| blob | d72a31bc149fc8adb5648db7d6e6535c27a6f8f8 |
1 # Conformance file for drsuapi
3 MANUAL drsuapi_dissect_struct_DsBindInfoCtr
5 NOEMIT drsuapi_dissect_element_DsBindInfoCtr_length
7 MANUAL drsuapi_dissect_DsBindInfo
8 NOEMIT drsuapi_dissect_element_DsBindInfo_info24
9 NOEMIT drsuapi_dissect_element_DsBindInfo_info28
10 NOEMIT drsuapi_dissect_element_DsBindInfo_info32
11 NOEMIT drsuapi_dissect_element_DsBindInfo_info48
12 NOEMIT drsuapi_dissect_element_DsBindInfo_info52
13 NOEMIT drsuapi_dissect_element_DsBindInfo_Fallback
15 MANUAL drsuapi_dissect_element_DsReplicaObjectIdentifier_sid
16 MANUAL drsuapi_dissect_element_DsReplicaAttribute_attid
17 MANUAL drsuapi_dissect_element_DsAttributeValue_blob_
18 MANUAL drsuapi_dissect_struct_DsReplicaAttribute
19 MANUAL drsuapi_dissect_struct_DsReplicaObject
20 MANUAL drsuapi_dissect_element_DsReplicaObjectListItem_next_object_
21 MANUAL drsuapi_dissect_element_DsReplicaObjectListItemEx_next_object_
22 MANUAL drsuapi_dissect_element_DsAddEntry_AttrErrListItem_V1_next_
23 MANUAL drsuapi_dissect_element_DsaAddressListItem_V1_next_
24 MANUAL drsuapi_dissect_element_DsAddEntry_RefErrListItem_V1_next_
25 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr3_num_keys
26 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr3_num_old_keys
27 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr3_keys
28 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr3_keys_
29 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr3_old_keys
30 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr3_old_keys_
31 MANUAL drsuapi_dissect_element_package_PrimaryKerberosKey3_value
32 MANUAL drsuapi_dissect_element_package_PrimaryKerberosKey3_value_
33 MANUAL drsuapi_dissect_struct_package_PrimaryKerberosKey3
34 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr4_num_keys
35 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr4_num_service_keys
36 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr4_num_old_keys
37 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr4_num_older_keys
38 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr4_keys
39 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr4_keys_
40 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr4_service_keys
41 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr4_service_keys_
42 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr4_old_keys
43 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr4_old_keys_
44 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr4_older_keys
45 MANUAL drsuapi_dissect_element_package_PrimaryKerberosCtr4_older_keys_
46 MANUAL drsuapi_dissect_element_package_PrimaryKerberosKey4_value
47 MANUAL drsuapi_dissect_element_package_PrimaryKerberosKey4_value_
48 MANUAL drsuapi_dissect_struct_package_PrimaryKerberosKey4
49 MANUAL drsuapi_dissect_element_package_PrimaryKerberosBlob_version
50 MANUAL drsuapi_dissect_element_supplementalCredentialsPackage_name_len
51 MANUAL drsuapi_dissect_element_supplementalCredentialsPackage_data_len
52 MANUAL drsuapi_dissect_element_supplementalCredentialsPackage_name
53 MANUAL drsuapi_dissect_element_supplementalCredentialsPackage_data
54 MANUAL drsuapi_dissect_struct_supplementalCredentialsPackage
55 MANUAL drsuapi_dissect_element_supplementalCredentialsSubBlob_prefix_
