diff options
author | Michael Mann <mmann78@netscape.net> | 2015-11-02 16:47:26 -0500 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2015-11-04 02:45:58 +0000 |
commit | 795b5c196303032e102189da80acd9d1f64ca8d7 (patch) | |
tree | b834e1aec2ad009a20a18d50459b2aef573b31d3 /epan | |
parent | 58431e2f6a939022261e1f54a9bf3e4fa39958ca (diff) |
Refactor some GSS-API dissectors to accept dissector data instead of using packet_info.
This can hopefully lead to the removal of the GSS-API specific members of the packet_info structure.
Change-Id: I7622d66e9f02c6e4cb76adcf0737b35c6ec88cdd
Reviewed-on: https://code.wireshark.org/review/11509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-gssapi.c | 70 | ||||
-rw-r--r-- | epan/dissectors/packet-gssapi.h | 11 | ||||
-rw-r--r-- | epan/dissectors/packet-ldap.c | 40 |
3 files changed, 82 insertions, 39 deletions
diff --git a/epan/dissectors/packet-gssapi.c b/epan/dissectors/packet-gssapi.c index 7f9842eb37..d6aafed303 100644 --- a/epan/dissectors/packet-gssapi.c +++ b/epan/dissectors/packet-gssapi.c @@ -523,16 +523,54 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, return return_offset; } -static void -dissect_gssapi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +static int +dissect_gssapi_work_wrapper(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gssapi_encrypt_info_t* encrypt_info, gboolean is_verifier) +{ + int ret; + + /* XXX - This is setup to hopefully remove the need for these members in packet_info + * Setup the dissector to take them as arguments and for now, convert to + * packet_info + */ + if (encrypt_info != NULL) + { + pinfo->decrypt_gssapi_tvb = encrypt_info->decrypt_gssapi_tvb; + pinfo->gssapi_wrap_tvb = encrypt_info->gssapi_wrap_tvb; + pinfo->gssapi_encrypted_tvb = encrypt_info->gssapi_encrypted_tvb; + pinfo->gssapi_decrypted_tvb = encrypt_info->gssapi_decrypted_tvb; + pinfo->gssapi_data_encrypted = encrypt_info->gssapi_data_encrypted; + } + + ret = dissect_gssapi_work(tvb, pinfo, tree, is_verifier); + + if (encrypt_info != NULL) + { + /* Reassign the data from packet_info and clean up */ + encrypt_info->gssapi_data_encrypted = pinfo->gssapi_data_encrypted; + encrypt_info->decrypt_gssapi_tvb = pinfo->decrypt_gssapi_tvb; + encrypt_info->gssapi_wrap_tvb = pinfo->gssapi_wrap_tvb; + encrypt_info->gssapi_encrypted_tvb = pinfo->gssapi_encrypted_tvb; + encrypt_info->gssapi_decrypted_tvb = pinfo->gssapi_decrypted_tvb; + + pinfo->decrypt_gssapi_tvb=0; + pinfo->gssapi_wrap_tvb=NULL; + pinfo->gssapi_encrypted_tvb=NULL; + pinfo->gssapi_decrypted_tvb=NULL; + } + + return ret; +} + +static int +dissect_gssapi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { - dissect_gssapi_work(tvb, pinfo, tree, FALSE); + return dissect_gssapi_work_wrapper(tvb, pinfo, tree, (gssapi_encrypt_info_t*)data, FALSE); } static int -dissect_gssapi_verf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +dissect_gssapi_verf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { - return dissect_gssapi_work(tvb, pinfo, tree, TRUE); + return dissect_gssapi_work_wrapper(tvb, pinfo, tree, (gssapi_encrypt_info_t*)data, TRUE); } void @@ -610,7 +648,7 @@ proto_register_gssapi(void) expert_gssapi = expert_register_protocol(proto_gssapi); expert_register_field_array(expert_gssapi, ei, array_length(ei)); - register_dissector("gssapi", dissect_gssapi, proto_gssapi); + new_register_dissector("gssapi", dissect_gssapi, proto_gssapi); new_register_dissector("gssapi_verf", dissect_gssapi_verf, proto_gssapi); gssapi_oids = g_hash_table_new(gssapi_oid_hash, gssapi_oid_equal); @@ -626,7 +664,7 @@ wrap_dissect_gssapi(tvbuff_t *tvb, int offset, packet_info *pinfo, auth_tvb = tvb_new_subset_remaining(tvb, offset); - dissect_gssapi(auth_tvb, pinfo, tree); + dissect_gssapi(auth_tvb, pinfo, tree, NULL); return tvb_captured_length_remaining(tvb, offset); } @@ -648,6 +686,7 @@ wrap_dissect_gssapi_payload(tvbuff_t *data_tvb, tvbuff_t *auth_tvb, dcerpc_auth_info *auth_info _U_) { tvbuff_t *result; + gssapi_encrypt_info_t gssapi_encrypt; /* we need a full auth and a full data tvb or else we can't decrypt anything @@ -656,17 +695,12 @@ wrap_dissect_gssapi_payload(tvbuff_t *data_tvb, tvbuff_t *auth_tvb, return NULL; } - pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_DCE; - pinfo->gssapi_wrap_tvb=NULL; - pinfo->gssapi_encrypted_tvb=data_tvb; - pinfo->gssapi_decrypted_tvb=NULL; - dissect_gssapi(auth_tvb, pinfo, NULL); - result=pinfo->gssapi_decrypted_tvb; - - pinfo->decrypt_gssapi_tvb=0; - pinfo->gssapi_wrap_tvb=NULL; - pinfo->gssapi_encrypted_tvb=NULL; - pinfo->gssapi_decrypted_tvb=NULL; + gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_DCE; + gssapi_encrypt.gssapi_wrap_tvb=NULL; + gssapi_encrypt.gssapi_encrypted_tvb=data_tvb; + gssapi_encrypt.gssapi_decrypted_tvb=NULL; + dissect_gssapi(auth_tvb, pinfo, NULL, &gssapi_encrypt); + result=gssapi_encrypt.gssapi_decrypted_tvb; return result; } diff --git a/epan/dissectors/packet-gssapi.h b/epan/dissectors/packet-gssapi.h index 1d227dfb99..2dec82b7cd 100644 --- a/epan/dissectors/packet-gssapi.h +++ b/epan/dissectors/packet-gssapi.h @@ -34,6 +34,17 @@ typedef struct _gssapi_oid_value { const gchar *comment; /* For the comment */ } gssapi_oid_value; +/* Created as an attempt to remove members out of packet_info. + Data structure to be passed between dissectors */ +typedef struct _gssapi_encrypt_info +{ + guint16 decrypt_gssapi_tvb; + tvbuff_t *gssapi_wrap_tvb; + tvbuff_t *gssapi_encrypted_tvb; + tvbuff_t *gssapi_decrypted_tvb; + gboolean gssapi_data_encrypted; +} gssapi_encrypt_info_t; + /* Function prototypes */ void diff --git a/epan/dissectors/packet-ldap.c b/epan/dissectors/packet-ldap.c index 8b247f8743..a3b43f0028 100644 --- a/epan/dissectors/packet-ldap.c +++ b/epan/dissectors/packet-ldap.c @@ -112,6 +112,7 @@ #include "packet-ssl.h" #include "packet-ssl-utils.h" #include "packet-smb-common.h" +#include "packet-gssapi.h" #include "packet-ber.h" #include "packet-per.h" @@ -343,7 +344,7 @@ static int hf_ldap_graceAuthNsRemaining = -1; /* INTEGER_0_maxInt */ static int hf_ldap_error = -1; /* T_error */ /*--- End of included file: packet-ldap-hf.c ---*/ -#line 193 "../../asn1/ldap/packet-ldap-template.c" +#line 194 "../../asn1/ldap/packet-ldap-template.c" /* Initialize the subtree pointers */ static gint ett_ldap = -1; @@ -415,7 +416,7 @@ static gint ett_ldap_PasswordPolicyResponseValue = -1; static gint ett_ldap_T_warning = -1; /*--- End of included file: packet-ldap-ett.c ---*/ -#line 205 "../../asn1/ldap/packet-ldap-template.c" +#line 206 "../../asn1/ldap/packet-ldap-template.c" static expert_field ei_ldap_exceeded_filter_length = EI_INIT; static expert_field ei_ldap_too_many_filter_elements = EI_INIT; @@ -3835,7 +3836,7 @@ static int dissect_PasswordPolicyResponseValue_PDU(tvbuff_t *tvb _U_, packet_inf /*--- End of included file: packet-ldap-fn.c ---*/ -#line 920 "../../asn1/ldap/packet-ldap-template.c" +#line 921 "../../asn1/ldap/packet-ldap-template.c" static int dissect_LDAPMessage_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, ldap_conv_info_t *ldap_info) { int offset = 0; @@ -4132,6 +4133,7 @@ static void tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL; int ver_len; int tmp_length; + gssapi_encrypt_info_t gssapi_encrypt; /* * This is GSS-API (using SPNEGO, but we should be done with @@ -4147,22 +4149,18 @@ static void gssapi_tvb = tvb_new_subset(sasl_tvb, 4, tmp_length, sasl_len); /* Attempt decryption of the GSSAPI wrapped data if possible */ - pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL; - pinfo->gssapi_wrap_tvb=NULL; - pinfo->gssapi_encrypted_tvb=NULL; - pinfo->gssapi_decrypted_tvb=NULL; - ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree); + gssapi_encrypt.gssapi_data_encrypted = FALSE; + gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL; + gssapi_encrypt.gssapi_wrap_tvb=NULL; + gssapi_encrypt.gssapi_encrypted_tvb=NULL; + gssapi_encrypt.gssapi_decrypted_tvb=NULL; + ver_len = call_dissector_with_data(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree, &gssapi_encrypt); /* if we could unwrap, do a tvb shuffle */ - if(pinfo->gssapi_decrypted_tvb){ - decr_tvb=pinfo->gssapi_decrypted_tvb; - } else if (pinfo->gssapi_wrap_tvb) { - plain_tvb=pinfo->gssapi_wrap_tvb; + if(gssapi_encrypt.gssapi_decrypted_tvb){ + decr_tvb=gssapi_encrypt.gssapi_decrypted_tvb; + } else if (gssapi_encrypt.gssapi_wrap_tvb) { + plain_tvb=gssapi_encrypt.gssapi_wrap_tvb; } - /* tidy up */ - pinfo->decrypt_gssapi_tvb=0; - pinfo->gssapi_wrap_tvb=NULL; - pinfo->gssapi_encrypted_tvb=NULL; - pinfo->gssapi_decrypted_tvb=NULL; /* * if len is 0 it probably mean that we got a PDU that is not @@ -4178,7 +4176,7 @@ static void * data; if not, just use the plaintext data. */ if (!decr_tvb && !plain_tvb) { - if(!pinfo->gssapi_data_encrypted){ + if(!gssapi_encrypt.gssapi_data_encrypted){ plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len); } } @@ -5701,7 +5699,7 @@ void proto_register_ldap(void) { NULL, HFILL }}, /*--- End of included file: packet-ldap-hfarr.c ---*/ -#line 2217 "../../asn1/ldap/packet-ldap-template.c" +#line 2215 "../../asn1/ldap/packet-ldap-template.c" }; /* List of subtrees */ @@ -5775,7 +5773,7 @@ void proto_register_ldap(void) { &ett_ldap_T_warning, /*--- End of included file: packet-ldap-ettarr.c ---*/ -#line 2231 "../../asn1/ldap/packet-ldap-template.c" +#line 2229 "../../asn1/ldap/packet-ldap-template.c" }; /* UAT for header fields */ static uat_field_t custom_attribute_types_uat_fields[] = { @@ -5942,7 +5940,7 @@ proto_reg_handoff_ldap(void) /*--- End of included file: packet-ldap-dis-tab.c ---*/ -#line 2381 "../../asn1/ldap/packet-ldap-template.c" +#line 2379 "../../asn1/ldap/packet-ldap-template.c" } |