diff options
author | Gilbert Ramirez <gram@alumni.rice.edu> | 2004-07-18 18:06:47 +0000 |
---|---|---|
committer | Gilbert Ramirez <gram@alumni.rice.edu> | 2004-07-18 18:06:47 +0000 |
commit | 669db206cb1f270046ad400fff7655e20c63e723 (patch) | |
tree | 4eff24a2e16c8963e497e1fc575f35e6af59bd26 /epan/dissectors/packet-gssapi.c | |
parent | ae46c27a38700af669ef907491081f09df6f6b2c (diff) |
Move dissectors to epan/dissectors directory.
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
Diffstat (limited to 'epan/dissectors/packet-gssapi.c')
-rw-r--r-- | epan/dissectors/packet-gssapi.c | 479 |
1 files changed, 479 insertions, 0 deletions
diff --git a/epan/dissectors/packet-gssapi.c b/epan/dissectors/packet-gssapi.c new file mode 100644 index 0000000000..e89eb78c30 --- /dev/null +++ b/epan/dissectors/packet-gssapi.c @@ -0,0 +1,479 @@ +/* packet-gssapi.c + * Dissector for GSS-API tokens as described in rfc2078, section 3.1 + * Copyright 2002, Tim Potter <tpot@samba.org> + * Copyright 2002, Richard Sharpe <rsharpe@samba.org> Added a few + * bits and pieces ... + * + * $Id$ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#ifdef HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif + +#include <string.h> + +#include <glib.h> +#include <epan/packet.h> + +#include "asn1.h" +#include "format-oid.h" +#include <epan/dissectors/packet-dcerpc.h> +#include <epan/dissectors/packet-gssapi.h> +#include <epan/dissectors/packet-frame.h> +#include "epan/conversation.h" + +static int proto_gssapi = -1; + +static int hf_gssapi = -1; + +static gint ett_gssapi = -1; + +/* + * Subdissectors + */ + +static GHashTable *gssapi_oids; + +static gint gssapi_oid_equal(gconstpointer k1, gconstpointer k2) +{ + const char *key1 = (const char *)k1; + const char *key2 = (const char *)k2; + + return strcmp(key1, key2) == 0; +} + +static guint +gssapi_oid_hash(gconstpointer k) +{ + const char *key = (const char *)k; + guint hash = 0, i; + + for (i = 0; i < strlen(key); i++) + hash += key[i]; + + return hash; +} + +void +gssapi_init_oid(char *oid, int proto, int ett, dissector_handle_t handle, + dissector_handle_t wrap_handle, gchar *comment) +{ + char *key = g_strdup(oid); + gssapi_oid_value *value = g_malloc(sizeof(*value)); + + value->proto = find_protocol_by_id(proto); + value->ett = ett; + value->handle = handle; + value->wrap_handle = wrap_handle; + value->comment = comment; + + g_hash_table_insert(gssapi_oids, key, value); +} + +/* + * This takes an OID in binary form, not an OID as a text string, as + * an argument. + */ +gssapi_oid_value * +gssapi_lookup_oid(subid_t *oid, guint oid_len) +{ + gchar *oid_key; + gchar *p; + unsigned int i; + int len; + gssapi_oid_value *value; + + /* + * Convert the OID to a string, as text strings are used as + * keys in the OID hash table. + */ + oid_key = g_malloc(oid_len * 22 + 1); + p = oid_key; + len = sprintf(p, "%lu", (unsigned long)oid[0]); + p += len; + for (i = 1; i < oid_len;i++) { + len = sprintf(p, ".%lu", (unsigned long)oid[i]); + p += len; + } + + value = g_hash_table_lookup(gssapi_oids, oid_key); + g_free(oid_key); + return value; +} + +/* Display an ASN1 parse error. Taken from packet-snmp.c */ + +static dissector_handle_t data_handle; + +static void +dissect_parse_error(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *tree, const char *field_name, int ret) +{ + char *errstr; + + errstr = asn1_err_to_str(ret); + + if (tree != NULL) { + proto_tree_add_text(tree, tvb, offset, 0, + "ERROR: Couldn't parse %s: %s", field_name, errstr); + call_dissector(data_handle, + tvb_new_subset(tvb, offset, -1, -1), pinfo, tree); + } +} + +static int +dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + gboolean is_verifier) +{ + proto_item *item; + proto_tree *subtree; + ASN1_SCK hnd; + int ret, offset = 0; + volatile int return_offset = 0; + gboolean def; + guint len1, oid_len, cls, con, tag, nbytes; + subid_t *oid; + gchar *oid_string; + gssapi_oid_value *value; + volatile dissector_handle_t handle; + conversation_t *volatile conversation; + tvbuff_t *oid_tvb; + int