diff options
author | guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> | 2002-11-10 20:17:52 +0000 |
---|---|---|
committer | guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> | 2002-11-10 20:17:52 +0000 |
commit | ef43d336db9829c8f75512b6862d5ffce8494881 (patch) | |
tree | 780191a1e1e132777120277426ce78461e93b0b0 /packet-dcerpc-samr.c | |
parent | bc8d224049455fc6e0b28a7abfc47f331e982c84 (diff) |
From Devin Heitmueller: show proper field names for SAMR
UnicodeChangePassword2.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6603 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'packet-dcerpc-samr.c')
-rw-r--r-- | packet-dcerpc-samr.c | 131 |
1 files changed, 122 insertions, 9 deletions
diff --git a/packet-dcerpc-samr.c b/packet-dcerpc-samr.c index d21d2382c3..792cfda406 100644 --- a/packet-dcerpc-samr.c +++ b/packet-dcerpc-samr.c @@ -3,7 +3,7 @@ * Copyright 2001, Tim Potter <tpot@samba.org> * 2002 Added all command dissectors Ronnie Sahlberg * - * $Id: packet-dcerpc-samr.c,v 1.59 2002/11/10 09:49:38 sahlberg Exp $ + * $Id: packet-dcerpc-samr.c,v 1.60 2002/11/10 20:17:52 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -81,6 +81,10 @@ static int hf_samr_mask = -1; static int hf_samr_crypt_password = -1; static int hf_samr_crypt_hash = -1; static int hf_samr_lm_change = -1; +static int hf_samr_lm_passchange_block = -1; +static int hf_samr_nt_passchange_block = -1; +static int hf_samr_lm_verifier = -1; +static int hf_samr_nt_verifier = -1; static int hf_samr_attrib = -1; static int hf_samr_max_pwd_age = -1; static int hf_samr_min_pwd_age = -1; @@ -1633,6 +1637,99 @@ samr_dissect_CRYPT_HASH(tvbuff_t *tvb, int offset, return offset; } +static int +samr_dissect_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset, + packet_info *pinfo _U_, proto_tree *tree, + char *drep _U_) +{ + dcerpc_info *di; + + /* Right now, this just dumps the output. In the long term, we can use + the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to + actually decrypt the block */ + + di=pinfo->private_data; + if(di->conformant_run){ + /* just a run to handle conformant arrays, no scalars to dissect */ + return offset; + } + + proto_tree_add_item(tree, hf_samr_nt_passchange_block, tvb, offset, + 516, FALSE); + offset += 516; + return offset; +} + +static int +samr_dissect_LM_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset, + packet_info *pinfo _U_, proto_tree *tree, + char *drep _U_) +{ + dcerpc_info *di; + + /* Right now, this just dumps the output. In the long term, we can use + the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to + actually decrypt the block */ + + di=pinfo->private_data; + if(di->conformant_run){ + /* just a run to handle conformant arrays, no scalars to dissect */ + return offset; + } + + proto_tree_add_item(tree, hf_samr_lm_passchange_block, tvb, offset, + 516, FALSE); + offset += 516; + return offset; +} + +static int +samr_dissect_LM_VERIFIER(tvbuff_t *tvb, int offset, + packet_info *pinfo _U_, proto_tree *tree, + char *drep _U_) +{ + dcerpc_info *di; + + /* Right now, this just dumps the output. In the long term, we can use + the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to + actually validate the verifier */ + + di=pinfo->private_data; + if(di->conformant_run){ + /* just a run to handle conformant arrays, no scalars to dissect */ + return offset; + } + + proto_tree_add_item(tree, hf_samr_lm_verifier, tvb, offset, 16, + FALSE); + offset += 16; + return offset; +} + + +static int +samr_dissect_NT_VERIFIER(tvbuff_t *tvb, int offset, + packet_info *pinfo _U_, proto_tree *tree, + char *drep _U_) +{ + dcerpc_info *di; + + /* Right now, this just dumps the output. In the long term, we can use + the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to + actually validate the verifier */ + + di=pinfo->private_data; + if(di->conformant_run){ + /* just a run to handle conformant arrays, no scalars to dissect */ + return offset; + } + + proto_tree_add_item(tree, hf_samr_nt_verifier, tvb, offset, 16, + FALSE); + offset += 16; + return offset; +} + static int samr_dissect_oem_change_password_user2_rqst(tvbuff_t *tvb, int offset, @@ -1686,19 +1783,19 @@ samr_dissect_unicode_change_password_user2_rqst(tvbuff_t *tvb, int offset, "Account Name:", hf_samr_acct_name, 1); offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE, - "Password", -1, 0); + samr_dissect_NT_PASSCHANGE_BLOCK, NDR_POINTER_UNIQUE, + "New NT Password Encrypted Block", -1, 0); offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE, - "Hash", -1, 0); + samr_dissect_NT_VERIFIER, NDR_POINTER_UNIQUE, + "NT Password Verifier", -1, 0); offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep, hf_samr_lm_change, NULL); offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE, - "Password", -1, 0); + samr_dissect_LM_PASSCHANGE_BLOCK, NDR_POINTER_UNIQUE, + "New Lan Manager Password Encrypted Block", -1, 0); offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE, - "Hash", -1, 0); + samr_dissect_LM_VERIFIER, NDR_POINTER_UNIQUE, + "Lan Manager Password Verifier", -1, 0); return offset; } @@ -4859,6 +4956,22 @@ proto_register_dcerpc_samr(void) "Hash", "samr.crypt_hash", FT_BYTES, BASE_HEX, NULL, 0, "Encrypted Hash", HFILL }}, + { &hf_samr_lm_verifier, { + "Verifier", "samr.lm_password_verifier", FT_BYTES, BASE_HEX, + NULL, 0, "Lan Manager Password Verifier", HFILL }}, + + { &hf_samr_nt_verifier, { + "Verifier", "samr.nt_password_verifier", FT_BYTES, BASE_HEX, + NULL, 0, "NT Password Verifier", HFILL }}, + + { &hf_samr_lm_passchange_block, { + "Encrypted Block", "samr.lm_passchange_block", FT_BYTES, BASE_HEX, + NULL, 0, "Lan Manager Password Change Block", HFILL }}, + + { &hf_samr_nt_passchange_block, { + "Encrypted Block", "samr.nt_passchange_block", FT_BYTES, BASE_HEX, + NULL, 0, "NT Password Change Block", HFILL }}, + { &hf_samr_lm_change, { "LM Change", "samr.lm_change", FT_UINT8, BASE_HEX, NULL, 0, "LM Change value", HFILL }}, |