search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MSWSP: fix dissect_mswsp_smb()
[wireshark-wip.git] / epan / dissectors / packet-negoex.c
bloba0ce91728fda80cc0313d0549aa070c365a00176
1 /* packet-negoex.c
2 * Dissect the NEGOEX security protocol
3 * as described here: http://tools.ietf.org/id/draft-zhu-negoex-04.txt
4 * Copyright 2012 Richard Sharpe <realrichardsharpe@gmail.com>
5 * Routines for SPNEGO Extended Negotiation Security Mechanism
6 *
7 * $Id$
8 *
9 * Wireshark - Network traffic analyzer
10 * By Gerald Combs <gerald@wireshark.org>
11 * Copyright 1998 Gerald Combs
12 *
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27
28 #include "config.h"
29
30 #include <glib.h>
31 #include <epan/packet.h>
32 #include <epan/exceptions.h>
33 #include <epan/show_exception.h>
34
35 #include "packet-dcerpc.h"
36 #include "packet-gssapi.h"
37
38 static int proto_negoex = -1;
39 static int hf_negoex_sig = -1;
40 static int hf_negoex_message_type = -1;
41 static int hf_negoex_sequence_num = -1;
42 static int hf_negoex_header_len = -1;
43 static int hf_negoex_message_len = -1;
44 static int hf_negoex_conversation_id = -1;
45 static int hf_negoex_random = -1;
46 static int hf_negoex_proto_version = -1;
47 static int hf_negoex_authscheme = -1;
48 static int hf_negoex_authscheme_vector_offset = -1;
49 static int hf_negoex_authscheme_vector_count = -1;
50 static int hf_negoex_authscheme_vector_pad = -1;
51 static int hf_negoex_extension = -1;
52 static int hf_negoex_extension_vector_offset = -1;
53 static int hf_negoex_extension_vector_count = -1;
54 static int hf_negoex_extension_vector_pad = -1;
55 static int hf_negoex_exchange_vector_offset = -1;
56 static int hf_negoex_exchange_vector_count = -1;
57 static int hf_negoex_exchange_vector_pad = -1;
58 static int hf_negoex_exchange = -1;
59 static int hf_negoex_checksum_scheme = -1;
60 static int hf_negoex_checksum_type = -1;
61 static int hf_negoex_checksum_vector_offset = -1;
62 static int hf_negoex_checksum_vector_count = -1;
63 static int hf_negoex_checksum_vector_pad = -1;
64 static int hf_negoex_checksum = -1;
65 static int hf_negoex_errorcode = -1;
66
67 static gint ett_negoex = -1;
68 static gint ett_negoex_msg = -1;
69 static gint ett_negoex_hdr = -1;
70 static gint ett_negoex_authscheme_vector = -1;
71 static gint ett_negoex_extension_vector = -1;
72 static gint ett_negoex_exchange = -1;
73 static gint ett_negoex_checksum = -1;
74 static gint ett_negoex_checksum_vector = -1;
75 static gint ett_negoex_byte_vector = -1;
76
77 /* If you add more message types, add them in sequence and update MAX_MSG */
78 #define MESSAGE_TYPE_INITIATOR_NEGO 0
79 #define MESSAGE_TYPE_ACCEPTOR_NEGO 1
80 #define MESSAGE_TYPE_INITIATOR_META_DATA 2
81 #define MESSAGE_TYPE_ACCEPTOR_META_DATA 3
82 #define MESSAGE_TYPE_CHALLENGE 4
83 #define MESSAGE_TYPE_AP_REQUEST 5
84 #define MESSAGE_TYPE_VERIFY 6
85 #define MESSAGE_TYPE_ALERT 7
86 #define MESSAGE_TYPE_MAX_MSG MESSAGE_TYPE_ALERT
87
88 static const value_string negoex_message_types[] = {
