aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-dcerpc-lsa-ds.c
diff options
context:
space:
mode:
Diffstat (limited to 'epan/dissectors/packet-dcerpc-lsa-ds.c')
-rw-r--r--epan/dissectors/packet-dcerpc-lsa-ds.c378
1 files changed, 378 insertions, 0 deletions
diff --git a/epan/dissectors/packet-dcerpc-lsa-ds.c b/epan/dissectors/packet-dcerpc-lsa-ds.c
new file mode 100644
index 0000000000..8f48809115
--- /dev/null
+++ b/epan/dissectors/packet-dcerpc-lsa-ds.c
@@ -0,0 +1,378 @@
+/* packet-dcerpc-lsa-ds.c
+ * Routines for SMB \PIPE\lsarpc packet disassembly
+ * Copyright 2002-2003, Tim Potter <tpot@samba.org>
+ * Copyright 2002, Jim McDonough <jmcd@samba.org>
+ *
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <glib.h>
+#include <string.h>
+
+#include <epan/packet.h>
+#include "packet-dcerpc.h"
+#include "packet-dcerpc-nt.h"
+#include "smb.h"
+
+#define LSA_DS_DSROLERGETDOMINFO 0x0000
+#define LSA_DS_DSROLER_DNS_NAME_TO_FLAT_NAME 0x0001
+#define LSA_DS_DSROLER_DC_AS_DC 0x0002
+#define LSA_DS_DSROLER_DC_AS_REPLICA 0x0003
+#define LSA_DS_DSROLER_DEMOTE_DC 0x0004
+#define LSA_DS_DSROLER_GET_DC_OPERATION_PROGRESS 0x0005
+#define LSA_DS_DSROLER_GET_DC_OPERATION_RESULTS 0x0006
+#define LSA_DS_DSROLER_CANCEL 0x0007
+#define LSA_DS_DSROLER_SERVER_SAVE_STATE_FOR_UPGRADE 0x0008
+#define LSA_DS_DSROLER_UPGRADE_DOWNLEVEL_SERVER 0x0009
+#define LSA_DS_DSROLER_ABORT_DOWNLEVEL_SERVER_UPGRADE 0x000a
+
+#define LSA_DS_DSROLE_BASIC_INFO 0x0001
+#define LSA_DS_DSROLE_UPGRADE_STATUS 0x0002
+#define LSA_DS_DSROLE_OP_STATUS 0x0003
+
+static int proto_dcerpc_lsa_ds = -1;
+
+static int hf_lsa_ds_opnum = -1;
+static int hf_lsa_ds_dominfo_level = -1;
+static int hf_lsa_ds_machine_role = -1;
+static int hf_lsa_ds_dominfo_flags = -1;
+static int hf_lsa_ds_dominfo_netb_name = -1;
+static int hf_lsa_ds_dominfo_dns_name = -1;
+static int hf_lsa_ds_dominfo_forest_name = -1;
+static int hf_lsa_ds_upgrade_state = -1;
+static int hf_lsa_ds_previous_role = -1;
+static int hf_lsa_ds_op_status = -1;
+static int hf_lsa_ds_rc = -1;
+
+static gint ett_dcerpc_lsa_ds = -1;
+static gint ett_lsa_ds_domain_info = -1;
+static gint ett_lsa_ds_basic_domain_info = -1;
+static gint ett_lsa_ds_upgrade_status = -1;
+static gint ett_lsa_ds_op_status = -1;
+
+static int
+lsa_ds_dissect_DSROLE_BASIC_INFO(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+ proto_item *item=NULL;
+ proto_tree *tree=NULL;
+ int old_offset=offset;
+
+ if(parent_tree){
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "DSROLE_BASIC_DOMAIN_INFO:");
+ tree = proto_item_add_subtree(item,
+ ett_lsa_ds_basic_domain_info);
+ }
+
+ ALIGN_TO_4_BYTES;
+ /* role */
+ offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+ hf_lsa_ds_machine_role, 0);
+
+ /* flags */
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_lsa_ds_dominfo_flags, 0);
+
+ offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
+ NDR_POINTER_UNIQUE, "NetBIOS domain name pointer",
+ hf_lsa_ds_dominfo_netb_name, 0);
+ offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
+ NDR_POINTER_UNIQUE, "DNS domain pointer",
+ hf_lsa_ds_dominfo_dns_name, 0);
+ offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
+ NDR_POINTER_UNIQUE, "DNS forest name pointer",
+ hf_lsa_ds_dominfo_forest_name, 0);
+
+ /* GUID */
+ offset = dissect_nt_GUID(tvb, offset, pinfo, tree, drep);
+
+ proto_item_set_len(item, offset-old_offset);
+ return offset;
+}
+
+static int
+lsa_ds_dissect_DSROLE_UPGRADE_STATUS(tvbuff_t *tvb, int offset,
+ packet_info *pinfo,
+ proto_tree *parent_tree, guint8 *drep)
+{
+ proto_item *item=NULL;
