2 * Copyright 2001, Todd Sabin <tas@webspan.net>
3 * Copyright 2003, Tim Potter <tpot@samba.org>
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 #ifndef __PACKET_DCERPC_H__
27 #define __PACKET_DCERPC_H__
29 #include <epan/conversation.h>
31 typedef struct _e_uuid_t {
38 /* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */
39 #define DCERPC_UUID_STR_LEN 36+1
41 typedef struct _e_ctx_hnd {
46 typedef struct _e_dce_cn_common_hdr_t {
55 } e_dce_cn_common_hdr_t;
57 typedef struct _e_dce_dg_common_hdr_t {
77 } e_dce_dg_common_hdr_t;
79 typedef struct _dcerpc_auth_info {
95 #define PDU_CL_CANCEL 8
97 #define PDU_CANCEL_ACK 10
99 #define PDU_BIND_ACK 12
100 #define PDU_BIND_NAK 13
102 #define PDU_ALTER_ACK 15
104 #define PDU_SHUTDOWN 17
105 #define PDU_CO_CANCEL 18
106 #define PDU_ORPHANED 19
110 * helpers for packet-dcerpc.c and packet-dcerpc-ndr.c
111 * If you're writing a subdissector, you almost certainly want the
112 * NDR functions below.
114 guint16 dcerpc_tvb_get_ntohs (tvbuff_t *tvb, gint offset, guint8 *drep);
115 guint32 dcerpc_tvb_get_ntohl (tvbuff_t *tvb, gint offset, guint8 *drep);
116 void dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid);
117 int dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
118 proto_tree *tree, guint8 *drep,
119 int hfindex, guint8 *pdata);
120 int dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
121 proto_tree *tree, guint8 *drep,
122 int hfindex, guint16 *pdata);
123 int dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
124 proto_tree *tree, guint8 *drep,
125 int hfindex, guint32 *pdata);
126 int dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
127 proto_tree *tree, guint8 *drep,
128 int hfindex, unsigned char *pdata);
129 int dissect_dcerpc_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
130 proto_tree *tree, guint8 *drep,
131 int hfindex, gfloat *pdata);
132 int dissect_dcerpc_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
133 proto_tree *tree, guint8 *drep,
134 int hfindex, gdouble *pdata);
135 int dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
136 proto_tree *tree, guint8 *drep,
137 int hfindex, guint32 *pdata);
139 * NDR routines for subdissectors.
141 int dissect_ndr_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
142 proto_tree *tree, guint8 *drep,
143 int hfindex, guint8 *pdata);
144 int dissect_ndr_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
145 proto_tree *tree, guint8 *drep,
146 int hfindex, guint16 *pdata);
147 int dissect_ndr_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
148 proto_tree *tree, guint8 *drep,
149 int hfindex, guint32 *pdata);
150 int dissect_ndr_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
151 proto_tree *tree, guint8 *drep,
152 int hfindex, unsigned char *pdata);
153 int dissect_ndr_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
154 proto_tree *tree, guint8 *drep,
155 int hfindex, gfloat *pdata);
156 int dissect_ndr_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
157 proto_tree *tree, guint8 *drep,
158 int hfindex, gdouble *pdata);
159 int dissect_ndr_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
160 proto_tree *tree, guint8 *drep,
161 int hfindex, guint32 *pdata);
162 int dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
163 proto_tree *tree, guint8 *drep,
164 int hfindex, e_uuid_t *pdata);
165 int dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo,
166 proto_tree *tree, guint8 *drep,
167 int hfindex, e_ctx_hnd *pdata);
169 typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
171 typedef void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args);
173 #define NDR_POINTER_REF 1
174 #define NDR_POINTER_UNIQUE 2
175 #define NDR_POINTER_PTR 3
177 int dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
178 proto_tree *tree, guint8 *drep,
179 dcerpc_dissect_fnct_t *fnct, int type, char *text,
180 int hf_index, dcerpc_callback_fnct_t *callback,
181 void *callback_args);
183 int dissect_ndr_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
184 proto_tree *tree, guint8 *drep,
185 dcerpc_dissect_fnct_t *fnct, int type, char *text,
188 /* dissect a NDR unidimensional conformant array */
189 int dissect_ndr_ucarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
190 proto_tree *tree, guint8 *drep,
191 dcerpc_dissect_fnct_t *fnct);
193 /* dissect a NDR unidimensional conformant and varying array */
194 int dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
195 proto_tree *tree, guint8 *drep,
196 dcerpc_dissect_fnct_t *fnct);
198 int dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
199 proto_tree *tree, guint8 *drep);
201 int dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
202 proto_tree *tree, guint8 *drep, int size_is,
203 int hfinfo, gboolean add_subtree,
205 int dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
206 proto_tree *tree, guint8 *drep);
207 int dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
208 proto_tree *tree, guint8 *drep);
210 typedef struct _dcerpc_sub_dissector {
213 dcerpc_dissect_fnct_t *dissect_rqst;
214 dcerpc_dissect_fnct_t *dissect_resp;
215 } dcerpc_sub_dissector;
217 /* registration function for subdissectors */
218 void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs, int opnum_hf);
219 char *dcerpc_get_proto_name(e_uuid_t *uuid, guint16 ver);
220 int dcerpc_get_proto_hf_opnum(e_uuid_t *uuid, guint16 ver);
221 dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver);
223 /* Create a opnum, name value_string from a subdissector list */
225 value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd);
227 /* Private data structure to pass to DCERPC dissector. This is used to
228 pass transport specific information down to the dissector from the
229 dissector that parsed this encapsulated calls.
