Move the ntlmv2 response dissection out of packet-ntlmssp.c and in to

packet-smb-common.c so it can be used elsewhere.

Dissect a ntlmv2 response in a session setup SMB if detected.

svn path=/trunk/; revision=7655

4 files changed, 254 insertions, 237 deletions

diff --git a/packet-ntlmssp.c b/packet-ntlmssp.c
index ce207dde17..3cdd3d72bf 100644
--- a/packet-ntlmssp.c
+++ b/packet-ntlmssp.c
@@ -2,7 +2,7 @@
  * Routines for NTLM Secure Service Provider
  * Devin Heitmueller <dheitmueller@netilla.com>
  *
- * $Id: packet-ntlmssp.c,v 1.39 2003/05/07 07:12:50 tpot Exp $
+ * $Id: packet-ntlmssp.c,v 1.40 2003/05/09 01:41:28 tpot Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -55,23 +55,6 @@ static const value_string ntlmssp_message_types[] = {
   { 0, NULL }
 };
 
-/* Name types */
-
-#define NTLMSSP_NAME_END        0x0000
-#define NTLMSSP_NAME_NB_HOST    0x0001
-#define NTLMSSP_NAME_NB_DOMAIN  0x0002
-#define NTLMSSP_NAME_DNS_HOST   0x0003
-#define NTLMSSP_NAME_DNS_DOMAIN 0x0004
-
-static const value_string ntlmssp_name_types[] = {
-	{ NTLMSSP_NAME_END, "End of list" },
-	{ NTLMSSP_NAME_NB_HOST, "NetBIOS host name" },
-	{ NTLMSSP_NAME_NB_DOMAIN, "NetBIOS domain name" },
-	{ NTLMSSP_NAME_DNS_HOST, "DNS host name" },
-	{ NTLMSSP_NAME_DNS_DOMAIN, "DNS domain name" },
-	{ 0, NULL }
-};
-
 /*
  * NTLMSSP negotiation flags
  * Taken from Samba
@@ -109,7 +92,6 @@ static const value_string ntlmssp_name_types[] = {
 #define NTLMSSP_NEGOTIATE_KEY_EXCH         0x40000000
 #define NTLMSSP_NEGOTIATE_80000000         0x80000000
 
-
 static int proto_ntlmssp = -1;
 static int hf_ntlmssp = -1;
 static int hf_ntlmssp_auth = -1;
@@ -185,16 +167,6 @@ static int hf_ntlmssp_verf_unknown1 = -1;
 static int hf_ntlmssp_verf_crc32 = -1;
 static int hf_ntlmssp_verf_sequence = -1;
 static int hf_ntlmssp_decrypted_payload = -1;
-static int hf_ntlmssp_ntlmv2_response = -1;
-static int hf_ntlmssp_ntlmv2_response_hmac = -1;
-static int hf_ntlmssp_ntlmv2_response_header = -1;
-static int hf_ntlmssp_ntlmv2_response_reserved = -1;
-static int hf_ntlmssp_ntlmv2_response_time = -1;
-static int hf_ntlmssp_ntlmv2_response_chal = -1;
-static int hf_ntlmssp_ntlmv2_response_unknown = -1;
-static int hf_ntlmssp_ntlmv2_response_name = -1;
-static int hf_ntlmssp_ntlmv2_response_name_type = -1;
-static int hf_ntlmssp_ntlmv2_response_name_len = -1;
 
 static gint ett_ntlmssp = -1;
 static gint ett_ntlmssp_negotiate_flags = -1;
@@ -202,8 +174,6 @@ static gint ett_ntlmssp_string = -1;
 static gint ett_ntlmssp_blob = -1;
 static gint ett_ntlmssp_address_list = -1;
 static gint ett_ntlmssp_decrypted_tree = -1;
-static gint ett_ntlmssp_ntlmv2_response = -1;
-static gint ett_ntlmssp_ntlmv2_response_name = -1;
 
