From cc451ab6aa29b426cdfbb24ab06dbc183fde6f46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 23 Sep 2016 01:43:35 +0200 Subject: [PATCH] dissectors: re-use most of the existing spoolss container dissectors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Change-Id: Ifa261265112da2433f6f55385aba9dff9546551a Signed-off-by: Günther Deschner Reviewed-on: https://code.wireshark.org/review/35425 Petri-Dish: Alexis La Goutte Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman --- epan/dissectors/packet-dcerpc-spoolss.c | 14 +++--- epan/dissectors/packet-dcerpc-spoolss.h | 18 +++++++ epan/dissectors/packet-dcerpc-winspool.c | 58 +++++++++++++++------- epan/dissectors/pidl/winspool/winspool.cnf | 51 +++++++++++++++---- 4 files changed, 107 insertions(+), 34 deletions(-) diff --git a/epan/dissectors/packet-dcerpc-spoolss.c b/epan/dissectors/packet-dcerpc-spoolss.c index 8f1bdc395c..e8075b90d3 100644 --- a/epan/dissectors/packet-dcerpc-spoolss.c +++ b/epan/dissectors/packet-dcerpc-spoolss.c @@ -1621,7 +1621,7 @@ dissect_DEVMODE(tvbuff_t *tvb, int offset, packet_info *pinfo, static gint ett_DEVMODE_CTR = -1; -static int +int dissect_DEVMODE_CTR(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { @@ -2417,7 +2417,7 @@ dissect_USER_LEVEL_1(tvbuff_t *tvb, int offset, static gint ett_USER_LEVEL_CTR = -1; -static int +int dissect_USER_LEVEL_CTR(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) @@ -2775,7 +2775,7 @@ dissect_notify_options_flags(tvbuff_t *tvb, int offset, packet_info *pinfo, return offset; } -static int +int dissect_NOTIFY_OPTIONS_ARRAY_CTR(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) @@ -3252,7 +3252,7 @@ static gint ett_SPOOL_PRINTER_INFO_LEVEL = -1; static int hf_spool_printer_info_devmode_ptr = -1; static int hf_spool_printer_info_secdesc_ptr = -1; -static int +int dissect_SPOOL_PRINTER_INFO(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { @@ -3901,7 +3901,7 @@ dissect_FORM_1(tvbuff_t *tvb, int offset, packet_info *pinfo, static gint ett_FORM_CTR = -1; -static int +int dissect_FORM_CTR(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) @@ -4768,7 +4768,7 @@ dissect_spoolss_doc_info(tvbuff_t *tvb, int offset, packet_info *pinfo, static gint ett_DOC_INFO_CTR = -1; -static int +int dissect_spoolss_doc_info_ctr(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { @@ -5953,7 +5953,7 @@ dissect_NOTIFY_INFO_DATA(tvbuff_t *tvb, int offset, packet_info *pinfo, return offset; } -static int +int dissect_NOTIFY_INFO(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { diff --git a/epan/dissectors/packet-dcerpc-spoolss.h b/epan/dissectors/packet-dcerpc-spoolss.h index 745134e5ab..4174557b15 100644 --- a/epan/dissectors/packet-dcerpc-spoolss.h +++ b/epan/dissectors/packet-dcerpc-spoolss.h @@ -557,4 +557,22 @@ #define JOB_CONTROL_RESTART 4 #define JOB_CONTROL_DELETE 5 +int dissect_USER_LEVEL_CTR(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + dcerpc_info *di, guint8 *drep); +int dissect_NOTIFY_OPTIONS_ARRAY_CTR(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + dcerpc_info *di, guint8 *drep); +int dissect_NOTIFY_INFO(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *tree, dcerpc_info *di, guint8 *drep); +int dissect_DEVMODE_CTR(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *tree, dcerpc_info *di, guint8 *drep); +int dissect_SPOOL_PRINTER_INFO(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *tree, dcerpc_info *di, guint8 *drep); +int dissect_spoolss_doc_info_ctr(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *tree, dcerpc_info *di, guint8 *drep); +int dissect_FORM_CTR(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + dcerpc_info *di, guint8 *drep); + #endif /* packet-dcerpc-spoolss.h */ diff --git a/epan/dissectors/packet-dcerpc-winspool.c b/epan/dissectors/packet-dcerpc-winspool.c index a9f0209d7b..809f68143c 100644 --- a/epan/dissectors/packet-dcerpc-winspool.c +++ b/epan/dissectors/packet-dcerpc-winspool.c @@ -36,6 +36,7 @@ static gint ett_iremotewinspool_winspool_UploadPrinterDriverPackageFlags = -1; /* Header field declarations */ static gint hf_iremotewinspool_hresult = -1; static gint hf_iremotewinspool_opnum = -1; +static gint hf_iremotewinspool_sec_desc_buf_len = -1; static gint hf_iremotewinspool_werror = -1; static gint hf_iremotewinspool_winspool_AsyncAbortPrinter_hPrinter = -1; static gint hf_iremotewinspool_winspool_AsyncAddForm_hPrinter = -1; @@ -995,6 +996,25 @@ static int iremotewinspool_dissect_element_winspool_AsyncEnumJobNamedProperties_ static int iremotewinspool_dissect_element_winspool_AsyncLogJobInfoForBranchOffice_hPrinter(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); static int iremotewinspool_dissect_element_winspool_AsyncLogJobInfoForBranchOffice_pBranchOfficeJobDataContainer(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); static int iremotewinspool_dissect_element_winspool_AsyncLogJobInfoForBranchOffice_pBranchOfficeJobDataContainer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); + #include "packet-smb.h" + #include "packet-smb-browse.h" +extern struct access_mask_info spoolss_printer_access_mask_info; +static int +iremotewinspool_dissect_sec_desc_buf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep) +{ + guint32 len; + if(di->conformant_run){ + /*just a run to handle conformant arrays, nothing to dissect */ + return offset; + } + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, + hf_iremotewinspool_sec_desc_buf_len, &len); + dissect_nt_sec_desc( + tvb, offset, pinfo, tree, drep, TRUE, len, + &spoolss_printer_access_mask_info); + offset += len; + return offset; +} /* IDL: struct { */ @@ -1012,7 +1032,7 @@ iremotewinspool_dissect_element_winspool_NOTIFY_REPLY_CONTAINER_pInfo(tvbuff_t * static int iremotewinspool_dissect_element_winspool_NOTIFY_REPLY_CONTAINER_pInfo_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_NOTIFY_INFO(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -1062,7 +1082,7 @@ iremotewinspool_dissect_element_winspool_NOTIFY_OPTIONS_CONTAINER_pOptions(tvbuf static int iremotewinspool_dissect_element_winspool_NOTIFY_OPTIONS_CONTAINER_pOptions_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_NOTIFY_OPTIONS_ARRAY_CTR(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -1190,7 +1210,7 @@ iremotewinspool_dissect_element_winspool_PrintPropertyValueUnion_propertyTimeCon static int iremotewinspool_dissect_element_winspool_PrintPropertyValueUnion_propertyDevModeContainer(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_DEVMODE_CTR(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -1198,7 +1218,7 @@ iremotewinspool_dissect_element_winspool_PrintPropertyValueUnion_propertyDevMode static int iremotewinspool_dissect_element_winspool_PrintPropertyValueUnion_propertySDContainer(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = iremotewinspool_dissect_sec_desc_buf(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -1597,7 +1617,7 @@ iremotewinspool_dissect_element_winspool_AsyncOpenPrinter_pDevModeContainer(tvbu static int iremotewinspool_dissect_element_winspool_AsyncOpenPrinter_pDevModeContainer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_DEVMODE_CTR(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -1621,7 +1641,7 @@ iremotewinspool_dissect_element_winspool_AsyncOpenPrinter_pClientInfo(tvbuff_t * static int iremotewinspool_dissect_element_winspool_AsyncOpenPrinter_pClientInfo_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_USER_LEVEL_CTR(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -1699,7 +1719,7 @@ iremotewinspool_dissect_element_winspool_AsyncAddPrinter_pPrinterContainer(tvbuf static int iremotewinspool_dissect_element_winspool_AsyncAddPrinter_pPrinterContainer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_SPOOL_PRINTER_INFO(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -1715,7 +1735,7 @@ iremotewinspool_dissect_element_winspool_AsyncAddPrinter_pDevModeContainer(tvbuf static int iremotewinspool_dissect_element_winspool_AsyncAddPrinter_pDevModeContainer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_DEVMODE_CTR(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -1731,7 +1751,7 @@ iremotewinspool_dissect_element_winspool_AsyncAddPrinter_pSecurityContainer(tvbu static int iremotewinspool_dissect_element_winspool_AsyncAddPrinter_pSecurityContainer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = iremotewinspool_dissect_sec_desc_buf(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -1747,7 +1767,7 @@ iremotewinspool_dissect_element_winspool_AsyncAddPrinter_pClientInfo(tvbuff_t *t static int iremotewinspool_dissect_element_winspool_AsyncAddPrinter_pClientInfo_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_USER_LEVEL_CTR(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -2361,7 +2381,7 @@ iremotewinspool_dissect_element_winspool_AsyncSetPrinter_pPrinterContainer(tvbuf static int iremotewinspool_dissect_element_winspool_AsyncSetPrinter_pPrinterContainer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_SPOOL_PRINTER_INFO(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -2377,7 +2397,7 @@ iremotewinspool_dissect_element_winspool_AsyncSetPrinter_pDevModeContainer(tvbuf static int iremotewinspool_dissect_element_winspool_AsyncSetPrinter_pDevModeContainer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_DEVMODE_CTR(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -2393,7 +2413,7 @@ iremotewinspool_dissect_element_winspool_AsyncSetPrinter_pSecurityContainer(tvbu static int iremotewinspool_dissect_element_winspool_AsyncSetPrinter_pSecurityContainer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = iremotewinspool_dissect_sec_desc_buf(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -2571,7 +2591,7 @@ iremotewinspool_dissect_element_winspool_AsyncStartDocPrinter_pDocInfoContainer( static int iremotewinspool_dissect_element_winspool_AsyncStartDocPrinter_pDocInfoContainer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_spoolss_doc_info_ctr(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -3452,7 +3472,7 @@ iremotewinspool_dissect_element_winspool_AsyncAddForm_pFormInfoContainer(tvbuff_ static int iremotewinspool_dissect_element_winspool_AsyncAddForm_pFormInfoContainer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_FORM_CTR(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -3711,7 +3731,7 @@ iremotewinspool_dissect_element_winspool_AsyncSetForm_pFormInfoContainer(tvbuff_ static int iremotewinspool_dissect_element_winspool_AsyncSetForm_pFormInfoContainer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_FORM_CTR(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -5011,7 +5031,7 @@ iremotewinspool_dissect_element_winspool_AsyncCreatePrinterIC_pDevModeContainer( static int iremotewinspool_dissect_element_winspool_AsyncCreatePrinterIC_pDevModeContainer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_DEVMODE_CTR(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -8741,7 +8761,7 @@ iremotewinspool_dissect_element_winspool_AsyncResetPrinter_pDevModeContainer(tvb static int iremotewinspool_dissect_element_winspool_AsyncResetPrinter_pDevModeContainer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) { - offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep); + offset = dissect_DEVMODE_CTR(tvb, offset, pinfo, tree, di, drep); return offset; } @@ -9318,6 +9338,8 @@ void proto_register_dcerpc_iremotewinspool(void) { "HRES Windows Error", "iremotewinspool.hresult", FT_UINT32, BASE_HEX, VALS(HRES_errors), 0, NULL, HFILL }}, { &hf_iremotewinspool_opnum, { "Operation", "iremotewinspool.