diff options
author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2005-03-21 10:07:55 +0000 |
---|---|---|
committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2005-03-21 10:07:55 +0000 |
commit | 31f7bd0e605b09c4935ce57ba2e11f5a97d4e8ba (patch) | |
tree | 8dda9b9296a37ccc4b657cc1234429b1f5c5caab /epan/dissectors | |
parent | 58864f0b5a46dfae808a9eb9664ef3f9446da694 (diff) |
remove some heimdal dependencies we dont really need
and prepare for gssapi mit support
svn path=/trunk/; revision=13849
Diffstat (limited to 'epan/dissectors')
-rw-r--r-- | epan/dissectors/packet-kerberos.c | 31 | ||||
-rw-r--r-- | epan/dissectors/packet-kerberos.h | 5 | ||||
-rw-r--r-- | epan/dissectors/packet-spnego.c | 16 |
3 files changed, 33 insertions, 19 deletions
diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c index 083045a255..796b80e723 100644 --- a/epan/dissectors/packet-kerberos.c +++ b/epan/dissectors/packet-kerberos.c @@ -471,10 +471,9 @@ printf("woohoo decrypted keytype:%d in frame:%d\n", keytype, pinfo->fd->num); } #elif defined(HAVE_HEIMDAL_KERBEROS) - +#include <krb5.h> enc_key_t *enc_key_list=NULL; - static void add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, char *origin) { @@ -489,6 +488,11 @@ printf("added key in %d\n",pinfo->fd->num); sprintf(new_key->key_origin, "%s learnt from frame %d",origin,pinfo->fd->num); new_key->next=enc_key_list; enc_key_list=new_key; + new_key->keytype=keytype; + new_key->keylength=keylength; + /*XXX this needs to be freed later */ + new_key->keyvalue=g_memdup(keyvalue, keylength); +/*QQQ new_key->key.principal=NULL; new_key->key.vno=0; new_key->key.keyblock.keytype=keytype; @@ -496,12 +500,15 @@ printf("added key in %d\n",pinfo->fd->num); new_key->key.keyblock.keyvalue.data=g_malloc(keylength); memcpy(new_key->key.keyblock.keyvalue.data, keyvalue, keylength); new_key->key.timestamp=0; +*/ } + static void read_keytab_file(char *filename, krb5_context *context) { krb5_keytab keytab; + krb5_keytab_entry key; krb5_error_code ret; krb5_kt_cursor cursor; enc_key_t *new_key; @@ -523,7 +530,7 @@ read_keytab_file(char *filename, krb5_context *context) do{ new_key=g_malloc(sizeof(enc_key_t)); new_key->next=enc_key_list; - ret = krb5_kt_next_entry(*context, keytab, &(new_key->key), &cursor); + ret = krb5_kt_next_entry(*context, keytab, &key, &cursor); if(ret==0){ unsigned int i; char *pos; @@ -531,12 +538,14 @@ read_keytab_file(char *filename, krb5_context *context) /* generate origin string, describing where this key came from */ pos=new_key->key_origin; pos+=sprintf(pos, "keytab principal "); - for(i=0;i<new_key->key.principal->name.name_string.len;i++){ - pos+=sprintf(pos,"%s%s",(i?"/":""),new_key->key.principal->name.name_string.val[i]); + for(i=0;i<key.principal->name.name_string.len;i++){ + pos+=sprintf(pos,"%s%s",(i?"