* Copyright 2001,2003 Tim Potter <tpot@samba.org>
* 2002 structure and command dissectors by Ronnie Sahlberg
*
- * $Id: packet-dcerpc-netlogon.c,v 1.79 2003/05/15 02:01:39 tpot Exp $
+ * $Id: packet-dcerpc-netlogon.c,v 1.80 2003/05/15 04:58:53 tpot Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
static int hf_netlogon_secchan_bind_ack_unknown2 = -1;
static int hf_netlogon_secchan_bind_ack_unknown3 = -1;
+static gint ett_secchan = -1;
static gint ett_secchan_bind_creds = -1;
static gint ett_secchan_bind_ack_creds = -1;
return offset;
}
+static int hf_netlogon_secchan = -1;
+static int hf_netlogon_secchan_sig = -1;
+static int hf_netlogon_secchan_unk = -1;
+static int hf_netlogon_secchan_seq = -1;
+static int hf_netlogon_secchan_nonce = -1;
+
+int netlogon_dissect_secchan_verf(tvbuff_t *tvb, int offset,
+ packet_info *pinfo _U_, proto_tree *tree,
+ char *drep _U_)
+{
+ proto_item *vf;
+ proto_tree *sec_chan_tree;
+ /*
+ * Create a new tree, and split into 4 components ...
+ */
+ vf = proto_tree_add_item(tree, hf_netlogon_secchan, tvb,
+ offset, -1, FALSE);
+ sec_chan_tree = proto_item_add_subtree(vf, ett_secchan);
+
+ proto_tree_add_item(sec_chan_tree, hf_netlogon_secchan_sig, tvb,
+ offset, 8, FALSE);
+
+ proto_tree_add_item(sec_chan_tree, hf_netlogon_secchan_unk, tvb,
+ offset + 8, 8, FALSE);
+
+ proto_tree_add_item(sec_chan_tree, hf_netlogon_secchan_seq, tvb,
+ offset + 16, 8, FALSE);
+
+ proto_tree_add_item(sec_chan_tree, hf_netlogon_secchan_nonce, tvb,
+ offset + 24, 8, FALSE);
+
+ return offset;
+}
+
+/* Subdissectors */
+
static dcerpc_sub_dissector dcerpc_netlogon_dissectors[] = {
{ NETLOGON_UASLOGON, "UasLogon",
netlogon_dissect_netlogonuaslogon_rqst,
{ "Time Limit", "netlogon.time_limit", FT_RELATIVE_TIME, BASE_NONE,
NULL, 0, "", HFILL }},
+ /* Secure channel dissection */
+
{ &hf_netlogon_secchan_bind_unknown1,
{ "Unknown1", "netlogon.secchan.bind.unknown1", FT_UINT32, BASE_HEX,
NULL, 0x0, "", HFILL }},
{ "Unknown3", "netlogon.secchan.bind_ack.unknown3", FT_UINT32,
BASE_HEX, NULL, 0x0, "", HFILL }},
+ { &hf_netlogon_secchan,
+ { "Verifier", "netlogon.secchan.verifier", FT_NONE, BASE_NONE,
+ NULL, 0x0, "Verifier", HFILL }},
+
+ { &hf_netlogon_secchan_sig,
+ { "Signature", "netlogon.secchan.sig", FT_BYTES, BASE_HEX, NULL,
+ 0x0, "Signature", HFILL }},
+
+ { &hf_netlogon_secchan_unk,
+ { "Unknown", "netlogon.secchan.unk", FT_BYTES, BASE_HEX, NULL,
+ 0x0, "Unknown", HFILL }},
+
+ { &hf_netlogon_secchan_seq,
+ { "Sequence No", "netlogon.secchan.seq", FT_BYTES, BASE_HEX, NULL,
+ 0x0, "Sequence No", HFILL }},
+
+ { &hf_netlogon_secchan_nonce,
+ { "Nonce", "netlogon.secchan.nonce", FT_BYTES, BASE_HEX, NULL,
+ 0x0, "Nonce", HFILL }},
+
};
static gint *ett[] = {
&ett_get_dcname_request_flags,
&ett_dc_flags,
&ett_secchan_bind_creds,
- &ett_secchan_bind_ack_creds
+ &ett_secchan_bind_ack_creds,
+ &ett_secchan,
};
proto_dcerpc_netlogon = proto_register_protocol(
* Routines for SMB \PIPE\NETLOGON packet disassembly
* Copyright 2001,2003 Tim Potter <tpot@samba.org>
*
- * $Id: packet-dcerpc-netlogon.h,v 1.12 2003/05/15 02:01:39 tpot Exp $
+ * $Id: packet-dcerpc-netlogon.h,v 1.13 2003/05/15 04:58:53 tpot Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
packet_info *pinfo,
