Wireshark-commits: [Wireshark-commits] master 53014b9: Use the flags in the AUTHENTICATE message, i
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Tue, 11 Jun 2019 21:40:29 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=53014b9a63a872888d8005ef1dc5e22a55bc34ba
Submitter: "Guy Harris <guy@xxxxxxxxxxxx>"
Changed: branch: master
Repository: wireshark

Commits:

53014b9 by Guy Harris (guy@xxxxxxxxxxxx):

    Use the flags in the AUTHENTICATE message, if available.
    
    This is required for connectionless authentication, where the first
    message is a CHALLENGE message, which contains what the server is
    offering, and the AUTHENTICATE reply contains which of what the server
    offers can be supported by the client.
    
    It is also required in order to correctly dissect AUTHENTICATE messages
    in connection-oriented authentication if the CHALLENGE message cannot be
    found, either:
    
    	because it's missing in the capture;
    
    	because an SMB server is returning, in the Transaction reply
    	containing a DCE RPC message containing the CHALLENGE message, a
    	bogus PID and/or MID in response to the client Transaction
    	message containing a DCE RPC message NEGOTIATE message, so the
    	DCE RPC message in the Transaction reply isn't dissected as
    	such;
    
    	because one HTTP-over-TCP connection has the NEGOTIATE and
    	CHALLENGE message and a separate HTTP-over-TCP connection has
    	the AUTHENTICATE reply.
    
    Both of the latter two have been seen in captures.  We should probably
    somehow deal with the second case and, if possible, the first case
    (handing Transaction reply data to heuristic dissectors?).
    
    Update comments.
    Change-Id: I347cd1560e7fb8c7d1892ff4fb14c942b23e9a2a
    Reviewed-on: https://code.wireshark.org/review/33559
    Petri-Dish: Guy Harris <guy@xxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
    

Actions performed:

    from  388a384   debian: update libwsutil0 symbols
     add  53014b9   Use the flags in the AUTHENTICATE message, if available.


Summary of changes:
 epan/dissectors/packet-ntlmssp.c | 200 +++++++++++++++++++++++++++++++--------
 1 file changed, 160 insertions(+), 40 deletions(-)