 /* Configuration variables */
 static char *nt_password = NULL;
@@ -451,165 +421,13 @@ dissect_ntlmssp_blob (tvbuff_t *tvb, int offset,
       tvb_memcpy(tvb, result->contents, blob_offset, blob_length);
   }
 
+  /* If we are dissecting the NTLM response and it is a NTLMv2
+     response call the appropriate dissector. */
 
-  return offset;
-}
-
-/* Dissect a NTLM response.  This could be either NTLMv1 in which case
-   we just call the dissect_ntlmssp_blob() function, or NTLMv2 where
-   the blob actually has some structure.  This is documented at
-   http://ubiqx.org/cifs/SMB.html#8, para 2.8.5.3 */
-
-static int
-dissect_ntlmssp_ntlm_response(tvbuff_t *tvb, int offset, 
-			      proto_tree *ntlmssp_tree, int blob_hf, 
-			      int *end, ntlmssp_blob *result)
-{
-	guint16 blob_length = tvb_get_letohs(tvb, offset);
-	guint16 blob_maxlen = tvb_get_letohs(tvb, offset+2);
-	guint32 blob_offset = tvb_get_letohl(tvb, offset+4);
-	proto_item *item = NULL;
-	proto_tree *subtree = NULL, *ntlmv2_tree = NULL;
-
-	if (blob_length <= 24) {
-
-		/* Not NTLMv2 */
-
-		return dissect_ntlmssp_blob(
-			tvb, offset, ntlmssp_tree, blob_hf, end, result);
-	}
-
-	if (ntlmssp_tree) {
-		item = proto_tree_add_item(
-			ntlmssp_tree, blob_hf, tvb, blob_offset, blob_length, 
-			TRUE);
-		subtree = proto_item_add_subtree(item, ett_ntlmssp_blob);
-	}
-
-	/* Dissect NTLMv2 response */
-
-	proto_tree_add_uint(subtree, hf_ntlmssp_blob_len,
-			    tvb, offset, 2, blob_length);
-	offset += 2;
-
-	proto_tree_add_uint(subtree, hf_ntlmssp_blob_maxlen,
-			    tvb, offset, 2, blob_maxlen);
-	offset += 2;
-
-	proto_tree_add_uint(subtree, hf_ntlmssp_blob_offset,
-			    tvb, offset, 4, blob_offset);
-	offset += 4;
-
-	*end = blob_offset + blob_length;
-
-	/* Dissect NTLMv2 bits&pieces */
-
-	if (subtree) {
-		item = proto_tree_add_item(
-			subtree, hf_ntlmssp_ntlmv2_response, tvb, 
-			blob_offset, blob_length - 8, TRUE);
-		ntlmv2_tree = proto_item_add_subtree(
-			item, ett_ntlmssp_ntlmv2_response);
-	}
-
-	proto_tree_add_item(
-		ntlmv2_tree, hf_ntlmssp_ntlmv2_response_hmac, tvb,
-		blob_offset, 16, TRUE);
-
-	blob_offset += 16;
-
-	proto_tree_add_item(
-		ntlmv2_tree, hf_ntlmssp_ntlmv2_response_header, tvb,
-		blob_offset, 4, TRUE);
-
-	blob_offset += 4;
+  if (blob_hf == hf_ntlmssp_auth_ntresponse && blob_length > 24)
+	  dissect_ntlmv2_response(tvb, tree, blob_offset, blob_length);
 
