diff options
| -rw-r--r-- | asn1/spnego/packet-spnego-template.c | 2 | ||||
| -rw-r--r-- | epan/Makefile.common | 6 | ||||
| -rw-r--r-- | epan/crypt/Makefile.common | 10 | ||||
| -rw-r--r-- | epan/crypt/crypt-des.c (renamed from epan/crypt-des.c) | 26 | ||||
| -rw-r--r-- | epan/crypt/crypt-des.h (renamed from epan/crypt-des.h) | 0 | ||||
| -rw-r--r-- | epan/crypt/crypt-md4.c (renamed from epan/crypt-md4.c) | 46 | ||||
| -rw-r--r-- | epan/crypt/crypt-md4.h (renamed from epan/crypt-md4.h) | 0 | ||||
| -rw-r--r-- | epan/crypt/crypt-md5.c | 32 | ||||
| -rw-r--r-- | epan/crypt/crypt-rc4.c (renamed from epan/crypt-rc4.c) | 20 | ||||
| -rw-r--r-- | epan/crypt/crypt-rc4.h (renamed from epan/crypt-rc4.h) | 0 | ||||
| -rw-r--r-- | epan/dissectors/packet-dcerpc-samr.c | 80 | ||||
| -rw-r--r-- | epan/dissectors/packet-ntlmssp.c | 124 | ||||
| -rw-r--r-- | epan/dissectors/packet-spnego.c | 2 |
13 files changed, 174 insertions, 174 deletions
diff --git a/asn1/spnego/packet-spnego-template.c b/asn1/spnego/packet-spnego-template.c index 5765ea8675..03cd12a9cc 100644 --- a/asn1/spnego/packet-spnego-template.c +++ b/asn1/spnego/packet-spnego-template.c @@ -40,7 +40,7 @@ #include "packet-dcerpc.h" #include "packet-gssapi.h" #include "packet-kerberos.h" -#include <epan/crypt-rc4.h> +#include <epan/crypt/crypt-rc4.h> #include <epan/conversation.h> #include <epan/emem.h> diff --git a/epan/Makefile.common b/epan/Makefile.common index 77bd475c52..0f665cbc01 100644 --- a/epan/Makefile.common +++ b/epan/Makefile.common @@ -41,9 +41,6 @@ LIBWIRESHARK_SRC = \ crc16.c \ crc32.c \ crcdrm.c \ - crypt-des.c \ - crypt-md4.c \ - crypt-rc4.c \ dtd_grammar.c \ dtd_parse.c \ dtd_preparse.c \ @@ -122,9 +119,6 @@ LIBWIRESHARK_INCLUDES = \ crc16.h \ crc32.h \ crcdrm.h \ - crypt-des.h \ - crypt-md4.h \ - crypt-rc4.h \ dtd.h \ dtd_grammar.h \ dtd_parse.h \ diff --git a/epan/crypt/Makefile.common b/epan/crypt/Makefile.common index 9f1129aa79..5f3b196ab2 100644 --- a/epan/crypt/Makefile.common +++ b/epan/crypt/Makefile.common @@ -31,7 +31,10 @@ LIBAIRPDCAP_SRC = \ airpdcap_sha1.c \ airpdcap_tkip.c \ airpdcap_wep.c \ - crypt-md5.c \ + crypt-des.c \ + crypt-md4.c \ + crypt-md5.c \ + crypt-rc4.c \ hmac.c LIBAIRPDCAP_INCLUDES = \ @@ -43,6 +46,9 @@ LIBAIRPDCAP_INCLUDES = \ airpdcap_system.h \ airpdcap_user.h \ airpdcap_ws.h \ + crypt-des.h \ + crypt-md4.h \ crypt-md5.h \ - hmac.h \ + crypt-rc4.h \ + hmac.h \ wep-wpadefs.h diff --git a/epan/crypt-des.c b/epan/crypt/crypt-des.c index c87007ed48..92bac55775 100644 --- a/epan/crypt-des.c +++ b/epan/crypt/crypt-des.c @@ -1,23 +1,23 @@ -/* +/* Unix SMB/CIFS implementation. - a partial implementation of DES designed for use in the + a partial implementation of DES designed for use in the SMB authentication protocol Copyright (C) Andrew Tridgell 1998 $Id$ - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. @@ -28,12 +28,12 @@ #endif #include <glib.h> -#include <epan/crypt-des.h> +#include <epan/crypt/crypt-des.h> -/* NOTES: +/* NOTES: This code makes no attempt to be fast! In fact, it is a very - slow implementation + slow implementation This code is NOT a complete DES implementation. It implements only the minimum necessary for SMB authentication, as used by all SMB @@ -209,8 +209,8 @@ static void dohash(char *out, char *in, char *key, int forw) lshift(c, sc[i], 28); lshift(d, sc[i], 28); - concat(cd, c, d, 28, 28); - permute(ki[i], cd, perm2, 48); + concat(cd, c, d, 28, 28); + permute(ki[i], cd, perm2, 48); } permute(pd1, in, perm3, 64); @@ -240,10 +240,10 @@ static void dohash(char *out, char *in, char *key, int forw) int m, n; m = (b[j][0]<<1) | b[j][5]; - n = (b[j][1]<<3) | (b[j][2]<<2) | (b[j][3]<<1) | b[j][4]; + n = (b[j][1]<<3) | (b[j][2]<<2) | (b[j][3]<<1) | b[j][4]; - for (k=0;k<4;k++) - b[j][k] = (sbox[j][m][n] & (1<<(3-k)))?1:0; + for (k=0;k<4;k++) + b[j][k] = (sbox[j][m][n] & (1<<(3-k)))?1:0; } for (j=0;j<8;j++) diff --git a/epan/crypt-des.h b/epan/crypt/crypt-des.h index aa91cc6a4f..aa91cc6a4f 100644 --- a/epan/crypt-des.h +++ b/epan/crypt/crypt-des.h diff --git a/epan/crypt-md4.c b/epan/crypt/crypt-md4.c index f354fb84d7..cbc41bd2dd 100644 --- a/epan/crypt-md4.c +++ b/epan/crypt/crypt-md4.c @@ -1,20 +1,20 @@ -/* +/* Unix SMB/CIFS implementation. a implementation of MD4 designed for use in the SMB authentication protocol Copyright (C) Andrew Tridgell 1997-1998. $Id$ - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. @@ -27,9 +27,9 @@ #include <glib.h> #include <string.h> -#include <epan/crypt-md4.h> +#include <epan/crypt/crypt-md4.h> -/* NOTE: This code makes no attempt to be fast! +/* NOTE: This code makes no attempt to be fast! It assumes that a int