2001-04-19 23:39:27 +00:00
|
|
|
/* packet-dcerpc.h
|
|
|
|
* Copyright 2001, Todd Sabin <tas@webspan.net>
|
2003-07-16 04:20:33 +00:00
|
|
|
* Copyright 2003, Tim Potter <tpot@samba.org>
|
2001-04-19 23:39:27 +00:00
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2001-04-19 23:39:27 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2001-04-19 23:39:27 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-04-19 23:39:27 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-04-19 23:39:27 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-04-19 23:39:27 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2001-04-19 23:39:27 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __PACKET_DCERPC_H__
|
|
|
|
#define __PACKET_DCERPC_H__
|
|
|
|
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/conversation.h>
|
2002-01-03 20:42:41 +00:00
|
|
|
|
2011-07-19 23:02:02 +00:00
|
|
|
/*
|
|
|
|
* Data representation.
|
|
|
|
*/
|
|
|
|
#define DREP_LITTLE_ENDIAN 0x10
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Data representation to integer byte order.
|
|
|
|
*/
|
|
|
|
#define DREP_ENC_INTEGER(drep) \
|
|
|
|
(((drep)[0] & DREP_LITTLE_ENDIAN) ? ENC_LITTLE_ENDIAN : ENC_BIG_ENDIAN)
|
|
|
|
|
2009-06-14 20:57:57 +00:00
|
|
|
#ifdef PT_R4
|
|
|
|
/* now glib always includes signal.h and on linux PPC
|
|
|
|
* signal.h defines PT_R4
|
|
|
|
*/
|
|
|
|
#undef PT_R4
|
|
|
|
#endif
|
|
|
|
|
2001-04-19 23:39:27 +00:00
|
|
|
typedef struct _e_uuid_t {
|
|
|
|
guint32 Data1;
|
|
|
|
guint16 Data2;
|
|
|
|
guint16 Data3;
|
|
|
|
guint8 Data4[8];
|
|
|
|
} e_uuid_t;
|
|
|
|
|
2006-06-29 18:51:30 +00:00
|
|
|
#define DCERPC_UUID_NULL { 0,0,0, {0,0,0,0,0,0,0,0} }
|
|
|
|
|
2002-11-02 22:14:21 +00:00
|
|
|
/* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */
|
|
|
|
#define DCERPC_UUID_STR_LEN 36+1
|
|
|
|
|
2001-12-06 23:30:36 +00:00
|
|
|
typedef struct _e_ctx_hnd {
|
2003-11-21 02:48:11 +00:00
|
|
|
guint32 attributes;
|
2001-12-06 23:30:36 +00:00
|
|
|
e_uuid_t uuid;
|
|
|
|
} e_ctx_hnd;
|
|
|
|
|
2001-04-19 23:39:27 +00:00
|
|
|
typedef struct _e_dce_cn_common_hdr_t {
|
|
|
|
guint8 rpc_ver;
|
|
|
|
guint8 rpc_ver_minor;
|
|
|
|
guint8 ptype;
|
|
|
|
guint8 flags;
|
|
|
|
guint8 drep[4];
|
|
|
|
guint16 frag_len;
|
|
|
|
guint16 auth_len;
|
|
|
|
guint32 call_id;
|
|
|
|
} e_dce_cn_common_hdr_t;
|
|
|
|
|
|
|
|
typedef struct _e_dce_dg_common_hdr_t {
|
|
|
|
guint8 rpc_ver;
|
|
|
|
guint8 ptype;
|
|
|
|
guint8 flags1;
|
|
|
|
guint8 flags2;
|
|
|
|
guint8 drep[3];
|
|
|
|
guint8 serial_hi;
|
|
|
|
e_uuid_t obj_id;
|
|
|
|
e_uuid_t if_id;
|
|
|
|
e_uuid_t act_id;
|
|
|
|
guint32 server_boot;
|
|
|
|
guint32 if_ver;
|
|
|
|
guint32 seqnum;
|
|
|
|
guint16 opnum;
|
|
|
|
guint16 ihint;
|
|
|
|
guint16 ahint;
|
|
|
|
guint16 frag_len;
|
|
|
|
guint16 frag_num;
|
|
|
|
guint8 auth_proto;
|
|
|
|
guint8 serial_lo;
