2002-07-09 20:49:27 +00:00
/* packet-ntlmssp.c
* Routines for NTLM Secure Service Provider
* Devin Heitmueller < dheitmueller @ netilla . com >
*
2002-09-07 15:45:28 +00:00
* $ Id : packet - ntlmssp . c , v 1.16 2002 / 09 / 07 15 : 45 : 28 sharpe Exp $
2002-07-09 20:49:27 +00:00
*
* Ethereal - Network traffic analyzer
* By Gerald Combs < gerald @ ethereal . com >
* Copyright 1998 Gerald Combs
2002-08-28 21:04:11 +00:00
*
2002-07-09 20:49:27 +00:00
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation ; either version 2
* of the License , or ( at your option ) any later version .
2002-08-28 21:04:11 +00:00
*
2002-07-09 20:49:27 +00:00
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
2002-08-28 21:04:11 +00:00
*
2002-07-09 20:49:27 +00:00
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 59 Temple Place - Suite 330 , Boston , MA 02111 - 1307 , USA .
*/
# ifdef HAVE_CONFIG_H
# include "config.h"
# endif
# include <glib.h>
# include <epan/packet.h>
2002-08-10 21:15:37 +00:00
# include "packet-smb-common.h"
2002-08-30 10:05:26 +00:00
# include "packet-gssapi.h"
2002-08-31 20:25:43 +00:00
# include "packet-frame.h"
2002-08-10 21:15:37 +00:00
2002-07-09 20:49:27 +00:00
/* Message types */
# define NTLMSSP_NEGOTIATE 1
# define NTLMSSP_CHALLENGE 2
# define NTLMSSP_AUTH 3
# define NTLMSSP_UNKNOWN 4
static const value_string ntlmssp_message_types [ ] = {
{ NTLMSSP_NEGOTIATE , " NTLMSSP_NEGOTIATE " } ,
{ NTLMSSP_CHALLENGE , " NTLMSSP_CHALLENGE " } ,
{ NTLMSSP_AUTH , " NTLMSSP_AUTH " } ,
2002-08-10 23:16:37 +00:00
{ NTLMSSP_UNKNOWN , " NTLMSSP_UNKNOWN " } ,
{ 0 , NULL }
2002-07-09 20:49:27 +00:00
} ;
2002-08-28 21:04:11 +00:00
/*
* NTLMSSP negotiation flags
2002-07-09 20:49:27 +00:00
* Taken from Samba
*/
# define NTLMSSP_NEGOTIATE_UNICODE 0x00000001
# define NTLMSSP_NEGOTIATE_OEM 0x00000002
# define NTLMSSP_REQUEST_TARGET 0x00000004
# define NTLMSSP_NEGOTIATE_00000008 0x00000008
# define NTLMSSP_NEGOTIATE_SIGN 0x00000010
# define NTLMSSP_NEGOTIATE_SEAL 0x00000020
# define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE 0x00000040
# define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080
# define NTLMSSP_NEGOTIATE_NETWARE 0x00000100
# define NTLMSSP_NEGOTIATE_NTLM 0x00000200
# define NTLMSSP_NEGOTIATE_00000400 0x00000400
# define NTLMSSP_NEGOTIATE_00000800 0x00000800
# define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x00001000
# define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000
# define NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 0x00004000
# define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000
# define NTLMSSP_CHAL_INIT_RESPONSE 0x00010000
# define NTLMSSP_CHAL_ACCEPT_RESPONSE 0x00020000
# define NTLMSSP_CHAL_NON_NT_SESSION_KEY 0x00040000
# define NTLMSSP_NEGOTIATE_NTLM2 0x00080000
# define NTLMSSP_NEGOTIATE_00100000 0x00100000
# define NTLMSSP_NEGOTIATE_00200000 0x00200000
# define NTLMSSP_NEGOTIATE_00400000 0x00400000
# define NTLMSSP_CHAL_TARGET_INFO 0x00800000
# define NTLMSSP_NEGOTIATE_01000000 0x01000000
# define NTLMSSP_NEGOTIATE_02000000 0x02000000
# define NTLMSSP_NEGOTIATE_04000000 0x04000000
# define NTLMSSP_NEGOTIATE_08000000 0x08000000
# define NTLMSSP_NEGOTIATE_10000000 0x10000000
# define NTLMSSP_NEGOTIATE_128 0x20000000
# define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000
# define NTLMSSP_NEGOTIATE_80000000 0x80000000
static int proto_ntlmssp = - 1 ;
static int hf_ntlmssp = - 1 ;
static int hf_ntlmssp_auth = - 1 ;
static int hf_ntlmssp_message_type = - 1 ;
static int hf_ntlmssp_negotiate_flags = - 1 ;
static int hf_ntlmssp_negotiate_flags_01 = - 1 ;
static int hf_ntlmssp_negotiate_flags_02 = - 1 ;
static int hf_ntlmssp_negotiate_flags_04 = - 1 ;
static int hf_ntlmssp_negotiate_flags_08 = - 1 ;
static int hf_ntlmssp_negotiate_flags_10 = - 1 ;
static int hf_ntlmssp_negotiate_flags_20 = - 1 ;
static int hf_ntlmssp_negotiate_flags_40 = - 1 ;
static int hf_ntlmssp_negotiate_flags_80 = - 1 ;
static int hf_ntlmssp_negotiate_flags_100 = - 1 ;
static int hf_ntlmssp_negotiate_flags_200 = - 1 ;
static int hf_ntlmssp_negotiate_flags_400 = - 1 ;
static int hf_ntlmssp_negotiate_flags_800 = - 1 ;
static int hf_ntlmssp_negotiate_flags_1000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_2000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_4000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_8000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_10000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_20000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_40000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_80000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_100000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_200000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_400000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_800000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_1000000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_2000000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_4000000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_8000000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_10000000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_20000000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_40000000 = - 1 ;
static int hf_ntlmssp_negotiate_flags_80000000 = - 1 ;
static int hf_ntlmssp_negotiate_workstation_strlen = - 1 ;
static int hf_ntlmssp_negotiate_workstation_maxlen = - 1 ;
static int hf_ntlmssp_negotiate_workstation_buffer = - 1 ;
static int hf_ntlmssp_negotiate_workstation = - 1 ;
static int hf_ntlmssp_negotiate_domain_strlen = - 1 ;
static int hf_ntlmssp_negotiate_domain_maxlen = - 1 ;
static int hf_ntlmssp_negotiate_domain_buffer = - 1 ;
static int hf_ntlmssp_negotiate_domain = - 1 ;
static int hf_ntlmssp_ntlm_challenge = - 1 ;
static int hf_ntlmssp_reserved = - 1 ;
static int hf_ntlmssp_challenge_unknown1 = - 1 ;
static int hf_ntlmssp_challenge_unknown2 = - 1 ;
2002-08-10 21:15:37 +00:00
static int hf_ntlmssp_auth_lmresponse_strlen = - 1 ;
static int hf_ntlmssp_auth_lmresponse_maxlen = - 1 ;
static int hf_ntlmssp_auth_lmresponse_offset = - 1 ;
static int hf_ntlmssp_auth_ntresponse_strlen = - 1 ;
static int hf_ntlmssp_auth_ntresponse_maxlen = - 1 ;
static int hf_ntlmssp_auth_ntresponse_offset = - 1 ;
static int hf_ntlmssp_auth_domain_strlen = - 1 ;
static int hf_ntlmssp_auth_domain_maxlen = - 1 ;
static int hf_ntlmssp_auth_domain_offset = - 1 ;
static int hf_ntlmssp_auth_username_strlen = - 1 ;
static int hf_ntlmssp_auth_username_maxlen = - 1 ;
static int hf_ntlmssp_auth_username_offset = - 1 ;
static int hf_ntlmssp_auth_hostname_strlen = - 1 ;
static int hf_ntlmssp_auth_hostname_maxlen = - 1 ;
static int hf_ntlmssp_auth_hostname_offset = - 1 ;
static int hf_ntlmssp_auth_unknown1_strlen = - 1 ;
static int hf_ntlmssp_auth_unknown1_maxlen = - 1 ;
static int hf_ntlmssp_auth_unknown1_offset = - 1 ;
static int hf_ntlmssp_auth_username = - 1 ;
static int hf_ntlmssp_auth_domain = - 1 ;
static int hf_ntlmssp_auth_hostname = - 1 ;
static int hf_ntlmssp_auth_lmresponse = - 1 ;
static int hf_ntlmssp_auth_ntresponse = - 1 ;
static int hf_ntlmssp_auth_unknown1 = - 1 ;
2002-07-09 20:49:27 +00:00
static gint ett_ntlmssp = - 1 ;
static gint ett_ntlmssp_negotiate_flags = - 1 ;
static int
2002-08-28 21:04:11 +00:00
dissect_ntlmssp_negotiate_flags ( tvbuff_t * tvb , int offset ,
2002-07-09 20:49:27 +00:00
proto_tree * ntlmssp_tree ,
guint32 negotiate_flags )
{
proto_tree * negotiate_flags_tree = NULL ;
proto_item * tf = NULL ;
if ( ntlmssp_tree ) {
2002-08-28 21:04:11 +00:00
tf = proto_tree_add_uint ( ntlmssp_tree ,
hf_ntlmssp_negotiate_flags ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
negotiate_flags_tree = proto_item_add_subtree ( tf , ett_ntlmssp_negotiate_flags ) ;
}
