List,
New prototype for packet-kerberos.c
This one starts getting pretty close to production quality.
Apart from some inefficiencies still in the code it is pretty complete
and should go in soon so it gets some testing.
It requires Heimdal kerberos. No one familiar with MIT kerberos has yet
given me feedback on how to parse the keytab file or how to call the decrypt
engine from MIT.
Heimdal is good enough for me and as long as it works under linux for me im
happy.
I am certain that someone will after it goes in add support for MIT so that
we dont have to enforce policy
onto the users.
I also hope that someone at some later stage
1, adds support to win native api to use for the win32 platform (if such api
exists)
or
2, ports heimdal to win32 so we can link with those dll's
or
3, makes ethereal support MIT and then ports MIT to win32 so we can link
with those
libs.
Currently it requires heimdal so it will only work on those unix/unix-like
systems that support heimdal.
this is likely a large portion of the currently popular unix/unix-like
systems.
Still missing parts (which i hope someone feels enough about to add) are
1, make automake detect the precence of heimdal and add the proper flags to
the makefiles `krb5-config --cflags` and `krb5-config --libs`
also when heimdal is detected, the defines HAVE_KERBEROS and
HAVE_HEIMDAL_KERBEROS must be set in config.h so that
packet-kerberos.c will be compiled with kerberos support.
It currently defines these two defines itself in the code.
2, there should be nicer errors displayed when the keytab file could not be
found/parsed. the ethereal version might want to popup a dialog.
3, the prefs variables to specify keytab file and whether it shoudl attempt
to decrypt the blobs can not control the behaviour at runtime. currently one
has to
set them, save and exit/restart ethereal for them to take effect. this is
suboptimal but we can live with that until someone feels enough about it to
fix it.
4, BIGGIE: someone should create a special network where they take a capture
of a windows box mapping a share on a server and donate
the capture as well as the keytab file to the ethereal homepage as an
example capture.
Note that this is a lot of work. The network for this "example" MUST be
built from scratch. MUST not be connected to any real networks.
MUST be completely destroyed and harddisks reformatted afterwards.
This so that people can download an example capture and an example keytab
file and see things like the user SID etc
in all its glory inside the MS PAC_LOGON_INFO structure that this version of
packet-kerberos.c will dissect and display in all its glory.
have fun.
(i have heard that there are sniffers that are so incredibly primitive that
they cant even decrypt and dissect the PAC structure?
if that is tru, are there really no shame in some people?
like there have to be some basic feature set one have to support before one
can call the product a sniffer/protocol analyzer)
Attachment:
packet-kerberos.c
Description: Binary data