2013-04-11 18:14:53 +00:00
|
|
|
/* Do not modify this file. Changes will be overwritten. */
|
|
|
|
|
/* Generated automatically by the ASN.1 to Wireshark dissector compiler */
|
2011-09-30 15:21:16 +00:00
|
|
|
/* packet-credssp.c */
|
2016-03-09 03:17:51 +00:00
|
|
|
/* asn2wrs.py -b -C -p credssp -c ./credssp.cnf -s ./packet-credssp-template -D . -O ../.. CredSSP.asn */
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
/* Input file: packet-credssp-template.c */
|
|
|
|
|
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 1 "./asn1/credssp/packet-credssp-template.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
/* packet-credssp.c
|
|
|
|
|
* Routines for CredSSP (Credential Security Support Provider) packet dissection
|
|
|
|
|
* Graeme Lunt 2011
|
|
|
|
|
*
|
|
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
|
*
|
2018-02-12 11:23:27 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
2011-09-30 15:21:16 +00:00
|
|
|
*/
|
|
|
|
|
|
2012-09-20 02:03:38 +00:00
|
|
|
#include "config.h"
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
#include <epan/packet.h>
|
|
|
|
|
#include <epan/asn1.h>
|
2013-06-18 01:13:07 +00:00
|
|
|
#include <epan/tap.h>
|
|
|
|
|
#include <epan/exported_pdu.h>
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
#include "packet-ber.h"
|
2021-05-22 12:27:07 +00:00
|
|
|
#include "packet-dcerpc.h"
|
|
|
|
|
#include "packet-gssapi.h"
|
2021-06-20 19:28:36 +00:00
|
|
|
#include "packet-kerberos.h"
|
|
|
|
|
#include "packet-ntlmssp.h"
|
2011-09-30 15:21:16 +00:00
|
|
|
#include "packet-credssp.h"
|
|
|
|
|
|
|
|
|
|
#define PNAME "Credential Security Support Provider"
|
|
|
|
|
#define PSNAME "CredSSP"
|
|
|
|
|
#define PFNAME "credssp"
|
|
|
|
|
|
|
|
|
|
#define TS_PASSWORD_CREDS 1
|
|
|
|
|
#define TS_SMARTCARD_CREDS 2
|
2021-06-16 13:49:03 +00:00
|
|
|
#define TS_REMOTEGUARD_CREDS 6
|
|
|
|
|
|
2011-09-30 15:21:16 +00:00
|
|
|
static gint creds_type;
|
2021-05-16 18:09:24 +00:00
|
|
|
static gint credssp_ver;
|
2011-09-30 15:21:16 +00:00
|
|
|
|
2021-06-20 19:28:36 +00:00
|
|
|
static char kerberos_pname[] = "K\0e\0r\0b\0e\0r\0o\0s";
|
|
|
|
|
static char ntlm_pname[] = "N\0T\0L\0M";
|
|
|
|
|
|
|
|
|
|
#define TS_RGC_UNKNOWN 0
|
|
|
|
|
#define TS_RGC_KERBEROS 1
|
|
|
|
|
#define TS_RGC_NTLM 2
|
|
|
|
|
|
|
|
|
|
static gint credssp_TS_RGC_package;
|
|
|
|
|
|
2013-06-18 01:13:07 +00:00
|
|
|
static gint exported_pdu_tap = -1;
|
|
|
|
|
|
2011-09-30 15:21:16 +00:00
|
|
|
/* Initialize the protocol and registered fields */
|
|
|
|
|
static int proto_credssp = -1;
|
|
|
|
|
|
|
|
|
|
/* List of dissectors to call for negoToken data */
|
|
|
|
|
static heur_dissector_list_t credssp_heur_subdissector_list;
|
|
|
|
|
|
2021-05-22 12:14:14 +00:00
|
|
|
static dissector_handle_t gssapi_handle;
|
2021-05-22 12:27:07 +00:00
|
|
|
static dissector_handle_t gssapi_wrap_handle;
|
2021-05-22 12:14:14 +00:00
|
|
|
|
2011-09-30 15:21:16 +00:00
|
|
|
static int hf_credssp_TSPasswordCreds = -1; /* TSPasswordCreds */
|
|
|
|
|
static int hf_credssp_TSSmartCardCreds = -1; /* TSSmartCardCreds */
|
2021-06-16 13:49:03 +00:00
|
|
|
static int hf_credssp_TSRemoteGuardCreds = -1;/* TSRemoteGuardCreds */
|
2011-09-30 15:21:16 +00:00
|
|
|
static int hf_credssp_TSCredentials = -1; /* TSCredentials */
|
2021-05-22 12:47:03 +00:00
|
|
|
static int hf_credssp_decr_PublicKeyAuth = -1;/* decr_PublicKeyAuth */
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
/*--- Included file: packet-credssp-hf.c ---*/
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 1 "./asn1/credssp/packet-credssp-hf.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
static int hf_credssp_TSRequest_PDU = -1; /* TSRequest */
|
|
|
|
|
static int hf_credssp_NegoData_item = -1; /* NegoData_item */
|
|
|
|
|
static int hf_credssp_negoToken = -1; /* T_negoToken */
|
|
|
|
|
static int hf_credssp_domainName = -1; /* OCTET_STRING */
|
|
|
|
|
static int hf_credssp_userName = -1; /* OCTET_STRING */
|
|
|
|
|
static int hf_credssp_password = -1; /* OCTET_STRING */
|
|
|
|
|
static int hf_credssp_keySpec = -1; /* INTEGER */
|
|
|
|
|
static int hf_credssp_cardName = -1; /* OCTET_STRING */
|
|
|
|
|
static int hf_credssp_readerName = -1; /* OCTET_STRING */
|
|
|
|
|
static int hf_credssp_containerName = -1; /* OCTET_STRING */
|
|
|
|
|
static int hf_credssp_cspName = -1; /* OCTET_STRING */
|
|
|
|
|
static int hf_credssp_pin = -1; /* OCTET_STRING */
|
|
|
|
|
static int hf_credssp_cspData = -1; /* TSCspDataDetail */
|
|
|
|
|
static int hf_credssp_userHint = -1; /* OCTET_STRING */
|
|
|
|
|
static int hf_credssp_domainHint = -1; /* OCTET_STRING */
|
