Age | Commit message (Collapse) | Author | Files | Lines |
|
of the callers passed -1 for this parameter anyway.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10919 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9735 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
A much better place to do this is after the subdissector function has
been called in dcercp_try_handoff().
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7895 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7787 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
if the caller wants something else instead of "smb.sid"
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7707 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
which if !=-1 is a hf field for the sid to use instead of the default smb.sid one.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7706 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
declare it in "packet-dcerpc-nt.h", as it's used both by the srvsvc and
wkssvc dissectors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7672 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
to call when dissecting the array data.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7656 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Rename cb_str_postprocess which handles unicode strings to cb_wstr_postprocess.
Add cb_str_postprocess which handles ASCII strings
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7572 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
adds 2 levels to the tree. Fix calls to it not to add 1 for that level.
The NT and LM challenges in a NETWORK_INFO structure are opaque arrays
of bytes, not Unicode strings; dissect them as such, adding a new
routine "dissect_ndr_counted_byte_array()" for that purpose.
Get rid of some extra colons in names - the colon is put there if a
string is appended, so putting a colon in there explicitly gives double
colons.
Decorate some higher-level tree nodes with strings.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7107 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Rename "dissect_ndr_element_array()" to "dissect_ndr_character_array()",
move it out of "packet-dcerpc-nt.c" to "packet-dcerpc.c", and have it
use the standard DCE RPC array max count/offset/count fields rather than
their own private versions of those fields. Give it an option to create
a subtree, and an argument to specify the field to use for the actual
data buffer, and export it.
Move the routines for handling arrays of "char" and "wchar" as strings
out of "packet-dcerpc-nt.c" to "packet-dcerpc.c".
Add a routine to handle an array of "char" as an opaque blob of bytes.
Use "dissect_ndr_character_array()" to dissect character strings in MAPI
(the strings in question are ASCII, not Unicode), and use the routine to
handle an array of "char" as an opaque blob of bytes to dissect
encrypted data (again, it's bytes, not 16-bit quantities). Show them as
encrypted data, not unknown data.
Use "dissect_ndr_character_array()" to dissect a form name in
"dissect_form_name()" in the SPOOLSS dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7091 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Give dissect_nt_sec_desc() and dissect_nt_access_mask() a specific rights
function parameter for dissecting specific access rights.
Fix callers in packet-smb.c to use the new interface.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7086 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
functions with something a little less confusing.
We now have two sets of functions to dissect strings:
- dissect_ndr_wchar_array() which dissects NDR arrays of wide characters
(uint32, uint32, uint32, buffer)
- dissect_ndr_counted_string() which dissects a "counted string"
(uint16, uint16, pointer to array of wchar)
There are three contexts for dissecting counted strings:
1. "in-line" using dissect_ndr_counted_string()
2. as a callback to dissect_ndr_pointer()
3. as a callback to dissect_ndr_pointer_cb()
Context 2 is used when you have a pointer to a counted string.
Context 3 is when you wish to perform some special processing with the
returned string.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7068 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
items N levels up from the item being processed, and use that to
decorate the tree as it was decorated before.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7043 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
be used to help out in most DCERPC strings. The cb_str_postprocess()
function reads the callback_args and either appends the value of the
string to the COL_INFO field, appends it to the NDR pointer item, or
saves the string to dcv->private_data. Calling cb_str_postprocess()
with CB_STR_ITEM is the same as calling dissect_ndr_pointer() with
levels = 0.
Renamed some of the pointer dissection functions with a suffix of _cb
and created helpers of the original which call the _cb function with
NULL args. This should help minimise the amount of code changes in
the bulk of the DCERPC dissectors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7016 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
of the DCERPC dissector instead of creating a dummy protocol to hang
the ett and hf values off.
Make the open and close frame values in NT policy handles FT_FRAMENUM's
so the "Go to Corresponding Frame" menu item can be used on them.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6995 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6900 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
have taken their places.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6723 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"dissect_ndr_uint16s()"; "dissect_ndr_uint16s()" is always passed a null
pointer, "dissect_dcerpc_uint16s()" is only called by
"dissect_ndr_uint16s()", and the pointer returned through "pdata" is
*NOT* guaranteed to be aligned on a 16-bit boundary so we don't want to
tempt people to blithely dereference that pointer.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6699 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
pointers.
