diff options
| author | Guy Harris <guy@alum.mit.edu> | 2012-05-10 01:01:18 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2012-05-10 01:01:18 +0000 |
| commit | 47cd41dbda948fd105468393a9ec8bc2c28e8b17 (patch) | |
| tree | a7eec5f585ff8d736f2b7475f56a2e11109a4d71 /epan | |
| parent | dedd0eadd0d56367946a3fe84585f1892fa91dc0 (diff) | |
Get rid of remaining Booleans-as-encoding-arguments in
proto_tree_add_item() calls.
For RADIUS, this means that, for string attributes that are encrypted,
we need separate fields for the encrypted and decrypted versions, the
former of which is an FT_BYTES (as its value is *NOT* a text string!)
and the latter of which is FT_STRING.
While we're at it:
make some routines static that don't need to be exported;
"encrypt=" takes a value between 1 and 3 - get the value from
the dictionary and store it, and only do User-Password-style
decryption for encrypt=1 attributes;
rename "hf64" to "hf_alt", as it's a general "alternate field",
used for 64-bit values for integral attributess, IPv6 addresses
for "combo IP" attributes, and encrypted values for string
fields;
give the URL for the FreeRADIUS dictionary file format man page.
svn path=/trunk/; revision=42530
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-radius.c | 73 | ||||
| -rw-r--r-- | epan/dissectors/packet-radius.h | 4 | ||||
| -rw-r--r-- | epan/radius_dict.l | 24 |
3 files changed, 65 insertions, 36 deletions
diff --git a/epan/dissectors/packet-radius.c b/epan/dissectors/packet-radius.c index a9eebab40d..bb3d37f3a5 100644 --- a/epan/dissectors/packet-radius.c +++ b/epan/dissectors/packet-radius.c @@ -39,6 +39,12 @@ * See also * * http://www.iana.org/assignments/radius-types + * + * and see + * + * http://freeradius.org/radiusd/man/dictionary.html + * + * for the dictionary file syntax. */ @@ -563,7 +569,7 @@ void radius_integer(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo break; case 8: { guint64 uint64 = tvb_get_ntoh64(tvb,offset); - proto_tree_add_uint64(tree,a->hf64,tvb,offset,len,uint64); + proto_tree_add_uint64(tree,a->hf_alt,tvb,offset,len,uint64); proto_item_append_text(avp_item, "%" G_GINT64_MODIFIER "u", uint64); return; } @@ -571,7 +577,7 @@ void radius_integer(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo proto_item_append_text(avp_item, "[unhandled integer length(%u)]", len); return; } - proto_tree_add_item(tree,a->hf,tvb, offset, len, FALSE); + proto_tree_add_item(tree,a->hf,tvb, offset, len, ENC_BIG_ENDIAN); if (a->vs) { proto_item_append_text(avp_item, "%s(%u)", val_to_str(uint, a->vs, "Unknown"),uint); @@ -598,7 +604,7 @@ void radius_signed(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo _ break; case 8: { guint64 uint64 = tvb_get_ntoh64(tvb,offset); - proto_tree_add_int64(tree,a->hf64,tvb,offset,len,uint64); + proto_tree_add_int64(tree,a->hf_alt,tvb,offset,len,uint64); proto_item_append_text(avp_item, "%" G_GINT64_MODIFIER "u", uint64); return; } @@ -617,10 +623,17 @@ void radius_signed(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo _ } void radius_string(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo _U_, tvbuff_t* tvb, int offset, int len, proto_item* avp_item) { - if (a->encrypt) { + switch (a->encrypt) { + + case 0: /* not encrypted */ + proto_tree_add_item(tree, a->hf, tvb, offset, len, ENC_UTF_8|ENC_NA); + proto_item_append_text(avp_item, "%s", tvb_format_text(tvb, offset, len)); + break; + + case 1: /* encrypted like User-Password as defined in RFC 2865 */ if (*shared_secret == '\0') { proto_item_append_text(avp_item, "Encrypted"); - proto_tree_add_item(tree, a->hf, tvb, offset, len, FALSE); + proto_tree_add_item(tree, a->hf_alt, tvb, offset, len, ENC_NA); } else { gchar *buffer; buffer=ep_alloc(1024); /* an AVP value can be at