From 35a6e092c3153cc7fbd1337c2230d596b0f7abcb Mon Sep 17 00:00:00 2001 From: gram Date: Sun, 18 Jul 2004 18:06:47 +0000 Subject: Move dissectors to epan/dissectors directory. Also move ncp222.py, x11-fields, process-x11-fields.pl, make-reg-dotc, and make-reg-dotc.py. Adjust #include lines in files that include packet-*.h files. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11410 f5534014-38df-0310-8fa8-9805f1628bb7 --- epan/dissectors/packet-dcerpc.h | 346 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 346 insertions(+) create mode 100644 epan/dissectors/packet-dcerpc.h (limited to 'epan/dissectors/packet-dcerpc.h') diff --git a/epan/dissectors/packet-dcerpc.h b/epan/dissectors/packet-dcerpc.h new file mode 100644 index 0000000000..be76c321ae --- /dev/null +++ b/epan/dissectors/packet-dcerpc.h @@ -0,0 +1,346 @@ +/* packet-dcerpc.h + * Copyright 2001, Todd Sabin + * Copyright 2003, Tim Potter + * + * $Id$ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifndef __PACKET_DCERPC_H__ +#define __PACKET_DCERPC_H__ + +#include + +typedef struct _e_uuid_t { + guint32 Data1; + guint16 Data2; + guint16 Data3; + guint8 Data4[8]; +} e_uuid_t; + +/* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */ +#define DCERPC_UUID_STR_LEN 36+1 + +typedef struct _e_ctx_hnd { + guint32 attributes; + e_uuid_t uuid; +} e_ctx_hnd; + +typedef struct _e_dce_cn_common_hdr_t { + guint8 rpc_ver; + guint8 rpc_ver_minor; + guint8 ptype; + guint8 flags; + guint8 drep[4]; + guint16 frag_len; + guint16 auth_len; + guint32 call_id; +} e_dce_cn_common_hdr_t; + +typedef struct _e_dce_dg_common_hdr_t { + guint8 rpc_ver; + guint8 ptype; + guint8 flags1; + guint8 flags2; + guint8 drep[3]; + guint8 serial_hi; + e_uuid_t obj_id; + e_uuid_t if_id; + e_uuid_t act_id; + guint32 server_boot; + guint32 if_ver; + guint32 seqnum; + guint16 opnum; + guint16 ihint; + guint16 ahint; + guint16 frag_len; + guint16 frag_num; + guint8 auth_proto; + guint8 serial_lo; +} e_dce_dg_common_hdr_t; + +typedef struct _dcerpc_auth_info { + guint8 auth_pad_len; + guint8 auth_level; + guint8 auth_type; + guint32 auth_size; + tvbuff_t *auth_data; +} dcerpc_auth_info; + +#define PDU_REQ 0 +#define PDU_PING 1 +#define PDU_RESP 2 +#define PDU_FAULT 3 +#define PDU_WORKING 4 +#define PDU_NOCALL 5 +#define PDU_REJECT 6 +#define PDU_ACK 7 +#define PDU_CL_CANCEL 8 +#define PDU_FACK 9 +#define PDU_CANCEL_ACK 10 +#define PDU_BIND 11 +#define PDU_BIND_ACK 12 +#define PDU_BIND_NAK 13 +#define PDU_ALTER 14 +#define PDU_ALTER_ACK 15 +#define PDU_AUTH3 16 +#define PDU_SHUTDOWN 17 +#define PDU_CO_CANCEL 18 +#define PDU_ORPHANED 19 + + +/* + * helpers for packet-dcerpc.c and packet-dcerpc-ndr.c + * If you're writing a subdissector, you almost certainly want the + * NDR functions below. + */ +guint16 dcerpc_tvb_get_ntohs (tvbuff_t *tvb, gint offset, guint8 *drep); +guint32 dcerpc_tvb_get_ntohl (tvbuff_t *tvb, gint offset, guint8 *drep); +void dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid); +int dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, guint8 *pdata); +int dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, guint16 *pdata); +int dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, guint32 *pdata); +int dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, unsigned char *pdata); +int dissect_dcerpc_float (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, gfloat *pdata); +int dissect_dcerpc_double (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, gdouble *pdata); +int dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, guint32 *pdata); +/* + * NDR routines for subdissectors. + */ +int dissect_ndr_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, guint8 *pdata); +int dissect_ndr_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, guint16 *pdata); +int dissect_ndr_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, guint32 *pdata); +int dissect_ndr_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, unsigned char *pdata); +int dissect_ndr_float (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, gfloat *pdata); +int dissect_ndr_double (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, gdouble *pdata); +int dissect_ndr_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, guint32 *pdata); +int dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, e_uuid_t *pdata); +int dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + int hfindex, e_ctx_hnd *pdata); + +typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); + +typedef void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args); + +#define NDR_POINTER_REF 1 +#define NDR_POINTER_UNIQUE 2 +#define NDR_POINTER_PTR 3 + +int dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + dcerpc_dissect_fnct_t *fnct, int type, char *text, + int hf_index, dcerpc_callback_fnct_t *callback, + void *callback_args); + +int dissect_ndr_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + dcerpc_dissect_fnct_t *fnct, int type, char *text, + int hf_index); + +/* dissect a NDR unidimensional conformant array */ +int dissect_ndr_ucarray(tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + dcerpc_dissect_fnct_t *fnct); + +/* dissect a NDR unidimensional conformant and varying array */ +int dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, + dcerpc_dissect_fnct_t *fnct); + +int dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep); + +int dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, int size_is, + int hfinfo, gboolean add_subtree, + char **data); +int dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep); +int dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep); + +typedef struct _dcerpc_sub_dissector { + guint16 num; + gchar *name; + dcerpc_dissect_fnct_t *dissect_rqst; + dcerpc_dissect_fnct_t *dissect_resp; +} dcerpc_sub_dissector; + +/* registration function for subdissectors */ +void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs, int opnum_hf); +char *dcerpc_get_proto_name(e_uuid_t *uuid, guint16 ver); +int dcerpc_get_proto_hf_opnum(e_uuid_t *uuid, guint16 ver); +dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver); + +/* Create a opnum, name value_string from a subdissector list */ + +value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd); + +/* Private data structure to pass to DCERPC dissector. This is used to + pass transport specific information down to the dissector from the + dissector that parsed this encapsulated calls. + When it comes to DCERPC over SMB the only thing we really want to pass + on is the FID. +*/ + +typedef struct _dcerpc_private_info { + guint16 fid; +} dcerpc_private_info; + +/* Private data passed to subdissectors from the main DCERPC dissector. */ +typedef struct _dcerpc_call_value { + e_uuid_t uuid; + guint16 ver; + guint16 opnum; + guint32 req_frame; + nstime_t req_time; + guint32 rep_frame; + guint32 max_ptr; + void *private_data; +} dcerpc_call_value; + +typedef struct _dcerpc_info { + conversation_t *conv; /* Which TCP stream we are in */ + guint32 call_id; /* Context id for this call */ + guint16 smb_fid; /* FID for DCERPC over SMB */ + guint8 ptype; /* packet type: PDU_REQ, PDU_RESP, ... */ + gboolean conformant_run; + gint32 conformant_eaten; /* how many bytes did the conformant run eat?*/ + guint32 array_max_count; /* max_count for conformant arrays */ + guint32 array_max_count_offset; + guint32 array_offset; + guint32 array_offset_offset; + guint32 array_actual_count; + guint32 array_actual_count_offset; + int hf_index; + dcerpc_call_value *call_data; + void *private_data; +} dcerpc_info; + + +/* the registered subdissectors. With MSVC and a + * libethereal.dll, we need a special declaration. + */ +ETH_VAR_IMPORT GHashTable *dcerpc_uuids; + +typedef struct _dcerpc_uuid_key { + e_uuid_t uuid; + guint16 ver; +} dcerpc_uuid_key; + +typedef struct _dcerpc_uuid_value { + protocol_t *proto; + int proto_id; + int ett; + gchar *name; + dcerpc_sub_dissector *procs; + int opnum_hf; +} dcerpc_uuid_value; + +/* Authenticated pipe registration functions and miscellanea */ + +typedef tvbuff_t *(dcerpc_decode_data_fnct_t)(tvbuff_t *tvb, int offset, + packet_info *pinfo, + dcerpc_auth_info *auth_info); + +typedef struct _dcerpc_auth_subdissector_fns { + + /* Dissect credentials and verifiers */ + + dcerpc_dissect_fnct_t *bind_fn; + dcerpc_dissect_fnct_t *bind_ack_fn; + dcerpc_dissect_fnct_t *auth3_fn; + dcerpc_dissect_fnct_t *req_verf_fn; + dcerpc_dissect_fnct_t *resp_verf_fn; + + /* Decrypt encrypted requests/response PDUs */ + + dcerpc_decode_data_fnct_t *req_data_fn; + dcerpc_decode_data_fnct_t *resp_data_fn; + +} dcerpc_auth_subdissector_fns; + +void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type, + dcerpc_auth_subdissector_fns *fns); + +/* Authentication services */ + +/* + * For MS-specific SSPs (Security Service Provider), see + * + * http://msdn.microsoft.com/library/en-us/rpc/rpc/authentication_level_constants.asp + */ + +#define DCE_C_RPC_AUTHN_PROTOCOL_NONE 0 +#define DCE_C_RPC_AUTHN_PROTOCOL_KRB5 1 +#define DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO 9 +#define DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP 10 +#define DCE_C_RPC_AUTHN_PROTOCOL_GSS_SCHANNEL 14 +#define DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS 16 +#define DCE_C_RPC_AUTHN_PROTOCOL_DPA 17 +#define DCE_C_RPC_AUTHN_PROTOCOL_MSN 18 +#define DCE_C_RPC_AUTHN_PROTOCOL_DIGEST 21 +#define DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN 68 +#define DCE_C_RPC_AUTHN_PROTOCOL_MQ 100 + +/* Protection levels */ + +#define DCE_C_AUTHN_LEVEL_NONE 1 +#define DCE_C_AUTHN_LEVEL_CONNECT 2 +#define DCE_C_AUTHN_LEVEL_CALL 3 +#define DCE_C_AUTHN_LEVEL_PKT 4 +#define DCE_C_AUTHN_LEVEL_PKT_INTEGRITY 5 +#define DCE_C_AUTHN_LEVEL_PKT_PRIVACY 6 + +void +init_ndr_pointer_list(packet_info *pinfo); + +#endif /* packet-dcerpc.h */ -- cgit v1.2.3