"tvb_get_string()" rather than "tvb_format_text()". (This fixes a
problem wherein we freed the return value of "tvb_format_text()", which
we should not do as "tvb_format_text()" doesn't dynamically allocate the
buffer it returns, but means that we don't handle non-printable
characters - but that's a problem with "cb_wstr_postprocess()" as well,
as "tvb_fake_unicode()" also doesn't handle non-printable characters
specially; we should fix the problem in *both* routines.)
svn path=/trunk/; revision=7955
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
give it a byte-order argument, and move it to "epan/tvbuff.c".
Use it to handle UCS-2 strings in version 1 of the Service Location
Protocol. In SRVLOC V1, use registered fields that are already there
for SRVLOC V2, and add some as needed. Fix some field names.
svn path=/trunk/; revision=7186
adds 2 levels to the tree. Fix calls to it not to add 1 for that level.
The NT and LM challenges in a NETWORK_INFO structure are opaque arrays
of bytes, not Unicode strings; dissect them as such, adding a new
routine "dissect_ndr_counted_byte_array()" for that purpose.
Get rid of some extra colons in names - the colon is put there if a
string is appended, so putting a colon in there explicitly gives double
colons.
Decorate some higher-level tree nodes with strings.
svn path=/trunk/; revision=7107
"dissect_ndr_char_cvstring()" and "dissect_ndr_wchar_cvstring()", to
indicate that they're for conformant varying strings.
Rename "dissect_ndr_character_array()" to "dissect_ndr_cvstring()", to
indicate that it's for conformant varying strings.
svn path=/trunk/; revision=7096
Rename "dissect_ndr_element_array()" to "dissect_ndr_character_array()",
move it out of "packet-dcerpc-nt.c" to "packet-dcerpc.c", and have it
use the standard DCE RPC array max count/offset/count fields rather than
their own private versions of those fields. Give it an option to create
a subtree, and an argument to specify the field to use for the actual
data buffer, and export it.
Move the routines for handling arrays of "char" and "wchar" as strings
out of "packet-dcerpc-nt.c" to "packet-dcerpc.c".
Add a routine to handle an array of "char" as an opaque blob of bytes.
Use "dissect_ndr_character_array()" to dissect character strings in MAPI
(the strings in question are ASCII, not Unicode), and use the routine to
handle an array of "char" as an opaque blob of bytes to dissect
encrypted data (again, it's bytes, not 16-bit quantities). Show them as
encrypted data, not unknown data.
Use "dissect_ndr_character_array()" to dissect a form name in
"dissect_form_name()" in the SPOOLSS dissector.
svn path=/trunk/; revision=7091
Give dissect_nt_sec_desc() and dissect_nt_access_mask() a specific rights
function parameter for dissecting specific access rights.
Fix callers in packet-smb.c to use the new interface.
svn path=/trunk/; revision=7086
functions with something a little less confusing.
We now have two sets of functions to dissect strings:
- dissect_ndr_wchar_array() which dissects NDR arrays of wide characters
(uint32, uint32, uint32, buffer)
- dissect_ndr_counted_string() which dissects a "counted string"
(uint16, uint16, pointer to array of wchar)
There are three contexts for dissecting counted strings:
1. "in-line" using dissect_ndr_counted_string()
2. as a callback to dissect_ndr_pointer()
3. as a callback to dissect_ndr_pointer_cb()
Context 2 is used when you have a pointer to a counted string.
Context 3 is when you wish to perform some special processing with the
returned string.
svn path=/trunk/; revision=7068
be used to help out in most DCERPC strings. The cb_str_postprocess()
function reads the callback_args and either appends the value of the
string to the COL_INFO field, appends it to the NDR pointer item, or
saves the string to dcv->private_data. Calling cb_str_postprocess()
with CB_STR_ITEM is the same as calling dissect_ndr_pointer() with
levels = 0.
Renamed some of the pointer dissection functions with a suffix of _cb
and created helpers of the original which call the _cb function with
NULL args. This should help minimise the amount of code changes in
the bulk of the DCERPC dissectors.
svn path=/trunk/; revision=7016
of the DCERPC dissector instead of creating a dummy protocol to hang
the ett and hf values off.
