packet-dcerpc-lsa-ds.c

   1 /* packet-dcerpc-lsa-ds.c
   2  * Routines for SMB \PIPE\lsarpc packet disassembly
   3  * Copyright 2002-2003, Tim Potter <tpot@samba.org>
   4  * Copyright 2002, Jim McDonough <jmcd@samba.org>
   5  *
   6  * $Id: packet-dcerpc-lsa-ds.c,v 1.14 2004/05/03 19:03:56 guy Exp $
   7  *
   8  * Ethereal - Network traffic analyzer
   9  * By Gerald Combs <gerald@ethereal.com>
  10  * Copyright 1998 Gerald Combs
  11  *
  12  * This program is free software; you can redistribute it and/or
  13  * modify it under the terms of the GNU General Public License
  14  * as published by the Free Software Foundation; either version 2
  15  * of the License, or (at your option) any later version.
  16  *
  17  * This program is distributed in the hope that it will be useful,
  18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20  * GNU General Public License for more details.
  21  *
  22  * You should have received a copy of the GNU General Public License
  23  * along with this program; if not, write to the Free Software
  24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  25  */
  26
  27 #ifdef HAVE_CONFIG_H
  28 #include "config.h"
  29 #endif
  30
  31 #include <glib.h>
  32 #include <string.h>
  33
  34 #include <epan/packet.h>
  35 #include "packet-dcerpc.h"
  36 #include "packet-dcerpc-nt.h"
  37 #include "smb.h"
  38
  39 #define LSA_DS_DSROLERGETDOMINFO                        0x0000
  40 #define LSA_DS_DSROLER_DNS_NAME_TO_FLAT_NAME            0x0001
  41 #define LSA_DS_DSROLER_DC_AS_DC                         0x0002
  42 #define LSA_DS_DSROLER_DC_AS_REPLICA                    0x0003
  43 #define LSA_DS_DSROLER_DEMOTE_DC                        0x0004
  44 #define LSA_DS_DSROLER_GET_DC_OPERATION_PROGRESS        0x0005
  45 #define LSA_DS_DSROLER_GET_DC_OPERATION_RESULTS         0x0006
  46 #define LSA_DS_DSROLER_CANCEL                           0x0007
  47 #define LSA_DS_DSROLER_SERVER_SAVE_STATE_FOR_UPGRADE    0x0008
  48 #define LSA_DS_DSROLER_UPGRADE_DOWNLEVEL_SERVER         0x0009
  49 #define LSA_DS_DSROLER_ABORT_DOWNLEVEL_SERVER_UPGRADE   0x000a
  50
  51 #define LSA_DS_DSROLE_BASIC_INFO 0x0001
  52 #define LSA_DS_DSROLE_UPGRADE_STATUS 0x0002
  53 #define LSA_DS_DSROLE_OP_STATUS 0x0003
  54
  55 static int proto_dcerpc_lsa_ds = -1;
  56
  57 static int hf_lsa_ds_opnum = -1;
  58 static int hf_lsa_ds_dominfo_level = -1;
  59 static int hf_lsa_ds_machine_role = -1;
  60 static int hf_lsa_ds_dominfo_flags = -1;
  61 static int hf_lsa_ds_dominfo_netb_name = -1;
  62 static int hf_lsa_ds_dominfo_dns_name = -1;
  63 static int hf_lsa_ds_dominfo_forest_name = -1;
  64 static int hf_lsa_ds_upgrade_state = -1;
  65 static int hf_lsa_ds_previous_role = -1;
  66 static int hf_lsa_ds_op_status = -1;
  67 static int hf_lsa_ds_rc = -1;
  68
  69 static gint ett_dcerpc_lsa_ds = -1;
  70 static gint ett_lsa_ds_domain_info = -1;
  71 static gint ett_lsa_ds_basic_domain_info = -1;
  72 static gint ett_lsa_ds_upgrade_status = -1;
  73 static gint ett_lsa_ds_op_status = -1;
  74
  75 static int
  76 lsa_ds_dissect_DSROLE_BASIC_INFO(tvbuff_t *tvb, int offset,
  77         packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
  78 {
  79         proto_item *item=NULL;
  80         proto_tree *tree=NULL;
  81         int old_offset=offset;
  82
  83         if(parent_tree){
  84                 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
  85                         "DSROLE_BASIC_DOMAIN_INFO:");
  86                 tree = proto_item_add_subtree(item,
  87                                               ett_lsa_ds_basic_domain_info);
  88         }
  89
  90         ALIGN_TO_4_BYTES;
  91         /* role */
  92         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
  93                                     hf_lsa_ds_machine_role, 0);
