diff options
| author | Tim Potter <tpot@samba.org> | 2003-05-15 01:59:23 +0000 |
|---|---|---|
| committer | Tim Potter <tpot@samba.org> | 2003-05-15 01:59:23 +0000 |
| commit | 602a62e38a8fb00544e637cc3d3f9c43b2f9b7bd (patch) | |
| tree | b60c335c1a40d2dfc64bf117df08befa36112a07 /packet-dcerpc.c | |
| parent | 337963a73ac2af9a1496419f3e6f0f0e36221f64 (diff) | |
| download | wireshark-602a62e38a8fb00544e637cc3d3f9c43b2f9b7bd.tar.gz | |
Dissect authentication data for netlogon secure channel bind and bind acks.
Also, recommit a change lost in the hardware failure which was to note the
type of a DCE/RPC fragment when noting it in COL_INFO. A fragment can be
either a first, middle, last or whole (first+last) fragment.
svn path=/trunk/; revision=7666
Diffstat (limited to 'packet-dcerpc.c')
| -rw-r--r-- | packet-dcerpc.c | 60 |
1 files changed, 51 insertions, 9 deletions
diff --git a/packet-dcerpc.c b/packet-dcerpc.c index 20a6a2c812..f48f45fc09 100644 --- a/packet-dcerpc.c +++ b/packet-dcerpc.c @@ -2,7 +2,7 @@ * Routines for DCERPC packet disassembly * Copyright 2001, Todd Sabin <tas@webspan.net> * - * $Id: packet-dcerpc.c,v 1.121 2003/05/14 22:09:52 sharpe Exp $ + * $Id: packet-dcerpc.c,v 1.122 2003/05/15 01:59:23 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -40,6 +40,7 @@ #include "packet-frame.h" #include "packet-ntlmssp.h" #include "packet-dcerpc-nt.h" +#include "packet-dcerpc-netlogon.h" static int dcerpc_tap = -1; @@ -1891,12 +1892,28 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr } case DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN: { - - /* TODO: Fill me in when we know what goes here */ - - proto_tree_add_text (dcerpc_tree, tvb, offset, hdr->auth_len, - "Secure Channel Auth Credentials"); - break; + tvbuff_t *secchan_tvb; + + secchan_tvb = tvb_new_subset( + tvb, offset, hdr->auth_len, hdr->auth_len); + + switch(hdr->ptype) { + case PDU_BIND: + netlogon_dissect_secchan_bind_creds( + secchan_tvb, 0, pinfo, dcerpc_tree, + hdr->drep); + break; + case PDU_BIND_ACK: + netlogon_dissect_secchan_bind_ack_creds( + secchan_tvb, 0, pinfo, dcerpc_tree, + hdr->drep); + break; + default: + proto_tree_add_text( + dcerpc_tree, secchan_tvb, 0, hdr->auth_len, + "Secure Channel Credentials"); + } + break; } default: @@ -2238,6 +2255,31 @@ dissect_dcerpc_cn_bind_nak (tvbuff_t *tvb, gint offset, packet_info *pinfo, } } +/* Return a string describing a DCE/RPC fragment as first, middle, or end + fragment. */ + +#define PFC_FRAG_MASK 0x03 + +static char * +fragment_type(guint8 flags) +{ + flags = flags & PFC_FRAG_MASK; + + if (flags == PFC_FIRST_FRAG) + return "first"; + + if (flags == 0) + return "middle"; + + if (flags == PFC_LAST_FRAG) + return "last"; + + if (flags == (PFC_FIRST_FRAG | PFC_LAST_FRAG)) + return "whole"; + + return "unknown"; +} + static void dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *dcerpc_tree, proto_tree *tree, @@ -2389,7 +2431,7 @@ end_cn_stub: proto_tree_add_uint(dcerpc_tree, hf_dcerpc_reassembled_in, tvb, 0, 0, fd_head->reassembled_in); if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, - " [DCE/RPC fragment]"); + " [DCE/RPC %s fragment]", fragment_type(hdr->flags)); } } } else { @@ -2397,7 +2439,7 @@ end_cn_stub: are missing */ if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, - " [DCE/RPC fragment]"); + " [DCE/RPC %s fragment]", fragment_type(hdr->flags)); } } |