Make the open and close frame values in NT policy handles FT_FRAMENUM's
so the "Go to Corresponding Frame" menu item can be used on them.
svn path=/trunk/; revision=6995
Undo change to dissect_doserror() and dissect_ntstatus() made in
revision 1.42 as it breaks the display of rpc errors in COL_INFO.
svn path=/trunk/; revision=6934
tree item, not with hf_nt_str. Get rid of hf_nt_str, as it's no longer
used.
Put ASCII strings into the protocol tree only once.
svn path=/trunk/; revision=6910
string; set it to the result of the "fake_unicode()" call, not to the
raw Unicode string. (Yes, we should have support for strings that don't
have 8-bit characters - and somehow handle strings in packets in
multiple character sets, e.g. ISO 8859/x and other EUC codes, the
Macintosh extended character set, various DOS/Windows code pages, and
Unicode - but we don't have it now.)
svn path=/trunk/; revision=6909
"dissect_ndr_uint16s()"; "dissect_ndr_uint16s()" is always passed a null
pointer, "dissect_dcerpc_uint16s()" is only called by
"dissect_ndr_uint16s()", and the pointer returned through "pdata" is
*NOT* guaranteed to be aligned on a 16-bit boundary so we don't want to
tempt people to blithely dereference that pointer.
svn path=/trunk/; revision=6699
pointers.
The first argument to "sscanf()" is a "const char *"; don't cast const
pointers to "char *" when passing them to "sscanf()".
Assign the result of "tvb_get_ptr()" to const pointers, not non-const
pointers.
Make the "pdata" argument to various DCE routines a const pointer.
svn path=/trunk/; revision=6688
"proto_tree_add_uint()" and the hfindex passed to us, rather than as a
text item. That means it has the name our caller gave to it, and that
it's a filterable field.
svn path=/trunk/; revision=6062
- combine proto_tree_add_text() and proto_tree_append_text() calls in the
access mask dissector
- make the specific access bits dissector functions return void instead of
an offset
I think Samba has the create user reply wrong. There is perhaps a uint32
marked as unknown that shouldn't be there. Removing this parses all the
captures I have.
svn path=/trunk/; revision=6057
generic, standard and specific mode bits. A protocol dissector can pass in
it's own function for dissecting the specific mode bits, if known.
svn path=/trunk/; revision=6053
COL_INFO field if the proto_tree parameter is NULL. This prevents
duplicate error messages when we just want to peek at the value of the
error.
svn path=/trunk/; revision=5963
into two - one that stores request/reply frame numbers and another
that associates a text name with a policy handle.
Removed all calls to prs_policy_hnd() and converted to calls to
dissect_nt_policy_hnd().
svn path=/trunk/; revision=5772
The function request/call are dissected but the main body of the function
in/out parameters consists of a unidimensional conformant and varying array of bytes which content is encrypted/obfuscated.
Whoever can tell me how to decrypt/unobfuscate these bytes will get
a case of VB next time in Sydney.
svn path=/trunk/; revision=5532
add arguments to specify whether the policy handle is being
opened or closed, and don't set the "open frame" for the handle
unless it's being opened and don't set the "close frame" for the
handle unless it's being closed;
store the policy handle before fetching it, so that an open or
close is marked appropriately in the protocol tree on the first
pass;
if the policy handle has a name associated with it, put that
name into the top-level item for the policy handle.
In "packet-dcerpc-spoolss.c":
get rid of aun unused variable;
make "setjob_commands[]" static, as it's not used outside
"packet-dcerpc-spoolss.c";
put a "VALS()" call around the reference to "setjob_commands",
to squelch compiler warnings;
give the SPOOLSS return code field the appropriate
"value_string" array.
svn path=/trunk/; revision=5448
(also registry and srvsvc?) pipe dissectors.
Also added some helper routines for decoding a range of uint8s. These map
nicely to the dissect_{dcerpc,ndr}_foo() format with the addition of a
length parameter, but aren't really part of the NDR specification and are
probably only going to be used in the NT dcerpc dissectors.
svn path=/trunk/; revision=5421
Tim Potter