diff options
author | Tim Potter <tpot@samba.org> | 2003-05-09 01:41:28 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2003-05-09 01:41:28 +0000 |
commit | 2b39831b5b2b1659b5f74bc9eb0cc301f1d4926d (patch) | |
tree | 5af3a038481c6980d0635e184c9fac079d390625 | |
parent | d812376fe4f17ea4285855af3e97f329261841bc (diff) |
Move the ntlmv2 response dissection out of packet-ntlmssp.c and in to
packet-smb-common.c so it can be used elsewhere.
Dissect a ntlmv2 response in a session setup SMB if detected.
svn path=/trunk/; revision=7655
-rw-r--r-- | packet-ntlmssp.c | 248 | ||||
-rw-r--r-- | packet-smb-common.c | 200 | ||||
-rw-r--r-- | packet-smb-common.h | 18 | ||||
-rw-r--r-- | packet-smb.c | 25 |
4 files changed, 254 insertions, 237 deletions
diff --git a/packet-ntlmssp.c b/packet-ntlmssp.c index ce207dde17..3cdd3d72bf 100644 --- a/packet-ntlmssp.c +++ b/packet-ntlmssp.c @@ -2,7 +2,7 @@ * Routines for NTLM Secure Service Provider * Devin Heitmueller <dheitmueller@netilla.com> * - * $Id: packet-ntlmssp.c,v 1.39 2003/05/07 07:12:50 tpot Exp $ + * $Id: packet-ntlmssp.c,v 1.40 2003/05/09 01:41:28 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -55,23 +55,6 @@ static const value_string ntlmssp_message_types[] = { { 0, NULL } }; -/* Name types */ - -#define NTLMSSP_NAME_END 0x0000 -#define NTLMSSP_NAME_NB_HOST 0x0001 -#define NTLMSSP_NAME_NB_DOMAIN 0x0002 -#define NTLMSSP_NAME_DNS_HOST 0x0003 -#define NTLMSSP_NAME_DNS_DOMAIN 0x0004 - -static const value_string ntlmssp_name_types[] = { - { NTLMSSP_NAME_END, "End of list" }, - { NTLMSSP_NAME_NB_HOST, "NetBIOS host name" }, - { NTLMSSP_NAME_NB_DOMAIN, "NetBIOS domain name" }, - { NTLMSSP_NAME_DNS_HOST, "DNS host name" }, - { NTLMSSP_NAME_DNS_DOMAIN, "DNS domain name" }, - { 0, NULL } -}; - /* * NTLMSSP negotiation flags * Taken from Samba @@ -109,7 +92,6 @@ static const value_string ntlmssp_name_types[] = { #define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 #define NTLMSSP_NEGOTIATE_80000000 0x80000000 - static int proto_ntlmssp = -1; static int hf_ntlmssp = -1; static int hf_ntlmssp_auth = -1; @@ -185,16 +167,6 @@ static int hf_ntlmssp_verf_unknown1 = -1; static int hf_ntlmssp_verf_crc32 = -1; static int hf_ntlmssp_verf_sequence = -1; static int hf_ntlmssp_decrypted_payload = -1; -static int hf_ntlmssp_ntlmv2_response = -1; -static int hf_ntlmssp_ntlmv2_response_hmac = -1; -static int hf_ntlmssp_ntlmv2_response_header = -1; -static int hf_ntlmssp_ntlmv2_response_reserved = -1; -static int hf_ntlmssp_ntlmv2_response_time = -1; -static int hf_ntlmssp_ntlmv2_response_chal = -1; -static int hf_ntlmssp_ntlmv2_response_unknown = -1; -static int hf_ntlmssp_ntlmv2_response_name = -1; -static int hf_ntlmssp_ntlmv2_response_name_type = -1; -static int hf_ntlmssp_ntlmv2_response_name_len = -1; static gint ett_ntlmssp = -1; static gint ett_ntlmssp_negotiate_flags = -1; @@ -202,8 +174,6 @@ static gint ett_ntlmssp_string = -1; static gint ett_ntlmssp_blob = -1; static gint ett_ntlmssp_address_list = -1; static gint ett_ntlmssp_decrypted_tree = -1; -static gint ett_ntlmssp_ntlmv2_response = -1; -static gint ett_ntlmssp_ntlmv2_response_name = -1; /* Configuration variables */ static char *nt_password = NULL; @@ -451,165 +421,13 @@ dissect_ntlmssp_blob (tvbuff_t *tvb, int offset, tvb_memcpy(tvb, result->contents, blob_offset, blob_length); } + /* If we are dissecting the NTLM response and it is a NTLMv2 + response call the appropriate dissector. */ - return offset; -} - -/* Dissect a NTLM response. This could be either NTLMv1 in which case - we just call the dissect_ntlmssp_blob() function, or NTLMv2 where - the blob actually has some structure. This is documented at - http://ubiqx.org/cifs/SMB.html#8, para 2.8.5.3 */ - -static int -dissect_ntlmssp_ntlm_response(tvbuff_t *tvb, int offset, - proto_tree *ntlmssp_tree, int blob_hf, - int *end, ntlmssp_blob *result) -{ - guint16 blob_length = tvb_get_letohs(tvb, offset); - guint16 blob_maxlen = tvb_get_letohs(tvb, offset+2); - guint32 blob_offset = tvb_get_letohl(tvb, offset+4); - proto_item *item = NULL; - proto_tree *subtree = NULL, *ntlmv2_tree = NULL; - - if (blob_length <= 24) { - - /* Not NTLMv2 */ - - return dissect_ntlmssp_blob( - tvb, offset, ntlmssp_tree, blob_hf, end, result); - } - - if (ntlmssp_tree) { - item = proto_tree_add_item( - ntlmssp_tree, blob_hf, tvb, blob_offset, blob_length, - TRUE); - subtree = proto_item_add_subtree(item, ett_ntlmssp_blob); - } - - /* Dissect NTLMv2 response */ - - proto_tree_add_uint(subtree, hf_ntlmssp_blob_len, - tvb, offset, 2, blob_length); - offset += 2; - - proto_tree_add_uint(subtree, hf_ntlmssp_blob_maxlen, - tvb, offset, 2, blob_maxlen); - offset += 2; - - proto_tree_add_uint(subtree, hf_ntlmssp_blob_offset, - tvb, offset, 4, blob_offset); - offset += 4; - - *end = blob_offset + blob_length; - - /* Dissect NTLMv2 bits&pieces */ - - if (subtree) { - item = proto_tree_add_item( - subtree, hf_ntlmssp_ntlmv2_response, tvb, - blob_offset, blob_length - 8, TRUE); - ntlmv2_tree = proto_item_add_subtree( - item, ett_ntlmssp_ntlmv2_response); - } - - proto_tree_add_item( - ntlmv2_tree, hf_ntlmssp_ntlmv2_response_hmac, tvb, - blob_offset, 16, TRUE); - - blob_offset += 16; - - proto_tree_add_item( - ntlmv2_tree, hf_ntlmssp_ntlmv2_response_header, tvb, - blob_offset, 4, TRUE); - - blob_offset += 4; + if (blob_hf == hf_ntlmssp_auth_ntresponse && blob_length > 24) + dissect_ntlmv2_response(tvb, tree, blob_offset, blob_length); - proto_tree_add_item( - ntlmv2_tree, hf_ntlmssp_ntlmv2_response_reserved, tvb, - blob_offset, 4, TRUE); - - blob_offset += 4; - - blob_offset = dissect_smb_64bit_time( - tvb, ntlmv2_tree, blob_offset, - hf_ntlmssp_ntlmv2_response_time); - - proto_tree_add_item( - ntlmv2_tree, hf_ntlmssp_ntlmv2_response_chal, tvb, - blob_offset, 8, TRUE); - - blob_offset += 8; - - proto_tree_add_item( - ntlmv2_tree, hf_ntlmssp_ntlmv2_response_unknown, tvb, - blob_offset, 4, TRUE); - - blob_offset += 4; - - /* Variable length list of names */ - - while(1) { - guint16 name_type = tvb_get_letohs(tvb, blob_offset); - guint16 name_len = tvb_get_letohs(tvb, blob_offset + 2); - proto_tree *name_tree = NULL; - char *name = NULL; - - if (ntlmv2_tree) { - item = proto_tree_add_item( - ntlmv2_tree, hf_ntlmssp_ntlmv2_response_name, - tvb, blob_offset, 0, TRUE); - name_tree = proto_item_add_subtree( - item, ett_ntlmssp_ntlmv2_response_name); - } - - /* Dissect name header */ - - proto_tree_add_item( - name_tree, hf_ntlmssp_ntlmv2_response_name_type, tvb, - blob_offset, 2, TRUE); - - blob_offset += 2; - - proto_tree_add_item( - name_tree, hf_ntlmssp_ntlmv2_response_name_len, tvb, - blob_offset, 2, TRUE); - - blob_offset += 2; - - /* Dissect name */ - - if (name_len > 0) { - name = tvb_fake_unicode( - tvb, blob_offset, name_len / 2, TRUE); - - proto_tree_add_text( - name_tree, tvb, blob_offset, name_len, - "Name: %s", name); - } else - name = g_strdup("NULL"); - - if (name_type == 0) - proto_item_append_text( - item, "%s", - val_to_str(name_type, ntlmssp_name_types, - "Unknown")); - else - proto_item_append_text( - item, "%s, %s", - val_to_str(name_type, ntlmssp_name_types, - "Unknown"), name); - - g_free(name); - - blob_offset += name_len; - - proto_item_set_len(item, name_len + 4); - - if (name_type == 0) /* End of list */ - break; - }; - - return offset; + return offset; } static int @@ -812,19 +630,19 @@ dissect_ntlmssp_address_list (tvbuff_t *tvb, int offset, if (!text) text = ""; /* Make sure we don't blow up below */ switch(item_type) { - case NTLMSSP_NAME_NB_HOST: + case NTLM_NAME_NB_HOST: proto_tree_add_string(tree, hf_ntlmssp_address_list_server_nb, tvb, item_offset, item_length, text); break; - case NTLMSSP_NAME_NB_DOMAIN: + case NTLM_NAME_NB_DOMAIN: proto_tree_add_string(tree, hf_ntlmssp_address_list_domain_nb, tvb, item_offset, item_length, text); break; - case NTLMSSP_NAME_DNS_HOST: + case NTLM_NAME_DNS_HOST: proto_tree_add_string(tree, hf_ntlmssp_address_list_server_dns, tvb, item_offset, item_length, text); break; - case NTLMSSP_NAME_DNS_DOMAIN: + case NTLM_NAME_DNS_DOMAIN: proto_tree_add_string(tree, hf_ntlmssp_address_list_domain_dns, tvb, item_offset, item_length, text); } @@ -1007,11 +825,11 @@ dissect_ntlmssp_auth (tvbuff_t *tvb, packet_info *pinfo, int offset, /* NTLM response */ item_start = tvb_get_letohl(tvb, offset+4); - offset = dissect_ntlmssp_ntlm_response(tvb, offset, ntlmssp_tree, - hf_ntlmssp_auth_ntresponse, - &item_end, - conv_ntlmssp_info == NULL ? NULL : - &conv_ntlmssp_info->ntlm_response); + offset = dissect_ntlmssp_blob(tvb, offset, ntlmssp_tree, + hf_ntlmssp_auth_ntresponse, + &item_end, + conv_ntlmssp_info == NULL ? NULL : + &conv_ntlmssp_info->ntlm_response); data_start = MIN(data_start, item_start); data_end = MAX(data_end, item_end); @@ -1649,37 +1467,7 @@ proto_register_ntlmssp(void) { &hf_ntlmssp_verf_crc32, { "Verifier CRC32", "ntlmssp.verf.crc32", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}, { &hf_ntlmssp_verf_sequence, - { "Verifier Sequence Number", "ntlmssp.verf.sequence", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, - { &hf_ntlmssp_ntlmv2_response, - { "NTLMv2 Response", "ntlmssp.auth.ntresponsev2", FT_BYTES, BASE_HEX, - NULL, 0x0, "", HFILL }}, - { &hf_ntlmssp_ntlmv2_response_hmac, - { "HMAC", "ntlmssp.auth.ntresponsev2.hmac", FT_BYTES, BASE_HEX, - NULL, 0x0, "", HFILL }}, - { &hf_ntlmssp_ntlmv2_response_header, - { "Header", "ntlmssp.auth.ntresponsev2.header", FT_UINT32, BASE_HEX, - NULL, 0x0, "", HFILL }}, - { &hf_ntlmssp_ntlmv2_response_reserved, - { "Reserved", "ntlmssp.auth.ntresponsev2.reserved", FT_UINT32, BASE_HEX, - NULL, 0x0, "", HFILL }}, - { &hf_ntlmssp_ntlmv2_response_time, - { "Time", "ntlmssp.auth.ntresponsev2.time", FT_ABSOLUTE_TIME, BASE_NONE, - NULL, 