osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Support for DCE RPC atop SMB, and support for several Microsoft DCE RPC 

services used with SMB, from Tim Potter.

svn path=/trunk/; revision=4194
This commit is contained in:
Guy Harris 2001-11-12 08:58:45 +00:00
parent 0b0116e207
commit 6ff9b3366e
22 changed files with 1294 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
AUTHORS
View File

@ -889,6 +889,11 @@ Kazushi Sugyo <k-sugyou[AT]nwsl.mesh.ad.jp> {
Fix to code to scan the SIOCGIFCONF list
}
Tim Potter <tpot[AT]samba.org> {
Support for DCE RPC atop SMB
Support for several Microsoft DCE RPC services used with SMB
}
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
give his permission to use his version of snprintf.c.

10
Makefile.am
View File

@ -1,7 +1,7 @@
# Makefile.am
# Automake file for Ethereal
#
# $Id: Makefile.am,v 1.378 2001/11/09 07:44:47 guy Exp $
# $Id: Makefile.am,v 1.379 2001/11/12 08:58:43 guy Exp $
#
# Ethereal - Network traffic analyzer
# By Gerald Combs <gerald@ethereal.com>
@ -178,6 +178,14 @@ DISSECTOR_SRC = \
packet-msdp.c \
packet-msnip.c \
packet-msproxy.c \
packet-msrpc-dfs.c \
packet-msrpc-lsa.c \
packet-msrpc-netlogon.c \
packet-msrpc-reg.c \
packet-msrpc-samr.c \
packet-msrpc-spoolss.c \
packet-msrpc-srvsvc.c \
packet-msrpc-wkssvc.c \
packet-mtp3.c \
packet-nbipx.c \
packet-nbns.c \

12
Makefile.nmake
View File

@ -1,7 +1,7 @@
## Makefile for building ethereal.exe with Microsoft C and nmake
## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
#
# $Id: Makefile.nmake,v 1.140 2001/11/09 09:22:06 guy Exp $
# $Id: Makefile.nmake,v 1.141 2001/11/12 08:58:43 guy Exp $
include config.nmake
include <win32.mak>
@ -59,8 +59,8 @@ DISSECTOR_SRC = \
packet-dns.c \
packet-dsi.c \
packet-dvmrp.c \
packet-eapol.c \
packet-eap.c \
packet-eapol.c \
packet-eigrp.c \
packet-esis.c \
packet-eth.c \
@ -129,6 +129,14 @@ DISSECTOR_SRC = \
packet-msdp.c \
packet-msnip.c \
packet-msproxy.c \
packet-msrpc-dfs.c \
packet-msrpc-lsa.c \
packet-msrpc-netlogon.c \
packet-msrpc-reg.c \
packet-msrpc-samr.c \
packet-msrpc-spoolss.c \
packet-msrpc-srvsvc.c \
packet-msrpc-wkssvc.c \
packet-mtp3.c \
packet-nbipx.c \
packet-nbns.c \

1
doc/ethereal.pod.template
View File

@ -1215,6 +1215,7 @@ B<http://www.ethereal.com>.
Pekka Nikander <pekka.nikander[AT]nomadiclab.com>
Hamish Moffatt <hamish[AT]cloud.net.au>
Kazushi Sugyo <k-sugyou[AT]nwsl.mesh.ad.jp>
Tim Potter <tpot[AT]samba.org>
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to give his
permission to use his version of snprintf.c.

3
packet-dcerpc.c
View File

@ -2,7 +2,7 @@
* Routines for DCERPC packet disassembly
* Copyright 2001, Todd Sabin <tas@webspan.net>
*
* $Id: packet-dcerpc.c,v 1.12 2001/10/05 20:25:41 guy Exp $
* $Id: packet-dcerpc.c,v 1.13 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -1440,4 +1440,5 @@ proto_reg_handoff_dcerpc (void)
heur_dissector_add ("tcp", dissect_dcerpc_cn, proto_dcerpc);
heur_dissector_add ("netbios", dissect_dcerpc_cn, proto_dcerpc);
heur_dissector_add ("udp", dissect_dcerpc_dg, proto_dcerpc);
heur_dissector_add ("msrpc", dissect_dcerpc_cn, proto_dcerpc);
}

75
packet-msrpc-dfs.c Normal file
View File

@ -0,0 +1,75 @@
/* packet-msrpc-dfs.c
* Routines for SMB \\PIPE\\netdfs packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-dfs.c,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <glib.h>
#include "packet.h"
#include "packet-dcerpc.h"
#include "packet-msrpc-dfs.h"
static int proto_msrpc_dfs = -1;
static gint ett_msrpc_dfs = -1;
static e_uuid_t uuid_msrpc_dfs = {
0x4fc742e0, 0x4a10, 0x11cf,
{ 0x82, 0x73, 0x00, 0xaa, 0x00, 0x4a, 0xe6, 0x73 }
};
static guint16 ver_msrpc_dfs = 3;
static dcerpc_sub_dissector msrpc_dfs_dissectors[] = {
{ DFS_EXIST, "DFS_EXIST", NULL, NULL },
{ DFS_ADD, "DFS_ADD", NULL, NULL },
{ DFS_REMOVE, "DFS_REMOVE", NULL, NULL },
{ DFS_GET_INFO, "DFS_GET_INFO", NULL, NULL },
{ DFS_ENUM, "DFS_ENUM", NULL, NULL },
{0, NULL, NULL, NULL },
};
void
proto_register_msrpc_dfs(void)
{
static gint *ett[] = {
&ett_msrpc_dfs,
};
proto_msrpc_dfs = proto_register_protocol(
"Microsoft Distributed File System", "DFS", "dfs");
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_msrpc_dfs(void)
{
/* Register protocol as dcerpc */
dcerpc_init_uuid(proto_msrpc_dfs, ett_msrpc_dfs, &uuid_msrpc_dfs,
ver_msrpc_dfs, msrpc_dfs_dissectors);
}

37
packet-msrpc-dfs.h Normal file
View File

@ -0,0 +1,37 @@
/* packet-msrpc-dfs.h
* Routines for SMB \\PIPE\\netdfs packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-dfs.h,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PACKET_MSRPC_DFS_H
#define __PACKET_MSRPC_DFS_H
/* Functions available on the NETDFS pipe. From Samba, include/rpc_dfs.h */
#define DFS_EXIST 0x00
#define DFS_ADD 0x01
#define DFS_REMOVE 0x02
#define DFS_GET_INFO 0x04
#define DFS_ENUM 0x05
#endif /* packet-msrpc-dfs.h */

