diff options
| author | Guy Harris <guy@alum.mit.edu> | 2002-07-10 06:54:24 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2002-07-10 06:54:24 +0000 |
| commit | e7dbdc13fa7066f55c8de6bd54f0eda246628a64 (patch) | |
| tree | 10efbd2fedda7a28045b7b3334b89fbd4eafd553 /packet-dcerpc-netlogon.c | |
| parent | 4d1afddfabfa3da6b29f16c855e0d26ae7369cce (diff) | |
The time stamps in credentials, at least, sometimes appear to be
UNIX-style "time_t" values (seconds since January 1, 1970, 00:00:00 GMT
- yes, GMT, not local time as in UTIME values).
They also appear to require 4-byte alignment.
svn path=/trunk/; revision=5855
Diffstat (limited to 'packet-dcerpc-netlogon.c')
| -rw-r--r-- | packet-dcerpc-netlogon.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/packet-dcerpc-netlogon.c b/packet-dcerpc-netlogon.c index 0e87f26a46..d5a2b5ec7d 100644 --- a/packet-dcerpc-netlogon.c +++ b/packet-dcerpc-netlogon.c @@ -3,7 +3,7 @@ * Copyright 2001, Tim Potter <tpot@samba.org> * 2002 structure and command dissectors by Ronnie Sahlberg * - * $Id: packet-dcerpc-netlogon.c,v 1.43 2002/07/09 13:32:29 sahlberg Exp $ + * $Id: packet-dcerpc-netlogon.c,v 1.44 2002/07/10 06:54:24 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -78,6 +78,7 @@ static int hf_netlogon_level16 = -1; static int hf_netlogon_validation_level = -1; static int hf_netlogon_reference = -1; static int hf_netlogon_next_reference = -1; +static int hf_netlogon_timestamp = -1; static int hf_netlogon_level = -1; static int hf_netlogon_challenge = -1; static int hf_netlogon_reserved = -1; @@ -275,6 +276,10 @@ netlogon_dissect_VALIDATION_UAS_INFO(tvbuff_t *tvb, int offset, offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_netlogon_bad_pw_count, NULL); + /* XXX - are these all UNIX "time_t"s, like the time stamps in + credentials? + + Or are they, as per some RAP-based operations, UTIMEs? */ proto_tree_add_text(tree, tvb, offset, 4, "Last Logon: unknown time format"); offset+= 4; @@ -726,6 +731,7 @@ netlogon_dissect_AUTHENTICATOR(tvbuff_t *tvb, int offset, char *drep) { dcerpc_info *di; + nstime_t ts; di=pinfo->private_data; if(di->conformant_run){ @@ -736,7 +742,17 @@ netlogon_dissect_AUTHENTICATOR(tvbuff_t *tvb, int offset, offset = netlogon_dissect_CREDENTIAL(tvb, offset, pinfo, tree, drep); - proto_tree_add_text(tree, tvb, offset, 4, "Timestamp: unknown time format"); + /* + * XXX - this appears to be a UNIX time_t in some credentials, but + * appears to be random junk in other credentials. + * For example, it looks like a UNIX time_t in "credential" + * AUTHENTICATORs, but like random junk in "return_authenticator" + * AUTHENTICATORs. + */ + ALIGN_TO_4_BYTES; + ts.secs = tvb_get_letohl(tvb, offset); + ts.nsecs = 0; + proto_tree_add_time(tree, hf_netlogon_timestamp, tvb, offset, 4, &ts); offset+= 4; return offset; @@ -6168,6 +6184,10 @@ static hf_register_info hf[] = { { "Next Reference", "netlogon.next_reference", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_netlogon_timestamp, + { "Timestamp", "netlogon.timestamp", FT_ABSOLUTE_TIME, BASE_NONE, + NULL, 0, "", HFILL }}, + { &hf_netlogon_user_rid, { "User RID", "netlogon.rid", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, |