Age | Commit message (Collapse) | Author | Files | Lines |
|
the information comes from the samba sources and may or may not
be reliable or menaingful.
ms documentation in their knowledgebase says that the only really important part
in the netlogon response is the sitename.
(i have reasons to belive at least one of the flags, closest, is completely bogous)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10649 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
going to check exist.
Doing so arranges that "tvb_reported_length_remaining(tvb, offset) is >=
5 (unless the reported length is less than the data length, but that
"shouldn't happen"). Instead of comparing "tvb_get_ntohl(tvb, offset) -
4" against "tvb_reported_length_remaining(tvb, offset)", which runs the
risk of giving a bogus answer if "tvb_get_ntohl(tvb, offset)" is < 4,
compare "tvb_get_ntohl(tvb, offset) against
"tvb_reported_length_remaining(tvb, offset)-4", as the latter is
guaranteed to be > 0 (and cast the latter expression to get rid of the
signed/unsigned comparison warning that caused me to notice this issue
in the first place).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9738 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
dissect the CLDAP netlogon rpc call
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9730 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9344 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
some implementations specify GSSAPI in the bind call.
the encapsulation seems to be the same as GSS-SPNEGO so handle it the same way
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9169 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
If we failed to dissect the GSS-SPNEGO blob it probably means that the segment
is somewhere in the middle of an LDAP PDU.
Just bail out and stop dissecting the PDU instead of aborting ethereal completely
using g_assert() since this is not really a pathological error, its just something that can and will happen normally.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8925 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
session where GSS-SPNEGO is used.
If we havent seen the BIND call ethereal would assume it is
vanilla non-GSS-SPNEGO LDAP and would fail to decode the packet.
Add heuristics to the LDAP dissector so that
IF the first 4 bytes of the LDAP PDU looks like ity could be a length field
and IF the fifth byte has the value 0x60
then assume what we have is GSS-SPNEGO and assume this and all further commands on this session is GSS-SPNEGO as well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8904 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
LDAP messages that span multiple segments will throw an exception unless we have reassembly enabled.
Update TCP so that IF an exception was thrown that we still pick up any hints
provided by the subdissector about where the next PDU starts.
Update LDAP so that it will rpovide hints to TCP about where the next LDAP PDU starts in the sequence number space.
Thus now ethereal can find and dissect LDAP PDUs that starts somewhere in the middle of a TCP segment.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8895 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8887 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
measure the response time for some LDAP commands and
add a service response time dialog for it
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8885 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
be a "const gchar *", and it ended up being like pulling a thread out of
a sweater - more things had to change, which meant still more things had
to change, and I might've even run into something that didn't change
very well at all. (Or perhaps that was constifying something else.)
For now, we just cast away the constness in calls to "col_set_str()";
the column code won't actually overwrite the string.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8174 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8161 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
whether the domain name was null before putting it into the Info column.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8114 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
that.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8103 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
between the LDAP_RES_SEARCH_ENTRY and LDAP_RES_SEARCH_RESULT messages
depending on those messages occurring in the same frame.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8044 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
- display DN in COL_INFO for bindi, search and add requests
- display errors in COL_INFO for all replies
- for search entries, display the number of results returned
- display the message type in the "top level" protocol item
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8021 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
port numbers document.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7961 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7959 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
for a subtree for the message.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7814 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
message types.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7595 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
in the "auth_info_items" list, and free all the items in that list, we
need to null out the pointer to that list to indicate that it's been
emptied out.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7563 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
into the protocol tree as visible fields.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7515 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
GSS-SPNEGO.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6693 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
call to "gssapi_init_oid()" supplies both dissectors for context-level
tokens and GSS_Wrap header information; the latter dissector should
return the number of bytes of header information, so that if the header
information and the message for the protocol that's using GSSAPI are
treated as a single blob of data (as is the case with LDAP, but not with
DCE RPC, for example), the dissector for the protocol using GSSAPI knows
where to start dissecting.
We associate a pointer to the entire data structure for the OID, not the
handle for context-level token dissector for the OID, with conversations
and frames.
Make the dissector for NTLMSSP verifiers be the handler for GSS_Wrap
stuff for NTLMSSP, and add support for GSS_Wrap stuff for Kerberos.
Support SASL GSS-SPNEGO wrapping of LDAP messages. (XXX - this should
really check for GSS-SPNEGO.)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6692 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Reorganize the desegmentation to match a bit more closely the
desegmentation code in "tcp_dissect_pdus()" (eventually, we should see
if we can just use that code).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6676 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
This patch fixes decoding of the newSuperior attribute of an
LDAPv3 modrdn request. The current implementation attempts to
decode the attribute as an LDAPDN (Octext String, 0x4), when its
definition is actually Context 0 (0x80).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6672 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
being split across TCP segments.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6618 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
conversation a data structure containing the authentication type and
mechanism, and use that to dissect the credentials in subsequent bind
responses.
Call the bind request and response dissectors regardless of whether
we're building a protocol tree or not, so that we call the
authentication subdissectors.
"read_string()" doesn't return anything through the string-pointer
argument if the string is zero-length; handle those cases.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6241 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6117 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6087 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Microsoft. It would be nice if this proto was called CLDAP in the protocol
field - maybe later.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6041 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5932 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5406 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5060 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
detected, so we do a better job of reporting the item with the problem.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4853 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
ASN1_ERR_NOERROR, as you can't have a dissection error if you've
dissected nothing.
When dissecting a Bind reply, set "ret" to the return value of
"dissect_ldap_response_bind()", so errors get reported properly.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4851 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
just display the message type and body as an error.
If the message type isn't a type we dissect, display the "Unknown
message type" entry with the right offset and length.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4850 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
request type.
Put the request types in order in the switch statement.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4849 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
always set that pointer if they return ASN1_ERR_NOERROR. Have the
routines that call them use the value only if the routine returns
ASN1_ERR_NOERROR. Don't bother setting the pointer before calling the
routine.
Report unknown modify operation types.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4834 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
that in the SNMP dissector.
Check the return values of ASN.1 routines in the LDAP dissector, and
have all the subroutines in that disesctor that can return error
indications return ASN1_ERR_ values.
Have the routines that can supply a pointer to a newly-created
protocol-tree item use the right type for items ("proto_item *", not
"proto_tree *", even though they are, at least currently, typedefs for
the same type), and use "proto_item" for the type of the item a pointer
to which is passed to those routines.
Before calling those routines, set the item pointer to null, in case the
routine fails.
Don't check the return value of "parse_filter_strings()" against -1 -
that routine can't return -1.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4833 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
arguments to "proto_tree_add_text()", and to "proto_tree_add_XXX()" calls
that add FT_NONE or FT_PROTO items to the protocol tree, with -1.
Replace some calls to "tvb_length()" or "tvb_length_remaining()" with
calls to "tvb_reported_length()" and "tvb_reported_length_remaining()",
as those give the actual length of the data in the packet, not just the
data that happened to be captured.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4605 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4586 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
means if there are no complete LDAP packets in a TCP segment, there is
no LDAP top-level protocol tree item, which is as it should be.)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4539 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4538 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4370 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4308 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4088 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"header_field_info" structure, including the ones that are later set by
the routines to register fields.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3561 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
put a packet description there.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3405 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3404 f5534014-38df-0310-8fa8-9805f1628bb7
|