Age | Commit message (Collapse) | Author | Files | Lines |
|
somewhat. Now the dynamic initialisation of the value_string is contained
in the value_string_from_subdissectors() function instead of being
distributed amongst the dcerpc dissectors.
svn path=/trunk/; revision=8123
|
|
data when decrypting it, as, at least for NTLMSSP encryption, the stub
*and* the authentication padding are encrypted as a single lump.
svn path=/trunk/; revision=8058
|
|
dissected like those on Binds; the same is true for their corresponding
acks.
svn path=/trunk/; revision=8043
|
|
svn path=/trunk/; revision=8027
|
|
to the dissector that handles the particular authentication flavour. This
gets rid of a couple of ugly switch statements and allows other authentication
modules to be written easily.
svn path=/trunk/; revision=8026
|
|
list rather than duplicating this information in the dissector. Some
of the opnum strings were starting to get out of date as developers
forgot to update the information in both places.
svn path=/trunk/; revision=7936
|
|
problem).
svn path=/trunk/; revision=7901
|
|
fuzz-generated packet that made it all the way to proto_registrar_get_name()
without hf_index being initialized.
svn path=/trunk/; revision=7899
|
|
A much better place to do this is after the subdissector function has
been called in dcercp_try_handoff().
svn path=/trunk/; revision=7895
|
|
tvb_get_string() - takes a tvbuff, an offset, and a length as
arguments, allocates a buffer big enough to hold a string with
the specified number of bytes plus an added null terminator
(i.e., length+1), copies the specified number of bytes from the
tvbuff, at the specified offset, to that buffer and puts in a
null terminator, and returns a pointer to that buffer (or throws
an exception before allocating the buffer if that many bytes
aren't available in the tvbuff);
tvb_get_stringz() - takes a tvbuff, an offset, and a pointer to
a "gint" as arguments, gets the size of the null-terminated
string starting at the specified offset in the tvbuff (throwing
an exception if the null terminator isn't found), allocates a
buffer big enough to hold that string, copies the string to that
buffer, and returns a pointer to that buffer and stores the
length of the string (including the terminating null) in the
variable pointed to by the "gint" pointer.
Replace many pieces of code allocating a buffer and copying a string
with calls to "tvb_get_string()" (for one thing, "tvb_get_string()"
doesn't require you to remember that the argument to
"tvb_get_nstringz0()" is the size of the buffer into which you're
copying the string, which might be the length of the string to be copied
*plus 1*).
Don't use fixed-length buffers for null-terminated strings (even if the
code that generates those packets has a #define to limit the length of
the string). Use "tvb_get_stringz()", instead.
In some cases where a value is fetched but is only used to pass an
argument to a "proto_tree_add_XXX" routine, use "proto_tree_add_item()"
instead.
svn path=/trunk/; revision=7859
|
|
throwing an exception, if the bytes to be compared aren't available in
the tvbuff, we don't need to check for their existence before calling
those routines.
svn path=/trunk/; revision=7826
|
|
multiple NetBIOS-over-TCP session service messages in a TCP segment, and
they can contain the final portions of different DCERPC calls. Don't
assume a frame number is sufficient to identify DCE RPC calls.
svn path=/trunk/; revision=7777
|
|
"Fragment data (N bytes)" if we aren't dissecting it.
svn path=/trunk/; revision=7751
|
|
svn path=/trunk/; revision=7744
|
|
svn path=/trunk/; revision=7721
|
|
packet-dcerpc-netlogon.c
svn path=/trunk/; revision=7670
|
|
Also, recommit a change lost in the hardware failure which was to note the
type of a DCE/RPC fragment when noting it in COL_INFO. A fragment can be
either a first, middle, last or whole (first+last) fragment.
svn path=/trunk/; revision=7666
|
|
This contains an initial break-out of the verifier for secure-channel and
maybe more ...
svn path=/trunk/; revision=7665
|
|
cover all the parts of the item, rather than just making it be 0.
svn path=/trunk/; revision=7661
|
|
*before* attempting to allocate a buffer for a string, if the copy into
the buffer will thrown an exception; that prevents us from
1) leaking memory if we can allocate the buffer (we'd throw an
exception before we freed the buffer);
2) crashing if we can't allocate the buffer because the length
is bogus and large.
svn path=/trunk/; revision=7658
|
|
encrypted if appropriate; this change adds a "show_stub_data()" to
handle that, and that routine also cleans up the stub data display a bit
in some other ways.
svn path=/trunk/; revision=7654
|
|
null) to the "fragment_items" structure, and don't pass that value into
"process_reassembled_data()", just have it use the value in the
"fragment_items" structure passed to it.
Make "process_reassembled_data()" capable of handling reassembly done by
"fragment_add_seq_check()", and use it in the ATP and 802.11 dissectors;
give them "reassembled_in" fields. Make "process_reassembled_data()"
handle only the case of a completed reassembly (fd_head != NULL) so that
we can use it in those dissectors without gunking the code up too much.
svn path=/trunk/; revision=7513
|
|
fragmented.
"PFC_NOT_FRAGMENTED()" is checked early in "dissect_dcerpc_cn_stub()";
there's no need to check it again in either of the code paths after
that, as we know it's true in the first code path and false in the second.
svn path=/trunk/; revision=7460
|
|
Fixed this and rewrote the fragment reassembly routine to make it
cleaner and hopefully easier to read.
svn path=/trunk/; revision=7453
|
|
svn path=/trunk/; revision=7383
|
|
has passed to it and not the generic dcerpc_character_buffer.
we need this to be able to filter for various dcerpc related strings such as lsa.domain
svn path=/trunk/; revision=7356
|
|
Modified a patch originally contained in the SuSE distro
to do the conversions via glib macros.
svn path=/trunk/; revision=7330
|
|
when doing reassembly.