most 253 bytes */ @@ -628,14 +641,22 @@ void radius_string(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo _ proto_item_append_text(avp_item, "Decrypted: %s", buffer); proto_tree_add_string(tree, a->hf, tvb, offset, len, buffer); } - } else { - proto_tree_add_item(tree, a->hf, tvb, offset, len, FALSE); - proto_item_append_text(avp_item, "%s", tvb_format_text(tvb, offset, len)); + break; + + case 2: /* encrypted like Tunnel-Password as defined in RFC 2868 */ + proto_item_append_text(avp_item, "Encrypted"); + proto_tree_add_item(tree, a->hf_alt, tvb, offset, len, ENC_NA); + break; + + case 3: /* encrypted like Ascend-Send-Secret as defined by Ascend^WLucent^WAlcatel-Lucent */ + proto_item_append_text(avp_item, "Encrypted"); + proto_tree_add_item(tree, a->hf_alt, tvb, offset, len, ENC_NA); + break; } } void radius_octets(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo _U_, tvbuff_t* tvb, int offset, int len, proto_item* avp_item) { - proto_tree_add_item(tree, a->hf, tvb, offset, len, FALSE); + proto_tree_add_item(tree, a->hf, tvb, offset, len, ENC_NA); proto_item_append_text(avp_item, "%s", tvb_bytes_to_str(tvb, offset, len)); } @@ -650,7 +671,7 @@ void radius_ipaddr(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo _ ip=tvb_get_ipv4(tvb,offset); - proto_tree_add_item(tree, a->hf, tvb, offset, len, FALSE); + proto_tree_add_item(tree, a->hf, tvb, offset, len, ENC_BIG_ENDIAN); ip_to_str_buf((guint8 *)&ip, buf, MAX_IP_STR_LEN); proto_item_append_text(avp_item, "%s", buf); @@ -665,7 +686,7 @@ void radius_ipv6addr(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo return; } - proto_tree_add_item(tree, a->hf, tvb, offset, len, FALSE); + proto_tree_add_item(tree, a->hf, tvb, offset, len, ENC_NA); tvb_get_ipv6(tvb, offset, &ipv6_buff); ip6_to_str_buf(&ipv6_buff, txtbuf); @@ -695,7 +716,7 @@ void radius_ipv6prefix(radius_attr_info_t* a, proto_tree* tree, packet_info *pin return; } - proto_tree_add_item(tree, a->hf, tvb, offset, len, FALSE); + proto_tree_add_item(tree, a->hf, tvb, offset, len, ENC_NA); /* cannot use tvb_get_ipv6() here, since the prefix most likely is truncated */ memset(&ipv6_buff, 0, sizeof ipv6_buff); @@ -713,12 +734,12 @@ void radius_combo_ip(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo if (len == 4){ ip=tvb_get_ipv4(tvb,offset); - proto_tree_add_item(tree, a->hf, tvb, offset, len, FALSE); + proto_tree_add_item(tree, a->hf, tvb, offset, len, ENC_BIG_ENDIAN); ip_to_str_buf((guint8 *)&ip, buf, MAX_IP_STR_LEN); proto_item_append_text(avp_item, "%s", buf); } else if (len == 16) { - proto_tree_add_item(tree, a->hf64, tvb, offset, len, FALSE); + proto_tree_add_item(tree, a->hf_alt, tvb, offset, len, ENC_NA); tvb_get_ipv6(tvb, offset, &ipv6_buff); ip6_to_str_buf(&ipv6_buff, buf); @@ -739,7 +760,7 @@ void radius_ipxnet(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo _ net=tvb_get_ntohl(tvb,offset); - proto_tree_add_item(tree, a->hf, tvb, offset, len, FALSE); + proto_tree_add_item(tree, a->hf, tvb, offset, len, ENC_NA); proto_item_append_text(avp_item, "0x%08X", net); } @@ -762,7 +783,7 @@ void radius_date(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo _U_ * "abinary" is Ascend's binary format for filters. See dissect_ascend_data_filter(). */ void radius_abinary(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo _U_, tvbuff_t* tvb, int offset, int len, proto_item* avp_item) { - proto_tree_add_item(tree, a->hf, tvb, offset, len, FALSE); + proto_tree_add_item(tree, a->hf, tvb, offset, len, ENC_NA); proto_item_append_text(avp_item, "%s", tvb_bytes_to_str(tvb, offset, len)); } @@ -772,12 +793,12 @@ void radius_ether(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo _U return; } - proto_tree_add_item(tree, a->hf, tvb, offset, len, FALSE); + proto_tree_add_item(tree, a->hf, tvb, offset, len, ENC_NA); proto_item_append_text(avp_item, "%s", tvb_ether_to_str(tvb, offset)); } void radius_ifid(radius_attr_info_t* a, proto_tree* tree, packet_info *pinfo _U_, tvbuff_t* tvb, int offset, int len, proto_item* avp_item) { - proto_tree_add_item(tree, a->hf, tvb, offset, len, FALSE); + proto_tree_add_item(tree, a->hf, tvb, offset, len, ENC_NA); proto_item_append_text(avp_item, "%s", tvb_bytes_to_str(tvb, offset, len)); } @@ -1693,7 +1714,7 @@ static void register_attrs(gpointer k _U_, gpointer v, gpointer p) { hfri[0].hfinfo.type = FT_UINT32; hfri[0].hfinfo.display = BASE_DEC; - hfri[2].p_id = &(a->hf64); + hfri[2].p_id = &(a->hf_alt); hfri[2].hfinfo.name = g_strdup(a->name); hfri[2].hfinfo.abbrev = abbrev; hfri[2].hfinfo.type = FT_UINT64; @@ -1708,7 +1729,7 @@ static void register_attrs(gpointer k _U_, gpointer v, gpointer p) { hfri[0].hfinfo.type = FT_INT32; hfri[0].hfinfo.display = BASE_DEC; - hfri[2].p_id = &(a->hf64); + hfri[2].p_id = &(a->hf_alt); hfri[2].hfinfo.name = g_strdup(a->name); hfri[2].hfinfo.abbrev = abbrev; hfri[2].hfinfo.type = FT_INT64; @@ -1722,6 +1743,14 @@ static void register_attrs(gpointer k _U_, gpointer v, gpointer p) { } else if (a->type == radius_string) { hfri[0].hfinfo.type = FT_STRING; hfri[0].hfinfo.display = BASE_NONE; + + hfri[2].p_id = &(a->hf_alt); + hfri[2].hfinfo.name = g_strdup_printf("%s (encrypted)", a->name); + hfri[2].hfinfo.abbrev = g_strdup_printf("%s_encrypted", abbrev); + hfri[2].hfinfo.type = FT_BYTES; + hfri[2].hfinfo.display = BASE_NONE; + + len_hf++; } else if (a->type == radius_octets) { hfri[0].hfinfo.type = FT_BYTES; hfri[0].hfinfo.display = BASE_NONE; @@ -1750,7 +1779,7 @@ static void register_attrs(gpointer k _U_, gpointer v, gpointer p) { hfri[0].hfinfo.type = FT_IPv4; hfri[0].hfinfo.display = BASE_NONE; - hfri[2].p_id = &(a->hf64); + hfri[2].p_id = &(a->hf_alt); hfri[2].hfinfo.name = g_strdup(a->name); hfri[2].hfinfo.abbrev = g_strdup(abbrev); hfri[2].hfinfo.type = FT_IPv6; @@ -1840,7 +1869,7 @@ extern void radius_register_avp_dissector(guint32 vendor_id, guint32 attribute_i dictionary_entry->name = g_strdup_printf("Unknown-Attribute-%u",attribute_id); dictionary_entry->code = attribute_id; - dictionary_entry->encrypt = FALSE; + dictionary_entry->encrypt = 0; dictionary_entry->type = NULL; dictionary_entry->vs = NULL; dictionary_entry->hf = no_dictionary_entry.hf; diff --git a/epan/dissectors/packet-radius.h b/epan/dissectors/packet-radius.h index 4702913f95..9f14753953 100644 --- a/epan/dissectors/packet-radius.h +++ b/epan/dissectors/packet-radius.h @@ -93,14 +93,14 @@ typedef const gchar* (radius_avp_dissector_t)(proto_tree*,tvbuff_t*, packet_info struct _radius_attr_info_t { const gchar *name; guint code; - gboolean encrypt; /* True if attribute has "encrypt=1" option */ + guint encrypt; /* 0 or value for "encrypt=" option */ gboolean tagged; radius_attr_dissector_t* type; radius_avp_dissector_t* dissector; const value_string *vs; gint ett; int hf; - int hf64; + int hf_alt; /* 64-bit version for integers, encrypted version for strings, IPv6 for radius_combo_ip */ int hf_tag; int hf_len; GHashTable* tlvs_by_id; diff --git a/epan/radius_dict.l b/epan/radius_dict.l index d2780d745c..6da8cb778c 100644 --- a/epan/radius_dict.l +++ b/epan/radius_dict.l @@ -70,10 +70,10 @@ #define ECHO #define MAX_INCLUDE_DEPTH 10 - void add_vendor(const gchar* name, guint32 vendor_id, guint vendor_type_octets, guint vendor_length_octets, gboolean vendor_has_flags); - void add_value(const gchar* attrib_name,const gchar* value_repr, long value); - void add_tlv(const gchar* name, const gchar* code, radius_attr_dissector_t type, const gchar* current_attr); - void add_attribute(const gchar*,const gchar*, radius_attr_dissector_t,const gchar*, gboolean, gboolean, const gchar*); + static void add_vendor(const gchar* name, guint32 vendor_id, guint vendor_type_octets, guint vendor_length_octets, gboolean vendor_has_flags); + static void add_value(const gchar* attrib_name,const gchar* value_repr, long value); + static void add_tlv(const gchar* name, const gchar* code, radius_attr_dissector_t type, const gchar* current_attr); + static void add_attribute(const gchar*,const gchar*, radius_attr_dissector_t,const gchar*, guint, gboolean, const gchar*); static YY_BUFFER_STATE include_stack[10]; static int include_stack_ptr = 0; @@ -91,7 +91,7 @@ static guint vendor_length_octets = 1; static gboolean vendor_has_flags = FALSE; static gchar* value_repr = NULL; - static gboolean encrypted = FALSE; + static guint encrypted = 0; static gboolean has_tag = FALSE; static gchar* current_vendor = NULL; static gchar* current_attr = NULL; @@ -195,7 +195,7 @@ BEGIN WS_OUT; } -<ATTR>[0-9a-z_/.-]+ { attr_name = g_strdup(yytext); encrypted = FALSE; has_tag = FALSE; BEGIN ATTR_W_NAME; } +<ATTR>[0-9a-z_/.-]+ { attr_name = g_strdup(yytext); encrypted = 0; has_tag = FALSE; BEGIN ATTR_W_NAME; } <ATTR_W_NAME>[0-9]+ { attr_id = g_strdup(yytext); BEGIN ATTR_W_ID;} <ATTR_W_NAME>0x[0-9a-f]+ { attr_id = g_strdup_printf("%u",(int)strtoul(yytext,NULL,16)); BEGIN ATTR_W_ID;} <ATTR_W_ID>integer { attr_type = radius_integer; BEGIN ATTR_W_TYPE; } @@ -216,7 +216,7 @@ <ATTR_W_ID>tlv { attr_type = radius_tlv; BEGIN ATTR_W_TYPE; } <ATTR_W_ID>[0-9a-z_-]+ { attr_type = radius_octets; BEGIN ATTR_W_TYPE; } <ATTR_W_TYPE>has_tag[,]? { has_tag = TRUE; } -<ATTR_W_TYPE>encrypt=1[,]? { encrypted=TRUE; } +<ATTR_W_TYPE>encrypt=[123][,]? { encrypted = strtol(yytext+8,NULL,10); } <ATTR_W_TYPE>[0-9a-z_-]+=([^\n]*) ; <ATTR_W_TYPE>[0-9a-z_-]+ { attr_vendor = g_strdup(yytext); @@ -302,7 +302,7 @@ %% -void add_vendor(const gchar* name, guint32 vendor_id, guint vendor_type_octets, guint vendor_length_octets, gboolean vendor_has_flags) { +static void add_vendor(const gchar* name, guint32 vendor_id, guint vendor_type_octets, guint vendor_length_octets, gboolean vendor_has_flags) { radius_vendor_info_t* v; v = g_hash_table_lookup(dict->vendors_by_id, GUINT_TO_POINTER(vendor_id)); @@ -330,7 +330,7 @@ void add_vendor(const gchar* name, guint32 vendor_id, guint vendor_type_octets, g_hash_table_insert(dict->vendors_by_name, (gpointer) v->name, v); } -void add_attribute(const gchar* name, const gchar* codestr, radius_attr_dissector_t type, const gchar* vendor_name, gboolean crypt, gboolean tagged, const gchar* current_attr) { +static void add_attribute(const gchar* name, const gchar* codestr, radius_attr_dissector_t type, const gchar* vendor_name, guint crypt, gboolean tagged, const gchar* current_attr) { radius_attr_info_t* a; GHashTable* by_id; guint32 code; @@ -373,7 +373,7 @@ void add_attribute(const gchar* name, const gchar* codestr, radius_attr_dissect a->type = type; a->vs = NULL; a->hf = -1; - a->hf64 = -1; + a->hf_alt = -1; a->hf_tag = -1; a->hf_len = -1; a->ett = -1; @@ -387,7 +387,7 @@ void add_attribute(const gchar* name, const gchar* codestr, radius_attr_dissect g_hash_table_insert(dict->attrs_by_name,(gpointer) (a->name),a); } -void add_tlv(const gchar* name, const gchar* codestr, radius_attr_dissector_t type, const gchar* current_attr) { +static void add_tlv(const gchar* name, const gchar* codestr, radius_attr_dissector_t type, const gchar* current_attr) { radius_attr_info_t* a; radius_attr_info_t* s; guint32 code; @@ -428,7 +428,7 @@ void add_tlv(const gchar* name, const gchar* codestr, radius_attr_dissector_t t s->dissector = NULL; s->vs = NULL; s->hf = -1; - s->hf64 = -1; + s->hf_alt = -1; s->hf_tag = -1; s->hf_len = -1; s->ett = -1; |