| 90 | |
| 91 | |
| 92 | class GSSAPI_BLOB(ASN1_Packet): |
| 93 | ASN1_codec = ASN1_Codecs.BER |
| 94 | ASN1_root = ASN1F_GSSAPI_APPLICATION( |
| 95 | ASN1F_OID("MechType", "1.3.6.1.5.5.2"), |
| 96 | ASN1F_PACKET( |
| 97 | "innerToken", |
| 98 | None, |
| 99 | None, |
| 100 | next_cls_cb=lambda pkt: _GSSAPI_OIDS.get(pkt.MechType.val, conf.raw_layer), |
| 101 | ), |
| 102 | ) |
| 103 | |
| 104 | @classmethod |
| 105 | def dispatch_hook(cls, _pkt=None, *args, **kargs): |
| 106 | if _pkt and len(_pkt) >= 1: |
| 107 | if _pkt[0] & 0xA0 >= 0xA0: |
| 108 | from scapy.layers.spnego import SPNEGO_negToken |
| 109 | |
| 110 | # XXX: sometimes the token is raw, we should look from |
| 111 | # the session what to use here. For now: hardcode SPNEGO |
| 112 | # (THIS IS A VERY STRONG ASSUMPTION) |
| 113 | return SPNEGO_negToken |
| 114 | elif _pkt[:7] == b"NTLMSSP": |
| 115 | from scapy.layers.ntlm import NTLM_Header |
| 116 | |
| 117 | # XXX: if no mechTypes are provided during SPNEGO exchange, |
| 118 | # Windows falls back to a plain NTLM_Header. |
| 119 | return NTLM_Header.dispatch_hook(_pkt=_pkt, *args, **kargs) |
| 120 | elif BER_id_dec(_pkt)[0] & 0x7F > 0x60: |
| 121 | from scapy.layers.kerberos import Kerberos |
| 122 | |
| 123 | # XXX: Heuristic to detect raw Kerberos packets, when Windows |
| 124 | # fallsback or when the parent data hasn't got any mechtype specified. |
| 125 | return Kerberos |
| 126 | return cls |
| 127 | |
| 128 | |
| 129 | # Same but to store the signatures (e.g. DCE/RPC) |
no test coverage detected