Try to fix the problems with the SPNEGO negTokenInit differences in Microsoft implementations

Change-Id: Ifbfca88469a6bc479072c921deba280e667c7087 Reviewed-on: https://code.wireshark.org/review/1804 Reviewed-by: Michael Mann <mmann78@netscape.net>
author: Richard Sharpe <realrichardsharpe@gmail.com> 2014-05-28 21:05:41 -0400
committer: Michael Mann <mmann78@netscape.net> 2014-05-29 01:15:26 +0000
commit: 0ed2672abf6d8a41e0ddc11358bb73d86a30fe92 (patch)
tree: 34e0a1c3508c5b262b5b7b1af0cbbc54e86c4c89 /epan/dissectors/packet-spnego.c
parent: bb78e8f6e5bf770f1effbc84c44656436add5a5d (diff)
1 files changed, 130 insertions, 66 deletions
diff --git a/epan/dissectors/packet-spnego.c b/epan/dissectors/packet-spnego.c
index 727a48f8de..e533214d36 100644
--- a/epan/dissectors/packet-spnego.c
+++ b/epan/dissectors/packet-spnego.c
@@ -90,18 +90,22 @@ static int hf_spnego_krb5_cfx_seq = -1;
 
 /*--- Included file: packet-spnego-hf.c ---*/
 #line 1 "../../asn1/spnego/packet-spnego-hf.c"
-static int hf_spnego_negTokenInit = -1;           /* NegTokenInit */
+static int hf_spnego_negTokenInit = -1;           /* T_negTokenInit */
 static int hf_spnego_negTokenTarg = -1;           /* NegTokenTarg */
 static int hf_spnego_MechTypeList_item = -1;      /* MechType */
-static int hf_spnego_principal = -1;              /* GeneralString */
 static int hf_spnego_mechTypes = -1;              /* MechTypeList */
 static int hf_spnego_reqFlags = -1;               /* ContextFlags */
 static int hf_spnego_mechToken = -1;              /* T_mechToken */
-static int hf_spnego_negTokenInit_mechListMIC = -1;  /* T_NegTokenInit_mechListMIC */
+static int hf_spnego_mechListMIC = -1;            /* T_mechListMIC */
+static int hf_spnego_hintName = -1;               /* GeneralString */
+static int hf_spnego_hintAddress = -1;            /* OCTET_STRING */
+static int hf_spnego_mechToken_01 = -1;           /* OCTET_STRING */
+static int hf_spnego_negHints = -1;               /* NegHints */
+static int hf_spnego_mechListMIC_01 = -1;         /* OCTET_STRING */
 static int hf_spnego_negResult = -1;              /* T_negResult */
 static int hf_spnego_supportedMech = -1;          /* T_supportedMech */
 static int hf_spnego_responseToken = -1;          /* T_responseToken */
-static int hf_spnego_mechListMIC = -1;            /* T_mechListMIC */
+static int hf_spnego_mechListMIC_02 = -1;         /* T_mechListMIC_01 */
 static int hf_spnego_thisMech = -1;               /* MechType */
 static int hf_spnego_innerContextToken = -1;      /* InnerContextToken */
 /* named bits */
@@ -133,8 +137,9 @@ static gint ett_spnego_krb5_cfx_flags = -1;
 #line 1 "../../asn1/spnego/packet-spnego-ett.c"
 static gint ett_spnego_NegotiationToken = -1;
 static gint ett_spnego_MechTypeList = -1;
-static gint ett_spnego_PrincipalSeq = -1;
 static gint ett_spnego_NegTokenInit = -1;
+static gint ett_spnego_NegHints = -1;
+static gint ett_spnego_NegTokenInit2 = -1;
 static gint ett_spnego_ContextFlags = -1;
 static gint ett_spnego_NegTokenTarg = -1;
 static gint ett_spnego_InitialContextToken_U = -1;
@@ -143,13 +148,16 @@ static gint ett_spnego_InitialContextToken_U = -1;
 #line 97 "../../asn1/spnego/packet-spnego-template.c"
 
 /*
- * Unfortunately, we have to have a forward declaration of this,
+ * Unfortunately, we have to have forward declarations of thess,
  * as the code generated by asn2wrs includes a call before the
  * definition.
  */
-static int dissect_spnego_PrincipalSeq(gboolean implicit_tag, tvbuff_t *tvb,
+static int dissect_spnego_NegTokenInit(gboolean implicit_tag, tvbuff_t *tvb,
                                        int offset, asn1_ctx_t *actx _U_,
                                        proto_tree *tree, int hf_index);
+static int dissect_spnego_NegTokenInit2(gboolean implicit_tag, tvbuff_t *tvb,
+                                        int offset, asn1_ctx_t *actx _U_,
+                                        proto_tree *tree, int hf_index);
 
