parameter and data, so the LANMAN RAP pipe dissector, for example,
doesn't get confused and think there is an auxiliary data descriptor in
the parameters when there isn't.
Note that in at least one Negotiate Protocol reply it looks as if a
Unicode domain name might've been aligned.
svn path=/trunk/; revision=6017
the flags field in NTLMSSP messages as a 32-bit field.
Make "get_unicode_or_ascii_string()" take a "Unicode or not" flag rather
than a "packet_info *" as an argument, make it not static, and move it
to "packet-smb-common.c", so that it can be used by the SMB dissector
and the NTLMSSP dissector. Also get rid of some _U_'s that are applied
to arguments that are, in fact, used.
svn path=/trunk/; revision=5976
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
SMB sees the PDU, then SMB would forget to create the proper state variables and crash.
SMB is changed to split the operation into
1, only create a conversation if it needs to. (as before)
2, detect if it needs to create the si.ct state variables independant of
whether smb also created a conversation or not.
Without this patch and with changes to say TCP to create conversations ethereal would crash at the first packet the SMB dissector would see.
svn path=/trunk/; revision=5906
but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".
Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.
Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.
svn path=/trunk/; revision=5644
task of creating a fregment tree for the fragmented packets.
Having this identical code to create this tree in every dissector that does
PDU reassembly is a huge waste and duplication of code.
Updated IP, SMB and DCERPC to use the new function.
svn path=/trunk/; revision=5626
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
TRANS2_SET_FILE_INFORMATION parameters as reserved.
Change/add comments to reflect information from Microsoft Networks SMB
File Sharing Protocol Extensions Version 3.0, Document Version 1.11,
July 19, 1990.
svn path=/trunk/; revision=5568
Microsoft Networks SMB File Sharing Protocol Extensions Version
2.0, Document Version 3.3, November 7, 1988;
Microsoft Networks SMB File Sharing Protocol Extensions Version
3.0, Document Version 1.11, July 19, 1990.
svn path=/trunk/; revision=5566
The function request/call are dissected but the main body of the function
in/out parameters consists of a unidimensional conformant and varying array of bytes which content is encrypted/obfuscated.
Whoever can tell me how to decrypt/unobfuscate these bytes will get
a case of VB next time in Sydney.
svn path=/trunk/; revision=5532
"dissect_nt_sec_desc()".
Also, get rid of code to handle lengths of -1 in "dissect_nt_sec_desc()"
- we never pass it a length of -1, as security descriptors aren't sent
over the wire with NDR syntax.
svn path=/trunk/; revision=5317
Remove the declaration of "dissect_nt_sid()" from
"packet-dcerpc-samr.c"; get it by including "packet-smb-common.h",
instead.
svn path=/trunk/; revision=5313
then later construct the sub-authority string from that array; we can
just construct the string as we fetch the sub-authorities.
Given that we're doing that, use the cleanup handler to free the string,
so that we don't leak memory if we throw an exception when fetching the
RID, for example.
svn path=/trunk/; revision=5294
values.
Note that in a Negotiate Protocol response, the primary domain won't be
present if the negotiated dialect isn't "DOS LANMAN 2.1" or "LANMAN2.1".
At least for Info Standard replies for Transaction2 Find First2
requests, if the request had the "return resume keys" flag set, the
reply will have a resume key at the beginning of each entry. We assume
that to be the case for Info Query EA Size and Info QUery EAs From List;
it does *not* appear to be the case for Find File Directory Info, Find
File Full Directory Info, or Find File Both Directory Info (they don't
have it even if the flag is set, at least in the captures I've seen).
The length of the name string in Find First2 entries doesn't include the
terminating '\0'; count that as well.
svn path=/trunk/; revision=5259
inside a Netlogon security descriptor.
Correctly dissect NT security descriptors as they appear inside an LSA
security descriptor (at least as those appear inside a Netlogon security
descriptor) - they get sent over the wire, apparently, as an opaque blob
from the point of view of DCE RPC, at least from one capture I've seen,
they do *not* get sent over the wire in DCE RPC NDR syntax.
svn path=/trunk/; revision=5212