see http://www.opengroup.org/onlinepubs/9629399/chap12.htm for packet
layouts
*/
-[]
interface dcerpc
{
typedef [public] struct {
const uint8 DCERPC_REQUEST_LENGTH = 24;
const uint8 DCERPC_MAX_SIGN_SIZE = 32;
+ typedef struct {
+ } dcerpc_empty;
+
+ typedef [nodiscriminant] union {
+ [default] dcerpc_empty empty;
+ [case(LIBNDR_FLAG_OBJECT_PRESENT)] GUID object;
+ } dcerpc_object;
+
typedef struct {
uint32 alloc_hint;
uint16 context_id;
uint16 opnum;
+ [switch_is(ndr->flags & LIBNDR_FLAG_OBJECT_PRESENT)] dcerpc_object object;
[flag(NDR_ALIGN8)] DATA_BLOB _pad;
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_request;
const int DCERPC_FAULT_OP_RNG_ERROR = 0x1c010002;
+ const int DCERPC_FAULT_UNK_IF = 0x1c010003;
const int DCERPC_FAULT_NDR = 0x000006f7;
const int DCERPC_FAULT_INVALID_TAG = 0x1c000006;
const int DCERPC_FAULT_CONTEXT_MISMATCH = 0x1c00001a;
const int DCERPC_FAULT_OTHER = 0x00000001;
+ const int DCERPC_FAULT_LOGON_FAILURE = 0x00000005;
+ const int DCERPC_FAULT_CANT_PERFORM = 0x000006d8;
/* we return this fault when we haven't yet run the test
to see what fault w2k3 returns in this case */
uint32 status;
} dcerpc_fault;
-
+ /* the auth types we know about
const uint8 DCERPC_AUTH_TYPE_NONE = 0;
- const uint8 DCERPC_AUTH_TYPE_KRB5 = 1;
+ /* this seems to be not krb5! */
+ const uint8 DCERPC_AUTH_TYPE_KRB5_1 = 1;
const uint8 DCERPC_AUTH_TYPE_SPNEGO = 9;
const uint8 DCERPC_AUTH_TYPE_NTLMSSP = 10;
+ /* I'm not 100% sure but type 16(0x10)
+ * seems to be raw krb5 --metze
+ */
+ const uint8 DCERPC_AUTH_TYPE_KRB5 = 16;
const uint8 DCERPC_AUTH_TYPE_SCHANNEL = 68;
-
+ const uint8 DCERPC_AUTH_TYPE_MSMQ = 100;
+
+ const uint8 DCERPC_AUTH_LEVEL_DEFAULT = DCERPC_AUTH_LEVEL_CONNECT;
const uint8 DCERPC_AUTH_LEVEL_NONE = 1;
const uint8 DCERPC_AUTH_LEVEL_CONNECT = 2;
const uint8 DCERPC_AUTH_LEVEL_CALL = 3;
[flag(NDR_REMAINING)] DATA_BLOB auth_info;
} dcerpc_auth3;
- typedef enum {
+ typedef [enum8bit] enum {
DCERPC_PKT_REQUEST = 0,
DCERPC_PKT_PING = 1,
DCERPC_PKT_RESPONSE = 2,
DCERPC_PKT_BIND_ACK = 12,
DCERPC_PKT_BIND_NAK = 13,
DCERPC_PKT_ALTER = 14,
- DCERPC_PKT_ALTER_ACK = 15,
+ DCERPC_PKT_ALTER_RESP = 15,
DCERPC_PKT_AUTH3 = 16,
DCERPC_PKT_SHUTDOWN = 17,
DCERPC_PKT_CO_CANCEL = 18,
} dcerpc_pkt_type;
typedef [nodiscriminant] union {
- [case(DCERPC_PKT_REQUEST)] dcerpc_request request;
- [case(DCERPC_PKT_RESPONSE)] dcerpc_response response;
- [case(DCERPC_PKT_BIND)] dcerpc_bind bind;
- [case(DCERPC_PKT_BIND_ACK)] dcerpc_bind_ack bind_ack;
- [case(DCERPC_PKT_ALTER)] dcerpc_bind alter;
- [case(DCERPC_PKT_ALTER_ACK)] dcerpc_bind_ack alter_ack;
- [case(DCERPC_PKT_FAULT)] dcerpc_fault fault;
- [case(DCERPC_PKT_AUTH3)] dcerpc_auth3 auth;
- [case(DCERPC_PKT_BIND_NAK)] dcerpc_bind_nak bind_nak;
+ [case(DCERPC_PKT_REQUEST)] dcerpc_request request;
+ [case(DCERPC_PKT_RESPONSE)] dcerpc_response response;
+ [case(DCERPC_PKT_BIND)] dcerpc_bind bind;
+ [case(DCERPC_PKT_BIND_ACK)] dcerpc_bind_ack bind_ack;
+ [case(DCERPC_PKT_ALTER)] dcerpc_bind alter;
+ [case(DCERPC_PKT_ALTER_RESP)] dcerpc_bind_ack alter_resp;
+ [case(DCERPC_PKT_FAULT)] dcerpc_fault fault;
+ [case(DCERPC_PKT_AUTH3)] dcerpc_auth3 auth3;
+ [case(DCERPC_PKT_BIND_NAK)] dcerpc_bind_nak bind_nak;
} dcerpc_payload;
const uint8 DCERPC_PFC_FLAG_FIRST = 0x01;
const uint8 DCERPC_PFC_FLAG_LAST = 0x02;
const uint8 DCERPC_PFC_FLAG_NOCALL = 0x20;
+ const uint8 DCERPC_PFC_FLAG_ORPC = 0x80;
/* these offsets are needed by the signing code */
const uint8 DCERPC_DREP_OFFSET = 4;
const uint8 DCERPC_DREP_LE = 0x10;
typedef [public] struct {
- uint8 rpc_vers; /* RPC version */
- uint8 rpc_vers_minor; /* Minor version */
- uint8 ptype; /* Packet type */
- uint8 pfc_flags; /* Fragmentation flags */
- uint8 drep[4]; /* NDR data representation */
- uint16 frag_length; /* Total length of fragment */
- uint16 auth_length; /* authenticator length */
- uint32 call_id; /* Call identifier */
-
+ uint8 rpc_vers; /* RPC version */
+ uint8 rpc_vers_minor; /* Minor version */
+ dcerpc_pkt_type ptype; /* Packet type */
+ uint8 pfc_flags; /* Fragmentation flags */
+ uint8 drep[4]; /* NDR data representation */
+ uint16 frag_length; /* Total length of fragment */
+ uint16 auth_length; /* authenticator length */
+ uint32 call_id; /* Call identifier */
[switch_is(ptype)] dcerpc_payload u;
} dcerpc_packet;
}