diff options
author | Tim Potter <tpot@samba.org> | 2002-08-22 20:04:55 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2002-08-22 20:04:55 +0000 |
commit | 66bc3e597f764cec7ee09442cdae327b0a814383 (patch) | |
tree | abcbabfbeb23bec059943f083f184578031d591c | |
parent | 4047c3caeb0754189f4a542678f76c3e31996d0f (diff) |
These guys got lost in a merge. Actually call the gssapi dissector from
the relevant parts of the SMB and DCERPC dissectors.
svn path=/trunk/; revision=6066
-rw-r--r-- | packet-dcerpc.c | 55 | ||||
-rw-r--r-- | packet-smb.c | 84 |
2 files changed, 102 insertions, 37 deletions
diff --git a/packet-dcerpc.c b/packet-dcerpc.c index 584b3cf71a..18dee9ab66 100644 --- a/packet-dcerpc.c +++ b/packet-dcerpc.c @@ -2,7 +2,7 @@ * Routines for DCERPC packet disassembly * Copyright 2001, Todd Sabin <tas@webspan.net> * - * $Id: packet-dcerpc.c,v 1.72 2002/08/21 21:25:23 tpot Exp $ + * $Id: packet-dcerpc.c,v 1.73 2002/08/22 20:04:54 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -389,7 +389,7 @@ static gint ett_dcerpc_pointer_data = -1; static gint ett_dcerpc_fragments = -1; static gint ett_dcerpc_fragment = -1; -static dissector_handle_t ntlmssp_handle=NULL; +static dissector_handle_t ntlmssp_handle, gssapi_handle; fragment_items dcerpc_frag_items = { &ett_dcerpc_fragments, @@ -1340,22 +1340,40 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, hf_dcerpc_auth_ctx_id, NULL); - /* Dissect the authentication data as NTLMSSP Parameters if the - auth_type is DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP and this is a - BIND request, BIND response, or AUTH3. - Otherwise just show it as "Auth Data". - XXX - dissect it for other authentication types? - */ - if ((auth_type == DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP) && - ((hdr->ptype == PDU_BIND) || (hdr->ptype == PDU_BIND_ACK) || - (hdr->ptype == PDU_AUTH3))) { - tvbuff_t *ntlmssp_tvb; - ntlmssp_tvb = tvb_new_subset(tvb, offset, hdr->auth_len, - hdr->auth_len); - call_dissector(ntlmssp_handle, ntlmssp_tvb, pinfo, dcerpc_tree); - } else { - proto_tree_add_text (dcerpc_tree, tvb, offset, hdr->auth_len, - "Auth Data"); + /* Dissect the authentication data */ + + switch(auth_type) { + + /* NTLMSSP */ + + case DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP: { + tvbuff_t *ntlmssp_tvb; + + ntlmssp_tvb = tvb_new_subset(tvb, offset, hdr->auth_len, + hdr->auth_len); + + call_dissector(ntlmssp_handle, ntlmssp_tvb, pinfo, + dcerpc_tree); + + break; + } + + /* Snego (rfc2478) */ + + case DCE_C_RPC_AUTHN_PROTOCOL_SNEGO: { + tvbuff_t *gssapi_tvb; + + gssapi_tvb = tvb_new_subset(tvb, offset, hdr->auth_len, + hdr->auth_len); + + call_dissector(gssapi_handle, gssapi_tvb, pinfo, dcerpc_tree); + + break; + } + + default: + proto_tree_add_text (dcerpc_tree, tvb, offset, hdr->auth_len, + "Auth Data"); } /* figure out where the auth padding starts */ @@ -3509,4 +3527,5 @@ proto_reg_handoff_dcerpc (void) heur_dissector_add ("udp", dissect_dcerpc_dg, proto_dcerpc); heur_dissector_add ("smb_transact", dissect_dcerpc_cn_bs, proto_dcerpc); ntlmssp_handle = find_dissector("ntlmssp"); + gssapi_handle = find_dissector("gssapi"); } diff --git a/packet-smb.c b/packet-smb.c index acdfac79c6..8145a86573 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -3,7 +3,7 @@ * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * 2001 Rewrite by Ronnie Sahlberg and Guy Harris * - * $Id: packet-smb.c,v 1.281 2002/08/22 