Move dissection of NETLOGON secure channel auth verifier into

packet-dcerpc-netlogon.c

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7670 f5534014-38df-0310-8fa8-9805f1628bb7

diff --git a/packet-dcerpc-netlogon.c b/packet-dcerpc-netlogon.c
index 218cdf494206badccfdcce62a772c5e85f382dea..e2db33be785788e96c8f5bba213257123ad59589 100644 (file)
--- a/packet-dcerpc-netlogon.c
+++ b/packet-dcerpc-netlogon.c
@@ -3,7 +3,7 @@
  * Copyright 2001,2003 Tim Potter <tpot@samba.org>
  *  2002 structure and command dissectors by Ronnie Sahlberg
  *
- * $Id: packet-dcerpc-netlogon.c,v 1.79 2003/05/15 02:01:39 tpot Exp $
+ * $Id: packet-dcerpc-netlogon.c,v 1.80 2003/05/15 04:58:53 tpot Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -5946,6 +5946,7 @@ static int hf_netlogon_secchan_bind_ack_unknown1 = -1;
 static int hf_netlogon_secchan_bind_ack_unknown2 = -1;
 static int hf_netlogon_secchan_bind_ack_unknown3 = -1;
 
+static gint ett_secchan = -1;
 static gint ett_secchan_bind_creds = -1;
 static gint ett_secchan_bind_ack_creds = -1;
 
@@ -6029,6 +6030,42 @@ int netlogon_dissect_secchan_bind_ack_creds(tvbuff_t *tvb, int offset,
        return offset;
 }
 
+static int hf_netlogon_secchan = -1;
+static int hf_netlogon_secchan_sig = -1;
+static int hf_netlogon_secchan_unk = -1;
+static int hf_netlogon_secchan_seq = -1;
+static int hf_netlogon_secchan_nonce = -1;
+
+int netlogon_dissect_secchan_verf(tvbuff_t *tvb, int offset, 
+                                 packet_info *pinfo _U_, proto_tree *tree, 
+                                 char *drep _U_)
+{
+       proto_item *vf;
+       proto_tree *sec_chan_tree;
+       /*
+         * Create a new tree, and split into 4 components ...
+         */
+       vf = proto_tree_add_item(tree, hf_netlogon_secchan, tvb, 
+                                offset, -1, FALSE);
+       sec_chan_tree = proto_item_add_subtree(vf, ett_secchan);
+       
+       proto_tree_add_item(sec_chan_tree, hf_netlogon_secchan_sig, tvb, 
+                           offset, 8, FALSE);
+       
+       proto_tree_add_item(sec_chan_tree, hf_netlogon_secchan_unk, tvb, 
+                           offset + 8, 8, FALSE);
+       
+       proto_tree_add_item(sec_chan_tree, hf_netlogon_secchan_seq, tvb, 
+                           offset + 16, 8, FALSE);
+       
+       proto_tree_add_item(sec_chan_tree, hf_netlogon_secchan_nonce, tvb, 
+                           offset + 24, 8, FALSE);
+       
+       return offset;
+}
+
+/* Subdissectors */
+
 static dcerpc_sub_dissector dcerpc_netlogon_dissectors[] = {
        { NETLOGON_UASLOGON, "UasLogon",
                netlogon_dissect_netlogonuaslogon_rqst,
@@ -6996,6 +7033,8 @@ static hf_register_info hf[] = {
                { "Time Limit", "netlogon.time_limit", FT_RELATIVE_TIME, BASE_NONE,
                NULL, 0, "", HFILL }},
 
+       /* Secure channel dissection */
+
        { &hf_netlogon_secchan_bind_unknown1,
          { "Unknown1", "netlogon.secchan.bind.unknown1", FT_UINT32, BASE_HEX,
            NULL, 0x0, "", HFILL }},
@@ -7024,6 +7063,26 @@ static hf_register_info hf[] = {
          { "Unknown3", "netlogon.secchan.bind_ack.unknown3", FT_UINT32, 
            BASE_HEX, NULL, 0x0, "", HFILL }},
 