116
packet-msrpc-lsa.c Normal file
View File

@ -0,0 +1,116 @@
/* packet-msrpc-lsa.c
* Routines for SMB \\PIPE\\lsarpc packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-lsa.c,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <glib.h>
#include "packet.h"
#include "packet-dcerpc.h"
#include "packet-msrpc-lsa.h"
static int proto_msrpc_lsa = -1;
static gint ett_msrpc_lsa = -1;
static e_uuid_t uuid_msrpc_lsa = {
0x12345778, 0x1234, 0xabcd,
{ 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
};
static guint16 ver_msrpc_lsa = 0;
static dcerpc_sub_dissector msrpc_lsa_dissectors[] = {
{ LSA_CLOSE, "LSA_CLOSE", NULL, NULL },
{ LSA_DELETE, "LSA_DELETE", NULL, NULL },
{ LSA_ENUM_PRIVS, "LSA_ENUM_PRIVS", NULL, NULL },
{ LSA_QUERYSECOBJ, "LSA_QUERYSECOBJ", NULL, NULL },
{ LSA_SETSECOBJ, "LSA_SETSECOBJ", NULL, NULL },
{ LSA_CHANGEPASSWORD, "LSA_CHANGEPASSWORD", NULL, NULL },
{ LSA_OPENPOLICY, "LSA_OPENPOLICY", NULL, NULL },
{ LSA_QUERYINFOPOLICY, "LSA_QUERYINFOPOLICY", NULL, NULL },
{ LSA_SETINFOPOLICY, "LSA_SETINFOPOLICY", NULL, NULL },
{ LSA_CLEARAUDITLOG, "LSA_CLEARAUDITLOG", NULL, NULL },
{ LSA_CREATEACCOUNT, "LSA_CREATEACCOUNT", NULL, NULL },
{ LSA_ENUM_ACCOUNTS, "LSA_ENUM_ACCOUNTS", NULL, NULL },
{ LSA_CREATETRUSTDOM, "LSA_CREATETRUSTDOM", NULL, NULL },
{ LSA_ENUMTRUSTDOM, "LSA_ENUMTRUSTDOM", NULL, NULL },
{ LSA_LOOKUPNAMES, "LSA_LOOKUPNAMES", NULL, NULL },
{ LSA_LOOKUPSIDS, "LSA_LOOKUPSIDS", NULL, NULL },
{ LSA_CREATESECRET, "LSA_CREATESECRET", NULL, NULL },
{ LSA_OPENACCOUNT, "LSA_OPENACCOUNT", NULL, NULL },
{ LSA_ENUMPRIVSACCOUNT, "LSA_ENUMPRIVSACCOUNT", NULL, NULL },
{ LSA_ADDPRIVS, "LSA_ADDPRIVS", NULL, NULL },
{ LSA_REMOVEPRIVS, "LSA_REMOVEPRIVS", NULL, NULL },
{ LSA_GETQUOTAS, "LSA_GETQUOTAS", NULL, NULL },
{ LSA_SETQUOTAS, "LSA_SETQUOTAS", NULL, NULL },
{ LSA_GETSYSTEMACCOUNT, "LSA_GETSYSTEMACCOUNT", NULL, NULL },
{ LSA_SETSYSTEMACCOUNT, "LSA_SETSYSTEMACCOUNT", NULL, NULL },
{ LSA_OPENTRUSTDOM, "LSA_OPENTRUSTDOM", NULL, NULL },
{ LSA_QUERYTRUSTDOM, "LSA_QUERYTRUSTDOM", NULL, NULL },
{ LSA_SETINFOTRUSTDOM, "LSA_SETINFOTRUSTDOM", NULL, NULL },
{ LSA_OPENSECRET, "LSA_OPENSECRET", NULL, NULL },
{ LSA_SETSECRET, "LSA_SETSECRET", NULL, NULL },
{ LSA_QUERYSECRET, "LSA_QUERYSECRET", NULL, NULL },
{ LSA_LOOKUPPRIVVALUE, "LSA_LOOKUPPRIVVALUE", NULL, NULL },
{ LSA_LOOKUPPRIVNAME, "LSA_LOOKUPPRIVNAME", NULL, NULL },
{ LSA_PRIV_GET_DISPNAME, "LSA_PRIV_GET_DISPNAME", NULL, NULL },
{ LSA_DELETEOBJECT, "LSA_DELETEOBJECT", NULL, NULL },
{ LSA_ENUMACCTWITHRIGHT, "LSA_ENUMACCTWITHRIGHT", NULL, NULL },
{ LSA_ENUMACCTRIGHTS, "LSA_ENUMACCTRIGHTS", NULL, NULL },
{ LSA_ADDACCTRIGHTS, "LSA_ADDACCTRIGHTS", NULL, NULL },
{ LSA_REMOVEACCTRIGHTS, "LSA_REMOVEACCTRIGHTS", NULL, NULL },
{ LSA_QUERYTRUSTDOMINFO, "LSA_QUERYTRUSTDOMINFO", NULL, NULL },
{ LSA_SETTRUSTDOMINFO, "LSA_SETTRUSTDOMINFO", NULL, NULL },
{ LSA_DELETETRUSTDOM, "LSA_DELETETRUSTDOM", NULL, NULL },
{ LSA_STOREPRIVDATA, "LSA_STOREPRIVDATA", NULL, NULL },
{ LSA_RETRPRIVDATA, "LSA_RETRPRIVDATA", NULL, NULL },
{ LSA_OPENPOLICY2, "LSA_OPENPOLICY2", NULL, NULL },
{ LSA_UNK_GET_CONNUSER, "LSA_UNK_GET_CONNUSER", NULL, NULL },
{0, NULL, NULL, NULL },
};
void
proto_register_msrpc_lsa(void)
{
static gint *ett[] = {
&ett_msrpc_lsa,
};
proto_msrpc_lsa = proto_register_protocol(
"Microsoft Local Security Architecture", "LSA", "lsa");
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_msrpc_lsa(void)
{
/* Register protocol as dcerpc */
dcerpc_init_uuid(proto_msrpc_lsa, ett_msrpc_lsa, &uuid_msrpc_lsa,
ver_msrpc_lsa, msrpc_lsa_dissectors);
}

78
packet-msrpc-lsa.h Normal file
View File

@ -0,0 +1,78 @@
/* packet-msrpc-lsa.h
* Routines for SMB \\PIPE\\lsarpc packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-lsa.h,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PACKET_MSRPC_LSA_H
#define __PACKET_MSRPC_LSA_H
/* Functions available on the LSA pipe. From Samba, include/rpc_lsa.h */
#define LSA_CLOSE 0x00
#define LSA_DELETE 0x01
#define LSA_ENUM_PRIVS 0x02
#define LSA_QUERYSECOBJ 0x03
#define LSA_SETSECOBJ 0x04
#define LSA_CHANGEPASSWORD 0x05
#define LSA_OPENPOLICY 0x06
#define LSA_QUERYINFOPOLICY 0x07
#define LSA_SETINFOPOLICY 0x08
#define LSA_CLEARAUDITLOG 0x09
#define LSA_CREATEACCOUNT 0x0a
#define LSA_ENUM_ACCOUNTS 0x0b
#define LSA_CREATETRUSTDOM 0x0c
#define LSA_ENUMTRUSTDOM 0x0d
#define LSA_LOOKUPNAMES 0x0e
#define LSA_LOOKUPSIDS 0x0f
#define LSA_CREATESECRET 0x10
#define LSA_OPENACCOUNT 0x11
#define LSA_ENUMPRIVSACCOUNT 0x12
#define LSA_ADDPRIVS 0x13
#define LSA_REMOVEPRIVS 0x14
#define LSA_GETQUOTAS 0x15
#define LSA_SETQUOTAS 0x16
#define LSA_GETSYSTEMACCOUNT 0x17
#define LSA_SETSYSTEMACCOUNT 0x18
#define LSA_OPENTRUSTDOM 0x19
#define LSA_QUERYTRUSTDOM 0x1a
#define LSA_SETINFOTRUSTDOM 0x1b
#define LSA_OPENSECRET 0x1c
#define LSA_SETSECRET 0x1d
#define LSA_QUERYSECRET 0x1e
#define LSA_LOOKUPPRIVVALUE 0x1f
#define LSA_LOOKUPPRIVNAME 0x20
#define LSA_PRIV_GET_DISPNAME 0x21
#define LSA_DELETEOBJECT 0x22
#define LSA_ENUMACCTWITHRIGHT 0x23
#define LSA_ENUMACCTRIGHTS 0x24
#define LSA_ADDACCTRIGHTS 0x25
#define LSA_REMOVEACCTRIGHTS 0x26
#define LSA_QUERYTRUSTDOMINFO 0x27
#define LSA_SETTRUSTDOMINFO 0x28
#define LSA_DELETETRUSTDOM 0x29
#define LSA_STOREPRIVDATA 0x2a
#define LSA_RETRPRIVDATA 0x2b
#define LSA_OPENPOLICY2 0x2c
#define LSA_UNK_GET_CONNUSER 0x2d
#endif /* packet-msrpc-lsa.h */

82
packet-msrpc-netlogon.c Normal file
View File

@ -0,0 +1,82 @@
/* packet-msrpc-netlogon.c
* Routines for SMB \\PIPE\\NETLOGON packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-netlogon.c,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <glib.h>
#include "packet.h"
#include "packet-dcerpc.h"
#include "packet-msrpc-netlogon.h"
static int proto_msrpc_netlogon = -1;
static gint ett_msrpc_netlogon = -1;
static e_uuid_t uuid_msrpc_netlogon = {
0x12345678, 0x1234, 0xabcd,
{ 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0xcf, 0xfb }
};
static guint16 ver_msrpc_netlogon = 1;
static dcerpc_sub_dissector msrpc_netlogon_dissectors[] = {
{ NET_SAMLOGON, "NET_SAMLOGON", NULL, NULL },
{ NET_SAMLOGOFF, "NET_SAMLOGOFF", NULL, NULL },
{ NET_REQCHAL, "NET_REQCHAL", NULL, NULL },
{ NET_AUTH, "NET_AUTH", NULL, NULL },
{ NET_SRVPWSET, "NET_SRVPWSET", NULL, NULL },
{ NET_SAM_DELTAS, "NET_SAM_DELTAS", NULL, NULL },
{ NET_LOGON_CTRL, "NET_LOGON_CTRL", NULL, NULL },
{ NET_AUTH2, "NET_AUTH2", NULL, NULL },
{ NET_LOGON_CTRL2, "NET_LOGON_CTRL2", NULL, NULL },
{ NET_SAM_SYNC, "NET_SAM_SYNC", NULL, NULL },
{ NET_TRUST_DOM_LIST, "NET_TRUST_DOM_LIST", NULL, NULL },
{0, NULL, NULL, NULL },
};
void
proto_register_msrpc_netlogon(void)
{
static gint *ett[] = {
&ett_msrpc_netlogon,
};
proto_msrpc_netlogon = proto_register_protocol(
"Microsoft Network Logon", "NETLOGON", "rpc_netlogon");
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_msrpc_netlogon(void)
{
/* Register protocol as dcerpc */
dcerpc_init_uuid(proto_msrpc_netlogon, ett_msrpc_netlogon,
&uuid_msrpc_netlogon, ver_msrpc_netlogon,
msrpc_netlogon_dissectors);
}

44
packet-msrpc-netlogon.h Normal file
View File

@ -0,0 +1,44 @@
/* packet-msrpc-netlogon.h
* Routines for SMB \\PIPE\\NETLOGON packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-netlogon.h,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PACKET_MSRPC_NETLOGON_H
#define __PACKET_MSRPC_NETLOGON_H
/* Functions available on the NETLOGON pipe. From Samba,
include/rpc_netlogon.h */
#define NET_SAMLOGON 0x02
#define NET_SAMLOGOFF 0x03
#define NET_REQCHAL 0x04
#define NET_AUTH 0x05
#define NET_SRVPWSET 0x06
#define NET_SAM_DELTAS 0x07
#define NET_LOGON_CTRL 0x0c
#define NET_AUTH2 0x0f
#define NET_LOGON_CTRL2 0x0e
#define NET_SAM_SYNC 0x10
#define NET_TRUST_DOM_LIST 0x13
#endif /* packet-msrpc-netlogon.h */