89 {MESSAGE_TYPE_INITIATOR_NEGO, "INITATOR_NEGO"},
90 {MESSAGE_TYPE_ACCEPTOR_NEGO, "ACCEPTOR_NEGO"},
91 {MESSAGE_TYPE_INITIATOR_META_DATA, "INITIATOR_META_DATA"},
92 {MESSAGE_TYPE_ACCEPTOR_META_DATA, "ACCEPTOR_META_DATA"},
93 {MESSAGE_TYPE_CHALLENGE, "CHALLENGE"},
94 {MESSAGE_TYPE_AP_REQUEST, "AP_REQUEST"},
95 {MESSAGE_TYPE_VERIFY, "VERIFY"},
96 {MESSAGE_TYPE_ALERT, "ALERT"},
97 {0, NULL}
98 };
99
100 static const value_string checksum_schemes[] = {
101 {1, "rfc3961"},
102 {0, NULL}
103 };
104
105 #if 0
106 static const value_string alert_types[] = {
107 {1, "ALERT_TYPE_PULSE"},
108 {0, NULL}
109 };
110
111 static const value_string alert_reasons[] = {
112 {1, "ALERT_VERIFY_NO_KEY"},
113 {0, NULL}
114 };
115 #endif
116
117 static void
118 dissect_negoex_alert_message(tvbuff_t *tvb,
119 packet_info *pinfo _U_,
120 proto_tree *tree,
121 guint32 start_off)
122 {
123 guint32 offset;
124
125 offset = start_off;
126
127 /* AuthScheme */
128 proto_tree_add_item(tree, hf_negoex_authscheme, tvb, offset, 16, ENC_LITTLE_ENDIAN);
129 offset += 16;
130
131 /* ErrorCode, an NTSTATUS :-) */
132 proto_tree_add_item(tree, hf_negoex_errorcode, tvb, offset, 4, ENC_LITTLE_ENDIAN);
133 offset += 4;
134
135 /* The rest */
136 proto_tree_add_text(tree, tvb, offset, tvb_length(tvb) - offset,
137 "The rest of the alert message");
138
139 }
140
141 static void
142 dissect_negoex_verify_message(tvbuff_t *tvb,
143 packet_info *pinfo _U_,
144 proto_tree *tree,
145 guint32 start_off)
146 {
147 guint32 offset;
148 guint32 checksum_vector_offset;
149 guint32 checksum_vector_count;
150 proto_item *pi;
151 proto_tree *checksum;
152 proto_item *pi_chk;
153 proto_tree *checksum_vector;
154
155 offset = start_off;
156
157 /* AuthScheme */
158 proto_tree_add_item(tree, hf_negoex_authscheme, tvb, offset, 16, ENC_LITTLE_ENDIAN);
159 offset += 16;
160
161 /* Checksum */
162 pi = proto_tree_add_text(tree, tvb, offset, 20, "Checksum");
163 checksum = proto_item_add_subtree(pi, ett_negoex_checksum);
164
165 /* cbHeaderLength */
166 proto_tree_add_item(checksum, hf_negoex_header_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
167 offset += 4;
168
169 /* ChecksumScheme */
170 proto_tree_add_item(checksum, hf_negoex_checksum_scheme, tvb, offset, 4, ENC_LITTLE_ENDIAN);
171 offset += 4;
172
173 /* ChecksumType */
174 proto_tree_add_item(checksum, hf_negoex_checksum_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
175 offset += 4;
176
177 /* Checksum Byte Vector */
178 checksum_vector_offset = tvb_get_letohl(tvb, offset);
179 checksum_vector_count = tvb_get_letohs(tvb, offset + 4);
180
181 pi_chk = proto_tree_add_text(checksum, tvb, offset, 8,
182 "Checksum Vector: %u at %u",
183 checksum_vector_count,
184 checksum_vector_offset);
185 checksum_vector = proto_item_add_subtree(pi_chk, ett_negoex_checksum_vector);
186
187 proto_tree_add_item(checksum_vector, hf_negoex_checksum_vector_offset, tvb,
188 offset, 4, ENC_LITTLE_ENDIAN);
189 offset += 4;
190
191 proto_tree_add_item(checksum_vector, hf_negoex_checksum_vector_count, tvb,
192 offset, 2, ENC_LITTLE_ENDIAN);
