Ethereal-dev: [Ethereal-dev] AUTH_DES cred/verf decoding
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Mike Frisch <mfrisch@xxxxxxxxxxxxxxx>
Date: Fri, 25 May 2001 15:55:55 -0400
I was bored at work this afternoon, so I added support for AUTH_DES credential and verifier decoding. Patch enclosed.
Index: packet-rpc.c =================================================================== RCS file: /cvsroot/ethereal/packet-rpc.c,v retrieving revision 1.58 diff -u -r1.58 packet-rpc.c --- packet-rpc.c 2001/05/21 08:52:17 1.58 +++ packet-rpc.c 2001/05/25 19:54:51 @@ -125,6 +125,11 @@ { 0, NULL } }; +static const value_string rpc_authdes_namekind[] = { + { AUTHDES_NAMEKIND_FULLNAME, "ADN_FULLNAME" }, + { AUTHDES_NAMEKIND_NICKNAME, "ADN_NICKNAME" }, + { 0, NULL } +}; /* the protocol number */ static int proto_rpc = -1; @@ -158,6 +163,14 @@ static int hf_rpc_authgss_data_length = -1; static int hf_rpc_authgss_data = -1; static int hf_rpc_authgss_checksum = -1; +static int hf_rpc_authdes_namekind = -1; +static int hf_rpc_authdes_netname = -1; +static int hf_rpc_authdes_convkey = -1; +static int hf_rpc_authdes_window = -1; +static int hf_rpc_authdes_nickname = -1; +static int hf_rpc_authdes_timestamp = -1; +static int hf_rpc_authdes_windowverf = -1; +static int hf_rpc_authdes_timeverf = -1; static int hf_rpc_state_accept = -1; static int hf_rpc_state_reply = -1; static int hf_rpc_state_reject = -1; @@ -936,7 +949,65 @@ return offset; } +int +dissect_rpc_authdes_desblock_tvb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, +int hfindex, int offset) +{ + guint32 value_low; + guint32 value_high; + + value_high = tvb_get_ntohl(tvb, offset + 0); + value_low = tvb_get_ntohl(tvb, offset + 4); + + if (tree) { + proto_tree_add_text(tree, tvb, offset, 8, + "%s: 0x%x%08x", proto_registrar_get_name(hfindex), value_high, + value_low); + } + + return offset + 8; +} + static int +dissect_rpc_authdes_cred(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, int offset) +{ + guint adc_namekind; + guint window = 0; + guint nickname = 0; + + if (!tvb_bytes_exist(tvb,offset,4)) return offset; + + adc_namekind = tvb_get_ntohl(tvb, offset+0); + if (tree) + proto_tree_add_uint(tree, hf_rpc_authdes_namekind, + tvb, offset+0, 4, adc_namekind); + offset += 4; + + switch(adc_namekind) + { + case AUTHDES_NAMEKIND_FULLNAME: + offset = dissect_rpc_string_tvb(tvb, pinfo, tree, + hf_rpc_authdes_netname, offset, NULL); + offset = dissect_rpc_authdes_desblock_tvb(tvb, pinfo, tree, + hf_rpc_authdes_convkey, offset); + window = tvb_get_ntohl(tvb, offset+0); + proto_tree_add_uint(tree, hf_rpc_authdes_window, tvb, offset+0, 4, + window); + offset += 4; + break; + + case AUTHDES_NAMEKIND_NICKNAME: + nickname = tvb_get_ntohl(tvb, offset+0); + proto_tree_add_uint(tree, hf_rpc_authdes_nickname, tvb, offset+0, 4, + window); + offset += 4; + break; + } + + return offset; +} + +static int dissect_rpc_cred(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, int offset) { guint flavor; @@ -969,13 +1040,10 @@ break; */ - /* I have no tcpdump file with such a packet to verify the - info from the RFC 1050 */ - /* case AUTH_DES: - - break; - */ + dissect_rpc_authdes_cred(tvb, pinfo, ctree, offset+8); + break; + case RPCSEC_GSS: dissect_rpc_authgss_cred(tvb, pinfo, ctree, offset+8); break; @@ -991,8 +1059,11 @@ return offset; } +/* AUTH_DES verifiers are asymmetrical, so we need to know what type of + * verifier we're decoding (CALL or REPLY). + */ static int -dissect_rpc_verf(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, int offset) +dissect_rpc_verf(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, int offset, int msg_type) { guint flavor; guint length; @@ -1019,6 +1090,32 @@ offset+4, 4, length); dissect_rpc_authunix_cred(tvb, pinfo, vtree, offset+8); break; + case AUTH_DES: + proto_tree_add_uint(vtree, hf_rpc_auth_length, tvb, + offset+4, 4, length); + + if (msg_type == RPC_CALL) + { + guint window; + + dissect_rpc_authdes_desblock_tvb(tvb, pinfo, vtree, + hf_rpc_authdes_timestamp, offset+8); + window = tvb_get_ntohl(tvb, offset+16); + proto_tree_add_uint(vtree, hf_rpc_authdes_windowverf, tvb, + offset+16, 4, window); + } + else + { + /* must be an RPC_REPLY */ + guint nickname; + + dissect_rpc_authdes_desblock_tvb(tvb, pinfo, vtree, + hf_rpc_authdes_timeverf, offset+8); + nickname = tvb_get_ntohl(tvb, offset+16); + proto_tree_add_uint(vtree, hf_rpc_authdes_nickname, tvb, + offset+16, 4, nickname); + } + break; case RPCSEC_GSS: dissect_rpc_data_tvb(tvb, pinfo, vtree, hf_rpc_authgss_checksum, offset+4); @@ -1698,7 +1795,7 @@ offset += 16; offset = dissect_rpc_cred(tvb, pinfo, rpc_tree, offset); - offset = dissect_rpc_verf(tvb, pinfo, rpc_tree, offset); + offset = dissect_rpc_verf(tvb, pinfo, rpc_tree, offset, msg_type); /* go to the next dissector */ @@ -1811,7 +1908,7 @@ offset += 4; if (reply_state == MSG_ACCEPTED) { - offset = dissect_rpc_verf(tvb, pinfo, rpc_tree, offset); + offset = dissect_rpc_verf(tvb, pinfo, rpc_tree, offset, msg_type); if (!tvb_bytes_exist(tvb, offset,4)) return TRUE; accept_state = tvb_get_ntohl(tvb,offset+0); @@ -2098,6 +2195,30 @@ { &hf_rpc_authgss_checksum, { "GSS Checksum", "rpc.authgss.checksum", FT_BYTES, BASE_HEX, NULL, 0, "GSS Checksum" }}, + { &hf_rpc_authdes_namekind, { + "Namekind", "rpc.authdes.namekind", FT_UINT32, BASE_DEC, + VALS(rpc_authdes_namekind), 0, "Namekind" }}, + { &hf_rpc_authdes_netname, { + "Netname", "rpc.authdes.netname", FT_STRING, + BASE_DEC, NULL, 0, "Netname" }}, + { &hf_rpc_authdes_convkey, { + "Conversation Key (encrypted)", "rpc.authdes.convkey", FT_UINT32, + BASE_HEX, NULL, 0, "Conversation Key (encrypted)" }}, + { &hf_rpc_authdes_window, { + "Window (encrypted)", "rpc.authdes.window", FT_UINT32, + BASE_HEX, NULL, 0, "Windows (encrypted)" }}, + { &hf_rpc_authdes_nickname, { + "Nickname", "rpc.authdes.nickname", FT_UINT32, + BASE_HEX, NULL, 0, "Nickname" }}, + { &hf_rpc_authdes_timestamp, { + "Timestamp (encrypted)", "rpc.authdes.timestamp", FT_UINT32, + BASE_HEX, NULL, 0, "Timestamp (encrypted)" }}, + { &hf_rpc_authdes_windowverf, { + "Window verifier (encrypted)", "rpc.authdes.windowverf", FT_UINT32, + BASE_HEX, NULL, 0, "Window verifier (encrypted)" }}, + { &hf_rpc_authdes_timeverf, { + "Timestamp verifier (encrypted)", "rpc.authdes.timeverf", FT_UINT32, + BASE_HEX, NULL, 0, "Timestamp verifier (encrypted)" }}, { &hf_rpc_auth_machinename, { "Machine Name", "rpc.auth.machinename", FT_STRING, BASE_DEC, NULL, 0, "Machine Name" }},
- Follow-Ups:
- Re: [Ethereal-dev] AUTH_DES cred/verf decoding
- From: Guy Harris
- Re: [Ethereal-dev] AUTH_DES cred/verf decoding
- Prev by Date: Re: [Ethereal-dev] Finally, a GIOP Release Date
- Next by Date: Re: [Ethereal-dev] AUTH_DES cred/verf decoding
- Previous by thread: Re: [Ethereal-dev] ethereal-0.8.18 libtool fails on Solaris
- Next by thread: Re: [Ethereal-dev] AUTH_DES cred/verf decoding
- Index(es):