/":""),key.principal->name.name_string.val[i]); } - pos+=sprintf(pos,"@%s",new_key->key.principal->realm); + pos+=sprintf(pos,"@%s",key.principal->realm); *pos=0; - + new_key->keytype=key.keyblock.keytype; + new_key->keylength=key.keyblock.keyvalue.length; + new_key->keyvalue=g_memdup(key.keyblock.keyvalue.data, key.keyblock.keyvalue.length); enc_key_list=new_key; } }while(ret==0); @@ -581,15 +590,19 @@ decrypt_krb5_data(proto_tree *tree, packet_info *pinfo, } for(ek=enc_key_list;ek;ek=ek->next){ + krb5_keytab_entry key; krb5_crypto crypto; guint8 *cryptocopy; /* workaround for pre-0.6.1 heimdal bug */ /* shortcircuit and bail out if enctypes are not matching */ - if(ek->key.keyblock.keytype!=keytype){ + if(ek->keytype!=keytype){ continue; } - ret = krb5_crypto_init(context, &(ek->key.keyblock), 0, &crypto); + key.keyblock.keytype=ek->keytype; + key.keyblock.keyvalue.length=ek->keylength; + key.keyblock.keyvalue.data=ek->keyvalue; + ret = krb5_crypto_init(context, &(key.keyblock), 0, &crypto); if(ret){ return NULL; } diff --git a/epan/dissectors/packet-kerberos.h b/epan/dissectors/packet-kerberos.h index 188d9a3da0..ff81e6a7fa 100644 --- a/epan/dissectors/packet-kerberos.h +++ b/epan/dissectors/packet-kerberos.h @@ -57,10 +57,11 @@ int dissect_krb5_realm(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int #define KRB_MAX_ORIG_LEN 256 #ifdef HAVE_HEIMDAL_KERBEROS -#include <krb5.h> typedef struct _enc_key_t { struct _enc_key_t *next; - krb5_keytab_entry key; + int keytype; + int keylength; + char *keyvalue; char key_origin[KRB_MAX_ORIG_LEN+1]; } enc_key_t; extern enc_key_t *enc_key_list; diff --git a/epan/dissectors/packet-spnego.c b/epan/dissectors/packet-spnego.c index 77ecf1a775..6b61d39bf3 100644 --- a/epan/dissectors/packet-spnego.c +++ b/epan/dissectors/packet-spnego.c @@ -407,11 +407,11 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) #ifdef HAVE_KERBEROS #include <epan/crypt-md5.h> -#ifndef HAVE_KEYTYPE_ARCFOUR_56 +#ifndef KEYTYPE_ARCFOUR_56 # define KEYTYPE_ARCFOUR_56 24 #endif /* XXX - We should probably do a configure-time check for this instead */ -#ifndef HAVE_HEIMDAL_KERBEROS +#ifndef KRB5_KU_USAGE_SEAL # define KRB5_KU_USAGE_SEAL 22 #endif @@ -664,7 +664,7 @@ decrypt_arcfour(packet_info *pinfo, #ifdef HAVE_HEIMDAL_KERBEROS static void -decrypt_heimdal_gssapi_krb_arcfour_wrap(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int keytype) +decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int keytype) { int ret; enc_key_t *ek; @@ -708,7 +708,7 @@ decrypt_heimdal_gssapi_krb_arcfour_wrap(proto_tree *tree, packet_info *pinfo, tv for(ek=enc_key_list;ek;ek=ek->next){ /* shortcircuit and bail out if enctypes are not matching */ - if(ek->key.keyblock.keytype!=keytype){ + if(ek->keytype!=keytype){ continue; } @@ -722,9 +722,9 @@ decrypt_heimdal_gssapi_krb_arcfour_wrap(proto_tree *tree, packet_info *pinfo, tv ret=decrypt_arcfour(pinfo, cryptocopy, output_message_buffer, - ek->key.keyblock.keyvalue.data, - ek->key.keyblock.keyvalue.length, - ek->key.keyblock.keytype + ek->keyvalue, + ek->keylength, + ek->keytype ); if (ret >= 0) { proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin); @@ -849,7 +849,7 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo GSS_ARCFOUR_WRAP_TOKEN_SIZE); } #ifdef HAVE_HEIMDAL_KERBEROS - decrypt_heimdal_gssapi_krb_arcfour_wrap(tree, + decrypt_gssapi_krb_arcfour_wrap(tree, pinfo, tvb, 23 /* rc4-hmac */); |