2 * Copyright 2001, Todd Sabin <tas@webspan.net>
3 * Copyright 2003, Tim Potter <tpot@samba.org>
5 * $Id: packet-dcerpc.h,v 1.42 2004/05/09 10:03:37 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 #ifndef __PACKET_DCERPC_H__
27 #define __PACKET_DCERPC_H__
29 #include <epan/conversation.h>
31 typedef struct _e_uuid_t {
38 /* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */
39 #define DCERPC_UUID_STR_LEN 36+1
41 typedef struct _e_ctx_hnd {
46 typedef struct _e_dce_cn_common_hdr_t {
55 } e_dce_cn_common_hdr_t;
57 typedef struct _e_dce_dg_common_hdr_t {
77 } e_dce_dg_common_hdr_t;
79 typedef struct _dcerpc_auth_info {
95 #define PDU_CL_CANCEL 8
97 #define PDU_CANCEL_ACK 10
99 #define PDU_BIND_ACK 12
100 #define PDU_BIND_NAK 13
102 #define PDU_ALTER_ACK 15
104 #define PDU_SHUTDOWN 17
105 #define PDU_CO_CANCEL 18
106 #define PDU_ORPHANED 19
110 * helpers for packet-dcerpc.c and packet-dcerpc-ndr.c
111 * If you're writing a subdissector, you almost certainly want the
112 * NDR functions below.
114 guint16 dcerpc_tvb_get_ntohs (tvbuff_t *tvb, gint offset, guint8 *drep);
115 guint32 dcerpc_tvb_get_ntohl (tvbuff_t *tvb, gint offset, guint8 *drep);
116 void dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid);
117 int dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
118 proto_tree *tree, guint8 *drep,
119 int hfindex, guint8 *pdata);
120 int dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
121 proto_tree *tree, guint8 *drep,
122 int hfindex, guint16 *pdata);
123 int dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
124 proto_tree *tree, guint8 *drep,
125 int hfindex, guint32 *pdata);
126 int dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
127 proto_tree *tree, guint8 *drep,
128 int hfindex, unsigned char *pdata);
129 int dissect_dcerpc_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
130 proto_tree *tree, guint8 *drep,
131 int hfindex, gfloat *pdata);
132 int dissect_dcerpc_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
133 proto_tree *tree, guint8 *drep,
134 int hfindex, gdouble *pdata);
135 int dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
136 proto_tree *tree, guint8 *drep,
137 int hfindex, guint32 *pdata);
139 * NDR routines for subdissectors.
141 int dissect_ndr_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
142 proto_tree *tree, guint8 *drep,
143 int hfindex, guint8 *pdata);
144 int dissect_ndr_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
145 proto_tree *tree, guint8 *drep,
146 int hfindex, guint16 *pdata);
147 int dissect_ndr_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
148 proto_tree *tree, guint8 *drep,
149 int hfindex, guint32 *pdata);
150 int dissect_ndr_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
151 proto_tree *tree, guint8 *drep,
152 int hfindex, unsigned char *pdata);
153 int dissect_ndr_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
154 proto_tree *tree, guint8 *drep,
155 int hfindex, gfloat *pdata);
156 int dissect_ndr_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
157 proto_tree *tree, guint8 *drep,
158 int hfindex, gdouble *pdata);
159 int dissect_ndr_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
160 proto_tree *tree, guint8 *drep,
161 int hfindex, guint32 *pdata);
162 int dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
163 proto_tree *tree, guint8 *drep,
164 int hfindex, e_uuid_t *pdata);
165 int dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo,
166 proto_tree *tree, guint8 *drep,
167 int hfindex, e_ctx_hnd *pdata);
169 typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
171 typedef void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args);
173 #define NDR_POINTER_REF 1
174 #define NDR_POINTER_UNIQUE 2
175 #define NDR_POINTER_PTR 3
177 int dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
178 proto_tree *tree, guint8 *drep,
179 dcerpc_dissect_fnct_t *fnct, int type, char *text,
180 int hf_index, dcerpc_callback_fnct_t *callback,
181 void *callback_args);
183 int dissect_ndr_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
184 proto_tree *tree, guint8 *drep,
185 dcerpc_dissect_fnct_t *fnct, int type, char *text,
188 /* dissect a NDR unidimensional conformant array */
