MCPcopy Index your code
hub / github.com/secdev/scapy / GSSAPI_BLOB

Class GSSAPI_BLOB

scapy/layers/gssapi.py:92–126  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

90
91
92class GSSAPI_BLOB(ASN1_Packet):
93 ASN1_codec = ASN1_Codecs.BER
94 ASN1_root = ASN1F_GSSAPI_APPLICATION(
95 ASN1F_OID("MechType", "1.3.6.1.5.5.2"),
96 ASN1F_PACKET(
97 "innerToken",
98 None,
99 None,
100 next_cls_cb=lambda pkt: _GSSAPI_OIDS.get(pkt.MechType.val, conf.raw_layer),
101 ),
102 )
103
104 @classmethod
105 def dispatch_hook(cls, _pkt=None, *args, **kargs):
106 if _pkt and len(_pkt) >= 1:
107 if _pkt[0] & 0xA0 >= 0xA0:
108 from scapy.layers.spnego import SPNEGO_negToken
109
110 # XXX: sometimes the token is raw, we should look from
111 # the session what to use here. For now: hardcode SPNEGO
112 # (THIS IS A VERY STRONG ASSUMPTION)
113 return SPNEGO_negToken
114 elif _pkt[:7] == b"NTLMSSP":
115 from scapy.layers.ntlm import NTLM_Header
116
117 # XXX: if no mechTypes are provided during SPNEGO exchange,
118 # Windows falls back to a plain NTLM_Header.
119 return NTLM_Header.dispatch_hook(_pkt=_pkt, *args, **kargs)
120 elif BER_id_dec(_pkt)[0] & 0x7F > 0x60:
121 from scapy.layers.kerberos import Kerberos
122
123 # XXX: Heuristic to detect raw Kerberos packets, when Windows
124 # fallsback or when the parent data hasn't got any mechtype specified.
125 return Kerberos
126 return cls
127
128
129# Same but to store the signatures (e.g. DCE/RPC)

Callers 7

m2iMethod · 0.90
NegTokenInit2Method · 0.90
GSS_Init_sec_contextMethod · 0.90
bindMethod · 0.90
CommonAuthVerifierClass · 0.90
requestMethod · 0.90
AUTHMethod · 0.90

Calls 4

ASN1F_OIDClass · 0.90
ASN1F_PACKETClass · 0.90
getMethod · 0.45

Tested by

no test coverage detected