+        { &hf_netlogon_secchan,
+          { "Verifier", "netlogon.secchan.verifier", FT_NONE, BASE_NONE, 
+           NULL, 0x0, "Verifier", HFILL }},
+
+        { &hf_netlogon_secchan_sig,
+          { "Signature", "netlogon.secchan.sig", FT_BYTES, BASE_HEX, NULL, 
+           0x0, "Signature", HFILL }}, 
+
+        { &hf_netlogon_secchan_unk,
+          { "Unknown", "netlogon.secchan.unk", FT_BYTES, BASE_HEX, NULL, 
+          0x0, "Unknown", HFILL }}, 
+
+        { &hf_netlogon_secchan_seq,
+          { "Sequence No", "netlogon.secchan.seq", FT_BYTES, BASE_HEX, NULL, 
+          0x0, "Sequence No", HFILL }}, 
+
+        { &hf_netlogon_secchan_nonce,
+          { "Nonce", "netlogon.secchan.nonce", FT_BYTES, BASE_HEX, NULL, 
+          0x0, "Nonce", HFILL }}, 
+
        };
 
         static gint *ett[] = {
@@ -7050,7 +7109,8 @@ static hf_register_info hf[] = {
                &ett_get_dcname_request_flags,
                &ett_dc_flags,
                &ett_secchan_bind_creds,
-               &ett_secchan_bind_ack_creds
+               &ett_secchan_bind_ack_creds,
+               &ett_secchan,
         };
 
         proto_dcerpc_netlogon = proto_register_protocol(

diff --git a/packet-dcerpc-netlogon.h b/packet-dcerpc-netlogon.h
index 7f6ba0e0ba0ac5bc4c42ebe1e302550d1570a76f..266bf95769f09dc7ecf6d692dbf968da3c182d90 100644 (file)
--- a/packet-dcerpc-netlogon.h
+++ b/packet-dcerpc-netlogon.h
@@ -2,7 +2,7 @@
  * Routines for SMB \PIPE\NETLOGON packet disassembly
  * Copyright 2001,2003 Tim Potter <tpot@samba.org>
  *
- * $Id: packet-dcerpc-netlogon.h,v 1.12 2003/05/15 02:01:39 tpot Exp $
+ * $Id: packet-dcerpc-netlogon.h,v 1.13 2003/05/15 04:58:53 tpot Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -85,4 +85,8 @@ int netlogon_dissect_secchan_bind_ack_creds(tvbuff_t *tvb, int offset,
                                            packet_info *pinfo, 
                                            proto_tree *tree, char *drep);
 
+int netlogon_dissect_secchan_verf(tvbuff_t *tvb, int offset, 
+                                 packet_info *pinfo, proto_tree *tree, 
+                                 char *drep);
+
 #endif /* packet-dcerpc-netlogon.h */

diff --git a/packet-dcerpc.c b/packet-dcerpc.c
index f48f45fc09169e085344fe176424e50c66603ff2..55b8707ea77ed8287877263f47050d41f7dc9131 100644 (file)
--- a/packet-dcerpc.c
+++ b/packet-dcerpc.c
@@ -2,7 +2,7 @@
  * Routines for DCERPC packet disassembly
  * Copyright 2001, Todd Sabin <tas@webspan.net>
  *
- * $Id: packet-dcerpc.c,v 1.122 2003/05/15 01:59:23 tpot Exp $
+ * $Id: packet-dcerpc.c,v 1.123 2003/05/15 04:58:53 tpot Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -399,11 +399,6 @@ static int hf_dcerpc_fragment_multiple_tails = -1;
 static int hf_dcerpc_fragment_too_long_fragment = -1;
 static int hf_dcerpc_fragment_error = -1;
 static int hf_dcerpc_reassembled_in = -1;
-static int hf_dcerpc_sec_chan = -1;
-static int hf_dcerpc_sec_chan_sig = -1;
-static int hf_dcerpc_sec_chan_unk = -1;
-static int hf_dcerpc_sec_chan_seq = -1;
-static int hf_dcerpc_sec_chan_nonce = -1;
 
