diff options
Diffstat (limited to 'epan/dissectors')
-rw-r--r-- | epan/dissectors/packet-dcerpc-samr.c | 33 | ||||
-rw-r--r-- | epan/dissectors/packet-windows-common.c | 79 | ||||
-rw-r--r-- | epan/dissectors/packet-windows-common.h | 3 | ||||
-rw-r--r-- | epan/dissectors/pidl/samr.cnf | 14 | ||||
-rw-r--r-- | epan/dissectors/pidl/samr.idl | 2 |
5 files changed, 111 insertions, 20 deletions
diff --git a/epan/dissectors/packet-dcerpc-samr.c b/epan/dissectors/packet-dcerpc-samr.c index 87b3b4c622..4822e07798 100644 --- a/epan/dissectors/packet-dcerpc-samr.c +++ b/epan/dissectors/packet-dcerpc-samr.c @@ -330,7 +330,6 @@ static gint hf_samr_samr_DomInfo1_min_password_length = -1; static gint hf_samr_samr_ValidatePasswordReq3_pwd_must_change_at_next_logon = -1; static gint hf_samr_samr_FieldsPresent_SAMR_FIELD_WORKSTATIONS = -1; static gint hf_samr_samr_GetDisplayEnumerationIndex_idx = -1; -static gint hf_samr_samr_Connect4_unknown = -1; static gint hf_samr_samr_UserInfo5_last_logon = -1; static gint hf_samr_samr_ServerAccessMask_SAMR_SERVER_ACCESS_CREATE_DOMAIN = -1; static gint hf_samr_samr_ChangePasswordUser2_server = -1; @@ -573,7 +572,6 @@ static gint hf_samr_samr_SetDsrmPassword_hash = -1; static gint hf_samr_samr_DomainInfo_general = -1; static gint hf_samr_samr_GroupAttrs_SE_GROUP_MANDATORY = -1; static gint hf_samr_samr_UserInfo5_description = -1; -static gint hf_samr_sec_info = -1; static gint hf_samr_samr_DomInfo7_role = -1; static gint hf_samr_samr_UserInfo21_workstations = -1; static gint hf_samr_samr_DispEntryGeneral_description = -1; @@ -648,6 +646,7 @@ static gint hf_samr_samr_DispInfoAscii_count = -1; static gint hf_samr_samr_GetMembersInAlias_sids = -1; static gint hf_samr_samr_QueryDisplayInfo3_info = -1; static gint hf_samr_samr_OemChangePasswordUser2_hash = -1; +static gint hf_samr_samr_Connect4_revision = -1; static gint hf_samr_samr_QueryUserInfo2_level = -1; static gint hf_samr_samr_FieldsPresent_SAMR_FIELD_BAD_PWD_COUNT = -1; static gint hf_samr_samr_ValidatePasswordReq3_clear_lockout = -1; @@ -1898,7 +1897,7 @@ static int samr_dissect_element_Connect3_connect_handle(tvbuff_t *tvb _U_, int o static int samr_dissect_element_Connect3_connect_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_); static int samr_dissect_element_Connect4_system_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_); static int samr_dissect_element_Connect4_system_name_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_); -static int samr_dissect_element_Connect4_unknown(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_); +static int samr_dissect_element_Connect4_revision(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_); static int samr_dissect_element_Connect4_access_mask(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_); static int samr_dissect_element_Connect4_connect_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_); static int samr_dissect_element_Connect4_connect_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_); @@ -2183,6 +2182,12 @@ cnf_dissect_lsa_SidArray(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tr offset = dissect_ndr_nt_PSID_ARRAY(tvb, offset, pinfo, tree, drep); return offset; } +static int +cnf_dissect_samr_security_secinfo(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, guint8 *drep _U_) +{ + offset = dissect_nt_security_information(tvb, offset, tree); + return offset; +} /* IDL: struct { */ @@ -9047,7 +9052,7 @@ samr_dissect_element_SetSecurity_handle_(tvbuff_t *tvb _U_, int offset _U_, pack static int samr_dissect_element_SetSecurity_sec_info(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) { - offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_samr_sec_info, NULL); + offset=cnf_dissect_samr_security_secinfo(tvb, offset, pinfo, tree, drep); return