aboutsummaryrefslogtreecommitdiffstats
path: root/packet-dcerpc.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix some comments.Guy Harris2003-02-071-3/+3
| | | | svn path=/trunk/; revision=7097
* Rename "dissect_ndr_char_string()" and "dissect_ndr_wchar_string()" toGuy Harris2003-02-071-10/+22
| | | | | | | | | | "dissect_ndr_char_cvstring()" and "dissect_ndr_wchar_cvstring()", to indicate that they're for conformant varying strings. Rename "dissect_ndr_character_array()" to "dissect_ndr_cvstring()", to indicate that it's for conformant varying strings. svn path=/trunk/; revision=7096
* Rename "dissect_ndr_char_array" and "disect_ndr_wchar_array" toGuy Harris2003-02-071-10/+18
| | | | | | | "dissect_ndr_char_string" and "dissect_ndr_wchar_string", to make it clearer what it does. svn path=/trunk/; revision=7095
* Catch ReportedBoundsError when dissecting even non-encrypted stub data,Guy Harris2003-02-071-5/+15
| | | | | | | so that even if the stub data is bad, we still dissect and show the verifier. svn path=/trunk/; revision=7092
* Fix a typo in the multiple-include protection in "packet-dcerpc-nt.h".Guy Harris2003-02-071-1/+173
| | | | | | | | | | | | | | | | | | | | | | | | | Rename "dissect_ndr_element_array()" to "dissect_ndr_character_array()", move it out of "packet-dcerpc-nt.c" to "packet-dcerpc.c", and have it use the standard DCE RPC array max count/offset/count fields rather than their own private versions of those fields. Give it an option to create a subtree, and an argument to specify the field to use for the actual data buffer, and export it. Move the routines for handling arrays of "char" and "wchar" as strings out of "packet-dcerpc-nt.c" to "packet-dcerpc.c". Add a routine to handle an array of "char" as an opaque blob of bytes. Use "dissect_ndr_character_array()" to dissect character strings in MAPI (the strings in question are ASCII, not Unicode), and use the routine to handle an array of "char" as an opaque blob of bytes to dissect encrypted data (again, it's bytes, not 16-bit quantities). Show them as encrypted data, not unknown data. Use "dissect_ndr_character_array()" to dissect a form name in "dissect_form_name()" in the SPOOLSS dissector. svn path=/trunk/; revision=7091
* Make the dcerpc.request_in and dcerpc.response_in fields FT_FRAMENUM's.Tim Potter2003-02-051-3/+3
| | | | svn path=/trunk/; revision=7074
* Replace the 'levels' argument to dissect_ndr_pointer() with a callbackTim Potter2003-01-281-18/+41
| | | | | | | | | | | | | | | | | | | function and a void * callback args. The callback is executed after the dissection of the ndr pointer buffer which may be called, depending on the number of pointers in the structure, after the return of the dissect_ndr_pointer() call. The callback function is of type: void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args); where the proto tree and item are the tree and item created by dissect_ndr_pointer() and the tvb plus offsets are the buffer pointed to by the pointer. svn path=/trunk/; revision=7015
* Add a missing include packet-dcerpc-nt.hJörg Mayer2003-01-241-1/+2
| | | | svn path=/trunk/; revision=6999
* Perform the initialisation for the NT specific DCERPC dissectors as partTim Potter2003-01-241-1/+2
| | | | | | | | | | of the DCERPC dissector instead of creating a dummy protocol to hang the ett and hf values off. Make the open and close frame values in NT policy handles FT_FRAMENUM's so the "Go to Corresponding Frame" menu item can be used on them. svn path=/trunk/; revision=6995
* Catch ReportedBoundsError exceptions when dissecting decrypted stubGuy Harris2003-01-141-5/+19
| | | | | | | data, as the error could be due to the decryption being bad, and we should still dissect the authentication data. svn path=/trunk/; revision=6924
* Update DCERPC so that for (NTLMSSP) PDUs that have been decryptedRonnie Sahlberg2003-01-061-2/+23