The first argument to "sscanf()" is a "const char *"; don't cast const
pointers to "char *" when passing them to "sscanf()".
Assign the result of "tvb_get_ptr()" to const pointers, not non-const
pointers.
Make the "pdata" argument to various DCE routines a const pointer.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6688 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6117 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
- combine proto_tree_add_text() and proto_tree_append_text() calls in the
access mask dissector
- make the specific access bits dissector functions return void instead of
an offset
I think Samba has the create user reply wrong. There is perhaps a uint32
marked as unknown that shouldn't be there. Removing this parses all the
captures I have.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6057 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
generic, standard and specific mode bits. A protocol dissector can pass in
it's own function for dissecting the specific mode bits, if known.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6053 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
into two - one that stores request/reply frame numbers and another
that associates a text name with a policy handle.
Removed all calls to prs_policy_hnd() and converted to calls to
dissect_nt_policy_hnd().
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5772 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
when we do the conformance run.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5682 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
of uint16 values.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5624 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
add arguments to specify whether the policy handle is being
opened or closed, and don't set the "open frame" for the handle
unless it's being opened and don't set the "close frame" for the
handle unless it's being closed;
store the policy handle before fetching it, so that an open or
close is marked appropriately in the protocol tree on the first
pass;
if the policy handle has a name associated with it, put that
name into the top-level item for the policy handle.
In "packet-dcerpc-spoolss.c":
get rid of aun unused variable;
make "setjob_commands[]" static, as it's not used outside
"packet-dcerpc-spoolss.c";
put a "VALS()" call around the reference to "setjob_commands",
to squelch compiler warnings;
give the SPOOLSS return code field the appropriate
"value_string" array.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5448 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
(also registry and srvsvc?) pipe dissectors.
Also added some helper routines for decoding a range of uint8s. These map
nicely to the dissect_{dcerpc,ndr}_foo() format with the addition of a
length parameter, but aren't really part of the NDR specification and are
probably only going to be used in the NT dcerpc dissectors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5421 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
frame number arguments, and elements in data structures, unsigned,
display them with "%u" rather than "%d", and use 0, rather than -1, as
"not known".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5223 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"packet-dcerpc-nt.c", and registers "dcerpc_smb_init()" as an
initialization routine. Take the ett_ registration out of the latter
routine, and also take out the "do this only once" stuff.
Get rid of the initialization routines for netlogon, samr, and spoolss;
they just call "dcerpc_smb_init()", which is now an initialization
routine of its own.
The policy hash initialization should be done before every capture, so
it should be done in an initialization routine, and should not do any
"do this only once" stuff. It should also be called only once before
every capture, rather than 3 times.
The ett_ initialization should, however, be done at the same time all
other ett_ initialization is done - at protocol registration time - so
it should be done in a "proto_register_" routine.
This fixes a bug I saw wherein
1) the tree for Unicode strings was open by default
and
2) if you closed one and then exited, Ethereal would crash.
The problem is that "proto_register_subtree_array()" doesn't expand the
array, it just bumps the number of registered ett_ values; the array is
allocated in "proto_init()". As such, if you register ett_ values with
"proto_register_subtree_array()" *after* "proto_init()" is called - and,
even for the first capture, initialization routines are called after
"proto_init()" is called - you will get ett_ numbers that go past the
number of elements in the array.
Move the declaration of "ett_nt_unicode_string" to "packet-dcerpc-nt.h",
as it's exported from "packet-dcerpc-nt.c".
Get rid of the declaration of "dcerpc_smb_init()" in
"packet-dcerpc-nt.h", and make it static, as it's no longer called from
outside "packet-dcerpc-nt.c".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5196 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
function.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5187 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Also export dissect-nt-GUID() from netlogon since this structure is common to
other interfaces as well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5181 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Start to move some common stuff into packet-dcerpc-nt.[ch]
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5176 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5170 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
and storage of private data.
Fix memory leaks in form dissectors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5020 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
- rewrote request/response hashing code and moved it into
packet-dcerpc-nt.c for use by other dcerpc/smb dissectors
- rewrote policy handle hashing code as above, with nifty improvements
- moved check for unparsed data and end of frame into a function
- fixed matching of printername to handle in addprinterex
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5014 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
neatly aligned on a 2-byte or a 4-byte boundary, and there is no
guarantee that a misaligned pointer can be dereferenced without getting
a fault.