0, "", HFILL }}, - { &hf_ntlmssp_ntlmv2_response_chal, - { "Client challenge", "ntlmssp.auth.ntresponsev2.chal", FT_BYTES, - BASE_HEX, NULL, 0x0, "", HFILL }}, - { &hf_ntlmssp_ntlmv2_response_unknown, - { "Unknown", "ntlmssp.auth.ntresponsev2.unknown", FT_UINT32, BASE_HEX, - NULL, 0x0, "", HFILL }}, - { &hf_ntlmssp_ntlmv2_response_name, - { "Name", "ntlmssp.auth.ntresponsev2.name", FT_STRING, BASE_NONE, - NULL, 0x0, "", HFILL }}, - { &hf_ntlmssp_ntlmv2_response_name_type, - { "Name type", "ntlmssp.auth.ntresponsev2.name.type", FT_UINT32, - BASE_DEC, VALS(ntlmssp_name_types), 0x0, "", HFILL }}, - { &hf_ntlmssp_ntlmv2_response_name_len, - { "Name len", "ntlmssp.auth.ntresponsev2.name.len", FT_UINT32, - BASE_DEC, NULL, 0x0, "", HFILL }}, + { "Verifier Sequence Number", "ntlmssp.verf.sequence", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }} }; @@ -1689,9 +1477,7 @@ proto_register_ntlmssp(void) &ett_ntlmssp_string, &ett_ntlmssp_blob, &ett_ntlmssp_address_list, - &ett_ntlmssp_decrypted_tree, - &ett_ntlmssp_ntlmv2_response, - &ett_ntlmssp_ntlmv2_response_name + &ett_ntlmssp_decrypted_tree }; module_t *ntlmssp_module; diff --git a/packet-smb-common.c b/packet-smb-common.c index 9c02b79c9f..60c4c67724 100644 --- a/packet-smb-common.c +++ b/packet-smb-common.c @@ -2,7 +2,7 @@ * Common routines for smb packet dissection * Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com> * - * $Id: packet-smb-common.c,v 1.16 2003/04/03 02:57:48 tpot Exp $ + * $Id: packet-smb-common.c,v 1.17 2003/05/09 01:41:28 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -284,3 +284,201 @@ dissect_smb_unknown(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int return offset+tvb_length_remaining(tvb, offset); } + +/* Dissect a NTLM response. This is documented at + http://ubiqx.org/cifs/SMB.html#8, para 2.8.5.3 */ + +static int hf_ntlmv2_response = -1; +static int hf_ntlmv2_response_hmac = -1; +static int hf_ntlmv2_response_header = -1; +static int hf_ntlmv2_response_reserved = -1; +static int hf_ntlmv2_response_time = -1; +static int hf_ntlmv2_response_chal = -1; +static int hf_ntlmv2_response_unknown = -1; +static int hf_ntlmv2_response_name = -1; +static int hf_ntlmv2_response_name_type = -1; +static int hf_ntlmv2_response_name_len = -1; + +static gint ett_ntlmv2_response = -1; +static gint ett_ntlmv2_response_name = -1; + +/* Name types */ + +const value_string ntlm_name_types[] = { + { NTLM_NAME_END, "End of list" }, + { NTLM_NAME_NB_HOST, "NetBIOS host name" }, + { NTLM_NAME_NB_DOMAIN, "NetBIOS domain name" }, + { NTLM_NAME_DNS_HOST, "DNS host name" }, + { NTLM_NAME_DNS_DOMAIN, "DNS domain name" }, + { 0, NULL } +}; + +int +dissect_ntlmv2_response(tvbuff_t *tvb, proto_tree *tree, int offset, int len) +{ + proto_item *ntlmv2_item = NULL; + proto_tree *ntlmv2_tree = NULL; + + /* Dissect NTLMv2 bits&pieces */ + + if (tree) { + ntlmv2_item = proto_tree_add_item( + tree, hf_ntlmv2_response, tvb, + offset, len, TRUE); + ntlmv2_tree = proto_item_add_subtree( + ntlmv2_item, ett_ntlmv2_response); + } + + proto_tree_add_item( + ntlmv2_tree, hf_ntlmv2_response_hmac, tvb, + offset, 16, TRUE); + + offset += 