Moved dissect_ndr_nt_NTTIME() from packet-dcerpc-samr.c to packet-dcerpc-nt.c
[obnox/wireshark/wip.git] / packet-dcerpc-nt.c
index f4aa4396fe1c7a79fcc1ab1fdce046572de5962c..30314bdee850b65dfff1787b393dbed898461864 100644 (file)
@@ -2,7 +2,7 @@
  * Routines for DCERPC over SMB packet disassembly
  * Copyright 2001, Tim Potter <tpot@samba.org>
  *
- * $Id: packet-dcerpc-nt.c,v 1.5 2002/01/25 08:35:59 guy Exp $
+ * $Id: packet-dcerpc-nt.c,v 1.12 2002/03/10 23:24:48 sahlberg Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -32,6 +32,7 @@
 #include "packet-dcerpc.h"
 #include "packet-dcerpc-nt.h"
 #include "smb.h"
+#include "packet-smb-common.h" /* for dissect_smb_64bit_time() */
 
 /*
  * This file contains helper routines that are used by the DCERPC over SMB
@@ -393,6 +394,13 @@ int prs_policy_hnd(tvbuff_t *tvb, int offset, packet_info *pinfo,
 
 
 
+/* following are a few functions for dissecting common structures used by NT 
+   services. These might need to be cleaned up at a later time but at least we get
+   them out of the real service dissectors.
+*/
+
+
+/* UNICODE_STRING  BEGIN */
 /* functions to dissect a UNICODE_STRING structure, common to many 
    NT services
    struct {
@@ -410,141 +418,141 @@ extern int hf_nt_string_length;
 extern int hf_nt_string_size;
 extern gint ett_nt_unicode_string;
 
-static int
-dissect_ndr_nt_UNICODE_STRING_string (tvbuff_t *tvb, int offset, 
-                             packet_info *pinfo, proto_tree *tree, 
-                             char *drep)
+
+/* this function will dissect the
+     [size_is(size/2), length_is(len/2), ptr] unsigned short *string;
+  part of the unicode string
+
+   struct {
+     short len;
+     short size;
+     [size_is(size/2), length_is(len/2), ptr] unsigned short *string;
+   } UNICODE_STRING;
+  structure used by NT to transmit unicode string values.
+
+  This function also looks at di->levels to see if whoever called us wanted us to append
+  the name: string to any higher levels in the tree .
+*/
+int
+dissect_ndr_nt_UNICODE_STRING_str(tvbuff_t *tvb, int offset, 
+                       packet_info *pinfo, proto_tree *tree, 
+                       char *drep)
 {
        guint32 len, off, max_len;
        guint16 *data16;
        char *text;
        int old_offset;
        dcerpc_info *di;
-       header_field_info *hfi;
 
        di=pinfo->private_data;
+       if(di->conformant_run){
+               /*just a run to handle conformant arrays, nothing to dissect */
+               return offset;
+       }
 
-        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
-                                     hf_nt_str_len, &len);
-        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
-                                     hf_nt_str_off, &off);
-        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
-                                     hf_nt_str_max_len, &max_len);
+       offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                       hf_nt_str_len, &len);
+       offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                       hf_nt_str_off, &off);
+       offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                       hf_nt_str_max_len, &max_len);
 
        old_offset=offset;
        offset = prs_uint16s(tvb, offset, pinfo, tree, max_len, &data16, NULL);
        text = fake_unicode(data16, max_len);
 
-       hfi = proto_registrar_get_nth(di->hf_index);
-       proto_tree_add_string_format(tree, di->hf_index, 
-               tvb, old_offset, offset-old_offset,
-               text, "%s: %s", hfi->name, text);
+       proto_tree_add_string(tree, di->hf_index, tvb, old_offset,
+               offset-old_offset, text);
 
        if(tree){
-               proto_item_set_text(tree, "%s: %s", hfi->name, text);
-               proto_item_set_text(tree->parent, "%s: %s", hfi->name, text);
+               proto_item_append_text(tree, ": %s", text);
+               if(di->levels>-1){
+                       tree=tree->parent;
+                       proto_item_append_text(tree, ": %s", text);
+                       while(di->levels>0){
+                               tree=tree->parent;
+                               proto_item_append_text(tree, " %s", text);
+                               di->levels--;
+                       }
+               }
        }
        return offset;
 }
 