193 offset += 2;
194
195 proto_tree_add_item(checksum_vector, hf_negoex_checksum_vector_pad, tvb,
196 offset, 2, ENC_NA);
197 /*offset += 2;*/
198
199 proto_tree_add_item(checksum_vector, hf_negoex_checksum, tvb,
200 checksum_vector_offset, checksum_vector_count, ENC_NA);
201
202 }
203
204 static void
205 dissect_negoex_exchange_message(tvbuff_t *tvb,
206 packet_info *pinfo _U_,
207 proto_tree *tree,
208 guint32 start_off)
209 {
210 guint32 offset;
211 guint32 exchange_vector_offset;
212 guint32 exchange_vector_count;
213 proto_item *pi;
214 proto_tree *exchange_vector;
215
216 offset = start_off;
217
218 /* AuthScheme */
219 proto_tree_add_item(tree, hf_negoex_authscheme, tvb, offset, 16, ENC_LITTLE_ENDIAN);
220 offset += 16;
221
222 /* Exchange Byte Vector */
223 exchange_vector_offset = tvb_get_letohl(tvb, offset);
224 exchange_vector_count = tvb_get_letohs(tvb, offset + 4);
225
226 pi = proto_tree_add_text(tree, tvb, offset, 8, "Exchange: %u bytes at %u",
227 exchange_vector_count, exchange_vector_offset);
228 exchange_vector = proto_item_add_subtree(pi, ett_negoex_exchange);
229
230 proto_tree_add_item(exchange_vector, hf_negoex_exchange_vector_offset, tvb,
231 offset, 4, ENC_LITTLE_ENDIAN);
232 offset += 4;
233
234 proto_tree_add_item(exchange_vector, hf_negoex_exchange_vector_count, tvb,
235 offset, 2, ENC_LITTLE_ENDIAN);
236 offset += 2;
237
238 proto_tree_add_item(exchange_vector, hf_negoex_exchange_vector_pad, tvb,
239 offset, 2, ENC_NA);
240 /*offset += 2;*/
241
242 proto_tree_add_item(exchange_vector, hf_negoex_exchange, tvb,
243 exchange_vector_offset, exchange_vector_count, ENC_NA);
244 }
245
246 /*
247 * In each of the subdissectors we are handed the whole message, but the
248 * header is already dissected. The offset tells us where in the buffer the
249 * actual data starts. This is a bit redundant, but it allows for changes
250 * to the header structure ...
251 *
252 * Eventually we want to treat the header and body differently perhaps.
253 */
254 static void
255 dissect_negoex_nego_message(tvbuff_t *tvb,
256 packet_info *pinfo _U_,
257 proto_tree *tree,
258 guint32 start_off)
259 {
260 volatile guint32 offset;
261 guint32 authscheme_vector_offset;
262 guint16 authscheme_vector_count;
263 guint32 extension_vector_offset;
264 guint32 extension_vector_count;
265 proto_item *pi, *ext_pi;
266 proto_tree *authscheme_vector;
267 proto_tree *extension_vector;
268 guint32 i;
269
270 offset = start_off;
271
272 TRY {
273 /* The Random field */
274 proto_tree_add_item(tree, hf_negoex_random, tvb, offset, 32, ENC_ASCII);
275 offset += 32;
276
277 /* Protocol version */
278 proto_tree_add_item(tree, hf_negoex_proto_version, tvb, offset, 8, ENC_LITTLE_ENDIAN);
279 offset += 8;
280
281 /* AuthScheme offset and count */
282 authscheme_vector_offset = tvb_get_letohl(tvb, offset);
283 authscheme_vector_count = tvb_get_letohs(tvb, offset + 4);
284
285 pi = proto_tree_add_text(tree, tvb, offset, 8, "AuthSchemes: %u at %u",
286 authscheme_vector_count, authscheme_vector_offset);
