Wireshark-dev: Re: [Wireshark-dev] Commit 3c1f71e: Build error "unused parameter 'ntlm_pass' [-
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 19 Apr 2016 13:43:40 -0700
Or

	#ifdef HAVE_KERBEROS
	#define _U_IF_NO_KERBEROS_
	#else
	#define _U_IF_NO_KERBEROS_	_U_
	#endif

		...

	static guint32 get_keytab_as_list(md4_pass **p_pass_list, const
	       char* ntlm_pass _U_IF_NO_KERBEROS_ )

or maybe only define get_keytab_as_list() *at all* if we have Kerberos and do

#ifdef HAVE_KERBEROS
            guint32 list_size = 0;
#endif

		...

#ifdef HAVE_KERBEROS
            list_size = get_keytab_as_list(&pass_list,gbl_nt_password);
#endif

            if( flags & NETLOGON_FLAG_STRONGKEY ) {
#ifdef HAVE_KERBEROS
                guint8 zeros[4];
                guint8 md5[16];
                md5_state_t md5state;
                guint8 buf[8];
                guint64 calculated_cred;


                memset(zeros,0,4);
                md5_init(&md5state);
                md5_append(&md5state,zeros,4);
                md5_append(&md5state,(unsigned char*)&vars->client_challenge,8);
                md5_append(&md5state,(unsigned char*)&vars->server_challenge,8);
                md5_finish(&md5state,md5);
                printnbyte(md5,8,"MD5:","\n");
                printnbyte((guint8*)&vars->client_challenge,8,"Client challenge:","\n");
                printnbyte((guint8*)&vars->server_challenge,8,"Server challenge:","\n");
                printnbyte((guint8*)&server_cred,8,"Server creds:","\n");
                for(i=0;i<list_size;i++)
                {
                    password = pass_list[i];
                    md5_hmac(md5,16,(guint8*) &password,16,session_key);
                    crypt_des_ecb(buf,(unsigned char*)&vars->server_challenge,session_key,1);
                    crypt_des_ecb((unsigned char*)&calculated_cred,buf,session_key+7,1);
#if 0
                    printnbyte((guint8*)&calculated_cred,8,"Calculated creds:","\n");
#endif
                    if(calculated_cred==server_cred) {
                        found = 1;
                        break;
                    }
                }
#endif
            }

so we don't bother with any of that stuff if we don't have Kerberos support (no point in doing all the MD5 work if we don't have any keys to test the result with), or some other flavor of restructuring along those lines.