osmith/wireshark
1
0
Fork 0
forked from osmocom/wireshark
Code Pull requests Releases Wiki Activity
wireshark/packet-gssapi.c
Guy Harris 7bd2e232a9 Export "protocol_t" as an opaque type. 
Make "proto_is_protocol_enabled()" and "proto_get_protocol_short_name()"
take a "protocol_t *" as an argument, so they don't have to look up the
"protocol_t" - this will probably speed them up considerably, and
they're called on almost every dissector handoff.

Get rid of a number of "proto_is_protocol_enabled()" calls that aren't
necessary (dissectors called through handles, including those called
through dissector tables, or called as heuristic dissectors, aren't even
called if their protocol isn't enabled).

Change some direct dissector calls to go through handles.

svn path=/trunk/; revision=8979
2003-11-16 23:17:27 +00:00

484 lines
12 KiB
C
Raw Blame History

/* packet-gssapi.c
* Dissector for GSS-API tokens as described in rfc2078, section 3.1
* Copyright 2002, Tim Potter <tpot@samba.org>
* Copyright 2002, Richard Sharpe <rsharpe@samba.org> Added a few
* bits and pieces ...
*
* $Id: packet-gssapi.c,v 1.28 2003/11/16 23:17:19 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
#include <string.h>
#include <glib.h>
#include <epan/packet.h>
#include "asn1.h"
#include "format-oid.h"
#include "packet-dcerpc.h"
#include "packet-gssapi.h"
#include "packet-frame.h"
#include "epan/conversation.h"
static int proto_gssapi = -1;
static int hf_gssapi = -1;
static gint ett_gssapi = -1;
/*
* Subdissectors
*/
static GHashTable *gssapi_oids;
static gint gssapi_oid_equal(gconstpointer k1, gconstpointer k2)
{
const char *key1 = (const char *)k1;
const char *key2 = (const char *)k2;
return strcmp(key1, key2) == 0;
}
static guint
gssapi_oid_hash(gconstpointer k)
{
const char *key = (const char *)k;
guint hash = 0, i;
for (i = 0; i < strlen(key); i++)
hash += key[i];
return hash;
}
void
gssapi_init_oid(char *oid, int proto, int ett, dissector_handle_t handle,
dissector_handle_t wrap_handle, gchar *comment)
{
char *key = g_strdup(oid);
gssapi_oid_value *value = g_malloc(sizeof(*value));
value->proto = find_protocol_by_id(proto);
value->ett = ett;
value->handle = handle;
value->wrap_handle = wrap_handle;
value->comment = comment;
g_hash_table_insert(gssapi_oids, key, value);
}
/*
* This takes an OID in binary form, not an OID as a text string, as
* an argument.
*/
gssapi_oid_value *
gssapi_lookup_oid(subid_t *oid, guint oid_len)
{
gchar *oid_key;
gchar *p;
unsigned int i;
int len;
gssapi_oid_value *value;
/*
* Convert the OID to a string, as text strings are used as
* keys in the OID hash table.
*/
oid_key = g_malloc(oid_len * 22 + 1);
p = oid_key;
len = sprintf(p, "%lu", (unsigned long)oid[0]);
p += len;
for (i = 1; i < oid_len;i++) {
len = sprintf(p, ".%lu", (unsigned long)oid[i]);
p += len;
}
value = g_hash_table_lookup(gssapi_oids, oid_key);
g_free(oid_key);
return value;
}
/* Display an ASN1 parse error. Taken from packet-snmp.c */
static dissector_handle_t data_handle;
static void
dissect_parse_error(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, const char *field_name, int ret)
{
char *errstr;
errstr = asn1_err_to_str(ret);
if (tree != NULL) {
proto_tree_add_text(tree, tvb, offset, 0,
"ERROR: Couldn't parse %s: %s", field_name, errstr);
call_dissector(data_handle,
tvb_new_subset(tvb, offset, -1, -1), pinfo, tree);
}
}
static int
dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
gboolean is_verifier)
{
proto_item *item;
proto_tree *subtree;
ASN1_SCK hnd;
int ret, offset = 0;
volatile int return_offset = 0;
gboolean def;
guint len1, oid_len, cls, con, tag, nbytes;
subid_t *oid;
gchar *oid_string;
gssapi_oid_value *value;
volatile dissector_handle_t handle;
conversation_t *volatile conversation;
tvbuff_t *oid_tvb;
int len;
/*