287 authscheme_vector = proto_item_add_subtree(pi, ett_negoex_authscheme_vector);
288 proto_tree_add_item(authscheme_vector, hf_negoex_authscheme_vector_offset,
289 tvb, offset, 4, ENC_LITTLE_ENDIAN);
290 offset += 4;
291
292 proto_tree_add_item(authscheme_vector, hf_negoex_authscheme_vector_count,
293 tvb, offset, 2, ENC_LITTLE_ENDIAN);
294 offset += 2;
295
296 proto_tree_add_item(authscheme_vector, hf_negoex_authscheme_vector_pad,
297 tvb, offset, 2, ENC_NA);
298 offset += 2;
299
300 /* Now, add the various items */
301 for (i = 0; i < authscheme_vector_count; i++) {
302 proto_tree_add_item(authscheme_vector, hf_negoex_authscheme, tvb,
303 authscheme_vector_offset + i * 16, 16, ENC_LITTLE_ENDIAN);
304 }
305
306 extension_vector_offset = tvb_get_letohl(tvb, offset);
307 extension_vector_count = tvb_get_letohs(tvb, offset + 4);
308
309 ext_pi = proto_tree_add_text(tree, tvb, offset, 8, "Extensions: %u at %u",
310 extension_vector_count, extension_vector_count);
311 extension_vector = proto_item_add_subtree(ext_pi, ett_negoex_extension_vector);
312
313 proto_tree_add_item(extension_vector, hf_negoex_extension_vector_offset,
314 tvb, offset, 4, ENC_LITTLE_ENDIAN);
315 offset += 4;
316
317 proto_tree_add_item(extension_vector, hf_negoex_extension_vector_count,
318 tvb, offset, 2, ENC_LITTLE_ENDIAN);
319 offset += 2;
320
321 proto_tree_add_item(extension_vector, hf_negoex_extension_vector_pad,
322 tvb, offset, 2, ENC_NA);
323 offset += 2;
324
325 for (i = 0; i < extension_vector_count; i++) {
326 guint32 byte_vector_offset, byte_vector_count;
327 proto_item *bv_pi;
328 proto_tree *bv_tree;
329
330 /*
331 * Dissect these things ... they consist of a byte vector, so we
332 * add a subtree and point to the relevant bytes
333 */
334 byte_vector_offset = tvb_get_letohl(tvb, offset);
335 byte_vector_count = tvb_get_letohs(tvb, offset + 4);
336
337 bv_pi = proto_tree_add_text(extension_vector, tvb,
338 extension_vector_offset + i * 8, 8,
339 "Extension: %u bytes at %u",
340 byte_vector_count, byte_vector_offset);
341 bv_tree = proto_item_add_subtree(bv_pi, ett_negoex_byte_vector);
342
343 proto_tree_add_item(bv_tree, hf_negoex_extension, tvb,
344 byte_vector_offset, byte_vector_count, ENC_NA);
345 }
346
347
348 } ENDTRY;
349
350 }
351
352 static void
353 dissect_negoex(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
354 {
355 volatile guint32 offset;
356 proto_tree * volatile negoex_tree;
357 proto_item *tf;
358 volatile gboolean done;
359 guint32 payload_len;
360 guint32 message_len;
361 guint32 message_type;
362 guint32 header_len;
363
364 offset = 0;
365 negoex_tree = NULL;
366 tf = NULL;
367 done = FALSE;
368 payload_len = tvb_length(tvb);
369
370 /* Set up the initial NEGOEX payload */
371 if (tree) {
372 tf = proto_tree_add_item(tree, proto_negoex, tvb, offset, -1, ENC_NA);
373 negoex_tree = proto_item_add_subtree(tf, ett_negoex);
374 }
375
376 /*
377 * There can be multiple negoex messages, each with a header with a length.
378 * However, the payload might not have been reassembled ...
