forked from osmocom/wireshark
packet-dcerpc: improve dissection of bind time feature negotiation
Change-Id: I6bcc5538149e36eed31933897a95fa7592baa84a Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/11363 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Stefan Metzmacher
Michael Mann
parent
c042416443
commit
ae574e3de7
|
|
@ -57,12 +57,6 @@ static e_guid_t uuid_data_repr_proto = { 0x8a885d04, 0x1ceb, 0x11c9,
|
|||
static e_guid_t uuid_ndr64 = { 0x71710533, 0xbeba, 0x4937,
|
||||
{ 0x83, 0x19, 0xb5, 0xdb, 0xef, 0x9c, 0xcc, 0x36 } };
|
||||
|
||||
/* Bind Time Feature Negotiation, see [MS-RPCE] 3.3.1.5.3 */
|
||||
static e_guid_t uuid_bind_time_feature_nego_00 = { 0x6cb71c2c, 0x9812, 0x4540, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } };
|
||||
static e_guid_t uuid_bind_time_feature_nego_01 = { 0x6cb71c2c, 0x9812, 0x4540, { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } };
|
||||
static e_guid_t uuid_bind_time_feature_nego_02 = { 0x6cb71c2c, 0x9812, 0x4540, { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } };
|
||||
static e_guid_t uuid_bind_time_feature_nego_03 = { 0x6cb71c2c, 0x9812, 0x4540, { 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } };
|
||||
|
||||
/* see [MS-OXRPC] Appendix A: Full IDL, http://msdn.microsoft.com/en-us/library/ee217991%28v=exchg.80%29.aspx */
|
||||
static e_guid_t uuid_asyncemsmdb = { 0x5261574a, 0x4572, 0x206e,
|
||||
{ 0xb2, 0x68, 0x6b, 0x19, 0x92, 0x13, 0xb4, 0xe4 } };
|
||||
|
|
@ -470,6 +464,7 @@ static int hf_dcerpc_cn_bind_if_ver_minor = -1;
|
|||
static int hf_dcerpc_cn_bind_trans_syntax = -1;
|
||||
static int hf_dcerpc_cn_bind_trans_id = -1;
|
||||
static int hf_dcerpc_cn_bind_trans_ver = -1;
|
||||
static int hf_dcerpc_cn_bind_trans_btfn = -1;
|
||||
static int hf_dcerpc_cn_bind_trans_btfn_01 = -1;
|
||||
static int hf_dcerpc_cn_bind_trans_btfn_02 = -1;
|
||||
static int hf_dcerpc_cn_alloc_hint = -1;
|
||||
|
|
@ -480,7 +475,6 @@ static int hf_dcerpc_cn_ack_result = -1;
|
|||
static int hf_dcerpc_cn_ack_reason = -1;
|
||||
static int hf_dcerpc_cn_ack_trans_id = -1;
|
||||
static int hf_dcerpc_cn_ack_trans_ver = -1;
|
||||
static int hf_dcerpc_cn_ack_btfn = -1;
|
||||
static int hf_dcerpc_cn_reject_reason = -1;
|
||||
static int hf_dcerpc_cn_num_protocols = -1;
|
||||
static int hf_dcerpc_cn_protocol_ver_major = -1;
|
||||
|
|
@ -596,12 +590,19 @@ static int hf_dcerpc_cmd_client_ipv4 = -1;
|
|||
static int hf_dcerpc_cmd_client_ipv6 = -1;
|
||||
static int hf_dcerpc_authentication_verifier = -1;
|
||||
|
||||
static const int *dcerpc_cn_bind_trans_btfn_fields[] = {
|
||||
&hf_dcerpc_cn_bind_trans_btfn_01,
|
||||
&hf_dcerpc_cn_bind_trans_btfn_02,
|
||||
NULL
|
||||
};
|
||||
|
||||
static gint ett_dcerpc = -1;
|
||||
static gint ett_dcerpc_cn_flags = -1;
|
||||
static gint ett_dcerpc_cn_ctx = -1;
|
||||
static gint ett_dcerpc_cn_iface = -1;
|
||||
static gint ett_dcerpc_cn_trans_syntax = -1;
|
||||
static gint ett_dcerpc_cn_trans_btfn = -1;
|
||||
static gint ett_dcerpc_cn_bind_trans_btfn = -1;
|
||||
static gint ett_dcerpc_cn_rts_flags = -1;
|
||||
static gint ett_dcerpc_cn_rts_command = -1;
|
||||
static gint ett_dcerpc_cn_rts_pdu = -1;
|
||||
|
|
@ -3516,7 +3517,6 @@ dissect_dcerpc_cn_bind(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
for (j = 0; j < num_trans_items; j++) {