+ proto_tree *tree=NULL;
+ int old_offset=offset;
+
+ if(parent_tree){
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "DSROLE_UPGRADE_STATUS:");
+ tree = proto_item_add_subtree(item,
+ ett_lsa_ds_upgrade_status);
+ }
+
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_lsa_ds_upgrade_state, NULL);
+ offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+ hf_lsa_ds_previous_role, NULL);
+ proto_item_set_len(item, offset-old_offset);
+
+ return offset;
+}
+
+static int
+lsa_ds_dissect_DSROLE_OP_STATUS(tvbuff_t *tvb, int offset,
+ packet_info *pinfo,
+ proto_tree *parent_tree, guint8 *drep)
+{
+ proto_item *item=NULL;
+ proto_tree *tree=NULL;
+ int old_offset=offset;
+
+ if(parent_tree){
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "DSROLE_OP_STATUS:");
+ tree = proto_item_add_subtree(item,
+ ett_lsa_ds_op_status);
+ }
+ offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+ hf_lsa_ds_op_status, NULL);
+ proto_item_set_len(item, offset-old_offset);
+
+ return offset;
+}
+
+static int
+lsa_ds_dissect_DS_DOMINFO_CTR(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+ proto_item *item=NULL;
+ proto_tree *tree=NULL;
+ int old_offset=offset;
+ guint16 level;
+
+ if(parent_tree){
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "DOMAIN_INFO:");
+ tree = proto_item_add_subtree(item, ett_lsa_ds_domain_info);
+ }
+
+ offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+ hf_lsa_ds_dominfo_level, &level);
+
+ switch(level){
+ case LSA_DS_DSROLE_BASIC_INFO:
+ offset = lsa_ds_dissect_DSROLE_BASIC_INFO(
+ tvb, offset, pinfo, tree, drep);
+ break;
+ case LSA_DS_DSROLE_UPGRADE_STATUS:
+ offset = lsa_ds_dissect_DSROLE_UPGRADE_STATUS(
+ tvb, offset, pinfo, tree, drep);
+ break;
+ case LSA_DS_DSROLE_OP_STATUS:
+ offset = lsa_ds_dissect_DSROLE_OP_STATUS(
+ tvb, offset, pinfo, tree, drep);
+ break;
+ }
+ proto_item_set_len(item, offset-old_offset);
+
+ return offset;
+}
+
+static int
+lsa_ds_dissect_role_get_dom_info_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ guint16 level;
+
+ offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+ hf_lsa_ds_dominfo_level, &level);
+
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
+
+ return offset;
+}
+
+static int
+lsa_ds_dissect_role_get_dom_info_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ lsa_ds_dissect_DS_DOMINFO_CTR, NDR_POINTER_UNIQUE,
+ "DOMAIN_INFORMATION pointer", -1);
+
+ offset = dissect_ntstatus(
+ tvb, offset, pinfo, tree, drep, hf_lsa_ds_rc, NULL);
+
+ return offset;
+}
+
+static const value_string lsa_ds_dominfo_levels[] = {
+ { LSA_DS_DSROLE_BASIC_INFO, "DsRoleBasicInfo"},
+ { LSA_DS_DSROLE_UPGRADE_STATUS, "DsRoleUpgradeStatus"},
+ { LSA_DS_DSROLE_OP_STATUS, "DsRoleOpStatus"},
+ { 0, NULL }
+};
+
+static const value_string lsa_ds_role_vals[] = {
+ { 0, "Standalone Workstation" },
+ { 1, "Domain Member Workstation" },
+ { 2, "Standalone Server" },
+ { 3, "Domain Member Server" },
+ { 4, "Backup Domain Controller" },
+ { 5, "Primary Domain Controller" },
+ { 0, NULL }
+};
+
+static const value_string lsa_ds_upgrade_vals[] = {
+ { 0, "Not currently upgrading"},
+ { 1, "Upgrade in progress"},
+ { 0, NULL }
+};
+
+static const value_string lsa_ds_previous_roles[] = {
+ { 0, "Unknown state" },
+ { 1, "Primary" },
+ { 2, "Backup" },
+ { 0, NULL }
+};
+
+static const value_string lsa_ds_op_states[] = {
+ { 0, "Idle" },
+ { 1, "Active" },
+ { 2, "Needs reboot" },
+ { 0, NULL }
+};
+
+void
+proto_register_dcerpc_lsa_ds(void)
+{
+ static hf_register_info hf[] = {
+
+ { &hf_lsa_ds_opnum,
+ { "Operation", "ls_ads.opnum", FT_UINT16, BASE_DEC,