+/* this function will dissect the
+   struct {
+     short len;
+     short size;
+     [size_is(size/2), length_is(len/2), ptr] unsigned short *string;
+   } UNICODE_STRING;
+  structure used by NT to transmit unicode string values.
+  the function takes one additional parameter, level
+  which specifies how many additional levels up in the tree where we should
+  append the string.  If unsure, specify levels as 0.
+*/
 int
-dissect_ndr_nt_UNICODE_STRING (tvbuff_t *tvb, int offset, 
-                             packet_info *pinfo, proto_tree *parent_tree, 
-                             char *drep, int hf_index)
+dissect_ndr_nt_UNICODE_STRING(tvbuff_t *tvb, int offset, 
+                       packet_info *pinfo, proto_tree *parent_tree, 
+                       char *drep, int hf_index, int levels)
 {
        proto_item *item=NULL;
        proto_tree *tree=NULL;
        int old_offset=offset;
+       dcerpc_info *di;
+       char *name;
+
+       ALIGN_TO_4_BYTES;  /* strcture starts with short, but is aligned for longs */
 
+       di=pinfo->private_data;
+       if(di->conformant_run){
+               /*just a run to handle conformant arrays, nothing to dissect */
+               return offset;
+       }
+
+       name = proto_registrar_get_name(hf_index);
        if(parent_tree){
-               item = proto_tree_add_text(parent_tree, tvb, offset, 0,
-                       "Unicode String");
+               item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+                       "%s", name);
                tree = proto_item_add_subtree(item, ett_nt_unicode_string);
        }
 
-        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
-                                     hf_nt_string_length, NULL);
-        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
-                                     hf_nt_string_size, NULL);
-        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-                       dissect_ndr_nt_UNICODE_STRING_string, NDR_POINTER_PTR,
-                       hf_index);
+       offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+                       hf_nt_string_length, NULL);
+       offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+                       hf_nt_string_size, NULL);
+       di->levels=1;
+       offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+                       dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
+                       name, hf_index, levels);
 
        proto_item_set_len(item, offset-old_offset);
        return offset;
 }
+/* UNICODE_STRING  END */
 
-/* functions to dissect a STRING structure, common to many 
-   NT services
-   struct {
-     short len;
-     short size;
-     [size_is(size), length_is(len), ptr] char *string;
-   } STRING;
-*/
 
-static int
-dissect_ndr_nt_STRING_string (tvbuff_t *tvb, int offset, 
-                             packet_info *pinfo, proto_tree *tree, 
-                             char *drep)
+/* This function is used to dissect a DCERPC encoded 64 bit time value.
+   XXX it should be fixed both here and in dissect_smb_64bit_time so
+   it can handle both BIG and LITTLE endian encodings 
+ */
+int
+dissect_ndr_nt_NTTIME (tvbuff_t *tvb, int offset, 
+                       packet_info *pinfo, proto_tree *tree, 
+                       char *drep, int hf_index)
 {
-       guint32 len, off, max_len;
-       guint8 *text;
-       int old_offset;
        dcerpc_info *di;
-       header_field_info *hfi;
 
        di=pinfo->private_data;
-
-        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
-                                     hf_nt_str_len, &len);
-        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
-                                     hf_nt_str_off, &off);
-        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
-                                     hf_nt_str_max_len, &max_len);
-
-       old_offset=offset;
-       offset = prs_uint8s(tvb, offset, pinfo, tree, max_len, &text, NULL);
-
-       hfi = proto_registrar_get_nth(di->hf_index);
-       proto_tree_add_string_format(tree, di->hf_index, 
-               tvb, old_offset, offset-old_offset,
-               text, "%s: %s", hfi->name, text);
-
-       if(tree){
-               proto_item_set_text(tree, "%s: %s", hfi->name, text);
-               proto_item_set_text(tree->parent, "%s: %s", hfi->name, text);
+       if(di->conformant_run){
+               /*just a run to handle conformant arrays, nothing to dissect */
+               return offset;
        }
-       return offset;
-}
 
-int
-dissect_ndr_nt_STRING (tvbuff_t *tvb, int offset, 
-                             packet_info *pinfo, proto_tree *parent_tree, 
-                             char *drep, int hf_index)
-{
-       proto_item *item=NULL;
-       proto_tree *tree=NULL;
-       int old_offset=offset;
-
-       if(parent_tree){
-               item = proto_tree_add_text(parent_tree, tvb, offset, 0,
-                       "Unicode String");
-               tree = proto_item_add_subtree(item, ett_nt_unicode_string);
-       }
+       ALIGN_TO_4_BYTES;
 
-        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
-                                     hf_nt_string_length, NULL);
-        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
-                                     hf_nt_string_size, NULL);
-        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-                       dissect_ndr_nt_STRING_string, NDR_POINTER_PTR,
-                       hf_index);
-
-       proto_item_set_len(item, offset-old_offset);
+       offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
+                hf_index);
        return offset;
 }
 
-
-
-