Wireshark-commits: [Wireshark-commits] rev 26350: /trunk/ /trunk/epan/dissectors/: packet-kerberos.

Date: Sun, 05 Oct 2008 00:28:39 GMT
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=26350

User: sahlberg
Date: 2008/10/04 05:28 PM

Log:
 kerberos/gss enhancements
 
 add a parameter *datalen to decrypt_krb5_data() so that we can pass back 
 the length of the decrypted blob back to the caller.
 This is useful for when there are "junk" at the end of the blob and thus 
 the decrypted data is not the same size as the encrypted blob.
 GSS CFX is one such example.
 (we should have done this earlier since it might have made some other 
 stuff easier to imlement...)
 
 
 make the preference setting krb_decrypt a globally visible variable so 
 we can see its value and act on it from callers of krb decryption from 
 outside of packet-kerberos.c    i.e.   from GSS CFX
 
 
 Make keytype == -1  a wildcard that when passed to decrypt_krb5_data() 
 will try any/all encryption keys.
 This since GSS CFX does not provide the enctype in the GSS layer.
 (The GSS CFX enctype is only negotiated during the AP-REQ/REP  so we 
 should later pick this value up and store it in a CFX session variable.
 That is for a later enhancement.
 )
 
 
 Enhance the GSS decryption (that for hitorical reasons are implemented 
 in packet-spnego.c  and not packet-gssapi.c :-)  )
 to also handle decryption of GSS CFX
 
 This should make wireshark able to decrypt any/all GSSAPI  RFC4121 
 packets, if the keytab file is provided.
 
 
 I have successfully decrypted LDAP using GSS CFX with AES encryption 
 with this.

Directory: /trunk/epan/dissectors/
  Changes    Path                 Action
  +33 -22    packet-kerberos.c    Modified
  +4 -1      packet-kerberos.h    Modified
  +1 -1      packet-kink.c        Modified
  +109 -4    packet-spnego.c      Modified

Directory: /trunk/asn1/spnego/
  Changes    Path                        Action
  +107 -2    packet-spnego-template.c    Modified