, gssapi_encrypt_info_t* gssapi_encrypt) { int length; /* int return_offset; */ @@ -1611,11 +1613,11 @@ dissect_rpc_authgss_priv_data(tvbuff_t *tvb, proto_tree *tree, int offset, return offset; } - /* return_offset = */ call_dissector(spnego_krb5_wrap_handle, + /* return_offset = */ call_dissector_with_data(spnego_krb5_wrap_handle, tvb_new_subset_remaining(tvb, offset), - pinfo, tree); + pinfo, tree, gssapi_encrypt); - if (!pinfo->gssapi_decrypted_tvb) { + if (!gssapi_encrypt->gssapi_decrypted_tvb) { /* failed to decrypt the data */ offset += length; return offset; @@ -1994,7 +1996,7 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean dissect_rpc_flag = TRUE; rpc_conv_info_t *rpc_conv_info=NULL; - + gssapi_encrypt_info_t gssapi_encrypt; /* * Check to see whether this looks like an RPC call or reply. @@ -2728,24 +2730,23 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* If this is encrypted data we have to try to decrypt the data first before we * we create a tree. * the reason for this is because if we can decrypt the data we must create the - * item/tree for the next protocol using the decrypted tdb and not the current + * item/tree for the next protocol using the decrypted tvb and not the current * tvb. */ - pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL; - pinfo->gssapi_wrap_tvb=NULL; - pinfo->gssapi_encrypted_tvb=NULL; - pinfo->gssapi_decrypted_tvb=NULL; + memset(&gssapi_encrypt, 0, sizeof(gssapi_encrypt)); + gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL; + if (flavor == FLAVOR_GSSAPI && gss_proc == RPCSEC_GSS_DATA && gss_svc == RPCSEC_GSS_SVC_PRIVACY) { proto_tree *gss_tree; gss_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_gss_wrap, NULL, "GSS-Wrap"); - offset = dissect_rpc_authgss_priv_data(tvb, gss_tree, offset, pinfo); - if (pinfo->gssapi_decrypted_tvb) { - proto_tree_add_item(gss_tree, hf_rpc_authgss_seq, pinfo->gssapi_decrypted_tvb, 0, 4, ENC_BIG_ENDIAN); + offset = dissect_rpc_authgss_priv_data(tvb, gss_tree, offset, pinfo, &gssapi_encrypt); + if (gssapi_encrypt.gssapi_decrypted_tvb) { + proto_tree_add_item(gss_tree, hf_rpc_authgss_seq, gssapi_encrypt.gssapi_decrypted_tvb, 0, 4, ENC_BIG_ENDIAN); /* Switcheroo to the new tvb that contains the decrypted payload */ - tvb = pinfo->gssapi_decrypted_tvb; + tvb = gssapi_encrypt.gssapi_decrypted_tvb; offset = 4; } } @@ -2860,13 +2861,13 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, progname, rpc_call); } else if (gss_svc == RPCSEC_GSS_SVC_PRIVACY) { - if (pinfo->gssapi_decrypted_tvb) { + if (gssapi_encrypt.gssapi_decrypted_tvb) { call_dissect_function( - pinfo->gssapi_decrypted_tvb, + gssapi_encrypt.gssapi_decrypted_tvb, pinfo, ptree, 4, dissect_function, progname, rpc_call); - offset = tvb_reported_length(pinfo->gssapi_decrypted_tvb); + offset = tvb_reported_length(gssapi_encrypt.gssapi_decrypted_tvb); } } break; diff --git a/epan/dissectors/packet-spnego.c b/epan/dissectors/packet-spnego.c index 4a2acda478..652610ec5d 100644 --- a/epan/dissectors/packet-spnego.c +++ b/epan/dissectors/packet-spnego.c @@ -616,14 +616,36 @@ static const value_string spnego_krb5_seal_alg_vals[] = { static int dissect_spnego_krb5_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree); static int -dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id); +dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id, gssapi_encrypt_info_t* gssapi_encrypt); static int dissect_spnego_krb5_cfx_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree); static int -dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id); +dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id, gssapi_encrypt_info_t* gssapi_encrypt); -static void -dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + +/* XXX - This should be