56 MANUAL drsuapi_dissect_element_supplementalCredentialsSubBlob_num_packages
57 MANUAL drsuapi_dissect_element_supplementalCredentialsSubBlob_packages
58 MANUAL drsuapi_dissect_element_supplementalCredentialsSubBlob_packages_
59 MANUAL drsuapi_dissect_struct_supplementalCredentialsSubBlob
60 MANUAL drsuapi_dissect_element_supplementalCredentialsBlob___ndr_size
61 MANUAL drsuapi_dissect_element_supplementalCredentialsBlob_sub
62 MANUAL drsuapi_dissect_struct_supplementalCredentialsBlob
64 MANUAL drsuapi_dissect_element_DsGetNCChangesCtr1TS_ctr1
65 NOEMIT drsuapi_dissect_element_DsGetNCChangesCtr1TS_ctr1_
66 MANUAL drsuapi_dissect_element_DsGetNCChangesCtr6TS_ctr6
67 NOEMIT drsuapi_dissect_element_DsGetNCChangesCtr6TS_ctr6_
68 MANUAL drsuapi_dissect_element_DsGetNCChangesCtr9TS_ctr9
69 NOEMIT drsuapi_dissect_element_DsGetNCChangesCtr9TS_ctr9_
71 MANUAL drsuapi_dissect_element_DsGetNCChangesCtr7_level
72 NOEMIT drsuapi_dissect_element_DsGetNCChangesCtr7_level
73 MANUAL drsuapi_dissect_element_DsGetNCChangesCtr7_type
74 NOEMIT drsuapi_dissect_element_DsGetNCChangesCtr7_type
75 MANUAL drsuapi_dissect_element_DsGetNCChangesCtr7_ctr
76 NOEMIT drsuapi_dissect_element_DsGetNCChangesCtr7_ctr
77 MANUAL drsuapi_dissect_struct_DsGetNCChangesCtr7
79 MANUAL drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_decompressed_length
80 NOEMIT drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_decompressed_length
81 MANUAL drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_compressed_length
82 NOEMIT drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_compressed_length
83 MANUAL drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_ts
84 MANUAL drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_ts_
85 MANUAL drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_ts__
86 MANUAL drsuapi_dissect_struct_DsGetNCChangesXPRESSCtr6
88 HF_FIELD hf_drsuapi_String_name "String" "drsuapi.lsa.string" FT_STRING BASE_NONE NULL 0 "" "" ""
89 MANUAL drsuapi_dissect_element_lsa_String_string_
90 NOEMIT drsuapi_dissect_element_lsa_String_string__
92 HF_FIELD hf_DsReplicaObjectIdentifier_dn "DN" "drsuapi.objectidentifier.dn" FT_STRING BASE_NONE NULL 0 "" "" ""
93 MANUAL drsuapi_dissect_element_DsReplicaObjectIdentifier_dn
94 NOEMIT drsuapi_dissect_element_DsReplicaObjectIdentifier_dn_
96 CODE START
98 #include <wsutil/wsgcrypt.h>
99 #include <epan/expert.h>
100 #include <epan/strutil.h>
101 #define KERBEROS_METZE 1
102 #include "packet-kerberos.h"
104 static int
105 drsuapi_dissect_element_DsReplicaObjectIdentifier_sid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
106 {
107 /*manual*/
108 dcerpc_ptr_stack *ptr = di->ptr_stack;
109 int start_offset = offset;
110 guint32 rid = 0;
112 di->hf_index = hf_drsuapi_drsuapi_DsReplicaObjectIdentifier_sid;
114 offset = dissect_ndr_nt_SID28(tvb, offset, pinfo, tree, di, drep);
115 if (ptr == NULL) {
116 return offset;
117 }
119 if (offset > start_offset) {
120 dissect_ndr_uint32(tvb, start_offset + 24, pinfo, tree, di, drep, -1, &rid);
121 }
123 ptr->private_data.val64 = rid;
124 if (tree == NULL) return offset;
126 if (0) {
127 proto_tree_add_debug_text(tree,
128 "METZE frame:%d drsuapi_dissect_element_DsReplicaObjectIdentifier_sid RID:%d auth_info->session_key=%s",
129 pinfo->fd->num, rid,
130 di->auth_session_key != NULL ?
