2 * Dissector for GSS-API tokens as described in rfc2078, section 3.1
3 * Copyright 2002, Tim Potter <tpot@samba.org>
4 * Copyright 2002, Richard Sharpe <rsharpe@samba.org> Added a few
7 * $Id: packet-gssapi.c,v 1.27 2003/07/16 04:20:32 tpot Exp $
9 * Ethereal - Network traffic analyzer
10 * By Gerald Combs <gerald@ethereal.com>
11 * Copyright 1998 Gerald Combs
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #ifdef HAVE_SYS_TYPES_H
33 # include <sys/types.h>
39 #include <epan/packet.h>
42 #include "format-oid.h"
43 #include "packet-dcerpc.h"
44 #include "packet-gssapi.h"
45 #include "packet-frame.h"
46 #include "epan/conversation.h"
48 static int proto_gssapi = -1;
50 static int hf_gssapi = -1;
52 static gint ett_gssapi = -1;
58 static GHashTable *gssapi_oids;
60 static gint gssapi_oid_equal(gconstpointer k1, gconstpointer k2)
62 const char *key1 = (const char *)k1;
63 const char *key2 = (const char *)k2;
65 return strcmp(key1, key2) == 0;
69 gssapi_oid_hash(gconstpointer k)
71 const char *key = (const char *)k;
74 for (i = 0; i < strlen(key); i++)
81 gssapi_init_oid(char *oid, int proto, int ett, dissector_handle_t handle,
82 dissector_handle_t wrap_handle, gchar *comment)
84 char *key = g_strdup(oid);
85 gssapi_oid_value *value = g_malloc(sizeof(*value));
89 value->handle = handle;
90 value->wrap_handle = wrap_handle;
91 value->comment = comment;
93 g_hash_table_insert(gssapi_oids, key, value);
97 * This takes an OID in binary form, not an OID as a text string, as
101 gssapi_lookup_oid(subid_t *oid, guint oid_len)
107 gssapi_oid_value *value;
110 * Convert the OID to a string, as text strings are used as
111 * keys in the OID hash table.
113 oid_key = g_malloc(oid_len * 22 + 1);
115 len = sprintf(p, "%lu", (unsigned long)oid[0]);
117 for (i = 1; i < oid_len;i++) {
118 len = sprintf(p, ".%lu", (unsigned long)oid[i]);
122 value = g_hash_table_lookup(gssapi_oids, oid_key);
127 /* Display an ASN1 parse error. Taken from packet-snmp.c */
129 static dissector_handle_t data_handle;
132 dissect_parse_error(tvbuff_t *tvb, int offset, packet_info *pinfo,
133 proto_tree *tree, const char *field_name, int ret)
137 errstr = asn1_err_to_str(ret);
140 proto_tree_add_text(tree, tvb, offset, 0,
141 "ERROR: Couldn't parse %s: %s", field_name, errstr);
142 call_dissector(data_handle,
143 tvb_new_subset(tvb, offset, -1, -1), pinfo, tree);
148 dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
149 gboolean is_verifier)
155 volatile int return_offset = 0;
157 guint len1, oid_len, cls, con, tag, nbytes;
160 gssapi_oid_value *value;
161 volatile dissector_handle_t handle;
162 conversation_t *volatile conversation;
167 * We need this later, so lets get it now ...
170 conversation = find_conversation(&pinfo->src, &pinfo->dst,
171 pinfo->ptype, pinfo->srcport,
174 item = proto_tree_add_item(
175 tree, hf_gssapi, tvb, offset, -1, FALSE);
177 subtree = proto_item_add_subtree(item, ett_gssapi);
180 * Catch the ReportedBoundsError exception; the stuff we've been
181 * handed doesn't necessarily run to the end of the packet, it's
182 * an item inside a packet, so if it happens to be malformed (or
183 * we, or a dissector we call, has a bug), so that an exception
184 * is thrown, we want to report the error, but return and let
185 * our caller dissect the rest of the packet.
187 * If it gets a BoundsError, we can stop, as there's nothing more
188 * in the packet after our blob to see, so we just re-throw the
194 asn1_open(&hnd, tvb, offset);
196 ret = asn1_header_decode(&hnd, &cls, &con, &tag, &def, &len1);
198 if (ret != ASN1_ERR_NOERROR) {
199 dissect_parse_error(tvb, offset, pinfo, subtree,
200 "GSS-API header", ret);
201 return_offset = tvb_length(tvb);
205 if (!(cls == ASN1_APL && con == ASN1_CON && tag == 0)) {
207 * If we do not recognise an Application class,
208 * then we are probably dealing with an inner context
209 * token or a wrap token, and we should retrieve the
210 * gssapi_oid_value pointer from the per-frame data or,
211 * if there is no per-frame data (as would be the case
212 * the first time we dissect this frame), from the
213 * conversation that exists or that we created from
214 * pinfo (and then make it per-frame data).
215 * We need to make it per-frame data as there can be
216 * more than one GSS-API negotiation in a conversation.
218 * Note! We "cheat". Since we only need the pointer,
219 * we store that as the data. (That's not really
220 * "cheating" - the per-frame data and per-conversation
221 * data code doesn't care what you supply as a data
222 * pointer; it just treats it as an opaque pointer, it
223 * doesn't dereference it or free what it points to.)
