Wireshark mailing list archives
Determining if we are in a request or a response in the SPNEGO dissector ...
From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Wed, 21 May 2014 17:36:56 -0700
Hi folks, I think I need to do the following to make the SPNEGO dissector more correct: Make the following changes to spnego.asn1: diff --git a/asn1/spnego/spnego.asn b/asn1/spnego/spnego.asn index 190b3f1..1f1dcf7 100644 --- a/asn1/spnego/spnego.asn +++ b/asn1/spnego/spnego.asn @@ -24,10 +24,6 @@ MechTypeList ::= SEQUENCE OF MechType -- to some flavor of "embrace, extend, expectorate" sequence from -- Microsoft. -- -PrincipalSeq ::= SEQUENCE { - principal [0] GeneralString -} - NegTokenInit ::= SEQUENCE { mechTypes [0] MechTypeList OPTIONAL, reqFlags [1] ContextFlags OPTIONAL, @@ -35,6 +31,19 @@ NegTokenInit ::= SEQUENCE { mechListMIC [3] OCTET STRING OPTIONAL } +NegHints ::= SEQUENCE { + hintName [0] GeneralString OPTIONAL, + hintAddress [1] OCTET STRING OPTIONAL +} + +NegTokenInit2 ::= SEQUENCE { + mechTypes [0] MechTypeList OPTIONAL, + reqFlags [1] ContextFlags OPTIONAL, + mechToken [2] OCTET STRING OPTIONAL, + negHints [3] NegHints OPTIONAL, + mechListMIC [4] OCTET STRING OPTIONAL +} + ContextFlags ::= BIT STRING { delegFlag (0), mutualFlag (1), ------------------------- And then, in the spnego.cnf file, include the following: #.FN_BODY NegTokenInit/mechListMIC /* Copious comments ... */ if (pinfo->ptype == PT_TCP && pinfo->srcport < 1024) { offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, NegTokenInit2_sequence, hf_index, ett_spnego_NegTokenInit); } else { offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, NegTokenInit_sequence, hf_index, ett_spnego_NegTokenInit); } ... Plus probably some more for NegHints ... Can anyone comment? Am I on the correct track? -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Determining if we are in a request or a response in the SPNEGO dissector ... Richard Sharpe (May 21)