Further refactor GSS_API dissectors to pass gssapi_encrypt_info_t structure between dissectors instead of using packet_info.h

The only remaining explicit user of the packet_info members is the NTLMSSP dissector.  However, there may be "hidden" use of it in the spnego dissector passing between ASN.1 functions.
Someone more familiar with the protocols could possibly trim some of the "extra copies" between packet_info and gssapi_encrypt_info_t structure, but I went the "better safe than sorry" route.

Change-Id: I160d2cfccadc5f49b128609223cdff0162c3ca85
Reviewed-on: https://code.wireshark.org/review/11575
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>

1 files changed, 180 insertions, 75 deletions

diff --git a/epan/dissectors/packet-spnego.c b/epan/dissectors/packet-spnego.c
index 4a2acda478..652610ec5d 100644
--- a/epan/dissectors/packet-spnego.c
+++ b/epan/dissectors/packet-spnego.c
@@ -616,14 +616,36 @@ static const value_string spnego_krb5_seal_alg_vals[] = {
 static int
 dissect_spnego_krb5_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree);
 static int
-dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id);
+dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id, gssapi_encrypt_info_t* gssapi_encrypt);
 static int
 dissect_spnego_krb5_cfx_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree);
 static int
-dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id);
+dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint16 token_id, gssapi_encrypt_info_t* gssapi_encrypt);
 
-static void
-dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+
+/* XXX - This should be TEMPORARY until these members in are removed from packet_info */
+static void packet_info_to_gssapi_encrypt(packet_info *pinfo, gssapi_encrypt_info_t* encrypt_info)
+{
+	encrypt_info->decrypt_gssapi_tvb = pinfo->decrypt_gssapi_tvb;
+	encrypt_info->gssapi_wrap_tvb = pinfo->gssapi_wrap_tvb;
+	encrypt_info->gssapi_encrypted_tvb = pinfo->gssapi_encrypted_tvb;
+	encrypt_info->gssapi_decrypted_tvb = pinfo->gssapi_decrypted_tvb;
+	encrypt_info->gssapi_data_encrypted = pinfo->gssapi_data_encrypted;
+}
+
+static void gssapi_encrypt_to_packet_info(packet_info *pinfo, gssapi_encrypt_info_t* encrypt_info)
+{
+	pinfo->decrypt_gssapi_tvb = encrypt_info->decrypt_gssapi_tvb;
+	pinfo->gssapi_wrap_tvb = encrypt_info->gssapi_wrap_tvb;
+	pinfo->gssapi_encrypted_tvb = encrypt_info->gssapi_encrypted_tvb;
+	pinfo->gssapi_decrypted_tvb = encrypt_info->gssapi_decrypted_tvb;
+	pinfo->gssapi_data_encrypted = encrypt_info->gssapi_data_encrypted;
+}
+
+
+
+static int
+dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
 {
 	proto_item *item;
 	proto_tree *subtree;
@@ -635,6 +657,8 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 	gboolean pc, ind = 0;
 	gint32 tag;
 	guint32 len;
+	gssapi_encrypt_info_t* encrypt_info = (gssapi_encrypt_info_t*)data;
+	gssapi_encrypt_info_t pass_encrypt_info;
 	asn1_ctx_t asn1_ctx;
 	asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
 
@@ -706,7 +730,7 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 		 * return.
 		 */
 		dissect_kerberos_main(tvb, pinfo, subtree, FALSE, NULL);
-		return;
+		return tvb_captured_length(tvb);
 
 	    default:
 		proto_tree_add_expert_format(subtree, pinfo, &ei_spnego_unknown_header, tvb, offset, 0,
@@ -738,7 +762,28 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 	  break;
 
 	case KRB_TOKEN_WRAP:
-          offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id);
+		/* XXX - This is setup to hopefully remove the need for these members in packet_info
+		* If data is supplied to dissector, use it.  Otherwise convert to packet_info
+		*/
+		if (encrypt_info != NULL)
+		{
+			pass_encrypt_info = *encrypt_info;
+		}
+		else
+		{
+			packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info);
+		}
+
+		offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info);
+
+		if (encrypt_info != NULL)
+		{
+			*encrypt_info = pass_encrypt_info;
+		}
+		else
+		{
+			gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info);
+		}
 	  break;
 