2021-06-16 13:49:03 +00:00
|
|
|
static int hf_credssp_packageName = -1; /* T_packageName */
|
2021-06-20 19:28:36 +00:00
|
|
|
static int hf_credssp_credBuffer = -1; /* T_credBuffer */
|
2021-06-16 13:49:03 +00:00
|
|
|
static int hf_credssp_logonCred = -1; /* TSRemoteGuardPackageCred */
|
|
|
|
|
static int hf_credssp_supplementalCreds = -1; /* SEQUENCE_OF_TSRemoteGuardPackageCred */
|
|
|
|
|
static int hf_credssp_supplementalCreds_item = -1; /* TSRemoteGuardPackageCred */
|
2011-09-30 15:21:16 +00:00
|
|
|
static int hf_credssp_credType = -1; /* T_credType */
|
|
|
|
|
static int hf_credssp_credentials = -1; /* T_credentials */
|
2021-05-16 18:09:24 +00:00
|
|
|
static int hf_credssp_version = -1; /* T_version */
|
2011-09-30 15:21:16 +00:00
|
|
|
static int hf_credssp_negoTokens = -1; /* NegoData */
|
|
|
|
|
static int hf_credssp_authInfo = -1; /* T_authInfo */
|
2021-05-22 12:47:03 +00:00
|
|
|
static int hf_credssp_pubKeyAuth = -1; /* T_pubKeyAuth */
|
2021-05-16 18:09:24 +00:00
|
|
|
static int hf_credssp_errorCode = -1; /* T_errorCode */
|
|
|
|
|
static int hf_credssp_clientNonce = -1; /* T_clientNonce */
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
/*--- End of included file: packet-credssp-hf.c ---*/
|
2021-06-20 19:28:36 +00:00
|
|
|
#line 63 "./asn1/credssp/packet-credssp-template.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
/* Initialize the subtree pointers */
|
|
|
|
|
static gint ett_credssp = -1;
|
2021-06-20 19:28:36 +00:00
|
|
|
static gint ett_credssp_RGC_CredBuffer = -1;
|
|
|
|
|
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
/*--- Included file: packet-credssp-ett.c ---*/
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 1 "./asn1/credssp/packet-credssp-ett.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
static gint ett_credssp_NegoData = -1;
|
|
|
|
|
static gint ett_credssp_NegoData_item = -1;
|
|
|
|
|
static gint ett_credssp_TSPasswordCreds = -1;
|
|
|
|
|
static gint ett_credssp_TSCspDataDetail = -1;
|
|
|
|
|
static gint ett_credssp_TSSmartCardCreds = -1;
|
2021-06-16 13:49:03 +00:00
|
|
|
static gint ett_credssp_TSRemoteGuardPackageCred = -1;
|
|
|
|
|
static gint ett_credssp_TSRemoteGuardCreds = -1;
|
|
|
|
|
static gint ett_credssp_SEQUENCE_OF_TSRemoteGuardPackageCred = -1;
|
2011-09-30 15:21:16 +00:00
|
|
|
static gint ett_credssp_TSCredentials = -1;
|
|
|
|
|
static gint ett_credssp_TSRequest = -1;
|
|
|
|
|
|
|
|
|
|
/*--- End of included file: packet-credssp-ett.c ---*/
|
2021-06-20 19:28:36 +00:00
|
|
|
#line 69 "./asn1/credssp/packet-credssp-template.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/*--- Included file: packet-credssp-fn.c ---*/
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 1 "./asn1/credssp/packet-credssp-fn.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_T_negoToken(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
2021-06-16 13:49:03 +00:00
|
|
|
#line 81 "./asn1/credssp/credssp.cnf"
|
2011-09-30 15:21:16 +00:00
|
|
|
tvbuff_t *token_tvb = NULL;
|
|
|
|
|
|
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
|
&token_tvb);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if(token_tvb != NULL)
|
2021-05-22 12:14:14 +00:00
|
|
|
call_dissector(gssapi_handle, token_tvb, actx->pinfo, tree);
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2021-06-17 07:14:55 +00:00
|
|
|
|
2011-09-30 15:21:16 +00:00
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t NegoData_item_sequence[] = {
|
|
|
|
|
{ &hf_credssp_negoToken , BER_CLASS_CON, 0, 0, dissect_credssp_T_negoToken },
|
|
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_NegoData_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
|
NegoData_item_sequence, hf_index, ett_credssp_NegoData_item);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t NegoData_sequence_of[1] = {
|
|
|
|
|
{ &hf_credssp_NegoData_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_credssp_NegoData_item },
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_NegoData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
|
NegoData_sequence_of, hf_index, ett_credssp_NegoData);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t TSPasswordCreds_sequence[] = {
|
|
|
|
|
{ &hf_credssp_domainName , BER_CLASS_CON, 0, 0, dissect_credssp_OCTET_STRING },
|
|
|
|
|
{ &hf_credssp_userName , BER_CLASS_CON, 1, 0, dissect_credssp_OCTET_STRING },
|
|
|
|
|
{ &hf_credssp_password , BER_CLASS_CON, 2, 0, dissect_credssp_OCTET_STRING },
|
|
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_TSPasswordCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
|
