forked from osmocom/wireshark
131 lines
3.5 KiB
INI
131 lines
3.5 KiB
INI
# credssp.cnf
|
|
# Credential Security Support Provider (CredSSP) conformance file
|
|
|
|
#.PDU
|
|
TSRequest
|
|
|
|
#.FN_PARS TSRequest/version VAL_PTR = &credssp_ver
|
|
|
|
#.FN_BODY TSRequest/authInfo VAL_PTR = &auth_tvb
|
|
tvbuff_t *auth_tvb = NULL;
|
|
tvbuff_t *decr_tvb = NULL;
|
|
gssapi_encrypt_info_t gssapi_encrypt;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
memset(&gssapi_encrypt, 0, sizeof(gssapi_encrypt));
|
|
gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
|
|
call_dissector_with_data(gssapi_wrap_handle, auth_tvb, actx->pinfo, tree, &gssapi_encrypt);
|
|
decr_tvb = gssapi_encrypt.gssapi_decrypted_tvb;
|
|
|
|
if(decr_tvb != NULL)
|
|
dissect_credssp_TSCredentials(FALSE, decr_tvb, 0, actx, tree, hf_credssp_TSCredentials);
|
|
|
|
#.FN_BODY TSRequest/pubKeyAuth VAL_PTR = &auth_tvb
|
|
tvbuff_t *auth_tvb = NULL;
|
|
tvbuff_t *decr_tvb = NULL;
|
|
gssapi_encrypt_info_t gssapi_encrypt;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
memset(&gssapi_encrypt, 0, sizeof(gssapi_encrypt));
|
|
gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
|
|
call_dissector_with_data(gssapi_wrap_handle, auth_tvb, actx->pinfo, tree, &gssapi_encrypt);
|
|
decr_tvb = gssapi_encrypt.gssapi_decrypted_tvb;
|
|
|
|
if(decr_tvb != NULL)
|
|
proto_tree_add_item(tree, hf_credssp_decr_PublicKeyAuth, decr_tvb, 0, -1, ENC_NA);
|
|
|
|
#.FN_BODY TSRequest/errorCode
|
|
|
|
if (credssp_ver < 3) {
|
|
return 0;
|
|
}
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
|
|
#.FN_BODY TSRequest/clientNonce
|
|
|
|
if (credssp_ver < 5) {
|
|
return 0;
|
|
}
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
|
|
#.FN_PARS TSCredentials/credType VAL_PTR = &creds_type
|
|
#.FN_PARS TSCredentials/credentials VAL_PTR = &creds_tvb
|
|
|
|
#.FN_BODY TSCredentials/credentials
|
|
tvbuff_t *creds_tvb = NULL;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
switch(creds_type) {
|
|
case TS_PASSWORD_CREDS:
|
|
dissect_credssp_TSPasswordCreds(FALSE, creds_tvb, 0, actx, tree, hf_credssp_TSPasswordCreds);
|
|
break;
|
|
case TS_SMARTCARD_CREDS:
|
|
dissect_credssp_TSSmartCardCreds(FALSE, creds_tvb, 0, actx, tree, hf_credssp_TSSmartCardCreds);
|
|
break;
|
|
case TS_REMOTEGUARD_CREDS:
|
|
dissect_credssp_TSRemoteGuardCreds(FALSE, creds_tvb, 0, actx, tree, hf_credssp_TSRemoteGuardCreds);
|
|
break;
|
|
}
|
|
|
|
|
|
#.FN_PARS NegoData/_item/negoToken VAL_PTR = &token_tvb
|
|
|
|
#.FN_BODY NegoData/_item/negoToken
|
|
tvbuff_t *token_tvb = NULL;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
if(token_tvb != NULL)
|
|
call_dissector(gssapi_handle, token_tvb, actx->pinfo, tree);
|
|
|
|
|
|
#.TYPE_ATTR
|
|
TSRemoteGuardPackageCred/packageName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
|
|
#.FN_BODY TSRemoteGuardPackageCred/packageName VAL_PTR = &pname
|
|
tvbuff_t *pname = NULL;
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, NULL, tvb, offset, hf_index, &pname);
|
|
|
|
if(pname != NULL) {
|
|
gint nlen = tvb_captured_length(pname);
|
|
|
|
if (nlen == sizeof(kerberos_pname) && memcmp(tvb_get_ptr(pname, 0, nlen), kerberos_pname, nlen) == 0) {
|
|
credssp_TS_RGC_package = TS_RGC_KERBEROS;
|
|
} else if (nlen == sizeof(ntlm_pname) && memcmp(tvb_get_ptr(pname, 0, nlen), ntlm_pname, nlen) == 0) {
|
|
credssp_TS_RGC_package = TS_RGC_NTLM;
|
|
}
|
|
proto_tree_add_item(tree, hf_index, pname, 0, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN);
|
|
}
|
|
|
|
#.FN_BODY TSRemoteGuardPackageCred/credBuffer VAL_PTR = &creds
|
|
tvbuff_t *creds= NULL;
|
|
proto_tree *subtree;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
if (!creds)
|
|
return offset;
|
|
|
|
switch(credssp_TS_RGC_package) {
|
|
case TS_RGC_KERBEROS:
|
|
subtree = proto_item_add_subtree(actx->created_item, ett_credssp_RGC_CredBuffer);
|
|
dissect_kerberos_KERB_TICKET_LOGON(creds, 0, actx, subtree);
|
|
break;
|
|
case TS_RGC_NTLM:
|
|
subtree = proto_item_add_subtree(actx->created_item, ett_credssp_RGC_CredBuffer);
|
|
dissect_ntlmssp_NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL(creds, 0, subtree);
|
|
break;
|
|
}
|
|
|
|
#.END
|
|
|
|
|