From 475c86ebc3b688faf57b2442de5167350e17436c40ff5f017147e8bbf77d4be4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Fri, 2 Mar 2012 16:21:49 +0000
Subject: [PATCH] Accepting request 107780 from
 home:gladiac:branches:network:utilities

Add detection for an important flag in NetrServerAutiticate call for MSRPC Netlogon.

OBS-URL: https://build.opensuse.org/request/show/107780
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=50
---
 wireshark-1.6.5-netlogon-aes.patch        | 29 ++++++++++++++++
 wireshark-corosync-packet-dissector.patch | 40 +++++++++++------------
 wireshark.changes                         |  5 +++
 wireshark.spec                            |  2 ++
 4 files changed, 56 insertions(+), 20 deletions(-)
 create mode 100644 wireshark-1.6.5-netlogon-aes.patch

diff --git a/wireshark-1.6.5-netlogon-aes.patch b/wireshark-1.6.5-netlogon-aes.patch
new file mode 100644
index 0000000..8687258
--- /dev/null
+++ b/wireshark-1.6.5-netlogon-aes.patch
@@ -0,0 +1,29 @@
+Index: wireshark-1.6.5/epan/dissectors/packet-dcerpc-netlogon.c
+===================================================================
+--- wireshark-1.6.5.orig/epan/dissectors/packet-dcerpc-netlogon.c	2012-01-10 20:08:57.000000000 +0100
++++ wireshark-1.6.5/epan/dissectors/packet-dcerpc-netlogon.c	2012-03-02 14:28:11.415607283 +0100
+@@ -6669,12 +6669,12 @@ static int netlogon_dissect_neg_options(
+           hf_netlogon_neg_flags_2000000,
+           tvb, offset, 4, flags);
+           proto_tree_add_boolean (negotiate_flags_tree,
+-          hf_netlogon_neg_flags_1000000,
+-          tvb, offset, 4, flags);
+-          proto_tree_add_boolean (negotiate_flags_tree,
+           hf_netlogon_neg_flags_800000,
+           tvb, offset, 4, flags);*/
+         proto_tree_add_boolean (negotiate_flags_tree,
++                                hf_netlogon_neg_flags_1000000,
++                                tvb, offset, 4, flags);
++        proto_tree_add_boolean (negotiate_flags_tree,
+                                 hf_netlogon_neg_flags_400000,
+                                 tvb, offset, 4, flags);
+         proto_tree_add_boolean (negotiate_flags_tree,
+@@ -8807,7 +8807,7 @@ proto_register_dcerpc_netlogon(void)
+           { "Not used 2000000", "ntlmssp.neg_flags.na200000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_2000000, "Not used", HFILL }},
+ 
+         { &hf_netlogon_neg_flags_1000000,
+-          { "Not used 1000000", "ntlmssp.neg_flags.na100000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_1000000, "Not used", HFILL }},
++          { "AES supported", "ntlmssp.neg_flags.na100000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_1000000, "AES", HFILL }},
+ 
+         { &hf_netlogon_neg_flags_800000,
+           { "Not used 800000", "ntlmssp.neg_flags.na8000000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_800000, "Not used", HFILL }},
diff --git a/wireshark-corosync-packet-dissector.patch b/wireshark-corosync-packet-dissector.patch
index 746a82f..34f27a5 100644
--- a/wireshark-corosync-packet-dissector.patch
+++ b/wireshark-corosync-packet-dissector.patch
@@ -1,8 +1,8 @@
-Index: wireshark-1.4.3/epan/dissectors/Makefile.common
+Index: wireshark-1.6.5/epan/dissectors/Makefile.common
 ===================================================================
---- wireshark-1.4.3.orig/epan/dissectors/Makefile.common
-+++ wireshark-1.4.3/epan/dissectors/Makefile.common
-@@ -307,6 +307,8 @@ DISSECTOR_SRC = \
+--- wireshark-1.6.5.orig/epan/dissectors/Makefile.common	2012-01-10 20:08:58.000000000 +0100
++++ wireshark-1.6.5/epan/dissectors/Makefile.common	2012-03-02 14:27:44.059540118 +0100
+@@ -320,6 +320,8 @@ DISSECTOR_SRC = \
  	packet-collectd.c	\
  	packet-componentstatus.c \
  	packet-cops.c 		\
@@ -11,10 +11,10 @@ Index: wireshark-1.4.3/epan/dissectors/Makefile.common
  	packet-cosine.c		\
  	packet-cpfi.c		\
  	packet-cpha.c		\
-Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemnet.c
+Index: wireshark-1.6.5/epan/dissectors/packet-corosync-totemnet.c
 ===================================================================
---- /dev/null
-+++ wireshark-1.4.3/epan/dissectors/packet-corosync-totemnet.c
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ wireshark-1.6.5/epan/dissectors/packet-corosync-totemnet.c	2012-03-02 14:27:44.060540120 +0100
 @@ -0,0 +1,1274 @@
 +/* packet-corosync-totemnet.c
 + * Routines for the lowest level(encryption/decryption) protocol used in Corosync cluster engine
@@ -1290,10 +1290,10 @@ Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemnet.c
 +}
 +
 +/* packet-corosync-totemnet.c ends here */
-Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.c
+Index: wireshark-1.6.5/epan/dissectors/packet-corosync-totemsrp.c
 ===================================================================
---- /dev/null
-+++ wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.c
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ wireshark-1.6.5/epan/dissectors/packet-corosync-totemsrp.c	2012-03-02 14:27:44.061540123 +0100
 @@ -0,0 +1,1379 @@
 +/* packet-corosync-totemsrp.c
 + * Dissectors for totem single ring protocol implementated in corosync cluster engine
@@ -2674,10 +2674,10 @@ Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.c
 +                                             corosync_totemsrp_is_little_endian(pinfo));
 +}
 +
-Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.h
+Index: wireshark-1.6.5/epan/dissectors/packet-corosync-totemsrp.h
 ===================================================================
---- /dev/null
-+++ wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.h
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ wireshark-1.6.5/epan/dissectors/packet-corosync-totemsrp.h	2012-03-02 14:27:44.061540123 +0100
 @@ -0,0 +1,53 @@
 +/* packet-corosync-totemsrp.h
 + * Dissectors for totem single ring protocol implemented in corosync cluster engine
@@ -2732,11 +2732,11 @@ Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.h
 +
 +
 +#endif /* packet-totemsrp.h */
-Index: wireshark-1.4.3/epan/dissectors/Makefile.in
+Index: wireshark-1.6.5/epan/dissectors/Makefile.in
 ===================================================================
---- wireshark-1.4.3.orig/epan/dissectors/Makefile.in
-+++ wireshark-1.4.3/epan/dissectors/Makefile.in
-@@ -224,6 +224,8 @@ am__objects_3 = libdissectors_la-packet-
+--- wireshark-1.6.5.orig/epan/dissectors/Makefile.in	2012-01-10 20:09:44.000000000 +0100
++++ wireshark-1.6.5/epan/dissectors/Makefile.in	2012-03-02 14:27:44.065540133 +0100
+@@ -231,6 +231,8 @@ am__objects_3 = libdissectors_la-packet-
  	libdissectors_la-packet-collectd.lo \
  	libdissectors_la-packet-componentstatus.lo \
  	libdissectors_la-packet-cops.lo \
@@ -2745,7 +2745,7 @@ Index: wireshark-1.4.3/epan/dissectors/Makefile.in
  	libdissectors_la-packet-cosine.lo \
  	libdissectors_la-packet-cpfi.lo \
  	libdissectors_la-packet-cpha.lo \
-@@ -1486,6 +1488,8 @@ DISSECTOR_SRC = \
+@@ -1555,6 +1557,8 @@ DISSECTOR_SRC = \
  	packet-collectd.c	\
  	packet-componentstatus.c \
  	packet-cops.c 		\
@@ -2754,7 +2754,7 @@ Index: wireshark-1.4.3/epan/dissectors/Makefile.in
  	packet-cosine.c		\
  	packet-cpfi.c		\
  	packet-cpha.c		\
-@@ -2773,6 +2777,8 @@ distclean-compile:
+@@ -2890,6 +2894,8 @@ distclean-compile:
  @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-collectd.Plo@am__quote@
  @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-componentstatus.Plo@am__quote@
  @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-cops.Plo@am__quote@
@@ -2763,7 +2763,7 @@ Index: wireshark-1.4.3/epan/dissectors/Makefile.in
  @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-cosine.Plo@am__quote@
  @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-cpfi.Plo@am__quote@
  @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libdissectors_la-packet-cpha.Plo@am__quote@
-@@ -4406,6 +4412,20 @@ libdissectors_la-packet-cops.lo: packet-
+@@ -4611,6 +4617,20 @@ libdissectors_la-packet-cops.lo: packet-
  @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
  @am__fastdepCC_FALSE@	$(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdissectors_la_CFLAGS) $(CFLAGS) -c -o libdissectors_la-packet-cops.lo `test -f 'packet-cops.c' || echo '$(srcdir)/'`packet-cops.c
  