is at least 32 bits long */ @@ -43,7 +43,7 @@ static guint32 F(guint32 X, guint32 Y, guint32 Z) static guint32 G(guint32 X, guint32 Y, guint32 Z) { - return (X&Y) | (X&Z) | (Y&Z); + return (X&Y) | (X&Z) | (Y&Z); } static guint32 H(guint32 X, guint32 Y, guint32 Z) @@ -73,35 +73,35 @@ static void mdfour64(guint32 *M) AA = A; BB = B; CC = C; DD = D; - ROUND1(A,B,C,D, 0, 3); ROUND1(D,A,B,C, 1, 7); + ROUND1(A,B,C,D, 0, 3); ROUND1(D,A,B,C, 1, 7); ROUND1(C,D,A,B, 2, 11); ROUND1(B,C,D,A, 3, 19); - ROUND1(A,B,C,D, 4, 3); ROUND1(D,A,B,C, 5, 7); + ROUND1(A,B,C,D, 4, 3); ROUND1(D,A,B,C, 5, 7); ROUND1(C,D,A,B, 6, 11); ROUND1(B,C,D,A, 7, 19); - ROUND1(A,B,C,D, 8, 3); ROUND1(D,A,B,C, 9, 7); + ROUND1(A,B,C,D, 8, 3); ROUND1(D,A,B,C, 9, 7); ROUND1(C,D,A,B, 10, 11); ROUND1(B,C,D,A, 11, 19); - ROUND1(A,B,C,D, 12, 3); ROUND1(D,A,B,C, 13, 7); - ROUND1(C,D,A,B, 14, 11); ROUND1(B,C,D,A, 15, 19); + ROUND1(A,B,C,D, 12, 3); ROUND1(D,A,B,C, 13, 7); + ROUND1(C,D,A,B, 14, 11); ROUND1(B,C,D,A, 15, 19); - ROUND2(A,B,C,D, 0, 3); ROUND2(D,A,B,C, 4, 5); + ROUND2(A,B,C,D, 0, 3); ROUND2(D,A,B,C, 4, 5); ROUND2(C,D,A,B, 8, 9); ROUND2(B,C,D,A, 12, 13); - ROUND2(A,B,C,D, 1, 3); ROUND2(D,A,B,C, 5, 5); + ROUND2(A,B,C,D, 1, 3); ROUND2(D,A,B,C, 5, 5); ROUND2(C,D,A,B, 9, 9); ROUND2(B,C,D,A, 13, 13); - ROUND2(A,B,C,D, 2, 3); ROUND2(D,A,B,C, 6, 5); + ROUND2(A,B,C,D, 2, 3); ROUND2(D,A,B,C, 6, 5); ROUND2(C,D,A,B, 10, 9); ROUND2(B,C,D,A, 14, 13); - ROUND2(A,B,C,D, 3, 3); ROUND2(D,A,B,C, 7, 5); + ROUND2(A,B,C,D, 3, 3); ROUND2(D,A,B,C, 7, 5); ROUND2(C,D,A,B, 11, 9); ROUND2(B,C,D,A, 15, 13); - ROUND3(A,B,C,D, 0, 3); ROUND3(D,A,B,C, 8, 9); + ROUND3(A,B,C,D, 0, 3); ROUND3(D,A,B,C, 8, 9); ROUND3(C,D,A,B, 4, 11); ROUND3(B,C,D,A, 12, 15); - ROUND3(A,B,C,D, 2, 3); ROUND3(D,A,B,C, 10, 9); + ROUND3(A,B,C,D, 2, 3); ROUND3(D,A,B,C, 10, 9); ROUND3(C,D,A,B, 6, 11); ROUND3(B,C,D,A, 14, 15); - ROUND3(A,B,C,D, 1, 3); ROUND3(D,A,B,C, 9, 9); + ROUND3(A,B,C,D, 1, 3); ROUND3(D,A,B,C, 9, 9); ROUND3(C,D,A,B, 5, 11); ROUND3(B,C,D,A, 13, 15); - ROUND3(A,B,C,D, 3, 3); ROUND3(D,A,B,C, 11, 9); + ROUND3(A,B,C,D, 3, 3); ROUND3(D,A,B,C, 11, 9); ROUND3(C,D,A,B, 7, 11); ROUND3(B,C,D,A, 15, 15); A += AA; B += BB; C += CC; D += DD; - + A &= 0xFFFFFFFF; B &= 0xFFFFFFFF; C &= 0xFFFFFFFF; D &= 0xFFFFFFFF; @@ -150,13 +150,13 @@ void crypt_md4(unsigned char *out, const unsigned char *in, int n) buf[i] = 0; memcpy(buf, in, n); buf[n] = 0x80; - + if (n <= 55) { copy4(buf+56, b); copy64(M, buf); mdfour64(M); } else { - copy4(buf+120, b); + copy4(buf+120, b); copy64(M, buf); mdfour64(M); copy64(M, buf+64); diff --git a/epan/crypt-md4.h b/epan/crypt/crypt-md4.h index 17b251d1da..17b251d1da 100644 --- a/epan/crypt-md4.h +++ b/epan/crypt/crypt-md4.h diff --git a/epan/crypt/crypt-md5.c b/epan/crypt/crypt-md5.c index 5ba108c440..6b3769661a 100644 --- a/epan/crypt/crypt-md5.c +++ b/epan/crypt/crypt-md5.c @@ -1,5 +1,5 @@ /* $Id$ */ -/* +/* * Copyright (C) 2003-2006 Benny Prijono <benny@prijono.org> * * Wireshark - Network traffic analyzer @@ -18,7 +18,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ @@ -29,7 +29,7 @@ #include <glib.h> #include <string.h> -#include "crypt-md5.h" +#include <epan/crypt/crypt-md5.h> /* * This code implements the MD5 message-digest algorithm. * The algorithm is due to Ron Rivest. This code was @@ -136,7 +136,7 @@ void md5_append( md5_state_t *ctx, unsigned char const *buf, unsigned len) } /* - * Final wrapup - pad to 64-byte boundary with the bit pattern + * Final wrapup - pad to 64-byte boundary with the bit pattern * 1 0* (64-bit count of bits processed, MSB-first) */ void md5_finish(md5_state_t *ctx, unsigned char digest[16]) @@ -309,17 +309,17 @@ void md5_hmac(const guint8* text, gint text_len, const guint8* key, gint key_len int i; /* if key is longer than 64 bytes reset it to key=MD5(key) */ if (key_len > 64) { - + MD5_CTX tctx; - + MD5Init(&tctx); MD5Update(&tctx, key, key_len); MD5Final(tk, &tctx); - + key = tk; key_len = 16; } - + /* * the HMAC_MD5 transform looks like: * @@ -327,24 +327,24 @@ void md5_hmac(const guint8* text, gint text_len, const guint8* key, gint key_len * * where K is an n byte key * ipad is the byte 0x36 repeated 64 times - - - + + + Krawczyk, et. al. Informational [Page 8] - + RFC 2104 HMAC February 1997 - - + + * opad is the byte 0x5c repeated 64 times * and text is the data being protected */ - + /* start out by storing key in pads */ bzero( k_ipad, sizeof k_ipad); bzero( k_opad, sizeof k_opad); bcopy( key, k_ipad, key_len); bcopy( key, k_opad, key_len); - + /* XOR key with ipad and opad values */ for (i=0; i<64; i++) { k_ipad[i] ^= 0x36; diff --git a/epan/crypt-rc4.c b/epan/crypt/crypt-rc4.c index b03e5868ce..04213d2df2 100644 --- a/epan/crypt-rc4.c +++ b/epan/crypt/crypt-rc4.c @@ -1,23 +1,23 @@ -/* +/* Unix SMB/CIFS implementation. - a partial implementation of RC4 designed for use in the + a partial implementation of RC4 designed for use in the SMB authentication protocol Copyright (C) Andrew Tridgell 1998 $Id$ - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. @@ -30,18 +30,18 @@ #include <glib.h> #include <string.h> -#include <epan/crypt-rc4.h> +#include <epan/crypt/crypt-rc4.h> /* Perform RC4 on a block of data using specified key. "data" is a pointer to the block to be processed. Output is written to same memory as input, so caller may need to make a copy before calling this function, since - the input will be overwritten. - + the input will be overwritten. + Taken from Samba source code. Modified to allow us to maintain state between calls to crypt_rc4. */ -void crypt_rc4_init(rc4_state_struct *rc4_state, +void crypt_rc4_init(rc4_state_struct *rc4_state, const unsigned char *key, int key_len) { int ind; @@ -50,7 +50,7 @@ void crypt_rc4_init(rc4_state_struct *rc4_state, memset(rc4_state, 0, sizeof(rc4_state_struct)); s_box = rc4_state->s_box; - + for (ind = 0; ind < 256; ind++) { s_box[ind] = (unsigned char)ind; diff --git a/epan/crypt-rc4.h b/epan/crypt/crypt-rc4.h index 37c1903eea..37c1903eea 100644 --- a/epan/crypt-rc4.h +++ b/epan/crypt/crypt-rc4.h diff --git a/epan/dissectors/packet-dcerpc-samr.c b/epan/dissectors/packet-dcerpc-samr.c index 0efd376516..0bcf338123 100644 --- a/epan/dissectors/packet-dcerpc-samr.c +++ b/epan/dissectors/packet-dcerpc-samr.c @@ -32,8 +32,8 @@ #include <epan/packet.h> #include <string.h> #include <epan/prefs.h> -#include <epan/crypt-md4.h> -#include <epan/crypt-rc4.h> +#include <epan/crypt/crypt-md4.h> +#include <epan/crypt/crypt-rc4.h> #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" #include "packet-dcerpc-samr.h" @@ -514,7 +514,7 @@ struct access_mask_info samr_group_access_mask_info = { }; static int -dissect_ndr_nt_SID_no_hf(tvbuff_t *tvb, int offset, packet_info *pinfo, +dissect_ndr_nt_SID_no_hf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep); @@ -661,7 +661,7 @@ samr_dissect_query_dispinfo_rqst(tvbuff_t *tvb, int offset, if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr( - pinfo->cinfo, COL_INFO, ", level %d, start_idx %d", + pinfo->cinfo, COL_INFO, ", level %d, start_idx %d", level, start_idx); return offset; @@ -1181,7 +1181,7 @@ samr_dissect_connect2_reply(tvbuff_t *tvb, int offset, e_ctx_hnd policy_hnd; proto_item *hnd_item; guint32 status; - + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_hnd, &policy_hnd, &hnd_item, TRUE, FALSE); @@ -1219,7 +1219,7 @@ samr_dissect_connect3_reply(tvbuff_t *tvb, int offset, e_ctx_hnd policy_hnd; proto_item *hnd_item; guint32 status; - + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_hnd, &policy_hnd, &hnd_item, TRUE, FALSE); @@ -1257,7 +1257,7 @@ samr_dissect_connect4_reply(tvbuff_t *tvb, int offset, e_ctx_hnd policy_hnd; proto_item *hnd_item; guint32 status; - + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_hnd, &policy_hnd, &hnd_item, TRUE, FALSE); @@ -1446,7 +1446,7 @@ samr_dissect_open_domain_rqst(tvbuff_t *tvb, int offset, /* SID */ dcv->private_data=NULL; offset = dissect_ndr_pointer_cb( - tvb, offset, pinfo, tree, drep, dissect_ndr_nt_SID_no_hf, + tvb, offset, pinfo, tree, drep, dissect_ndr_nt_SID_no_hf, NDR_POINTER_REF, "SID:", -1, NULL, NULL); sid=dcv->private_data; if(!sid) @@ -1800,17 +1800,17 @@ samr_dissect_decrypted_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset, guint16 bc; int result_length; - /* The length of the new password is represented in the last four + /* The length of the new password is represented in the last four octets of the decrypted buffer. Since the password length cannot - exceed 512, we can check the contents of those bytes to determine - if decryption was successful. If the decrypted contents of those + exceed 512, we can check the contents of those bytes to determine + if decryption was successful. If the decrypted contents of those four bytes is less than 512, then there is a 99% chance that we decrypted the buffer successfully. Of course, this isn't good - enough for a security application, (NT uses the "verifier" field + enough for a security application, (NT uses the "verifier" field to come to the same conclusion), but it should be good enough for our dissector. */ - - new_password_len = tvb_get_letohl(tvb, 512); + + new_password_len = tvb_get_letohl(tvb, 512); if (new_password_len <= 512) { @@ -1818,13 +1818,13 @@ samr_dissect_decrypted_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset, proto_tree_add_text (tree, tvb, offset, -1, "Decryption of NT Password Encrypted block successful"); - /* Whatever is before the password is pseudorandom data. We calculate + /* Whatever is before the password is pseudorandom data. We calculate the length by examining the password length (at the end), and working - backward */ + backward */ pseudorandom_len = NT_BLOCK_SIZE - new_password_len - 4; /* Pseudorandom data padding up to password */ - proto_tree_add_item(tree, hf_samr_nt_passchange_block_pseudorandom, + proto_tree_add_item(tree, hf_samr_nt_passchange_block_pseudorandom, tvb, offset, pseudorandom_len, TRUE); offset += pseudorandom_len; @@ -1835,7 +1835,7 @@ samr_dissect_decrypted_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset, &result_length, FALSE, TRUE, &bc); proto_tree_add_string(tree, hf_samr_nt_passchange_block_newpass, - tvb, offset, result_length, + tvb, offset, result_length, printable_password); offset += new_password_len; @@ -1848,7 +1848,7 @@ samr_dissect_decrypted_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset, /* Decryption failure. Just show the encrypted block */ proto_tree_add_text (tree, tvb, offset, -1, "Decryption of NT Passchange block failed"); - + proto_tree_add_item(tree, hf_samr_nt_passchange_block_decrypted, tvb, offset, NT_BLOCK_SIZE, TRUE); } @@ -1867,16 +1867,16 @@ decrypt_tvb_using_nt_password(packet_info *pinfo, tvbuff_t *tvb, int offset, int tvbuff_t *decr_tvb; /* Used to store decrypted buffer */ if (nt_password[0] == '\0') { - /* We dont have an NT password, so we cant decrypt the + /* We dont have an NT password, so we cant decrypt the blob. */ return NULL; } - /* This implements the the algorithm discussed in lkcl -"DCE/RPC + /* This implements the the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257. Note that this code does not properly support Unicode. */ - /* Convert the password provided in the Wireshark GUI to Unicode + /* Convert the password provided in the Wireshark GUI to Unicode (UCS-2). Since the input is always ASCII, we can just fake it and pad every other byte with a NUL. If we ever support UTF-8 in the GUI, we would have to perform a real UTF-8 to @@ -1890,13 +1890,13 @@ decrypt_tvb_using_nt_password(packet_info *pinfo, tvbuff_t *tvb, int offset, int } /* Run MD4 against the resulting Unicode password. This will - be used to perform RC4 decryption on the blob. + be used to perform RC4 decryption on the blob. Then free the Unicode password, as we're done with it. */ crypt_md4(password_md4_hash, password_unicode, password_len_unicode); g_free(password_unicode); - + /* Copy the block into a temporary buffer so we can decrypt it */ block = g_malloc(len); @@ -1924,7 +1924,7 @@ samr_dissect_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset, { dcerpc_info *di; tvbuff_t *decr_tvb; /* Used to store decrypted buffer */ - + di=pinfo->private_data; if(di->conformant_run){ /* just a run to handle conformant arrays, no scalars to dissect */ @@ -1964,7 +1964,7 @@ samr_dissect_LM_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset, return offset; } - proto_tree_add_item(tree, hf_samr_lm_passchange_block, tvb, offset, + proto_tree_add_item(tree, hf_samr_lm_passchange_block, tvb, offset, 516, TRUE); offset += 516; return offset; @@ -4310,7 +4310,7 @@ samr_dissect_close_hnd_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, char *name; offset = dissect_nt_policy_hnd( - tvb, offset, pinfo, tree, drep, hf_samr_hnd, &policy_hnd, + tvb, offset, pinfo, tree, drep, hf_samr_hnd, &policy_hnd, NULL, FALSE, TRUE); dcerpc_smb_fetch_pol(&policy_hnd, &name, NULL, NULL, pinfo->fd->num); @@ -5021,7 +5021,7 @@ samr_dissect_connect5_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, hf_samr_unknown_long, NULL); offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, - hf_samr_hnd, &policy_hnd, + hf_samr_hnd, &policy_hnd, &hnd_item, TRUE, FALSE); offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, @@ -5242,7 +5242,7 @@ static dcerpc_sub_dissector dcerpc_samr_dissectors[] = { { SAMR_UNICODE_CHANGE_PASSWORD_USER3, "SamrUnicodeChangePasswordUser3", NULL, NULL }, { SAMR_CONNECT5, "SamrConnect5", - samr_dissect_connect5_rqst, + samr_dissect_connect5_rqst, samr_dissect_connect5_reply }, { SAMR_RID_TO_SID, "SamrRidToSid", NULL, NULL }, { SAMR_SET_DSRM_PASSWORD, "SamrSetDSRMPassword", NULL, NULL }, @@ -5431,26 +5431,26 @@ proto_register_dcerpc_samr(void) NULL, 0, "NT Password Verifier", HFILL }}, { &hf_samr_lm_passchange_block, { - "Encrypted Block", "samr.lm_passchange_block", FT_BYTES, + "Encrypted Block", "samr.lm_passchange_block", FT_BYTES, BASE_HEX, NULL, 0, "Lan Manager Password