TSPasswordCreds_sequence, hf_index, ett_credssp_TSPasswordCreds);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t TSCspDataDetail_sequence[] = {
|
|
|
|
|
{ &hf_credssp_keySpec , BER_CLASS_CON, 0, 0, dissect_credssp_INTEGER },
|
|
|
|
|
{ &hf_credssp_cardName , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_credssp_OCTET_STRING },
|
|
|
|
|
{ &hf_credssp_readerName , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_credssp_OCTET_STRING },
|
|
|
|
|
{ &hf_credssp_containerName, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_credssp_OCTET_STRING },
|
|
|
|
|
{ &hf_credssp_cspName , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_credssp_OCTET_STRING },
|
|
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_TSCspDataDetail(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
|
TSCspDataDetail_sequence, hf_index, ett_credssp_TSCspDataDetail);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t TSSmartCardCreds_sequence[] = {
|
|
|
|
|
{ &hf_credssp_pin , BER_CLASS_CON, 0, 0, dissect_credssp_OCTET_STRING },
|
|
|
|
|
{ &hf_credssp_cspData , BER_CLASS_CON, 1, 0, dissect_credssp_TSCspDataDetail },
|
|
|
|
|
{ &hf_credssp_userHint , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_credssp_OCTET_STRING },
|
|
|
|
|
{ &hf_credssp_domainHint , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_credssp_OCTET_STRING },
|
|
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_TSSmartCardCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
|
TSSmartCardCreds_sequence, hf_index, ett_credssp_TSSmartCardCreds);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2021-06-16 13:49:03 +00:00
|
|
|
static int
|
|
|
|
|
dissect_credssp_T_packageName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
2021-06-17 07:14:55 +00:00
|
|
|
#line 93 "./asn1/credssp/credssp.cnf"
|
2021-06-16 13:49:03 +00:00
|
|
|
tvbuff_t *pname = NULL;
|
|
|
|
|
|
2021-06-17 07:14:55 +00:00
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, NULL, tvb, offset, hf_index, &pname);
|
2021-06-16 13:49:03 +00:00
|
|
|
|
2021-06-20 19:28:36 +00:00
|
|
|
if(pname != NULL) {
|
|
|
|
|
gint nlen = tvb_captured_length(pname);
|
|
|
|
|
|
|
|
|
|
if (nlen == sizeof(kerberos_pname) && memcmp(tvb_get_ptr(pname, 0, nlen), kerberos_pname, nlen) == 0) {
|
|
|
|
|
credssp_TS_RGC_package = TS_RGC_KERBEROS;
|
|
|
|
|
} else if (nlen == sizeof(ntlm_pname) && memcmp(tvb_get_ptr(pname, 0, nlen), ntlm_pname, nlen) == 0) {
|
|
|
|
|
credssp_TS_RGC_package = TS_RGC_NTLM;
|
|
|
|
|
}
|
2021-06-17 07:14:55 +00:00
|
|
|
proto_tree_add_item(tree, hf_index, pname, 0, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN);
|
2021-06-20 19:28:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_T_credBuffer(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
#line 109 "./asn1/credssp/credssp.cnf"
|
|
|
|
|
tvbuff_t *creds= NULL;
|
|
|
|
|
proto_tree *subtree;
|
|
|
|
|
|
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
|
&creds);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (!creds)
|
|
|
|
|
return offset;
|
|
|
|
|
|
|
|
|
|
switch(credssp_TS_RGC_package) {
|
|
|
|
|
case TS_RGC_KERBEROS:
|
|
|
|
|
subtree = proto_item_add_subtree(actx->created_item, ett_credssp_RGC_CredBuffer);
|
|
|
|
|
dissect_kerberos_KERB_TICKET_LOGON(creds, 0, actx, subtree);
|
|
|
|
|
break;
|
|
|
|
|
case TS_RGC_NTLM:
|
|
|
|
|
subtree = proto_item_add_subtree(actx->created_item, ett_credssp_RGC_CredBuffer);
|
|
|
|
|
dissect_ntlmssp_NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL(creds, 0, subtree);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-16 13:49:03 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t TSRemoteGuardPackageCred_sequence[] = {
|
|
|
|
|
{ &hf_credssp_packageName , BER_CLASS_CON, 0, 0, dissect_credssp_T_packageName },
|
2021-06-20 19:28:36 +00:00
|
|
|
{ &hf_credssp_credBuffer , BER_CLASS_CON, 1, 0, dissect_credssp_T_credBuffer },
|
2021-06-16 13:49:03 +00:00
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_TSRemoteGuardPackageCred(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
|
TSRemoteGuardPackageCred_sequence, hf_index, ett_credssp_TSRemoteGuardPackageCred);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t SEQUENCE_OF_TSRemoteGuardPackageCred_sequence_of[1] = {
|
|
|
|
|
{ &hf_credssp_supplementalCreds_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_credssp_TSRemoteGuardPackageCred },
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_SEQUENCE_OF_TSRemoteGuardPackageCred(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
|
SEQUENCE_OF_TSRemoteGuardPackageCred_sequence_of, hf_index, ett_credssp_SEQUENCE_OF_TSRemoteGuardPackageCred);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t TSRemoteGuardCreds_sequence[] = {