* We need this later, so lets get it now ...
*/
conversation = find_conversation(&pinfo->src, &pinfo->dst,
pinfo->ptype, pinfo->srcport,
pinfo->destport, 0);
item = proto_tree_add_item(
tree, hf_gssapi, tvb, offset, -1, FALSE);
subtree = proto_item_add_subtree(item, ett_gssapi);
/*
* Catch the ReportedBoundsError exception; the stuff we've been
* handed doesn't necessarily run to the end of the packet, it's
* an item inside a packet, so if it happens to be malformed (or
* we, or a dissector we call, has a bug), so that an exception
* is thrown, we want to report the error, but return and let
* our caller dissect the rest of the packet.
*
* If it gets a BoundsError, we can stop, as there's nothing more
* in the packet after our blob to see, so we just re-throw the
* exception.
*/
TRY {
/* Read header */
asn1_open(&hnd, tvb, offset);
ret = asn1_header_decode(&hnd, &cls, &con, &tag, &def, &len1);
if (ret != ASN1_ERR_NOERROR) {
dissect_parse_error(tvb, offset, pinfo, subtree,
"GSS-API header", ret);
return_offset = tvb_length(tvb);
goto done;
}
if (!(cls == ASN1_APL && con == ASN1_CON && tag == 0)) {
/*
* If we do not recognise an Application class,
* then we are probably dealing with an inner context
* token or a wrap token, and we should retrieve the
* gssapi_oid_value pointer from the per-frame data or,
* if there is no per-frame data (as would be the case
* the first time we dissect this frame), from the
* conversation that exists or that we created from
* pinfo (and then make it per-frame data).
* We need to make it per-frame data as there can be
* more than one GSS-API negotiation in a conversation.
*
* Note! We "cheat". Since we only need the pointer,
* we store that as the data. (That's not really
* "cheating" - the per-frame data and per-conversation
* data code doesn't care what you supply as a data
* pointer; it just treats it as an opaque pointer, it
* doesn't dereference it or free what it points to.)
*/
value = p_get_proto_data(pinfo->fd, proto_gssapi);
if (!value && !pinfo->fd->flags.visited)
{
/* No handle attached to this frame, but it's the first */
/* pass, so it'd be attached to the conversation. */
/* If we have a conversation, try to get the handle, */
/* and if we get one, attach it to the frame. */
if (conversation)
{
value = conversation_get_proto_data(conversation,
proto_gssapi);
if (value)
p_add_proto_data(pinfo->fd, proto_gssapi, value);
}
}
if (!value)
{
proto_tree_add_text(subtree, tvb, offset, 0,
"Unknown header (cls=%d, con=%d, tag=%d)",
cls, con, tag);
return_offset = tvb_length(tvb);
goto done;
}
else
{
tvbuff_t *oid_tvb;
/* Naughty ... no way to reset the offset */
/* Account for the fact we have consumed part of the */
/* ASN.1 and we want to get it back */
hnd.offset = offset;
oid_tvb = tvb_new_subset(tvb, offset, -1, -1);
if (is_verifier)
handle = value->wrap_handle;
else
handle = value->handle;
len = call_dissector(handle, oid_tvb, pinfo, subtree);
if (len == 0)
return_offset = tvb_length(tvb);
else
return_offset = offset + len;
goto done; /* We are finished here */
}
}
offset = hnd.offset;
/* Read oid */
ret = asn1_oid_decode(&hnd, &oid, &oid_len, &nbytes);
if (ret != ASN1_ERR_NOERROR) {
dissect_parse_error(tvb, offset, pinfo, subtree,
"GSS-API token", ret);
return_offset = tvb_length(tvb);
goto done;
}
oid_string = format_oid(oid, oid_len);
/*
* Hand off to subdissector.
*/
if (((value = gssapi_lookup_oid(oid, oid_len)) == NULL) ||
!proto_is_protocol_enabled(value->proto)) {
proto_tree_add_text(subtree, tvb, offset, nbytes,
"OID: %s",
oid_string);
offset += nbytes;
g_free(oid_string);
/* No dissector for this oid */
proto_tree_add_text(subtree, tvb, offset, -1,
"Token object");
return_offset = tvb_length(tvb);
goto done;
}
if (value)
proto_tree_add_text(subtree, tvb, offset, nbytes,
"OID: %s (%s)",