TEMPORARY until these members in are removed from packet_info */ +static void packet_info_to_gssapi_encrypt(packet_info *pinfo, gssapi_encrypt_info_t* encrypt_info) +{ + encrypt_info->decrypt_gssapi_tvb = pinfo->decrypt_gssapi_tvb; + encrypt_info->gssapi_wrap_tvb = pinfo->gssapi_wrap_tvb; + encrypt_info->gssapi_encrypted_tvb = pinfo->gssapi_encrypted_tvb; + encrypt_info->gssapi_decrypted_tvb = pinfo->gssapi_decrypted_tvb; + encrypt_info->gssapi_data_encrypted = pinfo->gssapi_data_encrypted; +} + +static void gssapi_encrypt_to_packet_info(packet_info *pinfo, gssapi_encrypt_info_t* encrypt_info) +{ + pinfo->decrypt_gssapi_tvb = encrypt_info->decrypt_gssapi_tvb; + pinfo->gssapi_wrap_tvb = encrypt_info->gssapi_wrap_tvb; + pinfo->gssapi_encrypted_tvb = encrypt_info->gssapi_encrypted_tvb; + pinfo->gssapi_decrypted_tvb = encrypt_info->gssapi_decrypted_tvb; + pinfo->gssapi_data_encrypted = encrypt_info->gssapi_data_encrypted; +} + + + +static int +dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) { proto_item *item; proto_tree *subtree; @@ -635,6 +657,8 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) gboolean pc, ind = 0; gint32 tag; guint32 len; + gssapi_encrypt_info_t* encrypt_info = (gssapi_encrypt_info_t*)data; + gssapi_encrypt_info_t pass_encrypt_info; asn1_ctx_t asn1_ctx; asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); @@ -706,7 +730,7 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * return. */ dissect_kerberos_main(tvb, pinfo, subtree, FALSE, NULL); - return; + return tvb_captured_length(tvb); default: proto_tree_add_expert_format(subtree, pinfo, &ei_spnego_unknown_header, tvb, offset, 0, @@ -738,7 +762,28 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) break; case KRB_TOKEN_WRAP: - offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id); + /* XXX - This is setup to hopefully remove the need for these members in packet_info + * If data is supplied to dissector, use it. Otherwise convert to packet_info + */ + if (encrypt_info != NULL) + { + pass_encrypt_info = *encrypt_info; + } + else + { + packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info); + } + + offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info); + + if (encrypt_info != NULL) + { + *encrypt_info = pass_encrypt_info; + } + else + { + gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info); + } break; case KRB_TOKEN_DELETE_SEC_CONTEXT: @@ -750,7 +795,28 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) break; case KRB_TOKEN_CFX_WRAP: - offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id); + /* XXX - This is setup to hopefully remove the need for these members in packet_info + * If data is supplied to dissector, use it. Otherwise convert to packet_info + */ + if (encrypt_info != NULL) + { + pass_encrypt_info = *encrypt_info; + } + else + { + packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info); + } + + offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info); + + if (encrypt_info != NULL) + { + *encrypt_info = pass_encrypt_info; + } + else + { + gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info); + } break; default: @@ -760,7 +826,7 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) done: proto_item_set_len(item, offset); - return; + return tvb_captured_length(tvb); } #ifdef HAVE_KERBEROS @@ -895,9 +961,7 @@ gssapi_verify_pad(guint8 *wrapped_data, int wrapped_length, } static int -decrypt_arcfour(packet_info *pinfo, - guint8 *input_message_buffer, - guint8 *output_message_buffer, +decrypt_arcfour(gssapi_encrypt_info_t* gssapi_encrypt, guint8 *input_message_buffer, guint8 *output_message_buffer, guint8 *key_value, int key_size, int key_type) { guint8 Klocaldata[16]; @@ -911,22 +975,22 @@ decrypt_arcfour(packet_info *pinfo, int conf_flag; int