osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Change each DCERPC dissector to pass in a hf value on initialisation 

for a value_string that corresponds to that dissectors opnums.  Pass
in -1 if no such table is available.

svn path=/trunk/; revision=5749
This commit is contained in:
Tim Potter 2002-06-24 00:03:18 +00:00
parent 2cf14082d6
commit 6d6dce305d
19 changed files with 461 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packet-dcerpc-browser.c
View File

@ -2,7 +2,7 @@
* Routines for DCERPC Browser packet disassembly * Routines for DCERPC Browser packet disassembly
* Copyright 2001, Ronnie Sahlberg * Copyright 2001, Ronnie Sahlberg
* *
* $Id: packet-dcerpc-browser.c,v 1.6 2002/06/16 13:50:51 sahlberg Exp $ * $Id: packet-dcerpc-browser.c,v 1.7 2002/06/24 00:03:16 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -1161,5 +1161,5 @@ proto_reg_handoff_dcerpc_browser(void)
dcerpc_init_uuid(proto_dcerpc_browser, ett_dcerpc_browser, dcerpc_init_uuid(proto_dcerpc_browser, ett_dcerpc_browser,
&uuid_dcerpc_browser, ver_dcerpc_browser, &uuid_dcerpc_browser, ver_dcerpc_browser,
dcerpc_browser_dissectors); dcerpc_browser_dissectors, -1);
} }

4
packet-dcerpc-conv.c
View File

@ -2,7 +2,7 @@
* Routines for dcerpc conv dissection * Routines for dcerpc conv dissection
* Copyright 2001, Todd Sabin <tas@webspan.net> * Copyright 2001, Todd Sabin <tas@webspan.net>
* *
* $Id: packet-dcerpc-conv.c,v 1.3 2002/05/31 00:31:12 tpot Exp $ * $Id: packet-dcerpc-conv.c,v 1.4 2002/06/24 00:03:16 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -80,5 +80,5 @@ void
proto_reg_handoff_conv (void) proto_reg_handoff_conv (void)
{ {
/* Register the protocol as dcerpc */ /* Register the protocol as dcerpc */
dcerpc_init_uuid (proto_conv, ett_conv, &uuid_conv, ver_conv, conv_dissectors); dcerpc_init_uuid (proto_conv, ett_conv, &uuid_conv, ver_conv, conv_dissectors, -1);
} }

33
packet-dcerpc-dfs.c
View File

@ -2,7 +2,7 @@
* Routines for SMB \\PIPE\\netdfs packet disassembly * Routines for SMB \\PIPE\\netdfs packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org> * Copyright 2001, Tim Potter <tpot@samba.org>
* *
* $Id: packet-dcerpc-dfs.c,v 1.3 2002/05/31 00:31:12 tpot Exp $ * $Id: packet-dcerpc-dfs.c,v 1.4 2002/06/24 00:03:17 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -35,6 +35,8 @@
static int proto_dcerpc_dfs = -1; static int proto_dcerpc_dfs = -1;
static gint ett_dcerpc_dfs = -1; static gint ett_dcerpc_dfs = -1;
static int hf_dfs_opnum = -1;
static e_uuid_t uuid_dcerpc_dfs = { static e_uuid_t uuid_dcerpc_dfs = {
0x4fc742e0, 0x4a10, 0x11cf, 0x4fc742e0, 0x4a10, 0x11cf,
{ 0x82, 0x73, 0x00, 0xaa, 0x00, 0x4a, 0xe6, 0x73 } { 0x82, 0x73, 0x00, 0xaa, 0x00, 0x4a, 0xe6, 0x73 }
@ -43,18 +45,33 @@ static e_uuid_t uuid_dcerpc_dfs = {
static guint16 ver_dcerpc_dfs = 3; static guint16 ver_dcerpc_dfs = 3;
static dcerpc_sub_dissector dcerpc_dfs_dissectors[] = { static dcerpc_sub_dissector dcerpc_dfs_dissectors[] = {
{ DFS_EXIST, "DFS_EXIST", NULL, NULL }, { DFS_EXIST, "Exist", NULL, NULL },
{ DFS_ADD, "DFS_ADD", NULL, NULL }, { DFS_ADD, "Add", NULL, NULL },
{ DFS_REMOVE, "DFS_REMOVE", NULL, NULL }, { DFS_REMOVE, "Remove", NULL, NULL },
{ DFS_GET_INFO, "DFS_GET_INFO", NULL, NULL }, { DFS_GET_INFO, "GetInfo", NULL, NULL },
{ DFS_ENUM, "DFS_ENUM", NULL, NULL }, { DFS_ENUM, "Enum", NULL, NULL },
{0, NULL, NULL, NULL } {0, NULL, NULL, NULL }
}; };
static const value_string dfs_opnum_vals[] = {
{ DFS_EXIST, "Exit" },
{ DFS_ADD, "Add" },
{ DFS_REMOVE, "Remove" },
{ DFS_GET_INFO, "GetInfo" },
{ DFS_ENUM, "Enum" },
{ 0, NULL },
};
void void
proto_register_dcerpc_dfs(void) proto_register_dcerpc_dfs(void)
{ {
static hf_register_info hf[] = {
{ &hf_dfs_opnum,
{ "Operation", "dfs.opnum", FT_UINT16, BASE_DEC,
VALS(dfs_opnum_vals), 0x0, "Operation", HFILL }},
};
static gint *ett[] = { static gint *ett[] = {
&ett_dcerpc_dfs &ett_dcerpc_dfs
}; };
@ -62,6 +79,8 @@ proto_register_dcerpc_dfs(void)
proto_dcerpc_dfs = proto_register_protocol( proto_dcerpc_dfs = proto_register_protocol(
"Microsoft Distributed File System", "DFS", "dfs"); "Microsoft Distributed File System", "DFS", "dfs");
proto_register_field_array(proto_dcerpc_dfs, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett)); proto_register_subtree_array(ett, array_length(ett));
} }
@ -71,5 +90,5 @@ proto_reg_handoff_dcerpc_dfs(void)
/* Register protocol as dcerpc */ /* Register protocol as dcerpc */
dcerpc_init_uuid(proto_dcerpc_dfs, ett_dcerpc_dfs, &uuid_dcerpc_dfs, dcerpc_init_uuid(proto_dcerpc_dfs, ett_dcerpc_dfs, &uuid_dcerpc_dfs,
ver_dcerpc_dfs, dcerpc_dfs_dissectors); ver_dcerpc_dfs, dcerpc_dfs_dissectors, hf_dfs_opnum);
} }

18
packet-dcerpc-epm.c
View File

@ -2,7 +2,7 @@
* Routines for dcerpc endpoint mapper dissection * Routines for dcerpc endpoint mapper dissection
* Copyright 2001, Todd Sabin <tas@webspan.net> * Copyright 2001, Todd Sabin <tas@webspan.net>
* *
* $Id: packet-dcerpc-epm.c,v 1.10 2002/05/31 00:31:12 tpot Exp $ * $Id: packet-dcerpc-epm.c,v 1.11 2002/06/24 00:03:17 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -41,6 +41,7 @@
static int proto_epm = -1; static int proto_epm = -1;
static int hf_epm_opnum = -1;
static int hf_epm_inquiry_type = -1; static int hf_epm_inquiry_type = -1;
static int hf_epm_object_p = -1; static int hf_epm_object_p = -1;
static int hf_epm_object = -1; static int hf_epm_object = -1;
@ -370,11 +371,24 @@ static dcerpc_sub_dissector epm_dissectors[] = {
{ 0, NULL, NULL, NULL } { 0, NULL, NULL, NULL }
}; };
static const value_string epm_opnum_vals[] = {
{ 0, "insert" },
{ 1, "delete" },
{ 2, "lookup" },
{ 3, "map" },
{ 4, "lookup_handle_free" },
{ 5, "inq_object" },
{ 6, "mgmt_delete" },
{ 0, NULL }
};
void void
proto_register_epm (void) proto_register_epm (void)
{ {
static hf_register_info hf[] = { static hf_register_info hf[] = {
{ &hf_epm_opnum,
{ "Operation", "epm.opnum", FT_UINT16, BASE_DEC,
VALS(epm_opnum_vals), 0x0, "Operation", HFILL }},
{ &hf_epm_inquiry_type, { &hf_epm_inquiry_type,
{ "Inquiry type", "epm.inq_type", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, { "Inquiry type", "epm.inq_type", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_epm_object_p, { &hf_epm_object_p,
@ -432,5 +446,5 @@ void
proto_reg_handoff_epm (void) proto_reg_handoff_epm (void)
{ {
/* Register the protocol as dcerpc */ /* Register the protocol as dcerpc */
dcerpc_init_uuid (proto_epm, ett_epm, &uuid_epm, ver_epm, epm_dissectors); dcerpc_init_uuid (proto_epm, ett_epm, &uuid_epm, ver_epm, epm_dissectors, hf_epm_opnum);
} }

74
packet-dcerpc-lsa.c
View File

@ -3,7 +3,7 @@
* Copyright 2001, Tim Potter <tpot@samba.org> * Copyright 2001, Tim Potter <tpot@samba.org>
* 2002 Added LSA command dissectors Ronnie Sahlberg * 2002 Added LSA command dissectors Ronnie Sahlberg
* *
* $Id: packet-dcerpc-lsa.c,v 1.51 2002/06/21 02:17:32 tpot Exp $ * $Id: packet-dcerpc-lsa.c,v 1.52 2002/06/24 00:03:17 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -40,6 +40,7 @@
static int proto_dcerpc_lsa = -1; static int proto_dcerpc_lsa = -1;
static int hf_lsa_opnum = -1;
static int hf_lsa_rc = -1; static int hf_lsa_rc = -1;
static int hf_lsa_hnd = -1; static int hf_lsa_hnd = -1;
static int hf_lsa_server = -1; static int hf_lsa_server = -1;
@ -3977,10 +3978,79 @@ static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
{0, NULL, NULL, NULL} {0, NULL, NULL, NULL}
}; };
static const value_string lsa_opnum_vals[] = {
{ LSA_LSACLOSE, "Close" },
{ LSA_LSADELETE, "Delete" },
{ LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs" },
{ LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject" },
{ LSA_LSASETSECURITYOBJECT, "SetSecObject" },
{ LSA_LSACHANGEPASSWORD, "ChangePassword" },
{ LSA_LSAOPENPOLICY, "OpenPolicy" },
{ LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy" },
{ LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy" },
{ LSA_LSACLEARAUDITLOG, "ClearAuditLog" },
{ LSA_LSACREATEACCOUNT, "CreateAccount" },
{ LSA_LSAENUMERATEACCOUNTS, "EnumAccounts" },
{ LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain" },
{ LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains" },
{ LSA_LSALOOKUPNAMES, "LookupNames" },
{ LSA_LSALOOKUPSIDS, "LookupSIDs" },
{ LSA_LSACREATESECRET, "CreateSecret" },
{ LSA_LSAOPENACCOUNT, "OpenAccount" },
{ LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount" },
{ LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount" },
{ LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount" },
{ LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount" },
{ LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount" },
{ LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount" },
{ LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount" },
{ LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain" },
{ LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain" },
{ LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain" },
{ LSA_LSAOPENSECRET, "OpenSecret" },
{ LSA_LSASETSECRET, "SetSecret" },
{ LSA_LSAQUERYSECRET, "QuerySecret" },
{ LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue" },
{ LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName" },
{ LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName" },
{ LSA_LSADELETEOBJECT, "DeleteObject" },
{ LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight" },
{ LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights" },
{ LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights" },
{ LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights" },
{ LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo" },
{ LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo" },
{ LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain" },
{ LSA_LSASTOREPRIVATEDATA, "StorePrivateData" },
{ LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData" },
{ LSA_LSAOPENPOLICY2, "OpenPolicy2" },
{ LSA_LSAGETUSERNAME, "GetUsername" },
{ LSA_LSAFUNCTION_2E, "LSAFUNCTION_2E" },
{ LSA_LSAFUNCTION_2F, "LSAFUNCTION_2F" },
{ LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName" },
{ LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName" },
{ LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx" },
{ LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx" },
{ LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx" },
{ LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy" },
{ LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy" },
{ LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName" },
{ LSA_LSAFUNCTION_38, "LSAFUNCTION_38" },
{ LSA_LSALOOKUPSIDS2, "LookupSIDs2" },
{ LSA_LSALOOKUPNAMES2, "LookupNames2" },
{ LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B" },
{ 0, NULL }
};
void void
proto_register_dcerpc_lsa(void) proto_register_dcerpc_lsa(void)
{ {
static hf_register_info hf[] = { static hf_register_info hf[] = {
{ &hf_lsa_opnum,
{ "Operation", "lsa.opnum", FT_UINT16, BASE_DEC,
VALS(lsa_opnum_vals), 0x0, "Operation", HFILL }},
{ &hf_lsa_unknown_string, { &hf_lsa_unknown_string,
{ "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE, { "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }}, NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
@ -4351,5 +4421,5 @@ proto_reg_handoff_dcerpc_lsa(void)
/* Register protocol as dcerpc */ /* Register protocol as dcerpc */
dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa, dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
ver_dcerpc_lsa, dcerpc_lsa_dissectors); ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum);
} }

4
packet-dcerpc-mapi.c
View File

@ -2,7 +2,7 @@
* Routines for MS Exchange MAPI * Routines for MS Exchange MAPI
* Copyright 2002, Ronnie Sahlberg * Copyright 2002, Ronnie Sahlberg
* *
* $Id: packet-dcerpc-mapi.c,v 1.11 2002/06/15 22:24:31 sahlberg Exp $ * $Id: packet-dcerpc-mapi.c,v 1.12 2002/06/24 00:03:17 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -452,5 +452,5 @@ proto_reg_handoff_dcerpc_mapi(void)
dcerpc_init_uuid(proto_dcerpc_mapi, ett_dcerpc_mapi, dcerpc_init_uuid(proto_dcerpc_mapi, ett_dcerpc_mapi,
&uuid_dcerpc_mapi, ver_dcerpc_mapi, &uuid_dcerpc_mapi, ver_dcerpc_mapi,
dcerpc_mapi_dissectors); dcerpc_mapi_dissectors, -1);
} }

4
packet-dcerpc-mgmt.c
View File

@ -2,7 +2,7 @@
* Routines for dcerpc mgmt dissection * Routines for dcerpc mgmt dissection
* Copyright 2001, Todd Sabin <tas@webspan.net> * Copyright 2001, Todd Sabin <tas@webspan.net>
* *
* $Id: packet-dcerpc-mgmt.c,v 1.3 2002/05/31 00:31:13 tpot Exp $ * $Id: packet-dcerpc-mgmt.c,v 1.4 2002/06/24 00:03:17 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -80,5 +80,5 @@ void
proto_reg_handoff_mgmt (void) proto_reg_handoff_mgmt (void)
{ {
/* Register the protocol as dcerpc */ /* Register the protocol as dcerpc */
dcerpc_init_uuid (proto_mgmt, ett_mgmt, &uuid_mgmt, ver_mgmt, mgmt_dissectors); dcerpc_init_uuid (proto_mgmt, ett_mgmt, &uuid_mgmt, ver_mgmt, mgmt_dissectors, -1);
} }

