From 6d6dce305d497a5d7267456d9465a7b44a6f12e9 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 24 Jun 2002 00:03:18 +0000 Subject: [PATCH] Change each DCERPC dissector to pass in a hf value on initialisation for a value_string that corresponds to that dissectors opnums. Pass in -1 if no such table is available. svn path=/trunk/; revision=5749 --- packet-dcerpc-browser.c | 4 +- packet-dcerpc-conv.c | 4 +- packet-dcerpc-dfs.c | 33 +++++++++--- packet-dcerpc-epm.c | 18 ++++++- packet-dcerpc-lsa.c | 74 +++++++++++++++++++++++++- packet-dcerpc-mapi.c | 4 +- packet-dcerpc-mgmt.c | 4 +- packet-dcerpc-netlogon.c | 55 ++++++++++++++++++- packet-dcerpc-nspi.c | 37 ++++++++++++- packet-dcerpc-oxid.c | 4 +- packet-dcerpc-reg.c | 44 +++++++++++++++- packet-dcerpc-remact.c | 4 +- packet-dcerpc-samr.c | 75 +++++++++++++++++++++++++- packet-dcerpc-spoolss.c | 111 ++++++++++++++++++++++++++++++++++++--- packet-dcerpc-srvsvc.c | 9 ++-- packet-dcerpc-tapi.c | 4 +- packet-dcerpc-wkssvc.c | 4 +- packet-dcerpc.c | 34 ++++++------ packet-dcerpc.h | 4 +- 19 files changed, 461 insertions(+), 65 deletions(-) diff --git a/packet-dcerpc-browser.c b/packet-dcerpc-browser.c index 37f754601e..5c27e5e948 100644 --- a/packet-dcerpc-browser.c +++ b/packet-dcerpc-browser.c @@ -2,7 +2,7 @@ * Routines for DCERPC Browser packet disassembly * Copyright 2001, Ronnie Sahlberg * - * $Id: packet-dcerpc-browser.c,v 1.6 2002/06/16 13:50:51 sahlberg Exp $ + * $Id: packet-dcerpc-browser.c,v 1.7 2002/06/24 00:03:16 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -1161,5 +1161,5 @@ proto_reg_handoff_dcerpc_browser(void) dcerpc_init_uuid(proto_dcerpc_browser, ett_dcerpc_browser, &uuid_dcerpc_browser, ver_dcerpc_browser, - dcerpc_browser_dissectors); + dcerpc_browser_dissectors, -1); } diff --git a/packet-dcerpc-conv.c b/packet-dcerpc-conv.c index 4481a20f71..24e0e5a817 100644 --- a/packet-dcerpc-conv.c +++ b/packet-dcerpc-conv.c @@ -2,7 +2,7 @@ * Routines for dcerpc conv dissection * Copyright 2001, Todd Sabin * - * $Id: packet-dcerpc-conv.c,v 1.3 2002/05/31 00:31:12 tpot Exp $ + * $Id: packet-dcerpc-conv.c,v 1.4 2002/06/24 00:03:16 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -80,5 +80,5 @@ void proto_reg_handoff_conv (void) { /* Register the protocol as dcerpc */ - dcerpc_init_uuid (proto_conv, ett_conv, &uuid_conv, ver_conv, conv_dissectors); + dcerpc_init_uuid (proto_conv, ett_conv, &uuid_conv, ver_conv, conv_dissectors, -1); } diff --git a/packet-dcerpc-dfs.c b/packet-dcerpc-dfs.c index 54a1033561..12b2228394 100644 --- a/packet-dcerpc-dfs.c +++ b/packet-dcerpc-dfs.c @@ -2,7 +2,7 @@ * Routines for SMB \\PIPE\\netdfs packet disassembly * Copyright 2001, Tim Potter * - * $Id: packet-dcerpc-dfs.c,v 1.3 2002/05/31 00:31:12 tpot Exp $ + * $Id: packet-dcerpc-dfs.c,v 1.4 2002/06/24 00:03:17 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -35,6 +35,8 @@ static int proto_dcerpc_dfs = -1; static gint ett_dcerpc_dfs = -1; +static int hf_dfs_opnum = -1; + static e_uuid_t uuid_dcerpc_dfs = { 0x4fc742e0, 0x4a10, 0x11cf, { 0x82, 0x73, 0x00, 0xaa, 0x00, 0x4a, 0xe6, 0x73 } @@ -43,18 +45,33 @@ static e_uuid_t uuid_dcerpc_dfs = { static guint16 ver_dcerpc_dfs = 3; static dcerpc_sub_dissector dcerpc_dfs_dissectors[] = { - { DFS_EXIST, "DFS_EXIST", NULL, NULL }, - { DFS_ADD, "DFS_ADD", NULL, NULL }, - { DFS_REMOVE, "DFS_REMOVE", NULL, NULL }, - { DFS_GET_INFO, "DFS_GET_INFO", NULL, NULL }, - { DFS_ENUM, "DFS_ENUM", NULL, NULL }, + { DFS_EXIST, "Exist", NULL, NULL }, + { DFS_ADD, "Add", NULL, NULL }, + { DFS_REMOVE, "Remove", NULL, NULL }, + { DFS_GET_INFO, "GetInfo", NULL, NULL }, + { DFS_ENUM, "Enum", NULL, NULL }, {0, NULL, NULL, NULL } }; +static const value_string dfs_opnum_vals[] = { + { DFS_EXIST, "Exit" }, + { DFS_ADD, "Add" }, + { DFS_REMOVE, "Remove" }, + { DFS_GET_INFO, "GetInfo" }, + { DFS_ENUM, "Enum" }, + { 0, NULL }, +}; + void proto_register_dcerpc_dfs(void) { + static hf_register_info hf[] = { + { &hf_dfs_opnum, + { "Operation", "dfs.opnum", FT_UINT16, BASE_DEC, + VALS(dfs_opnum_vals), 0x0, "Operation", HFILL }}, + }; + static gint *ett[] = { &ett_dcerpc_dfs }; @@ -62,6 +79,8 @@ proto_register_dcerpc_dfs(void) proto_dcerpc_dfs = proto_register_protocol( "Microsoft Distributed File System", "DFS", "dfs"); + proto_register_field_array(proto_dcerpc_dfs, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); } @@ -71,5 +90,5 @@ proto_reg_handoff_dcerpc_dfs(void) /* Register protocol as dcerpc */ dcerpc_init_uuid(proto_dcerpc_dfs, ett_dcerpc_dfs, &uuid_dcerpc_dfs, - ver_dcerpc_dfs, dcerpc_dfs_dissectors); + ver_dcerpc_dfs, dcerpc_dfs_dissectors, hf_dfs_opnum); } diff --git a/packet-dcerpc-epm.c b/packet-dcerpc-epm.c index 9e8e60ac9b..22fe50acbc 100644 --- a/packet-dcerpc-epm.c +++ b/packet-dcerpc-epm.c @@ -2,7 +2,7 @@ * Routines for dcerpc endpoint mapper dissection * Copyright 2001, Todd Sabin * - * $Id: packet-dcerpc-epm.c,v 1.10 2002/05/31 00:31:12 tpot Exp $ + * $Id: packet-dcerpc-epm.c,v 1.11 2002/06/24 00:03:17 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -41,6 +41,7 @@ static int proto_epm = -1; +static int hf_epm_opnum = -1; static int hf_epm_inquiry_type = -1; static int hf_epm_object_p = -1; static int hf_epm_object = -1; @@ -370,11 +371,24 @@ static dcerpc_sub_dissector epm_dissectors[] = { { 0, NULL, NULL, NULL } }; +static const value_string epm_opnum_vals[] = { + { 0, "insert" }, + { 1, "delete" }, + { 2, "lookup" }, + { 3, "map" }, + { 4, "lookup_handle_free" }, + { 5, "inq_object" }, + { 6, "mgmt_delete" }, + { 0, NULL } +}; void proto_register_epm (void) { static hf_register_info hf[] = { + { &hf_epm_opnum, + { "Operation", "epm.opnum", FT_UINT16, BASE_DEC, + VALS(epm_opnum_vals), 0x0, "Operation", HFILL }}, { &hf_epm_inquiry_type, { "Inquiry type", "epm.inq_type", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_epm_object_p, @@ -432,5 +446,5 @@ void proto_reg_handoff_epm (void) { /* Register the protocol as dcerpc */ - dcerpc_init_uuid (proto_epm, ett_epm, &uuid_epm, ver_epm, epm_dissectors); + dcerpc_init_uuid (proto_epm, ett_epm, &uuid_epm, ver_epm, epm_dissectors, hf_epm_opnum); } diff --git a/packet-dcerpc-lsa.c b/packet-dcerpc-lsa.c index 9306ea4dff..454c35f843 100644 --- a/packet-dcerpc-lsa.c +++ b/packet-dcerpc-lsa.c @@ -3,7 +3,7 @@ * Copyright 2001, Tim Potter * 2002 Added LSA command dissectors Ronnie Sahlberg * - * $Id: packet-dcerpc-lsa.c,v 1.51 2002/06/21 02:17:32 tpot Exp $ + * $Id: packet-dcerpc-lsa.c,v 1.52 2002/06/24 00:03:17 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -40,6 +40,7 @@ static int proto_dcerpc_lsa = -1; +static int hf_lsa_opnum = -1; static int hf_lsa_rc = -1; static int hf_lsa_hnd = -1; static int hf_lsa_server = -1; @@ -3977,10 +3978,79 @@ static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = { {0, NULL, NULL, NULL} }; +static const value_string lsa_opnum_vals[] = { + { LSA_LSACLOSE, "Close" }, + { LSA_LSADELETE, "Delete" }, + { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs" }, + { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject" }, + { LSA_LSASETSECURITYOBJECT, "SetSecObject" }, + { LSA_LSACHANGEPASSWORD, "ChangePassword" }, + { LSA_LSAOPENPOLICY, "OpenPolicy" }, + { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy" }, + { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy" }, + { LSA_LSACLEARAUDITLOG, "ClearAuditLog" }, + { LSA_LSACREATEACCOUNT, "CreateAccount" }, + { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts" }, + { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain" }, + { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains" }, + { LSA_LSALOOKUPNAMES, "LookupNames" }, + { LSA_LSALOOKUPSIDS, "LookupSIDs" }, + { LSA_LSACREATESECRET, "CreateSecret" }, + { LSA_LSAOPENACCOUNT, "OpenAccount" }, + { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount" }, + { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount" }, + { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount" }, + { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount" }, + { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount" }, + { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount" }, + { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount" }, + { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain" }, + { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain" }, + { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain" }, + { LSA_LSAOPENSECRET, "OpenSecret" }, + { LSA_LSASETSECRET, "SetSecret" }, + { LSA_LSAQUERYSECRET, "QuerySecret" }, + { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue" }, + { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName" }, + { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName" }, + { LSA_LSADELETEOBJECT, "DeleteObject" }, + { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight" }, + { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights" }, + { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights" }, + { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights" }, + { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo" }, + { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo" }, + { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain" }, + { LSA_LSASTOREPRIVATEDATA, "StorePrivateData" }, + { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData" }, + { LSA_LSAOPENPOLICY2, "OpenPolicy2" }, + { LSA_LSAGETUSERNAME, "GetUsername" }, + { LSA_LSAFUNCTION_2E, "LSAFUNCTION_2E" }, + { LSA_LSAFUNCTION_2F, "LSAFUNCTION_2F" }, + { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName" }, + { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName" }, + { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx" }, + { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx" }, + { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx" }, + { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy" }, + { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy" }, + { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName" }, + { LSA_LSAFUNCTION_38, "LSAFUNCTION_38" }, + { LSA_LSALOOKUPSIDS2, "LookupSIDs2" }, + { LSA_LSALOOKUPNAMES2, "LookupNames2" }, + { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B" }, + { 