 	case KRB_TOKEN_DELETE_SEC_CONTEXT:
@@ -750,7 +795,28 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 	  break;
 
 	case KRB_TOKEN_CFX_WRAP:
-          offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id);
+		/* XXX - This is setup to hopefully remove the need for these members in packet_info
+		* If data is supplied to dissector, use it.  Otherwise convert to packet_info
+		*/
+		if (encrypt_info != NULL)
+		{
+			pass_encrypt_info = *encrypt_info;
+		}
+		else
+		{
+			packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info);
+		}
+
+		offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info);
+
+		if (encrypt_info != NULL)
+		{
+			*encrypt_info = pass_encrypt_info;
+		}
+		else
+		{
+			gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info);
+		}
 	  break;
 
 	default:
@@ -760,7 +826,7 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 
  done:
 	proto_item_set_len(item, offset);
-	return;
+	return tvb_captured_length(tvb);
 }
 
 #ifdef HAVE_KERBEROS
@@ -895,9 +961,7 @@ gssapi_verify_pad(guint8 *wrapped_data, int wrapped_length,
 }
 
 static int
-decrypt_arcfour(packet_info *pinfo,
-	 guint8 *input_message_buffer,
-	 guint8 *output_message_buffer,
+decrypt_arcfour(gssapi_encrypt_info_t* gssapi_encrypt, guint8 *input_message_buffer, guint8 *output_message_buffer,
 	 guint8 *key_value, int key_size, int key_type)
 {
     guint8 Klocaldata[16];
@@ -911,22 +975,22 @@ decrypt_arcfour(packet_info *pinfo,
     int conf_flag;
     int padlen = 0;
 
-    datalen = tvb_captured_length(pinfo->gssapi_encrypted_tvb);
+    datalen = tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb);
 
-    if(tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 4)==0x1000){
+    if(tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 4)==0x1000){
 	conf_flag=1;
-    } else if (tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 4)==0xffff){
+    } else if (tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 4)==0xffff){
 	conf_flag=0;
     } else {
 	return -3;
     }
 
-    if(tvb_get_ntohs(pinfo->gssapi_wrap_tvb, 6)!=0xffff){
+    if(tvb_get_ntohs(gssapi_encrypt->gssapi_wrap_tvb, 6)!=0xffff){
 	return -4;
     }
 
     ret = arcfour_mic_key(key_value, key_size, key_type,
-			  tvb_get_ptr(pinfo->gssapi_wrap_tvb, 16, 8),
+			  tvb_get_ptr(gssapi_encrypt->gssapi_wrap_tvb, 16, 8),
 			  8, /* SGN_CKSUM */
 			  k6_data);
     if (ret) {
@@ -937,7 +1001,7 @@ decrypt_arcfour(packet_info *pinfo,
 	rc4_state_struct rc4_state;
 
 	crypt_rc4_init(&rc4_state, k6_data, sizeof(k6_data));
-	tvb_memcpy(pinfo->gssapi_wrap_tvb, SND_SEQ, 8, 8);
+	tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, SND_SEQ, 8, 8);
 	crypt_rc4(&rc4_state, (guint8 *)SND_SEQ, 8);
 
 	memset(k6_data, 0, sizeof(k6_data));
@@ -966,12 +1030,12 @@ decrypt_arcfour(packet_info *pinfo,
 	rc4_state_struct rc4_state;
 
 	crypt_rc4_init(&rc4_state, k6_data, sizeof(k6_data));
-	tvb_memcpy(pinfo->gssapi_wrap_tvb, Confounder, 24, 8);
+	tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, Confounder, 24, 8);
 	crypt_rc4(&rc4_state, Confounder, 8);
 	memcpy(output_message_buffer, input_message_buffer, datalen);
 	crypt_rc4(&rc4_state, output_message_buffer, datalen);
     } else {
-	tvb_memcpy(pinfo->gssapi_wrap_tvb, Confounder, 24, 8);
+	tvb_memcpy(gssapi_encrypt->gssapi_wrap_tvb, Confounder, 24, 8);
 	memcpy(output_message_buffer,
 		input_message_buffer,
 	        datalen);
@@ -979,7 +1043,7 @@ decrypt_arcfour(packet_info *pinfo,
     memset(k6_data, 0, sizeof(k6_data));
 