55
packet-dcerpc-netlogon.c
View File

@ -3,7 +3,7 @@
* Copyright 2001, Tim Potter <tpot@samba.org> * Copyright 2001, Tim Potter <tpot@samba.org>
* 2002 structure and command dissectors by Ronnie Sahlberg * 2002 structure and command dissectors by Ronnie Sahlberg
* *
* $Id: packet-dcerpc-netlogon.c,v 1.22 2002/05/31 00:31:13 tpot Exp $ * $Id: packet-dcerpc-netlogon.c,v 1.23 2002/06/24 00:03:17 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -38,6 +38,7 @@
#include "packet-dcerpc-lsa.h" #include "packet-dcerpc-lsa.h"
static int proto_dcerpc_netlogon = -1; static int proto_dcerpc_netlogon = -1;
static int hf_netlogon_opnum = -1;
static int hf_netlogon_rc = -1; static int hf_netlogon_rc = -1;
static int hf_netlogon_len = -1; static int hf_netlogon_len = -1;
static int hf_netlogon_status = -1; static int hf_netlogon_status = -1;
@ -5147,11 +5148,61 @@ static dcerpc_sub_dissector dcerpc_netlogon_dissectors[] = {
{0, NULL, NULL, NULL } {0, NULL, NULL, NULL }
}; };
static const value_string netlogon_opnum_vals[] = {
{ NETLOGON_UASLOGON, "UasLogon" },
{ NETLOGON_UASLOGOFF, "UasLogoff" },
{ NETLOGON_NETLOGONSAMLOGON, "NETLOGONSAMLOGON" },
{ NETLOGON_NETLOGONSAMLOGOFF, "NETLOGONSAMLOGOFF" },
{ NETLOGON_NETSERVERREQCHALLENGE, "NETSERVERREQCHALLENGE" },
{ NETLOGON_NETSERVERAUTHENTICATE, "NETSERVERAUTHENTICATE" },
{ NETLOGON_NETSERVERPASSWORDSET, "NETSERVERPASSWORDSET" },
{ NETLOGON_NETSAMDELTAS, "NETSAMDELTAS" },
{ NETLOGON_DATABASESYNC, "DatabaseSync" },
{ NETLOGON_ACCOUNTDELTAS, "AccountDeltas" },
{ NETLOGON_ACCOUNTSYNC, "AccountSync" },
{ NETLOGON_GETDCNAME, "GetDCName" },
{ NETLOGON_NETLOGONCONTROL, "NETLOGONCONTROL" },
{ NETLOGON_GETANYDCNAME, "GetAnyDCName" },
{ NETLOGON_NETLOGONCONTROL2, "NETLOGONCONTROL2" },
{ NETLOGON_NETSERVERAUTHENTICATE2, "NETSERVERAUTHENTICATE2" },
{ NETLOGON_NETDATABASESYNC2, "NETDATABASESYNC2" },
{ NETLOGON_DATABASEREDO, "DatabaseRedo" },
{ NETLOGON_FUNCTION_12, "FUNCTION_12" },
{ NETLOGON_NETTRUSTEDDOMAINLIST, "NETTRUSTEDDOMAINLIST" },
{ NETLOGON_DSRGETDCNAME2, "DSRGETDCNAME2" },
{ NETLOGON_FUNCTION_15, "FUNCTION_15" },
{ NETLOGON_FUNCTION_16, "FUNCTION_16" },
{ NETLOGON_FUNCTION_17, "FUNCTION_17" },
{ NETLOGON_FUNCTION_18, "FUNCTION_18" },
{ NETLOGON_FUNCTION_19, "FUNCTION_19" },
{ NETLOGON_NETSERVERAUTHENTICATE3, "NETSERVERAUTHENTICATE3" },
{ NETLOGON_DSRGETDCNAME, "DSRGETDCNAME" },
{ NETLOGON_DSRGETSITENAME, "DSRGETSITENAME" },
{ NETLOGON_FUNCTION_1D, "FUNCTION_1D" },
{ NETLOGON_FUNCTION_1E, "FUNCTION_1E" },
{ NETLOGON_NETSERVERPASSWORDSET2, "NETSERVERPASSWORDSET2" },
{ NETLOGON_FUNCTION_20, "FUNCTION_20" },
{ NETLOGON_FUNCTION_21, "FUNCTION_21" },
{ NETLOGON_FUNCTION_22, "FUNCTION_22" },
{ NETLOGON_FUNCTION_23, "FUNCTION_23" },
{ NETLOGON_FUNCTION_24, "FUNCTION_24" },
{ NETLOGON_FUNCTION_25, "FUNCTION_25" },
{ NETLOGON_FUNCTION_26, "FUNCTION_26" },
{ NETLOGON_FUNCTION_27, "FUNCTION_27" },
{ NETLOGON_DSRROLEGETPRIMARYDOMAININFORMATION, "DSRROLEGETPRIMARYDOMAININFORMATION" },
{ NETLOGON_DSRDEREGISTERDNSHOSTRECORDS, "DSRDEREGISTERDNSHOSTRECORDS" },
{ 0, NULL }
};
void void
proto_register_dcerpc_netlogon(void) proto_register_dcerpc_netlogon(void)
{ {
static hf_register_info hf[] = { static hf_register_info hf[] = {
{ &hf_netlogon_opnum,
{ "Operation", "netlogon.opnum", FT_UINT16, BASE_DEC,
VALS(netlogon_opnum_vals), 0x0, "Operation", HFILL }},
{ &hf_netlogon_rc, { { &hf_netlogon_rc, {
"Return code", "netlogon.rc", FT_UINT32, BASE_HEX, "Return code", "netlogon.rc", FT_UINT32, BASE_HEX,
VALS(NT_errors), 0x0, "Netlogon return code", HFILL }}, VALS(NT_errors), 0x0, "Netlogon return code", HFILL }},
@ -5574,5 +5625,5 @@ proto_reg_handoff_dcerpc_netlogon(void)
dcerpc_init_uuid(proto_dcerpc_netlogon, ett_dcerpc_netlogon, dcerpc_init_uuid(proto_dcerpc_netlogon, ett_dcerpc_netlogon,
&uuid_dcerpc_netlogon, ver_dcerpc_netlogon, &uuid_dcerpc_netlogon, ver_dcerpc_netlogon,
dcerpc_netlogon_dissectors); dcerpc_netlogon_dissectors, hf_netlogon_opnum);
} }