padlen = 0; - datalen = tvb_captured_length(pinfo->gssapi_encrypted_tvb); + datalen = tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb); - if(tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 4)==0x1000){ + if(tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 4)==0x1000){ conf_flag=1; - } else if (tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 4)==0xffff){ + } else if (tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 4)==0xffff){ conf_flag=0; } else { return -3; } - if(tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 6)!=0xffff){ + if(tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 6)!=0xffff){ return -4; } ret = arcfour_mic_key(key_value, key_size, key_type, - tvb_get_ptr(pinfo->gssapi_wrap_tvb, 16, 8), + tvb_get_ptr(gssapi_encrypt->gssapi_wrap_tvb, 16, 8), 8, /* SGN_CKSUM */ k6_data); if (ret) { @@ -937,7 +1001,7 @@ decrypt_arcfour(packet_info *pinfo, rc4_state_struct rc4_state; crypt_rc4_init(&rc4_state, k6_data, sizeof(k6_data)); - tvb_memcpy(pinfo->gssapi_wrap_tvb, SND_SEQ, 8, 8); + tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, SND_SEQ, 8, 8); crypt_rc4(&rc4_state, (guint8 *)SND_SEQ, 8); memset(k6_data, 0, sizeof(k6_data)); @@ -966,12 +1030,12 @@ decrypt_arcfour(packet_info *pinfo, rc4_state_struct rc4_state; crypt_rc4_init(&rc4_state, k6_data, sizeof(k6_data)); - tvb_memcpy(pinfo->gssapi_wrap_tvb, Confounder, 24, 8); + tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, Confounder, 24, 8); crypt_rc4(&rc4_state, Confounder, 8); memcpy(output_message_buffer, input_message_buffer, datalen); crypt_rc4(&rc4_state, output_message_buffer, datalen); } else { - tvb_memcpy(pinfo->gssapi_wrap_tvb, Confounder, 24, 8); + tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, Confounder, 24, 8); memcpy(output_message_buffer, input_message_buffer, datalen); @@ -979,7 +1043,7 @@ decrypt_arcfour(packet_info *pinfo, memset(k6_data, 0, sizeof(k6_data)); /* only normal (i.e. non DCE style wrapping use padding ? */ - if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){ + if(gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){ ret = gssapi_verify_pad(output_message_buffer,datalen,datalen, &padlen); if (ret) { return -9; @@ -988,11 +1052,11 @@ decrypt_arcfour(packet_info *pinfo, } /* don't know what the checksum looks like for dce style gssapi */ - if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){ + if(gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){ ret = arcfour_mic_cksum(key_value, key_size, KRB5_KU_USAGE_SEAL, cksum_data, - tvb_get_ptr(pinfo->gssapi_wrap_tvb, 0, 8), 8, + tvb_get_ptr(gssapi_encrypt->gssapi_wrap_tvb, 0, 8), 8, Confounder, sizeof(Confounder), output_message_buffer, datalen + padlen); @@ -1000,7 +1064,7 @@ decrypt_arcfour(packet_info *pinfo, return -10; } - cmp = tvb_memeql(pinfo->gssapi_wrap_tvb, 16, cksum_data, 8); /* SGN_CKSUM */ + cmp = tvb_memeql(gssapi_encrypt->gssapi_wrap_tvb, 16, cksum_data, 8); /* SGN_CKSUM */ if (cmp) { return -11; } @@ -1014,7 +1078,7 @@ decrypt_arcfour(packet_info *pinfo, #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) static void -decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff_t *tvb, int keytype) +decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff_t *tvb, int keytype, gssapi_encrypt_info_t* gssapi_encrypt) { int ret; enc_key_t *ek; @@ -1024,8 +1088,8 @@ decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff guint8 *cryptocopy=NULL; /* workaround for pre-0.6.1 heimdal bug */ guint8 *output_message_buffer; - length=tvb_captured_length(pinfo->gssapi_encrypted_tvb); - original_data=tvb_get_ptr(pinfo->gssapi_encrypted_tvb, 0, length); + length=tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb); + original_data=tvb_get_ptr(gssapi_encrypt->gssapi_encrypted_tvb, 