offset; } @@ -9120,7 +9125,7 @@ samr_dissect_element_QuerySecurity_handle_(tvbuff_t *tvb _U_, int offset _U_, pa static int samr_dissect_element_QuerySecurity_sec_info(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) { - offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_samr_sec_info, NULL); + offset=cnf_dissect_samr_security_secinfo(tvb, offset, pinfo, tree, drep); return offset; } @@ -13981,9 +13986,9 @@ samr_dissect_element_Connect4_system_name_(tvbuff_t *tvb _U_, int offset _U_, pa } static int -samr_dissect_element_Connect4_unknown(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +samr_dissect_element_Connect4_revision(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) { - offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, drep, hf_samr_samr_Connect4_unknown, 0); + offset = samr_dissect_enum_ConnectRevision(tvb, offset, pinfo, tree, drep, hf_samr_samr_Connect4_revision, 0); return offset; } @@ -14014,7 +14019,7 @@ samr_dissect_element_Connect4_connect_handle_(tvbuff_t *tvb _U_, int offset _U_, /* IDL: NTSTATUS samr_Connect4( */ /* IDL: [unique(1)] [in] [charset(UTF16)] uint16 *system_name, */ -/* IDL: [in] uint32 unknown, */ +/* IDL: [in] samr_ConnectRevision revision, */ /* IDL: [in] samr_ServerAccessMask access_mask, */ /* IDL: [out] [ref] policy_handle *connect_handle */ /* IDL: ); */ @@ -14042,7 +14047,7 @@ samr_dissect_Connect4_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pi pinfo->dcerpc_procedure_name="Connect4"; offset = samr_dissect_element_Connect4_system_name(tvb, offset, pinfo, tree, drep); offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); - offset = samr_dissect_element_Connect4_unknown(tvb, offset, pinfo, tree, drep); + offset = samr_dissect_element_Connect4_revision(tvb, offset, pinfo, tree, drep); offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); offset = samr_dissect_element_Connect4_access_mask(tvb, offset, pinfo, tree, drep); offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); @@ -15143,8 +15148,6 @@ void proto_register_dcerpc_samr(void) { "Samr Field Workstations", "samr.samr_FieldsPresent.SAMR_FIELD_WORKSTATIONS", FT_BOOLEAN, 32, TFS(&samr_FieldsPresent_SAMR_FIELD_WORKSTATIONS_tfs), ( 0x00000400 ), "", HFILL }}, { &hf_samr_samr_GetDisplayEnumerationIndex_idx, { "Idx", "samr.samr_GetDisplayEnumerationIndex.idx", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }}, - { &hf_samr_samr_Connect4_unknown, - { "Unknown", "samr.samr_Connect4.unknown", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }}, { &hf_samr_samr_UserInfo5_last_logon, { "Last Logon", "samr.samr_UserInfo5.last_logon", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0, "", HFILL }}, { &hf_samr_samr_ServerAccessMask_SAMR_SERVER_ACCESS_CREATE_DOMAIN, @@ -15254,7 +15257,7 @@ void proto_register_dcerpc_samr(void) { &hf_samr_samr_ValidatePasswordReq2_password_matched, { "Password Matched", "samr.samr_ValidatePasswordReq2.password_matched", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }}, { &hf_samr_samr_QuerySecurity_sec_info, - { "Sec Info", "samr.samr_QuerySecurity.sec_info", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { "Sec Info", "samr.samr_QuerySecurity.sec_info", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }}, { &hf_samr_samr_DomainInfo_info12, { "Info12", "samr.samr_DomainInfo.info12", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }}, { &hf_samr_samr_QueryDisplayInfo_max_entries, @@ -15380,7 +15383,7 @@ void proto_register_dcerpc_samr(void) { &hf_samr_samr_DomainInfo_info13, { "Info13", "samr.samr_DomainInfo.info13", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }}, { &hf_samr_samr_SetSecurity_sec_info, - { "Sec Info", "samr.samr_SetSecurity.sec_info", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { "Sec