|
|
|
|
} e_dce_dg_common_hdr_t;
|
|
|
|
|
2003-09-26 06:30:13 +00:00
|
|
|
typedef struct _dcerpc_auth_info {
|
|
|
|
guint8 auth_pad_len;
|
|
|
|
guint8 auth_level;
|
|
|
|
guint8 auth_type;
|
|
|
|
guint32 auth_size;
|
|
|
|
tvbuff_t *auth_data;
|
|
|
|
} dcerpc_auth_info;
|
2001-04-19 23:39:27 +00:00
|
|
|
|
2002-06-19 08:34:38 +00:00
|
|
|
#define PDU_REQ 0
|
|
|
|
#define PDU_PING 1
|
|
|
|
#define PDU_RESP 2
|
|
|
|
#define PDU_FAULT 3
|
|
|
|
#define PDU_WORKING 4
|
|
|
|
#define PDU_NOCALL 5
|
|
|
|
#define PDU_REJECT 6
|
|
|
|
#define PDU_ACK 7
|
|
|
|
#define PDU_CL_CANCEL 8
|
|
|
|
#define PDU_FACK 9
|
|
|
|
#define PDU_CANCEL_ACK 10
|
|
|
|
#define PDU_BIND 11
|
|
|
|
#define PDU_BIND_ACK 12
|
|
|
|
#define PDU_BIND_NAK 13
|
|
|
|
#define PDU_ALTER 14
|
|
|
|
#define PDU_ALTER_ACK 15
|
|
|
|
#define PDU_AUTH3 16
|
|
|
|
#define PDU_SHUTDOWN 17
|
|
|
|
#define PDU_CO_CANCEL 18
|
|
|
|
#define PDU_ORPHANED 19
|
2010-12-23 23:50:14 +00:00
|
|
|
#define PDU_RTS 20
|
2002-10-25 01:08:49 +00:00
|
|
|
|
2001-11-27 09:27:29 +00:00
|
|
|
/*
|
|
|
|
* helpers for packet-dcerpc.c and packet-dcerpc-ndr.c
|
|
|
|
* If you're writing a subdissector, you almost certainly want the
|
|
|
|
* NDR functions below.
|
|
|
|
*/
|
2004-01-19 20:10:37 +00:00
|
|
|
guint16 dcerpc_tvb_get_ntohs (tvbuff_t *tvb, gint offset, guint8 *drep);
|
|
|
|
guint32 dcerpc_tvb_get_ntohl (tvbuff_t *tvb, gint offset, guint8 *drep);
|
|
|
|
void dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid);
|
2001-11-27 09:27:29 +00:00
|
|
|
int dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2001-11-27 09:27:29 +00:00
|
|
|
int hfindex, guint8 *pdata);
|
|
|
|
int dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2001-11-27 09:27:29 +00:00
|
|
|
int hfindex, guint16 *pdata);
|
|
|
|
int dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2001-11-27 09:27:29 +00:00
|
|
|
int hfindex, guint32 *pdata);
|
2002-01-29 09:13:28 +00:00
|
|
|
int dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2005-01-29 20:39:14 +00:00
|
|
|
int hfindex, guint64 *pdata);
|
2002-09-03 08:39:16 +00:00
|
|
|
int dissect_dcerpc_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2002-09-03 08:39:16 +00:00
|
|
|
int hfindex, gfloat *pdata);
|
|
|
|
int dissect_dcerpc_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2002-09-03 08:39:16 +00:00
|
|
|
int hfindex, gdouble *pdata);
|
2002-09-26 06:13:08 +00:00
|
|
|
int dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2002-09-26 06:13:08 +00:00
|
|
|
int hfindex, guint32 *pdata);
|
2005-01-12 21:20:50 +00:00
|
|
|
int dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2006-06-29 08:08:36 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2005-01-12 21:20:50 +00:00
|
|
|
int hfindex, e_uuid_t *pdata);
|
|
|
|
|
2001-11-27 09:27:29 +00:00
|
|
|
/*
|
|
|
|
* NDR routines for subdissectors.
