From 434a95625bcc15e5861c1a18688c45c714e54155 Mon Sep 17 00:00:00 2001
From: Jiajun Wang <me@jiajunw.com>
Date: Thu, 14 Feb 2019 09:49:51 +0800
Subject: Add FSRVP dissector

Bug: 15501
Change-Id: I07bb027308202cd898a378a8860a26c28a989c43
Reviewed-on: https://code.wireshark.org/review/32018
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 epan/dissectors/pidl/CMakeLists.txt  |   4 ++
 epan/dissectors/pidl/Makefile.pidl   |   6 ++
 epan/dissectors/pidl/fsrvp/fsrvp.cnf | 109 +++++++++++++++++++++++++++++++++++
 epan/dissectors/pidl/fsrvp/fsrvp.idl | 105 +++++++++++++++++++++++++++++++++
 4 files changed, 224 insertions(+)
 create mode 100644 epan/dissectors/pidl/fsrvp/fsrvp.cnf
 create mode 100644 epan/dissectors/pidl/fsrvp/fsrvp.idl

(limited to 'epan/dissectors/pidl')

diff --git a/epan/dissectors/pidl/CMakeLists.txt b/epan/dissectors/pidl/CMakeLists.txt
index 5c5c5b86aa..1006dd6c57 100644
--- a/epan/dissectors/pidl/CMakeLists.txt
+++ b/epan/dissectors/pidl/CMakeLists.txt
@@ -18,6 +18,7 @@ set(PIDL_DISSECTOR_NAMES
 	eventlog
 	frsrpc
 	frstrans
+	fsrvp
 	initshutdown
 	lsa
 	mapi
@@ -51,6 +52,9 @@ set(PIDL_DISSECTOR_frstrans_EXTRA_DEPS
 	misc/misc.idl
 	idl_types.h
 )
+set(PIDL_DISSECTOR_fsrvp_EXTRA_DEPS
+	idl_types.h
+)
 set(PIDL_DISSECTOR_initshutdown_EXTRA_DEPS
 	lsa/lsa.idl
 	idl_types.h
diff --git a/epan/dissectors/pidl/Makefile.pidl b/epan/dissectors/pidl/Makefile.pidl
index 69e0769fa1..798611070b 100644
--- a/epan/dissectors/pidl/Makefile.pidl
+++ b/epan/dissectors/pidl/Makefile.pidl
@@ -33,6 +33,7 @@ SUBDIRS = \
 	eventlog	\
 	frsrpc		\
 	frstrans	\
+	fsrvp		\
 	initshutdown	\
 	lsa		\
 	mapi		\
@@ -95,6 +96,11 @@ $(SUBDIRS) $(DONT_BUILD_SUBDIRS): %: ../packet-dcerpc-%.c ../packet-dcerpc-%.h
 				misc/misc.idl idl_types.h
 	cd $(<D) && $(PIDL) $(pidl_out) $(pidl_inc) -- $(<F)
 
+../packet-dcerpc-fsrvp.c \
+../packet-dcerpc-fsrvp.h: fsrvp/fsrvp.idl fsrvp/fsrvp.cnf \
+				idl_types.h
+	cd $(<D) && $(PIDL) $(pidl_out) $(pidl_inc) -- $(<F)
+
 ../packet-dcerpc-initshutdown.c \
 ../packet-dcerpc-initshutdown.h: initshutdown/initshutdown.idl \
 					initshutdown/initshutdown.cnf \
diff --git a/epan/dissectors/pidl/fsrvp/fsrvp.cnf b/epan/dissectors/pidl/fsrvp/fsrvp.cnf
new file mode 100644
index 0000000000..f77001d565
--- /dev/null
+++ b/epan/dissectors/pidl/fsrvp/fsrvp.cnf
@@ -0,0 +1,109 @@
+# Conformance file for FSRVP
+
+MANUAL fsrvp_dissect_SetContext_request
+MANUAL fsrvp_dissect_StartShadowCopySet_request
+MANUAL fsrvp_dissect_AddToShadowCopySet_request
+MANUAL fsrvp_dissect_CommitShadowCopySet_request
+MANUAL fsrvp_dissect_ExposeShadowCopySet_request
+MANUAL fsrvp_dissect_RecoveryCompleteShadowCopySet_request
+MANUAL fsrvp_dissect_AbortShadowCopySet_request
+MANUAL fsrvp_dissect_GetShareMapping_request
+MANUAL fsrvp_dissect_DeleteShareMapping_request
+MANUAL fsrvp_dissect_PrepareShadowCopySet_request
+
+CODE START
+
+static int
+fsrvp_dissect_SetContext_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	di->dcerpc_procedure_name="SetContext";
+	offset = fsrvp_dissect_element_SetContext_Context(tvb, offset, pinfo, tree, di, drep);
+	return offset;
+}
+
+static int
+fsrvp_dissect_StartShadowCopySet_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	di->dcerpc_procedure_name="StartShadowCopySet";
+	offset = fsrvp_dissect_element_StartShadowCopySet_ClientShadowCopySetId(tvb, offset, pinfo, tree, di, drep);
+	return offset;
+}
+
+static int
+fsrvp_dissect_AddToShadowCopySet_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	di->dcerpc_procedure_name="AddToShadowCopySet";
