Ethereal-dev: [Ethereal-dev] Patch for packet-dcerpc-krb5rpc.c
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Jaime Fournier <jafour1@xxxxxxxxx>
Date: Fri, 10 Jan 2003 22:54:44 -0800 (PST)
Please submit this patch, as it extends the packet-dcerpc-krb5rpc dissectors to call kerberos V. Thanks! ===== Jaime Fournier __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
--- packet-dcerpc-krb5rpc.c 2002-11-08 13:42:39.000000000 -0600 +++ packet-dcerpc-krb5rpc.c.new 2003-01-11 00:38:21.000000000 -0600 @@ -1,12 +1,11 @@ /* packet-dcerpc-krb5rpc.c * - * Routines for dcerpc DCE/KRB5 interface - * Copyright 2002, Jaime Fournier <jafour1@xxxxxxxxx> - * This information is based off the released idl files from opengroup. - * ftp://ftp.opengroup.org/pub/dce122/dce/src/security.tar.gz security/idl/krb5rpc.idl + * Routines for dcerpc DCE/KRB5 interface + * Copyright 2002, Jaime Fournier <jafour1@xxxxxxxxx> + * This information is based off the released idl files from opengroup. + * ftp://ftp.opengroup.org/pub/dce122/dce/src/security.tar.gz security/idl/krb5rpc.idl * - * - * $Id: packet-dcerpc-krb5rpc.c,v 1.2 2002/11/08 19:42:39 guy Exp $ + * $Id: packet-dcerpc-krb5rpc.c,v 1.16 2002/12/31 23:22:25 jaime Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@xxxxxxxxxxxx> @@ -31,7 +30,7 @@ #include "config.h" #endif - + #ifdef HAVE_SYS_TYPES_H #include <sys/types.h> #endif @@ -41,49 +40,169 @@ #include <glib.h> #include <epan/packet.h> #include "packet-dcerpc.h" - +#include "packet-kerberos.h" +#include "packet-dcerpc-dce122.h" static int proto_krb5rpc = -1; -static int hf_krb5rpc_opnum = -1; - static gint ett_krb5rpc = -1; -static e_uuid_t uuid_krb5rpc = { 0x8f73de50, 0x768c, 0x11ca, { 0xbf, 0xfc, 0x08, 0x00, 0x1e, 0x03, 0x94, 0x31 } }; -static guint16 ver_krb5rpc = 1; +static e_uuid_t uuid_krb5rpc = + { 0x8f73de50, 0x768c, 0x11ca, {0xbf, 0xfc, 0x08, 0x00, 0x1e, 0x03, 0x94, + 0x31} +}; +static guint16 ver_krb5rpc = 1; +static int hf_krb5rpc_sendto_kdc_rqst_keysize = -1; +static int hf_krb5rpc_sendto_kdc_rqst_spare1 = -1; +static int hf_krb5rpc_sendto_kdc_resp_len = -1; +static int hf_krb5rpc_sendto_kdc_resp_max = -1; +static int hf_krb5rpc_sendto_kdc_resp_spare1 = -1; +static int hf_krb5rpc_sendto_kdc_resp_keysize = -1; +static int hf_krb5rpc_sendto_kdc_resp_st = -1; +static int hf_krb5rpc_sendto_kdc_rqst_out_buf_len = -1; +static int hf_krb5rpc_krb5 = -1; +static gint ett_krb5rpc_krb5 = -1; + +static int +krb5rpc_dissect_sendto_kdc_rqst (tvbuff_t * tvb, int offset, + packet_info * pinfo, proto_tree * tree, + char *drep) +{ + guint32 keysize, spare1, out_buf_len, remain; + proto_item *item; + tvbuff_t *krb5_tvb; + proto_tree *subtree; + + + /* + * [in] handle_t h, + * [in] unsigned32 len, + * [in, size_is(len)] + * byte message[], + * [in] unsigned32 out_buf_len, + */ + + offset = + dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_krb5rpc_sendto_kdc_rqst_keysize, &keysize); + offset = + dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_krb5rpc_sendto_kdc_rqst_spare1, &spare1); + item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, TRUE); + subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5); + + remain = tvb_length_remaining(tvb, offset); + krb5_tvb = tvb_new_subset (tvb, offset, remain, remain); + offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE); + + + return offset; +} + + +static int +krb5rpc_dissect_sendto_kdc_resp (tvbuff_t * tvb, int offset, + packet_info * pinfo, proto_tree * tree, + char *drep) +{ + guint32 resp_len, maxsize, spare1, keysize, remain; + proto_item *item; + tvbuff_t *krb5_tvb; + proto_tree *subtree; + + + /* + * + * [out] unsigned32 *resp_len, + * [out, length_is(*resp_len), size_is(out_buf_len)] + * byte out_buf[], + * [out] error_status_t *st unsigned long + * + */ + + offset = + dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_krb5rpc_sendto_kdc_resp_len, &resp_len); + offset = + dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_krb5rpc_sendto_kdc_resp_max, &maxsize); + offset = + dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_krb5rpc_sendto_kdc_resp_spare1, &spare1); + offset = + dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_krb5rpc_sendto_kdc_resp_keysize, &keysize); + + + item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, TRUE); + subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5); + remain = tvb_length_remaining(tvb, offset); + krb5_tvb = tvb_new_subset (tvb, offset, remain, remain); + + offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE); + offset += 16; /* no idea what this is, probably just extended encrypted text. */ + + return offset; +} static dcerpc_sub_dissector krb5rpc_dissectors[] = { - { 0, "rsec_krb5rpc_sendto_kdc", NULL, NULL }, - { 0, NULL, NULL, NULL } + {0, "rsec_krb5rpc_sendto_kdc", krb5rpc_dissect_sendto_kdc_rqst, + krb5rpc_dissect_sendto_kdc_resp}, + {0, NULL, NULL, NULL}, }; -static const value_string krb5rpc_opnum_vals[] = { - { 0, "rsec_krb5rpc_sendto_kdc" }, - { 0, NULL } -}; void proto_register_krb5rpc (void) { - static hf_register_info hf[] = { - { &hf_krb5rpc_opnum, - { "Operation", "krb5rpc.opnum", FT_UINT16, BASE_DEC, - VALS(krb5rpc_opnum_vals), 0x0, "Operation", HFILL }} - }; - - static gint *ett[] = { - &ett_krb5rpc, - }; - proto_krb5rpc = proto_register_protocol ("DCE/RPC Kerberos V", "KRB5RPC", "krb5rpc"); - proto_register_field_array (proto_krb5rpc, hf, array_length (hf)); - proto_register_subtree_array (ett, array_length (ett)); + static hf_register_info hf[] = { + {&hf_krb5rpc_sendto_kdc_rqst_keysize, + {"hf_krb5rpc_sendto_kdc_rqst_keysize", + "hf_krb5rpc_sendto_kdc_rqst_keysize", FT_UINT32, BASE_DEC, NULL, 0x0, + "", HFILL}}, + {&hf_krb5rpc_sendto_kdc_rqst_spare1, + {"hf_krb5rpc_sendto_kdc_rqst_spare1", + "hf_krb5rpc_sendto_kdc_rqst_spare1", FT_UINT32, BASE_DEC, NULL, 0x0, "", + HFILL}}, + {&hf_krb5rpc_sendto_kdc_resp_len, + {"hf_krb5rpc_sendto_kdc_resp_len", "hf_krb5rpc_sendto_kdc_resp_len", + FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL}}, + {&hf_krb5rpc_sendto_kdc_resp_max, + {"hf_krb5rpc_sendto_kdc_resp_max", "hf_krb5rpc_sendto_kdc_resp_max", + FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL}}, + {&hf_krb5rpc_sendto_kdc_resp_spare1, + {"hf_krb5rpc_sendto_kdc_resp_spare1", + "hf_krb5rpc_sendto_kdc_resp_spare1", FT_UINT32, BASE_DEC, NULL, 0x0, "", + HFILL}}, + {&hf_krb5rpc_sendto_kdc_resp_keysize, + {"hf_krb5rpc_sendto_kdc_resp_keysize", + "hf_krb5rpc_sendto_kdc_resp_keysize", FT_UINT32, BASE_DEC, NULL, 0x0, + "", HFILL}}, + {&hf_krb5rpc_sendto_kdc_resp_st, + {"hf_krb5rpc_sendto_kdc_resp_st", "hf_krb5rpc_sendto_kdc_resp_st", + FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL}}, + {&hf_krb5rpc_krb5, + {"hf_krb5rpc_krb5", "hf_krb5rpc_krb5", FT_BYTES, BASE_HEX, NULL, 0x0, + "krb5_blob", HFILL}}, + + }; + + static gint *ett[] = { + &ett_krb5rpc, + &ett_krb5rpc_krb5, + }; + proto_krb5rpc = + proto_register_protocol ("DCE/RPC Kerberos V", "KRB5RPC", "krb5rpc"); + proto_register_field_array (proto_krb5rpc, hf, array_length (hf)); + proto_register_subtree_array (ett, array_length (ett)); } void proto_reg_handoff_krb5rpc (void) { - /* Register the protocol as dcerpc */ - dcerpc_init_uuid (proto_krb5rpc, ett_krb5rpc, &uuid_krb5rpc, ver_krb5rpc, krb5rpc_dissectors, hf_krb5rpc_opnum); + /* Register the protocol as dcerpc */ + dcerpc_init_uuid (proto_krb5rpc, ett_krb5rpc, &uuid_krb5rpc, ver_krb5rpc, + krb5rpc_dissectors, -1); }
- Follow-Ups:
- Re: [Ethereal-dev] Patch for packet-dcerpc-krb5rpc.c
- From: Guy Harris
- Re: [Ethereal-dev] Patch for packet-dcerpc-krb5rpc.c
- Prev by Date: [Ethereal-dev] Patch: AIM dissector
- Next by Date: Re: [Ethereal-dev] Patch for packet-dcerpc-krb5rpc.c
- Previous by thread: Re: [Ethereal-dev] Patch: AIM dissector
- Next by thread: Re: [Ethereal-dev] Patch for packet-dcerpc-krb5rpc.c
- Index(es):
