the base dcerpc packet definitions - not traditionally coded as IDL,
but given that pidl can handle it nicely it simplifies things a lot
to do it this way
+
+ see http://www.opengroup.org/onlinepubs/9629399/chap12.htm for packet
+ layouts
*/
-[]
+[
+pointer_default(unique),
+depends(misc)
+]
interface dcerpc
{
- typedef struct {
+ typedef [public] struct {
GUID uuid;
- uint16 major_version;
- uint16 minor_version;
+ uint32 if_version;
} dcerpc_syntax_id;
typedef struct {
uint16 max_xmit_frag;
uint16 max_recv_frag;
uint32 assoc_group_id;
- uint8 num_contexts;
+ uint8 num_contexts;
dcerpc_ctx_list ctx_list[num_contexts];
- [flag(NDR_ALIGN8)] DATA_BLOB _pad;
+ [flag(NDR_ALIGN4)] DATA_BLOB _pad;
[flag(NDR_REMAINING)] DATA_BLOB auth_info;
} dcerpc_bind;
const uint8 DCERPC_REQUEST_LENGTH = 24;
+ const uint8 DCERPC_MAX_SIGN_SIZE = 32;
+
+ typedef struct {
+ } dcerpc_empty;
+
+ typedef [nodiscriminant] union {
+ [default] dcerpc_empty empty;
+ [case(LIBNDR_FLAG_OBJECT_PRESENT)] GUID object;
+ } dcerpc_object;
typedef struct {
uint32 alloc_hint;
uint16 context_id;
uint16 opnum;
+ [switch_is(ndr->flags & LIBNDR_FLAG_OBJECT_PRESENT)] dcerpc_object object;
[flag(NDR_ALIGN8)] DATA_BLOB _pad;
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_request;
+ const int DCERPC_BIND_PROVIDER_REJECT = 2;
+ const int DCERPC_BIND_REASON_ASYNTAX = 1;
+
typedef struct {
uint16 result;
uint16 reason;
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_response;
+
+ const int DCERPC_FAULT_OP_RNG_ERROR = 0x1c010002;
+ const int DCERPC_FAULT_UNK_IF = 0x1c010003;
+ const int DCERPC_FAULT_NDR = 0x000006f7;
+ const int DCERPC_FAULT_INVALID_TAG = 0x1c000006;
+ const int DCERPC_FAULT_CONTEXT_MISMATCH = 0x1c00001a;
+ const int DCERPC_FAULT_OTHER = 0x00000001;
+ const int DCERPC_FAULT_ACCESS_DENIED = 0x00000005;
+ const int DCERPC_FAULT_CANT_PERFORM = 0x000006d8;
+
+ /* we return this fault when we haven't yet run the test
+ to see what fault w2k3 returns in this case */
+ const int DCERPC_FAULT_TODO = 0x00000042;
+
typedef struct {
+ uint32 alloc_hint;
+ uint16 context_id;
+ uint8 cancel_count;
uint32 status;
} dcerpc_fault;
+ /* the auth types we know about */
+ const uint8 DCERPC_AUTH_TYPE_NONE = 0;
+ /* this seems to be not krb5! */
+ const uint8 DCERPC_AUTH_TYPE_KRB5_1 = 1;
+ const uint8 DCERPC_AUTH_TYPE_SPNEGO = 9;
+ const uint8 DCERPC_AUTH_TYPE_NTLMSSP = 10;
+ /* I'm not 100% sure but type 16(0x10)
+ * seems to be raw krb5 --metze
+ */
+ const uint8 DCERPC_AUTH_TYPE_KRB5 = 16;
+ const uint8 DCERPC_AUTH_TYPE_SCHANNEL = 68;
+ const uint8 DCERPC_AUTH_TYPE_MSMQ = 100;
- const uint8 DCERPC_AUTH_TYPE_NONE = 0;
- const uint8 DCERPC_AUTH_TYPE_KRB5 = 1;
- const uint8 DCERPC_AUTH_TYPE_NTLMSSP = 10;
-
+ const uint8 DCERPC_AUTH_LEVEL_DEFAULT = DCERPC_AUTH_LEVEL_CONNECT;
const uint8 DCERPC_AUTH_LEVEL_NONE = 1;
const uint8 DCERPC_AUTH_LEVEL_CONNECT = 2;
const uint8 DCERPC_AUTH_LEVEL_CALL = 3;
[flag(NDR_REMAINING)] DATA_BLOB auth_info;
} dcerpc_auth3;
- typedef enum {
+ typedef [public] struct {
+ uint32 _pad;
+ [flag(NDR_REMAINING)] DATA_BLOB auth_info;
+ } dcerpc_orphaned;
+
+ typedef [public] struct {
+ uint32 _pad;
+ [flag(NDR_REMAINING)] DATA_BLOB auth_info;
+ } dcerpc_co_cancel;
+
+ typedef [public] struct {
+ uint32 version;
+ uint32 id;
+ } dcerpc_cl_cancel;
+
+ typedef [public] struct {
+ uint32 version;
+ uint32 id;
+ boolean32 server_is_accepting;
+ } dcerpc_cancel_ack;
+
+ typedef [public] struct {
+ uint32 version;
+ uint8 _pad1;
+ uint16 window_size;
+ uint32 max_tdsu;
+ uint32 max_frag_size;
+ uint16 serial_no;
+ uint16 selack_size;
+ uint32 selack[selack_size];
+ } dcerpc_fack;
+
+ typedef [public] struct {
+ } dcerpc_ack;
+
+ typedef [public] struct {