+	offset = fsrvp_dissect_element_AddToShadowCopySet_ClientShadowCopyId(tvb, offset, pinfo, tree, di, drep);
+	offset = fsrvp_dissect_element_AddToShadowCopySet_ShadowCopySetId(tvb, offset, pinfo, tree, di, drep);
+	offset = fsrvp_dissect_element_AddToShadowCopySet_ShareName(tvb, offset, pinfo, tree, di, drep);
+	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
+	return offset;
+}
+
+static int
+fsrvp_dissect_CommitShadowCopySet_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	di->dcerpc_procedure_name="CommitShadowCopySet";
+	offset = fsrvp_dissect_element_CommitShadowCopySet_ShadowCopySetId(tvb, offset, pinfo, tree, di, drep);
+	offset = fsrvp_dissect_element_CommitShadowCopySet_TimeOutInMilliseconds(tvb, offset, pinfo, tree, di, drep);
+	return offset;
+}
+
+static int
+fsrvp_dissect_ExposeShadowCopySet_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	di->dcerpc_procedure_name="ExposeShadowCopySet";
+	offset = fsrvp_dissect_element_ExposeShadowCopySet_ShadowCopySetId(tvb, offset, pinfo, tree, di, drep);
+	offset = fsrvp_dissect_element_ExposeShadowCopySet_TimeOutInMilliseconds(tvb, offset, pinfo, tree, di, drep);
+	return offset;
+}
+
+static int
+fsrvp_dissect_RecoveryCompleteShadowCopySet_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	di->dcerpc_procedure_name="RecoveryCompleteShadowCopySet";
+	offset = fsrvp_dissect_element_RecoveryCompleteShadowCopySet_ShadowCopySetId(tvb, offset, pinfo, tree, di, drep);
+	return offset;
+}
+
+static int
+fsrvp_dissect_AbortShadowCopySet_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	di->dcerpc_procedure_name="AbortShadowCopySet";
+	offset = fsrvp_dissect_element_AbortShadowCopySet_ShadowCopySetId(tvb, offset, pinfo, tree, di, drep);
+	return offset;
+}
+
+static int
+fsrvp_dissect_GetShareMapping_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	di->dcerpc_procedure_name="GetShareMapping";
+	offset = fsrvp_dissect_element_GetShareMapping_ShadowCopyId(tvb, offset, pinfo, tree, di, drep);
+	offset = fsrvp_dissect_element_GetShareMapping_ShadowCopySetId(tvb, offset, pinfo, tree, di, drep);
+	offset = fsrvp_dissect_element_GetShareMapping_ShareName(tvb, offset, pinfo, tree, di, drep);
+	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
+	offset = fsrvp_dissect_element_GetShareMapping_Level(tvb, offset, pinfo, tree, di, drep);
+	return offset;
+}
+
+static int
+fsrvp_dissect_DeleteShareMapping_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	di->dcerpc_procedure_name="DeleteShareMapping";
+	offset = fsrvp_dissect_element_DeleteShareMapping_ShadowCopySetId(tvb, offset, pinfo, tree, di, drep);
+	offset = fsrvp_dissect_element_DeleteShareMapping_ShadowCopyId(tvb, offset, pinfo, tree, di, drep);
+	offset = fsrvp_dissect_element_DeleteShareMapping_ShareName(tvb, offset, pinfo, tree, di, drep);
+	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
+	return offset;
+}
+
+static int
+fsrvp_dissect_PrepareShadowCopySet_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	di->dcerpc_procedure_name="PrepareShadowCopySet";
+	offset = fsrvp_dissect_element_PrepareShadowCopySet_ShadowCopySetId(tvb, offset, pinfo, tree, di, drep);
+	offset = fsrvp_dissect_element_PrepareShadowCopySet_TimeOutInMilliseconds(tvb, offset, pinfo, tree, di, drep);
+	return offset;
+}
+
+CODE END
diff --git a/epan/dissectors/pidl/fsrvp/fsrvp.idl b/epan/dissectors/pidl/fsrvp/fsrvp.idl
new file mode 100644
index 0000000000..b76e822fb3
