From e95fa174dea5db0602edb68110ce976619695cf6 Mon Sep 17 00:00:00 2001 From: Jan Safranek Date: Fri, 9 Mar 2012 17:34:57 +0100 Subject: [PATCH] added AES support into netlogon dissector (personally requested on IRC) --- wireshark-netlogon-aes.patch | 39 ++++++++++++++++++++++++++++++++++++ wireshark.spec | 3 +++ 2 files changed, 42 insertions(+) create mode 100644 wireshark-netlogon-aes.patch diff --git a/wireshark-netlogon-aes.patch b/wireshark-netlogon-aes.patch new file mode 100644 index 0000000..013be11 --- /dev/null +++ b/wireshark-netlogon-aes.patch @@ -0,0 +1,39 @@ +Add AES support to netlogon + +commit 2312194e96d9501549bff6c285ddfae82515e963 +Author: etxrab +Date: Sun Mar 4 16:07:24 2012 +0000 + + "From Jan Šafránek: Add support for AES in Microsoft Network Logon Negotiation options https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6895" + + git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@41337 f5534014-38df-0310-8fa8-9805f1628bb7 + +diff --git a/epan/dissectors/packet-dcerpc-netlogon.c b/epan/dissectors/packet-dcerpc-netlogon.c +index 859334a..04d494f 100644 +--- a/epan/dissectors/packet-dcerpc-netlogon.c ++++ b/epan/dissectors/packet-dcerpc-netlogon.c +@@ -6671,12 +6671,12 @@ static int netlogon_dissect_neg_options(tvbuff_t *tvb,proto_tree *tree,guint32 f + hf_netlogon_neg_flags_2000000, + tvb, offset, 4, flags); + proto_tree_add_boolean (negotiate_flags_tree, +- hf_netlogon_neg_flags_1000000, +- tvb, offset, 4, flags); +- proto_tree_add_boolean (negotiate_flags_tree, + hf_netlogon_neg_flags_800000, + tvb, offset, 4, flags);*/ + proto_tree_add_boolean (negotiate_flags_tree, ++ hf_netlogon_neg_flags_1000000, ++ tvb, offset, 4, flags); ++ proto_tree_add_boolean (negotiate_flags_tree, + hf_netlogon_neg_flags_400000, + tvb, offset, 4, flags); + proto_tree_add_boolean (negotiate_flags_tree, +@@ -8821,7 +8821,7 @@ proto_register_dcerpc_netlogon(void) + { "Not used 2000000", "ntlmssp.neg_flags.na200000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_2000000, "Not used", HFILL }}, + + { &hf_netlogon_neg_flags_1000000, +- { "Not used 1000000", "ntlmssp.neg_flags.na100000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_1000000, "Not used", HFILL }}, ++ { "AES supported", "ntlmssp.neg_flags.na100000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_1000000, "AES", HFILL }}, + + { &hf_netlogon_neg_flags_800000, + { "Not used 800000", "ntlmssp.neg_flags.na8000000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_800000, "Not used", HFILL }}, diff --git a/wireshark.spec b/wireshark.spec index 233eb2a..1d3753a 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -32,6 +32,7 @@ Patch5: wireshark-1.6.0-soname.patch Patch6: wireshark-1.6.2-nfsv41-addstatus.patch Patch7: wireshark-gnome3-msgbox.patch Patch8: wireshark-import-crash.patch +Patch9: wireshark-netlogon-aes.patch Url: http://www.wireshark.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -116,6 +117,7 @@ and plugins. %patch6 -p1 -b .v4staus %patch7 -p1 -b .gnome3 %patch8 -p1 -b .import +%patch9 -p1 -b .aes %build %ifarch s390 s390x sparcv9 sparc64 @@ -335,6 +337,7 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %changelog * Fri Mar 9 2012 Jan Safranek - 1.6.5-2 - fixed wireshark crashing when using combo box in import dialog (#773290) +- added AES support into netlogon dissector * Wed Jan 11 2012 Jan Safranek - 1.6.5-1 - upgrade to 1.6.5