diff options
| author | Stefan Metzmacher <metze@samba.org> | 2015-10-06 15:35:37 +0200 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2015-11-01 14:54:18 +0000 |
| commit | ae574e3de75352fc6c3ad4703531a0e821956ef9 (patch) | |
| tree | c878d31753f40e78f09d80ac313063521fdf4580 /epan/dissectors | |
| parent | c0424164437b041e0746271eb90a23fa1d19e895 (diff) | |
packet-dcerpc: improve dissection of bind time feature negotiation
Change-Id: I6bcc5538149e36eed31933897a95fa7592baa84a
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11363
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors')
| -rw-r--r-- | epan/dissectors/packet-dcerpc.c | 70 |
1 files changed, 40 insertions, 30 deletions
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c index eb7cfcb8dc..63f0bf8703 100644 --- a/epan/dissectors/packet-dcerpc.c +++ b/epan/dissectors/packet-dcerpc.c @@ -57,12 +57,6 @@ static e_guid_t uuid_data_repr_proto = { 0x8a885d04, 0x1ceb, 0x11c9, static e_guid_t uuid_ndr64 = { 0x71710533, 0xbeba, 0x4937, { 0x83, 0x19, 0xb5, 0xdb, 0xef, 0x9c, 0xcc, 0x36 } }; -/* Bind Time Feature Negotiation, see [MS-RPCE] 3.3.1.5.3 */ -static e_guid_t uuid_bind_time_feature_nego_00 = { 0x6cb71c2c, 0x9812, 0x4540, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }; -static e_guid_t uuid_bind_time_feature_nego_01 = { 0x6cb71c2c, 0x9812, 0x4540, { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }; -static e_guid_t uuid_bind_time_feature_nego_02 = { 0x6cb71c2c, 0x9812, 0x4540, { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }; -static e_guid_t uuid_bind_time_feature_nego_03 = { 0x6cb71c2c, 0x9812, 0x4540, { 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }; - /* see [MS-OXRPC] Appendix A: Full IDL, http://msdn.microsoft.com/en-us/library/ee217991%28v=exchg.80%29.aspx */ static e_guid_t uuid_asyncemsmdb = { 0x5261574a, 0x4572, 0x206e, { 0xb2, 0x68, 0x6b, 0x19, 0x92, 0x13, 0xb4, 0xe4 } }; @@ -470,6 +464,7 @@ static int hf_dcerpc_cn_bind_if_ver_minor = -1; static int hf_dcerpc_cn_bind_trans_syntax = -1; static int hf_dcerpc_cn_bind_trans_id = -1; static int hf_dcerpc_cn_bind_trans_ver = -1; +static int hf_dcerpc_cn_bind_trans_btfn = -1; static int hf_dcerpc_cn_bind_trans_btfn_01 = -1; static int hf_dcerpc_cn_bind_trans_btfn_02 = -1; static int hf_dcerpc_cn_alloc_hint = -1; @@ -480,7 +475,6 @@ static int hf_dcerpc_cn_ack_result = -1; static int hf_dcerpc_cn_ack_reason = -1; static int hf_dcerpc_cn_ack_trans_id = -1; static int hf_dcerpc_cn_ack_trans_ver = -1; -static int hf_dcerpc_cn_ack_btfn = -1; static int hf_dcerpc_cn_reject_reason = -1; static int hf_dcerpc_cn_num_protocols = -1; static int hf_dcerpc_cn_protocol_ver_major = -1; @@ -596,12 +590,19 @@ static int hf_dcerpc_cmd_client_ipv4 = -1; static int hf_dcerpc_cmd_client_ipv6 = -1; static int hf_dcerpc_authentication_verifier = -1; +static const int *dcerpc_cn_bind_trans_btfn_fields[] = { + &hf_dcerpc_cn_bind_trans_btfn_01, + &hf_dcerpc_cn_bind_trans_btfn_02, + NULL +}; + static gint ett_dcerpc = -1; static gint ett_dcerpc_cn_flags = -1; static gint ett_dcerpc_cn_ctx = -1; static gint ett_dcerpc_cn_iface = -1; static