+ NULL, 0x0, "Operation", HFILL }},
+
+ { &hf_lsa_ds_dominfo_level,
+ { "Level", "lsa_ds.dominfo.level", FT_UINT16, BASE_DEC,
+ VALS(lsa_ds_dominfo_levels), 0x0,
+ "Information level of requested data", HFILL }},
+
+ { &hf_lsa_ds_machine_role,
+ { "Machine role", "lsa_ds.role", FT_UINT16, BASE_HEX,
+ VALS(lsa_ds_role_vals), 0x0, "Role of machine in domain", HFILL}},
+
+ { &hf_lsa_ds_dominfo_flags,
+ { "Flags", "lsa_ds.dominfo.flags", FT_UINT32, BASE_HEX,
+ NULL, 0x0, "Machine flags", HFILL }},
+
+ { &hf_lsa_ds_dominfo_netb_name,
+ { "Netbios name", "lsa_ds.dominfo.nbname", FT_STRING, BASE_NONE,
+ NULL, 0x0, "Netbios Domain Name", HFILL}},
+
+ { &hf_lsa_ds_dominfo_dns_name,
+ { "DNS name", "lsa_ds.dominfo.dnsname", FT_STRING, BASE_NONE,
+ NULL, 0x0, "DNS Domain Name", HFILL}},
+
+ { &hf_lsa_ds_dominfo_forest_name,
+ { "Forest name", "lsa_ds.dominfo.forest", FT_STRING, BASE_NONE,
+ NULL, 0x0, "DNS Forest Name", HFILL}},
+
+ { &hf_lsa_ds_upgrade_state,
+ { "Upgrading", "ls_ads.upgrading", FT_UINT32, BASE_DEC,
+ VALS(lsa_ds_upgrade_vals), 0x0, "Upgrade State", HFILL }},
+
+ { &hf_lsa_ds_previous_role,
+ { "Previous role", "ls_ads.upgrading", FT_UINT16, BASE_DEC,
+ VALS(lsa_ds_previous_roles), 0x0,
+ "Previous server role before upgrade", HFILL }},
+
+ { &hf_lsa_ds_op_status,
+ { "Operational status", "ls_ads.op_status", FT_UINT16, BASE_DEC,
+ VALS(lsa_ds_op_states), 0x0,
+ "Current operational status", HFILL }},
+
+ { &hf_lsa_ds_rc,
+ { "Return code", "lsa_ds.rc", FT_UINT32, BASE_HEX,
+ VALS (NT_errors), 0x0, "LSA_DS return status code", HFILL }},
+ };
+
+ static gint *ett[] = {
+ &ett_dcerpc_lsa_ds,
+ &ett_lsa_ds_domain_info,
+ &ett_lsa_ds_basic_domain_info,
+ &ett_lsa_ds_upgrade_status,
+ &ett_lsa_ds_op_status
+ };
+
+ proto_dcerpc_lsa_ds = proto_register_protocol(
+ "Microsoft Local Security Architecture (Directory Services)",
+ "LSA_DS", "lsa_ds");
+ proto_register_field_array(proto_dcerpc_lsa_ds, hf, array_length(hf));
+ proto_register_subtree_array(ett, array_length(ett));
+}
+
+/* Protocol handoff */
+
+static e_uuid_t uuid_dcerpc_lsa_ds = {
+ 0x3919286a, 0xb10c, 0x11d0,
+ { 0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5}
+};
+
+static guint16 ver_dcerpc_lsa_ds = 0;
+
+static dcerpc_sub_dissector lsa_ds_dissectors[] = {
+ { LSA_DS_DSROLERGETDOMINFO, "DsRolerGetDomInfo",
+ lsa_ds_dissect_role_get_dom_info_rqst,
+ lsa_ds_dissect_role_get_dom_info_reply },
+ { LSA_DS_DSROLER_DNS_NAME_TO_FLAT_NAME,
+ "DsRolerDnsNameToFlatName", NULL, NULL },
+ { LSA_DS_DSROLER_DC_AS_DC,
+ "DsRolerDcAsDc", NULL, NULL },
+ { LSA_DS_DSROLER_DC_AS_REPLICA,
+ "DsRolerDcAsReplica", NULL, NULL },
+ { LSA_DS_DSROLER_DEMOTE_DC,
+ "DsRolerDemoteDc", NULL, NULL },
+ { LSA_DS_DSROLER_GET_DC_OPERATION_PROGRESS,
+ "DsRolerGetDcOperationProgress", NULL, NULL },
+ { LSA_DS_DSROLER_GET_DC_OPERATION_RESULTS,
+ "DsRolerGetDcOperationResults", NULL, NULL },
+ { LSA_DS_DSROLER_CANCEL,
+ "DsRolerCancel", NULL, NULL },
+ { LSA_DS_DSROLER_SERVER_SAVE_STATE_FOR_UPGRADE,
+ "DsRolerServerSaveStateForUpgrade", NULL, NULL },
+ { LSA_DS_DSROLER_UPGRADE_DOWNLEVEL_SERVER,
+ "DsRolerUpgradeDownlevelServer", NULL, NULL },
+ { LSA_DS_DSROLER_ABORT_DOWNLEVEL_SERVER_UPGRADE,
+ "DsRolerAbortDownlevelServerUpgrade", NULL, NULL },
+ { 0, NULL, NULL, NULL },
+};
+
+void
+proto_reg_handoff_dcerpc_lsa_ds(void)
+{
+ /* Register protocol as dcerpc */
+
+ dcerpc_init_uuid(proto_dcerpc_lsa_ds, ett_dcerpc_lsa_ds,
+ &uuid_dcerpc_lsa_ds, ver_dcerpc_lsa_ds,
+ lsa_ds_dissectors, hf_lsa_ds_opnum);
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 02:35:06 +0000