* Routines for SMB net logon packet dissection
* Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com>
*
- * $Id: packet-smb-logon.c,v 1.30 2003/04/03 02:22:30 tpot Exp $
+ * $Id: packet-smb-logon.c,v 1.36 2003/11/19 03:53:32 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
*/
#include "packet-smb-common.h"
-#include "packet-smb-logon.h"
static int proto_smb_logon = -1;
static int hf_command = -1;
static int
dissect_smb_pdc_query(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset)
{
+ char *name;
+
/*** 0x07 Query for Primary PDC ***/
/* computer name */
- offset = display_ms_string(tvb, tree, offset, hf_computer_name, NULL);
+ offset = display_ms_string(tvb, tree, offset, hf_computer_name, &name);
+
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO, " from %s", name);
+
+ g_free(name);
/* mailslot name */
offset = display_ms_string(tvb, tree, offset, hf_mailslot_name, NULL);
if (offset % 2) offset++; /* word align ... */
/* Unicode computer name */
- offset = display_unicode_string(tvb, tree, offset, hf_unicode_computer_name);
+ offset = display_unicode_string(tvb, tree, offset, hf_unicode_computer_name, NULL);
/* NT version */
proto_tree_add_item(tree, hf_nt_version, tvb, offset, 4, TRUE);
/* A short Announce will not have the rest */
if (tvb_reported_length_remaining(tvb, offset) != 0) {
+ char *name = NULL;
if (offset % 2) offset++; /* word align ... */
/* pdc name */
- offset = display_unicode_string(tvb, tree, offset, hf_unicode_pdc_name);
+ offset = display_unicode_string(tvb, tree, offset, hf_unicode_pdc_name, &name);
+
+ if (name && check_col(pinfo->cinfo, COL_INFO)) {
+ col_append_fstr(pinfo->cinfo, COL_INFO, ": host %s", name);
+ g_free(name);
+ name = NULL;
+ }
if (offset % 2) offset++;
/* domain name */
- offset = display_unicode_string(tvb, tree, offset, hf_domain_name);
+ offset = display_unicode_string(tvb, tree, offset, hf_domain_name, &name);
+
+ if (name && check_col(pinfo->cinfo, COL_INFO)) {
+ col_append_fstr(pinfo->cinfo, COL_INFO, ", domain %s", name);
+ g_free(name);
+ name = NULL;
+ }
/* NT version */
proto_tree_add_item(tree, hf_nt_version, tvb, offset, 4, TRUE);
* XXX - older protocol versions don't have this stuff?
*/
/* pdc name */
- offset = display_unicode_string(tvb, tree, offset, hf_unicode_pdc_name);
+ offset = display_unicode_string(tvb, tree, offset, hf_unicode_pdc_name, NULL);
/* domain name */
- offset = display_unicode_string(tvb, tree, offset, hf_domain_name);
+ offset = display_unicode_string(tvb, tree, offset, hf_domain_name, NULL);
/* DB count */
info_count = tvb_get_letohl(tvb, offset);
/* Domain SID */
offset = dissect_nt_sid(
- tvb, offset, tree, "Domain", NULL);
+ tvb, offset, tree, "Domain", NULL, -1);
}
/* NT version */
offset += 2;
/* computer name */
- offset = display_unicode_string(tvb, tree, offset, hf_unicode_computer_name);
+ offset = display_unicode_string(tvb, tree, offset, hf_unicode_computer_name, NULL);
/* user name */
- offset = display_unicode_string(tvb, tree, offset, hf_user_name);
+ offset = display_unicode_string(tvb, tree, offset, hf_user_name, NULL);
/* mailslot name */
offset = display_ms_string(tvb, tree, offset, hf_mailslot_name, NULL);
offset = ((offset + 3)/4)*4;
/* Domain SID */
- offset = dissect_nt_sid(tvb, offset, tree, "Domain", NULL);
+ offset = dissect_nt_sid(tvb, offset, tree, "Domain", NULL, -1);
}
/* NT version */
/* Netlogon command 0x13 - decode the SAM logon response from server */
/* server name */
- offset = display_unicode_string(tvb, tree, offset, hf_server_name);
+ offset = display_unicode_string(tvb, tree, offset, hf_server_name, NULL);
/* user name */
- offset = display_unicode_string(tvb, tree, offset, hf_user_name);
+ offset = display_unicode_string(tvb, tree, offset, hf_user_name, NULL);
/* domain name */
- offset = display_unicode_string(tvb, tree, offset, hf_domain_name);
+ offset = display_unicode_string(tvb, tree, offset, hf_domain_name, NULL);
/* NT version */
proto_tree_add_item(tree, hf_nt_version, tvb, offset, 4, TRUE);
#define LOGON_SAM_RESPONSE_DURING_LOGON 0x14
#define LOGON_SAM_USER_UNKNOWN 0x15
#define LOGON_SAM_INTERROGATE_RESPONSE 0x16
-#define LOGON_LAST_CMD 0x17
+#define LOGON_SAM_AD_USER_UNKNOWN 0x17
+#define LOGON_SAM_UNKNOWN_18 0x18
+#define LOGON_SAM_AD_LOGON_RESPONSE 0x19
+#define LOGON_LAST_CMD 0x20
static const value_string commands[] = {
{LOGON_LM10_LOGON_REQUEST, "LM1.0/LM2.0 LOGON Request"},
{LOGON_SAM_RESPONSE_DURING_LOGON,"SAM Response during LOGON pause"},
{LOGON_SAM_USER_UNKNOWN, "SAM Response - user unknown"},
{LOGON_SAM_INTERROGATE_RESPONSE,"SAM Response to Interrogate Request"},
+ {LOGON_SAM_AD_USER_UNKNOWN, "SAM Active Directory Response - user unknown"},
+ {LOGON_SAM_UNKNOWN_18, "SAM unknown command 0x18"},
+ {LOGON_SAM_AD_LOGON_RESPONSE, "Active Directory Response to SAM LOGON request"},
{0, NULL}
};
dissect_smb_sam_logon_req, /* 0x12 (SAM LOGON request ) */
dissect_smb_sam_logon_resp, /* 0x13 (SAM LOGON response) */
dissect_smb_unknown, /* 0x14 (SAM Response during LOGON Pause) */
- dissect_smb_unknown, /* 0x15 (SAM Response User Unknown) */
- dissect_smb_unknown, /* 0x16 (SAM Response to Interrogate) */
+ dissect_smb_unknown, /* 0x15 (SAM Response User Unknown) */
+ dissect_smb_unknown, /* 0x16 (SAM Response to Interrogate)*/
+ dissect_smb_unknown, /* 0x17 (SAM AD response User Unknown*/
+ dissect_smb_unknown, /* 0x18 (Unknown command) */
+ dissect_smb_unknown /* 0x19 (SAM LOGON AD response) */
};
-gboolean
+static void
dissect_smb_logon(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
int offset = 0;
proto_tree *smb_logon_tree = NULL;
proto_item *item = NULL;
- if (!proto_is_protocol_enabled(proto_smb_logon))
- return FALSE;
-
- pinfo->current_proto = "NETLOGON";
-
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NETLOGON");
if (check_col(pinfo->cinfo, COL_INFO))
offset = dissect_smb_unknown(tvb, pinfo, smb_logon_tree,
offset);
}
-
- return TRUE;
}
void
proto_register_field_array(proto_smb_logon, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
+
+ register_dissector("netlogon", dissect_smb_logon, proto_smb_logon);
}