Wireshark 4.5.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
packet-dcerpc.h
1/* packet-dcerpc.h
2 * Copyright 2001, Todd Sabin <[email protected]>
3 * Copyright 2003, Tim Potter <[email protected]>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <[email protected]>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12#ifndef __PACKET_DCERPC_H__
13#define __PACKET_DCERPC_H__
14
15#include <epan/conversation.h>
16#include "ws_symbol_export.h"
17
18#ifdef __cplusplus
19extern "C" {
20#endif /* __cplusplus */
21
22#define DCERPC_TABLE_NAME "dcerpc.uuid"
23/*
24 * Data representation.
25 */
26#define DREP_LITTLE_ENDIAN 0x10
27
28#define DREP_EBCDIC 0x01
29
30/*
31 * Data representation to integer byte order.
32 */
33#define DREP_ENC_INTEGER(drep) \
34 (((drep)[0] & DREP_LITTLE_ENDIAN) ? ENC_LITTLE_ENDIAN : ENC_BIG_ENDIAN)
35
36/*
37 * Data representation to (octet-string) character encoding.
38 */
39#define DREP_ENC_CHAR(drep) \
40 (((drep)[0] & DREP_EBCDIC) ? ENC_EBCDIC|ENC_NA : ENC_ASCII|ENC_NA)
41
42#ifdef PT_R4
43/* now glib always includes signal.h and on linux PPC
44 * signal.h defines PT_R4
45*/
46#undef PT_R4
47#endif
48
49#define DCERPC_UUID_NULL { 0,0,0, {0,0,0,0,0,0,0,0} }
50
51/* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */
52#define DCERPC_UUID_STR_LEN 36+1
53
54typedef struct _e_ctx_hnd {
55 uint32_t attributes;
56 e_guid_t uuid;
57} e_ctx_hnd;
58
59typedef struct _e_dce_cn_common_hdr_t {
60 uint8_t rpc_ver;
61 uint8_t rpc_ver_minor;
62 uint8_t ptype;
63 uint8_t flags;
64 uint8_t drep[4];
65 uint16_t frag_len;
66 uint16_t auth_len;
67 uint32_t call_id;
69
70typedef struct _e_dce_dg_common_hdr_t {
71 uint8_t rpc_ver;
72 uint8_t ptype;
73 uint8_t flags1;
74 uint8_t flags2;
75 uint8_t drep[3];
76 uint8_t serial_hi;
77 e_guid_t obj_id;
78 e_guid_t if_id;
79 e_guid_t act_id;
80 uint32_t server_boot;
81 uint32_t if_ver;
82 uint32_t seqnum;
83 uint16_t opnum;
84 uint16_t ihint;
85 uint16_t ahint;
86 uint16_t frag_len;
87 uint16_t frag_num;
88 uint8_t auth_proto;
89 uint8_t serial_lo;
91
93
94typedef struct _dcerpc_auth_info {
95 bool hdr_signing;
96 uint8_t auth_type;
97 uint8_t auth_level;
98 uint32_t auth_context_id;
99 uint8_t auth_pad_len;
100 uint32_t auth_size;
101 struct _dcerpc_auth_subdissector_fns *auth_fns;
102 tvbuff_t *auth_hdr_tvb;
103 tvbuff_t *auth_tvb;
104 proto_item *auth_item;
105 proto_tree *auth_tree;
107
109{
110 const char *prog;
111 e_guid_t uuid;
112 uint16_t ver;
113 int num_procedures;
115
116/* Private data passed to subdissectors from the main DCERPC dissector.
117 * One unique instance of this structure is created for each
118 * DCERPC request/response transaction when we see the initial request
119 * of the transaction.
120 * These instances are persistent and will remain available until the
121 * capture file is closed and a new one is read.
122 *
123 * For transactions where we never saw the request (missing from the trace)
124 * the dcerpc runtime will create a temporary "fake" such structure to pass
125 * to the response dissector. These fake structures are not persistent
126 * and can not be used to keep data hanging around.
