aboutsummaryrefslogtreecommitdiffstats
path: root/packet-dcerpc-nt.c
diff options
context:
space:
mode:
Diffstat (limited to 'packet-dcerpc-nt.c')
-rw-r--r--packet-dcerpc-nt.c168
1 files changed, 84 insertions, 84 deletions
diff --git a/packet-dcerpc-nt.c b/packet-dcerpc-nt.c
index f260a5e15f..ab91ea85c4 100644
--- a/packet-dcerpc-nt.c
+++ b/packet-dcerpc-nt.c
@@ -2,22 +2,22 @@
* Routines for DCERPC over SMB packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
- * $Id: packet-dcerpc-nt.c,v 1.45 2002/08/22 18:24:06 guy Exp $
+ * $Id: packet-dcerpc-nt.c,v 1.46 2002/08/28 21:00:10 jmayer Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
- *
+ *
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
@@ -45,7 +45,7 @@ int prs_align(int offset, int n)
{
if (offset % n)
offset += n - (offset % n);
-
+
return offset;
}
@@ -55,14 +55,14 @@ int prs_uint8(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
proto_tree *tree, guint8 *data, char *name)
{
guint8 i;
-
+
/* No alignment required */
i = tvb_get_guint8(tvb, offset);
offset++;
if (name && tree)
- proto_tree_add_text(tree, tvb, offset - 1, 1,
+ proto_tree_add_text(tree, tvb, offset - 1, 1,
"%s: %u", name, i);
if (data)
@@ -93,14 +93,14 @@ int prs_uint16(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
proto_tree *tree, guint16 *data, char *name)
{
guint16 i;
-
+
offset = prs_align(offset, 2);
-
+
i = tvb_get_letohs(tvb, offset);
offset += 2;
if (name && tree)
- proto_tree_add_text(tree, tvb, offset - 2, 2,
+ proto_tree_add_text(tree, tvb, offset - 2, 2,
"%s: %u", name, i);
if (data)
*data = i;
@@ -114,9 +114,9 @@ int prs_uint16s(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
proto_tree *tree, int count, int *data_offset, char *name)
{
offset = prs_align(offset, 2);
-
+
if (name && tree)
- proto_tree_add_text(tree, tvb, offset, count * 2,
+ proto_tree_add_text(tree, tvb, offset, count * 2,
"%s", name);
if (data_offset)
*data_offset = offset;
@@ -132,14 +132,14 @@ int prs_uint32(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
proto_tree *tree, guint32 *data, char *name)
{
guint32 i;
-
+
offset = prs_align(offset, 4);
-
+
i = tvb_get_letohl(tvb, offset);
offset += 4;
if (name && tree)
- proto_tree_add_text(tree, tvb, offset - 4, 4,
+ proto_tree_add_text(tree, tvb, offset - 4, 4,
"%s: %u", name, i);
if (data)
@@ -154,9 +154,9 @@ int prs_uint32s(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
proto_tree *tree, int count, int *data_offset, char *name)
{
offset = prs_align(offset, 4);
-
+
if (name && tree)
- proto_tree_add_text(tree, tvb, offset - 4, 4,
+ proto_tree_add_text(tree, tvb, offset - 4, 4,
"%s", name);
if (data_offset)
*data_offset = offset;
@@ -236,7 +236,7 @@ int prs_push_ptr(tvbuff_t *tvb, int offset, packet_info *pinfo,
offset = prs_uint32(tvb, offset, pinfo, tree, &value, NULL);
if (name && tree)
- proto_tree_add_text(tree, tvb, offset - 4, 4,
+ proto_tree_add_text(tree, tvb, offset - 4, 4,
"%s pointer: 0x%08x", name, value);
p = new_ptr(name, value);
@@ -328,9 +328,9 @@ int prs_UNISTR2(tvbuff_t *tvb, int offset, packet_info *pinfo,
if (flags & PARSE_SCALARS) {
offset = prs_uint32(tvb, offset, pinfo, tree, &len, "Length");
- offset = prs_uint32(tvb, offset, pinfo, tree, &unknown,
+ offset = prs_uint32(tvb, offset, pinfo, tree, &unknown,
"Offset");
- offset = prs_uint32(tvb, offset, pinfo, tree, &max_len,
+ offset = prs_uint32(tvb, offset, pinfo, tree, &max_len,
"Max length");
}
@@ -347,14 +347,14 @@ int prs_UNISTR2(tvbuff_t *tvb, int offset, packet_info *pinfo,
return offset;
}
-/* following are a few functions for dissecting common structures used by NT
+/* following are a few functions for dissecting common structures used by NT
services. These might need to be cleaned up at a later time but at least we get
them out of the real service dissectors.
