VNC_SECURITY_TYPE_VENCRYPT = 19,
VNC_SECURITY_TYPE_GTK_VNC_SASL = 20,
VNC_SECURITY_TYPE_MD5_HASH_AUTH = 21,
- VNC_SECURITY_TYPE_XVP = 22
+ VNC_SECURITY_TYPE_XVP = 22,
+ VNC_TIGHT_AUTH_TGHT_ULGNAUTH = 119,
+ VNC_TIGHT_AUTH_TGHT_XTRNAUTH = 130
} vnc_security_types_e;
static const value_string vnc_security_types_vs[] = {
VNC_SESSION_STATE_TIGHT_TUNNEL_TYPE_REPLY,
VNC_SESSION_STATE_TIGHT_AUTH_CAPABILITIES,
VNC_SESSION_STATE_TIGHT_AUTH_TYPE_REPLY,
- VNC_SESSION_STATE_TIGHT_AUTH_TYPE_AND_VENDOR_CODE,
VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3,
VNC_SESSION_STATE_VNC_AUTHENTICATION_CHALLENGE,
VNC_SESSION_STATE_SERVER_INIT,
VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS,
- VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS_LIST,
VNC_SESSION_STATE_NORMAL_TRAFFIC
} vnc_session_state_e;
gint num_client_message_types;
gint num_encoding_types;
guint8 security_type_selected;
+ gboolean tight_enabled;
} vnc_conversation_t;
/* This structure will be tied to each packet */
/* Authentication capabilities (TightVNC extension) */
static int hf_vnc_tight_num_auth_types = -1;
-static int hf_vnc_tight_auth_type = -1;
-
+static int hf_vnc_tight_auth_code = -1;
/* TightVNC capabilities */
static int hf_vnc_tight_server_message_type = -1;
static int hf_vnc_tight_server_vendor = -1;
guint8 vnc_bytes_per_pixel;
guint8 vnc_depth;
+
static dissector_handle_t vnc_handle;
/* Code to dissect the packets */
per_conversation_info->vnc_next_state = VNC_SESSION_STATE_SERVER_VERSION;
per_conversation_info->security_type_selected = VNC_SECURITY_TYPE_INVALID;
-
- conversation_add_proto_data(conversation, proto_vnc,
+ per_conversation_info->tight_enabled = FALSE;
+
+ conversation_add_proto_data(conversation, proto_vnc,
per_conversation_info);
}
static gint
process_tight_capabilities(proto_tree *tree,
gint type_index, gint vendor_index, gint name_index,
- tvbuff_t *tvb, gint offset, gint num_capabilities)
+ tvbuff_t *tvb, gint offset, const gint num_capabilities)
{
gint i;
-
/* See vnc_unixsrc/include/rfbproto.h:rfbCapabilityInfo */
for (i = 0; i < num_capabilities; i++) {
*per_conversation_info)
{
guint8 num_security_types;
- guint32 desktop_name_len, auth_result, text_len;
+ guint32 desktop_name_len, auth_result, text_len, auth_code;
vnc_packet_t *per_packet_info;
gint num_tunnel_types;
gint num_auth_types;
case VNC_SECURITY_TYPE_TIGHT :
per_conversation_info->vnc_next_state =
VNC_SESSION_STATE_TIGHT_TUNNELING_CAPABILITIES;
+ per_conversation_info->tight_enabled = TRUE;
break;
default :
{
int i;
-
- for (i = 0; i < num_auth_types; i++) {
- /* See xserver/hw/vnc/auth.c:rfbSendAuthCaps()
- * We don't actually display the auth types for now.
- */
- proto_tree_add_item(tree, hf_vnc_tight_auth_type, tvb, offset, 16, FALSE);
- offset += 16;
+ guint8 *vendor, *signature;
+ for (i = 0; i < 1; i++) {
+ auth_code = tvb_get_ntohl(tvb, offset);
+ proto_tree_add_item(tree, hf_vnc_tight_auth_code, tvb, offset, 4, FALSE);
+ offset += 4;
+ vendor = tvb_get_string(tvb, offset, 4);
+ process_vendor(tree, hf_vnc_tight_server_vendor, tvb, offset);
+ offset += 4;
+ signature = tvb_get_string(tvb, offset, 8);
+ proto_tree_add_text(tree, tvb, offset, 8, "Signature: %s", signature);
+ offset += 8;
+
+ switch(auth_code) {
+ case VNC_SECURITY_TYPE_NONE:
+ if ((g_ascii_strcasecmp(vendor, "STDV") != 0) || (g_ascii_strcasecmp(signature, "NOAUTH__") != 0)) {
+ /* TODO: create a Expert Info */
+ proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
+ }
+ break;
+ case VNC_SECURITY_TYPE_VNC:
+ if ((g_ascii_strcasecmp(vendor, "STDV") != 0) || (g_ascii_strcasecmp(signature, "VNCAUTH_") != 0)) {
+ /* TODO: create a Expert Info */
+ proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
+ }
+ break;
+ case VNC_SECURITY_TYPE_VENCRYPT:
+ if ((g_ascii_strcasecmp(vendor, "VENC") != 0) || (g_ascii_strcasecmp(signature, "VENCRYPT") != 0)) {
+ /* TODO: create a Expert Info */
+ proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
+ }
+ break;
+ case VNC_SECURITY_TYPE_GTK_VNC_SASL:
+ if ((g_ascii_strcasecmp(vendor, "GTKV") != 0) || (g_ascii_strcasecmp(signature, "SASL____") != 0)) {
+ /* TODO: create a Expert Info */
+ proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
+ }
+ break;
+ case VNC_TIGHT_AUTH_TGHT_ULGNAUTH:
+ if ((g_ascii_strcasecmp(vendor, "TGHT") != 0) || (g_ascii_strcasecmp(signature, "ULGNAUTH") != 0)) {
