Age | Commit message (Collapse) | Author | Files | Lines |
|
for RAW NTLMSSP, but the client actually sends SPNEGO encapsulated NTLMSSP.
svn path=/trunk/; revision=6173
|
|
that we do not account for properly, like Octet Strings.
svn path=/trunk/; revision=6152
|
|
svn path=/trunk/; revision=6151
|
|
being used properly.
svn path=/trunk/; revision=6149
|
|
More to do yet though ...
svn path=/trunk/; revision=6148
|
|
Windows that cause compiler warnings.
svn path=/trunk/; revision=6129
|
|
comments about what we need to do to get SPNEGO properly implemented.
More work to do.
svn path=/trunk/; revision=6121
|
|
svn path=/trunk/; revision=6119
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
|
svn path=/trunk/; revision=6085
|
|
the relevant parts of the SMB and DCERPC dissectors.
svn path=/trunk/; revision=6066
|
|
svn path=/trunk/; revision=6058
|
|
parameter and data, so the LANMAN RAP pipe dissector, for example,
doesn't get confused and think there is an auxiliary data descriptor in
the parameters when there isn't.
Note that in at least one Negotiate Protocol reply it looks as if a
Unicode domain name might've been aligned.
svn path=/trunk/; revision=6017
|
|
svn path=/trunk/; revision=5980
|
|
the flags field in NTLMSSP messages as a 32-bit field.
Make "get_unicode_or_ascii_string()" take a "Unicode or not" flag rather
than a "packet_info *" as an argument, make it not static, and move it
to "packet-smb-common.c", so that it can be used by the SMB dissector
and the NTLMSSP dissector. Also get rid of some _U_'s that are applied
to arguments that are, in fact, used.
svn path=/trunk/; revision=5976
|
|
svn path=/trunk/; revision=5962
|
|
svn path=/trunk/; revision=5959
|
|
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
|
|
line, separated by ;
It only prints "Request"/"Response" for the first command to save space
svn path=/trunk/; revision=5907
|
|
SMB sees the PDU, then SMB would forget to create the proper state variables and crash.
SMB is changed to split the operation into
1, only create a conversation if it needs to. (as before)
2, detect if it needs to create the si.ct state variables independant of
whether smb also created a conversation or not.
Without this patch and with changes to say TCP to create conversations ethereal would crash at the first packet the SMB dissector would see.
svn path=/trunk/; revision=5906
|
|
request and response.
svn path=/trunk/; revision=5895
|
|
svn path=/trunk/; revision=5862
|
|
but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".
Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.
Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.
svn path=/trunk/; revision=5644
|
|
task of creating a fregment tree for the fragmented packets.
Having this identical code to create this tree in every dissector that does
PDU reassembly is a huge waste and duplication of code.
Updated IP, SMB and DCERPC to use the new function.
svn path=/trunk/; revision=5626
|
|
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
|
|
svn path=/trunk/; revision=5608
|
|
and it looks like "Close" (it's a close that also disconnects the tree
used for the SMB).
svn path=/trunk/; revision=5603
|
|
svn path=/trunk/; revision=5592
|
|
TRANS2_SET_FILE_INFORMATION parameters as reserved.
Change/add comments to reflect information from Microsoft Networks SMB
File Sharing Protocol Extensions Version 3.0, Document Version 1.11,
July 19, 1990.
svn path=/trunk/; revision=5568
|
|
parameters.
svn path=/trunk/; revision=5567
|
|
Microsoft Networks SMB File Sharing Protocol Extensions Version
2.0, Document Version 3.3, November 7, 1988;
Microsoft Networks SMB File Sharing Protocol Extensions Version
3.0, Document Version 1.11, July 19, 1990.
svn path=/trunk/; revision=5566
|
|
Fix a typo.
svn path=/trunk/; revision=5563
|
|
The function request/call are dissected but the main body of the function
in/out parameters consists of a unidimensional conformant and varying array of bytes which content is encrypted/obfuscated.
Whoever can tell me how to decrypt/unobfuscate these bytes will get
a case of VB next time in Sydney.
svn path=/trunk/; revision=5532
|
|
TRANS2_QUERY_FS_INFORMATION, and fix handling of level 1022 to treat the
file name as always being in Unicode.
svn path=/trunk/; revision=5494
|
|
TRANS2_QUERY_FS_INFORMATION.
svn path=/trunk/; revision=5477
|
|
svn path=/trunk/; revision=5440
|
|
error.
svn path=/trunk/; revision=5415
|
|
"dissect_nt_sec_desc()".
Also, get rid of code to handle lengths of -1 in "dissect_nt_sec_desc()"
- we never pass it a length of -1, as security descriptors aren't sent
over the wire with NDR syntax.
svn path=/trunk/; revision=5317
|
|
Remove the declaration of "dissect_nt_sid()" from
"packet-dcerpc-samr.c"; get it by including "packet-smb-common.h",
instead.
svn path=/trunk/; revision=5313
|
|
then later construct the sub-authority string from that array; we can
just construct the string as we fetch the sub-authorities.
Given that we're doing that, use the cleanup handler to free the string,
so that we don't leak memory if we throw an exception when fetching the
RID, for example.
svn path=/trunk/; revision=5294
|
|
functions, from David Frascone.
svn path=/trunk/; revision=5288
|
|
response if the negotiated dialect is Windows for Workgroups 3.1a.
svn path=/trunk/; revision=5264
|
|
values.
Note that in a Negotiate Protocol response, the primary domain won't be
present if the negotiated dialect isn't "DOS LANMAN 2.1" or "LANMAN2.1".
At least for Info Standard replies for Transaction2 Find First2
requests, if the request had the "return resume keys" flag set, the
reply will have a resume key at the beginning of each entry. We assume
that to be the case for Info Query EA Size and Info QUery EAs From List;
it does *not* appear to be the case for Find File Directory Info, Find
File Full Directory Info, or Find File Both Directory Info (they don't
have it even if the flag is set, at least in the captures I've seen).
The length of the name string in Find First2 entries doesn't include the
terminating '\0'; count that as well.
svn path=/trunk/; revision=5259
|
|
within the ACE to work out where the end is.
svn path=/trunk/; revision=5235
|
|
svn path=/trunk/; revision=5234
|
|
svn path=/trunk/; revision=5230
|
|
svn path=/trunk/; revision=5217
|
|
svn path=/trunk/; revision=5213
|
|
inside a Netlogon security descriptor.
Correctly dissect NT security descriptors as they appear inside an LSA
security descriptor (at least as those appear inside a Netlogon security
descriptor) - they get sent over the wire, apparently, as an opaque blob
from the point of view of DCE RPC, at least from one capture I've seen,
they do *not* get sent over the wire in DCE RPC NDR syntax.
svn path=/trunk/; revision=5212
|
|
dissector in packet-smb.c so we can call it from DCERPC NDR encoded services.
svn path=/trunk/; revision=5194
|