* Copyright 2001, Tim Potter <tpot@samba.org>
* 2002 structure and command dissectors by Ronnie Sahlberg
*
- * $Id: packet-dcerpc-netlogon.c,v 1.4 2002/03/13 07:38:33 sahlberg Exp $
+ * $Id: packet-dcerpc-netlogon.c,v 1.10 2002/03/14 10:04:02 sahlberg Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
#include "packet-dcerpc-nt.h"
#include "packet-dcerpc-netlogon.h"
#include "smb.h" /* for "NT_errors[]" */
+#include "packet-smb-common.h"
static int proto_dcerpc_netlogon = -1;
static int hf_netlogon_rc = -1;
static int hf_netlogon_authoritative = -1;
static int hf_netlogon_secure_channel_type = -1;
static int hf_netlogon_logonsrv_handle = -1;
+static int hf_netlogon_lsa_secret = -1;
+static int hf_netlogon_lsa_sd_size = -1;
static gint ett_dcerpc_netlogon = -1;
static gint ett_NETLOGON_SECURITY_DESCRIPTOR = -1;
static guint16 ver_dcerpc_netlogon = 1;
-/* XXX temporary, until we get the real one in LSA */
+static int
+lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
+ char *drep)
+{
+ guint32 len;
+ dcerpc_info *di;
+
+ di=pinfo->private_data;
+ if(di->conformant_run){
+ /*just a run to handle conformant arrays, nothing to dissect */
+ return offset;
+ }
+
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_netlogon_lsa_sd_size, &len);
+
+ dissect_nt_sec_desc(tvb, pinfo, offset, tree, len);
+ offset += len;
+
+ return offset;
+}
static int
lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
"LSA_SECURITY_DESCRIPTOR:");
tree = proto_item_add_subtree(item, ett_NETLOGON_SECURITY_DESCRIPTOR);
}
- /* XXX need to figure this one out */
- offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_string, 0);
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_netlogon_lsa_sd_size, NULL);
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ lsa_dissect_LSA_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
+ "LSA SECURITY DESCRIPTOR data:", -1, 0);
+ proto_item_set_len(item, offset-old_offset);
return offset;
}
/* XXX temporary, until we get the real one in LSA */
static int
+lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
+ char *drep)
+{
+ guint32 len;
+ dcerpc_info *di;
+
+ di=pinfo->private_data;
+ if(di->conformant_run){
+ /*just a run to handle conformant arrays, nothing to dissect */
+ return offset;
+ }
+
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_netlogon_lsa_sd_size, &len);
+ proto_tree_add_item(tree, hf_netlogon_lsa_secret, tvb, offset, len, FALSE);
+ offset += len;
+
+ return offset;
+}
+static int
lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
char *drep)
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
"LSA_SECRET:");
tree = proto_item_add_subtree(item, ett_NETLOGON_SECURITY_DESCRIPTOR);
}
/* XXX need to figure this one out */
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_netlogon_lsa_sd_size, NULL);
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
+ "LSA SECRET data:", -1, 0);
+
+ proto_item_set_len(item, offset-old_offset);
return offset;
}
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
hf_netlogon_level, &level);
+ ALIGN_TO_4_BYTES;
switch(level){
case 1:
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
hf_netlogon_level, &level);
+ ALIGN_TO_4_BYTES;
switch(level){
case 1:
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_netsamdeltas_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, char *drep)
{
- offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
- pinfo, tree, drep);
+ /* XXX idl file has LOGONSRV_HANDLE here, ms capture has string srv_name */
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_REF,
+ "srv_name", hf_netlogon_logon_srv, -1);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_REF,
NULL, 0, "Attributes", HFILL }},
{ &hf_netlogon_unknown_string,
- { "Unknwon string", "netlogon.unknown_string", FT_STRING, BASE_NONE,
+ { "Unknown string", "netlogon.unknown_string", FT_STRING, BASE_NONE,
NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
{ &hf_netlogon_unknown_long,
{ "Unknown long", "netlogon.unknown.long", FT_UINT32, BASE_HEX,
{ "LM Chal resp", "netlogon.lm_chal_resp", FT_BYTES, BASE_HEX,
NULL, 0, "Challenge response for LM authentication", HFILL }},
+ { &hf_netlogon_lsa_secret,
+ { "LSA Secret", "netlogon.lsa.secret", FT_BYTES, BASE_HEX,
+ NULL, 0, "", HFILL }},
+
{ &hf_netlogon_acct_name,
{ "Acct Name", "netlogon.acct_name", FT_STRING, BASE_NONE,
NULL, 0, "Account Name", HFILL }},
{ &hf_netlogon_country,
{ "Country", "netlogon.country", FT_UINT16, BASE_DEC,
- NULL, 0x0, "Country setting for this account", HFILL }},
+ VALS(ms_country_codes), 0x0, "Country setting for this account", HFILL }},
{ &hf_netlogon_codepage,
{ "Codepage", "netlogon.codepage", FT_UINT16, BASE_DEC,
{ "Size", "netlogon.blob.size", FT_UINT32, BASE_DEC,
NULL, 0x0, "Size in bytes of BLOB", HFILL }},
+ { &hf_netlogon_code,
+ { "Code", "netlogon.code", FT_UINT32, BASE_HEX,
+ NULL, 0x0, "Code", HFILL }},
+
{ &hf_netlogon_level_long,
{ "Level", "netlogon.level32", FT_UINT32, BASE_DEC,
NULL, 0x0, "Which option of the union is represented here", HFILL }},
{ "Logon Attempts", "netlogon.logon_attempts", FT_UINT32, BASE_DEC,
NULL, 0x0, "Number of logon attempts", HFILL }},
+ { &hf_netlogon_lsa_sd_size,
+ { "Size", "netlogon.lsa_sd_size", FT_UINT32, BASE_DEC,
+ NULL, 0x0, "Size of lsa security descriptor", HFILL }},
+
{ &hf_netlogon_logon_time,
{ "Logon Time", "netlogon.logon_time", FT_ABSOLUTE_TIME, BASE_NONE,
NULL, 0, "Time for last time this user logged on", HFILL }},
git.samba.org / obnox / wireshark / wip.git / blobdiff