diff options
author | Guy Harris <guy@alum.mit.edu> | 2002-11-10 09:38:22 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2002-11-10 09:38:22 +0000 |
commit | 262744d2b26733d7d788321999cdecf0de866bad (patch) | |
tree | 4448dca8c5e2092485f284c238a8f375c399d15c /packet-ntlmssp.c | |
parent | 048ab33a26babd5a20fd0ed30e0d00e6f0891df0 (diff) |
Dissect NTLMSSP authentication verifiers, as per lkcl's "DCE/RPC over
SMB" book.
svn path=/trunk/; revision=6598
Diffstat (limited to 'packet-ntlmssp.c')
-rw-r--r-- | packet-ntlmssp.c | 61 |
1 files changed, 59 insertions, 2 deletions
diff --git a/packet-ntlmssp.c b/packet-ntlmssp.c index d01c28f087..8ce8a1ce83 100644 --- a/packet-ntlmssp.c +++ b/packet-ntlmssp.c @@ -2,7 +2,7 @@ * Routines for NTLM Secure Service Provider * Devin Heitmueller <dheitmueller@netilla.com> * - * $Id: packet-ntlmssp.c,v 1.30 2002/11/08 06:02:18 guy Exp $ + * $Id: packet-ntlmssp.c,v 1.31 2002/11/10 09:38:22 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -156,6 +156,8 @@ static int hf_ntlmssp_address_list_server_nb = -1; static int hf_ntlmssp_address_list_domain_nb = -1; static int hf_ntlmssp_address_list_server_dns = -1; static int hf_ntlmssp_address_list_domain_dns = -1; +static int hf_ntlmssp_verf_vers = -1; +static int hf_ntlmssp_verf_body = -1; static gint ett_ntlmssp = -1; static gint ett_ntlmssp_negotiate_flags = -1; @@ -765,6 +767,55 @@ dissect_ntlmssp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } ENDTRY; } +/* + * See page 45 of "DCE/RPC over SMB" by Luke Kenneth Casson Leighton. + */ +static void +dissect_ntlmssp_verf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + volatile int offset = 0; + proto_tree *volatile ntlmssp_tree = NULL; + proto_item *tf = NULL; + + /* Setup a new tree for the NTLMSSP payload */ + if (tree) { + tf = proto_tree_add_item (tree, + hf_ntlmssp, + tvb, offset, -1, FALSE); + + ntlmssp_tree = proto_item_add_subtree (tf, + ett_ntlmssp); + } + + /* + * Catch the ReportedBoundsError exception; the stuff we've been + * handed doesn't necessarily run to the end of the packet, it's + * an item inside a packet, so if it happens to be malformed (or + * we, or a dissector we call, has a bug), so that an exception + * is thrown, we want to report the error, but return and let + * our caller dissect the rest of the packet. + * + * If it gets a BoundsError, we can stop, as there's nothing more + * in the packet after our blob to see, so we just re-throw the + * exception. + */ + TRY { + /* Version number */ + proto_tree_add_item (ntlmssp_tree, hf_ntlmssp_verf_vers, + tvb, offset, 4, TRUE); + offset += 4; + + /* Encrypted body */ + proto_tree_add_item (ntlmssp_tree, hf_ntlmssp_verf_body, + tvb, offset, 12, TRUE); + offset += 12; + } CATCH(BoundsError) { + RETHROW; + } CATCH(ReportedBoundsError) { + show_reported_bounds_error(tvb, pinfo, tree); + } ENDTRY; +} + static void ntlmssp_init_protocol(void) { @@ -917,7 +968,12 @@ proto_register_ntlmssp(void) { &hf_ntlmssp_address_list_server_dns, { "Server DNS Name", "ntlmssp.challenge.addresslist.serverdns", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_ntlmssp_address_list_domain_dns, - { "Domain DNS Name", "ntlmssp.challenge.addresslist.domaindns", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }} + { "Domain DNS Name", "ntlmssp.challenge.addresslist.domaindns", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, + + { &hf_ntlmssp_verf_vers, + { "Version Number", "ntlmssp.verf.vers", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_ntlmssp_verf_body, + { "Verifier Body", "ntlmssp.verf.body", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }} }; @@ -940,6 +996,7 @@ proto_register_ntlmssp(void) register_init_routine(&ntlmssp_init_protocol); register_dissector("ntlmssp", dissect_ntlmssp, proto_ntlmssp); + register_dissector("ntlmssp_verf", dissect_ntlmssp_verf, proto_ntlmssp); } void |