epan/dissectors/packet-dcerpc-nt.h

   1 /* packet-dcerpc-nt.h
   2  * Routines for DCERPC over SMB packet disassembly
   3  * Copyright 2001-2003 Tim Potter <tpot@samba.org>
   4  *
   5  * $Id$
   6  *
   7  * Wireshark - Network traffic analyzer
   8  * By Gerald Combs <gerald@wireshark.org>
   9  * Copyright 1998 Gerald Combs
  10  *
  11  * This program is free software; you can redistribute it and/or
  12  * modify it under the terms of the GNU General Public License
  13  * as published by the Free Software Foundation; either version 2
  14  * of the License, or (at your option) any later version.
  15  *
  16  * This program is distributed in the hope that it will be useful,
  17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  * GNU General Public License for more details.
  20  *
  21  * You should have received a copy of the GNU General Public License
  22  * along with this program; if not, write to the Free Software
  23  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  24  */
  25
  26 #ifndef __PACKET_DCERPC_NT_H
  27 #define __PACKET_DCERPC_NT_H
  28
  29 /*
  30  * Platform ID values, used by several dissectors.
  31  */
  32 extern const value_string platform_id_vals[];
  33
  34 /* Routines for handling deferral of referants in NDR */
  35
  36 #define ALIGN_TO_8_BYTES \
  37         { dcerpc_info *xzdi; \
  38           xzdi=pinfo->private_data; \
  39           if(!xzdi->conformant_run) { \
  40                 if(offset&0x07) { \
  41                         offset=(offset&0xfffffff8)+8; \
  42                 } \
  43           } \
  44         }
  45 #define ALIGN_TO_4_BYTES \
  46         { dcerpc_info *xzdi; \
  47           xzdi=pinfo->private_data; \
  48           if(!xzdi->conformant_run) { \
  49                 if(offset&0x03) { \
  50                         offset=(offset&0xfffffffc)+4; \
  51                 } \
  52           } \
  53         }
  54 #define ALIGN_TO_2_BYTES \
  55         { dcerpc_info *xzdi; \
  56           xzdi=pinfo->private_data; \
  57           if(!xzdi->conformant_run) { \
  58                 if(offset&0x01) { \
  59                         offset=(offset&0xfffffffe)+2; \
  60                 } \
  61           } \
  62         }
  63
  64 #define ALIGN_TO_5_BYTES ALIGN_TO_4_OR_8_BYTES
  65
  66 #define ALIGN_TO_4_OR_8_BYTES \
  67         { dcerpc_info *xzdi2; \
  68           xzdi2=pinfo->private_data; \
  69           if (xzdi2->call_data->flags & DCERPC_IS_NDR64) { \
  70             ALIGN_TO_8_BYTES; \
  71           } else { \
  72             ALIGN_TO_4_BYTES; \
  73           } \
  74         }
  75
  76
  77 int
  78 dissect_ndr_counted_ascii_string_cb(tvbuff_t *tvb, int offset,
  79                                   packet_info *pinfo, proto_tree *tree,
  80                                   guint8 *drep, int hf_index,
  81                                   dcerpc_callback_fnct_t *callback,
  82                                     void *callback_args);
  83 int
  84 dissect_ndr_counted_ascii_string(tvbuff_t *tvb, int offset,
  85                                packet_info *pinfo, proto_tree *tree,
  86                                  guint8 *drep, int hf_index, int levels);
  87
  88 int
  89 dissect_ndr_counted_string_cb(tvbuff_t *tvb, int offset,
  90                               packet_info *pinfo, proto_tree *tree,
  91                               guint8 *drep, int hf_index,
  92                               dcerpc_callback_fnct_t *callback,
  93                               void *callback_args);
  94
  95 int
  96 dissect_ndr_counted_string_ptr(tvbuff_t *tvb, int offset,
  97                                packet_info *pinfo, proto_tree *parent_tree,
  98                                guint8 *drep);
  99
 100 int
 101 dissect_ndr_counted_string(tvbuff_t *tvb, int offset,
 102                            packet_info *pinfo, proto_tree *parent_tree,
 103                            guint8 *drep, int hf_index, int levels);
 104
 105 int
 106 dissect_ndr_counted_byte_array(tvbuff_t *tvb, int offset,
 107                                packet_info *pinfo, proto_tree *parent_tree,
 108                                guint8 *drep, int hf_index, int levels);
 109
 110 int
 111 dissect_ndr_counted_byte_array_cb(tvbuff_t *tvb, int offset,
 112                                   packet_info *pinfo, proto_tree *tree,
 113                                   guint8 *drep, int hf_index,
 114                                   dcerpc_callback_fnct_t *callback,
 115                                   void *callback_args);
 116
 117 int
 118 dissect_ndr_nt_acct_ctrl(tvbuff_t *tvb, int offset, packet_info *pinfo,
 119                         proto_tree *parent_tree, guint8 *drep);
 120
 121 int
 122 dissect_nt_GUID(tvbuff_t *tvb, int offset,
 123                         packet_info *pinfo, proto_tree *tree,
 124                         guint8 *drep);
 125
 126 int
 127 dissect_ndr_lsa_String(tvbuff_t *tvb, int offset, packet_info *pinfo,
 128                        proto_tree *parent_tree, guint8 *drep,
 129                        guint32 param, int hfindex);
 130
 131 int
 132 dissect_ndr_nt_NTTIME (tvbuff_t *tvb, int offset,
 133                         packet_info *pinfo, proto_tree *tree,
 134                         guint8 *drep, int hf_index);
 135 int
 136 dissect_ndr_nt_LOGON_HOURS(tvbuff_t *tvb, int offset,
 137                         packet_info *pinfo, proto_tree *parent_tree,
 138                         guint8 *drep);
 139 int
