diff options
| author | Guy Harris <guy@alum.mit.edu> | 2005-03-16 21:59:25 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2005-03-16 21:59:25 +0000 |
| commit | 90f8224360facc9d3b7e9bac2e704e4e75726e90 (patch) | |
| tree | b602a200a76719f9907e241553cb802aeb6c8de4 /epan/packet_info.h | |
| parent | c664c29958a6f9cfb08c13959ae73dd46de8cebe (diff) | |
Have GSS-API subdissectors supply a "data is encrypted" flag to their
callers, so that they can tell "no decrypted tvbuff because I couldn't
decrypt it" from "no decrypted tvbuff because it's not encrypted in the
first place". Set that based on the Kerberos seal algorithm field in
the SPNEGO Kerberos 5 wrap dissector code.
Use that to determine whether the GSS-API encapsulated data in LDAP is
encrypted or not., rather than using a heuristic.
Set the length of the SASL blob tvbuff based on the SASL length and the
length of the tvbuff from which it's consstructed, rather than setting
it to the SASL length.
svn path=/trunk/; revision=13780
Diffstat (limited to 'epan/packet_info.h')
| -rw-r--r-- | epan/packet_info.h | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/epan/packet_info.h b/epan/packet_info.h index 1d9ce767b0..f71cf15082 100644 --- a/epan/packet_info.h +++ b/epan/packet_info.h @@ -132,10 +132,14 @@ typedef struct _packet_info { guint16 dcetransportsalt; /* fid: if transporttype==DCE_CN_TRANSPORT_SMBPIPE */ /* Extra data for handling of decryption of GSSAPI wrapped tvbuffs. - Caller sets gssapi_decrypt_tvb if this service is requested. + Caller sets decrypt_gssapi_tvb if this service is requested. If gssapi_encrypted_tvb is NULL, then the rest of the tvb data following - the gssapi blob it self is decrypted othervise the gssapi_encrypted_tvb + the gssapi blob itself is decrypted othervise the gssapi_encrypted_tvb tvb will be decrypted (DCERPC has the data before the gssapi blob) + If, on return, gssapi_data_encrypted is FALSE, the wrapped tvbuff + was signed (i.e., an encrypted signature was present, to check + whether the data was modified by a man in the middle) but not sealed + (i.e., the data itself wasn't encrypted). */ #define DECRYPT_GSSAPI_NORMAL 1 #define DECRYPT_GSSAPI_DCE 2 @@ -143,6 +147,7 @@ typedef struct _packet_info { tvbuff_t *gssapi_wrap_tvb; tvbuff_t *gssapi_encrypted_tvb; tvbuff_t *gssapi_decrypted_tvb; + gboolean gssapi_data_encrypted; guint32 ppid[MAX_NUMBER_OF_PPIDS]; /* The first NUMBER_OF_PPIDS PPIDS which are present * in the SCTP packet |