Or
#ifdef HAVE_KERBEROS
#define _U_IF_NO_KERBEROS_
#else
#define _U_IF_NO_KERBEROS_ _U_
#endif
...
static guint32 get_keytab_as_list(md4_pass **p_pass_list, const
char* ntlm_pass _U_IF_NO_KERBEROS_ )
or maybe only define get_keytab_as_list() *at all* if we have Kerberos and do
#ifdef HAVE_KERBEROS
guint32 list_size = 0;
#endif
...
#ifdef HAVE_KERBEROS
list_size = get_keytab_as_list(&pass_list,gbl_nt_password);
#endif
if( flags & NETLOGON_FLAG_STRONGKEY ) {
#ifdef HAVE_KERBEROS
guint8 zeros[4];
guint8 md5[16];
md5_state_t md5state;
guint8 buf[8];
guint64 calculated_cred;
memset(zeros,0,4);
md5_init(&md5state);
md5_append(&md5state,zeros,4);
md5_append(&md5state,(unsigned char*)&vars->client_challenge,8);
md5_append(&md5state,(unsigned char*)&vars->server_challenge,8);
md5_finish(&md5state,md5);
printnbyte(md5,8,"MD5:","\n");
printnbyte((guint8*)&vars->client_challenge,8,"Client
challenge:","\n");
printnbyte((guint8*)&vars->server_challenge,8,"Server
challenge:","\n");
printnbyte((guint8*)&server_cred,8,"Server creds:","\n");
for(i=0;i<list_size;i++)
{
password = pass_list[i];
md5_hmac(md5,16,(guint8*) &password,16,session_key);
crypt_des_ecb(buf,(unsigned
char*)&vars->server_challenge,session_key,1);
crypt_des_ecb((unsigned
char*)&calculated_cred,buf,session_key+7,1);
#if 0
printnbyte((guint8*)&calculated_cred,8,"Calculated
creds:","\n");
#endif
if(calculated_cred==server_cred) {
found = 1;
break;
}
}
#endif
}
so we don't bother with any of that stuff if we don't have Kerberos support (no
point in doing all the MD5 work if we don't have any keys to test the result
with), or some other flavor of restructuring along those lines.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
