packet-dcerpc-initshutdown.c

   1 /* packet-dcerpc-initshutdown.c
   2  * Routines for SMB \PIPE\initshutdown packet disassembly
   3  * Based on packet-dcerpc-winreg.c
   4  * Copyright 2001-2003 Tim Potter <tpot@samba.org>
   5  * as per a suggestion by Jim McDonough
   6  *
   7  * $Id: packet-dcerpc-initshutdown.c,v 1.2 2004/01/19 20:10:33 jmayer Exp $
   8  *
   9  * Ethereal - Network traffic analyzer
  10  * By Gerald Combs <gerald@ethereal.com>
  11  * Copyright 1998 Gerald Combs
  12  *
  13  * This program is free software; you can redistribute it and/or
  14  * modify it under the terms of the GNU General Public License
  15  * as published by the Free Software Foundation; either version 2
  16  * of the License, or (at your option) any later version.
  17  *
  18  * This program is distributed in the hope that it will be useful,
  19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  21  * GNU General Public License for more details.
  22  *
  23  * You should have received a copy of the GNU General Public License
  24  * along with this program; if not, write to the Free Software
  25  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  26  */
  27
  28 #ifdef HAVE_CONFIG_H
  29 #include "config.h"
  30 #endif
  31
  32 #include <glib.h>
  33 #include <epan/packet.h>
  34 #include "packet-dcerpc.h"
  35 #include "packet-dcerpc-nt.h"
  36 #include "packet-dcerpc-initshutdown.h"
  37 #include "smb.h"
  38
  39 /* Global hf index fields */
  40
  41 static int hf_rc = -1;
  42 static int hf_shutdown_message = -1;
  43 static int hf_shutdown_seconds = -1;
  44 static int hf_shutdown_force = -1;
  45 static int hf_shutdown_reboot = -1;
  46 static int hf_shutdown_server = -1;
  47 static int hf_shutdown_reason = -1;
  48
  49
  50 /* Reg Shutdown functions */
  51 static int
  52 dissect_shutdown_server(tvbuff_t *tvb, int offset, packet_info *pinfo,
  53                         proto_tree *tree, guint8 *drep)
  54 {
  55         offset = dissect_ndr_uint16(
  56                 tvb, offset, pinfo, tree, drep, hf_shutdown_server, NULL);
  57
  58         return offset;
  59 }
  60
  61 static int
  62 dissect_shutdown_message(tvbuff_t *tvb, int offset, packet_info *pinfo,
  63                         proto_tree *tree, guint8 *drep)
  64 {
  65         offset = dissect_ndr_counted_string(
  66                 tvb, offset, pinfo, tree, drep, hf_shutdown_message, 0);
  67
  68         return offset;
  69 }
  70
  71 static int
  72 InitshutdownShutdown_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
  73          proto_tree *tree, guint8 *drep)
  74 {
  75         offset = dissect_ndr_pointer(
  76                 tvb, offset, pinfo, tree, drep,
  77                 dissect_shutdown_server, NDR_POINTER_UNIQUE,
  78                 "Server", -1);
  79
  80         offset = dissect_ndr_pointer(
  81                 tvb, offset, pinfo, tree, drep,
  82                 dissect_shutdown_message, NDR_POINTER_UNIQUE,
  83                 "message", -1);
  84
  85         offset = dissect_ndr_uint32(
  86                 tvb, offset, pinfo, tree, drep, hf_shutdown_seconds, NULL);
  87
  88         offset = dissect_ndr_uint8(
  89                 tvb, offset, pinfo, tree, drep, hf_shutdown_force, NULL);
  90         offset = dissect_ndr_uint8(
  91                 tvb, offset, pinfo, tree, drep, hf_shutdown_reboot, NULL);
  92
  93         return offset;
  94 }
  95
  96 static int
  97 InitshutdownShutdown_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
  98          proto_tree *tree, guint8 *drep)
  99 {
 100         offset = dissect_ntstatus(
 101                 tvb, offset, pinfo, tree, drep, hf_rc, NULL);
 102
 103         return offset;
 104 }
 105
 106 static int
 107 InitshutdownAbortShutdown_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
 108                    proto_tree *tree, guint8 *drep)
 109 {
 110         offset = dissect_ndr_pointer(
 111                 tvb, offset, pinfo, tree, drep,
