make ntlmssp tappable

svn path=/trunk/; revision=16721
author: Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> 2005-12-07 13:09:42 +0000
committer: Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> 2005-12-07 13:09:42 +0000
commit: 56b2184927702fa8bfae70bd63779070869e04bd (patch)
tree: 192509c1232ae8c3add246b3f8db173310416cb7
parent: 93106a8e2e484562319c857c85df026e8f4f7308 (diff)
2 files changed, 36 insertions, 15 deletions
diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c
index 448aab6cfd..2de83b5de8 100644
--- a/epan/dissectors/packet-ntlmssp.c
+++ b/epan/dissectors/packet-ntlmssp.c
@@ -39,6 +39,7 @@
 #include "packet-frame.h"
 #include <epan/prefs.h>
 #include <epan/emem.h>
+#include <epan/tap.h>
 #include <epan/crypt-rc4.h>
 #include <epan/crypt-md4.h>
 #include <epan/crypt-des.h>
@@ -47,6 +48,8 @@
 
 #include "packet-ntlmssp.h"
 
+static int ntlmssp_tap = -1;
+
 /* Message types */
 
 #define NTLMSSP_NEGOTIATE 1
@@ -726,8 +729,9 @@ dissect_ntlmv2_response(tvbuff_t *tvb, proto_tree *tree, int offset, int len)
 	return offset;
 }
 
+/* tapping into ntlmssph not yet implemented */
 static int
-dissect_ntlmssp_negotiate (tvbuff_t *tvb, int offset, proto_tree *ntlmssp_tree)
+dissect_ntlmssp_negotiate (tvbuff_t *tvb, int offset, proto_tree *ntlmssp_tree, ntlmssp_header_t *ntlmssph _U_)
 {
   guint32 negotiate_flags;
   int start;
@@ -875,9 +879,10 @@ dissect_ntlmssp_address_list (tvbuff_t *tvb, int offset,
   return offset;
 }
 
+/* tapping into ntlmssph not yet implemented */
 static int
 dissect_ntlmssp_challenge (tvbuff_t *tvb, packet_info *pinfo, int offset,
-			   proto_tree *ntlmssp_tree)
+			   proto_tree *ntlmssp_tree, ntlmssp_header_t *ntlmssph _U_)
 {
   guint32 negotiate_flags;
   int item_start, item_end;
@@ -989,7 +994,7 @@ dissect_ntlmssp_challenge (tvbuff_t *tvb, packet_info *pinfo, int offset,
 
 static int
 dissect_ntlmssp_auth (tvbuff_t *tvb, packet_info *pinfo, int offset,
-		      proto_tree *ntlmssp_tree)
+		      proto_tree *ntlmssp_tree, ntlmssp_header_t *ntlmssph)
 {
   int item_start, item_end;
   int data_start, data_end = 0;
@@ -997,7 +1002,6 @@ dissect_ntlmssp_auth (tvbuff_t *tvb, packet_info *pinfo, int offset,
   gboolean unicode_strings = FALSE;
   ntlmssp_info *conv_ntlmssp_info;
   conversation_t *conversation;
-  const char *domain_name, *user_name;
 
   /*
    * Get flag info from the original negotiate message, if any.
@@ -1070,7 +1074,7 @@ dissect_ntlmssp_auth (tvbuff_t *tvb, packet_info *pinfo, int offset,
   offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, 
 				  unicode_strings, 
 				  hf_ntlmssp_auth_domain,
-				  &item_start, &item_end, &domain_name);
+				  &item_start, &item_end, &(ntlmssph->domain_name));
   data_start = MIN(data_start, item_start);
   data_end = MAX(data_end, item_end);
 
@@ -1079,20 +1083,20 @@ dissect_ntlmssp_auth (tvbuff_t *tvb, packet_info *pinfo, int offset,
   offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, 
 				  unicode_strings, 
 				  hf_ntlmssp_auth_username,
-				  &item_start, &item_end, &user_name);
+				  &item_start, &item_end, &(ntlmssph->acct_name));
   data_start = MIN(data_start, item_start);
   data_end = MAX(data_end, item_end);
 
   if (check_col(pinfo->cinfo, COL_INFO))
     col_append_fstr(pinfo->cinfo, COL_INFO, ", User: %s\\%s",
-		    domain_name, user_name);
+		    ntlmssph->domain_name, ntlmssph->acct_name);
 