131 di->auth_session_key->id_str : "NO");
132 }
133 return offset;
134 }
136 static int
137 drsuapi_dissect_element_DsReplicaAttribute_attid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
138 {
139 /*manual*/
140 dcerpc_ptr_stack *ptr = di->ptr_stack;
141 guint32 rid = 0;
142 guint32 attid = 0;
143 offset = drsuapi_dissect_enum_DsAttributeId(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_drsuapi_DsReplicaAttribute_attid, &attid);
144 if (ptr == NULL) {
145 return offset;
146 }
147 if (ptr->parent == NULL) {
148 return offset;
149 }
150 rid = ptr->parent->private_data.val64;
151 ptr->private_data.val64 = attid;
152 if (tree == NULL) return offset;
153 if (0) {
154 proto_tree_add_debug_text(tree,
155 "METZE frame:%d drsuapi_dissect_element_DsReplicaAttribute_attid RID:%d ATTID:0x%08X auth_info->session_key=%s",
156 pinfo->fd->num,
157 rid, attid,
158 di->auth_session_key != NULL ?
159 di->auth_session_key->id_str : "NO");
160 }
161 return offset;
162 }
164 static int
165 drsuapi_dissect_element_package_PrimaryKerberosBlob_version(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *version)
166 {
167 offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosBlob_version, 0, version);
169 return offset;
170 }
172 static int
173 drsuapi_dissect_element_package_PrimaryKerberosCtr3_num_keys(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_keys)
174 {
175 offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosCtr3_num_keys, 0, num_keys);
177 return offset;
178 }
180 static int
181 drsuapi_dissect_element_package_PrimaryKerberosCtr3_num_old_keys(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_old_keys)
182 {
183 offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosCtr3_num_old_keys, 0, num_old_keys);
185 return offset;
186 }
188 static int
189 drsuapi_dissect_element_package_PrimaryKerberosCtr3_keys(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_keys)
190 {
191 return drsuapi_dissect_element_package_PrimaryKerberosCtr3_keys_(tvb, offset, pinfo, tree, di, drep, num_keys);
192 }
194 static int
195 drsuapi_dissect_element_package_PrimaryKerberosCtr3_keys_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_keys)
196 {
197 guint32 i;
199 for (i=0; i < *num_keys; i++) {
200 offset = drsuapi_dissect_struct_package_PrimaryKerberosKey3(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_package_PrimaryKerberosCtr3_keys, 0);
201 }
203 return offset;
204 }
206 static int
207 drsuapi_dissect_element_package_PrimaryKerberosCtr3_old_keys(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_old_keys)
208 {
209 return drsuapi_dissect_element_package_PrimaryKerberosCtr3_old_keys_(tvb, offset, pinfo, tree, di, drep, num_old_keys);
210 }
212 static int
213 drsuapi_dissect_element_package_PrimaryKerberosCtr3_old_keys_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_old_keys)
214 {
215 guint32 i;
217 for (i=0; i < *num_old_keys; i++) {
218 offset = drsuapi_dissect_struct_package_PrimaryKerberosKey3(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_package_PrimaryKerberosCtr3_old_keys, 0);
219 }
221 return offset;
222 }
224 static int
225 drsuapi_dissect_element_package_PrimaryKerberosKey3_value(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint32 *value_len)
226 {
227 return drsuapi_dissect_element_package_PrimaryKerberosKey3_value_(tvb, offset, pinfo, tree, di, drep, value_len);
228 }
230 static int
231 drsuapi_dissect_element_package_PrimaryKerberosKey3_value_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint32 *value_len)
232 {
233 tvbuff_t *subtvb = tvb_new_subset_length(tvb, offset, *value_len);
235 offset += dissect_ndr_datablob(subtvb, 0, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosKey3_value, 1);
