2 XXX Fixme : shouldnt show [malformed frame] for long packets
6 * Routines for SMB named pipe packet dissection
7 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
8 * significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and
11 * $Id: packet-smb-pipe.c,v 1.89 2003/03/05 07:17:50 guy Exp $
13 * Ethereal - Network traffic analyzer
14 * By Gerald Combs <gerald@ethereal.com>
15 * Copyright 1998 Gerald Combs
17 * Copied from packet-pop.c
19 * This program is free software; you can redistribute it and/or
20 * modify it under the terms of the GNU General Public License
21 * as published by the Free Software Foundation; either version 2
22 * of the License, or (at your option) any later version.
24 * This program is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * GNU General Public License for more details.
29 * You should have received a copy of the GNU General Public License
30 * along with this program; if not, write to the Free Software
31 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
44 #include <epan/packet.h>
45 #include <epan/conversation.h>
47 #include "packet-smb-pipe.h"
48 #include "packet-smb-browse.h"
49 #include "packet-smb-common.h"
50 #include "packet-dcerpc.h"
51 #include "reassemble.h"
53 static int proto_smb_pipe = -1;
54 static int hf_pipe_function = -1;
55 static int hf_pipe_priority = -1;
56 static int hf_pipe_peek_available = -1;
57 static int hf_pipe_peek_remaining = -1;
58 static int hf_pipe_peek_status = -1;
59 static int hf_pipe_getinfo_info_level = -1;
60 static int hf_pipe_getinfo_output_buffer_size = -1;
61 static int hf_pipe_getinfo_input_buffer_size = -1;
62 static int hf_pipe_getinfo_maximum_instances = -1;
63 static int hf_pipe_getinfo_current_instances = -1;
64 static int hf_pipe_getinfo_pipe_name_length = -1;
65 static int hf_pipe_getinfo_pipe_name = -1;
66 static int hf_pipe_write_raw_bytes_written = -1;
67 static int hf_pipe_fragments = -1;
68 static int hf_pipe_fragment = -1;
69 static int hf_pipe_fragment_overlap = -1;
70 static int hf_pipe_fragment_overlap_conflict = -1;
71 static int hf_pipe_fragment_multiple_tails = -1;
72 static int hf_pipe_fragment_too_long_fragment = -1;
73 static int hf_pipe_fragment_error = -1;
75 static gint ett_smb_pipe = -1;
76 static gint ett_smb_pipe_fragment = -1;
77 static gint ett_smb_pipe_fragments = -1;
79 static const fragment_items smb_pipe_frag_items = {
80 &ett_smb_pipe_fragment,
81 &ett_smb_pipe_fragments,
84 &hf_pipe_fragment_overlap,
85 &hf_pipe_fragment_overlap_conflict,
86 &hf_pipe_fragment_multiple_tails,
87 &hf_pipe_fragment_too_long_fragment,
88 &hf_pipe_fragment_error,
92 static int proto_smb_lanman = -1;
93 static int hf_function_code = -1;
94 static int hf_param_desc = -1;
95 static int hf_return_desc = -1;
96 static int hf_aux_data_desc = -1;
97 static int hf_detail_level = -1;
98 static int hf_recv_buf_len = -1;
99 static int hf_send_buf_len = -1;
100 static int hf_continuation_from = -1;
101 static int hf_status = -1;
102 static int hf_convert = -1;
103 static int hf_ecount = -1;
104 static int hf_acount = -1;
105 static int hf_share_name = -1;
106 static int hf_share_type = -1;
107 static int hf_share_comment = -1;
108 static int hf_share_permissions = -1;
109 static int hf_share_max_uses = -1;
110 static int hf_share_current_uses = -1;
111 static int hf_share_path = -1;
112 static int hf_share_password = -1;
113 static int hf_server_name = -1;
114 static int hf_server_major = -1;
115 static int hf_server_minor = -1;
116 static int hf_server_comment = -1;
117 static int hf_abytes = -1;
118 static int hf_current_time = -1;
119 static int hf_msecs = -1;
120 static int hf_hour = -1;
121 static int hf_minute = -1;
122 static int hf_second = -1;
123 static int hf_hundredths = -1;
124 static int hf_tzoffset = -1;
125 static int hf_timeinterval = -1;
126 static int hf_day = -1;
127 static int hf_month = -1;
128 static int hf_year = -1;
129 static int hf_weekday = -1;
130 static int hf_enumeration_domain = -1;
131 static int hf_computer_name = -1;
132 static int hf_user_name = -1;
133 static int hf_group_name = -1;
134 static int hf_workstation_domain = -1;
135 static int hf_workstation_major = -1;
136 static int hf_workstation_minor = -1;
137 static int hf_logon_domain = -1;
138 static int hf_other_domains = -1;
139 static int hf_password = -1;
140 static int hf_workstation_name = -1;
141 static int hf_ustruct_size = -1;
142 static int hf_logon_code = -1;
143 static int hf_privilege_level = -1;
144 static int hf_operator_privileges = -1;
145 static int hf_num_logons = -1;
146 static int hf_bad_pw_count = -1;
147 static int hf_last_logon = -1;
148 static int hf_last_logoff = -1;
149 static int hf_logoff_time = -1;
150 static int hf_kickoff_time = -1;
151 static int hf_password_age = -1;
152 static int hf_password_can_change = -1;
153 static int hf_password_must_change = -1;
154 static int hf_script_path = -1;
155 static int hf_logoff_code = -1;
156 static int hf_duration = -1;
157 static int hf_comment = -1;
158 static int hf_user_comment = -1;
159 static int hf_full_name = -1;
160 static int hf_homedir = -1;
161 static int hf_parameters = -1;
162 static int hf_logon_server = -1;
163 static int hf_country_code = -1;
164 static int hf_workstations = -1;
165 static int hf_max_storage = -1;
166 static int hf_units_per_week = -1;
167 static int hf_logon_hours = -1;
168 static int hf_code_page = -1;
169 static int hf_new_password = -1;
170 static int hf_old_password = -1;
171 static int hf_reserved = -1;
173 static gint ett_lanman = -1;
174 static gint ett_lanman_unknown_entries = -1;
175 static gint ett_lanman_unknown_entry = -1;
176 static gint ett_lanman_shares = -1;
177 static gint ett_lanman_share = -1;
178 static gint ett_lanman_groups = -1;
179 static gint ett_lanman_servers = -1;
180 static gint ett_lanman_server = -1;
182 static dissector_handle_t data_handle;
187 * ftp://ftp.microsoft.com/developr/drg/CIFS/cifsrap2.txt
189 * among other documents.
192 static const value_string status_vals[] = {
194 {5, "User has insufficient privilege"},
195 {65, "Network access is denied"},
196 {86, "The specified password is invalid"},
197 {SMBE_moredata, "Additional data is available"},
198 {2114, "Service is not running on the remote computer"},
199 {2123, "Supplied buffer is too small"},
200 {2141, "Server is not configured for transactions (IPC$ not shared)"},
201 {2212, "An error occurred while loading or running the logon script"},
202 {2214, "The logon was not validated by any server"},
203 {2217, "The logon server is running an older software version"},
204 {2221, "The user name was not found"},
205 {2226, "Operation not permitted on Backup Domain Controller"},
206 {2240, "The user is not allowed to logon from this computer"},
207 {2241, "The user is not allowed to logon at this time"},
208 {2242, "The user password has expired"},
209 {2243, "The password cannot be changed"},
210 {2246, "The password is too short"},
214 static const value_string privilege_vals[] = {
217 {2, "Administrator"},
221 static const value_string op_privilege_vals[] = {
222 {0, "Print operator"},
223 {1, "Communications operator"},
224 {2, "Server operator"},
225 {3, "Accounts operator"},
229 static const value_string weekday_vals[] = {
241 add_word_param(tvbuff_t *tvb, int offset, int count _U_,
242 packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
247 proto_tree_add_item(tree, hf_index, tvb, offset, 2, TRUE);
249 WParam = tvb_get_letohs(tvb, offset);
250 proto_tree_add_text(tree, tvb, offset, 2,
251 "Word Param: %u (0x%04X)", WParam, WParam);
258 add_dword_param(tvbuff_t *tvb, int offset, int count _U_,
259 packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
264 proto_tree_add_item(tree, hf_index, tvb, offset, 4, TRUE);
266 LParam = tvb_get_letohl(tvb, offset);
267 proto_tree_add_text(tree, tvb, offset, 4,
268 "Doubleword Param: %u (0x%08X)", LParam, LParam);
275 add_byte_param(tvbuff_t *tvb, int offset, int count, packet_info *pinfo _U_,
276 proto_tree *tree, int convert _U_, int hf_index)
281 proto_tree_add_item(tree, hf_index, tvb, offset, count, TRUE);
284 BParam = tvb_get_guint8(tvb, offset);
285 proto_tree_add_text(tree, tvb, offset, count,
286 "Byte Param: %u (0x%02X)",
289 proto_tree_add_text(tree, tvb, offset, count,
291 tvb_bytes_to_str(tvb, offset, count));
299 add_pad_param(tvbuff_t *tvb _U_, int offset, int count, packet_info *pinfo _U_,
300 proto_tree *tree _U_, int convert _U_, int hf_index _U_)
303 * This is for parameters that have descriptor entries but that
304 * are, in practice, just padding.
311 add_null_pointer_param(tvbuff_t *tvb, int offset, int count _U_,
312 packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
314 if (hf_index != -1) {
315 proto_tree_add_text(tree, tvb, offset, 0,
317 proto_registrar_get_name(hf_index));
319 proto_tree_add_text(tree, tvb, offset, 0,
320 "String Param (Null pointer)");
325 add_string_param(tvbuff_t *tvb, int offset, int count _U_,
326 packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
330 string_len = tvb_strsize(tvb, offset);
331 if (hf_index != -1) {
332 proto_tree_add_item(tree, hf_index, tvb, offset, string_len,
335 proto_tree_add_text(tree, tvb, offset, string_len,
337 tvb_format_text(tvb, offset, string_len));
339 offset += string_len;
344 get_stringz_pointer_value(tvbuff_t *tvb, int offset, int convert, int *cptrp,
350 /* pointer to string */
351 cptr = (tvb_get_letohl(tvb, offset)&0xffff)-convert;
355 if (tvb_offset_exists(tvb, cptr) &&
356 (string_len = tvb_strnlen(tvb, cptr, -1)) != -1) {
357 string_len++; /* include the terminating '\0' */
359 return tvb_format_text(tvb, cptr, string_len - 1);
365 add_stringz_pointer_param(tvbuff_t *tvb, int offset, int count _U_,
366 packet_info *pinfo _U_, proto_tree *tree, int convert, int hf_index)
372 string = get_stringz_pointer_value(tvb, offset, convert, &cptr,
377 if (string != NULL) {
378 if (hf_index != -1) {
379 proto_tree_add_item(tree, hf_index, tvb, cptr,
382 proto_tree_add_text(tree, tvb, cptr, string_len,
383 "String Param: %s", string);
386 if (hf_index != -1) {
387 proto_tree_add_text(tree, tvb, 0, 0,
388 "%s: <String goes past end of frame>",
389 proto_registrar_get_name(hf_index));
391 proto_tree_add_text(tree, tvb, 0, 0,
392 "String Param: <String goes past end of frame>");
400 add_bytes_pointer_param(tvbuff_t *tvb, int offset, int count,
401 packet_info *pinfo _U_, proto_tree *tree, int convert, int hf_index)
405 /* pointer to byte array */
406 cptr = (tvb_get_letohl(tvb, offset)&0xffff)-convert;
410 if (tvb_bytes_exist(tvb, cptr, count)) {
411 if (hf_index != -1) {
412 proto_tree_add_item(tree, hf_index, tvb, cptr,
415 proto_tree_add_text(tree, tvb, cptr, count,
417 tvb_bytes_to_str(tvb, cptr, count));
420 if (hf_index != -1) {
421 proto_tree_add_text(tree, tvb, 0, 0,
422 "%s: <Bytes go past end of frame>",
423 proto_registrar_get_name(hf_index));
425 proto_tree_add_text(tree, tvb, 0, 0,
426 "Byte Param: <Bytes goes past end of frame>");
434 add_detail_level(tvbuff_t *tvb, int offset, int count _U_, packet_info *pinfo,
435 proto_tree *tree, int convert _U_, int hf_index)
437 struct smb_info *smb_info = pinfo->private_data;
438 smb_transact_info_t *trp = smb_info->sip->extra_info;
441 level = tvb_get_letohs(tvb, offset);
442 if (!pinfo->fd->flags.visited)
443 trp->info_level = level; /* remember this for the response */
444 proto_tree_add_uint(tree, hf_index, tvb, offset, 2, level);
450 add_max_uses(tvbuff_t *tvb, int offset, int count _U_, packet_info *pinfo _U_,
451 proto_tree *tree, int convert _U_, int hf_index)
455 WParam = tvb_get_letohs(tvb, offset);
456 if (WParam == 0xffff) { /* -1 */
457 proto_tree_add_uint_format(tree, hf_index, tvb,
460 proto_registrar_get_name(hf_index));
462 proto_tree_add_uint(tree, hf_index, tvb,
470 add_server_type(tvbuff_t *tvb, int offset, int count _U_,
471 packet_info *pinfo, proto_tree *tree, int convert _U_, int hf_index _U_)
473 offset = dissect_smb_server_type_flags(
474 tvb, offset, pinfo, tree, NULL, FALSE);
479 add_server_type_info(tvbuff_t *tvb, int offset, int count _U_,
480 packet_info *pinfo, proto_tree *tree, int convert _U_, int hf_index _U_)
482 offset = dissect_smb_server_type_flags(
483 tvb, offset, pinfo, tree, NULL, TRUE);
488 add_reltime(tvbuff_t *tvb, int offset, int count _U_, packet_info *pinfo _U_,
489 proto_tree *tree, int convert _U_, int hf_index)
493 nstime.secs = tvb_get_letohl(tvb, offset);
495 proto_tree_add_time_format(tree, hf_index, tvb, offset, 4,
496 &nstime, "%s: %s", proto_registrar_get_name(hf_index),
497 time_secs_to_str(nstime.secs));
503 * Sigh. These are for handling Microsoft's annoying almost-UNIX-time-but-
504 * it's-local-time-not-UTC time.
507 add_abstime_common(tvbuff_t *tvb, int offset, proto_tree *tree, int hf_index,
508 const char *absent_name)
513 nstime.secs = tvb_get_letohl(tvb, offset);
516 * Sigh. Sometimes it appears that -1 means "unknown", and
517 * sometimes it appears that 0 means "unknown", for the last
520 if (nstime.secs == -1 || nstime.secs == 0) {
521 proto_tree_add_time_format(tree, hf_index, tvb, offset, 4,
522 &nstime, "%s: %s", proto_registrar_get_name(hf_index),
526 * Run it through "gmtime()" to break it down, and then
527 * run it through "mktime()" to put it back together
530 tmp = gmtime(&nstime.secs);
531 tmp->tm_isdst = -1; /* we don't know if it's DST or not */
532 nstime.secs = mktime(tmp);
533 proto_tree_add_time(tree, hf_index, tvb, offset, 4,
541 add_abstime_absent_never(tvbuff_t *tvb, int offset, int count _U_,
542 packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
544 return add_abstime_common(tvb, offset, tree, hf_index, "Never");
548 add_abstime_absent_unknown(tvbuff_t *tvb, int offset, int count _U_,
549 packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
551 return add_abstime_common(tvb, offset, tree, hf_index, "Unknown");
555 add_nlogons(tvbuff_t *tvb, int offset, int count _U_, packet_info *pinfo _U_,
556 proto_tree *tree, int convert _U_, int hf_index)
560 nlogons = tvb_get_letohs(tvb, offset);
561 if (nlogons == 0xffff) /* -1 */
562 proto_tree_add_uint_format(tree, hf_index, tvb, offset, 2,
563 nlogons, "%s: Unknown",
564 proto_registrar_get_name(hf_index));
566 proto_tree_add_uint(tree, hf_index, tvb, offset, 2,
573 add_max_storage(tvbuff_t *tvb, int offset, int count _U_,
574 packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
578 max_storage = tvb_get_letohl(tvb, offset);
579 if (max_storage == 0xffffffff)
580 proto_tree_add_uint_format(tree, hf_index, tvb, offset, 4,
581 max_storage, "%s: No limit",
582 proto_registrar_get_name(hf_index));
584 proto_tree_add_uint(tree, hf_index, tvb, offset, 4,
591 add_logon_hours(tvbuff_t *tvb, int offset, int count, packet_info *pinfo _U_,
592 proto_tree *tree, int convert, int hf_index)
596 /* pointer to byte array */
597 cptr = (tvb_get_letohl(tvb, offset)&0xffff)-convert;
601 if (tvb_bytes_exist(tvb, cptr, count)) {
604 * The logon hours should be exactly 21 bytes long.