|
||||
proto_tree *trans_tree = NULL;
|
||||
proto_item *trans_item = NULL;
|
||||
proto_item *uuid_item = NULL;
|
||||
|
||||
dcerpc_tvb_get_uuid(tvb, offset, hdr->drep, &trans_id);
|
||||
if (ctx_tree) {
|
||||
|
|
@ -3527,22 +3527,33 @@ dissect_dcerpc_cn_bind(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
uuid_str = guid_to_str(wmem_packet_scope(), (e_guid_t *) &trans_id);
|
||||
uuid_name = guids_get_uuid_name(&trans_id);
|
||||
|
||||
if (uuid_name) {
|
||||
uuid_item = proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id, tvb, offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s UUID:%s", uuid_name, uuid_str);
|
||||
/* check for [MS-RPCE] 3.3.1.5.3 Bind Time Feature Negotiation */
|
||||
if (trans_id.data1 == 0x6cb71c2c && trans_id.data2 == 0x9812 && trans_id.data3 == 0x4540) {
|
||||
proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id,
|
||||
tvb, offset, 16, (e_guid_t *) &trans_id,
|
||||
"Transfer Syntax: Bind Time Feature Negotiation UUID:%s",
|
||||
uuid_str);
|
||||
proto_tree_add_bitmask(trans_tree, tvb, offset + 8,
|
||||
hf_dcerpc_cn_bind_trans_btfn,
|
||||
ett_dcerpc_cn_bind_trans_btfn,
|
||||
dcerpc_cn_bind_trans_btfn_fields,
|
||||
ENC_LITTLE_ENDIAN);
|
||||
proto_item_append_text(trans_item, "[%u]: Bind Time Feature Negotiation", j+1);
|
||||
proto_item_append_text(ctx_item, ", Bind Time Feature Negotiation");
|
||||
} else if (uuid_name) {
|
||||
proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id,
|
||||
tvb, offset, 16, (e_guid_t *) &trans_id,
|
||||
"Transfer Syntax: %s UUID:%s", uuid_name, uuid_str);
|
||||
proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_name);
|
||||
proto_item_append_text(ctx_item, ", %s", uuid_name);
|
||||
} else {
|
||||
uuid_item = proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id, tvb, offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str);
|
||||
proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id,
|
||||
tvb, offset, 16, (e_guid_t *) &trans_id,
|
||||
"Transfer Syntax: %s", uuid_str);
|
||||
proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_str);
|
||||
proto_item_append_text(ctx_item, ", %s", uuid_str);
|
||||
}
|
||||
|
||||
/* check for [MS-RPCE] 3.3.1.5.3 Bind Time Feature Negotiation */
|
||||
if (trans_id.data1 == 0x6cb71c2c && trans_id.data2 == 0x9812 && trans_id.data3 == 0x4540) {
|
||||
proto_tree *uuid_tree = proto_item_add_subtree(uuid_item, ett_dcerpc_cn_trans_btfn);
|
||||
proto_tree_add_boolean(uuid_tree, hf_dcerpc_cn_bind_trans_btfn_01, tvb, offset+8, 1, trans_id.data4[0]);
|
||||
proto_tree_add_boolean(uuid_tree, hf_dcerpc_cn_bind_trans_btfn_02, tvb, offset+8, 1, trans_id.data4[0]);
|
||||
}
|
||||
}
|
||||
offset += 16;
|
||||
|
||||
|
|
@ -3656,10 +3667,12 @@ dissect_dcerpc_cn_bind_ack(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
|
||||
/* [MS-RPCE] 3.3.1.5.3 check if this Ctx Item is the response to a Bind Time Feature Negotiation request */
|
||||
if (result == 3) {
|
||||
const int old_offset = offset;
|
||||
offset = dissect_dcerpc_uint16(tvb, offset, pinfo, ctx_tree, hdr->drep, hf_dcerpc_cn_ack_btfn, &reason);
|
||||
proto_tree_add_boolean(ctx_tree, hf_dcerpc_cn_bind_trans_btfn_01, tvb, old_offset, 1, reason);
|
||||
proto_tree_add_boolean(ctx_tree, hf_dcerpc_cn_bind_trans_btfn_02, tvb, old_offset, 1, reason);
|
||||
proto_tree_add_bitmask(ctx_tree, tvb, offset,
|
||||
hf_dcerpc_cn_bind_trans_btfn,
|
||||
ett_dcerpc_cn_bind_trans_btfn,
|
||||
dcerpc_cn_bind_trans_btfn_fields,
|
||||
ENC_LITTLE_ENDIAN);
|
||||
offset += 2;
|
||||
} else if (result != 0) {
|
||||
offset = dissect_dcerpc_uint16(tvb, offset, pinfo, ctx_tree,
|
||||
hdr->drep, hf_dcerpc_cn_ack_reason,
|
||||
|
|
@ -6193,10 +6206,12 @@ proto_register_dcerpc(void)
|
|||
{ "ID", "dcerpc.cn_bind_trans_id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
||||
{ &hf_dcerpc_cn_bind_trans_ver,
|
||||
{ "ver", "dcerpc.cn_bind_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
|
||||
{ &hf_dcerpc_cn_bind_trans_btfn_01, /* [MS-RPCE] 2.2.2.14 */
|
||||
{ "Security Context Multiplexing Supported", "dcerpc.cn_bind_trans_btfn.01", FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x01, NULL, HFILL }},
|
||||
{ &hf_dcerpc_cn_bind_trans_btfn, /* [MS-RPCE] 2.2.2.14 */
|
||||
{"Bind Time Features", "dcerpc.cn_bind_trans_btfn", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL }},
|
||||
{ &hf_dcerpc_cn_bind_trans_btfn_01,
|
||||
{ "Security Context Multiplexing Supported", "dcerpc.cn_bind_trans_btfn.01", FT_BOOLEAN, 16, NULL, 0x01, NULL, HFILL }},
|
||||
{ &hf_dcerpc_cn_bind_trans_btfn_02,
|
||||
{ "Keep Connection On Orphan Supported", "dcerpc.cn_bind_trans_btfn.02", FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x02, NULL, HFILL }},
|
||||
{ "Keep Connection On Orphan Supported", "dcerpc.cn_bind_trans_btfn.02", FT_BOOLEAN, 16, NULL, 0x02, NULL, HFILL }},
|
||||
{ &hf_dcerpc_cn_alloc_hint,
|
||||
{ "Alloc hint", "dcerpc.cn_alloc_hint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
|
||||
{ &hf_dcerpc_cn_sec_addr_len,
|
||||
|
|
@ -6213,8 +6228,6 @@ proto_register_dcerpc(void)
|
|||
{ "Transfer Syntax", "dcerpc.cn_ack_trans_id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
||||
{ &hf_dcerpc_cn_ack_trans_ver,
|
||||
{ "Syntax ver", "dcerpc.cn_ack_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
|
||||
{ &hf_dcerpc_cn_ack_btfn,
|
||||
{ "Bind Time Feature Negotiation Bitmask", "dcerpc.cn_ack_btfn", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }},
|
||||
{ &hf_dcerpc_cn_reject_reason,
|
||||
{ "Reject reason", "dcerpc.cn_reject_reason", FT_UINT16, BASE_DEC, VALS(reject_reason_vals), 0x0, NULL, HFILL }},
|
||||
{ &hf_dcerpc_cn_num_protocols,
|
||||
|
|
@ -6476,6 +6489,7 @@ proto_register_dcerpc(void)
|
|||
&ett_dcerpc_cn_iface,
|
||||
&ett_dcerpc_cn_trans_syntax,
|
||||
&ett_dcerpc_cn_trans_btfn,
|
||||
&ett_dcerpc_cn_bind_trans_btfn,
|
||||
&ett_dcerpc_cn_rts_flags,
|
||||
&ett_dcerpc_cn_rts_command,
|
||||
&ett_dcerpc_cn_rts_pdu,
|
||||
|
|
@ -6562,10 +6576,6 @@ proto_reg_handoff_dcerpc(void)
|
|||
|
||||
guids_add_uuid(&uuid_data_repr_proto, "32bit NDR");
|
||||
guids_add_uuid(&uuid_ndr64, "64bit NDR");
|
||||
guids_add_uuid(&uuid_bind_time_feature_nego_00, "bind time feature negotiation");
|
||||
guids_add_uuid(&uuid_bind_time_feature_nego_01, "bind time feature negotiation");
|
||||
guids_add_uuid(&uuid_bind_time_feature_nego_02, "bind time feature negotiation");
|
||||
guids_add_uuid(&uuid_bind_time_feature_nego_03, "bind time feature negotiation");
|
||||
guids_add_uuid(&uuid_asyncemsmdb, "async MAPI");
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue