aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-dcom-oxid.c
diff options
context:
space:
mode:
authorUlf Lamping <ulf.lamping@web.de>2004-12-19 16:13:05 +0000
committerUlf Lamping <ulf.lamping@web.de>2004-12-19 16:13:05 +0000
commite3f96e79e7aadb5c0c1b2e9c7b09dfb8070675b0 (patch)
treeca1cb50806c6561cf604326753d684ea5b36524b /epan/dissectors/packet-dcom-oxid.c
parentae802a6a02d4c638d2e9f3b4641470cc47559925 (diff)
add a lot of dissect stuff to the OXID resolver, moved some details of the DUALSTRINGARRAY to packet-dcom.c
svn path=/trunk/; revision=12779
Diffstat (limited to 'epan/dissectors/packet-dcom-oxid.c')
-rw-r--r--epan/dissectors/packet-dcom-oxid.c426
1 files changed, 238 insertions, 188 deletions
diff --git a/epan/dissectors/packet-dcom-oxid.c b/epan/dissectors/packet-dcom-oxid.c
index c5d8694438..cc5906accc 100644
--- a/epan/dissectors/packet-dcom-oxid.c
+++ b/epan/dissectors/packet-dcom-oxid.c
@@ -32,241 +32,291 @@
#include <glib.h>
#include <epan/packet.h>
#include "packet-dcerpc.h"
-#include "packet-dcerpc-dcom.h"
-#include "packet-smb-common.h"
+#include "packet-dcom.h"
static int proto_oxid = -1;
-static int hf_opnum = -1;
-static int hf_COMVERSION_MjrVer = -1;
-static int hf_COMVERSION_MnrVer = -1;
-static int hf_wNumEntries = -1;
-static int hf_wSecurityOffset = -1;
-static int hf_wTowerId = -1;
-static int hf_aNetworkAddr = -1;
-static int hf_wAuthnSvc = -1;
-static int hf_wAuthzSvc = -1;
-static int hf_aPrinceName = -1;
-static int hf_Unknown1 = -1;
-static int hf_Unknown2 = -1;
+static int hf_oxid_opnum = -1;
+static int hf_oxid_setid = -1;
+static int hf_oxid_seqnum = -1;
+static int hf_oxid_addtoset = -1;
+static int hf_oxid_delfromset = -1;
+static int hf_oxid_oid = -1;
+static int hf_oxid_ping_backoff_factor = -1;
+static int hf_oxid_oxid = -1;
+static int hf_oxid_requested_protseqs = -1;
+static int hf_oxid_protseqs = -1;
+static int hf_oxid_bindings = -1;
+static int hf_oxid_ipid = -1;
+static int hf_oxid_authn_hint = -1;
+
+static int hf_oxid_Unknown1 = -1;
+static int hf_oxid_Unknown2 = -1;
+static int hf_oxid_ds_array = -1;
+
static gint ett_oxid = -1;
static e_uuid_t uuid_oxid = { 0x99fcfec4, 0x5260, 0x101b, { 0xbb, 0xcb, 0x00, 0xaa, 0x00, 0x21, 0x34, 0x7a } };
static guint16 ver_oxid = 0;
-static const char *
-authz_val2str(unsigned short authz) {
- switch (authz) {
- case 0:
- return "RPC_C_AUTHZ_NONE";
- break;
- case 1:
- return "RPC_C_AUTHZ_NAME";
- break;
- case 2:
- return "RPC_C_AUTHZ_DCE";
- break;
- case 0xffff:
- return "Default";
- break;
- default:
- return "Unknown";
- break;
+
+static int
+dissect_oxid_simple_ping_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ unsigned char pu64SetId[8];
+
+
+ offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep,
+ hf_oxid_setid, pu64SetId);
+
+ return offset;
+}
+
+
+static int
+dissect_oxid_simple_ping_resp(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ guint32 u32HResult;
+
+
+ offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, drep,
+ &u32HResult);
+
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
+ val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
}
+
+ return offset;
}
-static const char *
-authn_val2str(unsigned short authn) {
- switch (authn) {
- case 0:
- return "RPC_C_AUTHN_NONE";
- break;
- case 1:
- return "RPC_C_AUTHN_DCE_PRIVATE";
- break;
- case 2:
- return "RPC_C_AUTHN_DCE_PUBLIC";
- break;
- case 4:
- return "RPC_C_AUTHN_DEC_PUBLIC";
- break;
- case 9:
- return "RPC_C_AUTHN_GSS_NEGOTIATE";
- break;
- case 10:
- return "RPC_C_AUTH_WINNT";
- break;
- case 14:
- return "RPC_C_AUTHN_GSS_SCHANNEL";
- break;
- case 16:
- return "RPC_C_AUTHN_GSS_KERBEROS";
- break;
- case 17:
- return "RPC_C_AUTHN_MSN";
- break;
- case 18:
- return "RPC_C_AUTHN_DPA";
- break;
- case 100:
- return "RPC_C_AUTHN_MQ";
- break;
- case 0xffff:
- return "RPC_C_AUTHN_DEFAULT";
- break;
- default:
- return "Unknown";
- break;
+
+
+static int
+dissect_oxid_complex_ping_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ unsigned char pu64SetId[8];
+ guint16 u16SeqNum;
+ guint16 u16AddToSet;
+ guint16 u16DelFromSet;
+ guint32 u32Pointer;
+ guint32 u32ArraySize;
+ unsigned char pu64OId[8];
+
+
+ offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep,
+ hf_oxid_setid, pu64SetId);
+
+ offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep,
+ hf_oxid_seqnum, &u16SeqNum);
+ offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep,
+ hf_oxid_addtoset, &u16AddToSet);
+ offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep,
+ hf_oxid_delfromset, &u16DelFromSet);
+
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_append_fstr(pinfo->cinfo, COL_INFO, " AddToSet=%u DelFromSet=%u",
+ u16AddToSet, u16DelFromSet);
+ }
+
+ offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
+ &u32Pointer);
+ if (u32Pointer) {
+ offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
+ &u32ArraySize);
+
+ while (u16AddToSet--) {
+ offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep,
+ hf_oxid_oid, pu64OId);
+ }
}
+
+ offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep, &u32Pointer);
+
+ return offset;
}
-static const char *
-towerid_val2str(unsigned short tower) {
- switch (tower) {
- case 0x4:
- return "NCACN_DNET_NSP";
- break;
- case 0x7:
- return "NCACN_IP_TCP";
- break;
- case 0x8:
- return "NCADG_IP_UDP";
- break;
- case 0x9:
- return "NCACN_IP";
- case 0xC:
- return "NCACN_SPX";
- break;
-
- case 0xD:
- return "NCACN_NB_IPX";
- break;
- case 0xE:
- return "NCADG_IPX";
- break;
- case 0x12:
- return "NCACN_NB_NB";
- break;
- case 0x1F:
- return "NCACN_HTTP";
- break;
- default:
- return "Unknown";
- break;
+
+static int
+dissect_oxid_complex_ping_resp(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ unsigned char pu64SetId[8];
+ guint16 u16PingBackoffFactor;
+ guint32 u32HResult;
+
+
+ offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep,
+ hf_oxid_setid, pu64SetId);
+ offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep,
+ hf_oxid_ping_backoff_factor, &u16PingBackoffFactor);
+
+ offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, drep,
+ &u32HResult);
+
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
+ val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
}
+
+ return offset;
}
+
static int
-oxid_server_alive2_dissect_rply(tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *tree, guint8 *drep) {
- COMVERSION comver;
- DUALSTRINGARRAY stringarray;
- STRINGBINDING stringbind;
- SECURITYBINDING securitybind;
- proto_item *bind_hdr, *entries_hdr, *sec_hdr;
- proto_tree *bind_tree, *entries_tree, *sec_tree;
- char *aNetworkAddr = NULL;
- char *aPrinceName = NULL;
- unsigned short string_len = 0;
- unsigned short security_len = 0;
- unsigned char unknown1[8];
- unsigned char unknown2[8];
+dissect_oxid_resolve_oxid2_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ unsigned char pu64OxId[8];
+ guint16 u16ProtSeqs;
+ guint32 u32ArraySize;
+ guint32 u32ItemIdx;
+
+
+ offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep,
+ hf_oxid_oxid, pu64OxId);
- dissect_dcerpc_uint16(tvb, offset, pinfo, tree, drep, hf_COMVERSION_MjrVer, &comver.MajorVersion);
- offset += sizeof(comver.MajorVersion);
+ offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep,
+ hf_oxid_requested_protseqs, &u16ProtSeqs);
- dissect_dcerpc_uint16(tvb, offset, pinfo, tree, drep, hf_COMVERSION_MnrVer, &comver.MinorVersion);
- offset += sizeof(comver.MinorVersion);
+ offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
+ &u32ArraySize);
- dissect_dcerpc_uint64(tvb , offset, pinfo, tree, drep, hf_Unknown1, unknown1);
+ u32ItemIdx = 1;
+ while (u32ArraySize--) {
+ offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep,
+ hf_oxid_protseqs, &u16ProtSeqs);
+ u32ItemIdx++;
+ }
- offset += sizeof(unknown1); /*FIXME - understand what those 8 bytes mean! don't skip'em!*/
- string_len = dcerpc_tvb_get_ntohs(tvb, offset, drep) * 2;
- bind_hdr = proto_tree_add_text(tree, tvb, offset, (int)string_len, "DUALSTRINGARRAY structure");
- bind_tree = proto_item_add_subtree(bind_hdr, 0);
+ return offset;
+}
- dissect_dcerpc_uint16(tvb, offset, pinfo, bind_tree, drep, hf_wNumEntries, &stringarray.wNumEntries);
- offset += sizeof(stringarray.wNumEntries);
- security_len = dcerpc_tvb_get_ntohs(tvb, offset, drep) * 2;
- dissect_dcerpc_uint16(tvb, offset, pinfo, bind_tree, drep, hf_wSecurityOffset, &stringarray.wSecurityOffset);
- offset += sizeof(stringarray.wSecurityOffset);
+static int
+dissect_oxid_resolve_oxid2_resp(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ guint32 u32Pointer;
+ guint32 u32ArraySize;
+ e_uuid_t ipid;
+ guint32 u32AuthnHint;
+ guint16 u16VersionMajor;
+ guint16 u16VersionMinor;
+ guint32 u32HResult;
- entries_hdr = proto_tree_add_text(bind_tree, tvb, offset, (int)security_len, "STRING BINDING");
- entries_tree = proto_item_add_subtree(entries_hdr, 0);
- while(tvb_get_ntohs(tvb, offset) != 0) { /* check that this is not terminating zero */
-
- stringbind.wTowerId = dcerpc_tvb_get_ntohs(tvb, offset, drep);
- proto_tree_add_text(entries_tree, tvb, offset, sizeof(stringbind.wTowerId), "Network Protocol ('TowerID'): %s (0x%x)",towerid_val2str(stringbind.wTowerId), stringbind.wTowerId);
+ offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
+ &u32Pointer);
+ if (u32Pointer) {
+ offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
+ &u32ArraySize);
- offset += sizeof(stringbind.wTowerId);
+ offset = dissect_dcom_DUALSTRINGARRAY(tvb, offset, pinfo, tree, drep,
+ hf_oxid_bindings);
+
+ offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, drep,
+ hf_oxid_ipid, &ipid);
- offset = display_unicode_string(tvb, entries_tree, offset, hf_aNetworkAddr, &aNetworkAddr);
- }
- offset += 2; /* hop over the extra terminating zero */
-
- sec_hdr = proto_tree_add_text(bind_tree, tvb, offset, 0, "SECURITY BINDING");
- sec_tree = proto_item_add_subtree(sec_hdr, 0);
+ offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
+ hf_oxid_authn_hint, &u32AuthnHint);
- while(tvb_get_ntohs(tvb, offset) != 0) {
- securitybind.wAuthnSvc = dcerpc_tvb_get_ntohs(tvb, offset, drep);
- proto_tree_add_text(sec_tree, tvb, offset, sizeof(securitybind.wAuthnSvc), "Authentication Service: %s (0x%x)",authn_val2str(securitybind.wAuthnSvc),securitybind.wAuthnSvc);
- offset += sizeof(securitybind.wAuthnSvc);
+ offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, tree, drep,
+ &u16VersionMajor, &u16VersionMinor);
+ }
- securitybind.wAuthzSvc = dcerpc_tvb_get_ntohs(tvb, offset, drep);
- proto_tree_add_text(sec_tree, tvb, offset, sizeof(securitybind.wAuthzSvc), "Authorization Service: %s (0x%x)",authz_val2str(securitybind.wAuthzSvc),securitybind.wAuthzSvc);
- offset += sizeof(securitybind.wAuthzSvc);
+ offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, drep,
+ &u32HResult);
- offset = display_unicode_string(tvb, sec_tree, offset, hf_aPrinceName, &aPrinceName);
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
+ val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
}
- offset += 2; /* hop over the extra terminating zero */
-
- dissect_dcerpc_uint64(tvb, offset, pinfo, tree, drep, hf_Unknown2, unknown2);
+
+ return offset;
+}
+
+
+static int
+dissect_oxid_server_alive2_resp(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *tree, guint8 *drep) {
+ guint16 u16VersionMajor;
+ guint16 u16VersionMinor;
+ unsigned char unknown1[8];
+ unsigned char unknown2[8];
+
+
+ offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, tree, drep, &u16VersionMajor, &u16VersionMinor);
+
+ /* XXX - understand what those 8 bytes mean! don't skip'em!*/
+ dissect_dcerpc_uint64(tvb , offset, pinfo, tree, drep, hf_oxid_Unknown1, unknown1);
+ offset += sizeof(unknown1);
+
+ offset = dissect_dcom_DUALSTRINGARRAY(tvb, offset, pinfo, tree, drep, hf_oxid_ds_array);
+
+ /* unknown field 2 */
+ dissect_dcerpc_uint64(tvb, offset, pinfo, tree, drep, hf_oxid_Unknown2, unknown2);
offset += sizeof(unknown2);
return offset;
}
+
+/* XXX - some dissectors still need to be done */
static dcerpc_sub_dissector oxid_dissectors[] = {
{ 0, "ResolveOxid", NULL, NULL },
- { 1, "SimplePing", NULL, NULL },
- { 2, "ComplexPing", NULL, NULL },
+ { 1, "SimplePing", dissect_oxid_simple_ping_rqst, dissect_oxid_simple_ping_resp },
+ { 2, "ComplexPing", dissect_oxid_complex_ping_rqst, dissect_oxid_complex_ping_resp },
{ 3, "ServerAlive", NULL, NULL },
- { 4, "ResolveOxid2", NULL, NULL },
- { 5, "ServerAlive2", NULL, oxid_server_alive2_dissect_rply },
+ { 4, "ResolveOxid2", dissect_oxid_resolve_oxid2_rqst, dissect_oxid_resolve_oxid2_resp },
+ { 5, "ServerAlive2", NULL, dissect_oxid_server_alive2_resp },
{ 0, NULL, NULL, NULL },
};
+
void
proto_register_oxid (void)
{
static hf_register_info hf[] = {
- { &hf_opnum,
- { "Operation", "oxid.opnum", FT_UINT16, BASE_DEC,
- NULL, 0x0, "", HFILL }},
- { &hf_COMVERSION_MjrVer,
- { "COM Major Version", "oxid5.com_mjr_ver", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
- { &hf_COMVERSION_MnrVer,
- { "COM Minor Version", "oxid5.com_mnr_ver", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
- { &hf_wNumEntries,
- { "Total Entries length (in 16 bytes blocks)", "oxid5.NumEntries", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
- { &hf_wSecurityOffset,
- { "Offset of Security Binding (in 16 bytes blocks)", "oxid5.SecurityOffset", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
- { &hf_wTowerId,
- { "Network Protocol ('TowerID')", "oxid5.wTowerId", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
- { &hf_aNetworkAddr,
- { "Network Address ('aNetworkAddr')", "oxid5.aNetworkAddr", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
- { &hf_wAuthnSvc,
- { "Authentication Service", "oxid5.AuthnSvc", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
- { &hf_wAuthzSvc,
- { "Autherization Service", "oxid5.AuthzSvc", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }},
- { &hf_aPrinceName,
- { "aPrinceName", "oxid5.aPrinceName", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
- { &hf_Unknown1,
+ { &hf_oxid_opnum,
+ { "Operation", "oxid.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+
+ { &hf_oxid_setid,
+ { "SetId", "oxid_setid", FT_UINT64, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { &hf_oxid_seqnum,
+ { "SeqNum", "oxid_seqnum", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { &hf_oxid_addtoset,
+ { "AddToSet", "oxid_addtoset", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { &hf_oxid_delfromset,
+ { "DelFromSet", "oxid_delfromset", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { &hf_oxid_oid,
+ { "OID", "oxid_oid", FT_UINT64, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { &hf_oxid_ping_backoff_factor,
+ { "PingBackoffFactor", "oxid_ping_backoff_factor", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { &hf_oxid_oxid,
+ { "OXID", "oxid_oxid", FT_UINT64, BASE_HEX, NULL, 0x0, "", HFILL }},
+
+ { &hf_oxid_requested_protseqs,
+ { "RequestedProtSeq", "oxid_requested_protseqs", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { &hf_oxid_protseqs,
+ { "ProtSeq", "oxid_protseqs", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+
+ { &hf_oxid_bindings,
+ { "OxidBindings", "oxid_bindings", FT_NONE, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { &hf_oxid_ipid,
+ { "IPID", "oxid_ipid", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { &hf_oxid_authn_hint,
+ { "AuthnHint", "oxid_authn_hint", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+
+ { &hf_oxid_ds_array,
+ { "Address", "dcom.oxid.address", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { &hf_oxid_Unknown1,
{ "unknown 8 bytes 1", "oxid5.unknown1", FT_UINT64, BASE_HEX, NULL, 0x0, "", HFILL }},
- { &hf_Unknown2,
- { "unknown 8 bytes 2", "oxid5.unknown2", FT_UINT64, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { &hf_oxid_Unknown2,
+ { "unknown 8 bytes 2", "oxid5.unknown2", FT_UINT64, BASE_HEX, NULL, 0x0, "", HFILL }}
};
static gint *ett[] = {
&ett_oxid
@@ -280,5 +330,5 @@ void
proto_reg_handoff_oxid (void)
{
/* Register the protocol as dcerpc */
- dcerpc_init_uuid (proto_oxid, ett_oxid, &uuid_oxid, ver_oxid, oxid_dissectors, hf_opnum);
+ dcerpc_init_uuid (proto_oxid, ett_oxid, &uuid_oxid, ver_oxid, oxid_dissectors, hf_oxid_opnum);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-21 00:50:34 +0000