diff options
author | Alexandr Savca <s.alex08@mail.ru> | 2017-02-18 14:34:22 +0200 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2017-02-19 21:07:56 +0000 |
commit | 9b008282c4ee79c696d435a42af7243c20482a40 (patch) | |
tree | a133ef230421b4c085d450863c06b5373d3c2789 /epan/dissectors/packet-tns.c | |
parent | dc173f97c0701ddaf4bd978c3b02225b69ea1d4d (diff) |
packet-tns.c: Add Sesskey, Auth (SQLNET_RETURN_OPI_PARAM)
I added a few TNS pcaps on the SampleCaptures wiki and tested with all
of them.
With this patch I get an error (malformed packet) on 'Set Protocol'
response. Peter Wu fixed it by this patch:
https://code.wireshark.org/review/#/c/20098/
Change-Id: Ia41ba7d229a5332740c57853b1929764604eda03
Reviewed-on: https://code.wireshark.org/review/20165
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-tns.c')
-rw-r--r-- | epan/dissectors/packet-tns.c | 215 |
1 files changed, 194 insertions, 21 deletions
diff --git a/epan/dissectors/packet-tns.c b/epan/dissectors/packet-tns.c index 14a57cd66e..6b9560e7c8 100644 --- a/epan/dissectors/packet-tns.c +++ b/epan/dissectors/packet-tns.c @@ -143,6 +143,11 @@ static int hf_tns_data_opi_version2_banner_len = -1; static int hf_tns_data_opi_version2_banner = -1; static int hf_tns_data_opi_version2_vsnum = -1; +static int hf_tns_data_opi_num_of_params = -1; +static int hf_tns_data_opi_param_length = -1; +static int hf_tns_data_opi_param_name = -1; +static int hf_tns_data_opi_param_value = -1; + static int hf_tns_data_setp_acc_version = -1; static int hf_tns_data_setp_cli_plat = -1; static int hf_tns_data_setp_version = -1; @@ -164,6 +169,8 @@ static gint ett_tns_control = -1; static gint ett_tns_data = -1; static gint ett_tns_data_flag = -1; static gint ett_tns_acc_versions = -1; +static gint ett_tns_opi_params = -1; +static gint ett_tns_opi_par = -1; static gint ett_tns_sopt_flag = -1; static gint ett_tns_ntp_flag = -1; static gint ett_tns_conn_flag = -1; @@ -565,32 +572,73 @@ static void dissect_tns_data(tvbuff_t *tvb, int offset, packet_info *pinfo, prot case SQLNET_RETURN_OPI_PARAM: { - /* - * Version2 response has a following pattern: - * ..(.?)Orac[le.+](.?)(....)$ - * || |_ vsnum - * || - * ||_ Indicates the banner length. If equal to 0 then next byte indicates the length. - * | - * |_ Unnecessary byte, skip it. - * - * These differences (to skip 1 or 2 bytes) due to differences in the drivers. - */ - guint8 skip = 0; - /* Orac[le.+] */ - if ( tvb_get_ntohl(tvb, offset+2) == 0x4f726163 ) - skip = 1; - if ( tvb_get_ntohl(tvb, offset+3) == 0x4f726163 ) - skip = 2; - - if ( skip ) /* is Version2 response */ + guint8 skip = 0, opi = 0; + + if ( tvb_bytes_exist(tvb, offset, 11) ) { - gint len; + /* + * OPI_VERSION2 response has a following pattern: + * + * _ banner _ vsnum + * / / + * ..(.?)(Orac[le.+])(.?)(....).+$ + * | + * \ banner length (if equal to 0 then next byte indicates the length). + * + * These differences (to skip 1 or 2 bytes) due to differences in the drivers. + */ + /* Orac[le.