pop3: add credentials to tap.

Change-Id: I0779a4c11451ee63be8d10ee78a7f920f519f77a Reviewed-on: https://code.wireshark.org/review/33799 Reviewed-by: Pascal Quantin <pascal@wireshark.org> Petri-Dish: Pascal Quantin <pascal@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Dario Lombardo <lomato@gmail.com>
2019-06-28 23:33:06 +02:00 · 2019-06-28 23:33:06 +02:00 · dfb147269f
parent aec8480760
commit dfb147269f
1 changed files with 77 additions and 36 deletions
--- a/epan/dissectors/packet-pop.c
+++ b/epan/dissectors/packet-pop.c
@ -27,6 +27,9 @@
 #include <wsutil/str_util.h>
 #include <wsutil/strtoi.h>

+#include <ui/tap-credentials.h>
+#include <tap.h>
+
 #include "packet-tls.h"
 #include "packet-tls-utils.h"

@ -35,6 +38,8 @@ void proto_reg_handoff_pop(void);

 static int proto_pop = -1;

+static int credentials_tap = -1;
+
 static int hf_pop_response = -1;
 static int hf_pop_response_indicator = -1;
 static int hf_pop_response_description = -1;
@ -109,9 +114,15 @@ struct pop_data_val {
  guint32 msg_read_len;  /* Length of RETR message read so far */
  guint32 msg_tot_len;   /* Total length of RETR message */
  gboolean stls_request;  /* Received STLS request */
+  gchar* username;
+  guint username_num;
 };

-
+typedef enum {
+  pop_arg_type_unknown,
+  pop_arg_type_username,
+  pop_arg_type_password
+} pop_arg_type_t;

 static gboolean response_is_continuation(const guchar *data);

@ -134,6 +145,7 @@ dissect_pop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
  conversation_t         *conversation = NULL;
  struct pop_data_val    *data_val = NULL;
  gint                   length_remaining;
+  pop_arg_type_t         pop_arg_type = pop_arg_type_unknown;

  col_set_str(pinfo->cinfo, COL_PROTOCOL, "POP");

@ -276,6 +288,14 @@ dissect_pop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
        if (g_ascii_strncasecmp(line, "STLS", 4) == 0) {
          data_val->stls_request = TRUE;
        }
+
+        if (g_ascii_strncasecmp(line, "USER", 4) == 0) {
+          pop_arg_type = pop_arg_type_username;
+        }
+
+        if (g_ascii_strncasecmp(line, "PASS", 4) == 0) {
+          pop_arg_type = pop_arg_type_password;
+        }
      } else {
        if (data_val->msg_request) {
          /* this is a response to a RETR or TOP command */
@ -305,43 +325,62 @@ dissect_pop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
  }


-  if (tree) {
-    /*
-     * Add the rest of the first line as request or
-     * reply param/description.
-     */
-    if (linelen != 0) {
-      proto_tree_add_item(reqresp_tree,
-                          (is_request) ?
-                              hf_pop_request_parameter :
-                              hf_pop_response_description,
-                          tvb, offset, linelen, ENC_ASCII|ENC_NA);
+  /*
+   * Add the rest of the first line as request or
+   * reply param/description.
+   */
+  if (linelen != 0) {
+    tap_credential_t* auth;
+    proto_tree_add_item(reqresp_tree,
+                        (is_request) ?
+                            hf_pop_request_parameter :
+                            hf_pop_response_description,
+                        tvb, offset, linelen, ENC_ASCII|ENC_NA);
+    switch (pop_arg_type) {
+      case pop_arg_type_username:
+        if (!data_val->username && linelen > 0) {
+          data_val->username = tvb_get_string_enc(wmem_file_scope(), tvb, offset, linelen, ENC_NA|ENC_ASCII);;
+          data_val->username_num = pinfo->num;
+        }
+        break;
+      case pop_arg_type_password:
+        auth = wmem_new0(wmem_packet_scope(), tap_credential_t);
+        auth->num = pinfo->num;
+        auth->username_num = data_val->username_num;
+        auth->password_hf_id = hf_pop_request_parameter;
+        auth->username = data_val->username;
+        auth->proto = "POP3";
+        auth->info = wmem_strdup_printf(wmem_packet_scope(), "Username in packet %u", data_val->username_num);
+        tap_queue_packet(credentials_tap, pinfo, auth);
+        break;
+      default:
+        break;
    }
+  }
+  offset = next_offset;
+
+  /*
+   * Show the rest of the request or response as text,
+   * a line at a time.
+   */
+  while (tvb_offset_exists(tvb, offset)) {
+    /*
+     * Find the end of the line.
+     */
+    tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
+
+    /*
+     * Put this line.
+     */
+    proto_tree_add_string_format(pop_tree,
+                                 (is_request) ?
+                                     hf_pop_request_data :
+                                     hf_pop_response_data,
+                                 tvb, offset,
+                                 next_offset - offset,
+                                 "", "%s",
+                                 tvb_format_text(tvb, offset, next_offset - offset));
    offset = next_offset;
-
-    /*
-     * Show the rest of the request or response as text,
-     * a line at a time.
-     */
-    while (tvb_offset_exists(tvb, offset)) {
-      /*
-       * Find the end of the line.
-       */
-      tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
-
-      /*
-       * Put this line.
-       */
-      proto_tree_add_string_format(pop_tree,
-                                   (is_request) ?
-                                       hf_pop_request_data :
-                                       hf_pop_response_data,
-                                   tvb, offset,
-                                   next_offset - offset,
-                                   "", "%s",
-                                   tvb_format_text(tvb, offset, next_offset - offset));
-      offset = next_offset;
-    }
  }
  return tvb_captured_length(tvb);
 }
@ -456,6 +495,8 @@ proto_register_pop(void)

  expert_pop = expert_register_protocol(proto_pop);
  expert_register_field_array(expert_pop, ei, array_length(ei));
+
+  credentials_tap = register_tap("credentials");
 }

 void