237 return offset;
238 }
240 int
241 drsuapi_dissect_struct_package_PrimaryKerberosKey3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
242 {
243 guint32 value_len = 0;
244 proto_item *item = NULL;
245 proto_tree *tree = NULL;
246 int old_offset;
247 guint32 keytype;
248 guint32 value_ofs;
250 ALIGN_TO_4_BYTES;
252 old_offset = offset;
254 if (parent_tree) {
255 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
256 tree = proto_item_add_subtree(item, ett_drsuapi_package_PrimaryKerberosKey3);
257 }
259 offset = drsuapi_dissect_element_package_PrimaryKerberosKey3_reserved1(tvb, offset, pinfo, tree, di, drep);
261 offset = drsuapi_dissect_element_package_PrimaryKerberosKey3_reserved2(tvb, offset, pinfo, tree, di, drep);
263 offset = drsuapi_dissect_element_package_PrimaryKerberosKey3_reserved3(tvb, offset, pinfo, tree, di, drep);
265 //offset = drsuapi_dissect_element_package_PrimaryKerberosKey3_keytype(tvb, offset, pinfo, tree, di, drep);
266 offset = PIDL_dissect_uint32_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosKey3_keytype, 0, &keytype);
268 //offset = drsuapi_dissect_element_package_PrimaryKerberosKey3_value_len(tvb, offset, pinfo, tree, di, drep, &value_len);
269 offset = PIDL_dissect_uint32_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosKey3_value_len, 0, &value_len);
271 //offset = drsuapi_dissect_element_package_PrimaryKerberosKey3_value_ofs(tvb, offset, pinfo, tree, di, drep);
272 offset = PIDL_dissect_uint32_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosKey3_value_ofs, 0, &value_ofs);
274 if (value_ofs != 0 && tvb_bytes_exist(tvb, value_ofs, value_len)) {
275 drsuapi_dissect_element_package_PrimaryKerberosKey3_value(tvb, value_ofs, pinfo, tree, di, drep, &value_len);
276 }
278 proto_item_set_len(item, offset-old_offset);
281 if (di->call_data->flags & DCERPC_IS_NDR64) {
282 ALIGN_TO_4_BYTES;
283 }
285 return offset;
286 }
288 static int
289 drsuapi_dissect_element_package_PrimaryKerberosCtr4_num_keys(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_keys)
290 {
291 offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosCtr4_num_keys, 0, num_keys);
293 return offset;
294 }
296 static int
297 drsuapi_dissect_element_package_PrimaryKerberosCtr4_num_service_keys(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_service_keys)
298 {
299 offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosCtr4_num_service_keys, 0, num_service_keys);
301 return offset;
302 }
304 static int
305 drsuapi_dissect_element_package_PrimaryKerberosCtr4_num_old_keys(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_old_keys)
306 {
307 offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosCtr4_num_old_keys, 0, num_old_keys);
309 return offset;
310 }
312 static int
313 drsuapi_dissect_element_package_PrimaryKerberosCtr4_num_older_keys(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_older_keys)
314 {
315 offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosCtr4_num_older_keys, 0, num_older_keys);
317 return offset;
318 }
320 static int
321 drsuapi_dissect_element_package_PrimaryKerberosCtr4_keys(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_keys)
322 {
323 return drsuapi_dissect_element_package_PrimaryKerberosCtr4_keys_(tvb, offset, pinfo, tree, di, drep, num_keys);
324 }
326 static int
327 drsuapi_dissect_element_package_PrimaryKerberosCtr4_keys_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_keys)
328 {
329 guint32 i;
331 for (i=0; i < *num_keys; i++) {
332 offset = drsuapi_dissect_struct_package_PrimaryKerberosKey4(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_package_PrimaryKerberosCtr4_keys, 0);
