Wireshark-dev: [Wireshark-dev] tshark -K option not handled correctly in --disable-wireshark bu
Hello,
I'm building Wireshark 1.2.5 (but the same situation appears to exist in
1.2.6 and 1.3.2). I'm using it for a special purpose, and only need the
command-line tshark, and I don't have the environment set up to build the
GTK-based code. So I configured the build with --disable-wireshark.
When I run the resulting tshark with the -K keytab option to decrypt/dissect
some Kerberos packets, they fail to decrypt. I tracked this down to the
code in epan/dissectors/packet-kerberos.c. The bool krb_decrypt is never
set to TRUE, thus causing the decrypt routines to exit without doing
anything. As I understand it, in normal circumstances that bool is set via
its address being passed into the register_preference mechanism, which then
sets it via the Wireshark GUI and whatever times the user selects that. I
don't quite see how it gets set from the wireshark -K option, but I didn't
follow that code. But from the tshark -K option alone, certainly when the
Wireshark code is excluded by the --disable-wireshark setting, the bool
never gets set.
As a fix, it seems to me that whenever the read_keytab_file() function is
called in packet-kerberos.c, and the function gets past its various error
checks to its normal return point at the end, the krb_decrypt bool should be
set to TRUE before the return. Because use of the -K option (which calls
read_keytab_file) implicitly states that the user wants Kerberos decryption.
I made this change and my tshark began decrypting/dissecting a Kerberos
ticket correctly.
Am I right about this?
Thanks,
Jonathan Schilling
