URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=53014b9a63a872888d8005ef1dc5e22a55bc34ba
Submitter: "Guy Harris <guy@xxxxxxxxxxxx>"
Changed: branch: master
Repository: wireshark
Commits:
53014b9 by Guy Harris (guy@xxxxxxxxxxxx):
Use the flags in the AUTHENTICATE message, if available.
This is required for connectionless authentication, where the first
message is a CHALLENGE message, which contains what the server is
offering, and the AUTHENTICATE reply contains which of what the server
offers can be supported by the client.
It is also required in order to correctly dissect AUTHENTICATE messages
in connection-oriented authentication if the CHALLENGE message cannot be
found, either:
because it's missing in the capture;
because an SMB server is returning, in the Transaction reply
containing a DCE RPC message containing the CHALLENGE message, a
bogus PID and/or MID in response to the client Transaction
message containing a DCE RPC message NEGOTIATE message, so the
DCE RPC message in the Transaction reply isn't dissected as
such;
because one HTTP-over-TCP connection has the NEGOTIATE and
CHALLENGE message and a separate HTTP-over-TCP connection has
the AUTHENTICATE reply.
Both of the latter two have been seen in captures. We should probably
somehow deal with the second case and, if possible, the first case
(handing Transaction reply data to heuristic dissectors?).
Update comments.
Change-Id: I347cd1560e7fb8c7d1892ff4fb14c942b23e9a2a
Reviewed-on: https://code.wireshark.org/review/33559
Petri-Dish: Guy Harris <guy@xxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
Actions performed:
from 388a384 debian: update libwsutil0 symbols
add 53014b9 Use the flags in the AUTHENTICATE message, if available.
Summary of changes:
epan/dissectors/packet-ntlmssp.c | 200 +++++++++++++++++++++++++++++++--------
1 file changed, 160 insertions(+), 40 deletions(-)