--- /dev/null
+++ b/epan/dissectors/pidl/fsrvp/fsrvp.idl
@@ -0,0 +1,105 @@
+#include "idl_types.h"
+
+/*
+ * File Server Remote VSS Protocol Definitions
+ */
+
+[ uuid("a8e0653c-2744-4389-a61d-7373df8b2292"),
+  version(1.0),
+  endpoint("ncacn_np:[\\pipe\\FssagentRpc]"),
+  helpstring("File Server Remote VSS Protocol"),
+  pointer_default(unique)
+] interface fsrvp
+{
+	const uint32 FSRVP_E_BAD_STATE = 0x80042301;
+	const uint32 FSRVP_E_SHADOW_COPY_SET_IN_PROGRESS = 0x80042316;
+	const uint32 FSRVP_E_NOT_SUPPORTED = 0x8004230C;
+	const uint32 FSRVP_E_WAIT_TIMEOUT = 0x00000102;
+	const uint32 FSRVP_E_WAIT_FAILED = 0xFFFFFFFF;
+	const uint32 FSRVP_E_OBJECT_ALREADY_EXISTS = 0x8004230D;
+	const uint32 FSRVP_E_OBJECT_NOT_FOUND = 0x80042308;
+	const uint32 FSRVP_E_UNSUPPORTED_CONTEXT = 0x8004231B;
+	const uint32 FSRVP_E_BAD_ID = 0x80042302;	/* wire, not documented */
+	const uint32 FSRVP_E_SHADOWCOPYSET_ID_MISMATCH = 0x80042501;
+	typedef struct {
+		GUID ShadowCopySetId;
+		GUID ShadowCopyId;
+		[string,charset(UTF16)] uint16 *ShareNameUNC;
+		[string,charset(UTF16)] uint16 *ShadowCopyShareName;
+		NTTIME tstamp;
+	} fssagent_share_mapping_1;
+
+	typedef union {
+		[case(1)] fssagent_share_mapping_1 *ShareMapping1;
+		[default];
+	} fssagent_share_mapping;
+
+	const uint32 FSRVP_RPC_VERSION_1 = 0x000000001;
+	NTSTATUS fsrvp_GetSupportedVersion(
+		[out] uint32 *MinVersion,
+		[out] uint32 *MaxVersion);
+
+	const uint32 ATTR_PERSISTENT = 0x00000001;
+	const uint32 ATTR_NO_AUTO_RECOVERY = 0x00000002;
+	const uint32 ATTR_NO_AUTO_RELEASE = 0x00000008;
+	const uint32 ATTR_NO_WRITERS = 0x00000010;
+	const uint32 ATTR_FILE_SHARE = 0x04000000;
+	const uint32 ATTR_AUTO_RECOVERY = 0x00400000;
+
+	const uint32 FSRVP_CTX_BACKUP = 0x00000000;
+	const uint32 FSRVP_CTX_FILE_SHARE_BACKUP = 0x00000010;
+	const uint32 FSRVP_CTX_NAS_ROLLBACK = 0x00000019;
+	const uint32 FSRVP_CTX_APP_ROLLBACK = 0x00000009;
+	NTSTATUS fsrvp_SetContext(
+		[in] uint32 Context);
+
+	NTSTATUS fsrvp_StartShadowCopySet(
+		[in] GUID ClientShadowCopySetId,
+		[out] GUID *pShadowCopySetId);
+
+	NTSTATUS fsrvp_AddToShadowCopySet(
+		[in] GUID ClientShadowCopyId,
+		[in] GUID ShadowCopySetId,
+		[in] [string,charset(UTF16)] uint16 *ShareName,
+		[out] GUID *pShadowCopyId);
+
+	NTSTATUS fsrvp_CommitShadowCopySet(
+		[in] GUID ShadowCopySetId,
+		[in] uint32 TimeOutInMilliseconds);
+
+	NTSTATUS fsrvp_ExposeShadowCopySet(
+		[in] GUID ShadowCopySetId,
+		[in] uint32 TimeOutInMilliseconds);
+
+	NTSTATUS fsrvp_RecoveryCompleteShadowCopySet(
+		[in] GUID ShadowCopySetId);
+
+	NTSTATUS fsrvp_AbortShadowCopySet(
+		[in] GUID ShadowCopySetId);
+
+	NTSTATUS fsrvp_IsPathSupported(
+		[in] [string,charset(UTF16)] uint16 *ShareName,
+		[out] boolean32 *SupportedByThisProvider,
+		[out] [string,charset(UTF16)] uint16 **OwnerMachineName);
+
+	NTSTATUS fsrvp_IsPathShadowCopied(
+		[in] [string,charset(UTF16)] uint16 *ShareName,
+		[out] boolean32 *ShadowCopyPresent,
+		[out] int32 *ShadowCopyCompatibility);
+
+	NTSTATUS fsrvp_GetShareMapping(
+		[in] GUID ShadowCopyId,
+		[in] GUID ShadowCopySetId,
+		[in] [string,charset(UTF16)] uint16 *ShareName,
+		[in] uint32 Level,
+		[out,switch_is(Level)] fssagent_share_mapping *ShareMapping);
+
+	NTSTATUS fsrvp_DeleteShareMapping(
+		[in] GUID ShadowCopySetId,
+		[in] GUID ShadowCopyId,
+		[in] [string,charset(UTF16)] uint16 *ShareName);
+
+	NTSTATUS fsrvp_PrepareShadowCopySet(
+		[in] GUID ShadowCopySetId,
+		[in] uint32 TimeOutInMilliseconds);
+}
-- 
cgit v1.2.3