+] */ + if ( tvb_get_ntohl(tvb, offset+2) == 0x4f726163 ) + opi = OPI_VERSION2, skip = 1; + + else if ( tvb_get_ntohl(tvb, offset+3) == 0x4f726163 ) + opi = OPI_VERSION2, skip = 2; + + /* + * OPI_OSESSKEY response has a following pattern: + * + * _ pattern (v1|v2) + * / _ params + * / / + * (....)(........)(.+).+$ + * || + * \ if these two bytes are equal to 0x0c00 then first byte is <Param Counts> (v1), + * else next byte indicate it (v2). + */ + /* ....AUTH (v1) */ + else if ( tvb_get_ntoh64(tvb, offset+3) == 0x0000000c41555448 ) + opi = OPI_OSESSKEY, skip = 1; + /* ..AUTH_V (v2) */ + else if ( tvb_get_ntoh64(tvb, offset+3) == 0x0c0c415554485f53 ) + opi = OPI_OSESSKEY, skip = 2; + + /* + * OPI_OAUTH response has a following pattern: + * + * _ pattern (v1|v2) + * / _ params + * / / + * (....)(........)(.+).+$ + * || + * \ if these two bytes are equal to 0x1300 then first byte is <Param Counts> (v1), + * else next byte indicate it (v2). + */ + + /* ....AUTH (v1) */ + else if ( tvb_get_ntoh64(tvb, offset+3) == 0x0000001341555448 ) + opi = OPI_OAUTH, skip = 1; + /* ..AUTH_V (v2) */ + else if ( tvb_get_ntoh64(tvb, offset+3) == 0x1313415554485f56 ) + opi = OPI_OAUTH, skip = 2; + } + + if ( opi == OPI_VERSION2 ) + { proto_tree_add_item(data_tree, hf_tns_data_unused, tvb, offset, skip, ENC_NA); offset += skip; - len = tvb_get_guint8(tvb, offset); + guint8 len = tvb_get_guint8(tvb, offset); proto_tree_add_item(data_tree, hf_tns_data_opi_version2_banner_len, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; @@ -601,6 +649,116 @@ static void dissect_tns_data(tvbuff_t *tvb, int offset, packet_info *pinfo, prot proto_tree_add_item(data_tree, hf_tns_data_opi_version2_vsnum, tvb, offset, 4, skip == 1 ? ENC_BIG_ENDIAN : ENC_LITTLE_ENDIAN); offset += 4; } + else if ( opi == OPI_OSESSKEY || opi == OPI_OAUTH ) + { + proto_tree *params_tree; + proto_item *params_ti; + guint par, params; + + if ( skip == 1 ) + { + proto_tree_add_item_ret_uint(data_tree, hf_tns_data_opi_num_of_params, tvb, offset, 1, ENC_NA, ¶ms); + offset += 1; + + proto_tree_add_item(data_tree, hf_tns_data_unused, tvb, offset, 5, ENC_NA); + offset += 5; + } + else + { + proto_tree_add_item(data_tree, hf_tns_data_unused, tvb, offset, 1, ENC_NA); + offset += 1; + + proto_tree_add_item_ret_uint(data_tree, hf_tns_data_opi_num_of_params, tvb, offset, 1, ENC_NA, ¶ms); + offset += 1; + + proto_tree_add_item(data_tree, hf_tns_data_unused, tvb, offset, 2, ENC_NA); + offset += 2; + } + + params_tree = proto_tree_add_subtree(data_tree, tvb, offset, -1, ett_tns_opi_params, ¶ms_ti, "Parameters"); + + for ( par = 1; par <= params; par++ ) + { + proto_tree *par_tree; + proto_item *par_ti; + guint len, offset_prev; + + par_tree = proto_tree_add_subtree(params_tree, tvb, offset, -1, ett_tns_opi_par, &par_ti, "Parameter"); + proto_item_append_text(par_ti, " %u", par); + + /* Name length */ + proto_tree_add_item_ret_uint(par_tree, hf_tns_data_opi_param_length, tvb, offset, 1, ENC_NA, &len); + offset += 1; + + /* Name */ + if ( !(len == 0 || len == 2) ) /* Not empty (2 - SQLDeveloper specific sign). */ + { + proto_tree_add_item(par_tree, hf_tns_data_opi_param_name, tvb, offset, len, ENC_ASCII|ENC_NA); + offset += len; + } + + /* Value can be NULL. So, save offset to calculate unused data. */ + offset_prev = offset; + offset += skip == 1 ? 4 : 2; + + /* Value length */ + if ( opi == OPI_OSESSKEY ) + { + len = tvb_get_guint8(tvb, offset); + } + else /* OPI_OAUTH */ + { + len = tvb_get_guint8(tvb, offset_prev) == 0 ? 0 : tvb_get_guint8(tvb, offset); + } + + /* + * Value + * OPI_OSESSKEY: AUTH_VFR_DATA with length 0, 9, 0x39 comes without data. + * OPI_OAUTH: AUTH_VFR_DATA with length 0, 0x39 comes without data. + */ + if ( ((opi == OPI_OSESSKEY) && !(len == 0 || len == 9 || len == 0x39)) + || ((opi == OPI_OAUTH) && !(len == 0 || len == 0x39)) ) + { + proto_tree_add_item(par_tree, hf_tns_data_unused, tvb, offset_prev, offset - offset_prev, ENC_NA); + + proto_tree_add_item(par_tree, hf_tns_data_opi_param_length, tvb, offset, 1, ENC_NA); + offset += 1; + + proto_tree_add_item(par_tree, hf_tns_data_opi_param_value, tvb, offset, len, ENC_ASCII|ENC_NA); + offset += len; + + offset_prev = offset; /* Save offset to calculate rest of unused data */ + } + else + { + offset += 1; + } + + if ( opi == OPI_OSESSKEY ) + { + /* SQL Developer specifix fix */ + offset += tvb_get_guint8(tvb, offset) == 2 ? 5 : 3; + } + else /* OPI_OAUTH */ + { + offset += len == 0 ? 1 : 3; + } + + if ( skip == 1 ) + { + offset += 1 + ((len == 0 || len == 0x39) ? 3 : 4); + + if ( opi == OPI_OAUTH ) + { + offset += len == 0 ? 2 : 0; + } + } + + proto_tree_add_item(par_tree, hf_tns_data_unused, tvb, offset_prev, offset - offset_prev, ENC_NA); + proto_item_set_end(par_ti, tvb, offset); + } + proto_item_set_end(params_ti, tvb, offset); + } break; } @@ -1380,6 +1538,19 @@ void proto_register_tns(void) "Version", "tns.data_opi.vers2.version", FT_UINT32, BASE_CUSTOM, CF_FUNC(vsnum_to_vstext_basecustom), 0x0, NULL, HFILL }}, + { &hf_tns_data_opi_num_of_params, { + "Number of parameters", "tns.data_opi.num_of_params", FT_UINT8, BASE_DEC, + NULL, 0x0, NULL, HFILL }}, + { &hf_tns_data_opi_param_length, { + "Length", "tns.data_opi.param_length", FT_UINT8, BASE_DEC, + NULL, 0x0, NULL, HFILL }}, + { &hf_tns_data_opi_param_name, { + "Name", "tns.data_opi.param_name", FT_STRING, BASE_NONE, + NULL, 0x0, NULL, HFILL }}, + { &hf_tns_data_opi_param_value, { + "Value", "tns.data_opi.param_value", FT_STRING, BASE_NONE, + NULL, 0x0, NULL, HFILL }}, + { &hf_tns_reserved_byte, { "Reserved Byte", "tns.reserved_byte", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, @@ -1402,6 +1573,8 @@ void proto_register_tns(void) &ett_tns_data, &ett_tns_data_flag, &ett_tns_acc_versions, + &ett_tns_opi_params, + &ett_tns_opi_par, &ett_tns_sopt_flag, &ett_tns_ntp_flag, &ett_tns_conn_flag, |