Age | Commit message (Collapse) | Author | Files | Lines |
|
so that even if the stub data is bad, we still dissect and show the
verifier.
svn path=/trunk/; revision=7092
|
|
Rename "dissect_ndr_element_array()" to "dissect_ndr_character_array()",
move it out of "packet-dcerpc-nt.c" to "packet-dcerpc.c", and have it
use the standard DCE RPC array max count/offset/count fields rather than
their own private versions of those fields. Give it an option to create
a subtree, and an argument to specify the field to use for the actual
data buffer, and export it.
Move the routines for handling arrays of "char" and "wchar" as strings
out of "packet-dcerpc-nt.c" to "packet-dcerpc.c".
Add a routine to handle an array of "char" as an opaque blob of bytes.
Use "dissect_ndr_character_array()" to dissect character strings in MAPI
(the strings in question are ASCII, not Unicode), and use the routine to
handle an array of "char" as an opaque blob of bytes to dissect
encrypted data (again, it's bytes, not 16-bit quantities). Show them as
encrypted data, not unknown data.
Use "dissect_ndr_character_array()" to dissect a form name in
"dissect_form_name()" in the SPOOLSS dissector.
svn path=/trunk/; revision=7091
|
|
"USER_INFO_21" and in "LOOKUP_NAMES".
svn path=/trunk/; revision=7090
|
|
POLICY_ACCOUNT_DOMAIN_INFO and the domain in TRUSTED_DOMAIN with the
string.
svn path=/trunk/; revision=7089
|
|
"LSA_TRUST_INFORMATION" with the account name.
svn path=/trunk/; revision=7088
|
|
Dissection of security descriptors in SPOOLSS RPC calls now display
the correct meaning of the specific access mask bits.
svn path=/trunk/; revision=7087
|
|
Give dissect_nt_sec_desc() and dissect_nt_access_mask() a specific rights
function parameter for dissecting specific access rights.
Fix callers in packet-smb.c to use the new interface.
svn path=/trunk/; revision=7086
|
|
svn path=/trunk/; revision=7085
|
|
svn path=/trunk/; revision=7084
|
|
and in file attributes means "this is a subdirectory"; don't mix the
two.
The 1-byte and 2-byte search attributes appear to have the same bit
definitions (except, obviously, for those that are in the topmost byte).
svn path=/trunk/; revision=7083
|
|
- remove incorrect and unused definition
of tapping_is_active
svn path=/trunk/; revision=7082
|
|
the ones not specified as such when used), so declare them as such
rather than specifying them as such when used.
The SearchSequenceWord also appears to be big-endian.
Note that we're not cracking the bits of a DirectoryAttributes field.
The "Subdirectory" bit in search attributes is really "Subdirectories
Only", as in "just show me subdirectories".
Note some confusion about whether the bit numbers on the Novell Web site
for search attributes are bit numbers or bit flags.
Note that we appear to have gotten back attributes for a file rather
than a directory in at least one search that had "Subdirectories Only"
set - unless the problem is that the numbers in the Novell spec are bit
numbers rather than bit flags.
Update some items that claimed to have a 2-byte search attributes field
to have a 1-byte search attributes field instead, to match the spec on
the Novell site (of course, the spec could be wrong...).
svn path=/trunk/; revision=7081
|
|
svn path=/trunk/; revision=7080
|
|
svn path=/trunk/; revision=7079
|
|
Set item len for devicemode dissector.
Fixed dissection of relative strings so that the actual value of
the string is assigned to the hf item instead of the empty string.
Dissect JOB_INFO_2 structure.
svn path=/trunk/; revision=7078
|
|
structures; make it so (which makes it big-endian on other structures as
well).
The same appears to be true of the UpdateID.
There doesn't appear to be a reserved word between the
SearchSequenceWord and DirectoryID fields of a DirectoryInstance or a
FileInstance.
The dates and times in a DirectoryInstance or a FileInstance appear to
be big-endian; note that we need to add the ability to make those
instances big-endian but leave others little-endian.
Note that there's a sequence of NameSpaceNames and a sequence of
DataStreamNames in the reply to a Get Name Space Operation request.
A Login Object request has a 2-byte object type followed by a
ClientName, just a UserName. The same applies to a Get Object
Connection List request.
Note that the DirectoryInstance or FileInstance in a File Search
Continue reply appears to be garbage if the reply doesn't succeed with
"OK".
svn path=/trunk/; revision=7077
|
|
Put in URLs for the RMI and serialization protocols.
Move value_string arrays, and declarations of static routines, out of
the header file into the .c file.
For integral values with associated value_string tables, just put them
into the protocol trees as integral values and associate the
value_string table with the field.
Use "proto_tree_add_item()" whenever possible.
Use the #define for "JRMI" rather than hardcoding it.
svn path=/trunk/; revision=7076
|
|
it's done better in the dcerpc dissector.
svn path=/trunk/; revision=7075
|
|
svn path=/trunk/; revision=7074
|
|
Display something useful in COL_INFO when dissecting REG_BINARY
printerdata.
Display the value needed field in value subtree.
svn path=/trunk/; revision=7073
|
|
(non inactive subset). So there are now two different
lists : "cotp" and the legacy "cotp_is". Cotp_is is
currently only used by H1 dissector. "cotp" will be
used at least by some (possibly unpublished) plugins.
svn path=/trunk/; revision=7072
|
|
svn path=/trunk/; revision=7071
|
|
Display server name in COL_INFO for OpenPolicy2 request.
svn path=/trunk/; revision=7070
|
|
cosmetic bugs to work out though.
svn path=/trunk/; revision=7069
|
|
functions with something a little less confusing.
We now have two sets of functions to dissect strings:
- dissect_ndr_wchar_array() which dissects NDR arrays of wide characters
(uint32, uint32, uint32, buffer)
- dissect_ndr_counted_string() which dissects a "counted string"
(uint16, uint16, pointer to array of wchar)
There are three contexts for dissecting counted strings:
1. "in-line" using dissect_ndr_counted_string()
2. as a callback to dissect_ndr_pointer()
3. as a callback to dissect_ndr_pointer_cb()
Context 2 is used when you have a pointer to a counted string.
Context 3 is when you wish to perform some special processing with the
returned string.
svn path=/trunk/; revision=7068
|
|
"samr_dissect_pointer_UNICODE_STRING()".
Put in a comment asking why that routine exists.
svn path=/trunk/; revision=7067
|
|
svn path=/trunk/; revision=7066
|
|
svn path=/trunk/; revision=7065
|
|
being put in for sets).
svn path=/trunk/; revision=7064
|
|
svn path=/trunk/; revision=7063
|
|
svn path=/trunk/; revision=7062
|
|
"dissect_ndr_nt_UNICODE_STRING_cb()" to "offset".
svn path=/trunk/; revision=7061
|
|
Note that the whole hack for dealing with Linux bogosities should
perhaps have an option to turn it off, as sometimes it detects
bogosities that aren't there.
svn path=/trunk/; revision=7060
|
|
Put in a note about one capture I've seen.
svn path=/trunk/; revision=7059
|
|
rather than a character string, don't decorate anything above that item
in the tree with the "string".
svn path=/trunk/; revision=7058
|
|
colon after "Share:".
svn path=/trunk/; revision=7057
|
|
svn path=/trunk/; revision=7056
|
|
name.
Made OpenGroup and CreateGroup handle names contain appropriate RID values.
Added some more COL_INFO bits & pieces (info levels etc).
svn path=/trunk/; revision=7055
|
|
Fix all callers to use the new function form.
svn path=/trunk/; revision=7054
|
|
to be using it for stuff that should be hex, and for stuff that should
be Boolean. Use BASE_DEC if it should be decimal, BASE_HEX if it should
be hex, and make it Boolean if it should be Boolean.
svn path=/trunk/; revision=7053
|
|
that have direction information.
Support writing WTAP_ENCAP_FRELAY_WITH_PHDR and WTAP_ENCAP_PPP_WITH_PHDR
captures out in libpcap format - we throw away the direction
information, but so it goes.
When reading/writing Windows Sniffer format, read and write the
direction flag.
svn path=/trunk/; revision=7052
|
|
Fixed double free bug in GetPrinterData occuring when applying a filter.
Cleaned up same bit of code in OpenPrinterEx.
svn path=/trunk/; revision=7051
|
|
svn path=/trunk/; revision=7050
|
|
byte or 4 bytes.
svn path=/trunk/; revision=7049
|
|
svn path=/trunk/; revision=7048
|
|
svn path=/trunk/; revision=7047
|
|
note that it really should be dissected like other FTP-flavored
protocols. (Or is that "SMTP-flavored"? Which was the first Internet
protocol to have that "command/response-with-3-digit-error-code" form?)
svn path=/trunk/; revision=7046
|
|
svn path=/trunk/; revision=7045
|
|
configure option is given on the command line. The value of the arguement
is passwd in the enableval variable. The 4th argument tells what to do in
case no command line argument was given.
This causes --disable-gtk2 (which is the default) to behave differently
from the case when no option is given.
I do not really understand where the difference in the behaviour of the
generated codes comes from, but I definitely see a difference.
Fixed all occurrences where the 3rd arguement was empty.
svn path=/trunk/; revision=7044
|
|
items N levels up from the item being processed, and use that to
decorate the tree as it was decorated before.
svn path=/trunk/; revision=7043
|