forked from osmocom/wireshark
LDAP: try harder to detect SASL with kerberos signing only
The payload is still plaintext so we can dissect them as LDAP payload... Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
ec6a47f663
commit
80cb8fbb12
|
@ -1056,6 +1056,10 @@ static void
|
||||||
ldap_conv_info_t *ldap_info = NULL;
|
ldap_conv_info_t *ldap_info = NULL;
|
||||||
proto_item *ldap_item = NULL;
|
proto_item *ldap_item = NULL;
|
||||||
proto_tree *ldap_tree = NULL;
|
proto_tree *ldap_tree = NULL;
|
||||||
|
guint32 sasl_length = 0;
|
||||||
|
guint32 remaining_length = 0;
|
||||||
|
guint8 sasl_start[2] = { 0, };
|
||||||
|
gboolean detected_sasl_security = FALSE;
|
||||||
|
|
||||||
ldm_tree = NULL;
|
ldm_tree = NULL;
|
||||||
|
|
||||||
|
@ -1094,12 +1098,29 @@ static void
|
||||||
* check if it looks like it could be a SASL blob here
|
* check if it looks like it could be a SASL blob here
|
||||||
* and in that case just assume it is GSS-SPNEGO
|
* and in that case just assume it is GSS-SPNEGO
|
||||||
*/
|
*/
|
||||||
if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
|
if(!doing_sasl_security && tvb_bytes_exist(tvb, offset, 6)) {
|
||||||
&&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
|
sasl_length = tvb_get_ntohl(tvb, offset);
|
||||||
&&(tvb_get_guint8(tvb, offset+4)==0x60) ){
|
remaining_length = tvb_reported_length_remaining(tvb, offset);
|
||||||
|
sasl_start[0] = tvb_get_guint8(tvb, offset+4);
|
||||||
|
sasl_start[1] = tvb_get_guint8(tvb, offset+5);
|
||||||
|
}
|
||||||
|
if ((sasl_length + 4) <= remaining_length) {
|
||||||
|
if (sasl_start[0] == 0x05 && sasl_start[1] == 0x04) {
|
||||||
|
/*
|
||||||
|
* Likely modern kerberos signing
|
||||||
|
*/
|
||||||
|
detected_sasl_security = TRUE;
|
||||||
|
} else if (sasl_start[0] == 0x60) {
|
||||||
|
/*
|
||||||
|
* Likely ASN.1 based kerberos
|
||||||
|
*/
|
||||||
|
detected_sasl_security = TRUE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (detected_sasl_security) {
|
||||||
ldap_info->auth_type=LDAP_AUTH_SASL;
|
ldap_info->auth_type=LDAP_AUTH_SASL;
|
||||||
ldap_info->first_auth_frame=pinfo->num;
|
ldap_info->first_auth_frame=pinfo->num;
|
||||||
ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "GSS-SPNEGO");
|
ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "UNKNOWN");
|
||||||
doing_sasl_security=TRUE;
|
doing_sasl_security=TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3966,6 +3966,10 @@ static void
|
||||||
ldap_conv_info_t *ldap_info = NULL;
|
ldap_conv_info_t *ldap_info = NULL;
|
||||||
proto_item *ldap_item = NULL;
|
proto_item *ldap_item = NULL;
|
||||||
proto_tree *ldap_tree = NULL;
|
proto_tree *ldap_tree = NULL;
|
||||||
|
guint32 sasl_length = 0;
|
||||||
|
guint32 remaining_length = 0;
|
||||||
|
guint8 sasl_start[2] = { 0, };
|
||||||
|
gboolean detected_sasl_security = FALSE;
|
||||||
|
|
||||||
ldm_tree = NULL;
|
ldm_tree = NULL;
|
||||||
|
|
||||||
|
@ -4004,12 +4008,29 @@ static void
|
||||||
* check if it looks like it could be a SASL blob here
|
* check if it looks like it could be a SASL blob here
|
||||||
* and in that case just assume it is GSS-SPNEGO
|
* and in that case just assume it is GSS-SPNEGO
|
||||||
*/
|
*/
|
||||||
if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
|
if(!doing_sasl_security && tvb_bytes_exist(tvb, offset, 6)) {
|
||||||
&&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
|
sasl_length = tvb_get_ntohl(tvb, offset);
|
||||||
&&(tvb_get_guint8(tvb, offset+4)==0x60) ){
|
remaining_length = tvb_reported_length_remaining(tvb, offset);
|
||||||
|
sasl_start[0] = tvb_get_guint8(tvb, offset+4);
|
||||||
|
sasl_start[1] = tvb_get_guint8(tvb, offset+5);
|
||||||
|
}
|
||||||
|
if ((sasl_length + 4) <= remaining_length) {
|
||||||
|
if (sasl_start[0] == 0x05 && sasl_start[1] == 0x04) {
|
||||||
|
/*
|
||||||
|
* Likely modern kerberos signing
|
||||||
|
*/
|
||||||
|
detected_sasl_security = TRUE;
|
||||||
|
} else if (sasl_start[0] == 0x60) {
|
||||||
|
/*
|
||||||
|
* Likely ASN.1 based kerberos
|
||||||
|
*/
|
||||||
|
detected_sasl_security = TRUE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (detected_sasl_security) {
|
||||||
ldap_info->auth_type=LDAP_AUTH_SASL;
|
ldap_info->auth_type=LDAP_AUTH_SASL;
|
||||||
ldap_info->first_auth_frame=pinfo->num;
|
ldap_info->first_auth_frame=pinfo->num;
|
||||||
ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "GSS-SPNEGO");
|
ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "UNKNOWN");
|
||||||
doing_sasl_security=TRUE;
|
doing_sasl_security=TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -5632,7 +5653,7 @@ void proto_register_ldap(void) {
|
||||||
NULL, HFILL }},
|
NULL, HFILL }},
|
||||||
|
|
||||||
/*--- End of included file: packet-ldap-hfarr.c ---*/
|
/*--- End of included file: packet-ldap-hfarr.c ---*/
|
||||||
#line 2157 "./asn1/ldap/packet-ldap-template.c"
|
#line 2178 "./asn1/ldap/packet-ldap-template.c"
|
||||||
};
|
};
|
||||||
|
|
||||||
/* List of subtrees */
|
/* List of subtrees */
|
||||||
|
@ -5706,7 +5727,7 @@ void proto_register_ldap(void) {
|
||||||
&ett_ldap_T_warning,
|
&ett_ldap_T_warning,
|
||||||
|
|
||||||
/*--- End of included file: packet-ldap-ettarr.c ---*/
|
/*--- End of included file: packet-ldap-ettarr.c ---*/
|
||||||
#line 2171 "./asn1/ldap/packet-ldap-template.c"
|
#line 2192 "./asn1/ldap/packet-ldap-template.c"
|
||||||
};
|
};
|
||||||
/* UAT for header fields */
|
/* UAT for header fields */
|
||||||
static uat_field_t custom_attribute_types_uat_fields[] = {
|
static uat_field_t custom_attribute_types_uat_fields[] = {
|
||||||
|
@ -5917,7 +5938,7 @@ proto_reg_handoff_ldap(void)
|
||||||
|
|
||||||
|
|
||||||
/*--- End of included file: packet-ldap-dis-tab.c ---*/
|
/*--- End of included file: packet-ldap-dis-tab.c ---*/
|
||||||
#line 2365 "./asn1/ldap/packet-ldap-template.c"
|
#line 2386 "./asn1/ldap/packet-ldap-template.c"
|
||||||
|
|
||||||
dissector_add_uint_range_with_preference("tcp.port", TCP_PORT_RANGE_LDAP, ldap_handle);
|
dissector_add_uint_range_with_preference("tcp.port", TCP_PORT_RANGE_LDAP, ldap_handle);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue