osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

From Yaniv Kaul via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5366 : 

Several fixes that make Tight VNC negotiation properly parsed.
It was not parsed correctly previously, for multiple reasons.

svn path=/trunk/; revision=34976
This commit is contained in:
Jeff Morriss 2010-11-19 18:53:40 +00:00
parent 2f0ee70e27
commit 8f642bdb5c
2 changed files with 110 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
AUTHORS
View File

@ -419,6 +419,7 @@ Yaniv Kaul <ykaul[AT]netvision.net.il> {
PCT support
X509 Certificates over HTTP support
VNC heuristic dissection
TightVNC dissection
More tags in the DAAP dissector
}

160
epan/dissectors/packet-vnc.c
View File

@ -67,7 +67,9 @@ typedef enum {
VNC_SECURITY_TYPE_VENCRYPT = 19,
VNC_SECURITY_TYPE_GTK_VNC_SASL = 20,
VNC_SECURITY_TYPE_MD5_HASH_AUTH = 21,
VNC_SECURITY_TYPE_XVP = 22
VNC_SECURITY_TYPE_XVP = 22,
VNC_TIGHT_AUTH_TGHT_ULGNAUTH = 119,
VNC_TIGHT_AUTH_TGHT_XTRNAUTH = 130
} vnc_security_types_e;
static const value_string vnc_security_types_vs[] = {
@ -283,7 +285,6 @@ typedef enum {
VNC_SESSION_STATE_TIGHT_TUNNEL_TYPE_REPLY,
VNC_SESSION_STATE_TIGHT_AUTH_CAPABILITIES,
VNC_SESSION_STATE_TIGHT_AUTH_TYPE_REPLY,
VNC_SESSION_STATE_TIGHT_AUTH_TYPE_AND_VENDOR_CODE,
VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3,
VNC_SESSION_STATE_VNC_AUTHENTICATION_CHALLENGE,
@ -295,7 +296,6 @@ typedef enum {
VNC_SESSION_STATE_SERVER_INIT,
VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS,
VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS_LIST,
VNC_SESSION_STATE_NORMAL_TRAFFIC
} vnc_session_state_e;
@ -310,6 +310,7 @@ typedef struct {
gint num_client_message_types;
gint num_encoding_types;
guint8 security_type_selected;
gboolean tight_enabled;
} vnc_conversation_t;
/* This structure will be tied to each packet */
@ -479,8 +480,7 @@ static int hf_vnc_tight_tunnel_type = -1;
/* Authentication capabilities (TightVNC extension) */
static int hf_vnc_tight_num_auth_types = -1;
static int hf_vnc_tight_auth_type = -1;
static int hf_vnc_tight_auth_code = -1;
/* TightVNC capabilities */
static int hf_vnc_tight_server_message_type = -1;
static int hf_vnc_tight_server_vendor = -1;
@ -602,6 +602,7 @@ static gint ett_vnc_colormap_color_group = -1;
guint8 vnc_bytes_per_pixel;
guint8 vnc_depth;
static dissector_handle_t vnc_handle;
/* Code to dissect the packets */
@ -629,8 +630,9 @@ dissect_vnc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
per_conversation_info->vnc_next_state = VNC_SESSION_STATE_SERVER_VERSION;
per_conversation_info->security_type_selected = VNC_SECURITY_TYPE_INVALID;
conversation_add_proto_data(conversation, proto_vnc,
per_conversation_info->tight_enabled = FALSE;
conversation_add_proto_data(conversation, proto_vnc,
per_conversation_info);
}
@ -692,10 +694,9 @@ process_vendor(proto_tree *tree, gint hfindex, tvbuff_t *tvb, gint offset)
static gint
process_tight_capabilities(proto_tree *tree,
gint type_index, gint vendor_index, gint name_index,
tvbuff_t *tvb, gint offset, gint num_capabilities)
tvbuff_t *tvb, gint offset, const gint num_capabilities)
{
gint i;
/* See vnc_unixsrc/include/rfbproto.h:rfbCapabilityInfo */
for (i = 0; i < num_capabilities; i++) {
@ -760,7 +761,7 @@ vnc_startup_messages(tvbuff_t *tvb, packet_info *pinfo, gint offset,
*per_conversation_info)
{
guint8 num_security_types;
guint32 desktop_name_len, auth_result, text_len;
guint32 desktop_name_len, auth_result, text_len, auth_code;
vnc_packet_t *per_packet_info;
gint num_tunnel_types;
gint num_auth_types;
@ -896,6 +897,7 @@ vnc_startup_messages(tvbuff_t *tvb, packet_info *pinfo, gint offset,
case VNC_SECURITY_TYPE_TIGHT :
per_conversation_info->vnc_next_state =
VNC_SESSION_STATE_TIGHT_TUNNELING_CAPABILITIES;
per_conversation_info->tight_enabled = TRUE;
break;
default :
@ -947,13 +949,62 @@ vnc_startup_messages(tvbuff_t *tvb, packet_info *pinfo, gint offset,
{
int i;
for (i = 0; i < num_auth_types; i++) {
/* See xserver/hw/vnc/auth.c:rfbSendAuthCaps()
* We don't actually display the auth types for now.
*/
proto_tree_add_item(tree, hf_vnc_tight_auth_type, tvb, offset, 16, FALSE);
offset += 16;
guint8 *vendor, *signature;
for (i = 0; i < 1; i++) {
auth_code = tvb_get_ntohl(tvb, offset);
proto_tree_add_item(tree, hf_vnc_tight_auth_code, tvb, offset, 4, FALSE);
offset += 4;
vendor = tvb_get_string(tvb, offset, 4);
process_vendor(tree, hf_vnc_tight_server_vendor, tvb, offset);
offset += 4;
signature = tvb_get_string(tvb, offset, 8);
proto_tree_add_text(tree, tvb, offset, 8, "Signature: %s", signature);
offset += 8;
switch(auth_code) {
case VNC_SECURITY_TYPE_NONE:
if ((g_ascii_strcasecmp(vendor, "STDV") != 0) || (g_ascii_strcasecmp(signature, "NOAUTH__") != 0)) {
/* TODO: create a Expert Info */
proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
}
break;
case VNC_SECURITY_TYPE_VNC:
if ((g_ascii_strcasecmp(vendor, "STDV") != 0) || (g_ascii_strcasecmp(signature, "VNCAUTH_") != 0)) {
/* TODO: create a Expert Info */
proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
}
break;
case VNC_SECURITY_TYPE_VENCRYPT:
if ((g_ascii_strcasecmp(vendor, "VENC") != 0) || (g_ascii_strcasecmp(signature, "VENCRYPT") != 0)) {
/* TODO: create a Expert Info */
proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
}
break;
case VNC_SECURITY_TYPE_GTK_VNC_SASL:
if ((g_ascii_strcasecmp(vendor, "GTKV") != 0) || (g_ascii_strcasecmp(signature, "SASL____") != 0)) {
/* TODO: create a Expert Info */
proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
}
break;
case VNC_TIGHT_AUTH_TGHT_ULGNAUTH:
if ((g_ascii_strcasecmp(vendor, "TGHT") != 0) || (g_ascii_strcasecmp(signature, "ULGNAUTH") != 0)) {
/* TODO: create a Expert Info */
proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
}
break;
case VNC_TIGHT_AUTH_TGHT_XTRNAUTH:
if ((g_ascii_strcasecmp(vendor, "TGHT") != 0) || (g_ascii_strcasecmp(signature, "XTRNAUTH") != 0)) {
/* TODO: create a Expert Info */
proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
}
break;
default:
proto_tree_add_text(tree, tvb, offset, 0, "Unknown TIGHT VNC authentication");
break;
}
g_free(vendor);
g_free(signature);
}
}
@ -964,26 +1015,39 @@ vnc_startup_messages(tvbuff_t *tvb, packet_info *pinfo, gint offset,
break;
case VNC_SESSION_STATE_TIGHT_AUTH_TYPE_REPLY:
REPORT_DISSECTOR_BUG("Unimplemented case: TightVNC authentication reply");
/* FIXME: implement. See xserver/hw/vnc/auth.c:rfbProcessClientAuthType() */
break;
case VNC_SESSION_STATE_TIGHT_AUTH_TYPE_AND_VENDOR_CODE :
col_set_str(pinfo->cinfo, COL_INFO, "Authentication type / vendor code");
proto_tree_add_item(tree, hf_vnc_server_security_type, tvb,
offset, 4, FALSE);
offset += 4;
offset = process_vendor(tree, hf_vnc_vendor_code, tvb, offset);
/* Display authentication method string */
proto_tree_add_item(tree, hf_vnc_security_type_string, tvb,
offset, 8, FALSE);
per_conversation_info->vnc_next_state =
VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
col_set_str(pinfo->cinfo, COL_INFO, "TightVNC authentication type selected by client");
auth_code = tvb_get_ntohl(tvb, offset);
proto_tree_add_item(tree, hf_vnc_tight_auth_code, tvb, offset, 4, FALSE);
switch(auth_code) {
case VNC_SECURITY_TYPE_NONE:
per_conversation_info->security_type_selected = VNC_SECURITY_TYPE_NONE;
per_conversation_info->vnc_next_state = VNC_SESSION_STATE_CLIENT_INIT;
break;
case VNC_SECURITY_TYPE_VNC:
per_conversation_info->security_type_selected = VNC_SECURITY_TYPE_VNC;
per_conversation_info->vnc_next_state = VNC_SESSION_STATE_VNC_AUTHENTICATION_CHALLENGE;
break;
case VNC_SECURITY_TYPE_GTK_VNC_SASL:
per_conversation_info->security_type_selected = VNC_SECURITY_TYPE_GTK_VNC_SASL;
/* TODO: dissection not implemented yet */
per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
break;
case VNC_TIGHT_AUTH_TGHT_ULGNAUTH:
per_conversation_info->security_type_selected = VNC_TIGHT_AUTH_TGHT_ULGNAUTH;
/* TODO: dissection not implemented yet */
per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
break;
case VNC_TIGHT_AUTH_TGHT_XTRNAUTH:
per_conversation_info->security_type_selected = VNC_TIGHT_AUTH_TGHT_XTRNAUTH;
/* TODO: dissection not implemented yet */
per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
break;
default:
proto_tree_add_text(tree, tvb, offset, 0, "Unknown authentication selected");
per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
break;
}
break;
@ -1129,7 +1193,7 @@ vnc_startup_messages(tvbuff_t *tvb, packet_info *pinfo, gint offset,
FALSE);
}
if(per_conversation_info->security_type_selected == VNC_SECURITY_TYPE_TIGHT)
if(per_conversation_info->tight_enabled == TRUE)
per_conversation_info->vnc_next_state =
VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS;
else
@ -1156,12 +1220,7 @@ vnc_startup_messages(tvbuff_t *tvb, packet_info *pinfo, gint offset,
proto_tree_add_item(tree, hf_vnc_padding, tvb, offset, 2,
FALSE);
per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS_LIST;
break;
case VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS_LIST:
col_set_str(pinfo->cinfo, COL_INFO, "TightVNC Interaction Capabilities list");
offset += 2;
offset = process_tight_capabilities(tree,
hf_vnc_tight_server_message_type,
@ -1543,7 +1602,7 @@ vnc_server_framebuffer_update(tvbuff_t *tvb, packet_info *pinfo, gint *offset,
*offset += 2;
for(i = 1; i <= num_rects; i++) {
VNC_BYTES_NEEDED(12);
ti = proto_tree_add_text(tree, tvb, *offset, 12,
@ -1865,7 +1924,6 @@ vnc_hextile_encoding(tvbuff_t *tvb, packet_info *pinfo, gint *offset,
}
}
}
return 0; /* bytes_needed */
}
@ -2435,10 +2493,10 @@ proto_register_vnc(void)
FT_UINT32, BASE_DEC, NULL, 0x0,
"Authentication types specific to TightVNC", HFILL }
},
{ &hf_vnc_tight_auth_type,
{ "Authentication type", "vnc.auth_type",
FT_UINT8, BASE_DEC, NULL, 0x0,
"Authentication type specific to TightVNC", HFILL }
{ &hf_vnc_tight_auth_code,
{ "Authentication code", "vnc.tight_auth_code",
FT_UINT32, BASE_DEC, VALS(vnc_security_types_vs), 0x0,
"Authentication code specific to TightVNC", HFILL }
},
{ &hf_vnc_tight_server_message_type,
{ "Server message type (TightVNC)", "vnc.tight_server_message_type",
@ -2472,7 +2530,7 @@ proto_register_vnc(void)
},
{ &hf_vnc_tight_encoding_type,
{ "Encoding type", "vnc.encoding_type",
FT_INT32, BASE_DEC, NULL, 0x0,
FT_INT32, BASE_DEC, VALS(encoding_types_vs), 0x0,
"Encoding type specific to TightVNC", HFILL }
},
{ &hf_vnc_tight_encoding_vendor,