 
 /*--- Included file: packet-spnego-fn.c ---*/
@@ -158,7 +166,7 @@ static int dissect_spnego_PrincipalSeq(gboolean implicit_tag, tvbuff_t *tvb,
 
 static int
 dissect_spnego_MechType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 22 "../../asn1/spnego/spnego.cnf"
+#line 33 "../../asn1/spnego/spnego.cnf"
 
   gssapi_oid_value *value;
 
@@ -196,7 +204,7 @@ static const ber_sequence_t MechTypeList_sequence_of[1] = {
 
 static int
 dissect_spnego_MechTypeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 90 "../../asn1/spnego/spnego.cnf"
+#line 101 "../../asn1/spnego/spnego.cnf"
 
   conversation_t *conversation;
 
@@ -245,7 +253,7 @@ dissect_spnego_ContextFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
 
 static int
 dissect_spnego_T_mechToken(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 111 "../../asn1/spnego/spnego.cnf"
+#line 122 "../../asn1/spnego/spnego.cnf"
 
   tvbuff_t *mechToken_tvb = NULL;
 
@@ -269,43 +277,27 @@ dissect_spnego_T_mechToken(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
 
 
 static int
-dissect_spnego_T_NegTokenInit_mechListMIC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 125 "../../asn1/spnego/spnego.cnf"
+dissect_spnego_T_mechListMIC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+#line 140 "../../asn1/spnego/spnego.cnf"
 
-  gint8 ber_class;
-  gboolean pc;
-  gint32 tag;
   tvbuff_t *mechListMIC_tvb;
 
+
+  offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
+                                       &mechListMIC_tvb);
+
+
+
   /*
-   * There seems to be two different forms this can take,
-   * one as an octet string, and one as a general string in a
-   * sequence.
-   *
-   * Peek at the header, and then decide which it is we're seeing.
+   * Now, we should be able to dispatch, if we've gotten a tvbuff for
+   * the MIC and we have information on how to dissect its contents.
    */
-  get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
-  if (ber_class == BER_CLASS_UNI && pc && tag == BER_UNI_TAG_SEQUENCE) {
-    /*
-     * It's a sequence.
-     */
-    return dissect_spnego_PrincipalSeq(FALSE, tvb, offset, actx, tree,
-                                       hf_spnego_mechListMIC);
-  } else {
-    /*
-     * It's not a sequence, so dissect it as an octet string,
-     * which is what it's supposed to be; that'll cause the
-     * right error report if it's not an octet string, either.
-     */
-    offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset,
-                                      hf_spnego_mechListMIC, &mechListMIC_tvb);
-
-    /*
-     * Now, we should be able to dispatch with that tvbuff.
-     */
-    if (mechListMIC_tvb && next_level_value)
-      call_dissector(next_level_value->handle, mechListMIC_tvb, actx->pinfo, tree);
-    return offset;
+  if (mechListMIC_tvb && (tvb_reported_length(mechListMIC_tvb) > 0) ){
+    gssapi_oid_value *value=next_level_value;
+
+    if(value){
+      call_dissector(value->handle, mechListMIC_tvb, actx->pinfo, tree);
+    }
   }
 
 
@@ -318,7 +310,7 @@ static const ber_sequence_t NegTokenInit_sequence[] = {
   { &hf_spnego_mechTypes    , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_spnego_MechTypeList },
   { &hf_spnego_reqFlags     , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_spnego_ContextFlags },
   { &hf_spnego_mechToken    , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_spnego_T_mechToken },
-  { &hf_spnego_negTokenInit_mechListMIC, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_spnego_T_NegTokenInit_mechListMIC },
+  { &hf_spnego_mechListMIC  , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_spnego_T_mechListMIC },
   { NULL, 0, 0, 0, NULL }
 };
 
@@ -331,6 +323,32 @@ dissect_spnego_NegTokenInit(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
 }
 
 
+
+static int
+dissect_spnego_T_negTokenInit(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+#line 12 "../../asn1/spnego/spnego.cnf"
+  gboolean is_response = actx->pinfo->ptype == PT_TCP &&
+                         actx->pinfo->srcport < 1024;
+
+  /*
+   * We decode as negTokenInit2 or negTokenInit depending on whether or not
+   * we are in a response or a request. That is essentially what MS-SPNG
+   * says.
+   */
+  if (is_response) {
+    return dissect_spnego_NegTokenInit2(implicit_tag, tvb, offset,
+                                        actx, tree, hf_index);
+  } else {
+    return dissect_spnego_NegTokenInit(implicit_tag, tvb, offset,
+                                       actx, tree, hf_index);
+  }
+
+
+
+  return offset;
+}
+
+
 static const value_string spnego_T_negResult_vals[] = {
   {   0, "accept-completed" },
   {   1, "accept-incomplete" },
@@ -351,7 +369,7 @@ dissect_spnego_T_negResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
 
 static int
 dissect_spnego_T_supportedMech(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 163 "../../asn1/spnego/spnego.cnf"
+#line 160 "../../asn1/spnego/spnego.cnf"
 
   conversation_t *conversation;
 