diff --git a/wireshark.changes b/wireshark.changes
index 2177722..22a7804 100644
--- a/wireshark.changes
+++ b/wireshark.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Mar  1 15:29:52 UTC 2012 - asn@cryptomilk.org
+
+- Add known bit for Netlogon ServerAutheticate2 flags.
+
 -------------------------------------------------------------------
 Tue Jan 17 06:13:35 UTC 2012 - cyliu@suse.com
 
diff --git a/wireshark.spec b/wireshark.spec
index c75c14d..9fa006c 100644
--- a/wireshark.spec
+++ b/wireshark.spec
@@ -36,6 +36,7 @@ Patch2:         %{name}-1.2.0-geoip.patch
 Patch3:         %{name}-corosync-packet-dissector.patch
 # PATCH-FIX-OPENSUSE wireshark-1.2.4-enable_lua.patch bnc#650434
 Patch4:         %{name}-1.2.4-enable_lua.patch
+Patch5:         %{name}-1.6.5-netlogon-aes.patch
 BuildRequires:  bison
 BuildRequires:  cairo-devel
 BuildRequires:  flex
@@ -97,6 +98,7 @@ view the reconstructed stream of a TCP session.
 %patch2
 %patch3 -p1
 %patch4
+%patch5 -p1
 
 sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop
 # run as root on 11.3 and older - bnc#349782