From Devin Heitmueller: show proper field names for SAMR
UnicodeChangePassword2. svn path=/trunk/; revision=6603
This commit is contained in:
parent
425e7406d2
commit
c6bcd3eb0d
3
AUTHORS
3
AUTHORS
|
@ -1223,7 +1223,8 @@ Devin Heitmueller <dheitmueller[AT]netilla.com> {
|
|||
editing code without having specified a filter name and string
|
||||
Fix to treat the "send buffer length" in SMB RAP messages as
|
||||
being present in the packet
|
||||
Dissection of NTLMSSP packets for DCERPC
|
||||
Dissection of NTLMSSP authentication for DCERPC
|
||||
Show proper field names for SAMR UnicodeChangePassword2
|
||||
}
|
||||
|
||||
Chenjiang Hu <chu[AT]chiaro.com> {
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
* Copyright 2001, Tim Potter <tpot@samba.org>
|
||||
* 2002 Added all command dissectors Ronnie Sahlberg
|
||||
*
|
||||
* $Id: packet-dcerpc-samr.c,v 1.59 2002/11/10 09:49:38 sahlberg Exp $
|
||||
* $Id: packet-dcerpc-samr.c,v 1.60 2002/11/10 20:17:52 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
@ -81,6 +81,10 @@ static int hf_samr_mask = -1;
|
|||
static int hf_samr_crypt_password = -1;
|
||||
static int hf_samr_crypt_hash = -1;
|
||||
static int hf_samr_lm_change = -1;
|
||||
static int hf_samr_lm_passchange_block = -1;
|
||||
static int hf_samr_nt_passchange_block = -1;
|
||||
static int hf_samr_lm_verifier = -1;
|
||||
static int hf_samr_nt_verifier = -1;
|
||||
static int hf_samr_attrib = -1;
|
||||
static int hf_samr_max_pwd_age = -1;
|
||||
static int hf_samr_min_pwd_age = -1;
|
||||
|
@ -1633,6 +1637,99 @@ samr_dissect_CRYPT_HASH(tvbuff_t *tvb, int offset,
|
|||
return offset;
|
||||
}
|
||||
|
||||
static int
|
||||
samr_dissect_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo _U_, proto_tree *tree,
|
||||
char *drep _U_)
|
||||
{
|
||||
dcerpc_info *di;
|
||||
|
||||
/* Right now, this just dumps the output. In the long term, we can use
|
||||
the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to
|
||||
actually decrypt the block */
|
||||
|
||||
di=pinfo->private_data;
|
||||
if(di->conformant_run){
|
||||
/* just a run to handle conformant arrays, no scalars to dissect */
|
||||
return offset;
|
||||
}
|
||||
|
||||
proto_tree_add_item(tree, hf_samr_nt_passchange_block, tvb, offset,
|
||||
516, FALSE);
|
||||
offset += 516;
|
||||
return offset;
|
||||
}
|
||||
|
||||
static int
|
||||
samr_dissect_LM_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo _U_, proto_tree *tree,
|
||||
char *drep _U_)
|
||||
{
|
||||
dcerpc_info *di;
|
||||
|
||||
/* Right now, this just dumps the output. In the long term, we can use
|
||||
the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to
|
||||
actually decrypt the block */
|
||||
|
||||
di=pinfo->private_data;
|
||||
if(di->conformant_run){
|
||||
/* just a run to handle conformant arrays, no scalars to dissect */
|
||||
return offset;
|
||||
}
|
||||
|
||||
proto_tree_add_item(tree, hf_samr_lm_passchange_block, tvb, offset,
|
||||
516, FALSE);
|
||||
offset += 516;
|
||||
return offset;
|
||||
}
|
||||
|
||||
static int
|
||||
samr_dissect_LM_VERIFIER(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo _U_, proto_tree *tree,
|
||||
char *drep _U_)
|
||||
{
|
||||
dcerpc_info *di;
|
||||
|
||||
/* Right now, this just dumps the output. In the long term, we can use
|
||||
the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to
|
||||
actually validate the verifier */
|
||||
|
||||
di=pinfo->private_data;
|
||||