 static gint ett_dcerpc = -1;
 static gint ett_dcerpc_cn_flags = -1;
@@ -415,7 +410,6 @@ static gint ett_dcerpc_string = -1;
 static gint ett_dcerpc_fragments = -1;
 static gint ett_dcerpc_fragment = -1;
 static gint ett_decrpc_krb5_auth_verf = -1;
-static gint ett_sec_chan = -1;
 
 static dissector_handle_t ntlmssp_handle, ntlmssp_verf_handle,
   ntlmssp_enc_payload_handle;
@@ -1782,29 +1776,16 @@ dissect_dcerpc_verifier (tvbuff_t *tvb, packet_info *pinfo,
             }
     
         case DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN: {
-          proto_item *vf = NULL;
-          proto_tree *volatile sec_chan_tree = NULL;
-          /*
-           * Create a new tree, and split into 4 components ...
-           */
-          vf = proto_tree_add_item(dcerpc_tree, hf_dcerpc_sec_chan, tvb, 
-              auth_offset, -1, FALSE);
-          sec_chan_tree = proto_item_add_subtree(vf, ett_sec_chan);
-
-          proto_tree_add_item(sec_chan_tree, hf_dcerpc_sec_chan_sig, tvb, 
-              auth_offset, 8, FALSE);
-
-          proto_tree_add_item(sec_chan_tree, hf_dcerpc_sec_chan_unk, tvb, 
-              auth_offset + 8, 8, FALSE);
-
-          proto_tree_add_item(sec_chan_tree, hf_dcerpc_sec_chan_seq, tvb, 
-              auth_offset + 16, 8, FALSE);
+               tvbuff_t *secchan_tvb;
+               
+               secchan_tvb = tvb_new_subset(
+                       tvb, auth_offset, hdr->auth_len, hdr->auth_len);
 
-          proto_tree_add_item(sec_chan_tree, hf_dcerpc_sec_chan_nonce, tvb, 
-              auth_offset + 24, 8, FALSE);
+               netlogon_dissect_secchan_verf(
+                       secchan_tvb, 0, pinfo, dcerpc_tree, hdr->drep);
 
-          break;
-        }
+               break;
+       }
 
         default:
             proto_tree_add_text (dcerpc_tree, tvb, auth_offset, hdr->auth_len,
@@ -4219,22 +4200,6 @@ proto_register_dcerpc (void)
          { "Time from request", "dcerpc.time", FT_RELATIVE_TIME, BASE_NONE, NULL, 0, "Time between Request and Reply for DCE-RPC calls", HFILL }},
        { &hf_dcerpc_reassembled_in,
          { "This PDU is reassembled in", "dcerpc.reassembled_in", FT_FRAMENUM, BASE_NONE, NULL, 0x0, "The DCE/RPC PDU is completely reassembled in this frame", HFILL }},
-        { &hf_dcerpc_sec_chan,
-          { "Verifier", "verifier", FT_NONE, BASE_NONE, NULL, 0x0, "Verifier",
-          HFILL }},
-        { &hf_dcerpc_sec_chan_sig,
-          { "Signature", "dcerpc.sec_chan.sig", FT_BYTES, BASE_HEX, NULL, 
-          0x0, "Signature", HFILL }}, 
-        { &hf_dcerpc_sec_chan_unk,
-          { "Unknown", "dcerpc.sec_chan.unk", FT_BYTES, BASE_HEX, NULL, 
-          0x0, "Unknown", HFILL }}, 
-        { &hf_dcerpc_sec_chan_seq,
-          { "Sequence No", "dcerpc.sec_chan.seq", FT_BYTES, BASE_HEX, NULL, 
-          0x0, "Sequence No", HFILL }}, 
-        { &hf_dcerpc_sec_chan_nonce,
-          { "Nonce", "dcerpc.sec_chan.nonce", FT_BYTES, BASE_HEX, NULL, 
-          0x0, "Nonce", HFILL }}, 
-
    };
     static gint *ett[] = {
         &ett_dcerpc,
@@ -4247,7 +4212,6 @@ proto_register_dcerpc (void)
         &ett_dcerpc_fragments,
         &ett_dcerpc_fragment,
         &ett_decrpc_krb5_auth_verf,
-        &ett_sec_chan,
     };
     module_t *dcerpc_module;