diff options
Diffstat (limited to 'epan/dissectors/packet-dcerpc.c')
-rw-r--r-- | epan/dissectors/packet-dcerpc.c | 576 |
1 files changed, 309 insertions, 267 deletions
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c index 862cb2dd77..5785987549 100644 --- a/epan/dissectors/packet-dcerpc.c +++ b/epan/dissectors/packet-dcerpc.c @@ -26,7 +26,8 @@ #include "config.h" -#include <stdio.h> +#include <guid-utils.h> +#include <stdio.h> /* for sscanf() */ #include <epan/packet.h> #include <epan/exceptions.h> #include <epan/prefs.h> @@ -47,7 +48,9 @@ void proto_register_dcerpc(void); void proto_reg_handoff_dcerpc(void); -static int dcerpc_tap = -1; +static dissector_handle_t dcerpc_tcp_handle; + +static int dcerpc_tap; /* 32bit Network Data Representation, see DCE/RPC Appendix I */ static e_guid_t uuid_data_repr_proto = { 0x8a885d04, 0x1ceb, 0x11c9, @@ -426,169 +429,169 @@ static const value_string rts_forward_destination_vals[] = { #define DCE_CN_TRANSPORT_SMBPIPE 1 -static int proto_dcerpc = -1; +static int proto_dcerpc; /* field defines */ -static int hf_dcerpc_request_in = -1; -static int hf_dcerpc_time = -1; -static int hf_dcerpc_response_in = -1; -static int hf_dcerpc_ver = -1; -static int hf_dcerpc_ver_minor = -1; -static int hf_dcerpc_packet_type = -1; -static int hf_dcerpc_cn_flags = -1; -static int hf_dcerpc_cn_flags_first_frag = -1; -static int hf_dcerpc_cn_flags_last_frag = -1; -static int hf_dcerpc_cn_flags_cancel_pending = -1; -static int hf_dcerpc_cn_flags_reserved = -1; -static int hf_dcerpc_cn_flags_mpx = -1; -static int hf_dcerpc_cn_flags_dne = -1; -static int hf_dcerpc_cn_flags_maybe = -1; -static int hf_dcerpc_cn_flags_object = -1; -static int hf_dcerpc_drep = -1; - int hf_dcerpc_drep_byteorder = -1; - int hf_dcerpc_ndr_padding = -1; -static int hf_dcerpc_drep_character = -1; -static int hf_dcerpc_drep_fp = -1; -static int hf_dcerpc_cn_frag_len = -1; -static int hf_dcerpc_cn_auth_len = -1; -static int hf_dcerpc_cn_call_id = -1; -static int hf_dcerpc_cn_max_xmit = -1; -static int hf_dcerpc_cn_max_recv = -1; -static int hf_dcerpc_cn_assoc_group = -1; -static int hf_dcerpc_cn_num_ctx_items = -1; -static int hf_dcerpc_cn_ctx_item = -1; -static int hf_dcerpc_cn_ctx_id = -1; -static int hf_dcerpc_cn_num_trans_items = -1; -static int hf_dcerpc_cn_bind_abstract_syntax = -1; -static int hf_dcerpc_cn_bind_if_id = -1; -static int hf_dcerpc_cn_bind_if_ver = -1; -static int hf_dcerpc_cn_bind_if_ver_minor = -1; -static int hf_dcerpc_cn_bind_trans_syntax = -1; -static int hf_dcerpc_cn_bind_trans_id = -1; -static int hf_dcerpc_cn_bind_trans_ver = -1; -static int hf_dcerpc_cn_bind_trans_btfn = -1; -static int hf_dcerpc_cn_bind_trans_btfn_01 = -1; -static int hf_dcerpc_cn_bind_trans_btfn_02 = -1; -static int hf_dcerpc_cn_alloc_hint = -1; -static int hf_dcerpc_cn_sec_addr_len = -1; -static int hf_dcerpc_cn_sec_addr = -1; -static int hf_dcerpc_cn_num_results = -1; -static int hf_dcerpc_cn_ack_result = -1; -static int hf_dcerpc_cn_ack_reason = -1; -static int hf_dcerpc_cn_ack_trans_id = -1; -static int hf_dcerpc_cn_ack_trans_ver = -1; -static int hf_dcerpc_cn_reject_reason = -1; -static int hf_dcerpc_cn_num_protocols = -1; -static int hf_dcerpc_cn_protocol_ver_major = -1; -static int hf_dcerpc_cn_protocol_ver_minor = -1; -static int hf_dcerpc_cn_cancel_count = -1; -static int hf_dcerpc_cn_fault_flags = -1; -static int hf_dcerpc_cn_fault_flags_extended_error_info = -1; -static int hf_dcerpc_cn_status = -1; -static int hf_dcerpc_cn_deseg_req = -1; -static int hf_dcerpc_cn_rts_flags = -1; -static int hf_dcerpc_cn_rts_flags_ping = -1; -static int hf_dcerpc_cn_rts_flags_other_cmd = -1; -static int hf_dcerpc_cn_rts_flags_recycle_channel = -1; -static int hf_dcerpc_cn_rts_flags_in_channel = -1; -static int hf_dcerpc_cn_rts_flags_out_channel = -1; -static int hf_dcerpc_cn_rts_flags_eof = -1; -static int hf_dcerpc_cn_rts_commands_nb = -1; -static int hf_dcerpc_cn_rts_command = -1; -static int hf_dcerpc_cn_rts_command_receivewindowsize = -1; -static int hf_dcerpc_cn_rts_command_fack_bytesreceived = -1; -static int hf_dcerpc_cn_rts_command_fack_availablewindow = -1; -static int hf_dcerpc_cn_rts_command_fack_channelcookie = -1; -static int hf_dcerpc_cn_rts_command_connectiontimeout = -1; -static