Info", "samr.samr_SetSecurity.sec_info", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }}, { &hf_samr_samr_QueryDisplayInfo2_buf_size, { "Buf Size", "samr.samr_QueryDisplayInfo2.buf_size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }}, { &hf_samr_samr_PasswordProperties_DOMAIN_PASSWORD_STORE_CLEARTEXT, @@ -15629,8 +15632,6 @@ void proto_register_dcerpc_samr(void) { "Se Group Mandatory", "samr.samr_GroupAttrs.SE_GROUP_MANDATORY", FT_BOOLEAN, 32, TFS(&samr_GroupAttrs_SE_GROUP_MANDATORY_tfs), ( 0x00000001 ), "", HFILL }}, { &hf_samr_samr_UserInfo5_description, { "Description", "samr.samr_UserInfo5.description", FT_STRING, BASE_NONE, NULL, 0, "", HFILL }}, - { &hf_samr_sec_info, - { "SecInfo", "samr.sec_info", FT_UINT32, BASE_HEX, NULL, 0, " ", HFILL }}, { &hf_samr_samr_DomInfo7_role, { "Role", "samr.samr_DomInfo7.role", FT_UINT32, BASE_DEC, VALS(samr_samr_Role_vals), 0, "", HFILL }}, { &hf_samr_samr_UserInfo21_workstations, @@ -15779,6 +15780,8 @@ void proto_register_dcerpc_samr(void) { "Info", "samr.samr_QueryDisplayInfo3.info", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }}, { &hf_samr_samr_OemChangePasswordUser2_hash, { "Hash", "samr.samr_OemChangePasswordUser2.hash", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }}, + { &hf_samr_samr_Connect4_revision, + { "Revision", "samr.samr_Connect4.revision", FT_UINT32, BASE_DEC, VALS(samr_samr_ConnectRevision_vals), 0, "", HFILL }}, { &hf_samr_samr_QueryUserInfo2_level, { "Level", "samr.samr_QueryUserInfo2.level", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }}, { &hf_samr_samr_FieldsPresent_SAMR_FIELD_BAD_PWD_COUNT, diff --git a/epan/dissectors/packet-windows-common.c b/epan/dissectors/packet-windows-common.c index 1baf10930d..4cd125a9a3 100644 --- a/epan/dissectors/packet-windows-common.c +++ b/epan/dissectors/packet-windows-common.c @@ -71,6 +71,10 @@ static int hf_nt_ace_flags_object_type_present = -1; static int hf_nt_ace_flags_inherited_object_type_present = -1; static int hf_nt_ace_guid = -1; static int hf_nt_ace_inherited_guid = -1; +static int hf_nt_security_information_sacl = -1; +static int hf_nt_security_information_dacl = -1; +static int hf_nt_security_information_group = -1; +static int hf_nt_security_information_owner = -1; static gint ett_nt_sec_desc = -1; static gint ett_nt_sec_desc_type = -1; @@ -80,6 +84,7 @@ static gint ett_nt_ace = -1; static gint ett_nt_ace_flags = -1; static gint ett_nt_ace_object = -1; static gint ett_nt_ace_object_flags = -1; +static gint ett_nt_security_information = -1; /* WERR error codes * This list is based on the samba doserr.h file and was generated by running @@ -1857,6 +1862,23 @@ static const true_false_string tfs_ace_flags_failed_access = { "Failed accesses will not be audited" }; +static const true_false_string flags_sec_info_sacl = { + "Request SACL", + "Do NOT request SACL" +}; +static const true_false_string flags_sec_info_dacl = { + "Request DACL", + "Do NOT request DACL" +}; +static const true_false_string flags_sec_info_group = { + "Request GROUP", + "Do NOT request group" +}; +static const true_false_string flags_sec_info_owner = { + "Request OWNER", + "Do NOT request owner" +}; + #define APPEND_ACE_TEXT(flag, item, string) \ if(flag){ \ if(item) \ @@ -2250,6 +2272,46 @@ dissect_nt_sec_desc_type(tvbuff_t *tvb, int offset, proto_tree *parent_tree) } int +dissect_nt_security_information(tvbuff_t *tvb, int offset, proto_tree *parent_tree) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + guint32 mask; + + mask = tvb_get_letohl(tvb, offset); + if(parent_tree){ + item = proto_tree_add_text(parent_tree, tvb, offset, 2, + "SEC INFO: 0x%08x", mask); + tree = proto_item_add_subtree(item, ett_nt_security_information); + } + + proto_tree_add_boolean(tree,hf_nt_security_information_sacl, + tvb, offset, 4, mask); + if (mask & 