97
packet-msrpc-reg.c Normal file
View File

@ -0,0 +1,97 @@
/* packet-msrpc-reg.c
* Routines for SMB \\PIPE\\winreg packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-reg.c,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <glib.h>
#include "packet.h"
#include "packet-dcerpc.h"
#include "packet-msrpc-reg.h"
static int proto_msrpc_reg = -1;
static gint ett_msrpc_reg = -1;
static e_uuid_t uuid_msrpc_reg = {
0x338cd001, 0x2244, 0x31f1,
{ 0xaa, 0xaa, 0x90, 0x00, 0x38, 0x00, 0x10, 0x03 }
};
static guint16 ver_msrpc_reg = 1;
static dcerpc_sub_dissector msrpc_reg_dissectors[] = {
{ REG_OPEN_HKCR, "REG_OPEN_HKCR", NULL, NULL },
{ _REG_UNK_01, "_REG_UNK_01", NULL, NULL },
{ REG_OPEN_HKLM, "REG_OPEN_HKLM", NULL, NULL },
{ _REG_UNK_03, "_REG_UNK_03", NULL, NULL },
{ REG_OPEN_HKU, "REG_OPEN_HKU", NULL, NULL },
{ REG_CLOSE, "REG_CLOSE", NULL, NULL },
{ REG_CREATE_KEY, "REG_CREATE_KEY", NULL, NULL },
{ REG_DELETE_KEY, "REG_DELETE_KEY", NULL, NULL },
{ REG_DELETE_VALUE, "REG_DELETE_VALUE", NULL, NULL },
{ REG_ENUM_KEY, "REG_ENUM_KEY", NULL, NULL },
{ REG_ENUM_VALUE, "REG_ENUM_VALUE", NULL, NULL },
{ REG_FLUSH_KEY, "REG_FLUSH_KEY", NULL, NULL },
{ REG_GET_KEY_SEC, "REG_GET_KEY_SEC", NULL, NULL },
{ _REG_UNK_0D, "_REG_UNK_0D", NULL, NULL },
{ _REG_UNK_0E, "_REG_UNK_0E", NULL, NULL },
{ REG_OPEN_ENTRY, "REG_OPEN_ENTRY", NULL, NULL },
{ REG_QUERY_KEY, "REG_QUERY_KEY", NULL, NULL },
{ REG_INFO, "REG_INFO", NULL, NULL },
{ _REG_UNK_12, "_REG_UNK_12", NULL, NULL },
{ _REG_UNK_13, "_REG_UNK_13", NULL, NULL },
{ _REG_UNK_14, "_REG_UNK_14", NULL, NULL },
{ REG_SET_KEY_SEC, "REG_SET_KEY_SEC", NULL, NULL },
{ REG_CREATE_VALUE, "REG_CREATE_VALUE", NULL, NULL },
{ _REG_UNK_17, "_REG_UNK_17", NULL, NULL },
{ REG_SHUTDOWN, "REG_SHUTDOWN", NULL, NULL },
{ REG_ABORT_SHUTDOWN, "REG_ABORT_SHUTDOWN", NULL, NULL },
{ REG_UNK_1A, "REG_UNK_1A", NULL, NULL },
{0, NULL, NULL, NULL },
};
void
proto_register_msrpc_reg(void)
{
static gint *ett[] = {
&ett_msrpc_reg,
};
proto_msrpc_reg = proto_register_protocol(
"Microsoft Registry", "REG", "reg");
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_msrpc_reg(void)
{
/* Register protocol as dcerpc */
dcerpc_init_uuid(proto_msrpc_reg, ett_msrpc_reg, &uuid_msrpc_reg,
ver_msrpc_reg, msrpc_reg_dissectors);
}

59
packet-msrpc-reg.h Normal file
View File

@ -0,0 +1,59 @@
/* packet-msrpc-reg.h
* Routines for SMB \\PIPE\\winreg packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-reg.h,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PACKET_MSRPC_REG_H
#define __PACKET_MSRPC_REG_H
/* Functions available on the WINREG pipe. From Samba, include/rpc_reg.h */
#define REG_OPEN_HKCR 0x00
#define _REG_UNK_01 0x01
#define REG_OPEN_HKLM 0x02
#define _REG_UNK_03 0x03
#define REG_OPEN_HKU 0x04
#define REG_CLOSE 0x05
#define REG_CREATE_KEY 0x06
#define REG_DELETE_KEY 0x07
#define REG_DELETE_VALUE 0x08
#define REG_ENUM_KEY 0x09
#define REG_ENUM_VALUE 0x0a
#define REG_FLUSH_KEY 0x0b
#define REG_GET_KEY_SEC 0x0c
#define _REG_UNK_0D 0x0d
#define _REG_UNK_0E 0x0e
#define REG_OPEN_ENTRY 0x0f
#define REG_QUERY_KEY 0x10
#define REG_INFO 0x11
#define _REG_UNK_12 0x12
#define _REG_UNK_13 0x13
#define _REG_UNK_14 0x14
#define REG_SET_KEY_SEC 0x15
#define REG_CREATE_VALUE 0x16
#define _REG_UNK_17 0x17
#define REG_SHUTDOWN 0x18
#define REG_ABORT_SHUTDOWN 0x19
#define REG_UNK_1A 0x1a
#endif /* packet-msrpc-reg.h */

126
packet-msrpc-samr.c Normal file
View File

@ -0,0 +1,126 @@
/* packet-msrpc-samr.c
* Routines for SMB \\PIPE\\samr packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-samr.c,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <glib.h>
#include "packet.h"
#include "packet-dcerpc.h"
#include "packet-msrpc-samr.h"
static int proto_msrpc_samr = -1;
static gint ett_msrpc_samr = -1;
static e_uuid_t uuid_msrpc_samr = {
0x12345778, 0x1234, 0xabcd,
{ 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xac}
};
static guint16 ver_msrpc_samr = 1;
static dcerpc_sub_dissector msrpc_samr_dissectors[] = {
{ SAMR_CONNECT_ANON, "SAMR_CONNECT_ANON", NULL, NULL },
{ SAMR_CLOSE_HND, "SAMR_CLOSE_HND", NULL, NULL },
{ SAMR_UNKNOWN_2, "SAMR_UNKNOWN_2", NULL, NULL },
{ SAMR_QUERY_SEC_OBJECT, "SAMR_QUERY_SEC_OBJECT", NULL, NULL },
{ SAMR_UNKNOWN_4, "SAMR_UNKNOWN_4", NULL, NULL },
{ SAMR_LOOKUP_DOMAIN, "SAMR_LOOKUP_DOMAIN", NULL, NULL },
{ SAMR_ENUM_DOMAINS, "SAMR_ENUM_DOMAINS", NULL, NULL },
{ SAMR_OPEN_DOMAIN, "SAMR_OPEN_DOMAIN", NULL, NULL },
{ SAMR_QUERY_DOMAIN_INFO, "SAMR_QUERY_DOMAIN_INFO", NULL, NULL },
{ SAMR_CREATE_DOM_GROUP, "SAMR_CREATE_DOM_GROUP", NULL, NULL },
{ SAMR_ENUM_DOM_GROUPS, "SAMR_ENUM_DOM_GROUPS", NULL, NULL },
{ SAMR_ENUM_DOM_USERS, "SAMR_ENUM_DOM_USERS", NULL, NULL },
{ SAMR_CREATE_DOM_ALIAS, "SAMR_CREATE_DOM_ALIAS", NULL, NULL },
{ SAMR_ENUM_DOM_ALIASES, "SAMR_ENUM_DOM_ALIASES", NULL, NULL },
{ SAMR_QUERY_USERALIASES, "SAMR_QUERY_USERALIASES", NULL, NULL },
{ SAMR_LOOKUP_NAMES, "SAMR_LOOKUP_NAMES", NULL, NULL },
{ SAMR_LOOKUP_RIDS, "SAMR_LOOKUP_RIDS", NULL, NULL },
{ SAMR_OPEN_GROUP, "SAMR_OPEN_GROUP", NULL, NULL },
{ SAMR_QUERY_GROUPINFO, "SAMR_QUERY_GROUPINFO", NULL, NULL },
{ SAMR_SET_GROUPINFO, "SAMR_SET_GROUPINFO", NULL, NULL },
{ SAMR_ADD_GROUPMEM, "SAMR_ADD_GROUPMEM", NULL, NULL },
{ SAMR_DELETE_DOM_GROUP, "SAMR_DELETE_DOM_GROUP", NULL, NULL },
{ SAMR_DEL_GROUPMEM, "SAMR_DEL_GROUPMEM", NULL, NULL },
{ SAMR_QUERY_GROUPMEM, "SAMR_QUERY_GROUPMEM", NULL, NULL },
{ SAMR_UNKNOWN_1A, "SAMR_UNKNOWN_1A", NULL, NULL },
{ SAMR_OPEN_ALIAS, "SAMR_OPEN_ALIAS", NULL, NULL },
{ SAMR_QUERY_ALIASINFO, "SAMR_QUERY_ALIASINFO", NULL, NULL },
{ SAMR_SET_ALIASINFO, "SAMR_SET_ALIASINFO", NULL, NULL },
{ SAMR_DELETE_DOM_ALIAS, "SAMR_DELETE_DOM_ALIAS", NULL, NULL },
{ SAMR_ADD_ALIASMEM, "SAMR_ADD_ALIASMEM", NULL, NULL },
{ SAMR_DEL_ALIASMEM, "SAMR_DEL_ALIASMEM", NULL, NULL },
{ SAMR_QUERY_ALIASMEM, "SAMR_QUERY_ALIASMEM", NULL, NULL },
{ SAMR_OPEN_USER, "SAMR_OPEN_USER", NULL, NULL },
{ SAMR_DELETE_DOM_USER, "SAMR_DELETE_DOM_USER", NULL, NULL },
{ SAMR_QUERY_USERINFO, "SAMR_QUERY_USERINFO", NULL, NULL },
{ SAMR_SET_USERINFO2, "SAMR_SET_USERINFO2", NULL, NULL },
{ SAMR_QUERY_USERGROUPS, "SAMR_QUERY_USERGROUPS", NULL, NULL },
{ SAMR_QUERY_DISPINFO, "SAMR_QUERY_DISPINFO", NULL, NULL },
{ SAMR_UNKNOWN_29, "SAMR_UNKNOWN_29", NULL, NULL },
{ SAMR_UNKNOWN_2a, "SAMR_UNKNOWN_2a", NULL, NULL },
{ SAMR_UNKNOWN_2b, "SAMR_UNKNOWN_2b", NULL, NULL },
{ SAMR_GET_USRDOM_PWINFO, "SAMR_GET_USRDOM_PWINFO", NULL, NULL },
{ SAMR_UNKNOWN_2D, "SAMR_UNKNOWN_2D", NULL, NULL },
{ SAMR_UNKNOWN_2e, "SAMR_UNKNOWN_2e", NULL, NULL },
{ SAMR_UNKNOWN_2f, "SAMR_UNKNOWN_2f", NULL, NULL },
{ SAMR_QUERY_DISPINFO3, "SAMR_QUERY_DISPINFO3", NULL, NULL },
{ SAMR_UNKNOWN_31, "SAMR_UNKNOWN_31", NULL, NULL },
{ SAMR_CREATE_USER, "SAMR_CREATE_USER", NULL, NULL },
{ SAMR_QUERY_DISPINFO4, "SAMR_QUERY_DISPINFO4", NULL, NULL },
{ SAMR_ADDMULTI_ALIASMEM, "SAMR_ADDMULTI_ALIASMEM", NULL, NULL },
{ SAMR_UNKNOWN_35, "SAMR_UNKNOWN_35", NULL, NULL },
{ SAMR_UNKNOWN_36, "SAMR_UNKNOWN_36", NULL, NULL },
{ SAMR_CHGPASSWD_USER, "SAMR_CHGPASSWD_USER", NULL, NULL },
{ SAMR_GET_DOM_PWINFO, "SAMR_GET_DOM_PWINFO", NULL, NULL },
{ SAMR_CONNECT, "SAMR_CONNECT", NULL, NULL },
{ SAMR_SET_USERINFO, "SAMR_SET_USERINFO", NULL, NULL },
{0, NULL, NULL, NULL },
};
void
proto_register_msrpc_samr(void)
{
static gint *ett[] = {
&ett_msrpc_samr,
};
proto_msrpc_samr = proto_register_protocol(
"Microsoft Security Account Manager", "SAMR", "samr");
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_msrpc_samr(void)
{
/* Register protocol as dcerpc */
dcerpc_init_uuid(proto_msrpc_samr, ett_msrpc_samr, &uuid_msrpc_samr,
ver_msrpc_samr, msrpc_samr_dissectors);
}

88
packet-msrpc-samr.h Normal file
View File

@ -0,0 +1,88 @@
/* packet-msrpc-samr.h
* Routines for SMB \\PIPE\\samr packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-samr.h,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PACKET_MSRPC_SAMR_H
#define __PACKET_MSRPC_SAMR_H
/* Functions available on the SAMR pipe. From Samba, include/rpc_samr.h */
#define SAMR_CONNECT_ANON 0x00
#define SAMR_CLOSE_HND 0x01
#define SAMR_UNKNOWN_2 0x02
#define SAMR_QUERY_SEC_OBJECT 0x03
#define SAMR_UNKNOWN_4 0x04
#define SAMR_LOOKUP_DOMAIN 0x05
#define SAMR_ENUM_DOMAINS 0x06
#define SAMR_OPEN_DOMAIN 0x07
#define SAMR_QUERY_DOMAIN_INFO 0x08
#define SAMR_CREATE_DOM_GROUP 0x0a
#define SAMR_ENUM_DOM_GROUPS 0x0b
#define SAMR_ENUM_DOM_USERS 0x0d
#define SAMR_CREATE_DOM_ALIAS 0x0e
#define SAMR_ENUM_DOM_ALIASES 0x0f
#define SAMR_QUERY_USERALIASES 0x10
#define SAMR_LOOKUP_NAMES 0x11
#define SAMR_LOOKUP_RIDS 0x12
#define SAMR_OPEN_GROUP 0x13
#define SAMR_QUERY_GROUPINFO 0x14
#define SAMR_SET_GROUPINFO 0x15
#define SAMR_ADD_GROUPMEM 0x16
#define SAMR_DELETE_DOM_GROUP 0x17
#define SAMR_DEL_GROUPMEM 0x18
#define SAMR_QUERY_GROUPMEM 0x19
#define SAMR_UNKNOWN_1A 0x1a
#define SAMR_OPEN_ALIAS 0x1b
#define SAMR_QUERY_ALIASINFO 0x1c
#define SAMR_SET_ALIASINFO 0x1d
#define SAMR_DELETE_DOM_ALIAS 0x1e
#define SAMR_ADD_ALIASMEM 0x1f
#define SAMR_DEL_ALIASMEM 0x20
#define SAMR_QUERY_ALIASMEM 0x21
#define SAMR_OPEN_USER 0x22
#define SAMR_DELETE_DOM_USER 0x23
#define SAMR_QUERY_USERINFO 0x24
#define SAMR_SET_USERINFO2 0x25
#define SAMR_QUERY_USERGROUPS 0x27
#define SAMR_QUERY_DISPINFO 0x28
#define SAMR_UNKNOWN_29 0x29
#define SAMR_UNKNOWN_2a 0x2a
#define SAMR_UNKNOWN_2b 0x2b
#define SAMR_GET_USRDOM_PWINFO 0x2c
#define SAMR_UNKNOWN_2D 0x2d
#define SAMR_UNKNOWN_2e 0x2e
#define SAMR_UNKNOWN_2f 0x2f
#define SAMR_QUERY_DISPINFO3 0x30
#define SAMR_UNKNOWN_31 0x31
#define SAMR_CREATE_USER 0x32
#define SAMR_QUERY_DISPINFO4 0x33
#define SAMR_ADDMULTI_ALIASMEM 0x34
#define SAMR_UNKNOWN_35 0x35
#define SAMR_UNKNOWN_36 0x36
#define SAMR_CHGPASSWD_USER 0x37
#define SAMR_GET_DOM_PWINFO 0x38
#define SAMR_CONNECT 0x39
#define SAMR_SET_USERINFO 0x3A
#endif /* packet-msrpc-samr.h */