@@ -380,7 +398,7 @@ dissect_spnego_T_supportedMech(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
 
 static int
 dissect_spnego_T_responseToken(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 186 "../../asn1/spnego/spnego.cnf"
+#line 183 "../../asn1/spnego/spnego.cnf"
 
   tvbuff_t *responseToken_tvb;
 
@@ -413,8 +431,8 @@ dissect_spnego_T_responseToken(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
 
 
 static int
-dissect_spnego_T_mechListMIC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 213 "../../asn1/spnego/spnego.cnf"
+dissect_spnego_T_mechListMIC_01(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+#line 210 "../../asn1/spnego/spnego.cnf"
 
   tvbuff_t *mechListMIC_tvb;
 
@@ -447,7 +465,7 @@ static const ber_sequence_t NegTokenTarg_sequence[] = {
   { &hf_spnego_negResult    , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_spnego_T_negResult },
   { &hf_spnego_supportedMech, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_spnego_T_supportedMech },
   { &hf_spnego_responseToken, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_spnego_T_responseToken },
-  { &hf_spnego_mechListMIC  , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_spnego_T_mechListMIC },
+  { &hf_spnego_mechListMIC_02, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_spnego_T_mechListMIC_01 },
   { NULL, 0, 0, 0, NULL }
 };
 
@@ -461,7 +479,7 @@ dissect_spnego_NegTokenTarg(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
 
 
 static const ber_choice_t NegotiationToken_choice[] = {
-  {   0, &hf_spnego_negTokenInit , BER_CLASS_CON, 0, 0, dissect_spnego_NegTokenInit },
+  {   0, &hf_spnego_negTokenInit , BER_CLASS_CON, 0, 0, dissect_spnego_T_negTokenInit },
   {   1, &hf_spnego_negTokenTarg , BER_CLASS_CON, 1, 0, dissect_spnego_NegTokenTarg },
   { 0, NULL, 0, 0, 0, NULL }
 };
@@ -487,15 +505,44 @@ dissect_spnego_GeneralString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
 }
 
 
-static const ber_sequence_t PrincipalSeq_sequence[] = {
-  { &hf_spnego_principal    , BER_CLASS_CON, 0, 0, dissect_spnego_GeneralString },
+
+static int
+dissect_spnego_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
+                                       NULL);
+
+  return offset;
+}
+
+
+static const ber_sequence_t NegHints_sequence[] = {
+  { &hf_spnego_hintName     , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_spnego_GeneralString },
+  { &hf_spnego_hintAddress  , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_spnego_OCTET_STRING },
   { NULL, 0, 0, 0, NULL }
 };
 
 static int
-dissect_spnego_PrincipalSeq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+dissect_spnego_NegHints(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
-                                   PrincipalSeq_sequence, hf_index, ett_spnego_PrincipalSeq);
+                                   NegHints_sequence, hf_index, ett_spnego_NegHints);
+
+  return offset;
+}
+
+
+static const ber_sequence_t NegTokenInit2_sequence[] = {
+  { &hf_spnego_mechTypes    , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_spnego_MechTypeList },
+  { &hf_spnego_reqFlags     , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_spnego_ContextFlags },
+  { &hf_spnego_mechToken_01 , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_spnego_OCTET_STRING },
+  { &hf_spnego_negHints     , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_spnego_NegHints },
+  { &hf_spnego_mechListMIC_01, BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_spnego_OCTET_STRING },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_spnego_NegTokenInit2(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   NegTokenInit2_sequence, hf_index, ett_spnego_NegTokenInit2);
 
   return offset;
 }
@@ -504,7 +551,7 @@ dissect_spnego_PrincipalSeq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
 
 static int
 dissect_spnego_InnerContextToken(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 47 "../../asn1/spnego/spnego.cnf"
+#line 58 "../../asn1/spnego/spnego.cnf"
 
   gssapi_oid_value *next_level_value_lcl;
   proto_item *item;
@@ -579,7 +626,7 @@ dissect_spnego_InitialContextToken(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
 
