1 /* packet-dcerpc-lsa-ds.c
2 * Routines for SMB \PIPE\lsarpc packet disassembly
3 * Copyright 2002-2003, Tim Potter <tpot@samba.org>
4 * Copyright 2002, Jim McDonough <jmcd@samba.org>
6 * $Id: packet-dcerpc-lsa-ds.c,v 1.14 2004/05/03 19:03:56 guy Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
39 #define LSA_DS_DSROLERGETDOMINFO 0x0000
40 #define LSA_DS_DSROLER_DNS_NAME_TO_FLAT_NAME 0x0001
41 #define LSA_DS_DSROLER_DC_AS_DC 0x0002
42 #define LSA_DS_DSROLER_DC_AS_REPLICA 0x0003
43 #define LSA_DS_DSROLER_DEMOTE_DC 0x0004
44 #define LSA_DS_DSROLER_GET_DC_OPERATION_PROGRESS 0x0005
45 #define LSA_DS_DSROLER_GET_DC_OPERATION_RESULTS 0x0006
46 #define LSA_DS_DSROLER_CANCEL 0x0007
47 #define LSA_DS_DSROLER_SERVER_SAVE_STATE_FOR_UPGRADE 0x0008
48 #define LSA_DS_DSROLER_UPGRADE_DOWNLEVEL_SERVER 0x0009
49 #define LSA_DS_DSROLER_ABORT_DOWNLEVEL_SERVER_UPGRADE 0x000a
51 #define LSA_DS_DSROLE_BASIC_INFO 0x0001
52 #define LSA_DS_DSROLE_UPGRADE_STATUS 0x0002
53 #define LSA_DS_DSROLE_OP_STATUS 0x0003
55 static int proto_dcerpc_lsa_ds = -1;
57 static int hf_lsa_ds_opnum = -1;
58 static int hf_lsa_ds_dominfo_level = -1;
59 static int hf_lsa_ds_machine_role = -1;
60 static int hf_lsa_ds_dominfo_flags = -1;
61 static int hf_lsa_ds_dominfo_netb_name = -1;
62 static int hf_lsa_ds_dominfo_dns_name = -1;
63 static int hf_lsa_ds_dominfo_forest_name = -1;
64 static int hf_lsa_ds_upgrade_state = -1;
65 static int hf_lsa_ds_previous_role = -1;
66 static int hf_lsa_ds_op_status = -1;
67 static int hf_lsa_ds_rc = -1;
69 static gint ett_dcerpc_lsa_ds = -1;
70 static gint ett_lsa_ds_domain_info = -1;
71 static gint ett_lsa_ds_basic_domain_info = -1;
72 static gint ett_lsa_ds_upgrade_status = -1;
73 static gint ett_lsa_ds_op_status = -1;
76 lsa_ds_dissect_DSROLE_BASIC_INFO(tvbuff_t *tvb, int offset,
77 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
79 proto_item *item=NULL;
80 proto_tree *tree=NULL;
81 int old_offset=offset;
84 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
85 "DSROLE_BASIC_DOMAIN_INFO:");
86 tree = proto_item_add_subtree(item,
87 ett_lsa_ds_basic_domain_info);
92 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
93 hf_lsa_ds_machine_role, 0);
96 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
97 hf_lsa_ds_dominfo_flags, 0);
99 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
100 NDR_POINTER_UNIQUE, "NetBIOS domain name pointer",
101 hf_lsa_ds_dominfo_netb_name, 0);
102 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
103 NDR_POINTER_UNIQUE, "DNS domain pointer",
104 hf_lsa_ds_dominfo_dns_name, 0);
105 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
106 NDR_POINTER_UNIQUE, "DNS forest name pointer",
107 hf_lsa_ds_dominfo_forest_name, 0);
110 offset = dissect_nt_GUID(tvb, offset, pinfo, tree, drep);
112 proto_item_set_len(item, offset-old_offset);
117 lsa_ds_dissect_DSROLE_UPGRADE_STATUS(tvbuff_t *tvb, int offset,
119 proto_tree *parent_tree, guint8 *drep)
121 proto_item *item=NULL;
122 proto_tree *tree=NULL;
123 int old_offset=offset;
126 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
127 "DSROLE_UPGRADE_STATUS:");
128 tree = proto_item_add_subtree(item,
129 ett_lsa_ds_upgrade_status);
132 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
133 hf_lsa_ds_upgrade_state, NULL);