 112                 dissect_shutdown_server, NDR_POINTER_UNIQUE,
 113                 "Server", -1);
 114
 115         return offset;
 116 }
 117
 118 static int
 119 InitshutdownShutdownEx_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
 120                 proto_tree *tree, guint8 *drep)
 121 {
 122         offset = InitshutdownShutdown_q(tvb, offset, pinfo, tree, drep);
 123         offset = dissect_ndr_uint32(
 124                 tvb, offset, pinfo, tree, drep, hf_shutdown_reason, NULL);
 125
 126         return offset;
 127 }
 128
 129 static int proto_dcerpc_initshutdown = -1;
 130 static int hf_initshutdown_opnum = -1;
 131 static gint ett_dcerpc_initshutdown = -1;
 132
 133 static e_uuid_t uuid_dcerpc_initshutdown = {
 134         0x894de0c0, 0x0d55, 0x11d3,
 135         { 0xa3, 0x22, 0x00, 0xc0, 0x4f, 0xa3, 0x21, 0xa1 }
 136 };
 137
 138 static guint16 ver_dcerpc_initshutdown = 1;
 139
 140 static dcerpc_sub_dissector dcerpc_initshutdown_dissectors[] = {
 141         { INITSHUTDOWN_INITIATE_SYSTEM_SHUTDOWN, "InitiateSystemShutdown",
 142           InitshutdownShutdown_q, InitshutdownShutdown_r },
 143         { INITSHUTDOWN_ABORT_SYSTEM_SHUTDOWN, "AbortSystemShutdown",
 144           InitshutdownAbortShutdown_q, InitshutdownShutdown_r },
 145         { INITSHUTDOWN_INITIATE_SYSTEM_SHUTDOWN_EX, "InitiateSystemShutdownEx",
 146           InitshutdownShutdownEx_q, InitshutdownShutdown_r },
 147         { 0, NULL, NULL,  NULL }
 148 };
 149
 150 void
 151 proto_register_dcerpc_initshutdown(void)
 152 {
 153         static hf_register_info hf[] = {
 154
 155                 /* Global indexes */
 156
 157                 { &hf_rc,
 158                   { "Return code", "initshutdown.rc", FT_UINT32, BASE_HEX,
 159                     VALS(NT_errors), 0x0, "Initshutdown return code", HFILL }},
 160
 161                 { &hf_initshutdown_opnum,
 162                   { "Operation", "initshutdown.opnum", FT_UINT16, BASE_DEC,
 163                     NULL, 0x0, "Operation", HFILL }},
 164
 165                 { &hf_shutdown_message,
 166                   { "Message", "initshutdown.message", FT_STRING, BASE_NONE,
 167                     NULL, 0x0, "Message", HFILL }},
 168
 169                 { &hf_shutdown_seconds,
 170                   { "Seconds", "initshutdown.seconds", FT_UINT32, BASE_DEC,
 171                     NULL, 0x00, "Seconds", HFILL }},
 172
 173                 { &hf_shutdown_force,
 174                   { "Force applications shut", "initshutdown.force", FT_UINT8,
 175                     BASE_DEC, NULL, 0x00, "Force applications shut", HFILL }},
 176
 177                 { &hf_shutdown_reboot,
 178                   { "Reboot", "initshutdown.reboot", FT_UINT8, BASE_DEC,
 179                     NULL, 0x00, "Reboot", HFILL }},
 180
 181                 { &hf_shutdown_server,
 182                   { "Server", "initshutdown.server", FT_UINT16, BASE_HEX,
 183                     NULL, 0x00, "Server", HFILL }},
 184
 185                 { &hf_shutdown_reason,
 186                   { "Reason", "initshutdown.reason", FT_UINT32, BASE_HEX,
 187                     NULL, 0x00, "Reason", HFILL }}
 188
 189         };
 190
 191         static gint *ett[] = {
 192                 &ett_dcerpc_initshutdown
 193         };
 194
 195         proto_dcerpc_initshutdown = proto_register_protocol(
 196                 "Remote Shutdown", "INITSHUTDOWN", "initshutdown");
 197
 198         proto_register_field_array(proto_dcerpc_initshutdown, hf,
 199                 array_length(hf));
 200
 201         proto_register_subtree_array(ett, array_length(ett));
 202 }
 203
 204 void
 205 proto_reg_handoff_dcerpc_initshutdown(void)
 206 {
 207         /* Register protocol as dcerpc */
 208
 209         dcerpc_init_uuid(proto_dcerpc_initshutdown, ett_dcerpc_initshutdown,
 210                         &uuid_dcerpc_initshutdown, ver_dcerpc_initshutdown,
 211                         dcerpc_initshutdown_dissectors, hf_initshutdown_opnum);
 212 }