 140 dissect_ndr_nt_SID(tvbuff_t *tvb, int offset,
 141                    packet_info *pinfo, proto_tree *tree,
 142                    guint8 *drep);
 143 int
 144 dissect_ndr_nt_SID_with_options(tvbuff_t *tvb, int offset,
 145                    packet_info *pinfo, proto_tree *tree,
 146                                 guint8 *drep, guint32 options);
 147 int
 148 dissect_ndr_nt_PSID(tvbuff_t *tvb, int offset,
 149                     packet_info *pinfo, proto_tree *parent_tree,
 150                     guint8 *drep);
 151 int
 152 dissect_ndr_nt_PSID_ARRAY(tvbuff_t *tvb, int offset,
 153                         packet_info *pinfo, proto_tree *parent_tree,
 154                         guint8 *drep);
 155
 156 int
 157 dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
 158                         packet_info *pinfo, proto_tree *parent_tree,
 159                         guint8 *drep);
 160 int
 161 dissect_ndr_nt_SID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
 162                         packet_info *pinfo, proto_tree *parent_tree,
 163                         guint8 *drep);
 164
 165 /*
 166  * Policy handle hashing
 167  */
 168
 169 /* Store open and close packet numbers for a policy handle */
 170
 171 void
 172 dcerpc_smb_store_pol_pkts(e_ctx_hnd *policy_hnd, packet_info *pinfo,
 173                           gboolean is_open, gboolean is_close);
 174
 175 /* Store a name with a policy handle */
 176
 177 void
 178 dcerpc_store_polhnd_name(e_ctx_hnd *policy_hnd, packet_info *pinfo,
 179                           const char *name);
 180
 181 /* Fetch details stored with a policy handle */
 182
 183 gboolean
 184 dcerpc_fetch_polhnd_data(e_ctx_hnd *policy_hnd, char **name, guint32 *type,
 185                      guint32 *open_frame, guint32 *close_frame,
 186                      guint32 cur_frame);
 187
 188 /* Dissect NT specific things */
 189
 190 int
 191 dissect_ntstatus(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 192                  proto_tree *tree, guint8 *drep,
 193                  int hfindex, guint32 *pdata);
 194
 195 int
 196 dissect_doserror(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 197                  proto_tree *tree, guint8 *drep,
 198                  int hfindex, guint32 *pdata);
 199
 200 int
 201 dissect_nt_policy_hnd(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 202                       proto_tree *tree, guint8 *drep, int hfindex,
 203                       e_ctx_hnd *pdata, proto_item **pitem,
 204                       gboolean is_open, gboolean is_close);
 205
 206 int
 207 PIDL_dissect_policy_hnd(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 208                       proto_tree *tree, guint8 *drep, int hfindex,
 209                       guint32 param);
 210
 211 int
 212 dissect_nt_guid_hnd(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 213                       proto_tree *tree, guint8 *drep, int hfindex,
 214                       e_ctx_hnd *pdata, proto_item **pitem,
 215                       gboolean is_open, gboolean is_close);
 216
 217 int
 218 dissect_nt_LUID(tvbuff_t *tvb, int offset,
 219                         packet_info *pinfo, proto_tree *tree,
 220                         guint8 *drep);
 221
 222 /* Stored here instead of packet-dcerpc{,-ndr}.c as they are probably not
 223    official NDR representations. */
 224
 225 int dissect_dcerpc_uint8s(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 226                           proto_tree *tree, guint8 *drep,
 227                           int hfindex, int length, const guint8 **pdata);
 228
 229 int dissect_ndr_uint8s(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 230                        proto_tree *tree, guint8 *drep,
 231                        int hfindex, int length, const guint8 **pdata);
 232
 233 int dissect_dcerpc_uint16s(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 234                            proto_tree *tree, guint8 *drep,
 235                            int hfindex, int length);
 236
 237 int dissect_ndr_uint16s(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 238                         proto_tree *tree, guint8 *drep,
 239                         int hfindex, int length);
 240
 241 int dissect_ndr_str_pointer_item(tvbuff_t *tvb, gint offset,
 242                                  packet_info *pinfo, proto_tree *tree,
 243                                  guint8 *drep, int type, const char *text,
 244                                  int hf_index, int levels);
 245
 246 /*
 247  * Helper routines for dissecting NDR strings
 248  */
 249
 250 /* Number of levels to go up appending string to pointer item */
 251 #define CB_STR_ITEM_LEVELS(x)   ((x) & 0xFFFF)
 252 #define CB_STR_SAVE     0x20000000      /* Save string to dcv->private_data */
 253 #define CB_STR_COL_INFO 0x10000000      /* Append string to COL_INFO */
 254
 255 void cb_wstr_postprocess(packet_info *pinfo, proto_tree *tree _U_,
 256                         proto_item *item, tvbuff_t *tvb,
 257                         int start_offset, int end_offset,
 258                         void *callback_args);
 259 void cb_str_postprocess(packet_info *pinfo, proto_tree *tree _U_,
 260                         proto_item *item, tvbuff_t *tvb,
 261                         int start_offset, int end_offset,
 262                         void *callback_args);
 263
 264 /* Initialise DCERPC over SMB */
 265
 266 void dcerpc_smb_init(int proto_dcerpc);
 267
 268
 269 #endif /* packet-dcerpc-nt.h */