tree item, not with hf_nt_str. Get rid of hf_nt_str, as it's no longer
used.
Put ASCII strings into the protocol tree only once.
svn path=/trunk/; revision=6910
by DCE RPC are usually little-endian; fix a bunch of
"proto_tree_add_item()" calls (most are for byte-array or string fields,
so the byte order doesn't make a difference, but one is a number).
Put an item into the protocol tree for the encrypted NT password block.
Mallocate the buffer for the Unicode version of the password, rather
than assuming it'll fit in 256 bytes.
"g_malloc()" never returns NULL - it either allocates memory or aborts -
so don't check for a mallocation failure.
Don't try to decrypt the NT password block if we don't have a password.
svn path=/trunk/; revision=6731
- combine proto_tree_add_text() and proto_tree_append_text() calls in the
access mask dissector
- make the specific access bits dissector functions return void instead of
an offset
I think Samba has the create user reply wrong. There is perhaps a uint32
marked as unknown that shouldn't be there. Removing this parses all the
captures I have.
svn path=/trunk/; revision=6057
add arguments to specify whether the policy handle is being
opened or closed, and don't set the "open frame" for the handle
unless it's being opened and don't set the "close frame" for the
handle unless it's being closed;
store the policy handle before fetching it, so that an open or
close is marked appropriately in the protocol tree on the first
pass;
if the policy handle has a name associated with it, put that
name into the top-level item for the policy handle.
In "packet-dcerpc-spoolss.c":
get rid of aun unused variable;
make "setjob_commands[]" static, as it's not used outside
"packet-dcerpc-spoolss.c";
put a "VALS()" call around the reference to "setjob_commands",
to squelch compiler warnings;
give the SPOOLSS return code field the appropriate
"value_string" array.
svn path=/trunk/; revision=5448
response starts with a UNIQUE pointer to a DOMAIN_INFO, not with a REF
pointer to a DOMAIN_INFO - and also not with a UNIQUE pointer to a
DOMAIN_INFO REF pointer; fix the code to match that.
svn path=/trunk/; revision=5427
Remove the declaration of "dissect_nt_sid()" from
"packet-dcerpc-samr.c"; get it by including "packet-smb-common.h",
instead.
svn path=/trunk/; revision=5313
reminder to check whether "samr_dissect_get_alias_membership_reply()"
should dissect the uint32 at the end as an NT status.
Un-#if out "samr_dissect_context_handle_SID()", to serve as a reminder
to figure out whether it should be deleted or used.
Get rid of "samr_dissect_get_user_groups_rqst()" - it's identical to
"samr_dissect_get_groups_for_user_rqst()", but isn't being used.
svn path=/trunk/; revision=5295
Rename "samr_dissect_enum_dom_alias_rqst()" and
"samr_dissect_enum_dom_alias_reply()" to
"samr_dissect_enum_dom_aliases_rqst()" and
"samr_dissect_enum_dom_aliases_reply()", to match the name of the RPC
that they dissect.
Rename the routines used to dissect the unknown 0x2f requests and replies
along the lines of the names of the routines for other unknown requests
and replies, and change the Info column information in that fashion as
well.
Dissect the USER_INFO structure in the QueryUserInfo response.
svn path=/trunk/; revision=5211
"packet-dcerpc-nt.c", and registers "dcerpc_smb_init()" as an
initialization routine. Take the ett_ registration out of the latter
routine, and also take out the "do this only once" stuff.
Get rid of the initialization routines for netlogon, samr, and spoolss;
they just call "dcerpc_smb_init()", which is now an initialization
routine of its own.
The policy hash initialization should be done before every capture, so
it should be done in an initialization routine, and should not do any
"do this only once" stuff. It should also be called only once before
every capture, rather than 3 times.
The ett_ initialization should, however, be done at the same time all
other ett_ initialization is done - at protocol registration time - so
it should be done in a "proto_register_" routine.
This fixes a bug I saw wherein
1) the tree for Unicode strings was open by default
and
2) if you closed one and then exited, Ethereal would crash.
The problem is that "proto_register_subtree_array()" doesn't expand the
array, it just bumps the number of registered ett_ values; the array is
allocated in "proto_init()". As such, if you register ett_ values with
"proto_register_subtree_array()" *after* "proto_init()" is called - and,
even for the first capture, initialization routines are called after
"proto_init()" is called - you will get ett_ numbers that go past the
number of elements in the array.
Move the declaration of "ett_nt_unicode_string" to "packet-dcerpc-nt.h",
as it's exported from "packet-dcerpc-nt.c".
Get rid of the declaration of "dcerpc_smb_init()" in
"packet-dcerpc-nt.h", and make it static, as it's no longer called from
outside "packet-dcerpc-nt.c".
svn path=/trunk/; revision=5196
is decremented after every level is appended to, so that it correctly
specifies the number of levels up the tree to which to append stuff.
Fix some arguments to various printing routines to specify the correct
level. This includes making "dissect_ndr_nt_UNICODE_STRING()" add 1 to
the level argument it's passed before passing it on to
"dissect_ndr_pointer()".
Add a "netlogon_dissect_UNICODE_STRING()" routine to put the fields of a
bunch of NDR_POINTER_REF UNICODE_STRING values into subtrees.
Fix the labels passed as arguments in a bunch of "dissect_ndr_pointer()"
calls.
svn path=/trunk/; revision=5011
"dissect_ndr_nt_UNICODE_STRING_string()", in
"samr_dissect_connect2_server()"; that eliminates an unnecessary extra
level of protocol tree.
That removes the last call to "dissect_ndr_nt_UNICODE_STRING_string()";
eliminate that routine.
In "dissect_ndr_nt_UNICODE_STRING()", initially create the subtree with
the name of the field as a string, so that if an exception is thrown
before the name is set, the subtree won't show up as blank when
displayed or printed. Also pass in the name to "dissect_ndr_pointer()",
so the same happens for subtrees below it. Append only the string data,
not its name, to items up the tree, as the name was put in when the item
was created. Also, when adding a colon before the string, put a space
after the colon, as is done elsewhere in Ethereal.
When appending additional strings, put the blank before the new string,
not after it.
In "dissect_ndr_nt_STRING()", put the subtree into the string with the
name of the field, rather than just "String". Pass in that name to
"dissect_ndr_pointer()", so subtrees below it get a name when they're
initially created.
Get rid of colons in the name string passed to "dissect_ndr_pointer()"
in some calls. Supply a non-null name string in more calls to
"dissect_ndr_pointer()", and fix some calls to pass in the name of the
field being handed to "dissect_ndr_pointer()".
There's no need to fetch the entire "header_field_info" structure for a
protocol field in order to get the field's name - just use
"proto_registrar_get_name()" to get the name.
Use a length of -1, not 0, when creating a subtree whose length will be
set when the dissection of the items under the subtree is complete; that
way, if an exception is thrown while dissecting the items - which means
the item goes past the end of the tvbuff - the item will refer to all
data to the end of the tvbuff, rather than referring to nothing.
Fix a typo in the name of the "hf_samr_unknown_string" field.
svn path=/trunk/; revision=4912
bitmap and make the function not static.
This bitmap is present in other RPC protocols for NT services as well
besides SAMR.
svn path=/trunk/; revision=4889
