/* packet-gssapi.c
* Dissector for GSS-API tokens as described in rfc2078, section 3.1
* Copyright 2002, Tim Potter <tpot@samba.org>
+ * Copyright 2002, Richard Sharpe <rsharpe@samba.org> Added a few
+ * bits and pieces ...
*
- * $Id: packet-gssapi.c,v 1.13 2002/08/31 20:50:08 sharpe Exp $
+ * $Id: packet-gssapi.c,v 1.28 2003/11/16 23:17:19 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
# include <sys/types.h>
#endif
+#include <string.h>
+
#include <glib.h>
#include <epan/packet.h>
#include "asn1.h"
#include "format-oid.h"
+#include "packet-dcerpc.h"
#include "packet-gssapi.h"
#include "packet-frame.h"
#include "epan/conversation.h"
* Subdissectors
*/
-GHashTable *gssapi_oids;
+static GHashTable *gssapi_oids;
static gint gssapi_oid_equal(gconstpointer k1, gconstpointer k2)
{
- char *key1 = (char *)k1;
- char *key2 = (char *)k2;
+ const char *key1 = (const char *)k1;
+ const char *key2 = (const char *)k2;
return strcmp(key1, key2) == 0;
}
static guint
gssapi_oid_hash(gconstpointer k)
{
- char *key = (char *)k;
+ const char *key = (const char *)k;
guint hash = 0, i;
for (i = 0; i < strlen(key); i++)
}
void
-gssapi_init_oid(char *oid, int proto, int ett, char *name)
+gssapi_init_oid(char *oid, int proto, int ett, dissector_handle_t handle,
+ dissector_handle_t wrap_handle, gchar *comment)
{
char *key = g_strdup(oid);
gssapi_oid_value *value = g_malloc(sizeof(*value));
- value->proto = proto;
+ value->proto = find_protocol_by_id(proto);
value->ett = ett;
- value->name = g_strdup(name);
+ value->handle = handle;
+ value->wrap_handle = wrap_handle;
+ value->comment = comment;
g_hash_table_insert(gssapi_oids, key, value);
}
+/*
+ * This takes an OID in binary form, not an OID as a text string, as
+ * an argument.
+ */
+gssapi_oid_value *
+gssapi_lookup_oid(subid_t *oid, guint oid_len)
+{
+ gchar *oid_key;
+ gchar *p;
+ unsigned int i;
+ int len;
+ gssapi_oid_value *value;
+
+ /*
+ * Convert the OID to a string, as text strings are used as
+ * keys in the OID hash table.
+ */
+ oid_key = g_malloc(oid_len * 22 + 1);
+ p = oid_key;
+ len = sprintf(p, "%lu", (unsigned long)oid[0]);
+ p += len;
+ for (i = 1; i < oid_len;i++) {
+ len = sprintf(p, ".%lu", (unsigned long)oid[i]);
+ p += len;
+ }
+
+ value = g_hash_table_lookup(gssapi_oids, oid_key);
+ g_free(oid_key);
+ return value;
+}
+
/* Display an ASN1 parse error. Taken from packet-snmp.c */
static dissector_handle_t data_handle;
}
}
-static void
-dissect_gssapi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+static int
+dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ gboolean is_verifier)
{
proto_item *item;
proto_tree *subtree;
- int length = tvb_length_remaining(tvb, 0);
ASN1_SCK hnd;
int ret, offset = 0;
+ volatile int return_offset = 0;
gboolean def;
guint len1, oid_len, cls, con, tag, nbytes;
subid_t *oid;
gchar *oid_string;
gssapi_oid_value *value;
- int len;
- unsigned int i;
- gchar *p;
- volatile dissector_handle_t handle = NULL;
- /* proto_item *sub_item;
- proto_tree *oid_subtree;*/
+ volatile dissector_handle_t handle;
conversation_t *volatile conversation;
+ tvbuff_t *oid_tvb;
+ int len;
/*
* We need this later, so lets get it now ...
pinfo->destport, 0);
item = proto_tree_add_item(
- tree, hf_gssapi, tvb, offset, length, FALSE);
+ tree, hf_gssapi, tvb, offset, -1, FALSE);
subtree = proto_item_add_subtree(item, ett_gssapi);
if (ret != ASN1_ERR_NOERROR) {
dissect_parse_error(tvb, offset, pinfo, subtree,
"GSS-API header", ret);
+ return_offset = tvb_length(tvb);
goto done;
}
if (!(cls == ASN1_APL && con == ASN1_CON && tag == 0)) {
/*
- * If we do not recognise an Application class, then
+ * If we do not recognise an Application class,
* then we are probably dealing with an inner context
- * token, and we should retrieve the dissector from
- * the conversation that exists or we created from pinfo
+ * token or a wrap token, and we should retrieve the
+ * gssapi_oid_value pointer from the per-frame data or,
+ * if there is no per-frame data (as would be the case
+ * the first time we dissect this frame), from the
+ * conversation that exists or that we created from
+ * pinfo (and then make it per-frame data).
