HACK setup decryption keys for kerberos session setups smbclient...
authorStefan Metzmacher <metze@samba.org>
Tue, 25 Feb 2014 14:37:01 +0000 (15:37 +0100)
committerStefan Metzmacher <metze@samba.org>
Sun, 20 Jan 2019 22:14:58 +0000 (23:14 +0100)
Change-Id: I573e44de014ec318998e1bb612c95d877136594f

epan/dissectors/packet-smb2.c

index f3c1747..68a6d03 100644 (file)
@@ -18,7 +18,6 @@
 
 #include "config.h"
 
 
 #include "config.h"
 
-
 #include <epan/packet.h>
 #include <epan/prefs.h>
 #include <epan/expert.h>
 #include <epan/packet.h>
 #include <epan/prefs.h>
 #include <epan/expert.h>
@@ -1119,6 +1118,8 @@ static void smb2_key_derivation(const guint8 *KI, guint32 KI_len,
        gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
        gcry_md_setkey(hd, KI, KI_len);
 
        gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
        gcry_md_setkey(hd, KI, KI_len);
 
+printf("found KI_len[%d]\n", KI_len);
+
        memset(buf, 0, sizeof(buf));
        buf[3] = 1;
        gcry_md_write(hd, buf, sizeof(buf));
        memset(buf, 0, sizeof(buf));
        buf[3] = 1;
        gcry_md_write(hd, buf, sizeof(buf));
@@ -3128,6 +3129,54 @@ dissect_smb2_session_setup_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree
                }
        }
 
                }
        }
 
+       /* If we have found a uid->acct_name mapping, store it */
+       if(!pinfo->fd->flags.visited) {// && si->status == 0){
+#ifdef HAVE_KERBEROS
+               enc_key_t *ek;
+
+               if (krb_decrypt){
+                       read_keytab_file_from_preferences();
+               }
+
+               for(ek=enc_key_list;ek;ek=ek->next){
+                       if (ek->fd_num == -1) {
+                               continue;
+                       }
+
+                       if (ek->fd_num != (int)pinfo->fd->num) {
+                               continue;
+                       }
+
+                       break;
+               }
+               if (ek != NULL) {
+                       smb2_sesid_info_t *sesid;
+                       guint8 session_key[16] = { 0, };
+
+                       memcpy(session_key, ek->keyvalue, MIN(ek->keylength, 16));
+
+                       sesid = wmem_new(wmem_file_scope(), smb2_sesid_info_t);
+                       sesid->sesid = si->sesid;
+                       /* TODO: fill in the correct information */
+                       sesid->acct_name = NULL;
+                       sesid->domain_name = NULL;
+                       sesid->host_name = NULL;
+                       smb2_key_derivation(session_key, sizeof(session_key),
+                                           "SMB2AESCCM", 11,
+                                           "ServerIn ", 10,
+                                           sesid->server_decryption_key);
+                       smb2_key_derivation(session_key, sizeof(session_key),
+                                           "SMB2AESCCM", 11,
+                                           "ServerOut", 10,
+                                           sesid->client_decryption_key);
+                       sesid->server_port = pinfo->destport;
+                       sesid->auth_frame = pinfo->fd->num;
+                       sesid->tids = g_hash_table_new(smb2_tid_info_hash, smb2_tid_info_equal);
+                       g_hash_table_insert(si->conv->sesids, sesid, sesid);
+               }
+#endif
+       }
+
        return offset;
 }
 
        return offset;
 }
 
@@ -8944,7 +8993,7 @@ dissect_smb2_transform_header(packet_info *pinfo, proto_tree *tree,
        offset += 8;
 
        /* now we need to first lookup the uid session */
        offset += 8;
 
        /* now we need to first lookup the uid session */
-       sesid_key.sesid = sti->sesid;
+       sesid_key.sesid = 0;//sti->sesid;
        sti->session = (smb2_sesid_info_t *)g_hash_table_lookup(sti->conv->sesids, &sesid_key);
 
        if (sti->session != NULL && sti->session->auth_frame != (guint32)-1) {
        sti->session = (smb2_sesid_info_t *)g_hash_table_lookup(sti->conv->sesids, &sesid_key);
 
        if (sti->session != NULL && sti->session->auth_frame != (guint32)-1) {