int hf_dcerpc_cn_rts_command_cookie = -1; -static int hf_dcerpc_cn_rts_command_channellifetime = -1; -static int hf_dcerpc_cn_rts_command_clientkeepalive = -1; -static int hf_dcerpc_cn_rts_command_version = -1; -static int hf_dcerpc_cn_rts_command_conformancecount = -1; -static int hf_dcerpc_cn_rts_command_padding = -1; -static int hf_dcerpc_cn_rts_command_addrtype = -1; -static int hf_dcerpc_cn_rts_command_associationgroupid = -1; -static int hf_dcerpc_cn_rts_command_forwarddestination = -1; -static int hf_dcerpc_cn_rts_command_pingtrafficsentnotify = -1; -static int hf_dcerpc_auth_type = -1; -static int hf_dcerpc_auth_level = -1; -static int hf_dcerpc_auth_pad_len = -1; -static int hf_dcerpc_auth_rsrvd = -1; -static int hf_dcerpc_auth_ctx_id = -1; -static int hf_dcerpc_dg_flags1 = -1; -static int hf_dcerpc_dg_flags1_rsrvd_01 = -1; -static int hf_dcerpc_dg_flags1_last_frag = -1; -static int hf_dcerpc_dg_flags1_frag = -1; -static int hf_dcerpc_dg_flags1_nofack = -1; -static int hf_dcerpc_dg_flags1_maybe = -1; -static int hf_dcerpc_dg_flags1_idempotent = -1; -static int hf_dcerpc_dg_flags1_broadcast = -1; -static int hf_dcerpc_dg_flags1_rsrvd_80 = -1; -static int hf_dcerpc_dg_flags2 = -1; -static int hf_dcerpc_dg_flags2_rsrvd_01 = -1; -static int hf_dcerpc_dg_flags2_cancel_pending = -1; -static int hf_dcerpc_dg_flags2_rsrvd_04 = -1; -static int hf_dcerpc_dg_flags2_rsrvd_08 = -1; -static int hf_dcerpc_dg_flags2_rsrvd_10 = -1; -static int hf_dcerpc_dg_flags2_rsrvd_20 = -1; -static int hf_dcerpc_dg_flags2_rsrvd_40 = -1; -static int hf_dcerpc_dg_flags2_rsrvd_80 = -1; -static int hf_dcerpc_dg_serial_hi = -1; -static int hf_dcerpc_obj_id = -1; -static int hf_dcerpc_dg_if_id = -1; -static int hf_dcerpc_dg_act_id = -1; -static int hf_dcerpc_dg_serial_lo = -1; -static int hf_dcerpc_dg_ahint = -1; -static int hf_dcerpc_dg_ihint = -1; -static int hf_dcerpc_dg_frag_len = -1; -static int hf_dcerpc_dg_frag_num = -1; -static int hf_dcerpc_dg_auth_proto = -1; -static int hf_dcerpc_opnum = -1; -static int hf_dcerpc_dg_seqnum = -1; -static int hf_dcerpc_dg_server_boot = -1; -static int hf_dcerpc_dg_if_ver = -1; -static int hf_dcerpc_krb5_av_prot_level = -1; -static int hf_dcerpc_krb5_av_key_vers_num = -1; -static int hf_dcerpc_krb5_av_key_auth_verifier = -1; -static int hf_dcerpc_dg_cancel_vers = -1; -static int hf_dcerpc_dg_cancel_id = -1; -static int hf_dcerpc_dg_server_accepting_cancels = -1; -static int hf_dcerpc_dg_fack_vers = -1; -static int hf_dcerpc_dg_fack_window_size = -1; -static int hf_dcerpc_dg_fack_max_tsdu = -1; -static int hf_dcerpc_dg_fack_max_frag_size = -1; -static int hf_dcerpc_dg_fack_serial_num = -1; -static int hf_dcerpc_dg_fack_selack_len = -1; -static int hf_dcerpc_dg_fack_selack = -1; -static int hf_dcerpc_dg_status = -1; -static int hf_dcerpc_array_max_count = -1; -static int hf_dcerpc_array_offset = -1; -static int hf_dcerpc_array_actual_count = -1; -static int hf_dcerpc_op = -1; -static int hf_dcerpc_referent_id32 = -1; -static int hf_dcerpc_referent_id64 = -1; -static int hf_dcerpc_null_pointer = -1; -static int hf_dcerpc_fragments = -1; -static int hf_dcerpc_fragment = -1; -static int hf_dcerpc_fragment_overlap = -1; -static int hf_dcerpc_fragment_overlap_conflict = -1; -static int hf_dcerpc_fragment_multiple_tails = -1; -static int hf_dcerpc_fragment_too_long_fragment = -1; -static int hf_dcerpc_fragment_error = -1; -static int hf_dcerpc_fragment_count = -1; -static int hf_dcerpc_reassembled_in = -1; -static int hf_dcerpc_reassembled_length = -1; -static int hf_dcerpc_unknown_if_id = -1; -static int hf_dcerpc_sec_vt_signature = -1; -static int hf_dcerpc_sec_vt_command = -1; -static int hf_dcerpc_sec_vt_command_cmd = -1; -static int hf_dcerpc_sec_vt_command_end = -1; -static int hf_dcerpc_sec_vt_command_must = -1; -static int hf_dcerpc_sec_vt_command_length = -1; -static int hf_dcerpc_sec_vt_bitmask = -1; -static int hf_dcerpc_sec_vt_bitmask_sign = -1; -static int hf_dcerpc_sec_vt_pcontext_uuid = -1; -static int hf_dcerpc_sec_vt_pcontext_ver = -1; +static int hf_dcerpc_request_in; +static int hf_dcerpc_time; +static int hf_dcerpc_response_in; +static int hf_dcerpc_ver; +static int hf_dcerpc_ver_minor; +static int hf_dcerpc_packet_type; +static int hf_dcerpc_cn_flags; +static