Change Block", HFILL }}, { &hf_samr_nt_passchange_block, { - "Encrypted Block", "samr.nt_passchange_block", FT_BYTES, + "Encrypted Block", "samr.nt_passchange_block", FT_BYTES, BASE_HEX, NULL, 0, "NT Password Change Block", HFILL }}, { &hf_samr_nt_passchange_block_decrypted, { "Decrypted Block", "samr.nt_passchange_block_decrypted", - FT_BYTES, BASE_HEX, NULL, 0, + FT_BYTES, BASE_HEX, NULL, 0, "NT Password Change Decrypted Block", HFILL }}, { &hf_samr_nt_passchange_block_newpass, { - "New NT Password", "samr.nt_passchange_block_new_ntpassword", + "New NT Password", "samr.nt_passchange_block_new_ntpassword", FT_STRING, BASE_NONE, NULL, 0, "New NT Password", HFILL }}, { &hf_samr_nt_passchange_block_newpass_len, { - "New NT Unicode Password length", - "samr.nt_passchange_block_new_ntpassword_len", FT_UINT32, + "New NT Unicode Password length", + "samr.nt_passchange_block_new_ntpassword_len", FT_UINT32, BASE_DEC, NULL, 0, "New NT Password Unicode Length", HFILL }}, { &hf_samr_nt_passchange_block_pseudorandom, { @@ -5544,15 +5544,15 @@ proto_register_dcerpc_samr(void) { "Alias Desc", "samr.alias.desc", FT_STRING, BASE_NONE, NULL, 0, "Alias (Local Group) Description", HFILL }}, { &hf_samr_alias_num_of_members, - { "Num of Members in Alias", "samr.alias.num_of_members", - FT_UINT32, BASE_DEC, NULL, 0, + { "Num of Members in Alias", "samr.alias.num_of_members", + FT_UINT32, BASE_DEC, NULL, 0, "Number of members in Alias (Local Group)", HFILL }}, { &hf_samr_group_desc, { "Group Desc", "samr.group.desc", FT_STRING, BASE_NONE, NULL, 0, "Group Description", HFILL }}, { &hf_samr_group_num_of_members, - { "Num of Members in Group", "samr.group.num_of_members", - FT_UINT32, BASE_DEC, NULL, 0, + { "Num of Members in Group", "samr.group.num_of_members", + FT_UINT32, BASE_DEC, NULL, 0, "Number of members in Group", HFILL }}, /* Object specific access rights */ @@ -5812,7 +5812,7 @@ proto_register_dcerpc_samr(void) proto_register_subtree_array(ett, array_length(ett)); dcerpc_samr_module = prefs_register_protocol(proto_dcerpc_samr, NULL); - + prefs_register_string_preference(dcerpc_samr_module, "nt_password", "NT Password", "NT Password (used to verify password changes)", diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c index 06bc0921b4..565a6f85fc 100644 --- a/epan/dissectors/packet-ntlmssp.c +++ b/epan/dissectors/packet-ntlmssp.c @@ -40,9 +40,9 @@ #include <epan/prefs.h> #include <epan/emem.h> #include <epan/tap.h> -#include <epan/crypt-rc4.h> -#include <epan/crypt-md4.h> -#include <epan/crypt-des.h> +#include <epan/crypt/crypt-rc4.h> +#include <epan/crypt/crypt-md4.h> +#include <epan/crypt/crypt-des.h> #include "packet-dcerpc.h" #include "packet-gssapi.h" @@ -223,7 +223,7 @@ static const char *nt_password = NULL; #define MAX_BLOB_SIZE 256 typedef struct _ntlmssp_blob { guint16 length; - guint8 contents[MAX_BLOB_SIZE]; + guint8 contents[MAX_BLOB_SIZE]; } ntlmssp_blob; /* Used in the conversation function */ @@ -259,11 +259,11 @@ static GSList *decrypted_payloads; Returns output in response, which is expected to be 24 bytes. */ static int ntlmssp_generate_challenge_response(guint8 *response, - const guint8 *passhash, + const guint8 *passhash, const guint8 *challenge) { guint8 pw21[21]; /* Password hash padded to 21 bytes */ - + memset(pw21, 0x0, sizeof(pw21)); memcpy(pw21, passhash, 16); @@ -276,14 +276,14 @@ static int ntlmssp_generate_challenge_response(guint8 *response, return 1; } -/* Create an NTLMSSP version 1 key. +/* Create an NTLMSSP version 1 key. * password points to the ANSI password to encrypt, challenge points to * the 8 octet challenge string, key128 will do a 128 bit key if set to 1, - * otherwise it will do a 40 bit key. The result is stored in + * otherwise it will do a 40 bit key. The result is stored in * sspkey (expected to be 16 octets) */ static void -create_ntlmssp_v1_key(const char *nt_password, const guint8 *challenge, +create_ntlmssp_v1_key(const char *nt_password, const guint8 *challenge, int use_key_128, guint8 *sspkey) { unsigned char lm_password_upper[16]; @@ -293,7 +293,7 @@ create_ntlmssp_v1_key(const char *nt_password, const guint8 *challenge, guint8 pw21[21]; /* Password hash padded to 21 bytes */ size_t password_len; unsigned int i; - unsigned char lmhash_key[] = + unsigned char lmhash_key[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; memset(lm_password_upper, 0, sizeof(lm_password_upper)); @@ -311,13 +311,13 @@ create_ntlmssp_v1_key(const char *nt_password, const guint8 *challenge, crypt_des_ecb(lm_password_hash, lmhash_key, lm_password_upper, 1); crypt_des_ecb(lm_password_hash+8, lmhash_key, lm_password_upper+7, 1); - + /* Generate