|
|
|
|
|
{ &hf_credssp_logonCred , BER_CLASS_CON, 0, 0, dissect_credssp_TSRemoteGuardPackageCred },
|
|
|
|
|
{ &hf_credssp_supplementalCreds, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_credssp_SEQUENCE_OF_TSRemoteGuardPackageCred },
|
|
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_TSRemoteGuardCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
|
TSRemoteGuardCreds_sequence, hf_index, ett_credssp_TSRemoteGuardCreds);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2011-09-30 15:21:16 +00:00
|
|
|
static int
|
|
|
|
|
dissect_credssp_T_credType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
|
&creds_type);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_T_credentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
2021-05-22 12:47:03 +00:00
|
|
|
#line 61 "./asn1/credssp/credssp.cnf"
|
2011-09-30 15:21:16 +00:00
|
|
|
tvbuff_t *creds_tvb = NULL;
|
|
|
|
|
|
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
|
&creds_tvb);
|
|
|
|
|
|
|
|
|
|
|
2021-05-22 12:27:07 +00:00
|
|
|
switch(creds_type) {
|
|
|
|
|
case TS_PASSWORD_CREDS:
|
|
|
|
|
dissect_credssp_TSPasswordCreds(FALSE, creds_tvb, 0, actx, tree, hf_credssp_TSPasswordCreds);
|
|
|
|
|
break;
|
|
|
|
|
case TS_SMARTCARD_CREDS:
|
|
|
|
|
dissect_credssp_TSSmartCardCreds(FALSE, creds_tvb, 0, actx, tree, hf_credssp_TSSmartCardCreds);
|
|
|
|
|
break;
|
2021-06-16 13:49:03 +00:00
|
|
|
case TS_REMOTEGUARD_CREDS:
|
|
|
|
|
dissect_credssp_TSRemoteGuardCreds(FALSE, creds_tvb, 0, actx, tree, hf_credssp_TSRemoteGuardCreds);
|
|
|
|
|
break;
|
2011-09-30 15:21:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t TSCredentials_sequence[] = {
|
|
|
|
|
{ &hf_credssp_credType , BER_CLASS_CON, 0, 0, dissect_credssp_T_credType },
|
|
|
|
|
{ &hf_credssp_credentials , BER_CLASS_CON, 1, 0, dissect_credssp_T_credentials },
|
|
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_TSCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
|
TSCredentials_sequence, hf_index, ett_credssp_TSCredentials);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2021-05-16 18:09:24 +00:00
|
|
|
static int
|
|
|
|
|
dissect_credssp_T_version(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
|
&credssp_ver);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2011-09-30 15:21:16 +00:00
|
|
|
static int
|
|
|
|
|
dissect_credssp_T_authInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
2021-05-22 12:27:07 +00:00
|
|
|
#line 10 "./asn1/credssp/credssp.cnf"
|
2011-09-30 15:21:16 +00:00
|
|
|
tvbuff_t *auth_tvb = NULL;
|
|
|
|
|
tvbuff_t *decr_tvb = NULL;
|
2021-05-22 12:27:07 +00:00
|
|
|
gssapi_encrypt_info_t gssapi_encrypt;
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
|
&auth_tvb);
|
|
|
|
|
|
|
|
|
|
|
2021-05-22 12:27:07 +00:00
|
|
|
memset(&gssapi_encrypt, 0, sizeof(gssapi_encrypt));
|
|
|
|
|
gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
|
|
|
|
|
call_dissector_with_data(gssapi_wrap_handle, auth_tvb, actx->pinfo, tree, &gssapi_encrypt);
|
|
|
|
|
decr_tvb = gssapi_encrypt.gssapi_decrypted_tvb;
|
|
|
|
|
|
2011-09-30 15:21:16 +00:00
|
|
|
if(decr_tvb != NULL)
|
2021-05-22 12:27:07 +00:00
|
|
|
dissect_credssp_TSCredentials(FALSE, decr_tvb, 0, actx, tree, hf_credssp_TSCredentials);
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2021-05-22 12:47:03 +00:00
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_T_pubKeyAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
#line 25 "./asn1/credssp/credssp.cnf"
|
|
|
|
|
tvbuff_t *auth_tvb = NULL;
|
|
|
|
|
tvbuff_t *decr_tvb = NULL;
|
|
|
|
|
gssapi_encrypt_info_t gssapi_encrypt;
|
|
|
|
|
|
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
|
&auth_tvb);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
memset(&gssapi_encrypt, 0, sizeof(gssapi_encrypt));
|
|
|
|
|
gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
|
|
|
|
|
call_dissector_with_data(gssapi_wrap_handle, auth_tvb, actx->pinfo, tree, &gssapi_encrypt);
|
|
|
|
|
decr_tvb = gssapi_encrypt.gssapi_decrypted_tvb;
|
|
|
|
|
|
|
|
|
|
if(decr_tvb != NULL)
|
|
|
|
|
proto_tree_add_item(tree, hf_credssp_decr_PublicKeyAuth, decr_tvb, 0, -1, ENC_NA);
|
|
|
|
|
|
|
|
|
|
|
2011-09-30 15:21:16 +00:00
|
|
|
|
2021-05-16 18:09:24 +00:00
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_T_errorCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
2021-05-22 12:47:03 +00:00
|
|
|
#line 40 "./asn1/credssp/credssp.cnf"
|
2021-05-16 18:09:24 +00:00
|
|
|
|
|
|
|
|
if (credssp_ver < 3) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_T_clientNonce(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
2021-05-22 12:47:03 +00:00
|
|
|
#line 49 "./asn1/credssp/credssp.cnf"
|
2021-05-16 18:09:24 +00:00
|
|
|
|
|
|
|
|
if (credssp_ver < 5) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2011-09-30 15:21:16 +00:00
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static const ber_sequence_t TSRequest_sequence[] = {
|
2021-05-16 18:09:24 +00:00
|
|
|
{ &hf_credssp_version , BER_CLASS_CON, 0, 0, dissect_credssp_T_version },
|
2011-09-30 15:21:16 +00:00
|
|
|
{ &hf_credssp_negoTokens , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_credssp_NegoData },
|
|
|
|
|
{ &hf_credssp_authInfo , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_credssp_T_authInfo },
|
2021-05-22 12:47:03 +00:00
|
|
|
{ &hf_credssp_pubKeyAuth , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_credssp_T_pubKeyAuth },
|
2021-05-16 18:09:24 +00:00
|
|
|
{ &hf_credssp_errorCode , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_credssp_T_errorCode },
|
|
|
|
|
{ &hf_credssp_clientNonce , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_credssp_T_clientNonce },
|
2011-09-30 15:21:16 +00:00
|
|
|
{ NULL, 0, 0, 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_credssp_TSRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
|
|
|
|
TSRequest_sequence, hf_index, ett_credssp_TSRequest);
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*--- PDUs ---*/
|
|
|
|
|
|
2014-10-06 13:31:47 +00:00
|
|
|
static int dissect_TSRequest_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
|
|
|
|
|
int offset = 0;
|
2011-09-30 15:21:16 +00:00
|
|
|
asn1_ctx_t asn1_ctx;
|
|
|
|
|
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
|
2014-10-06 13:31:47 +00:00
|
|
|
offset = dissect_credssp_TSRequest(FALSE, tvb, offset, &asn1_ctx, tree, hf_credssp_TSRequest_PDU);
|
|
|
|
|
return offset;
|
2011-09-30 15:21:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*--- End of included file: packet-credssp-fn.c ---*/
|
2021-06-20 19:28:36 +00:00
|
|
|
#line 71 "./asn1/credssp/packet-credssp-template.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Dissect CredSSP PDUs
|
|
|
|
|
*/
|
2014-10-06 13:31:47 +00:00
|
|
|
static int
|
|
|
|
|
dissect_credssp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void *data)
|
2011-09-30 15:21:16 +00:00
|
|
|
{
|
|
|
|
|
proto_item *item=NULL;
|
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
|
item = proto_tree_add_item(parent_tree, proto_credssp, tvb, 0, -1, ENC_NA);
|
|
|
|
|
tree = proto_item_add_subtree(item, ett_credssp);
|
|
|
|
|
}
|
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "CredSSP");
|
|
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
|
|
|
|
|
|
|
|
|
creds_type = -1;
|
2021-05-16 18:09:24 +00:00
|
|
|
credssp_ver = -1;
|
|
|
|
|
|
2014-10-06 13:31:47 +00:00
|
|
|
return dissect_TSRequest_PDU(tvb, pinfo, tree, data);
|
2011-09-30 15:21:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static gboolean
|
2012-09-10 21:40:21 +00:00
|
|
|
dissect_credssp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void *data _U_)
|
2011-09-30 15:21:16 +00:00
|
|
|
{
|
|
|
|
|
asn1_ctx_t asn1_ctx;
|
|
|
|
|
int offset = 0;
|
2013-03-03 21:22:25 +00:00
|
|
|
gint8 ber_class;
|
2011-09-30 15:21:16 +00:00
|
|
|
gboolean pc;
|
|
|
|
|
gint32 tag;
|
|
|
|
|
guint32 length;
|
2014-08-10 04:24:09 +00:00
|
|
|
gint8 ver;
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
|
|
|
|
|
|
2014-02-26 19:29:17 +00:00
|
|
|
/* Look for SEQUENCE, CONTEXT 0, and INTEGER 2 */
|
2014-06-19 19:55:27 +00:00
|
|
|
if(tvb_captured_length(tvb) > 7) {
|
2014-02-26 19:29:17 +00:00
|
|
|
offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
|
2013-03-03 21:22:25 +00:00
|
|
|
if((ber_class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_SEQUENCE) && (pc == TRUE)) {
|
2011-09-30 15:21:16 +00:00
|
|
|
offset = get_ber_length(tvb, offset, NULL, NULL);
|
2014-02-26 19:29:17 +00:00
|
|
|
offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
|
2013-03-03 21:22:25 +00:00
|
|
|
if((ber_class == BER_CLASS_CON) && (tag == 0)) {
|
2013-06-18 01:13:07 +00:00
|
|
|
offset = get_ber_length(tvb, offset, NULL, NULL);
|
2014-02-26 19:29:17 +00:00
|
|
|
offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
|
2013-06-18 01:13:07 +00:00
|
|
|
if((ber_class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_INTEGER)) {
|
|
|
|
|
offset = get_ber_length(tvb, offset, &length, NULL);
|
2014-08-10 04:24:09 +00:00
|
|
|
ver = tvb_get_guint8(tvb, offset);
|
2021-05-16 18:11:46 +00:00
|
|
|
if((length == 1) && (ver > 1) && (ver < 99)) {
|
2013-06-18 01:13:07 +00:00
|
|
|
if (have_tap_listener(exported_pdu_tap)) {
|
Dissector names are not protocol names.
