Accepting request 107794 from network:utilities

Add detection for an important flag in NetrServerAutiticate call for MSRPC Netlogon. (forwarded request 107780 from gladiac) OBS-URL: https://build.opensuse.org/request/show/107794 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wireshark?expand=0&rev=49
2012-03-05 17:02:30 +00:00 · 2012-03-05 17:02:30 +00:00 · 89994e2121
commit 89994e2121
parent c9f115013e 475c86ebc3
4 changed files with 56 additions and 20 deletions
--- a/wireshark-1.6.5-netlogon-aes.patch
+++ b/wireshark-1.6.5-netlogon-aes.patch
@ -0,0 +1,29 @@
+Index: wireshark-1.6.5/epan/dissectors/packet-dcerpc-netlogon.c
+===================================================================
+--- wireshark-1.6.5.orig/epan/dissectors/packet-dcerpc-netlogon.c	2012-01-10 20:08:57.000000000 +0100
+++ wireshark-1.6.5/epan/dissectors/packet-dcerpc-netlogon.c	2012-03-02 14:28:11.415607283 +0100
+@@ -6669,12 +6669,12 @@ static int netlogon_dissect_neg_options(
+           hf_netlogon_neg_flags_2000000,
+           tvb, offset, 4, flags);
+           proto_tree_add_boolean (negotiate_flags_tree,
+-          hf_netlogon_neg_flags_1000000,
+-          tvb, offset, 4, flags);
+-          proto_tree_add_boolean (negotiate_flags_tree,
+           hf_netlogon_neg_flags_800000,
+           tvb, offset, 4, flags);*/
+         proto_tree_add_boolean (negotiate_flags_tree,
+                                hf_netlogon_neg_flags_1000000,
+                                tvb, offset, 4, flags);
+        proto_tree_add_boolean (negotiate_flags_tree,
+                                 hf_netlogon_neg_flags_400000,
+                                 tvb, offset, 4, flags);
+         proto_tree_add_boolean (negotiate_flags_tree,
+@@ -8807,7 +8807,7 @@ proto_register_dcerpc_netlogon(void)
+           { "Not used 2000000", "ntlmssp.neg_flags.na200000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_2000000, "Not used", HFILL }},
+ 
+         { &hf_netlogon_neg_flags_1000000,
+-          { "Not used 1000000", "ntlmssp.neg_flags.na100000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_1000000, "Not used", HFILL }},
+          { "AES supported", "ntlmssp.neg_flags.na100000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_1000000, "AES", HFILL }},
+ 
+         { &hf_netlogon_neg_flags_800000,
+           { "Not used 800000", "ntlmssp.neg_flags.na8000000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_800000, "Not used", HFILL }},
--- a/wireshark-corosync-packet-dissector.patch
+++ b/wireshark-corosync-packet-dissector.patch
@ -1,8 +1,8 @@
-Index: wireshark-1.4.3/epan/dissectors/Makefile.common
+Index: wireshark-1.6.5/epan/dissectors/Makefile.common
 ===================================================================
--- wireshark-1.4.3.orig/epan/dissectors/Makefile.common
-+++ wireshark-1.4.3/epan/dissectors/Makefile.common
-@@ -307,6 +307,8 @@ DISSECTOR_SRC = \
+--- wireshark-1.6.5.orig/epan/dissectors/Makefile.common	2012-01-10 20:08:58.000000000 +0100
+++ wireshark-1.6.5/epan/dissectors/Makefile.common	2012-03-02 14:27:44.059540118 +0100
+@@ -320,6 +320,8 @@ DISSECTOR_SRC = \
 	packet-collectd.c	\
 	packet-componentstatus.c \
 	packet-cops.c 		\
@ -11,10 +11,10 @@ Index: wireshark-1.4.3/epan/dissectors/Makefile.common
 	packet-cosine.c		\
 	packet-cpfi.c		\
 	packet-cpha.c		\
-Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemnet.c
+Index: wireshark-1.6.5/epan/dissectors/packet-corosync-totemnet.c
 ===================================================================
--- /dev/null
-+++ wireshark-1.4.3/epan/dissectors/packet-corosync-totemnet.c
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ wireshark-1.6.5/epan/dissectors/packet-corosync-totemnet.c	2012-03-02 14:27:44.060540120 +0100
@@ -0,0 +1,1274 @@
 +/* packet-corosync-totemnet.c
 + * Routines for the lowest level(encryption/decryption) protocol used in Corosync cluster engine
@ -1290,10 +1290,10 @@ Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemnet.c
 +}
 +
 +/* packet-corosync-totemnet.c ends here */
-Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.c
+Index: wireshark-1.6.5/epan/dissectors/packet-corosync-totemsrp.c
