osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

LDAP: try harder to detect SASL with kerberos signing only 

The payload is still plaintext so we can dissect them as LDAP payload...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Stefan Metzmacher 2022-02-23 20:54:45 +01:00 committed by A Wireshark GitLab Utility
parent ec6a47f663
commit 80cb8fbb12
2 changed files with 53 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
epan/dissectors/asn1/ldap/packet-ldap-template.c
View File

@ -1056,6 +1056,10 @@ static void
ldap_conv_info_t *ldap_info = NULL;
proto_item *ldap_item = NULL;
proto_tree *ldap_tree = NULL;
guint32 sasl_length = 0;
guint32 remaining_length = 0;
guint8 sasl_start[2] = { 0, };
gboolean detected_sasl_security = FALSE;
ldm_tree = NULL;
@ -1094,12 +1098,29 @@ static void
* check if it looks like it could be a SASL blob here
* and in that case just assume it is GSS-SPNEGO
*/
if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
&&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
&&(tvb_get_guint8(tvb, offset+4)==0x60) ){
if(!doing_sasl_security && tvb_bytes_exist(tvb, offset, 6)) {
sasl_length = tvb_get_ntohl(tvb, offset);
remaining_length = tvb_reported_length_remaining(tvb, offset);
sasl_start[0] = tvb_get_guint8(tvb, offset+4);
sasl_start[1] = tvb_get_guint8(tvb, offset+5);
}
if ((sasl_length + 4) <= remaining_length) {
if (sasl_start[0] == 0x05 && sasl_start[1] == 0x04) {
/*
* Likely modern kerberos signing
*/
detected_sasl_security = TRUE;
} else if (sasl_start[0] == 0x60) {
/*
* Likely ASN.1 based kerberos
*/
detected_sasl_security = TRUE;
}
}
if (detected_sasl_security) {
ldap_info->auth_type=LDAP_AUTH_SASL;
ldap_info->first_auth_frame=pinfo->num;
ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "GSS-SPNEGO");
ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "UNKNOWN");
doing_sasl_security=TRUE;
}

35
epan/dissectors/packet-ldap.c
View File

@ -3966,6 +3966,10 @@ static void
ldap_conv_info_t *ldap_info = NULL;
proto_item *ldap_item = NULL;
proto_tree *ldap_tree = NULL;
guint32 sasl_length = 0;
guint32 remaining_length = 0;
guint8 sasl_start[2] = { 0, };
gboolean detected_sasl_security = FALSE;
ldm_tree = NULL;
@ -4004,12 +4008,29 @@ static void
* check if it looks like it could be a SASL blob here
* and in that case just assume it is GSS-SPNEGO
*/
if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
&&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
&&(tvb_get_guint8(tvb, offset+4)==0x60) ){
if(!doing_sasl_security && tvb_bytes_exist(tvb, offset, 6)) {
sasl_length = tvb_get_ntohl(tvb, offset);
remaining_length = tvb_reported_length_remaining(tvb, offset);
sasl_start[0] = tvb_get_guint8(tvb, offset+4);
sasl_start[1] = tvb_get_guint8(tvb, offset+5);
}
if ((sasl_length + 4) <= remaining_length) {
if (sasl_start[0] == 0x05 && sasl_start[1] == 0x04) {
/*
* Likely modern kerberos signing
*/
detected_sasl_security = TRUE;
} else if (sasl_start[0] == 0x60) {
/*
* Likely ASN.1 based kerberos
*/
detected_sasl_security = TRUE;
}
}
if (detected_sasl_security) {
ldap_info->auth_type=LDAP_AUTH_SASL;
ldap_info->first_auth_frame=pinfo->num;
ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "GSS-SPNEGO");
ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "UNKNOWN");
doing_sasl_security=TRUE;
}
@ -5632,7 +5653,7 @@ void proto_register_ldap(void) {
NULL, HFILL }},
/*--- End of included file: packet-ldap-hfarr.c ---*/
#line 2157 "./asn1/ldap/packet-ldap-template.c"
#line 2178 "./asn1/ldap/packet-ldap-template.c"
};
/* List of subtrees */
@ -5706,7 +5727,7 @@ void proto_register_ldap(void) {
&ett_ldap_T_warning,
/*--- End of included file: packet-ldap-ettarr.c ---*/
#line 2171 "./asn1/ldap/packet-ldap-template.c"
#line 2192 "./asn1/ldap/packet-ldap-template.c"
};
/* UAT for header fields */
static uat_field_t custom_attribute_types_uat_fields[] = {
@ -5917,7 +5938,7 @@ proto_reg_handoff_ldap(void)
/*--- End of included file: packet-ldap-dis-tab.c ---*/
#line 2365 "./asn1/ldap/packet-ldap-template.c"
#line 2386 "./asn1/ldap/packet-ldap-template.c"
dissector_add_uint_range_with_preference("tcp.port", TCP_PORT_RANGE_LDAP, ldap_handle);