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_80000000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_40000000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_20000000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_10000000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_8000000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_4000000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_2000000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_1000000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_800000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_400000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_200000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_100000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_80000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_40000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_20000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_10000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_8000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_4000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_2000 ,
2002-07-10 02:59:38 +00:00
tvb , offset , 4 , negotiate_flags ) ;
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_1000 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_800 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_400 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_200 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_100 ,
2002-07-10 02:59:38 +00:00
tvb , offset , 4 , negotiate_flags ) ;
proto_tree_add_boolean ( negotiate_flags_tree ,
2002-08-28 21:04:11 +00:00
hf_ntlmssp_negotiate_flags_80 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_40 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_20 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
2002-07-10 02:59:38 +00:00
hf_ntlmssp_negotiate_flags_10 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_08 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_04 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
2002-08-28 21:04:11 +00:00
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_02 ,
tvb , offset , 4 , negotiate_flags ) ;
proto_tree_add_boolean ( negotiate_flags_tree ,
hf_ntlmssp_negotiate_flags_01 ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , negotiate_flags ) ;
return ( offset + 4 ) ;
}
static int
2002-08-28 21:04:11 +00:00
dissect_ntlmssp_negotiate ( tvbuff_t * tvb , int offset ,
2002-07-09 20:49:27 +00:00
proto_tree * ntlmssp_tree )
{
guint32 negotiate_flags ;
guint16 workstation_length ;
guint16 domain_length ;
/* NTLMSSP Negotiate Flags */
2002-08-10 21:15:37 +00:00
negotiate_flags = tvb_get_letohl ( tvb , offset ) ;
2002-07-09 20:49:27 +00:00
offset = dissect_ntlmssp_negotiate_flags ( tvb , offset , ntlmssp_tree ,
negotiate_flags ) ;
/* Calling workstation domain name length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_negotiate_domain_strlen ,
tvb , offset , 2 , TRUE ) ;
domain_length = tvb_get_letohs ( tvb , offset ) ;
offset + = 2 ;
/* Calling workstation domain name max length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_negotiate_domain_maxlen ,
tvb , offset , 2 , TRUE ) ;
offset + = 2 ;
/* Calling workstation domain name buffer? */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_negotiate_domain_buffer ,
tvb , offset , 4 , TRUE ) ;
offset + = 4 ;
/* Calling workstation name length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_negotiate_workstation_strlen ,
tvb , offset , 2 , TRUE ) ;
workstation_length = tvb_get_letohs ( tvb , offset ) ;
offset + = 2 ;
/* Calling workstation name max length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_negotiate_workstation_maxlen ,
tvb , offset , 2 , TRUE ) ;
offset + = 2 ;
/* Calling workstation name buffer? */
2002-08-18 20:33:47 +00:00
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_negotiate_workstation_buffer ,
2002-07-09 20:49:27 +00:00
tvb , offset , 4 , TRUE ) ;
offset + = 4 ;
/* Calling workstation name */
2002-08-18 20:33:47 +00:00
if ( workstation_length ! = 0 ) {
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_negotiate_workstation ,
tvb , offset , workstation_length , FALSE ) ;
offset + = workstation_length ;
}
2002-07-09 20:49:27 +00:00
/* Calling domain name */
2002-08-18 20:33:47 +00:00
if ( domain_length ! = 0 ) {
