epan/dissectors/packet-dcerpc-nt.h

   1 /* packet-dcerpc-nt.h
   2  * Routines for DCERPC over SMB packet disassembly
   3  * Copyright 2001-2003 Tim Potter <tpot@samba.org>
   4  *
   5  * $Id$
   6  *
   7  * Wireshark - Network traffic analyzer
   8  * By Gerald Combs <gerald@wireshark.org>
   9  * Copyright 1998 Gerald Combs
  10  *
  11  * This program is free software; you can redistribute it and/or
  12  * modify it under the terms of the GNU General Public License
  13  * as published by the Free Software Foundation; either version 2
  14  * of the License, or (at your option) any later version.
  15  *
  16  * This program is distributed in the hope that it will be useful,
  17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  * GNU General Public License for more details.
  20  *
  21  * You should have received a copy of the GNU General Public License
  22  * along with this program; if not, write to the Free Software
  23  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  24  */
  25
  26 #ifndef __PACKET_DCERPC_NT_H
  27 #define __PACKET_DCERPC_NT_H
  28
  29 /*
  30  * ett_ value for Unicode strings.
  31  */
  32 extern gint ett_nt_unicode_string;
  33
  34 /*
  35  * Platform ID values, used by several dissectors.
  36  */
  37 extern const value_string platform_id_vals[];
  38
  39 /* Routines for handling deferral of referants in NDR */
  40
  41 #define ALIGN_TO_8_BYTES \
  42         { dcerpc_info *xzdi; \
  43           xzdi=pinfo->private_data; \
  44           if(!xzdi->conformant_run) { \
  45                 if(offset&0x07) { \
  46                         offset=(offset&0xfffffff8)+8; \
  47                 } \
  48           } \
  49         }
  50 #define ALIGN_TO_4_BYTES \
  51         { dcerpc_info *xzdi; \
  52           xzdi=pinfo->private_data; \
  53           if(!xzdi->conformant_run) { \
  54                 if(offset&0x03) { \
  55                         offset=(offset&0xfffffffc)+4; \
  56                 } \
  57           } \
  58         }
  59 #define ALIGN_TO_2_BYTES \
  60         { dcerpc_info *xzdi; \
  61           xzdi=pinfo->private_data; \
  62           if(!xzdi->conformant_run) { \
  63                 if(offset&0x01) { \
  64                         offset=(offset&0xfffffffe)+2; \
  65                 } \
  66           } \
  67         }
  68
  69 int
  70 dissect_ndr_counted_ascii_string_cb(tvbuff_t *tvb, int offset,
  71                                   packet_info *pinfo, proto_tree *tree,
  72                                   guint8 *drep, int hf_index,
  73                                   dcerpc_callback_fnct_t *callback,
  74                                     void *callback_args);
  75 int
  76 dissect_ndr_counted_ascii_string(tvbuff_t *tvb, int offset,
  77                                packet_info *pinfo, proto_tree *tree,
  78                                  guint8 *drep, int hf_index, int levels);
  79
  80 int
  81 dissect_ndr_counted_string_cb(tvbuff_t *tvb, int offset,
  82                               packet_info *pinfo, proto_tree *tree,
  83                               guint8 *drep, int hf_index,
  84                               dcerpc_callback_fnct_t *callback,
  85                               void *callback_args);
  86
  87 int
  88 dissect_ndr_counted_string_ptr(tvbuff_t *tvb, int offset,
  89                                packet_info *pinfo, proto_tree *parent_tree,
  90                                guint8 *drep);
  91
  92 int
  93 dissect_ndr_counted_string(tvbuff_t *tvb, int offset,
  94                            packet_info *pinfo, proto_tree *parent_tree,
  95                            guint8 *drep, int hf_index, int levels);
  96
  97 int
  98 dissect_ndr_counted_byte_array(tvbuff_t *tvb, int offset,
  99                                packet_info *pinfo, proto_tree *parent_tree,
 100                                guint8 *drep, int hf_index, int levels);
 101
 102 int
 103 dissect_ndr_counted_byte_array_cb(tvbuff_t *tvb, int offset,
 104                                   packet_info *pinfo, proto_tree *tree,
 105                                   guint8 *drep, int hf_index,
 106                                   dcerpc_callback_fnct_t *callback,
 107                                   void *callback_args);
 108
 109 int
 110 dissect_ndr_nt_acct_ctrl(tvbuff_t *tvb, int offset, packet_info *pinfo,
 111                         proto_tree *parent_tree, guint8 *drep);
 112
 113 int
 114 dissect_nt_GUID(tvbuff_t *tvb, int offset,
 115                         packet_info *pinfo, proto_tree *tree,
 116                         guint8 *drep);
 117
 118 int
 119 dissect_ndr_nt_NTTIME (tvbuff_t *tvb, int offset,
 120                         packet_info *pinfo, proto_tree *tree,
 121                         guint8 *drep, int hf_index);
 122 int
 123 dissect_ndr_nt_LOGON_HOURS(tvbuff_t *tvb, int offset,
 124                         packet_info *pinfo, proto_tree *parent_tree,
 125                         guint8 *drep);
 126 int
 127 dissect_ndr_nt_SID(tvbuff_t *tvb, int offset,
 128                    packet_info *pinfo, proto_tree *tree,
 129                    guint8 *drep);