     /* only normal (i.e. non DCE style  wrapping use padding ? */
-    if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
+    if(gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
 	ret = gssapi_verify_pad(output_message_buffer,datalen,datalen, &padlen);
     	if (ret) {
 	    return -9;
@@ -988,11 +1052,11 @@ decrypt_arcfour(packet_info *pinfo,
     }
 
     /* don't know what the checksum looks like for dce style gssapi */
-    if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
+    if(gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
 	ret = arcfour_mic_cksum(key_value, key_size,
 			    KRB5_KU_USAGE_SEAL,
 			    cksum_data,
-			    tvb_get_ptr(pinfo->gssapi_wrap_tvb, 0, 8), 8,
+			    tvb_get_ptr(gssapi_encrypt->gssapi_wrap_tvb, 0, 8), 8,
 			    Confounder, sizeof(Confounder),
 			    output_message_buffer,
 			    datalen + padlen);
@@ -1000,7 +1064,7 @@ decrypt_arcfour(packet_info *pinfo,
 	    return -10;
 	}
 
-	cmp = tvb_memeql(pinfo->gssapi_wrap_tvb, 16, cksum_data, 8); /* SGN_CKSUM */
+	cmp = tvb_memeql(gssapi_encrypt->gssapi_wrap_tvb, 16, cksum_data, 8); /* SGN_CKSUM */
 	if (cmp) {
 	    return -11;
 	}
@@ -1014,7 +1078,7 @@ decrypt_arcfour(packet_info *pinfo,
 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
 
 static void
-decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff_t *tvb, int keytype)
+decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff_t *tvb, int keytype, gssapi_encrypt_info_t* gssapi_encrypt)
 {
 	int ret;
 	enc_key_t *ek;
@@ -1024,8 +1088,8 @@ decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff
 	guint8 *cryptocopy=NULL; /* workaround for pre-0.6.1 heimdal bug */
 	guint8 *output_message_buffer;
 
-	length=tvb_captured_length(pinfo->gssapi_encrypted_tvb);
-	original_data=tvb_get_ptr(pinfo->gssapi_encrypted_tvb, 0, length);
+	length=tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb);
+	original_data=tvb_get_ptr(gssapi_encrypt->gssapi_encrypted_tvb, 0, length);
 
 	/* don't do anything if we are not attempting to decrypt data */
 /*
@@ -1052,26 +1116,24 @@ decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree _U_, packet_info *pinfo, tvbuff
 		  This has been seen for RC4-HMAC blobs.
 		*/
 		memcpy(cryptocopy, original_data, length);
-		ret=decrypt_arcfour(pinfo,
+		ret=decrypt_arcfour(gssapi_encrypt,
 				cryptocopy,
 				output_message_buffer,
 				ek->keyvalue,
 				ek->keylength,
-				ek->keytype
-					    );
+				ek->keytype);
 		if (ret >= 0) {
 			expert_add_info_format(pinfo, NULL, &ei_spnego_decrypted_keytype,
 								   "Decrypted keytype %d in frame %u using %s",
 								   ek->keytype, pinfo->fd->num, ek->key_origin);
 
-			pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb,
+			gssapi_encrypt->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb,
 				output_message_buffer,
 				ret, ret);
-			add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
+			add_new_data_source(pinfo, gssapi_encrypt->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
 			return;
 		}
 	}
-	return;
 }
 