int hf_dcerpc_cn_flags_first_frag; +static int hf_dcerpc_cn_flags_last_frag; +static int hf_dcerpc_cn_flags_cancel_pending; +static int hf_dcerpc_cn_flags_reserved; +static int hf_dcerpc_cn_flags_mpx; +static int hf_dcerpc_cn_flags_dne; +static int hf_dcerpc_cn_flags_maybe; +static int hf_dcerpc_cn_flags_object; +static int hf_dcerpc_drep; + int hf_dcerpc_drep_byteorder; + int hf_dcerpc_ndr_padding; +static int hf_dcerpc_drep_character; +static int hf_dcerpc_drep_fp; +static int hf_dcerpc_cn_frag_len; +static int hf_dcerpc_cn_auth_len; +static int hf_dcerpc_cn_call_id; +static int hf_dcerpc_cn_max_xmit; +static int hf_dcerpc_cn_max_recv; +static int hf_dcerpc_cn_assoc_group; +static int hf_dcerpc_cn_num_ctx_items; +static int hf_dcerpc_cn_ctx_item; +static int hf_dcerpc_cn_ctx_id; +static int hf_dcerpc_cn_num_trans_items; +static int hf_dcerpc_cn_bind_abstract_syntax; +static int hf_dcerpc_cn_bind_if_id; +static int hf_dcerpc_cn_bind_if_ver; +static int hf_dcerpc_cn_bind_if_ver_minor; +static int hf_dcerpc_cn_bind_trans_syntax; +static int hf_dcerpc_cn_bind_trans_id; +static int hf_dcerpc_cn_bind_trans_ver; +static int hf_dcerpc_cn_bind_trans_btfn; +static int hf_dcerpc_cn_bind_trans_btfn_01; +static int hf_dcerpc_cn_bind_trans_btfn_02; +static int hf_dcerpc_cn_alloc_hint; +static int hf_dcerpc_cn_sec_addr_len; +static int hf_dcerpc_cn_sec_addr; +static int hf_dcerpc_cn_num_results; +static int hf_dcerpc_cn_ack_result; +static int hf_dcerpc_cn_ack_reason; +static int hf_dcerpc_cn_ack_trans_id; +static int hf_dcerpc_cn_ack_trans_ver; +static int hf_dcerpc_cn_reject_reason; +static int hf_dcerpc_cn_num_protocols; +static int hf_dcerpc_cn_protocol_ver_major; +static int hf_dcerpc_cn_protocol_ver_minor; +static int hf_dcerpc_cn_cancel_count; +static int hf_dcerpc_cn_fault_flags; +static int hf_dcerpc_cn_fault_flags_extended_error_info; +static int hf_dcerpc_cn_status; +static int hf_dcerpc_cn_deseg_req; +static int hf_dcerpc_cn_rts_flags; +static int hf_dcerpc_cn_rts_flags_ping; +static int hf_dcerpc_cn_rts_flags_other_cmd; +static int hf_dcerpc_cn_rts_flags_recycle_channel; +static int hf_dcerpc_cn_rts_flags_in_channel; +static int hf_dcerpc_cn_rts_flags_out_channel; +static int hf_dcerpc_cn_rts_flags_eof; +static int hf_dcerpc_cn_rts_commands_nb; +static int hf_dcerpc_cn_rts_command; +static int hf_dcerpc_cn_rts_command_receivewindowsize; +static int hf_dcerpc_cn_rts_command_fack_bytesreceived; +static int hf_dcerpc_cn_rts_command_fack_availablewindow; +static int hf_dcerpc_cn_rts_command_fack_channelcookie; +static int hf_dcerpc_cn_rts_command_connectiontimeout; +static int hf_dcerpc_cn_rts_command_cookie; +static int hf_dcerpc_cn_rts_command_channellifetime; +static int hf_dcerpc_cn_rts_command_clientkeepalive; +static int hf_dcerpc_cn_rts_command_version; +static int hf_dcerpc_cn_rts_command_conformancecount; +static int hf_dcerpc_cn_rts_command_padding; +static int hf_dcerpc_cn_rts_command_addrtype; +static int hf_dcerpc_cn_rts_command_associationgroupid; +static int hf_dcerpc_cn_rts_command_forwarddestination; +static int hf_dcerpc_cn_rts_command_pingtrafficsentnotify; +static int hf_dcerpc_auth_type; +static int hf_dcerpc_auth_level; +static int hf_dcerpc_auth_pad_len; +static int hf_dcerpc_auth_rsrvd; +static int hf_dcerpc_auth_ctx_id; +static int hf_dcerpc_dg_flags1; +static int hf_dcerpc_dg_flags1_rsrvd_01; +static int hf_dcerpc_dg_flags1_last_frag; +static int hf_dcerpc_dg_flags1_frag; +static int hf_dcerpc_dg_flags1_nofack; +static int hf_dcerpc_dg_flags1_maybe; +static int hf_dcerpc_dg_flags1_idempotent; +static int hf_dcerpc_dg_flags1_broadcast; +static int hf_dcerpc_dg_flags1_rsrvd_80; +static int hf_dcerpc_dg_flags2; +static int hf_dcerpc_dg_flags2_rsrvd_01; +static int hf_dcerpc_dg_flags2_cancel_pending; +static int hf_dcerpc_dg_flags2_rsrvd_04; +static int hf_dcerpc_dg_flags2_rsrvd_08; +static int hf_dcerpc_dg_flags2_rsrvd_10; +static int hf_dcerpc_dg_flags2_rsrvd_20; +static int hf_dcerpc_dg_flags2_rsrvd_40; +static int hf_dcerpc_dg_flags2_rsrvd_80; +static int hf_dcerpc_dg_serial_hi; +static int hf_dcerpc_obj_id; +static int hf_dcerpc_dg_if_id; +static int hf_dcerpc_dg_act_id; +static int hf_dcerpc_dg_serial_lo; +static int hf_dcerpc_dg_ahint; +static int