333 }
335 return offset;
336 }
338 static int
339 drsuapi_dissect_element_package_PrimaryKerberosCtr4_service_keys(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_service_keys)
340 {
341 return drsuapi_dissect_element_package_PrimaryKerberosCtr4_service_keys_(tvb, offset, pinfo, tree, di, drep, num_service_keys);
342 }
344 static int
345 drsuapi_dissect_element_package_PrimaryKerberosCtr4_service_keys_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_service_keys)
346 {
347 guint32 i;
349 for (i=0; i < *num_service_keys; i++) {
350 offset = drsuapi_dissect_struct_package_PrimaryKerberosKey4(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_package_PrimaryKerberosCtr4_service_keys, 0);
351 }
353 return offset;
354 }
356 static int
357 drsuapi_dissect_element_package_PrimaryKerberosCtr4_old_keys(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_old_keys)
358 {
359 return drsuapi_dissect_element_package_PrimaryKerberosCtr4_old_keys_(tvb, offset, pinfo, tree, di, drep, num_old_keys);
360 }
362 static int
363 drsuapi_dissect_element_package_PrimaryKerberosCtr4_old_keys_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_old_keys)
364 {
365 guint32 i;
367 for (i=0; i < *num_old_keys; i++) {
368 offset = drsuapi_dissect_struct_package_PrimaryKerberosKey4(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_package_PrimaryKerberosCtr4_old_keys, 0);
369 }
371 return offset;
372 }
374 static int
375 drsuapi_dissect_element_package_PrimaryKerberosCtr4_older_keys(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_older_keys)
376 {
377 return drsuapi_dissect_element_package_PrimaryKerberosCtr4_older_keys_(tvb, offset, pinfo, tree, di, drep, num_older_keys);
378 }
380 static int
381 drsuapi_dissect_element_package_PrimaryKerberosCtr4_older_keys_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_older_keys)
382 {
383 guint32 i;
385 for (i=0; i < *num_older_keys; i++) {
386 offset = drsuapi_dissect_struct_package_PrimaryKerberosKey4(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_package_PrimaryKerberosCtr4_older_keys, 0);
387 }
389 return offset;
390 }
392 static int
393 drsuapi_dissect_element_package_PrimaryKerberosKey4_value(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint32 *value_len)
394 {
395 return drsuapi_dissect_element_package_PrimaryKerberosKey4_value_(tvb, offset, pinfo, tree, di, drep, value_len);
396 }
398 static int
399 drsuapi_dissect_element_package_PrimaryKerberosKey4_value_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint32 *value_len)
400 {
401 tvbuff_t *subtvb = tvb_new_subset_length(tvb, offset, *value_len);
402 dcerpc_ptr_stack *keytype_ptr = di->ptr_stack;
403 guint32 rid = 0;
404 int keytype = 0;
405 int keylength = *value_len;
406 guint8 keyvalue[KRB_MAX_KEY_LENGTH] = {0,};
407 char origin[128] = {0, };
409 offset += dissect_ndr_datablob(subtvb, 0, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosKey4_value, 1);
410 if (keytype_ptr == NULL) {
411 return offset;
412 }
413 if (keytype_ptr->parent == NULL) {
414 return offset;
415 }
417 rid = keytype_ptr->parent->private_data.val64;
418 keytype = keytype_ptr->private_data.val64;
419 tvb_memcpy(subtvb, keyvalue, 0, MIN(keylength, KRB_MAX_KEY_LENGTH));
420 snprintf(origin, sizeof(origin)-1, "RID=%u drsuapi.PrimaryKerberosKey4", rid);
422 kerberos_inject_longterm_key(pinfo, tree, NULL, subtvb,
423 keytype, keylength, keyvalue,
424 origin);
426 return offset;
427 }
429 int
430 drsuapi_dissect_struct_package_PrimaryKerberosKey4(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
431 {
432 guint32 value_len = 0;
433 proto_item *item = NULL;
434 proto_tree *tree = NULL;
435 int old_offset;