37
packet-dcerpc-nspi.c
View File

@ -2,7 +2,7 @@
* Routines for dcerpc nspi dissection * Routines for dcerpc nspi dissection
* Copyright 2001, Todd Sabin <tsabin@optonline.net> * Copyright 2001, Todd Sabin <tsabin@optonline.net>
* *
* $Id: packet-dcerpc-nspi.c,v 1.2 2002/05/31 00:31:13 tpot Exp $ * $Id: packet-dcerpc-nspi.c,v 1.3 2002/06/24 00:03:17 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -39,6 +39,8 @@
static int proto_nspi = -1; static int proto_nspi = -1;
static int hf_nspi_opnum = -1;
static gint ett_nspi = -1; static gint ett_nspi = -1;
static e_uuid_t uuid_nspi = { 0xf5cc5a18, 0x4264, 0x101a, { 0x8c, 0x59, 0x08, 0x00, 0x2b, 0x2f, 0x84, 0x26 } }; static e_uuid_t uuid_nspi = { 0xf5cc5a18, 0x4264, 0x101a, { 0x8c, 0x59, 0x08, 0x00, 0x2b, 0x2f, 0x84, 0x26 } };
@ -68,14 +70,45 @@ static dcerpc_sub_dissector nspi_dissectors[] = {
{ 0, NULL, NULL, NULL } { 0, NULL, NULL, NULL }
}; };
static const value_string nspi_opnum_vals[] = {
{ 0, "Bind" },
{ 1, "Unbind" },
{ 2, "UpdateStat" },
{ 3, "QueryRows" },
{ 4, "SeekEntries" },
{ 5, "GetMatches" },
{ 6, "ResortRestriction" },
{ 7, "DNToEph" },
{ 8, "GetPropList" },
{ 9, "GetProps" },
{ 10, "CompareDNTs" },
{ 11, "ModProps" },
{ 12, "GetHierarchyInfo" },
{ 13, "GetTemplateInfo" },
{ 14, "ModLinkAttr" },
{ 15, "DeleteEntries" },
{ 16, "QueryColumns" },
{ 17, "GetNamesFromIDs" },
{ 18, "GetIDsFromNames" },
{ 19, "ResolveNames" },
{ 0, NULL }
};
void void
proto_register_nspi (void) proto_register_nspi (void)
{ {
static hf_register_info hf[] = {
{ &hf_nspi_opnum,
{ "Operation", "nspi.opnum", FT_UINT16, BASE_DEC,
VALS(nspi_opnum_vals), 0x0, "Operation", HFILL }},
};
static gint *ett[] = { static gint *ett[] = {
&ett_nspi &ett_nspi
}; };
proto_nspi = proto_register_protocol ("NSPI", "NSPI", "nspi"); proto_nspi = proto_register_protocol ("NSPI", "NSPI", "nspi");
proto_register_field_array(proto_nspi, hf, array_length(hf));
proto_register_subtree_array (ett, array_length (ett)); proto_register_subtree_array (ett, array_length (ett));
} }
@ -83,5 +116,5 @@ void
proto_reg_handoff_nspi (void) proto_reg_handoff_nspi (void)
{ {
/* Register the protocol as dcerpc */ /* Register the protocol as dcerpc */
dcerpc_init_uuid (proto_nspi, ett_nspi, &uuid_nspi, ver_nspi, nspi_dissectors); dcerpc_init_uuid (proto_nspi, ett_nspi, &uuid_nspi, ver_nspi, nspi_dissectors, hf_nspi_opnum);
} }

4
packet-dcerpc-oxid.c
View File

@ -2,7 +2,7 @@
* Routines for DCOM OXID Resolver * Routines for DCOM OXID Resolver
* Copyright 2001, Todd Sabin <tas@webspan.net> * Copyright 2001, Todd Sabin <tas@webspan.net>
* *
* $Id: packet-dcerpc-oxid.c,v 1.3 2002/05/31 00:31:13 tpot Exp $ * $Id: packet-dcerpc-oxid.c,v 1.4 2002/06/24 00:03:17 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -74,5 +74,5 @@ void
proto_reg_handoff_oxid (void) proto_reg_handoff_oxid (void)
{ {
/* Register the protocol as dcerpc */ /* Register the protocol as dcerpc */
dcerpc_init_uuid (proto_oxid, ett_oxid, &uuid_oxid, ver_oxid, oxid_dissectors); dcerpc_init_uuid (proto_oxid, ett_oxid, &uuid_oxid, ver_oxid, oxid_dissectors, -1);
} }

44
packet-dcerpc-reg.c
View File

@ -2,7 +2,7 @@
* Routines for SMB \\PIPE\\winreg packet disassembly * Routines for SMB \\PIPE\\winreg packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org> * Copyright 2001, Tim Potter <tpot@samba.org>
* *
* $Id: packet-dcerpc-reg.c,v 1.5 2002/06/21 04:59:04 tpot Exp $ * $Id: packet-dcerpc-reg.c,v 1.6 2002/06/24 00:03:17 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -51,6 +51,7 @@ const value_string reg_datatypes[] = {
}; };
static int proto_dcerpc_reg = -1; static int proto_dcerpc_reg = -1;
static int hf_reg_opnum = -1;
static gint ett_dcerpc_reg = -1; static gint ett_dcerpc_reg = -1;
static e_uuid_t uuid_dcerpc_reg = { static e_uuid_t uuid_dcerpc_reg = {
@ -92,9 +93,46 @@ static dcerpc_sub_dissector dcerpc_reg_dissectors[] = {
{ 0, NULL, NULL, NULL } { 0, NULL, NULL, NULL }
}; };
static const value_string reg_opnum_vals[] = {
{ REG_OPEN_HKCR, "OpenHKCR" },
{ _REG_UNK_01, "Unknown01" },
{ REG_OPEN_HKLM, "OpenHKLM" },
{ _REG_UNK_03, "Unknown03" },
{ REG_OPEN_HKU, "OpenHKU" },
{ REG_CLOSE, "Close" },
{ REG_CREATE_KEY, "CreateKey" },
{ REG_DELETE_KEY, "DeleteKey" },
{ REG_DELETE_VALUE, "DeleteValue" },
{ REG_ENUM_KEY, "EnumKey" },
{ REG_ENUM_VALUE, "EnumValue" },
{ REG_FLUSH_KEY, "FlushKey" },
{ REG_GET_KEY_SEC, "GetKeySecurity" },
{ _REG_UNK_0D, "Unknown0d" },
{ _REG_UNK_0E, "Unknown0e" },
{ REG_OPEN_ENTRY, "OpenEntry" },
{ REG_QUERY_KEY, "QueryKey" },
{ REG_INFO, "Info" },
{ _REG_UNK_12, "Unknown12" },
{ _REG_UNK_13, "Unknown13" },
{ _REG_UNK_14, "Unknown14" },
{ REG_SET_KEY_SEC, "SetKeySecurity" },
{ REG_CREATE_VALUE, "CreateValue" },
{ _REG_UNK_17, "Unknown17" },
{ REG_SHUTDOWN, "Shutdown" },
{ REG_ABORT_SHUTDOWN, "AbortShutdown" },
{ REG_UNK_1A, "Unknown1A" },
{ 0, NULL }
};
void void
proto_register_dcerpc_reg(void) proto_register_dcerpc_reg(void)
{ {
static hf_register_info hf[] = {
{ &hf_reg_opnum,
{ "Operation", "reg.opnum", FT_UINT16, BASE_DEC,
VALS(reg_opnum_vals), 0x0, "Operation", HFILL }},
};
static gint *ett[] = { static gint *ett[] = {
&ett_dcerpc_reg &ett_dcerpc_reg
}; };
@ -102,6 +140,8 @@ proto_register_dcerpc_reg(void)
proto_dcerpc_reg = proto_register_protocol( proto_dcerpc_reg = proto_register_protocol(
"Microsoft Registry", "REG", "reg"); "Microsoft Registry", "REG", "reg");
proto_register_field_array(proto_dcerpc_reg, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett)); proto_register_subtree_array(ett, array_length(ett));
} }
@ -111,5 +151,5 @@ proto_reg_handoff_dcerpc_reg(void)
/* Register protocol as dcerpc */ /* Register protocol as dcerpc */
dcerpc_init_uuid(proto_dcerpc_reg, ett_dcerpc_reg, &uuid_dcerpc_reg, dcerpc_init_uuid(proto_dcerpc_reg, ett_dcerpc_reg, &uuid_dcerpc_reg,
ver_dcerpc_reg, dcerpc_reg_dissectors); ver_dcerpc_reg, dcerpc_reg_dissectors, -1);
} }

