osmith/wireshark
1
0
Fork 0
forked from osmocom/wireshark
Code Pull requests Releases Wiki Activity
22197 commits 23 branches 0 tags 1.3 GiB
Commit graph

130 commits

Author SHA1 Message Date
Ronnie Sahlberg
8fde3b7561 rename dcerpc_smb_store_pol_name to dcerpc_store_polhnd_name 
rename dcerpc_smb_fetch_pol  to dcerpc_fetch_polhnd_data and also make 
it take an additional parameter to return the "type" of the policy 
handle, if such a type was stored.

extend the pol_value structure used to track policy handles to also 
store a type to represent what created the policy handle
types could be USER/ALIAS/CONNECT/... etc handles returned from the 
SAMR interface

add a new helper function  dcerpc_store_polhnd_type()

track policy handles between request/responses for dcerpc

update the samr.cnf file to make the samr dissectors for
SetSecurity/QuerySecurity dissect the specific bits for the security 
descriptor correctly based on whether the policy handle refers to a 
CONNECT/DOMAIN/USER/ALIAS or GROUP



svn path=/trunk/; revision=22703
 2007-08-28 11:45:08 +00:00
Guy Harris
5a43799a17 Use G_GINT64_MODIFIER, rather than the PRI[douxX]64 macros, for GLib 
routines and routines using those routines.  GLib might use different
modifiers for 64-bit quantities than the platform's C library does.

svn path=/trunk/; revision=21990
 2007-05-29 18:52:42 +00:00
Ronnie Sahlberg
fce276b898 additional smb2 fixes from metze 
svn path=/trunk/; revision=21860
 2007-05-21 10:19:29 +00:00
Ronnie Sahlberg
f4da83544d from metze 
improved handling of smb2 errors


svn path=/trunk/; revision=21859
 2007-05-21 10:16:21 +00:00
Ronnie Sahlberg
2c0a600046 from metze 
prettify dissection of multiple chained smb2 pdus in one frame


svn path=/trunk/; revision=21801
 2007-05-16 06:50:19 +00:00
Ronnie Sahlberg
99c98d6c6e when spawning off to the next smb2 pdu in a chain we need to create a 
new tvb for it    or else the offset/length calculations for where blobs 
a		next_tvb=tvb_new_subset(tvb, chain_offset, MIN((int)len, 
tvb_length_remaining(tvb, off)), len);
re in the packets are wrong.



svn path=/trunk/; revision=21795
 2007-05-15 20:46:45 +00:00
Ronnie Sahlberg
827df92fb1 add dissection of the end_of_chain bit in the header flags 
svn path=/trunk/; revision=21794
 2007-05-15 20:33:44 +00:00
Ronnie Sahlberg
9498ad3a2d from metze 
patch to find and enhancement of extra_info handling


svn path=/trunk/; revision=21793
 2007-05-15 20:13:30 +00:00
Ronnie Sahlberg
0977ea7e74 from metze 
add support for smb2 chaining

rename sessionsetupandz to sessionsetup


svn path=/trunk/; revision=21792
 2007-05-15 20:07:58 +00:00
Ronnie Sahlberg
0eae1cc0bd add dissection of smb1 ioctl data by tying it into the dissectors for 
ioctl data that already exists for smb2


svn path=/trunk/; revision=21713
 2007-05-07 09:07:29 +00:00
Ronnie Sahlberg
34afdc5fc3 change the smb2 ioctl function to take a pointer to a uint32 (ioctl 
function code) instead of a structure

extend the nt trans structure to contain a ioctl function code for smb1


svn path=/trunk/; revision=21712
 2007-05-07 08:11:59 +00:00
Ronnie Sahlberg
bda722d3bf remove the ioctl function and table from the smb dissector and just use 
the one in smb2 instead since the smb2 one is more developed.


svn path=/trunk/; revision=21711
 2007-05-07 07:41:35 +00:00
Stephen Fisher
8fd3ee0560 Remove almost all of the casts I committed recently and in place of 
them, add -Wno-pointer-sign to CFLAGS when gcc will accept it.