|
|
|
|
*/
|
|
|
|
int dissect_ndr_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2001-11-27 09:27:29 +00:00
|
|
|
int hfindex, guint8 *pdata);
|
2007-02-25 01:34:41 +00:00
|
|
|
int PIDL_dissect_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hfindex, guint32 param);
|
2001-11-27 09:27:29 +00:00
|
|
|
int dissect_ndr_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2001-11-27 09:27:29 +00:00
|
|
|
int hfindex, guint16 *pdata);
|
2007-02-25 01:34:41 +00:00
|
|
|
int PIDL_dissect_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hfindex, guint32 param);
|
2001-11-27 09:27:29 +00:00
|
|
|
int dissect_ndr_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2001-11-27 09:27:29 +00:00
|
|
|
int hfindex, guint32 *pdata);
|
2007-02-25 01:34:41 +00:00
|
|
|
int PIDL_dissect_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hfindex, guint32 param);
|
2005-01-28 09:29:49 +00:00
|
|
|
int dissect_ndr_duint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2005-01-29 20:39:14 +00:00
|
|
|
int hfindex, guint64 *pdata);
|
2005-01-28 09:37:47 +00:00
|
|
|
int dissect_ndr_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
|
|
proto_tree *tree, guint8 *drep,
|
|
|
|
int hfindex, guint64 *pdata);
|
2007-02-25 01:34:41 +00:00
|
|
|
int PIDL_dissect_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hfindex, guint32 param);
|
2002-09-03 08:39:16 +00:00
|
|
|
int dissect_ndr_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2002-09-03 08:39:16 +00:00
|
|
|
int hfindex, gfloat *pdata);
|
|
|
|
int dissect_ndr_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2002-09-03 08:39:16 +00:00
|
|
|
int hfindex, gdouble *pdata);
|
2002-09-26 06:13:08 +00:00
|
|
|
int dissect_ndr_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2002-09-26 06:13:08 +00:00
|
|
|
int hfindex, guint32 *pdata);
|
2001-11-27 09:27:29 +00:00
|
|
|
int dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2001-11-27 09:27:29 +00:00
|
|
|
int hfindex, e_uuid_t *pdata);
|
2001-12-06 23:30:36 +00:00
|
|
|
int dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2009-10-03 00:03:48 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
|
|
|
int hfindex, e_ctx_hnd *pdata);
|
2009-10-03 05:23:48 +00:00
|
|
|
|
2009-10-04 04:14:49 +00:00
|
|
|
#define FT_UINT1632 FT_UINT32
|
2009-10-03 05:23:48 +00:00
|
|
|
typedef guint32 guint1632;
|
|
|
|
|
|
|
|
int dissect_ndr_uint1632 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2009-10-03 04:49:04 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2009-10-03 05:23:48 +00:00
|
|
|
int hfindex, guint1632 *pdata);
|
2009-10-03 05:16:51 +00:00
|
|
|
|
|
|
|
typedef guint64 guint3264;
|
|
|
|
|
|
|
|
int dissect_ndr_uint3264 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2009-10-03 00:03:48 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2009-10-03 05:16:51 +00:00
|
|
|
int hfindex, guint3264 *pdata);
|
2001-11-27 09:27:29 +00:00
|
|
|
|
2004-01-19 20:10:37 +00:00
|
|
|
typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
|
2001-07-11 01:25:45 +00:00
|
|
|
|
2003-01-28 06:17:09 +00:00
|
|
|
typedef void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args);
|
|
|
|
|
2002-01-25 08:35:59 +00:00
|
|
|
#define NDR_POINTER_REF 1
|
|
|
|
#define NDR_POINTER_UNIQUE 2
|
|
|
|
#define NDR_POINTER_PTR 3
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2003-01-28 06:17:09 +00:00
|
|
|
int dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2005-07-25 21:08:14 +00:00
|
|
|
dcerpc_dissect_fnct_t *fnct, int type, const char *text,
|
2003-01-28 06:17:09 +00:00
|
|
|
int hf_index, dcerpc_callback_fnct_t *callback,
|
|
|
|
void *callback_args);
|
|
|
|
|
|
|
|
int dissect_ndr_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2005-07-25 21:08:14 +00:00
|
|
|