| | | | | | | | | we also call the proper DCERPC subdissector. With this change ethereal will call the SAMR dissector and dissect the decrypted SAMR packets in devins capture. svn path=/trunk/; revision=6855
* Fix a braino in a last-minute fix I put into the previous checkin.Guy Harris2002-12-311-1/+2
| | | | svn path=/trunk/; revision=6826
* From Devin Heitmueller: support for decrypting DCERPC conversationsGuy Harris2002-12-311-89/+148
| | | | | | | | | | using NTLMSSP version 1. Show stub data as such for all requests and replies where we can't dissect the stub data as a request or reply for some DCERPC-based protocol. svn path=/trunk/; revision=6825
* Update reassemble.c/show_item and all callers to use FT_FRAMENUM for the ↵Ronnie Sahlberg2002-12-191-3/+3
| | | | | | list of packets corresponding to a reassembled pdu svn path=/trunk/; revision=6807
* When processing a connection-oriented DCERPC PDU, don't set the columnsGuy Harris2002-12-141-7/+6
| | | | | | | until we know that we have the entire PDU - we might not have all of it, as some of it might be in, for example, a later TCP segment. svn path=/trunk/; revision=6785
* From Devin Heitmueller:Guy Harris2002-12-111-31/+22
| | | | | | | | | | | | | | Minor change to the connection oriented DCE/RPC function calls. Now the offset is provided in the call, instead of having a hard-coded value in each function. Also makes the calling convention consistent with the datagram equivalents for the functions. Didn't do it for dissect_dcerpc_cn_auth() yet, as that is a special case (and I am in the process of restructuring it to make verifier decryption work properly). svn path=/trunk/; revision=6778
* It seems pretty clear that a PDU_AUTH3 really is an AUTH3 PDU, and weGuy Harris2002-12-051-2/+2
| | | | | | | | know what it is (a PDU for the third stage in a 3-way authentication handshake, as is done with NTLMSSP authentication, for example) - get rid of the question mark after "AUTH3". svn path=/trunk/; revision=6746
* Arguments to hash routines are gconstpointer's; assign them to constGuy Harris2002-11-281-10/+10
| | | | | | | | | | | | | | pointers. The first argument to "sscanf()" is a "const char *"; don't cast const pointers to "char *" when passing them to "sscanf()". Assign the result of "tvb_get_ptr()" to const pointers, not non-const pointers. Make the "pdata" argument to various DCE routines a const pointer. svn path=/trunk/; revision=6688
* Dissect NTLMSSP authentication verifiers, as per lkcl's "DCE/RPC overGuy Harris2002-11-101-4/+17
| | | | | | SMB" book. svn path=/trunk/; revision=6598
* In connection-oriented DCE RPC, the authentication data are credentialsGuy Harris2002-11-051-21/+58
| | | | | | | | | only in bind, bind_ack, alter_context, alter_context_response, and auth3 PDUs; they're a verifier of some sort in other PDUs. The verifier appears to start with an OID for the real authentication mechanism if the authentication type is SPNEGO. svn path=/trunk/; revision=6563
* Use the full name of the "hf_dcerpc_obj_id" field when formatting theGuy Harris2002-11-031-5/+12
| | | | | | | | protocol tree item for it. Fix a typo. svn path=/trunk/; revision=6555
* From Jean-Baptiste Marchand update the proto_tree_add_ for UUIDs in theRonnie Sahlberg2002-11-021-66/+95
| | | | | | | dcerpc layer (and the subdissectors using dissect_ndr_uuid_t()) so that it is possible to use display filters on these items. svn path=/trunk/; revision=6547
* From Ronnie Sahlberg: Ethereal support for DCERPCSTAT.Guy Harris2002-10-251-15/+2
| | | | svn path=/trunk/; revision=6499