svn path=/trunk/; revision=21253
 2007-03-28 21:55:11 +00:00
Stephen Fisher
85a464c980 Fix a bunch of warnings, add svn:keywords Id and svn:eol-style native 
to packet-iuup.c.
 

svn path=/trunk/; revision=21244
 2007-03-28 07:06:39 +00:00
Jeff Morriss
109388d263 Clean up some more warnings: unused variables, unitialized variables, wrong format (%ld instead of %d) in packet-sccp.c 
svn path=/trunk/; revision=21167
 2007-03-24 13:46:41 +00:00
Ulf Lamping
411249419d fix some more warnings (type casts) 
svn path=/trunk/; revision=21141
 2007-03-23 00:51:21 +00:00
Anders Broman
b6bec03bfc From Stefan (metze) Metzmacher: 
small typo fix in smb2 dissector

svn path=/trunk/; revision=18724
 2006-07-12 20:44:54 +00:00
Ronnie Sahlberg
feab79e328 change a whole bunch of ethereal into wireshark 
svn path=/trunk/; revision=18196
 2006-05-21 04:49:01 +00:00
Ronnie Sahlberg
26f24ec097 decode the first two bytes of the negotiate protocol request as buffercode 
svn path=/trunk/; revision=17821
 2006-04-05 23:33:35 +00:00
Ronnie Sahlberg
fb2cf0df34 from metze 
dissect smb2 break responses   used by a server to break an oplock


these unsolicited responses are sent with a commandseqnum of -1   so mark these in the header as unsolicited as well



svn path=/trunk/; revision=17820
 2006-04-05 21:38:41 +00:00
Gerald Combs
172556500d Remove MIN and MAX defines, which GLib provides. 
svn path=/trunk/; revision=17551
 2006-03-09 16:00:33 +00:00
Guy Harris
08182946ce Constify some items, and make one item static, so we don't initialize 
stack copies at run time.

svn path=/trunk/; revision=17433
 2006-03-01 00:14:12 +00:00
Ronnie Sahlberg
6fcf2d8c66 smb2: 
if the secblob starts with 'NTLMSSP'   call the ntlmssp handle directly and not the gssapi one

ntlmssp:
dont change offset when dissecting a client_time,   offset will be changed properly later outside the switch.



svn path=/trunk/; revision=17215
 2006-02-08 08:48:23 +00:00
Ronnie Sahlberg
3cb23ec4f8 smb2 signing 
add dissection of the "Signature present" bit
and the 16 byte signature field in the header


svn path=/trunk/; revision=17206
 2006-02-07 21:30:21 +00:00
Ronnie Sahlberg
dd2f806e15 handmerged patch from metze it conflicted with recent P bit patch i checked in 
svn path=/trunk/; revision=17202
 2006-02-07 12:01:34 +00:00
Ronnie Sahlberg
c35dfab4e9 rename Logoff to SessionLogoff to make it consistent with 
TreeConnect/TreeDisconnect



svn path=/trunk/; revision=17201
 2006-02-07 11:32:10 +00:00
Ronnie Sahlberg
5036c5cc54 add dissection of the P (PID Valid) bit in the header 
If the P bit is NOT set, then flag the PID field as "(not valid)"
Sicne the TID might be undefined/0 in the response to a "pending" read
we cant use that solely to determine if a read was for a named/pipe (==dcerpc)
Assume that only NamedPipe reads can be STATUS_PENDING and thus have the P bit set and assume it IS dcerpc if the P bit is set.




svn path=/trunk/; revision=17197
 2006-02-07 09:28:02 +00:00
Ronnie Sahlberg
baed8f0888 add dissection of 
SMB/SetFileInfo level 1023
SMB2/SetInfo/FILE_INFO level 0x17