-	proto_tree_add_item(
-		ntlmv2_tree, hf_ntlmssp_ntlmv2_response_reserved, tvb,
-		blob_offset, 4, TRUE);
-
-	blob_offset += 4;
-
-	blob_offset = dissect_smb_64bit_time(
-		tvb, ntlmv2_tree, blob_offset, 
-		hf_ntlmssp_ntlmv2_response_time);
-
-	proto_tree_add_item(
-		ntlmv2_tree, hf_ntlmssp_ntlmv2_response_chal, tvb,
-		blob_offset, 8, TRUE);
-
-	blob_offset += 8;
-
-	proto_tree_add_item(
-		ntlmv2_tree, hf_ntlmssp_ntlmv2_response_unknown, tvb,
-		blob_offset, 4, TRUE);
-
-	blob_offset += 4;
-
-	/* Variable length list of names */
-
-	while(1) {
-		guint16 name_type = tvb_get_letohs(tvb, blob_offset);
-		guint16 name_len = tvb_get_letohs(tvb, blob_offset + 2);
-		proto_tree *name_tree = NULL;
-		char *name = NULL;
-
-		if (ntlmv2_tree) {
-			item = proto_tree_add_item(
-				ntlmv2_tree, hf_ntlmssp_ntlmv2_response_name, 
-				tvb, blob_offset, 0, TRUE);
-			name_tree = proto_item_add_subtree(
-				item, ett_ntlmssp_ntlmv2_response_name);
-		}
-
-		/* Dissect name header */
-
-		proto_tree_add_item(
-			name_tree, hf_ntlmssp_ntlmv2_response_name_type, tvb,
-			blob_offset, 2, TRUE);
-
-		blob_offset += 2;
-
-		proto_tree_add_item(
-			name_tree, hf_ntlmssp_ntlmv2_response_name_len, tvb,
-			blob_offset, 2, TRUE);
-
-		blob_offset += 2;
-
-		/* Dissect name */
-
-		if (name_len > 0) {
-			name = tvb_fake_unicode(
-				tvb, blob_offset, name_len / 2, TRUE);
-
-			proto_tree_add_text(
-				name_tree, tvb, blob_offset, name_len, 
-				"Name: %s", name);
-		} else
-			name = g_strdup("NULL");
-
-		if (name_type == 0)
-			proto_item_append_text(
-				item, "%s", 
-				val_to_str(name_type, ntlmssp_name_types,
-					   "Unknown"));
-		else
-			proto_item_append_text(
-				item, "%s, %s",
-				val_to_str(name_type, ntlmssp_name_types,
-					   "Unknown"), name);
-
-		g_free(name);
-
-		blob_offset += name_len;
-
-		proto_item_set_len(item, name_len + 4);
-
-		if (name_type == 0) /* End of list */
-			break;
-	};
-
-	return offset;
+  return offset;
 }
 
 static int
@@ -812,19 +630,19 @@ dissect_ntlmssp_address_list (tvbuff_t *tvb, int offset,
     if (!text) text = ""; /* Make sure we don't blow up below */
 
     switch(item_type) {
-    case NTLMSSP_NAME_NB_HOST:
+    case NTLM_NAME_NB_HOST:
       proto_tree_add_string(tree, hf_ntlmssp_address_list_server_nb,
 			    tvb, item_offset, item_length, text);
       break;
-    case NTLMSSP_NAME_NB_DOMAIN:
+    case NTLM_NAME_NB_DOMAIN:
       proto_tree_add_string(tree, hf_ntlmssp_address_list_domain_nb,
 			    tvb, item_offset, item_length, text);
       break;
-    case NTLMSSP_NAME_DNS_HOST:
+    case NTLM_NAME_DNS_HOST:
       proto_tree_add_string(tree, hf_ntlmssp_address_list_server_dns,
 			    tvb, item_offset, item_length, text);
       break;
-    case NTLMSSP_NAME_DNS_DOMAIN:
+    case NTLM_NAME_DNS_DOMAIN:
       proto_tree_add_string(tree, hf_ntlmssp_address_list_domain_dns,
 			    tvb, item_offset, item_length, text);
     }
@@ -1007,11 +825,11 @@ dissect_ntlmssp_auth (tvbuff_t *tvb, packet_info *pinfo, int offset,
 
   /* NTLM response */
   item_start = tvb_get_letohl(tvb, offset+4);
-  offset = dissect_ntlmssp_ntlm_response(tvb, offset, ntlmssp_tree,
-					 hf_ntlmssp_auth_ntresponse,
-					 &item_end,
-					 conv_ntlmssp_info == NULL ? NULL :
-					 &conv_ntlmssp_info->ntlm_response);
+  offset = dissect_ntlmssp_blob(tvb, offset, ntlmssp_tree,
+				hf_ntlmssp_auth_ntresponse,
+				&item_end,
+				conv_ntlmssp_info == NULL ? NULL :
+				&conv_ntlmssp_info->ntlm_response);
   data_start = MIN(data_start, item_start);
   data_end = MAX(data_end, item_end);
 
