Wireshark-dev: [Wireshark-dev] Determining if we are in a request or a response in the SPNEGO d
Hi folks,
I think I need to do the following to make the SPNEGO dissector more correct:
Make the following changes to spnego.asn1:
diff --git a/asn1/spnego/spnego.asn b/asn1/spnego/spnego.asn
index 190b3f1..1f1dcf7 100644
--- a/asn1/spnego/spnego.asn
+++ b/asn1/spnego/spnego.asn
@@ -24,10 +24,6 @@ MechTypeList ::= SEQUENCE OF MechType
-- to some flavor of "embrace, extend, expectorate" sequence from
-- Microsoft.
--
-PrincipalSeq ::= SEQUENCE {
- principal [0] GeneralString
-}
-
NegTokenInit ::= SEQUENCE {
mechTypes [0] MechTypeList OPTIONAL,
reqFlags [1] ContextFlags OPTIONAL,
@@ -35,6 +31,19 @@ NegTokenInit ::= SEQUENCE {
mechListMIC [3] OCTET STRING OPTIONAL
}
+NegHints ::= SEQUENCE {
+ hintName [0] GeneralString OPTIONAL,
+ hintAddress [1] OCTET STRING OPTIONAL
+}
+
+NegTokenInit2 ::= SEQUENCE {
+ mechTypes [0] MechTypeList OPTIONAL,
+ reqFlags [1] ContextFlags OPTIONAL,
+ mechToken [2] OCTET STRING OPTIONAL,
+ negHints [3] NegHints OPTIONAL,
+ mechListMIC [4] OCTET STRING OPTIONAL
+}
+
ContextFlags ::= BIT STRING {
delegFlag (0),
mutualFlag (1),
-------------------------
And then, in the spnego.cnf file, include the following:
#.FN_BODY NegTokenInit/mechListMIC
/* Copious comments ... */
if (pinfo->ptype == PT_TCP && pinfo->srcport < 1024) {
offset = dissect_ber_sequence(implicit_tag, actx, tree,
tvb, offset,
NegTokenInit2_sequence, hf_index,
ett_spnego_NegTokenInit);
} else {
offset = dissect_ber_sequence(implicit_tag, actx, tree,
tvb, offset,
NegTokenInit_sequence, hf_index,
ett_spnego_NegTokenInit);
}
...
Plus probably some more for NegHints ...
Can anyone comment? Am I on the correct track?
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
