give it a byte-order argument, and move it to "epan/tvbuff.c".
Use it to handle UCS-2 strings in version 1 of the Service Location
Protocol. In SRVLOC V1, use registered fields that are already there
for SRVLOC V2, and add some as needed. Fix some field names.
svn path=/trunk/; revision=7186
adds 2 levels to the tree. Fix calls to it not to add 1 for that level.
The NT and LM challenges in a NETWORK_INFO structure are opaque arrays
of bytes, not Unicode strings; dissect them as such, adding a new
routine "dissect_ndr_counted_byte_array()" for that purpose.
Get rid of some extra colons in names - the colon is put there if a
string is appended, so putting a colon in there explicitly gives double
colons.
Decorate some higher-level tree nodes with strings.
svn path=/trunk/; revision=7107
"dissect_ndr_char_cvstring()" and "dissect_ndr_wchar_cvstring()", to
indicate that they're for conformant varying strings.
Rename "dissect_ndr_character_array()" to "dissect_ndr_cvstring()", to
indicate that it's for conformant varying strings.
svn path=/trunk/; revision=7096
Rename "dissect_ndr_element_array()" to "dissect_ndr_character_array()",
move it out of "packet-dcerpc-nt.c" to "packet-dcerpc.c", and have it
use the standard DCE RPC array max count/offset/count fields rather than
their own private versions of those fields. Give it an option to create
a subtree, and an argument to specify the field to use for the actual
data buffer, and export it.
Move the routines for handling arrays of "char" and "wchar" as strings
out of "packet-dcerpc-nt.c" to "packet-dcerpc.c".
Add a routine to handle an array of "char" as an opaque blob of bytes.
Use "dissect_ndr_character_array()" to dissect character strings in MAPI
(the strings in question are ASCII, not Unicode), and use the routine to
handle an array of "char" as an opaque blob of bytes to dissect
encrypted data (again, it's bytes, not 16-bit quantities). Show them as
encrypted data, not unknown data.
Use "dissect_ndr_character_array()" to dissect a form name in
"dissect_form_name()" in the SPOOLSS dissector.
svn path=/trunk/; revision=7091
Give dissect_nt_sec_desc() and dissect_nt_access_mask() a specific rights
function parameter for dissecting specific access rights.
Fix callers in packet-smb.c to use the new interface.
svn path=/trunk/; revision=7086
functions with something a little less confusing.
We now have two sets of functions to dissect strings:
- dissect_ndr_wchar_array() which dissects NDR arrays of wide characters
(uint32, uint32, uint32, buffer)
- dissect_ndr_counted_string() which dissects a "counted string"
(uint16, uint16, pointer to array of wchar)
There are three contexts for dissecting counted strings:
1. "in-line" using dissect_ndr_counted_string()
2. as a callback to dissect_ndr_pointer()
3. as a callback to dissect_ndr_pointer_cb()
Context 2 is used when you have a pointer to a counted string.
Context 3 is when you wish to perform some special processing with the
returned string.
svn path=/trunk/; revision=7068
be used to help out in most DCERPC strings. The cb_str_postprocess()
function reads the callback_args and either appends the value of the
string to the COL_INFO field, appends it to the NDR pointer item, or
saves the string to dcv->private_data. Calling cb_str_postprocess()
with CB_STR_ITEM is the same as calling dissect_ndr_pointer() with
levels = 0.
Renamed some of the pointer dissection functions with a suffix of _cb
and created helpers of the original which call the _cb function with
NULL args. This should help minimise the amount of code changes in
the bulk of the DCERPC dissectors.
svn path=/trunk/; revision=7016
of the DCERPC dissector instead of creating a dummy protocol to hang
the ett and hf values off.
Make the open and close frame values in NT policy handles FT_FRAMENUM's
so the "Go to Corresponding Frame" menu item can be used on them.
svn path=/trunk/; revision=6995
Undo change to dissect_doserror() and dissect_ntstatus() made in
revision 1.42 as it breaks the display of rpc errors in COL_INFO.
svn path=/trunk/; revision=6934
tree item, not with hf_nt_str. Get rid of hf_nt_str, as it's no longer
used.
Put ASCII strings into the protocol tree only once.
svn path=/trunk/; revision=6910
string; set it to the result of the "fake_unicode()" call, not to the
raw Unicode string. (Yes, we should have support for strings that don't
have 8-bit characters - and somehow handle strings in packets in
multiple character sets, e.g. ISO 8859/x and other EUC codes, the
Macintosh extended character set, various DOS/Windows code pages, and
Unicode - but we don't have it now.)
svn path=/trunk/; revision=6909
"dissect_ndr_uint16s()"; "dissect_ndr_uint16s()" is always passed a null
pointer, "dissect_dcerpc_uint16s()" is only called by
"dissect_ndr_uint16s()", and the pointer returned through "pdata" is
*NOT* guaranteed to be aligned on a 16-bit boundary so we don't want to
tempt people to blithely dereference that pointer.
svn path=/trunk/; revision=6699
pointers.
The first argument to "sscanf()" is a "const char *"; don't cast const
pointers to "char *" when passing them to "sscanf()".
Assign the result of "tvb_get_ptr()" to const pointers, not non-const
pointers.