  94
  95         /* flags */
  96         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
  97                                     hf_lsa_ds_dominfo_flags, 0);
  98
  99         offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
 100                 NDR_POINTER_UNIQUE, "NetBIOS domain name pointer",
 101                 hf_lsa_ds_dominfo_netb_name, 0);
 102         offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
 103                 NDR_POINTER_UNIQUE, "DNS domain pointer",
 104                 hf_lsa_ds_dominfo_dns_name, 0);
 105         offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
 106                 NDR_POINTER_UNIQUE, "DNS forest name pointer",
 107                 hf_lsa_ds_dominfo_forest_name, 0);
 108
 109         /* GUID */
 110         offset = dissect_nt_GUID(tvb, offset, pinfo, tree, drep);
 111
 112         proto_item_set_len(item, offset-old_offset);
 113         return offset;
 114 }
 115
 116 static int
 117 lsa_ds_dissect_DSROLE_UPGRADE_STATUS(tvbuff_t *tvb, int offset,
 118                                      packet_info *pinfo,
 119                                      proto_tree *parent_tree, guint8 *drep)
 120 {
 121         proto_item *item=NULL;
 122         proto_tree *tree=NULL;
 123         int old_offset=offset;
 124
 125         if(parent_tree){
 126                 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
 127                         "DSROLE_UPGRADE_STATUS:");
 128                 tree = proto_item_add_subtree(item,
 129                                               ett_lsa_ds_upgrade_status);
 130         }
 131
 132         offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 133                                      hf_lsa_ds_upgrade_state, NULL);
 134         offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
 135                                      hf_lsa_ds_previous_role, NULL);
 136         proto_item_set_len(item, offset-old_offset);
 137
 138         return offset;
 139 }
 140
 141 static int
 142 lsa_ds_dissect_DSROLE_OP_STATUS(tvbuff_t *tvb, int offset,
 143                                      packet_info *pinfo,
 144                                      proto_tree *parent_tree, guint8 *drep)
 145 {
 146         proto_item *item=NULL;
 147         proto_tree *tree=NULL;
 148         int old_offset=offset;
 149
 150         if(parent_tree){
 151                 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
 152                         "DSROLE_OP_STATUS:");
 153                 tree = proto_item_add_subtree(item,
 154                                               ett_lsa_ds_op_status);
 155         }
 156         offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
 157                                      hf_lsa_ds_op_status, NULL);
 158         proto_item_set_len(item, offset-old_offset);
 159
 160         return offset;
 161 }
 162
 163 static int
 164 lsa_ds_dissect_DS_DOMINFO_CTR(tvbuff_t *tvb, int offset,
 165         packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
 166 {
 167         proto_item *item=NULL;
 168         proto_tree *tree=NULL;
 169         int old_offset=offset;
 170         guint16 level;
 171
 172         if(parent_tree){
 173                 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
 174                         "DOMAIN_INFO:");
 175                 tree = proto_item_add_subtree(item, ett_lsa_ds_domain_info);
 176         }
 177
 178         offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
 179                                      hf_lsa_ds_dominfo_level, &level);
 180
 181         switch(level){
 182         case LSA_DS_DSROLE_BASIC_INFO:
 183                 offset = lsa_ds_dissect_DSROLE_BASIC_INFO(
 184                         tvb, offset, pinfo, tree, drep);