0, length); /* don't do anything if we are not attempting to decrypt data */ /* @@ -1052,26 +1116,24 @@ decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff This has been seen for RC4-HMAC blobs. */ memcpy(cryptocopy, original_data, length); - ret=decrypt_arcfour(pinfo, + ret=decrypt_arcfour(gssapi_encrypt, cryptocopy, output_message_buffer, ek->keyvalue, ek->keylength, - ek->keytype - ); + ek->keytype); if (ret >= 0) { expert_add_info_format(pinfo, NULL, &ei_spnego_decrypted_keytype, "Decrypted keytype %d in frame %u using %s", ek->keytype, pinfo->fd->num, ek->key_origin); - pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb, + gssapi_encrypt->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb, output_message_buffer, ret, ret); - add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5"); + add_new_data_source(pinfo, gssapi_encrypt->gssapi_decrypted_tvb, "Decrypted GSS-Krb5"); return; } } - return; } /* borrowed from heimdal */ @@ -1122,13 +1184,12 @@ rrc_rotate(guint8 *data, int len, guint16 rrc, int unrotate) #define KRB5_KU_USAGE_INITIATOR_SIGN 25 static void -decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, +decrypt_gssapi_krb_cfx_wrap(proto_tree *tree, packet_info *pinfo, tvbuff_t *checksum_tvb, - tvbuff_t *encrypted_tvb, + gssapi_encrypt_info_t* gssapi_encrypt, guint16 ec, guint16 rrc, - gboolean is_dce, int keytype, unsigned int usage) { @@ -1142,22 +1203,22 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, return; } - datalen = tvb_captured_length(checksum_tvb) + tvb_captured_length(encrypted_tvb); + datalen = tvb_captured_length(checksum_tvb) + tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb); rotated = (guint8 *)wmem_alloc(pinfo->pool, datalen); tvb_memcpy(checksum_tvb, rotated, 0, tvb_captured_length(checksum_tvb)); - tvb_memcpy(encrypted_tvb, rotated + tvb_captured_length(checksum_tvb), - 0, tvb_captured_length(encrypted_tvb)); + tvb_memcpy(gssapi_encrypt->gssapi_encrypted_tvb, rotated + tvb_captured_length(checksum_tvb), + 0, tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb)); - if (is_dce) { + if (gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE) { rrc += ec; } rrc_rotate(rotated, datalen, rrc, TRUE); - next_tvb=tvb_new_child_real_data(encrypted_tvb, rotated, + next_tvb=tvb_new_child_real_data(gssapi_encrypt->gssapi_encrypted_tvb, rotated, datalen, datalen); add_new_data_source(pinfo, next_tvb, "GSSAPI CFX"); @@ -1167,18 +1228,16 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, if (output) { guint8 *outdata; - outdata = (guint8 *)g_memdup(output, tvb_captured_length(encrypted_tvb)); + outdata = (guint8 *)g_memdup(output, tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb)); g_free(output); - pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(encrypted_tvb, + gssapi_encrypt->gssapi_decrypted_tvb=tvb_new_child_real_data(gssapi_encrypt->gssapi_encrypted_tvb, outdata, - tvb_captured_length(encrypted_tvb), - tvb_captured_length(encrypted_tvb)); - add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5"); - tvb_set_free_cb(pinfo->gssapi_decrypted_tvb, g_free); - return; + tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb), + tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb)); + add_new_data_source(pinfo, gssapi_encrypt->gssapi_decrypted_tvb, "Decrypted GSS-Krb5"); + tvb_set_free_cb(gssapi_encrypt->gssapi_decrypted_tvb, g_free); } - return; } #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */ @@ -1198,7 +1257,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo #ifndef HAVE_KERBEROS _U_ #endif - ) + , gssapi_encrypt_info_t* gssapi_encrypt + ) { guint16 sgn_alg, seal_alg; #ifdef HAVE_KERBEROS @@ -1261,15 +1321,15 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo } /* Is the data encrypted? */ - pinfo->gssapi_data_encrypted=(seal_alg!