Age | Commit message (Collapse) | Author | Files | Lines |
|
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
|
|
to pass back dissection of application specific fields (octet strings)
This can later be used to pick up session keys by dcerpc and similar.
Currently it will initially be used by packetcable.
PacketCable additions by Thomas Anders
svn path=/trunk/; revision=11101
|
|
members.
svn path=/trunk/; revision=10846
|
|
and reported length are both no larger than the length of the token.
svn path=/trunk/; revision=10747
|
|
svn path=/trunk/; revision=10738
|
|
the end of the short packet since that will raise an exception and we wont even attempt to dissect those (kerberos usually) bytes that we do have in the packet.
svn path=/trunk/; revision=10546
|
|
svn path=/trunk/; revision=8036
|
|
start to work on kerberos flags etc.
Also prettied up the case where the responseToken was an empty string.
svn path=/trunk/; revision=7767
|
|
svn path=/trunk/; revision=7741
|
|
svn path=/trunk/; revision=7738
|
|
svn path=/trunk/; revision=7737
|
|
svn path=/trunk/; revision=7736
|
|
that was already there.
svn path=/trunk/; revision=7727
|
|
However, it is now clear in the dissection tree for NFSv4 with RPCSEC_GSS
security in use that the naming is just wrong :-(
svn path=/trunk/; revision=7725
|
|
tokens can be handled.
Really, dissect-spnego-krb5 or whatever, should be renamed to something like
dissect-gssapi-tokens or dissect-gssapi-rfc1964 ...
svn path=/trunk/; revision=7724
|
|
svn path=/trunk/; revision=7160
|
|
OID value for the protocol being used in a previous packet in the GSSAPI
sequence.
svn path=/trunk/; revision=6896
|
|
svn path=/trunk/; revision=6816
|
|
call to "gssapi_init_oid()" supplies both dissectors for context-level
tokens and GSS_Wrap header information; the latter dissector should
return the number of bytes of header information, so that if the header
information and the message for the protocol that's using GSSAPI are
treated as a single blob of data (as is the case with LDAP, but not with
DCE RPC, for example), the dissector for the protocol using GSSAPI knows
where to start dissecting.
We associate a pointer to the entire data structure for the OID, not the
handle for context-level token dissector for the OID, with conversations
and frames.
Make the dissector for NTLMSSP verifiers be the handler for GSS_Wrap
stuff for NTLMSSP, and add support for GSS_Wrap stuff for Kerberos.
Support SASL GSS-SPNEGO wrapping of LDAP messages. (XXX - this should
really check for GSS-SPNEGO.)
svn path=/trunk/; revision=6692
|
|
handle to use to dissect SPNEGO tokens has to be stored as per-frame
data, not just as conversation data.
svn path=/trunk/; revision=6572
|
|
just a Kerberos message; we can distinguish that from the other two
cases, so we do so, and handle all three cases.
svn path=/trunk/; revision=6505
|
|
svn path=/trunk/; revision=6367
|
|
svn path=/trunk/; revision=6302
|
|
for items that should run to the end of the tvbuff.
Make the next level dissector handle local to "dissect_spnego()".
Handle negTokenInit's with mechTokens, by, when processing the mechTypes
sequence in a negTokenInit, remembering the first MechType and telling
"dissect_spnego_mechTypes()"'s caller about it, and having that caller
use that mechType to dissect the mechToken.
svn path=/trunk/; revision=6232
|
|
svn path=/trunk/; revision=6229
|
|
as an argument, and looks up that OID in the GSSAPI OID hash table.
Always use that routine to look up OIDs, so that we never use the result
of "format_oid()" as the key (as that doesn't necessarily work).
Make "gssapi_oids" static, as one should only look up GSSAPI
authentication mechanism OIDs with "gssapi_lookup_oid()".
In the SPNEGO dissector, free up the OID strings when we're done with
them, and don't advance the offset past the OID until after we put the
OID into the protocol tree.
svn path=/trunk/; revision=6228
|
|
svn path=/trunk/; revision=6209
|
|
packet-spnego.c
svn path=/trunk/; revision=6207
|
|
Now, all I have to do is to modularize the Kerberos dissector :-)
svn path=/trunk/; revision=6192
|
|
Turns out it is a KRB5 AP-REQ ASN1 encoded, and the Kerberos dissector is
going to need to be re-architected to deal with this.
svn path=/trunk/; revision=6187
|
|
svn path=/trunk/; revision=6185
|
|
svn path=/trunk/; revision=6180
|
|
svn path=/trunk/; revision=6174
|
|
for RAW NTLMSSP, but the client actually sends SPNEGO encapsulated NTLMSSP.
svn path=/trunk/; revision=6173
|
|
svn path=/trunk/; revision=6172
|
|
registered dissector name; that means you don't have to register a
dissector by name to associate it with a GSS-API security mechanism OID.
svn path=/trunk/; revision=6163
|
|
and not try to parse unrelated info in the TVB.
svn path=/trunk/; revision=6162
|
|
svn path=/trunk/; revision=6159
|
|
that we do not account for properly, like Octet Strings.
svn path=/trunk/; revision=6152
|
|
wait until someone implements the missing bits of code.
svn path=/trunk/; revision=6147
|
|
svn path=/trunk/; revision=6144
|
|
svn path=/trunk/; revision=6140
|
|
Still have to work on the Octet string versus general string, but
much of it is there now.
svn path=/trunk/; revision=6137
|
|
svn path=/trunk/; revision=6136
|
|
contains.
svn path=/trunk/; revision=6133
|
|
svn path=/trunk/; revision=6132
|
|
handle for the dissector routine yet ...
Real work to do though ...
svn path=/trunk/; revision=6131
|
|
negTokenTarg, there is just more work to do on this.
svn path=/trunk/; revision=6127
|
|
svn path=/trunk/; revision=6120
|
|
svn path=/trunk/; revision=6119
|