On Tue, 30 Sep 2003, Frank Cusack wrote:
> Hi,
>
> I'd like to be able to verify NFS rpcsec_gss credentials/verifiers. My idea
> is that I have my kernel dump the key used, and I import that into ethereal,
> associating it with a specific context handle.
OK, similar things are possible with CIFS, from what I can see ...
> - Where is the best place to add code to do the validation? Is this
> suitable for a plugin?
I would suggest that perhaps we don't want a plugin. The approach that the
NTLMSSP code takes is to have a preference where you can enter the
password, but means all NTLMSSP sessions use the same info.
What would be good is to be able to select a conversation and add
per-conversation data, in this case, the key.
However, that will require some additional infrastructure and a way to
extend the concept of conversations beyond simply tcp (although that
might already be there).
> - Where is the easiest place to add this code, if different than the above?
All over the place, I think. Some in the gtk directory, then some in
conversations.c or whatever, and finally, some in the RPC dissector or the
NFS dissector.
> - What is the fastest way to have ethereal read the key info? I figured
> on just creating some well known filename which the plugin or nfs
> dissector (?) would read. Say /tmp/ethereal.nfs.rpcsec_gss.<handle>
> which would contain the key in 0x ascii-hex format (and where <handle>
> is in ascii-hex format).
Have the user specify it from the GUI and or command line (for tethereal).
> - Would you include this in the distribution?
Yes.
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
