|
Lines 2-8
Link Here
|
| 2 |
* Routines for snooping SID to name mappings |
2 |
* Routines for snooping SID to name mappings |
| 3 |
* Copyright 2003, Ronnie Sahlberg |
3 |
* Copyright 2003, Ronnie Sahlberg |
| 4 |
* |
4 |
* |
| 5 |
* $Id: packet-smb-sidsnooping.c,v 1.11 2004/05/07 12:29:03 tpot Exp $ |
5 |
* $Id: packet-smb-sidsnooping.c,v 1.13 2004/06/04 00:15:55 tpot Exp $ |
| 6 |
* |
6 |
* |
| 7 |
* Ethereal - Network traffic analyzer |
7 |
* Ethereal - Network traffic analyzer |
| 8 |
* By Gerald Combs <gerald@ethereal.com> |
8 |
* By Gerald Combs <gerald@ethereal.com> |
|
Lines 43-49
Link Here
|
| 43 |
static int hf_lsa_info_level = -1; |
43 |
static int hf_lsa_info_level = -1; |
| 44 |
static int hf_lsa_opnum = -1; |
44 |
static int hf_lsa_opnum = -1; |
| 45 |
static int hf_lsa_domain = -1; |
45 |
static int hf_lsa_domain = -1; |
| 46 |
static int hf_lsa_domain_sid = -1; |
46 |
static int hf_nt_domain_sid = -1; |
| 47 |
static int hf_samr_hnd = -1; |
47 |
static int hf_samr_hnd = -1; |
| 48 |
static int hf_samr_rid = -1; |
48 |
static int hf_samr_rid = -1; |
| 49 |
static int hf_samr_acct_name = -1; |
49 |
static int hf_samr_acct_name = -1; |
|
Lines 173-178
Link Here
|
| 173 |
return 0; |
173 |
return 0; |
| 174 |
} |
174 |
} |
| 175 |
|
175 |
|
|
|
176 |
if (!pol_name) |
| 177 |
return 0; |
| 178 |
|
| 176 |
sid=strstr(pol_name,"S-1-5"); |
179 |
sid=strstr(pol_name,"S-1-5"); |
| 177 |
if(!sid){ |
180 |
if(!sid){ |
| 178 |
return 0; |
181 |
return 0; |
|
Lines 250-256
Link Here
|
| 250 |
fi=gp->pdata[0]; |
253 |
fi=gp->pdata[0]; |
| 251 |
domain=fi->value.value.string; |
254 |
domain=fi->value.value.string; |
| 252 |
|
255 |
|
| 253 |
gp=proto_get_finfo_ptr_array(edt->tree, hf_lsa_domain_sid); |
256 |
gp=proto_get_finfo_ptr_array(edt->tree, hf_nt_domain_sid); |
| 254 |
if(!gp || gp->len!=1){ |
257 |
if(!gp || gp->len!=1){ |
| 255 |
return 0; |
258 |
return 0; |
| 256 |
} |
259 |
} |
|
Lines 384-392
Link Here
|
| 384 |
hf_lsa_opnum=hfi->id; |
387 |
hf_lsa_opnum=hfi->id; |
| 385 |
} |
388 |
} |
| 386 |
|
389 |
|
| 387 |
hfi=proto_registrar_get_byname("lsa.domain_sid"); |
390 |
hfi=proto_registrar_get_byname("nt.domain_sid"); |
| 388 |
if(hfi){ |
391 |
if(hfi){ |
| 389 |
hf_lsa_domain_sid=hfi->id; |
392 |
hf_nt_domain_sid=hfi->id; |
| 390 |
} |
393 |
} |
| 391 |
|
394 |
|
| 392 |
hfi=proto_registrar_get_byname("lsa.domain"); |
395 |
hfi=proto_registrar_get_byname("lsa.domain"); |
|
Lines 418-424
Link Here
|
| 418 |
|
421 |
|
| 419 |
|
422 |
|
| 420 |
|
423 |
|
| 421 |
error_string=register_tap_listener("dcerpc", lsa_policy_information, "lsa.policy_information and ( lsa.info.level or lsa.domain or lsa.domain_sid )", NULL, lsa_policy_information, NULL); |
424 |
error_string=register_tap_listener("dcerpc", lsa_policy_information, "lsa.policy_information and ( lsa.info.level or lsa.domain or nt.domain_sid )", NULL, lsa_policy_information, NULL); |
| 422 |
if(error_string){ |
425 |
if(error_string){ |
| 423 |
/* error, we failed to attach to the tap. clean up */ |
426 |
/* error, we failed to attach to the tap. clean up */ |
| 424 |
|
427 |
|