225 value = p_get_proto_data(pinfo->fd, proto_gssapi);
226 if (!value && !pinfo->fd->flags.visited)
228 /* No handle attached to this frame, but it's the first */
229 /* pass, so it'd be attached to the conversation. */
230 /* If we have a conversation, try to get the handle, */
231 /* and if we get one, attach it to the frame. */
234 value = conversation_get_proto_data(conversation,
237 p_add_proto_data(pinfo->fd, proto_gssapi, value);
242 proto_tree_add_text(subtree, tvb, offset, 0,
243 "Unknown header (cls=%d, con=%d, tag=%d)",
245 return_offset = tvb_length(tvb);
252 /* Naughty ... no way to reset the offset */
253 /* Account for the fact we have consumed part of the */
254 /* ASN.1 and we want to get it back */
257 oid_tvb = tvb_new_subset(tvb, offset, -1, -1);
259 handle = value->wrap_handle;
261 handle = value->handle;
262 len = call_dissector(handle, oid_tvb, pinfo, subtree);
264 return_offset = tvb_length(tvb);
266 return_offset = offset + len;
267 goto done; /* We are finished here */
275 ret = asn1_oid_decode(&hnd, &oid, &oid_len, &nbytes);
277 if (ret != ASN1_ERR_NOERROR) {
278 dissect_parse_error(tvb, offset, pinfo, subtree,
279 "GSS-API token", ret);
280 return_offset = tvb_length(tvb);
284 oid_string = format_oid(oid, oid_len);
287 * Hand off to subdissector.
290 if (((value = gssapi_lookup_oid(oid, oid_len)) == NULL) ||
291 !proto_is_protocol_enabled(value->proto)) {
293 proto_tree_add_text(subtree, tvb, offset, nbytes,
301 /* No dissector for this oid */
303 proto_tree_add_text(subtree, tvb, offset, -1,
306 return_offset = tvb_length(tvb);
311 proto_tree_add_text(subtree, tvb, offset, nbytes,
313 oid_string, value->comment);
315 proto_tree_add_text(subtree, tvb, offset, nbytes, "OID: %s",
323 * This is not needed, as the sub-dissector adds a tree
324 sub_item = proto_tree_add_item(subtree, value->proto, tvb,
327 oid_subtree = proto_item_add_subtree(sub_item, value->ett);
331 * Here we should create a conversation if needed and
332 * save a pointer to the data for that OID for the
336 if (!conversation) { /* Create one */
337 conversation = conversation_new(&pinfo->src,
345 * Now add the proto data ...
346 * but only if it is not already there.
349 if (!conversation_get_proto_data(conversation,
351 conversation_add_proto_data(conversation,
352 proto_gssapi, value);
356 handle = value->wrap_handle;
357 if (handle != NULL) {
358 oid_tvb = tvb_new_subset(tvb, offset, -1, -1);
359 len = call_dissector(handle, oid_tvb, pinfo,
362 return_offset = tvb_length(tvb);
364 return_offset = offset + len;
366 proto_tree_add_text(subtree, tvb, offset, -1,
367 "Authentication verifier");
368 return_offset = tvb_length(tvb);
371 handle = value->handle;
372 if (handle != NULL) {
373 oid_tvb = tvb_new_subset(tvb, offset, -1, -1);
374 len = call_dissector(handle, oid_tvb, pinfo,
377 return_offset = tvb_length(tvb);
379 return_offset = offset + len;
381 proto_tree_add_text(subtree, tvb, offset, -1,
382 "Authentication credentials");
383 return_offset = tvb_length(tvb);
388 asn1_close(&hnd, &offset);
389 } CATCH(BoundsError) {
391 } CATCH(ReportedBoundsError) {
392 show_reported_bounds_error(tvb, pinfo, tree);
395 proto_item_set_len(item, return_offset);
396 return return_offset;
400 dissect_gssapi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
402 dissect_gssapi_work(tvb, pinfo, tree, FALSE);
406 dissect_gssapi_verf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
408 return dissect_gssapi_work(tvb, pinfo, tree, TRUE);
412 proto_register_gssapi(void)
414 static hf_register_info hf[] = {
416 { "GSS-API", "gss-api", FT_NONE, BASE_NONE, NULL, 0x0,
420 static gint *ett[] = {
424 proto_gssapi = proto_register_protocol(
425 "Generic Security Service Application Program Interface",
426 "GSS-API", "gss-api");
428 proto_register_field_array(proto_gssapi, hf, array_length(hf));
429 proto_register_subtree_array(ett, array_length(ett));
431 register_dissector("gssapi", dissect_gssapi, proto_gssapi);
432 new_register_dissector("gssapi_verf", dissect_gssapi_verf, proto_gssapi);
434 gssapi_oids = g_hash_table_new(gssapi_oid_hash, gssapi_oid_equal);
437 static int wrap_dissect_gssapi(tvbuff_t *tvb, int offset,
439 proto_tree *tree, char *drep _U_)
443 auth_tvb = tvb_new_subset(
444 tvb, offset, tvb_length_remaining(tvb, offset),
445 tvb_length_remaining(tvb, offset));
447 dissect_gssapi(auth_tvb, pinfo, tree);
449 return tvb_length_remaining(tvb, offset);
452 static int wrap_dissect_gssapi_verf(tvbuff_t *tvb, int offset,
454 proto_tree *tree, char *drep _U_)
458 auth_tvb = tvb_new_subset(
459 tvb, offset, tvb_length_remaining(tvb, offset),
460 tvb_length_remaining(tvb, offset));
462 return dissect_gssapi_verf(auth_tvb, pinfo, tree);
465 static dcerpc_auth_subdissector_fns gssapi_auth_fns = {
466 wrap_dissect_gssapi, /* Bind */
467 wrap_dissect_gssapi, /* Bind ACK */
468 wrap_dissect_gssapi, /* AUTH3 */
469 wrap_dissect_gssapi_verf, /* Request verifier */
470 wrap_dissect_gssapi_verf, /* Response verifier */
471 NULL, /* Request data */
472 NULL /* Response data */
476 proto_reg_handoff_gssapi(void)
478 data_handle = find_dissector("data");
480 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
481 DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO,