Complete breakout of SMB, GSSAPI, and NTLM

- Looser coupling between these analyzers.
 - New ntlm.log (still pretty early)
 - Improved string handling for NTLM (convert UTF16 to UTF8)
 - SMB2 analyzer now supports GSSAPI.
 - Improved abstraction of DCE_RPC operations (still not finished)
 - Lots of whitespace cleanup.

scripts/base/protocols/ntlm/__load__.bro

@@ -0,0 +1 @@
+@load ./main

scripts/base/protocols/ntlm/main.bro

@@ -0,0 +1,54 @@
+module NTLM;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Info: record {
+		## Timestamp for when the event happened.
+		ts         : time     &log;
+		## Unique ID for the connection.
+		uid        : string   &log;
+		## The connection's 4-tuple of endpoint addresses/ports.
+		id         : conn_id  &log;
+
+		username: string &log &optional;
+		hostname: string &log &optional;
+		domainname: string &log &optional;
+	};
+}
+
+redef record connection += {
+	ntlm: Info &optional;
+};
+
+event bro_init() &priority=5
+	{
+	Log::create_stream(NTLM::LOG, [$columns=Info, $path="ntlm"]);
+	}
+
+event ntlm_negotiate(c: connection, request: NTLM::Negotiate) &priority=5
+	{
+	#print request;
+	}
+
+event ntlm_challenge(c: connection, challenge: NTLM::Challenge) &priority=5
+	{
+	#print "challenge!!!!!";
+	#print challenge;
+	}
+
+event ntlm_authenticate(c: connection, request: NTLM::Authenticate) &priority=5
+	{
+	c$ntlm = NTLM::Info($ts=network_time(), $uid=c$uid, $id=c$id);
+	if ( request?$domain_name )
+		c$ntlm$domainname = request$domain_name;
+	if ( request?$workstation )
+		c$ntlm$hostname = request$workstation;
+	if ( request?$user_name )
+		c$ntlm$username = request$user_name;
+	}
+
+event ntlm_authenticate(c: connection, request: NTLM::Authenticate) &priority=-5
+	{
+	Log::write(NTLM::LOG, c$ntlm);
+	}