* Add a "fragment_add_seq_next()" to reassemble fragments that don't haveGuy Harris2002-10-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | sequence numbers or offsets and are thus assumed to be received in order with no duplicates or dropped fragments (e.g., for NetBIOS Frame, where 802.2 LLC guarantees in-order delivery to NetBIOS with no duplicates or dropped fragments). "show_fragment_tree()' and "show_fragment_seq_tree()" don't modify the "fragment_items" to which the "fit" argument points, so make that argument a "const fragment_items *". Make all the "fragment_items" tables "static" (as they're not used outside the modules defining them) and "const" (as they're not modified). Add support for reassembly of NetBIOS fragmented requests and responses. Get rid of an unnecessary include of "packet-tr.c" in the NetBIOS dissector, and make its table of dissection function pointers static. Fix some typos in the AppleTalk and NetBIOS dissectors. svn path=/trunk/; revision=6491
* From Ronnie Sahlberg: add a tap for statistics for DCERPC interfaces.Guy Harris2002-10-231-1/+40
| | | | svn path=/trunk/; revision=6479
* From Ronnie Sahlberg: track and display the time between requests andGuy Harris2002-10-221-2/+42
| | | | | | replies for DCERPC similar to what is already done for ONC-RPC. svn path=/trunk/; revision=6465
* From Jaime Fournier: updates to dcerpc conversation managerRonnie Sahlberg2002-09-261-1/+25
| | | | svn path=/trunk/; revision=6339
* Dissect the autentication verifier for Kerberos 5 authentication inGuy Harris2002-09-091-5/+46
| | | | | | connectionless PDUs. svn path=/trunk/; revision=6240
* Auth type 8 is NETLOGON secure channel used for BDC replication.Tim Potter2002-09-081-2/+4
| | | | svn path=/trunk/; revision=6230
* From Ulf Lamping, support for ieee float and double types in the dcerpcRonnie Sahlberg2002-09-031-5/+79
| | | | | | dissectors. svn path=/trunk/; revision=6170
* snego -> spnegoTim Potter2002-08-301-5/+5
| | | | svn path=/trunk/; revision=6138
* Removed trailing whitespaces from .h and .c files using theJörg Mayer2002-08-281-87/+87
| | | | | | | winapi_cleanup tool written by Patrik Stridvall for the wine project. svn path=/trunk/; revision=6117
* These guys got lost in a merge. Actually call the gssapi dissector fromTim Potter2002-08-221-18/+37
| | | | | | the relevant parts of the SMB and DCERPC dissectors. svn path=/trunk/; revision=6066
* Moved the generic true_false_string saying "Set", "Not set" intoTim Potter2002-08-211-6/+1
| | | | | | | | epan/packet.c It was cut and pasted into seven other dissectors! svn path=/trunk/; revision=6052
* Display the protocol name for the UUID in the COL_INFO field if weTim Potter2002-08-131-2/+11
| | | | | | know it. This reduces clutter in the top pane considerably. svn path=/trunk/; revision=5985
* Replace the types from sys/types.h and netinet/in.h by their glib.hJörg Mayer2002-08-021-5/+1
| | | | | | | | equivalents for the toplevel directory. The removal of winsock2.h will hopefully not cause any problems under MSVC++, as those files using struct timeval still include wtap.h, which still includes winsock2.h. svn path=/trunk/; revision=5932
* For connection-oriented DCE RPC, show the stub data if we can't actuallyGuy Harris2002-07-251-2/+18
| | | | | | | do anything else with a request or reply (e.g., because we haven't seen the bind request). svn path=/trunk/; revision=5904
* Added another authentication service for Snego.Tim Potter2002-07-111-1/+4
| | | | svn path=/trunk/; revision=5858
* Put back the code to show the authentication data as "Auth Data"; callGuy Harris2002-07-101-15/+20
| | | | | | | | it if we don't show it as NTLMSSP. Use #defines for the authentication protocols. svn path=/trunk/; revision=5853
* Reordered some boolean fields to be consistent with the rest of ethereal.Tim Potter2002-07-101-22/+26
| | | | svn path=/trunk/; revision=5850
* Dissector for DCERPC auth type == 10 (NTLMSSP) fromTim Potter2002-07-091-3/+18
| | | | | | dheitmueller@netilla.com. svn path=/trunk/; revision=5848
* Put the code to reassemble fragmented connection-oriented andGuy Harris2002-06-241-403/+215
| | | | | | | | | | connectionless DCE RPC PDUs into common routines, and call those routines when dissecting DCE RPC requests and responses. Get rid of arguments to "dcerpc_try_handoff()" whose values are also in the "dcerpc_info" structure pointed to by its "info" argument. svn path=/trunk/; revision=5757