4
packet-dcerpc-remact.c
View File

@ -2,7 +2,7 @@
* Routines for DCOM Remote Activation * Routines for DCOM Remote Activation
* Copyright 2001, Todd Sabin <tas@webspan.net> * Copyright 2001, Todd Sabin <tas@webspan.net>
* *
* $Id: packet-dcerpc-remact.c,v 1.4 2002/05/31 00:31:13 tpot Exp $ * $Id: packet-dcerpc-remact.c,v 1.5 2002/06/24 00:03:17 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -76,5 +76,5 @@ void
proto_reg_handoff_remact (void) proto_reg_handoff_remact (void)
{ {
/* Register the protocol as dcerpc */ /* Register the protocol as dcerpc */
dcerpc_init_uuid (proto_remact, ett_remact, &uuid_remact, ver_remact, remact_dissectors); dcerpc_init_uuid (proto_remact, ett_remact, &uuid_remact, ver_remact, remact_dissectors, -1);
} }

75
packet-dcerpc-samr.c
View File

@ -3,7 +3,7 @@
* Copyright 2001, Tim Potter <tpot@samba.org> * Copyright 2001, Tim Potter <tpot@samba.org>
* 2002 Added all command dissectors Ronnie Sahlberg * 2002 Added all command dissectors Ronnie Sahlberg
* *
* $Id: packet-dcerpc-samr.c,v 1.47 2002/05/31 00:31:13 tpot Exp $ * $Id: packet-dcerpc-samr.c,v 1.48 2002/06/24 00:03:17 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -40,6 +40,7 @@
static int proto_dcerpc_samr = -1; static int proto_dcerpc_samr = -1;
static int hf_samr_opnum = -1;
static int hf_samr_hnd = -1; static int hf_samr_hnd = -1;
static int hf_samr_group = -1; static int hf_samr_group = -1;
static int hf_samr_rid = -1; static int hf_samr_rid = -1;
@ -4290,10 +4291,80 @@ static dcerpc_sub_dissector dcerpc_samr_dissectors[] = {
{0, NULL, NULL, NULL } {0, NULL, NULL, NULL }
}; };
static const value_string samr_opnum_vals[] = {
{ SAMR_CONNECT_ANON, "ConnectAnonymous" },
{ SAMR_CLOSE_HND, "Close" },
{ SAMR_SET_SEC_OBJECT, "SetSecObject" },
{ SAMR_QUERY_SEC_OBJECT, "QuerySecObject" },
{ SAMR_SHUTDOWN_SAM_SERVER, "ShutdownSamServer" },
{ SAMR_LOOKUP_DOMAIN, "LookupDomain" },
{ SAMR_ENUM_DOMAINS, "EnumDomains" },
{ SAMR_OPEN_DOMAIN, "OpenDomain" },
{ SAMR_QUERY_DOMAIN_INFO, "QueryDomainInfo" },
{ SAMR_SET_DOMAIN_INFO, "SetDomainInfo" },
{ SAMR_CREATE_DOM_GROUP, "CreateGroup" },
{ SAMR_ENUM_DOM_GROUPS, "EnumDomainGroups" },
{ SAMR_CREATE_USER_IN_DOMAIN, "CreateUser" },
{ SAMR_ENUM_DOM_USERS, "EnumDomainUsers" },
{ SAMR_CREATE_DOM_ALIAS, "CreateAlias" },
{ SAMR_ENUM_DOM_ALIASES, "EnumAlises" },
{ SAMR_GET_ALIAS_MEMBERSHIP, "GetAliasMem" },
{ SAMR_LOOKUP_NAMES, "LookupNames" },
{ SAMR_LOOKUP_RIDS, "LookupRIDs" },
{ SAMR_OPEN_GROUP, "OpenGroup" },
{ SAMR_QUERY_GROUPINFO, "QueryGroupInfo" },
{ SAMR_SET_GROUPINFO, "SetGroupInfo" },
{ SAMR_ADD_GROUPMEM, "AddGroupMem" },
{ SAMR_DELETE_DOM_GROUP, "DeleteDomainGroup" },
{ SAMR_DEL_GROUPMEM, "RemoveGroupMem" },
{ SAMR_QUERY_GROUPMEM, "QueryGroupMem" },
{ SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SetMemberAttrGroup" },
{ SAMR_OPEN_ALIAS, "OpenAlias" },
{ SAMR_QUERY_ALIASINFO, "QueryAliasInfo" },
{ SAMR_SET_ALIASINFO, "SetAliasInfo" },
{ SAMR_DELETE_DOM_ALIAS, "DeleteAlias" },
{ SAMR_ADD_ALIASMEM, "AddAliasMem" },
{ SAMR_DEL_ALIASMEM, "RemoveAliasMem" },
{ SAMR_GET_MEMBERS_IN_ALIAS, "GetAliasMem" },
{ SAMR_OPEN_USER, "OpenUser" },
{ SAMR_DELETE_DOM_USER, "DeleteUser" },
{ SAMR_QUERY_USERINFO, "QueryUserInfo" },
{ SAMR_SET_USERINFO2, "SetUserInfo2" },
{ SAMR_CHANGE_PASSWORD_USER, "ChangePassword" },
{ SAMR_GET_GROUPS_FOR_USER, "GetGroups" },
{ SAMR_QUERY_DISPINFO, "QueryDispinfo" },
{ SAMR_GET_DISPLAY_ENUMERATION_INDEX, "GetDispEnumNDX" },
{ SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "TestPrivateFnsDomain" },
{ SAMR_TEST_PRIVATE_FUNCTIONS_USER, "TestPrivateFnsUser" },
{ SAMR_GET_USRDOM_PWINFO, "GetUserDomPwInfo" },
{ SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "RemoveMemberForeignDomain" },
{ SAMR_QUERY_INFORMATION_DOMAIN2, "QueryDomInfo2" },
{ SAMR_UNKNOWN_2f, "Unknown 0x2f" },
{ SAMR_QUERY_DISPINFO2, "QueryDispinfo2" },
{ SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "GetDispEnumNDX2" },
{ SAMR_CREATE_USER2_IN_DOMAIN, "CreateUser2" },
{ SAMR_QUERY_DISPINFO3, "QueryDispinfo3" },
{ SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "AddAliasMemMultiple" },
{ SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "RemoveAliasMemMultiple" },
{ SAMR_OEM_CHANGE_PASSWORD_USER2, "OEMChangePassword2" },
{ SAMR_UNICODE_CHANGE_PASSWORD_USER2, "UnicodeChangePassword2" },
{ SAMR_GET_DOM_PWINFO, "GetDomainPasswordInfo" },
{ SAMR_CONNECT2, "Connect2" },
{ SAMR_SET_USERINFO, "SetUserInfo" },
{ SAMR_UNKNOWN_3B, "Unknown 0x3b" },
{ SAMR_UNKNOWN_3C, "Unknown 0x3c" },
{ 0, NULL }
};
void void
proto_register_dcerpc_samr(void) proto_register_dcerpc_samr(void)
{ {
static hf_register_info hf[] = { static hf_register_info hf[] = {
{ &hf_samr_opnum,
{ "Operation", "samr.opnum", FT_UINT16, BASE_DEC,
VALS(samr_opnum_vals), 0x0, "Operation", HFILL }},
{ &hf_samr_hnd, { &hf_samr_hnd,
{ "Context Handle", "samr.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }}, { "Context Handle", "samr.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_samr_group, { &hf_samr_group,
@ -4669,5 +4740,5 @@ proto_reg_handoff_dcerpc_samr(void)
/* Register protocol as dcerpc */ /* Register protocol as dcerpc */
dcerpc_init_uuid(proto_dcerpc_samr, ett_dcerpc_samr, &uuid_dcerpc_samr, dcerpc_init_uuid(proto_dcerpc_samr, ett_dcerpc_samr, &uuid_dcerpc_samr,
ver_dcerpc_samr, dcerpc_samr_dissectors); ver_dcerpc_samr, dcerpc_samr_dissectors, hf_samr_opnum);
} }