+ /* TODO: create a Expert Info */
+ proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
+ }
+ break;
+ case VNC_TIGHT_AUTH_TGHT_XTRNAUTH:
+ if ((g_ascii_strcasecmp(vendor, "TGHT") != 0) || (g_ascii_strcasecmp(signature, "XTRNAUTH") != 0)) {
+ /* TODO: create a Expert Info */
+ proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
+ }
+ break;
+ default:
+ proto_tree_add_text(tree, tvb, offset, 0, "Unknown TIGHT VNC authentication");
+ break;
+ }
+
+ g_free(vendor);
+ g_free(signature);
}
}
break;
case VNC_SESSION_STATE_TIGHT_AUTH_TYPE_REPLY:
- REPORT_DISSECTOR_BUG("Unimplemented case: TightVNC authentication reply");
- /* FIXME: implement. See xserver/hw/vnc/auth.c:rfbProcessClientAuthType() */
- break;
-
- case VNC_SESSION_STATE_TIGHT_AUTH_TYPE_AND_VENDOR_CODE :
- col_set_str(pinfo->cinfo, COL_INFO, "Authentication type / vendor code");
-
- proto_tree_add_item(tree, hf_vnc_server_security_type, tvb,
- offset, 4, FALSE);
-
- offset += 4;
-
- offset = process_vendor(tree, hf_vnc_vendor_code, tvb, offset);
-
- /* Display authentication method string */
- proto_tree_add_item(tree, hf_vnc_security_type_string, tvb,
- offset, 8, FALSE);
-
- per_conversation_info->vnc_next_state =
- VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
+ col_set_str(pinfo->cinfo, COL_INFO, "TightVNC authentication type selected by client");
+ auth_code = tvb_get_ntohl(tvb, offset);
+ proto_tree_add_item(tree, hf_vnc_tight_auth_code, tvb, offset, 4, FALSE);
+
+ switch(auth_code) {
+ case VNC_SECURITY_TYPE_NONE:
+ per_conversation_info->security_type_selected = VNC_SECURITY_TYPE_NONE;
+ per_conversation_info->vnc_next_state = VNC_SESSION_STATE_CLIENT_INIT;
+ break;
+ case VNC_SECURITY_TYPE_VNC:
+ per_conversation_info->security_type_selected = VNC_SECURITY_TYPE_VNC;
+ per_conversation_info->vnc_next_state = VNC_SESSION_STATE_VNC_AUTHENTICATION_CHALLENGE;
+ break;
+ case VNC_SECURITY_TYPE_GTK_VNC_SASL:
+ per_conversation_info->security_type_selected = VNC_SECURITY_TYPE_GTK_VNC_SASL;
+ /* TODO: dissection not implemented yet */
+ per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
+ break;
+ case VNC_TIGHT_AUTH_TGHT_ULGNAUTH:
+ per_conversation_info->security_type_selected = VNC_TIGHT_AUTH_TGHT_ULGNAUTH;
+ /* TODO: dissection not implemented yet */
+ per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
+ break;
+ case VNC_TIGHT_AUTH_TGHT_XTRNAUTH:
+ per_conversation_info->security_type_selected = VNC_TIGHT_AUTH_TGHT_XTRNAUTH;
+ /* TODO: dissection not implemented yet */
+ per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
+ break;
+ default:
+ proto_tree_add_text(tree, tvb, offset, 0, "Unknown authentication selected");
+ per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
+ break;
+ }
break;
FALSE);
}
- if(per_conversation_info->security_type_selected == VNC_SECURITY_TYPE_TIGHT)
+ if(per_conversation_info->tight_enabled == TRUE)
per_conversation_info->vnc_next_state =
VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS;
else
proto_tree_add_item(tree, hf_vnc_padding, tvb, offset, 2,
FALSE);
-
- per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS_LIST;
- break;
-
- case VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS_LIST:
- col_set_str(pinfo->cinfo, COL_INFO, "TightVNC Interaction Capabilities list");
+ offset += 2;
offset = process_tight_capabilities(tree,
hf_vnc_tight_server_message_type,
*offset += 2;
for(i = 1; i <= num_rects; i++) {
-
+
VNC_BYTES_NEEDED(12);
ti = proto_tree_add_text(tree, tvb, *offset, 12,
}
}
}
-
return 0; /* bytes_needed */
}
FT_UINT32, BASE_DEC, NULL, 0x0,
"Authentication types specific to TightVNC", HFILL }
},
- { &hf_vnc_tight_auth_type,
- { "Authentication type", "vnc.auth_type",
- FT_UINT8, BASE_DEC, NULL, 0x0,
- "Authentication type specific to TightVNC", HFILL }
+ { &hf_vnc_tight_auth_code,
+ { "Authentication code", "vnc.tight_auth_code",
+ FT_UINT32, BASE_DEC, VALS(vnc_security_types_vs), 0x0,
+ "Authentication code specific to TightVNC", HFILL }
},
{ &hf_vnc_tight_server_message_type,
{ "Server message type (TightVNC)", "vnc.tight_server_message_type",
},
{ &hf_vnc_tight_encoding_type,
{ "Encoding type", "vnc.encoding_type",
- FT_INT32, BASE_DEC, NULL, 0x0,
+ FT_INT32, BASE_DEC, VALS(encoding_types_vs), 0x0,
"Encoding type specific to TightVNC", HFILL }
},
{ &hf_vnc_tight_encoding_vendor,
git.samba.org / obnox / wireshark / wip.git / commitdiff