@@ -1649,37 +1467,7 @@ proto_register_ntlmssp(void)
     { &hf_ntlmssp_verf_crc32,
       { "Verifier CRC32", "ntlmssp.verf.crc32", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
     { &hf_ntlmssp_verf_sequence,
-      { "Verifier Sequence Number", "ntlmssp.verf.sequence", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
-    { &hf_ntlmssp_ntlmv2_response,
-      { "NTLMv2 Response", "ntlmssp.auth.ntresponsev2", FT_BYTES, BASE_HEX, 
-	NULL, 0x0, "", HFILL }},
-    { &hf_ntlmssp_ntlmv2_response_hmac,
-      { "HMAC", "ntlmssp.auth.ntresponsev2.hmac", FT_BYTES, BASE_HEX, 
-	NULL, 0x0, "", HFILL }},
-    { &hf_ntlmssp_ntlmv2_response_header,
-      { "Header", "ntlmssp.auth.ntresponsev2.header", FT_UINT32, BASE_HEX, 
-	NULL, 0x0, "", HFILL }},
-    { &hf_ntlmssp_ntlmv2_response_reserved,
-      { "Reserved", "ntlmssp.auth.ntresponsev2.reserved", FT_UINT32, BASE_HEX, 
-	NULL, 0x0, "", HFILL }},
-    { &hf_ntlmssp_ntlmv2_response_time,
-      { "Time", "ntlmssp.auth.ntresponsev2.time", FT_ABSOLUTE_TIME, BASE_NONE,
-	NULL, 0, "", HFILL }},
-    { &hf_ntlmssp_ntlmv2_response_chal,
-      { "Client challenge", "ntlmssp.auth.ntresponsev2.chal", FT_BYTES, 
-	BASE_HEX, NULL, 0x0, "", HFILL }},
-    { &hf_ntlmssp_ntlmv2_response_unknown,
-      { "Unknown", "ntlmssp.auth.ntresponsev2.unknown", FT_UINT32, BASE_HEX, 
-	NULL, 0x0, "", HFILL }},
-    { &hf_ntlmssp_ntlmv2_response_name,
-      { "Name", "ntlmssp.auth.ntresponsev2.name", FT_STRING, BASE_NONE, 
-	NULL, 0x0, "", HFILL }},
-    { &hf_ntlmssp_ntlmv2_response_name_type,
-      { "Name type", "ntlmssp.auth.ntresponsev2.name.type", FT_UINT32, 
-	BASE_DEC, VALS(ntlmssp_name_types), 0x0, "", HFILL }},
-    { &hf_ntlmssp_ntlmv2_response_name_len,
-      { "Name len", "ntlmssp.auth.ntresponsev2.name.len", FT_UINT32, 
-	BASE_DEC, NULL, 0x0, "", HFILL }},
+      { "Verifier Sequence Number", "ntlmssp.verf.sequence", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}
   };
 
 
@@ -1689,9 +1477,7 @@ proto_register_ntlmssp(void)
     &ett_ntlmssp_string,
     &ett_ntlmssp_blob,
     &ett_ntlmssp_address_list,
-    &ett_ntlmssp_decrypted_tree,
-    &ett_ntlmssp_ntlmv2_response,
-    &ett_ntlmssp_ntlmv2_response_name
+    &ett_ntlmssp_decrypted_tree
   };
   module_t *ntlmssp_module;
   
diff --git a/packet-smb-common.c b/packet-smb-common.c
index 9c02b79c9f..60c4c67724 100644
--- a/packet-smb-common.c
+++ b/packet-smb-common.c
@@ -2,7 +2,7 @@
  * Common routines for smb packet dissection
  * Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com>
  *
- * $Id: packet-smb-common.c,v 1.16 2003/04/03 02:57:48 tpot Exp $
+ * $Id: packet-smb-common.c,v 1.17 2003/05/09 01:41:28 tpot Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -284,3 +284,201 @@ dissect_smb_unknown(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int
 
 	return offset+tvb_length_remaining(tvb, offset);
 }
+
+/* Dissect a NTLM response. This is documented at
+   http://ubiqx.org/cifs/SMB.html#8, para 2.8.5.3 */
+
+static int hf_ntlmv2_response = -1;
+static int hf_ntlmv2_response_hmac = -1;
+static int hf_ntlmv2_response_header = -1;
+static int hf_ntlmv2_response_reserved = -1;
+static int hf_ntlmv2_response_time = -1;
+static int hf_ntlmv2_response_chal = -1;
+static int hf_ntlmv2_response_unknown = -1;
+static int hf_ntlmv2_response_name = -1;
+static int hf_ntlmv2_response_name_type = -1;
+static int hf_ntlmv2_response_name_len = -1;
+
+static gint ett_ntlmv2_response = -1;
+static gint ett_ntlmv2_response_name = -1;
+
+/* Name types */
+
+const value_string ntlm_name_types[] = {
+	{ NTLM_NAME_END, "End of list" },
+	{ NTLM_NAME_NB_HOST, "NetBIOS host name" },
+	{ NTLM_NAME_NB_DOMAIN, "NetBIOS domain name" },
+	{ NTLM_NAME_DNS_HOST, "DNS host name" },
+	{ NTLM_NAME_DNS_DOMAIN, "DNS domain name" },
+	{ 0, NULL }
+};
+
+int
+dissect_ntlmv2_response(tvbuff_t *tvb, proto_tree *tree, int offset, int len)
+{
+	proto_item *ntlmv2_item = NULL;
+	proto_tree *ntlmv2_tree = NULL;
+
+	/* Dissect NTLMv2 bits&pieces */
+
+	if (tree) {
+		ntlmv2_item = proto_tree_add_item(
+			tree, hf_ntlmv2_response, tvb, 
+			offset, len, TRUE);
+		ntlmv2_tree = proto_item_add_subtree(
+			ntlmv2_item, ett_ntlmv2_response);
+	}
+
+	proto_tree_add_item(
+		ntlmv2_tree, hf_ntlmv2_response_hmac, tvb,
+		offset, 16, TRUE);
+
+	offset += 16;
+
+	proto_tree_add_item(
+		ntlmv2_tree, hf_ntlmv2_response_header, tvb,
+		offset, 4, TRUE);
+
+	offset += 4;
+
+	proto_tree_add_item(
+		ntlmv2_tree, hf_ntlmv2_response_reserved, tvb,
+		offset, 4, TRUE);
+
+	offset += 4;
+
+	offset = dissect_smb_64bit_time(
+		tvb, ntlmv2_tree, offset, hf_ntlmv2_response_time);
+
+	proto_tree_add_item(
+		ntlmv2_tree, hf_ntlmv2_response_chal, tvb,
+		offset, 8, TRUE);
+
+	offset += 8;
+
+	proto_tree_add_item(
+		ntlmv2_tree, hf_ntlmv2_response_unknown, tvb,
+		offset, 4, TRUE);
+
+	offset += 4;
+
+	/* Variable length list of names */
+
+	while(1) {
+		guint16 name_type = tvb_get_letohs(tvb, offset);
+		guint16 name_len = tvb_get_letohs(tvb, offset + 2);
+		proto_tree *name_tree = NULL;
+		proto_item *name_item = NULL;
+		char *name = NULL;
+
+		if (ntlmv2_tree) {
+			name_item = proto_tree_add_item(
+				ntlmv2_tree, hf_ntlmv2_response_name, 
+				tvb, offset, 0, TRUE);
+			name_tree = proto_item_add_subtree(
+				name_item, ett_ntlmv2_response_name);
+		}
+
+		/* Dissect name header */
+
+		proto_tree_add_item(
