try to dissect the ms cldap netlogon rpc flags bits.

the information comes from the samba sources and may or may not be reliable or menaingful. ms documentation in their knowledgebase says that the only really important part in the netlogon response is the sitename. (i have reasons to belive at least one of the flags, closest, is completely bogous) git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10649 f5534014-38df-0310-8fa8-9805f1628bb7
author: sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> 2004-04-20 08:33:15 +0000
committer: sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> 2004-04-20 08:33:15 +0000
commit: 56fbfeb884e75bbfc366171cd2af6209e395726f (patch)
tree: c27fd154f4f86110a29564c44b7a0d4de0339fd2 /packet-ldap.c
parent: 509ad89357baa623be1739d27df1da2afc2a99ec (diff)
1 files changed, 139 insertions, 6 deletions
diff --git a/packet-ldap.c b/packet-ldap.c
index 6d9842da6c..e0374c902a 100644
--- a/packet-ldap.c
+++ b/packet-ldap.c
@@ -3,7 +3,7 @@
  *
  * See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL).
  *
- * $Id: packet-ldap.c,v 1.73 2004/01/19 22:58:59 guy Exp $
+ * $Id: packet-ldap.c,v 1.74 2004/04/20 08:33:15 sahlberg Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -130,6 +130,16 @@ static int hf_ldap_message_abandon_msgid = -1;
 
 static int hf_mscldap_netlogon_type = -1;
 static int hf_mscldap_netlogon_flags = -1;
+static int hf_mscldap_netlogon_flags_pdc = -1;
+static int hf_mscldap_netlogon_flags_gc = -1;
+static int hf_mscldap_netlogon_flags_ldap = -1;
+static int hf_mscldap_netlogon_flags_ds = -1;
+static int hf_mscldap_netlogon_flags_kdc = -1;
+static int hf_mscldap_netlogon_flags_timeserv = -1;
+static int hf_mscldap_netlogon_flags_closest = -1;
+static int hf_mscldap_netlogon_flags_writable = -1;
+static int hf_mscldap_netlogon_flags_good_timeserv = -1;
+static int hf_mscldap_netlogon_flags_ndnc = -1;
 static int hf_mscldap_domain_guid = -1;
 static int hf_mscldap_forest = -1;
 static int hf_mscldap_domain = -1;
@@ -147,6 +157,7 @@ static gint ett_ldap = -1;
 static gint ett_ldap_gssapi_token = -1;
 static gint ett_ldap_referrals = -1;
 static gint ett_ldap_attribute = -1;
+static gint ett_mscldap_netlogon_flags = -1;
 
 static int ldap_tap = -1;
 
@@ -1360,6 +1371,89 @@ static int dissect_mscldap_string(tvbuff_t *tvb, int offset, char *str, int maxl
   return offset;
 }
 
+
+/* These flag bits were found to be defined in the samba sources.
+ * I hope they are correct (but have serious doubts about the CLOSEST
+ * bit being used or being meaningful).
+ */
+static const true_false_string tfs_ads_pdc = {
+	"This is a PDC",
+	"This is NOT a pdc"
+};
+static const true_false_string tfs_ads_gc = {
+	"This is a GLOBAL CATALOGUE of forest",
+	"This is NOT a global catalog of forest"
+};
+static const true_false_string tfs_ads_ldap = {
+	"This is an LDAP server",
+	"This is NOT an ldap server"
+};
+static const true_false_string tfs_ads_ds = {
+	"This dc supports DS",
+	"This dc does NOT support ds"
+};
+static const true_false_string tfs_ads_kdc = {
+	"This is a KDC (kerberos)",
+	"This is NOT a kdc (kerberos)"
+};
+static const true_false_string tfs_ads_timeserv = {
+	"This dc is running TIME SERVICES (ntp)",
+	"This dc is NOT running time services (ntp)"
+};
+static const true_false_string tfs_ads_closest = {
+	"This is the CLOSEST dc (unreliable?)",
+	"This is NOT the closest dc"
+};
+static const true_false_string tfs_ads_writable = {
+	"This dc is WRITABLE",
+	"This dc is NOT writable"
+};
+static const true_false_string tfs_ads_good_timeserv = {
+	"This dc has a GOOD TIME SERVICE (i.e. hardware clock)",
+	"This dc does NOT have a good time service (i.e. no hardware clock)"
+};
+static const true_false_string tfs_ads_ndnc = {
+	"Domain is NON-DOMAIN NC serviced by ldap server",
+	"Domain is NOT non-domain nc serviced by ldap server"
+};
+static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
+{
+  guint32 flags;
+  proto_item *item;
+  proto_tree *tree=NULL;
+
+  flags=tvb_get_letohl(tvb, offset);
+  item=proto_tree_add_item(parent_tree, hf_mscldap_netlogon_flags, tvb, offset, 4, TRUE);
+  if(parent_tree){
+    tree = proto_item_add_subtree(item, ett_mscldap_netlogon_flags);
+  }
+
+  proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_ndnc,
+    tvb, offset, 4, flags);
+  proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_good_timeserv,
+    tvb, offset, 4, flags);
+  proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_writable,
+    tvb, offset, 4, flags);
+  proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_closest,
+    tvb, offset, 4, flags);
+  proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_timeserv,
+    tvb, offset, 4, flags);
+  proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_kdc,
+    tvb, offset, 4, flags);
+  proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_ds,
+    tvb, offset, 4, flags);
+  proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_ldap,
+    tvb, offset, 4, flags);
+  proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_gc,
+    tvb, offset, 4, flags);
+  proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_pdc,
+    tvb, offset, 4, flags);
+
+  offset += 4;
+
+  return offset;
+}
+
 static void dissect_mscldap_response_netlogon(proto_tree *tree, tvbuff_t *tvb)
 {
   int old_offset, offset=0;
@@ -1373,9 +1467,7 @@ static void dissect_mscldap_response_netlogon(proto_tree *tree, tvbuff_t *tvb)
   offset += 4;
 