127 */
128typedef struct _dcerpc_call_value {
129 e_guid_t uuid; /* interface UUID */
130 uint16_t ver; /* interface version */
131 e_guid_t object_uuid; /* optional object UUID (or DCERPC_UUID_NULL) */
132 uint16_t opnum;
133 uint32_t req_frame;
134 nstime_t req_time;
135 uint32_t rep_frame;
136 uint32_t max_ptr;
137 void *se_data; /* This holds any data with se allocation scope
138 * that we might want to keep
139 * for this request/response transaction.
140 * The pointer is initialized to NULL and must be
141 * checked before being dereferenced.
142 * This is useful for such things as when we
143 * need to pass persistent data from the request
144 * to the reply, such as LSA/OpenPolicy2() that
145 * uses this to pass the domain name from the
146 * request to the reply.
147 */
148 void *private_data; /* XXX This will later be renamed as ep_data */
149 e_ctx_hnd *pol; /* policy handle tracked between request/response*/
150#define DCERPC_IS_NDR64 0x00000001
151 uint32_t flags; /* flags for this transaction */
153
154typedef struct _dcerpc_info {
155 conversation_t *conv; /* Which TCP stream we are in */
156 uint32_t call_id; /* Call ID for this call */
157 uint64_t transport_salt; /* e.g. FID for DCERPC over SMB */
158 uint8_t ptype; /* packet type: PDU_REQ, PDU_RESP, ... */
159 bool conformant_run;
160 bool no_align; /* are data aligned? (default yes) */
161 int32_t conformant_eaten; /* how many bytes did the conformant run eat?*/
162 uint32_t array_max_count; /* max_count for conformant arrays */
163 uint32_t array_max_count_offset;
164 uint32_t array_offset;
165 uint32_t array_offset_offset;
166 uint32_t array_actual_count;
167 uint32_t array_actual_count_offset;
168 int hf_index;
169 dcerpc_call_value *call_data;
170 const char *dcerpc_procedure_name; /* Used by PIDL to store the name of the current dcerpc procedure */
171 struct _dcerpc_auth_info *auth_info;
172 void *private_data;
173
174 /* ndr pointer handling */
175 struct {
176 /* Should we re-read the size of the list ?
177 * Instead of re-calculating the size every time, use the stored value unless this
178 * flag is set which means: re-read the size of the list
179 */
180 bool must_check_size;
181 /*
182 * List of pointers encountered so far in the current level. Points to an
183 * element of list_ndr_pointer_list.
184 */
185 GSList *list;
186 GHashTable *hash;
187 /*
188 * List of pointer list, in order to avoid huge performance penalty
189 * when dealing with list bigger than 100 elements due to the way we
190 * try to insert in the list.
191 * We instead maintain a stack of pointer list
192 * To make it easier to manage we just use a list to materialize the stack
193 */
194 GSList *list_list;
195
196 /* Boolean controlling whether pointers are top-level or embedded */
197 bool are_top_level;
198 } pointers;
200
201#define PDU_REQ 0
202#define PDU_PING 1
203#define PDU_RESP 2
204#define PDU_FAULT 3
205#define PDU_WORKING 4
206#define PDU_NOCALL 5
207#define PDU_REJECT 6
208#define PDU_ACK 7
209#define PDU_CL_CANCEL 8
210#define PDU_FACK 9
211#define PDU_CANCEL_ACK 10
212#define PDU_BIND 11
213#define PDU_BIND_ACK 12
214#define PDU_BIND_NAK 13
215#define PDU_ALTER 14
216#define PDU_ALTER_ACK 15
217#define PDU_AUTH3 16
218#define PDU_SHUTDOWN 17
219#define PDU_CO_CANCEL 18
220#define PDU_ORPHANED 19
221#define PDU_RTS 20
222
223/*
224 * helpers for packet-dcerpc.c and packet-dcerpc-ndr.c
225 * If you're writing a subdissector, you almost certainly want the
226 * NDR functions below.