A given protocol's packet format may depend, for example, on which
lower-level protocol is transporting the protocol in question. For
example, protocols that run atop both byte-stream protocols such as TCP
and TLS, and packet-oriented protocols such as UDP or DTLS, might begin
the packet with a length when running atop a byte-stream protocol, to
indicate where this packet ends and the next packet begins in the byte
stream, but not do so when running atop a packet-oriented protocol.
Dissectors can handle this in various ways:
For example, the dissector could attempt to determine the protocol over
which the packet was transported.
Unfortunately, many of those mechanisms do so by fetching data from the
packet_info structure, and many items in that structure act as global
variables, so that, for example, if there are two two PDUs for protocol
A inside a TCP segment, and the first protocol for PDU A contains a PDU
for protocol B, and protocol B's dissector, or a dissector it calls,
modifies the information in the packet_info structure so that it no
longer indicates that the parent protocol is TCP, the second PDU for
protocol A might not be correctly dissected.
Another such mechanism is to query the previous element in the layers
structure of the packet_info structure, which is a list of protocol IDs.
Unfortunately, that is not a list of earlier protocols in the protocol
stack, it's a list of earlier protocols in the dissection, which means
that, in the above example, when the second PDU for protocol A is
dissected, the list is {...,TCP,A,B,...,A}, which means that the
previous element in the list is not TCP, so, again, the second PDU for
protocol A will not be correctly dissected.
An alternative is to have multiple dissectors for the same protocol,
with the part of the protocol that's independent of the protocol
transporting the PDU being dissected by common code. Protocol B might
have an "over a byte-stream transport" dissector and an "over a packet
transport" dissector, with the first dissector being registered for use
over TCP and TLS and the other dissector being registered for use over
packet protocols. This mechanism, unlike the other mechanisms, is not
dependent on information in the packet_info structure that might be
affected by dissectors other than the one for the protocol that
transports protocol B.
Furthermore, in a LINKTYPE_WIRESHARK_UPPER_PDU pcap or pcapng packet for
protocol B, there might not be any information to indicate the protocol
that transports protocol B, so there would have to be separate
dissectors for protocol B, with separate names, so that a tag giving the
protocol name would differ for B-over-byte-stream and B-over-packets.
So:
We rename EXP_PDU_TAG_PROTO_NAME and EXP_PDU_TAG_HEUR_PROTO_NAME to
EXP_PDU_TAG_DISSECTOR_NAME and EXP_PDU_TAG_HEUR_DISSECTOR_NAME, to
emphasize that they are *not* protocol names, they are dissector names
(which has always been the case - if there's a protocol with that name,
but no dissector with that name, Wireshark will not be able to handle
the packet, as it will try to look up a dissector given that name and
fail).
We fix that exported PDU dissector to refer to those tags as dissector
names, not protocol names.
We update documentation to refer to them as DISSECTOR_NAME tags, not
PROTO_NAME tags. (If there is any documentation for this outside the
Wireshark source, it should be updated as well.)
We add comments for calls to dissector_handle_get_dissector_name() where
the dissector name is shown to the user, to indicate that it might be
that the protocol name should be used.
We update the TLS and DTLS dissectors to show the encapsulated protocol
as the string returned by dissector_handle_get_long_name(); as the
default is "Application Data", it appeaers that a descriptive name,
rather than a short API name, should be used. (We continue to use the
dissector name in debugging messages, to indicate which dissector was
called.)
2022-09-11 05:37:11 +00:00
|
|
|
exp_pdu_data_t *exp_pdu_data = export_pdu_create_common_tags(pinfo, "credssp", EXP_PDU_TAG_DISSECTOR_NAME);
|
2013-06-18 01:13:07 +00:00
|
|
|
|
2014-03-18 22:01:22 +00:00
|
|
|
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
|
|
|
|
|
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);
|
2013-06-18 01:13:07 +00:00
|
|
|
exp_pdu_data->pdu_tvb = tvb;
|
|
|
|
|
|
|
|
|
|
tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data);
|
|
|
|
|
}
|
2014-10-06 13:31:47 +00:00
|
|
|
dissect_credssp(tvb, pinfo, parent_tree, NULL);
|
2013-06-18 01:13:07 +00:00
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
}
|
2011-09-30 15:21:16 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*--- proto_register_credssp -------------------------------------------*/
|
|
|
|
|
void proto_register_credssp(void) {
|
|
|
|
|
|
|
|
|
|
/* List of fields */
|
|
|
|
|
static hf_register_info hf[] =
|
|
|
|
|
{
|
|
|
|
|
{ &hf_credssp_TSPasswordCreds,
|
|
|
|
|
{ "TSPasswordCreds", "credssp.TSPasswordCreds",
|
|
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
{ &hf_credssp_TSSmartCardCreds,
|
|
|
|
|
{ "TSSmartCardCreds", "credssp.TSSmartCardCreds",
|
|
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
2021-06-16 13:49:03 +00:00
|
|
|
{ &hf_credssp_TSRemoteGuardCreds,
|
|
|
|
|
{ "TSRemoteGuardCreds", "credssp.TSRemoteGuardCreds",
|
|
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
2011-09-30 15:21:16 +00:00
|
|
|
{ &hf_credssp_TSCredentials,
|
|
|
|
|
{ "TSCredentials", "credssp.TSCredentials",
|
|
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
2021-05-22 12:47:03 +00:00
|
|
|
{ &hf_credssp_decr_PublicKeyAuth,
|
|
|
|
|
{ "Decrypted PublicKeyAuth (sha256)", "credssp.decr_PublicKeyAuth",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
/*--- Included file: packet-credssp-hfarr.c ---*/
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 1 "./asn1/credssp/packet-credssp-hfarr.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
{ &hf_credssp_TSRequest_PDU,
|
2013-05-27 20:26:49 +00:00
|
|
|
{ "TSRequest", "credssp.TSRequest_element",
|
2011-09-30 15:21:16 +00:00
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
{ &hf_credssp_NegoData_item,
|
2013-05-27 20:26:49 +00:00
|
|
|
{ "NegoData item", "credssp.NegoData_item_element",
|
2011-09-30 15:21:16 +00:00
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
{ &hf_credssp_negoToken,
|
|
|
|
|
{ "negoToken", "credssp.negoToken",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
{ &hf_credssp_domainName,
|
|
|
|
|
{ "domainName", "credssp.domainName",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
|
{ &hf_credssp_userName,
|
|
|
|
|
{ "userName", "credssp.userName",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
|
{ &hf_credssp_password,
|
|
|
|
|
{ "password", "credssp.password",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
|
{ &hf_credssp_keySpec,
|
|
|
|
|
{ "keySpec", "credssp.keySpec",
|
|
|
|
|
FT_INT32, BASE_DEC, NULL, 0,
|
|
|
|
|
"INTEGER", HFILL }},
|
|
|
|
|
{ &hf_credssp_cardName,
|
|
|
|
|
{ "cardName", "credssp.cardName",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
|
{ &hf_credssp_readerName,
|
|
|
|
|
{ "readerName", "credssp.readerName",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
|
{ &hf_credssp_containerName,
|
|
|
|
|
{ "containerName", "credssp.containerName",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
|
{ &hf_credssp_cspName,
|
|
|
|
|
{ "cspName", "credssp.cspName",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
|
{ &hf_credssp_pin,
|
|
|
|
|
{ "pin", "credssp.pin",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
|
{ &hf_credssp_cspData,
|
2013-05-27 20:26:49 +00:00
|
|
|
{ "cspData", "credssp.cspData_element",
|
2011-09-30 15:21:16 +00:00
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
|
"TSCspDataDetail", HFILL }},
|
|
|
|
|
{ &hf_credssp_userHint,
|
|
|
|
|
{ "userHint", "credssp.userHint",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
"OCTET_STRING", HFILL }},
|
|
|
|
|
{ &hf_credssp_domainHint,
|
|
|
|
|
{ "domainHint", "credssp.domainHint",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
"OCTET_STRING", HFILL }},
|
2021-06-16 13:49:03 +00:00
|
|
|
{ &hf_credssp_packageName,
|
|
|
|
|
{ "packageName", "credssp.packageName",
|
2021-11-30 02:53:49 +00:00
|
|
|
FT_STRING, BASE_NONE, NULL, 0,
|
2021-06-16 13:49:03 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
{ &hf_credssp_credBuffer,
|
|
|
|
|
{ "credBuffer", "credssp.credBuffer",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
2021-06-20 19:28:36 +00:00
|
|
|
NULL, HFILL }},
|
2021-06-16 13:49:03 +00:00
|
|
|
{ &hf_credssp_logonCred,
|
|
|