gint ett_dcerpc_cn_trans_syntax = -1; static gint ett_dcerpc_cn_trans_btfn = -1; +static gint ett_dcerpc_cn_bind_trans_btfn = -1; static gint ett_dcerpc_cn_rts_flags = -1; static gint ett_dcerpc_cn_rts_command = -1; static gint ett_dcerpc_cn_rts_pdu = -1; @@ -3516,7 +3517,6 @@ dissect_dcerpc_cn_bind(tvbuff_t *tvb, gint offset, packet_info *pinfo, for (j = 0; j < num_trans_items; j++) { proto_tree *trans_tree = NULL; proto_item *trans_item = NULL; - proto_item *uuid_item = NULL; dcerpc_tvb_get_uuid(tvb, offset, hdr->drep, &trans_id); if (ctx_tree) { @@ -3527,22 +3527,33 @@ dissect_dcerpc_cn_bind(tvbuff_t *tvb, gint offset, packet_info *pinfo, uuid_str = guid_to_str(wmem_packet_scope(), (e_guid_t *) &trans_id); uuid_name = guids_get_uuid_name(&trans_id); - if (uuid_name) { - uuid_item = proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id, tvb, offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s UUID:%s", uuid_name, uuid_str); + /* check for [MS-RPCE] 3.3.1.5.3 Bind Time Feature Negotiation */ + if (trans_id.data1 == 0x6cb71c2c && trans_id.data2 == 0x9812 && trans_id.data3 == 0x4540) { + proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id, + tvb, offset, 16, (e_guid_t *) &trans_id, + "Transfer Syntax: Bind Time Feature Negotiation UUID:%s", + uuid_str); + proto_tree_add_bitmask(trans_tree, tvb, offset + 8, + hf_dcerpc_cn_bind_trans_btfn, + ett_dcerpc_cn_bind_trans_btfn, + dcerpc_cn_bind_trans_btfn_fields, + ENC_LITTLE_ENDIAN); + proto_item_append_text(trans_item, "[%u]: Bind Time Feature Negotiation", j+1); + proto_item_append_text(ctx_item, ", Bind Time Feature Negotiation"); + } else if (uuid_name) { + proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id, + tvb, offset, 16, (e_guid_t *) &trans_id, + "Transfer Syntax: %s UUID:%s", uuid_name, uuid_str); proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_name); proto_item_append_text(ctx_item, ", %s", uuid_name); } else { - uuid_item = proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id, tvb, offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str); + proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id, + tvb, offset, 16, (e_guid_t *) &trans_id, + "Transfer Syntax: %s", uuid_str); proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_str); proto_item_append_text(ctx_item, ", %s", uuid_str); } - /* check for [MS-RPCE] 3.3.1.5.3 Bind Time Feature Negotiation */ - if (trans_id.data1 == 0x6cb71c2c && trans_id.data2 == 0x9812 && trans_id.data3 == 0x4540) { - proto_tree *uuid_tree = proto_item_add_subtree(uuid_item, ett_dcerpc_cn_trans_btfn); - proto_tree_add_boolean(uuid_tree, hf_dcerpc_cn_bind_trans_btfn_01, tvb, offset+8, 1, trans_id.data4[0]); - proto_tree_add_boolean(uuid_tree, hf_dcerpc_cn_bind_trans_btfn_02, tvb, offset+8, 1, trans_id.data4[0]); - } } offset += 16; @@ -3656,10 +3667,12 @@ dissect_dcerpc_cn_bind_ack(tvbuff_t *tvb, gint offset, packet_info *pinfo, /* [MS-RPCE] 3.3.1.5.3 check if this Ctx Item is the response to a Bind Time Feature Negotiation request */ if (result == 3) { - const int old_offset = offset; - offset = dissect_dcerpc_uint16(tvb, offset, pinfo, ctx_tree, hdr->drep, hf_dcerpc_cn_ack_btfn, &reason); - proto_tree_add_boolean(ctx_tree, hf_dcerpc_cn_bind_trans_btfn_01, tvb, old_offset, 1, reason); - proto_tree_add_boolean(ctx_tree, hf_dcerpc_cn_bind_trans_btfn_02, tvb, old_offset, 1, reason); + proto_tree_add_bitmask(ctx_tree, tvb, offset, + hf_dcerpc_cn_bind_trans_btfn, + ett_dcerpc_cn_bind_trans_btfn, + dcerpc_cn_bind_trans_btfn_fields, + ENC_LITTLE_ENDIAN); + offset += 2; } else if (result != 0) { offset = dissect_dcerpc_uint16(tvb, offset, pinfo, ctx_tree, hdr->drep, hf_dcerpc_cn_ack_reason, @@ -6193,10 +6206,12 @@ proto_register_dcerpc(void) { "ID", "dcerpc.cn_bind_trans_id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_cn_bind_trans_ver, { "ver", "dcerpc.cn_bind_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_dcerpc_cn_bind_trans_btfn_01, /* [MS-RPCE] 2.2.2.14 */ - { "Security Context Multiplexing Supported", "dcerpc.cn_bind_trans_btfn.01", FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x01, NULL, HFILL }}, + { &hf_dcerpc_cn_bind_trans_btfn, /* [MS-RPCE] 2.2.2.14 */ + {"Bind Time Features", "dcerpc.cn_bind_trans_btfn", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL }}, + { &hf_dcerpc_cn_bind_trans_btfn_01, + { "Security Context Multiplexing Supported", "dcerpc.cn_bind_trans_btfn.01", FT_BOOLEAN, 16, NULL, 0x01, NULL, HFILL }}, { &hf_dcerpc_cn_bind_trans_btfn_02, - { "Keep Connection On Orphan Supported", "dcerpc.cn_bind_trans_btfn.02", FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x02, NULL, HFILL }}, + { "Keep Connection On Orphan Supported", "dcerpc.cn_bind_trans_btfn.02", FT_BOOLEAN, 16, NULL, 0x02, NULL, HFILL }}, { &hf_dcerpc_cn_alloc_hint, { "Alloc hint", "dcerpc.cn_alloc_hint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_cn_sec_addr_len, @@ -6213,8 +6228,6 @@ proto_register_dcerpc(void) { "Transfer Syntax", "dcerpc.cn_ack_trans_id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_cn_ack_trans_ver, { "Syntax ver", "dcerpc.cn_ack_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_dcerpc_cn_ack_btfn, - { "Bind Time Feature Negotiation Bitmask", "dcerpc.cn_ack_btfn", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_cn_reject_reason, { "Reject reason", "dcerpc.cn_reject_reason", FT_UINT16, BASE_DEC, VALS(reject_reason_vals), 0x0, NULL, HFILL }}, { &hf_dcerpc_cn_num_protocols, @@ -6476,6 +6489,7 @@ proto_register_dcerpc(void) &ett_dcerpc_cn_iface, &ett_dcerpc_cn_trans_syntax, &ett_dcerpc_cn_trans_btfn, + &ett_dcerpc_cn_bind_trans_btfn, &ett_dcerpc_cn_rts_flags, &ett_dcerpc_cn_rts_command, &ett_dcerpc_cn_rts_pdu, @@ -6562,10 +6576,6 @@ proto_reg_handoff_dcerpc(void) guids_add_uuid(&uuid_data_repr_proto, "32bit NDR"); guids_add_uuid(&uuid_ndr64, "64bit NDR"); - guids_add_uuid(&uuid_bind_time_feature_nego_00, "bind time feature negotiation"); - guids_add_uuid(&uuid_bind_time_feature_nego_01, "bind time feature negotiation"); - guids_add_uuid(&uuid_bind_time_feature_nego_02, "bind time feature negotiation"); - guids_add_uuid(&uuid_bind_time_feature_nego_03, "bind time feature negotiation"); guids_add_uuid(&uuid_asyncemsmdb, "async MAPI"); } |