proto_tree *tree, char *drep);
+int netlogon_dissect_secchan_verf(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
+ char *drep);
+
#endif /* packet-dcerpc-netlogon.h */
* Routines for DCERPC packet disassembly
* Copyright 2001, Todd Sabin <tas@webspan.net>
*
- * $Id: packet-dcerpc.c,v 1.122 2003/05/15 01:59:23 tpot Exp $
+ * $Id: packet-dcerpc.c,v 1.123 2003/05/15 04:58:53 tpot Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
static int hf_dcerpc_fragment_too_long_fragment = -1;
static int hf_dcerpc_fragment_error = -1;
static int hf_dcerpc_reassembled_in = -1;
-static int hf_dcerpc_sec_chan = -1;
-static int hf_dcerpc_sec_chan_sig = -1;
-static int hf_dcerpc_sec_chan_unk = -1;
-static int hf_dcerpc_sec_chan_seq = -1;
-static int hf_dcerpc_sec_chan_nonce = -1;
static gint ett_dcerpc = -1;
static gint ett_dcerpc_cn_flags = -1;
static gint ett_dcerpc_fragments = -1;
static gint ett_dcerpc_fragment = -1;
static gint ett_decrpc_krb5_auth_verf = -1;
-static gint ett_sec_chan = -1;
static dissector_handle_t ntlmssp_handle, ntlmssp_verf_handle,
ntlmssp_enc_payload_handle;
}
case DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN: {
- proto_item *vf = NULL;
- proto_tree *volatile sec_chan_tree = NULL;
- /*
- * Create a new tree, and split into 4 components ...
- */
- vf = proto_tree_add_item(dcerpc_tree, hf_dcerpc_sec_chan, tvb,
- auth_offset, -1, FALSE);
- sec_chan_tree = proto_item_add_subtree(vf, ett_sec_chan);
-
- proto_tree_add_item(sec_chan_tree, hf_dcerpc_sec_chan_sig, tvb,
- auth_offset, 8, FALSE);
-
- proto_tree_add_item(sec_chan_tree, hf_dcerpc_sec_chan_unk, tvb,
- auth_offset + 8, 8, FALSE);
-
- proto_tree_add_item(sec_chan_tree, hf_dcerpc_sec_chan_seq, tvb,
- auth_offset + 16, 8, FALSE);
+ tvbuff_t *secchan_tvb;
+
+ secchan_tvb = tvb_new_subset(
+ tvb, auth_offset, hdr->auth_len, hdr->auth_len);
- proto_tree_add_item(sec_chan_tree, hf_dcerpc_sec_chan_nonce, tvb,
- auth_offset + 24, 8, FALSE);
+ netlogon_dissect_secchan_verf(
+ secchan_tvb, 0, pinfo, dcerpc_tree, hdr->drep);
- break;
- }
+ break;
+ }
default:
proto_tree_add_text (dcerpc_tree, tvb, auth_offset, hdr->auth_len,
{ "Time from request", "dcerpc.time", FT_RELATIVE_TIME, BASE_NONE, NULL, 0, "Time between Request and Reply for DCE-RPC calls", HFILL }},
{ &hf_dcerpc_reassembled_in,
{ "This PDU is reassembled in", "dcerpc.reassembled_in", FT_FRAMENUM, BASE_NONE, NULL, 0x0, "The DCE/RPC PDU is completely reassembled in this frame", HFILL }},
- { &hf_dcerpc_sec_chan,
- { "Verifier", "verifier", FT_NONE, BASE_NONE, NULL, 0x0, "Verifier",
- HFILL }},
- { &hf_dcerpc_sec_chan_sig,
- { "Signature", "dcerpc.sec_chan.sig", FT_BYTES, BASE_HEX, NULL,
- 0x0, "Signature", HFILL }},
- { &hf_dcerpc_sec_chan_unk,
- { "Unknown", "dcerpc.sec_chan.unk", FT_BYTES, BASE_HEX, NULL,
- 0x0, "Unknown", HFILL }},
- { &hf_dcerpc_sec_chan_seq,
- { "Sequence No", "dcerpc.sec_chan.seq", FT_BYTES, BASE_HEX, NULL,
- 0x0, "Sequence No", HFILL }},
- { &hf_dcerpc_sec_chan_nonce,
- { "Nonce", "dcerpc.sec_chan.nonce", FT_BYTES, BASE_HEX, NULL,
- 0x0, "Nonce", HFILL }},
-
};
static gint *ett[] = {
&ett_dcerpc,
&ett_dcerpc_fragments,
&ett_dcerpc_fragment,
&ett_decrpc_krb5_auth_verf,
- &ett_sec_chan,
};
module_t *dcerpc_module;