*/
/* UNICODE_STRING BEGIN */
-/* functions to dissect a UNICODE_STRING structure, common to many
+/* functions to dissect a UNICODE_STRING structure, common to many
NT services
struct {
short len;
@@ -362,7 +362,7 @@ int prs_UNISTR2(tvbuff_t *tvb, int offset, packet_info *pinfo,
[size_is(size/2), length_is(len/2), ptr] unsigned short *string;
} UNICODE_STRING;
- these variables can be found in packet-dcerpc-samr.c
+ these variables can be found in packet-dcerpc-samr.c
*/
extern int hf_nt_str_len;
extern int hf_nt_str_off;
@@ -388,8 +388,8 @@ static gint ett_nt_policy_hnd = -1;
the name: string to any higher levels in the tree .
*/
int
-dissect_ndr_nt_UNICODE_STRING_str(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree,
+dissect_ndr_nt_UNICODE_STRING_str(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
char *drep)
{
guint32 len, off, max_len;
@@ -447,14 +447,14 @@ dissect_ndr_nt_UNICODE_STRING_str(tvbuff_t *tvb, int offset,
[size_is(size/2), length_is(len/2), ptr] unsigned short *string;
} UNICODE_STRING;
structure used by NT to transmit unicode string values.
-
+
the function takes one additional parameter, level
which specifies how many additional levels up in the tree where we should
append the string. If unsure, specify levels as 0.
*/
int
-dissect_ndr_nt_UNICODE_STRING(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *parent_tree,
+dissect_ndr_nt_UNICODE_STRING(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *parent_tree,
char *drep, int hf_index, int levels)
{
proto_item *item=NULL;
@@ -493,7 +493,7 @@ dissect_ndr_nt_UNICODE_STRING(tvbuff_t *tvb, int offset,
}
/* UNICODE_STRING END */
-/* functions to dissect a STRING structure, common to many
+/* functions to dissect a STRING structure, common to many
NT services
struct {
short len;
@@ -502,8 +502,8 @@ dissect_ndr_nt_UNICODE_STRING(tvbuff_t *tvb, int offset,
} STRING;
*/
int
-dissect_ndr_nt_STRING_string (tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree,
+dissect_ndr_nt_STRING_string (tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
char *drep)
{
guint32 len, off, max_len;
@@ -534,7 +534,7 @@ dissect_ndr_nt_STRING_string (tvbuff_t *tvb, int offset,
offset = prs_uint8s(tvb, offset, pinfo, tree, len,
&text_offset, NULL);
text = tvb_get_ptr(tvb, text_offset, len);
- proto_tree_add_string_format(tree, di->hf_index,
+ proto_tree_add_string_format(tree, di->hf_index,
tvb, old_offset, offset-old_offset,
text, "%s: %s", hfi->name, text);
break;
@@ -564,8 +564,8 @@ dissect_ndr_nt_STRING_string (tvbuff_t *tvb, int offset,
}
int
-dissect_ndr_nt_STRING (tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *parent_tree,
+dissect_ndr_nt_STRING (tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *parent_tree,
char *drep, int hf_index, int levels)
{
proto_item *item=NULL;
@@ -604,11 +604,11 @@ dissect_ndr_nt_STRING (tvbuff_t *tvb, int offset,
/* This function is used to dissect a DCERPC encoded 64 bit time value.
XXX it should be fixed both here and in dissect_smb_64bit_time so
- it can handle both BIG and LITTLE endian encodings
+ it can handle both BIG and LITTLE endian encodings
*/
int
-dissect_ndr_nt_NTTIME (tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree,
+dissect_ndr_nt_NTTIME (tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
char *drep _U_, int hf_index)
{
dcerpc_info *di;
@@ -659,7 +659,7 @@ static guint pol_hash_fn(gconstpointer k)
/* Bytes 4-7 of the policy handle are a timestamp so should make a
reasonable hash value */
-
+
return key->policy_hnd[4] + (key->policy_hnd[5] << 8) +
(key->policy_hnd[6] << 16) + (key->policy_hnd[7] << 24);
}
@@ -680,13 +680,13 @@ static gint pol_hash_compare(gconstpointer k1, gconstpointer k2)
pol_hash_key *key1 = (pol_hash_key *)k1;
pol_hash_key *key2 = (pol_hash_key *)k2;
- return memcmp(key1->policy_hnd, key2->policy_hnd,
+ return memcmp(key1->policy_hnd, key2->policy_hnd,
sizeof(key1->policy_hnd)) == 0;
}
/* Store the open and close frame numbers of a policy handle */
-void dcerpc_smb_store_pol_pkts(e_ctx_hnd *policy_hnd, guint32 open_frame,
+void dcerpc_smb_store_pol_pkts(e_ctx_hnd *policy_hnd, guint32 open_frame,
guint32 close_frame)
{
pol_hash_key *key;
@@ -786,7 +786,7 @@ void dcerpc_smb_store_pol_name(e_ctx_hnd *policy_hnd, char *name)
/* Retrieve a policy handle */
-gboolean dcerpc_smb_fetch_pol(e_ctx_hnd *policy_hnd, char **name,
+gboolean dcerpc_smb_fetch_pol(e_ctx_hnd *policy_hnd, char **name,
guint32 *open_frame, guint32 *close_frame)
{
pol_hash_key key;
@@ -810,7 +810,7 @@ gboolean dcerpc_smb_fetch_pol(e_ctx_hnd *policy_hnd, char **name,
value = g_hash_table_lookup(pol_hash, &key);
/* Return name and frame numbers */
-
+
if (value) {
if (name)
*name = value->name;
@@ -852,7 +852,7 @@ static void init_pol_hash(void)
pol_hash_key_chunk = g_mem_chunk_new(
"Policy handle hash keys", sizeof(pol_hash_key),
POL_HASH_INIT_COUNT * sizeof(pol_hash_key), G_ALLOC_ONLY);
-
+
if (pol_hash_value_chunk)
g_mem_chunk_destroy(pol_hash_value_chunk);
@@ -872,7 +872,7 @@ static void init_pol_hash(void)
/* Dissect an access mask. All this stuff is kind of explained at MSDN:
-http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/windows_2000_windows_nt_access_mask_format.asp
+http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/windows_2000_windows_nt_access_mask_format.asp
*/
@@ -976,11 +976,11 @@ dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree_add_boolean(
standard, hf_access_standard_write_owner, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
standard, hf_access_standard_write_dac, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
standard, hf_access_standard_read_control, tvb, offset - 4, 4,
access);
@@ -1007,67 +1007,67 @@ dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree_add_boolean(
specific, hf_access_specific_15, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_14, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_13, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_12, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_11, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_10, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_9, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_8, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_7, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_6, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_5, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_4, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_3, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_2, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_1, tvb, offset - 4, 4,
access);
-
+
proto_tree_add_boolean(
specific, hf_access_specific_0, tvb, offset - 4, 4,
access);
-
+
return offset;
}
@@ -1094,27 +1094,27 @@ void proto_register_dcerpc_smb(void)
{ &hf_access_generic_read,
{ "Generic read", "nt.access_mask.generic_read",
- FT_BOOLEAN, 32, TFS(&flags_set_truth),
+ FT_BOOLEAN, 32, TFS(&flags_set_truth),
GENERIC_READ_ACCESS, "Generic read", HFILL }},
{ &hf_access_generic_write,
{ "Generic write", "nt.access_mask.generic_write",
- FT_BOOLEAN, 32, TFS(&flags_set_truth),
+ FT_BOOLEAN, 32, TFS(&flags_set_truth),
GENERIC_WRITE_ACCESS, "Generic write", HFILL }},
{ &hf_access_generic_execute,
{ "Generic execute", "nt.access_mask.generic_execute",
- FT_BOOLEAN, 32, TFS(&flags_set_truth),
+ FT_BOOLEAN, 32, TFS(&flags_set_truth),
GENERIC_EXECUTE_ACCESS, "Generic execute", HFILL }},
{ &hf_access_generic_all,
{ "Generic all", "nt.access_mask.generic_all",
- FT_BOOLEAN, 32, TFS(&flags_set_truth),
+ FT_BOOLEAN, 32, TFS(&flags_set_truth),
GENERIC_ALL_ACCESS, "Generic all", HFILL }},
{ &hf_access_maximum_allowed,
{ "Maximum allowed", "nt.access_mask.maximum_allowed",
- FT_BOOLEAN, 32, TFS(&flags_set_truth),
+ FT_BOOLEAN, 32, TFS(&flags_set_truth),
MAXIMUM_ALLOWED_ACCESS, "Maximum allowed", HFILL }},
{ &hf_access_sacl,
@@ -1261,13 +1261,13 @@ void proto_register_dcerpc_smb(void)
frame exception. For the DCERPC over SMB dissectors a long frame
indicates a bug in a dissector. */
-void dcerpc_smb_check_long_frame(tvbuff_t *tvb, int offset,
+void dcerpc_smb_check_long_frame(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree)