227 */
228uint16_t dcerpc_tvb_get_ntohs (tvbuff_t *tvb, int offset, uint8_t *drep);
229uint32_t dcerpc_tvb_get_ntohl (tvbuff_t *tvb, int offset, uint8_t *drep);
230void dcerpc_tvb_get_uuid (tvbuff_t *tvb, int offset, uint8_t *drep, e_guid_t *uuid);
231WS_DLL_PUBLIC
232int dissect_dcerpc_char (tvbuff_t *tvb, int offset, packet_info *pinfo,
233 proto_tree *tree, uint8_t *drep,
234 int hfindex, uint8_t *pdata);
235WS_DLL_PUBLIC
236int dissect_dcerpc_uint8 (tvbuff_t *tvb, int offset, packet_info *pinfo,
237 proto_tree *tree, uint8_t *drep,
238 int hfindex, uint8_t *pdata);
239WS_DLL_PUBLIC
240int dissect_dcerpc_uint16 (tvbuff_t *tvb, int offset, packet_info *pinfo,
241 proto_tree *tree, uint8_t *drep,
242 int hfindex, uint16_t *pdata);
243WS_DLL_PUBLIC
244int dissect_dcerpc_uint32 (tvbuff_t *tvb, int offset, packet_info *pinfo,
245 proto_tree *tree, uint8_t *drep,
246 int hfindex, uint32_t *pdata);
247WS_DLL_PUBLIC
248int dissect_dcerpc_uint64 (tvbuff_t *tvb, int offset, packet_info *pinfo,
249 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
250 int hfindex, uint64_t *pdata);
251int dissect_dcerpc_float (tvbuff_t *tvb, int offset, packet_info *pinfo,
252 proto_tree *tree, uint8_t *drep,
253 int hfindex, float *pdata);
254int dissect_dcerpc_double (tvbuff_t *tvb, int offset, packet_info *pinfo,
255 proto_tree *tree, uint8_t *drep,
256 int hfindex, double *pdata);
257int dissect_dcerpc_time_t (tvbuff_t *tvb, int offset, packet_info *pinfo,
258 proto_tree *tree, uint8_t *drep,
259 int hfindex, uint32_t *pdata);
260WS_DLL_PUBLIC
261int dissect_dcerpc_uuid_t (tvbuff_t *tvb, int offset, packet_info *pinfo,
262 proto_tree *tree, uint8_t *drep,
263 int hfindex, e_guid_t *pdata);
264
265/*
266 * NDR routines for subdissectors.
267 */
268WS_DLL_PUBLIC
269int dissect_ndr_uint8 (tvbuff_t *tvb, int offset, packet_info *pinfo,
270 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
271 int hfindex, uint8_t *pdata);
272int PIDL_dissect_uint8 (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param);
273int PIDL_dissect_uint8_val (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param, uint8_t *pval);
274WS_DLL_PUBLIC
275int dissect_ndr_uint16 (tvbuff_t *tvb, int offset, packet_info *pinfo,
276 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
277 int hfindex, uint16_t *pdata);
278int PIDL_dissect_uint16 (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param);
279int PIDL_dissect_uint16_val (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param, uint16_t *pval);
280WS_DLL_PUBLIC
281int dissect_ndr_uint32 (tvbuff_t *tvb, int offset, packet_info *pinfo,
282 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
283 int hfindex, uint32_t *pdata);
284int PIDL_dissect_uint32 (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param);
285int PIDL_dissect_uint32_val (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param, uint32_t *rval);
286WS_DLL_PUBLIC
287int dissect_ndr_duint32 (tvbuff_t *tvb, int offset, packet_info *pinfo,
288 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
289 int hfindex, uint64_t *pdata);
290WS_DLL_PUBLIC
291int dissect_ndr_uint64 (tvbuff_t *tvb, int offset, packet_info *pinfo,
292 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
293 int hfindex, uint64_t *pdata);
294int PIDL_dissect_uint64 (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param);
295int PIDL_dissect_uint64_val (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param, uint64_t *pval);
296WS_DLL_PUBLIC
297int dissect_ndr_float (tvbuff_t *tvb, int offset, packet_info *pinfo,
298 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
299 int hfindex, float *pdata);
300WS_DLL_PUBLIC
301int dissect_ndr_double (tvbuff_t *tvb, int offset, packet_info *pinfo,
302 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
303 int hfindex, double *pdata);
304
305WS_DLL_PUBLIC
306int dissect_ndr_time_t (tvbuff_t *tvb, int offset, packet_info *pinfo,
307 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
308 int hfindex, uint32_t *pdata);
309WS_DLL_PUBLIC
310int dissect_ndr_uuid_t (tvbuff_t *tvb, int offset, packet_info *pinfo,
311 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
312 int hfindex, e_guid_t *pdata);
313int dissect_ndr_ctx_hnd (tvbuff_t *tvb, int offset, packet_info *pinfo,
314 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
315 int hfindex, e_ctx_hnd *pdata);
316
317#define FT_UINT1632 FT_UINT32
318typedef uint32_t uint1632_t;
319
320WS_DLL_PUBLIC
321int dissect_ndr_uint1632 (tvbuff_t *tvb, int offset, packet_info *pinfo,
322 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
323 int hfindex, uint1632_t *pdata);
324
325typedef uint64_t uint3264_t;
326
327WS_DLL_PUBLIC
328int dissect_ndr_uint3264 (tvbuff_t *tvb, int offset, packet_info *pinfo,
329 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
330 int hfindex, uint3264_t *pdata);
331
332typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
333typedef int (dcerpc_dissect_fnct_blk_t)(tvbuff_t *tvb, int offset, int length, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
