osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

add code to handle new insanity in how spnego and gss wrap 

eachother



svn path=/trunk/; revision=22165
This commit is contained in:
Ronnie Sahlberg 2007-06-22 19:32:02 +00:00
parent 83dc65536f
commit 35f3ff0246
3 changed files with 86 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
asn1/ldap/ldap.cnf
View File

@ -165,27 +165,42 @@ char *mechanism = NULL;
tvbuff_t *parameter_tvb;
ldap_conv_info_t *ldap_info;
gint8 class;
gboolean pc;
gint32 tag;
%(DEFAULT_BODY)s
if (!parameter_tvb)
return offset;
ldap_info = actx->pinfo->private_data;
if (ldap_info->auth_mech != NULL && strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
/*
* This is a GSS-API token ancapsulated within GSS-SPNEGO.
*/
if (parameter_tvb && (tvb_length(parameter_tvb) > 0))
call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
} else if (ldap_info->auth_mech != NULL && strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
/*
* This is a raw GSS-API token.
*/
if (parameter_tvb && (tvb_length(parameter_tvb) > 0))
call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
get_ber_identifier(parameter_tvb, 0, &class, &pc, &tag);
/*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (class==BER_CLASS_CON)) {*/
if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_CON)) {
/*
* This is a GSS-API token ancapsulated within GSS-SPNEGO.
* We need to check the first byte to check whether the blob
* contains SPNEGO or GSSAPI.
* All SPNEGO PDUs are of class CONSTRUCTED while
* GSS PDUs are class APPLICATION
*/
if (parameter_tvb && (tvb_length(parameter_tvb) > 0))
call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
}
/*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (class==BER_CLASS_APP))) {*/
if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_APP)) {
/*
* This is a raw GSS-API token.
*/
if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) {
call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
}
}
actx->pinfo->private_data = ldap_info;
#.FN_BODY ServerSaslCreds VAL_PTR = &parameter_tvb
tvbuff_t *parameter_tvb;