16; + + proto_tree_add_item( + ntlmv2_tree, hf_ntlmv2_response_header, tvb, + offset, 4, TRUE); + + offset += 4; + + proto_tree_add_item( + ntlmv2_tree, hf_ntlmv2_response_reserved, tvb, + offset, 4, TRUE); + + offset += 4; + + offset = dissect_smb_64bit_time( + tvb, ntlmv2_tree, offset, hf_ntlmv2_response_time); + + proto_tree_add_item( + ntlmv2_tree, hf_ntlmv2_response_chal, tvb, + offset, 8, TRUE); + + offset += 8; + + proto_tree_add_item( + ntlmv2_tree, hf_ntlmv2_response_unknown, tvb, + offset, 4, TRUE); + + offset += 4; + + /* Variable length list of names */ + + while(1) { + guint16 name_type = tvb_get_letohs(tvb, offset); + guint16 name_len = tvb_get_letohs(tvb, offset + 2); + proto_tree *name_tree = NULL; + proto_item *name_item = NULL; + char *name = NULL; + + if (ntlmv2_tree) { + name_item = proto_tree_add_item( + ntlmv2_tree, hf_ntlmv2_response_name, + tvb, offset, 0, TRUE); + name_tree = proto_item_add_subtree( + name_item, ett_ntlmv2_response_name); + } + + /* Dissect name header */ + + proto_tree_add_item( + name_tree, hf_ntlmv2_response_name_type, tvb, + offset, 2, TRUE); + + offset += 2; + + proto_tree_add_item( + name_tree, hf_ntlmv2_response_name_len, tvb, + offset, 2, TRUE); + + offset += 2; + + /* Dissect name */ + + if (name_len > 0) { + name = tvb_fake_unicode( + tvb, offset, name_len / 2, TRUE); + + proto_tree_add_text( + name_tree, tvb, offset, name_len, + "Name: %s", name); + } else + name = g_strdup("NULL"); + + if (name_type == 0) + proto_item_append_text( + name_item, "%s", + val_to_str(name_type, ntlm_name_types, + "Unknown")); + else + proto_item_append_text( + name_item, "%s, %s", + val_to_str(name_type, ntlm_name_types, + "Unknown"), name); + + g_free(name); + + offset += name_len; + + proto_item_set_len(name_item, name_len + 4); + + if (name_type == 0) /* End of list */ + break; + }; + + return offset; +} + +void register_smb_common(int proto_smb) +{ + static hf_register_info hf[] = { + + { &hf_ntlmv2_response, + { "NTLMv2 Response", "smb.ntlmv2response", FT_BYTES, + BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_ntlmv2_response_hmac, + { "HMAC", "smb.ntlmv2response.hmac", FT_BYTES, BASE_HEX, + NULL, 0x0, "", HFILL }}, + + { &hf_ntlmv2_response_header, + { "Header", "smb.ntlmv2response.header", FT_UINT32, + BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_ntlmv2_response_reserved, + { "Reserved", "smb.ntlmv2response.reserved", FT_UINT32, + BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_ntlmv2_response_time, + { "Time", "smb.ntlmv2response.time", FT_ABSOLUTE_TIME, + BASE_NONE, NULL, 0, "", HFILL }}, + + { &hf_ntlmv2_response_chal, + { "Client challenge", "smb.ntlmv2response.chal", FT_BYTES, + BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_ntlmv2_response_unknown, + { "Unknown", "smb.ntlmv2response.unknown", FT_UINT32, + BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_ntlmv2_response_name, + { "Name", "smb.ntlmv2response.name", FT_STRING, BASE_NONE, + NULL, 0x0, "", HFILL }}, + + { &hf_ntlmv2_response_name_type, + { "Name type", "smb.ntlmv2response.name.type", FT_UINT32, + BASE_DEC, VALS(ntlm_name_types), 0x0, "", HFILL }}, + + { &hf_ntlmv2_response_name_len, + { "Name len", "smb.ntlmv2response.name.len", FT_UINT32, + BASE_DEC, NULL, 