134 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
135 hf_lsa_ds_previous_role, NULL);
136 proto_item_set_len(item, offset-old_offset);
142 lsa_ds_dissect_DSROLE_OP_STATUS(tvbuff_t *tvb, int offset,
144 proto_tree *parent_tree, guint8 *drep)
146 proto_item *item=NULL;
147 proto_tree *tree=NULL;
148 int old_offset=offset;
151 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
152 "DSROLE_OP_STATUS:");
153 tree = proto_item_add_subtree(item,
154 ett_lsa_ds_op_status);
156 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
157 hf_lsa_ds_op_status, NULL);
158 proto_item_set_len(item, offset-old_offset);
164 lsa_ds_dissect_DS_DOMINFO_CTR(tvbuff_t *tvb, int offset,
165 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
167 proto_item *item=NULL;
168 proto_tree *tree=NULL;
169 int old_offset=offset;
173 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
175 tree = proto_item_add_subtree(item, ett_lsa_ds_domain_info);
178 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
179 hf_lsa_ds_dominfo_level, &level);
182 case LSA_DS_DSROLE_BASIC_INFO:
183 offset = lsa_ds_dissect_DSROLE_BASIC_INFO(
184 tvb, offset, pinfo, tree, drep);
186 case LSA_DS_DSROLE_UPGRADE_STATUS:
187 offset = lsa_ds_dissect_DSROLE_UPGRADE_STATUS(
188 tvb, offset, pinfo, tree, drep);
190 case LSA_DS_DSROLE_OP_STATUS:
191 offset = lsa_ds_dissect_DSROLE_OP_STATUS(
192 tvb, offset, pinfo, tree, drep);
195 proto_item_set_len(item, offset-old_offset);
201 lsa_ds_dissect_role_get_dom_info_rqst(tvbuff_t *tvb, int offset,
202 packet_info *pinfo, proto_tree *tree, guint8 *drep)
206 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
207 hf_lsa_ds_dominfo_level, &level);
209 if (check_col(pinfo->cinfo, COL_INFO))
210 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
216 lsa_ds_dissect_role_get_dom_info_reply(tvbuff_t *tvb, int offset,
217 packet_info *pinfo, proto_tree *tree, guint8 *drep)
219 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
220 lsa_ds_dissect_DS_DOMINFO_CTR, NDR_POINTER_UNIQUE,
221 "DOMAIN_INFORMATION pointer", -1);
223 offset = dissect_ntstatus(
224 tvb, offset, pinfo, tree, drep, hf_lsa_ds_rc, NULL);
229 static const value_string lsa_ds_dominfo_levels[] = {
230 { LSA_DS_DSROLE_BASIC_INFO, "DsRoleBasicInfo"},
231 { LSA_DS_DSROLE_UPGRADE_STATUS, "DsRoleUpgradeStatus"},
232 { LSA_DS_DSROLE_OP_STATUS, "DsRoleOpStatus"},
236 static const value_string lsa_ds_role_vals[] = {
237 { 0, "Standalone Workstation" },
238 { 1, "Domain Member Workstation" },
239 { 2, "Standalone Server" },
240 { 3, "Domain Member Server" },
241 { 4, "Backup Domain Controller" },
242 { 5, "Primary Domain Controller" },
246 static const value_string lsa_ds_upgrade_vals[] = {
247 { 0, "Not currently upgrading"},
248 { 1, "Upgrade in progress"},
252 static const value_string lsa_ds_previous_roles[] = {
253 { 0, "Unknown state" },
259 static const value_string lsa_ds_op_states[] = {
262 { 2, "Needs reboot" },
267 proto_register_dcerpc_lsa_ds(void)
269 static hf_register_info hf[] = {
272 { "Operation", "ls_ads.opnum", FT_UINT16, BASE_DEC,
273 NULL, 0x0, "Operation", HFILL }},
275 { &hf_lsa_ds_dominfo_level,
276 { "Level", "lsa_ds.dominfo.level", FT_UINT16, BASE_DEC,
277 VALS(lsa_ds_dominfo_levels), 0x0,
278 "Information level of requested data", HFILL }},
280 { &hf_lsa_ds_machine_role,