hf_dcerpc_dg_ihint; +static int hf_dcerpc_dg_frag_len; +static int hf_dcerpc_dg_frag_num; +static int hf_dcerpc_dg_auth_proto; +static int hf_dcerpc_opnum; +static int hf_dcerpc_dg_seqnum; +static int hf_dcerpc_dg_server_boot; +static int hf_dcerpc_dg_if_ver; +static int hf_dcerpc_krb5_av_prot_level; +static int hf_dcerpc_krb5_av_key_vers_num; +static int hf_dcerpc_krb5_av_key_auth_verifier; +static int hf_dcerpc_dg_cancel_vers; +static int hf_dcerpc_dg_cancel_id; +static int hf_dcerpc_dg_server_accepting_cancels; +static int hf_dcerpc_dg_fack_vers; +static int hf_dcerpc_dg_fack_window_size; +static int hf_dcerpc_dg_fack_max_tsdu; +static int hf_dcerpc_dg_fack_max_frag_size; +static int hf_dcerpc_dg_fack_serial_num; +static int hf_dcerpc_dg_fack_selack_len; +static int hf_dcerpc_dg_fack_selack; +static int hf_dcerpc_dg_status; +static int hf_dcerpc_array_max_count; +static int hf_dcerpc_array_offset; +static int hf_dcerpc_array_actual_count; +static int hf_dcerpc_op; +static int hf_dcerpc_referent_id32; +static int hf_dcerpc_referent_id64; +static int hf_dcerpc_null_pointer; +static int hf_dcerpc_fragments; +static int hf_dcerpc_fragment; +static int hf_dcerpc_fragment_overlap; +static int hf_dcerpc_fragment_overlap_conflict; +static int hf_dcerpc_fragment_multiple_tails; +static int hf_dcerpc_fragment_too_long_fragment; +static int hf_dcerpc_fragment_error; +static int hf_dcerpc_fragment_count; +static int hf_dcerpc_reassembled_in; +static int hf_dcerpc_reassembled_length; +static int hf_dcerpc_unknown_if_id; +static int hf_dcerpc_sec_vt_signature; +static int hf_dcerpc_sec_vt_command; +static int hf_dcerpc_sec_vt_command_cmd; +static int hf_dcerpc_sec_vt_command_end; +static int hf_dcerpc_sec_vt_command_must; +static int hf_dcerpc_sec_vt_command_length; +static int hf_dcerpc_sec_vt_bitmask; +static int hf_dcerpc_sec_vt_bitmask_sign; +static int hf_dcerpc_sec_vt_pcontext_uuid; +static int hf_dcerpc_sec_vt_pcontext_ver; static int * const sec_vt_command_fields[] = { &hf_dcerpc_sec_vt_command_cmd, @@ -596,25 +599,25 @@ static int * const sec_vt_command_fields[] = { &hf_dcerpc_sec_vt_command_must, NULL }; -static int hf_dcerpc_reserved = -1; -static int hf_dcerpc_unknown = -1; -static int hf_dcerpc_missalign = -1; +static int hf_dcerpc_reserved; +static int hf_dcerpc_unknown; +static int hf_dcerpc_missalign; /* Generated from convert_proto_tree_add_text.pl */ -static int hf_dcerpc_duplicate_ptr = -1; -static int hf_dcerpc_encrypted_stub_data = -1; -static int hf_dcerpc_decrypted_stub_data = -1; -static int hf_dcerpc_payload_stub_data = -1; -static int hf_dcerpc_stub_data_with_sec_vt = -1; -static int hf_dcerpc_stub_data = -1; -static int hf_dcerpc_auth_padding = -1; -static int hf_dcerpc_auth_info = -1; -static int hf_dcerpc_auth_credentials = -1; -static int hf_dcerpc_fault_stub_data = -1; -static int hf_dcerpc_fragment_data = -1; -static int hf_dcerpc_cmd_client_ipv4 = -1; -static int hf_dcerpc_cmd_client_ipv6 = -1; -static int hf_dcerpc_authentication_verifier = -1; +static int hf_dcerpc_duplicate_ptr; +static int hf_dcerpc_encrypted_stub_data; +static int hf_dcerpc_decrypted_stub_data; +static int hf_dcerpc_payload_stub_data; +static int hf_dcerpc_stub_data_with_sec_vt; +static int hf_dcerpc_stub_data; +static int hf_dcerpc_auth_padding; +static int hf_dcerpc_auth_info; +static int hf_dcerpc_auth_credentials; +static int hf_dcerpc_fault_stub_data; +static int hf_dcerpc_fragment_data; +static int hf_dcerpc_cmd_client_ipv4; +static int hf_dcerpc_cmd_client_ipv6; +static int hf_dcerpc_authentication_verifier; static int * const dcerpc_cn_bind_trans_btfn_fields[] = { &hf_dcerpc_cn_bind_trans_btfn_01, @@ -639,48 +642,48 @@ static const value_string sec_vt_command_cmd_vals[] = { {0, NULL} }; -static gint ett_dcerpc = -1; -static gint ett_dcerpc_cn_flags = -1; -static gint ett_dcerpc_cn_ctx = -1; -static gint ett_dcerpc_cn_iface = -1; -static gint ett_dcerpc_cn_trans_syntax = -1; -static gint ett_dcerpc_cn_trans_btfn = -1; -static gint ett_dcerpc_cn_bind_trans_btfn = -1; -static gint ett_dcerpc_cn_rts_flags = -1; -static gint ett_dcerpc_cn_rts_command = -1; -static gint ett_dcerpc_cn_rts_pdu = -1; -static gint ett_dcerpc_drep = -1; -static gint ett_dcerpc_dg_flags1 = -1; -static gint