436 guint32 keytype;
437 guint32 value_ofs;
439 ALIGN_TO_4_BYTES;
441 old_offset = offset;
443 if (parent_tree) {
444 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
445 tree = proto_item_add_subtree(item, ett_drsuapi_package_PrimaryKerberosKey4);
446 }
448 offset = drsuapi_dissect_element_package_PrimaryKerberosKey4_reserved1(tvb, offset, pinfo, tree, di, drep);
450 offset = drsuapi_dissect_element_package_PrimaryKerberosKey4_reserved2(tvb, offset, pinfo, tree, di, drep);
452 offset = drsuapi_dissect_element_package_PrimaryKerberosKey4_reserved3(tvb, offset, pinfo, tree, di, drep);
454 offset = drsuapi_dissect_element_package_PrimaryKerberosKey4_iteration_count(tvb, offset, pinfo, tree, di, drep);
456 //offset = drsuapi_dissect_element_package_PrimaryKerberosKey4_keytype(tvb, offset, pinfo, tree, di, drep);
457 offset = PIDL_dissect_uint32_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosKey4_keytype, 0, &keytype);
459 //offset = drsuapi_dissect_element_package_PrimaryKerberosKey4_value_len(tvb, offset, pinfo, tree, di, drep, &value_len);
460 offset = PIDL_dissect_uint32_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosKey4_value_len, 0, &value_len);
462 //offset = drsuapi_dissect_element_package_PrimaryKerberosKey4_value_ofs(tvb, offset, pinfo, tree, di, drep);
463 offset = PIDL_dissect_uint32_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_package_PrimaryKerberosKey4_value_ofs, 0, &value_ofs);
465 if (value_ofs != 0 && tvb_bytes_exist(tvb, value_ofs, value_len)) {
466 dcerpc_ptr_stack *rid_ptr = di->ptr_stack;
467 dcerpc_ptr_stack *keytype_ptr = NULL;
469 if (rid_ptr != NULL) {
470 keytype_ptr = wmem_new0(pinfo->pool, dcerpc_ptr_stack);
471 }
473 if (keytype_ptr != NULL) {
474 keytype_ptr->parent = rid_ptr;
475 keytype_ptr->private_data.val64 = keytype;
476 }
477 di->ptr_stack = keytype_ptr;
478 drsuapi_dissect_element_package_PrimaryKerberosKey4_value(tvb, value_ofs, pinfo, tree, di, drep, &value_len);
479 di->ptr_stack = rid_ptr;
480 }
482 proto_item_set_len(item, offset-old_offset);
484 if (di->call_data->flags & DCERPC_IS_NDR64) {
485 ALIGN_TO_4_BYTES;
486 }
488 return offset;
489 }
490 static int
491 drsuapi_dissect_package_PrimaryKerberosBlob(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* parent_di _U_)
492 {
493 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
494 static dcerpc_info di = {0, }; /* fake dcerpc_info struct */
495 static dcerpc_call_value call_data = { 0, };
496 int offset;
498 /* fake whatever state the dcerpc runtime support needs */
499 di.conformant_run=0;
500 /* we need di->call_data->flags.NDR64 == 0 */
501 di.call_data=&call_data;
502 init_ndr_pointer_list(&di);
503 di.ptr_stack = parent_di->ptr_stack;
504 offset = drsuapi_dissect_struct_package_PrimaryKerberosBlob(tvb, 0, pinfo, parent_tree, &di, drep,
505 hf_drsuapi_pkb_PrimaryKerberosBlob, 0);
506 free_ndr_pointer_list(&di);
507 return offset;
508 }
510 typedef int (*package_dissector_fn_t)(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* parent_di _U_);
512 static gboolean
513 drsuapi_GByteArray_destroy_cb(wmem_allocator_t *allocator _U_, wmem_cb_event_t event _U_, void *user_data _U_)
514 {
515 GByteArray *bytes = (GByteArray *)user_data;
516 g_byte_array_free(bytes, TRUE);
517 /* unregister this callback */
518 return FALSE;
519 }
521 static int
522 drsuapi_dissect_element_supplementalCredentialsPackage_name_len(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *name_len)
523 {
524 offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_supplementalCredentialsPackage_name_len, 0, name_len);
526 return offset;
527 }
529 static int