111
packet-dcerpc-spoolss.c
View File

@ -2,7 +2,7 @@
* Routines for SMB \PIPE\spoolss packet disassembly * Routines for SMB \PIPE\spoolss packet disassembly
* Copyright 2001-2002, Tim Potter <tpot@samba.org> * Copyright 2001-2002, Tim Potter <tpot@samba.org>
* *
* $Id: packet-dcerpc-spoolss.c,v 1.40 2002/06/21 05:13:15 tpot Exp $ * $Id: packet-dcerpc-spoolss.c,v 1.41 2002/06/24 00:03:17 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -40,6 +40,91 @@
/* Global objects */ /* Global objects */
static int hf_spoolss_opnum = -1;
static const value_string spoolss_opnum_vals[] = {
{ SPOOLSS_ENUMPRINTERS, "EnumPrinters" },
{ SPOOLSS_OPENPRINTER, "OpenPrinter" },
{ SPOOLSS_SETJOB, "SetJob" },
{ SPOOLSS_GETJOB, "GetJob" },
{ SPOOLSS_ENUMJOBS, "EnumJobs" },
{ SPOOLSS_ADDPRINTER, "AddPrinter" },
{ SPOOLSS_DELETEPRINTER, "DeletePrinter" },
{ SPOOLSS_SETPRINTER, "SetPrinter" },
{ SPOOLSS_GETPRINTER, "GetPrinter" },
{ SPOOLSS_ADDPRINTERDRIVER, "AddPrinterDriver" },
{ SPOOLSS_ENUMPRINTERDRIVERS, "EnumPrinterDrivers" },
{ SPOOLSS_GETPRINTERDRIVER, "GetPrinterDriver" },
{ SPOOLSS_GETPRINTERDRIVERDIRECTORY, "GetPrinterDriverDirectory" },
{ SPOOLSS_DELETEPRINTERDRIVER, "DeletePrinterDriver" },
{ SPOOLSS_ADDPRINTPROCESSOR, "AddPrintProcessor" },
{ SPOOLSS_ENUMPRINTPROCESSORS, "EnumPrintProcessor" },
{ SPOOLSS_GETPRINTPROCESSORDIRECTORY, "GetPrintProcessorDirectory" },
{ SPOOLSS_STARTDOCPRINTER, "StartDocPrinter" },
{ SPOOLSS_STARTPAGEPRINTER, "StartPagePrinter" },
{ SPOOLSS_WRITEPRINTER, "WritePrinter" },
{ SPOOLSS_ENDPAGEPRINTER, "EndPagePrinter" },
{ SPOOLSS_ABORTPRINTER, "AbortPrinter" },
{ SPOOLSS_READPRINTER, "ReadPrinter" },
{ SPOOLSS_ENDDOCPRINTER, "EndDocPrinter" },
{ SPOOLSS_ADDJOB, "AddJob" },
{ SPOOLSS_SCHEDULEJOB, "ScheduleJob" },
{ SPOOLSS_GETPRINTERDATA, "GetPrinterData" },
{ SPOOLSS_SETPRINTERDATA, "SetPrinterData" },
{ SPOOLSS_WAITFORPRINTERCHANGE, "WaitForPrinterChange" },
{ SPOOLSS_CLOSEPRINTER, "ClosePrinter" },
{ SPOOLSS_ADDFORM, "AddForm" },
{ SPOOLSS_DELETEFORM, "DeleteForm" },
{ SPOOLSS_GETFORM, "GetForm" },
{ SPOOLSS_SETFORM, "SetForm" },
{ SPOOLSS_ENUMFORMS, "EnumForms" },
{ SPOOLSS_ENUMPORTS, "EnumPorts" },
{ SPOOLSS_ENUMMONITORS, "EnumMonitors" },
{ SPOOLSS_ADDPORT, "AddPort" },
{ SPOOLSS_CONFIGUREPORT, "ConfigurePort" },
{ SPOOLSS_DELETEPORT, "DeletePort" },
{ SPOOLSS_CREATEPRINTERIC, "CreatePrinterIC" },
{ SPOOLSS_PLAYGDISCRIPTONPRINTERIC, "PlayDiscriptOnPrinterIC" },
{ SPOOLSS_DELETEPRINTERIC, "DeletePrinterIC" },
{ SPOOLSS_ADDPRINTERCONNECTION, "AddPrinterConnection" },
{ SPOOLSS_DELETEPRINTERCONNECTION, "DeletePrinterConnection" },
{ SPOOLSS_PRINTERMESSAGEBOX, "PrinterMessageBox" },
{ SPOOLSS_ADDMONITOR, "AddMonitor" },
{ SPOOLSS_DELETEMONITOR, "DeleteMonitor" },
{ SPOOLSS_DELETEPRINTPROCESSOR, "DeletePrintProcessor" },
{ SPOOLSS_ADDPRINTPROVIDER, "AddPrintProvider" },
{ SPOOLSS_DELETEPRINTPROVIDER, "DeletePrintProvider" },
{ SPOOLSS_ENUMPRINTPROCDATATYPES, "EnumPrintProcDataTypes" },
{ SPOOLSS_RESETPRINTER, "ResetPrinter" },
{ SPOOLSS_GETPRINTERDRIVER2, "GetPrinterDriver2" },
{ SPOOLSS_FINDFIRSTPRINTERCHANGENOTIFICATION, "FindNextPrinterChangeNotification" },
{ SPOOLSS_FINDNEXTPRINTERCHANGENOTIFICATION, "FindNextPrinterChangeNotification" },
{ SPOOLSS_FCPN, "FCPN" },
{ SPOOLSS_ROUTERFINDFIRSTPRINTERNOTIFICATIONOLD, "RouterFindFirstPrinterNotificationOld" },
{ SPOOLSS_REPLYOPENPRINTER, "ReplyOpenPrinter" },
{ SPOOLSS_ROUTERREPLYPRINTER, "RouterREplyPrinter" },
{ SPOOLSS_REPLYCLOSEPRINTER, "ReplyClosePrinter" },
{ SPOOLSS_ADDPORTEX, "AddPortEx" },
{ SPOOLSS_REMOTEFINDFIRSTPRINTERCHANGENOTIFICATION, "RemoteFindFirstPrinterChangeNotification" },
{ SPOOLSS_SPOOLERINIT, "SpoolerInit" },
{ SPOOLSS_RESETPRINTEREX, "ResetPrinterEx" },
{ SPOOLSS_RFFPCNEX, "RFFPCNEX" },
{ SPOOLSS_RRPCN, "RRPCN" },
{ SPOOLSS_RFNPCNEX, "RFNPCNEX" },
{ SPOOLSS_OPENPRINTEREX, "OpenPrinterEx" },
{ SPOOLSS_ADDPRINTEREX, "AddPrinterEx" },
{ SPOOLSS_ENUMPRINTERDATA, "EnumPrinterData" },
{ SPOOLSS_DELETEPRINTERDATA, "DeletePrinterData" },