0, NULL } +}; + void proto_register_dcerpc_lsa(void) { static hf_register_info hf[] = { + + { &hf_lsa_opnum, + { "Operation", "lsa.opnum", FT_UINT16, BASE_DEC, + VALS(lsa_opnum_vals), 0x0, "Operation", HFILL }}, + { &hf_lsa_unknown_string, { "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE, NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }}, @@ -4351,5 +4421,5 @@ proto_reg_handoff_dcerpc_lsa(void) /* Register protocol as dcerpc */ dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa, - ver_dcerpc_lsa, dcerpc_lsa_dissectors); + ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum); } diff --git a/packet-dcerpc-mapi.c b/packet-dcerpc-mapi.c index 1a5c318583..67b59cbb9b 100644 --- a/packet-dcerpc-mapi.c +++ b/packet-dcerpc-mapi.c @@ -2,7 +2,7 @@ * Routines for MS Exchange MAPI * Copyright 2002, Ronnie Sahlberg * - * $Id: packet-dcerpc-mapi.c,v 1.11 2002/06/15 22:24:31 sahlberg Exp $ + * $Id: packet-dcerpc-mapi.c,v 1.12 2002/06/24 00:03:17 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -452,5 +452,5 @@ proto_reg_handoff_dcerpc_mapi(void) dcerpc_init_uuid(proto_dcerpc_mapi, ett_dcerpc_mapi, &uuid_dcerpc_mapi, ver_dcerpc_mapi, - dcerpc_mapi_dissectors); + dcerpc_mapi_dissectors, -1); } diff --git a/packet-dcerpc-mgmt.c b/packet-dcerpc-mgmt.c index d9ee080e21..58ad9d009e 100644 --- a/packet-dcerpc-mgmt.c +++ b/packet-dcerpc-mgmt.c @@ -2,7 +2,7 @@ * Routines for dcerpc mgmt dissection * Copyright 2001, Todd Sabin * - * $Id: packet-dcerpc-mgmt.c,v 1.3 2002/05/31 00:31:13 tpot Exp $ + * $Id: packet-dcerpc-mgmt.c,v 1.4 2002/06/24 00:03:17 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -80,5 +80,5 @@ void proto_reg_handoff_mgmt (void) { /* Register the protocol as dcerpc */ - dcerpc_init_uuid (proto_mgmt, ett_mgmt, &uuid_mgmt, ver_mgmt, mgmt_dissectors); + dcerpc_init_uuid (proto_mgmt, ett_mgmt, &uuid_mgmt, ver_mgmt, mgmt_dissectors, -1); } diff --git a/packet-dcerpc-netlogon.c b/packet-dcerpc-netlogon.c index 6b348c9f7b..f1851afd77 100644 --- a/packet-dcerpc-netlogon.c +++ b/packet-dcerpc-netlogon.c @@ -3,7 +3,7 @@ * Copyright 2001, Tim Potter * 2002 structure and command dissectors by Ronnie Sahlberg * - * $Id: packet-dcerpc-netlogon.c,v 1.22 2002/05/31 00:31:13 tpot Exp $ + * $Id: packet-dcerpc-netlogon.c,v 1.23 2002/06/24 00:03:17 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -38,6 +38,7 @@ #include "packet-dcerpc-lsa.h" static int proto_dcerpc_netlogon = -1; +static int hf_netlogon_opnum = -1; static int hf_netlogon_rc = -1; static int hf_netlogon_len = -1; static int hf_netlogon_status = -1; @@ -5147,11 +5148,61 @@ static dcerpc_sub_dissector dcerpc_netlogon_dissectors[] = { {0, NULL, NULL, NULL } }; +static const value_string netlogon_opnum_vals[] = { + { NETLOGON_UASLOGON, "UasLogon" }, + { NETLOGON_UASLOGOFF, "UasLogoff" }, + { NETLOGON_NETLOGONSAMLOGON, "NETLOGONSAMLOGON" }, + { NETLOGON_NETLOGONSAMLOGOFF, "NETLOGONSAMLOGOFF" }, + { NETLOGON_NETSERVERREQCHALLENGE, "NETSERVERREQCHALLENGE" }, + { NETLOGON_NETSERVERAUTHENTICATE, "NETSERVERAUTHENTICATE" }, + { NETLOGON_NETSERVERPASSWORDSET, "NETSERVERPASSWORDSET" }, + { NETLOGON_NETSAMDELTAS, "NETSAMDELTAS" }, + { NETLOGON_DATABASESYNC, "DatabaseSync" }, + { NETLOGON_ACCOUNTDELTAS, "AccountDeltas" }, + { NETLOGON_ACCOUNTSYNC, "AccountSync" }, + { NETLOGON_GETDCNAME, "GetDCName" }, + { NETLOGON_NETLOGONCONTROL, "NETLOGONCONTROL" }, + { NETLOGON_GETANYDCNAME, "GetAnyDCName" }, + { NETLOGON_NETLOGONCONTROL2, "NETLOGONCONTROL2" }, + { NETLOGON_NETSERVERAUTHENTICATE2, "NETSERVERAUTHENTICATE2" }, + { NETLOGON_NETDATABASESYNC2, "NETDATABASESYNC2" }, + { NETLOGON_DATABASEREDO, "DatabaseRedo" }, + { NETLOGON_FUNCTION_12, "FUNCTION_12" }, + { NETLOGON_NETTRUSTEDDOMAINLIST, "NETTRUSTEDDOMAINLIST" }, + { NETLOGON_DSRGETDCNAME2, "DSRGETDCNAME2" }, + { NETLOGON_FUNCTION_15, "FUNCTION_15" }, + { NETLOGON_FUNCTION_16, "FUNCTION_16" }, + { NETLOGON_FUNCTION_17, "FUNCTION_17" }, + { NETLOGON_FUNCTION_18, "FUNCTION_18" }, + { NETLOGON_FUNCTION_19, "FUNCTION_19" }, + { NETLOGON_NETSERVERAUTHENTICATE3, "NETSERVERAUTHENTICATE3" }, + { NETLOGON_DSRGETDCNAME, "DSRGETDCNAME" }, + { NETLOGON_DSRGETSITENAME, "DSRGETSITENAME" }, + { NETLOGON_FUNCTION_1D, "FUNCTION_1D" }, + { NETLOGON_FUNCTION_1E, "FUNCTION_1E" }, + { NETLOGON_NETSERVERPASSWORDSET2, "NETSERVERPASSWORDSET2" }, + { NETLOGON_FUNCTION_20, "FUNCTION_20" }, + { NETLOGON_FUNCTION_21, "FUNCTION_21" }, + { NETLOGON_FUNCTION_22, "FUNCTION_22" }, + { NETLOGON_FUNCTION_23, "FUNCTION_23" }, + { NETLOGON_FUNCTION_24, "FUNCTION_24" }, + { NETLOGON_FUNCTION_25, "FUNCTION_25" }, + { NETLOGON_FUNCTION_26, "FUNCTION_26" }, + { NETLOGON_FUNCTION_27, "FUNCTION_27" }, + { NETLOGON_DSRROLEGETPRIMARYDOMAININFORMATION, "DSRROLEGETPRIMARYDOMAININFORMATION" }, + { NETLOGON_DSRDEREGISTERDNSHOSTRECORDS, "DSRDEREGISTERDNSHOSTRECORDS" }, + { 