334
335typedef void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, dcerpc_info *di, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args);
336
337#define NDR_POINTER_REF 1
338#define NDR_POINTER_UNIQUE 2
339#define NDR_POINTER_PTR 3
340
341int dissect_ndr_pointer_cb(tvbuff_t *tvb, int offset, packet_info *pinfo,
342 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
343 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
344 int hf_index, dcerpc_callback_fnct_t *callback,
345 void *callback_args);
346
347int dissect_ndr_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
348 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
349 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
350 int hf_index);
351int dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, dcerpc_info *di, uint8_t *drep);
352int dissect_ndr_embedded_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
353 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
354 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
355 int hf_index);
356int dissect_ndr_toplevel_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
357 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
358 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
359 int hf_index);
360
361/* dissect a NDR unidimensional conformant array */
362int dissect_ndr_ucarray(tvbuff_t *tvb, int offset, packet_info *pinfo,
363 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
364 dcerpc_dissect_fnct_t *fnct);
365
366int dissect_ndr_ucarray_block(tvbuff_t *tvb, int offset, packet_info *pinfo,
367 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
368 dcerpc_dissect_fnct_blk_t *fnct);
369
370/* dissect a NDR unidimensional conformant and varying array
371 * each byte in the array is processed separately
372 */
373int dissect_ndr_ucvarray(tvbuff_t *tvb, int offset, packet_info *pinfo,
374 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
375 dcerpc_dissect_fnct_t *fnct);
376
377int dissect_ndr_ucvarray_block(tvbuff_t *tvb, int offset, packet_info *pinfo,
378 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
379 dcerpc_dissect_fnct_blk_t *fnct);
380
381/* dissect a NDR unidimensional varying array */
382int dissect_ndr_uvarray(tvbuff_t *tvb, int offset, packet_info *pinfo,
383 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
384 dcerpc_dissect_fnct_t *fnct);
385
386int dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
387 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
388
389int dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
390 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int size_is,
391 int hfinfo, bool add_subtree,
392 char **data);
393int dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
394 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
395int dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
396 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
397int PIDL_dissect_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int chsize, int hfindex, uint32_t param);
398
399int dissect_ndr_cstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
400 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int size_is,
401 int hfindex, bool add_subtree, char **data);
402int dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
403 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int size_is,
404 int hfinfo, bool add_subtree,
405 char **data);
406int dissect_ndr_char_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
407 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
408int dissect_ndr_wchar_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
409 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
410
411typedef struct _dcerpc_sub_dissector {
412 uint16_t num;
413 const char *name;
414 dcerpc_dissect_fnct_t *dissect_rqst;
415 dcerpc_dissect_fnct_t *dissect_resp;
417
418/* registration function for subdissectors */
419WS_DLL_PUBLIC
420void dcerpc_init_uuid (int proto, int ett, e_guid_t *uuid, uint16_t ver, const dcerpc_sub_dissector *procs, int opnum_hf);
421WS_DLL_PUBLIC
422void dcerpc_init_from_handle(int proto, e_guid_t *uuid, uint16_t ver, dissector_handle_t guid_handle);
423WS_DLL_PUBLIC
424const char *dcerpc_get_proto_name(e_guid_t *uuid, uint16_t ver);
425WS_DLL_PUBLIC
426int dcerpc_get_proto_hf_opnum(e_guid_t *uuid, uint16_t ver);
427WS_DLL_PUBLIC
428const dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_guid_t *uuid, uint16_t ver);
429
430/* Create a opnum, name value_string from a subdissector list */
431
432value_string *value_string_from_subdissectors(const dcerpc_sub_dissector *sd);
433
434/* Decode As... functionality */
435/* remove all bindings */
436WS_DLL_PUBLIC void decode_dcerpc_reset_all(void);
437typedef void (*decode_add_show_list_func)(void *data, void *user_data);
438WS_DLL_PUBLIC void decode_dcerpc_add_show_list(decode_add_show_list_func func, void *user_data);
439
440
441/* the registered subdissectors. With MSVC and a
442 * libwireshark.dll, we need a special declaration.
