diff options
author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2005-03-10 10:16:49 +0000 |
---|---|---|
committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2005-03-10 10:16:49 +0000 |
commit | 8700645d5465babe0d0d095ff90c3d417690f080 (patch) | |
tree | d120c869b9fa43aa543636d8690c614632a937f6 /epan/dissectors | |
parent | 1564a2d2d33750ce7a3268d8b6134201a53a3946 (diff) |
add support to decrypt and dissect sign-and-sealed traffic.
(cifs: dc's talking to eachother and when longhorn comes out: anyone wanting to talk dce to a dc!)
((this is an incredibly advanced feature well worthy of mentioning in NEWS))
svn path=/trunk/; revision=13690
Diffstat (limited to 'epan/dissectors')
-rw-r--r-- | epan/dissectors/packet-dcerpc.c | 17 | ||||
-rw-r--r-- | epan/dissectors/packet-gssapi.c | 32 | ||||
-rw-r--r-- | epan/dissectors/packet-gssapi.h | 6 | ||||
-rw-r--r-- | epan/dissectors/packet-kerberos.c | 4 | ||||
-rw-r--r-- | epan/dissectors/packet-ldap.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-ntlmssp.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-spnego.c | 37 |
7 files changed, 81 insertions, 19 deletions
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c index e7498aa825..f600b0cf4e 100644 --- a/epan/dissectors/packet-dcerpc.c +++ b/epan/dissectors/packet-dcerpc.c @@ -2854,7 +2854,7 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, gboolean save_fragmented; fragment_data *fd_head=NULL; guint32 tot_len; - tvbuff_t *payload_tvb, *decrypted_tvb; + tvbuff_t *auth_tvb, *payload_tvb, *decrypted_tvb; proto_item *pi; save_fragmented = pinfo->fragmented; @@ -2872,6 +2872,17 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, length = reported_length; payload_tvb = tvb_new_subset(tvb, offset, length, reported_length); + auth_tvb=NULL; + /*dont bother if we dont have the entire tvb */ + /*XXX we should really make sure we calculate auth_info->auth_data + and use that one instead of this auth_tvb hack + */ + if(tvb_length(tvb)==tvb_reported_length(tvb)){ + if(tvb_length_remaining(tvb, offset+length)>8){ + auth_tvb = tvb_new_subset(tvb, offset+length+8, -1, -1); + } + } + /* Decrypt the PDU if it is encrypted */ if (auth_info->auth_type && @@ -2889,9 +2900,9 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, if ((auth_fns = get_auth_subdissector_fns( auth_info->auth_level, auth_info->auth_type))) { tvbuff_t *result; - + result = decode_encrypted_data( - payload_tvb, NULL, pinfo, auth_fns, + payload_tvb, auth_tvb, pinfo, auth_fns, hdr->ptype == PDU_REQ, auth_info); if (result) { diff --git a/epan/dissectors/packet-gssapi.c b/epan/dissectors/packet-gssapi.c index 85d456edb3..38df659cb8 100644 --- a/epan/dissectors/packet-gssapi.c +++ b/epan/dissectors/packet-gssapi.c @@ -202,6 +202,7 @@ dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, goto done; } + if (!(cls == ASN1_APL && con == ASN1_CON && tag == 0)) { /* * If we do not recognise an Application class, @@ -458,6 +459,37 @@ int wrap_dissect_gssapi_verf(tvbuff_t *tvb, int offset, return dissect_gssapi_verf(auth_tvb, pinfo, tree); } +tvbuff_t * +wrap_dissect_gssapi_payload(tvbuff_t *data_tvb, + tvbuff_t *auth_tvb, + int offset, + packet_info *pinfo, + dcerpc_auth_info *auth_info) +{ + tvbuff_t *result; + + /* we need a full auth and a full data tvb or else we cant + decrypt anything + */ + if((!auth_tvb)||(!data_tvb)){ + return NULL; + } + + pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_DCE; + pinfo->gssapi_wrap_tvb=NULL; + pinfo->gssapi_encrypted_tvb=data_tvb; + pinfo->gssapi_decrypted_tvb=NULL; + dissect_gssapi_verf(auth_tvb, pinfo, NULL); + result=pinfo->gssapi_decrypted_tvb; + + pinfo->decrypt_gssapi_tvb=0; + pinfo->gssapi_wrap_tvb=NULL; + pinfo->gssapi_encrypted_tvb=NULL; + pinfo->gssapi_decrypted_tvb=NULL; + + return result; +} + static dcerpc_auth_subdissector_fns gssapi_auth_fns = { wrap_dissect_gssapi, /* Bind */ wrap_dissect_gssapi, /* Bind ACK */ diff --git a/epan/dissectors/packet-gssapi.h b/epan/dissectors/packet-gssapi.h index 761b8b4c1d..7bf2ced0f9 