In some additional places, use "tvb_bytes_exist()" to check whether we
have enough data to do reassembly, rather than checking to see if the
frame is short (it might be short but we might still have enough data to
do reassembly).
In DCE RPC, use the fragment length from the header as the number of
bytes of fragment data.
There's no need to check "pinfo->fragmented" before doing reassembly in
the DCERPC-over-SMB-pipes code - either we have all the data or we
don't.
In SNA and WTP reassembly, add a check to make sure we have all the data
to be reassembled.
svn path=/trunk/; revision=7282
|
|
give it a byte-order argument, and move it to "epan/tvbuff.c".
Use it to handle UCS-2 strings in version 1 of the Service Location
Protocol. In SRVLOC V1, use registered fields that are already there
for SRVLOC V2, and add some as needed. Fix some field names.
svn path=/trunk/; revision=7186
|
|
gunk stuck in there to make NTLMSSP happy (perhaps the encrypted body
length has to be a multiple of 16 bytes or something such as that for
the encryption to work).
No packet in any capture I have appears to be misdissected if you get
rid of the mod 4 stuff, so I'm removing it.
svn path=/trunk/; revision=7181
|
|
string, use the "fake Unicode" value for it.
svn path=/trunk/; revision=7119
|
|
svn path=/trunk/; revision=7114
|
|
the number of guint16's to convert from unicode.
Allow dissect_ndr_cvstring to return a malloced copy of the string.
svn path=/trunk/; revision=7108
|
|
svn path=/trunk/; revision=7097
|
|
"dissect_ndr_char_cvstring()" and "dissect_ndr_wchar_cvstring()", to
indicate that they're for conformant varying strings.
Rename "dissect_ndr_character_array()" to "dissect_ndr_cvstring()", to
indicate that it's for conformant varying strings.
svn path=/trunk/; revision=7096
|
|
"dissect_ndr_char_string" and "dissect_ndr_wchar_string", to make it
clearer what it does.
svn path=/trunk/; revision=7095
|
|
so that even if the stub data is bad, we still dissect and show the
verifier.
svn path=/trunk/; revision=7092
|
|
Rename "dissect_ndr_element_array()" to "dissect_ndr_character_array()",
move it out of "packet-dcerpc-nt.c" to "packet-dcerpc.c", and have it
use the standard DCE RPC array max count/offset/count fields rather than
their own private versions of those fields. Give it an option to create
a subtree, and an argument to specify the field to use for the actual
data buffer, and export it.
Move the routines for handling arrays of "char" and "wchar" as strings
out of "packet-dcerpc-nt.c" to "packet-dcerpc.c".
Add a routine to handle an array of "char" as an opaque blob of bytes.
Use "dissect_ndr_character_array()" to dissect character strings in MAPI
(the strings in question are ASCII, not Unicode), and use the routine to
handle an array of "char" as an opaque blob of bytes to dissect
encrypted data (again, it's bytes, not 16-bit quantities). Show them as
encrypted data, not unknown data.
Use "dissect_ndr_character_array()" to dissect a form name in
"dissect_form_name()" in the SPOOLSS dissector.
svn path=/trunk/; revision=7091
|
|
svn path=/trunk/; revision=7074
|
|
function and a void * callback args. The callback is executed after
the dissection of the ndr pointer buffer which may be called,
depending on the number of pointers in the structure, after the return
of the dissect_ndr_pointer() call.
The callback function is of type:
void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree,
proto_item *item, tvbuff_t *tvb, int start_offset, int end_offset,
void *callback_args);
where the proto tree and item are the tree and item created by
dissect_ndr_pointer() and the tvb plus offsets are the buffer pointed
to by the pointer.
svn path=/trunk/; revision=7015
|
|
svn path=/trunk/; revision=6999
|
|
of the DCERPC dissector instead of creating a dummy protocol to hang
the ett and hf values off.
Make the open and close frame values in NT policy handles FT_FRAMENUM's
so the "Go to Corresponding Frame" menu item can be used on them.
svn path=/trunk/; revision=6995
|
|
data, as the error could be due to the decryption being bad, and we
should still dissect the authentication data.
svn path=/trunk/; revision=6924
|
|
we also call the proper DCERPC subdissector.
With this change ethereal will call the SAMR dissector and dissect the
decrypted SAMR packets in devins capture.
svn path=/trunk/; revision=6855
|
|
svn path=/trunk/; revision=6826
|
|
using NTLMSSP version 1.
Show stub data as such for all requests and replies where we can't
dissect the stub data as a request or reply for some DCERPC-based
protocol.
svn path=/trunk/; revision=6825
|
|
list of packets corresponding to a reassembled pdu
svn path=/trunk/; revision=6807
|
|
until we know that we have the entire PDU - we might not have all of it,
as some of it might be in, for example, a later TCP segment.
svn path=/trunk/; revision=6785
|
|
Minor change to the connection oriented DCE/RPC function calls.
Now the offset is provided in the call, instead of having a
hard-coded value in each function. Also makes the calling
convention consistent with the datagram equivalents for the
functions.
Didn't do it for dissect_dcerpc_cn_auth() yet, as that is a
special case (and I am in the process of restructuring it to
make verifier decryption work properly).
svn path=/trunk/; revision=6778
|
|
know what it is (a PDU for the third stage in a 3-way authentication
handshake, as is done with NTLMSSP authentication, for example) - get
rid of the question mark after "AUTH3".
svn path=/trunk/; revision=6746
|