From: sahlberg Date: Fri, 22 Jun 2007 19:32:02 +0000 (+0000) Subject: add code to handle new insanity in how spnego and gss wrap X-Git-Url: http://git.samba.org/samba.git/?a=commitdiff_plain;h=258c8c59e57cd81d43d4edccbf7f729cd0b2c6a7;p=obnox%2Fwireshark%2Fwip.git add code to handle new insanity in how spnego and gss wrap eachother git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@22165 f5534014-38df-0310-8fa8-9805f1628bb7 --- diff --git a/asn1/ldap/ldap.cnf b/asn1/ldap/ldap.cnf index 7888895d68..38bc9812ca 100644 --- a/asn1/ldap/ldap.cnf +++ b/asn1/ldap/ldap.cnf @@ -165,27 +165,42 @@ char *mechanism = NULL; tvbuff_t *parameter_tvb; ldap_conv_info_t *ldap_info; +gint8 class; +gboolean pc; +gint32 tag; %(DEFAULT_BODY)s + if (!parameter_tvb) return offset; ldap_info = actx->pinfo->private_data; - if (ldap_info->auth_mech != NULL && strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) { - /* - * This is a GSS-API token ancapsulated within GSS-SPNEGO. - */ - if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) - call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree); - } else if (ldap_info->auth_mech != NULL && strcmp(ldap_info->auth_mech, "GSSAPI") == 0) { - /* - * This is a raw GSS-API token. - */ - if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) - call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree); + get_ber_identifier(parameter_tvb, 0, &class, &pc, &tag); + + /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (class==BER_CLASS_CON)) {*/ + if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_CON)) { + /* + * This is a GSS-API token ancapsulated within GSS-SPNEGO. + * We need to check the first byte to check whether the blob + * contains SPNEGO or GSSAPI. + * All SPNEGO PDUs are of class CONSTRUCTED while + * GSS PDUs are class APPLICATION + */ + if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) + call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree); + } + /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (class==BER_CLASS_APP))) {*/ + if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_APP)) { + /* + * This is a raw GSS-API token. + */ + if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) { + call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree); + } } actx->pinfo->private_data = ldap_info; + #.FN_BODY ServerSaslCreds VAL_PTR = ¶meter_tvb tvbuff_t *parameter_tvb; diff --git a/epan/dissectors/packet-ldap.c b/epan/dissectors/packet-ldap.c index 8eef19840f..7d93cc60ff 100644 --- a/epan/dissectors/packet-ldap.c +++ b/epan/dissectors/packet-ldap.c @@ -1,6 +1,6 @@ /* Do not modify this file. */ /* It is created automatically by the ASN.1 to Wireshark dissector compiler */ -/* .\packet-ldap.c */ +/* ./packet-ldap.c */ /* ../../tools/asn2wrs.py -b -X -e -p ldap -c ldap.cnf -s packet-ldap-template Lightweight-Directory-Access-Protocol-V3.asn */ /* Input file: packet-ldap-template.c */ @@ -754,7 +754,7 @@ dissect_ldap_INTEGER_1_127(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off static int dissect_ldap_LDAPString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 251 "ldap.cnf" +#line 266 "ldap.cnf" tvbuff_t *parameter_tvb = NULL; char *ldapstring; gchar *sc = NULL; /* semi-colon pointer */ @@ -929,31 +929,46 @@ dissect_ldap_Credentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse tvbuff_t *parameter_tvb; ldap_conv_info_t *ldap_info; +gint8 class; +gboolean pc; +gint32 tag; offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, ¶meter_tvb); + if (!parameter_tvb) return offset; ldap_info = actx->pinfo->private_data; - if (ldap_info->auth_mech != NULL && strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) { - /* - * This is a GSS-API token ancapsulated within GSS-SPNEGO. - */ - if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) - call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree); - } else if (ldap_info->auth_mech != NULL && strcmp(ldap_info->auth_mech, "GSSAPI") == 0) { - /* - * This is a raw GSS-API token. - */ - if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) - call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree); + get_ber_identifier(parameter_tvb, 0, &class, &pc, &tag); + + /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (class==BER_CLASS_CON)) {*/ + if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_CON)) { + /* + * This is a GSS-API token ancapsulated within GSS-SPNEGO. + * We need to check the first byte to check whether the blob + * contains SPNEGO or GSSAPI. + * All SPNEGO PDUs are of class CONSTRUCTED while + * GSS PDUs are class APPLICATION + */ + if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) + call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree); + } + /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (class==BER_CLASS_APP))) {*/ + if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_APP)) { + /* + * This is a raw GSS-API token. + */ + if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) { + call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree); + } } actx->pinfo->private_data = ldap_info; + return offset; } @@ -976,7 +991,7 @@ dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o static int dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 604 "ldap.cnf" +#line 619 "ldap.cnf" /* make sure the protocol op comes first */ ldap_do_protocolop(actx->pinfo); @@ -992,7 +1007,7 @@ dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, in static int dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 611 "ldap.cnf" +#line 626 "ldap.cnf" /* make sure the protocol op comes first */ ldap_do_protocolop(actx->pinfo); @@ -1023,7 +1038,7 @@ static const ber_choice_t AuthenticationChoice_choice[] = { static int dissect_ldap_AuthenticationChoice(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 425 "ldap.cnf" +#line 440 "ldap.cnf" gint branch = -1; gint auth = -1; const gchar *valstr; @@ -1116,7 +1131,7 @@ static const value_string ldap_BindResponse_resultCode_vals[] = { static int dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 369 "ldap.cnf" +#line 384 "ldap.cnf" const gchar *valstr; @@ -1148,7 +1163,7 @@ dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U static int dissect_ldap_T_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 618 "ldap.cnf" +#line 633 "ldap.cnf" tvbuff_t *new_tvb=NULL; offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb); @@ -1209,7 +1224,7 @@ dissect_ldap_Referral(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _ static int dissect_ldap_ServerSaslCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 190 "ldap.cnf" +#line 205 "ldap.cnf" tvbuff_t *parameter_tvb; ldap_conv_info_t *ldap_info; @@ -1299,7 +1314,7 @@ dissect_ldap_BindResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs static int dissect_ldap_UnbindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 447 "ldap.cnf" +#line 462 "ldap.cnf" implicit_tag = TRUE; /* correct problem with asn2wrs */ @@ -1328,7 +1343,7 @@ static const value_string ldap_T_scope_vals[] = { static int dissect_ldap_T_scope(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 332 "ldap.cnf" +#line 347 "ldap.cnf" gint scope; const gchar *valstr; @@ -1395,7 +1410,7 @@ static int dissect_ldap_T_and_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index); -#line 481 "ldap.cnf" +#line 496 "ldap.cnf" if(and_filter_string){ and_filter_string=ep_strdup_printf("(&%s%s)",and_filter_string,Filter_string); } else { @@ -1413,7 +1428,7 @@ static const ber_sequence_t T_and_set_of[1] = { static int dissect_ldap_T_and(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 488 "ldap.cnf" +#line 503 "ldap.cnf" proto_tree *tr=NULL; proto_item *it=NULL; char *old_and_filter_string=and_filter_string; @@ -1444,7 +1459,7 @@ static int dissect_ldap_T_or_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index); -#line 506 "ldap.cnf" +#line 521 "ldap.cnf" if(or_filter_string){ or_filter_string=ep_strdup_printf("(|%s%s)",or_filter_string,Filter_string); } else { @@ -1463,7 +1478,7 @@ static const ber_sequence_t T_or_set_of[1] = { static int dissect_ldap_T_or(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 514 "ldap.cnf" +#line 529 "ldap.cnf" proto_tree *tr=NULL; proto_item *it=NULL; char *old_or_filter_string=or_filter_string; @@ -1492,7 +1507,7 @@ static int dissect_ldap_T_not(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index); -#line 533 "ldap.cnf" +#line 548 "ldap.cnf" Filter_string=ep_strdup_printf("(!