+ } dcerpc_ping;
+
+ typedef [public] struct {
+ } dcerpc_shutdown;
+
+ typedef [public] struct {
+ } dcerpc_working;
+
+ typedef [enum8bit] enum {
DCERPC_PKT_REQUEST = 0,
DCERPC_PKT_PING = 1,
DCERPC_PKT_RESPONSE = 2,
DCERPC_PKT_BIND_ACK = 12,
DCERPC_PKT_BIND_NAK = 13,
DCERPC_PKT_ALTER = 14,
- DCERPC_PKT_ALTER_ACK = 15,
+ DCERPC_PKT_ALTER_RESP = 15,
DCERPC_PKT_AUTH3 = 16,
DCERPC_PKT_SHUTDOWN = 17,
DCERPC_PKT_CO_CANCEL = 18,
} dcerpc_pkt_type;
typedef [nodiscriminant] union {
- [case(DCERPC_PKT_REQUEST)] dcerpc_request request;
- [case(DCERPC_PKT_RESPONSE)] dcerpc_response response;
- [case(DCERPC_PKT_BIND)] dcerpc_bind bind;
- [case(DCERPC_PKT_BIND_ACK)] dcerpc_bind_ack bind_ack;
- [case(DCERPC_PKT_ALTER)] dcerpc_bind alter;
- [case(DCERPC_PKT_ALTER_ACK)] dcerpc_bind_ack alter_ack;
- [case(DCERPC_PKT_FAULT)] dcerpc_fault fault;
- [case(DCERPC_PKT_AUTH3)] dcerpc_auth3 auth;
- [case(DCERPC_PKT_BIND_NAK)] dcerpc_bind_nak nak;
+ [case(DCERPC_PKT_REQUEST)] dcerpc_request request;
+ [case(DCERPC_PKT_PING)] dcerpc_ping ping;
+ [case(DCERPC_PKT_RESPONSE)] dcerpc_response response;
+ [case(DCERPC_PKT_FAULT)] dcerpc_fault fault;
+ [case(DCERPC_PKT_WORKING)] dcerpc_working working;
+ [case(DCERPC_PKT_NOCALL)] dcerpc_fack nocall;
+ [case(DCERPC_PKT_REJECT)] dcerpc_fault reject;
+ [case(DCERPC_PKT_ACK)] dcerpc_ack ack;
+ [case(DCERPC_PKT_CL_CANCEL)] dcerpc_cl_cancel cl_cancel;
+ [case(DCERPC_PKT_FACK)] dcerpc_fack fack;
+ [case(DCERPC_PKT_CANCEL_ACK)] dcerpc_cancel_ack cancel_ack;
+ [case(DCERPC_PKT_BIND)] dcerpc_bind bind;
+ [case(DCERPC_PKT_BIND_ACK)] dcerpc_bind_ack bind_ack;
+ [case(DCERPC_PKT_BIND_NAK)] dcerpc_bind_nak bind_nak;
+ [case(DCERPC_PKT_ALTER)] dcerpc_bind alter;
+ [case(DCERPC_PKT_ALTER_RESP)] dcerpc_bind_ack alter_resp;
+ [case(DCERPC_PKT_SHUTDOWN)] dcerpc_shutdown shutdown;
+ [case(DCERPC_PKT_CO_CANCEL)] dcerpc_co_cancel co_cancel;
+ [case(DCERPC_PKT_ORPHANED)] dcerpc_orphaned orphaned;
+ [case(DCERPC_PKT_AUTH3)] dcerpc_auth3 auth3;
} dcerpc_payload;
-
/* pfc_flags values */
const uint8 DCERPC_PFC_FLAG_FIRST = 0x01;
const uint8 DCERPC_PFC_FLAG_LAST = 0x02;
const uint8 DCERPC_PFC_FLAG_NOCALL = 0x20;
+ const uint8 DCERPC_PFC_FLAG_ORPC = 0x80;
/* these offsets are needed by the signing code */
+ const uint8 DCERPC_DREP_OFFSET = 4;
const uint8 DCERPC_FRAG_LEN_OFFSET = 8;
const uint8 DCERPC_AUTH_LEN_OFFSET = 10;
+ /* little-endian flag */
+ const uint8 DCERPC_DREP_LE = 0x10;
+
typedef [public] struct {
- uint8 rpc_vers; /* RPC version */
- uint8 rpc_vers_minor; /* Minor version */
- uint8 ptype; /* Packet type */
- uint8 pfc_flags; /* Fragmentation flags */
- uint8 drep[4]; /* NDR data representation */
- uint16 frag_length; /* Total length of fragment */
- uint16 auth_length; /* authenticator length */
- uint32 call_id; /* Call identifier */
-
+ uint8 rpc_vers; /* RPC version */
+ uint8 rpc_vers_minor; /* Minor version */
+ dcerpc_pkt_type ptype; /* Packet type */
+ uint8 pfc_flags; /* Fragmentation flags */
+ uint8 drep[4]; /* NDR data representation */
+ uint16 frag_length; /* Total length of fragment */
+ uint16 auth_length; /* authenticator length */
+ uint32 call_id; /* Call identifier */
+ [switch_is(ptype)] dcerpc_payload u;
+ } ncacn_packet;
+
+ typedef [public] struct {
+ uint8 rpc_vers; /* RPC version (4) */
+ uint8 ptype;
+ uint8 pfc_flags;
+ uint8 ncadg_flags;
+ uint8 drep[3];
+ uint8 serial_high;
+ GUID object;
+ GUID iface;
+ GUID activity;
+ uint32 server_boot; /* Server boot time */
+ uint32 iface_version;
+ uint32 seq_num;
+ uint16 opnum;
+ uint16 ihint;
+ uint16 ahint;
+ uint16 len;
+ uint16 fragnum;
+ uint8 auth_proto;
+ uint8 serial_low;
[switch_is(ptype)] dcerpc_payload u;
- } dcerpc_packet;
+ } ncadg_packet;
}