530 drsuapi_dissect_element_supplementalCredentialsPackage_data_len(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *data_len)
531 {
532 offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_supplementalCredentialsPackage_data_len, 0, data_len);
534 return offset;
535 }
536 int
537 drsuapi_dissect_struct_supplementalCredentialsPackage(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
538 {
539 proto_item *item = NULL;
540 proto_tree *tree = NULL;
541 int old_offset;
542 guint16 name_len = 0;
543 const char *name = NULL;
544 guint16 data_len = 0;
546 ALIGN_TO_2_BYTES;
548 old_offset = offset;
550 if (parent_tree) {
551 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
552 tree = proto_item_add_subtree(item, ett_drsuapi_supplementalCredentialsPackage);
553 }
555 offset = drsuapi_dissect_element_supplementalCredentialsPackage_name_len(tvb, offset, pinfo, tree, di, drep, &name_len);
556 offset = drsuapi_dissect_element_supplementalCredentialsPackage_data_len(tvb, offset, pinfo, tree, di, drep, &data_len);
557 offset = drsuapi_dissect_element_supplementalCredentialsPackage_reserved(tvb, offset, pinfo, tree, di, drep);
558 if (0) {
559 #if 0
560 offset = drsuapi_dissect_element_supplementalCredentialsPackage_name(tvb, offset, pinfo, tree, di, drep, &name_len);
561 #endif
562 } else {
563 const guint8 *_name = NULL;
564 proto_tree_add_item_ret_string(tree, hf_drsuapi_supplementalCredentialsPackage_name,
565 tvb, offset, name_len, ENC_UTF_16|ENC_LITTLE_ENDIAN,
566 wmem_packet_scope(), &_name);
567 name = (const char *)_name;
568 proto_item_append_text(item, ": %s", name);
569 offset += name_len;
570 }
571 if (0) {
572 #if 0
573 offset = drsuapi_dissect_element_supplementalCredentialsPackage_data(tvb, offset, pinfo, tree, di, drep, &data_len);
574 #endif
575 } else {
576 const guint8 *_hexdata = NULL;
577 const char *hexdata = NULL;
578 tvbuff_t *tvbdata = NULL;
579 proto_tree_add_item_ret_string(tree, hf_drsuapi_supplementalCredentialsPackage_data,
580 tvb, offset, data_len, ENC_ASCII,
581 wmem_packet_scope(), &_hexdata);
582 hexdata = (const char *)_hexdata;
583 if (hexdata != NULL) {
584 GByteArray *bytes = NULL;
586 /* Convert key to raw bytes */
587 bytes = g_byte_array_new();
588 if (bytes != NULL) {
589 gboolean res;
591 wmem_register_callback(pinfo->pool, drsuapi_GByteArray_destroy_cb, bytes);
593 res = hex_str_to_bytes(hexdata, bytes, FALSE);
594 if (res) {
595 tvbdata = tvb_new_child_real_data(tvb,
596 bytes->data,
597 bytes->len,
598 bytes->len);
599 }
600 }
601 }
603 if (tvbdata != NULL) {
604 struct {
605 const char *name;
606 package_dissector_fn_t fn;
607 } packages[] = {
608 {
609 .name = "Primary:Kerberos-Newer-Keys",
610 .fn = drsuapi_dissect_package_PrimaryKerberosBlob,
611 },{
612 .name = "Primary:Kerberos",
613 .fn = drsuapi_dissect_package_PrimaryKerberosBlob,
614 },{
615 .name = NULL,
616 }
617 };
618 size_t i = 0;
620 for (i=0; packages[i].name != NULL; i++) {
621 int cmp;
623 cmp = strcmp(packages[i].name, name);
624 if (cmp == 0) {
625 break;
626 }
627 }
629 add_new_data_source(pinfo, tvbdata, name);
630 proto_tree_add_text_internal(tree, tvbdata, 0, -1, "%s", name);
632 if (packages[i].fn != NULL) {
633 packages[i].fn(tvbdata, pinfo, tree, di);
634 }
635 }
637 offset += data_len;
638 }
640 proto_item_set_len(item, offset-old_offset);
643 if (di->call_data->flags & DCERPC_IS_NDR64) {
644 ALIGN_TO_2_BYTES;
645 }
647 return offset;
648 }
649 static int
650 drsuapi_dissect_element_supplementalCredentialsSubBlob_prefix_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
651 {
652 offset += 2; //PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_supplementalCredentialsSubBlob_prefix, 0);
654 return offset;
655 }
