diff options
author | sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> | 2002-09-29 10:28:27 +0000 |
---|---|---|
committer | sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> | 2002-09-29 10:28:27 +0000 |
commit | 9823b4253d618593c0f8ffb782559c69d5b4d37d (patch) | |
tree | 69cddd5f250f2909418d3279d372f921ae412ce9 /packet-dcerpc-netlogon.c | |
parent | 862518141170c89073dd0dd4f8475ea35f391266 (diff) |
Some changes to netlogon. function 0x1d is still not right but maybe we are
getting closer. from Luke H.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6353 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'packet-dcerpc-netlogon.c')
-rw-r--r-- | packet-dcerpc-netlogon.c | 208 |
1 files changed, 94 insertions, 114 deletions
diff --git a/packet-dcerpc-netlogon.c b/packet-dcerpc-netlogon.c index 036caac2d2..83d3fbaa16 100644 --- a/packet-dcerpc-netlogon.c +++ b/packet-dcerpc-netlogon.c @@ -3,7 +3,7 @@ * Copyright 2001, Tim Potter <tpot@samba.org> * 2002 structure and command dissectors by Ronnie Sahlberg * - * $Id: packet-dcerpc-netlogon.c,v 1.56 2002/09/28 09:43:10 sahlberg Exp $ + * $Id: packet-dcerpc-netlogon.c,v 1.57 2002/09/29 10:28:27 sahlberg Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -4206,18 +4206,6 @@ netlogon_dissect_DOMAIN_CONTROLLER_INFO_ptr(tvbuff_t *tvb, int offset, } static int -netlogon_dissect_DOMAIN_CONTROLLER_INFO_ptr_ptr(tvbuff_t *tvb, int offset, - packet_info *pinfo, proto_tree *tree, - char *drep) -{ - offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - netlogon_dissect_DOMAIN_CONTROLLER_INFO_ptr, NDR_POINTER_UNIQUE, - "DOMAIN_CONTROLLER_INFO pointer: info", -1, 0); - - return offset; -} - -static int netlogon_dissect_BLOB_array(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep) @@ -4266,37 +4254,13 @@ netlogon_dissect_BLOB(tvbuff_t *tvb, int offset, } static int -netlogon_dissect_DOMAIN_QUERY_1(tvbuff_t *tvb, int offset, +netlogon_dissect_DOMAIN_TRUST_INFO(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep) { - offset = netlogon_dissect_BLOB(tvb, offset, - pinfo, tree, drep); - - offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE, - "unknown", hf_netlogon_workstation_fqdn, -1); - - offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE, - "unknown", hf_netlogon_workstation_site_name, -1); - - offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE, - "unknown", hf_netlogon_workstation_os, -1); - - offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE, - "unknown", hf_netlogon_unknown_string, -1); - - offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE, - "unknown", hf_netlogon_unknown_string, -1); - - offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE, - "unknown", hf_netlogon_unknown_string, -1); + offset = lsa_dissect_POLICY_DNS_DOMAIN_INFO(tvb, offset, pinfo, tree, drep); + /* Guesses at best. */ offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep, hf_netlogon_unknown_string, 0); @@ -4325,30 +4289,87 @@ netlogon_dissect_DOMAIN_QUERY_1(tvbuff_t *tvb, int offset, } static int -netlogon_dissect_DOMAIN_INFO_1(tvbuff_t *tvb, int offset, +netlogon_dissect_DOMAIN_TRUST_INFO_ptr(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep) { - offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep, - hf_netlogon_unknown_string, 0); + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + netlogon_dissect_DOMAIN_TRUST_INFO, NDR_POINTER_UNIQUE, + "DOMAIN_TRUST_INFO pointer:", -1, 0); - offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep, - hf_netlogon_unknown_string, 0); + return offset; +} - offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep, - hf_netlogon_unknown_string, 0); +static int +netlogon_dissect_DOMAIN_TRUST_INFO_ptr_ptr(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + char *drep) +{ + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + netlogon_dissect_DOMAIN_TRUST_INFO_ptr, NDR_POINTER_UNIQUE, + "DOMAIN_TRUST_INFO pointer pointer:", -1, 0); - offset = dissect_nt_GUID(tvb, offset, - pinfo, tree, drep); + return offset; +} - offset = dissect_ndr_nt_PSID(tvb, offset, +/* Could this be an array? Ronnie? */ +static int +netlogon_dissect_DOMAIN_TRUST_INFO_CTR(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + char *drep) +{ + guint32 level; + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, + hf_netlogon_level, &level); + + ALIGN_TO_4_BYTES; + switch(level){ + case 1: + offset = netlogon_dissect_DOMAIN_TRUST_INFO_ptr_ptr(tvb, offset, pinfo, tree, drep); + break; + } + + return offset; +} + +static int +netlogon_dissect_DOMAIN_QUERY_1(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + char *drep) +{ + offset = netlogon_dissect_BLOB(tvb, offset, pinfo, tree, drep); + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE, + "Workstation FQDN", hf_netlogon_workstation_fqdn, 0); + + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE, + "unknown", hf_netlogon_unknown_string, -1); + + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE, + "unknown", hf_netlogon_unknown_string, -1); + + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE, + "unknown", hf_netlogon_unknown_string, -1); + + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE, + "unknown", hf_netlogon_unknown_string, -1); + + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE, + "unknown", hf_netlogon_unknown_string, -1); + offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep, hf_netlogon_unknown_string, 0); offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep, - hf_netlogon_unknown_string, 0); + hf_netlogon_workstation_os, 0); offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep, hf_netlogon_unknown_string, 0); @@ -4368,24 +4389,33 @@ netlogon_dissect_DOMAIN_INFO_1(tvbuff_t *tvb, int offset, offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_netlogon_unknown_long, NULL); - offset = netlogon_dissect_BLOB(tvb, offset, - pinfo, tree, drep); + return offset; +} - offset = netlogon_dissect_BLOB(tvb, offset, - pinfo, tree, drep); +static int +netlogon_dissect_DOMAIN_INFO(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + char *drep) +{ + offset = netlogon_dissect_DOMAIN_TRUST_INFO(tvb, offset, pinfo, tree, drep); - offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep, - hf_netlogon_downlevel_domain_name, 0); + offset = netlogon_dissect_DOMAIN_TRUST_INFO_CTR(tvb, offset, pinfo, tree, drep); + + offset = netlogon_dissect_BLOB(tvb, offset, pinfo, tree, drep); offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep, hf_netlogon_dns_domain_name, 0); offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep, - hf_netlogon_domain_name, 0); + hf_netlogon_unknown_string, 0); offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep, hf_netlogon_unknown_string, 0); + offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep, + hf_netlogon_unknown_string, 0); + + /* These four integers appear to mirror the last four in the query. */ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_netlogon_unknown_long, NULL); @@ -4490,18 +4520,6 @@ netlogon_dissect_TYPE_50_ptr(tvbuff_t *tvb, int offset, } static int -netlogon_dissect_TYPE_50_ptr_ptr(tvbuff_t *tvb, int offset, - packet_info *pinfo, proto_tree *tree, - char *drep) -{ - offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - netlogon_dissect_TYPE_50_ptr, NDR_POINTER_UNIQUE, - "TYPE_50* pointer: unknown_TYPE_50", -1, 0); - - return offset; -} - -static int netlogon_dissect_DSROLE_PRIMARY_DOMAIN_INFO_EX(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep) { @@ -4649,17 +4667,6 @@ netlogon_dissect_TYPE_52_ptr(tvbuff_t *tvb, int offset, return offset; } -static int -netlogon_dissect_TYPE_52_ptr_ptr(tvbuff_t *tvb, int offset, - packet_info *pinfo, proto_tree *tree, - char *drep) -{ - offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - netlogon_dissect_TYPE_52_ptr, NDR_POINTER_UNIQUE, - "TYPE_52* pointer: unknown_TYPE_52", -1, 0); - return offset; -} - static int netlogon_dissect_TYPE_44(tvbuff_t *tvb, int offset, @@ -4720,33 +4727,6 @@ netlogon_dissect_DOMAIN_QUERY(tvbuff_t *tvb, int offset, } static int -netlogon_dissect_DOMAIN_INFO(tvbuff_t *tvb, int offset, - packet_info *pinfo, proto_tree *tree, - char *drep) -{ - guint32 level; - - offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, - hf_netlogon_level, &level); - - ALIGN_TO_4_BYTES; - switch(level){ - case 1: - offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - netlogon_dissect_DOMAIN_INFO_1, NDR_POINTER_UNIQUE, - "DOMAIN_INFO_1:", -1, 0); - break; - case 2: - offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - netlogon_dissect_UNICODE_MULTI, NDR_POINTER_UNIQUE, - "UNICODE_MULTI:", -1, 0); - break; - } - - return offset; -} - -static int netlogon_dissect_nettrusteddomainlist_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep) { @@ -5307,7 +5287,7 @@ netlogon_dissect_function_21_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep) { offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - netlogon_dissect_TYPE_50_ptr_ptr, NDR_POINTER_REF, + netlogon_dissect_TYPE_50_ptr, NDR_POINTER_UNIQUE, "TYPE_50** pointer: unknown_TYPE_50", -1, 0); offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, @@ -5354,8 +5334,8 @@ netlogon_dissect_function_22_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep) { offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - netlogon_dissect_DOMAIN_CONTROLLER_INFO_ptr_ptr, NDR_POINTER_REF, - "DOMAIN_CONTROLLER_INFO** pointer: unknown_DOMAIN_CONTROLLER_INFO", -1, 0); + netlogon_dissect_DOMAIN_CONTROLLER_INFO_ptr, NDR_POINTER_UNIQUE, + "DOMAIN_CONTROLLER_INFO pointer: unknown_DOMAIN_CONTROLLER_INFO", -1, 0); offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_netlogon_rc, NULL); @@ -5441,8 +5421,8 @@ netlogon_dissect_function_25_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep) { offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - netlogon_dissect_TYPE_52_ptr_ptr, NDR_POINTER_REF, - "TYPE_52** pointer: unknown_TYPE_52", -1, 0); + netlogon_dissect_TYPE_52_ptr, NDR_POINTER_UNIQUE, + "TYPE_52 pointer: unknown_TYPE_52", -1, 0); offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_netlogon_rc, NULL); @@ -5468,7 +5448,7 @@ netlogon_dissect_function_26_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep) { offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, - netlogon_dissect_TYPE_50_ptr_ptr, NDR_POINTER_REF, + netlogon_dissect_TYPE_50_ptr, NDR_POINTER_UNIQUE, "TYPE_50** pointer: unknown_TYPE_50", -1, 0); offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, |