 /* borrowed from heimdal */
@@ -1122,13 +1184,12 @@ rrc_rotate(guint8 *data, int len, guint16 rrc, int unrotate)
 #define KRB5_KU_USAGE_INITIATOR_SIGN	25
 
 static void
-decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
+decrypt_gssapi_krb_cfx_wrap(proto_tree *tree,
 			    packet_info *pinfo,
 			    tvbuff_t *checksum_tvb,
-			    tvbuff_t *encrypted_tvb,
+			    gssapi_encrypt_info_t* gssapi_encrypt,
 			    guint16 ec,
 			    guint16 rrc,
-			    gboolean is_dce,
 			    int keytype,
 			    unsigned int usage)
 {
@@ -1142,22 +1203,22 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
 		return;
 	}
 
-	datalen = tvb_captured_length(checksum_tvb) + tvb_captured_length(encrypted_tvb);
+	datalen = tvb_captured_length(checksum_tvb) + tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb);
 
 	rotated = (guint8 *)wmem_alloc(pinfo->pool, datalen);
 
 	tvb_memcpy(checksum_tvb, rotated,
 		   0, tvb_captured_length(checksum_tvb));
-	tvb_memcpy(encrypted_tvb, rotated + tvb_captured_length(checksum_tvb),
-		   0, tvb_captured_length(encrypted_tvb));
+	tvb_memcpy(gssapi_encrypt->gssapi_encrypted_tvb, rotated + tvb_captured_length(checksum_tvb),
+		   0, tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb));
 
-	if (is_dce) {
+	if (gssapi_encrypt->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE) {
 		rrc += ec;
 	}
 
 	rrc_rotate(rotated, datalen, rrc, TRUE);
 
-	next_tvb=tvb_new_child_real_data(encrypted_tvb, rotated,
+	next_tvb=tvb_new_child_real_data(gssapi_encrypt->gssapi_encrypted_tvb, rotated,
 					 datalen, datalen);
 	add_new_data_source(pinfo, next_tvb, "GSSAPI CFX");
 
@@ -1167,18 +1228,16 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
 	if (output) {
 		guint8 *outdata;
 
-		outdata = (guint8 *)g_memdup(output, tvb_captured_length(encrypted_tvb));
+		outdata = (guint8 *)g_memdup(output, tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb));
 		g_free(output);
 
-		pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(encrypted_tvb,
+		gssapi_encrypt->gssapi_decrypted_tvb=tvb_new_child_real_data(gssapi_encrypt->gssapi_encrypted_tvb,
 			outdata,
-			tvb_captured_length(encrypted_tvb),
-			tvb_captured_length(encrypted_tvb));
-		add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
-		tvb_set_free_cb(pinfo->gssapi_decrypted_tvb, g_free);
-		return;
+			tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb),
+			tvb_captured_length(gssapi_encrypt->gssapi_encrypted_tvb));
+		add_new_data_source(pinfo, gssapi_encrypt->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
+		tvb_set_free_cb(gssapi_encrypt->gssapi_decrypted_tvb, g_free);
 	}
-	return;
 }
 
 #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
@@ -1198,7 +1257,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 #ifndef HAVE_KERBEROS
 	_U_
 #endif
-    )
+	, gssapi_encrypt_info_t* gssapi_encrypt
+	)
 {
 	guint16 sgn_alg, seal_alg;
 #ifdef HAVE_KERBEROS
@@ -1261,15 +1321,15 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 	}
 
 	/* Is the data encrypted? */
-	pinfo->gssapi_data_encrypted=(seal_alg!=KRB_SEAL_ALG_NONE);
+	gssapi_encrypt->gssapi_data_encrypted=(seal_alg!=KRB_SEAL_ALG_NONE);
 
 #ifdef HAVE_KERBEROS
 #define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
-	if(pinfo->decrypt_gssapi_tvb){
+	if(gssapi_encrypt->decrypt_gssapi_tvb){
 		/* if the caller did not provide a tvb, then we just use
 		   whatever is left of our current tvb.
 		*/
-		if(!pinfo->gssapi_encrypted_tvb){
+		if(!gssapi_encrypt->gssapi_encrypted_tvb){
 			int len;
 			len=tvb_reported_length_remaining(tvb,offset);
 			if(len>tvb_captured_length_remaining(tvb, offset)){
@@ -1278,7 +1338,7 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 				*/
 				return offset;
 			}
-			pinfo->gssapi_encrypted_tvb = tvb_new_subset_length(
+			gssapi_encrypt->gssapi_encrypted_tvb = tvb_new_subset_length(
 					tvb, offset, len);
 		}
 