if(di->conformant_run){
|
||||
/* just a run to handle conformant arrays, no scalars to dissect */
|
||||
return offset;
|
||||
}
|
||||
|
||||
proto_tree_add_item(tree, hf_samr_lm_verifier, tvb, offset, 16,
|
||||
FALSE);
|
||||
offset += 16;
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
samr_dissect_NT_VERIFIER(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo _U_, proto_tree *tree,
|
||||
char *drep _U_)
|
||||
{
|
||||
dcerpc_info *di;
|
||||
|
||||
/* Right now, this just dumps the output. In the long term, we can use
|
||||
the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to
|
||||
actually validate the verifier */
|
||||
|
||||
di=pinfo->private_data;
|
||||
if(di->conformant_run){
|
||||
/* just a run to handle conformant arrays, no scalars to dissect */
|
||||
return offset;
|
||||
}
|
||||
|
||||
proto_tree_add_item(tree, hf_samr_nt_verifier, tvb, offset, 16,
|
||||
FALSE);
|
||||
offset += 16;
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
samr_dissect_oem_change_password_user2_rqst(tvbuff_t *tvb, int offset,
|
||||
|
@ -1686,19 +1783,19 @@ samr_dissect_unicode_change_password_user2_rqst(tvbuff_t *tvb, int offset,
|
|||
"Account Name:", hf_samr_acct_name, 1);
|
||||
|
||||
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
||||
samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
|
||||
"Password", -1, 0);
|
||||
samr_dissect_NT_PASSCHANGE_BLOCK, NDR_POINTER_UNIQUE,
|
||||
"New NT Password Encrypted Block", -1, 0);
|
||||
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
||||
samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
|
||||
"Hash", -1, 0);
|
||||
samr_dissect_NT_VERIFIER, NDR_POINTER_UNIQUE,
|
||||
"NT Password Verifier", -1, 0);
|
||||
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
|
||||
hf_samr_lm_change, NULL);
|
||||
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
||||
samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
|
||||
"Password", -1, 0);
|
||||
samr_dissect_LM_PASSCHANGE_BLOCK, NDR_POINTER_UNIQUE,
|
||||
"New Lan Manager Password Encrypted Block", -1, 0);
|
||||
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
||||
samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
|
||||
"Hash", -1, 0);
|
||||
samr_dissect_LM_VERIFIER, NDR_POINTER_UNIQUE,
|
||||
"Lan Manager Password Verifier", -1, 0);
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
@ -4859,6 +4956,22 @@ proto_register_dcerpc_samr(void)
|
|||
"Hash", "samr.crypt_hash", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Encrypted Hash", HFILL }},
|
||||
|
||||
{ &hf_samr_lm_verifier, {
|
||||
"Verifier", "samr.lm_password_verifier", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Lan Manager Password Verifier", HFILL }},
|
||||
|
||||
{ &hf_samr_nt_verifier, {
|
||||
"Verifier", "samr.nt_password_verifier", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "NT Password Verifier", HFILL }},
|
||||
|
||||
{ &hf_samr_lm_passchange_block, {
|
||||
"Encrypted Block", "samr.lm_passchange_block", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Lan Manager Password Change Block", HFILL }},
|
||||
|
||||
{ &hf_samr_nt_passchange_block, {
|
||||
"Encrypted Block", "samr.nt_passchange_block", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "NT Password Change Block", HFILL }},
|
||||
|
||||
{ &hf_samr_lm_change, {
|
||||
"LM Change", "samr.lm_change", FT_UINT8, BASE_HEX,
|
||||
NULL, 0, "LM Change value", HFILL }},
|
||||
|
|
Loading…
Reference in New Issue