0, NULL } +}; + void proto_register_dcerpc_netlogon(void) { static hf_register_info hf[] = { + { &hf_netlogon_opnum, + { "Operation", "netlogon.opnum", FT_UINT16, BASE_DEC, + VALS(netlogon_opnum_vals), 0x0, "Operation", HFILL }}, + { &hf_netlogon_rc, { "Return code", "netlogon.rc", FT_UINT32, BASE_HEX, VALS(NT_errors), 0x0, "Netlogon return code", HFILL }}, @@ -5574,5 +5625,5 @@ proto_reg_handoff_dcerpc_netlogon(void) dcerpc_init_uuid(proto_dcerpc_netlogon, ett_dcerpc_netlogon, &uuid_dcerpc_netlogon, ver_dcerpc_netlogon, - dcerpc_netlogon_dissectors); + dcerpc_netlogon_dissectors, hf_netlogon_opnum); } diff --git a/packet-dcerpc-nspi.c b/packet-dcerpc-nspi.c index 09640d1594..38f6fa9118 100644 --- a/packet-dcerpc-nspi.c +++ b/packet-dcerpc-nspi.c @@ -2,7 +2,7 @@ * Routines for dcerpc nspi dissection * Copyright 2001, Todd Sabin * - * $Id: packet-dcerpc-nspi.c,v 1.2 2002/05/31 00:31:13 tpot Exp $ + * $Id: packet-dcerpc-nspi.c,v 1.3 2002/06/24 00:03:17 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -39,6 +39,8 @@ static int proto_nspi = -1; +static int hf_nspi_opnum = -1; + static gint ett_nspi = -1; static e_uuid_t uuid_nspi = { 0xf5cc5a18, 0x4264, 0x101a, { 0x8c, 0x59, 0x08, 0x00, 0x2b, 0x2f, 0x84, 0x26 } }; @@ -68,14 +70,45 @@ static dcerpc_sub_dissector nspi_dissectors[] = { { 0, NULL, NULL, NULL } }; +static const value_string nspi_opnum_vals[] = { + { 0, "Bind" }, + { 1, "Unbind" }, + { 2, "UpdateStat" }, + { 3, "QueryRows" }, + { 4, "SeekEntries" }, + { 5, "GetMatches" }, + { 6, "ResortRestriction" }, + { 7, "DNToEph" }, + { 8, "GetPropList" }, + { 9, "GetProps" }, + { 10, "CompareDNTs" }, + { 11, "ModProps" }, + { 12, "GetHierarchyInfo" }, + { 13, "GetTemplateInfo" }, + { 14, "ModLinkAttr" }, + { 15, "DeleteEntries" }, + { 16, "QueryColumns" }, + { 17, "GetNamesFromIDs" }, + { 18, "GetIDsFromNames" }, + { 19, "ResolveNames" }, + { 0, NULL } +}; + void proto_register_nspi (void) { + static hf_register_info hf[] = { + { &hf_nspi_opnum, + { "Operation", "nspi.opnum", FT_UINT16, BASE_DEC, + VALS(nspi_opnum_vals), 0x0, "Operation", HFILL }}, + }; + static gint *ett[] = { &ett_nspi }; proto_nspi = proto_register_protocol ("NSPI", "NSPI", "nspi"); + proto_register_field_array(proto_nspi, hf, array_length(hf)); proto_register_subtree_array (ett, array_length (ett)); } @@ -83,5 +116,5 @@ void proto_reg_handoff_nspi (void) { /* Register the protocol as dcerpc */ - dcerpc_init_uuid (proto_nspi, ett_nspi, &uuid_nspi, ver_nspi, nspi_dissectors); + dcerpc_init_uuid (proto_nspi, ett_nspi, &uuid_nspi, ver_nspi, nspi_dissectors, hf_nspi_opnum); } diff --git a/packet-dcerpc-oxid.c b/packet-dcerpc-oxid.c index a8a47e2024..da0f4a823f 100644 --- a/packet-dcerpc-oxid.c +++ b/packet-dcerpc-oxid.c @@ -2,7 +2,7 @@ * Routines for DCOM OXID Resolver * Copyright 2001, Todd Sabin * - * $Id: packet-dcerpc-oxid.c,v 1.3 2002/05/31 00:31:13 tpot Exp $ + * $Id: packet-dcerpc-oxid.c,v 1.4 2002/06/24 00:03:17 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -74,5 +74,5 @@ void proto_reg_handoff_oxid (void) { /* Register the protocol as dcerpc */ - dcerpc_init_uuid (proto_oxid, ett_oxid, &uuid_oxid, ver_oxid, oxid_dissectors); + dcerpc_init_uuid (proto_oxid, ett_oxid, &uuid_oxid, ver_oxid, oxid_dissectors, -1); } diff --git a/packet-dcerpc-reg.c b/packet-dcerpc-reg.c index 2a40b79987..93042761ce 100644 --- a/packet-dcerpc-reg.c +++ b/packet-dcerpc-reg.c @@ -2,7 +2,7 @@ * Routines for SMB \\PIPE\\winreg packet disassembly * Copyright 2001, Tim Potter * - * $Id: packet-dcerpc-reg.c,v 1.5 2002/06/21 04:59:04 tpot Exp $ + * $Id: packet-dcerpc-reg.c,v 1.6 2002/06/24 00:03:17 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -51,6 +51,7 @@ const value_string reg_datatypes[] = { }; static int proto_dcerpc_reg = -1; +static int hf_reg_opnum = -1; static gint ett_dcerpc_reg = -1; static e_uuid_t uuid_dcerpc_reg = { @@ -92,9 +93,46 @@ static dcerpc_sub_dissector dcerpc_reg_dissectors[] = { { 0, NULL, NULL, NULL } }; +static const value_string