06:47:08 sharpe Exp $ + * $Id: packet-smb.c,v 1.282 2002/08/22 20:04:55 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -668,7 +668,9 @@ static gint ett_smb_ace = -1; static gint ett_smb_ace_flags = -1; static gint ett_smb_sec_desc_type = -1; static gint ett_smb_quotaflags = -1; +static gint ett_smb_gssapi = -1; +static dissector_handle_t gssapi_handle = NULL; fragment_items smb_frag_items = { &ett_smb_segment, @@ -2313,6 +2315,8 @@ dissect_negprot_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, in COUNT_BYTES(dn_len); } else { + proto_item *blob_item; + /* guid */ /* XXX - show it in the standard Microsoft format for GUIDs? */ @@ -2321,13 +2325,25 @@ dissect_negprot_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, in tvb, offset, 16, TRUE); COUNT_BYTES(16); + blob_item = proto_tree_add_item( + tree, hf_smb_security_blob, + tvb, offset, bc, TRUE); + /* security blob */ - /* XXX - is this ASN.1-encoded? Is it a Kerberos - data structure, at least in NT 5.0-and-later - server replies? */ if(bc){ - proto_tree_add_item(tree, hf_smb_security_blob, - tvb, offset, bc, TRUE); + tvbuff_t *gssapi_tvb; + proto_tree *gssapi_tree; + + gssapi_tree = proto_item_add_subtree( + blob_item, ett_smb_gssapi); + + gssapi_tvb = tvb_new_subset( + tvb, offset, bc, bc); + + call_dissector( + gssapi_handle, gssapi_tvb, pinfo, + gssapi_tree); + COUNT_BYTES(bc); } } @@ -5677,14 +5693,28 @@ dissect_session_setup_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree BYTE_COUNT; if (wc==12) { + proto_item *blob_item; + /* security blob */ - /* XXX - is this ASN.1-encoded? Is it a Kerberos - data structure, at least in NT 5.0-and-later - server replies? */ + + blob_item = proto_tree_add_item(tree, hf_smb_security_blob, + tvb, offset, sbloblen, TRUE); + if(sbloblen){ - CHECK_BYTE_COUNT(sbloblen); - proto_tree_add_item(tree, hf_smb_security_blob, - tvb, offset, sbloblen, TRUE); + tvbuff_t *gssapi_tvb; + proto_tree *gssapi_tree; + + CHECK_BYTE_COUNT(sbloblen); + + gssapi_tree = proto_item_add_subtree( + blob_item, ett_smb_gssapi); + + gssapi_tvb = tvb_new_subset( + tvb, offset, sbloblen, sbloblen); + + call_dissector( + gssapi_handle, gssapi_tvb, pinfo, gssapi_tree); + COUNT_BYTES(sbloblen); } @@ -5867,15 +5897,29 @@ dissect_session_setup_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tre BYTE_COUNT; if(wc==4) { + proto_item *blob_item; + /* security blob */ - /* XXX - is this ASN.1-encoded? Is it a Kerberos - data structure, at least in NT 5.0-and-later - server replies? */ + + blob_item = proto_tree_add_item(tree, hf_smb_security_blob, + tvb, offset, sbloblen, TRUE); + if(sbloblen){ - CHECK_BYTE_COUNT(sbloblen); - proto_tree_add_item(tree, hf_smb_security_blob, - tvb, offset, sbloblen, TRUE); - COUNT_BYTES(sbloblen); + tvbuff_t *gssapi_tvb; + proto_tree *gssapi_tree; + + CHECK_BYTE_COUNT(sbloblen); + + gssapi_tree = proto_item_add_subtree( + blob_item, ett_smb_gssapi); + + gssapi_tvb = tvb_new_subset( + tvb, offset, sbloblen, sbloblen); + + call_dissector( + gssapi_handle, gssapi_tvb, pinfo, gssapi_tree); + + COUNT_BYTES(sbloblen); } } @@ -17758,6 +17802,7 @@ proto_register_smb(void) &ett_smb_ace_flags, &ett_smb_sec_desc_type, &ett_smb_quotaflags, + &ett_smb_gssapi, &ett_smb_mac_support_flags, }; module_t *smb_module; @@ -17784,4 +17829,5 @@ void proto_reg_handoff_smb(void) { heur_dissector_add("netbios", dissect_smb, proto_smb); + gssapi_handle = find_dissector("gssapi"); } |