Accepting request 107794 from network:utilities

Add detection for an important flag in NetrServerAutiticate call for MSRPC Netlogon. (forwarded request 107780 from gladiac)

OBS-URL: https://build.opensuse.org/request/show/107794
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wireshark?expand=0&rev=49
This commit is contained in:
Stephan Kulow 2012-03-05 17:02:30 +00:00 committed by Git OBS Bridge
commit 89994e2121
4 changed files with 56 additions and 20 deletions

View File

@ -0,0 +1,29 @@
Index: wireshark-1.6.5/epan/dissectors/packet-dcerpc-netlogon.c
===================================================================
--- wireshark-1.6.5.orig/epan/dissectors/packet-dcerpc-netlogon.c 2012-01-10 20:08:57.000000000 +0100
+++ wireshark-1.6.5/epan/dissectors/packet-dcerpc-netlogon.c 2012-03-02 14:28:11.415607283 +0100
@@ -6669,12 +6669,12 @@ static int netlogon_dissect_neg_options(
hf_netlogon_neg_flags_2000000,
tvb, offset, 4, flags);
proto_tree_add_boolean (negotiate_flags_tree,
- hf_netlogon_neg_flags_1000000,
- tvb, offset, 4, flags);
- proto_tree_add_boolean (negotiate_flags_tree,
hf_netlogon_neg_flags_800000,
tvb, offset, 4, flags);*/
proto_tree_add_boolean (negotiate_flags_tree,
+ hf_netlogon_neg_flags_1000000,
+ tvb, offset, 4, flags);
+ proto_tree_add_boolean (negotiate_flags_tree,
hf_netlogon_neg_flags_400000,
tvb, offset, 4, flags);
proto_tree_add_boolean (negotiate_flags_tree,
@@ -8807,7 +8807,7 @@ proto_register_dcerpc_netlogon(void)
{ "Not used 2000000", "ntlmssp.neg_flags.na200000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_2000000, "Not used", HFILL }},
{ &hf_netlogon_neg_flags_1000000,
- { "Not used 1000000", "ntlmssp.neg_flags.na100000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_1000000, "Not used", HFILL }},
+ { "AES supported", "ntlmssp.neg_flags.na100000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_1000000, "AES", HFILL }},
{ &hf_netlogon_neg_flags_800000,
{ "Not used 800000", "ntlmssp.neg_flags.na8000000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_800000, "Not used", HFILL }},