{
if (tvb_length_remaining(tvb, offset) != 0) {
proto_tree_add_text(
- tree, tvb, offset, tvb_length_remaining(tvb, offset),
+ tree, tvb, offset, tvb_length_remaining(tvb, offset),
"[Long frame (%d bytes): SPOOLSS]",
tvb_length_remaining(tvb, offset));
@@ -1282,7 +1282,7 @@ void dcerpc_smb_check_long_frame(tvbuff_t *tvb, int offset,
int
dissect_ntstatus(tvbuff_t *tvb, gint offset, packet_info *pinfo,
- proto_tree *tree, char *drep,
+ proto_tree *tree, char *drep,
int hfindex, guint32 *pdata)
{
guint32 status;
@@ -1292,7 +1292,7 @@ dissect_ntstatus(tvbuff_t *tvb, gint offset, packet_info *pinfo,
if (tree && status != 0 && check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO, ", %s",
- val_to_str(status, NT_errors,
+ val_to_str(status, NT_errors,
"Unknown error 0x%08x"));
if (pdata)
*pdata = status;
@@ -1304,7 +1304,7 @@ dissect_ntstatus(tvbuff_t *tvb, gint offset, packet_info *pinfo,
int
dissect_doserror(tvbuff_t *tvb, gint offset, packet_info *pinfo,
- proto_tree *tree, char *drep,
+ proto_tree *tree, char *drep,
int hfindex, guint32 *pdata)
{
guint32 status;
@@ -1314,7 +1314,7 @@ dissect_doserror(tvbuff_t *tvb, gint offset, packet_info *pinfo,
if (tree && status != 0 && check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO, ", %s",
- val_to_str(status, DOS_errors,
+ val_to_str(status, DOS_errors,
"Unknown error 0x%08x"));
if (pdata)
*pdata = status;
@@ -1326,7 +1326,7 @@ dissect_doserror(tvbuff_t *tvb, gint offset, packet_info *pinfo,
int
dissect_nt_policy_hnd(tvbuff_t *tvb, gint offset, packet_info *pinfo,
- proto_tree *tree, char *drep, int hfindex,
+ proto_tree *tree, char *drep, int hfindex,
e_ctx_hnd *pdata, gboolean is_open, gboolean is_close)
{
proto_item *item;
@@ -1338,16 +1338,16 @@ dissect_nt_policy_hnd(tvbuff_t *tvb, gint offset, packet_info *pinfo,
/* Add to proto tree */
- item = proto_tree_add_text(tree, tvb, offset, sizeof(e_ctx_hnd),
+ item = proto_tree_add_text(tree, tvb, offset, sizeof(e_ctx_hnd),
"Policy Handle");
subtree = proto_item_add_subtree(item, ett_nt_policy_hnd);
- offset = dissect_ndr_ctx_hnd(tvb, offset, pinfo, subtree, drep,
- hfindex, &hnd);
+ offset = dissect_ndr_ctx_hnd(tvb, offset, pinfo, subtree, drep,
+ hfindex, &hnd);
/* Store request/reply information */
-
+
dcerpc_smb_store_pol_pkts(&hnd, 0, is_close ? pinfo->fd->num : 0);
dcerpc_smb_store_pol_pkts(&hnd, is_open ? pinfo->fd->num: 0, 0);
@@ -1381,7 +1381,7 @@ dissect_nt_policy_hnd(tvbuff_t *tvb, gint offset, packet_info *pinfo,
int
dissect_dcerpc_uint8s(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
- proto_tree *tree, char *drep, int hfindex,
+ proto_tree *tree, char *drep, int hfindex,
int length, guint8 **pdata)
{
guint8 *data;
@@ -1400,7 +1400,7 @@ dissect_dcerpc_uint8s(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
int
dissect_ndr_uint8s(tvbuff_t *tvb, gint offset, packet_info *pinfo,
- proto_tree *tree, char *drep,
+ proto_tree *tree, char *drep,
int hfindex, int length, guint8 **pdata)
{
dcerpc_info *di;
@@ -1412,13 +1412,13 @@ dissect_ndr_uint8s(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
/* no alignment needed */
- return dissect_dcerpc_uint8s(tvb, offset, pinfo,
+ return dissect_dcerpc_uint8s(tvb, offset, pinfo,
tree, drep, hfindex, length, pdata);
}
int
dissect_dcerpc_uint16s(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
- proto_tree *tree, char *drep, int hfindex,
+ proto_tree *tree, char *drep, int hfindex,
int length, guint16 **pdata)
{
guint16 *data;
@@ -1437,7 +1437,7 @@ dissect_dcerpc_uint16s(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
int
dissect_ndr_uint16s(tvbuff_t *tvb, gint offset, packet_info *pinfo,
- proto_tree *tree, char *drep,
+ proto_tree *tree, char *drep,
int hfindex, int length, guint16 **pdata)
{
dcerpc_info *di;
@@ -1451,6 +1451,6 @@ dissect_ndr_uint16s(tvbuff_t *tvb, gint offset, packet_info *pinfo,
if (offset % 2)
offset++;
- return dissect_dcerpc_uint16s(tvb, offset, pinfo,
+ return dissect_dcerpc_uint16s(tvb, offset, pinfo,
tree, drep, hfindex, length, pdata);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 22:34:43 +0000