wireshark/gtk/decode_as_dcerpc.c

/* decode_as_dcerpc.c
 *
 * $Id$
 *
 * Routines to modify dcerpc bindings on the fly.
 *
 * Copyright 2004 Ulf Lamping
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <string.h>

#include <gtk/gtk.h>

#include <epan/packet.h>
#include <epan/ipproto.h>
#include <epan/epan_dissect.h>
#include <epan/dissectors/packet-dcerpc.h>

#include "../globals.h"
#include "../simple_dialog.h"

#include "gtk/decode_as_dlg.h"
#include "gtk/dlg_utils.h"
#include "gtk/gui_utils.h"
#include "gtk/decode_as_dcerpc.h"


/**************************************************/
/*                Typedefs & Enums                */
/**************************************************/

/* list of dcerpc "Decode As" bindings */
GSList *decode_dcerpc_bindings = NULL;

/**************************************************/
/*            Global Functions                    */
/**************************************************/

/* inject one of our bindings into the dcerpc binding table */
static void 
decode_dcerpc_inject_binding(gpointer data, gpointer user_data _U_)
{
    dcerpc_add_conv_to_bind_table((decode_dcerpc_bind_values_t *) data);
}


/* inject all of our bindings into the dcerpc binding table */
static void 
decode_dcerpc_inject_bindings(gpointer data _U_) {
    g_slist_foreach(decode_dcerpc_bindings, decode_dcerpc_inject_binding, NULL /* user_data */);
}


/* init this file */
void 
decode_dcerpc_init(void) {
    GHook*      hook_init_proto;


    /* add a hook function to the dcerpc init_protocols hook */
    hook_init_proto = g_hook_alloc(&dcerpc_hooks_init_protos);
    hook_init_proto->func = decode_dcerpc_inject_bindings;
    g_hook_prepend(&dcerpc_hooks_init_protos, hook_init_proto);
}


/* clone a binding (uses g_malloc) */
static decode_dcerpc_bind_values_t *
decode_dcerpc_binding_clone(decode_dcerpc_bind_values_t *binding_in)
{
    decode_dcerpc_bind_values_t *stored_binding;

    stored_binding = g_malloc(sizeof(decode_dcerpc_bind_values_t));
    *stored_binding = *binding_in;
    COPY_ADDRESS(&stored_binding->addr_a, &binding_in->addr_a);
    COPY_ADDRESS(&stored_binding->addr_b, &binding_in->addr_b);
    stored_binding->ifname = g_string_new(binding_in->ifname->str);

    return stored_binding;
}


/* free a binding */
void 
decode_dcerpc_binding_free(void *binding_in)
{
    decode_dcerpc_bind_values_t *binding = binding_in;

    g_free((void *) binding->addr_a.data);
    g_free((void *) binding->addr_b.data);
    if(binding->ifname)
        g_string_free(binding->ifname, TRUE);
    g_free(binding);
}


/* compare two bindings (except the interface related things, e.g. uuid) */
static gint
decode_dcerpc_binding_cmp(gconstpointer a, gconstpointer b)
{
    const decode_dcerpc_bind_values_t *binding_a = a;
    const decode_dcerpc_bind_values_t *binding_b = b;


    /* don't compare uuid and ver! */
    if( 
        ADDRESSES_EQUAL(&binding_a->addr_a, &binding_b->addr_a) &&
        ADDRESSES_EQUAL(&binding_a->addr_b, &binding_b->addr_b) &&
        binding_a->ptype == binding_b->ptype &&
        binding_a->port_a == binding_b->port_a &&
        binding_a->port_b == binding_b->port_b &&
        binding_a->ctx_id == binding_b->ctx_id &&
        binding_a->smb_fid == binding_b->smb_fid)
    {
        /* equal */
        return 0;
    }

    /* unequal */
    return 1;
}


/**************************************************/
/*             Show Changed Bindings              */
/**************************************************/


/* add a single binding to the Show list */
static void
decode_dcerpc_add_show_list_single(gpointer data, gpointer user_data)
{
    gchar      string1[20];

    
    decode_dcerpc_bind_values_t *binding = data;

    g_snprintf(string1, sizeof(string1), "ctx_id: %u", binding->ctx_id);

    decode_add_to_show_list (
        user_data, 
        "DCE-RPC", 
        string1, 
        "-", 
        binding->ifname->str);
}


/* add all bindings to the Show list */
void
decode_dcerpc_add_show_list(gpointer user_data)
{
    g_slist_foreach(decode_dcerpc_bindings, decode_dcerpc_add_show_list_single, user_data);
}


/**************************************************/
/*         Modify the binding routines            */
/**************************************************/


/* removes all bindings */
void
decode_dcerpc_reset_all(void)
{
    decode_dcerpc_bind_values_t *binding;

    while(decode_dcerpc_bindings) {
        binding = decode_dcerpc_bindings->data;

        decode_dcerpc_binding_free(binding);
        decode_dcerpc_bindings = g_slist_remove(
            decode_dcerpc_bindings, 
            decode_dcerpc_bindings->data);
    }
}


/* remove a binding (looking the same way as the given one) */
static void
decode_dcerpc_binding_reset(
const gchar *table_name _U_, 
decode_dcerpc_bind_values_t *binding)
{
    GSList *le;
    decode_dcerpc_bind_values_t *old_binding;


    /* find the old binding (if it exists) */
    le = g_slist_find_custom(decode_dcerpc_bindings,
                                             binding,
                                             decode_dcerpc_binding_cmp);
    if(le == NULL)
        return;

    old_binding = le->data;

    decode_dcerpc_bindings = g_slist_remove(decode_dcerpc_bindings, le->data);

    g_free((void *) old_binding->addr_a.data);
    g_free((void *) old_binding->addr_b.data);
    g_string_free(old_binding->ifname, TRUE);
    g_free(old_binding);
}


/* a binding has changed (remove a previously existing one) */
static void
decode_dcerpc_binding_change(
const gchar *table_name, 
decode_dcerpc_bind_values_t *binding)
{

    decode_dcerpc_bind_values_t *stored_binding;

    /* remove a probably existing old binding */
    decode_dcerpc_binding_reset(table_name, binding);

    /* clone the new binding and append it to the list */
    stored_binding = decode_dcerpc_binding_clone(binding);
    decode_dcerpc_bindings = g_slist_append (decode_dcerpc_bindings, stored_binding);
}


/* a binding has changed (add/replace/remove it) */
static void
decode_change_one_dcerpc_binding(const gchar *table_name, decode_dcerpc_bind_values_t *binding, GtkWidget *list)
{
    dcerpc_uuid_key     *key;
    gchar              *abbrev;
    GtkTreeSelection  *selection;
    GtkTreeModel      *model;
    GtkTreeIter        iter;

    selection = gtk_tree_view_get_selection(GTK_TREE_VIEW(list));
    if (gtk_tree_selection_get_selected(selection, &model, &iter) == FALSE)
    {
	abbrev = NULL;
	key = NULL;
    } else {
        gtk_tree_model_get(model, &iter, E_LIST_S_PROTO_NAME, &abbrev,
                           E_LIST_S_TABLE+1, &key, -1);
    }

    if (key == NULL || (abbrev != NULL && strcmp(abbrev, "(default)") == 0) ) {
        decode_dcerpc_binding_reset(table_name, binding);
    } else {
			binding->ifname = g_string_new(abbrev);
			binding->uuid = key->uuid;
			binding->ver = key->ver;
			decode_dcerpc_binding_change(table_name, binding);
    }
    g_free(abbrev);
}



/**************************************************/
/* Action routines for the "Decode As..." dialog  */
/*   - called when the OK button pressed          */
/**************************************************/

/*
 * This routine is called when the user clicks the "OK" button in the
 * "Decode As..." dialog window and the DCE-RPC page is foremost.
 * This routine takes care of making any changes requested to the DCE-RPC 
 * binding tables.
 *
 * @param notebook_pg A pointer to the "DCE-RPC" notebook page.
 */
static void
decode_dcerpc(GtkWidget *notebook_pg)
{
    GtkWidget *list;
    const gchar *table_name;
    decode_dcerpc_bind_values_t *binding;


    list = g_object_get_data(G_OBJECT(notebook_pg), E_PAGE_LIST);
    if (requested_action == E_DECODE_NO)
	gtk_tree_selection_unselect_all(gtk_tree_view_get_selection(GTK_TREE_VIEW(list)));

    binding = g_object_get_data(G_OBJECT(notebook_pg), E_PAGE_BINDING);

    /*table_name = g_object_get_data(G_OBJECT(notebook_pg), E_PAGE_TABLE);*/
    table_name = "DCE-RPC";
    decode_change_one_dcerpc_binding(table_name, binding, list);
}


/**************************************************/
/*                  Dialog setup                  */
/**************************************************/


/* add an interface to the list */
static void 
decode_dcerpc_add_to_list(gpointer key, gpointer value, gpointer user_data)
{
    /*dcerpc_uuid_key *k = key;*/
    dcerpc_uuid_value *v = value;

    if(strcmp(v->name, "(none)"))
        decode_add_to_list("DCE-RPC", v->name, key, user_data);
}


/* add all interfaces to the list */
static GtkWidget *
decode_add_dcerpc_menu (GtkWidget *page, const gchar *table_name _U_)
{
    GtkWidget *scrolled_window;
    GtkWidget *list;

    decode_list_menu_start(page, &list, &scrolled_window);
    g_hash_table_foreach(dcerpc_uuids, decode_dcerpc_add_to_list, list);
    decode_list_menu_finish(list);
    return(scrolled_window);
}


/* add a DCE-RPC page to the notebook */
GtkWidget *
decode_dcerpc_add_page (packet_info *pinfo)
{
    GtkWidget	*page_hb, *info_vb, *label, *scrolled_window;
    GString     *gs = g_string_new("");
    GString     *gs2 = g_string_new("");
    decode_dcerpc_bind_values_t *binding;


    /* clone binding */
    binding = g_malloc(sizeof(decode_dcerpc_bind_values_t));
    COPY_ADDRESS(&binding->addr_a, &pinfo->src);
    COPY_ADDRESS(&binding->addr_b, &pinfo->dst);
    binding->ptype = pinfo->ptype;
    binding->port_a = pinfo->srcport;
    binding->port_b = pinfo->destport;
    binding->ctx_id = pinfo->dcectxid;
    binding->smb_fid = dcerpc_get_transport_salt(pinfo);
    binding->ifname = NULL;
    /*binding->uuid = NULL;*/
    binding->ver = 0;

    /* create page content */
    page_hb = gtk_hbox_new(FALSE, 5);
    g_object_set_data(G_OBJECT(page_hb), E_PAGE_ACTION, decode_dcerpc);
    g_object_set_data(G_OBJECT(page_hb), E_PAGE_TABLE, "DCE-RPC");
    g_object_set_data(G_OBJECT(page_hb), E_PAGE_TITLE, "DCE-RPC");
    g_object_set_data(G_OBJECT(page_hb), E_PAGE_BINDING, binding);
    
    info_vb = gtk_vbox_new(FALSE, 5);
    gtk_box_pack_start(GTK_BOX(page_hb), info_vb, TRUE, TRUE, 0);

    /* Always enabled */
    label = gtk_label_new("Replace binding between:");
    gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0);

    switch(binding->ptype) {
    case(PT_TCP):
        g_string_printf(gs2, "TCP port");
        break;
    case(PT_UDP):
        g_string_printf(gs2, "UDP port");
        break;
    default:
        g_string_printf(gs2, "Unknown port type");
    }

    /* XXX - how to print the address binding->addr_a? */
    g_string_printf(gs, "Address: ToBeDone %s: %u", gs2->str, binding->port_a);
    label = gtk_label_new(gs->str);
    gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0);

    label = gtk_label_new("&");
    gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0);

    /* XXX - how to print the address binding->addr_b? */
    g_string_printf(gs, "Address: ToBeDone %s: %u", gs2->str, binding->port_b);
    label = gtk_label_new(gs->str);
    gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0);

    label = gtk_label_new("&");
    gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0);

    g_string_printf(gs, "Context ID: %u", binding->ctx_id);
    label = gtk_label_new(gs->str);
    gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0);

    label = gtk_label_new("&");
    gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0);
    gtk_widget_set_sensitive(label, binding->smb_fid);

    g_string_printf(gs, "SMB FID: %u", binding->smb_fid);
    label = gtk_label_new(gs->str);
    gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0);
    gtk_widget_set_sensitive(label, binding->smb_fid);

    /* Conditionally enabled - only when decoding packets */
    label = gtk_label_new("with:");
    gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0);

    decode_dimmable = g_slist_prepend(decode_dimmable, label);
    scrolled_window = decode_add_dcerpc_menu(page_hb, "dcerpc" /*table_name*/);
    gtk_box_pack_start(GTK_BOX(page_hb), scrolled_window, TRUE, TRUE, 0);
    decode_dimmable = g_slist_prepend(decode_dimmable, scrolled_window);

    g_string_free(gs, TRUE);

    return(page_hb);
}