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_negotiate_domain ,
tvb , offset , domain_length , FALSE ) ;
offset + = domain_length ;
}
2002-07-09 20:49:27 +00:00
return offset ;
}
static int
dissect_ntlmssp_challenge ( tvbuff_t * tvb , int offset , proto_tree * ntlmssp_tree )
{
guint32 negotiate_flags ;
/* Skip over the two unknown fields */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_challenge_unknown1 ,
tvb , offset , 4 , TRUE ) ;
offset + = 4 ;
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_challenge_unknown2 ,
tvb , offset , 4 , TRUE ) ;
offset + = 4 ;
/* NTLMSSP Negotiate Flags */
2002-08-10 21:15:37 +00:00
negotiate_flags = tvb_get_letohl ( tvb , offset ) ;
2002-07-09 20:49:27 +00:00
offset = dissect_ntlmssp_negotiate_flags ( tvb , offset , ntlmssp_tree ,
negotiate_flags ) ;
/* NTLMSSP NT Lan Manager Challenge */
proto_tree_add_item ( ntlmssp_tree ,
hf_ntlmssp_ntlm_challenge ,
tvb , offset , 8 , FALSE ) ;
offset + = 8 ;
2002-08-28 21:04:11 +00:00
2002-07-09 20:49:27 +00:00
/* Reserved (function not completely known) */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_reserved ,
tvb , offset , 8 , FALSE ) ;
offset + = 8 ;
return offset ;
}
2002-08-10 21:15:37 +00:00
static int
dissect_ntlmssp_auth ( tvbuff_t * tvb , int offset , proto_tree * ntlmssp_tree )
{
guint16 lmresponse_length ;
guint16 ntresponse_length ;
guint16 domain_length ;
guint16 username_length ;
guint16 hostname_length ;
guint16 unknown1_length ;
guint32 negotiate_flags ;
const gchar * username ;
const gchar * domain ;
const gchar * hostname ;
int result_length ;
guint16 bc ;
gboolean unicode_strings = FALSE ;
/* Lan Manager response length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_lmresponse_strlen ,
tvb , offset , 2 , TRUE ) ;
lmresponse_length = tvb_get_letohs ( tvb , offset ) ;
offset + = 2 ;
/* Lan Manager response max length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_lmresponse_maxlen ,
tvb , offset , 2 , TRUE ) ;
offset + = 2 ;
/* Lan Manager response offset */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_lmresponse_offset ,
tvb , offset , 4 , TRUE ) ;
offset + = 4 ;
/* NTLM response length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_ntresponse_strlen ,
tvb , offset , 2 , TRUE ) ;
ntresponse_length = tvb_get_letohs ( tvb , offset ) ;
offset + = 2 ;
/* NTLM response max length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_ntresponse_maxlen ,
tvb , offset , 2 , TRUE ) ;
offset + = 2 ;
/* NTLM response offset */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_ntresponse_offset ,
tvb , offset , 4 , TRUE ) ;
offset + = 4 ;
/* Domain name length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_domain_strlen ,
tvb , offset , 2 , TRUE ) ;
domain_length = tvb_get_letohs ( tvb , offset ) ;
offset + = 2 ;
/* Domain name max length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_domain_maxlen ,
tvb , offset , 2 , TRUE ) ;
offset + = 2 ;
/* Domain name offset */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_domain_offset ,
tvb , offset , 4 , TRUE ) ;
offset + = 4 ;
/* Username length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_username_strlen ,
tvb , offset , 2 , TRUE ) ;
username_length = tvb_get_letohs ( tvb , offset ) ;
offset + = 2 ;
/* Username max length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_username_maxlen ,
tvb , offset , 2 , TRUE ) ;
offset + = 2 ;
/* Username offset */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_username_offset ,
tvb , offset , 4 , TRUE ) ;
offset + = 4 ;
/* Hostname length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_hostname_strlen ,
tvb , offset , 2 , TRUE ) ;
hostname_length = tvb_get_letohs ( tvb , offset ) ;
offset + = 2 ;
/* Hostname max length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_hostname_maxlen ,
tvb , offset , 2 , TRUE ) ;
offset + = 2 ;
/* Hostname offset */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_hostname_offset ,
tvb , offset , 4 , TRUE ) ;
offset + = 4 ;
/* Unknown1 length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_unknown1_strlen ,
tvb , offset , 2 , TRUE ) ;
unknown1_length = tvb_get_letohs ( tvb , offset ) ;
offset + = 2 ;
/* Unknown1 max length */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_unknown1_maxlen ,
tvb , offset , 2 , TRUE ) ;
offset + = 2 ;
/* Unknown1 offset */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_unknown1_offset ,
tvb , offset , 4 , TRUE ) ;
offset + = 4 ;
/* NTLMSSP Negotiate Flags */
negotiate_flags = tvb_get_letohl ( tvb , offset ) ;
offset = dissect_ntlmssp_negotiate_flags ( tvb , offset , ntlmssp_tree ,
negotiate_flags ) ;
if ( negotiate_flags & & NTLMSSP_NEGOTIATE_UNICODE )
unicode_strings = TRUE ;
/* Domain name */
2002-08-18 20:33:47 +00:00
if ( domain_length ! = 0 ) {
bc = domain_length ;
domain = get_unicode_or_ascii_string ( tvb , & offset ,
2002-08-10 21:15:37 +00:00
unicode_strings , & result_length ,
FALSE , FALSE , & bc ) ;
2002-08-18 20:33:47 +00:00
if ( domain = = NULL ) {
offset + = domain_length ;
return offset ;
}
2002-08-28 21:04:11 +00:00
proto_tree_add_string ( ntlmssp_tree , hf_ntlmssp_auth_domain , tvb ,
2002-08-18 20:33:47 +00:00
offset , result_length , domain ) ;
offset + = domain_length ;
}
2002-08-10 21:15:37 +00:00
2002-08-18 20:33:47 +00:00
/* User name */
if ( username_length ! = 0 ) {
bc = username_length ;
username = get_unicode_or_ascii_string ( tvb , & offset ,
unicode_strings , & result_length ,
FALSE , FALSE , & bc ) ;
if ( username = = NULL ) {
offset + = username_length ;
return offset ;
}
2002-08-28 21:04:11 +00:00
proto_tree_add_string ( ntlmssp_tree , hf_ntlmssp_auth_username , tvb ,
2002-08-18 20:33:47 +00:00
offset , result_length , username ) ;
offset + = username_length ;
}
2002-08-10 21:15:37 +00:00
/* Host name */
2002-08-18 20:33:47 +00:00
if ( hostname_length ! = 0 ) {
bc = hostname_length ;
hostname = get_unicode_or_ascii_string ( tvb , & offset ,
unicode_strings , & result_length ,
FALSE , FALSE , & bc ) ;
if ( hostname = = NULL ) {
offset + = hostname_length ;
return offset ;
}
2002-08-28 21:04:11 +00:00
proto_tree_add_string ( ntlmssp_tree , hf_ntlmssp_auth_hostname , tvb ,
2002-08-18 20:33:47 +00:00
offset , result_length , hostname ) ;
offset + = hostname_length ;
}
2002-08-10 21:15:37 +00:00
/* Lan Manager Response */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_lmresponse ,
tvb , offset , lmresponse_length , FALSE ) ;
offset + = lmresponse_length ;
/* NTLM Response */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_ntresponse ,
tvb , offset , ntresponse_length , FALSE ) ;
2002-08-28 21:04:11 +00:00
offset + = ntresponse_length ;
2002-08-10 21:15:37 +00:00
/* Unknown1 */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth_unknown1 ,
tvb , offset , unknown1_length , FALSE ) ;
2002-08-28 21:04:11 +00:00
offset + = unknown1_length ;
2002-08-10 21:15:37 +00:00
return offset ;
}
2002-07-09 20:49:27 +00:00
static void
dissect_ntlmssp ( tvbuff_t * tvb , packet_info * pinfo _U_ , proto_tree * tree )
{
guint32 ntlmssp_message_type ;
2002-08-31 20:25:43 +00:00
volatile int offset = 0 ;
proto_tree * volatile ntlmssp_tree = NULL ;
2002-07-09 20:49:27 +00:00
proto_item * tf = NULL ;
/* Setup a new tree for the NTLMSSP payload */
if ( tree ) {
2002-08-28 21:04:11 +00:00
tf = proto_tree_add_item ( tree ,
2002-07-09 20:49:27 +00:00
hf_ntlmssp ,
2002-08-31 20:25:43 +00:00
tvb , offset , - 1 , FALSE ) ;
2002-08-28 21:04:11 +00:00
ntlmssp_tree = proto_item_add_subtree ( tf ,
2002-07-09 20:49:27 +00:00
ett_ntlmssp ) ;
}
2002-08-28 21:04:11 +00:00
2002-08-31 20:25:43 +00:00
/*
* Catch the ReportedBoundsError exception ; the stuff we ' ve been
* handed doesn ' t necessarily run to the end of the packet , it ' s
* an item inside a packet , so if it happens to be malformed ( or
* we , or a dissector we call , has a bug ) , so that an exception
* is thrown , we want to report the error , but return and let
* our caller dissect the rest of the packet .
*
* If it gets a BoundsError , we can stop , as there ' s nothing more
* in the packet after our blob to see , so we just re - throw the
* exception .
*/
TRY {
/* NTLMSSP constant */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_auth ,
tvb , offset , 8 , FALSE ) ;
offset + = 8 ;
/* NTLMSSP Message Type */
proto_tree_add_item ( ntlmssp_tree , hf_ntlmssp_message_type ,
tvb , offset , 4 , TRUE ) ;
ntlmssp_message_type = tvb_get_letohl ( tvb , offset ) ;
2002-09-03 16:45:31 +00:00
offset + = 4 ;
2002-08-31 20:25:43 +00:00
/* Call the appropriate dissector based on the Message Type */
switch ( ntlmssp_message_type ) {
case NTLMSSP_NEGOTIATE :
offset = dissect_ntlmssp_negotiate ( tvb , offset , ntlmssp_tree ) ;
break ;
case NTLMSSP_CHALLENGE :
offset = dissect_ntlmssp_challenge ( tvb , offset , ntlmssp_tree ) ;
break ;
case NTLMSSP_AUTH :
offset = dissect_ntlmssp_auth ( tvb , offset , ntlmssp_tree ) ;
break ;
default :
/* Unrecognized message type */
proto_tree_add_text ( ntlmssp_tree , tvb , offset , - 1 ,
" Unrecognized NTLMSSP Message " ) ;
break ;
}
} CATCH ( BoundsError ) {
RETHROW ;
} CATCH ( ReportedBoundsError ) {
show_reported_bounds_error ( tvb , pinfo , tree ) ;
} ENDTRY ;
2002-07-09 20:49:27 +00:00
}
void
proto_register_ntlmssp ( void )
{
static hf_register_info hf [ ] = {
{ & hf_ntlmssp ,
{ " NTLMSSP " , " ntlmssp " , FT_NONE , BASE_NONE , NULL , 0x0 , " NTLMSSP " , HFILL } } ,
2002-08-28 21:04:11 +00:00
{ & hf_ntlmssp_auth ,
2002-07-09 20:49:27 +00:00
{ " NTLMSSP identifier " , " ntlmssp.identifier " , FT_STRING , BASE_NONE , NULL , 0x0 , " NTLMSSP Identifier " , HFILL } } ,
2002-08-28 21:04:11 +00:00
2002-07-09 20:49:27 +00:00
{ & hf_ntlmssp_message_type ,
{ " NTLM Message Type " , " ntlmssp.messagetype " , FT_UINT32 , BASE_HEX , VALS ( ntlmssp_message_types ) , 0x0 , " " , HFILL } } ,
2002-08-28 21:04:11 +00:00
2002-07-09 20:49:27 +00:00
{ & hf_ntlmssp_negotiate_flags ,
{ " Flags " , " dcerpc.negotiateflags " , FT_UINT32 , BASE_HEX , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_01 ,
2002-08-28 21:04:11 +00:00
2002-07-09 20:49:27 +00:00
{ " Negotiate UNICODE " , " ntlmssp.negotiateunicode " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_UNICODE , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_02 ,
{ " Negotiate OEM " , " ntlmssp.negotiateoem " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_OEM , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_04 ,
{ " Request Target " , " ntlmssp.requesttarget " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_REQUEST_TARGET , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_08 ,
{ " Request 0x00000008 " , " ntlmssp.negotiate00000008 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_00000008 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_10 ,
{ " Negotiate Sign " , " ntlmssp.negotiatesign " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_SIGN , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_20 ,
{ " Negotiate Seal " , " ntlmssp.negotiateseal " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_SEAL , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_40 ,
{ " Negotiate Datagram Style " , " ntlmssp.negotiatedatagramstyle " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_DATAGRAM_STYLE , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_80 ,
{ " Negotiate Lan Manager Key " , " ntlmssp.negotiatelmkey " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_LM_KEY , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_100 ,
{ " Negotiate Netware " , " ntlmssp.negotiatenetware " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_NETWARE , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_200 ,
{ " Negotiate NTLM key " , " ntlmssp.negotiatentlm " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_NTLM , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_400 ,
{ " Negotiate 0x00000400 " , " ntlmssp.negotiate00000400 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_00000400 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_800 ,
{ " Negotiate 0x00000800 " , " ntlmssp.negotiate00000800 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_00000800 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_1000 ,
{ " Negotiate Domain Supplied " , " ntlmssp.negotiatedomainsupplied " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_2000 ,
{ " Negotiate Workstation Supplied " , " ntlmssp.negotiateworkstationsupplied " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_4000 ,
{ " Negotiate This is Local Call " , " ntlmssp.negotiatethisislocalcall " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_8000 ,
{ " Negotiate Always Sign " , " ntlmssp.negotiatealwayssign " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_ALWAYS_SIGN , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_10000 ,