117
packet-msrpc-spoolss.c Normal file
View File

@ -0,0 +1,117 @@
/* packet-msrpc-spoolss.c
* Routines for SMB \\PIPE\\spoolss packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-spoolss.c,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <glib.h>
#include "packet.h"
#include "packet-dcerpc.h"
#include "packet-msrpc-spoolss.h"
static int proto_msrpc_spoolss = -1;
static gint ett_msrpc_spoolss = -1;
static e_uuid_t uuid_msrpc_spoolss = {
0x12345678, 0x1234, 0xabcd,
{ 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab }
};
static guint16 ver_msrpc_spoolss = 1;
static dcerpc_sub_dissector msrpc_spoolss_dissectors[] = {
{ SPOOLSS_ENUMPRINTERS, "SPOOLSS_ENUMPRINTERS", NULL, NULL },
{ SPOOLSS_SETJOB, "SPOOLSS_SETJOB", NULL, NULL },
{ SPOOLSS_GETJOB, "SPOOLSS_GETJOB", NULL, NULL },
{ SPOOLSS_ENUMJOBS, "SPOOLSS_ENUMJOBS", NULL, NULL },
{ SPOOLSS_ADDPRINTER, "SPOOLSS_ADDPRINTER", NULL, NULL },
{ SPOOLSS_DELETEPRINTER, "SPOOLSS_DELETEPRINTER", NULL, NULL },
{ SPOOLSS_SETPRINTER, "SPOOLSS_SETPRINTER", NULL, NULL },
{ SPOOLSS_GETPRINTER, "SPOOLSS_GETPRINTER", NULL, NULL },
{ SPOOLSS_ADDPRINTERDRIVER, "SPOOLSS_ADDPRINTERDRIVER", NULL, NULL },
{ SPOOLSS_ENUMPRINTERDRIVERS, "SPOOLSS_ENUMPRINTERDRIVERS", NULL, NULL },
{ SPOOLSS_GETPRINTERDRIVERDIRECTORY, "SPOOLSS_GETPRINTERDRIVERDIRECTORY", NULL, NULL },
{ SPOOLSS_DELETEPRINTERDRIVER, "SPOOLSS_DELETEPRINTERDRIVER", NULL, NULL },
{ SPOOLSS_ADDPRINTPROCESSOR, "SPOOLSS_ADDPRINTPROCESSOR", NULL, NULL },
{ SPOOLSS_ENUMPRINTPROCESSORS, "SPOOLSS_ENUMPRINTPROCESSORS", NULL, NULL },
{ SPOOLSS_STARTDOCPRINTER, "SPOOLSS_STARTDOCPRINTER", NULL, NULL },
{ SPOOLSS_STARTPAGEPRINTER, "SPOOLSS_STARTPAGEPRINTER", NULL, NULL },
{ SPOOLSS_WRITEPRINTER, "SPOOLSS_WRITEPRINTER", NULL, NULL },
{ SPOOLSS_ENDPAGEPRINTER, "SPOOLSS_ENDPAGEPRINTER", NULL, NULL },
{ SPOOLSS_ABORTPRINTER, "SPOOLSS_ABORTPRINTER", NULL, NULL },
{ SPOOLSS_ENDDOCPRINTER, "SPOOLSS_ENDDOCPRINTER", NULL, NULL },
{ SPOOLSS_ADDJOB, "SPOOLSS_ADDJOB", NULL, NULL },
{ SPOOLSS_SCHEDULEJOB, "SPOOLSS_SCHEDULEJOB", NULL, NULL },
{ SPOOLSS_GETPRINTERDATA, "SPOOLSS_GETPRINTERDATA", NULL, NULL },
{ SPOOLSS_SETPRINTERDATA, "SPOOLSS_SETPRINTERDATA", NULL, NULL },
{ SPOOLSS_CLOSEPRINTER, "SPOOLSS_CLOSEPRINTER", NULL, NULL },
{ SPOOLSS_ADDFORM, "SPOOLSS_ADDFORM", NULL, NULL },
{ SPOOLSS_DELETEFORM, "SPOOLSS_DELETEFORM", NULL, NULL },
{ SPOOLSS_GETFORM, "SPOOLSS_GETFORM", NULL, NULL },
{ SPOOLSS_SETFORM, "SPOOLSS_SETFORM", NULL, NULL },
{ SPOOLSS_ENUMFORMS, "SPOOLSS_ENUMFORMS", NULL, NULL },
{ SPOOLSS_ENUMPORTS, "SPOOLSS_ENUMPORTS", NULL, NULL },
{ SPOOLSS_ENUMMONITORS, "SPOOLSS_ENUMMONITORS", NULL, NULL },
{ SPOOLSS_ENUMPRINTPROCDATATYPES, "SPOOLSS_ENUMPRINTPROCDATATYPES", NULL, NULL },
{ SPOOLSS_GETPRINTERDRIVER2, "SPOOLSS_GETPRINTERDRIVER2", NULL, NULL },
{ SPOOLSS_FCPN, "SPOOLSS_FCPN", NULL, NULL },
{ SPOOLSS_REPLYOPENPRINTER, "SPOOLSS_REPLYOPENPRINTER", NULL, NULL },
{ SPOOLSS_REPLYCLOSEPRINTER, "SPOOLSS_REPLYCLOSEPRINTER", NULL, NULL },
{ SPOOLSS_RFFPCNEX, "SPOOLSS_RFFPCNEX", NULL, NULL },
{ SPOOLSS_RRPCN, "SPOOLSS_RRPCN", NULL, NULL },
{ SPOOLSS_RFNPCNEX, "SPOOLSS_RFNPCNEX", NULL, NULL },
{ SPOOLSS_OPENPRINTEREX, "SPOOLSS_OPENPRINTEREX", NULL, NULL },
{ SPOOLSS_ADDPRINTEREX, "SPOOLSS_ADDPRINTEREX", NULL, NULL },
{ SPOOLSS_ENUMPRINTERDATA, "SPOOLSS_ENUMPRINTERDATA", NULL, NULL },
{ SPOOLSS_DELETEPRINTERDATA, "SPOOLSS_DELETEPRINTERDATA", NULL, NULL },
{ SPOOLSS_GETPRINTERDATAEX, "SPOOLSS_GETPRINTERDATAEX", NULL, NULL },
{ SPOOLSS_SETPRINTERDATAEX, "SPOOLSS_SETPRINTERDATAEX", NULL, NULL },
{0, NULL, NULL, NULL },
};
void
proto_register_msrpc_spoolss(void)
{
static gint *ett[] = {
&ett_msrpc_spoolss,
};
proto_msrpc_spoolss = proto_register_protocol(
"Microsoft Spool Subsystem", "SPOOLSS", "spoolss");
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_msrpc_spoolss(void)
{
/* Register protocol as dcerpc */
dcerpc_init_uuid(proto_msrpc_spoolss, ett_msrpc_spoolss,
&uuid_msrpc_spoolss, ver_msrpc_spoolss,
msrpc_spoolss_dissectors);
}

