diff options
author | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2007-02-17 11:16:52 +0000 |
---|---|---|
committer | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2007-02-17 11:16:52 +0000 |
commit | 1864da87a85ed3b685c423e9efaa2dffacc92334 (patch) | |
tree | b92497d971a50e78bae7c42f4c28388bec8b98d8 /asn1 | |
parent | 822bb2e4892e7de30cf294c433f6131c2c312678 (diff) |
This patch looks for a confounder in GSSWrap for DES_MAC_MD5 algorithm.
This is purely empirical as I can find no standard that says it should be there.
However successful LDAP/SASL/GSSAPI between AD and Java client shows it seems to be present.
If the confounder is not dissected, the LDAPMessage to fail to be decoded.
svn path=/trunk/; revision=20833
Diffstat (limited to 'asn1')
-rw-r--r-- | asn1/spnego/packet-spnego-template.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/asn1/spnego/packet-spnego-template.c b/asn1/spnego/packet-spnego-template.c index 03cd12a9cc..eccfe49ab8 100644 --- a/asn1/spnego/packet-spnego-template.c +++ b/asn1/spnego/packet-spnego-template.c @@ -688,7 +688,11 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo * It certainly confounds code expecting all Kerberos 5 * GSS_Wrap() tokens to look the same.... */ - if (sgn_alg == KRB_SGN_ALG_HMAC) { + if ((sgn_alg == KRB_SGN_ALG_HMAC) || + /* there also seems to be a confounder for DES MAC MD5 - certainly seen when using with + SASL with LDAP between a Java client and Active Directory. If this breaks other things + we may need to make this an option. gal 17/2/06 */ + (sgn_alg == KRB_SGN_ALG_DES_MAC_MD5)) { proto_tree_add_item(tree, hf_spnego_krb5_confounder, tvb, offset, 8, TRUE); offset += 8; |