+			name_tree, hf_ntlmv2_response_name_type, tvb,
+			offset, 2, TRUE);
+
+		offset += 2;
+
+		proto_tree_add_item(
+			name_tree, hf_ntlmv2_response_name_len, tvb,
+			offset, 2, TRUE);
+
+		offset += 2;
+
+		/* Dissect name */
+
+		if (name_len > 0) {
+			name = tvb_fake_unicode(
+				tvb, offset, name_len / 2, TRUE);
+
+			proto_tree_add_text(
+				name_tree, tvb, offset, name_len, 
+				"Name: %s", name);
+		} else
+			name = g_strdup("NULL");
+
+		if (name_type == 0)
+			proto_item_append_text(
+				name_item, "%s", 
+				val_to_str(name_type, ntlm_name_types,
+					   "Unknown"));
+		else
+			proto_item_append_text(
+				name_item, "%s, %s",
+				val_to_str(name_type, ntlm_name_types,
+					   "Unknown"), name);
+
+		g_free(name);
+
+		offset += name_len;
+
+		proto_item_set_len(name_item, name_len + 4);
+
+		if (name_type == 0) /* End of list */
+			break;
+	};
+
+	return offset;
+}
+
+void register_smb_common(int proto_smb)
+{
+	static hf_register_info hf[] = {
+
+		{ &hf_ntlmv2_response,
+		  { "NTLMv2 Response", "smb.ntlmv2response", FT_BYTES, 
+		    BASE_HEX, NULL, 0x0, "", HFILL }},
+
+		{ &hf_ntlmv2_response_hmac,
+		  { "HMAC", "smb.ntlmv2response.hmac", FT_BYTES, BASE_HEX, 
+		    NULL, 0x0, "", HFILL }},
+
+		{ &hf_ntlmv2_response_header,
+		  { "Header", "smb.ntlmv2response.header", FT_UINT32, 
+		    BASE_HEX, NULL, 0x0, "", HFILL }},
+
+		{ &hf_ntlmv2_response_reserved,
+		  { "Reserved", "smb.ntlmv2response.reserved", FT_UINT32, 
+		    BASE_HEX, NULL, 0x0, "", HFILL }},
+
+		{ &hf_ntlmv2_response_time,
+		  { "Time", "smb.ntlmv2response.time", FT_ABSOLUTE_TIME, 
+		    BASE_NONE, NULL, 0, "", HFILL }},
+
+		{ &hf_ntlmv2_response_chal,
+		  { "Client challenge", "smb.ntlmv2response.chal", FT_BYTES, 
+		    BASE_HEX, NULL, 0x0, "", HFILL }},
+
+		{ &hf_ntlmv2_response_unknown,
+		  { "Unknown", "smb.ntlmv2response.unknown", FT_UINT32, 
+		    BASE_HEX, NULL, 0x0, "", HFILL }},
+
+		{ &hf_ntlmv2_response_name,
+		  { "Name", "smb.ntlmv2response.name", FT_STRING, BASE_NONE, 
+		    NULL, 0x0, "", HFILL }},
+
+		{ &hf_ntlmv2_response_name_type,
+		  { "Name type", "smb.ntlmv2response.name.type", FT_UINT32, 
+		    BASE_DEC, VALS(ntlm_name_types), 0x0, "", HFILL }},
+
+		{ &hf_ntlmv2_response_name_len,
+		  { "Name len", "smb.ntlmv2response.name.len", FT_UINT32, 
+		    BASE_DEC, NULL, 0x0, "", HFILL }}
+	};
+
+	static gint *ett[] = {
+		&ett_ntlmv2_response,
+		&ett_ntlmv2_response_name
+	};
+
+	proto_register_subtree_array(ett, array_length(ett));
+	proto_register_field_array(proto_smb, hf, array_length(hf));
+}
diff --git a/packet-smb-common.h b/packet-smb-common.h
index a42254397d..48b8f713e1 100644
--- a/packet-smb-common.h
+++ b/packet-smb-common.h
@@ -2,7 +2,7 @@
  * Routines for SMB packet dissection
  * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
  *
- * $Id: packet-smb-common.h,v 1.21 2003/04/28 04:44:54 tpot Exp $
+ * $Id: packet-smb-common.h,v 1.22 2003/05/09 01:41:28 tpot Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -80,4 +80,20 @@ dissect_nt_sec_desc(tvbuff_t *tvb, int offset, packet_info *pinfo,
 
 extern const value_string share_type_vals[];
 