443 */
444/* Key: guid_key *
445 * Value: dcerpc_uuid_value *
446 */
447WS_DLL_PUBLIC GHashTable *dcerpc_uuids;
448
449typedef struct _dcerpc_uuid_value {
450 protocol_t *proto;
451 int proto_id;
452 int ett;
453 const char *name;
454 const dcerpc_sub_dissector *procs;
455 int opnum_hf;
457
458/* Authenticated pipe registration functions and miscellanea */
459
460typedef tvbuff_t *(dcerpc_decode_data_fnct_t)(tvbuff_t *header_tvb,
461 tvbuff_t *payload_tvb,
462 tvbuff_t *trailer_tvb,
463 tvbuff_t *auth_tvb,
464 packet_info *pinfo,
465 dcerpc_auth_info *auth_info);
466
468
469 /* Dissect credentials and verifiers */
470
471 dcerpc_dissect_fnct_t *bind_fn;
472 dcerpc_dissect_fnct_t *bind_ack_fn;
473 dcerpc_dissect_fnct_t *auth3_fn;
474 dcerpc_dissect_fnct_t *req_verf_fn;
475 dcerpc_dissect_fnct_t *resp_verf_fn;
476
477 /* Decrypt encrypted requests/response PDUs */
478
479 dcerpc_decode_data_fnct_t *req_data_fn;
480 dcerpc_decode_data_fnct_t *resp_data_fn;
481
483
484void register_dcerpc_auth_subdissector(uint8_t auth_level, uint8_t auth_type,
486
487/* all values needed to (re-)build a dcerpc binding */
489 /* values of a typical conversation */
490 address addr_a;
491 address addr_b;
492 port_type ptype;
493 uint32_t port_a;
494 uint32_t port_b;
495 /* dcerpc conversation specific */
496 uint16_t ctx_id;
497 uint64_t transport_salt;
498 /* corresponding "interface" */
499 GString *ifname;
500 e_guid_t uuid;
501 uint16_t ver;
503
504WS_DLL_PUBLIC uint64_t dcerpc_get_transport_salt(packet_info *pinfo);
505WS_DLL_PUBLIC void dcerpc_set_transport_salt(uint64_t dcetransportsalt, packet_info *pinfo);
506
507/* Authentication services */
508
509/*
510 * For MS-specific SSPs (Security Service Provider), see
511 *
512 * https://docs.microsoft.com/en-us/windows/win32/rpc/authentication-level-constants
513 */
514
515#define DCE_C_RPC_AUTHN_PROTOCOL_NONE 0
516#define DCE_C_RPC_AUTHN_PROTOCOL_KRB5 1
517#define DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO 9
518#define DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP 10
519#define DCE_C_RPC_AUTHN_PROTOCOL_GSS_SCHANNEL 14
520#define DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS 16
521#define DCE_C_RPC_AUTHN_PROTOCOL_DPA 17
522#define DCE_C_RPC_AUTHN_PROTOCOL_MSN 18
523#define DCE_C_RPC_AUTHN_PROTOCOL_DIGEST 21
524#define DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN 68
525#define DCE_C_RPC_AUTHN_PROTOCOL_MQ 100
526
527/* Protection levels */
528
529#define DCE_C_AUTHN_LEVEL_NONE 1
530#define DCE_C_AUTHN_LEVEL_CONNECT 2
531#define DCE_C_AUTHN_LEVEL_CALL 3
532#define DCE_C_AUTHN_LEVEL_PKT 4
533#define DCE_C_AUTHN_LEVEL_PKT_INTEGRITY 5
534#define DCE_C_AUTHN_LEVEL_PKT_PRIVACY 6
535
536void
537free_ndr_pointer_list(dcerpc_info *di);
538void
539init_ndr_pointer_list(dcerpc_info *di);
540
541
542
543/* These defines are used in the PIDL conformance files when using
544 * the PARAM_VALUE directive.