the LanMan Challenge Response */ ntlmssp_generate_challenge_response(lm_challenge_response, lm_password_hash, challenge); - + /* Generate the NTLMSSP-v1 RC4 Key. - * The RC4 key is derived from the Lan Manager Hash. + * The RC4 key is derived from the Lan Manager Hash. * See lkcl "DCE/RPC over SMB" page 254 for the algorithm. */ memset(pw21, 0xBD, sizeof(pw21)); @@ -327,7 +327,7 @@ create_ntlmssp_v1_key(const char *nt_password, const guint8 *challenge, crypt_des_ecb(rc4key, lm_challenge_response, pw21, 1); crypt_des_ecb(rc4key + 8, lm_challenge_response, pw21 + 7, 1); crypt_des_ecb(rc4key + 16, lm_challenge_response, pw21 + 14, 1); - + /* Create the SSP Key */ memset(sspkey, 0, sizeof(sspkey)); if (use_key_128) { @@ -354,7 +354,7 @@ create_ntlmssp_v1_key(const char *nt_password, const guint8 *challenge, */ static int dissect_ntlmssp_string (tvbuff_t *tvb, int offset, - proto_tree *ntlmssp_tree, + proto_tree *ntlmssp_tree, gboolean unicode_strings, int string_hf, int *start, int *end, const char **stringp) @@ -414,7 +414,7 @@ dissect_ntlmssp_string (tvbuff_t *tvb, int offset, */ static int dissect_ntlmssp_blob (tvbuff_t *tvb, int offset, - proto_tree *ntlmssp_tree, + proto_tree *ntlmssp_tree, int blob_hf, int *end, ntlmssp_blob *result) { proto_item *tf = NULL; @@ -432,7 +432,7 @@ dissect_ntlmssp_blob (tvbuff_t *tvb, int offset, } if (ntlmssp_tree) { - tf = proto_tree_add_item (ntlmssp_tree, blob_hf, tvb, + tf = proto_tree_add_item (ntlmssp_tree, blob_hf, tvb, blob_offset, blob_length, FALSE); tree = proto_item_add_subtree(tf, ett_ntlmssp_blob); } @@ -617,7 +617,7 @@ dissect_ntlmv2_response(tvbuff_t *tvb, proto_tree *tree, int offset, int len) if (tree) { ntlmv2_item = proto_tree_add_item( - tree, hf_ntlmssp_ntlmv2_response, tvb, + tree, hf_ntlmssp_ntlmv2_response, tvb, offset, len, TRUE); ntlmv2_tree = proto_item_add_subtree( ntlmv2_item, ett_ntlmssp_ntlmv2_response); @@ -667,7 +667,7 @@ dissect_ntlmv2_response(tvbuff_t *tvb, proto_tree *tree, int offset, int len) if (ntlmv2_tree) { name_item = proto_tree_add_item( - ntlmv2_tree, hf_ntlmssp_ntlmv2_response_name, + ntlmv2_tree, hf_ntlmssp_ntlmv2_response_name, tvb, offset, 0, TRUE); name_tree = proto_item_add_subtree( name_item, ett_ntlmssp_ntlmv2_response_name); @@ -693,13 +693,13 @@ dissect_ntlmv2_response(tvbuff_t *tvb, proto_tree *tree, int offset, int len) case NTLM_NAME_END: name = "NULL"; proto_item_append_text( - name_item, "%s", + name_item, "%s", val_to_str(name_type, ntlm_name_types, "Unknown")); break; case NTLM_NAME_CLIENT_TIME: dissect_nt_64bit_time( - tvb, name_tree, offset, + tvb, name_tree, offset, hf_ntlmssp_ntlmv2_response_client_time); proto_item_append_text( name_item, "Client Time"); @@ -713,7 +713,7 @@ dissect_ntlmv2_response(tvbuff_t *tvb, proto_tree *tree, int offset, int len) tvb, offset, name_len / 2, TRUE); proto_tree_add_text( - name_tree, tvb, offset, name_len, + name_tree, tvb, offset, name_len, "Name: %s", name); proto_item_append_text( name_item, "%s, %s", @@ -764,10 +764,10 @@ dissect_ntlmssp_negotiate (tvbuff_t *tvb, int offset, proto_tree *ntlmssp_tree, * sent at all, presumably meaning the length of the message * isn't enough to contain them. */ - offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, FALSE, + offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, FALSE, hf_ntlmssp_negotiate_domain, &start, &workstation_end, NULL); - offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, FALSE, + offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, FALSE, hf_ntlmssp_negotiate_workstation, &start, &domain_end, NULL); @@ -778,8 +778,8 @@ dissect_ntlmssp_negotiate (tvbuff_t *tvb, int offset, proto_tree *ntlmssp_tree, static int -dissect_ntlmssp_address_list (tvbuff_t *tvb, int offset, - proto_tree *ntlmssp_tree, +dissect_ntlmssp_address_list (tvbuff_t *tvb, int offset, + proto_tree *ntlmssp_tree, int *end) { guint16 list_length = tvb_get_letohs(tvb, offset); @@ -802,7 +802,7 @@ dissect_ntlmssp_address_list (tvbuff_t *tvb, int offset, } if (ntlmssp_tree) { - tf = proto_tree_add_item (ntlmssp_tree, hf_ntlmssp_address_list, tvb, + tf = proto_tree_add_item (ntlmssp_tree, hf_ntlmssp_address_list, tvb, list_offset, list_length, FALSE); tree = proto_item_add_subtree(tf, ett_ntlmssp_address_list); } @@ -880,7 +880,7 @@ dissect_ntlmssp_address_list (tvbuff_t *tvb, int offset, } /* Now show the actual bytes that made up the summary line */ - addr_tree = proto_item_add_subtree (addr_tf, + addr_tree = proto_item_add_subtree (addr_tf, ett_ntlmssp_address_list_item); proto_tree_add_item (addr_tree, hf_ntlmssp_address_list_item_type, tvb, type_offset, 2, TRUE); @@ -909,7 +909,7 @@ dissect_ntlmssp_challenge (tvbuff_t *tvb, packet_info *pinfo, int offset, ntlmssp_info *conv_ntlmssp_info; conversation_t *conversation; gboolean unicode_strings = FALSE; - guint8 challenge[8]; + guint8 challenge[8]; guint8 sspkey[16]; /* NTLMSSP cipher key */ guint8 ssp_key_len; /* Either 8 or 16 (40 bit or 128) */ @@ -923,7 +923,7 @@ dissect_ntlmssp_challenge (tvbuff_t *tvb, packet_info *pinfo, int offset, * XXX - the davenport document calls this the "Target Name", * presumably because non-domain targets are supported. */ - offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, unicode_strings, + offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, unicode_strings, hf_ntlmssp_challenge_domain, &item_start, &item_end, NULL); data_start = item_start; @@ -946,7 +946,7 @@ dissect_ntlmssp_challenge (tvbuff_t *tvb, packet_info *pinfo, int offset, pinfo->ptype, pinfo->srcport, pinfo->destport, 0); if (!conversation) { /* Create one */ - conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, + conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0); } @@ -1090,8 +1090,8 @@ dissect_ntlmssp_auth (tvbuff_t *tvb, packet_info *pinfo, int offset, /* domain name */ item_start = tvb_get_letohl(tvb, offset+4); - offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, - unicode_strings, + offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, + unicode_strings, hf_ntlmssp_auth_domain, &item_start, &item_end, &(ntlmssph->domain_name)); data_start = MIN(data_start, item_start); @@ -1099,8 +1099,8 @@ dissect_ntlmssp_auth (tvbuff_t *tvb, packet_info *pinfo, int offset, /* user name */ item_start = tvb_get_letohl(tvb, offset+4); - offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, - unicode_strings, + offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, + unicode_strings, hf_ntlmssp_auth_username, &item_start, &item_end, &(ntlmssph->acct_name)); data_start = MIN(data_start, item_start); @@ -1112,8 +1112,8 @@ dissect_ntlmssp_auth (tvbuff_t *tvb, packet_info *pinfo, int offset, /* hostname */ item_start = tvb_get_letohl(tvb, offset+4); - offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, - unicode_strings, + offset = dissect_ntlmssp_string(tvb, offset, ntlmssp_tree, + unicode_strings, hf_ntlmssp_auth_hostname, &item_start, &item_end, &(ntlmssph->host_name)); data_start = MIN(data_start, item_start); @@ -1183,11 +1183,11 @@ dissect_ntlmssp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) proto_tree_add_item (ntlmssp_tree, hf_ntlmssp_message_type, tvb, offset, 4, TRUE); ntlmssph->type = tvb_get_letohl (tvb, offset); - offset += 4; + offset += 4; if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", - val_to_str(ntlmssph->type, + val_to_str(ntlmssph->type, ntlmssp_message_types, "Unknown message type")); @@ -1222,7 +1222,7 @@ dissect_ntlmssp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } /* - * Get the encryption state tied to this conversation. cryptpeer indicates + * Get the encryption state tied to this conversation. cryptpeer indicates * whether to retrieve the data for peer1 or peer2. */ static rc4_state_struct * @@ -1323,7 +1323,7 @@ decrypt_verifier(tvbuff_t *tvb, int offset, guint32 encrypted_block_length, /* Setup the buffer to decrypt to */ tvb_memcpy(tvb, packet_ntlmssp_info->verifier, offset, encrypted_block_length); - + /* Do the actual decryption of the verifier */ crypt_rc4(rc4_state, packet_ntlmssp_info->verifier, encrypted_block_length); @@ -1353,7 +1353,7 @@ decrypt_verifier(tvbuff_t *tvb, int offset, guint32 encrypted_block_length, /* Show the decrypted payload in the tree */ tf = proto_tree_add_text(tree, decr_tvb, 0, -1, "Decrypted Verifier (%d byte%s)", - encrypted_block_length, + encrypted_block_length, plurality(encrypted_block_length, "", "s")); decr_tree = proto_item_add_subtree (tf, ett_ntlmssp); @@ -1420,7 +1420,7 @@ dissect_ntlmssp_verf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) proto_tree_add_item (ntlmssp_tree, hf_ntlmssp_verf_vers, tvb, offset, 4, TRUE); offset += 4; - + /* Encrypted body */ proto_tree_add_item (ntlmssp_tree, hf_ntlmssp_verf_body, tvb, offset, encrypted_block_length, TRUE); @@ -1439,10 +1439,10 @@ dissect_ntlmssp_verf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } static tvbuff_t * -dissect_ntlmssp_encrypted_payload(tvbuff_t *data_tvb, +dissect_ntlmssp_encrypted_payload(tvbuff_t *data_tvb, tvbuff_t *auth_tvb _U_, int offset, - packet_info *pinfo, + packet_info *pinfo, dcerpc_auth_info *auth_info _U_) { tvbuff_t *decr_tvb; /* Used to display decrypted buffer */ @@ -1464,7 +1464,7 @@ dissect_ntlmssp_encrypted_payload(tvbuff_t *data_tvb, memset(packet_ntlmssp_info, 