+/* Dissect a ntlmv2 response */
+
+int
+dissect_ntlmv2_response(tvbuff_t *tvb, proto_tree *ntlmssp_tree, int offset,
+			int len);
+
+void register_smb_common(int proto_smb);
+
+extern const value_string ntlm_name_types[];
+
+#define NTLM_NAME_END        0x0000
+#define NTLM_NAME_NB_HOST    0x0001
+#define NTLM_NAME_NB_DOMAIN  0x0002
+#define NTLM_NAME_DNS_HOST   0x0003
+#define NTLM_NAME_DNS_DOMAIN 0x0004
+
 #endif
diff --git a/packet-smb.c b/packet-smb.c
index 50f512350f..1dbedf6bb3 100644
--- a/packet-smb.c
+++ b/packet-smb.c
@@ -3,7 +3,7 @@
  * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
  * 2001  Rewrite by Ronnie Sahlberg and Guy Harris
  *
- * $Id: packet-smb.c,v 1.337 2003/04/29 21:27:05 guy Exp $
+ * $Id: packet-smb.c,v 1.338 2003/05/09 01:41:28 tpot Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -673,7 +673,7 @@ static gint ett_smb_ace_flags = -1;
 static gint ett_smb_sec_desc_type = -1;
 static gint ett_smb_quotaflags = -1;
 static gint ett_smb_secblob = -1;
-
+static gint ett_smb_unicode_password = -1;
 
 static int smb_tap = -1;
 
@@ -5753,10 +5753,22 @@ dissect_session_setup_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree
 			}
 
 			if(upwlen){
+				proto_item *item;
+
 				/* password, Unicode */
 				CHECK_BYTE_COUNT(upwlen);
-				proto_tree_add_item(tree, hf_smb_unicode_password,
+				item = proto_tree_add_item(tree, hf_smb_unicode_password,
 					tvb, offset, upwlen, TRUE);
+
+				if (upwlen > 24) {
+					proto_tree *subtree;
+
+					subtree = proto_item_add_subtree(item, ett_smb_unicode_password);
+
+					dissect_ntlmv2_response(
+						tvb, subtree, offset, upwlen);
+				}
+
 				COUNT_BYTES(upwlen);
 			}
 
@@ -18228,8 +18240,9 @@ proto_register_smb(void)
 		{ &hf_access_specific_0,
 		  { "Specific access, bit 0", "nt.access_mask.specific_0",
 		    FT_BOOLEAN, 32, TFS(&flags_set_truth),
-		    0x0001, "Specific access, bit 0", HFILL }},
+		    0x0001, "Specific access, bit 0", HFILL }}
 	};
+
 	static gint *ett[] = {
 		&ett_smb,
 		&ett_smb_hdr,
@@ -18310,6 +18323,7 @@ proto_register_smb(void)
 		&ett_nt_access_mask_generic,
 		&ett_nt_access_mask_standard,
 		&ett_nt_access_mask_specific,
+		&ett_smb_unicode_password
 	};
 	module_t *smb_module;
 
@@ -18317,6 +18331,9 @@ proto_register_smb(void)
 	    "SMB", "smb");
 	proto_register_subtree_array(ett, array_length(ett));
 	proto_register_field_array(proto_smb, hf, array_length(hf));
+
+	register_smb_common(proto_smb);
+
 	register_init_routine(&smb_init_protocol);
 	smb_module = prefs_register_protocol(proto_smb, NULL);
 	prefs_register_bool_preference(smb_module, "trans_reassembly",