gboolean save_fragmented;
fragment_data *fd_head=NULL;
guint32 tot_len;
- tvbuff_t *payload_tvb, *decrypted_tvb;
+ tvbuff_t *auth_tvb, *payload_tvb, *decrypted_tvb;
proto_item *pi;
save_fragmented = pinfo->fragmented;
length = reported_length;
payload_tvb = tvb_new_subset(tvb, offset, length, reported_length);
+ auth_tvb=NULL;
+ /*dont bother if we dont have the entire tvb */
+ /*XXX we should really make sure we calculate auth_info->auth_data
+ and use that one instead of this auth_tvb hack
+ */
+ if(tvb_length(tvb)==tvb_reported_length(tvb)){
+ if(tvb_length_remaining(tvb, offset+length)>8){
+ auth_tvb = tvb_new_subset(tvb, offset+length+8, -1, -1);
+ }
+ }
+
/* Decrypt the PDU if it is encrypted */
if (auth_info->auth_type &&
if ((auth_fns = get_auth_subdissector_fns(
auth_info->auth_level, auth_info->auth_type))) {
tvbuff_t *result;
-
+
result = decode_encrypted_data(
- payload_tvb, NULL, pinfo, auth_fns,
+ payload_tvb, auth_tvb, pinfo, auth_fns,
hdr->ptype == PDU_REQ, auth_info);
if (result) {
goto done;
}
+
if (!(cls == ASN1_APL && con == ASN1_CON && tag == 0)) {
/*
* If we do not recognise an Application class,
return dissect_gssapi_verf(auth_tvb, pinfo, tree);
}
+tvbuff_t *
+wrap_dissect_gssapi_payload(tvbuff_t *data_tvb,
+ tvbuff_t *auth_tvb,
+ int offset,
+ packet_info *pinfo,
+ dcerpc_auth_info *auth_info)
+{
+ tvbuff_t *result;
+
+ /* we need a full auth and a full data tvb or else we cant
+ decrypt anything
+ */
+ if((!auth_tvb)||(!data_tvb)){
+ return NULL;
+ }
+
+ pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_DCE;
+ pinfo->gssapi_wrap_tvb=NULL;
+ pinfo->gssapi_encrypted_tvb=data_tvb;
+ pinfo->gssapi_decrypted_tvb=NULL;
+ dissect_gssapi_verf(auth_tvb, pinfo, NULL);
+ result=pinfo->gssapi_decrypted_tvb;
+
+ pinfo->decrypt_gssapi_tvb=0;
+ pinfo->gssapi_wrap_tvb=NULL;
+ pinfo->gssapi_encrypted_tvb=NULL;
+ pinfo->gssapi_decrypted_tvb=NULL;
+
+ return result;
+}
+
static dcerpc_auth_subdissector_fns gssapi_auth_fns = {
wrap_dissect_gssapi, /* Bind */
wrap_dissect_gssapi, /* Bind ACK */
packet_info *pinfo,
proto_tree *tree, guint8 *drep);
+tvbuff_t *wrap_dissect_gssapi_payload(tvbuff_t *data_tvb,
+ tvbuff_t *auth_tvb,
+ int offset,
+ packet_info *pinfo,
+ dcerpc_auth_info *auth_info);
+
#endif /* __PACKET_GSSAPI_H */
NULL, /* AUTH3 */
wrap_dissect_gssapi_verf, /* Request verifier */
wrap_dissect_gssapi_verf, /* Response verifier */
- NULL, /* Request data */
- NULL /* Response data */
+ wrap_dissect_gssapi_payload, /* Request data */
+ wrap_dissect_gssapi_payload /* Response data */
};
/* Attempt decryption of the GSSAPI wrapped data if possible */
pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
+ pinfo->gssapi_wrap_tvb=NULL;
pinfo->gssapi_encrypted_tvb=NULL;
pinfo->gssapi_decrypted_tvb=NULL;
len = call_dissector(gssapi_wrap_handle, next_tvb, pinfo, gtree);
}
/* tidy up */
pinfo->decrypt_gssapi_tvb=0;
+ pinfo->gssapi_wrap_tvb=NULL;
pinfo->gssapi_encrypted_tvb=NULL;
pinfo->gssapi_decrypted_tvb=NULL;
#include "packet-windows-common.h"
#include "packet-smb-common.h"
#include <epan/asn1.h> /* XXX - needed for subid_t */
-#include "packet-gssapi.h"
#include "packet-frame.h"
#include <epan/prefs.h>
#include <epan/crypt-rc4.h>
#include <epan/crypt-md4.h>
#include <epan/crypt-des.h>
#include "packet-dcerpc.h"
+#include "packet-gssapi.h"
#include "packet-ntlmssp.h"
#include <epan/asn1.h>
#include "format-oid.h"
+#include "packet-dcerpc.h"
#include "packet-gssapi.h"
#include "packet-kerberos.h"
#include <epan/crypt-rc4.h>
return 0;
}
-#ifdef HAVE_HEIMDAL_KERBEROS
static int
decrypt_arcfour(packet_info *pinfo,
char *input_message_buffer,
}
memset(k6_data, 0, sizeof(k6_data));
- ret = gssapi_verify_pad(output_message_buffer,datalen,datalen, &padlen);
- if (ret) {
- return 9;
+ /* only normal (i.e. non DCE style wrapping use padding ? */
+ if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
+ ret = gssapi_verify_pad(output_message_buffer,datalen,datalen, &padlen);
+ if (ret) {
+ return 9;
+ }
+ } else {
+ padlen=0;
}
datalen -= padlen;
- ret = arcfour_mic_cksum(key_value, key_size,
+ /* dont know what the checksum looks like for dce style gssapi */
+ if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
+ ret = arcfour_mic_cksum(key_value, key_size,
KRB5_KU_USAGE_SEAL,
cksum_data,
tvb_get_ptr(pinfo->gssapi_wrap_tvb, 0, 8), 8,
Confounder, sizeof(Confounder),
output_message_buffer,
datalen + padlen);
- if (ret) {
- return 10;
- }
+ if (ret) {
+ return 10;
+ }
- cmp = memcmp(cksum_data,
- tvb_get_ptr(pinfo->gssapi_wrap_tvb, 16, 8),
- 8); /* SGN_CKSUM */
- if (cmp) {
- return 11;
+ cmp = memcmp(cksum_data,
+ tvb_get_ptr(pinfo->gssapi_wrap_tvb, 16, 8),
+ 8); /* SGN_CKSUM */
+ if (cmp) {
+ return 11;
+ }
}
return 0;
}
+
+
+#ifdef HAVE_HEIMDAL_KERBEROS
#include <krb5.h>
static void