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_iremotewinspool_sec_desc_buf_len, + { "Sec Desc Buf Len", "iremotewinspool.sec_desc_buf_len", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, { &hf_iremotewinspool_werror, { "Windows Error", "iremotewinspool.werror", FT_UINT32, BASE_HEX, VALS(WERR_errors), 0, NULL, HFILL }}, { &hf_iremotewinspool_winspool_AsyncAbortPrinter_hPrinter, diff --git a/epan/dissectors/pidl/winspool/winspool.cnf b/epan/dissectors/pidl/winspool/winspool.cnf index 11347277d9..9a2fdd6ccf 100644 --- a/epan/dissectors/pidl/winspool/winspool.cnf +++ b/epan/dissectors/pidl/winspool/winspool.cnf @@ -1,16 +1,19 @@ # Conformance file for winspool -# these are all TODO! +#iremotewinspool_dissect_struct_sec_desc_buf +HF_FIELD hf_iremotewinspool_sec_desc_buf_len "Sec Desc Buf Len" "iremotewinspool.sec_desc_buf_len" FT_UINT32 BASE_DEC NULL 0 "" "" "" #TYPE winreg_AccessMask "offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, di, drep, @HF@, @PARAM@);" FT_NONE BASE_NONE 0 NULL NULL -TYPE sec_desc_buf "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL -TYPE spoolss_UserLevelCtr "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL -TYPE spoolss_NotifyInfo "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL -TYPE spoolss_NotifyOption "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL -TYPE spoolss_DevmodeContainer "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL -TYPE spoolss_SetPrinterInfoCtr "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL -TYPE spoolss_DocumentInfoCtr "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL -TYPE spoolss_AddFormInfoCtr "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL +TYPE sec_desc_buf "offset = iremotewinspool_dissect_sec_desc_buf(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL +TYPE spoolss_UserLevelCtr "offset = dissect_USER_LEVEL_CTR(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL +TYPE spoolss_NotifyInfo "offset = dissect_NOTIFY_INFO(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL +TYPE spoolss_NotifyOption "offset = dissect_NOTIFY_OPTIONS_ARRAY_CTR(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL +TYPE spoolss_DevmodeContainer "offset = dissect_DEVMODE_CTR(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL +TYPE spoolss_SetPrinterInfoCtr "offset = dissect_SPOOL_PRINTER_INFO(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL +TYPE spoolss_DocumentInfoCtr "offset = dissect_spoolss_doc_info_ctr(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL +TYPE spoolss_AddFormInfoCtr "offset = dissect_FORM_CTR(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL + +# these are all TODO! TYPE spoolss_TimeCtr "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL TYPE spoolss_JobInfoContainer "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL TYPE RPC_BIDI_REQUEST_CONTAINER "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL @@ -23,3 +26,33 @@ TYPE spoolss_CorePrinterDriver "offset = dissect_ndr_byte_array(tvb, offset, pin TYPE spoolss_PrintPropertyValue "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL TYPE spoolss_PrintNamedProperty "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL TYPE spoolss_BranchOfficeJobDataContainer "offset = dissect_ndr_byte_array(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL NULL + +CODE START + #include "packet-smb.h" + #include "packet-smb-browse.h" + +extern struct access_mask_info spoolss_printer_access_mask_info; + +static int +iremotewinspool_dissect_sec_desc_buf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep) +{ + guint32 len; + + if(di->conformant_run){ + /*just a run to handle conformant arrays, nothing to dissect */ + return offset; + } + + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, + hf_iremotewinspool_sec_desc_buf_len, &len); + + dissect_nt_sec_desc( + tvb, offset, pinfo, tree, drep, TRUE, len, + &spoolss_printer_access_mask_info); + + offset += len; + + return offset; +} + +CODE END