{
RPC_REQUEST = 0x00,
RPC_RESPONSE = 0x02,
+ RPC_FAULT = 0x03,
RPC_BIND = 0x0B,
RPC_BINDACK = 0x0C,
+ RPC_BINDNACK = 0x0D,
RPC_BINDRESP = 0x10 /* not the real name! this is undocumented! */
};
#define NTLMSSP_NEGOTIATE_128 0x20000000
#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000
+#define SMBD_NTLMSSP_NEG_FLAGS 0x000082b1
+
/* NTLMSSP signature version */
#define NTLMSSP_SIGN_VERSION 0x01
+/* NTLMSSP auth type and level. */
+#define NTLMSSP_AUTH_TYPE 0xa
+#define NTLMSSP_AUTH_LEVEL 0x6
+
+/* Maximum PDU fragment size. */
+#define MAX_PDU_FRAG_LEN 0x1630
+
+/*
+ * Actual structure of a DCE UUID
+ */
+
+typedef struct rpc_uuid
+{
+ uint32 time_low;
+ uint16 time_mid;
+ uint16 time_hi_and_version;
+ uint8 remaining[8];
+} RPC_UUID;
+
+#define RPC_UUID_LEN 16
/* RPC_IFACE */
typedef struct rpc_iface_info
{
- uint8 data[16]; /* 16 bytes of rpc interface identification */
+ RPC_UUID uuid; /* 16 bytes of rpc interface identification */
uint32 version; /* the interface version number */
} RPC_IFACE;
+#define RPC_IFACE_LEN (RPC_UUID_LEN + 4)
+
struct pipe_id_info
{
/* the names appear not to matter: the syntaxes _do_ matter */
uint8 minor; /* 0 - RPC minor version */
uint8 pkt_type; /* RPC_PKT_TYPE - RPC response packet */
uint8 flags; /* DCE/RPC flags */
- uint32 pack_type; /* 0x1000 0000 - packed data representation */
+ uint8 pack_type[4]; /* 0x1000 0000 - little-endian packed data representation */
uint16 frag_len; /* fragment length - data size (bytes) inc header and tail. */
uint16 auth_len; /* 0 - authentication length */
uint32 call_id; /* call identifier. matches 12th uint32 of incoming RPC data. */
} RPC_HDR;
+#define RPC_HEADER_LEN 16
+
/* RPC_HDR_REQ - ms request rpc header */
typedef struct rpc_hdr_req_info
{
} RPC_HDR_REQ;
+#define RPC_HDR_REQ_LEN 8
+
/* RPC_HDR_RESP - ms response rpc header */
typedef struct rpc_hdr_resp_info
{
} RPC_HDR_RESP;
+#define RPC_HDR_RESP_LEN 8
+
/* this seems to be the same string name depending on the name of the pipe,
* but is more likely to be linked to the interface name
* "srvsvc", "\\PIPE\\ntsvcs"
} RPC_HDR_BBA;
+#define RPC_HDR_BBA_LEN 8
+
/* RPC_HDR_AUTHA */
typedef struct rpc_hdr_autha_info
{
} RPC_HDR_AUTHA;
+#define RPC_HDR_AUTHA_LEN 12
+
/* RPC_HDR_AUTH */
typedef struct rpc_hdr_auth_info
{
} RPC_HDR_AUTH;
+#define RPC_HDR_AUTH_LEN 8
+
/* RPC_BIND_REQ - ms req bind */
typedef struct rpc_bind_req_info
{
} RPC_HDR_RB;
+/*
+ * The following length is 8 bytes RPC_HDR_BBA_LEN, 8 bytes internals
+ * (with 3 bytes padding), + 2 x RPC_IFACE_LEN bytes for RPC_IFACE structs.
+ */
+
+#define RPC_HDR_RB_LEN (RPC_HDR_BBA_LEN + 8 + (2*RPC_IFACE_LEN))
+
/* RPC_RESULTS - can only cope with one reason, right now... */
typedef struct rpc_results_info
{
} RPC_AUTH_NTLMSSP_RESP;
-
/* attached to the end of encrypted rpc requests and responses */
/* RPC_AUTH_NTLMSSP_CHK */
typedef struct rpc_auth_ntlmssp_chk_info
} RPC_AUTH_NTLMSSP_CHK;
-#endif /* _DCE_RPC_H */
+#define RPC_AUTH_NTLMSSP_CHK_LEN 16
+#endif /* _DCE_RPC_H */