{ " Negotiate Challenge Init Response " , " ntlmssp.negotiatechallengeinitresponse " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_CHAL_INIT_RESPONSE , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_20000 ,
{ " Negotiate Challenge Accept Response " , " ntlmssp.negotiatechallengeacceptresponse " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_CHAL_ACCEPT_RESPONSE , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_40000 ,
{ " Negotiate Challenge Non NT Session Key " , " ntlmssp.negotiatechallengenonntsessionkey " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_CHAL_NON_NT_SESSION_KEY , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_80000 ,
{ " Negotiate NTLM2 key " , " ntlmssp.negotiatentlm2 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_NTLM2 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_100000 ,
{ " Negotiate 0x00100000 " , " ntlmssp.negotiatent00100000 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_00100000 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_200000 ,
{ " Negotiate 0x00200000 " , " ntlmssp.negotiatent00200000 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_00200000 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_400000 ,
{ " Negotiate 0x00400000 " , " ntlmssp.negotiatent00400000 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_00400000 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_800000 ,
{ " Negotiate Target Info " , " ntlmssp.negotiatetargetinfo " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_CHAL_TARGET_INFO , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_1000000 ,
{ " Negotiate 0x01000000 " , " ntlmssp.negotiatent01000000 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_01000000 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_2000000 ,
{ " Negotiate 0x02000000 " , " ntlmssp.negotiatent02000000 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_02000000 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_4000000 ,
{ " Negotiate 0x04000000 " , " ntlmssp.negotiatent04000000 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_04000000 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_8000000 ,
{ " Negotiate 0x08000000 " , " ntlmssp.negotiatent08000000 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_08000000 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_10000000 ,
{ " Negotiate 0x10000000 " , " ntlmssp.negotiatent10000000 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_10000000 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_20000000 ,
{ " Negotiate 128 " , " ntlmssp.negotiate128 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_128 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_40000000 ,
{ " Negotiate Key Exchange " , " ntlmssp.negotiatekeyexch " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_KEY_EXCH , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_flags_80000000 ,
{ " Negotiate 0x80000000 " , " ntlmssp.negotiatent80000000 " , FT_BOOLEAN , 32 , TFS ( & flags_set_truth ) , NTLMSSP_NEGOTIATE_80000000 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_workstation_strlen ,
2002-07-10 06:17:55 +00:00
{ " Calling workstation name length " , " ntlmssp.negotiate.callingworkstation.strlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
2002-07-09 20:49:27 +00:00
{ & hf_ntlmssp_negotiate_workstation_maxlen ,
2002-07-10 06:17:55 +00:00
{ " Calling workstation name max length " , " ntlmssp.negotiate.callingworkstation.maxlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
2002-07-09 20:49:27 +00:00
{ & hf_ntlmssp_negotiate_workstation_buffer ,
{ " Calling workstation name buffer " , " ntlmssp.negotiate.callingworkstation.buffer " , FT_UINT32 , BASE_HEX , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_workstation ,
{ " Calling workstation name " , " ntlmssp.negotiate.callingworkstation " , FT_STRING , BASE_NONE , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_domain_strlen ,
2002-07-10 06:17:55 +00:00
{ " Calling workstation domain length " , " ntlmssp.negotiate.domain.strlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
2002-07-09 20:49:27 +00:00
{ & hf_ntlmssp_negotiate_domain_maxlen ,
2002-07-10 06:17:55 +00:00
{ " Calling workstation domain max length " , " ntlmssp.negotiate.domain.maxlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
2002-07-09 20:49:27 +00:00
{ & hf_ntlmssp_negotiate_domain_buffer ,
{ " Calling workstation domain buffer " , " ntlmssp.negotiate.domain.buffer " , FT_UINT32 , BASE_HEX , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_negotiate_domain ,
{ " Calling workstation domain " , " ntlmssp.negotiate.domain " , FT_STRING , BASE_NONE , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_ntlm_challenge ,
{ " NTLM Challenge " , " ntlmssp.ntlmchallenge " , FT_BYTES , BASE_HEX , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_reserved ,