{ SPOOLSS_GETPRINTERDATAEX, "GetPrinterDataEx" },
{ SPOOLSS_SETPRINTERDATAEX, "SetPrinterDataEx" },
{ SPOOLSS_ENUMPRINTERDATAEX, "EnumPrinterDataEx" },
{ SPOOLSS_ENUMPRINTERKEY, "EnumPrinterKey" },
{ SPOOLSS_DELETEPRINTERDATAEX, "DeletePrinterDataEx" },
{ SPOOLSS_DELETEPRINTERDRIVEREX, "DeletePrinterDriverEx" },
{ SPOOLSS_ADDPRINTERDRIVEREX, "AddPrinterDriverEx" },
{ 0, NULL }
};
static int hf_spoolss_hnd = -1; static int hf_spoolss_hnd = -1;
static int hf_spoolss_rc = -1; static int hf_spoolss_rc = -1;
static int hf_spoolss_offered = -1; static int hf_spoolss_offered = -1;
@ -2543,8 +2628,15 @@ static int prs_SPOOL_PRINTER_INFO_LEVEL(tvbuff_t *tvb, int offset,
offset = prs_ptr(tvb, offset, pinfo, subtree, &ptr, "Info"); offset = prs_ptr(tvb, offset, pinfo, subtree, &ptr, "Info");
/* Sigh - dissecting a PRINTER_INFO_2 is currently
broken. Hopefully this will be fixed when these
routines are converted to the NDR parsing functions
used by all the other DCERPC dissectors. */
#if 0
if (ptr) if (ptr)
defer_ptr(dp_list, prs_PRINTER_INFO_2, subtree); defer_ptr(dp_list, prs_PRINTER_INFO_2, subtree);
#endif
break; break;
} }
@ -5512,6 +5604,13 @@ void
proto_register_dcerpc_spoolss(void) proto_register_dcerpc_spoolss(void)
{ {
static hf_register_info hf[] = { static hf_register_info hf[] = {
/* Opnum */
{ &hf_spoolss_opnum,
{ "Operation", "spoolss.opnum", FT_UINT16, BASE_DEC,
VALS(spoolss_opnum_vals), 0x0, "Operation", HFILL }},
{ &hf_spoolss_hnd, { &hf_spoolss_hnd,
{ "Context handle", "spoolss.hnd", FT_BYTES, BASE_NONE, { "Context handle", "spoolss.hnd", FT_BYTES, BASE_NONE,
NULL, 0x0, "SPOOLSS policy handle", HFILL }}, NULL, 0x0, "SPOOLSS policy handle", HFILL }},
@ -5686,13 +5785,13 @@ proto_register_dcerpc_spoolss(void)
{ &hf_spoolss_printerdata_type, { &hf_spoolss_printerdata_type,
{ "Printer data type", "spoolss.printerdata.type", FT_UINT32, BASE_DEC, { "Printer data type", "spoolss.printerdata.type", FT_UINT32, BASE_DEC,
VALS(&reg_datatypes), 0, "Printer data type", HFILL }}, VALS(reg_datatypes), 0, "Printer data type", HFILL }},
/* SetJob RPC */ /* SetJob RPC */
{ &hf_spoolss_setjob_cmd, { &hf_spoolss_setjob_cmd,
{ "Set job command", "spoolss.setjob.cmd", FT_UINT32, BASE_DEC, { "Set job command", "spoolss.setjob.cmd", FT_UINT32, BASE_DEC,
VALS(&setjob_commands), 0x0, "Printer data name", HFILL }}, VALS(setjob_commands), 0x0, "Printer data name", HFILL }},
/* WritePrinter */ /* WritePrinter */
@ -5809,7 +5908,7 @@ proto_register_dcerpc_spoolss(void)
{ &hf_spoolss_notify_option_type, { &hf_spoolss_notify_option_type,
{ "Type", "spoolss.notify_option.type", FT_UINT16, BASE_DEC, { "Type", "spoolss.notify_option.type", FT_UINT16, BASE_DEC,
VALS(&printer_notify_types), 0, "Type", HFILL }}, VALS(printer_notify_types), 0, "Type", HFILL }},
{ &hf_spoolss_notify_option_reserved1, { &hf_spoolss_notify_option_reserved1,
{ "Reserved1", "spoolss.notify_option.reserved1", FT_UINT16, BASE_DEC, { "Reserved1", "spoolss.notify_option.reserved1", FT_UINT16, BASE_DEC,
NULL, 0, "Reserved1", HFILL }}, NULL, 0, "Reserved1", HFILL }},
@ -5840,7 +5939,7 @@ proto_register_dcerpc_spoolss(void)
NULL, 0, "Flags", HFILL }}, NULL, 0, "Flags", HFILL }},
{ &hf_spoolss_notify_info_data_type, { &hf_spoolss_notify_info_data_type,
{ "Type", "spoolss.notify_info_data.type", FT_UINT16, BASE_DEC, { "Type", "spoolss.notify_info_data.type", FT_UINT16, BASE_DEC,
VALS(&printer_notify_types), 0, "Type", HFILL }}, VALS(printer_notify_types), 0, "Type", HFILL }},
{ &hf_spoolss_notify_field, { &hf_spoolss_notify_field,
{ "Field", "spoolss.notify_field", FT_UINT16, BASE_DEC, { "Field", "spoolss.notify_field", FT_UINT16, BASE_DEC,
NULL, 0, "Field", HFILL }}, NULL, 0, "Field", HFILL }},
@ -6035,5 +6134,5 @@ proto_reg_handoff_dcerpc_spoolss(void)
dcerpc_init_uuid(proto_dcerpc_spoolss, ett_dcerpc_spoolss, dcerpc_init_uuid(proto_dcerpc_spoolss, ett_dcerpc_spoolss,
&uuid_dcerpc_spoolss, ver_dcerpc_spoolss, &uuid_dcerpc_spoolss, ver_dcerpc_spoolss,
dcerpc_spoolss_dissectors); dcerpc_spoolss_dissectors, hf_spoolss_opnum);
} }

