From 850f0231681bf982b2dcd76a785f572714e13845 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 24 Nov 2017 18:08:44 +0100
Subject: [PATCH] decrypt

Change-Id: Ie39ca944a7adfecdfd0ae74afff7fbec746147d6
---
 epan/dissectors/packet-nmf.c | 82 +++++++++++++++++++++++++++++++++++-
 1 file changed, 81 insertions(+), 1 deletion(-)

diff --git a/epan/dissectors/packet-nmf.c b/epan/dissectors/packet-nmf.c
index 44710e37c1..217388e46c 100644
--- a/epan/dissectors/packet-nmf.c
+++ b/epan/dissectors/packet-nmf.c
@@ -22,6 +22,7 @@
 
 #include "config.h"
 
+#include <wsutil/str_util.h>
 #include <epan/packet.h>
 #include <epan/prefs.h>
 #include <epan/proto_data.h>
@@ -40,6 +41,7 @@ static dissector_handle_t gssapi_wrap_handle;
 static int proto_nmf = -1;
 
 static gint ett_nmf = -1;
+static gint ett_nmf_payload = -1;
 
 static int hf_nmf_record = -1;
 static int hf_nmf_record_type = -1;
@@ -367,20 +369,97 @@ dissect_nmf_pdu(tvbuff_t *tvb, packet_info *pinfo,
 		proto_item *item = proto_tree_get_parent(tree);
 		guint32 len = 0;
 		int offset = 0;
+		tvbuff_t *gssapi_tvb = NULL;
 
 		len = tvb_get_guint32(tvb, offset, ENC_LITTLE_ENDIAN);
 		proto_tree_add_item(tree, hf_nmf_negotiate_length,
 				    tvb, offset, 4, ENC_LITTLE_ENDIAN);
 		offset += 4;
 
-		col_set_str(pinfo->cinfo, COL_INFO, "NMF Protected");
+		col_set_str(pinfo->cinfo, COL_INFO, "NMF GSSAPI");
 		col_add_fstr(pinfo->cinfo, COL_INFO,
 			     "Protected Packet len: %u (0x%x)",
 			     (unsigned)len, (unsigned)len);
 		proto_item_append_text(item, ", Protected Packet len: %u (0x%x)",
 				(unsigned)len, (unsigned)len);
 
+		gssapi_tvb = tvb_new_subset_length(tvb, offset, len);
 		offset += len;
+	{
+        tvbuff_t *plain_tvb = NULL, *decr_tvb= NULL;
+        int ver_len;
+        gssapi_encrypt_info_t gssapi_encrypt;
+
+        /* Attempt decryption of the GSSAPI wrapped data if possible */
+        gssapi_encrypt.gssapi_data_encrypted = FALSE;
+        gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
+        gssapi_encrypt.gssapi_wrap_tvb=NULL;
+        gssapi_encrypt.gssapi_encrypted_tvb=NULL;
+        gssapi_encrypt.gssapi_decrypted_tvb=NULL;
+        ver_len = call_dissector_with_data(gssapi_wrap_handle, gssapi_tvb,
+					   pinfo, tree, &gssapi_encrypt);
+        /* if we could unwrap, do a tvb shuffle */
+        if(gssapi_encrypt.gssapi_decrypted_tvb){
+          decr_tvb=gssapi_encrypt.gssapi_decrypted_tvb;
+        } else if (gssapi_encrypt.gssapi_wrap_tvb) {
+          plain_tvb=gssapi_encrypt.gssapi_wrap_tvb;
+        }
+
+        /*
+        * if len is 0 it probably mean that we got a PDU that is not
+        * aligned to the start of the segment.
+        */
+        if(ver_len==0){
+//          return;
+        }
+
+        /*
+        * if we don't have unwrapped data,
+        * see if the wrapping involved encryption of the
+        * data; if not, just use the plaintext data.
+        */
+        if (!decr_tvb && !plain_tvb) {
+          if(!gssapi_encrypt.gssapi_data_encrypted){
+            plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len);
+          }
+        }
+
+        if (decr_tvb) {
+          proto_tree *enc_tree = NULL;
+          guint decr_len = tvb_reported_length(decr_tvb);
+
+          col_set_str(pinfo->cinfo, COL_INFO, "NMF GSS-API Privacy (decrypted): ");
+
+          if (tree) {
+            enc_tree = proto_tree_add_subtree_format(tree, decr_tvb, 0, -1,
+              ett_nmf_payload, NULL, "GSS-API Encrypted payload (%d byte%s)",
+              decr_len, plurality(decr_len, "", "s"));
+          }
+	  proto_tree_add_format_text(enc_tree, decr_tvb, 0, decr_len);
+          //dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, is_mscldap);
+        } else if (plain_tvb) {
+          proto_tree *plain_tree = NULL;
+          guint plain_len = tvb_reported_length(plain_tvb);
+
+          col_set_str(pinfo->cinfo, COL_INFO, "NMF GSS-API Integrity: ");
+
+          if (tree) {
+            plain_tree = proto_tree_add_subtree_format(tree, plain_tvb, 0, -1,
+              ett_nmf_payload, NULL, "GSS-API payload (%d byte%s)",
+              plain_len, plurality(plain_len, "", "s"));
+          }
+
+	  proto_tree_add_format_text(plain_tree, plain_tvb, 0, plain_len);
+          //dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, is_mscldap);
+        } else {
+          col_add_fstr(pinfo->cinfo, COL_INFO, "NMF GSS-API Privacy: payload (%d byte%s)",
+            len,
+            plurality(len, "", "s"));
+
+	  proto_tree_add_format_text(tree, gssapi_tvb, 0, len);
+//          proto_tree_add_item(sasl_tree, hf_ldap_gssapi_encrypted_payload, gssapi_tvb, ver_len, -1, ENC_NA);
+        }
+    }
 		return offset;
 	}
 
@@ -464,6 +543,7 @@ void proto_register_nmf(void)
 {
 	static gint *ett[] = {
 		&ett_nmf,
+		&ett_nmf_payload,
 	};
 	static hf_register_info hf[] = {
 	{ &hf_nmf_record,
-- 
2.34.1