   /* hostname */
   item_start = tvb_get_letohl(tvb, offset+4);
   offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, 
 				  unicode_strings, 
 				  hf_ntlmssp_auth_hostname,
-				  &item_start, &item_end, NULL);
+				  &item_start, &item_end, &(ntlmssph->host_name));
   data_start = MIN(data_start, item_start);
   data_end = MAX(data_end, item_end);
 
@@ -1117,10 +1121,16 @@ dissect_ntlmssp_auth (tvbuff_t *tvb, packet_info *pinfo, int offset,
 static void
 dissect_ntlmssp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
-  guint32 ntlmssp_message_type;
   volatile int offset = 0;
   proto_tree *volatile ntlmssp_tree = NULL;
   proto_item *tf = NULL;
+  ntlmssp_header_t *ntlmssph;
+
+  ntlmssph=ep_alloc(sizeof(ntlmssp_header_t));
+  ntlmssph->type=0;
+  ntlmssph->domain_name=NULL;
+  ntlmssph->acct_name=NULL;
+  ntlmssph->host_name=NULL;
 
   /* Setup a new tree for the NTLMSSP payload */
   if (tree) {
@@ -1153,28 +1163,28 @@ dissect_ntlmssp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
     /* NTLMSSP Message Type */
     proto_tree_add_item (ntlmssp_tree, hf_ntlmssp_message_type,
 			 tvb, offset, 4, TRUE);
-    ntlmssp_message_type = tvb_get_letohl (tvb, offset);
+    ntlmssph->type = tvb_get_letohl (tvb, offset);
     offset += 4; 
 
     if (check_col(pinfo->cinfo, COL_INFO))
 	    col_append_fstr(pinfo->cinfo, COL_INFO, ", %s",
-			    val_to_str(ntlmssp_message_type, 
+			    val_to_str(ntlmssph->type, 
 				       ntlmssp_message_types,
 				       "Unknown message type"));
 
     /* Call the appropriate dissector based on the Message Type */
-    switch (ntlmssp_message_type) {
+    switch (ntlmssph->type) {
 
     case NTLMSSP_NEGOTIATE:
-      offset = dissect_ntlmssp_negotiate (tvb, offset, ntlmssp_tree);
+      offset = dissect_ntlmssp_negotiate (tvb, offset, ntlmssp_tree, ntlmssph);
       break;
 
     case NTLMSSP_CHALLENGE:
-      offset = dissect_ntlmssp_challenge (tvb, pinfo, offset, ntlmssp_tree);
+      offset = dissect_ntlmssp_challenge (tvb, pinfo, offset, ntlmssp_tree, ntlmssph);
       break;
 
     case NTLMSSP_AUTH:
-      offset = dissect_ntlmssp_auth (tvb, pinfo, offset, ntlmssp_tree);
+      offset = dissect_ntlmssp_auth (tvb, pinfo, offset, ntlmssp_tree, ntlmssph);
       break;
 
     default:
@@ -1188,6 +1198,8 @@ dissect_ntlmssp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
   } CATCH(ReportedBoundsError) {
     show_reported_bounds_error(tvb, pinfo, tree);
   } ENDTRY;
+
+  tap_queue_packet(ntlmssp_tap, pinfo, ntlmssph);
 }
 
 /*
@@ -1818,4 +1830,5 @@ proto_reg_handoff_ntlmssp(void)
   register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
 				    DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP,
 				    &ntlmssp_seal_fns);
+  ntlmssp_tap = register_tap("ntlmssp");
 }
diff --git a/epan/dissectors/packet-ntlmssp.h b/epan/dissectors/packet-ntlmssp.h
index 597a90b9cc..4799e4a785 100644
--- a/epan/dissectors/packet-ntlmssp.h
+++ b/epan/dissectors/packet-ntlmssp.h
@@ -32,4 +32,12 @@ int
 dissect_ntlmv2_response(tvbuff_t *tvb, proto_tree *ntlmssp_tree, int offset,
 			int len);
 
+/* the ntlmssp data passed to tap listeners */
+typedef struct _ntlmssp_header_t {
+	guint32		type;
+	const char 	*domain_name;
+	const char 	*acct_name;
+	const char 	*host_name;
+} ntlmssp_header_t;
+
 #endif
author	Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>	2005-12-07 13:09:42 +0000
committer	Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>	2005-12-07 13:09:42 +0000
commit	56b2184927702fa8bfae70bd63779070869e04bd (patch)
tree	192509c1232ae8c3add246b3f8db173310416cb7
parent	93106a8e2e484562319c857c85df026e8f4f7308 (diff)