379 */
380
381 while (offset < payload_len && !done) {
382 proto_tree *negoex_msg_tree;
383 proto_tree *negoex_hdr_tree;
384 proto_item *msg;
385 proto_item *hdr;
386 tvbuff_t *msg_tvb;
387 guint32 start_offset;
388
389 start_offset = offset;
390
391 TRY {
392 /* Message type, it is after the signature */
393 message_type = tvb_get_letohl(tvb, offset + 8);
394
395 /* Add the message type tree ... set its length below */
396 msg = proto_tree_add_text(negoex_tree, tvb, offset, -1,
397 "NEGOEX %s",
398 val_to_str_const(message_type,
399 negoex_message_types,
400 "Unknown NEGOEX message type"));
401
402 /* Add a subtree for the message */
403 negoex_msg_tree = proto_item_add_subtree(msg, ett_negoex_msg);
404
405 /* Add a subtree for the header */
406 hdr = proto_tree_add_text(negoex_msg_tree, tvb, offset, 40, "Header");
407 negoex_hdr_tree = proto_item_add_subtree(hdr, ett_negoex_hdr);
408
409 /* Signature, NEGOEXTS */
410 proto_tree_add_item(negoex_hdr_tree, hf_negoex_sig,
411 tvb, offset, 8, ENC_ASCII | ENC_NA);
412 offset += 8;
413
414 col_append_sep_fstr(pinfo->cinfo, COL_INFO, ", ", "%s",
415 val_to_str_const(message_type,
416 negoex_message_types,
417 "Unknown NEGOEX message type"));
418 proto_tree_add_uint(negoex_hdr_tree, hf_negoex_message_type,
419 tvb, offset, 4, message_type);
420
421 /*
422 * If this is an unknown message type, we have to punt because anything
423 * following cannot be handled
424 */
425 if (message_type > MESSAGE_TYPE_MAX_MSG) {
426 offset = payload_len; /* Can't do any more */
427 goto bad_message;
428 } else {
429 offset += 4;
430 }
431
432 /* Sequence Number */
433 proto_tree_add_item(negoex_hdr_tree, hf_negoex_sequence_num,
434 tvb, offset, 4, ENC_LITTLE_ENDIAN);
435 offset += 4;
436
437 /* Header Length */
438 header_len = tvb_get_letohl(tvb, offset);
439 proto_tree_add_uint(negoex_hdr_tree, hf_negoex_header_len,
440 tvb, offset, 4, header_len);
441 offset += 4;
442
443 /* Message Length */
444 message_len = tvb_get_letohl(tvb, offset);
445 proto_tree_add_uint(negoex_hdr_tree, hf_negoex_message_len,
446 tvb, offset, 4, message_len);
447 offset += 4;
448
449 /* Set the message len so the tree item has correct len */
450 proto_item_set_len(msg, message_len);
451
452 /* Conversation ID */
453 proto_tree_add_item(negoex_hdr_tree, hf_negoex_conversation_id,
454 tvb, offset, 16, ENC_LITTLE_ENDIAN);
455 offset += 16;
456
457 /*
458 * Construct a new TVB covering just this message and pass to the
459 * sub-dissector
460 */
461 msg_tvb = tvb_new_subset(tvb,
462 start_offset,
463 MIN(message_len, tvb_length(tvb)),
464 message_len);
465
466 switch (message_type) {
467 case MESSAGE_TYPE_INITIATOR_NEGO:
468 case MESSAGE_TYPE_ACCEPTOR_NEGO:
469 dissect_negoex_nego_message(msg_tvb,
470 pinfo,
471 negoex_msg_tree,
472 offset - start_offset);
473 break;
474
475 case MESSAGE_TYPE_INITIATOR_META_DATA:
476 case MESSAGE_TYPE_ACCEPTOR_META_DATA:
477 case MESSAGE_TYPE_CHALLENGE:
478 case MESSAGE_TYPE_AP_REQUEST:
479 dissect_negoex_exchange_message(msg_tvb,
480 pinfo,
481 negoex_msg_tree,