@@ -1289,8 +1349,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 			/* do we need to create a tvb for the wrapper
 			   as well ?
 			*/
-			if(!pinfo->gssapi_wrap_tvb){
-				pinfo->gssapi_wrap_tvb = tvb_new_subset_length(
+			if(!gssapi_encrypt->gssapi_wrap_tvb){
+				gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length(
 					tvb, start_offset-2,
 					GSS_ARCFOUR_WRAP_TOKEN_SIZE);
 			}
@@ -1298,7 +1358,8 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 			decrypt_gssapi_krb_arcfour_wrap(tree,
 				pinfo,
 				tvb,
-				23 /* rc4-hmac */);
+				KERB_ENCTYPE_RC4_HMAC,
+				gssapi_encrypt);
 #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
 		}
 	}
@@ -1410,6 +1471,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 	_U_
 #endif
     , proto_tree *tree, guint16 token_id _U_
+    , gssapi_encrypt_info_t* gssapi_encrypt
     )
 {
 	guint8 flags;
@@ -1431,7 +1493,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 	flags = tvb_get_guint8(tvb, offset);
 	offset = dissect_spnego_krb5_cfx_flags(tvb, offset, tree, flags);
 
-	pinfo->gssapi_data_encrypted=(flags & 2);
+	gssapi_encrypt->gssapi_data_encrypted=(flags & 2);
 
 	/* Skip the filler */
 
@@ -1461,7 +1523,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 
 	/* Checksum of plaintext padded data */
 
-	if (pinfo->gssapi_data_encrypted) {
+	if (gssapi_encrypt->gssapi_data_encrypted) {
 		checksum_size = 44 + ec;
 
 		proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
@@ -1498,7 +1560,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 #endif
 
 		returned_offset = offset;
-		pinfo->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset,
+		gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset,
 						inner_token_len);
 
 		offset += inner_token_len;
@@ -1519,11 +1581,11 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 		return returned_offset;
 	}
 
-	if(pinfo->decrypt_gssapi_tvb){
+	if(gssapi_encrypt->decrypt_gssapi_tvb){
 		/* if the caller did not provide a tvb, then we just use
 		   whatever is left of our current tvb.
 		*/
-		if(!pinfo->gssapi_encrypted_tvb){
+		if(!gssapi_encrypt->gssapi_encrypted_tvb){
 			int len;
 			len=tvb_reported_length_remaining(tvb,offset);
 			if(len>tvb_captured_length_remaining(tvb, offset)){
@@ -1532,16 +1594,16 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 				*/
 				return offset;
 			}
-			pinfo->gssapi_encrypted_tvb = tvb_new_subset(
+			gssapi_encrypt->gssapi_encrypted_tvb = tvb_new_subset(
 					tvb, offset, len, len);
 		}
 
-		if (pinfo->gssapi_data_encrypted) {
+		if (gssapi_encrypt->gssapi_data_encrypted) {
 			/* do we need to create a tvb for the wrapper
 			   as well ?
 			*/
-			if(!pinfo->gssapi_wrap_tvb){
-				pinfo->gssapi_wrap_tvb = tvb_new_subset_length(
+			if(!gssapi_encrypt->gssapi_wrap_tvb){
+				gssapi_encrypt->gssapi_wrap_tvb = tvb_new_subset_length(
 					tvb, start_offset-2,
 					offset - (start_offset-2));
 			}
@@ -1552,15 +1614,14 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 {
 	tvbuff_t *checksum_tvb = tvb_new_subset_length(tvb, 16, checksum_size);
 