 185                 break;
 186         case LSA_DS_DSROLE_UPGRADE_STATUS:
 187                 offset = lsa_ds_dissect_DSROLE_UPGRADE_STATUS(
 188                         tvb, offset, pinfo, tree, drep);
 189                 break;
 190         case LSA_DS_DSROLE_OP_STATUS:
 191                 offset = lsa_ds_dissect_DSROLE_OP_STATUS(
 192                         tvb, offset, pinfo, tree, drep);
 193                 break;
 194         }
 195         proto_item_set_len(item, offset-old_offset);
 196
 197         return offset;
 198 }
 199
 200 static int
 201 lsa_ds_dissect_role_get_dom_info_rqst(tvbuff_t *tvb, int offset,
 202         packet_info *pinfo, proto_tree *tree, guint8 *drep)
 203 {
 204         guint16 level;
 205
 206         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
 207                                     hf_lsa_ds_dominfo_level, &level);
 208
 209         if (check_col(pinfo->cinfo, COL_INFO))
 210                 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
 211
 212         return offset;
 213 }
 214
 215 static int
 216 lsa_ds_dissect_role_get_dom_info_reply(tvbuff_t *tvb, int offset,
 217         packet_info *pinfo, proto_tree *tree, guint8 *drep)
 218 {
 219         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 220                 lsa_ds_dissect_DS_DOMINFO_CTR, NDR_POINTER_UNIQUE,
 221                 "DOMAIN_INFORMATION pointer", -1);
 222
 223         offset = dissect_ntstatus(
 224                 tvb, offset, pinfo, tree, drep, hf_lsa_ds_rc, NULL);
 225
 226         return offset;
 227 }
 228
 229 static const value_string lsa_ds_dominfo_levels[] = {
 230         { LSA_DS_DSROLE_BASIC_INFO, "DsRoleBasicInfo"},
 231         { LSA_DS_DSROLE_UPGRADE_STATUS, "DsRoleUpgradeStatus"},
 232         { LSA_DS_DSROLE_OP_STATUS, "DsRoleOpStatus"},
 233         { 0, NULL }
 234 };
 235
 236 static const value_string lsa_ds_role_vals[] = {
 237         { 0, "Standalone Workstation" },
 238         { 1, "Domain Member Workstation" },
 239         { 2, "Standalone Server" },
 240         { 3, "Domain Member Server" },
 241         { 4, "Backup Domain Controller" },
 242         { 5, "Primary Domain Controller" },
 243         { 0, NULL }
 244 };
 245
 246 static const value_string lsa_ds_upgrade_vals[] = {
 247         { 0, "Not currently upgrading"},
 248         { 1, "Upgrade in progress"},
 249         { 0, NULL }
 250 };
 251
 252 static const value_string lsa_ds_previous_roles[] = {
 253         { 0, "Unknown state" },
 254         { 1, "Primary" },
 255         { 2, "Backup" },
 256         { 0, NULL }
 257 };
 258
 259 static const value_string lsa_ds_op_states[] = {
 260         { 0, "Idle" },
 261         { 1, "Active" },
 262         { 2, "Needs reboot" },
 263         { 0, NULL }
 264 };
 265
 266 void
 267 proto_register_dcerpc_lsa_ds(void)
 268 {
 269         static hf_register_info hf[] = {
 270
 271         { &hf_lsa_ds_opnum,
 272           { "Operation", "ls_ads.opnum", FT_UINT16, BASE_DEC,
 273             NULL, 0x0, "Operation", HFILL }},
 274
 275         { &hf_lsa_ds_dominfo_level,
 276           { "Level", "lsa_ds.dominfo.level", FT_UINT16, BASE_DEC,
 277             VALS(lsa_ds_dominfo_levels), 0x0,
 278             "Information level of requested data", HFILL }},
 279
 280         { &hf_lsa_ds_machine_role,
 281           { "Machine role", "lsa_ds.role", FT_UINT16, BASE_HEX,
 282             VALS(lsa_ds_role_vals), 0x0, "Role of machine in domain", HFILL}},
 283
 284         { &hf_lsa_ds_dominfo_flags,
 285           { "Flags", "lsa_ds.dominfo.flags", FT_UINT32, BASE_HEX,
 286             NULL, 0x0, "Machine flags", HFILL }},
 287
 288         { &hf_lsa_ds_dominfo_netb_name,
 289           { "Netbios name", "lsa_ds.dominfo.nbname", FT_STRING, BASE_NONE,
 290             NULL, 0x0, "Netbios Domain Name", HFILL}},