%s)",Filter_string); @@ -1530,7 +1545,7 @@ static int dissect_ldap_T_equalityMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); -#line 466 "ldap.cnf" +#line 481 "ldap.cnf" Filter_string=ep_strdup_printf("(%s=%s)",attributedesc_string,ldapvalue_string); @@ -1559,7 +1574,7 @@ dissect_ldap_T_substringFilter_substrings_item(gboolean implicit_tag _U_, tvbuff T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item, NULL); -#line 559 "ldap.cnf" +#line 574 "ldap.cnf" if (substring_item_final) { substring_value=ep_strdup_printf("%s%s", (substring_value?substring_value:"*"), @@ -1599,7 +1614,7 @@ static const ber_sequence_t SubstringFilter_sequence[] = { static int dissect_ldap_SubstringFilter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 573 "ldap.cnf" +#line 588 "ldap.cnf" proto_tree *tr=NULL; proto_item *it=NULL; char *old_substring_value=substring_value; @@ -1631,7 +1646,7 @@ static int dissect_ldap_T_greaterOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); -#line 470 "ldap.cnf" +#line 485 "ldap.cnf" Filter_string=ep_strdup_printf("(%s>=%s)",attributedesc_string,ldapvalue_string); @@ -1645,7 +1660,7 @@ static int dissect_ldap_T_lessOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); -#line 474 "ldap.cnf" +#line 489 "ldap.cnf" Filter_string=ep_strdup_printf("(%s<=%s)",attributedesc_string,ldapvalue_string); @@ -1659,7 +1674,7 @@ static int dissect_ldap_T_present(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, actx, tree, hf_index); -#line 530 "ldap.cnf" +#line 545 "ldap.cnf" Filter_string=ep_strdup_printf("(%s=*)",Filter_string); @@ -1672,7 +1687,7 @@ static int dissect_ldap_T_approxMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); -#line 478 "ldap.cnf" +#line 493 "ldap.cnf" Filter_string=ep_strdup_printf("(%s~=%s)",attributedesc_string,ldapvalue_string); @@ -1692,7 +1707,7 @@ dissect_ldap_MatchingRuleId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of static int dissect_ldap_T_dnAttributes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 536 "ldap.cnf" +#line 551 "ldap.cnf" gboolean val; offset = dissect_ber_boolean_value(implicit_tag, actx, tree, tvb, offset, hf_index, &val); @@ -1727,7 +1742,7 @@ dissect_ldap_MatchingRuleAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, static int dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 545 "ldap.cnf" +#line 560 "ldap.cnf" attr_type=NULL; matching_rule_string=NULL; ldapvalue_string=NULL; @@ -1736,7 +1751,7 @@ dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); -#line 551 "ldap.cnf" +#line 566 "ldap.cnf" Filter_string=ep_strdup_printf("(%s:%s%s%s=%s)", (attr_type?attr_type:""), (matching_rule_dnattr?"dn:":""), @@ -1779,7 +1794,7 @@ static const ber_choice_t Filter_choice[] = { static int dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 592 "ldap.cnf" +#line 607 "ldap.cnf" proto_tree *tr=NULL; proto_item *it=NULL; @@ -1803,13 +1818,13 @@ dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_ static int dissect_ldap_T_filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 459 "ldap.cnf" +#line 474 "ldap.cnf" Filter_string=NULL; offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index); -#line 462 "ldap.cnf" +#line 477 "ldap.cnf" Filter_string=NULL; and_filter_string=NULL; @@ -1855,7 +1870,7 @@ dissect_ldap_SearchRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off static int dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 390 "ldap.cnf" +#line 405 "ldap.cnf" tvbuff_t *next_tvb; gchar *string; @@ -2000,7 +2015,7 @@ static const value_string ldap_T_resultCode_vals[] = { static int dissect_ldap_T_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 349 "ldap.cnf" +#line 364 "ldap.cnf" const gchar *valstr; @@ -2545,7 +2560,7 @@ dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse static int dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 634 "ldap.cnf" +#line 649 "ldap.cnf" gint8 class; gboolean pc, ind; gint32 tag; diff --git a/epan/dissectors/packet-ldap.h b/epan/dissectors/packet-ldap.h index b30eb6be68..61333792bf 100644 --- a/epan/dissectors/packet-ldap.h +++ b/epan/dissectors/packet-ldap.h @@ -1,6 +1,6 @@ /* Do not modify this file. */ /* It is created automatically by the ASN.1 to Wireshark dissector compiler */ -/* .\packet-ldap.h */ +/* ./packet-ldap.h */ /* ../../tools/asn2wrs.py -b -X -e -p ldap -c ldap.cnf -s packet-ldap-template Lightweight-Directory-Access-Protocol-V3.asn */ /* Input file: packet-ldap-template.h */