Make the "pdata" argument to various DCE routines a const pointer.
svn path=/trunk/; revision=6688
"proto_tree_add_uint()" and the hfindex passed to us, rather than as a
text item. That means it has the name our caller gave to it, and that
it's a filterable field.
svn path=/trunk/; revision=6062
- combine proto_tree_add_text() and proto_tree_append_text() calls in the
access mask dissector
- make the specific access bits dissector functions return void instead of
an offset
I think Samba has the create user reply wrong. There is perhaps a uint32
marked as unknown that shouldn't be there. Removing this parses all the
captures I have.
svn path=/trunk/; revision=6057
generic, standard and specific mode bits. A protocol dissector can pass in
it's own function for dissecting the specific mode bits, if known.
svn path=/trunk/; revision=6053
COL_INFO field if the proto_tree parameter is NULL. This prevents
duplicate error messages when we just want to peek at the value of the
error.
svn path=/trunk/; revision=5963
into two - one that stores request/reply frame numbers and another
that associates a text name with a policy handle.
Removed all calls to prs_policy_hnd() and converted to calls to
dissect_nt_policy_hnd().
svn path=/trunk/; revision=5772
The function request/call are dissected but the main body of the function
in/out parameters consists of a unidimensional conformant and varying array of bytes which content is encrypted/obfuscated.
Whoever can tell me how to decrypt/unobfuscate these bytes will get
a case of VB next time in Sydney.
svn path=/trunk/; revision=5532
add arguments to specify whether the policy handle is being
opened or closed, and don't set the "open frame" for the handle
unless it's being opened and don't set the "close frame" for the
handle unless it's being closed;
store the policy handle before fetching it, so that an open or
close is marked appropriately in the protocol tree on the first
pass;
if the policy handle has a name associated with it, put that
name into the top-level item for the policy handle.
In "packet-dcerpc-spoolss.c":
get rid of aun unused variable;
make "setjob_commands[]" static, as it's not used outside
"packet-dcerpc-spoolss.c";
put a "VALS()" call around the reference to "setjob_commands",
to squelch compiler warnings;
give the SPOOLSS return code field the appropriate
"value_string" array.
svn path=/trunk/; revision=5448
(also registry and srvsvc?) pipe dissectors.
Also added some helper routines for decoding a range of uint8s. These map
nicely to the dissect_{dcerpc,ndr}_foo() format with the addition of a
length parameter, but aren't really part of the NDR specification and are
probably only going to be used in the NT dcerpc dissectors.
svn path=/trunk/; revision=5421
Remove the declaration of "dissect_nt_sid()" from
"packet-dcerpc-samr.c"; get it by including "packet-smb-common.h",
instead.
svn path=/trunk/; revision=5313
frame number arguments, and elements in data structures, unsigned,
display them with "%u" rather than "%d", and use 0, rather than -1, as
"not known".
svn path=/trunk/; revision=5223
"packet-dcerpc-nt.c", and registers "dcerpc_smb_init()" as an
initialization routine. Take the ett_ registration out of the latter
routine, and also take out the "do this only once" stuff.
Get rid of the initialization routines for netlogon, samr, and spoolss;
they just call "dcerpc_smb_init()", which is now an initialization
routine of its own.
The policy hash initialization should be done before every capture, so
it should be done in an initialization routine, and should not do any
"do this only once" stuff. It should also be called only once before
every capture, rather than 3 times.
The ett_ initialization should, however, be done at the same time all
other ett_ initialization is done - at protocol registration time - so
it should be done in a "proto_register_" routine.
This fixes a bug I saw wherein
1) the tree for Unicode strings was open by default
and
2) if you closed one and then exited, Ethereal would crash.
The problem is that "proto_register_subtree_array()" doesn't expand the
array, it just bumps the number of registered ett_ values; the array is
allocated in "proto_init()". As such, if you register ett_ values with
"proto_register_subtree_array()" *after* "proto_init()" is called - and,
even for the first capture, initialization routines are called after
"proto_init()" is called - you will get ett_ numbers that go past the
number of elements in the array.
Move the declaration of "ett_nt_unicode_string" to "packet-dcerpc-nt.h",
as it's exported from "packet-dcerpc-nt.c".
Get rid of the declaration of "dcerpc_smb_init()" in
"packet-dcerpc-nt.h", and make it static, as it's no longer called from
outside "packet-dcerpc-nt.c".
svn path=/trunk/; revision=5196
- rewrote request/response hashing code and moved it into
packet-dcerpc-nt.c for use by other dcerpc/smb dissectors
- rewrote policy handle hashing code as above, with nifty improvements
- moved check for unparsed data and end of frame into a function
- fixed matching of printername to handle in addprinterex
svn path=/trunk/; revision=5014
is decremented after every level is appended to, so that it correctly
specifies the number of levels up the tree to which to append stuff.
Fix some arguments to various printing routines to specify the correct
level. This includes making "dissect_ndr_nt_UNICODE_STRING()" add 1 to
the level argument it's passed before passing it on to
"dissect_ndr_pointer()".
Add a "netlogon_dissect_UNICODE_STRING()" routine to put the fields of a
bunch of NDR_POINTER_REF UNICODE_STRING values into subtrees.
Fix the labels passed as arguments in a bunch of "dissect_ndr_pointer()"
calls.
svn path=/trunk/; revision=5011
string available in the tvbuff before we allocate the buffer; this means
that
1) we don't have to register a cleanup function to free the
buffer if we throw an exception trying to fetch some of the
data, because we won't even try to allocate the buffer if we
don't have all the data
and
2) we won't try to allocate a buffer with a bogus too-large
length, as if the length is too large, we'll throw an
exception in the check.
svn path=/trunk/; revision=4990