From Niels de Vos:

dissect AUTH_RSA as Gluster AUTH-flavor
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7190

svn path=/trunk/; revision=42244

1 files changed, 72 insertions, 0 deletions

diff --git a/epan/dissectors/packet-rpc.c b/epan/dissectors/packet-rpc.c
index 039aeee290..2f0a671bc5 100644
--- a/epan/dissectors/packet-rpc.c
+++ b/epan/dissectors/packet-rpc.c
@@ -62,6 +62,11 @@
  *	RFC 2695, "Authentication Mechanisms for ONC RPC"
  *
  *	although we don't currently dissect AUTH_DES or AUTH_KERB.
+ *
+ *	RFC 5531, "Appendix C: Current Number Assignments" defines AUTH_RSA.
+ *	AUTH_RSA is not implemented for any known RPC-protocols. The Gluster
+ *	protocols (ab)use AUTH_RSA for their own AUTH-flavor. AUTH_RSA is
+ *	therefore dissected as the inofficial AUTH_GLUSTER.
  */
 
 /* desegmentation of RPC over TCP */
@@ -101,6 +106,7 @@ const value_string rpc_auth_flavor[] = {
 	{ AUTH_UNIX, "AUTH_UNIX" },
 	{ AUTH_SHORT, "AUTH_SHORT" },
 	{ AUTH_DES, "AUTH_DES" },
+	{ AUTH_RSA, "AUTH_RSA/Gluster" },
 	{ RPCSEC_GSS, "RPCSEC_GSS" },
 	{ AUTH_GSSAPI, "AUTH_GSSAPI" },
 	{ RPCSEC_GSS_KRB5, "RPCSEC_GSS_KRB5" },
@@ -192,6 +198,8 @@ static int hf_rpc_auth_flavor = -1;
 static int hf_rpc_auth_length = -1;
 static int hf_rpc_auth_machinename = -1;
 static int hf_rpc_auth_stamp = -1;
+static int hf_rpc_auth_lk_owner = -1;
+static int hf_rpc_auth_pid = -1;
 static int hf_rpc_auth_uid = -1;
 static int hf_rpc_auth_gid = -1;
 static int hf_rpc_authgss_v = -1;
@@ -1042,6 +1050,59 @@ dissect_rpc_authdes_cred(tvbuff_t* tvb, proto_tree* tree, int offset)
 }
 
 static int
+dissect_rpc_authgluster_cred(tvbuff_t* tvb, proto_tree* tree, int offset)
+{
+	guint gids_count;
+	guint gids_i;
+	guint gids_entry;
+	proto_item *gitem = NULL;
+	proto_tree *gtree = NULL;
+
+	offset = dissect_rpc_uint64(tvb, tree, hf_rpc_auth_lk_owner, offset);
+	offset = dissect_rpc_uint32(tvb, tree, hf_rpc_auth_pid, offset);
+	offset = dissect_rpc_uint32(tvb, tree, hf_rpc_auth_uid, offset);
+	offset = dissect_rpc_uint32(tvb, tree, hf_rpc_auth_gid, offset);
+
+	gids_count = tvb_get_ntohl(tvb,offset);
+	if (tree) {
+		gitem = proto_tree_add_text(tree, tvb, offset,
+			4+gids_count*4, "Auxiliary GIDs (%d)", gids_count);
+		gtree = proto_item_add_subtree(gitem, ett_rpc_gids);
+	}
+	offset += 4;
+
+	/* first, open with [ */
+	if (tree && gids_count > 0)
+		proto_item_append_text(gitem, " [");
+
+	for (gids_i = 0 ; gids_i < gids_count; gids_i++) {
+		gids_entry = tvb_get_ntohl(tvb,offset);
+		if (gtree) {
+			proto_tree_add_uint(gtree, hf_rpc_auth_gid, tvb,
+				offset, 4, gids_entry);
+		}
+
+		/* add at most 16 GIDs to the text */
+		if (tree && gids_i < 16) {
+			if (gids_i > 0)
+				proto_item_append_text(gitem, ", ");
+
+			proto_item_append_text(gitem, "%d", gids_entry);
+		} else if (tree && gids_i == 16) {
+			proto_item_append_text(gitem, "...");
+		}
+		offset += 4;
+	}
+
+	/* finally, close with ] */
+	if (tree && gids_count > 0)
+		proto_item_append_text(gitem, "]");
+
+	return offset;
+}
+
+
+static int
 dissect_rpc_authgssapi_cred(tvbuff_t* tvb, proto_tree* tree, int offset)
 {
 	guint agc_v;
@@ -1101,6 +1162,11 @@ dissect_rpc_cred(tvbuff_t* tvb, proto_tree* tree, int offset,
 			dissect_rpc_authdes_cred(tvb, ctree, offset+8);
 			break;
 
+		case AUTH_RSA:
+			/* AUTH_RSA is (ab)used by Gluster */
+			dissect_rpc_authgluster_cred(tvb, ctree, offset+8);
+			break;
+
 		case RPCSEC_GSS:
 			dissect_rpc_authgss_cred(tvb, ctree, offset+8, pinfo, rpc_conv_info);
 			break;
@@ -3774,6 +3840,12 @@ proto_register_rpc(void)
 		{ &hf_rpc_auth_stamp, {
 			"Stamp", "rpc.auth.stamp", FT_UINT32, BASE_HEX,
 			NULL, 0, NULL, HFILL }},
+		{ &hf_rpc_auth_lk_owner, {
+			"Lock Owner", "rpc.auth.lk_owner", FT_UINT64, BASE_DEC,
+			NULL, 0, NULL, HFILL }},
+		{ &hf_rpc_auth_pid, {
+			"PID", "rpc.auth.pid", FT_UINT32, BASE_DEC,
+			NULL, 0, NULL, HFILL }},
 		{ &hf_rpc_auth_uid, {
 			"UID", "rpc.auth.uid", FT_UINT32, BASE_DEC,
 			NULL, 0, NULL, HFILL }},