100644 --- a/epan/dissectors/packet-gssapi.h +++ b/epan/dissectors/packet-gssapi.h @@ -49,4 +49,10 @@ int wrap_dissect_gssapi_verf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +tvbuff_t *wrap_dissect_gssapi_payload(tvbuff_t *data_tvb, + tvbuff_t *auth_tvb, + int offset, + packet_info *pinfo, + dcerpc_auth_info *auth_info); + #endif /* __PACKET_GSSAPI_H */ diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c index f5d2ee38ac..11d29cd68a 100644 --- a/epan/dissectors/packet-kerberos.c +++ b/epan/dissectors/packet-kerberos.c @@ -4373,8 +4373,8 @@ static dcerpc_auth_subdissector_fns gss_kerb_auth_fns = { NULL, /* AUTH3 */ wrap_dissect_gssapi_verf, /* Request verifier */ wrap_dissect_gssapi_verf, /* Response verifier */ - NULL, /* Request data */ - NULL /* Response data */ + wrap_dissect_gssapi_payload, /* Request data */ + wrap_dissect_gssapi_payload /* Response data */ }; diff --git a/epan/dissectors/packet-ldap.c b/epan/dissectors/packet-ldap.c index a998acff2f..dfafa85e7e 100644 --- a/epan/dissectors/packet-ldap.c +++ b/epan/dissectors/packet-ldap.c @@ -2572,6 +2572,7 @@ dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean i /* Attempt decryption of the GSSAPI wrapped data if possible */ pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL; + pinfo->gssapi_wrap_tvb=NULL; pinfo->gssapi_encrypted_tvb=NULL; pinfo->gssapi_decrypted_tvb=NULL; len = call_dissector(gssapi_wrap_handle, next_tvb, pinfo, gtree); @@ -2583,6 +2584,7 @@ dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean i } /* tidy up */ pinfo->decrypt_gssapi_tvb=0; + pinfo->gssapi_wrap_tvb=NULL; pinfo->gssapi_encrypted_tvb=NULL; pinfo->gssapi_decrypted_tvb=NULL; diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c index 6a595a94b1..0774db0ac3 100644 --- a/epan/dissectors/packet-ntlmssp.c +++ b/epan/dissectors/packet-ntlmssp.c @@ -37,13 +37,13 @@ #include "packet-windows-common.h" #include "packet-smb-common.h" #include <epan/asn1.h> /* XXX - needed for subid_t */ -#include "packet-gssapi.h" #include "packet-frame.h" #include <epan/prefs.h> #include <epan/crypt-rc4.h> #include <epan/crypt-md4.h> #include <epan/crypt-des.h> #include "packet-dcerpc.h" +#include "packet-gssapi.h" #include "packet-ntlmssp.h" diff --git a/epan/dissectors/packet-spnego.c b/epan/dissectors/packet-spnego.c index 54f51f1cba..e0f7907274 100644 --- a/epan/dissectors/packet-spnego.c +++ b/epan/dissectors/packet-spnego.c @@ -42,6 +42,7 @@ #include <epan/asn1.h> #include "format-oid.h" +#include "packet-dcerpc.h" #include "packet-gssapi.h" #include "packet-kerberos.h" #include <epan/crypt-rc4.h> @@ -532,7 +533,6 @@ gssapi_verify_pad(unsigned char *wrapped_data, int wrapped_length, return 0; } -#ifdef HAVE_HEIMDAL_KERBEROS static int decrypt_arcfour(packet_info *pinfo, char *input_message_buffer, @@ -625,34 +625,45 @@ decrypt_arcfour(packet_info *pinfo, } memset(k6_data, 0, sizeof(k6_data)); - ret = gssapi_verify_pad(output_message_buffer,datalen,datalen, &padlen); - if (ret) { - return 9; + /* only normal (i.e. non DCE style wrapping use padding ? */ + if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){ + ret = gssapi_verify_pad(output_message_buffer,datalen,datalen, &padlen); + if (ret) { + return 9; + } + } else { + padlen=0; } datalen -= padlen; - ret = arcfour_mic_cksum(key_value, key_size, + /* dont know what the checksum looks like for dce style gssapi */ + if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){ + ret = arcfour_mic_cksum(key_value, key_size, KRB5_KU_USAGE_SEAL, cksum_data, tvb_get_ptr(pinfo->gssapi_wrap_tvb, 0, 8), 8, Confounder, sizeof(Confounder), output_message_buffer, datalen + padlen); - if (ret) { - return 10; - } + if (ret) { + return 10; + } - cmp = memcmp(cksum_data, - tvb_get_ptr(pinfo->gssapi_wrap_tvb, 16, 8), - 8); /* SGN_CKSUM */ - if (cmp) { - return 11; + cmp = memcmp(cksum_data, + tvb_get_ptr(pinfo->gssapi_wrap_tvb, 16, 8), + 8); /* SGN_CKSUM */ + if (cmp) { + return 11; + } } return 0; } + + +#ifdef HAVE_HEIMDAL_KERBEROS #include <krb5.h> static void |