From Yaniv Kaul via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5366 :

Several fixes that make Tight VNC negotiation properly parsed. It was not parsed correctly previously, for multiple reasons. svn path=/trunk/; revision=34976
author: Jeff Morriss <jeff.morriss@ulticom.com> 2010-11-19 18:53:40 +0000
committer: Jeff Morriss <jeff.morriss@ulticom.com> 2010-11-19 18:53:40 +0000
commit: 8f642bdb5ccba590ab66cec102498e77493fded9 (patch)
tree: 2cc46e81f0dcbc37da07ada4e3d23eaa2b19b5c4 /epan/dissectors/packet-vnc.c
parent: 2f0ee70e27d6fd264f31fbf481c7121d9235dbfe (diff)
1 files changed, 109 insertions, 51 deletions
diff --git a/epan/dissectors/packet-vnc.c b/epan/dissectors/packet-vnc.c
index 30d8bf7bd7..14fe498e4d 100644
--- a/epan/dissectors/packet-vnc.c
+++ b/epan/dissectors/packet-vnc.c
@@ -67,7 +67,9 @@ typedef enum {
 	VNC_SECURITY_TYPE_VENCRYPT      = 19,
 	VNC_SECURITY_TYPE_GTK_VNC_SASL  = 20,
 	VNC_SECURITY_TYPE_MD5_HASH_AUTH = 21,
-	VNC_SECURITY_TYPE_XVP           = 22
+	VNC_SECURITY_TYPE_XVP           = 22,
+	VNC_TIGHT_AUTH_TGHT_ULGNAUTH	= 119,
+	VNC_TIGHT_AUTH_TGHT_XTRNAUTH	= 130
 } vnc_security_types_e;
 
 static const value_string vnc_security_types_vs[] = {
@@ -283,7 +285,6 @@ typedef enum {
 	VNC_SESSION_STATE_TIGHT_TUNNEL_TYPE_REPLY,
 	VNC_SESSION_STATE_TIGHT_AUTH_CAPABILITIES,
 	VNC_SESSION_STATE_TIGHT_AUTH_TYPE_REPLY,
-	VNC_SESSION_STATE_TIGHT_AUTH_TYPE_AND_VENDOR_CODE,
 	VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3,
 
 	VNC_SESSION_STATE_VNC_AUTHENTICATION_CHALLENGE,
@@ -295,7 +296,6 @@ typedef enum {
 	VNC_SESSION_STATE_SERVER_INIT,
 
 	VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS,
-	VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS_LIST,
 
 	VNC_SESSION_STATE_NORMAL_TRAFFIC
 } vnc_session_state_e;
@@ -310,6 +310,7 @@ typedef struct {
 	gint num_client_message_types;
 	gint num_encoding_types;
 	guint8 security_type_selected;
+	gboolean tight_enabled;
 } vnc_conversation_t;
 
 /* This structure will be tied to each packet */
@@ -479,8 +480,7 @@ static int hf_vnc_tight_tunnel_type = -1;
 
 /* Authentication capabilities (TightVNC extension) */
 static int hf_vnc_tight_num_auth_types = -1;
-static int hf_vnc_tight_auth_type = -1;
-
+static int hf_vnc_tight_auth_code = -1;
 /* TightVNC capabilities */
 static int hf_vnc_tight_server_message_type = -1;
 static int hf_vnc_tight_server_vendor = -1;
@@ -602,6 +602,7 @@ static gint ett_vnc_colormap_color_group = -1;
 guint8 vnc_bytes_per_pixel;
 guint8 vnc_depth;
 
+
 static dissector_handle_t vnc_handle;
 
 /* Code to dissect the packets */
@@ -629,8 +630,9 @@ dissect_vnc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 
 		per_conversation_info->vnc_next_state = VNC_SESSION_STATE_SERVER_VERSION;
 		per_conversation_info->security_type_selected = VNC_SECURITY_TYPE_INVALID;
-
-      		conversation_add_proto_data(conversation, proto_vnc,
+		per_conversation_info->tight_enabled = FALSE;
+		
+      	conversation_add_proto_data(conversation, proto_vnc,
 					    per_conversation_info);
 	}
 
