2 * Copyright 2001, Todd Sabin <tas@webspan.net>
3 * Copyright 2003, Tim Potter <tpot@samba.org>
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 #ifndef __PACKET_DCERPC_H__
27 #define __PACKET_DCERPC_H__
29 #include <epan/conversation.h>
31 typedef struct _e_uuid_t {
38 /* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */
39 #define DCERPC_UUID_STR_LEN 36+1
41 typedef struct _e_ctx_hnd {
46 typedef struct _e_dce_cn_common_hdr_t {
55 } e_dce_cn_common_hdr_t;
57 typedef struct _e_dce_dg_common_hdr_t {
77 } e_dce_dg_common_hdr_t;
79 typedef struct _dcerpc_auth_info {
95 #define PDU_CL_CANCEL 8
97 #define PDU_CANCEL_ACK 10
99 #define PDU_BIND_ACK 12
100 #define PDU_BIND_NAK 13
102 #define PDU_ALTER_ACK 15
104 #define PDU_SHUTDOWN 17
105 #define PDU_CO_CANCEL 18
106 #define PDU_ORPHANED 19
110 * helpers for packet-dcerpc.c and packet-dcerpc-ndr.c
111 * If you're writing a subdissector, you almost certainly want the
112 * NDR functions below.
114 guint16 dcerpc_tvb_get_ntohs (tvbuff_t *tvb, gint offset, guint8 *drep);
115 guint32 dcerpc_tvb_get_ntohl (tvbuff_t *tvb, gint offset, guint8 *drep);
116 void dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid);
117 int dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
118 proto_tree *tree, guint8 *drep,
119 int hfindex, guint8 *pdata);
120 int dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
121 proto_tree *tree, guint8 *drep,
122 int hfindex, guint16 *pdata);
123 int dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
124 proto_tree *tree, guint8 *drep,
125 int hfindex, guint32 *pdata);
126 int dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
127 proto_tree *tree, guint8 *drep,
128 int hfindex, unsigned char *pdata);
129 int dissect_dcerpc_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
130 proto_tree *tree, guint8 *drep,
131 int hfindex, gfloat *pdata);
132 int dissect_dcerpc_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
133 proto_tree *tree, guint8 *drep,
134 int hfindex, gdouble *pdata);
135 int dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
136 proto_tree *tree, guint8 *drep,
137 int hfindex, guint32 *pdata);
139 * NDR routines for subdissectors.
141 int dissect_ndr_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
142 proto_tree *tree, guint8 *drep,
143 int hfindex, guint8 *pdata);
144 int dissect_ndr_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
145 proto_tree *tree, guint8 *drep,
146 int hfindex, guint16 *pdata);
147 int dissect_ndr_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
148 proto_tree *tree, guint8 *drep,
149 int hfindex, guint32 *pdata);
150 int dissect_ndr_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
151 proto_tree *tree, guint8 *drep,
152 int hfindex, unsigned char *pdata);
153 int dissect_ndr_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
154 proto_tree *tree, guint8 *drep,
155 int hfindex, gfloat *pdata);
156 int dissect_ndr_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
157 proto_tree *tree, guint8 *drep,
158 int hfindex, gdouble *pdata);
159 int dissect_ndr_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
160 proto_tree *tree, guint8 *drep,
161 int hfindex, guint32 *pdata);
162 int dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
163 proto_tree *tree, guint8 *drep,
164 int hfindex, e_uuid_t *pdata);
165 int dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo,
166 proto_tree *tree, guint8 *drep,
167 int hfindex, e_ctx_hnd *pdata);
169 typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
171 typedef void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args);
173 #define NDR_POINTER_REF 1
174 #define NDR_POINTER_UNIQUE 2
175 #define NDR_POINTER_PTR 3
177 int dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
178 proto_tree *tree, guint8 *drep,
179 dcerpc_dissect_fnct_t *fnct, int type, char *text,
180 int hf_index, dcerpc_callback_fnct_t *callback,
181 void *callback_args);
183 int dissect_ndr_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
184 proto_tree *tree, guint8 *drep,
185 dcerpc_dissect_fnct_t *fnct, int type, char *text,
188 /* dissect a NDR unidimensional conformant array */
189 int dissect_ndr_ucarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
190 proto_tree *tree, guint8 *drep,
191 dcerpc_dissect_fnct_t *fnct);
193 /* dissect a NDR unidimensional conformant and varying array */
194 int dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
195 proto_tree *tree, guint8 *drep,
196 dcerpc_dissect_fnct_t *fnct);
198 int dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
199 proto_tree *tree, guint8 *drep);
201 int dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
202 proto_tree *tree, guint8 *drep, int size_is,
203 int hfinfo, gboolean add_subtree,
205 int dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
206 proto_tree *tree, guint8 *drep);
207 int dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
208 proto_tree *tree, guint8 *drep);
210 typedef struct _dcerpc_sub_dissector {
213 dcerpc_dissect_fnct_t *dissect_rqst;
214 dcerpc_dissect_fnct_t *dissect_resp;
215 } dcerpc_sub_dissector;
217 /* registration function for subdissectors */
218 void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs, int opnum_hf);
219 char *dcerpc_get_proto_name(e_uuid_t *uuid, guint16 ver);
220 int dcerpc_get_proto_hf_opnum(e_uuid_t *uuid, guint16 ver);
221 dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver);
223 /* Create a opnum, name value_string from a subdissector list */
225 value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd);
227 /* try to get protocol name registered for this uuid */
228 gchar *dcerpc_get_uuid_name(e_uuid_t *uuid, guint16 ver);
230 /* Private data structure to pass to DCERPC dissector. This is used to
231 pass transport specific information down to the dissector from the
232 dissector that parsed this encapsulated calls.
233 When it comes to DCERPC over SMB the only thing we really want to pass
237 typedef struct _dcerpc_private_info {
239 } dcerpc_private_info;
241 /* Private data passed to subdissectors from the main DCERPC dissector. */
242 typedef struct _dcerpc_call_value {
253 typedef struct _dcerpc_info {
254 conversation_t *conv; /* Which TCP stream we are in */
255 guint32 call_id; /* Context id for this call */
256 guint16 smb_fid; /* FID for DCERPC over SMB */
257 guint8 ptype; /* packet type: PDU_REQ, PDU_RESP, ... */
258 gboolean conformant_run;
259 gint32 conformant_eaten; /* how many bytes did the conformant run eat?*/
260 guint32 array_max_count; /* max_count for conformant arrays */
261 guint32 array_max_count_offset;
262 guint32 array_offset;
263 guint32 array_offset_offset;
264 guint32 array_actual_count;
265 guint32 array_actual_count_offset;
267 dcerpc_call_value *call_data;
272 /* the init_protocol hooks. With MSVC and a
273 * libethereal.dll, we need a special declaration.
275 ETH_VAR_IMPORT GHookList dcerpc_hooks_init_protos;
277 /* the registered subdissectors. With MSVC and a
278 * libethereal.dll, we need a special declaration.
280 ETH_VAR_IMPORT GHashTable *dcerpc_uuids;
282 typedef struct _dcerpc_uuid_key {
287 typedef struct _dcerpc_uuid_value {
292 dcerpc_sub_dissector *procs;
296 /* Authenticated pipe registration functions and miscellanea */
298 typedef tvbuff_t *(dcerpc_decode_data_fnct_t)(tvbuff_t *tvb, int offset,
300 dcerpc_auth_info *auth_info);
302 typedef struct _dcerpc_auth_subdissector_fns {
304 /* Dissect credentials and verifiers */
306 dcerpc_dissect_fnct_t *bind_fn;
307 dcerpc_dissect_fnct_t *bind_ack_fn;
308 dcerpc_dissect_fnct_t *auth3_fn;
309 dcerpc_dissect_fnct_t *req_verf_fn;
310 dcerpc_dissect_fnct_t *resp_verf_fn;
312 /* Decrypt encrypted requests/response PDUs */
314 dcerpc_decode_data_fnct_t *req_data_fn;
315 dcerpc_decode_data_fnct_t *resp_data_fn;
317 } dcerpc_auth_subdissector_fns;
319 void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type,
320 dcerpc_auth_subdissector_fns *fns);
322 /* all values needed to (re-)build a dcerpc binding */
323 typedef struct decode_dcerpc_bind_values_s {
324 /* values of a typical conversation */
330 /* dcerpc conversation specific */
333 /* corresponding "interface" */
337 } decode_dcerpc_bind_values_t;
339 /* Helper for "decode as" dialog to set up a UUID/conversation binding. */
340 struct _dcerpc_bind_value *
341 dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding);
344 dcerpc_get_transport_salt (packet_info *pinfo, int transport_type);
346 /* Authentication services */
349 * For MS-specific SSPs (Security Service Provider), see
351 * http://msdn.microsoft.com/library/en-us/rpc/rpc/authentication_level_constants.asp
354 #define DCE_C_RPC_AUTHN_PROTOCOL_NONE 0
355 #define DCE_C_RPC_AUTHN_PROTOCOL_KRB5 1
356 #define DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO 9
357 #define DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP 10
358 #define DCE_C_RPC_AUTHN_PROTOCOL_GSS_SCHANNEL 14
359 #define DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS 16
360 #define DCE_C_RPC_AUTHN_PROTOCOL_DPA 17
361 #define DCE_C_RPC_AUTHN_PROTOCOL_MSN 18
362 #define DCE_C_RPC_AUTHN_PROTOCOL_DIGEST 21
363 #define DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN 68
364 #define DCE_C_RPC_AUTHN_PROTOCOL_MQ 100
366 /* Protection levels */
368 #define DCE_C_AUTHN_LEVEL_NONE 1
369 #define DCE_C_AUTHN_LEVEL_CONNECT 2
370 #define DCE_C_AUTHN_LEVEL_CALL 3
371 #define DCE_C_AUTHN_LEVEL_PKT 4
372 #define DCE_C_AUTHN_LEVEL_PKT_INTEGRITY 5
373 #define DCE_C_AUTHN_LEVEL_PKT_PRIVACY 6
376 init_ndr_pointer_list(packet_info *pinfo);
378 #endif /* packet-dcerpc.h */