0x0, "", HFILL }} + }; + + static gint *ett[] = { + &ett_ntlmv2_response, + &ett_ntlmv2_response_name + }; + + proto_register_subtree_array(ett, array_length(ett)); + proto_register_field_array(proto_smb, hf, array_length(hf)); +} diff --git a/packet-smb-common.h b/packet-smb-common.h index a42254397d..48b8f713e1 100644 --- a/packet-smb-common.h +++ b/packet-smb-common.h @@ -2,7 +2,7 @@ * Routines for SMB packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-smb-common.h,v 1.21 2003/04/28 04:44:54 tpot Exp $ + * $Id: packet-smb-common.h,v 1.22 2003/05/09 01:41:28 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -80,4 +80,20 @@ dissect_nt_sec_desc(tvbuff_t *tvb, int offset, packet_info *pinfo, extern const value_string share_type_vals[]; +/* Dissect a ntlmv2 response */ + +int +dissect_ntlmv2_response(tvbuff_t *tvb, proto_tree *ntlmssp_tree, int offset, + int len); + +void register_smb_common(int proto_smb); + +extern const value_string ntlm_name_types[]; + +#define NTLM_NAME_END 0x0000 +#define NTLM_NAME_NB_HOST 0x0001 +#define NTLM_NAME_NB_DOMAIN 0x0002 +#define NTLM_NAME_DNS_HOST 0x0003 +#define NTLM_NAME_DNS_DOMAIN 0x0004 + #endif diff --git a/packet-smb.c b/packet-smb.c index 50f512350f..1dbedf6bb3 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -3,7 +3,7 @@ * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * 2001 Rewrite by Ronnie Sahlberg and Guy Harris * - * $Id: packet-smb.c,v 1.337 2003/04/29 21:27:05 guy Exp $ + * $Id: packet-smb.c,v 1.338 2003/05/09 01:41:28 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -673,7 +673,7 @@ static gint ett_smb_ace_flags = -1; static gint ett_smb_sec_desc_type = -1; static gint ett_smb_quotaflags = -1; static gint ett_smb_secblob = -1; - +static gint ett_smb_unicode_password = -1; static int smb_tap = -1; @@ -5753,10 +5753,22 @@ dissect_session_setup_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree } if(upwlen){ + proto_item *item; + /* password, Unicode */ CHECK_BYTE_COUNT(upwlen); - proto_tree_add_item(tree, hf_smb_unicode_password, + item = proto_tree_add_item(tree, hf_smb_unicode_password, tvb, offset, upwlen, TRUE); + + if (upwlen > 24) { + proto_tree *subtree; + + subtree = proto_item_add_subtree(item, ett_smb_unicode_password); + + dissect_ntlmv2_response( + tvb, subtree, offset, upwlen); + } + COUNT_BYTES(upwlen); } @@ -18228,8 +18240,9 @@ proto_register_smb(void) { &hf_access_specific_0, { "Specific access, bit 0", "nt.access_mask.specific_0", FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x0001, "Specific access, bit 0", HFILL }}, + 0x0001, "Specific access, bit 0", HFILL }} }; + static gint *ett[] = { &ett_smb, &ett_smb_hdr, @@ -18310,6 +18323,7 @@ proto_register_smb(void) &ett_nt_access_mask_generic, &ett_nt_access_mask_standard, &ett_nt_access_mask_specific, + &ett_smb_unicode_password }; module_t *smb_module; @@ -18317,6 +18331,9 @@ proto_register_smb(void) "SMB", "smb"); proto_register_subtree_array(ett, array_length(ett)); proto_register_field_array(proto_smb, hf, array_length(hf)); + + register_smb_common(proto_smb); + register_init_routine(&smb_init_protocol); smb_module = prefs_register_protocol(proto_smb, NULL); prefs_register_bool_preference(smb_module, "trans_reassembly", |