|
|
{ "logonCred", "credssp.logonCred_element",
|
|
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
|
"TSRemoteGuardPackageCred", HFILL }},
|
|
|
|
|
{ &hf_credssp_supplementalCreds,
|
|
|
|
|
{ "supplementalCreds", "credssp.supplementalCreds",
|
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0,
|
|
|
|
|
"SEQUENCE_OF_TSRemoteGuardPackageCred", HFILL }},
|
|
|
|
|
{ &hf_credssp_supplementalCreds_item,
|
|
|
|
|
{ "TSRemoteGuardPackageCred", "credssp.TSRemoteGuardPackageCred_element",
|
|
|
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
2011-09-30 15:21:16 +00:00
|
|
|
{ &hf_credssp_credType,
|
|
|
|
|
{ "credType", "credssp.credType",
|
|
|
|
|
FT_INT32, BASE_DEC, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
{ &hf_credssp_credentials,
|
|
|
|
|
{ "credentials", "credssp.credentials",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
{ &hf_credssp_version,
|
|
|
|
|
{ "version", "credssp.version",
|
|
|
|
|
FT_INT32, BASE_DEC, NULL, 0,
|
2021-05-16 18:09:24 +00:00
|
|
|
NULL, HFILL }},
|
2011-09-30 15:21:16 +00:00
|
|
|
{ &hf_credssp_negoTokens,
|
|
|
|
|
{ "negoTokens", "credssp.negoTokens",
|
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0,
|
|
|
|
|
"NegoData", HFILL }},
|
|
|
|
|
{ &hf_credssp_authInfo,
|
|
|
|
|
{ "authInfo", "credssp.authInfo",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
{ &hf_credssp_pubKeyAuth,
|
|
|
|
|
{ "pubKeyAuth", "credssp.pubKeyAuth",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
2021-05-22 12:47:03 +00:00
|
|
|
NULL, HFILL }},
|
2021-05-16 18:09:24 +00:00
|
|
|
{ &hf_credssp_errorCode,
|
|
|
|
|
{ "errorCode", "credssp.errorCode",
|
|
|
|
|
FT_INT32, BASE_DEC, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
{ &hf_credssp_clientNonce,
|
|
|
|
|
{ "clientNonce", "credssp.clientNonce",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }},
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
/*--- End of included file: packet-credssp-hfarr.c ---*/
|
2021-06-20 19:28:36 +00:00
|
|
|
#line 167 "./asn1/credssp/packet-credssp-template.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* List of subtrees */
|
|
|
|
|
static gint *ett[] = {
|
|
|
|
|
&ett_credssp,
|
2021-06-20 19:28:36 +00:00
|
|
|
&ett_credssp_RGC_CredBuffer,
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
/*--- Included file: packet-credssp-ettarr.c ---*/
|
2016-03-09 03:17:51 +00:00
|
|
|
#line 1 "./asn1/credssp/packet-credssp-ettarr.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
&ett_credssp_NegoData,
|
|
|
|
|
&ett_credssp_NegoData_item,
|
|
|
|
|
&ett_credssp_TSPasswordCreds,
|
|
|
|
|
&ett_credssp_TSCspDataDetail,
|
|
|
|
|
&ett_credssp_TSSmartCardCreds,
|
2021-06-16 13:49:03 +00:00
|
|
|
&ett_credssp_TSRemoteGuardPackageCred,
|
|
|
|
|
&ett_credssp_TSRemoteGuardCreds,
|
|
|
|
|
&ett_credssp_SEQUENCE_OF_TSRemoteGuardPackageCred,
|
2011-09-30 15:21:16 +00:00
|
|
|
&ett_credssp_TSCredentials,
|
|
|
|
|
&ett_credssp_TSRequest,
|
|
|
|
|
|
|
|
|
|
/*--- End of included file: packet-credssp-ettarr.c ---*/
|
2021-06-20 19:28:36 +00:00
|
|
|
#line 174 "./asn1/credssp/packet-credssp-template.c"
|
2011-09-30 15:21:16 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Register protocol */
|
|
|
|
|
proto_credssp = proto_register_protocol(PNAME, PSNAME, PFNAME);
|
2015-12-09 02:06:20 +00:00
|
|
|
register_dissector("credssp", dissect_credssp, proto_credssp);
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
/* Register fields and subtrees */
|
|
|
|
|
proto_register_field_array(proto_credssp, hf, array_length(hf));
|
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
|
|
|
|
|
|
|
|
/* heuristic dissectors for any premable e.g. CredSSP before RDP */
|
2016-03-13 11:51:45 +00:00
|
|
|
credssp_heur_subdissector_list = register_heur_dissector_list("credssp", proto_credssp);
|
2011-09-30 15:21:16 +00:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*--- proto_reg_handoff_credssp --- */
|
|
|
|
|
void proto_reg_handoff_credssp(void) {
|
|
|
|
|
|
2021-05-22 12:14:14 +00:00
|
|
|
gssapi_handle = find_dissector_add_dependency("gssapi", proto_credssp);
|
2021-05-22 12:27:07 +00:00
|
|
|
gssapi_wrap_handle = find_dissector_add_dependency("gssapi_verf", proto_credssp);
|
2021-05-22 12:14:14 +00:00
|
|
|
|
2018-09-13 15:40:27 +00:00
|
|
|
heur_dissector_add("tls", dissect_credssp_heur, "CredSSP over TLS", "credssp_tls", proto_credssp, HEURISTIC_ENABLE);
|
2021-05-29 17:35:56 +00:00
|
|
|
heur_dissector_add("rdp", dissect_credssp_heur, "CredSSP in TPKT", "credssp_tpkt", proto_credssp, HEURISTIC_ENABLE);
|
2013-06-18 01:13:07 +00:00
|
|
|
exported_pdu_tap = find_tap_id(EXPORT_PDU_TAP_NAME_LAYER_7);
|
2011-09-30 15:21:16 +00:00
|
|
|
}
|
|
|
|
|
|