+ * We need to make it per-frame data as there can be
+ * more than one GSS-API negotiation in a conversation.
*
- * Note! We cheat. Since we only need the dissector handle,
- * We store that as the conversation data ... after type
- * casting.
+ * Note! We "cheat". Since we only need the pointer,
+ * we store that as the data. (That's not really
+ * "cheating" - the per-frame data and per-conversation
+ * data code doesn't care what you supply as a data
+ * pointer; it just treats it as an opaque pointer, it
+ * doesn't dereference it or free what it points to.)
*/
-
- if (conversation &&
- !(handle = conversation_get_proto_data(conversation,
- proto_gssapi))){
- proto_tree_add_text(
- subtree, tvb, offset, 0,
- "Unknown header (cls=%d, con=%d, tag=%d)",
- cls, con, tag);
- goto done;
+ value = p_get_proto_data(pinfo->fd, proto_gssapi);
+ if (!value && !pinfo->fd->flags.visited)
+ {
+ /* No handle attached to this frame, but it's the first */
+ /* pass, so it'd be attached to the conversation. */
+ /* If we have a conversation, try to get the handle, */
+ /* and if we get one, attach it to the frame. */
+ if (conversation)
+ {
+ value = conversation_get_proto_data(conversation,
+ proto_gssapi);
+ if (value)
+ p_add_proto_data(pinfo->fd, proto_gssapi, value);
+ }
+ }
+ if (!value)
+ {
+ proto_tree_add_text(subtree, tvb, offset, 0,
+ "Unknown header (cls=%d, con=%d, tag=%d)",
+ cls, con, tag);
+ return_offset = tvb_length(tvb);
+ goto done;
}
else
{
hnd.offset = offset;
oid_tvb = tvb_new_subset(tvb, offset, -1, -1);
- call_dissector(handle, oid_tvb, pinfo, subtree);
+ if (is_verifier)
+ handle = value->wrap_handle;
+ else
+ handle = value->handle;
+ len = call_dissector(handle, oid_tvb, pinfo, subtree);
+ if (len == 0)
+ return_offset = tvb_length(tvb);
+ else
+ return_offset = offset + len;
goto done; /* We are finished here */
}
}
if (ret != ASN1_ERR_NOERROR) {
dissect_parse_error(tvb, offset, pinfo, subtree,
"GSS-API token", ret);
+ return_offset = tvb_length(tvb);
goto done;
}
oid_string = format_oid(oid, oid_len);
- proto_tree_add_text(subtree, tvb, offset, nbytes, "OID: %s",
- oid_string);
-
- offset += nbytes;
-
- g_free(oid_string);
-
/*
* Hand off to subdissector.
- * We can't use "oid_string", as it might contain an
- * interpretation of the OID after the raw string, so
- * we generate our own string for it.
*/
- oid_string = g_malloc(oid_len * 22 + 1);
- p = oid_string;
- len = sprintf(p, "%lu", (unsigned long)oid[0]);
- p += len;
- for (i = 1; i < oid_len;i++) {
- len = sprintf(p, ".%lu", (unsigned long)oid[i]);
- p += len;
- }
- if (((value = g_hash_table_lookup(gssapi_oids, oid_string)) == NULL) ||
+ if (((value = gssapi_lookup_oid(oid, oid_len)) == NULL) ||
!proto_is_protocol_enabled(value->proto)) {
+ proto_tree_add_text(subtree, tvb, offset, nbytes,
+ "OID: %s",
+ oid_string);
+
+ offset += nbytes;
+
g_free(oid_string);
/* No dissector for this oid */
proto_tree_add_text(subtree, tvb, offset, -1,
"Token object");
+ return_offset = tvb_length(tvb);
goto done;
}
+ if (value)
+ proto_tree_add_text(subtree, tvb, offset, nbytes,
+ "OID: %s (%s)",
+ oid_string, value->comment);
+ else
+ proto_tree_add_text(subtree, tvb, offset, nbytes, "OID: %s",
+ oid_string);
+
+ offset += nbytes;
+
g_free(oid_string);
/*
oid_subtree = proto_item_add_subtree(sub_item, value->ett);
*/
- handle = find_dissector(value->name);
-
- if (handle) {
- tvbuff_t *oid_tvb;
-
- /*
- * Here we should create a conversation if needed and
- * save the OID and dissector handle in it for the
- * GSSAPI protocol.
- */
-
- if (!conversation) { /* Create one */
- conversation = conversation_new(&pinfo->src,
- &pinfo->dst,
- pinfo->ptype,
- pinfo->srcport,
- pinfo->destport, 0);
- }
+ /*
+ * Here we should create a conversation if needed and
+ * save a pointer to the data for that OID for the
+ * GSSAPI protocol.
+ */
- /*
- * Now add the proto data ...
- * but only if it is not already there.
- */
+ if (!conversation) { /* Create one */
+ conversation = conversation_new(&pinfo->src,
+ &pinfo->dst,
+ pinfo->ptype,
+ pinfo->srcport,
+ pinfo->destport, 0);
+ }
- if (!conversation_get_proto_data(conversation,
- proto_gssapi)) {
- conversation_add_proto_data(conversation,
- proto_gssapi, handle);
- }
+ /*
+ * Now add the proto data ...
+ * but only if it is not already there.
+ */
- oid_tvb = tvb_new_subset(tvb, offset, -1, -1);
- call_dissector(handle, oid_tvb, pinfo, subtree);
+ if (!conversation_get_proto_data(conversation,
+ proto_gssapi)) {
+ conversation_add_proto_data(conversation,
+ proto_gssapi, value);
}
- else { /* FIXME, do something if handle not found */
+ if (is_verifier) {
+ handle = value->wrap_handle;
+ if (handle != NULL) {
+ oid_tvb = tvb_new_subset(tvb, offset, -1, -1);
+ len = call_dissector(handle, oid_tvb, pinfo,
+ subtree);
+ if (len == 0)
+ return_offset = tvb_length(tvb);
+ else
+ return_offset = offset + len;
+ } else {
+ proto_tree_add_text(subtree, tvb, offset, -1,
+ "Authentication verifier");
+ return_offset = tvb_length(tvb);
+ }
+ } else {
+ handle = value->handle;
+ if (handle != NULL) {
+ oid_tvb = tvb_new_subset(tvb, offset, -1, -1);
+ len = call_dissector(handle, oid_tvb, pinfo,
+ subtree);
+ if (len == 0)
+ return_offset = tvb_length(tvb);
+ else
+ return_offset = offset + len;
+ } else {
+ proto_tree_add_text(subtree, tvb, offset, -1,
+ "Authentication credentials");
+ return_offset = tvb_length(tvb);
+ }
}
done:
} CATCH(ReportedBoundsError) {
show_reported_bounds_error(tvb, pinfo, tree);
} ENDTRY;
+
+ proto_item_set_len(item, return_offset);
+ return return_offset;
+}
+
+static void
+dissect_gssapi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+ dissect_gssapi_work(tvb, pinfo, tree, FALSE);
+}
+
+static int
+dissect_gssapi_verf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+ return dissect_gssapi_work(tvb, pinfo, tree, TRUE);
}
void
proto_register_subtree_array(ett, array_length(ett));
register_dissector("gssapi", dissect_gssapi, proto_gssapi);
+ new_register_dissector("gssapi_verf", dissect_gssapi_verf, proto_gssapi);
gssapi_oids = g_hash_table_new(gssapi_oid_hash, gssapi_oid_equal);
}
+static int wrap_dissect_gssapi(tvbuff_t *tvb, int offset,
+ packet_info *pinfo,
+ proto_tree *tree, char *drep _U_)
+{
+ tvbuff_t *auth_tvb;
+
+ auth_tvb = tvb_new_subset(
+ tvb, offset, tvb_length_remaining(tvb, offset),
+ tvb_length_remaining(tvb, offset));
+
+ dissect_gssapi(auth_tvb, pinfo, tree);
+
+ return tvb_length_remaining(tvb, offset);
+}
+
+static int wrap_dissect_gssapi_verf(tvbuff_t *tvb, int offset,
+ packet_info *pinfo,
+ proto_tree *tree, char *drep _U_)
+{
+ tvbuff_t *auth_tvb;
+
+ auth_tvb = tvb_new_subset(
+ tvb, offset, tvb_length_remaining(tvb, offset),
+ tvb_length_remaining(tvb, offset));
+
+ return dissect_gssapi_verf(auth_tvb, pinfo, tree);
+}
+
+static dcerpc_auth_subdissector_fns gssapi_auth_fns = {
+ wrap_dissect_gssapi, /* Bind */
+ wrap_dissect_gssapi, /* Bind ACK */
+ wrap_dissect_gssapi, /* AUTH3 */
+ wrap_dissect_gssapi_verf, /* Request verifier */
+ wrap_dissect_gssapi_verf, /* Response verifier */
+ NULL, /* Request data */
+ NULL /* Response data */
+};
+
void
proto_reg_handoff_gssapi(void)
{
data_handle = find_dissector("data");
+
+ register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
+ DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO,
+ &gssapi_auth_fns);
}