281 { "Machine role", "lsa_ds.role", FT_UINT16, BASE_HEX,
282 VALS(lsa_ds_role_vals), 0x0, "Role of machine in domain", HFILL}},
284 { &hf_lsa_ds_dominfo_flags,
285 { "Flags", "lsa_ds.dominfo.flags", FT_UINT32, BASE_HEX,
286 NULL, 0x0, "Machine flags", HFILL }},
288 { &hf_lsa_ds_dominfo_netb_name,
289 { "Netbios name", "lsa_ds.dominfo.nbname", FT_STRING, BASE_NONE,
290 NULL, 0x0, "Netbios Domain Name", HFILL}},
292 { &hf_lsa_ds_dominfo_dns_name,
293 { "DNS name", "lsa_ds.dominfo.dnsname", FT_STRING, BASE_NONE,
294 NULL, 0x0, "DNS Domain Name", HFILL}},
296 { &hf_lsa_ds_dominfo_forest_name,
297 { "Forest name", "lsa_ds.dominfo.forest", FT_STRING, BASE_NONE,
298 NULL, 0x0, "DNS Forest Name", HFILL}},
300 { &hf_lsa_ds_upgrade_state,
301 { "Upgrading", "ls_ads.upgrading", FT_UINT32, BASE_DEC,
302 VALS(lsa_ds_upgrade_vals), 0x0, "Upgrade State", HFILL }},
304 { &hf_lsa_ds_previous_role,
305 { "Previous role", "ls_ads.upgrading", FT_UINT16, BASE_DEC,
306 VALS(lsa_ds_previous_roles), 0x0,
307 "Previous server role before upgrade", HFILL }},
309 { &hf_lsa_ds_op_status,
310 { "Operational status", "ls_ads.op_status", FT_UINT16, BASE_DEC,
311 VALS(lsa_ds_op_states), 0x0,
312 "Current operational status", HFILL }},
315 { "Return code", "lsa_ds.rc", FT_UINT32, BASE_HEX,
316 VALS (NT_errors), 0x0, "LSA_DS return status code", HFILL }},
319 static gint *ett[] = {
321 &ett_lsa_ds_domain_info,
322 &ett_lsa_ds_basic_domain_info,
323 &ett_lsa_ds_upgrade_status,
324 &ett_lsa_ds_op_status
327 proto_dcerpc_lsa_ds = proto_register_protocol(
328 "Microsoft Local Security Architecture (Directory Services)",
330 proto_register_field_array(proto_dcerpc_lsa_ds, hf, array_length(hf));
331 proto_register_subtree_array(ett, array_length(ett));
334 /* Protocol handoff */
336 static e_uuid_t uuid_dcerpc_lsa_ds = {
337 0x3919286a, 0xb10c, 0x11d0,
338 { 0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5}
341 static guint16 ver_dcerpc_lsa_ds = 0;
343 static dcerpc_sub_dissector lsa_ds_dissectors[] = {
344 { LSA_DS_DSROLERGETDOMINFO, "DsRolerGetDomInfo",
345 lsa_ds_dissect_role_get_dom_info_rqst,
346 lsa_ds_dissect_role_get_dom_info_reply },
347 { LSA_DS_DSROLER_DNS_NAME_TO_FLAT_NAME,
348 "DsRolerDnsNameToFlatName", NULL, NULL },
349 { LSA_DS_DSROLER_DC_AS_DC,
350 "DsRolerDcAsDc", NULL, NULL },
351 { LSA_DS_DSROLER_DC_AS_REPLICA,
352 "DsRolerDcAsReplica", NULL, NULL },
353 { LSA_DS_DSROLER_DEMOTE_DC,
354 "DsRolerDemoteDc", NULL, NULL },
355 { LSA_DS_DSROLER_GET_DC_OPERATION_PROGRESS,
356 "DsRolerGetDcOperationProgress", NULL, NULL },
357 { LSA_DS_DSROLER_GET_DC_OPERATION_RESULTS,
358 "DsRolerGetDcOperationResults", NULL, NULL },
359 { LSA_DS_DSROLER_CANCEL,
360 "DsRolerCancel", NULL, NULL },
361 { LSA_DS_DSROLER_SERVER_SAVE_STATE_FOR_UPGRADE,
362 "DsRolerServerSaveStateForUpgrade", NULL, NULL },
363 { LSA_DS_DSROLER_UPGRADE_DOWNLEVEL_SERVER,
364 "DsRolerUpgradeDownlevelServer", NULL, NULL },
365 { LSA_DS_DSROLER_ABORT_DOWNLEVEL_SERVER_UPGRADE,
366 "DsRolerAbortDownlevelServerUpgrade", NULL, NULL },
367 { 0, NULL, NULL, NULL },
371 proto_reg_handoff_dcerpc_lsa_ds(void)
373 /* Register protocol as dcerpc */
375 dcerpc_init_uuid(proto_dcerpc_lsa_ds, ett_dcerpc_lsa_ds,
376 &uuid_dcerpc_lsa_ds, ver_dcerpc_lsa_ds,
377 lsa_ds_dissectors, hf_lsa_ds_opnum);