0x00000008) { + proto_item_append_text(item, " SACL"); + } + proto_tree_add_boolean(tree,hf_nt_security_information_dacl, + tvb, offset, 4, mask); + if (mask & 0x00000004) { + proto_item_append_text(item, " DACL"); + } + proto_tree_add_boolean(tree,hf_nt_security_information_group, + tvb, offset, 4, mask); + if (mask & 0x00000002) { + proto_item_append_text(item, " GROUP"); + } + proto_tree_add_boolean(tree,hf_nt_security_information_owner, + tvb, offset, 4, mask); + if (mask & 0x00000001) { + proto_item_append_text(item, " OWNER"); + } + + offset += 4; + + return offset; +} + +int dissect_nt_sec_desc(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, gboolean len_supplied, int len, @@ -2709,6 +2771,22 @@ proto_do_register_windows_common(int proto_smb) { "Inherited GUID", "nt.ace.object.inherited_guid", FT_GUID, BASE_NONE, NULL, 0, "", HFILL }}, + { &hf_nt_security_information_sacl, + { "SACL", "nt.sec_info.sacl", FT_BOOLEAN, 32, + TFS(&flags_sec_info_sacl), 0x00000008, "", HFILL }}, + + { &hf_nt_security_information_dacl, + { "DACL", "nt.sec_info.dacl", FT_BOOLEAN, 32, + TFS(&flags_sec_info_dacl), 0x00000004, "", HFILL }}, + + { &hf_nt_security_information_group, + { "Group", "nt.sec_info.group", FT_BOOLEAN, 32, + TFS(&flags_sec_info_group), 0x00000002, "", HFILL }}, + + { &hf_nt_security_information_owner, + { "Owner", "nt.sec_info.owner", FT_BOOLEAN, 32, + TFS(&flags_sec_info_owner), 0x00000001, "", HFILL }}, + }; static gint *ett[] = { @@ -2724,6 +2802,7 @@ proto_do_register_windows_common(int proto_smb) &ett_nt_access_mask_generic, &ett_nt_access_mask_standard, &ett_nt_access_mask_specific, + &ett_nt_security_information, }; proto_register_subtree_array(ett, array_length(ett)); diff --git a/epan/dissectors/packet-windows-common.h b/epan/dissectors/packet-windows-common.h index 19cafb55f7..88b957e3c4 100644 --- a/epan/dissectors/packet-windows-common.h +++ b/epan/dissectors/packet-windows-common.h @@ -289,5 +289,8 @@ proto_do_register_windows_common(int proto_smb); const char * get_well_known_rid_name(guint32); +int +dissect_nt_security_information(tvbuff_t *tvb, int offset, proto_tree *parent_tree); + #endif diff --git a/epan/dissectors/pidl/samr.cnf b/epan/dissectors/pidl/samr.cnf index d63c1b94c7..1679fe625d 100644 --- a/epan/dissectors/pidl/samr.cnf +++ b/epan/dissectors/pidl/samr.cnf @@ -1,7 +1,3 @@ -IMPORT security_secinfo offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_samr_sec_info, NULL); -HF_FIELD hf_samr_sec_info "SecInfo" "samr.sec_info" FT_UINT32 BASE_HEX NULL 0 "" "" "" - - # # policyhandle tracking # This block is to specify where a policyhandle is opened and where it is @@ -169,6 +165,7 @@ TYPE dom_sid2 "offset=cnf_dissect_dom_sid2(tvb, offset, pinfo, tree, drep);" FT_ TYPE lsa_SidArray "offset=cnf_dissect_lsa_SidArray(tvb, offset, pinfo, tree, drep);" FT_NONE BASE_NONE 0 NULL 4 +TYPE security_secinfo "offset=cnf_dissect_samr_security_secinfo(tvb, offset, pinfo, tree, drep);" FT_NONE BASE_NONE 0 NULL 4 # # ConnectX access masks @@ -507,4 +504,13 @@ cnf_dissect_lsa_SidArray(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tr return offset; } + +static int +cnf_dissect_samr_security_secinfo(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, guint8 *drep _U_) +{ + offset = dissect_nt_security_information(tvb, offset, tree); + + return offset; +} + CODE END diff --git a/epan/dissectors/pidl/samr.idl b/epan/dissectors/pidl/samr.idl index 5828151c5f..8784c24e38 100644 --- a/epan/dissectors/pidl/samr.idl +++ b/epan/dissectors/pidl/samr.idl @@ -1310,7 +1310,7 @@ /* Function 0x3e */ NTSTATUS samr_Connect4( [in,unique,string,charset(UTF16)] uint16 *system_name, - [in] uint32 unknown, + [in] samr_ConnectRevision revision, [in] samr_ServerAccessMask access_mask, [out,ref] policy_handle *connect_handle ); |