482 offset - start_offset);
483 break;
484
485 case MESSAGE_TYPE_VERIFY:
486 dissect_negoex_verify_message(msg_tvb,
487 pinfo,
488 negoex_msg_tree,
489 offset - start_offset);
490 break;
491
492 case MESSAGE_TYPE_ALERT:
493 dissect_negoex_alert_message(msg_tvb,
494 pinfo,
495 negoex_msg_tree,
496 offset - start_offset);
497 break;
498
499 default:
500 proto_tree_add_text(negoex_msg_tree, tvb, offset, message_len - 40,
501 "The rest of the message");
502 }
503
504 offset = start_offset + message_len;
505
506 /* We cannot branch out of the TRY block, but we can branch here */
507 bad_message:
508 ;
509
510 } CATCH_NONFATAL_ERRORS {
511 done = TRUE;
512 show_exception(tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
513 } ENDTRY;
514 }
515
516 }
517
518 static void
519 negoex_init_protocol(void)
520 {
521 }
522
523 void
524 proto_register_negoex(void)
525 {
526
527 static hf_register_info hf[] = {
528 { &hf_negoex_sig,
529 { "Signature", "negoex.message.sig", FT_STRING, BASE_NONE,
530 NULL, 0x0, NULL, HFILL }},
531 { &hf_negoex_message_type,
532 { "MessageType", "negoex.message.type", FT_UINT32, BASE_HEX,
533 VALS(negoex_message_types), 0x00, NULL, HFILL }},
534 { &hf_negoex_sequence_num,
535 { "SequencNum", "negoex.message.seq_num", FT_UINT32, BASE_DEC,
536 NULL, 0x0, NULL, HFILL }},
537 { &hf_negoex_header_len,
538 { "cbHeaderLength", "negoex.header.len", FT_UINT32, BASE_DEC,
539 NULL, 0x0, NULL, HFILL }},
540 { &hf_negoex_message_len,
541 { "cbMessageLength", "negoex.message.len", FT_UINT32, BASE_DEC,
542 NULL, 0x0, NULL, HFILL }},
543 { &hf_negoex_conversation_id,
544 { "ConversationID", "negoex.message.conv_id", FT_GUID, BASE_NONE,
545 NULL, 0x0, NULL, HFILL}},
546 { &hf_negoex_random,
547 { "Random", "negoex.message.random", FT_BYTES, BASE_NONE,
548 NULL, 0x0, "Random data", HFILL }},
549 { &hf_negoex_proto_version,
550 { "ProtocolVersion", "negoex.proto_version", FT_UINT64, BASE_DEC,
551 NULL, 0x0, NULL, HFILL}},
552 { &hf_negoex_authscheme,
553 { "AuthScheme", "negoex.auth_scheme", FT_GUID, BASE_NONE,
554 NULL, 0x0, NULL, HFILL}},
555 { &hf_negoex_authscheme_vector_offset,
556 { "AuthSchemeArrayOffset", "negoex.auth_scheme_array_offset", FT_UINT32,
557 BASE_DEC, NULL, 0x0, NULL, HFILL }},
558 { &hf_negoex_authscheme_vector_count,
559 { "AuthSchemeCount", "negoex.auth_scheme_array_count", FT_UINT16,
560 BASE_DEC, NULL, 0x0, NULL, HFILL }},
561 { &hf_negoex_authscheme_vector_pad,
562 { "AuthSchemePad", "negoex.auth_scheme_array_pad", FT_BYTES,
563 BASE_NONE, NULL, 0x0, NULL, HFILL }},
564 { &hf_negoex_extension,
565 { "Extension", "negoex.extension", FT_BYTES, BASE_NONE,
566 NULL, 0x0, "Extension data", HFILL }},
567 { &hf_negoex_extension_vector_offset,
568 { "ExtensionArrayOffset", "negoex.extension_array_offset", FT_UINT32,
569 BASE_DEC, NULL, 0x0, NULL, HFILL }},
570 { &hf_negoex_extension_vector_count,
571 { "ExtensionCount", "negoex.extension_array_count", FT_UINT16,
572 BASE_DEC, NULL, 0x0, NULL, HFILL }},
573 { &hf_negoex_extension_vector_pad,
574 { "ExtensionPad", "negoex.extension_pad", FT_BYTES,
