Ethereal-dev: [Ethereal-dev] kerberos test, asn.1 helper test

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>
Date: Tue, 27 Jan 2004 22:27:47 +1100
Hi.

Attached is a replacement for packet-kerberos.c
It is not production quality yet but passes most of my dissection tests.
At the very earliest it might be checked in after the next release has been
issued, to let it have time
to cook in the cvs tree for a while before it gets released to the public.
Attached for those adventorous enough to try it.


Later it will be split in two parts :  packet-ber.c  for the asn.1 ber
helpers (lightly modelled after the ones for asn.1/per in packer-per.c)
and packet-kerberos.c for the kerberos part.

This very early prototype version contains code to dissect most, but not
all, of the data the existing dissector can handle.
It also can dissect one thing the existing one can not, namely one of the
preauthentication blobs.  woohoo

there are a LOT of cosmetic updates required, moving things around etc.


changing a gboolean in the source will make ethereal also dissect and
display the internal ber framing fields like
the class, p/c, tag and length parts of a asn.1/ber encoded value. it is off
by default.



Those adventourous, please test and report bugs/misdissections.

The goal is to refactor kerberos and asn.1/ber so it gets easier to
manipulate the data in kerberos pdus.
I would really really like to
1, get kerberos/ber  updated
2, provide a mechanism to add keytab files to ethereal
3, if keytab file is present: decrypt and dissect the encrypted blobs
4, pick the session key and other stuff from the encrypted kerberos blobs
5, pass session key to smb and dcerpc so dealed transfers can be decrypted
and dissected.


1 is finished soon and this is a prototype for it.
2 would need new code and input from people knowing the internal structure
of keytab files.
3, lets worry about that when we get there...


example captures with non-encrypted blobs or constructs not yet dissected
will be welcome. i can only test those i have examples of.
example captures displaying dissection bugs are also welcome.