101
epan/dissectors/packet-ldap.c
View File

@ -1,6 +1,6 @@
/* Do not modify this file. */
/* It is created automatically by the ASN.1 to Wireshark dissector compiler */
/* .\packet-ldap.c */
/* ./packet-ldap.c */
/* ../../tools/asn2wrs.py -b -X -e -p ldap -c ldap.cnf -s packet-ldap-template Lightweight-Directory-Access-Protocol-V3.asn */
/* Input file: packet-ldap-template.c */
@ -754,7 +754,7 @@ dissect_ldap_INTEGER_1_127(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
static int
dissect_ldap_LDAPString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 251 "ldap.cnf"
#line 266 "ldap.cnf"
tvbuff_t *parameter_tvb = NULL;
char *ldapstring;
gchar *sc = NULL; /* semi-colon pointer */
@ -929,31 +929,46 @@ dissect_ldap_Credentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse
tvbuff_t *parameter_tvb;
ldap_conv_info_t *ldap_info;
gint8 class;
gboolean pc;
gint32 tag;
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
&parameter_tvb);
if (!parameter_tvb)
return offset;
ldap_info = actx->pinfo->private_data;
if (ldap_info->auth_mech != NULL && strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
/*
* This is a GSS-API token ancapsulated within GSS-SPNEGO.
*/
if (parameter_tvb && (tvb_length(parameter_tvb) > 0))
call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
} else if (ldap_info->auth_mech != NULL && strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
/*
* This is a raw GSS-API token.
*/
if (parameter_tvb && (tvb_length(parameter_tvb) > 0))
call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
get_ber_identifier(parameter_tvb, 0, &class, &pc, &tag);
/*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (class==BER_CLASS_CON)) {*/
if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_CON)) {
/*
* This is a GSS-API token ancapsulated within GSS-SPNEGO.
* We need to check the first byte to check whether the blob
* contains SPNEGO or GSSAPI.
* All SPNEGO PDUs are of class CONSTRUCTED while
* GSS PDUs are class APPLICATION
*/
if (parameter_tvb && (tvb_length(parameter_tvb) > 0))
call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
}
/*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (class==BER_CLASS_APP))) {*/
if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_APP)) {
/*
* This is a raw GSS-API token.
*/
if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) {
call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
}
}
actx->pinfo->private_data = ldap_info;
return offset;
}
@ -976,7 +991,7 @@ dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
static int
dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 604 "ldap.cnf"
#line 619 "ldap.cnf"
/* make sure the protocol op comes first */
ldap_do_protocolop(actx->pinfo);
@ -992,7 +1007,7 @@ dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, in
static int
dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 611 "ldap.cnf"
#line 626 "ldap.cnf"
/* make sure the protocol op comes first */
ldap_do_protocolop(actx->pinfo);
@ -1023,7 +1038,7 @@ static const ber_choice_t AuthenticationChoice_choice[] = {
static int
dissect_ldap_AuthenticationChoice(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 425 "ldap.cnf"
#line 440 "ldap.cnf"
gint branch = -1;
gint auth = -1;
const gchar *valstr;
@ -1116,7 +1131,7 @@ static const value_string ldap_BindResponse_resultCode_vals[] = {
static int
dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 369 "ldap.cnf"
#line 384 "ldap.cnf"
const gchar *valstr;
@ -1148,7 +1163,7 @@ dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U
static int
dissect_ldap_T_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 618 "ldap.cnf"
#line 633 "ldap.cnf"
tvbuff_t *new_tvb=NULL;
offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
@ -1209,7 +1224,7 @@ dissect_ldap_Referral(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _
static int
dissect_ldap_ServerSaslCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 190 "ldap.cnf"
#line 205 "ldap.cnf"
tvbuff_t *parameter_tvb;
ldap_conv_info_t *ldap_info;
@ -1299,7 +1314,7 @@ dissect_ldap_BindResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs
static int
dissect_ldap_UnbindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 447 "ldap.cnf"
#line 462 "ldap.cnf"
implicit_tag = TRUE; /* correct problem with asn2wrs */
@ -1328,7 +1343,7 @@ static const value_string ldap_T_scope_vals[] = {
static int
dissect_ldap_T_scope(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 332 "ldap.cnf"
#line 347 "ldap.cnf"
gint scope;
const gchar *valstr;
@ -1395,7 +1410,7 @@ static int
dissect_ldap_T_and_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
#line 481 "ldap.cnf"
#line 496 "ldap.cnf"
if(and_filter_string){
and_filter_string=ep_strdup_printf("(&%s%s)",and_filter_string,Filter_string);
} else {
@ -1413,7 +1428,7 @@ static const ber_sequence_t T_and_set_of[1] = {
static int
dissect_ldap_T_and(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 488 "ldap.cnf"
#line 503 "ldap.cnf"
proto_tree *tr=NULL;
proto_item *it=NULL;