reg_opnum_vals[] = { + { REG_OPEN_HKCR, "OpenHKCR" }, + { _REG_UNK_01, "Unknown01" }, + { REG_OPEN_HKLM, "OpenHKLM" }, + { _REG_UNK_03, "Unknown03" }, + { REG_OPEN_HKU, "OpenHKU" }, + { REG_CLOSE, "Close" }, + { REG_CREATE_KEY, "CreateKey" }, + { REG_DELETE_KEY, "DeleteKey" }, + { REG_DELETE_VALUE, "DeleteValue" }, + { REG_ENUM_KEY, "EnumKey" }, + { REG_ENUM_VALUE, "EnumValue" }, + { REG_FLUSH_KEY, "FlushKey" }, + { REG_GET_KEY_SEC, "GetKeySecurity" }, + { _REG_UNK_0D, "Unknown0d" }, + { _REG_UNK_0E, "Unknown0e" }, + { REG_OPEN_ENTRY, "OpenEntry" }, + { REG_QUERY_KEY, "QueryKey" }, + { REG_INFO, "Info" }, + { _REG_UNK_12, "Unknown12" }, + { _REG_UNK_13, "Unknown13" }, + { _REG_UNK_14, "Unknown14" }, + { REG_SET_KEY_SEC, "SetKeySecurity" }, + { REG_CREATE_VALUE, "CreateValue" }, + { _REG_UNK_17, "Unknown17" }, + { REG_SHUTDOWN, "Shutdown" }, + { REG_ABORT_SHUTDOWN, "AbortShutdown" }, + { REG_UNK_1A, "Unknown1A" }, + { 0, NULL } +}; + void proto_register_dcerpc_reg(void) { + static hf_register_info hf[] = { + { &hf_reg_opnum, + { "Operation", "reg.opnum", FT_UINT16, BASE_DEC, + VALS(reg_opnum_vals), 0x0, "Operation", HFILL }}, + }; + static gint *ett[] = { &ett_dcerpc_reg }; @@ -102,6 +140,8 @@ proto_register_dcerpc_reg(void) proto_dcerpc_reg = proto_register_protocol( "Microsoft Registry", "REG", "reg"); + proto_register_field_array(proto_dcerpc_reg, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); } @@ -111,5 +151,5 @@ proto_reg_handoff_dcerpc_reg(void) /* Register protocol as dcerpc */ dcerpc_init_uuid(proto_dcerpc_reg, ett_dcerpc_reg, &uuid_dcerpc_reg, - ver_dcerpc_reg, dcerpc_reg_dissectors); + ver_dcerpc_reg, dcerpc_reg_dissectors, -1); } diff --git a/packet-dcerpc-remact.c b/packet-dcerpc-remact.c index 94468785fe..d8a2133e58 100644 --- a/packet-dcerpc-remact.c +++ b/packet-dcerpc-remact.c @@ -2,7 +2,7 @@ * Routines for DCOM Remote Activation * Copyright 2001, Todd Sabin * - * $Id: packet-dcerpc-remact.c,v 1.4 2002/05/31 00:31:13 tpot Exp $ + * $Id: packet-dcerpc-remact.c,v 1.5 2002/06/24 00:03:17 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -76,5 +76,5 @@ void proto_reg_handoff_remact (void) { /* Register the protocol as dcerpc */ - dcerpc_init_uuid (proto_remact, ett_remact, &uuid_remact, ver_remact, remact_dissectors); + dcerpc_init_uuid (proto_remact, ett_remact, &uuid_remact, ver_remact, remact_dissectors, -1); } diff --git a/packet-dcerpc-samr.c b/packet-dcerpc-samr.c index 153cd94f34..c846281064 100644 --- a/packet-dcerpc-samr.c +++ b/packet-dcerpc-samr.c @@ -3,7 +3,7 @@ * Copyright 2001, Tim Potter * 2002 Added all command dissectors Ronnie Sahlberg * - * $Id: packet-dcerpc-samr.c,v 1.47 2002/05/31 00:31:13 tpot Exp $ + * $Id: packet-dcerpc-samr.c,v 1.48 2002/06/24 00:03:17 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -40,6 +40,7 @@ static int proto_dcerpc_samr = -1; +static int hf_samr_opnum = -1; static int hf_samr_hnd = -1; static int hf_samr_group = -1; static int hf_samr_rid = -1; @@ -4290,10 +4291,80 @@ static dcerpc_sub_dissector dcerpc_samr_dissectors[] = { {0, NULL, NULL, NULL } }; +static const value_string samr_opnum_vals[] = { + { SAMR_CONNECT_ANON, "ConnectAnonymous" }, + { SAMR_CLOSE_HND, "Close" }, + { SAMR_SET_SEC_OBJECT, "SetSecObject" }, + { SAMR_QUERY_SEC_OBJECT, "QuerySecObject" }, + { SAMR_SHUTDOWN_SAM_SERVER, "ShutdownSamServer" }, + { SAMR_LOOKUP_DOMAIN, "LookupDomain" }, + { SAMR_ENUM_DOMAINS, "EnumDomains" }, + { SAMR_OPEN_DOMAIN, "OpenDomain" }, + { SAMR_QUERY_DOMAIN_INFO, "QueryDomainInfo" }, + { SAMR_SET_DOMAIN_INFO, "SetDomainInfo" }, + { SAMR_CREATE_DOM_GROUP, "CreateGroup" }, + { SAMR_ENUM_DOM_GROUPS, "EnumDomainGroups" }, + { SAMR_CREATE_USER_IN_DOMAIN, "CreateUser" }, + { SAMR_ENUM_DOM_USERS, "EnumDomainUsers" }, + { SAMR_CREATE_DOM_ALIAS, "CreateAlias" }, + { SAMR_ENUM_DOM_ALIASES, "EnumAlises" }, + { SAMR_GET_ALIAS_MEMBERSHIP, "GetAliasMem" }, + { SAMR_LOOKUP_NAMES, "LookupNames" }, + { SAMR_LOOKUP_RIDS, "LookupRIDs" }, + { SAMR_OPEN_GROUP, "OpenGroup" }, + { SAMR_QUERY_GROUPINFO, "QueryGroupInfo" }, + { SAMR_SET_GROUPINFO, "SetGroupInfo" }, + { SAMR_ADD_GROUPMEM, "AddGroupMem" }, + { SAMR_DELETE_DOM_GROUP, "DeleteDomainGroup" }, + { SAMR_DEL_GROUPMEM, "RemoveGroupMem" }, + { SAMR_QUERY_GROUPMEM, "QueryGroupMem" }, + { SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SetMemberAttrGroup" }, + { SAMR_OPEN_ALIAS, "OpenAlias" }, + { SAMR_QUERY_ALIASINFO, "QueryAliasInfo" }, + { SAMR_SET_ALIASINFO, "SetAliasInfo" }, + { SAMR_DELETE_DOM_ALIAS, "DeleteAlias" }, + { SAMR_ADD_ALIASMEM, "AddAliasMem" }, + { SAMR_DEL_ALIASMEM, "RemoveAliasMem" }, + { SAMR_GET_MEMBERS_IN_ALIAS, "GetAliasMem" }, + { SAMR_OPEN_USER, "OpenUser" }, + { SAMR_DELETE_DOM_USER, "DeleteUser" }, + { SAMR_QUERY_USERINFO, "QueryUserInfo" }, + { SAMR_SET_USERINFO2, "SetUserInfo2" }, + { SAMR_CHANGE_PASSWORD_USER, "ChangePassword" }, + { SAMR_GET_GROUPS_FOR_USER, "GetGroups" }, + { SAMR_QUERY_DISPINFO, "QueryDispinfo" }, + { SAMR_GET_DISPLAY_ENUMERATION_INDEX, "GetDispEnumNDX" }, + { SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "TestPrivateFnsDomain" }, + { SAMR_TEST_PRIVATE_FUNCTIONS_USER, "TestPrivateFnsUser" }, + { SAMR_GET_USRDOM_PWINFO, "GetUserDomPwInfo" }, + { SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "RemoveMemberForeignDomain" }, + { SAMR_QUERY_INFORMATION_DOMAIN2, "QueryDomInfo2" }, + { SAMR_UNKNOWN_2f, "Unknown 