 
 /*--- End of included file: packet-spnego-fn.c ---*/
-#line 108 "../../asn1/spnego/packet-spnego-template.c"
+#line 111 "../../asn1/spnego/packet-spnego-template.c"
 /*
  * This is the SPNEGO KRB5 dissector. It is not true KRB5, but some ASN.1
  * wrapped blob with an OID, USHORT token ID, and a Ticket, that is also
@@ -1865,10 +1912,6 @@ void proto_register_spnego(void) {
       { "MechType", "spnego.MechType",
         FT_OID, BASE_NONE, NULL, 0,
         NULL, HFILL }},
-    { &hf_spnego_principal,
-      { "principal", "spnego.principal",
-        FT_STRING, BASE_NONE, NULL, 0,
-        "GeneralString", HFILL }},
     { &hf_spnego_mechTypes,
       { "mechTypes", "spnego.mechTypes",
         FT_UINT32, BASE_DEC, NULL, 0,
@@ -1881,10 +1924,30 @@ void proto_register_spnego(void) {
       { "mechToken", "spnego.mechToken",
         FT_BYTES, BASE_NONE, NULL, 0,
         NULL, HFILL }},
-    { &hf_spnego_negTokenInit_mechListMIC,
+    { &hf_spnego_mechListMIC,
       { "mechListMIC", "spnego.mechListMIC",
         FT_BYTES, BASE_NONE, NULL, 0,
-        "T_NegTokenInit_mechListMIC", HFILL }},
+        NULL, HFILL }},
+    { &hf_spnego_hintName,
+      { "hintName", "spnego.hintName",
+        FT_STRING, BASE_NONE, NULL, 0,
+        "GeneralString", HFILL }},
+    { &hf_spnego_hintAddress,
+      { "hintAddress", "spnego.hintAddress",
+        FT_BYTES, BASE_NONE, NULL, 0,
+        "OCTET_STRING", HFILL }},
+    { &hf_spnego_mechToken_01,
+      { "mechToken", "spnego.mechToken",
+        FT_BYTES, BASE_NONE, NULL, 0,
+        "OCTET_STRING", HFILL }},
+    { &hf_spnego_negHints,
+      { "negHints", "spnego.negHints_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_spnego_mechListMIC_01,
+      { "mechListMIC", "spnego.mechListMIC",
+        FT_BYTES, BASE_NONE, NULL, 0,
+        "OCTET_STRING", HFILL }},
     { &hf_spnego_negResult,
       { "negResult", "spnego.negResult",
         FT_UINT32, BASE_DEC, VALS(spnego_T_negResult_vals), 0,
@@ -1897,10 +1960,10 @@ void proto_register_spnego(void) {
       { "responseToken", "spnego.responseToken",
         FT_BYTES, BASE_NONE, NULL, 0,
         NULL, HFILL }},
-    { &hf_spnego_mechListMIC,
+    { &hf_spnego_mechListMIC_02,
       { "mechListMIC", "spnego.mechListMIC",
         FT_BYTES, BASE_NONE, NULL, 0,
-        NULL, HFILL }},
+        "T_mechListMIC_01", HFILL }},
     { &hf_spnego_thisMech,
       { "thisMech", "spnego.thisMech",
         FT_OID, BASE_NONE, NULL, 0,
@@ -1939,7 +2002,7 @@ void proto_register_spnego(void) {
         NULL, HFILL }},
 
 /*--- End of included file: packet-spnego-hfarr.c ---*/
-#line 1379 "../../asn1/spnego/packet-spnego-template.c"
+#line 1382 "../../asn1/spnego/packet-spnego-template.c"
 	};
 
 	/* List of subtrees */
@@ -1954,14 +2017,15 @@ void proto_register_spnego(void) {
 #line 1 "../../asn1/spnego/packet-spnego-ettarr.c"
     &ett_spnego_NegotiationToken,
     &ett_spnego_MechTypeList,
-    &ett_spnego_PrincipalSeq,
     &ett_spnego_NegTokenInit,
+    &ett_spnego_NegHints,
+    &ett_spnego_NegTokenInit2,
     &ett_spnego_ContextFlags,
     &ett_spnego_NegTokenTarg,
     &ett_spnego_InitialContextToken_U,
 
 /*--- End of included file: packet-spnego-ettarr.c ---*/
-#line 1389 "../../asn1/spnego/packet-spnego-template.c"
+#line 1392 "../../asn1/spnego/packet-spnego-template.c"
 	};
 
 	/* Register protocol */
author	Richard Sharpe <realrichardsharpe@gmail.com>	2014-05-28 21:05:41 -0400
committer	Michael Mann <mmann78@netscape.net>	2014-05-29 01:15:26 +0000
commit	0ed2672abf6d8a41e0ddc11358bb73d86a30fe92 (patch)
tree	34e0a1c3508c5b262b5b7b1af0cbbc54e86c4c89 /epan/dissectors/packet-spnego.c
parent	bb78e8f6e5bf770f1effbc84c44656436add5a5d (diff)