@@ -692,10 +694,9 @@ process_vendor(proto_tree *tree, gint hfindex, tvbuff_t *tvb, gint offset)
 static gint
 process_tight_capabilities(proto_tree *tree,
 			   gint type_index, gint vendor_index, gint name_index,
-			   tvbuff_t *tvb, gint offset, gint num_capabilities)
+			   tvbuff_t *tvb, gint offset, const gint num_capabilities)
 {
 	gint i;
-
 	/* See vnc_unixsrc/include/rfbproto.h:rfbCapabilityInfo */
 
 	for (i = 0; i < num_capabilities; i++) {
@@ -760,7 +761,7 @@ vnc_startup_messages(tvbuff_t *tvb, packet_info *pinfo, gint offset,
 		     *per_conversation_info)
 {
 	guint8 num_security_types;
-	guint32 desktop_name_len, auth_result, text_len;
+	guint32 desktop_name_len, auth_result, text_len, auth_code;
 	vnc_packet_t *per_packet_info;
 	gint num_tunnel_types;
 	gint num_auth_types;
@@ -896,6 +897,7 @@ vnc_startup_messages(tvbuff_t *tvb, packet_info *pinfo, gint offset,
 		case VNC_SECURITY_TYPE_TIGHT :
 			per_conversation_info->vnc_next_state =
 				VNC_SESSION_STATE_TIGHT_TUNNELING_CAPABILITIES;
+			per_conversation_info->tight_enabled = TRUE;
 			break;
 
 		default :
@@ -947,13 +949,62 @@ vnc_startup_messages(tvbuff_t *tvb, packet_info *pinfo, gint offset,
 
 		{
 			int i;
-
-			for (i = 0; i < num_auth_types; i++) {
-				/* See xserver/hw/vnc/auth.c:rfbSendAuthCaps()
-				 * We don't actually display the auth types for now.
-				 */
-				proto_tree_add_item(tree, hf_vnc_tight_auth_type, tvb, offset, 16, FALSE);
-				offset += 16;
+			guint8 *vendor, *signature;
+			for (i = 0; i < 1; i++) {
+				auth_code = tvb_get_ntohl(tvb, offset);
+				proto_tree_add_item(tree, hf_vnc_tight_auth_code, tvb, offset, 4, FALSE);
+				offset += 4;
+				vendor = tvb_get_string(tvb, offset, 4);
+				process_vendor(tree, hf_vnc_tight_server_vendor, tvb, offset);
+				offset += 4;
+				signature = tvb_get_string(tvb, offset, 8);
+				proto_tree_add_text(tree, tvb, offset, 8, "Signature: %s", signature);
+				offset += 8;
+				
+				switch(auth_code) {
+					case VNC_SECURITY_TYPE_NONE:
+						if ((g_ascii_strcasecmp(vendor, "STDV") != 0) || (g_ascii_strcasecmp(signature, "NOAUTH__") != 0)) {
+						/* TODO: create a Expert Info */
+							proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
+						}						
+						break;
+					case VNC_SECURITY_TYPE_VNC:
+						if ((g_ascii_strcasecmp(vendor, "STDV") != 0) || (g_ascii_strcasecmp(signature, "VNCAUTH_") != 0)) {
+						/* TODO: create a Expert Info */
+							proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
+						}
+						break;
+					case VNC_SECURITY_TYPE_VENCRYPT:
+						if ((g_ascii_strcasecmp(vendor, "VENC") != 0) || (g_ascii_strcasecmp(signature, "VENCRYPT") != 0)) {
+						/* TODO: create a Expert Info */
+							proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
+						}
+						break;
+					case VNC_SECURITY_TYPE_GTK_VNC_SASL:
+						if ((g_ascii_strcasecmp(vendor, "GTKV") != 0) || (g_ascii_strcasecmp(signature, "SASL____") != 0)) {
+						/* TODO: create a Expert Info */
+							proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
+						}
+						break;
+					case VNC_TIGHT_AUTH_TGHT_ULGNAUTH:
+						if ((g_ascii_strcasecmp(vendor, "TGHT") != 0) || (g_ascii_strcasecmp(signature, "ULGNAUTH") != 0)) {
+						/* TODO: create a Expert Info */
+							proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
+						}
+						break;
+					case VNC_TIGHT_AUTH_TGHT_XTRNAUTH:
+						if ((g_ascii_strcasecmp(vendor, "TGHT") != 0) || (g_ascii_strcasecmp(signature, "XTRNAUTH") != 0)) {
+						/* TODO: create a Expert Info */
+							proto_tree_add_text(tree, tvb, offset, 0, "Authentication code does not match vendor or signature");
+						}
+						break;
+					default:
+						proto_tree_add_text(tree, tvb, offset, 0, "Unknown TIGHT VNC authentication");
+						break;
+				}
+				
+				g_free(vendor);
+				g_free(signature);
 			}
 		}
 