dcerpc_dissect_fnct_t *fnct, int type, const char *text,
|
2003-01-28 06:17:09 +00:00
|
|
|
int hf_index);
|
2005-03-14 20:51:13 +00:00
|
|
|
int dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, guint8 *drep);
|
|
|
|
int dissect_ndr_embedded_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
|
|
proto_tree *tree, guint8 *drep,
|
2005-07-26 08:01:16 +00:00
|
|
|
dcerpc_dissect_fnct_t *fnct, int type, const char *text,
|
2005-03-14 20:51:13 +00:00
|
|
|
int hf_index);
|
|
|
|
int dissect_ndr_toplevel_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
|
|
proto_tree *tree, guint8 *drep,
|
2005-07-26 08:01:16 +00:00
|
|
|
dcerpc_dissect_fnct_t *fnct, int type, const char *text,
|
2005-03-14 20:51:13 +00:00
|
|
|
int hf_index);
|
2002-01-25 08:35:59 +00:00
|
|
|
|
|
|
|
/* dissect a NDR unidimensional conformant array */
|
|
|
|
int dissect_ndr_ucarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2002-01-25 08:35:59 +00:00
|
|
|
dcerpc_dissect_fnct_t *fnct);
|
|
|
|
|
2002-01-29 09:13:28 +00:00
|
|
|
/* dissect a NDR unidimensional conformant and varying array */
|
|
|
|
int dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep,
|
2002-01-29 09:13:28 +00:00
|
|
|
dcerpc_dissect_fnct_t *fnct);
|
|
|
|
|
2005-02-14 19:43:34 +00:00
|
|
|
/* dissect a NDR unidimensional varying array */
|
|
|
|
int dissect_ndr_uvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
|
|
proto_tree *tree, guint8 *drep,
|
|
|
|
dcerpc_dissect_fnct_t *fnct);
|
|
|
|
|
2003-02-07 08:56:12 +00:00
|
|
|
int dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep);
|
2003-02-07 08:56:12 +00:00
|
|
|
|
2003-02-07 22:44:54 +00:00
|
|
|
int dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep, int size_is,
|
2003-02-10 02:06:28 +00:00
|
|
|
int hfinfo, gboolean add_subtree,
|
|
|
|
char **data);
|
2003-02-07 22:44:54 +00:00
|
|
|
int dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep);
|
2003-02-07 22:44:54 +00:00
|
|
|
int dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep);
|
2007-05-08 00:04:51 +00:00
|
|
|
int PIDL_dissect_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int chsize, int hfindex, guint32 param);
|
2007-02-27 09:37:48 +00:00
|
|
|
|
2005-02-04 04:02:36 +00:00
|
|
|
int dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
|
|
proto_tree *tree, guint8 *drep, int size_is,
|
|
|
|
int hfinfo, gboolean add_subtree,
|
|
|
|
char **data);
|
|
|
|
int dissect_ndr_char_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
|
|
proto_tree *tree, guint8 *drep);
|
|
|
|
int dissect_ndr_wchar_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
|
|
proto_tree *tree, guint8 *drep);
|
2002-01-25 08:35:59 +00:00
|
|
|
|
2001-07-11 01:25:45 +00:00
|
|
|
typedef struct _dcerpc_sub_dissector {
|
|
|
|
guint16 num;
|
2005-07-23 11:41:25 +00:00
|
|
|
const gchar *name;
|
2001-07-11 01:25:45 +00:00
|
|
|
dcerpc_dissect_fnct_t *dissect_rqst;
|
|
|
|
dcerpc_dissect_fnct_t *dissect_resp;
|
|
|
|
} dcerpc_sub_dissector;
|
|
|
|
|
|
|
|
/* registration function for subdissectors */
|
2002-06-24 00:03:18 +00:00
|
|
|
void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs, int opnum_hf);
|
2005-07-24 19:01:28 +00:00
|
|
|
const char *dcerpc_get_proto_name(e_uuid_t *uuid, guint16 ver);
|
2003-10-10 11:11:37 +00:00
|
|
|
int dcerpc_get_proto_hf_opnum(e_uuid_t *uuid, guint16 ver);
|
2002-10-23 03:49:13 +00:00
|
|
|
dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver);
|
|
|
|
|
2003-06-26 04:30:31 +00:00
|
|
|
/* Create a opnum, name value_string from a subdissector list */
|
|
|
|
|
2003-08-04 02:49:04 +00:00
|
|
|
value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd);
|
2001-04-19 23:39:27 +00:00
|
|
|
|
2006-09-13 08:30:16 +00:00
|
|
|
/* Private data passed to subdissectors from the main DCERPC dissector.
|
|
|
|
* One unique instance of this structure is created for each
|
|
|
|
* DCERPC request/response transaction when we see the initial request
|
|
|
|
* of the transaction.
|
|
|
|
* These instances are persistent and will remain available until the
|
|
|
|
* capture file is closed and a new one is read.
|
|
|
|
*
|
|
|
|
* For transactions where we never saw the request (missing from the trace)
|
|
|
|
* the dcerpc runtime will create a temporary "fake" such structure to pass
|
|
|
|
* to the response dissector. These fake structures are not persistent
|
|
|
|
* and can not be used to keep data hanging around.
|
|
|
|
*/
|
2002-01-23 05:38:32 +00:00
|
|
|
typedef struct _dcerpc_call_value {
|
2006-06-29 18:51:30 +00:00
|
|
|
e_uuid_t uuid; /* interface UUID */
|
|
|
|
guint16 ver; /* interface version */
|
|
|
|
e_uuid_t object_uuid; /* optional object UUID (or DCERPC_UUID_NULL) */
|
2002-01-23 05:38:32 +00:00
|
|
|
guint16 opnum;
|
2002-04-22 09:43:03 +00:00
|
|
|
guint32 req_frame;
|
2002-10-22 00:59:25 +00:00
|
|
|
nstime_t req_time;
|
2002-04-22 09:43:03 +00:00
|
|
|
guint32 rep_frame;
|
2002-01-25 08:35:59 +00:00
|
|
|
guint32 max_ptr;
|
2006-09-13 08:30:16 +00:00
|
|
|
void *se_data; /* This holds any data with se allocation scope
|
|
|
|
* that we might want to keep
|
|
|
|
* for this request/response transaction.
|
|
|
|
* The pointer is initialized to NULL and must be
|
|
|
|
* checked before being dereferenced.
|
|
|
|
* This is useful for such things as when we
|
|
|
|
* need to pass persistent data from the request
|
|
|
|
* to the reply, such as LSA/OpenPolicy2() that
|
|
|
|
* uses this to pass the domain name from the
|
|
|
|
* request to the reply.
|
|
|
|
*/
|
|
|
|
void *private_data; /* XXX This will later be renamed as ep_data */
|
2007-08-28 11:45:08 +00:00
|
|
|
e_ctx_hnd *pol; /* policy handle tracked between request/response*/
|
2009-10-01 08:55:25 +00:00
|
|
|
#define DCERPC_IS_NDR64 0x00000001
|
|
|
|
guint32 flags; /* flags for this transaction */
|
2002-01-23 05:38:32 +00:00
|
|
|
} dcerpc_call_value;
|
2002-01-03 20:42:41 +00:00
|
|
|
|
|
|
|
typedef struct _dcerpc_info {
|
|
|
|
conversation_t *conv; /* Which TCP stream we are in */
|
|
|
|
guint32 call_id; /* Context id for this call */
|
|
|
|
guint16 smb_fid; /* FID for DCERPC over SMB */
|
2009-10-01 08:55:25 +00:00
|
|
|
guint8 ptype; /* packet type: PDU_REQ, PDU_RESP, ... */
|
2002-01-29 09:13:28 +00:00
|
|
|
gboolean conformant_run;
|
2010-01-20 06:02:42 +00:00
|
|
|
gboolean no_align; /* are data aligned? (default yes) */
|
2002-05-07 10:07:55 +00:00
|
|
|
gint32 conformant_eaten; /* how many bytes did the conformant run eat?*/
|
2002-01-29 09:13:28 +00:00
|
|
|
guint32 array_max_count; /* max_count for conformant arrays */
|
2002-08-28 21:04:11 +00:00
|
|
|
guint32 array_max_count_offset;
|
2002-01-29 09:13:28 +00:00
|
|
|
guint32 array_offset;
|
2002-02-11 08:19:09 +00:00
|
|
|
guint32 array_offset_offset;
|
2002-08-28 21:04:11 +00:00
|
|
|
guint32 array_actual_count;
|
|
|
|
guint32 array_actual_count_offset;
|
2002-01-25 08:35:59 +00:00
|
|
|
int hf_index;
|
2002-01-23 05:38:32 +00:00
|
|
|
dcerpc_call_value *call_data;
|
2002-05-10 02:30:22 +00:00
|
|
|
void *private_data;
|
2002-01-03 20:42:41 +00:00
|
|
|
} dcerpc_info;
|
|
|
|
|
2002-10-25 01:08:49 +00:00
|
|
|
|
2004-09-07 16:19:56 +00:00
|
|
|
/* the init_protocol hooks. With MSVC and a
|
2006-05-21 04:49:01 +00:00
|
|
|
* libwireshark.dll, we need a special declaration.
|
2004-09-07 16:19:56 +00:00
|
|
|
*/
|
2006-06-20 18:30:54 +00:00
|
|
|
WS_VAR_IMPORT GHookList dcerpc_hooks_init_protos;
|
2004-09-07 16:19:56 +00:00
|
|
|
|
2004-05-09 10:03:41 +00:00
|
|
|
/* the registered subdissectors. With MSVC and a
|
2006-05-21 04:49:01 +00:00
|
|
|
* libwireshark.dll, we need a special declaration.
|
2004-05-09 10:03:41 +00:00
|
|
|
*/
|
2006-06-20 18:30:54 +00:00
|
|
|
WS_VAR_IMPORT GHashTable *dcerpc_uuids;
|
2002-10-25 01:08:49 +00:00
|
|
|
|
|
|
|
typedef struct _dcerpc_uuid_key {
|
|
|
|
e_uuid_t uuid;
|
|
|
|
guint16 ver;
|
|
|
|
} dcerpc_uuid_key;
|
|
|
|
|
|
|
|
typedef struct _dcerpc_uuid_value {
|
2003-11-16 23:17:27 +00:00
|
|
|
protocol_t *proto;
|
|
|
|
int proto_id;
|
2002-10-25 01:08:49 +00:00
|
|
|
int ett;
|
2005-07-24 19:01:28 +00:00
|
|
|
const gchar *name;
|
2002-10-25 01:08:49 +00:00
|
|
|
dcerpc_sub_dissector *procs;
|
|
|
|
int opnum_hf;
|
|
|
|
} dcerpc_uuid_value;
|
|
|
|
|
2003-07-16 04:20:33 +00:00
|
|
|
/* Authenticated pipe registration functions and miscellanea */
|
|
|
|
|
2005-03-10 08:50:18 +00:00
|
|
|
typedef tvbuff_t *(dcerpc_decode_data_fnct_t)(tvbuff_t *data_tvb,
|
|
|
|
tvbuff_t *auth_tvb,
|
|
|
|
int offset,
|
2003-09-26 06:30:13 +00:00
|
|
|
packet_info *pinfo,
|
|
|
|
dcerpc_auth_info *auth_info);
|
|
|
|
|
|
|
|
typedef struct _dcerpc_auth_subdissector_fns {
|
|
|
|
|
|
|
|
/* Dissect credentials and verifiers */
|
|
|
|
|
2003-07-16 04:20:33 +00:00
|
|
|
dcerpc_dissect_fnct_t *bind_fn;
|
|
|
|
dcerpc_dissect_fnct_t *bind_ack_fn;
|
|
|
|
dcerpc_dissect_fnct_t *auth3_fn;
|
|
|
|
dcerpc_dissect_fnct_t *req_verf_fn;
|
|
|
|
dcerpc_dissect_fnct_t *resp_verf_fn;
|
2003-09-26 06:30:13 +00:00
|
|
|
|
|
|
|
/* Decrypt encrypted requests/response PDUs */
|
|
|
|
|
|
|
|
dcerpc_decode_data_fnct_t *req_data_fn;
|
|
|
|
dcerpc_decode_data_fnct_t *resp_data_fn;
|
|
|
|
|
2003-07-16 04:20:33 +00:00
|
|
|
} dcerpc_auth_subdissector_fns;
|
|
|
|
|
|
|
|
void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type,
|
|
|
|
dcerpc_auth_subdissector_fns *fns);
|
|
|
|
|
2004-09-07 16:19:56 +00:00
|
|
|
/* all values needed to (re-)build a dcerpc binding */
|
|
|
|
typedef struct decode_dcerpc_bind_values_s {
|
|
|
|
/* values of a typical conversation */
|
|
|
|
address addr_a;
|
|
|
|
address addr_b;
|
|
|
|
port_type ptype;
|
|
|
|
guint32 port_a;
|
|
|
|
guint32 port_b;
|
|
|
|
/* dcerpc conversation specific */
|
|
|
|
guint16 ctx_id;
|
|
|
|
guint16 smb_fid;
|
|
|
|
/* corresponding "interface" */
|
|
|
|
GString *ifname;
|
|
|
|
e_uuid_t uuid;
|
|
|
|
guint16 ver;
|
|
|
|
} decode_dcerpc_bind_values_t;
|
|
|
|
|
2004-09-04 11:35:26 +00:00
|
|
|
/* Helper for "decode as" dialog to set up a UUID/conversation binding. */
|
|
|
|
struct _dcerpc_bind_value *
|
2004-09-07 16:19:56 +00:00
|
|
|
dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding);
|
|
|
|
|
|
|
|
guint16
|
2005-02-25 10:30:21 +00:00
|
|
|
dcerpc_get_transport_salt (packet_info *pinfo);
|
2004-09-04 11:35:26 +00:00
|
|
|
|
2003-07-16 04:20:33 +00:00
|
|
|
/* Authentication services */
|
|
|
|
|
2004-07-18 03:46:34 +00:00
|
|
|
/*
|
|
|
|
* For MS-specific SSPs (Security Service Provider), see
|
|
|
|
*
|
|
|
|
* http://msdn.microsoft.com/library/en-us/rpc/rpc/authentication_level_constants.asp
|
|
|
|
*/
|
|
|
|
|
2003-07-16 04:20:33 +00:00
|
|
|
#define DCE_C_RPC_AUTHN_PROTOCOL_NONE 0
|
|
|
|
#define DCE_C_RPC_AUTHN_PROTOCOL_KRB5 1
|
|
|
|
#define DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO 9
|
|
|
|
#define DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP 10
|
2004-07-18 03:46:34 +00:00
|
|
|
#define DCE_C_RPC_AUTHN_PROTOCOL_GSS_SCHANNEL 14
|
|
|
|
#define DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS 16
|
|
|
|
#define DCE_C_RPC_AUTHN_PROTOCOL_DPA 17
|
|
|
|
#define DCE_C_RPC_AUTHN_PROTOCOL_MSN 18
|
|
|
|
#define DCE_C_RPC_AUTHN_PROTOCOL_DIGEST 21
|
2003-07-16 04:20:33 +00:00
|
|
|
#define DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN 68
|
2004-07-18 03:46:34 +00:00
|
|
|
#define DCE_C_RPC_AUTHN_PROTOCOL_MQ 100
|
2003-07-16 04:20:33 +00:00
|
|
|
|
|
|
|
/* Protection levels */
|
|
|
|
|
|
|
|
#define DCE_C_AUTHN_LEVEL_NONE 1
|
|
|
|
#define DCE_C_AUTHN_LEVEL_CONNECT 2
|
|
|
|
#define DCE_C_AUTHN_LEVEL_CALL 3
|
|
|
|
#define DCE_C_AUTHN_LEVEL_PKT 4
|
|
|
|
#define DCE_C_AUTHN_LEVEL_PKT_INTEGRITY 5
|
|
|
|
#define DCE_C_AUTHN_LEVEL_PKT_PRIVACY 6
|
|
|
|
|
2004-03-05 23:09:32 +00:00
|
|
|
void
|
|
|
|
init_ndr_pointer_list(packet_info *pinfo);
|
|
|
|
|
2007-02-25 01:47:43 +00:00
|
|
|
|
|
|
|
|
|
|
|
/* These defines are used in the PIDL conformance files when using
|
|
|
|
* the PARAM_VALUE directive.