View File

@ -1,8 +1,8 @@
Index: wireshark-1.4.3/epan/dissectors/Makefile.common
Index: wireshark-1.6.5/epan/dissectors/Makefile.common
===================================================================
--- wireshark-1.4.3.orig/epan/dissectors/Makefile.common
+++ wireshark-1.4.3/epan/dissectors/Makefile.common
@@ -307,6 +307,8 @@ DISSECTOR_SRC = \
--- wireshark-1.6.5.orig/epan/dissectors/Makefile.common 2012-01-10 20:08:58.000000000 +0100
+++ wireshark-1.6.5/epan/dissectors/Makefile.common 2012-03-02 14:27:44.059540118 +0100
@@ -320,6 +320,8 @@ DISSECTOR_SRC = \
packet-collectd.c \
packet-componentstatus.c \
packet-cops.c \
@ -11,10 +11,10 @@ Index: wireshark-1.4.3/epan/dissectors/Makefile.common
packet-cosine.c \
packet-cpfi.c \
packet-cpha.c \
Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemnet.c
Index: wireshark-1.6.5/epan/dissectors/packet-corosync-totemnet.c
===================================================================
--- /dev/null
+++ wireshark-1.4.3/epan/dissectors/packet-corosync-totemnet.c
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ wireshark-1.6.5/epan/dissectors/packet-corosync-totemnet.c 2012-03-02 14:27:44.060540120 +0100
@@ -0,0 +1,1274 @@
+/* packet-corosync-totemnet.c
+ * Routines for the lowest level(encryption/decryption) protocol used in Corosync cluster engine
@ -1290,10 +1290,10 @@ Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemnet.c
+}
+
+/* packet-corosync-totemnet.c ends here */
Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.c
Index: wireshark-1.6.5/epan/dissectors/packet-corosync-totemsrp.c
===================================================================
--- /dev/null
+++ wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.c
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ wireshark-1.6.5/epan/dissectors/packet-corosync-totemsrp.c 2012-03-02 14:27:44.061540123 +0100
@@ -0,0 +1,1379 @@
+/* packet-corosync-totemsrp.c
+ * Dissectors for totem single ring protocol implementated in corosync cluster engine
@ -2674,10 +2674,10 @@ Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.c
+ corosync_totemsrp_is_little_endian(pinfo));
+}
+
Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.h
Index: wireshark-1.6.5/epan/dissectors/packet-corosync-totemsrp.h
===================================================================
--- /dev/null
+++ wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.h
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ wireshark-1.6.5/epan/dissectors/packet-corosync-totemsrp.h 2012-03-02 14:27:44.061540123 +0100
@@ -0,0 +1,53 @@
+/* packet-corosync-totemsrp.h
+ * Dissectors for totem single ring protocol implemented in corosync cluster engine
@ -2732,11 +2732,11 @@ Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.h
+
+
+#endif /* packet-totemsrp.h */
Index: wireshark-1.4.3/epan/dissectors/Makefile.in
Index: wireshark-1.6.5/epan/dissectors/Makefile.in
===================================================================
--- wireshark-1.4.3.orig/epan/dissectors/Makefile.in
+++ wireshark-1.4.3/epan/dissectors/Makefile.in
@@ -224,6 +224,8 @@ am__objects_3 = libdissectors_la-packet-
--- wireshark-1.6.5.orig/epan/dissectors/Makefile.in 2012-01-10 20:09:44.000000000 +0100
+++ wireshark-1.6.5/epan/dissectors/Makefile.in 2012-03-02 14:27:44.065540133 +0100
@@ -231,6 +231,8 @@ am__objects_3 = libdissectors_la-packet-
libdissectors_la-packet-collectd.lo \
libdissectors_la-packet-componentstatus.lo \
libdissectors_la-packet-cops.lo \
@ -2745,7 +2745,7 @@ Index: wireshark-1.4.3/epan/dissectors/Makefile.in
libdissectors_la-packet-cosine.lo \
libdissectors_la-packet-cpfi.lo \
libdissectors_la-packet-cpha.lo \
@@ -1486,6 +1488,8 @@ DISSECTOR_SRC = \
@@ -1555,6 +1557,8 @@ DISSECTOR_SRC = \
packet-collectd.c \
packet-componentstatus.c \
packet-cops.c \
@ -2754,7 +2754,7 @@ Index: wireshark-1.4.3/epan/dissectors/Makefile.in
packet-cosine.c \
packet-cpfi.c \
packet-cpha.c \
@@ -2773,6 +2777,8 @@ distclean-compile:
@@ -2890,6 +2894,8 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-collectd.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-componentstatus.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-cops.Plo@am__quote@
@ -2763,7 +2763,7 @@ Index: wireshark-1.4.3/epan/dissectors/Makefile.in
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-cosine.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-cpfi.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-cpha.Plo@am__quote@
@@ -4406,6 +4412,20 @@ libdissectors_la-packet-cops.lo: packet-
@@ -4611,6 +4617,20 @@ libdissectors_la-packet-cops.lo: packet-
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdissectors_la_CFLAGS) $(CFLAGS) -c -o libdissectors_la-packet-cops.lo `test -f 'packet-cops.c' || echo '$(srcdir)/'`packet-cops.c

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Thu Mar 1 15:29:52 UTC 2012 - asn@cryptomilk.org
- Add known bit for Netlogon ServerAutheticate2 flags.
-------------------------------------------------------------------
Tue Jan 17 06:13:35 UTC 2012 - cyliu@suse.com

View File

@ -36,6 +36,7 @@ Patch2: %{name}-1.2.0-geoip.patch
Patch3: %{name}-corosync-packet-dissector.patch
# PATCH-FIX-OPENSUSE wireshark-1.2.4-enable_lua.patch bnc#650434
Patch4: %{name}-1.2.4-enable_lua.patch
Patch5: %{name}-1.6.5-netlogon-aes.patch
BuildRequires: bison
BuildRequires: cairo-devel
BuildRequires: flex
@ -97,6 +98,7 @@ view the reconstructed stream of a TCP session.
%patch2
%patch3 -p1
%patch4
%patch5 -p1
sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop
# run as root on 11.3 and older - bnc#349782