9
packet-dcerpc-srvsvc.c
View File

@ -6,7 +6,7 @@
* Copyright 2002, Ronnie Sahlberg * Copyright 2002, Ronnie Sahlberg
* rewrote entire dissector * rewrote entire dissector
* *
* $Id: packet-dcerpc-srvsvc.c,v 1.38 2002/06/23 12:00:38 sahlberg Exp $ * $Id: packet-dcerpc-srvsvc.c,v 1.39 2002/06/24 00:03:18 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -44,6 +44,7 @@
#include "smb.h" #include "smb.h"
static int proto_dcerpc_srvsvc = -1; static int proto_dcerpc_srvsvc = -1;
static int hf_srvsvc_opnum = -1;
static int hf_srvsvc_reserved = -1; static int hf_srvsvc_reserved = -1;
static int hf_srvsvc_server = -1; static int hf_srvsvc_server = -1;
static int hf_srvsvc_emulated_server = -1; static int hf_srvsvc_emulated_server = -1;
@ -6939,6 +6940,9 @@ void
proto_register_dcerpc_srvsvc(void) proto_register_dcerpc_srvsvc(void)
{ {
static hf_register_info hf[] = { static hf_register_info hf[] = {
{ &hf_srvsvc_opnum,
{ "Operation", "srvsvc.opnum", FT_UINT16, BASE_DEC,
VALS(srvsvc_opnum_vals), 0x0, "Operation", HFILL }},
{ &hf_srvsvc_server, { &hf_srvsvc_server,
{ "Server", "srvsvc.server", FT_STRING, BASE_NONE, { "Server", "srvsvc.server", FT_STRING, BASE_NONE,
NULL, 0x0, "Server Name", HFILL}}, NULL, 0x0, "Server Name", HFILL}},
@ -7500,6 +7504,5 @@ proto_reg_handoff_dcerpc_srvsvc(void)
dcerpc_init_uuid(proto_dcerpc_srvsvc, ett_dcerpc_srvsvc, dcerpc_init_uuid(proto_dcerpc_srvsvc, ett_dcerpc_srvsvc,
&uuid_dcerpc_srvsvc, ver_dcerpc_srvsvc, &uuid_dcerpc_srvsvc, ver_dcerpc_srvsvc,
dcerpc_srvsvc_dissectors); dcerpc_srvsvc_dissectors, hf_srvsvc_opnum);
} }

4
packet-dcerpc-tapi.c
View File

@ -2,7 +2,7 @@
* Routines for DCERPC TAPI packet disassembly * Routines for DCERPC TAPI packet disassembly
* Copyright 2002, Ronnie Sahlberg * Copyright 2002, Ronnie Sahlberg
* *
* $Id: packet-dcerpc-tapi.c,v 1.1 2002/06/02 12:33:15 sahlberg Exp $ * $Id: packet-dcerpc-tapi.c,v 1.2 2002/06/24 00:03:18 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -240,5 +240,5 @@ proto_reg_handoff_dcerpc_tapi(void)
dcerpc_init_uuid(proto_dcerpc_tapi, ett_dcerpc_tapi, dcerpc_init_uuid(proto_dcerpc_tapi, ett_dcerpc_tapi,
&uuid_dcerpc_tapi, ver_dcerpc_tapi, &uuid_dcerpc_tapi, ver_dcerpc_tapi,
dcerpc_tapi_dissectors); dcerpc_tapi_dissectors, -1);
} }

4
packet-dcerpc-wkssvc.c
View File

@ -2,7 +2,7 @@
* Routines for SMB \\PIPE\\wkssvc packet disassembly * Routines for SMB \\PIPE\\wkssvc packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org> * Copyright 2001, Tim Potter <tpot@samba.org>
* *
* $Id: packet-dcerpc-wkssvc.c,v 1.3 2002/05/31 00:31:13 tpot Exp $ * $Id: packet-dcerpc-wkssvc.c,v 1.4 2002/06/24 00:03:18 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -68,5 +68,5 @@ proto_reg_handoff_dcerpc_wkssvc(void)
dcerpc_init_uuid(proto_dcerpc_wkssvc, ett_dcerpc_wkssvc, dcerpc_init_uuid(proto_dcerpc_wkssvc, ett_dcerpc_wkssvc,
&uuid_dcerpc_wkssvc, ver_dcerpc_wkssvc, &uuid_dcerpc_wkssvc, ver_dcerpc_wkssvc,
dcerpc_wkssvc_dissectors); dcerpc_wkssvc_dissectors, -1);
} }

34
packet-dcerpc.c
View File

@ -2,7 +2,7 @@
* Routines for DCERPC packet disassembly * Routines for DCERPC packet disassembly
* Copyright 2001, Todd Sabin <tas@webspan.net> * Copyright 2001, Todd Sabin <tas@webspan.net>
* *
* $Id: packet-dcerpc.c,v 1.62 2002/06/22 01:30:53 guy Exp $ * $Id: packet-dcerpc.c,v 1.63 2002/06/24 00:03:18 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -443,6 +443,7 @@ typedef struct _dcerpc_uuid_value {
int ett; int ett;
gchar *name; gchar *name;
dcerpc_sub_dissector *procs; dcerpc_sub_dissector *procs;
int opnum_hf;
} dcerpc_uuid_value; } dcerpc_uuid_value;
static gint static gint
@ -465,7 +466,7 @@ dcerpc_uuid_hash (gconstpointer k)
void void
dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver,
dcerpc_sub_dissector *procs) dcerpc_sub_dissector *procs, int opnum_hf)
{ {
dcerpc_uuid_key *key = g_malloc (sizeof (*key)); dcerpc_uuid_key *key = g_malloc (sizeof (*key));
dcerpc_uuid_value *value = g_malloc (sizeof (*value)); dcerpc_uuid_value *value = g_malloc (sizeof (*value));
@ -477,6 +478,7 @@ dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver,
value->ett = ett; value->ett = ett;
value->name = proto_get_protocol_short_name (proto); value->name = proto_get_protocol_short_name (proto);
value->procs = procs; value->procs = procs;
value->opnum_hf = opnum_hf;
g_hash_table_insert (dcerpc_uuids, key, value); g_hash_table_insert (dcerpc_uuids, key, value);
} }
@ -1246,24 +1248,18 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
/* /*
* Put the operation number into the tree along with * Put the operation number into the tree along with
* the operation's name. * the operation's name.
*
* XXX - the subdissectors should all have their own fields
* for the opnum, so that you can filter on a particular
* protocol and opnum value; the opnum value isn't, by itself,
* very interesting, as its interpretation depends on the
* subprotocol.
*
* That would also allow the field to have a value_string
* table, giving names for operations, and letting you filter
* by name.
*
* ONC RPC should do the same thing with the version and
* procedure fields it puts into the subprotocol's tree.
*/ */
proto_tree_add_uint_format (sub_tree, hf_dcerpc_op, tvb,
0, 0, opnum, if (sub_proto->opnum_hf != -1)
"Operation: %s (%u)", proto_tree_add_uint_format(sub_tree, sub_proto->opnum_hf,
name, opnum); tvb, 0, 0, opnum,
"Operation: %s (%u)",
name, opnum);
else
proto_tree_add_uint_format(sub_tree, hf_dcerpc_op, tvb,
0, 0, opnum,
"Operation: %s (%u)",
name, opnum);
} }
/* /*

4
packet-dcerpc.h
View File

@ -1,7 +1,7 @@
/* packet-dcerpc.h /* packet-dcerpc.h
* Copyright 2001, Todd Sabin <tas@webspan.net> * Copyright 2001, Todd Sabin <tas@webspan.net>
* *
* $Id: packet-dcerpc.h,v 1.17 2002/06/19 08:34:38 guy Exp $ * $Id: packet-dcerpc.h,v 1.18 2002/06/24 00:03:18 tpot Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com> * By Gerald Combs <gerald@ethereal.com>
@ -170,7 +170,7 @@ typedef struct _dcerpc_sub_dissector {
} dcerpc_sub_dissector; } dcerpc_sub_dissector;
/* registration function for subdissectors */ /* registration function for subdissectors */
void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs); void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs, int opnum_hf);
/* Private data structure to pass to DCERPC dissector. This is used to /* Private data structure to pass to DCERPC dissector. This is used to
pass transport specific information down to the dissector from the pass transport specific information down to the dissector from the