ett_dcerpc_dg_flags2 = -1; -static gint ett_dcerpc_pointer_data = -1; -static gint ett_dcerpc_string = -1; -static gint ett_dcerpc_fragments = -1; -static gint ett_dcerpc_fragment = -1; -static gint ett_dcerpc_krb5_auth_verf = -1; -static gint ett_dcerpc_auth_info = -1; -static gint ett_dcerpc_verification_trailer = -1; -static gint ett_dcerpc_sec_vt_command = -1; -static gint ett_dcerpc_sec_vt_bitmask = -1; -static gint ett_dcerpc_sec_vt_pcontext = -1; -static gint ett_dcerpc_sec_vt_header = -1; -static gint ett_dcerpc_complete_stub_data = -1; -static gint ett_dcerpc_fault_flags = -1; -static gint ett_dcerpc_fault_stub_data = -1; - -static expert_field ei_dcerpc_fragment_multiple = EI_INIT; -static expert_field ei_dcerpc_cn_status = EI_INIT; -static expert_field ei_dcerpc_fragment_reassembled = EI_INIT; -static expert_field ei_dcerpc_fragment = EI_INIT; -static expert_field ei_dcerpc_no_request_found = EI_INIT; -/* static expert_field ei_dcerpc_context_change = EI_INIT; */ -static expert_field ei_dcerpc_cn_ctx_id_no_bind = EI_INIT; -static expert_field ei_dcerpc_bind_not_acknowledged = EI_INIT; -static expert_field ei_dcerpc_verifier_unavailable = EI_INIT; -static expert_field ei_dcerpc_invalid_pdu_authentication_attempt = EI_INIT; +static gint ett_dcerpc; +static gint ett_dcerpc_cn_flags; +static gint ett_dcerpc_cn_ctx; +static gint ett_dcerpc_cn_iface; +static gint ett_dcerpc_cn_trans_syntax; +static gint ett_dcerpc_cn_trans_btfn; +static gint ett_dcerpc_cn_bind_trans_btfn; +static gint ett_dcerpc_cn_rts_flags; +static gint ett_dcerpc_cn_rts_command; +static gint ett_dcerpc_cn_rts_pdu; +static gint ett_dcerpc_drep; +static gint ett_dcerpc_dg_flags1; +static gint ett_dcerpc_dg_flags2; +static gint ett_dcerpc_pointer_data; +static gint ett_dcerpc_string; +static gint ett_dcerpc_fragments; +static gint ett_dcerpc_fragment; +static gint ett_dcerpc_krb5_auth_verf; +static gint ett_dcerpc_auth_info; +static gint ett_dcerpc_verification_trailer; +static gint ett_dcerpc_sec_vt_command; +static gint ett_dcerpc_sec_vt_bitmask; +static gint ett_dcerpc_sec_vt_pcontext; +static gint ett_dcerpc_sec_vt_header; +static gint ett_dcerpc_complete_stub_data; +static gint ett_dcerpc_fault_flags; +static gint ett_dcerpc_fault_stub_data; + +static expert_field ei_dcerpc_fragment_multiple; +static expert_field ei_dcerpc_cn_status; +static expert_field ei_dcerpc_fragment_reassembled; +static expert_field ei_dcerpc_fragment; +static expert_field ei_dcerpc_no_request_found; +/* static expert_field ei_dcerpc_context_change; */ +static expert_field ei_dcerpc_cn_ctx_id_no_bind; +static expert_field ei_dcerpc_bind_not_acknowledged; +static expert_field ei_dcerpc_verifier_unavailable; +static expert_field ei_dcerpc_invalid_pdu_authentication_attempt; /* Generated from convert_proto_tree_add_text.pl */ -static expert_field ei_dcerpc_long_frame = EI_INIT; -static expert_field ei_dcerpc_cn_rts_command = EI_INIT; -static expert_field ei_dcerpc_not_implemented = EI_INIT; +static expert_field ei_dcerpc_long_frame; +static expert_field ei_dcerpc_cn_rts_command; +static expert_field ei_dcerpc_not_implemented; static const guint8 TRAILER_SIGNATURE[] = {0x8a, 0xe3, 0x13, 0x71, 0x02, 0xf4, 0x36, 0x71}; static tvbuff_t *tvb_trailer_signature = NULL; @@ -762,7 +765,7 @@ dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding) 0, &binding->addr_a, &binding->addr_b, - conversation_pt_to_endpoint_type(binding->ptype), + conversation_pt_to_conversation_type(binding->ptype), binding->port_a, binding->port_b, 0); @@ -772,7 +775,7 @@ dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding) 0, &binding->addr_a, &binding->addr_b, - conversation_pt_to_endpoint_type(binding->ptype), + conversation_pt_to_conversation_type(binding->ptype), binding->port_a, binding->port_b, 0); @@ -878,7 +881,7 @@ dcerpc_prompt(packet_info *pinfo, gchar* result) g_string_append(str, "&\r\n"); g_string_append_printf(str, "%s: %u\r\n", address_str->str, pinfo->destport); g_string_append_printf(str, "&\r\nContext ID: %u\r\n", decode_data->dcectxid); - g_string_append_printf(str, "&\r\nSMB FID: %"G_GINT64_MODIFIER"u\r\n", + g_string_append_printf(str, "&\r\nSMB FID: %"PRIu64"\r\n", dcerpc_get_transport_salt(pinfo)); g_string_append(str, "with:\r\n"); @@ -995,7 +998,7 @@ dcerpc_decode_as_change(const char *name, gconstpointer pattern, gconstpointer h { const decode_dcerpc_bind_values_t *binding = (const decode_dcerpc_bind_values_t*)pattern; decode_dcerpc_bind_values_t *stored_binding; - guid_key *key = *((guid_key *const *)handle); + const guid_key *key = (const guid_key *)handle; /* remove a probably existing old binding */ decode_dcerpc_binding_reset(name, binding); @@ -1199,7 +1202,7 @@ void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type, d->auth_level = auth_level; d->auth_type = auth_type; - memcpy(&d->auth_fns, fns, sizeof(dcerpc_auth_subdissector_fns)); + d->auth_fns = *fns; dcerpc_auth_subdissector_list = g_slist_append(dcerpc_auth_subdissector_list, d); } @@ -1656,6 +1659,28 @@ dissect_dcerpc_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *d return tvb_captured_length(tvb); } +static void +dcerpc_init_finalize(dissector_handle_t guid_handle, guid_key *key, dcerpc_uuid_value *value) +{ + module_t *samr_module; + const char *filter_name = proto_get_protocol_filter_name(value->proto_id); + + g_hash_table_insert(dcerpc_uuids, key, value); + + /* Register the GUID with the dissector table */ + dissector_add_guid( "dcerpc.uuid", key, guid_handle ); + + /* add this GUID to the global name resolving */ + guids_add_uuid(&key->guid, proto_get_protocol_short_name(value->proto)); + + /* Register the samr.nt_password preference as obsolete */ + /* This should be in packet-dcerpc-samr.c */ + if (strcmp(filter_name, "samr") == 0) { + samr_module = prefs_register_protocol_obsolete(value->proto_id); + prefs_register_obsolete_preference(samr_module, "nt_password"); + } +} + void dcerpc_init_uuid(int proto, int ett, e_guid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs, int opnum_hf) @@ -1663,8 +1688,6 @@ dcerpc_init_uuid(int proto, int ett, e_guid_t *uuid, guint16 ver, guid_key *key = (guid_key *)g_malloc(sizeof (*key)); dcerpc_uuid_value *value = (dcerpc_uuid_value *)g_malloc(sizeof (*value)); header_field_info *hf_info; - module_t *samr_module; - const char *filter_name = proto_get_protocol_filter_name(proto); dissector_handle_t guid_handle; key->guid = *uuid; @@ -1677,24 +1700,37 @@ dcerpc_init_uuid(int proto, int ett, e_guid_t *uuid, guint16 ver, value->procs = procs; value->opnum_hf = opnum_hf; - g_hash_table_insert(dcerpc_uuids, key, value); - hf_info = proto_registrar_get_nth(opnum_hf); hf_info->strings = value_string_from_subdissectors(procs); /* Register the GUID with the dissector table */ guid_handle = create_dissector_handle( dissect_dcerpc_guid, proto); - dissector_add_guid( "dcerpc.uuid", key, guid_handle ); - /* add this GUID to the global name resolving */ - guids_add_uuid(uuid, proto_get_protocol_short_name(value->proto)); + dcerpc_init_finalize(guid_handle, key, value); +} - /* Register the samr.nt_password preference as obsolete */ - /* This should be in packet-dcerpc-samr.c */ - if (strcmp(filter_name, "samr") == 0) { - samr_module = prefs_register_protocol_obsolete(proto); - prefs_register_obsolete_preference(samr_module, "nt_password"); +void +dcerpc_init_from_handle(int proto, e_guid_t *uuid, guint16 ver, + dissector_handle_t guid_handle) +{ + guid_key *key = (guid_key *)g_malloc(sizeof (*key)); + dcerpc_uuid_value *value = (dcerpc_uuid_value *)g_malloc(sizeof (*value)); + + key->guid = *uuid; + key->ver = ver; + + value->proto = find_protocol_by_id(proto); + value->proto_id = proto; + value->ett = -1; + value->name = proto_get_protocol_short_name(value->proto); + value->opnum_hf = 0; + + if (g_hash_table_contains(dcerpc_uuids, key)) { + g_hash_table_remove(dcerpc_uuids, key); + guids_delete_guid(uuid); } + + dcerpc_init_finalize(guid_handle, key, value); } /* Function to find the name of a registered protocol @@ -1714,7 +1750,7 @@ dcerpc_get_proto_name(e_guid_t *uuid, guint16 ver) return NULL; } - return dissector_handle_get_short_name(handle); + return dissector_handle_get_protocol_short_name(handle); } /* Function to find the opnum hf-field of a registered protocol @@ -1985,7 +2021,7 @@ dcerpcstat_init(struct register_srt* srt, GArray* srt_array) } static tap_packet_status -dcerpcstat_packet(void *pss, packet_info *pinfo, epan_dissect_t *edt _U_, const void *prv) +dcerpcstat_packet(void *pss, packet_info *pinfo, epan_dissect_t *edt _U_, const void *prv, tap_flags_t flags _U_) { guint i = 0; srt_stat_table *dcerpc_srt_table; @@ -2039,11 +2075,11 @@ dcerpcstat_param(register_srt_t* srt, const char* opt_arg, char** err) &d1,&d2,&d3,&d40,&d41,&d42,&d43,&d44,&d45,&d46,&d47,&major,&minor,&pos) == 13) { if ((major < 0) || (major > 65535)) { - *err = g_strdup_printf("dcerpcstat_init() Major version number %d is invalid - must be positive and <= 65535", major); + *err = ws_strdup_printf("dcerpcstat_init() Major version number %d is invalid - must be positive and <= 65535", major); return pos; } if ((minor < 0) || (minor > 65535)) { - *err = g_strdup_printf("dcerpcstat_init() Minor version number %d is invalid - must be positive and <= 65535", minor); + *err = ws_strdup_printf("dcerpcstat_init() Minor version number %d is invalid - must be positive and <= 65535", minor); return pos; } ver = major; @@ -2079,7 +2115,7 @@ dcerpcstat_param(register_srt_t* srt, const char* opt_arg, char** err) } else { - *err = g_strdup_printf("<uuid>,<major version>.<minor version>[,<filter>]"); + *err = ws_strdup_printf("<uuid>,<major version>.<minor version>[,<filter>]"); } return pos; @@ -2911,7 +2947,7 @@ dissect_ndr_wchar_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo, /* ndr pointer handling */ /* Should we re-read the size of the list ? - * Instead of re-calculating the size everytime, use the stored value unless this + * Instead of re-calculating the size every time, use the stored value unless this * flag is set which means: re-read the size of the list */ static gboolean must_check_size = FALSE; @@ -4218,7 +4254,7 @@ dissect_dcerpc_cn_bind_ack(tvbuff_t *tvb, gint offset, packet_info *pinfo, hf_dcerpc_cn_sec_addr_len, &sec_addr_len); if (sec_addr_len != 0) { proto_tree_add_item(dcerpc_tree, hf_dcerpc_cn_sec_addr, tvb, offset, - sec_addr_len, ENC_ASCII|ENC_NA); + sec_addr_len, ENC_ASCII); offset += sec_addr_len; } @@ -4450,7 +4486,7 @@ dissect_dcerpc_cn_stub(tvbuff_t *tvb, int offset, packet_info *pinfo, then exit */ if (pinfo->fd->visited) { - fd_head = fragment_get_reassembled(&dcerpc_co_reassembly_table, frame); + fd_head = fragment_get_reassembled_id(&dcerpc_co_reassembly_table, pinfo, frame); goto end_cn_stub; } @@ -5438,6 +5474,7 @@ dissect_dcerpc_cn_rts(tvbuff_t *tvb, gint offset, packet_info *pinfo, } } +/* Test to see if this looks like a connection oriented PDU */ static gboolean is_dcerpc(tvbuff_t *tvb, int offset, packet_info *pinfo _U_) { @@ -5445,6 +5482,7 @@ is_dcerpc(tvbuff_t *tvb, int offset, packet_info *pinfo _U_) guint8 rpc_ver_minor; guint8 ptype; guint8 drep[4]; + guint16 frag_len; if (!tvb_bytes_exist(tvb, offset, sizeof(e_dce_cn_common_hdr_t))) return FALSE; /* not enough information to check */ @@ -5466,6 +5504,11 @@ is_dcerpc(tvbuff_t *tvb, int offset, packet_info *pinfo _U_) return FALSE; if (drep[1] > DCE_RPC_DREP_FP_IBM) return FALSE; + offset += (int)sizeof(drep); + frag_len = dcerpc_tvb_get_ntohs(tvb, offset, drep); + if (frag_len < sizeof(e_dce_cn_common_hdr_t)) { + return FALSE; + } return TRUE; } @@ -5539,14 +5582,6 @@ dissect_dcerpc_cn(tvbuff_t *tvb, int offset, packet_info *pinfo, hdr.call_id = dcerpc_tvb_get_ntohl(tvb, offset, hdr.drep); /*offset += 4;*/ - if (decode_data->dcectxid == 0) { - col_append_fstr(pinfo->cinfo, COL_DCE_CALL, "%u", hdr.call_id); - } else { - /* this is not the first DCE-RPC request/response in this (TCP?-)PDU, - * prepend a delimiter */ - col_append_fstr(pinfo->cinfo, COL_DCE_CALL, "#%u", hdr.call_id); - } - if (can_desegment && pinfo->can_desegment && !tvb_bytes_exist(tvb, start_offset, hdr.frag_len)) { pinfo->desegment_offset = start_offset; @@ -5861,15 +5896,24 @@ dissect_dcerpc_cn_bs(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * static guint get_dcerpc_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, - int offset _U_, void *data _U_) + int offset, void *data _U_) { guint8 drep[4]; guint16 frag_len; - /* XXX: why does htis not take offset into account? */ - tvb_memcpy(tvb, (guint8 *)drep, 4, sizeof(drep)); - frag_len = dcerpc_tvb_get_ntohs(tvb, 8, drep); + tvb_memcpy(tvb, (guint8 *)drep, offset+4, sizeof(drep)); + frag_len = dcerpc_tvb_get_ntohs(tvb, offset+8, drep); + if (!frag_len) { + /* tcp_dissect_pdus() interprets