* Change each DCERPC dissector to pass in a hf value on initialisationTim Potter2002-06-241-19/+15
| | | | | | | for a value_string that corresponds to that dissectors opnums. Pass in -1 if no such table is available. svn path=/trunk/; revision=5749
* From Jaime Fournier: handle DCE RPC connectionless CANCEL PDUs with noGuy Harris2002-06-221-2/+10
| | | | | | body. svn path=/trunk/; revision=5730
* Don't hand off the stub body of a Fault PDU to the subdissector for theGuy Harris2002-06-191-9/+21
| | | | | | protocol. svn path=/trunk/; revision=5704
* Dissect the bodies of some additional PDU types.Guy Harris2002-06-191-295/+950
| | | | | | | | | | | | | | | | | | | | | Show presentation context negotiation results and rejection reasons, PDU rejection reasons, and rejection status codes symbolically. Show the presentation context negotiation rejection reason only if there was a rejection, and, if so, show it in the Info column as well as the protocol tree. Show more fields in the Info column. Show the packet type in decimal in the protocol tree - it's shown as decimal in the Info column and the values are shown as decimal in the DCE RPC 1.1 spec. Show the sequence number for connectionless PDUs as decimal in the protcool tree - it's snown as decimal in the Info column, and the call ID for connection-oriented PDUs is shown as decimal in the protocol tree. svn path=/trunk/; revision=5701
* There's no more need for separate request and response reassembly hashGuy Harris2002-06-181-143/+150
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tables for connectionless PDUs than for connection-oriented PDUs; just have one connectionless PDU reassembly hash table. Get rid of unnecessary tests of "dcerpc_reassemble" - the code to handle requests and responses was if (!dcerpc_reassemble || packet not fragmented || frame is short) don't reassemble; else if (dcerpc_reassemble) reassemble but if we go into the "else" clause we know that all three conditions in the "if" are false, including "!dcerpc_reassemble", so we know "dcerpc_reassemble" is true. Set "pinfo->fragmented" based on whether the PDU being dissected is an unreassembled first fragment or not. Put a "Fragment data" item into the protocol tree for all fragments. Properly maintain the offset when dissecting the header of a connectionless PDU, even if we aren't building a protocol tree. "fd_head->datalen" is bogus for sequence-number-based reassembly; use "fd_head->len" instead. svn path=/trunk/; revision=5695
* The offset of the authentication information in a connectionless PDU isGuy Harris2002-06-181-9/+5
| | | | | | | the fragment length *plus the offset of the beginning of the fragment data*, not just the fragment length. svn path=/trunk/; revision=5694
* Add support for reassembly of fragmented connectionless PDUs.Guy Harris2002-06-171-80/+196
| | | | | | | | | | | Don't try to add a fragment to a reassembly operation if we don't have all of the stub data (because the frame is short, or because it's part of a packet fragmented at a layer below RPC and not reassembled). Put an entry into the protocol tree for the fragment data of the last fragment. svn path=/trunk/; revision=5688
* Add #defines for the bits in the flag fields, and a macro to testGuy Harris2002-06-171-87/+247
| | | | | | | | | | | | | | | whether a connection-oriented PDU is fragmented or not. Clean up the handling of fragmented connection-oriented PDUs (the code to handle fragmented PDUs can assume that it is not the case that both PFC_FIRST_FRAG and PFC_LAST_FRAG are set, as that's an unfragmented PDU). Put an entry into the protocol tree for the fragment data in fragmented PDUs. For fragmented connectionless PDUs, don't hand the payload of any fragment other than the first fragment to the subdissector. svn path=/trunk/; revision=5687
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-27 04:29:59 +0000