79
packet-msrpc-spoolss.h Normal file
View File

@ -0,0 +1,79 @@
/* packet-msrpc-spoolss.h
* Routines for SMB \\PIPE\\spoolss packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-spoolss.h,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PACKET_MSRPC_SPOOLSS_H
#define __PACKET_MSRPC_SPOOLSS_H
/* Functions available on the SPOOLSS pipe. From Samba,
include/rpc_spoolss.h */
#define SPOOLSS_ENUMPRINTERS 0x00
#define SPOOLSS_SETJOB 0x02
#define SPOOLSS_GETJOB 0x03
#define SPOOLSS_ENUMJOBS 0x04
#define SPOOLSS_ADDPRINTER 0x05
#define SPOOLSS_DELETEPRINTER 0x06
#define SPOOLSS_SETPRINTER 0x07
#define SPOOLSS_GETPRINTER 0x08
#define SPOOLSS_ADDPRINTERDRIVER 0x09
#define SPOOLSS_ENUMPRINTERDRIVERS 0x0a
#define SPOOLSS_GETPRINTERDRIVERDIRECTORY 0x0c
#define SPOOLSS_DELETEPRINTERDRIVER 0x0d
#define SPOOLSS_ADDPRINTPROCESSOR 0x0e
#define SPOOLSS_ENUMPRINTPROCESSORS 0x0f
#define SPOOLSS_STARTDOCPRINTER 0x11
#define SPOOLSS_STARTPAGEPRINTER 0x12
#define SPOOLSS_WRITEPRINTER 0x13
#define SPOOLSS_ENDPAGEPRINTER 0x14
#define SPOOLSS_ABORTPRINTER 0x15
#define SPOOLSS_ENDDOCPRINTER 0x17
#define SPOOLSS_ADDJOB 0x18
#define SPOOLSS_SCHEDULEJOB 0x19
#define SPOOLSS_GETPRINTERDATA 0x1a
#define SPOOLSS_SETPRINTERDATA 0x1b
#define SPOOLSS_CLOSEPRINTER 0x1d
#define SPOOLSS_ADDFORM 0x1e
#define SPOOLSS_DELETEFORM 0x1f
#define SPOOLSS_GETFORM 0x20
#define SPOOLSS_SETFORM 0x21
#define SPOOLSS_ENUMFORMS 0x22
#define SPOOLSS_ENUMPORTS 0x23
#define SPOOLSS_ENUMMONITORS 0x24
#define SPOOLSS_ENUMPRINTPROCDATATYPES 0x33
#define SPOOLSS_GETPRINTERDRIVER2 0x35
#define SPOOLSS_FCPN 0x38
#define SPOOLSS_REPLYOPENPRINTER 0x3a
#define SPOOLSS_REPLYCLOSEPRINTER 0x3c
#define SPOOLSS_RFFPCNEX 0x41
#define SPOOLSS_RRPCN 0x42
#define SPOOLSS_RFNPCNEX 0x43
#define SPOOLSS_OPENPRINTEREX 0x45
#define SPOOLSS_ADDPRINTEREX 0x46
#define SPOOLSS_ENUMPRINTERDATA 0x48
#define SPOOLSS_DELETEPRINTERDATA 0x49
#define SPOOLSS_GETPRINTERDATAEX 0x4e
#define SPOOLSS_SETPRINTERDATAEX 0x50
#endif /* packet-msrpc-spoolss.h */

