static int hf_dcerpc_cn_bind_trans_btfn = -1;
static int hf_dcerpc_cn_bind_trans_btfn_01 = -1;
static int hf_dcerpc_cn_bind_trans_btfn_02 = -1;
+static int hf_dcerpc_cn_bind_trans_btfn_04 = -1;
+static int hf_dcerpc_cn_bind_trans_btfn_08 = -1;
static int hf_dcerpc_cn_alloc_hint = -1;
static int hf_dcerpc_cn_sec_addr_len = -1;
static int hf_dcerpc_cn_sec_addr = -1;
static int hf_dcerpc_sec_vt_bitmask_sign = -1;
static int hf_dcerpc_sec_vt_pcontext_uuid = -1;
static int hf_dcerpc_sec_vt_pcontext_ver = -1;
+static int hf_dcerpc_sec_vt_preauth_salt = -1;
+static int hf_dcerpc_sec_vt_preauth_sha512 = -1;
static int * const sec_vt_command_fields[] = {
&hf_dcerpc_sec_vt_command_cmd,
static int * const dcerpc_cn_bind_trans_btfn_fields[] = {
&hf_dcerpc_cn_bind_trans_btfn_01,
&hf_dcerpc_cn_bind_trans_btfn_02,
+ &hf_dcerpc_cn_bind_trans_btfn_04,
+ &hf_dcerpc_cn_bind_trans_btfn_08,
NULL
};
{1, "BITMASK_1"},
{2, "PCONTEXT"},
{3, "HEADER2"},
+ {4, "PREAUTH"},
{0, NULL}
};
static gint ett_dcerpc_sec_vt_bitmask = -1;
static gint ett_dcerpc_sec_vt_pcontext = -1;
static gint ett_dcerpc_sec_vt_header = -1;
+static gint ett_dcerpc_sec_vt_preauth = -1;
static gint ett_dcerpc_complete_stub_data = -1;
static gint ett_dcerpc_fault_flags = -1;
static gint ett_dcerpc_fault_stub_data = -1;
proto_item_set_len(ti, offset);
}
+static void
+dissect_sec_vt_preauth(packet_info *pinfo _U_, proto_tree *tree, tvbuff_t *tvb)
+{
+ int offset = 0;
+ guint8 salt[16];
+ guint8 sha512[64];
+ proto_item *ti = NULL;
+ proto_tree *tr = proto_tree_add_subtree(tree, tvb, offset, -1,
+ ett_dcerpc_sec_vt_preauth,
+ &ti, "preauth");
+
+ tvb_memcpy(tvb, salt, offset, 16);
+ proto_tree_add_bytes(tr, hf_dcerpc_sec_vt_preauth_salt, tvb, offset, 16, salt);
+ offset += 16;
+
+ tvb_memcpy(tvb, sha512, offset, 64);
+ proto_tree_add_bytes(tr, hf_dcerpc_sec_vt_preauth_sha512, tvb, offset, 64, sha512);
+ offset += 64;
+
+ proto_item_set_len(ti, offset);
+}
+
static int
dissect_verification_trailer_impl(packet_info *pinfo, tvbuff_t *tvb, int stub_offset,
proto_tree *parent_tree, int *signature_offset)
SEC_VT_COMMAND_BITMASK_1 = 0x0001,
SEC_VT_COMMAND_PCONTEXT = 0x0002,
SEC_VT_COMMAND_HEADER2 = 0x0003,
+ SEC_VT_COMMAND_PREAUTH = 0x0004,
SEC_VT_COMMAND_END = 0x4000,
SEC_VT_MUST_PROCESS_COMMAND = 0x8000,
SEC_VT_COMMAND_MASK = 0x3fff,
case SEC_VT_COMMAND_HEADER2:
dissect_sec_vt_header(pinfo, tr, cmd_tvb);
break;
+ case SEC_VT_COMMAND_PREAUTH:
+ dissect_sec_vt_preauth(pinfo, tr, cmd_tvb);
+ break;
default:
proto_tree_add_item(tr, hf_dcerpc_unknown, cmd_tvb, 0, len, ENC_NA);
break;
{ "Security Context Multiplexing Supported", "dcerpc.cn_bind_trans_btfn.01", FT_BOOLEAN, 16, NULL, 0x01, NULL, HFILL }},
{ &hf_dcerpc_cn_bind_trans_btfn_02,
{ "Keep Connection On Orphan Supported", "dcerpc.cn_bind_trans_btfn.02", FT_BOOLEAN, 16, NULL, 0x02, NULL, HFILL }},
+ { &hf_dcerpc_cn_bind_trans_btfn_04,
+ { "Support SHA512 PREAUTH Verification", "dcerpc.cn_bind_trans_btfn.04", FT_BOOLEAN, 16, NULL, 0x04, NULL, HFILL }},
+ { &hf_dcerpc_cn_bind_trans_btfn_08,
+ { "Support protection of all PDUs", "dcerpc.cn_bind_trans_btfn.08", FT_BOOLEAN, 16, NULL, 0x08, NULL, HFILL }},
{ &hf_dcerpc_cn_alloc_hint,
{ "Alloc hint", "dcerpc.cn_alloc_hint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_sec_addr_len,
{"UUID", "dcerpc.rpc_sec_vt.pcontext.interface.uuid", FT_GUID, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_dcerpc_sec_vt_pcontext_ver,
{"Version", "dcerpc.rpc_sec_vt.pcontext.interface.ver", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
+ { &hf_dcerpc_sec_vt_preauth_salt,
+ {"Salt", "dcerpc.rpc_sec_vt.preauth.salt", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
+ { &hf_dcerpc_sec_vt_preauth_sha512,
+ {"SHA512 Hash", "dcerpc.rpc_sec_vt.preauth.sha512", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_reserved,
{"Reserved", "dcerpc.reserved", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_dcerpc_unknown,
&ett_dcerpc_sec_vt_bitmask,
&ett_dcerpc_sec_vt_pcontext,
&ett_dcerpc_sec_vt_header,
+ &ett_dcerpc_sec_vt_preauth,
&ett_dcerpc_complete_stub_data,
&ett_dcerpc_fault_flags,
&ett_dcerpc_fault_stub_data,