606 * XXX - should actually carve up the bits;
607 * we need the units per week to do that, though.
609 proto_tree_add_item(tree, hf_index, tvb, cptr, count,
612 proto_tree_add_bytes_format(tree, hf_index, tvb,
613 cptr, count, tvb_get_ptr(tvb, cptr, count),
614 "%s: %s (wrong length, should be 21, is %d",
615 proto_registrar_get_name(hf_index),
616 tvb_bytes_to_str(tvb, cptr, count), count);
619 proto_tree_add_text(tree, tvb, 0, 0,
620 "%s: <Bytes go past end of frame>",
621 proto_registrar_get_name(hf_index));
628 add_tzoffset(tvbuff_t *tvb, int offset, int count _U_, packet_info *pinfo _U_,
629 proto_tree *tree, int convert _U_, int hf_index)
633 tzoffset = tvb_get_letohs(tvb, offset);
635 proto_tree_add_int_format(tree, hf_tzoffset, tvb, offset, 2,
636 tzoffset, "%s: %s east of UTC",
637 proto_registrar_get_name(hf_index),
638 time_secs_to_str(-tzoffset*60));
639 } else if (tzoffset > 0) {
640 proto_tree_add_int_format(tree, hf_tzoffset, tvb, offset, 2,
641 tzoffset, "%s: %s west of UTC",
642 proto_registrar_get_name(hf_index),
643 time_secs_to_str(tzoffset*60));
645 proto_tree_add_int_format(tree, hf_tzoffset, tvb, offset, 2,
646 tzoffset, "%s: at UTC",
647 proto_registrar_get_name(hf_index));
654 add_timeinterval(tvbuff_t *tvb, int offset, int count _U_,
655 packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
657 guint16 timeinterval;
659 timeinterval = tvb_get_letohs(tvb, offset);
660 proto_tree_add_uint_format(tree, hf_timeinterval, tvb, offset, 2,
661 timeinterval, "%s: %f seconds", proto_registrar_get_name(hf_index),
668 add_logon_args(tvbuff_t *tvb, int offset, int count, packet_info *pinfo _U_,
669 proto_tree *tree, int convert _U_, int hf_index _U_)
672 proto_tree_add_text(tree, tvb, offset, count,
673 "Bogus NetWkstaUserLogon parameters: length is %d, should be 54",
680 proto_tree_add_item(tree, hf_user_name, tvb, offset, 21, TRUE);
687 proto_tree_add_item(tree, hf_password, tvb, offset, 15, TRUE);
693 /* workstation name */
694 proto_tree_add_item(tree, hf_workstation_name, tvb, offset, 16, TRUE);
700 * The following data structure describes the Remote API requests we
703 * Simply fill in the number and parameter information.
704 * Try to keep them in order.
706 * We will extend this data structure as we try to decode more.
710 * This is a pointer to a function to process an item.
712 typedef int (*item_func)(tvbuff_t *, int, int, packet_info *, proto_tree *,
716 * Type of an item; determines what parameter strings are valid for
720 PARAM_NONE, /* for the end-of-list stopper */
721 PARAM_WORD, /* 'W' or 'h' - 16-bit word */
722 PARAM_DWORD, /* 'D' or 'i' - 32-bit word */
723 PARAM_BYTES, /* 'B' or 'b' or 'g' or 'O' - one or more bytes */
724 PARAM_STRINGZ, /* 'z' or 'O' - null-terminated string */
728 * This structure describes an item; "hf_index" points to the index
729 * for the field corresponding to that item, "func" points to the
730 * function to use to add that item to the tree, and "type" is the
731 * type that the item is supposed to have.
740 * This structure describes a list of items; each list of items
741 * has a corresponding detail level.
745 const item_t *item_list;
751 proto_item *(*req_data_item)(tvbuff_t *, packet_info *,
754 const item_t *req_data;
755 const item_t *req_aux_data;
757 const gchar *resp_data_entry_list_label;
758 gint *ett_data_entry_list;
759 proto_item *(*resp_data_element_item)(tvbuff_t *, proto_tree *,
761 gint *ett_resp_data_element_item;
762 const item_list_t *resp_data_list;
763 const item_t *resp_aux_data;
766 static int no_hf = -1; /* for padding crap */
768 static const item_t lm_params_req_netshareenum[] = {
769 { &hf_detail_level, add_detail_level, PARAM_WORD },
770 { &hf_recv_buf_len, add_word_param, PARAM_WORD },
771 { NULL, NULL, PARAM_NONE }
774 static const item_t lm_params_resp_netshareenum[] = {
775 { &hf_acount, add_word_param, PARAM_WORD },
776 { NULL, NULL, PARAM_NONE }
780 * Create a subtree for a share.
783 netshareenum_share_entry(tvbuff_t *tvb, proto_tree *tree, int offset)
786 return proto_tree_add_text(tree, tvb, offset, -1,
787 "Share %.13s", tvb_get_ptr(tvb, offset, 13));
792 static const item_t lm_null[] = {
793 { NULL, NULL, PARAM_NONE }
796 static const item_list_t lm_null_list[] = {
800 static const item_t lm_data_resp_netshareenum_1[] = {
801 { &hf_share_name, add_byte_param, PARAM_BYTES },
802 { &no_hf, add_pad_param, PARAM_BYTES },
803 { &hf_share_type, add_word_param, PARAM_WORD },
804 { &hf_share_comment, add_stringz_pointer_param, PARAM_STRINGZ },
805 { NULL, NULL, PARAM_NONE }
808 static const item_list_t lm_data_resp_netshareenum[] = {
809 { 1, lm_data_resp_netshareenum_1 },
813 static const item_t lm_params_req_netsharegetinfo[] = {
814 { &hf_share_name, add_string_param, PARAM_STRINGZ },
815 { &hf_detail_level, add_detail_level, PARAM_WORD },
816 { NULL, NULL, PARAM_NONE }
819 static const item_t lm_params_resp_netsharegetinfo[] = {
820 { &hf_abytes, add_word_param, PARAM_WORD },
821 { NULL, NULL, PARAM_NONE }
824 static const item_t lm_data_resp_netsharegetinfo_0[] = {
825 { &hf_share_name, add_byte_param, PARAM_BYTES },
826 { NULL, NULL, PARAM_NONE }
829 static const item_t lm_data_resp_netsharegetinfo_1[] = {
830 { &hf_share_name, add_byte_param, PARAM_BYTES },
831 { &no_hf, add_pad_param, PARAM_BYTES },
832 { &hf_share_type, add_word_param, PARAM_WORD },
833 { &hf_share_comment, add_stringz_pointer_param, PARAM_STRINGZ },
834 { NULL, NULL, PARAM_NONE }
837 static const item_t lm_data_resp_netsharegetinfo_2[] = {
838 { &hf_share_name, add_byte_param, PARAM_BYTES },
839 { &no_hf, add_pad_param, PARAM_BYTES },
840 { &hf_share_type, add_word_param, PARAM_WORD },
841 { &hf_share_comment, add_stringz_pointer_param, PARAM_STRINGZ },
842 { &hf_share_permissions, add_word_param, PARAM_WORD }, /* XXX - do as bit fields */
843 { &hf_share_max_uses, add_max_uses, PARAM_WORD },
844 { &hf_share_current_uses, add_word_param, PARAM_WORD },
845 { &hf_share_path, add_stringz_pointer_param, PARAM_STRINGZ },
846 { &hf_share_password, add_byte_param, PARAM_BYTES },
847 { NULL, NULL, PARAM_NONE }
850 static const item_list_t lm_data_resp_netsharegetinfo[] = {
851 { 0, lm_data_resp_netsharegetinfo_0 },
852 { 1, lm_data_resp_netsharegetinfo_1 },
853 { 2, lm_data_resp_netsharegetinfo_2 },
857 static const item_t lm_params_req_netservergetinfo[] = {
858 { &hf_detail_level, add_detail_level, PARAM_WORD },
859 { NULL, NULL, PARAM_NONE }
862 static const item_t lm_params_resp_netservergetinfo[] = {
863 { &hf_abytes, add_word_param, PARAM_WORD },
864 { NULL, NULL, PARAM_NONE }
867 static const item_t lm_data_serverinfo_0[] = {
868 { &hf_server_name, add_byte_param, PARAM_BYTES },
869 { NULL, NULL, PARAM_NONE }
872 static const item_t lm_data_serverinfo_1[] = {
873 { &hf_server_name, add_byte_param, PARAM_BYTES },
874 { &hf_server_major, add_byte_param, PARAM_BYTES },
875 { &hf_server_minor, add_byte_param, PARAM_BYTES },
876 { &no_hf, add_server_type, PARAM_DWORD },
877 { &hf_server_comment, add_stringz_pointer_param, PARAM_STRINGZ },
878 { NULL, NULL, PARAM_NONE }
881 static const item_list_t lm_data_serverinfo[] = {
882 { 0, lm_data_serverinfo_0 },
883 { 1, lm_data_serverinfo_1 },
887 static const item_t lm_params_req_netusergetinfo[] = {
888 { &hf_user_name, add_string_param, PARAM_STRINGZ },
889 { &hf_detail_level, add_detail_level, PARAM_WORD },
890 { NULL, NULL, PARAM_NONE }
893 static const item_t lm_params_resp_netusergetinfo[] = {
894 { &hf_abytes, add_word_param, PARAM_WORD },
895 { NULL, NULL, PARAM_NONE }
898 static const item_t lm_data_resp_netusergetinfo_11[] = {
899 { &hf_user_name, add_byte_param, PARAM_BYTES },
900 { &no_hf, add_pad_param, PARAM_BYTES },
901 { &hf_comment, add_stringz_pointer_param, PARAM_STRINGZ },
902 { &hf_user_comment, add_stringz_pointer_param, PARAM_STRINGZ },
903 { &hf_full_name, add_stringz_pointer_param, PARAM_STRINGZ },
904 { &hf_privilege_level, add_word_param, PARAM_WORD },
905 { &hf_operator_privileges, add_dword_param, PARAM_DWORD },
906 { &hf_password_age, add_reltime, PARAM_DWORD },
907 { &hf_homedir, add_stringz_pointer_param, PARAM_STRINGZ },
908 { &hf_parameters, add_stringz_pointer_param, PARAM_STRINGZ },
909 { &hf_last_logon, add_abstime_absent_unknown, PARAM_DWORD },
910 { &hf_last_logoff, add_abstime_absent_unknown, PARAM_DWORD },
911 { &hf_bad_pw_count, add_word_param, PARAM_WORD },
912 { &hf_num_logons, add_nlogons, PARAM_WORD },
913 { &hf_logon_server, add_stringz_pointer_param, PARAM_STRINGZ },
914 { &hf_country_code, add_word_param, PARAM_WORD },
915 { &hf_workstations, add_stringz_pointer_param, PARAM_STRINGZ },
916 { &hf_max_storage, add_max_storage, PARAM_DWORD },
917 { &hf_units_per_week, add_word_param, PARAM_WORD },
918 { &hf_logon_hours, add_logon_hours, PARAM_BYTES },
919 { &hf_code_page, add_word_param, PARAM_WORD },
920 { NULL, NULL, PARAM_NONE }
923 static const item_list_t lm_data_resp_netusergetinfo[] = {
924 { 11, lm_data_resp_netusergetinfo_11 },
928 static const item_t lm_params_req_netusergetgroups[] = {
929 { &hf_user_name, add_string_param, PARAM_STRINGZ },
930 { &hf_detail_level, add_detail_level, PARAM_WORD },
931 { NULL, NULL, PARAM_NONE }
934 static const item_t lm_params_resp_netusergetgroups[] = {
935 { &hf_abytes, add_word_param, PARAM_WORD },
936 { NULL, NULL, PARAM_NONE }
939 static const item_t lm_data_resp_netusergetgroups_0[] = {
940 { &hf_group_name, add_byte_param, PARAM_BYTES },
941 { NULL, NULL, PARAM_NONE }
944 static const item_list_t lm_data_resp_netusergetgroups[] = {
945 { 0, lm_data_resp_netusergetgroups_0 },
950 * Has no detail level; make it the default.
952 static const item_t lm_data_resp_netremotetod_nolevel[] = {
953 { &hf_current_time, add_abstime_absent_unknown, PARAM_DWORD },
954 { &hf_msecs, add_dword_param, PARAM_DWORD },
955 { &hf_hour, add_byte_param, PARAM_BYTES },
956 { &hf_minute, add_byte_param, PARAM_BYTES },
957 { &hf_second, add_byte_param, PARAM_BYTES },
958 { &hf_hundredths, add_byte_param, PARAM_BYTES },
959 { &hf_tzoffset, add_tzoffset, PARAM_WORD },
960 { &hf_timeinterval, add_timeinterval, PARAM_WORD },
961 { &hf_day, add_byte_param, PARAM_BYTES },
962 { &hf_month, add_byte_param, PARAM_BYTES },
963 { &hf_year, add_word_param, PARAM_WORD },
964 { &hf_weekday, add_byte_param, PARAM_BYTES },
965 { NULL, NULL, PARAM_NONE }
968 static const item_list_t lm_data_resp_netremotetod[] = {
969 { -1, lm_data_resp_netremotetod_nolevel },
972 static const item_t lm_params_req_netserverenum2[] = {
973 { &hf_detail_level, add_detail_level, PARAM_WORD },
974 { &no_hf, add_server_type_info, PARAM_DWORD },
975 { &hf_enumeration_domain, add_string_param, PARAM_STRINGZ },
976 { NULL, NULL, PARAM_NONE }
980 * Create a subtree for a server.
983 netserverenum2_server_entry(tvbuff_t *tvb, proto_tree *tree, int offset)
986 return proto_tree_add_text(tree, tvb, offset, -1,
987 "Server %.16s", tvb_get_ptr(tvb, offset, 16));
992 static const item_t lm_params_resp_netserverenum2[] = {
993 { &hf_acount, add_word_param, PARAM_WORD },
994 { NULL, NULL, PARAM_NONE }
997 static const item_t lm_params_req_netwkstagetinfo[] = {
998 { &hf_detail_level, add_detail_level, PARAM_WORD },
999 { NULL, NULL, PARAM_NONE }
1002 static const item_t lm_params_resp_netwkstagetinfo[] = {
1003 { &hf_abytes, add_word_param, PARAM_WORD },
1004 { NULL, NULL, PARAM_NONE }
1007 static const item_t lm_data_resp_netwkstagetinfo_10[] = {
1008 { &hf_computer_name, add_stringz_pointer_param, PARAM_STRINGZ },
1009 { &hf_user_name, add_stringz_pointer_param, PARAM_STRINGZ },
1010 { &hf_workstation_domain, add_stringz_pointer_param, PARAM_STRINGZ },
1011 { &hf_workstation_major, add_byte_param, PARAM_BYTES },
1012 { &hf_workstation_minor, add_byte_param, PARAM_BYTES },
1013 { &hf_logon_domain, add_stringz_pointer_param, PARAM_STRINGZ },
1014 { &hf_other_domains, add_stringz_pointer_param, PARAM_STRINGZ },
1015 { NULL, NULL, PARAM_NONE }
1018 static const item_list_t lm_data_resp_netwkstagetinfo[] = {
1019 { 10, lm_data_resp_netwkstagetinfo_10 },
1023 static const item_t lm_params_req_netwkstauserlogon[] = {
1024 { &no_hf, add_stringz_pointer_param, PARAM_STRINGZ },
1025 { &no_hf, add_stringz_pointer_param, PARAM_STRINGZ },
1026 { &hf_detail_level, add_detail_level, PARAM_WORD },
1027 { &no_hf, add_logon_args, PARAM_BYTES },
1028 { &hf_ustruct_size, add_word_param, PARAM_WORD },
1029 { NULL, NULL, PARAM_NONE }
1032 static const item_t lm_params_resp_netwkstauserlogon[] = {
1033 { &hf_abytes, add_word_param, PARAM_WORD },
1034 { NULL, NULL, PARAM_NONE }
1037 static const item_t lm_data_resp_netwkstauserlogon_1[] = {
1038 { &hf_logon_code, add_word_param, PARAM_WORD },
1039 { &hf_user_name, add_byte_param, PARAM_BYTES },
1040 { &no_hf, add_pad_param, PARAM_BYTES },
1041 { &hf_privilege_level, add_word_param, PARAM_WORD },
1042 { &hf_operator_privileges, add_dword_param, PARAM_DWORD },
1043 { &hf_num_logons, add_nlogons, PARAM_WORD },
1044 { &hf_bad_pw_count, add_word_param, PARAM_WORD },
1045 { &hf_last_logon, add_abstime_absent_unknown, PARAM_DWORD },
1046 { &hf_last_logoff, add_abstime_absent_unknown, PARAM_DWORD },
1047 { &hf_logoff_time, add_abstime_absent_never, PARAM_DWORD },
1048 { &hf_kickoff_time, add_abstime_absent_never, PARAM_DWORD },
1049 { &hf_password_age, add_reltime, PARAM_DWORD },
1050 { &hf_password_can_change, add_abstime_absent_never, PARAM_DWORD },
1051 { &hf_password_must_change, add_abstime_absent_never, PARAM_DWORD },
1052 { &hf_server_name, add_stringz_pointer_param, PARAM_STRINGZ },
1053 { &hf_logon_domain, add_stringz_pointer_param, PARAM_STRINGZ },
1054 { &hf_script_path, add_stringz_pointer_param, PARAM_STRINGZ },
1055 { &hf_reserved, add_dword_param, PARAM_DWORD },
1056 { NULL, NULL, PARAM_NONE }
1059 static const item_list_t lm_data_resp_netwkstauserlogon[] = {
1060 { 1, lm_data_resp_netwkstauserlogon_1 },
1064 static const item_t lm_params_req_netwkstauserlogoff[] = {
1065 { &hf_user_name, add_byte_param, PARAM_BYTES },
1066 { &no_hf, add_pad_param, PARAM_BYTES },
1067 { &hf_workstation_name, add_byte_param, PARAM_BYTES },
1068 { NULL, NULL, PARAM_NONE }
1071 static const item_t lm_params_resp_netwkstauserlogoff[] = {
1072 { &hf_abytes, add_word_param, PARAM_WORD },
1073 { NULL, NULL, PARAM_NONE }
1076 static const item_t lm_data_resp_netwkstauserlogoff_1[] = {
1077 { &hf_logoff_code, add_word_param, PARAM_WORD },
1078 { &hf_duration, add_reltime, PARAM_DWORD },
1079 { &hf_num_logons, add_nlogons, PARAM_WORD },
1080 { NULL, NULL, PARAM_NONE }
1083 static const item_list_t lm_data_resp_netwkstauserlogoff[] = {
1084 { 1, lm_data_resp_netwkstauserlogoff_1 },
1088 static const item_t lm_params_req_samoemchangepassword[] = {
1089 { &hf_user_name, add_string_param, PARAM_STRINGZ },
1090 { NULL, NULL, PARAM_NONE }
1093 static const item_t lm_data_req_samoemchangepassword[] = {
1094 { &hf_new_password, add_byte_param, PARAM_BYTES },
1095 { &hf_old_password, add_byte_param, PARAM_BYTES },
1096 { NULL, NULL, PARAM_NONE }
1099 #define API_NetShareEnum 0
1100 #define API_NetShareGetInfo 1
1101 #define API_NetShareSetInfo 2
1102 #define API_NetShareAdd 3
1103 #define API_NetShareDel 4
1104 #define API_NetShareCheck 5
1105 #define API_NetSessionEnum 6
1106 #define API_NetSessionGetInfo 7
1107 #define API_NetSessionDel 8
1108 #define API_WconnectionEnum 9
1109 #define API_NetFileEnum 10
1110 #define API_NetFileGetInfo 11
1111 #define API_NetFileClose 12
1112 #define API_NetServerGetInfo 13
1113 #define API_NetServerSetInfo 14
1114 #define API_NetServerDiskEnum 15
1115 #define API_NetServerAdminCommand 16
1116 #define API_NetAuditOpen 17
1117 #define API_NetAuditClear 18
1118 #define API_NetErrorLogOpen 19
1119 #define API_NetErrorLogClear 20
1120 #define API_NetCharDevEnum 21
1121 #define API_NetCharDevGetInfo 22
1122 #define API_NetCharDevControl 23
1123 #define API_NetCharDevQEnum 24
1124 #define API_NetCharDevQGetInfo 25
1125 #define API_NetCharDevQSetInfo 26
1126 #define API_NetCharDevQPurge 27
1127 #define API_NetCharDevQPurgeSelf 28
1128 #define API_NetMessageNameEnum 29
1129 #define API_NetMessageNameGetInfo 30
1130 #define API_NetMessageNameAdd 31
1131 #define API_NetMessageNameDel 32
1132 #define API_NetMessageNameFwd 33
1133 #define API_NetMessageNameUnFwd 34
1134 #define API_NetMessageBufferSend 35
1135 #define API_NetMessageFileSend 36
1136 #define API_NetMessageLogFileSet 37
1137 #define API_NetMessageLogFileGet 38
1138 #define API_NetServiceEnum 39
1139 #define API_NetServiceInstall 40
1140 #define API_NetServiceControl 41
1141 #define API_NetAccessEnum 42
1142 #define API_NetAccessGetInfo 43
1143 #define API_NetAccessSetInfo 44
1144 #define API_NetAccessAdd 45
1145 #define API_NetAccessDel 46
1146 #define API_NetGroupEnum 47
1147 #define API_NetGroupAdd 48
1148 #define API_NetGroupDel 49
1149 #define API_NetGroupAddUser 50
1150 #define API_NetGroupDelUser 51
1151 #define API_NetGroupGetUsers 52
1152 #define API_NetUserEnum 53
1153 #define API_NetUserAdd 54
1154 #define API_NetUserDel 55
1155 #define API_NetUserGetInfo 56
1156 #define API_NetUserSetInfo 57
1157 #define API_NetUserPasswordSet 58
1158 #define API_NetUserGetGroups 59
1159 /*This line and number replaced a Dead Entry for 60 */
1160 /*This line and number replaced a Dead Entry for 61 */
1161 #define API_NetWkstaSetUID 62
1162 #define API_NetWkstaGetInfo 63
1163 #define API_NetWkstaSetInfo 64
1164 #define API_NetUseEnum 65
1165 #define API_NetUseAdd 66
1166 #define API_NetUseDel 67
1167 #define API_NetUseGetInfo 68
1168 #define API_WPrintQEnum 69
1169 #define API_WPrintQGetInfo 70
1170 #define API_WPrintQSetInfo 71
1171 #define API_WPrintQAdd 72
1172 #define API_WPrintQDel 73
1173 #define API_WPrintQPause 74
1174 #define API_WPrintQContinue 75
1175 #define API_WPrintJobEnum 76
1176 #define API_WPrintJobGetInfo 77
1177 #define API_WPrintJobSetInfo_OLD 78
1178 /* This line and number replaced a Dead Entry for 79 */
1179 /* This line and number replaced a Dead Entry for 80 */
1180 #define API_WPrintJobDel 81
1181 #define API_WPrintJobPause 82
1182 #define API_WPrintJobContinue 83
1183 #define API_WPrintDestEnum 84
1184 #define API_WPrintDestGetInfo 85
1185 #define API_WPrintDestControl 86
1186 #define API_NetProfileSave 87
1187 #define API_NetProfileLoad 88
1188 #define API_NetStatisticsGet 89
1189 #define API_NetStatisticsClear 90
1190 #define API_NetRemoteTOD 91
1191 #define API_WNetBiosEnum 92
1192 #define API_WNetBiosGetInfo 93
1193 #define API_NetServerEnum 94
1194 #define API_I_NetServerEnum 95
1195 #define API_NetServiceGetInfo 96
1196 /* This line and number replaced a Dead Entry for 97 */
1197 /* This line and number replaced a Dead Entry for 98 */
1198 /* This line and number replaced a Dead Entry for 99 */
1199 /* This line and number replaced a Dead Entry for 100 */
1200 /* This line and number replaced a Dead Entry for 101 */
1201 /* This line and number replaced a Dead Entry for 102 */
1202 #define API_WPrintQPurge 103
1203 #define API_NetServerEnum2 104
1204 #define API_NetAccessGetUserPerms 105
1205 #define API_NetGroupGetInfo 106
1206 #define API_NetGroupSetInfo 107
1207 #define API_NetGroupSetUsers 108
1208 #define API_NetUserSetGroups 109
1209 #define API_NetUserModalsGet 110
1210 #define API_NetUserModalsSet 111
1211 #define API_NetFileEnum2 112
1212 #define API_NetUserAdd2 113
1213 #define API_NetUserSetInfo2 114
1214 #define API_NetUserPasswordSet2 115
1215 #define API_I_NetServerEnum2 116
1216 #define API_NetConfigGet2 117
1217 #define API_NetConfigGetAll2 118
1218 #define API_NetGetDCName 119
1219 #define API_NetHandleGetInfo 120
1220 #define API_NetHandleSetInfo 121
1221 #define API_NetStatisticsGet2 122
1222 #define API_WBuildGetInfo 123
1223 #define API_NetFileGetInfo2 124
1224 #define API_NetFileClose2 125
1225 #define API_NetServerReqChallenge 126
1226 #define API_NetServerAuthenticate 127
1227 #define API_NetServerPasswordSet 128
1228 #define API_WNetAccountDeltas 129
1229 #define API_WNetAccountSync 130
1230 #define API_NetUserEnum2 131
1231 #define API_NetWkstaUserLogon 132
1232 #define API_NetWkstaUserLogoff 133
1233 #define API_NetLogonEnum 134
1234 #define API_NetErrorLogRead 135
1235 #define API_I_NetPathType 136
1236 #define API_I_NetPathCanonicalize 137
1237 #define API_I_NetPathCompare 138
1238 #define API_I_NetNameValidate 139
1239 #define API_I_NetNameCanonicalize 140
1240 #define API_I_NetNameCompare 141
1241 #define API_NetAuditRead 142
1242 #define API_WPrintDestAdd 143
1243 #define API_WPrintDestSetInfo 144
1244 #define API_WPrintDestDel 145
1245 #define API_NetUserValidate2 146
1246 #define API_WPrintJobSetInfo 147
1247 #define API_TI_NetServerDiskEnum 148
1248 #define API_TI_NetServerDiskGetInfo 149
1249 #define API_TI_FTVerifyMirror 150
1250 #define API_TI_FTAbortVerify 151
1251 #define API_TI_FTGetInfo 152
1252 #define API_TI_FTSetInfo 153
1253 #define API_TI_FTLockDisk 154
1254 #define API_TI_FTFixError 155
1255 #define API_TI_FTAbortFix 156
1256 #define API_TI_FTDiagnoseError 157
1257 #define API_TI_FTGetDriveStats 158
1258 /* This line and number replaced a Dead Entry for 159 */
1259 #define API_TI_FTErrorGetInfo 160
1260 /* This line and number replaced a Dead Entry for 161 */
1261 /* This line and number replaced a Dead Entry for 162 */
1262 #define API_NetAccessCheck 163
1263 #define API_NetAlertRaise 164
1264 #define API_NetAlertStart 165
1265 #define API_NetAlertStop 166
1266 #define API_NetAuditWrite 167
1267 #define API_NetIRemoteAPI 168
1268 #define API_NetServiceStatus 169
1269 #define API_I_NetServerRegister 170
1270 #define API_I_NetServerDeregister 171
1271 #define API_I_NetSessionEntryMake 172
1272 #define API_I_NetSessionEntryClear 173
1273 #define API_I_NetSessionEntryGetInfo 174
1274 #define API_I_NetSessionEntrySetInfo 175
1275 #define API_I_NetConnectionEntryMake 176
1276 #define API_I_NetConnectionEntryClear 177
1277 #define API_I_NetConnectionEntrySetInfo 178
1278 #define API_I_NetConnectionEntryGetInfo 179
1279 #define API_I_NetFileEntryMake 180
1280 #define API_I_NetFileEntryClear 181
1281 #define API_I_NetFileEntrySetInfo 182
1282 #define API_I_NetFileEntryGetInfo 183
1283 #define API_AltSrvMessageBufferSend 184
1284 #define API_AltSrvMessageFileSend 185
1285 #define API_wI_NetRplWkstaEnum 186
1286 #define API_wI_NetRplWkstaGetInfo 187
1287 #define API_wI_NetRplWkstaSetInfo 188
1288 #define API_wI_NetRplWkstaAdd 189
1289 #define API_wI_NetRplWkstaDel 190
1290 #define API_wI_NetRplProfileEnum 191
1291 #define API_wI_NetRplProfileGetInfo 192
1292 #define API_wI_NetRplProfileSetInfo 193
1293 #define API_wI_NetRplProfileAdd 194
1294 #define API_wI_NetRplProfileDel 195
1295 #define API_wI_NetRplProfileClone 196
1296 #define API_wI_NetRplBaseProfileEnum 197
1297 /* This line and number replaced a Dead Entry for 198 */
1298 /* This line and number replaced a Dead Entry for 199 */
1299 /* This line and number replaced a Dead Entry for 200 */
1300 #define API_WIServerSetInfo 201
1301 /* This line and number replaced a Dead Entry for 202 */
1302 /* This line and number replaced a Dead Entry for 203 */
1303 /* This line and number replaced a Dead Entry for 204 */
1304 #define API_WPrintDriverEnum 205
1305 #define API_WPrintQProcessorEnum 206
1306 #define API_WPrintPortEnum 207
1307 #define API_WNetWriteUpdateLog 208
1308 #define API_WNetAccountUpdate 209
1309 #define API_WNetAccountConfirmUpdate 210
1310 #define API_NetConfigSet 211
1311 #define API_WAccountsReplicate 212
1312 /* 213 is used by WfW */
1313 #define API_SamOEMChgPasswordUser2_P 214
1314 #define API_NetServerEnum3 215
1315 /* XXX - what about 216 through 249? */
1316 #define API_WPrintDriverGetInfo 250
1317 #define API_WPrintDriverSetInfo 251
1318 #define API_NetAliasAdd 252
1319 #define API_NetAliasDel 253
1320 #define API_NetAliasGetInfo 254
1321 #define API_NetAliasSetInfo 255
1322 #define API_NetAliasEnum 256
1323 #define API_NetUserGetLogonAsn 257
1324 #define API_NetUserSetLogonAsn 258
1325 #define API_NetUserGetAppSel 259
1326 #define API_NetUserSetAppSel 260
1327 #define API_NetAppAdd 261
1328 #define API_NetAppDel 262
1329 #define API_NetAppGetInfo 263
1330 #define API_NetAppSetInfo 264
1331 #define API_NetAppEnum 265
1332 #define API_NetUserDCDBInit 266
1333 #define API_NetDASDAdd 267
1334 #define API_NetDASDDel 268
1335 #define API_NetDASDGetInfo 269
1336 #define API_NetDASDSetInfo 270
1337 #define API_NetDASDEnum 271
1338 #define API_NetDASDCheck 272
1339 #define API_NetDASDCtl 273
1340 #define API_NetUserRemoteLogonCheck 274
1341 #define API_NetUserPasswordSet3 275
1342 #define API_NetCreateRIPLMachine 276
1343 #define API_NetDeleteRIPLMachine 277
1344 #define API_NetGetRIPLMachineInfo 278
1345 #define API_NetSetRIPLMachineInfo 279
1346 #define API_NetEnumRIPLMachine 280
1347 #define API_I_ShareAdd 281
1348 #define API_I_AliasEnum 282
1349 #define API_NetAccessApply 283
1350 #define API_WPrt16Query 284
1351 #define API_WPrt16Set 285
1352 #define API_NetUserDel100 286
1353 #define API_NetUserRemoteLogonCheck2 287
1354 #define API_WRemoteTODSet 294
1355 #define API_WPrintJobMoveAll 295
1356 #define API_W16AppParmAdd 296
1357 #define API_W16AppParmDel 297
1358 #define API_W16AppParmGet 298
1359 #define API_W16AppParmSet 299
1360 #define API_W16RIPLMachineCreate 300
1361 #define API_W16RIPLMachineGetInfo 301
1362 #define API_W16RIPLMachineSetInfo 302
1363 #define API_W16RIPLMachineEnum 303
1364 #define API_W16RIPLMachineListParmEnum 304
1365 #define API_W16RIPLMachClassGetInfo 305
1366 #define API_W16RIPLMachClassEnum 306
1367 #define API_W16RIPLMachClassCreate 307
1368 #define API_W16RIPLMachClassSetInfo 308
1369 #define API_W16RIPLMachClassDelete 309
1370 #define API_W16RIPLMachClassLPEnum 310
1371 #define API_W16RIPLMachineDelete 311
1372 #define API_W16WSLevelGetInfo 312
1373 #define API_NetServerNameAdd 313
1374 #define API_NetServerNameDel 314
1375 #define API_NetServerNameEnum 315
1376 #define API_I_WDASDEnum 316
1377 #define API_I_WDASDEnumTerminate 317
1378 #define API_I_WDASDSetInfo2 318
1380 static const struct lanman_desc lmd[] = {
1382 lm_params_req_netshareenum,
1387 lm_params_resp_netshareenum,
1390 netshareenum_share_entry,
1392 lm_data_resp_netshareenum,
1395 { API_NetShareGetInfo,
1396 lm_params_req_netsharegetinfo,
1401 lm_params_resp_netsharegetinfo,
1406 lm_data_resp_netsharegetinfo,
1409 { API_NetServerGetInfo,
1410 lm_params_req_netservergetinfo,
1415 lm_params_resp_netservergetinfo,
1423 { API_NetUserGetInfo,
1424 lm_params_req_netusergetinfo,
1429 lm_params_resp_netusergetinfo,
1434 lm_data_resp_netusergetinfo,
1437 { API_NetUserGetGroups,
1438 lm_params_req_netusergetgroups,
1443 lm_params_resp_netusergetgroups,
1448 lm_data_resp_netusergetgroups,
1462 lm_data_resp_netremotetod,
1465 { API_NetServerEnum2,
1466 lm_params_req_netserverenum2,
1471 lm_params_resp_netserverenum2,
1473 &ett_lanman_servers,
1474 netserverenum2_server_entry,
1479 { API_NetWkstaGetInfo,
1480 lm_params_req_netwkstagetinfo,
1485 lm_params_resp_netwkstagetinfo,
1490 lm_data_resp_netwkstagetinfo,
1493 { API_NetWkstaUserLogon,
1494 lm_params_req_netwkstauserlogon,
1499 lm_params_resp_netwkstauserlogon,
1504 lm_data_resp_netwkstauserlogon,
1507 { API_NetWkstaUserLogoff,
1508 lm_params_req_netwkstauserlogoff,
1513 lm_params_resp_netwkstauserlogoff,
1518 lm_data_resp_netwkstauserlogoff,
1521 { API_SamOEMChgPasswordUser2_P,
1522 lm_params_req_samoemchangepassword,
1525 lm_data_req_samoemchangepassword,
1545 &ett_lanman_unknown_entry,
1550 static const struct lanman_desc *
1551 find_lanman(int lanman_num)
1555 for (i = 0; lmd[i].lanman_num != -1; i++) {
1556 if (lmd[i].lanman_num == lanman_num)
1562 static const guchar *
1563 get_count(const guchar *desc, int *countp)
1568 if (!isdigit(*desc)) {
1569 *countp = 1; /* no count was supplied */
1573 while ((c = *desc) != '\0' && isdigit(c)) {
1574 count = (count * 10) + c - '0';
1578 *countp = count; /* XXX - what if it's 0? */
1583 dissect_request_parameters(tvbuff_t *tvb, int offset, packet_info *pinfo,
1584 proto_tree *tree, const guchar *desc, const item_t *items,
1585 gboolean *has_data_p)
1593 *has_data_p = FALSE;
1594 while ((c = *desc++) != '\0') {
1599 * A 16-bit word value in the request.
1601 if (items->func == NULL) {
1603 * We've run out of items in the table;
1604 * fall back on the default.
1606 offset = add_word_param(tvb, offset, 0, pinfo,
1608 } else if (items->type != PARAM_WORD) {
1610 * Descriptor character is 'W', but this
1611 * isn't a word parameter.
1613 WParam = tvb_get_letohs(tvb, offset);
1614 proto_tree_add_text(tree, tvb, offset, 2,
1615 "%s: Value is %u (0x%04X), type is wrong (W)",
1616 (*items->hf_index == -1) ?
1618 proto_registrar_get_name(*items->hf_index),
1623 offset = (*items->func)(tvb, offset, 0, pinfo,
1624 tree, 0, *items->hf_index);
1631 * A 32-bit doubleword value in the request.
1633 if (items->func == NULL) {
1635 * We've run out of items in the table;
1636 * fall back on the default.
1638 offset = add_dword_param(tvb, offset, 0, pinfo,
1640 } else if (items->type != PARAM_DWORD) {
1642 * Descriptor character is 'D', but this
1643 * isn't a doubleword parameter.
1645 LParam = tvb_get_letohl(tvb, offset);
1646 proto_tree_add_text(tree, tvb, offset, 2,
1647 "%s: Value is %u (0x%08X), type is wrong (D)",
1648 (*items->hf_index == -1) ?
1649 "Doubleword Param" :
1650 proto_registrar_get_name(*items->hf_index),
1655 offset = (*items->func)(tvb, offset, 0, pinfo,
1656 tree, 0, *items->hf_index);
1663 * A byte or multi-byte value in the request.
1665 desc = get_count(desc, &count);
1666 if (items->func == NULL) {
1668 * We've run out of items in the table;
1669 * fall back on the default.
1671 offset = add_byte_param(tvb, offset, count,
1672 pinfo, tree, 0, -1);
1673 } else if (items->type != PARAM_BYTES) {
1675 * Descriptor character is 'b', but this
1676 * isn't a byte/bytes parameter.
1678 proto_tree_add_text(tree, tvb, offset, count,
1679 "%s: Value is %s, type is wrong (b)",
1680 (*items->hf_index == -1) ?
1682 proto_registrar_get_name(*items->hf_index),
1683 tvb_bytes_to_str(tvb, offset, count));
1687 offset = (*items->func)(tvb, offset, count,
1688 pinfo, tree, 0, *items->hf_index);
1697 if (items->func == NULL) {
1699 * We've run out of items in the table;
1700 * fall back on the default.
1702 add_null_pointer_param(tvb, offset, 0,
1703 pinfo, tree, 0, -1);
1706 * If "*items->hf_index" is -1, this is
1707 * a reserved must-be-null field; don't
1708 * clutter the protocol tree by putting
1711 if (*items->hf_index != -1) {
1712 add_null_pointer_param(tvb,
1713 offset, 0, pinfo, tree, 0,
1722 * A null-terminated ASCII string.
1724 if (items->func == NULL) {
1726 * We've run out of items in the table;
1727 * fall back on the default.
1729 offset = add_string_param(tvb, offset, 0,
1730 pinfo, tree, 0, -1);
1731 } else if (items->type != PARAM_STRINGZ) {
1733 * Descriptor character is 'z', but this
1734 * isn't a string parameter.
1736 string_len = tvb_strsize(tvb, offset);
1737 proto_tree_add_text(tree, tvb, offset, string_len,
1738 "%s: Value is %s, type is wrong (z)",
1739 (*items->hf_index == -1) ?
1741 proto_registrar_get_name(*items->hf_index),
1742 tvb_format_text(tvb, offset, string_len));
1743 offset += string_len;
1746 offset = (*items->func)(tvb, offset, 0,
1747 pinfo, tree, 0, *items->hf_index);
1754 * One or more pad bytes.
1756 desc = get_count(desc, &count);
1757 proto_tree_add_text(tree, tvb, offset, count,
1764 * 16-bit receive buffer length.
1766 proto_tree_add_item(tree, hf_recv_buf_len, tvb,
1773 * 32-bit send buffer offset.
1774 * This appears not to be sent over the wire.
1781 * 16-bit send buffer length.
1783 proto_tree_add_item(tree, hf_send_buf_len, tvb,
1796 dissect_response_parameters(tvbuff_t *tvb, int offset, packet_info *pinfo,
1797 proto_tree *tree, const guchar *desc, const item_t *items,
1798 gboolean *has_data_p, gboolean *has_ent_count_p, guint16 *ent_count_p)
1805 *has_data_p = FALSE;
1806 *has_ent_count_p = FALSE;
1807 while ((c = *desc++) != '\0') {
1812 * 32-bit receive buffer offset.
1819 * A byte or series of bytes is returned.
1821 desc = get_count(desc, &count);
1822 if (items->func == NULL) {
1824 * We've run out of items in the table;
1825 * fall back on the default.
1827 offset = add_byte_param(tvb, offset, count,
1828 pinfo, tree, 0, -1);
1829 } else if (items->type != PARAM_BYTES) {
1831 * Descriptor character is 'b', but this
1832 * isn't a byte/bytes parameter.
1834 proto_tree_add_text(tree, tvb, offset, count,
1835 "%s: Value is %s, type is wrong (g)",
1836 (*items->hf_index == -1) ?
1838 proto_registrar_get_name(*items->hf_index),
1839 tvb_bytes_to_str(tvb, offset, count));
1843 offset = (*items->func)(tvb, offset, count,
1844 pinfo, tree, 0, *items->hf_index);
1851 * A 16-bit word is received.
1853 if (items->func == NULL) {
1855 * We've run out of items in the table;
1856 * fall back on the default.
1858 offset = add_word_param(tvb, offset, 0, pinfo,
1860 } else if (items->type != PARAM_WORD) {
1862 * Descriptor character is 'h', but this
1863 * isn't a word parameter.
1865 WParam = tvb_get_letohs(tvb, offset);
1866 proto_tree_add_text(tree, tvb, offset, 2,
1867 "%s: Value is %u (0x%04X), type is wrong (W)",
1868 (*items->hf_index == -1) ?
1870 proto_registrar_get_name(*items->hf_index),
1875 offset = (*items->func)(tvb, offset, 0, pinfo,
1876 tree, 0, *items->hf_index);
1883 * A 32-bit doubleword is received.
1885 if (items->func == NULL) {
1887 * We've run out of items in the table;
1888 * fall back on the default.
1890 offset = add_dword_param(tvb, offset, 0, pinfo,
1892 } else if (items->type != PARAM_DWORD) {
1894 * Descriptor character is 'i', but this
1895 * isn't a doubleword parameter.
1897 LParam = tvb_get_letohl(tvb, offset);
1898 proto_tree_add_text(tree, tvb, offset, 2,
1899 "%s: Value is %u (0x%08X), type is wrong (i)",
1900 (*items->hf_index == -1) ?
1901 "Doubleword Param" :
1902 proto_registrar_get_name(*items->hf_index),
1907 offset = (*items->func)(tvb, offset, 0, pinfo,
1908 tree, 0, *items->hf_index);
1915 * A 16-bit entry count is returned.
1917 WParam = tvb_get_letohs(tvb, offset);
1918 proto_tree_add_uint(tree, hf_ecount, tvb, offset, 2,
1921 *has_ent_count_p = TRUE;
1922 *ent_count_p = WParam; /* Save this for later retrieval */
1933 dissect_transact_data(tvbuff_t *tvb, int offset, int convert,
1934 packet_info *pinfo, proto_tree *tree, const guchar *desc,
1935 const item_t *items, guint16 *aux_count_p)
1945 if (aux_count_p != NULL)
1948 while ((c = *desc++) != '\0') {
1953 * A 16-bit word value.
1954 * XXX - handle the count?
1956 desc = get_count(desc, &count);
1957 if (items->func == NULL) {
1959 * We've run out of items in the table;
1960 * fall back on the default.
1962 offset = add_word_param(tvb, offset, 0, pinfo,
1964 } else if (items->type != PARAM_WORD) {
1966 * Descriptor character is 'W', but this
1967 * isn't a word parameter.
1969 WParam = tvb_get_letohs(tvb, offset);
1970 proto_tree_add_text(tree, tvb, offset, 2,
1971 "%s: Value is %u (0x%04X), type is wrong (W)",
1972 (*items->hf_index == -1) ?
1974 proto_registrar_get_name(*items->hf_index),
1979 offset = (*items->func)(tvb, offset, 0, pinfo,
1980 tree, convert, *items->hf_index);
1987 * A 32-bit doubleword value.
1988 * XXX - handle the count?
1990 desc = get_count(desc, &count);
1991 if (items->func == NULL) {
1993 * We've run out of items in the table;
1994 * fall back on the default.
1996 offset = add_dword_param(tvb, offset, 0, pinfo,
1998 } else if (items->type != PARAM_DWORD) {
2000 * Descriptor character is 'D', but this
2001 * isn't a doubleword parameter.
2003 LParam = tvb_get_letohl(tvb, offset);
2004 proto_tree_add_text(tree, tvb, offset, 2,
2005 "%s: Value is %u (0x%08X), type is wrong (D)",
2006 (*items->hf_index == -1) ?
2007 "Doubleword Param" :
2008 proto_registrar_get_name(*items->hf_index),
2013 offset = (*items->func)(tvb, offset, 0, pinfo,
2014 tree, convert, *items->hf_index);
2021 * A byte or multi-byte value.
2023 desc = get_count(desc, &count);
2024 if (items->func == NULL) {
2026 * We've run out of items in the table;
2027 * fall back on the default.
2029 offset = add_byte_param(tvb, offset, count,
2030 pinfo, tree, convert, -1);
2031 } else if (items->type != PARAM_BYTES) {
2033 * Descriptor character is 'B', but this
2034 * isn't a byte/bytes parameter.
2036 proto_tree_add_text(tree, tvb, offset, count,
2037 "%s: Value is %s, type is wrong (B)",
2038 (*items->hf_index == -1) ?
2040 proto_registrar_get_name(*items->hf_index),
2041 tvb_bytes_to_str(tvb, offset, count));
2045 offset = (*items->func)(tvb, offset, count,
2046 pinfo, tree, convert, *items->hf_index);
2055 if (items->func == NULL) {
2057 * We've run out of items in the table;
2058 * fall back on the default.
2060 add_null_pointer_param(tvb, offset, 0,
2061 pinfo, tree, convert, -1);
2064 * If "*items->hf_index" is -1, this is
2065 * a reserved must-be-null field; don't
2066 * clutter the protocol tree by putting
2069 if (*items->hf_index != -1) {
2070 add_null_pointer_param(tvb,
2071 offset, 0, pinfo, tree, convert,
2080 * A pointer to a null-terminated ASCII string.
2082 if (items->func == NULL) {
2084 * We've run out of items in the table;
2085 * fall back on the default.
2087 offset = add_stringz_pointer_param(tvb, offset,
2088 0, pinfo, tree, convert, -1);
2089 } else if (items->type != PARAM_STRINGZ) {
2091 * Descriptor character is 'z', but this
2092 * isn't a string parameter.
2094 string = get_stringz_pointer_value(tvb, offset,
2095 convert, &cptr, &string_len);
2097 proto_tree_add_text(tree, tvb, cptr, string_len,
2098 "%s: Value is %s, type is wrong (z)",
2099 (*items->hf_index == -1) ?
2101 proto_registrar_get_name(*items->hf_index),
2105 offset = (*items->func)(tvb, offset, 0,
2106 pinfo, tree, convert, *items->hf_index);
2113 * A pointer to a byte or multi-byte value.
2115 desc = get_count(desc, &count);
2116 if (items->func == NULL) {
2118 * We've run out of items in the table;
2119 * fall back on the default.
2121 offset = add_bytes_pointer_param(tvb, offset,
2122 count, pinfo, tree, convert, -1);
2123 } else if (items->type != PARAM_BYTES) {
2125 * Descriptor character is 'b', but this
2126 * isn't a byte/bytes parameter.
2128 cptr = (tvb_get_letohl(tvb, offset)&0xffff)-convert;
2130 proto_tree_add_text(tree, tvb, offset, count,
2131 "%s: Value is %s, type is wrong (b)",
2132 (*items->hf_index == -1) ?
2134 proto_registrar_get_name(*items->hf_index),
2135 tvb_bytes_to_str(tvb, cptr, count));
2138 offset = (*items->func)(tvb, offset, count,
2139 pinfo, tree, convert, *items->hf_index);
2146 * 16-bit auxiliary data structure count.
2149 WParam = tvb_get_letohs(tvb, offset);
2150 proto_tree_add_text(tree, tvb, offset, 2,
2152 "Auxiliary data structure count",
2155 if (aux_count_p != NULL)
2156 *aux_count_p = WParam; /* Save this for later retrieval */
2166 static const value_string commands[] = {
2167 {API_NetShareEnum, "NetShareEnum"},
2168 {API_NetShareGetInfo, "NetShareGetInfo"},
2169 {API_NetShareSetInfo, "NetShareSetInfo"},
2170 {API_NetShareAdd, "NetShareAdd"},
2171 {API_NetShareDel, "NetShareDel"},
2172 {API_NetShareCheck, "NetShareCheck"},
2173 {API_NetSessionEnum, "NetSessionEnum"},
2174 {API_NetSessionGetInfo, "NetSessionGetInfo"},
2175 {API_NetSessionDel, "NetSessionDel"},
2176 {API_WconnectionEnum, "NetConnectionEnum"},
2177 {API_NetFileEnum, "NetFileEnum"},
2178 {API_NetFileGetInfo, "NetFileGetInfo"},
2179 {API_NetFileClose, "NetFileClose"},
2180 {API_NetServerGetInfo, "NetServerGetInfo"},
2181 {API_NetServerSetInfo, "NetServerSetInfo"},
2182 {API_NetServerDiskEnum, "NetServerDiskEnum"},
2183 {API_NetServerAdminCommand, "NetServerAdminCommand"},
2184 {API_NetAuditOpen, "NetAuditOpen"},
2185 {API_NetAuditClear, "NetAuditClear"},
2186 {API_NetErrorLogOpen, "NetErrorLogOpen"},
2187 {API_NetErrorLogClear, "NetErrorLogClear"},
2188 {API_NetCharDevEnum, "NetCharDevEnum"},
2189 {API_NetCharDevGetInfo, "NetCharDevGetInfo"},
2190 {API_NetCharDevControl, "NetCharDevControl"},
2191 {API_NetCharDevQEnum, "NetCharDevQEnum"},
2192 {API_NetCharDevQGetInfo, "NetCharDevQGetInfo"},
2193 {API_NetCharDevQSetInfo, "NetCharDevQSetInfo"},
2194 {API_NetCharDevQPurge, "NetCharDevQPurge"},
2195 {API_NetCharDevQPurgeSelf, "NetCharDevQPurgeSelf"},
2196 {API_NetMessageNameEnum, "NetMessageNameEnum"},
2197 {API_NetMessageNameGetInfo, "NetMessageNameGetInfo"},
2198 {API_NetMessageNameAdd, "NetMessageNameAdd"},
2199 {API_NetMessageNameDel, "NetMessageNameDel"},
2200 {API_NetMessageNameFwd, "NetMessageNameFwd"},
2201 {API_NetMessageNameUnFwd, "NetMessageNameUnFwd"},
2202 {API_NetMessageBufferSend, "NetMessageBufferSend"},
2203 {API_NetMessageFileSend, "NetMessageFileSend"},
2204 {API_NetMessageLogFileSet, "NetMessageLogFileSet"},
2205 {API_NetMessageLogFileGet, "NetMessageLogFileGet"},
2206 {API_NetServiceEnum, "NetServiceEnum"},
2207 {API_NetServiceInstall, "NetServiceInstall"},
2208 {API_NetServiceControl, "NetServiceControl"},
2209 {API_NetAccessEnum, "NetAccessEnum"},
2210 {API_NetAccessGetInfo, "NetAccessGetInfo"},
2211 {API_NetAccessSetInfo, "NetAccessSetInfo"},
2212 {API_NetAccessAdd, "NetAccessAdd"},
2213 {API_NetAccessDel, "NetAccessDel"},
2214 {API_NetGroupEnum, "NetGroupEnum"},
2215 {API_NetGroupAdd, "NetGroupAdd"},
2216 {API_NetGroupDel, "NetGroupDel"},
2217 {API_NetGroupAddUser, "NetGroupAddUser"},
2218 {API_NetGroupDelUser, "NetGroupDelUser"},
2219 {API_NetGroupGetUsers, "NetGroupGetUsers"},
2220 {API_NetUserEnum, "NetUserEnum"},
2221 {API_NetUserAdd, "NetUserAdd"},
2222 {API_NetUserDel, "NetUserDel"},
2223 {API_NetUserGetInfo, "NetUserGetInfo"},
2224 {API_NetUserSetInfo, "NetUserSetInfo"},
2225 {API_NetUserPasswordSet, "NetUserPasswordSet"},
2226 {API_NetUserGetGroups, "NetUserGetGroups"},
2227 {API_NetWkstaSetUID, "NetWkstaSetUID"},
2228 {API_NetWkstaGetInfo, "NetWkstaGetInfo"},
2229 {API_NetWkstaSetInfo, "NetWkstaSetInfo"},
2230 {API_NetUseEnum, "NetUseEnum"},
2231 {API_NetUseAdd, "NetUseAdd"},
2232 {API_NetUseDel, "NetUseDel"},
2233 {API_NetUseGetInfo, "NetUseGetInfo"},
2234 {API_WPrintQEnum, "WPrintQEnum"},
2235 {API_WPrintQGetInfo, "WPrintQGetInfo"},
2236 {API_WPrintQSetInfo, "WPrintQSetInfo"},
2237 {API_WPrintQAdd, "WPrintQAdd"},
2238 {API_WPrintQDel, "WPrintQDel"},
2239 {API_WPrintQPause, "WPrintQPause"},
2240 {API_WPrintQContinue, "WPrintQContinue"},
2241 {API_WPrintJobEnum, "WPrintJobEnum"},
2242 {API_WPrintJobGetInfo, "WPrintJobGetInfo"},
2243 {API_WPrintJobSetInfo_OLD, "WPrintJobSetInfo_OLD"},
2244 {API_WPrintJobDel, "WPrintJobDel"},
2245 {API_WPrintJobPause, "WPrintJobPause"},
2246 {API_WPrintJobContinue, "WPrintJobContinue"},
2247 {API_WPrintDestEnum, "WPrintDestEnum"},
2248 {API_WPrintDestGetInfo, "WPrintDestGetInfo"},
2249 {API_WPrintDestControl, "WPrintDestControl"},
2250 {API_NetProfileSave, "NetProfileSave"},
2251 {API_NetProfileLoad, "NetProfileLoad"},
2252 {API_NetStatisticsGet, "NetStatisticsGet"},
2253 {API_NetStatisticsClear, "NetStatisticsClear"},
2254 {API_NetRemoteTOD, "NetRemoteTOD"},
2255 {API_WNetBiosEnum, "WNetBiosEnum"},
2256 {API_WNetBiosGetInfo, "WNetBiosGetInfo"},
2257 {API_NetServerEnum, "NetServerEnum"},
2258 {API_I_NetServerEnum, "I_NetServerEnum"},
2259 {API_NetServiceGetInfo, "NetServiceGetInfo"},
2260 {API_WPrintQPurge, "WPrintQPurge"},
2261 {API_NetServerEnum2, "NetServerEnum2"},
2262 {API_NetAccessGetUserPerms, "NetAccessGetUserPerms"},
2263 {API_NetGroupGetInfo, "NetGroupGetInfo"},
2264 {API_NetGroupSetInfo, "NetGroupSetInfo"},
2265 {API_NetGroupSetUsers, "NetGroupSetUsers"},
2266 {API_NetUserSetGroups, "NetUserSetGroups"},
2267 {API_NetUserModalsGet, "NetUserModalsGet"},
2268 {API_NetUserModalsSet, "NetUserModalsSet"},
2269 {API_NetFileEnum2, "NetFileEnum2"},
2270 {API_NetUserAdd2, "NetUserAdd2"},
2271 {API_NetUserSetInfo2, "NetUserSetInfo2"},
2272 {API_NetUserPasswordSet2, "SetUserPassword"},
2273 {API_I_NetServerEnum2, "I_NetServerEnum2"},
2274 {API_NetConfigGet2, "NetConfigGet2"},
2275 {API_NetConfigGetAll2, "NetConfigGetAll2"},
2276 {API_NetGetDCName, "NetGetDCName"},
2277 {API_NetHandleGetInfo, "NetHandleGetInfo"},
2278 {API_NetHandleSetInfo, "NetHandleSetInfo"},
2279 {API_NetStatisticsGet2, "NetStatisticsGet2"},
2280 {API_WBuildGetInfo, "WBuildGetInfo"},
2281 {API_NetFileGetInfo2, "NetFileGetInfo2"},
2282 {API_NetFileClose2, "NetFileClose2"},
2283 {API_NetServerReqChallenge, "NetServerReqChallenge"},
2284 {API_NetServerAuthenticate, "NetServerAuthenticate"},
2285 {API_NetServerPasswordSet, "NetServerPasswordSet"},
2286 {API_WNetAccountDeltas, "WNetAccountDeltas"},
2287 {API_WNetAccountSync, "WNetAccountSync"},
2288 {API_NetUserEnum2, "NetUserEnum2"},
2289 {API_NetWkstaUserLogon, "NetWkstaUserLogon"},
2290 {API_NetWkstaUserLogoff, "NetWkstaUserLogoff"},
2291 {API_NetLogonEnum, "NetLogonEnum"},
2292 {API_NetErrorLogRead, "NetErrorLogRead"},
2293 {API_I_NetPathType, "I_NetPathType"},
2294 {API_I_NetPathCanonicalize, "I_NetPathCanonicalize"},
2295 {API_I_NetPathCompare, "I_NetPathCompare"},
2296 {API_I_NetNameValidate, "I_NetNameValidate"},
2297 {API_I_NetNameCanonicalize, "I_NetNameCanonicalize"},
2298 {API_I_NetNameCompare, "I_NetNameCompare"},
2299 {API_NetAuditRead, "NetAuditRead"},
2300 {API_WPrintDestAdd, "WPrintDestAdd"},
2301 {API_WPrintDestSetInfo, "WPrintDestSetInfo"},
2302 {API_WPrintDestDel, "WPrintDestDel"},
2303 {API_NetUserValidate2, "NetUserValidate2"},
2304 {API_WPrintJobSetInfo, "WPrintJobSetInfo"},
2305 {API_TI_NetServerDiskEnum, "TI_NetServerDiskEnum"},
2306 {API_TI_NetServerDiskGetInfo, "TI_NetServerDiskGetInfo"},
2307 {API_TI_FTVerifyMirror, "TI_FTVerifyMirror"},
2308 {API_TI_FTAbortVerify, "TI_FTAbortVerify"},
2309 {API_TI_FTGetInfo, "TI_FTGetInfo"},
2310 {API_TI_FTSetInfo, "TI_FTSetInfo"},
2311 {API_TI_FTLockDisk, "TI_FTLockDisk"},
2312 {API_TI_FTFixError, "TI_FTFixError"},
2313 {API_TI_FTAbortFix, "TI_FTAbortFix"},
2314 {API_TI_FTDiagnoseError, "TI_FTDiagnoseError"},
2315 {API_TI_FTGetDriveStats, "TI_FTGetDriveStats"},
2316 {API_TI_FTErrorGetInfo, "TI_FTErrorGetInfo"},
2317 {API_NetAccessCheck, "NetAccessCheck"},
2318 {API_NetAlertRaise, "NetAlertRaise"},
2319 {API_NetAlertStart, "NetAlertStart"},
2320 {API_NetAlertStop, "NetAlertStop"},
2321 {API_NetAuditWrite, "NetAuditWrite"},
2322 {API_NetIRemoteAPI, "NetIRemoteAPI"},
2323 {API_NetServiceStatus, "NetServiceStatus"},
2324 {API_I_NetServerRegister, "I_NetServerRegister"},
2325 {API_I_NetServerDeregister, "I_NetServerDeregister"},
2326 {API_I_NetSessionEntryMake, "I_NetSessionEntryMake"},
2327 {API_I_NetSessionEntryClear, "I_NetSessionEntryClear"},
2328 {API_I_NetSessionEntryGetInfo, "I_NetSessionEntryGetInfo"},
2329 {API_I_NetSessionEntrySetInfo, "I_NetSessionEntrySetInfo"},
2330 {API_I_NetConnectionEntryMake, "I_NetConnectionEntryMake"},
2331 {API_I_NetConnectionEntryClear, "I_NetConnectionEntryClear"},
2332 {API_I_NetConnectionEntrySetInfo, "I_NetConnectionEntrySetInfo"},
2333 {API_I_NetConnectionEntryGetInfo, "I_NetConnectionEntryGetInfo"},
2334 {API_I_NetFileEntryMake, "I_NetFileEntryMake"},
2335 {API_I_NetFileEntryClear, "I_NetFileEntryClear"},
2336 {API_I_NetFileEntrySetInfo, "I_NetFileEntrySetInfo"},
2337 {API_I_NetFileEntryGetInfo, "I_NetFileEntryGetInfo"},
2338 {API_AltSrvMessageBufferSend, "AltSrvMessageBufferSend"},
2339 {API_AltSrvMessageFileSend, "AltSrvMessageFileSend"},
2340 {API_wI_NetRplWkstaEnum, "wI_NetRplWkstaEnum"},
2341 {API_wI_NetRplWkstaGetInfo, "wI_NetRplWkstaGetInfo"},
2342 {API_wI_NetRplWkstaSetInfo, "wI_NetRplWkstaSetInfo"},
2343 {API_wI_NetRplWkstaAdd, "wI_NetRplWkstaAdd"},
2344 {API_wI_NetRplWkstaDel, "wI_NetRplWkstaDel"},
2345 {API_wI_NetRplProfileEnum, "wI_NetRplProfileEnum"},
2346 {API_wI_NetRplProfileGetInfo, "wI_NetRplProfileGetInfo"},
2347 {API_wI_NetRplProfileSetInfo, "wI_NetRplProfileSetInfo"},
2348 {API_wI_NetRplProfileAdd, "wI_NetRplProfileAdd"},
2349 {API_wI_NetRplProfileDel, "wI_NetRplProfileDel"},
2350 {API_wI_NetRplProfileClone, "wI_NetRplProfileClone"},
2351 {API_wI_NetRplBaseProfileEnum, "wI_NetRplBaseProfileEnum"},
2352 {API_WIServerSetInfo, "WIServerSetInfo"},
2353 {API_WPrintDriverEnum, "WPrintDriverEnum"},
2354 {API_WPrintQProcessorEnum, "WPrintQProcessorEnum"},
2355 {API_WPrintPortEnum, "WPrintPortEnum"},
2356 {API_WNetWriteUpdateLog, "WNetWriteUpdateLog"},
2357 {API_WNetAccountUpdate, "WNetAccountUpdate"},
2358 {API_WNetAccountConfirmUpdate, "WNetAccountConfirmUpdate"},
2359 {API_NetConfigSet, "NetConfigSet"},
2360 {API_WAccountsReplicate, "WAccountsReplicate"},
2361 {API_SamOEMChgPasswordUser2_P, "SamOEMChangePassword"},
2362 {API_NetServerEnum3, "NetServerEnum3"},
2363 {API_WPrintDriverGetInfo, "WPrintDriverGetInfo"},
2364 {API_WPrintDriverSetInfo, "WPrintDriverSetInfo"},
2365 {API_NetAliasAdd, "NetAliasAdd"},
2366 {API_NetAliasDel, "NetAliasDel"},
2367 {API_NetAliasGetInfo, "NetAliasGetInfo"},
2368 {API_NetAliasSetInfo, "NetAliasSetInfo"},
2369 {API_NetAliasEnum, "NetAliasEnum"},
2370 {API_NetUserGetLogonAsn, "NetUserGetLogonAsn"},
2371 {API_NetUserSetLogonAsn, "NetUserSetLogonAsn"},
2372 {API_NetUserGetAppSel, "NetUserGetAppSel"},
2373 {API_NetUserSetAppSel, "NetUserSetAppSel"},
2374 {API_NetAppAdd, "NetAppAdd"},
2375 {API_NetAppDel, "NetAppDel"},
2376 {API_NetAppGetInfo, "NetAppGetInfo"},
2377 {API_NetAppSetInfo, "NetAppSetInfo"},
2378 {API_NetAppEnum, "NetAppEnum"},
2379 {API_NetUserDCDBInit, "NetUserDCDBInit"},
2380 {API_NetDASDAdd, "NetDASDAdd"},
2381 {API_NetDASDDel, "NetDASDDel"},
2382 {API_NetDASDGetInfo, "NetDASDGetInfo"},
2383 {API_NetDASDSetInfo, "NetDASDSetInfo"},
2384 {API_NetDASDEnum, "NetDASDEnum"},
2385 {API_NetDASDCheck, "NetDASDCheck"},
2386 {API_NetDASDCtl, "NetDASDCtl"},
2387 {API_NetUserRemoteLogonCheck, "NetUserRemoteLogonCheck"},
2388 {API_NetUserPasswordSet3, "NetUserPasswordSet3"},
2389 {API_NetCreateRIPLMachine, "NetCreateRIPLMachine"},
2390 {API_NetDeleteRIPLMachine, "NetDeleteRIPLMachine"},
2391 {API_NetGetRIPLMachineInfo, "NetGetRIPLMachineInfo"},
2392 {API_NetSetRIPLMachineInfo, "NetSetRIPLMachineInfo"},
2393 {API_NetEnumRIPLMachine, "NetEnumRIPLMachine"},
2394 {API_I_ShareAdd, "I_ShareAdd"},
2395 {API_I_AliasEnum, "I_AliasEnum"},
2396 {API_NetAccessApply, "NetAccessApply"},
2397 {API_WPrt16Query, "WPrt16Query"},
2398 {API_WPrt16Set, "WPrt16Set"},
2399 {API_NetUserDel100, "NetUserDel100"},
2400 {API_NetUserRemoteLogonCheck2, "NetUserRemoteLogonCheck2"},
2401 {API_WRemoteTODSet, "WRemoteTODSet"},
2402 {API_WPrintJobMoveAll, "WPrintJobMoveAll"},
2403 {API_W16AppParmAdd, "W16AppParmAdd"},
2404 {API_W16AppParmDel, "W16AppParmDel"},
2405 {API_W16AppParmGet, "W16AppParmGet"},
2406 {API_W16AppParmSet, "W16AppParmSet"},
2407 {API_W16RIPLMachineCreate, "W16RIPLMachineCreate"},
2408 {API_W16RIPLMachineGetInfo, "W16RIPLMachineGetInfo"},
2409 {API_W16RIPLMachineSetInfo, "W16RIPLMachineSetInfo"},
2410 {API_W16RIPLMachineEnum, "W16RIPLMachineEnum"},
2411 {API_W16RIPLMachineListParmEnum, "W16RIPLMachineListParmEnum"},
2412 {API_W16RIPLMachClassGetInfo, "W16RIPLMachClassGetInfo"},
2413 {API_W16RIPLMachClassEnum, "W16RIPLMachClassEnum"},
2414 {API_W16RIPLMachClassCreate, "W16RIPLMachClassCreate"},
2415 {API_W16RIPLMachClassSetInfo, "W16RIPLMachClassSetInfo"},
2416 {API_W16RIPLMachClassDelete, "W16RIPLMachClassDelete"},
2417 {API_W16RIPLMachClassLPEnum, "W16RIPLMachClassLPEnum"},
2418 {API_W16RIPLMachineDelete, "W16RIPLMachineDelete"},
2419 {API_W16WSLevelGetInfo, "W16WSLevelGetInfo"},
2420 {API_NetServerNameAdd, "NetServerNameAdd"},
2421 {API_NetServerNameDel, "NetServerNameDel"},
2422 {API_NetServerNameEnum, "NetServerNameEnum"},
2423 {API_I_WDASDEnum, "I_WDASDEnum"},
2424 {API_I_WDASDEnumTerminate, "I_WDASDEnumTerminate"},
2425 {API_I_WDASDSetInfo2, "I_WDASDSetInfo2"},
2430 dissect_response_data(tvbuff_t *tvb, packet_info *pinfo, int convert,
2431 proto_tree *tree, struct smb_info *smb_info,
2432 const struct lanman_desc *lanman, gboolean has_ent_count,
2435 smb_transact_info_t *trp = smb_info->sip->extra_info;
2436 const item_list_t *resp_data_list;
2437 int offset, start_offset;
2440 const item_t *resp_data;
2441 proto_item *data_item;
2442 proto_tree *data_tree;
2443 proto_item *entry_item;
2444 proto_tree *entry_tree;
2449 * Find the item table for the matching request's detail level.
2451 for (resp_data_list = lanman->resp_data_list;
2452 resp_data_list->level != -1; resp_data_list++) {
2453 if (resp_data_list->level == trp->info_level)
2456 resp_data = resp_data_list->item_list;
2459 if (has_ent_count) {
2461 * The data is a list of entries; create a protocol tree item
2465 label = lanman->resp_data_entry_list_label;
2468 if (lanman->ett_data_entry_list != NULL)
2469 ett = *lanman->ett_data_entry_list;
2471 ett = ett_lanman_unknown_entries;
2472 data_item = proto_tree_add_text(tree, tvb, offset, -1,
2474 data_tree = proto_item_add_subtree(data_item, ett);
2481 * Just leave it at the top level.
2487 if (trp->data_descrip == NULL) {
2489 * This could happen if we only dissected
2490 * part of the request to which this is a
2491 * reply, e.g. if the request was split
2492 * across TCP segments and we weren't doing
2493 * TCP desegmentation, or if we had a snapshot
2494 * length that was too short.
2496 * We can't dissect the data; just show it as raw data or,
2497 * if we've already created a top-level item, note that
2498 * no descriptor is available.
2500 if (has_ent_count) {
2501 if (data_item != NULL) {
2502 proto_item_append_text(data_item,
2503 " (No descriptor available)");
2506 proto_tree_add_text(data_tree, tvb, offset, -1,
2507 "Data (no descriptor available)");
2509 offset += tvb_length_remaining(tvb, offset);
2512 * If we have an entry count, show all the entries,
2513 * with each one having a protocol tree item.
2515 * Otherwise, we just show one returned item, with
2516 * no protocol tree item.
2520 for (i = 0; i < ent_count; i++) {
2521 start_offset = offset;
2522 if (has_ent_count &&
2523 lanman->resp_data_element_item != NULL) {
2525 * Create a protocol tree item for the
2529 (*lanman->resp_data_element_item)
2530 (tvb, data_tree, offset);
2531 entry_tree = proto_item_add_subtree(
2533 *lanman->ett_resp_data_element_item);
2536 * Just leave it at the current
2540 entry_tree = data_tree;
2543 offset = dissect_transact_data(tvb, offset,
2544 convert, pinfo, entry_tree,
2545 trp->data_descrip, resp_data, &aux_count);
2547 /* auxiliary data */
2548 if (trp->aux_data_descrip != NULL) {
2549 for (j = 0; j < aux_count; j++) {
2550 offset = dissect_transact_data(
2551 tvb, offset, convert,
2554 lanman->resp_aux_data, NULL);
2558 if (entry_item != NULL) {
2560 * Set the length of the protocol tree
2561 * item for the entry.
2563 proto_item_set_len(entry_item,
2564 offset - start_offset);
2569 if (data_item != NULL) {
2571 * Set the length of the protocol tree item
2574 proto_item_set_len(data_item, offset);
2579 dissect_pipe_lanman(tvbuff_t *pd_tvb, tvbuff_t *p_tvb, tvbuff_t *d_tvb,
2580 packet_info *pinfo, proto_tree *parent_tree)
2582 smb_info_t *smb_info = pinfo->private_data;
2583 smb_transact_info_t *trp = smb_info->sip->extra_info;
2584 int offset = 0, start_offset;
2588 const struct lanman_desc *lanman;
2589 proto_item *item = NULL;
2590 proto_tree *tree = NULL;
2591 guint descriptor_len;
2592 const gchar *param_descrip, *data_descrip, *aux_data_descrip = NULL;
2594 gboolean has_ent_count;
2595 guint16 ent_count, aux_count;
2597 proto_item *data_item;
2598 proto_tree *data_tree;
2600 if (!proto_is_protocol_enabled(proto_smb_lanman))
2602 if (smb_info->request && p_tvb == NULL) {
2604 * Requests must have parameters.
2608 pinfo->current_proto = "LANMAN";
2610 if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
2611 col_set_str(pinfo->cinfo, COL_PROTOCOL, "LANMAN");
2615 item = proto_tree_add_item(parent_tree, proto_smb_lanman,
2616 pd_tvb, 0, -1, FALSE);
2617 tree = proto_item_add_subtree(item, ett_lanman);
2620 if (smb_info->request) { /* this is a request */
2622 cmd = tvb_get_letohs(p_tvb, offset);
2623 if (check_col(pinfo->cinfo, COL_INFO)) {
2624 col_add_fstr(pinfo->cinfo, COL_INFO, "%s Request", val_to_str(cmd, commands, "Unknown Command (%u)"));
2626 proto_tree_add_uint(tree, hf_function_code, p_tvb, offset, 2,
2631 * If we haven't already done so, save the function code in
2632 * the structure we were handed, so that it's available to
2633 * the code parsing the reply, and initialize the detail
2634 * level to -1, meaning "unknown".
2636 if (!pinfo->fd->flags.visited) {
2637 trp->lanman_cmd = cmd;
2638 trp->info_level = -1;
2639 trp->param_descrip=NULL;
2640 trp->data_descrip=NULL;
2641 trp->aux_data_descrip=NULL;
2644 /* parameter descriptor */
2645 descriptor_len = tvb_strsize(p_tvb, offset);
2646 proto_tree_add_item(tree, hf_param_desc, p_tvb, offset,
2647 descriptor_len, TRUE);
2648 param_descrip = tvb_get_ptr(p_tvb, offset, descriptor_len);
2649 if (!pinfo->fd->flags.visited) {
2651 * Save the parameter descriptor for future use.
2653 g_assert(trp->param_descrip == NULL);
2654 trp->param_descrip = g_strdup(param_descrip);
2656 offset += descriptor_len;
2658 /* return descriptor */
2659 descriptor_len = tvb_strsize(p_tvb, offset);
2660 proto_tree_add_item(tree, hf_return_desc, p_tvb, offset,
2661 descriptor_len, TRUE);
2662 data_descrip = tvb_get_ptr(p_tvb, offset, descriptor_len);
2663 if (!pinfo->fd->flags.visited) {
2665 * Save the return descriptor for future use.
2667 g_assert(trp->data_descrip == NULL);
2668 trp->data_descrip = g_strdup(data_descrip);
2670 offset += descriptor_len;
2672 lanman = find_lanman(cmd);
2674 /* request parameters */
2675 start_offset = offset;
2676 offset = dissect_request_parameters(p_tvb, offset, pinfo, tree,
2677 param_descrip, lanman->req, &has_data);
2679 /* auxiliary data descriptor */
2680 if (tvb_reported_length_remaining(p_tvb, offset) > 0){
2682 * There are more parameters left, so the next
2683 * item is the auxiliary data descriptor.
2685 descriptor_len = tvb_strsize(p_tvb, offset);
2686 proto_tree_add_item(tree, hf_aux_data_desc, p_tvb, offset,
2687 descriptor_len, TRUE);
2688 aux_data_descrip = tvb_get_ptr(p_tvb, offset, descriptor_len);
2689 if (!pinfo->fd->flags.visited) {
2691 * Save the auxiliary data descriptor for
2694 g_assert(trp->aux_data_descrip == NULL);
2695 trp->aux_data_descrip =
2696 g_strdup(aux_data_descrip);
2698 offset += descriptor_len;
2701 /* reset offset, we now start dissecting the data area */
2703 if (has_data && d_tvb && tvb_reported_length(d_tvb) != 0) {
2705 * There's a send buffer item in the descriptor
2706 * string, and the data count in the transaction
2707 * is non-zero, so there's data to dissect.
2710 if (lanman->req_data_item != NULL) {
2712 * Create a protocol tree item for the data.
2714 data_item = (*lanman->req_data_item)(d_tvb,
2715 pinfo, tree, offset);
2716 data_tree = proto_item_add_subtree(data_item,
2717 *lanman->ett_req_data);
2720 * Just leave it at the top level.
2727 offset = dissect_transact_data(d_tvb, offset, -1,
2728 pinfo, data_tree, data_descrip, lanman->req_data,
2729 &aux_count); /* XXX - what about strings? */
2731 /* auxiliary data */
2732 if (aux_data_descrip != NULL) {
2733 for (i = 0; i < aux_count; i++) {
2734 offset = dissect_transact_data(d_tvb,
2735 offset, -1, pinfo, data_tree,
2737 lanman->req_aux_data, NULL);
2741 if (data_item != NULL) {
2743 * Set the length of the protocol tree item
2746 proto_item_set_len(data_item, offset);
2751 * This is a response.
2752 * Have we seen the request to which it's a response?
2755 return FALSE; /* no - can't dissect it */
2757 /* ok we have seen this one before */
2759 /* if it looks like an interim response, update COL_INFO and return */
2760 if( ( (p_tvb==NULL) || (tvb_reported_length(p_tvb)==0) )
2761 && ( (d_tvb==NULL) || (tvb_reported_length(d_tvb)==0) ) ){
2763 if (check_col(pinfo->cinfo, COL_INFO)) {
2764 col_add_fstr(pinfo->cinfo, COL_INFO, "%s Interim Response",
2765 val_to_str(trp->lanman_cmd, commands, "Unknown Command (%u)"));
2767 proto_tree_add_uint(tree, hf_function_code, p_tvb, 0, 0, trp->lanman_cmd);
2772 if (check_col(pinfo->cinfo, COL_INFO)) {
2773 col_add_fstr(pinfo->cinfo, COL_INFO, "%s Response",
2774 val_to_str(trp->lanman_cmd, commands, "Unknown Command (%u)"));
2776 proto_tree_add_uint(tree, hf_function_code, p_tvb, 0, 0,
2779 lanman = find_lanman(trp->lanman_cmd);
2781 /* response parameters */
2784 status = tvb_get_letohs(p_tvb, offset);
2785 proto_tree_add_uint(tree, hf_status, p_tvb, offset, 2, status);
2789 convert = tvb_get_letohs(p_tvb, offset);
2790 proto_tree_add_uint(tree, hf_convert, p_tvb, offset, 2, convert);
2793 if (trp->param_descrip == NULL) {
2795 * This could happen if we only dissected
2796 * part of the request to which this is a
2797 * reply, e.g. if the request was split
2798 * across TCP segments and we weren't doing
2799 * TCP desegmentation, or if we had a snapshot
2800 * length that was too short.
2802 * We can't dissect the parameters; just show them
2805 proto_tree_add_text(tree, p_tvb, offset, -1,
2806 "Parameters (no descriptor available)");
2809 * We don't know whether we have a receive buffer,
2810 * as we don't have the descriptor; just show what
2811 * bytes purport to be data.
2813 if (d_tvb && tvb_reported_length(d_tvb) > 0) {
2814 proto_tree_add_text(tree, d_tvb, 0, -1,
2815 "Data (no descriptor available)");
2818 /* rest of the parameters */
2819 offset = dissect_response_parameters(p_tvb, offset,
2820 pinfo, tree, trp->param_descrip, lanman->resp,
2821 &has_data, &has_ent_count, &ent_count);
2823 /* reset offset, we now start dissecting the data area */
2826 if (d_tvb && tvb_reported_length(d_tvb) > 0) {
2828 * Well, there are bytes that purport to
2829 * be data, at least.
2833 * There's a receive buffer item
2834 * in the descriptor string, so
2835 * dissect it as response data.
2837 dissect_response_data(d_tvb, pinfo,
2838 convert, tree, smb_info, lanman,
2839 has_ent_count, ent_count);
2842 * There's no receive buffer item,
2843 * but we do have data, so just
2844 * show what bytes are data.