a 0 return value as meaning + * "a PDU starts here, but the length cannot be determined yet, so + * we need at least one more segment." However, a frag_len of 0 here + * is instead a bogus length. Instead return 1, another bogus length + * also less than our fixed length, so that the TCP dissector will + * correctly interpret it as a bogus and report an error. + */ + frag_len = 1; + } return frag_len; } @@ -5895,7 +5939,7 @@ dissect_dcerpc_tcp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, voi decode_data = dcerpc_get_decode_data(pinfo); decode_data->dcetransporttype = DCE_TRANSPORT_UNKNOWN; - tcp_dissect_pdus(tvb, pinfo, tree, dcerpc_cn_desegment, 10, get_dcerpc_pdu_len, dissect_dcerpc_pdu, data); + tcp_dissect_pdus(tvb, pinfo, tree, dcerpc_cn_desegment, sizeof(e_dce_cn_common_hdr_t), get_dcerpc_pdu_len, dissect_dcerpc_pdu, data); return TRUE; } @@ -5907,7 +5951,7 @@ dissect_dcerpc_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *da decode_data = dcerpc_get_decode_data(pinfo); decode_data->dcetransporttype = DCE_TRANSPORT_UNKNOWN; - tcp_dissect_pdus(tvb, pinfo, tree, dcerpc_cn_desegment, 10, get_dcerpc_pdu_len, dissect_dcerpc_pdu, data); + tcp_dissect_pdus(tvb, pinfo, tree, dcerpc_cn_desegment, sizeof(e_dce_cn_common_hdr_t), get_dcerpc_pdu_len, dissect_dcerpc_pdu, data); return tvb_captured_length(tvb); } @@ -6566,7 +6610,6 @@ dissect_dcerpc_dg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat if (tree) proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_seqnum, tvb, offset, 4, hdr.seqnum); col_append_fstr(pinfo->cinfo, COL_INFO, ": seq: %u", hdr.seqnum); - col_append_fstr(pinfo->cinfo, COL_DCE_CALL, "%u", hdr.seqnum); offset += 4; if (tree) @@ -6796,9 +6839,9 @@ proto_register_dcerpc(void) { &hf_dcerpc_cn_bind_trans_btfn, /* [MS-RPCE] 2.2.2.14 */ {"Bind Time Features", "dcerpc.cn_bind_trans_btfn", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL }}, { &hf_dcerpc_cn_bind_trans_btfn_01, - { "Security Context Multiplexing Supported", "dcerpc.cn_bind_trans_btfn.01", FT_BOOLEAN, 16, NULL, 0x01, NULL, HFILL }}, + { "Security Context Multiplexing Supported", "dcerpc.cn_bind_trans_btfn.01", FT_BOOLEAN, 16, NULL, 0x0001, NULL, HFILL }}, { &hf_dcerpc_cn_bind_trans_btfn_02, - { "Keep Connection On Orphan Supported", "dcerpc.cn_bind_trans_btfn.02", FT_BOOLEAN, 16, NULL, 0x02, NULL, HFILL }}, + { "Keep Connection On Orphan Supported", "dcerpc.cn_bind_trans_btfn.02", FT_BOOLEAN, 16, NULL, 0x0002, NULL, HFILL }}, { &hf_dcerpc_cn_alloc_hint, { "Alloc hint", "dcerpc.cn_alloc_hint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_cn_sec_addr_len, @@ -7164,7 +7207,7 @@ proto_register_dcerpc(void) expert_dcerpc = expert_register_protocol(proto_dcerpc); expert_register_field_array(expert_dcerpc, ei, array_length(ei)); - uuid_dissector_table = register_dissector_table("dcerpc.uuid", "DCE/RPC UUIDs", proto_dcerpc, FT_GUID, BASE_HEX); + uuid_dissector_table = register_dissector_table(DCERPC_TABLE_NAME, "DCE/RPC UUIDs", proto_dcerpc, FT_GUID, BASE_HEX); /* structures and data for BIND */ dcerpc_binds = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), dcerpc_bind_hash, dcerpc_bind_equal); @@ -7219,14 +7262,14 @@ proto_register_dcerpc(void) sizeof(TRAILER_SIGNATURE), sizeof(TRAILER_SIGNATURE)); + dcerpc_tcp_handle = register_dissector("dcerpc.tcp", dissect_dcerpc_tcp, proto_dcerpc); + register_shutdown_routine(dcerpc_shutdown); } void proto_reg_handoff_dcerpc(void) { - dissector_handle_t dcerpc_tcp_handle; - heur_dissector_add("tcp", dissect_dcerpc_tcp_heur, "DCE/RPC over TCP", "dcerpc_tcp", proto_dcerpc, HEURISTIC_ENABLE); heur_dissector_add("netbios", dissect_dcerpc_cn_pk, "DCE/RPC over NetBios", "dcerpc_netbios", proto_dcerpc, HEURISTIC_ENABLE); heur_dissector_add("udp", dissect_dcerpc_dg, "DCE/RPC over UDP", "dcerpc_udp", proto_dcerpc, HEURISTIC_ENABLE); @@ -7235,7 +7278,6 @@ proto_reg_handoff_dcerpc(void) heur_dissector_add("http", dissect_dcerpc_cn_bs, "DCE/RPC over HTTP", "dcerpc_http", proto_dcerpc, HEURISTIC_ENABLE); dcerpc_smb_init(proto_dcerpc); - dcerpc_tcp_handle = create_dissector_handle(dissect_dcerpc_tcp, proto_dcerpc); dissector_add_for_decode_as("tcp.port", dcerpc_tcp_handle); guids_add_uuid(&uuid_data_repr_proto, "32bit NDR"); |