575 BASE_NONE, NULL, 0x0, NULL, HFILL }},
576 { &hf_negoex_exchange_vector_offset,
577 { "ExchangeOffset", "negoex.exchange_vec_offset", FT_UINT32, BASE_DEC,
578 NULL, 0x0, NULL, HFILL}},
579 { &hf_negoex_exchange_vector_count,
580 { "ExchangeByteCount", "negoex.exchange_vec_byte_count", FT_UINT16,
581 BASE_DEC, NULL, 0x0, NULL, HFILL}},
582 { &hf_negoex_exchange_vector_pad,
583 { "ExchangePad", "negoex.exchange_vec_pad", FT_BYTES, BASE_NONE,
584 NULL, 0x0, NULL, HFILL}},
585 { &hf_negoex_exchange,
586 { "Exchange Bytes", "negoex.exchange", FT_BYTES, BASE_NONE,
587 NULL, 0x0, NULL, HFILL}},
588 { &hf_negoex_checksum_scheme,
589 { "ChecksumScheme", "negoex.checksum_scheme", FT_UINT32, BASE_DEC,
590 VALS(checksum_schemes), 0x0, NULL, HFILL}},
591 { &hf_negoex_checksum_vector_offset,
592 { "ChecksumOffset", "negoex.checksum_vec_offset", FT_UINT32, BASE_DEC,
593 NULL, 0x0, NULL, HFILL}},
594 { &hf_negoex_checksum_vector_count,
595 { "ChecksumCount", "negoex.checksum_vec_count", FT_UINT16, BASE_DEC,
596 NULL, 0x0, NULL, HFILL}},
597 { &hf_negoex_checksum_vector_pad,
598 { "ChecksumPad", "negoex.checksum_pad", FT_BYTES, BASE_NONE,
599 NULL, 0x0, NULL, HFILL}},
600 { &hf_negoex_checksum_type,
601 { "ChecksumType", "negoex.checksum_type", FT_UINT32, BASE_DEC,
602 NULL, 0x0, NULL, HFILL}},
603 { &hf_negoex_checksum,
604 { "Checksum", "negoex.checksum", FT_BYTES, BASE_NONE,
605 NULL, 0x0, NULL, HFILL}},
606 { &hf_negoex_errorcode,
607 { "ErrorCode", "negoex.errorcode", FT_UINT32, BASE_HEX,
608 NULL, 0x0, NULL, HFILL}},
609 };
610
611 static gint *ett[] = {
612 &ett_negoex,
613 &ett_negoex_msg,
614 &ett_negoex_hdr,
615 &ett_negoex_authscheme_vector,
616 &ett_negoex_extension_vector,
617 &ett_negoex_exchange,
618 &ett_negoex_checksum,
619 &ett_negoex_checksum_vector,
620 &ett_negoex_byte_vector,
621 };
622 /*module_t *negoex_module = NULL; */
623
624 proto_negoex = proto_register_protocol (
625 "SPNEGO Extended Negotiation Security Mechanism", /* name */
626 "NEGOEX", /* short name */
627 "negoex" /* abbrev */
628 );
629 proto_register_field_array(proto_negoex, hf, array_length(hf));
630 proto_register_subtree_array(ett, array_length(ett));
631 register_init_routine(&negoex_init_protocol);
632
633 /* negoex_module = prefs_register_protocol(proto_negoex, NULL);*/
634
635 register_dissector("negoex", dissect_negoex, proto_negoex);
636 }
637
638 void
639 proto_reg_handoff_negoex(void)
640 {
641 dissector_handle_t negoex_handle;
642
643 /* Register protocol with the GSS-API module */
644
645 negoex_handle = find_dissector("negoex");
646 gssapi_init_oid("1.3.6.1.4.1.311.2.2.30", proto_negoex, ett_negoex,
647 negoex_handle, NULL,
648 "NEGOEX - SPNEGO Extended Negotiation Security Mechanism");
649
650 }
651
652 /*
653 * Editor modelines - http://www.wireshark.org/tools/modelines.html
654 *
655 * Local variables:
656 * c-basic-offset: 2
657 * tab-width: 8
658 * indent-tabs-mode: nil
659 * End:
660 *
661 * vi: set shiftwidth=2 tabstop=8 expandtab:
662 * :indentSize=2:tabSize=8:noTabs=true:
663 */