Furthermore, there is no guarantee that, even if you *can* dereference a
pointer to a 2-byte or 4-byte quantity in a packet, the resulting number
you get back is in the right byte order; the data in the packet might
have a different byte order from the machine on which you're running.
Therefore, we change "prs_uint8s()", "prs_uint16s()", and
"prs_uint32s()" to return the starting offset, in the tvbuff, of the
collection of 8-bit, 16-bit, or 32-bit integral values, rather than a
pointer to the raw packet data, and change their callers to fetch the
data using "tvb_get_guint8()", "tvb_get_letohs()", and
"tvb_get_letohl()" (the stuff in all the NT protocols is presumed to be
little-endian here). We also change "fake_unicode()" to take a tvbuff
and an offset, rather than a data pointer, as arguments, and to use
"tvb_get_letohs()" to fetch the Unicode characters (again, we assume
little-endian Unicode).
This requires "fake_unicode()" to establish a cleanup handler, so we
don't leak memory if it throws an exception.
We also make "fake_unicode()" use "g_malloc()" to allocate its buffer
(we weren't checking for allocation failures in any case; with
"g_malloc()", we'll abort on an allocation failure - if we can come up
with a cleverer way of handling them, fine), and the matching frees to
use "g_free()". (We also insert some missing frees....)
Fix some formats to print unsigned quantities with "%u", not "%d".
Don't append text to items in the tree for non-string values in
"dissect_ndr_nt_STRING_string()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4986 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
packet-smb.c so that packet-smb-pipe.c can reference this struct as well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4947 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
at www.unicode.org and made samr and netlogon use it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4943 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Exported some functions from packet-dcerpc-samr.c and added two
more functions the netlogon dissector will need.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4921 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
to make it more similar to the UNICODE_STRING dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4920 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
export it to other modules.
NETLOGON dissector (and others) will need this function.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4919 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
since this function will be used by other NT services as well such as NETLOGON.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4918 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"dissect_ndr_nt_UNICODE_STRING_string()", in
"samr_dissect_connect2_server()"; that eliminates an unnecessary extra
level of protocol tree.
That removes the last call to "dissect_ndr_nt_UNICODE_STRING_string()";
eliminate that routine.
In "dissect_ndr_nt_UNICODE_STRING()", initially create the subtree with
the name of the field as a string, so that if an exception is thrown
before the name is set, the subtree won't show up as blank when
displayed or printed. Also pass in the name to "dissect_ndr_pointer()",
so the same happens for subtrees below it. Append only the string data,
not its name, to items up the tree, as the name was put in when the item
was created. Also, when adding a colon before the string, put a space
after the colon, as is done elsewhere in Ethereal.
When appending additional strings, put the blank before the new string,
not after it.
In "dissect_ndr_nt_STRING()", put the subtree into the string with the
name of the field, rather than just "String". Pass in that name to
"dissect_ndr_pointer()", so subtrees below it get a name when they're
initially created.
Get rid of colons in the name string passed to "dissect_ndr_pointer()"
in some calls. Supply a non-null name string in more calls to
"dissect_ndr_pointer()", and fix some calls to pass in the name of the
field being handed to "dissect_ndr_pointer()".
There's no need to fetch the entire "header_field_info" structure for a
protocol field in order to get the field's name - just use
"proto_registrar_get_name()" to get the name.
Use a length of -1, not 0, when creating a subtree whose length will be
set when the dissection of the items under the subtree is complete; that
way, if an exception is thrown while dissecting the items - which means
the item goes past the end of the tvbuff - the item will refer to all
data to the end of the tvbuff, rather than referring to nothing.
Fix a typo in the name of the "hf_samr_unknown_string" field.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4912 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
bitmap and make the function not static.
This bitmap is present in other RPC protocols for NT services as well
besides SAMR.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4889 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
packet-dcerpc-nt.c since this is a structure that is common to all NT services and not only SAMR.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4888 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4618 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
NDR pointer handling in DCE RPC
SAMR updates
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4608 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
DOS error codes to the table of them, and exporting that table to other
dissectors for protocols using DOS error codes.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4470 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4407 f5534014-38df-0310-8fa8-9805f1628bb7
|