@@ -964,26 +1015,39 @@ vnc_startup_messages(tvbuff_t *tvb, packet_info *pinfo, gint offset,
 		break;
 
 	case VNC_SESSION_STATE_TIGHT_AUTH_TYPE_REPLY:
-		REPORT_DISSECTOR_BUG("Unimplemented case: TightVNC authentication reply");
-		/* FIXME: implement.  See xserver/hw/vnc/auth.c:rfbProcessClientAuthType() */
-		break;
-
-	case VNC_SESSION_STATE_TIGHT_AUTH_TYPE_AND_VENDOR_CODE :
-		col_set_str(pinfo->cinfo, COL_INFO, "Authentication type / vendor code");
-
-		proto_tree_add_item(tree, hf_vnc_server_security_type, tvb,
-				    offset, 4, FALSE);
-
-		offset += 4;
-
-		offset = process_vendor(tree, hf_vnc_vendor_code, tvb, offset);
-
-		/* Display authentication method string */
-		proto_tree_add_item(tree, hf_vnc_security_type_string, tvb,
-				    offset, 8, FALSE);
-
-		per_conversation_info->vnc_next_state =
-			VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
+		col_set_str(pinfo->cinfo, COL_INFO, "TightVNC authentication type selected by client");
+		auth_code = tvb_get_ntohl(tvb, offset);
+		proto_tree_add_item(tree, hf_vnc_tight_auth_code, tvb, offset, 4, FALSE);
+			
+		switch(auth_code) {
+			case VNC_SECURITY_TYPE_NONE:
+				per_conversation_info->security_type_selected = VNC_SECURITY_TYPE_NONE;
+				per_conversation_info->vnc_next_state = VNC_SESSION_STATE_CLIENT_INIT;
+			break;
+			case VNC_SECURITY_TYPE_VNC:
+				per_conversation_info->security_type_selected = VNC_SECURITY_TYPE_VNC;
+				per_conversation_info->vnc_next_state = VNC_SESSION_STATE_VNC_AUTHENTICATION_CHALLENGE;
+			break;
+			case VNC_SECURITY_TYPE_GTK_VNC_SASL:
+				per_conversation_info->security_type_selected = VNC_SECURITY_TYPE_GTK_VNC_SASL;
+				/* TODO: dissection not implemented yet */
+				per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
+				break;
+			case VNC_TIGHT_AUTH_TGHT_ULGNAUTH:
+				per_conversation_info->security_type_selected = VNC_TIGHT_AUTH_TGHT_ULGNAUTH;
+				/* TODO: dissection not implemented yet */
+				per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
+				break;
+			case VNC_TIGHT_AUTH_TGHT_XTRNAUTH:
+				per_conversation_info->security_type_selected = VNC_TIGHT_AUTH_TGHT_XTRNAUTH;
+				/* TODO: dissection not implemented yet */
+				per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
+				break;
+			default:
+				proto_tree_add_text(tree, tvb, offset, 0, "Unknown authentication selected");
+				per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3;
+				break;
+		}
 
 		break;
 