   /* Flags */
-  /*XXX someone that knows what these flags are should add that knowledge here*/
-  proto_tree_add_item(tree, hf_mscldap_netlogon_flags, tvb, offset, 4, TRUE);
-  offset += 4;
+  offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
 
   /* Domain GUID */
   proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, TRUE);
@@ -2780,7 +2872,7 @@ proto_register_ldap(void)
     { &hf_mscldap_netlogon_flags,
       { "Flags", "mscldap.netlogon.flags",
         FT_UINT32, BASE_HEX, NULL, 0x0,
-        "Flags <please tell ethereal developers what these flags are>", HFILL }},
+        "Netlogon flags describing the DC properties", HFILL }},
 
     { &hf_mscldap_domain_guid,
       { "Domain GUID", "mscldap.domain.guid",
@@ -2827,13 +2919,54 @@ proto_register_ldap(void)
         FT_STRING, BASE_NONE, NULL, 0x0,
         "Client Site name", HFILL }},
 
+    { &hf_mscldap_netlogon_flags_pdc,
+      { "PDC", "mscldap.netlogon.flags.pdc", FT_BOOLEAN, 32,
+        TFS(&tfs_ads_pdc), 0x00000001, "Is this DC a PDC or not?", HFILL }},
+
+    { &hf_mscldap_netlogon_flags_gc,
+      { "GC", "mscldap.netlogon.flags.gc", FT_BOOLEAN, 32,
+        TFS(&tfs_ads_gc), 0x00000004, "Does this dc service as a GLOBAL CATALOGUE?", HFILL }},
+
+    { &hf_mscldap_netlogon_flags_ldap,
+      { "LDAP", "mscldap.netlogon.flags.ldap", FT_BOOLEAN, 32,
+        TFS(&tfs_ads_ldap), 0x00000008, "Does this DC act as an LDAP server?", HFILL }},
+
+    { &hf_mscldap_netlogon_flags_ds,
+      { "DS", "mscldap.netlogon.flags.ds", FT_BOOLEAN, 32,
+        TFS(&tfs_ads_ds), 0x00000010, "Does this dc provide DS services?", HFILL }},
+
+    { &hf_mscldap_netlogon_flags_kdc,
+      { "KDC", "mscldap.netlogon.flags.kdc", FT_BOOLEAN, 32,
+        TFS(&tfs_ads_kdc), 0x00000020, "Does this dc act as a KDC?", HFILL }},
+
+    { &hf_mscldap_netlogon_flags_timeserv,
+      { "Time Serv", "mscldap.netlogon.flags.timeserv", FT_BOOLEAN, 32,
+        TFS(&tfs_ads_timeserv), 0x00000040, "Does this dc provide time services (ntp) ?", HFILL }},
+
+    { &hf_mscldap_netlogon_flags_closest,
+      { "Closest", "mscldap.netlogon.flags.closest", FT_BOOLEAN, 32,
+        TFS(&tfs_ads_closest), 0x00000080, "Is this the closest dc? (is this used at all?)", HFILL }},
+
+    { &hf_mscldap_netlogon_flags_writable,
+      { "Writable", "mscldap.netlogon.flags.writable", FT_BOOLEAN, 32,
+        TFS(&tfs_ads_writable), 0x00000100, "Is this dc writable? (i.e. can it update the AD?)", HFILL }},
+
+    { &hf_mscldap_netlogon_flags_good_timeserv,
+      { "Good Time Serv", "mscldap.netlogon.flags.good_timeserv", FT_BOOLEAN, 32,
+        TFS(&tfs_ads_good_timeserv), 0x00000200, "Is this a Good Time Server? (i.e. does it have a hardware clock)", HFILL }},
+
+    { &hf_mscldap_netlogon_flags_ndnc,
+      { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32,
+        TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }},
+
   };
 
   static gint *ett[] = {
     &ett_ldap,
     &ett_ldap_gssapi_token,
     &ett_ldap_referrals,
-    &ett_ldap_attribute
+    &ett_ldap_attribute,
+    &ett_mscldap_netlogon_flags
   };
   module_t *ldap_module;
author	sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7>	2004-04-20 08:33:15 +0000
committer	sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7>	2004-04-20 08:33:15 +0000
commit	56fbfeb884e75bbfc366171cd2af6209e395726f (patch)
tree	c27fd154f4f86110a29564c44b7a0d4de0339fd2 /packet-ldap.c
parent	509ad89357baa623be1739d27df1da2afc2a99ec (diff)