1berry/wireshark
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

When we dynamically discover a Kerberos key, it helps to add it to the

Browse Source 
key list.  In the Nettle code, clear the key list and re-read the key
file when the key file preference changes.

Remove a redundant define in config.h.win32.

svn path=/trunk/; revision=12471
This commit is contained in:
Gerald Combs 2004-11-01 23:54:05 +00:00
parent 76bafcae5e
commit 02032272ad
2 changed files with 23 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config.h.win32
View File

@ -181,9 +181,6 @@
/* Define to use the Nettle library */ /* Define to use the Nettle library */
@HAVE_NETTLE@ @HAVE_NETTLE@
#ifdef HAVE_LIBNETTLE
#define HAVE_KERBEROS 1
#endif
#ifndef WIN32 #ifndef WIN32
#define WIN32 1 #define WIN32 1

34
epan/dissectors/packet-kerberos.c
View File

@ -655,6 +655,21 @@ printf("added key in %d\n",pinfo->fd->num);
new_key->contents = g_malloc(keylength); new_key->contents = g_malloc(keylength);
memcpy(new_key->contents, keyvalue, keylength); memcpy(new_key->contents, keyvalue, keylength);
sprintf(new_key->origin, "%s learnt from frame %d", origin, pinfo->fd->num); sprintf(new_key->origin, "%s learnt from frame %d", origin, pinfo->fd->num);
service_key_list = g_slist_append(service_key_list, (gpointer) new_key);
}
static void
clear_keytab(void) {
GSList *ske;
service_key_t *sk;
for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
sk = (service_key_t *) ske->data;
if (sk && sk->contents) g_free(sk->contents);
if (sk) g_free(sk);
}
g_slist_free(service_key_list);
service_key_list = NULL;
} }
static void static void
@ -713,8 +728,6 @@ decrypt_krb5_data(proto_tree _U_ *tree, packet_info *pinfo,
const char *cryptotext, const char *cryptotext,
int keytype) int keytype)
{ {
static gboolean first_time = TRUE;
tvbuff_t *encr_tvb; tvbuff_t *encr_tvb;
guint8 *decrypted_data = NULL, *plaintext = NULL; guint8 *decrypted_data = NULL, *plaintext = NULL;
int res; int res;
@ -739,14 +752,6 @@ decrypt_krb5_data(proto_tree _U_ *tree, packet_info *pinfo,
return NULL; return NULL;
} }
/* XXX we should only do this for first time, then store somewhere */
/* XXX We also need to re-read the keytab when the preference changes */
if(first_time){
first_time = FALSE;
read_keytab_file(keytab_filename);
}
if (keytype != KEYTYPE_DES3_CBC_MD5 || service_key_list == NULL) { if (keytype != KEYTYPE_DES3_CBC_MD5 || service_key_list == NULL) {
return NULL; return NULL;
} }
@ -3752,6 +3757,13 @@ dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
return offset; return offset;
} }
void
kerberos_prefs_apply_cb(void) {
#ifdef HAVE_LIBNETTLE
clear_keytab();
read_keytab_file(keytab_filename);
#endif
}
void void
proto_register_kerberos(void) proto_register_kerberos(void)
@ -4213,7 +4225,7 @@ proto_register_kerberos(void)
proto_register_subtree_array(ett, array_length(ett)); proto_register_subtree_array(ett, array_length(ett));
/* Register preferences */ /* Register preferences */
krb_module = prefs_register_protocol(proto_kerberos, NULL); krb_module = prefs_register_protocol(proto_kerberos, kerberos_prefs_apply_cb);
prefs_register_bool_preference(krb_module, "desegment", prefs_register_bool_preference(krb_module, "desegment",
"Reassemble Kerberos over TCP messages spanning multiple TCP segments", "Reassemble Kerberos over TCP messages spanning multiple TCP segments",
"Whether the Kerberos dissector should reassemble messages spanning multiple TCP segments." "Whether the Kerberos dissector should reassemble messages spanning multiple TCP segments."