 ===================================================================
--- /dev/null
-+++ wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.c
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ wireshark-1.6.5/epan/dissectors/packet-corosync-totemsrp.c	2012-03-02 14:27:44.061540123 +0100
@@ -0,0 +1,1379 @@
 +/* packet-corosync-totemsrp.c
 + * Dissectors for totem single ring protocol implementated in corosync cluster engine
@ -2674,10 +2674,10 @@ Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.c
 +                                             corosync_totemsrp_is_little_endian(pinfo));
 +}
 +
-Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.h
+Index: wireshark-1.6.5/epan/dissectors/packet-corosync-totemsrp.h
 ===================================================================
--- /dev/null
-+++ wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.h
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ wireshark-1.6.5/epan/dissectors/packet-corosync-totemsrp.h	2012-03-02 14:27:44.061540123 +0100
@@ -0,0 +1,53 @@
 +/* packet-corosync-totemsrp.h
 + * Dissectors for totem single ring protocol implemented in corosync cluster engine
@ -2732,11 +2732,11 @@ Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.h
 +
 +
 +#endif /* packet-totemsrp.h */
-Index: wireshark-1.4.3/epan/dissectors/Makefile.in
+Index: wireshark-1.6.5/epan/dissectors/Makefile.in
 ===================================================================
--- wireshark-1.4.3.orig/epan/dissectors/Makefile.in
-+++ wireshark-1.4.3/epan/dissectors/Makefile.in
-@@ -224,6 +224,8 @@ am__objects_3 = libdissectors_la-packet-
+--- wireshark-1.6.5.orig/epan/dissectors/Makefile.in	2012-01-10 20:09:44.000000000 +0100
+++ wireshark-1.6.5/epan/dissectors/Makefile.in	2012-03-02 14:27:44.065540133 +0100
+@@ -231,6 +231,8 @@ am__objects_3 = libdissectors_la-packet-
 	libdissectors_la-packet-collectd.lo \
 	libdissectors_la-packet-componentstatus.lo \
 	libdissectors_la-packet-cops.lo \
@ -2745,7 +2745,7 @@ Index: wireshark-1.4.3/epan/dissectors/Makefile.in
 	libdissectors_la-packet-cosine.lo \
 	libdissectors_la-packet-cpfi.lo \
 	libdissectors_la-packet-cpha.lo \
-@@ -1486,6 +1488,8 @@ DISSECTOR_SRC = \
+@@ -1555,6 +1557,8 @@ DISSECTOR_SRC = \
 	packet-collectd.c	\
 	packet-componentstatus.c \
 	packet-cops.c 		\
@ -2754,7 +2754,7 @@ Index: wireshark-1.4.3/epan/dissectors/Makefile.in
 	packet-cosine.c		\
 	packet-cpfi.c		\
 	packet-cpha.c		\
-@@ -2773,6 +2777,8 @@ distclean-compile:
+@@ -2890,6 +2894,8 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-collectd.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-componentstatus.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-cops.Plo@am__quote@
@ -2763,7 +2763,7 @@ Index: wireshark-1.4.3/epan/dissectors/Makefile.in
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-cosine.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-cpfi.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-cpha.Plo@am__quote@
-@@ -4406,6 +4412,20 @@ libdissectors_la-packet-cops.lo: packet-
+@@ -4611,6 +4617,20 @@ libdissectors_la-packet-cops.lo: packet-
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdissectors_la_CFLAGS) $(CFLAGS) -c -o libdissectors_la-packet-cops.lo `test -f 'packet-cops.c' || echo '$(srcdir)/'`packet-cops.c
 
--- a/wireshark.changes
+++ b/wireshark.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Mar  1 15:29:52 UTC 2012 - asn@cryptomilk.org
+
+- Add known bit for Netlogon ServerAutheticate2 flags.
+
 -------------------------------------------------------------------
 Tue Jan 17 06:13:35 UTC 2012 - cyliu@suse.com

--- a/wireshark.spec
+++ b/wireshark.spec
@ -36,6 +36,7 @@ Patch2:         %{name}-1.2.0-geoip.patch
 Patch3:         %{name}-corosync-packet-dissector.patch
 # PATCH-FIX-OPENSUSE wireshark-1.2.4-enable_lua.patch bnc#650434
 Patch4:         %{name}-1.2.4-enable_lua.patch
+Patch5:         %{name}-1.6.5-netlogon-aes.patch
 BuildRequires:  bison
 BuildRequires:  cairo-devel
 BuildRequires:  flex
@ -97,6 +98,7 @@ view the reconstructed stream of a TCP session.
 %patch2
 %patch3 -p1
 %patch4
+%patch5 -p1

 sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop
 # run as root on 11.3 and older - bnc#349782