From Devin Heitmueller: dissect NTLMSSP authentication messages, and handle

the flags field in NTLMSSP messages as a 32-bit field. Make "get_unicode_or_ascii_string()" take a "Unicode or not" flag rather than a "packet_info *" as an argument, make it not static, and move it to "packet-smb-common.c", so that it can be used by the SMB dissector and the NTLMSSP dissector. Also get rid of some _U_'s that are applied to arguments that are, in fact, used. svn path=/trunk/; revision=5976
author: Guy Harris <guy@alum.mit.edu> 2002-08-10 21:15:37 +0000
committer: Guy Harris <guy@alum.mit.edu> 2002-08-10 21:15:37 +0000
commit: 2cfb231081ebc74b6812a346ee32cfafb1a5ca9a (patch)
tree: bf42878d925ca8d64680332c93677496722f03a2 /packet-smb-common.c
parent: ab5e55b841bf2a22b14b0085b23b942906375be1 (diff)
1 files changed, 146 insertions, 1 deletions
diff --git a/packet-smb-common.c b/packet-smb-common.c
index 6d78b9fc9d..d76cfbfdc7 100644
--- a/packet-smb-common.c
+++ b/packet-smb-common.c
@@ -2,7 +2,7 @@
  * Common routines for smb packet dissection
  * Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com>
  *
- * $Id: packet-smb-common.c,v 1.12 2002/06/16 00:39:30 guy Exp $
+ * $Id: packet-smb-common.c,v 1.13 2002/08/10 21:15:37 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -127,6 +127,151 @@ int display_unicode_string(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_i
 	return 	offset+len;
 }
 
+/* Max string length for displaying Unicode strings.  */
+#define	MAX_UNICODE_STR_LEN	256
+
+/* Turn a little-endian Unicode '\0'-terminated string into a string we
+   can display.
+   XXX - for now, we just handle the ISO 8859-1 characters.
+   If exactlen==TRUE then us_lenp contains the exact len of the string in
+   bytes. It might not be null terminated !
+   bc specifies the number of bytes in the byte parameters; Windows 2000,
+   at least, appears, in some cases, to put only 1 byte of 0 at the end
+   of a Unicode string if the byte count
+*/
+static gchar *
+unicode_to_str(tvbuff_t *tvb, int offset, int *us_lenp, gboolean exactlen,
+		   guint16 bc)
+{
+  static gchar  str[3][MAX_UNICODE_STR_LEN+3+1];
+  static gchar *cur;
+  gchar        *p;
+  guint16       uchar;
+  int           len;
+  int           us_len;
+  int           overflow = 0;
+
+  if (cur == &str[0][0]) {
+    cur = &str[1][0];
+  } else if (cur == &str[1][0]) {  
+    cur = &str[2][0];
+  } else {  
+    cur = &str[0][0];
+  }
+  p = cur;
+  len = MAX_UNICODE_STR_LEN;
+  us_len = 0;
+  for (;;) {
+    if (bc == 0)
+      break;
+    if (bc == 1) {
+      /* XXX - explain this */
+      if (!exactlen)
+        us_len += 1;	/* this is a one-byte null terminator */
+      break;
+    }
+    uchar = tvb_get_letohs(tvb, offset);
+    if (uchar == 0) {
+      us_len += 2;	/* this is a two-byte null terminator */
+      break;
+    }
+    if (len > 0) {
+      if ((uchar & 0xFF00) == 0)
+        *p++ = uchar;	/* ISO 8859-1 */
+      else
+        *p++ = '?';	/* not 8859-1 */
+      len--;
+    } else
+      overflow = 1;
+    offset += 2;
+    bc -= 2;
+    us_len += 2;
+    if(exactlen){
+      if(us_len>= *us_lenp){
+        break;
+      }
+    }
+  }
+  if (overflow) {
+    /* Note that we're not showing the full string.  */
+    *p++ = '.';
+    *p++ = '.';
+    *p++ = '.';
+  }
+  *p = '\0';
+  *us_lenp = us_len;
+  return cur;
+}
+
+/* nopad == TRUE : Do not add any padding before this string
+ * exactlen == TRUE : len contains the exact len of the string in bytes.
+ * bc: pointer to variable with amount of data left in the byte parameters
+ *   region
+ */
+const gchar *
+get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp,
+    gboolean useunicode, int *len, gboolean nopad, gboolean exactlen,
+    guint16 *bcp)
+{
+  static gchar  str[3][MAX_UNICODE_STR_LEN+3+1];
+  static gchar *cur;
+  const gchar *string;
+  int string_len;
+  unsigned int copylen;
+
+  if (*bcp == 0) {
+    /* Not enough data in buffer */
+    return NULL;
+  }
+  if (useunicode) {
+    if ((!nopad) && (*offsetp % 2)) {
+      /*
+       * XXX - this should be an offset relative to the beginning of the SMB,
+       * not an offset relative to the beginning of the frame; if the stuff
+       * before the SMB has an odd number of bytes, an offset relative to
+       * the beginning of the frame will give the wrong answer.
+       */
+      (*offsetp)++;   /* Looks like a pad byte there sometimes */
+      (*bcp)--;
+      if (*bcp == 0) {
+        /* Not enough data in buffer */
+        return NULL;
+      }
+    }
+    if(exactlen){
+      string_len = *len;
+    }
+    string = unicode_to_str(tvb, *offsetp, &string_len, exactlen, *bcp);
+  } else {
+    if(exactlen){
+      /*
+       * The string we return must be null-terminated.
+       */
+      if (cur == &str[0][0]) {
+        cur = &str[1][0];
+      } else if (cur == &str[1][0]) {  
+        cur = &str[2][0];
+      } else {  
+        cur = &str[0][0];
+      }
+      copylen = *len;
+      if (copylen > MAX_UNICODE_STR_LEN)
+        copylen = MAX_UNICODE_STR_LEN;
+      tvb_memcpy(tvb, (guint8 *)cur, *offsetp, copylen);
+      cur[copylen] = '\0';
+      if (copylen > MAX_UNICODE_STR_LEN)
+        strcat(cur, "...");
+      string_len = *len;
+      string = cur;
+    } else {
+      string_len = tvb_strsize(tvb, *offsetp);
+      string = tvb_get_ptr(tvb, *offsetp, string_len);
+    }
+  }
+  *len = string_len;
+  return string;
+}
+
 int
 dissect_smb_unknown(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset)
 {
author	Guy Harris <guy@alum.mit.edu>	2002-08-10 21:15:37 +0000
committer	Guy Harris <guy@alum.mit.edu>	2002-08-10 21:15:37 +0000
commit	2cfb231081ebc74b6812a346ee32cfafb1a5ca9a (patch)
tree	bf42878d925ca8d64680332c93677496722f03a2 /packet-smb-common.c
parent	ab5e55b841bf2a22b14b0085b23b942906375be1 (diff)