oid_string, value->comment);
else
proto_tree_add_text(subtree, tvb, offset, nbytes, "OID: %s",
oid_string);
offset += nbytes;
g_free(oid_string);
/*
* This is not needed, as the sub-dissector adds a tree
sub_item = proto_tree_add_item(subtree, value->proto, tvb,
offset, -1, FALSE);
oid_subtree = proto_item_add_subtree(sub_item, value->ett);
*/
/*
* Here we should create a conversation if needed and
* save a pointer to the data for that OID for the
* GSSAPI protocol.
*/
if (!conversation) { /* Create one */
conversation = conversation_new(&pinfo->src,
&pinfo->dst,
pinfo->ptype,
pinfo->srcport,
pinfo->destport, 0);
}
/*
* Now add the proto data ...
* but only if it is not already there.
*/
if (!conversation_get_proto_data(conversation,
proto_gssapi)) {
conversation_add_proto_data(conversation,
proto_gssapi, value);
}
if (is_verifier) {
handle = value->wrap_handle;
if (handle != NULL) {
oid_tvb = tvb_new_subset(tvb, offset, -1, -1);
len = call_dissector(handle, oid_tvb, pinfo,
subtree);
if (len == 0)
return_offset = tvb_length(tvb);
else
return_offset = offset + len;
} else {
proto_tree_add_text(subtree, tvb, offset, -1,
"Authentication verifier");
return_offset = tvb_length(tvb);
}
} else {
handle = value->handle;
if (handle != NULL) {
oid_tvb = tvb_new_subset(tvb, offset, -1, -1);
len = call_dissector(handle, oid_tvb, pinfo,
subtree);
if (len == 0)
return_offset = tvb_length(tvb);
else
return_offset = offset + len;
} else {
proto_tree_add_text(subtree, tvb, offset, -1,
"Authentication credentials");
return_offset = tvb_length(tvb);
}
}
done:
asn1_close(&hnd, &offset);
} CATCH(BoundsError) {
RETHROW;
} CATCH(ReportedBoundsError) {
show_reported_bounds_error(tvb, pinfo, tree);
} ENDTRY;
proto_item_set_len(item, return_offset);
return return_offset;
}
static void
dissect_gssapi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
dissect_gssapi_work(tvb, pinfo, tree, FALSE);
}
static int
dissect_gssapi_verf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
return dissect_gssapi_work(tvb, pinfo, tree, TRUE);
}
void
proto_register_gssapi(void)
{
static hf_register_info hf[] = {
{ &hf_gssapi,
{ "GSS-API", "gss-api", FT_NONE, BASE_NONE, NULL, 0x0,
"GSS-API", HFILL }},
};
static gint *ett[] = {
&ett_gssapi,
};
proto_gssapi = proto_register_protocol(
"Generic Security Service Application Program Interface",
"GSS-API", "gss-api");
proto_register_field_array(proto_gssapi, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
register_dissector("gssapi", dissect_gssapi, proto_gssapi);
new_register_dissector("gssapi_verf", dissect_gssapi_verf, proto_gssapi);
gssapi_oids = g_hash_table_new(gssapi_oid_hash, gssapi_oid_equal);
}
static int wrap_dissect_gssapi(tvbuff_t *tvb, int offset,
packet_info *pinfo,
proto_tree *tree, char *drep _U_)
{
tvbuff_t *auth_tvb;
auth_tvb = tvb_new_subset(
tvb, offset, tvb_length_remaining(tvb, offset),
tvb_length_remaining(tvb, offset));
dissect_gssapi(auth_tvb, pinfo, tree);
return tvb_length_remaining(tvb, offset);
}
static int wrap_dissect_gssapi_verf(tvbuff_t *tvb, int offset,
packet_info *pinfo,
proto_tree *tree, char *drep _U_)
{
tvbuff_t *auth_tvb;
auth_tvb = tvb_new_subset(
tvb, offset, tvb_length_remaining(tvb, offset),
tvb_length_remaining(tvb, offset));
return dissect_gssapi_verf(auth_tvb, pinfo, tree);
}
static dcerpc_auth_subdissector_fns gssapi_auth_fns = {
wrap_dissect_gssapi, /* Bind */
wrap_dissect_gssapi, /* Bind ACK */
wrap_dissect_gssapi, /* AUTH3 */
wrap_dissect_gssapi_verf, /* Request verifier */
wrap_dissect_gssapi_verf, /* Response verifier */
NULL, /* Request data */
NULL /* Response data */
};
void
proto_reg_handoff_gssapi(void)
{
data_handle = find_dissector("data");
register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO,
&gssapi_auth_fns);
}
View git blame Copy permalink