* Copyright 2002, Richard Sharpe <rsharpe@samba.org> Added a few
* bits and pieces ...
*
- * $Id: packet-gssapi.c,v 1.21 2002/11/05 21:41:27 guy Exp $
+ * $Id: packet-gssapi.c,v 1.29 2004/01/19 20:10:36 jmayer Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
#include "asn1.h"
#include "format-oid.h"
+#include "packet-dcerpc.h"
#include "packet-gssapi.h"
#include "packet-frame.h"
#include "epan/conversation.h"
static gint gssapi_oid_equal(gconstpointer k1, gconstpointer k2)
{
- char *key1 = (char *)k1;
- char *key2 = (char *)k2;
+ const char *key1 = (const char *)k1;
+ const char *key2 = (const char *)k2;
return strcmp(key1, key2) == 0;
}
static guint
gssapi_oid_hash(gconstpointer k)
{
- char *key = (char *)k;
+ const char *key = (const char *)k;
guint hash = 0, i;
for (i = 0; i < strlen(key); i++)
void
gssapi_init_oid(char *oid, int proto, int ett, dissector_handle_t handle,
- gchar *comment)
+ dissector_handle_t wrap_handle, gchar *comment)
{
char *key = g_strdup(oid);
gssapi_oid_value *value = g_malloc(sizeof(*value));
- value->proto = proto;
+ value->proto = find_protocol_by_id(proto);
value->ett = ett;
value->handle = handle;
+ value->wrap_handle = wrap_handle;
value->comment = comment;
g_hash_table_insert(gssapi_oids, key, value);
}
}
-static void
+static int
dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
gboolean is_verifier)
{
proto_tree *subtree;
ASN1_SCK hnd;
int ret, offset = 0;
+ volatile int return_offset = 0;
gboolean def;
guint len1, oid_len, cls, con, tag, nbytes;
subid_t *oid;
gchar *oid_string;
gssapi_oid_value *value;
- volatile dissector_handle_t handle = NULL;
+ volatile dissector_handle_t handle;
conversation_t *volatile conversation;
tvbuff_t *oid_tvb;
+ int len;
/*
* We need this later, so lets get it now ...
if (ret != ASN1_ERR_NOERROR) {
dissect_parse_error(tvb, offset, pinfo, subtree,
"GSS-API header", ret);
+ return_offset = tvb_length(tvb);
goto done;
}
/*
* If we do not recognise an Application class,
* then we are probably dealing with an inner context
- * token, and we should retrieve the dissector from
- * the conversation that exists or we created from pinfo
+ * token or a wrap token, and we should retrieve the
+ * gssapi_oid_value pointer from the per-frame data or,
+ * if there is no per-frame data (as would be the case
+ * the first time we dissect this frame), from the
+ * conversation that exists or that we created from
+ * pinfo (and then make it per-frame data).
+ * We need to make it per-frame data as there can be
+ * more than one GSS-API negotiation in a conversation.
*
- * Note! We cheat. Since we only need the dissector handle,
- * We store that as the conversation data ...
+ * Note! We "cheat". Since we only need the pointer,
+ * we store that as the data. (That's not really
+ * "cheating" - the per-frame data and per-conversation
+ * data code doesn't care what you supply as a data
+ * pointer; it just treats it as an opaque pointer, it
+ * doesn't dereference it or free what it points to.)
*/
-
- if (conversation &&
- !(handle = conversation_get_proto_data(conversation,
- proto_gssapi))){
- proto_tree_add_text(
- subtree, tvb, offset, 0,
- "Unknown header (cls=%d, con=%d, tag=%d)",
- cls, con, tag);
- goto done;
+ value = p_get_proto_data(pinfo->fd, proto_gssapi);
+ if (!value && !pinfo->fd->flags.visited)
+ {
+ /* No handle attached to this frame, but it's the first */
+ /* pass, so it'd be attached to the conversation. */
+ /* If we have a conversation, try to get the handle, */
+ /* and if we get one, attach it to the frame. */
+ if (conversation)
+ {
+ value = conversation_get_proto_data(conversation,
+ proto_gssapi);
+ if (value)
+ p_add_proto_data(pinfo->fd, proto_gssapi, value);
+ }
+ }
+ if (!value)
+ {
+ proto_tree_add_text(subtree, tvb, offset, 0,
+ "Unknown header (cls=%d, con=%d, tag=%d)",
+ cls, con, tag);
+ return_offset = tvb_length(tvb);
+ goto done;
}
else
{
hnd.offset = offset;
oid_tvb = tvb_new_subset(tvb, offset, -1, -1);
- call_dissector(handle, oid_tvb, pinfo, subtree);
+ if (is_verifier)
+ handle = value->wrap_handle;
+ else
+ handle = value->handle;
+ len = call_dissector(handle, oid_tvb, pinfo, subtree);
+ if (len == 0)
+ return_offset = tvb_length(tvb);
+ else
+ return_offset = offset + len;
goto done; /* We are finished here */
}
}
if (ret != ASN1_ERR_NOERROR) {
dissect_parse_error(tvb, offset, pinfo, subtree,
"GSS-API token", ret);
+ return_offset = tvb_length(tvb);
goto done;
}
proto_tree_add_text(subtree, tvb, offset, -1,
"Token object");
+ return_offset = tvb_length(tvb);
goto done;
}
oid_subtree = proto_item_add_subtree(sub_item, value->ett);
*/
- handle = value->handle;
-
/*
* Here we should create a conversation if needed and
- * save the OID and dissector handle in it for the
+ * save a pointer to the data for that OID for the
* GSSAPI protocol.
