Two more Kerberos error codes where it has been witnessed that the payload contains a PA-DATA structure with the magic salt containing an nt status code
svn path=/trunk/; revision=18088
issued by ms kdc contains a PA_DATA structure with a salt that contains an
nt_status code explaining why the client was not allowed to get a (tgt) ticket
svn path=/trunk/; revision=17796
for the time being since i have never seen this salt being used elsewhere,
assume everything is the MS style salt:
guint32 nt_status
guint32 unknown
guint32 unknown
if the MS KDC does nopt allow a client to grab a ticket (due to policy client can only log in at certain hours or such)
KDC will repsond with a failuer with edata like above and nt-status == STATUS_LOGON_HOURS
svn path=/trunk/; revision=17722
while this should improve performance by unmeasurably little it does have the sideeffect that once we finish the rewrite tcp analysis might actually work and work well even for tcp over tcp tunnelling.
this also means that if you include packet-tcp.h you also need to include emem.h .
svn path=/trunk/; revision=17681
mp_addr_to_str was unnecessary 'complex' - simplified it
packet-dns.c: Fix incorrect use of g_snprintf return value
packet-dcm.c: Fix incorrect use of g_snprintf return value
Someone who understands the protocol should look at the
"vr, tr might be used uninitialized..." warning.
packet-x11.c: Fix incorrect use of g_snprintf return value
packet-kerberos.c: Fix incorrect use of g_snprintf return value
Someone should take a look at the
"longjump might clobber ..." messages
packet-diameter.c: Fix incorrect use of g_snprintf return value
Get rid of unsigned < 0 check
packet-pgm.c: Fix incorrect use of g_snprintf return value
packet-nbns.c: Fix incorrect use of g_snprintf return value
packet-winsrepl.c: Collateral damage to packet-nbns.c fix
packet-netbios.c: Collateral damage to packet-nbns.c fix
packet-netbios.h: Collateral damage to packet-nbns.c fix
packet-kerberos.c: Collateral damage to packet-nbns.c fix
packet-nbipx.c: Collateral damage to packet-nbns.c fix
svn path=/trunk/; revision=17065
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
structure. Handle that.
Don't muck with the columns, or put a top-level Kerberos protocol item
into the protocol tree, until we decide that we really have a Kerberos
packet.
Do, however, clear the Info column if we're dissecting the Kerberos
protocol.
svn path=/trunk/; revision=15589
since a KDC MIGTH send the reply back from a different port.
Then comes X.L's capture (ethereal-dev) 816fc4.cap from 16Aug2005 where
the client is reusing the same source port to talk to DNS after finishing
doing the port 88 KDC stuff.
==>
Make kerberos/udp able to test the packet for sanity and reject packets that
do not look like kerberos (even if there was a conversation that said it was kerberos)
and thus let other dissectors have a go at it.
in doubt, try 816fc4.cap before and after this patch :-)
svn path=/trunk/; revision=15405
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264
DissectorError. In packet-kerberos.c, restore pinfo->private_data if
we throw an exception, which keeps the SMB dissector from throwing
a DissectorError. Initialize variables in other places to squelch
valgrind warnings.
svn path=/trunk/; revision=15235
that they are not longer than the reported length of the tvb.
this triggers some bugs since in packet-ber we are a bit too lax in setting reported_length of the tvb_new_subset() tvb.
this cause short kerberos packets to not be decoded at all and the same for other short asn based packets as well.
fix some of these instances.
svn path=/trunk/; revision=15127
pointers either "void *" or "guint8 *", to reduce the level of compiler
warnings (the data in question is largely binary in those cases).
svn path=/trunk/; revision=14886
current signature ("class" is a "gint8 *", not a "guint8 *", and "tag"
is a "gint32 *", not a "guint32 *"). Re-generate the dissectors from
the ASN.1 and the .cnf files in the cases where the arguments were fixed
in a .cnf file.
Give some dissectors the right svn:keywords and svn:eol-style settings.
svn path=/trunk/; revision=14885
index of the branch taken or -1 to make prettifications easier to implement.
change the signature of dissect_ber_choice and rename it to dissect_ber_CHOICE to catch all
occurences of the use of this function
update asn2eth to use the new name/signature
update all occurences of this function to the new name and new signature.
svn path=/trunk/; revision=14758
IF the length seems bogus, like longer than the reported tvb_length
we add a helpful text item to the tree and generate a [malformed packet]
change all callers of get_ber_length to the new signature.
svn path=/trunk/; revision=14145
It should not dump core as far as all my tests are concerned and Menu_Statistics/ProtocolHierStats work
It needs more testing and there might still be cases where it will crash that will need to be fixed but I feel it will be worth it since it will decrease the time to filter very large capture files dramatically.
Real significant performance boost for very large captures.
(If we cant fix all the problems we can just revert this patch)
svn path=/trunk/; revision=14051
(cifs: dc's talking to eachother and when longhorn comes out: anyone wanting to talk dce to a dc!)
((this is an incredibly advanced feature well worthy of mentioning in NEWS))
svn path=/trunk/; revision=13690
Replace the use of the undefined type krb5_keyusage (at least with heimdal)
in decrypt_krb5_data with the old int. The change wasn't complete anyway
as the .h file wasn't changed and the third implemenitation of
decrypt_krb5_data was left out also.
Disclaimer: I only made sure it compiles again, I don't know whether the
change has any side effects.
svn path=/trunk/; revision=13645
decrypt and behold the new password in plaintext in all its glory
(given you have the keytab with the old one of course)
svn path=/trunk/; revision=13586
Ronnie Sahlberg