2846 proto_tree_add_text(tree, d_tvb, 0, -1,
2847 "Data (no receive buffer)");
2857 proto_register_pipe_lanman(void)
2859 static hf_register_info hf[] = {
2860 { &hf_function_code,
2861 { "Function Code", "lanman.function_code", FT_UINT16, BASE_DEC,
2862 VALS(commands), 0, "LANMAN Function Code/Command", HFILL }},
2865 { "Parameter Descriptor", "lanman.param_desc", FT_STRING, BASE_NONE,
2866 NULL, 0, "LANMAN Parameter Descriptor", HFILL }},
2869 { "Return Descriptor", "lanman.ret_desc", FT_STRING, BASE_NONE,
2870 NULL, 0, "LANMAN Return Descriptor", HFILL }},
2872 { &hf_aux_data_desc,
2873 { "Auxiliary Data Descriptor", "lanman.aux_data_desc", FT_STRING, BASE_NONE,
2874 NULL, 0, "LANMAN Auxiliary Data Descriptor", HFILL }},
2877 { "Detail Level", "lanman.level", FT_UINT16, BASE_DEC,
2878 NULL, 0, "LANMAN Detail Level", HFILL }},
2881 { "Receive Buffer Length", "lanman.recv_buf_len", FT_UINT16, BASE_DEC,
2882 NULL, 0, "LANMAN Receive Buffer Length", HFILL }},
2885 { "Send Buffer Length", "lanman.send_buf_len", FT_UINT16, BASE_DEC,
2886 NULL, 0, "LANMAN Send Buffer Length", HFILL }},
2888 { &hf_continuation_from,
2889 { "Continuation from message in frame", "lanman.continuation_from", FT_UINT32, BASE_DEC,
2890 NULL, 0, "This is a LANMAN continuation from the message in the frame in question", HFILL }},
2893 { "Status", "lanman.status", FT_UINT16, BASE_DEC,
2894 VALS(status_vals), 0, "LANMAN Return status", HFILL }},
2897 { "Convert", "lanman.convert", FT_UINT16, BASE_DEC,
2898 NULL, 0, "LANMAN Convert", HFILL }},
2901 { "Entry Count", "lanman.entry_count", FT_UINT16, BASE_DEC,
2902 NULL, 0, "LANMAN Number of Entries", HFILL }},
2905 { "Available Entries", "lanman.available_count", FT_UINT16, BASE_DEC,
2906 NULL, 0, "LANMAN Number of Available Entries", HFILL }},
2909 { "Share Name", "lanman.share.name", FT_STRING, BASE_NONE,
2910 NULL, 0, "LANMAN Name of Share", HFILL }},
2913 { "Share Type", "lanman.share.type", FT_UINT16, BASE_DEC,
2914 VALS(share_type_vals), 0, "LANMAN Type of Share", HFILL }},
2916 { &hf_share_comment,
2917 { "Share Comment", "lanman.share.comment", FT_STRING, BASE_NONE,
2918 NULL, 0, "LANMAN Share Comment", HFILL }},
2920 { &hf_share_permissions,
2921 { "Share Permissions", "lanman.share.permissions", FT_UINT16, BASE_DEC,
2922 NULL, 0, "LANMAN Permissions on share", HFILL }},
2924 { &hf_share_max_uses,
2925 { "Share Max Uses", "lanman.share.max_uses", FT_UINT16, BASE_DEC,
2926 NULL, 0, "LANMAN Max connections allowed to share", HFILL }},
2928 { &hf_share_current_uses,
2929 { "Share Current Uses", "lanman.share.current_uses", FT_UINT16, BASE_DEC,
2930 NULL, 0, "LANMAN Current connections to share", HFILL }},
2933 { "Share Path", "lanman.share.path", FT_STRING, BASE_NONE,
2934 NULL, 0, "LANMAN Share Path", HFILL }},
2936 { &hf_share_password,
2937 { "Share Password", "lanman.share.password", FT_STRING, BASE_NONE,
2938 NULL, 0, "LANMAN Share Password", HFILL }},
2941 { "Server Name", "lanman.server.name", FT_STRING, BASE_NONE,
2942 NULL, 0, "LANMAN Name of Server", HFILL }},
2945 { "Major Version", "lanman.server.major", FT_UINT8, BASE_DEC,
2946 NULL, 0, "LANMAN Server Major Version", HFILL }},
2949 { "Minor Version", "lanman.server.minor", FT_UINT8, BASE_DEC,
2950 NULL, 0, "LANMAN Server Minor Version", HFILL }},
2952 { &hf_server_comment,
2953 { "Server Comment", "lanman.server.comment", FT_STRING, BASE_NONE,
2954 NULL, 0, "LANMAN Server Comment", HFILL }},
2957 { "Available Bytes", "lanman.available_bytes", FT_UINT16, BASE_DEC,
2958 NULL, 0, "LANMAN Number of Available Bytes", HFILL }},
2961 { "Current Date/Time", "lanman.current_time", FT_ABSOLUTE_TIME, BASE_NONE,
2962 NULL, 0, "LANMAN Current date and time, in seconds since 00:00:00, January 1, 1970", HFILL }},
2965 { "Milliseconds", "lanman.msecs", FT_UINT32, BASE_DEC,
2966 NULL, 0, "LANMAN Milliseconds since arbitrary time in the past (typically boot time)", HFILL }},
2969 { "Hour", "lanman.hour", FT_UINT8, BASE_DEC,
2970 NULL, 0, "LANMAN Current hour", HFILL }},
2973 { "Minute", "lanman.minute", FT_UINT8, BASE_DEC,
2974 NULL, 0, "LANMAN Current minute", HFILL }},
2977 { "Second", "lanman.second", FT_UINT8, BASE_DEC,
2978 NULL, 0, "LANMAN Current second", HFILL }},
2981 { "Hundredths of a second", "lanman.hundredths", FT_UINT8, BASE_DEC,
2982 NULL, 0, "LANMAN Current hundredths of a second", HFILL }},
2985 { "Time Zone Offset", "lanman.tzoffset", FT_INT16, BASE_DEC,
2986 NULL, 0, "LANMAN Offset of time zone from GMT, in minutes", HFILL }},
2989 { "Time Interval", "lanman.timeinterval", FT_UINT16, BASE_DEC,
2990 NULL, 0, "LANMAN .0001 second units per clock tick", HFILL }},
2993 { "Day", "lanman.day", FT_UINT8, BASE_DEC,
2994 NULL, 0, "LANMAN Current day", HFILL }},
2997 { "Month", "lanman.month", FT_UINT8, BASE_DEC,
2998 NULL, 0, "LANMAN Current month", HFILL }},
3001 { "Year", "lanman.year", FT_UINT16, BASE_DEC,
3002 NULL, 0, "LANMAN Current year", HFILL }},
3005 { "Weekday", "lanman.weekday", FT_UINT8, BASE_DEC,
3006 VALS(weekday_vals), 0, "LANMAN Current day of the week", HFILL }},
3008 { &hf_enumeration_domain,
3009 { "Enumeration Domain", "lanman.enumeration_domain", FT_STRING, BASE_NONE,
3010 NULL, 0, "LANMAN Domain in which to enumerate servers", HFILL }},
3012 { &hf_computer_name,
3013 { "Computer Name", "lanman.computer_name", FT_STRING, BASE_NONE,
3014 NULL, 0, "LANMAN Computer Name", HFILL }},
3017 { "User Name", "lanman.user_name", FT_STRING, BASE_NONE,
3018 NULL, 0, "LANMAN User Name", HFILL }},
3021 { "Group Name", "lanman.group_name", FT_STRING, BASE_NONE,
3022 NULL, 0, "LANMAN Group Name", HFILL }},
3024 { &hf_workstation_domain,
3025 { "Workstation Domain", "lanman.workstation_domain", FT_STRING, BASE_NONE,
3026 NULL, 0, "LANMAN Workstation Domain", HFILL }},
3028 { &hf_workstation_major,
3029 { "Workstation Major Version", "lanman.workstation_major", FT_UINT8, BASE_DEC,
3030 NULL, 0, "LANMAN Workstation Major Version", HFILL }},
3032 { &hf_workstation_minor,
3033 { "Workstation Minor Version", "lanman.workstation_minor", FT_UINT8, BASE_DEC,
3034 NULL, 0, "LANMAN Workstation Minor Version", HFILL }},
3037 { "Logon Domain", "lanman.logon_domain", FT_STRING, BASE_NONE,
3038 NULL, 0, "LANMAN Logon Domain", HFILL }},
3040 { &hf_other_domains,
3041 { "Other Domains", "lanman.other_domains", FT_STRING, BASE_NONE,
3042 NULL, 0, "LANMAN Other Domains", HFILL }},
3045 { "Password", "lanman.password", FT_STRING, BASE_NONE,
3046 NULL, 0, "LANMAN Password", HFILL }},
3048 { &hf_workstation_name,
3049 { "Workstation Name", "lanman.workstation_name", FT_STRING, BASE_NONE,
3050 NULL, 0, "LANMAN Workstation Name", HFILL }},
3053 { "Length of UStruct", "lanman.ustruct_size", FT_UINT16, BASE_DEC,
3054 NULL, 0, "LANMAN UStruct Length", HFILL }},
3057 { "Logon Code", "lanman.logon_code", FT_UINT16, BASE_DEC,
3058 VALS(status_vals), 0, "LANMAN Logon Code", HFILL }},
3060 { &hf_privilege_level,
3061 { "Privilege Level", "lanman.privilege_level", FT_UINT16, BASE_DEC,
3062 VALS(privilege_vals), 0, "LANMAN Privilege Level", HFILL }},
3064 { &hf_operator_privileges,
3065 { "Operator Privileges", "lanman.operator_privileges", FT_UINT32, BASE_DEC,
3066 VALS(op_privilege_vals), 0, "LANMAN Operator Privileges", HFILL }},
3069 { "Number of Logons", "lanman.num_logons", FT_UINT16, BASE_DEC,
3070 NULL, 0, "LANMAN Number of Logons", HFILL }},
3073 { "Bad Password Count", "lanman.bad_pw_count", FT_UINT16, BASE_DEC,
3074 NULL, 0, "LANMAN Number of incorrect passwords entered since last successful login", HFILL }},
3077 { "Last Logon Date/Time", "lanman.last_logon", FT_ABSOLUTE_TIME, BASE_NONE,
3078 NULL, 0, "LANMAN Date and time of last logon", HFILL }},
3081 { "Last Logoff Date/Time", "lanman.last_logoff", FT_ABSOLUTE_TIME, BASE_NONE,
3082 NULL, 0, "LANMAN Date and time of last logoff", HFILL }},
3085 { "Logoff Date/Time", "lanman.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
3086 NULL, 0, "LANMAN Date and time when user should log off", HFILL }},
3089 { "Kickoff Date/Time", "lanman.kickoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
3090 NULL, 0, "LANMAN Date and time when user will be logged off", HFILL }},
3093 { "Password Age", "lanman.password_age", FT_RELATIVE_TIME, BASE_NONE,
3094 NULL, 0, "LANMAN Time since user last changed his/her password", HFILL }},
3096 { &hf_password_can_change,
3097 { "Password Can Change", "lanman.password_can_change", FT_ABSOLUTE_TIME, BASE_NONE,
3098 NULL, 0, "LANMAN Date and time when user can change their password", HFILL }},
3100 { &hf_password_must_change,
3101 { "Password Must Change", "lanman.password_must_change", FT_ABSOLUTE_TIME, BASE_NONE,
3102 NULL, 0, "LANMAN Date and time when user must change their password", HFILL }},
3105 { "Script Path", "lanman.script_path", FT_STRING, BASE_NONE,
3106 NULL, 0, "LANMAN Pathname of user's logon script", HFILL }},
3109 { "Logoff Code", "lanman.logoff_code", FT_UINT16, BASE_DEC,
3110 VALS(status_vals), 0, "LANMAN Logoff Code", HFILL }},
3113 { "Duration of Session", "lanman.duration", FT_RELATIVE_TIME, BASE_NONE,
3114 NULL, 0, "LANMAN Number of seconds the user was logged on", HFILL }},
3117 { "Comment", "lanman.comment", FT_STRING, BASE_NONE,
3118 NULL, 0, "LANMAN Comment", HFILL }},
3121 { "User Comment", "lanman.user_comment", FT_STRING, BASE_NONE,
3122 NULL, 0, "LANMAN User Comment", HFILL }},
3125 { "Full Name", "lanman.full_name", FT_STRING, BASE_NONE,
3126 NULL, 0, "LANMAN Full Name", HFILL }},
3129 { "Home Directory", "lanman.homedir", FT_STRING, BASE_NONE,
3130 NULL, 0, "LANMAN Home Directory", HFILL }},
3133 { "Parameters", "lanman.parameters", FT_STRING, BASE_NONE,
3134 NULL, 0, "LANMAN Parameters", HFILL }},
3137 { "Logon Server", "lanman.logon_server", FT_STRING, BASE_NONE,
3138 NULL, 0, "LANMAN Logon Server", HFILL }},
3140 /* XXX - we should have a value_string table for this */
3142 { "Country Code", "lanman.country_code", FT_UINT16, BASE_DEC,
3143 VALS(ms_country_codes), 0, "LANMAN Country Code", HFILL }},
3146 { "Workstations", "lanman.workstations", FT_STRING, BASE_NONE,
3147 NULL, 0, "LANMAN Workstations", HFILL }},
3150 { "Max Storage", "lanman.max_storage", FT_UINT32, BASE_DEC,
3151 NULL, 0, "LANMAN Max Storage", HFILL }},
3153 { &hf_units_per_week,
3154 { "Units Per Week", "lanman.units_per_week", FT_UINT16, BASE_DEC,
3155 NULL, 0, "LANMAN Units Per Week", HFILL }},
3158 { "Logon Hours", "lanman.logon_hours", FT_BYTES, BASE_NONE,
3159 NULL, 0, "LANMAN Logon Hours", HFILL }},
3161 /* XXX - we should have a value_string table for this */
3163 { "Code Page", "lanman.code_page", FT_UINT16, BASE_DEC,
3164 NULL, 0, "LANMAN Code Page", HFILL }},
3167 { "New Password", "lanman.new_password", FT_BYTES, BASE_HEX,
3168 NULL, 0, "LANMAN New Password (encrypted)", HFILL }},
3171 { "Old Password", "lanman.old_password", FT_BYTES, BASE_HEX,
3172 NULL, 0, "LANMAN Old Password (encrypted)", HFILL }},
3175 { "Reserved", "lanman.reserved", FT_UINT32, BASE_HEX,
3176 NULL, 0, "LANMAN Reserved", HFILL }},
3179 static gint *ett[] = {
3181 &ett_lanman_unknown_entries,
3182 &ett_lanman_unknown_entry,
3183 &ett_lanman_servers,
3190 proto_smb_lanman = proto_register_protocol(
3191 "Microsoft Windows Lanman Remote API Protocol", "LANMAN", "lanman");
3192 proto_register_field_array(proto_smb_lanman, hf, array_length(hf));
3193 proto_register_subtree_array(ett, array_length(ett));
3196 static heur_dissector_list_t smb_transact_heur_subdissector_list;
3199 dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree,
3200 proto_tree *tree, guint32 fid)
3202 dcerpc_private_info dcerpc_priv;
3203 smb_info_t *smb_priv = (smb_info_t *)pinfo->private_data;
3205 gboolean save_fragmented;
3208 dcerpc_priv.transport_type = DCERPC_TRANSPORT_SMB;
3209 dcerpc_priv.data.smb.fid = fid;
3211 pinfo->private_data = &dcerpc_priv;
3214 * Offer desegmentation service to DCERPC if we have all the
3215 * data. Otherwise, reassembly is (probably) impossible.