230 When it comes to DCERPC over SMB the only thing we really want to pass
234 typedef struct _dcerpc_private_info {
236 } dcerpc_private_info;
238 /* Private data passed to subdissectors from the main DCERPC dissector. */
239 typedef struct _dcerpc_call_value {
250 typedef struct _dcerpc_info {
251 conversation_t *conv; /* Which TCP stream we are in */
252 guint32 call_id; /* Context id for this call */
253 guint16 smb_fid; /* FID for DCERPC over SMB */
254 guint8 ptype; /* packet type: PDU_REQ, PDU_RESP, ... */
255 gboolean conformant_run;
256 gint32 conformant_eaten; /* how many bytes did the conformant run eat?*/
257 guint32 array_max_count; /* max_count for conformant arrays */
258 guint32 array_max_count_offset;
259 guint32 array_offset;
260 guint32 array_offset_offset;
261 guint32 array_actual_count;
262 guint32 array_actual_count_offset;
264 dcerpc_call_value *call_data;
269 /* the registered subdissectors. With MSVC and a
270 * libethereal.dll, we need a special declaration.
272 ETH_VAR_IMPORT GHashTable *dcerpc_uuids;
274 typedef struct _dcerpc_uuid_key {
279 typedef struct _dcerpc_uuid_value {
284 dcerpc_sub_dissector *procs;
288 /* Authenticated pipe registration functions and miscellanea */
290 typedef tvbuff_t *(dcerpc_decode_data_fnct_t)(tvbuff_t *tvb, int offset,
292 dcerpc_auth_info *auth_info);
294 typedef struct _dcerpc_auth_subdissector_fns {
296 /* Dissect credentials and verifiers */
298 dcerpc_dissect_fnct_t *bind_fn;
299 dcerpc_dissect_fnct_t *bind_ack_fn;
300 dcerpc_dissect_fnct_t *auth3_fn;
301 dcerpc_dissect_fnct_t *req_verf_fn;
302 dcerpc_dissect_fnct_t *resp_verf_fn;
304 /* Decrypt encrypted requests/response PDUs */
306 dcerpc_decode_data_fnct_t *req_data_fn;
307 dcerpc_decode_data_fnct_t *resp_data_fn;
309 } dcerpc_auth_subdissector_fns;
311 void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type,
312 dcerpc_auth_subdissector_fns *fns);
314 /* Authentication services */
316 #define DCE_C_RPC_AUTHN_PROTOCOL_NONE 0
317 #define DCE_C_RPC_AUTHN_PROTOCOL_KRB5 1
318 #define DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO 9
319 #define DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP 10
320 #define DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN 68
322 /* Protection levels */
324 #define DCE_C_AUTHN_LEVEL_NONE 1
325 #define DCE_C_AUTHN_LEVEL_CONNECT 2
326 #define DCE_C_AUTHN_LEVEL_CALL 3
327 #define DCE_C_AUTHN_LEVEL_PKT 4
328 #define DCE_C_AUTHN_LEVEL_PKT_INTEGRITY 5
329 #define DCE_C_AUTHN_LEVEL_PKT_PRIVACY 6
332 init_ndr_pointer_list(packet_info *pinfo);
334 #endif /* packet-dcerpc.h */