=KRB_SEAL_ALG_NONE); + gssapi_encrypt->gssapi_data_encrypted=(seal_alg!=KRB_SEAL_ALG_NONE); #ifdef HAVE_KERBEROS #define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32 - if(pinfo->decrypt_gssapi_tvb){ + if(gssapi_encrypt->decrypt_gssapi_tvb){ /* if the caller did not provide a tvb, then we just use whatever is left of our current tvb. */ - if(!pinfo->gssapi_encrypted_tvb){ + if(!gssapi_encrypt->gssapi_encrypted_tvb){ int len; len=tvb_reported_length_remaining(tvb,offset); if(len>tvb_captured_length_remaining(tvb, offset)){ @@ -1278,7 +1338,7 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo */ return offset; } - pinfo->gssapi_encrypted_tvb = tvb_new_subset_length( + gssapi_encrypt->gssapi_encrypted_tvb = tvb_new_subset_length( tvb, offset, len); } @@ -1289,8 +1349,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo /* do we need to create a tvb for the wrapper as well ? */ - if(!pinfo->gssapi_wrap_tvb){ - pinfo->gssapi_wrap_tvb = tvb_new_subset_length( + if(!gssapi_encrypt->gssapi_wrap_tvb){ + gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length( tvb, start_offset-2, GSS_ARCFOUR_WRAP_TOKEN_SIZE); } @@ -1298,7 +1358,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo decrypt_gssapi_krb_arcfour_wrap(tree, pinfo, tvb, - 23 /* rc4-hmac */); + KERB_ENCTYPE_RC4_HMAC, + gssapi_encrypt); #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */ } } @@ -1410,6 +1471,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo _U_ #endif , proto_tree *tree, guint16 token_id _U_ + , gssapi_encrypt_info_t* gssapi_encrypt ) { guint8 flags; @@ -1431,7 +1493,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo flags = tvb_get_guint8(tvb, offset); offset = dissect_spnego_krb5_cfx_flags(tvb, offset, tree, flags); - pinfo->gssapi_data_encrypted=(flags & 2); + gssapi_encrypt->gssapi_data_encrypted=(flags & 2); /* Skip the filler */ @@ -1461,7 +1523,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo /* Checksum of plaintext padded data */ - if (pinfo->gssapi_data_encrypted) { + if (gssapi_encrypt->gssapi_data_encrypted) { checksum_size = 44 + ec; proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset, @@ -1498,7 +1560,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo #endif returned_offset = offset; - pinfo->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset, + gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset, inner_token_len); offset += inner_token_len; @@ -1519,11 +1581,11 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo return returned_offset; } - if(pinfo->decrypt_gssapi_tvb){ + if(gssapi_encrypt->decrypt_gssapi_tvb){ /* if the caller did not provide a tvb, then we just use whatever is left of our current tvb. */ - if(!pinfo->gssapi_encrypted_tvb){ + if(!gssapi_encrypt->gssapi_encrypted_tvb){ int len; len=tvb_reported_length_remaining(tvb,offset); if(len>tvb_captured_length_remaining(tvb, offset)){ @@ -1532,16 +1594,16 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo */ return offset; } - pinfo->gssapi_encrypted_tvb = tvb_new_subset( + gssapi_encrypt->gssapi_encrypted_tvb = tvb_new_subset( tvb, offset, len, len); } - if (pinfo->gssapi_data_encrypted) { + if (gssapi_encrypt->gssapi_data_encrypted) { /* do we need to create a tvb for the wrapper as well ? */ - if(!pinfo->gssapi_wrap_tvb){ - pinfo->gssapi_wrap_tvb = tvb_new_subset_length( + if(!gssapi_encrypt->gssapi_wrap_tvb){ + gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length( tvb, start_offset-2, offset - (start_offset-2)); } @@ -1552,15 +1614,14 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo { tvbuff_t *checksum_tvb = tvb_new_subset_length(tvb, 16, checksum_size); - if (pinfo->gssapi_data_encrypted) { - if(pinfo->gssapi_encrypted_tvb){ + if (gssapi_encrypt->gssapi_data_encrypted) { + if(gssapi_encrypt->gssapi_encrypted_tvb){ decrypt_gssapi_krb_cfx_wrap(tree, pinfo, checksum_tvb, - pinfo->gssapi_encrypted_tvb, + gssapi_encrypt, ec, rrc, - (pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE)?TRUE:FALSE, -1, (flags & 0x0001)? KRB5_KU_USAGE_ACCEPTOR_SEAL: @@ -1638,12 +1699,14 @@ dissect_spnego_krb5_cfx_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinf * getting it accepted. */ static int -dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_) +dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data) { proto_item *item; proto_tree *subtree; int offset = 0; guint16 token_id; + gssapi_encrypt_info_t* encrypt_info = (gssapi_encrypt_info_t*)data; + gssapi_encrypt_info_t pass_encrypt_info; item = proto_tree_add_item(tree, hf_spnego_krb5, tvb, 0, -1, ENC_NA); @@ -1669,7 +1732,28 @@ dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree break; case KRB_TOKEN_WRAP: - offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id); + /* XXX - This is setup to hopefully remove the need for these members in packet_info + * If data is supplied to dissector, use it. Otherwise convert to packet_info + */ + if (encrypt_info != NULL) + { + pass_encrypt_info = *encrypt_info; + } + else + { + packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info); + } + + offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info); + + if (encrypt_info != NULL) + { + *encrypt_info = pass_encrypt_info; + } + else + { + gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info); + } break; case KRB_TOKEN_CFX_GETMIC: @@ -1677,7 +1761,28 @@ dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree break; case KRB_TOKEN_CFX_WRAP: - offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id); + /* XXX - This is setup to hopefully remove the need for these members in packet_info + * If data is supplied to dissector, use it. Otherwise convert to packet_info + */ + if (encrypt_info != NULL) + { + pass_encrypt_info = *encrypt_info; + } + else + { + packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info); + } + + offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info); + + if (encrypt_info != NULL) + { + *encrypt_info = pass_encrypt_info; + } + else + { + gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info); + } break; default: @@ -1959,7 +2064,7 @@ void proto_register_spnego(void) { NULL, HFILL }}, /*--- End of included file: packet-spnego-hfarr.c ---*/ -#line 1414 "../../asn1/spnego/packet-spnego-template.c" +#line 1519 "../../asn1/spnego/packet-spnego-template.c" }; /* List of subtrees */ @@ -1982,7 +2087,7 @@ void proto_register_spnego(void) { &ett_spnego_InitialContextToken_U, /*--- End of included file: packet-spnego-ettarr.c ---*/ -#line 1424 "../../asn1/spnego/packet-spnego-template.c" +#line 1529 "../../asn1/spnego/packet-spnego-template.c" }; static ei_register_info ei[] = { @@ -2001,7 +2106,7 @@ void proto_register_spnego(void) { "SPNEGO-KRB5", "spnego-krb5"); - register_dissector("spnego-krb5", dissect_spnego_krb5, proto_spnego_krb5); + new_register_dissector("spnego-krb5", dissect_spnego_krb5, proto_spnego_krb5); new_register_dissector("spnego-krb5-wrap", dissect_spnego_krb5_wrap, proto_spnego_krb5); /* Register fields and subtrees */ diff --git a/epan/packet_info.h b/epan/packet_info.h index 79a5e546b2..04309b1e43 100644 --- a/epan/packet_info.h +++ b/epan/packet_info.h @@ -140,8 +140,6 @@ typedef struct _packet_info { whether the data was modified by a man in the middle) but not sealed (i.e., the data itself wasn't encrypted). */ -#define DECRYPT_GSSAPI_NORMAL 1 -#define DECRYPT_GSSAPI_DCE 2 guint16 decrypt_gssapi_tvb; tvbuff_t *gssapi_wrap_tvb; tvbuff_t *gssapi_encrypted_tvb;