diff options
| author | Guy Harris <guy@alum.mit.edu> | 2002-11-08 01:45:37 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2002-11-08 01:45:37 +0000 |
| commit | 643ea3debfe18b3968a2e4e4a912d71c5dddbddb (patch) | |
| tree | df1145a8a59982847348bba57047683d01d062f7 /packet-ntlmssp.c | |
| parent | 8181a836572de0193701944662c539b38b375bca (diff) | |
If NTLMSSP_NEGOTIATE_UNICODE is different in the negotiate and challenge
messages, the value in the challenge message is what should be used to
determine how to dissect the auth message.
svn path=/trunk/; revision=6581
Diffstat (limited to 'packet-ntlmssp.c')
| -rw-r--r-- | packet-ntlmssp.c | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/packet-ntlmssp.c b/packet-ntlmssp.c index 535046d606..5d03fb2df3 100644 --- a/packet-ntlmssp.c +++ b/packet-ntlmssp.c @@ -2,7 +2,7 @@ * Routines for NTLM Secure Service Provider * Devin Heitmueller <dheitmueller@netilla.com> * - * $Id: packet-ntlmssp.c,v 1.27 2002/11/07 08:01:19 guy Exp $ + * $Id: packet-ntlmssp.c,v 1.28 2002/11/08 01:45:37 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -518,11 +518,15 @@ dissect_ntlmssp_address_list (tvbuff_t *tvb, int offset, } static int -dissect_ntlmssp_challenge (tvbuff_t *tvb, int offset, proto_tree *ntlmssp_tree) +dissect_ntlmssp_challenge (tvbuff_t *tvb, packet_info *pinfo, int offset, + proto_tree *ntlmssp_tree) { guint32 negotiate_flags; int item_start, item_end; int data_start, data_end; + guint32 *flag_info; + conversation_t *conversation; + gboolean no_sess_key = FALSE; gboolean unicode_strings = FALSE; /* need to find unicode flag */ @@ -530,6 +534,30 @@ dissect_ntlmssp_challenge (tvbuff_t *tvb, int offset, proto_tree *ntlmssp_tree) if (negotiate_flags & NTLMSSP_NEGOTIATE_UNICODE) unicode_strings = TRUE; + /* + * Get flag info from the original negotiate message, if any. + * Then update the NTLMSSP_NEGOTIATE_UNICODE flag to match the + * value in this message. + */ + conversation = find_conversation(&pinfo->src, &pinfo->dst, + pinfo->ptype, pinfo->srcport, + pinfo->destport, 0); + if (!conversation) { /* Create one */ + conversation = conversation_new(&pinfo->src, &pinfo->dst, pinfo->ptype, + pinfo->srcport, pinfo->destport, 0); + } + + flag_info = conversation_get_proto_data(conversation, proto_ntlmssp); + if (flag_info) { + *flag_info &= ~NTLMSSP_NEGOTIATE_UNICODE; + *flag_info |= (negotiate_flags & NTLMSSP_NEGOTIATE_UNICODE); + } else { + flag_info = g_mem_chunk_alloc(flag_info_chunk); + *flag_info = negotiate_flags; + + conversation_add_proto_data(conversation, proto_ntlmssp, flag_info); + } + /* Domain name */ offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, unicode_strings, hf_ntlmssp_challenge_domain, @@ -724,7 +752,7 @@ dissect_ntlmssp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) break; case NTLMSSP_CHALLENGE: - offset = dissect_ntlmssp_challenge (tvb, offset, ntlmssp_tree); + offset = dissect_ntlmssp_challenge (tvb, pinfo, offset, ntlmssp_tree); break; case NTLMSSP_AUTH: |