Remove the GSSAPI specific members out of packet_info structure.

The last piece was the NTLMSSP dissector and that is now handled by passing a pointer to a tvbuff* as dissector data for the NTLMSSP dissector to (possibly) "return" a tvbuff* with decrypted data. Change-Id: I2606172e4d0ebb5fc6353921d5b5f41a4792f9e5 Reviewed-on: https://code.wireshark.org/review/12232 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Michael Mann <mmann78@netscape.net> 2015-11-27 10:59:09 -0500
committer: Anders Broman <a.broman58@gmail.com> 2015-11-28 09:20:27 +0000
commit: 44d98dafd49f7133569f0d982ddf0746c230322f (patch)
tree: 6d7cd14756c95c8a7fa246cd8df1cb36dad6edca /epan/dissectors/packet-ntlmssp.c
parent: 05121be1b4ea35257bfcd8ed38d2312b1519f370 (diff)
1 files changed, 18 insertions, 12 deletions
diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c
index 9199d9274c..4b7c2ef950 100644
--- a/epan/dissectors/packet-ntlmssp.c
+++ b/epan/dissectors/packet-ntlmssp.c
@@ -1888,7 +1888,7 @@ get_encrypted_state(packet_info *pinfo, int cryptpeer)
   }
 }
 
-static void
+static tvbuff_t*
 decrypt_data_payload(tvbuff_t *tvb, int offset, guint32 encrypted_block_length,
                      packet_info *pinfo, proto_tree *tree _U_, gpointer key);
 static void
@@ -1974,7 +1974,7 @@ dissect_ntlmssp_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, voi
   return offset;
 }
 
-static void
+static tvbuff_t*
 decrypt_data_payload(tvbuff_t *tvb, int offset, guint32 encrypted_block_length,
                      packet_info *pinfo, proto_tree *tree _U_, gpointer key)
 {
@@ -1999,19 +1999,19 @@ decrypt_data_payload(tvbuff_t *tvb, int offset, guint32 encrypted_block_length,
                                      pinfo->destport, 0);
     if (conversation == NULL) {
       /* There is no conversation, thus no encryption state */
-      return ;
+      return NULL;
     }
 
     conv_ntlmssp_info = (ntlmssp_info *)conversation_get_proto_data(conversation,
                                                     proto_ntlmssp);
     if (conv_ntlmssp_info == NULL) {
       /* There is no NTLMSSP state tied to the conversation */
-      return ;
+      return NULL;
     }
     if (conv_ntlmssp_info->rc4_state_initialized != 1) {
       /* The crypto sybsystem is not initialized.  This means that either
          the conversation did not include a challenge, or that we do not have the right password */
-      return;
+      return NULL;
     }
     if (key != NULL) {
       stored_packet_ntlmssp_info = (ntlmssp_packet_info *)g_hash_table_lookup(hash_packet, key);
@@ -2040,7 +2040,7 @@ decrypt_data_payload(tvbuff_t *tvb, int offset, guint32 encrypted_block_length,
 
       if (rc4_state == NULL) {
         /* There is no encryption state, so we cannot decrypt */
-        return ;
+        return NULL;
       }
 
       /* Store the decrypted contents in the packet state struct
@@ -2080,7 +2080,7 @@ decrypt_data_payload(tvbuff_t *tvb, int offset, guint32 encrypted_block_length,
 
   add_new_data_source(pinfo, decr_tvb,
                       "Decrypted data");
-  pinfo->gssapi_decrypted_tvb =  decr_tvb;
+  return decr_tvb;
 }
 
 static int
@@ -2343,12 +2343,16 @@ decrypt_verifier(tvbuff_t *tvb, int offset, guint32 encrypted_block_length,
 
 /* Used when NTLMSSP is done over DCE/RPC because in this case verifier and real payload are not contigious*/
 static int
-dissect_ntlmssp_payload_only(tvbuff_t *tvb, packet_info *pinfo, _U_ proto_tree *tree, void *data _U_)
+dissect_ntlmssp_payload_only(tvbuff_t *tvb, packet_info *pinfo, _U_ proto_tree *tree, void *data)
 {
   volatile int          offset       = 0;
   proto_tree *volatile  ntlmssp_tree = NULL;
   guint32               encrypted_block_length;
+  tvbuff_t *volatile    decr_tvb;
+  tvbuff_t**            ret_decr_tvb = (tvbuff_t**)data;
 
+  if (ret_decr_tvb)
+    *ret_decr_tvb = NULL;
   /* the magic ntlm is the identifier of a NTLMSSP packet that's 00 00 00 01
    */
   encrypted_block_length = tvb_captured_length (tvb);
@@ -2381,7 +2385,9 @@ dissect_ntlmssp_payload_only(tvbuff_t *tvb, packet_info *pinfo, _U_ proto_tree *
     /* Version number */
 
     /* Try to decrypt */
-    decrypt_data_payload (tvb, offset, encrypted_block_length, pinfo, ntlmssp_tree, NULL);
+    decr_tvb = decrypt_data_payload (tvb, offset, encrypted_block_length, pinfo, ntlmssp_tree, NULL);
+    if (ret_decr_tvb)
+       *ret_decr_tvb = decr_tvb;
     /* let's try to hook ourselves here */
 
   } CATCH_NONFATAL_ERRORS {
@@ -2463,11 +2469,11 @@ static tvbuff_t *
 wrap_dissect_ntlmssp_payload_only(tvbuff_t *tvb, tvbuff_t *auth_tvb _U_,
                                   int offset, packet_info *pinfo, dcerpc_auth_info *auth_info _U_)
 {
-  tvbuff_t *data_tvb;
+  tvbuff_t *data_tvb, *decrypted_tvb;
 
   data_tvb = tvb_new_subset_remaining(tvb, offset);
-  dissect_ntlmssp_payload_only(data_tvb, pinfo, NULL, NULL);
-  return pinfo->gssapi_decrypted_tvb;
+  dissect_ntlmssp_payload_only(data_tvb, pinfo, NULL, &decrypted_tvb);
+  return decrypted_tvb;
 }
 
 #if 0
author	Michael Mann <mmann78@netscape.net>	2015-11-27 10:59:09 -0500
committer	Anders Broman <a.broman58@gmail.com>	2015-11-28 09:20:27 +0000
commit	44d98dafd49f7133569f0d982ddf0746c230322f (patch)
tree	6d7cd14756c95c8a7fa246cd8df1cb36dad6edca /epan/dissectors/packet-ntlmssp.c
parent	05121be1b4ea35257bfcd8ed38d2312b1519f370 (diff)