87
packet-msrpc-srvsvc.c Normal file
View File

@ -0,0 +1,87 @@
/* packet-msrpc-srvsvc.c
* Routines for SMB \\PIPE\\srvsvc packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-srvsvc.c,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <glib.h>
#include "packet.h"
#include "packet-dcerpc.h"
#include "packet-msrpc-srvsvc.h"
static int proto_msrpc_srvsvc = -1;
static gint ett_msrpc_srvsvc = -1;
static e_uuid_t uuid_msrpc_srvsvc = {
0x4b324fc8, 0x1670, 0x01d3,
{ 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e, 0xe1, 0x88 }
};
static guint16 ver_msrpc_srvsvc = 3;
static dcerpc_sub_dissector msrpc_srvsvc_dissectors[] = {
{ SRV_NETCONNENUM, "SRV_NETCONNENUM", NULL, NULL },
{ SRV_NETFILEENUM, "SRV_NETFILEENUM", NULL, NULL },
{ SRV_NETSESSENUM, "SRV_NETSESSENUM", NULL, NULL },
{ SRV_NET_SHARE_ADD, "SRV_NET_SHARE_ADD", NULL, NULL },
{ SRV_NETSHAREENUM_ALL, "SRV_NETSHAREENUM_ALL", NULL, NULL },
{ SRV_NET_SHARE_GET_INFO, "SRV_NET_SHARE_GET_INFO", NULL, NULL },
{ SRV_NET_SHARE_SET_INFO, "SRV_NET_SHARE_SET_INFO", NULL, NULL },
{ SRV_NET_SHARE_DEL, "SRV_NET_SHARE_DEL", NULL, NULL },
{ SRV_NET_SRV_GET_INFO, "SRV_NET_SRV_GET_INFO", NULL, NULL },
{ SRV_NET_SRV_SET_INFO, "SRV_NET_SRV_SET_INFO", NULL, NULL },
{ SRV_NET_DISK_ENUM, "SRV_NET_DISK_ENUM", NULL, NULL },
{ SRV_NET_REMOTE_TOD, "SRV_NET_REMOTE_TOD", NULL, NULL },
{ SRV_NET_NAME_VALIDATE, "SRV_NET_NAME_VALIDATE", NULL, NULL },
{ SRV_NETSHAREENUM, "SRV_NETSHAREENUM", NULL, NULL },
{ SRV_NETFILEQUERYSECDESC, "SRV_NETFILEQUERYSECDESC", NULL, NULL },
{ SRV_NETFILESETSECDESC, "SRV_NETFILESETSECDESC", NULL, NULL },
{0, NULL, NULL, NULL },
};
void
proto_register_msrpc_srvsvc(void)
{
static gint *ett[] = {
&ett_msrpc_srvsvc,
};
proto_msrpc_srvsvc = proto_register_protocol(
"Microsoft Server Service", "SRVSVC", "srvsvc");
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_msrpc_srvsvc(void)
{
/* Register protocol as dcerpc */
dcerpc_init_uuid(proto_msrpc_srvsvc, ett_msrpc_srvsvc,
&uuid_msrpc_srvsvc, ver_msrpc_srvsvc,
msrpc_srvsvc_dissectors);
}

48
packet-msrpc-srvsvc.h Normal file
View File

@ -0,0 +1,48 @@
/* packet-msrpc-srvsvc.h
* Routines for SMB \\PIPE\\srvsvc packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-srvsvc.h,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PACKET_MSRPC_SRVSVC_H
#define __PACKET_MSRPC_SRVSVC_H
/* Functions available on the SRVSVC pipe. From Samba, include/rpc_srvsvc.h */
#define SRV_NETCONNENUM 0x08
#define SRV_NETFILEENUM 0x09
#define SRV_NETSESSENUM 0x0c
#define SRV_NET_SHARE_ADD 0x0e
#define SRV_NETSHAREENUM_ALL 0x0f
#define SRV_NET_SHARE_GET_INFO 0x10
#define SRV_NET_SHARE_SET_INFO 0x11
#define SRV_NET_SHARE_DEL 0x12
#define SRV_NET_SRV_GET_INFO 0x15
#define SRV_NET_SRV_SET_INFO 0x16
#define SRV_NET_DISK_ENUM 0x17
#define SRV_NET_REMOTE_TOD 0x1c
#define SRV_NET_NAME_VALIDATE 0x21
#define SRV_NETSHAREENUM 0x24
#define SRV_NETFILEQUERYSECDESC 0x27
#define SRV_NETFILESETSECDESC 0x28
#endif /* packet-msrpc-srvsvc.h */

72
packet-msrpc-wkssvc.c Normal file
View File

@ -0,0 +1,72 @@
/* packet-msrpc-wkssvc.c
* Routines for SMB \\PIPE\\wkssvc packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-wkssvc.c,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <glib.h>
#include "packet.h"
#include "packet-dcerpc.h"
#include "packet-msrpc-wkssvc.h"
static int proto_msrpc_wkssvc = -1;
static gint ett_msrpc_wkssvc = -1;
static e_uuid_t uuid_msrpc_wkssvc = {
0x6bffd098, 0xa112, 0x3610,
{ 0x98, 0x33, 0x46, 0xc3, 0xf8, 0x7e, 0x34, 0x5a }
};
static guint16 ver_msrpc_wkssvc = 1;
static dcerpc_sub_dissector msrpc_wkssvc_dissectors[] = {
{ WKS_QUERY_INFO, "WKS_QUERY_INFO", NULL, NULL },
{0, NULL, NULL, NULL },
};
void
proto_register_msrpc_wkssvc(void)
{
static gint *ett[] = {
&ett_msrpc_wkssvc,
};
proto_msrpc_wkssvc = proto_register_protocol(
"Microsoft Workstation Service", "WKSSVC", "wkssvc");
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_msrpc_wkssvc(void)
{
/* Register protocol as dcerpc */
dcerpc_init_uuid(proto_msrpc_wkssvc, ett_msrpc_wkssvc,
&uuid_msrpc_wkssvc, ver_msrpc_wkssvc,
msrpc_wkssvc_dissectors);
}

33
packet-msrpc-wkssvc.h Normal file
View File

@ -0,0 +1,33 @@
/* packet-msrpc-wkssvc.h
* Routines for SMB \\PIPE\\wkssvc packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id: packet-msrpc-wkssvc.h,v 1.1 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PACKET_MSRPC_WKSSVC_H
#define __PACKET_MSRPC_WKSSVC_H
/* Functions available on the WKSSVC pipe. From Samba, include/rpc_wkssvc.h */
#define WKS_QUERY_INFO 0x00
#endif /* packet-msrpc-wkssvc.h */

30
packet-smb-pipe.c
View File

@ -8,7 +8,7 @@ XXX Fixme : shouldnt show [malformed frame] for long packets
* significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and
* Guy Harris 2001
*
* $Id: packet-smb-pipe.c,v 1.38 2001/11/03 00:58:49 guy Exp $
* $Id: packet-smb-pipe.c,v 1.39 2001/11/12 08:58:43 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -2218,6 +2218,22 @@ dissect_pipe_lanman(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
return TRUE;
}
static heur_dissector_list_t msrpc_heur_subdissector_list;
static gboolean
dissect_pipe_msrpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
gboolean result;
result = dissector_try_heuristic(msrpc_heur_subdissector_list, tvb,
pinfo, parent_tree);
if (!result)
dissect_data(tvb, 0, pinfo, parent_tree);
return TRUE;
}
gboolean
dissect_pipe_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
@ -2233,6 +2249,16 @@ dissect_pipe_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
return dissect_pipe_lanman(tvb, pinfo, tree);
}
/* MSRPC pipes are transacts on an unnamed pipe (i.e \PIPE\) which
is stripped off in the transact dissector */
if (smb_info->trans_cmd && strcmp(smb_info->trans_cmd, "") == 0) {
/* Try to decode a msrpc pipe */
return dissect_pipe_msrpc(tvb, pinfo, tree);
}
return FALSE;
}
@ -2567,4 +2593,6 @@ register_proto_smb_pipe(void)
"Microsoft Windows Lanman Remote API Protocol", "LANMAN", "lanman");
proto_register_field_array(proto_smb_lanman, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
register_heur_dissector_list("msrpc", &msrpc_heur_subdissector_list);
}