From: Tim Potter <tpot@samba.org>
Date: Thu, 15 May 2003 01:59:23 +0000 (-0000)
Subject: Dissect authentication data for netlogon secure channel bind and bind acks.
X-Git-Url: http://git.samba.org/?p=metze%2Fwireshark%2Fwip.git;a=commitdiff_plain;h=602a62e38a8fb00544e637cc3d3f9c43b2f9b7bd

Dissect authentication data for netlogon secure channel bind and bind acks.

Also, recommit a change lost in the hardware failure which was to note the
type of a DCE/RPC fragment when noting it in COL_INFO.  A fragment can be
either a first, middle, last or whole (first+last) fragment.

svn path=/trunk/; revision=7666
---

diff --git a/packet-dcerpc.c b/packet-dcerpc.c
index 20a6a2c812..f48f45fc09 100644
--- a/packet-dcerpc.c
+++ b/packet-dcerpc.c
@@ -2,7 +2,7 @@
  * Routines for DCERPC packet disassembly
  * Copyright 2001, Todd Sabin <tas@webspan.net>
  *
- * $Id: packet-dcerpc.c,v 1.121 2003/05/14 22:09:52 sharpe Exp $
+ * $Id: packet-dcerpc.c,v 1.122 2003/05/15 01:59:23 tpot Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -40,6 +40,7 @@
 #include "packet-frame.h"
 #include "packet-ntlmssp.h"
 #include "packet-dcerpc-nt.h"
+#include "packet-dcerpc-netlogon.h"
 
 static int dcerpc_tap = -1;
 
@@ -1891,12 +1892,28 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr
 	    }
 
 	    case DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN: {
-
-		/* TODO: Fill me in when we know what goes here */
-
-		proto_tree_add_text (dcerpc_tree, tvb, offset, hdr->auth_len,
-				     "Secure Channel Auth Credentials");
-		break;
+		    tvbuff_t *secchan_tvb;
+
+		    secchan_tvb = tvb_new_subset(
+			    tvb, offset, hdr->auth_len, hdr->auth_len);
+
+		    switch(hdr->ptype) {
+		    case PDU_BIND:
+			    netlogon_dissect_secchan_bind_creds(
+				    secchan_tvb, 0, pinfo, dcerpc_tree, 
+				    hdr->drep);
+			    break;
+		    case PDU_BIND_ACK:
+			    netlogon_dissect_secchan_bind_ack_creds(
+				    secchan_tvb, 0, pinfo, dcerpc_tree, 
+				    hdr->drep);
+			    break;
+		    default:
+			    proto_tree_add_text(
+				    dcerpc_tree, secchan_tvb, 0, hdr->auth_len,
+				    "Secure Channel Credentials");
+		    }
+		    break;
 	    }
 
 	    default:
@@ -2238,6 +2255,31 @@ dissect_dcerpc_cn_bind_nak (tvbuff_t *tvb, gint offset, packet_info *pinfo,
     }
 }
 
+/* Return a string describing a DCE/RPC fragment as first, middle, or end
+   fragment. */
+
+#define PFC_FRAG_MASK  0x03
+
+static char *
+fragment_type(guint8 flags)
+{
+	flags = flags & PFC_FRAG_MASK;
+
+	if (flags == PFC_FIRST_FRAG)
+		return "first";
+
+	if (flags == 0)
+		return "middle";
+
+	if (flags == PFC_LAST_FRAG)
+		return "last";
+
+	if (flags == (PFC_FIRST_FRAG | PFC_LAST_FRAG))
+		return "whole";
+
+	return "unknown";
+}
+
 static void
 dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
                         proto_tree *dcerpc_tree, proto_tree *tree,
@@ -2389,7 +2431,7 @@ end_cn_stub:
 	    proto_tree_add_uint(dcerpc_tree, hf_dcerpc_reassembled_in, tvb, 0, 0, fd_head->reassembled_in);
 	    if (check_col(pinfo->cinfo, COL_INFO)) {
 		col_append_fstr(pinfo->cinfo, COL_INFO,
-			" [DCE/RPC fragment]");
+			" [DCE/RPC %s fragment]", fragment_type(hdr->flags));
 	    }
 	}
     } else {
@@ -2397,7 +2439,7 @@ end_cn_stub:
 	   are missing */
 	if (check_col(pinfo->cinfo, COL_INFO)) {
 	    col_append_fstr(pinfo->cinfo, COL_INFO,
-			" [DCE/RPC fragment]");
+			" [DCE/RPC %s fragment]", fragment_type(hdr->flags));
 	}
     }