*/
if (!conversation_get_proto_data(conversation,
proto_gssapi)) {
conversation_add_proto_data(conversation,
- proto_gssapi, handle);
+ proto_gssapi, value);
}
if (is_verifier) {
- proto_tree_add_text(subtree, tvb, offset, -1,
- "Authentication verifier");
+ handle = value->wrap_handle;
+ if (handle != NULL) {
+ oid_tvb = tvb_new_subset(tvb, offset, -1, -1);
+ len = call_dissector(handle, oid_tvb, pinfo,
+ subtree);
+ if (len == 0)
+ return_offset = tvb_length(tvb);
+ else
+ return_offset = offset + len;
+ } else {
+ proto_tree_add_text(subtree, tvb, offset, -1,
+ "Authentication verifier");
+ return_offset = tvb_length(tvb);
+ }
} else {
+ handle = value->handle;
if (handle != NULL) {
oid_tvb = tvb_new_subset(tvb, offset, -1, -1);
- call_dissector(handle, oid_tvb, pinfo, subtree);
+ len = call_dissector(handle, oid_tvb, pinfo,
+ subtree);
+ if (len == 0)
+ return_offset = tvb_length(tvb);
+ else
+ return_offset = offset + len;
} else {
proto_tree_add_text(subtree, tvb, offset, -1,
"Authentication credentials");
+ return_offset = tvb_length(tvb);
}
}
} CATCH(ReportedBoundsError) {
show_reported_bounds_error(tvb, pinfo, tree);
} ENDTRY;
+
+ proto_item_set_len(item, return_offset);
+ return return_offset;
}
static void
dissect_gssapi_work(tvb, pinfo, tree, FALSE);
}
-static void
+static int
dissect_gssapi_verf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
- dissect_gssapi_work(tvb, pinfo, tree, TRUE);
+ return dissect_gssapi_work(tvb, pinfo, tree, TRUE);
}
void
proto_register_subtree_array(ett, array_length(ett));
register_dissector("gssapi", dissect_gssapi, proto_gssapi);
- register_dissector("gssapi_verf", dissect_gssapi_verf, proto_gssapi);
+ new_register_dissector("gssapi_verf", dissect_gssapi_verf, proto_gssapi);
gssapi_oids = g_hash_table_new(gssapi_oid_hash, gssapi_oid_equal);
}
+static int wrap_dissect_gssapi(tvbuff_t *tvb, int offset,
+ packet_info *pinfo,
+ proto_tree *tree, guint8 *drep _U_)
+{
+ tvbuff_t *auth_tvb;
+
+ auth_tvb = tvb_new_subset(
+ tvb, offset, tvb_length_remaining(tvb, offset),
+ tvb_length_remaining(tvb, offset));
+
+ dissect_gssapi(auth_tvb, pinfo, tree);
+
+ return tvb_length_remaining(tvb, offset);
+}
+
+static int wrap_dissect_gssapi_verf(tvbuff_t *tvb, int offset,
+ packet_info *pinfo,
+ proto_tree *tree, guint8 *drep _U_)
+{
+ tvbuff_t *auth_tvb;
+
+ auth_tvb = tvb_new_subset(
+ tvb, offset, tvb_length_remaining(tvb, offset),
+ tvb_length_remaining(tvb, offset));
+
+ return dissect_gssapi_verf(auth_tvb, pinfo, tree);
+}
+
+static dcerpc_auth_subdissector_fns gssapi_auth_fns = {
+ wrap_dissect_gssapi, /* Bind */
+ wrap_dissect_gssapi, /* Bind ACK */
+ wrap_dissect_gssapi, /* AUTH3 */
+ wrap_dissect_gssapi_verf, /* Request verifier */
+ wrap_dissect_gssapi_verf, /* Response verifier */
+ NULL, /* Request data */
+ NULL /* Response data */
+};
+
void
proto_reg_handoff_gssapi(void)
{
data_handle = find_dissector("data");
+
+ register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
+ DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO,
+ &gssapi_auth_fns);
}