Make "proto_is_protocol_enabled()" and "proto_get_protocol_short_name()"
take a "protocol_t *" as an argument, so they don't have to look up the
"protocol_t" - this will probably speed them up considerably, and
they're called on almost every dissector handoff.
Get rid of a number of "proto_is_protocol_enabled()" calls that aren't
necessary (dissectors called through handles, including those called
through dissector tables, or called as heuristic dissectors, aren't even
called if their protocol isn't enabled).
Change some direct dissector calls to go through handles.
svn path=/trunk/; revision=8979
to the dissector that handles the particular authentication flavour. This
gets rid of a couple of ugly switch statements and allows other authentication
modules to be written easily.
svn path=/trunk/; revision=8026
call to "gssapi_init_oid()" supplies both dissectors for context-level
tokens and GSS_Wrap header information; the latter dissector should
return the number of bytes of header information, so that if the header
information and the message for the protocol that's using GSSAPI are
treated as a single blob of data (as is the case with LDAP, but not with
DCE RPC, for example), the dissector for the protocol using GSSAPI knows
where to start dissecting.
We associate a pointer to the entire data structure for the OID, not the
handle for context-level token dissector for the OID, with conversations
and frames.
Make the dissector for NTLMSSP verifiers be the handler for GSS_Wrap
stuff for NTLMSSP, and add support for GSS_Wrap stuff for Kerberos.
Support SASL GSS-SPNEGO wrapping of LDAP messages. (XXX - this should
really check for GSS-SPNEGO.)
svn path=/trunk/; revision=6692
handle to use to dissect GSS-API inner context tokens has to be stored
as per-frame data, not just as conversation data.
svn path=/trunk/; revision=6569
only in bind, bind_ack, alter_context, alter_context_response, and auth3
PDUs; they're a verifier of some sort in other PDUs. The verifier
appears to start with an OID for the real authentication mechanism if
the authentication type is SPNEGO.
svn path=/trunk/; revision=6563
as an argument, and looks up that OID in the GSSAPI OID hash table.
Always use that routine to look up OIDs, so that we never use the result
of "format_oid()" as the key (as that doesn't necessarily work).
Make "gssapi_oids" static, as one should only look up GSSAPI
authentication mechanism OIDs with "gssapi_lookup_oid()".
In the SPNEGO dissector, free up the OID strings when we're done with
them, and don't advance the offset past the OID until after we put the
OID into the protocol tree.
svn path=/trunk/; revision=6228
in the gssapi_oids hash table; the keys are just text representations of
the numbers in the OID, but "format_oid()" can add a formatted
description of the OID to the end of the string it returns, which means
it won't match.
Use -1 rather than "tvb_length_remaining(tvb, 0)" as the length to say
"this item goes to the end of the tvbuff.
svn path=/trunk/; revision=6225
registered dissector name; that means you don't have to register a
dissector by name to associate it with a GSS-API security mechanism OID.
svn path=/trunk/; revision=6163
don't abort dissection of the entire packet if we get a
ReportedBoundsError while dissecting an authentication blob - the
authentication blob might be in the middle of a packet, and if it's too
short, that doesn't mean that the stuff *after* it shouldn't be
dissected.
svn path=/trunk/; revision=6160
"format_oid()" after we're done with it.
"format_oid()" doesn't necessarily generate a string containing only the
numerical OID value, so we can't use that string to search for an OID in
the OID hash table. Generate the string used in that lookup ourselves,
instead.
svn path=/trunk/; revision=6089
1) match the protocol's filter name (which isn't used, as we
never put entries into the protocol tree for the protocol
itself)
and
2) make it more obvious what you type.
(This matches what the NTLMSSP dissector does for its security blobs.)
svn path=/trunk/; revision=6076
Jörg Mayer