aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--packet-dcerpc-netlogon.c152
-rw-r--r--packet-dcerpc-netlogon.h9
2 files changed, 159 insertions, 2 deletions
diff --git a/packet-dcerpc-netlogon.c b/packet-dcerpc-netlogon.c
index d7433ae993..78ed0a32fa 100644
--- a/packet-dcerpc-netlogon.c
+++ b/packet-dcerpc-netlogon.c
@@ -3,7 +3,7 @@
* Copyright 2001,2003 Tim Potter <tpot@samba.org>
* 2002 structure and command dissectors by Ronnie Sahlberg
*
- * $Id: packet-dcerpc-netlogon.c,v 1.96 2004/01/19 20:10:34 jmayer Exp $
+ * $Id: packet-dcerpc-netlogon.c,v 1.97 2004/03/05 23:12:09 sahlberg Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@@ -122,6 +122,8 @@ static int hf_netlogon_group_rid = -1;
static int hf_netlogon_logon_srv = -1;
static int hf_netlogon_principal = -1;
static int hf_netlogon_logon_dom = -1;
+static int hf_netlogon_resourcegroupdomainsid = -1;
+static int hf_netlogon_resourcegroupcount = -1;
static int hf_netlogon_downlevel_domain_name = -1;
static int hf_netlogon_dns_domain_name = -1;
static int hf_netlogon_domain_name = -1;
@@ -1122,6 +1124,146 @@ netlogon_dissect_VALIDATION_SAM_INFO2(tvbuff_t *tvb, int offset,
+
+
+/*
+ * IDL typedef struct {
+ * IDL uint64 LogonTime;
+ * IDL uint64 LogoffTime;
+ * IDL uint64 KickOffTime;
+ * IDL uint64 PasswdLastSet;
+ * IDL uint64 PasswdCanChange;
+ * IDL uint64 PasswdMustChange;
+ * IDL unicodestring effectivename;
+ * IDL unicodestring fullname;
+ * IDL unicodestring logonscript;
+ * IDL unicodestring profilepath;
+ * IDL unicodestring homedirectory;
+ * IDL unicodestring homedirectorydrive;
+ * IDL short LogonCount;
+ * IDL short BadPasswdCount;
+ * IDL long userid;
+ * IDL long primarygroup;
+ * IDL long groupcount;
+ * IDL [unique] GROUP_MEMBERSHIP *groupids;
+ * IDL long userflags;
+ * IDL USER_SESSION_KEY key;
+ * IDL unicodestring logonserver;
+ * IDL unicodestring domainname;
+ * IDL [unique] SID logondomainid;
+ * IDL long expansionroom[10];
+ * IDL long sidcount;
+ * IDL [unique] SID_AND_ATTRIBS;
+ * IDL [unique] SID resourcegroupdomainsid;
+ * IDL long resourcegroupcount;
+qqq
+ * IDL } PAC_LOGON_INFO;
+ */
+int
+netlogon_dissect_PAC_LOGON_INFO(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
+ guint8 *drep)
+{
+ int i;
+ guint32 rgc;
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_logon_time);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_logoff_time);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_kickoff_time);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_pwd_last_set_time);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_pwd_can_change_time);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_pwd_must_change_time);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_acct_name, 0);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_full_name, 0);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_logon_script, 0);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_profile_path, 0);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_home_dir, 0);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_dir_drive, 0);
+
+ offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_logon_count16, NULL);
+
+ offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_bad_pw_count16, NULL);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_user_rid, NULL);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_group_rid, NULL);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_num_rids, NULL);
+
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ netlogon_dissect_GROUP_MEMBERSHIP_ARRAY, NDR_POINTER_UNIQUE,
+ "GROUP_MEMBERSHIP_ARRAY", -1);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_user_flags, NULL);
+
+ offset = netlogon_dissect_USER_SESSION_KEY(tvb, offset,
+ pinfo, tree, drep);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_logon_srv, 0);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_logon_dom, 0);
+
+ offset = dissect_ndr_nt_PSID(tvb, offset,
+ pinfo, tree, drep, -1);
+
+ for(i=0;i<10;i++){
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_unknown_long, NULL);
+ }
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_num_other_groups, NULL);
+
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
+ "SID_AND_ATTRIBUTES_ARRAY:", -1);
+
+ offset = dissect_ndr_nt_PSID(tvb, offset,
+ pinfo, tree, drep, hf_netlogon_resourcegroupdomainsid);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_resourcegroupcount, &rgc);
+
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ netlogon_dissect_GROUP_MEMBERSHIP_ARRAY, NDR_POINTER_UNIQUE,
+ "ResourceGroupIDs", -1);
+
+ return offset;
+}
+
+
+
static int
netlogon_dissect_PAC(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
@@ -6465,6 +6607,14 @@ static hf_register_info hf[] = {
{ "Domain", "netlogon.domain", FT_STRING, BASE_NONE,
NULL, 0, "Domain", HFILL }},
+ { &hf_netlogon_resourcegroupdomainsid,
+ { "ResourceGroupDomainSID", "netlogon.resourcegroupdomainsid", FT_STRING, BASE_NONE,
+ NULL, 0, "Resource Group Domain SID", HFILL }},
+
+ { &hf_netlogon_resourcegroupcount,
+ { "ResourceGroup count", "netlogon.resourcegroupcount", FT_UINT32, BASE_DEC,
+ NULL, 0, "Number of Resource Groups", HFILL }},
+
{ &hf_netlogon_computer_name,
{ "Computer Name", "netlogon.computer_name", FT_STRING, BASE_NONE,
NULL, 0, "Computer Name", HFILL }},
diff --git a/packet-dcerpc-netlogon.h b/packet-dcerpc-netlogon.h
index ad931f13b7..b97237e5e5 100644
--- a/packet-dcerpc-netlogon.h
+++ b/packet-dcerpc-netlogon.h
@@ -2,7 +2,7 @@
* Routines for SMB \PIPE\NETLOGON packet disassembly
* Copyright 2001,2003 Tim Potter <tpot@samba.org>
*
- * $Id: packet-dcerpc-netlogon.h,v 1.16 2003/09/27 23:48:04 sahlberg Exp $
+ * $Id: packet-dcerpc-netlogon.h,v 1.17 2004/03/05 23:12:10 sahlberg Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@@ -80,4 +80,11 @@
#define SEC_CHAN_DOMAIN 4
#define SEC_CHAN_BDC 6
+
+/* needed to decrypt PAC_LOGON_INFO in kerberos */
+int
+netlogon_dissect_PAC_LOGON_INFO(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
+ guint8 *drep);
+
#endif /* packet-dcerpc-netlogon.h */
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 08:14:50 +0000