char *old_and_filter_string=and_filter_string;
@ -1444,7 +1459,7 @@ static int
dissect_ldap_T_or_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
#line 506 "ldap.cnf"
#line 521 "ldap.cnf"
if(or_filter_string){
or_filter_string=ep_strdup_printf("(|%s%s)",or_filter_string,Filter_string);
} else {
@ -1463,7 +1478,7 @@ static const ber_sequence_t T_or_set_of[1] = {
static int
dissect_ldap_T_or(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 514 "ldap.cnf"
#line 529 "ldap.cnf"
proto_tree *tr=NULL;
proto_item *it=NULL;
char *old_or_filter_string=or_filter_string;
@ -1492,7 +1507,7 @@ static int
dissect_ldap_T_not(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
#line 533 "ldap.cnf"
#line 548 "ldap.cnf"
Filter_string=ep_strdup_printf("(!%s)",Filter_string);
@ -1530,7 +1545,7 @@ static int
dissect_ldap_T_equalityMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
#line 466 "ldap.cnf"
#line 481 "ldap.cnf"
Filter_string=ep_strdup_printf("(%s=%s)",attributedesc_string,ldapvalue_string);
@ -1559,7 +1574,7 @@ dissect_ldap_T_substringFilter_substrings_item(gboolean implicit_tag _U_, tvbuff
T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item,
NULL);
#line 559 "ldap.cnf"
#line 574 "ldap.cnf"
if (substring_item_final) {
substring_value=ep_strdup_printf("%s%s",
(substring_value?substring_value:"*"),
@ -1599,7 +1614,7 @@ static const ber_sequence_t SubstringFilter_sequence[] = {
static int
dissect_ldap_SubstringFilter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 573 "ldap.cnf"
#line 588 "ldap.cnf"
proto_tree *tr=NULL;
proto_item *it=NULL;
char *old_substring_value=substring_value;
@ -1631,7 +1646,7 @@ static int
dissect_ldap_T_greaterOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
#line 470 "ldap.cnf"
#line 485 "ldap.cnf"
Filter_string=ep_strdup_printf("(%s>=%s)",attributedesc_string,ldapvalue_string);
@ -1645,7 +1660,7 @@ static int
dissect_ldap_T_lessOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
#line 474 "ldap.cnf"
#line 489 "ldap.cnf"
Filter_string=ep_strdup_printf("(%s<=%s)",attributedesc_string,ldapvalue_string);
@ -1659,7 +1674,7 @@ static int
dissect_ldap_T_present(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, actx, tree, hf_index);
#line 530 "ldap.cnf"
#line 545 "ldap.cnf"
Filter_string=ep_strdup_printf("(%s=*)",Filter_string);
@ -1672,7 +1687,7 @@ static int
dissect_ldap_T_approxMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
#line 478 "ldap.cnf"
#line 493 "ldap.cnf"
Filter_string=ep_strdup_printf("(%s~=%s)",attributedesc_string,ldapvalue_string);
@ -1692,7 +1707,7 @@ dissect_ldap_MatchingRuleId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
static int
dissect_ldap_T_dnAttributes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 536 "ldap.cnf"
#line 551 "ldap.cnf"
gboolean val;
offset = dissect_ber_boolean_value(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
@ -1727,7 +1742,7 @@ dissect_ldap_MatchingRuleAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
static int
dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 545 "ldap.cnf"
#line 560 "ldap.cnf"
attr_type=NULL;
matching_rule_string=NULL;
ldapvalue_string=NULL;
@ -1736,7 +1751,7 @@ dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
#line 551 "ldap.cnf"
#line 566 "ldap.cnf"
Filter_string=ep_strdup_printf("(%s:%s%s%s=%s)",
(attr_type?attr_type:""),
(matching_rule_dnattr?"dn:":""),
@ -1779,7 +1794,7 @@ static const ber_choice_t Filter_choice[] = {
static int
dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 592 "ldap.cnf"
#line 607 "ldap.cnf"
proto_tree *tr=NULL;
proto_item *it=NULL;
@ -1803,13 +1818,13 @@ dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_
static int
dissect_ldap_T_filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 459 "ldap.cnf"
#line 474 "ldap.cnf"
Filter_string=NULL;
offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
#line 462 "ldap.cnf"
#line 477 "ldap.cnf"
Filter_string=NULL;
and_filter_string=NULL;
@ -1855,7 +1870,7 @@ dissect_ldap_SearchRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
static int
dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 390 "ldap.cnf"
#line 405 "ldap.cnf"
tvbuff_t *next_tvb;
gchar *string;
@ -2000,7 +2015,7 @@ static const value_string ldap_T_resultCode_vals[] = {
static int
dissect_ldap_T_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 349 "ldap.cnf"
#line 364 "ldap.cnf"
const gchar *valstr;
@ -2545,7 +2560,7 @@ dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse
static int
dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 634 "ldap.cnf"
#line 649 "ldap.cnf"
gint8 class;
gboolean pc, ind;
gint32 tag;

2
epan/dissectors/packet-ldap.h
View File

@ -1,6 +1,6 @@
/* Do not modify this file. */
/* It is created automatically by the ASN.1 to Wireshark dissector compiler */
/* .\packet-ldap.h */
/* ./packet-ldap.h */
/* ../../tools/asn2wrs.py -b -X -e -p ldap -c ldap.cnf -s packet-ldap-template Lightweight-Directory-Access-Protocol-V3.asn */
/* Input file: packet-ldap-template.h */