@@ -1129,7 +1193,7 @@ vnc_startup_messages(tvbuff_t *tvb, packet_info *pinfo, gint offset,
 					    FALSE);
 		}
 
-		if(per_conversation_info->security_type_selected == VNC_SECURITY_TYPE_TIGHT)
+		if(per_conversation_info->tight_enabled == TRUE)
 			per_conversation_info->vnc_next_state =
 				VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS;
 		else
@@ -1156,12 +1220,7 @@ vnc_startup_messages(tvbuff_t *tvb, packet_info *pinfo, gint offset,
 
 		proto_tree_add_item(tree, hf_vnc_padding, tvb, offset, 2,
 				    FALSE);
-
-		per_conversation_info->vnc_next_state = VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS_LIST;
-		break;
-
-	case VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS_LIST:
-		col_set_str(pinfo->cinfo, COL_INFO, "TightVNC Interaction Capabilities list");
+		offset += 2;
 
 		offset = process_tight_capabilities(tree,
 						    hf_vnc_tight_server_message_type,
@@ -1543,7 +1602,7 @@ vnc_server_framebuffer_update(tvbuff_t *tvb, packet_info *pinfo, gint *offset,
 	*offset += 2;
 
 	for(i = 1; i <= num_rects; i++) {
-
+	
 		VNC_BYTES_NEEDED(12);
 
 		ti = proto_tree_add_text(tree, tvb, *offset, 12,
@@ -1865,7 +1924,6 @@ vnc_hextile_encoding(tvbuff_t *tvb, packet_info *pinfo, gint *offset,
 			}
 		}
 	}
-
 	return 0; /* bytes_needed */
 }
 
@@ -2435,10 +2493,10 @@ proto_register_vnc(void)
 		    FT_UINT32, BASE_DEC, NULL, 0x0,
 		    "Authentication types specific to TightVNC", HFILL }
 		},
-		{ &hf_vnc_tight_auth_type,
-		  { "Authentication type", "vnc.auth_type",
-		    FT_UINT8, BASE_DEC, NULL, 0x0,
-		    "Authentication type specific to TightVNC", HFILL }
+		{ &hf_vnc_tight_auth_code,
+		  { "Authentication code", "vnc.tight_auth_code",
+		    FT_UINT32, BASE_DEC, VALS(vnc_security_types_vs), 0x0,
+		    "Authentication code specific to TightVNC", HFILL }
 		},
 		{ &hf_vnc_tight_server_message_type,
 		  { "Server message type (TightVNC)", "vnc.tight_server_message_type",
@@ -2472,7 +2530,7 @@ proto_register_vnc(void)
 		},
 		{ &hf_vnc_tight_encoding_type,
 		  { "Encoding type", "vnc.encoding_type",
-		    FT_INT32, BASE_DEC, NULL, 0x0,
+		    FT_INT32, BASE_DEC, VALS(encoding_types_vs), 0x0,
 		    "Encoding type specific to TightVNC", HFILL }
 		},
 		{ &hf_vnc_tight_encoding_vendor,
author	Jeff Morriss <jeff.morriss@ulticom.com>	2010-11-19 18:53:40 +0000
committer	Jeff Morriss <jeff.morriss@ulticom.com>	2010-11-19 18:53:40 +0000
commit	8f642bdb5ccba590ab66cec102498e77493fded9 (patch)
tree	2cc46e81f0dcbc37da07ada4e3d23eaa2b19b5c4 /epan/dissectors/packet-vnc.c
parent	2f0ee70e27d6fd264f31fbf481c7121d9235dbfe (diff)