len; + + /* + * We need this later, so lets get it now ... + */ + + conversation = find_conversation(&pinfo->src, &pinfo->dst, + pinfo->ptype, pinfo->srcport, + pinfo->destport, 0); + + item = proto_tree_add_item( + tree, hf_gssapi, tvb, offset, -1, FALSE); + + subtree = proto_item_add_subtree(item, ett_gssapi); + + /* + * Catch the ReportedBoundsError exception; the stuff we've been + * handed doesn't necessarily run to the end of the packet, it's + * an item inside a packet, so if it happens to be malformed (or + * we, or a dissector we call, has a bug), so that an exception + * is thrown, we want to report the error, but return and let + * our caller dissect the rest of the packet. + * + * If it gets a BoundsError, we can stop, as there's nothing more + * in the packet after our blob to see, so we just re-throw the + * exception. + */ + TRY { + /* Read header */ + + asn1_open(&hnd, tvb, offset); + + ret = asn1_header_decode(&hnd, &cls, &con, &tag, &def, &len1); + + if (ret != ASN1_ERR_NOERROR) { + dissect_parse_error(tvb, offset, pinfo, subtree, + "GSS-API header", ret); + return_offset = tvb_length(tvb); + goto done; + } + + if (!(cls == ASN1_APL && con == ASN1_CON && tag == 0)) { + /* + * If we do not recognise an Application class, + * then we are probably dealing with an inner context + * token or a wrap token, and we should retrieve the + * gssapi_oid_value pointer from the per-frame data or, + * if there is no per-frame data (as would be the case + * the first time we dissect this frame), from the + * conversation that exists or that we created from + * pinfo (and then make it per-frame data). + * We need to make it per-frame data as there can be + * more than one GSS-API negotiation in a conversation. + * + * Note! We "cheat". Since we only need the pointer, + * we store that as the data. (That's not really + * "cheating" - the per-frame data and per-conversation + * data code doesn't care what you supply as a data + * pointer; it just treats it as an opaque pointer, it + * doesn't dereference it or free what it points to.) + */ + value = p_get_proto_data(pinfo->fd, proto_gssapi); + if (!value && !pinfo->fd->flags.visited) + { + /* No handle attached to this frame, but it's the first */ + /* pass, so it'd be attached to the conversation. */ + /* If we have a conversation, try to get the handle, */ + /* and if we get one, attach it to the frame. */ + if (conversation) + { + value = conversation_get_proto_data(conversation, + proto_gssapi); + if (value) + p_add_proto_data(pinfo->fd, proto_gssapi, value); + } + } + if (!value) + { + proto_tree_add_text(subtree, tvb, offset, 0, + "Unknown header (cls=%d, con=%d, tag=%d)", + cls, con, tag); + return_offset = tvb_length(tvb); + goto done; + } + else + { + tvbuff_t *oid_tvb; + + /* Naughty ... no way to reset the offset */ + /* Account for the fact we have consumed part of the */ + /* ASN.1 and we want to get it back */ + + hnd.offset = offset; + oid_tvb = tvb_new_subset(tvb, offset, -1, -1); + if (is_verifier) + handle = value->wrap_handle; + else + handle = value->handle; + len = call_dissector(handle, oid_tvb, pinfo, subtree); + if (len == 0) + return_offset = tvb_length(tvb); + else + return_offset = offset + len; + goto done; /* We are finished here */ + } + } + + offset = hnd.offset; + + /* Read oid */ + + ret = asn1_oid_decode(&hnd, &oid, &oid_len, &nbytes); + + if (ret != ASN1_ERR_NOERROR) { + dissect_parse_error(tvb, offset, pinfo, subtree, + "GSS-API token", ret); + return_offset = tvb_length(tvb); + goto done; + } + + oid_string = format_oid(oid, oid_len); + + /* + * Hand off to subdissector. + */ + + if (((value = gssapi_lookup_oid(oid, oid_len)) == NULL) || + !proto_is_protocol_enabled(value->proto)) { + + proto_tree_add_text(subtree, tvb, offset, nbytes, + "OID: %s", + oid_string); + + offset += nbytes; + + g_free(oid_string); + + /* No dissector for this oid */ + + proto_tree_add_text(subtree, tvb, offset, -1, + "Token object"); + + return_offset = tvb_length(tvb); + goto done; + } + + if (value) + proto_tree_add_text(subtree, tvb, offset, nbytes, + "OID: %s (%s)", + oid_string, value->comment); + else + proto_tree_add_text(subtree, tvb, offset, nbytes, "OID: %s", + oid_string); + + offset += nbytes; + + g_free(oid_string); + + /* + * This is not needed, as the sub-dissector adds a tree + sub_item = proto_tree_add_item(subtree, value->proto, tvb, + offset, -1, FALSE); + + oid_subtree = proto_item_add_subtree(sub_item, value->ett); + */ + + /* + * Here we should create a conversation if needed and + * save a pointer to the data for that OID for the + * GSSAPI protocol. + */ + + if (!conversation) { /* Create one */ + conversation = conversation_new(&pinfo->src, + &pinfo->dst, + pinfo->ptype, + pinfo->srcport, + pinfo->destport, 0); + } + + /* + * Now add the proto data ... + * but only if it is not already there. + */ + + if (!conversation_get_proto_data(conversation, + proto_gssapi)) { + conversation_add_proto_data(conversation, + proto_gssapi, value); + } + + if (is_verifier) { + handle = value->wrap_handle; + if (handle != NULL) { + oid_tvb = tvb_new_subset(tvb, offset, -1, -1); + len = call_dissector(handle, oid_tvb, pinfo, + subtree); + if (len == 0) + return_offset = tvb_length(tvb); + else + return_offset = offset + len; + } else { + proto_tree_add_text(subtree, tvb, offset, -1, + "Authentication verifier"); + return_offset = tvb_length(tvb); + } + } else { + handle = value->handle; + if (handle != NULL) { + oid_tvb = tvb_new_subset(tvb, offset, -1, -1); + len = call_dissector(handle, oid_tvb, pinfo, + subtree); + if (len == 0) + return_offset = tvb_length(tvb); + else + return_offset = offset + len; + } else { + proto_tree_add_text(subtree, tvb, offset, -1, + "Authentication credentials"); + return_offset = tvb_length(tvb); + } + } + + done: + asn1_close(&hnd, &offset); + } CATCH(BoundsError) { + RETHROW; + } CATCH(ReportedBoundsError) { + show_reported_bounds_error(tvb, pinfo, tree); + } ENDTRY; + + proto_item_set_len(item, return_offset); + return return_offset; +} + +static void +dissect_gssapi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + dissect_gssapi_work(tvb, pinfo, tree, FALSE); +} + +static int +dissect_gssapi_verf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + return dissect_gssapi_work(tvb, pinfo, tree, TRUE); +} + +void +proto_register_gssapi(void) +{ + static hf_register_info hf[] = { + { &hf_gssapi, + { "GSS-API", "gss-api", FT_NONE, BASE_NONE, NULL, 0x0, + "GSS-API", HFILL }}, + }; + + static gint *ett[] = { + &ett_gssapi, + }; + + proto_gssapi = proto_register_protocol( + "Generic Security Service Application Program Interface", + "GSS-API", "gss-api"); + + proto_register_field_array(proto_gssapi, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + register_dissector("gssapi", dissect_gssapi, proto_gssapi); + new_register_dissector("gssapi_verf", dissect_gssapi_verf, proto_gssapi); + + gssapi_oids = g_hash_table_new(gssapi_oid_hash, gssapi_oid_equal); +} + +static int wrap_dissect_gssapi(tvbuff_t *tvb, int offset, + packet_info *pinfo, + proto_tree *tree, guint8 *drep _U_) +{ + tvbuff_t *auth_tvb; + + auth_tvb = tvb_new_subset(tvb, offset, -1, -1); + + dissect_gssapi(auth_tvb, pinfo, tree); + + return tvb_length_remaining(tvb, offset); +} + +int wrap_dissect_gssapi_verf(tvbuff_t *tvb, int offset, + packet_info *pinfo, + proto_tree *tree, guint8 *drep _U_) +{ + tvbuff_t *auth_tvb; + + auth_tvb = tvb_new_subset(tvb, offset, -1, -1); + + return dissect_gssapi_verf(auth_tvb, pinfo, tree); +} + +static dcerpc_auth_subdissector_fns gssapi_auth_fns = { + wrap_dissect_gssapi, /* Bind */ + wrap_dissect_gssapi, /* Bind ACK */ + wrap_dissect_gssapi, /* AUTH3 */ + wrap_dissect_gssapi_verf, /* Request verifier */ + wrap_dissect_gssapi_verf, /* Response verifier */ + NULL, /* Request data */ + NULL /* Response data */ +}; + +void +proto_reg_handoff_gssapi(void) +{ + data_handle = find_dissector("data"); + + register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY, + DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO, + &gssapi_auth_fns); +} |