{ " Reserved " , " ntlmssp.reserved " , FT_BYTES , BASE_HEX , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_challenge_unknown1 ,
{ " Unknown1 " , " ntlmssp.challenge.unknown1 " , FT_UINT32 , BASE_HEX , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_challenge_unknown2 ,
{ " Unknown2 " , " ntlmssp.challenge.unknown2 " , FT_UINT32 , BASE_HEX , NULL , 0x0 , " " , HFILL } } ,
2002-08-10 21:15:37 +00:00
{ & hf_ntlmssp_auth_lmresponse_strlen ,
{ " Lan Manager response length " , " ntlmssp.auth.lmresponse.strlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_lmresponse_maxlen ,
{ " Lan Manager response max length " , " ntlmssp.auth.lmresponse.maxlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_lmresponse_offset ,
{ " Lan Manager response offset " , " ntlmssp.auth.lmresponse.offset " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_ntresponse_strlen ,
{ " NTLM response length " , " ntlmssp.auth.ntresponse.strlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_ntresponse_maxlen ,
{ " NTLM response max length " , " ntlmssp.auth.ntresponse.maxlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_ntresponse_offset ,
{ " NTLM response offset " , " ntlmssp.auth.ntresponse.offset " , FT_UINT32 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_domain_strlen ,
{ " Domain name length " , " ntlmssp.auth.domain.strlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_domain_maxlen ,
{ " Domain name max length " , " ntlmssp.auth.domain.maxlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_domain_offset ,
{ " Domain name offset " , " ntlmssp.auth.domain.offset " , FT_UINT32 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_username_strlen ,
{ " Username length " , " ntlmssp.auth.username.strlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_username_maxlen ,
{ " Username max length " , " ntlmssp.auth.username.maxlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_username_offset ,
{ " Username offset " , " ntlmssp.auth.username.offset " , FT_UINT32 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_hostname_strlen ,
{ " Hostname length " , " ntlmssp.auth.hostname.strlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_hostname_maxlen ,
{ " Hostname max length " , " ntlmssp.auth.hostname.maxlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_hostname_offset ,
{ " Hostname offset " , " ntlmssp.auth.hostname.offset " , FT_UINT32 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_unknown1_strlen ,
{ " Unknown1 length " , " ntlmssp.auth.unknown1.strlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_unknown1_maxlen ,
{ " Unknown1 max length " , " ntlmssp.auth.unknown1.maxlen " , FT_UINT16 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_unknown1_offset ,
{ " Unknown1 offset " , " ntlmssp.auth.unknown1.offset " , FT_UINT32 , BASE_DEC , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_domain ,
{ " Domain name " , " ntlmssp.auth.domain " , FT_STRING , BASE_NONE , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_username ,
{ " User name " , " ntlmssp.auth.username " , FT_STRING , BASE_NONE , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_hostname ,
{ " Host name " , " ntlmssp.auth.hostname " , FT_STRING , BASE_NONE , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_lmresponse ,
{ " Lan Manager Response " , " ntlmssp.auth.lmresponse " , FT_BYTES , BASE_HEX , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_ntresponse ,
{ " NTLM Response " , " ntlmssp.auth.ntresponse " , FT_BYTES , BASE_HEX , NULL , 0x0 , " " , HFILL } } ,
{ & hf_ntlmssp_auth_unknown1 ,
{ " Unknown1 " , " ntlmssp.auth.unknown1 " , FT_BYTES , BASE_HEX , NULL , 0x0 , " " , HFILL } }
2002-07-09 20:49:27 +00:00
} ;
static gint * ett [ ] = {
& ett_ntlmssp ,
& ett_ntlmssp_negotiate_flags ,
} ;
proto_ntlmssp = proto_register_protocol (
" NTLM Secure Service Provider " , /* name */
" NTLMSSP " , /* short name */
" ntlmssp " /* abbrev */
) ;
proto_register_field_array ( proto_ntlmssp , hf , array_length ( hf ) ) ;
proto_register_subtree_array ( ett , array_length ( ett ) ) ;
2002-08-28 21:04:11 +00:00
2002-07-09 20:49:27 +00:00
register_dissector ( " ntlmssp " , dissect_ntlmssp , proto_ntlmssp ) ;
}
2002-08-30 00:32:11 +00:00
void
proto_reg_handoff_ntlmssp ( void )
{
2002-08-31 22:22:29 +00:00
dissector_handle_t ntlmssp_handle ;
2002-08-30 00:32:11 +00:00
2002-08-31 22:22:29 +00:00
/* Register protocol with the GSS-API module */
ntlmssp_handle = find_dissector ( " ntlmssp " ) ;
gssapi_init_oid ( " 1.3.6.1.4.1.311.2.2.10 " , proto_ntlmssp , ett_ntlmssp ,
2002-09-07 15:45:28 +00:00
ntlmssp_handle , " NTLMSSP (Microsoft NTLM Security Support Provider) " ) ;
2002-08-30 00:32:11 +00:00
}