|
|
|
|
*/
|
|
|
|
/* Policy handle tracking. Describes in which function a handle is
|
|
|
|
* opened/closed. See "winreg.cnf" for example.
|
2007-08-28 11:45:08 +00:00
|
|
|
*
|
|
|
|
* The guint32 param is divided up into multiple fields
|
|
|
|
*
|
|
|
|
* +--------+--------+--------+--------+
|
|
|
|
* | Flags | Type | | |
|
|
|
|
* +--------+--------+--------+--------+
|
2007-02-25 01:47:43 +00:00
|
|
|
*/
|
2007-08-28 11:45:08 +00:00
|
|
|
/* Flags : */
|
2007-02-25 01:47:43 +00:00
|
|
|
#define PIDL_POLHND_OPEN 0x80000000
|
|
|
|
#define PIDL_POLHND_CLOSE 0x40000000
|
2007-02-27 09:37:48 +00:00
|
|
|
/* To "save" a pointer to the string in dcv->private_data */
|
2007-08-28 11:45:08 +00:00
|
|
|
#define PIDL_STR_SAVE 0x20000000
|
2007-02-25 11:48:06 +00:00
|
|
|
/* To make this value appear on the summary line for the packet */
|
2007-08-28 11:45:08 +00:00
|
|
|
#define PIDL_SET_COL_INFO 0x10000000
|
|
|
|
|
|
|
|
/* Type */
|
|
|
|
#define PIDL_POLHND_TYPE_MASK 0x00ff0000
|
|
|
|
#define PIDL_POLHND_TYPE_SAMR_USER 0x00010000
|
|
|
|
#define PIDL_POLHND_TYPE_SAMR_CONNECT 0x00020000
|
|
|
|
#define PIDL_POLHND_TYPE_SAMR_DOMAIN 0x00030000
|
|
|
|
#define PIDL_POLHND_TYPE_SAMR_GROUP 0x00040000
|
|
|
|
#define PIDL_POLHND_TYPE_SAMR_ALIAS 0x00050000
|
|
|
|
|
2008-10-01 00:47:05 +00:00
|
|
|
#define PIDL_POLHND_TYPE_LSA_POLICY 0x00060000
|
|
|
|
#define PIDL_POLHND_TYPE_LSA_ACCOUNT 0x00070000
|
|
|
|
#define PIDL_POLHND_TYPE_LSA_SECRET 0x00080000
|
|
|
|
#define PIDL_POLHND_TYPE_LSA_DOMAIN 0x00090000
|
2007-08-28 11:45:08 +00:00
|
|
|
|
|
|
|
/* a structure we store for all policy handles we track */
|
|
|
|
typedef struct pol_value {
|
|
|
|
struct pol_value *next; /* Next entry in hash bucket */
|
|
|
|
guint32 open_frame, close_frame; /* Frame numbers for open/close */
|
|
|
|
guint32 first_frame; /* First frame in which this instance was seen */
|
|
|
|
guint32 last_frame; /* Last frame in which this instance was seen */
|
|
|
|
char *name; /* Name of policy handle */
|
|
|
|
guint32 type; /* policy handle type */
|
|
|
|
} pol_value;
|
|
|
|
|
|
|
|
|
2008-02-08 09:20:02 +00:00
|
|
|
extern int hf_dcerpc_drep_byteorder;
|
2007-02-25 01:47:43 +00:00
|
|
|
|
2001-04-19 23:39:27 +00:00
|
|
|
#endif /* packet-dcerpc.h */
|