2001-07-11 01:25:45 +00:00
|
|
|
/* packet-dcerpc-mgmt.c
|
|
|
|
* Routines for dcerpc mgmt dissection
|
|
|
|
* Copyright 2001, Todd Sabin <tas@webspan.net>
|
2011-09-10 11:04:42 +00:00
|
|
|
* Copyright 2011, Matthieu Patou <mat@matws.net>
|
2001-07-11 01:25:45 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2001-07-11 01:25:45 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
2018-02-12 11:23:27 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
2001-07-11 01:25:45 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include "config.h"
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2001-07-11 01:25:45 +00:00
|
|
|
#include "packet-dcerpc.h"
|
2011-09-10 11:04:42 +00:00
|
|
|
#include "packet-dcerpc-nt.h"
|
2001-07-11 01:25:45 +00:00
|
|
|
|
2014-04-21 16:34:14 +00:00
|
|
|
void proto_register_mgmt (void);
|
|
|
|
void proto_reg_handoff_mgmt (void);
|
2001-07-11 01:25:45 +00:00
|
|
|
|
|
|
|
static int proto_mgmt = -1;
|
2011-09-10 11:04:42 +00:00
|
|
|
static int hf_mgmt_opnum = -1;
|
|
|
|
static int hf_mgmt_proto = -1;
|
|
|
|
static int hf_mgmt_rc = -1;
|
|
|
|
static int hf_mgmt_princ_size = -1;
|
|
|
|
static int hf_mgmt_princ_name = -1;
|
2001-07-11 01:25:45 +00:00
|
|
|
static gint ett_mgmt = -1;
|
|
|
|
|
|
|
|
|
2015-03-03 10:47:53 +00:00
|
|
|
static e_guid_t uuid_mgmt = { 0xafa8bd80, 0x7d8a, 0x11c9, { 0xbe, 0xf4, 0x08, 0x00, 0x2b, 0x10, 0x29, 0x89 } };
|
2001-07-11 01:25:45 +00:00
|
|
|
static guint16 ver_mgmt = 1;
|
|
|
|
|
2011-09-10 11:04:42 +00:00
|
|
|
static int
|
2016-04-15 17:19:33 +00:00
|
|
|
mgmtrpc_dissect_inq_princ_name_response(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
|
2011-09-10 11:04:42 +00:00
|
|
|
{
|
|
|
|
|
2013-11-06 14:31:29 +00:00
|
|
|
offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep,
|
2011-09-10 11:04:42 +00:00
|
|
|
sizeof(guint8), hf_mgmt_princ_name, TRUE, NULL);
|
|
|
|
|
2013-11-06 14:31:29 +00:00
|
|
|
offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_mgmt_rc, NULL);
|
2011-09-10 11:04:42 +00:00
|
|
|
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
static int
|
2016-04-15 17:19:33 +00:00
|
|
|
mgmtrpc_dissect_inq_princ_name_request(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
|
2011-09-10 11:04:42 +00:00
|
|
|
{
|
2013-11-06 14:31:29 +00:00
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_mgmt_proto, NULL);
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_mgmt_princ_size, NULL);
|
2011-09-10 11:04:42 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2001-07-11 01:25:45 +00:00
|
|
|
|
|
|
|
static dcerpc_sub_dissector mgmt_dissectors[] = {
|
2010-05-10 15:54:57 +00:00
|
|
|
{ 0, "rpc__mgmt_inq_if_ids", NULL, NULL },
|
|
|
|
{ 1, "rpc__mgmt_inq_stats", NULL, NULL },
|
|
|
|
{ 2, "rpc__mgmt_is_server_listening", NULL, NULL },
|
|
|
|
{ 3, "rpc__mgmt_stop_server_listening", NULL, NULL },
|
2011-09-10 11:04:42 +00:00
|
|
|
{ 4, "rpc__mgmt_inq_princ_name", mgmtrpc_dissect_inq_princ_name_request, mgmtrpc_dissect_inq_princ_name_response},
|
2010-05-10 15:54:57 +00:00
|
|
|
{ 0, NULL, NULL, NULL }
|
2001-07-11 01:25:45 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_mgmt (void)
|
|
|
|
{
|
|
|
|
static hf_register_info hf[] = {
|
2011-09-10 11:04:42 +00:00
|
|
|
{ &hf_mgmt_opnum,
|
2003-06-26 04:30:31 +00:00
|
|
|
{ "Operation", "mgmt.opnum", FT_UINT16, BASE_DEC,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL }},
|
2011-09-10 11:04:42 +00:00
|
|
|
{ &hf_mgmt_proto,
|
|
|
|
{"Authn Proto", "mgmt.proto", FT_UINT32, BASE_HEX,
|
2014-09-30 23:12:26 +00:00
|
|
|
NULL, 0x0, NULL, HFILL }},
|
2011-09-10 11:04:42 +00:00
|
|
|
{ &hf_mgmt_princ_name,
|
|
|
|
{"Principal name", "mgmt.princ_name", FT_STRING, BASE_NONE,
|
2014-09-30 23:12:26 +00:00
|
|
|
NULL, 0, NULL, HFILL }},
|
2011-09-10 11:04:42 +00:00
|
|
|
{ &hf_mgmt_princ_size,
|
|
|
|
{"Principal size", "mgmt.princ_size", FT_UINT32, BASE_DEC,
|
2014-09-30 23:12:26 +00:00
|
|
|
NULL, 0x0, "Size of principal", HFILL }},
|
2011-09-10 11:04:42 +00:00
|
|
|
{ &hf_mgmt_rc,
|
|
|
|
{"Status", "mgmt.rc", FT_UINT32, BASE_HEX,
|
2014-09-30 23:12:26 +00:00
|
|
|
NULL, 0x0, NULL, HFILL }},
|
2001-07-11 01:25:45 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static gint *ett[] = {
|
2002-05-31 00:31:13 +00:00
|
|
|
&ett_mgmt
|
2001-07-11 01:25:45 +00:00
|
|
|
};
|
|
|
|
proto_mgmt = proto_register_protocol ("DCE/RPC Remote Management", "MGMT", "mgmt");
|
|
|
|
proto_register_field_array (proto_mgmt, hf, array_length (hf));
|
|
|
|
proto_register_subtree_array (ett, array_length (ett));
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_mgmt (void)
|
|
|
|
{
|
|
|
|
/* Register the protocol as dcerpc */
|
2011-09-10 11:04:42 +00:00
|
|
|
dcerpc_init_uuid (proto_mgmt, ett_mgmt, &uuid_mgmt, ver_mgmt, mgmt_dissectors, hf_mgmt_opnum);
|
2001-07-11 01:25:45 +00:00
|
|
|
}
|
2014-09-30 23:12:26 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
|
|
*
|
|
|
|
* Local variables:
|
|
|
|
* c-basic-offset: 8
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: t
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
|
|
* :indentSize=8:tabSize=8:noTabs=false:
|
|
|
|
*/
|