diff options
author | Michael Mann <mmann78@netscape.net> | 2013-05-03 00:04:36 +0000 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2013-05-03 00:04:36 +0000 |
commit | cd2d46ab21f7f2fec3fba5993422eb616170e7a3 (patch) | |
tree | 89161f7aa1215465b861e40f73f08a31d43e14a4 /epan/dissectors/packet-smtp.c | |
parent | ee26b25981095c6c20b8b51c0cc8008c01820e51 (diff) |
Finish improving NTLM and PLAIN authentication. Bug 8600 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8600)
From Uli Heilmeier
svn path=/trunk/; revision=49140
Diffstat (limited to 'epan/dissectors/packet-smtp.c')
-rw-r--r-- | epan/dissectors/packet-smtp.c | 73 |
1 files changed, 46 insertions, 27 deletions
diff --git a/epan/dissectors/packet-smtp.c b/epan/dissectors/packet-smtp.c index 2655a91759..e6e9e967f9 100644 --- a/epan/dissectors/packet-smtp.c +++ b/epan/dissectors/packet-smtp.c @@ -307,6 +307,47 @@ dissect_ntlm_auth(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, } static void +decode_plain_auth(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + gint a_offset, int a_linelen) +{ + gint returncode; + gint length_user1; + gint length_user2; + gint length_pass; + guint8 *decrypt = NULL; + + decrypt = tvb_get_ephemeral_string(tvb, a_offset, a_linelen); + if (stmp_decryption_enabled) { + returncode = 0; + returncode = epan_base64_decode(decrypt); + if (returncode) { + length_user1 = strlen(decrypt); + if (returncode >= (length_user1 + 1)) { + length_user2 = strlen(decrypt + length_user1 + 1); + proto_tree_add_string(tree, hf_smtp_username, tvb, + a_offset, a_linelen, decrypt + length_user1 + 1); + col_append_fstr(pinfo->cinfo, COL_INFO, "User: %s", decrypt + length_user1 + 1); + + if (returncode >= (length_user1 + 1 + length_user2 + 1)) { + length_pass = strlen(decrypt + length_user1 + length_user2 + 2); + proto_tree_add_string(tree, hf_smtp_password, tvb, + a_offset, a_linelen, decrypt + length_user1 + length_user2 + 2); + col_append_str(pinfo->cinfo, COL_INFO, " "); + col_append_fstr(pinfo->cinfo, COL_INFO, " Pass: %s", decrypt + length_user1 + length_user2 + 2); + } + } + } + } + else { + proto_tree_add_string(tree, hf_smtp_username, tvb, + a_offset, a_linelen, decrypt); + proto_tree_add_string(tree, hf_smtp_password, tvb, + a_offset, a_linelen, decrypt); + col_append_str(pinfo->cinfo, COL_INFO, decrypt); + } +} + +static void dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { struct smtp_proto_data *spd_frame_data; @@ -329,7 +370,6 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) tvbuff_t *next_tvb; guint8 *decrypt = NULL; guint8 *base64_string = NULL; - guint8 *base64_plain = NULL; guint8 line_code[3]; /* As there is no guarantee that we will only see frames in the @@ -813,7 +853,7 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } proto_tree_add_string(smtp_tree, hf_smtp_username, tvb, loffset, linelen, decrypt); - col_append_str(pinfo->cinfo, COL_INFO, decrypt); + col_append_fstr(pinfo->cinfo, COL_INFO, "User: %s", decrypt); } else if (session_state->password_frame == pinfo->fd->num) { if (decrypt == NULL) { /* This line wasn't already decrypted through the state machine */ @@ -827,7 +867,7 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } proto_tree_add_string(smtp_tree, hf_smtp_password, tvb, loffset, linelen, decrypt); - col_append_str(pinfo->cinfo, COL_INFO, decrypt); + col_append_fstr(pinfo->cinfo, COL_INFO, "Pass: %s", decrypt); } else if (session_state->ntlm_rsp_frame == pinfo->fd->num) { decrypt = tvb_get_ephemeral_string(tvb, loffset, linelen); if (stmp_decryption_enabled) { @@ -849,17 +889,7 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) loffset, linelen, ENC_ASCII|ENC_NA); } } else if (session_state->user_pass_frame == pinfo->fd->num) { - base64_plain = tvb_get_ephemeral_string(tvb, loffset, linelen); - /* FIXME when stmp_decryption_enabled is active the plain mechs credentials - * should also be decoded. - * Format is: - * [authorize-user]+[NULL character]+[authentication-user]+[NULL character]+[password] - */ - proto_tree_add_string(smtp_tree, hf_smtp_username, tvb, - loffset, linelen, base64_plain); - proto_tree_add_string(smtp_tree, hf_smtp_password, tvb, - loffset, linelen, base64_plain); - col_append_str(pinfo->cinfo, COL_INFO, base64_plain); + decode_plain_auth(tvb, pinfo, smtp_tree, loffset, linelen); } else { if (linelen >= 4) @@ -893,7 +923,7 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } proto_tree_add_string(cmdresp_tree, hf_smtp_username, tvb, loffset + 11, linelen - 11, decrypt); col_append_str(pinfo->cinfo, COL_INFO, tvb_get_ephemeral_string(tvb, loffset, 11)); - col_append_str(pinfo->cinfo, COL_INFO, decrypt); + col_append_fstr(pinfo->cinfo, COL_INFO, "User: %s", decrypt); } else if ((linelen > 5) && (session_state->ntlm_req_frame == pinfo->fd->num) ) { proto_tree_add_item(cmdresp_tree, hf_smtp_req_parameter, tvb, @@ -920,18 +950,8 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) else if ((linelen > 5) && (session_state->user_pass_cmd_frame == pinfo->fd->num) ) { proto_tree_add_item(cmdresp_tree, hf_smtp_req_parameter, tvb, loffset + 5, linelen - 5, ENC_ASCII|ENC_NA); - base64_plain = tvb_get_ephemeral_string(tvb, loffset + 10, linelen - 10); - /* FIXME when stmp_decryption_enabled is active the plain mechs credentials - * should also be decoded. - * Format is: - * [authorize-user]+[NULL character]+[authentication-user]+[NULL character]+[password] - */ - proto_tree_add_string(cmdresp_tree, hf_smtp_username, tvb, - loffset + 10, linelen - 10, base64_plain); - proto_tree_add_string(cmdresp_tree, hf_smtp_password, tvb, - loffset + 10, linelen - 10, base64_plain); col_append_str(pinfo->cinfo, COL_INFO, tvb_get_ephemeral_string(tvb, loffset, 11)); - col_append_str(pinfo->cinfo, COL_INFO, base64_plain); + decode_plain_auth(tvb, pinfo, cmdresp_tree, loffset + 11, linelen - 11); } else if (linelen > 5) { proto_tree_add_item(cmdresp_tree, hf_smtp_req_parameter, tvb, @@ -942,7 +962,6 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) col_append_str(pinfo->cinfo, COL_INFO, tvb_get_ephemeral_string(tvb, loffset, linelen)); } - if (smtp_data_desegment && !spd_frame_data->more_frags) { /* terminate the desegmentation */ frag_msg = fragment_end_seq_next(&smtp_data_reassembly_table, |