189 int dissect_ndr_ucarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
190 proto_tree *tree, guint8 *drep,
191 dcerpc_dissect_fnct_t *fnct);
193 /* dissect a NDR unidimensional conformant and varying array */
194 int dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
195 proto_tree *tree, guint8 *drep,
196 dcerpc_dissect_fnct_t *fnct);
198 int dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
199 proto_tree *tree, guint8 *drep);
201 int dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
202 proto_tree *tree, guint8 *drep, int size_is,
203 int hfinfo, gboolean add_subtree,
205 int dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
206 proto_tree *tree, guint8 *drep);
207 int dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
208 proto_tree *tree, guint8 *drep);
210 typedef struct _dcerpc_sub_dissector {
213 dcerpc_dissect_fnct_t *dissect_rqst;
214 dcerpc_dissect_fnct_t *dissect_resp;
215 } dcerpc_sub_dissector;
217 /* registration function for subdissectors */
218 void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs, int opnum_hf);
219 char *dcerpc_get_proto_name(e_uuid_t *uuid, guint16 ver);
220 int dcerpc_get_proto_hf_opnum(e_uuid_t *uuid, guint16 ver);
221 dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver);
223 /* Create a opnum, name value_string from a subdissector list */
225 value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd);
227 /* Private data structure to pass to DCERPC dissector. This is used to
228 pass transport specific information down to the dissector from the
229 dissector that parsed this encapsulated calls. */
231 #define DCERPC_TRANSPORT_SMB 1
233 typedef struct _dcerpc_private_info {
234 int transport_type; /* Tag */
237 struct { /* DCERPC_TRANSPORT_SMB */
241 } dcerpc_private_info;
243 /* Private data passed to subdissectors from the main DCERPC dissector. */
244 typedef struct _dcerpc_call_value {
255 typedef struct _dcerpc_info {
256 conversation_t *conv; /* Which TCP stream we are in */
257 guint32 call_id; /* Context id for this call */
258 guint16 smb_fid; /* FID for DCERPC over SMB */
259 guint8 ptype; /* packet type: PDU_REQ, PDU_RESP, ... */
260 gboolean conformant_run;
261 gint32 conformant_eaten; /* how many bytes did the conformant run eat?*/
262 guint32 array_max_count; /* max_count for conformant arrays */
263 guint32 array_max_count_offset;
264 guint32 array_offset;
265 guint32 array_offset_offset;
266 guint32 array_actual_count;
267 guint32 array_actual_count_offset;
269 dcerpc_call_value *call_data;
274 /* the registered subdissectors. With MSVC and a
275 * libethereal.dll, we need a special declaration.
277 ETH_VAR_IMPORT GHashTable *dcerpc_uuids;
279 typedef struct _dcerpc_uuid_key {
284 typedef struct _dcerpc_uuid_value {
289 dcerpc_sub_dissector *procs;
293 /* Authenticated pipe registration functions and miscellanea */
295 typedef tvbuff_t *(dcerpc_decode_data_fnct_t)(tvbuff_t *tvb, int offset,
297 dcerpc_auth_info *auth_info);
299 typedef struct _dcerpc_auth_subdissector_fns {
301 /* Dissect credentials and verifiers */
303 dcerpc_dissect_fnct_t *bind_fn;
304 dcerpc_dissect_fnct_t *bind_ack_fn;
305 dcerpc_dissect_fnct_t *auth3_fn;
306 dcerpc_dissect_fnct_t *req_verf_fn;
307 dcerpc_dissect_fnct_t *resp_verf_fn;
309 /* Decrypt encrypted requests/response PDUs */
311 dcerpc_decode_data_fnct_t *req_data_fn;
312 dcerpc_decode_data_fnct_t *resp_data_fn;
314 } dcerpc_auth_subdissector_fns;
316 void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type,
317 dcerpc_auth_subdissector_fns *fns);
319 /* Authentication services */
321 #define DCE_C_RPC_AUTHN_PROTOCOL_NONE 0
322 #define DCE_C_RPC_AUTHN_PROTOCOL_KRB5 1
323 #define DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO 9
324 #define DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP 10
325 #define DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN 68
327 /* Protection levels */
329 #define DCE_C_AUTHN_LEVEL_NONE 1
330 #define DCE_C_AUTHN_LEVEL_CONNECT 2
331 #define DCE_C_AUTHN_LEVEL_CALL 3
332 #define DCE_C_AUTHN_LEVEL_PKT 4
333 #define DCE_C_AUTHN_LEVEL_PKT_INTEGRITY 5
334 #define DCE_C_AUTHN_LEVEL_PKT_PRIVACY 6
337 init_ndr_pointer_list(packet_info *pinfo);
339 #endif /* packet-dcerpc.h */