diff options
author | sharpe <sharpe@f5534014-38df-0310-8fa8-9805f1628bb7> | 2003-05-14 22:09:52 +0000 |
---|---|---|
committer | sharpe <sharpe@f5534014-38df-0310-8fa8-9805f1628bb7> | 2003-05-14 22:09:52 +0000 |
commit | c95f2b41d9f34f1b2485b24eda8a9ea93987feae (patch) | |
tree | 245ea05710546fc5bfbb48b094db718ba762b0e6 /packet-dcerpc.c | |
parent | cdb3402c1386e40229db687e64ee6f42fef5a465 (diff) |
Re-commit stuff that was lost...
This contains an initial break-out of the verifier for secure-channel and
maybe more ...
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7665 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'packet-dcerpc.c')
-rw-r--r-- | packet-dcerpc.c | 60 |
1 files changed, 58 insertions, 2 deletions
diff --git a/packet-dcerpc.c b/packet-dcerpc.c index 721bf0feff..20a6a2c812 100644 --- a/packet-dcerpc.c +++ b/packet-dcerpc.c @@ -2,7 +2,7 @@ * Routines for DCERPC packet disassembly * Copyright 2001, Todd Sabin <tas@webspan.net> * - * $Id: packet-dcerpc.c,v 1.120 2003/05/10 02:29:44 guy Exp $ + * $Id: packet-dcerpc.c,v 1.121 2003/05/14 22:09:52 sharpe Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -398,6 +398,11 @@ static int hf_dcerpc_fragment_multiple_tails = -1; static int hf_dcerpc_fragment_too_long_fragment = -1; static int hf_dcerpc_fragment_error = -1; static int hf_dcerpc_reassembled_in = -1; +static int hf_dcerpc_sec_chan = -1; +static int hf_dcerpc_sec_chan_sig = -1; +static int hf_dcerpc_sec_chan_unk = -1; +static int hf_dcerpc_sec_chan_seq = -1; +static int hf_dcerpc_sec_chan_nonce = -1; static gint ett_dcerpc = -1; static gint ett_dcerpc_cn_flags = -1; @@ -409,6 +414,7 @@ static gint ett_dcerpc_string = -1; static gint ett_dcerpc_fragments = -1; static gint ett_dcerpc_fragment = -1; static gint ett_decrpc_krb5_auth_verf = -1; +static gint ett_sec_chan = -1; static dissector_handle_t ntlmssp_handle, ntlmssp_verf_handle, ntlmssp_enc_payload_handle; @@ -1774,6 +1780,31 @@ dissect_dcerpc_verifier (tvbuff_t *tvb, packet_info *pinfo, break; } + case DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN: { + proto_item *vf = NULL; + proto_tree *volatile sec_chan_tree = NULL; + /* + * Create a new tree, and split into 4 components ... + */ + vf = proto_tree_add_item(dcerpc_tree, hf_dcerpc_sec_chan, tvb, + auth_offset, -1, FALSE); + sec_chan_tree = proto_item_add_subtree(vf, ett_sec_chan); + + proto_tree_add_item(sec_chan_tree, hf_dcerpc_sec_chan_sig, tvb, + auth_offset, 8, FALSE); + + proto_tree_add_item(sec_chan_tree, hf_dcerpc_sec_chan_unk, tvb, + auth_offset + 8, 8, FALSE); + + proto_tree_add_item(sec_chan_tree, hf_dcerpc_sec_chan_seq, tvb, + auth_offset + 16, 8, FALSE); + + proto_tree_add_item(sec_chan_tree, hf_dcerpc_sec_chan_nonce, tvb, + auth_offset + 24, 8, FALSE); + + break; + } + default: proto_tree_add_text (dcerpc_tree, tvb, auth_offset, hdr->auth_len, "Auth Verifier"); @@ -1859,6 +1890,15 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr break; } + case DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN: { + + /* TODO: Fill me in when we know what goes here */ + + proto_tree_add_text (dcerpc_tree, tvb, offset, hdr->auth_len, + "Secure Channel Auth Credentials"); + break; + } + default: proto_tree_add_text (dcerpc_tree, tvb, offset, hdr->auth_len, "Auth Credentials"); @@ -4136,7 +4176,22 @@ proto_register_dcerpc (void) { &hf_dcerpc_time, { "Time from request", "dcerpc.time", FT_RELATIVE_TIME, BASE_NONE, NULL, 0, "Time between Request and Reply for DCE-RPC calls", HFILL }}, { &hf_dcerpc_reassembled_in, - { "This PDU is reassembled in", "dcerpc.reassembled_in", FT_FRAMENUM, BASE_NONE, NULL, 0x0, "The DCE/RPC PDU is completely reassembled in this frame", HFILL }} + { "This PDU is reassembled in", "dcerpc.reassembled_in", FT_FRAMENUM, BASE_NONE, NULL, 0x0, "The DCE/RPC PDU is completely reassembled in this frame", HFILL }}, + { &hf_dcerpc_sec_chan, + { "Verifier", "verifier", FT_NONE, BASE_NONE, NULL, 0x0, "Verifier", + HFILL }}, + { &hf_dcerpc_sec_chan_sig, + { "Signature", "dcerpc.sec_chan.sig", FT_BYTES, BASE_HEX, NULL, + 0x0, "Signature", HFILL }}, + { &hf_dcerpc_sec_chan_unk, + { "Unknown", "dcerpc.sec_chan.unk", FT_BYTES, BASE_HEX, NULL, + 0x0, "Unknown", HFILL }}, + { &hf_dcerpc_sec_chan_seq, + { "Sequence No", "dcerpc.sec_chan.seq", FT_BYTES, BASE_HEX, NULL, + 0x0, "Sequence No", HFILL }}, + { &hf_dcerpc_sec_chan_nonce, + { "Nonce", "dcerpc.sec_chan.nonce", FT_BYTES, BASE_HEX, NULL, + 0x0, "Nonce", HFILL }}, }; static gint *ett[] = { @@ -4150,6 +4205,7 @@ proto_register_dcerpc (void) &ett_dcerpc_fragments, &ett_dcerpc_fragment, &ett_decrpc_krb5_auth_verf, + &ett_sec_chan, }; module_t *dcerpc_module; |