3217 pinfo->can_desegment=0;
3218 pinfo->desegment_offset = 0;
3219 pinfo->desegment_len = 0;
3220 reported_len = tvb_reported_length(d_tvb);
3221 if(smb_dcerpc_reassembly && tvb_bytes_exist(d_tvb, 0, reported_len)){
3222 pinfo->can_desegment=2;
3225 save_fragmented = pinfo->fragmented;
3227 /* see if this packet is already desegmented */
3228 if(smb_dcerpc_reassembly && pinfo->fd->flags.visited){
3229 fragment_data *fd_head;
3232 fd_head=fragment_get(pinfo, pinfo->fd->num ,
3233 dcerpc_fragment_table);
3234 if(fd_head && fd_head->flags&FD_DEFRAGMENTED){
3235 new_tvb = tvb_new_real_data(fd_head->data,
3236 fd_head->datalen, fd_head->datalen);
3237 tvb_set_child_real_data_tvbuff(d_tvb, new_tvb);
3238 add_new_data_source(pinfo, new_tvb,
3240 pinfo->fragmented=FALSE;
3244 /* list what segments we have */
3245 show_fragment_tree(fd_head, &smb_pipe_frag_items,
3246 tree, pinfo, d_tvb);
3250 result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb,
3251 pinfo, parent_tree);
3252 pinfo->private_data = smb_priv;
3254 /* check if dissector wanted us to desegment the data */
3255 if(smb_dcerpc_reassembly && !pinfo->fd->flags.visited && pinfo->desegment_len){
3256 fragment_add(d_tvb, 0, pinfo, pinfo->fd->num,
3257 dcerpc_fragment_table,
3258 0, reported_len, TRUE);
3259 fragment_set_tot_len(pinfo, pinfo->fd->num,
3260 dcerpc_fragment_table,
3261 pinfo->desegment_len+reported_len);
3262 /* since the other fragments are in normal ReadAndX and WriteAndX calls
3263 we must make sure we can map FID values to this defragmentation
3265 /* first remove any old mappings */
3266 if(g_hash_table_lookup(smb_priv->ct->dcerpc_fid_to_frame, (void *)fid)){
3267 g_hash_table_remove(smb_priv->ct->dcerpc_fid_to_frame, (void *)fid);
3269 g_hash_table_insert(smb_priv->ct->dcerpc_fid_to_frame, (void *)fid,
3270 (void *)pinfo->fd->num);
3272 /* clear out the variables */
3273 pinfo->can_desegment=0;
3274 pinfo->desegment_offset = 0;
3275 pinfo->desegment_len = 0;
3278 call_dissector(data_handle, d_tvb, pinfo, parent_tree);
3280 pinfo->fragmented = save_fragmented;
3285 proto_register_pipe_dcerpc(void)
3287 register_heur_dissector_list("smb_transact", &smb_transact_heur_subdissector_list);
3290 #define CALL_NAMED_PIPE 0x54
3291 #define WAIT_NAMED_PIPE 0x53
3292 #define PEEK_NAMED_PIPE 0x23
3293 #define Q_NM_P_HAND_STATE 0x21
3294 #define SET_NM_P_HAND_STATE 0x01
3295 #define Q_NM_PIPE_INFO 0x22
3296 #define TRANSACT_NM_PIPE 0x26
3297 #define RAW_READ_NM_PIPE 0x11
3298 #define RAW_WRITE_NM_PIPE 0x31
3300 static const value_string functions[] = {
3301 {CALL_NAMED_PIPE, "CallNamedPipe"},
3302 {WAIT_NAMED_PIPE, "WaitNamedPipe"},
3303 {PEEK_NAMED_PIPE, "PeekNamedPipe"},
3304 {Q_NM_P_HAND_STATE, "QNmPHandState"},
3305 {SET_NM_P_HAND_STATE, "SetNmPHandState"},
3306 {Q_NM_PIPE_INFO, "QNmPipeInfo"},
3307 {TRANSACT_NM_PIPE, "TransactNmPipe"},
3308 {RAW_READ_NM_PIPE, "RawReadNmPipe"},
3309 {RAW_WRITE_NM_PIPE, "RawWriteNmPipe"},
3313 static const value_string pipe_status[] = {
3314 {1, "Disconnected by server"},
3316 {3, "Connection to server is OK"},
3317 {4, "Server end of pipe is closed"},
3321 #define PIPE_LANMAN 1
3322 #define PIPE_DCERPC 2
3324 /* decode the SMB pipe protocol
3326 pipe is the name of the pipe, e.g. LANMAN
3327 smb_info->trans_subcmd is set to the symbolic constant matching the mailslot name
3330 smb_info->trans_subcmd gives us which pipe this response is for
3333 dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
3334 tvbuff_t *p_tvb, tvbuff_t *d_tvb, const char *pipe,
3335 packet_info *pinfo, proto_tree *tree)
3337 smb_info_t *smb_info;
3338 smb_transact_info_t *tri;
3340 proto_item *pipe_item = NULL;
3341 proto_tree *pipe_tree = NULL;
3348 if (!proto_is_protocol_enabled(proto_smb_pipe))
3350 pinfo->current_proto = "SMB Pipe";
3352 smb_info = pinfo->private_data;
3357 if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
3358 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMB Pipe");
3360 if (check_col(pinfo->cinfo, COL_INFO)) {
3361 col_set_str(pinfo->cinfo, COL_INFO,
3362 smb_info->request ? "Request" : "Response");
3365 if (smb_info->sip != NULL)
3366 tri = smb_info->sip->extra_info;
3371 * Set up a subtree for the pipe protocol. (It might not contain
3375 sp_len = tvb_length(sp_tvb);
3379 pipe_item = proto_tree_add_item(tree, proto_smb_pipe,
3380 sp_tvb, 0, sp_len, FALSE);
3381 pipe_tree = proto_item_add_subtree(pipe_item, ett_smb_pipe);
3386 * Do we have any setup words at all?
3388 if (s_tvb != NULL && tvb_length(s_tvb) != 0) {
3390 * Yes. The first of them is the function.
3392 function = tvb_get_letohs(s_tvb, offset);
3393 proto_tree_add_uint(pipe_tree, hf_pipe_function, s_tvb,
3394 offset, 2, function);
3396 if (check_col(pinfo->cinfo, COL_INFO)) {
3397 col_add_fstr(pinfo->cinfo, COL_INFO, "%s %s",
3398 val_to_str(function, functions, "Unknown function (0x%04x)"),
3399 smb_info->request ? "Request" : "Response");
3402 tri->function = function;
3405 * The second of them depends on the function.
3409 case CALL_NAMED_PIPE:
3410 case WAIT_NAMED_PIPE:
3414 proto_tree_add_item(pipe_tree, hf_pipe_priority, s_tvb,
3418 case PEEK_NAMED_PIPE:
3419 case Q_NM_P_HAND_STATE:
3420 case SET_NM_P_HAND_STATE:
3421 case Q_NM_PIPE_INFO:
3422 case TRANSACT_NM_PIPE:
3423 case RAW_READ_NM_PIPE:
3424 case RAW_WRITE_NM_PIPE:
3428 fid = tvb_get_letohs(s_tvb, 2);
3429 add_fid(s_tvb, pinfo, pipe_tree, offset, 2, fid);
3436 * It's something unknown.
3437 * XXX - put it into the tree?
3444 * This is either a response or a pipe transaction with
3445 * no setup information.
3447 * In the former case, we can get that information from
3448 * the matching request, if we saw it.
3450 * In the latter case, there is no function or FID.
3452 if (tri != NULL && tri->function != -1) {
3453 function = tri->function;
3454 proto_tree_add_uint(pipe_tree, hf_pipe_function, NULL,
3456 if (check_col(pinfo->cinfo, COL_INFO)) {
3457 col_add_fstr(pinfo->cinfo, COL_INFO, "%s %s",
3458 val_to_str(function, functions, "Unknown function (0x%04x)"),
3459 smb_info->request ? "Request" : "Response");
3463 add_fid(NULL, pinfo, pipe_tree, 0, 0, fid);
3471 * XXX - put the byte count and the pipe name into the tree as well;
3472 * that requires us to fetch a possibly-Unicode string.
3475 if(smb_info->request){
3476 if(strncmp(pipe,"LANMAN",6) == 0){
3477 trans_subcmd=PIPE_LANMAN;
3479 /* assume it is DCERPC */
3480 trans_subcmd=PIPE_DCERPC;
3483 if (!pinfo->fd->flags.visited)
3484 tri->trans_subcmd = trans_subcmd;
3486 trans_subcmd = tri->trans_subcmd;
3490 * We don't know what type of pipe transaction this
3491 * was, so indicate that we didn't dissect it.
3498 case CALL_NAMED_PIPE:
3499 case TRANSACT_NM_PIPE:
3500 switch(trans_subcmd){
3503 return dissect_pipe_lanman(pd_tvb, p_tvb, d_tvb, pinfo,
3509 * Only dissect this if we know the FID.
3514 return dissect_pipe_dcerpc(d_tvb, pinfo, tree,
3523 * We don't know the function; we dissect only LANMAN
3524 * pipe messages, not RPC pipe messages, in that case.
3526 switch(trans_subcmd){
3528 return dissect_pipe_lanman(pd_tvb, p_tvb, d_tvb, pinfo,
3534 case WAIT_NAMED_PIPE:
3537 case PEEK_NAMED_PIPE:
3539 * Request contains no parameters or data.
3541 if (!smb_info->request) {
3545 proto_tree_add_item(pipe_tree, hf_pipe_peek_available,
3546 p_tvb, offset, 2, TRUE);
3548 proto_tree_add_item(pipe_tree, hf_pipe_peek_remaining,
3549 p_tvb, offset, 2, TRUE);
3551 proto_tree_add_item(pipe_tree, hf_pipe_peek_status,
3552 p_tvb, offset, 2, TRUE);
3557 case Q_NM_P_HAND_STATE:
3559 * Request contains no parameters or data.
3561 if (!smb_info->request) {
3564 offset = dissect_ipc_state(p_tvb, pipe_tree, 0, FALSE);
3568 case SET_NM_P_HAND_STATE:
3570 * Response contains no parameters or data.
3572 if (smb_info->request) {
3575 offset = dissect_ipc_state(p_tvb, pipe_tree, 0, TRUE);
3579 case Q_NM_PIPE_INFO:
3581 if (smb_info->request) {
3586 * Request contains an information level.
3588 info_level = tvb_get_letohs(p_tvb, offset);
3589 proto_tree_add_uint(pipe_tree, hf_pipe_getinfo_info_level,
3590 p_tvb, offset, 2, info_level);
3592 if (!pinfo->fd->flags.visited)
3593 tri->info_level = info_level;
3595 guint8 pipe_namelen;
3600 switch (tri->info_level) {
3603 proto_tree_add_item(pipe_tree,
3604 hf_pipe_getinfo_output_buffer_size,
3605 d_tvb, offset, 2, TRUE);
3607 proto_tree_add_item(pipe_tree,
3608 hf_pipe_getinfo_input_buffer_size,
3609 d_tvb, offset, 2, TRUE);
3611 proto_tree_add_item(pipe_tree,
3612 hf_pipe_getinfo_maximum_instances,
3613 d_tvb, offset, 1, TRUE);
3615 proto_tree_add_item(pipe_tree,
3616 hf_pipe_getinfo_current_instances,
3617 d_tvb, offset, 1, TRUE);
3619 pipe_namelen = tvb_get_guint8(d_tvb, offset);
3620 proto_tree_add_uint(pipe_tree,
3621 hf_pipe_getinfo_pipe_name_length,
3622 d_tvb, offset, 1, pipe_namelen);
3624 /* XXX - can this be Unicode? */
3625 proto_tree_add_item(pipe_tree,
3626 hf_pipe_getinfo_pipe_name,
3627 d_tvb, offset, pipe_namelen, TRUE);
3633 case RAW_READ_NM_PIPE:
3635 * Request contains no parameters or data.
3637 if (!smb_info->request) {
3641 offset = dissect_file_data(d_tvb, pipe_tree, 0,
3642 tvb_reported_length(d_tvb),
3643 tvb_reported_length(d_tvb));
3647 case RAW_WRITE_NM_PIPE:
3649 if (smb_info->request) {
3653 offset = dissect_file_data(d_tvb, pipe_tree,
3654 offset, tvb_reported_length(d_tvb),
3655 tvb_reported_length(d_tvb));
3659 proto_tree_add_item(pipe_tree,
3660 hf_pipe_write_raw_bytes_written,
3661 p_tvb, offset, 2, TRUE);
3670 proto_register_smb_pipe(void)
3672 static hf_register_info hf[] = {
3673 { &hf_pipe_function,
3674 { "Function", "pipe.function", FT_UINT16, BASE_HEX,
3675 VALS(functions), 0, "SMB Pipe Function Code", HFILL }},
3676 { &hf_pipe_priority,
3677 { "Priority", "pipe.priority", FT_UINT16, BASE_DEC,
3678 NULL, 0, "SMB Pipe Priority", HFILL }},
3679 { &hf_pipe_peek_available,
3680 { "Available Bytes", "pipe.peek.available_bytes", FT_UINT16, BASE_DEC,
3681 NULL, 0, "Total number of bytes available to be read from the pipe", HFILL }},
3682 { &hf_pipe_peek_remaining,
3683 { "Bytes Remaining", "pipe.peek.remaining_bytes", FT_UINT16, BASE_DEC,
3684 NULL, 0, "Total number of bytes remaining in the message at the head of the pipe", HFILL }},
3685 { &hf_pipe_peek_status,
3686 { "Pipe Status", "pipe.peek.status", FT_UINT16, BASE_DEC,
3687 VALS(pipe_status), 0, "Pipe status", HFILL }},
3688 { &hf_pipe_getinfo_info_level,
3689 { "Information Level", "pipe.getinfo.info_level", FT_UINT16, BASE_DEC,
3690 NULL, 0, "Information level of information to return", HFILL }},
3691 { &hf_pipe_getinfo_output_buffer_size,
3692 { "Output Buffer Size", "pipe.getinfo.output_buffer_size", FT_UINT16, BASE_DEC,
3693 NULL, 0, "Actual size of buffer for outgoing (server) I/O", HFILL }},
3694 { &hf_pipe_getinfo_input_buffer_size,
3695 { "Input Buffer Size", "pipe.getinfo.input_buffer_size", FT_UINT16, BASE_DEC,
3696 NULL, 0, "Actual size of buffer for incoming (client) I/O", HFILL }},
3697 { &hf_pipe_getinfo_maximum_instances,
3698 { "Maximum Instances", "pipe.getinfo.maximum_instances", FT_UINT8, BASE_DEC,
3699 NULL, 0, "Maximum allowed number of instances", HFILL }},
3700 { &hf_pipe_getinfo_current_instances,
3701 { "Current Instances", "pipe.getinfo.current_instances", FT_UINT8, BASE_DEC,
3702 NULL, 0, "Current number of instances", HFILL }},
3703 { &hf_pipe_getinfo_pipe_name_length,
3704 { "Pipe Name Length", "pipe.getinfo.pipe_name_length", FT_UINT8, BASE_DEC,
3705 NULL, 0, "Length of pipe name", HFILL }},
3706 { &hf_pipe_getinfo_pipe_name,
3707 { "Pipe Name", "pipe.getinfo.pipe_name", FT_STRING, BASE_NONE,
3708 NULL, 0, "Name of pipe", HFILL }},
3709 { &hf_pipe_write_raw_bytes_written,
3710 { "Bytes Written", "pipe.write_raw.bytes_written", FT_UINT16, BASE_DEC,
3711 NULL, 0, "Number of bytes written to the pipe", HFILL }},
3712 { &hf_pipe_fragment_overlap,
3713 { "Fragment overlap", "pipe.fragment.overlap", FT_BOOLEAN, BASE_NONE,
3714 NULL, 0x0, "Fragment overlaps with other fragments", HFILL }},
3715 { &hf_pipe_fragment_overlap_conflict,
3716 { "Conflicting data in fragment overlap", "pipe.fragment.overlap.conflict", FT_BOOLEAN,
3717 BASE_NONE, NULL, 0x0, "Overlapping fragments contained conflicting data", HFILL }},
3718 { &hf_pipe_fragment_multiple_tails,
3719 { "Multiple tail fragments found", "pipe.fragment.multipletails", FT_BOOLEAN,
3720 BASE_NONE, NULL, 0x0, "Several tails were found when defragmenting the packet", HFILL }},
3721 { &hf_pipe_fragment_too_long_fragment,
3722 { "Fragment too long", "pipe.fragment.toolongfragment", FT_BOOLEAN,
3723 BASE_NONE, NULL, 0x0, "Fragment contained data past end of packet", HFILL }},
3724 { &hf_pipe_fragment_error,
3725 { "Defragmentation error", "pipe.fragment.error", FT_FRAMENUM,
3726 BASE_NONE, NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }},
3727 { &hf_pipe_fragment,
3728 { "Fragment", "pipe.fragment", FT_FRAMENUM,
3729 BASE_NONE, NULL, 0x0, "Pipe Fragment", HFILL }},
3730 { &hf_pipe_fragments,
3731 { "Fragments", "pipe.fragments", FT_NONE,
3732 BASE_NONE, NULL, 0x0, "Pipe Fragments", HFILL }},
3734 static gint *ett[] = {
3736 &ett_smb_pipe_fragment,
3737 &ett_smb_pipe_fragments,
3740 proto_smb_pipe = proto_register_protocol(
3741 "SMB Pipe Protocol", "SMB Pipe", "pipe");
3743 proto_register_field_array(proto_smb_pipe, hf, array_length(hf));
3744 proto_register_subtree_array(ett, array_length(ett));
3748 proto_reg_handoff_smb_pipe(void)
3750 data_handle = find_dissector("data");