-	if (pinfo->gssapi_data_encrypted) {
-		if(pinfo->gssapi_encrypted_tvb){
+	if (gssapi_encrypt->gssapi_data_encrypted) {
+		if(gssapi_encrypt->gssapi_encrypted_tvb){
 			decrypt_gssapi_krb_cfx_wrap(tree,
 				pinfo,
 				checksum_tvb,
-				pinfo->gssapi_encrypted_tvb,
+				gssapi_encrypt,
 				ec,
 				rrc,
-				(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE)?TRUE:FALSE,
 				-1,
 				(flags & 0x0001)?
 				KRB5_KU_USAGE_ACCEPTOR_SEAL:
@@ -1638,12 +1699,14 @@ dissect_spnego_krb5_cfx_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinf
  * getting it accepted.
  */
 static int
-dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
+dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data)
 {
 	proto_item *item;
 	proto_tree *subtree;
 	int offset = 0;
 	guint16 token_id;
+	gssapi_encrypt_info_t* encrypt_info = (gssapi_encrypt_info_t*)data;
+	gssapi_encrypt_info_t pass_encrypt_info;
 
 	item = proto_tree_add_item(tree, hf_spnego_krb5, tvb, 0, -1, ENC_NA);
 
@@ -1669,7 +1732,28 @@ dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree
 	  break;
 
 	case KRB_TOKEN_WRAP:
-          offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id);
+		/* XXX - This is setup to hopefully remove the need for these members in packet_info
+		* If data is supplied to dissector, use it.  Otherwise convert to packet_info
+		*/
+		if (encrypt_info != NULL)
+		{
+			pass_encrypt_info = *encrypt_info;
+		}
+		else
+		{
+			packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info);
+		}
+
+		offset = dissect_spnego_krb5_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info);
+
+		if (encrypt_info != NULL)
+		{
+			*encrypt_info = pass_encrypt_info;
+		}
+		else
+		{
+			gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info);
+		}
 	  break;
 
 	case KRB_TOKEN_CFX_GETMIC:
@@ -1677,7 +1761,28 @@ dissect_spnego_krb5_wrap(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree
 	  break;
 
 	case KRB_TOKEN_CFX_WRAP:
-          offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id);
+		/* XXX - This is setup to hopefully remove the need for these members in packet_info
+		* If data is supplied to dissector, use it.  Otherwise convert to packet_info
+		*/
+		if (encrypt_info != NULL)
+		{
+			pass_encrypt_info = *encrypt_info;
+		}
+		else
+		{
+			packet_info_to_gssapi_encrypt(pinfo, &pass_encrypt_info);
+		}
+
+		offset = dissect_spnego_krb5_cfx_wrap_base(tvb, offset, pinfo, subtree, token_id, &pass_encrypt_info);
+
+		if (encrypt_info != NULL)
+		{
+			*encrypt_info = pass_encrypt_info;
+		}
+		else
+		{
+			gssapi_encrypt_to_packet_info(pinfo, &pass_encrypt_info);
+		}
 	  break;
 
 	default:
@@ -1959,7 +2064,7 @@ void proto_register_spnego(void) {
         NULL, HFILL }},
 
 /*--- End of included file: packet-spnego-hfarr.c ---*/
-#line 1414 "../../asn1/spnego/packet-spnego-template.c"
+#line 1519 "../../asn1/spnego/packet-spnego-template.c"
 	};
 
 	/* List of subtrees */
@@ -1982,7 +2087,7 @@ void proto_register_spnego(void) {
     &ett_spnego_InitialContextToken_U,
 
 /*--- End of included file: packet-spnego-ettarr.c ---*/
-#line 1424 "../../asn1/spnego/packet-spnego-template.c"
+#line 1529 "../../asn1/spnego/packet-spnego-template.c"
 	};
 
 	static ei_register_info ei[] = {
@@ -2001,7 +2106,7 @@ void proto_register_spnego(void) {
 						    "SPNEGO-KRB5",
 						    "spnego-krb5");
 
-	register_dissector("spnego-krb5", dissect_spnego_krb5, proto_spnego_krb5);
+	new_register_dissector("spnego-krb5", dissect_spnego_krb5, proto_spnego_krb5);
 	new_register_dissector("spnego-krb5-wrap", dissect_spnego_krb5_wrap, proto_spnego_krb5);
 
 	/* Register fields and subtrees */