 130 int
 131 dissect_ndr_nt_SID_with_options(tvbuff_t *tvb, int offset,
 132                    packet_info *pinfo, proto_tree *tree,
 133                                 guint8 *drep, guint32 options);
 134 int
 135 dissect_ndr_nt_PSID(tvbuff_t *tvb, int offset,
 136                     packet_info *pinfo, proto_tree *parent_tree,
 137                     guint8 *drep);
 138 int
 139 dissect_ndr_nt_PSID_ARRAY(tvbuff_t *tvb, int offset,
 140                         packet_info *pinfo, proto_tree *parent_tree,
 141                         guint8 *drep);
 142
 143 int
 144 dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
 145                         packet_info *pinfo, proto_tree *parent_tree,
 146                         guint8 *drep);
 147 int
 148 dissect_ndr_nt_SID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
 149                         packet_info *pinfo, proto_tree *parent_tree,
 150                         guint8 *drep);
 151
 152 /*
 153  * Policy handle hashing
 154  */
 155
 156 /* Store open and close packet numbers for a policy handle */
 157
 158 void
 159 dcerpc_smb_store_pol_pkts(e_ctx_hnd *policy_hnd, packet_info *pinfo,
 160                           gboolean is_open, gboolean is_close);
 161
 162 /* Store a name with a policy handle */
 163
 164 void
 165 dcerpc_smb_store_pol_name(e_ctx_hnd *policy_hnd, packet_info *pinfo,
 166                           const char *name);
 167
 168 /* Fetch details stored with a policy handle */
 169
 170 gboolean
 171 dcerpc_smb_fetch_pol(e_ctx_hnd *policy_hnd, char **name,
 172                      guint32 *open_frame, guint32 *close_frame,
 173                      guint32 cur_frame);
 174
 175 /* Dissect NT specific things */
 176
 177 int
 178 dissect_ntstatus(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 179                  proto_tree *tree, guint8 *drep,
 180                  int hfindex, guint32 *pdata);
 181
 182 int
 183 dissect_doserror(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 184                  proto_tree *tree, guint8 *drep,
 185                  int hfindex, guint32 *pdata);
 186
 187 int
 188 dissect_nt_policy_hnd(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 189                       proto_tree *tree, guint8 *drep, int hfindex,
 190                       e_ctx_hnd *pdata, proto_item **pitem,
 191                       gboolean is_open, gboolean is_close);
 192
 193 int
 194 dissect_nt_guid_hnd(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 195                       proto_tree *tree, guint8 *drep, int hfindex,
 196                       e_ctx_hnd *pdata, proto_item **pitem,
 197                       gboolean is_open, gboolean is_close);
 198
 199 int
 200 dissect_nt_LUID(tvbuff_t *tvb, int offset,
 201                         packet_info *pinfo, proto_tree *tree,
 202                         guint8 *drep);
 203
 204 /* Stored here instead of packet-dcerpc{,-ndr}.c as they are probably not
 205    official NDR representations. */
 206
 207 int dissect_dcerpc_uint8s(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 208                           proto_tree *tree, guint8 *drep,
 209                           int hfindex, int length, const guint8 **pdata);
 210
 211 int dissect_ndr_uint8s(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 212                        proto_tree *tree, guint8 *drep,
 213                        int hfindex, int length, const guint8 **pdata);
 214
 215 int dissect_dcerpc_uint16s(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 216                            proto_tree *tree, guint8 *drep,
 217                            int hfindex, int length);
 218
 219 int dissect_ndr_uint16s(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 220                         proto_tree *tree, guint8 *drep,
 221                         int hfindex, int length);
 222
 223 int dissect_ndr_str_pointer_item(tvbuff_t *tvb, gint offset,
 224                                  packet_info *pinfo, proto_tree *tree,
 225                                  guint8 *drep, int type, const char *text,
 226                                  int hf_index, int levels);
 227
 228 /*
 229  * Helper routines for dissecting NDR strings
 230  */
 231
 232 /* Number of levels to go up appending string to pointer item */
 233 #define CB_STR_ITEM_LEVELS(x)   ((x) & 0xFFFF)
 234 #define CB_STR_COL_INFO 0x10000 /* Append string to COL_INFO */
 235 #define CB_STR_SAVE     0x20000 /* Save string to dcv->private_data */
 236
 237 void cb_wstr_postprocess(packet_info *pinfo, proto_tree *tree _U_,
 238                         proto_item *item, tvbuff_t *tvb,
 239                         int start_offset, int end_offset,
 240                         void *callback_args);
 241 void cb_str_postprocess(packet_info *pinfo, proto_tree *tree _U_,
 242                         proto_item *item, tvbuff_t *tvb,
 243                         int start_offset, int end_offset,
 244                         void *callback_args);
 245
 246 /* Initialise DCERPC over SMB */
 247
 248 void dcerpc_smb_init(int proto_dcerpc);
 249
 250 #endif /* packet-dcerpc-nt.h */