FILE_PIPE_INFO   infolevel


svn path=/trunk/; revision=17195
 2006-02-07 08:48:51 +00:00
Ronnie Sahlberg
0c350fb5b6 prettify class/infolevel for GetInfo/SetInfo 
svn path=/trunk/; revision=17186
 2006-02-06 13:17:11 +00:00
Ronnie Sahlberg
4a2048a5ef dissect the TWrp chain element 
svn path=/trunk/; revision=17180
 2006-02-06 09:51:42 +00:00
Ronnie Sahlberg
cec07db2da from metze 
update to tid and uid tracking


svn path=/trunk/; revision=16893
 2005-12-24 10:10:04 +00:00
Ronnie Sahlberg
dd19e660ba make smb2 tappable 
svn path=/trunk/; revision=16886
 2005-12-23 04:55:25 +00:00
Guy Harris
e09d859591 Squelch a compiler warning. 
svn path=/trunk/; revision=16839
 2005-12-18 10:58:47 +00:00
Ronnie Sahlberg
febe5a84e3 add decoding of the share type that metze found in the tree connect response 
prettify tid and uid 


svn path=/trunk/; revision=16729
 2005-12-08 07:54:13 +00:00
Ronnie Sahlberg
adb796abc6 tap the ntlmssp protocol and extract the account/domain names when users authenticate. 
If known   put the account name, domain name, host name and which frame the suer authenticated in in an expansion below UID in the SMB2 header




svn path=/trunk/; revision=16723
 2005-12-07 13:14:09 +00:00
Ronnie Sahlberg
55c9157d6b objectid updates 
svn path=/trunk/; revision=16692
 2005-12-06 00:27:51 +00:00
Ronnie Sahlberg
7e5f31b6a0 updates for FILE_OBJECTID_BUFFER and have smb call this (no more unknown bytes in smb for objectid) 
svn path=/trunk/; revision=16682
 2005-12-05 21:22:06 +00:00
Ronnie Sahlberg
9edeb85cba add some more ioctls 
svn path=/trunk/; revision=16646
 2005-12-02 09:19:05 +00:00
Ronnie Sahlberg
bc21123474 add dissection of 
FSCTL_CREATE_OR_GET_OBJECT_ID


svn path=/trunk/; revision=16645
 2005-12-02 06:49:52 +00:00
Ronnie Sahlberg
1f39289cce add dissection of FSCTL_GET_SHADOW_COPY_DATA 
svn path=/trunk/; revision=16638
 2005-12-01 13:06:20 +00:00
Ronnie Sahlberg
c8ff130c27 swap in/out to be more consistent with sane naming conventions 
svn path=/trunk/; revision=16637
 2005-12-01 12:34:53 +00:00
Ronnie Sahlberg
1b2e68397a start implementing an ioctl dispatcher for different ioctl functions 
svn path=/trunk/; revision=16636
 2005-12-01 10:34:00 +00:00
Ronnie Sahlberg
646535de33 add decoding of some ioctl names copied from packet-smb.c 
svn path=/trunk/; revision=16635
 2005-12-01 10:18:14 +00:00
Ronnie Sahlberg
ced869a426 move the ioctl function code to the si structure so we can switch on this later in the ioctl_data dissector 
svn path=/trunk/; revision=16634
 2005-12-01 09:42:39 +00:00
Ronnie Sahlberg
966de91a8d 0x0b is ioctl not transaction 
svn path=/trunk/; revision=16633
 2005-12-01 09:20:29 +00:00
Guy Harris
37df4d6886 "dcerpc_smb_fetch_pol()" doesn't necessarily return a name, as we might 
not have seen anything that would let us give a name to a handle.

svn path=/trunk/; revision=16623
 2005-11-29 09:38:45 +00:00
Ronnie Sahlberg
74b05ec567 name some infolevels 
svn path=/trunk/; revision=16613
 2005-11-28 08:20:12 +00:00
Ronnie Sahlberg
55beaa37cf add endoffile infolevel 
svn path=/trunk/; revision=16607
 2005-11-26 21:59:48 +00:00
Ronnie Sahlberg
f699f011fc more infolevels 
svn path=/trunk/; revision=16606
 2005-11-26 21:44:37 +00:00
Ronnie Sahlberg
81c46d4c59 update setinfo response dissection 
svn path=/trunk/; revision=16605
 2005-11-26 21:09:53 +00:00