 291
 292         { &hf_lsa_ds_dominfo_dns_name,
 293           { "DNS name", "lsa_ds.dominfo.dnsname", FT_STRING, BASE_NONE,
 294             NULL, 0x0, "DNS Domain Name", HFILL}},
 295
 296         { &hf_lsa_ds_dominfo_forest_name,
 297           { "Forest name", "lsa_ds.dominfo.forest", FT_STRING, BASE_NONE,
 298             NULL, 0x0, "DNS Forest Name", HFILL}},
 299
 300         { &hf_lsa_ds_upgrade_state,
 301           { "Upgrading", "ls_ads.upgrading", FT_UINT32, BASE_DEC,
 302             VALS(lsa_ds_upgrade_vals), 0x0, "Upgrade State", HFILL }},
 303
 304         { &hf_lsa_ds_previous_role,
 305           { "Previous role", "ls_ads.upgrading", FT_UINT16, BASE_DEC,
 306             VALS(lsa_ds_previous_roles), 0x0,
 307             "Previous server role before upgrade", HFILL }},
 308
 309         { &hf_lsa_ds_op_status,
 310           { "Operational status", "ls_ads.op_status", FT_UINT16, BASE_DEC,
 311             VALS(lsa_ds_op_states), 0x0,
 312             "Current operational status", HFILL }},
 313
 314         { &hf_lsa_ds_rc,
 315           { "Return code", "lsa_ds.rc", FT_UINT32, BASE_HEX,
 316           VALS (NT_errors), 0x0, "LSA_DS return status code", HFILL }},
 317         };
 318
 319         static gint *ett[] = {
 320                 &ett_dcerpc_lsa_ds,
 321                 &ett_lsa_ds_domain_info,
 322                 &ett_lsa_ds_basic_domain_info,
 323                 &ett_lsa_ds_upgrade_status,
 324                 &ett_lsa_ds_op_status
 325         };
 326
 327         proto_dcerpc_lsa_ds = proto_register_protocol(
 328                 "Microsoft Local Security Architecture (Directory Services)",
 329                 "LSA_DS", "lsa_ds");
 330         proto_register_field_array(proto_dcerpc_lsa_ds, hf, array_length(hf));
 331         proto_register_subtree_array(ett, array_length(ett));
 332 }
 333
 334 /* Protocol handoff */
 335
 336 static e_uuid_t uuid_dcerpc_lsa_ds = {
 337         0x3919286a, 0xb10c, 0x11d0,
 338         { 0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5}
 339 };
 340
 341 static guint16 ver_dcerpc_lsa_ds = 0;
 342
 343 static dcerpc_sub_dissector lsa_ds_dissectors[] = {
 344         { LSA_DS_DSROLERGETDOMINFO, "DsRolerGetDomInfo",
 345           lsa_ds_dissect_role_get_dom_info_rqst,
 346           lsa_ds_dissect_role_get_dom_info_reply },
 347         { LSA_DS_DSROLER_DNS_NAME_TO_FLAT_NAME,
 348           "DsRolerDnsNameToFlatName", NULL, NULL },
 349         { LSA_DS_DSROLER_DC_AS_DC,
 350           "DsRolerDcAsDc", NULL, NULL },
 351         { LSA_DS_DSROLER_DC_AS_REPLICA,
 352           "DsRolerDcAsReplica", NULL, NULL },
 353         { LSA_DS_DSROLER_DEMOTE_DC,
 354           "DsRolerDemoteDc", NULL, NULL },
 355         { LSA_DS_DSROLER_GET_DC_OPERATION_PROGRESS,
 356           "DsRolerGetDcOperationProgress", NULL, NULL },
 357         { LSA_DS_DSROLER_GET_DC_OPERATION_RESULTS,
 358           "DsRolerGetDcOperationResults", NULL, NULL },
 359         { LSA_DS_DSROLER_CANCEL,
 360           "DsRolerCancel", NULL, NULL },
 361         { LSA_DS_DSROLER_SERVER_SAVE_STATE_FOR_UPGRADE,
 362           "DsRolerServerSaveStateForUpgrade", NULL, NULL },
 363         { LSA_DS_DSROLER_UPGRADE_DOWNLEVEL_SERVER,
 364           "DsRolerUpgradeDownlevelServer", NULL, NULL },
 365         { LSA_DS_DSROLER_ABORT_DOWNLEVEL_SERVER_UPGRADE,
 366           "DsRolerAbortDownlevelServerUpgrade", NULL, NULL },
 367         { 0, NULL, NULL, NULL },
 368 };
 369
 370 void
 371 proto_reg_handoff_dcerpc_lsa_ds(void)
 372 {
 373         /* Register protocol as dcerpc */
 374
 375         dcerpc_init_uuid(proto_dcerpc_lsa_ds, ett_dcerpc_lsa_ds,
 376                          &uuid_dcerpc_lsa_ds, ver_dcerpc_lsa_ds,
 377                          lsa_ds_dissectors, hf_lsa_ds_opnum);
 378 }