545 */
546/* Policy handle tracking. Describes in which function a handle is
547 * opened/closed. See "winreg.cnf" for example.
548 *
549 * The uint32_t param is divided up into multiple fields
550 *
551 * +--------+--------+--------+--------+
552 * | Flags | Type | | |
553 * +--------+--------+--------+--------+
554 */
555/* Flags : */
556#define PIDL_POLHND_OPEN 0x80000000
557#define PIDL_POLHND_CLOSE 0x40000000
558#define PIDL_POLHND_USE 0x00000000 /* just use, not open or cose */
559/* To "save" a pointer to the string in dcv->private_data */
560#define PIDL_STR_SAVE 0x20000000
561/* To make this value appear on the summary line for the packet */
562#define PIDL_SET_COL_INFO 0x10000000
563
564/* Type */
565#define PIDL_POLHND_TYPE_MASK 0x00ff0000
566#define PIDL_POLHND_TYPE_SAMR_USER 0x00010000
567#define PIDL_POLHND_TYPE_SAMR_CONNECT 0x00020000
568#define PIDL_POLHND_TYPE_SAMR_DOMAIN 0x00030000
569#define PIDL_POLHND_TYPE_SAMR_GROUP 0x00040000
570#define PIDL_POLHND_TYPE_SAMR_ALIAS 0x00050000
571
572#define PIDL_POLHND_TYPE_LSA_POLICY 0x00060000
573#define PIDL_POLHND_TYPE_LSA_ACCOUNT 0x00070000
574#define PIDL_POLHND_TYPE_LSA_SECRET 0x00080000
575#define PIDL_POLHND_TYPE_LSA_DOMAIN 0x00090000
576
577/* a structure we store for all policy handles we track */
578typedef struct pol_value {
579 struct pol_value *next; /* Next entry in hash bucket */
580 uint32_t open_frame, close_frame; /* Frame numbers for open/close */
581 uint32_t first_frame; /* First frame in which this instance was seen */
582 uint32_t last_frame; /* Last frame in which this instance was seen */
583 char *name; /* Name of policy handle */
584 uint32_t type; /* policy handle type */
585} pol_value;
586
587
588extern int hf_dcerpc_drep_byteorder;
589extern int hf_dcerpc_ndr_padding;
590
591#define FAKE_DCERPC_INFO_STRUCTURE \
592 /* Fake dcerpc_info structure */ \
593 dcerpc_info di; \
594 dcerpc_call_value call_data; \
595 \
596 di.conformant_run = false; \
597 di.no_align = true; \
598 \
599 /* we need di->call_data->flags.NDR64 == 0 */ \
600 call_data.flags = 0; \
601 di.call_data = &call_data;
602
603#ifdef __cplusplus
604}
605#endif /* __cplusplus */
606
607#endif /* packet-dcerpc.h */
Definition address.h:56
Definition packet-dcerpc.h:94
Definition packet-dcerpc.h:467
Definition packet-dcerpc.h:128
Definition packet-dcerpc.h:154
Definition packet-dcerpc.h:411
Definition packet-dcerpc.h:449
Definition packet-dcerpc.h:54
Definition packet-dcerpc.h:59
Definition packet-dcerpc.h:70
Definition guid-utils.h:23
Definition packet_info.h:43
Definition proto.h:903
Definition proto.c:382
Definition value_string.h:25
Definition conversation.h:224
Definition packet-dcerpc.h:109
Definition packet-dcerpc.h:488
Definition packet.c:787
Definition nstime.h:26
Definition packet-dcerpc.h:578
Definition tvbuff-int.h:35