0x2f" }, + { SAMR_QUERY_DISPINFO2, "QueryDispinfo2" }, + { SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "GetDispEnumNDX2" }, + { SAMR_CREATE_USER2_IN_DOMAIN, "CreateUser2" }, + { SAMR_QUERY_DISPINFO3, "QueryDispinfo3" }, + { SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "AddAliasMemMultiple" }, + { SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "RemoveAliasMemMultiple" }, + { SAMR_OEM_CHANGE_PASSWORD_USER2, "OEMChangePassword2" }, + { SAMR_UNICODE_CHANGE_PASSWORD_USER2, "UnicodeChangePassword2" }, + { SAMR_GET_DOM_PWINFO, "GetDomainPasswordInfo" }, + { SAMR_CONNECT2, "Connect2" }, + { SAMR_SET_USERINFO, "SetUserInfo" }, + { SAMR_UNKNOWN_3B, "Unknown 0x3b" }, + { SAMR_UNKNOWN_3C, "Unknown 0x3c" }, + { 0, NULL } +}; + void proto_register_dcerpc_samr(void) { static hf_register_info hf[] = { + + { &hf_samr_opnum, + { "Operation", "samr.opnum", FT_UINT16, BASE_DEC, + VALS(samr_opnum_vals), 0x0, "Operation", HFILL }}, + { &hf_samr_hnd, { "Context Handle", "samr.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_samr_group, @@ -4669,5 +4740,5 @@ proto_reg_handoff_dcerpc_samr(void) /* Register protocol as dcerpc */ dcerpc_init_uuid(proto_dcerpc_samr, ett_dcerpc_samr, &uuid_dcerpc_samr, - ver_dcerpc_samr, dcerpc_samr_dissectors); + ver_dcerpc_samr, dcerpc_samr_dissectors, hf_samr_opnum); } diff --git a/packet-dcerpc-spoolss.c b/packet-dcerpc-spoolss.c index 0ae5655030..3af1e4e123 100644 --- a/packet-dcerpc-spoolss.c +++ b/packet-dcerpc-spoolss.c @@ -2,7 +2,7 @@ * Routines for SMB \PIPE\spoolss packet disassembly * Copyright 2001-2002, Tim Potter * - * $Id: packet-dcerpc-spoolss.c,v 1.40 2002/06/21 05:13:15 tpot Exp $ + * $Id: packet-dcerpc-spoolss.c,v 1.41 2002/06/24 00:03:17 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -40,6 +40,91 @@ /* Global objects */ +static int hf_spoolss_opnum = -1; + +static const value_string spoolss_opnum_vals[] = { + { SPOOLSS_ENUMPRINTERS, "EnumPrinters" }, + { SPOOLSS_OPENPRINTER, "OpenPrinter" }, + { SPOOLSS_SETJOB, "SetJob" }, + { SPOOLSS_GETJOB, "GetJob" }, + { SPOOLSS_ENUMJOBS, "EnumJobs" }, + { SPOOLSS_ADDPRINTER, "AddPrinter" }, + { SPOOLSS_DELETEPRINTER, "DeletePrinter" }, + { SPOOLSS_SETPRINTER, "SetPrinter" }, + { SPOOLSS_GETPRINTER, "GetPrinter" }, + { SPOOLSS_ADDPRINTERDRIVER, "AddPrinterDriver" }, + { SPOOLSS_ENUMPRINTERDRIVERS, "EnumPrinterDrivers" }, + { SPOOLSS_GETPRINTERDRIVER, "GetPrinterDriver" }, + { SPOOLSS_GETPRINTERDRIVERDIRECTORY, "GetPrinterDriverDirectory" }, + { SPOOLSS_DELETEPRINTERDRIVER, "DeletePrinterDriver" }, + { SPOOLSS_ADDPRINTPROCESSOR, "AddPrintProcessor" }, + { SPOOLSS_ENUMPRINTPROCESSORS, "EnumPrintProcessor" }, + { SPOOLSS_GETPRINTPROCESSORDIRECTORY, "GetPrintProcessorDirectory" }, + { SPOOLSS_STARTDOCPRINTER, "StartDocPrinter" }, + { SPOOLSS_STARTPAGEPRINTER, "StartPagePrinter" }, + { SPOOLSS_WRITEPRINTER, "WritePrinter" }, + { SPOOLSS_ENDPAGEPRINTER, "EndPagePrinter" }, + { SPOOLSS_ABORTPRINTER, "AbortPrinter" }, + { SPOOLSS_READPRINTER, "ReadPrinter" }, + { SPOOLSS_ENDDOCPRINTER, "EndDocPrinter" }, + { SPOOLSS_ADDJOB, "AddJob" }, + { SPOOLSS_SCHEDULEJOB, "ScheduleJob" }, + { SPOOLSS_GETPRINTERDATA, "GetPrinterData" }, + { SPOOLSS_SETPRINTERDATA, "SetPrinterData" }, + { SPOOLSS_WAITFORPRINTERCHANGE, "WaitForPrinterChange" }, + { SPOOLSS_CLOSEPRINTER, "ClosePrinter" }, + { SPOOLSS_ADDFORM, "AddForm" }, + { SPOOLSS_DELETEFORM, "DeleteForm" }, + { SPOOLSS_GETFORM, "GetForm" }, + { SPOOLSS_SETFORM, "SetForm" }, + { SPOOLSS_ENUMFORMS, "EnumForms" }, + { SPOOLSS_ENUMPORTS, "EnumPorts" }, + { SPOOLSS_ENUMMONITORS, "EnumMonitors" }, + { SPOOLSS_ADDPORT, "AddPort" }, + { SPOOLSS_CONFIGUREPORT, "ConfigurePort" }, + { SPOOLSS_DELETEPORT, "DeletePort" }, + { SPOOLSS_CREATEPRINTERIC, "CreatePrinterIC" }, + { SPOOLSS_PLAYGDISCRIPTONPRINTERIC, "PlayDiscriptOnPrinterIC" }, + { SPOOLSS_DELETEPRINTERIC, "DeletePrinterIC" }, + { SPOOLSS_ADDPRINTERCONNECTION, "AddPrinterConnection" }, + { SPOOLSS_DELETEPRINTERCONNECTION, "DeletePrinterConnection" }, + { SPOOLSS_PRINTERMESSAGEBOX, "PrinterMessageBox" }, + { SPOOLSS_ADDMONITOR, "AddMonitor" }, + { SPOOLSS_DELETEMONITOR, "DeleteMonitor" }, + { SPOOLSS_DELETEPRINTPROCESSOR, "DeletePrintProcessor" }, + { SPOOLSS_ADDPRINTPROVIDER, "AddPrintProvider" }, + { SPOOLSS_DELETEPRINTPROVIDER, "DeletePrintProvider" }, + { SPOOLSS_ENUMPRINTPROCDATATYPES, "EnumPrintProcDataTypes" }, + { SPOOLSS_RESETPRINTER, "ResetPrinter" }, + { SPOOLSS_GETPRINTERDRIVER2, "GetPrinterDriver2" }, + { SPOOLSS_FINDFIRSTPRINTERCHANGENOTIFICATION, "FindNextPrinterChangeNotification" }, + { SPOOLSS_FINDNEXTPRINTERCHANGENOTIFICATION, "FindNextPrinterChangeNotification" }, + { SPOOLSS_FCPN, "FCPN" }, + { SPOOLSS_ROUTERFINDFIRSTPRINTERNOTIFICATIONOLD, "RouterFindFirstPrinterNotificationOld" }, + { SPOOLSS_REPLYOPENPRINTER, "ReplyOpenPrinter" }, + { SPOOLSS_ROUTERREPLYPRINTER, "RouterREplyPrinter" }, + { SPOOLSS_REPLYCLOSEPRINTER, "ReplyClosePrinter" }, + { SPOOLSS_ADDPORTEX, "AddPortEx" }, + { SPOOLSS_REMOTEFINDFIRSTPRINTERCHANGENOTIFICATION, "RemoteFindFirstPrinterChangeNotification" }, + { SPOOLSS_SPOOLERINIT, "SpoolerInit" }, + { SPOOLSS_RESETPRINTEREX, "ResetPrinterEx" }, + { SPOOLSS_RFFPCNEX, "RFFPCNEX" }, + { SPOOLSS_RRPCN, "RRPCN" }, + { SPOOLSS_RFNPCNEX, "RFNPCNEX" }, + { SPOOLSS_OPENPRINTEREX, "OpenPrinterEx" }, + { SPOOLSS_ADDPRINTEREX, "AddPrinterEx" }, + { SPOOLSS_ENUMPRINTERDATA, "EnumPrinterData" }, + { SPOOLSS_DELETEPRINTERDATA, "DeletePrinterData" }, + { SPOOLSS_GETPRINTERDATAEX, "GetPrinterDataEx" }, + { SPOOLSS_SETPRINTERDATAEX, "SetPrinterDataEx" }, + { SPOOLSS_ENUMPRINTERDATAEX, "EnumPrinterDataEx" }, + { SPOOLSS_ENUMPRINTERKEY, "EnumPrinterKey" }, + { SPOOLSS_DELETEPRINTERDATAEX, "DeletePrinterDataEx" }, + { SPOOLSS_DELETEPRINTERDRIVEREX, "DeletePrinterDriverEx" }, + { SPOOLSS_ADDPRINTERDRIVEREX, "AddPrinterDriverEx" }, + { 0, NULL } +}; + static int hf_spoolss_hnd = -1; static int hf_spoolss_rc = -1; static int hf_spoolss_offered = -1; @@ -2543,8 +2628,15 @@ static int prs_SPOOL_PRINTER_INFO_LEVEL(tvbuff_t *tvb, int offset, offset = prs_ptr(tvb, offset, pinfo, subtree, &ptr, "Info"); + /* Sigh - dissecting a PRINTER_INFO_2 is currently + broken. Hopefully this will be fixed when these + routines are converted to the NDR parsing functions + used by all the other DCERPC dissectors. */ + +#if 0 if (ptr) defer_ptr(dp_list, prs_PRINTER_INFO_2, subtree); +#endif break; } @@ -5512,6 +5604,13 @@ void proto_register_dcerpc_spoolss(void) { static hf_register_info hf[] = { + + /* Opnum */ + + { &hf_spoolss_opnum, + { "Operation", "spoolss.opnum", FT_UINT16, BASE_DEC, + VALS(spoolss_opnum_vals), 0x0, "Operation", HFILL }}, + { &hf_spoolss_hnd, { "Context handle", "spoolss.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "SPOOLSS policy handle", HFILL }}, @@ -5686,13 +5785,13 @@ proto_register_dcerpc_spoolss(void) { &hf_spoolss_printerdata_type, { "Printer data type", "spoolss.printerdata.type", FT_UINT32, BASE_DEC, - VALS(®_datatypes), 0, "Printer data type", HFILL }}, + VALS(reg_datatypes), 0, "Printer data type", HFILL }}, /* SetJob RPC */ { &hf_spoolss_setjob_cmd, { "Set job command", "spoolss.setjob.cmd", FT_UINT32, BASE_DEC, - VALS(&setjob_commands), 0x0, "Printer data name", HFILL }}, + VALS(setjob_commands), 0x0, "Printer data name", HFILL }}, /* WritePrinter */ @@ -5809,7 +5908,7 @@ proto_register_dcerpc_spoolss(void) { &hf_spoolss_notify_option_type, { "Type", "spoolss.notify_option.type", FT_UINT16, BASE_DEC, - VALS(&printer_notify_types), 0, "Type", HFILL }}, + VALS(printer_notify_types), 0, "Type", HFILL }}, { &hf_spoolss_notify_option_reserved1, { "Reserved1", "spoolss.notify_option.reserved1", FT_UINT16, BASE_DEC, NULL, 0, "Reserved1", HFILL }}, @@ -5840,7 +5939,7 @@ proto_register_dcerpc_spoolss(void) NULL, 0, "Flags", HFILL }}, { &hf_spoolss_notify_info_data_type, { "Type", "spoolss.notify_info_data.type", FT_UINT16, BASE_DEC, - VALS(&printer_notify_types), 0, "Type", HFILL }}, + VALS(printer_notify_types), 0, "Type", HFILL }}, { &hf_spoolss_notify_field, { "Field", "spoolss.notify_field", FT_UINT16, BASE_DEC, NULL, 0, "Field", HFILL }}, @@ -6035,5 +6134,5 @@ proto_reg_handoff_dcerpc_spoolss(void) dcerpc_init_uuid(proto_dcerpc_spoolss, ett_dcerpc_spoolss, &uuid_dcerpc_spoolss, ver_dcerpc_spoolss, - dcerpc_spoolss_dissectors); + dcerpc_spoolss_dissectors, hf_spoolss_opnum); } diff --git a/packet-dcerpc-srvsvc.c b/packet-dcerpc-srvsvc.c index c5b3871750..3486a3444a 100644 --- a/packet-dcerpc-srvsvc.c +++ b/packet-dcerpc-srvsvc.c @@ -6,7 +6,7 @@ * Copyright 2002, Ronnie Sahlberg * rewrote entire dissector * - * $Id: packet-dcerpc-srvsvc.c,v 1.38 2002/06/23 12:00:38 sahlberg Exp $ + * $Id: packet-dcerpc-srvsvc.c,v 1.39 2002/06/24 00:03:18 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -44,6 +44,7 @@ #include "smb.h" static int proto_dcerpc_srvsvc = -1; +static int hf_srvsvc_opnum = -1; static int hf_srvsvc_reserved = -1; static int hf_srvsvc_server = -1; static int hf_srvsvc_emulated_server = -1; @@ -6939,6 +6940,9 @@ void proto_register_dcerpc_srvsvc(void) { static hf_register_info hf[] = { + { &hf_srvsvc_opnum, + { "Operation", "srvsvc.opnum", FT_UINT16, BASE_DEC, + VALS(srvsvc_opnum_vals), 0x0, "Operation", HFILL }}, { &hf_srvsvc_server, { "Server", "srvsvc.server", FT_STRING, BASE_NONE, NULL, 0x0, "Server Name", HFILL}}, @@ -7500,6 +7504,5 @@ proto_reg_handoff_dcerpc_srvsvc(void) dcerpc_init_uuid(proto_dcerpc_srvsvc, ett_dcerpc_srvsvc, &uuid_dcerpc_srvsvc, ver_dcerpc_srvsvc, - dcerpc_srvsvc_dissectors); + dcerpc_srvsvc_dissectors, hf_srvsvc_opnum); } - diff --git a/packet-dcerpc-tapi.c b/packet-dcerpc-tapi.c index 048a0d560e..07f332e9ad 100644 --- a/packet-dcerpc-tapi.c +++ b/packet-dcerpc-tapi.c @@ -2,7 +2,7 @@ * Routines for DCERPC TAPI packet disassembly * Copyright 2002, Ronnie Sahlberg * - * $Id: packet-dcerpc-tapi.c,v 1.1 2002/06/02 12:33:15 sahlberg Exp $ + * $Id: packet-dcerpc-tapi.c,v 1.2 2002/06/24 00:03:18 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -240,5 +240,5 @@ proto_reg_handoff_dcerpc_tapi(void) dcerpc_init_uuid(proto_dcerpc_tapi, ett_dcerpc_tapi, &uuid_dcerpc_tapi, ver_dcerpc_tapi, - dcerpc_tapi_dissectors); + dcerpc_tapi_dissectors, -1); } diff --git a/packet-dcerpc-wkssvc.c b/packet-dcerpc-wkssvc.c index 509dbc3bbf..05db551364 100644 --- a/packet-dcerpc-wkssvc.c +++ b/packet-dcerpc-wkssvc.c @@ -2,7 +2,7 @@ * Routines for SMB \\PIPE\\wkssvc packet disassembly * Copyright 2001, Tim Potter * - * $Id: packet-dcerpc-wkssvc.c,v 1.3 2002/05/31 00:31:13 tpot Exp $ + * $Id: packet-dcerpc-wkssvc.c,v 1.4 2002/06/24 00:03:18 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -68,5 +68,5 @@ proto_reg_handoff_dcerpc_wkssvc(void) dcerpc_init_uuid(proto_dcerpc_wkssvc, ett_dcerpc_wkssvc, &uuid_dcerpc_wkssvc, ver_dcerpc_wkssvc, - dcerpc_wkssvc_dissectors); + dcerpc_wkssvc_dissectors, -1); } diff --git a/packet-dcerpc.c b/packet-dcerpc.c index a3b0fc773e..8775b32bab 100644 --- a/packet-dcerpc.c +++ b/packet-dcerpc.c @@ -2,7 +2,7 @@ * Routines for DCERPC packet disassembly * Copyright 2001, Todd Sabin * - * $Id: packet-dcerpc.c,v 1.62 2002/06/22 01:30:53 guy Exp $ + * $Id: packet-dcerpc.c,v 1.63 2002/06/24 00:03:18 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -443,6 +443,7 @@ typedef struct _dcerpc_uuid_value { int ett; gchar *name; dcerpc_sub_dissector *procs; + int opnum_hf; } dcerpc_uuid_value; static gint @@ -465,7 +466,7 @@ dcerpc_uuid_hash (gconstpointer k) void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, - dcerpc_sub_dissector *procs) + dcerpc_sub_dissector *procs, int opnum_hf) { dcerpc_uuid_key *key = g_malloc (sizeof (*key)); dcerpc_uuid_value *value = g_malloc (sizeof (*value)); @@ -477,6 +478,7 @@ dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, value->ett = ett; value->name = proto_get_protocol_short_name (proto); value->procs = procs; + value->opnum_hf = opnum_hf; g_hash_table_insert (dcerpc_uuids, key, value); } @@ -1246,24 +1248,18 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, /* * Put the operation number into the tree along with * the operation's name. - * - * XXX - the subdissectors should all have their own fields - * for the opnum, so that you can filter on a particular - * protocol and opnum value; the opnum value isn't, by itself, - * very interesting, as its interpretation depends on the - * subprotocol. - * - * That would also allow the field to have a value_string - * table, giving names for operations, and letting you filter - * by name. - * - * ONC RPC should do the same thing with the version and - * procedure fields it puts into the subprotocol's tree. */ - proto_tree_add_uint_format (sub_tree, hf_dcerpc_op, tvb, - 0, 0, opnum, - "Operation: %s (%u)", - name, opnum); + + if (sub_proto->opnum_hf != -1) + proto_tree_add_uint_format(sub_tree, sub_proto->opnum_hf, + tvb, 0, 0, opnum, + "Operation: %s (%u)", + name, opnum); + else + proto_tree_add_uint_format(sub_tree, hf_dcerpc_op, tvb, + 0, 0, opnum, + "Operation: %s (%u)", + name, opnum); } /* diff --git a/packet-dcerpc.h b/packet-dcerpc.h index 04b6357708..63984e903b 100644 --- a/packet-dcerpc.h +++ b/packet-dcerpc.h @@ -1,7 +1,7 @@ /* packet-dcerpc.h * Copyright 2001, Todd Sabin * - * $Id: packet-dcerpc.h,v 1.17 2002/06/19 08:34:38 guy Exp $ + * $Id: packet-dcerpc.h,v 1.18 2002/06/24 00:03:18 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -170,7 +170,7 @@ typedef struct _dcerpc_sub_dissector { } dcerpc_sub_dissector; /* registration function for subdissectors */ -void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs); +void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs, int opnum_hf); /* Private data structure to pass to DCERPC dissector. This is used to pass transport specific information down to the dissector from the