0, sizeof(ntlmssp_packet_info)); p_add_proto_data(pinfo->fd, proto_ntlmssp, packet_ntlmssp_info); } - + if (!packet_ntlmssp_info->payload_decrypted) { /* Pull the challenge info from the conversation */ conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, @@ -1474,14 +1474,14 @@ dissect_ntlmssp_encrypted_payload(tvbuff_t *data_tvb, /* There is no conversation, thus no encryption state */ return NULL; } - + conv_ntlmssp_info = conversation_get_proto_data(conversation, proto_ntlmssp); if (conv_ntlmssp_info == NULL) { /* There is no NTLMSSP state tied to the conversation */ return NULL; } - + /* Get the pair of RC4 state structures. One is used for to decrypt the payload. The other is used to re-encrypt the payload to represent the peer */ @@ -1492,7 +1492,7 @@ dissect_ntlmssp_encrypted_payload(tvbuff_t *data_tvb, rc4_state = get_encrypted_state(pinfo, 0); rc4_state_peer = get_encrypted_state(pinfo, 1); } - + if (rc4_state == NULL || rc4_state_peer == NULL) { /* There is no encryption state, so we cannot decrypt */ return NULL; @@ -1504,11 +1504,11 @@ dissect_ntlmssp_encrypted_payload(tvbuff_t *data_tvb, encrypted_block_length); decrypted_payloads = g_slist_prepend(decrypted_payloads, packet_ntlmssp_info->decrypted_payload); - + /* Do the decryption of the payload */ - crypt_rc4(rc4_state, packet_ntlmssp_info->decrypted_payload, + crypt_rc4(rc4_state, packet_ntlmssp_info->decrypted_payload, encrypted_block_length); - + /* We setup a temporary buffer so we can re-encrypt the payload after decryption. This is to update the opposite peer's RC4 state */ peer_block = g_malloc(encrypted_block_length); @@ -1516,7 +1516,7 @@ dissect_ntlmssp_encrypted_payload(tvbuff_t *data_tvb, encrypted_block_length); crypt_rc4(rc4_state_peer, peer_block, encrypted_block_length); g_free(peer_block); - + packet_ntlmssp_info->payload_decrypted = TRUE; } @@ -1526,7 +1526,7 @@ dissect_ntlmssp_encrypted_payload(tvbuff_t *data_tvb, encrypted_block_length); tvb_set_child_real_data_tvbuff(data_tvb, decr_tvb); - + offset += encrypted_block_length; return decr_tvb; @@ -1750,7 +1750,7 @@ proto_register_ntlmssp(void) &ett_ntlmssp_ntlmv2_response_name }; module_t *ntlmssp_module; - + proto_ntlmssp = proto_register_protocol ( "NTLM Secure Service Provider", /* name */ "NTLMSSP", /* short name */ @@ -1761,7 +1761,7 @@ proto_register_ntlmssp(void) register_init_routine(&ntlmssp_init_protocol); ntlmssp_module = prefs_register_protocol(proto_ntlmssp, NULL); - + prefs_register_string_preference(ntlmssp_module, "nt_password", "NT Password", "NT Password (used to decrypt payloads)", @@ -1771,7 +1771,7 @@ proto_register_ntlmssp(void) new_register_dissector("ntlmssp_verf", dissect_ntlmssp_verf, proto_ntlmssp); } -static int wrap_dissect_ntlmssp(tvbuff_t *tvb, int offset, packet_info *pinfo, +static int wrap_dissect_ntlmssp(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep _U_) { tvbuff_t *auth_tvb; @@ -1779,13 +1779,13 @@ static int wrap_dissect_ntlmssp(tvbuff_t *tvb, int offset, packet_info *pinfo, auth_tvb = tvb_new_subset( tvb, offset, tvb_length_remaining(tvb, offset), tvb_length_remaining(tvb, offset)); - + dissect_ntlmssp(auth_tvb, pinfo, tree); return tvb_length_remaining(tvb, offset); } -static int wrap_dissect_ntlmssp_verf(tvbuff_t *tvb, int offset, packet_info *pinfo, +static int wrap_dissect_ntlmssp_verf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep _U_) { tvbuff_t *auth_tvb; @@ -1793,7 +1793,7 @@ static int wrap_dissect_ntlmssp_verf(tvbuff_t *tvb, int offset, packet_info *pin auth_tvb = tvb_new_subset( tvb, offset, tvb_length_remaining(tvb, offset), tvb_length_remaining(tvb, offset)); - + return dissect_ntlmssp_verf(auth_tvb, pinfo, tree); } @@ -1819,14 +1819,14 @@ static dcerpc_auth_subdissector_fns ntlmssp_seal_fns = { void proto_reg_handoff_ntlmssp(void) -{ +{ dissector_handle_t ntlmssp_handle, ntlmssp_wrap_handle; /* Register protocol with the GSS-API module */ ntlmssp_handle = find_dissector("ntlmssp"); ntlmssp_wrap_handle = find_dissector("ntlmssp_verf"); - gssapi_init_oid("1.3.6.1.4.1.311.2.2.10", proto_ntlmssp, ett_ntlmssp, + gssapi_init_oid("1.3.6.1.4.1.311.2.2.10", proto_ntlmssp, ett_ntlmssp, ntlmssp_handle, ntlmssp_wrap_handle, "NTLMSSP - Microsoft NTLM Security Support Provider"); diff --git a/epan/dissectors/packet-spnego.c b/epan/dissectors/packet-spnego.c index 6231b3368a..2ce6e97275 100644 --- a/epan/dissectors/packet-spnego.c +++ b/epan/dissectors/packet-spnego.c @@ -48,7 +48,7 @@ #include "packet-dcerpc.h" #include "packet-gssapi.h" #include "packet-kerberos.h" -#include <epan/crypt-rc4.h> +#include <epan/crypt/crypt-rc4.h> #include <epan/conversation.h> #include <epan/emem.h> |