657 static int
658 drsuapi_dissect_element_supplementalCredentialsSubBlob_num_packages(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_packages)
659 {
660 offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_supplementalCredentialsSubBlob_num_packages, 0, num_packages);
662 return offset;
663 }
665 static int
666 drsuapi_dissect_element_supplementalCredentialsSubBlob_packages_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_packages)
667 {
668 guint16 i;
670 for (i=0; i<*num_packages; i++) {
671 offset = drsuapi_dissect_struct_supplementalCredentialsPackage(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_supplementalCredentialsSubBlob_packages,0);
672 }
674 return offset;
675 }
677 static int
678 drsuapi_dissect_element_supplementalCredentialsSubBlob_packages(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *num_packages)
679 {
680 offset = drsuapi_dissect_element_supplementalCredentialsSubBlob_packages_(tvb,offset,pinfo,tree,di,drep,num_packages);
682 return offset;
683 }
685 int
686 drsuapi_dissect_struct_supplementalCredentialsSubBlob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
687 {
688 proto_item *item = NULL;
689 proto_tree *tree = NULL;
690 int old_offset;
691 guint16 num_packages;
693 ALIGN_TO_3_BYTES;
695 old_offset = offset;
697 if (parent_tree) {
698 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
699 tree = proto_item_add_subtree(item, ett_drsuapi_supplementalCredentialsSubBlob);
700 }
702 offset = drsuapi_dissect_element_supplementalCredentialsSubBlob_prefix(tvb, offset, pinfo, tree, di, drep);
704 offset = drsuapi_dissect_element_supplementalCredentialsSubBlob_signature(tvb, offset, pinfo, tree, di, drep);
706 offset = drsuapi_dissect_element_supplementalCredentialsSubBlob_num_packages(tvb, offset, pinfo, tree, di, drep, &num_packages);
708 offset = drsuapi_dissect_element_supplementalCredentialsSubBlob_packages(tvb, offset, pinfo, tree, di, drep, &num_packages);
710 proto_item_set_len(item, offset-old_offset);
713 if (di->call_data->flags & DCERPC_IS_NDR64) {
714 ALIGN_TO_3_BYTES;
715 }
717 return offset;
718 }
720 static int
721 drsuapi_dissect_element_supplementalCredentialsBlob_sub(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
722 {
723 int conformant = di->conformant_run;
724 tvbuff_t *subtvb;
726 if (!conformant) {
727 guint32 saved_flags = di->call_data->flags;
728 dcerpc_ptr_stack *ndr_size_ptr = di->ptr_stack;
729 guint32 size = 0;
730 if (ndr_size_ptr != NULL) {
731 size = ndr_size_ptr->private_data.val64;
732 di->ptr_stack = ndr_size_ptr->parent;
733 }
734 di->call_data->flags &= ~DCERPC_IS_NDR64;
735 subtvb = tvb_new_subset_length_caplen(tvb, offset, (const gint)size, -1);
736 drsuapi_dissect_element_supplementalCredentialsBlob_sub_(subtvb, 0, pinfo, tree, di, drep);
737 offset += (int)size;
738 di->call_data->flags = saved_flags;
739 di->ptr_stack = ndr_size_ptr;
740 }
742 return offset;
743 }
745 static int
746 drsuapi_dissect_element_supplementalCredentialsBlob___ndr_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
747 {
748 dcerpc_ptr_stack *ndr_size_ptr = di->ptr_stack;
749 guint32 ndr_size = 0;
751 offset = PIDL_dissect_uint32_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_supplementalCredentialsBlob___ndr_size, 0, &ndr_size);
752 if (ndr_size_ptr != NULL) {
753 ndr_size_ptr->private_data.val64 = ndr_size;
754 }
756 return offset;
757 }
759 int
760 drsuapi_dissect_struct_supplementalCredentialsBlob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
761 {
762 /*manual*/
763 dcerpc_ptr_stack *saved_ptr = di->ptr_stack;
764 dcerpc_ptr_stack *ndr_size_ptr = NULL;
765 proto_item *item = NULL;
766 proto_tree *tree = NULL;
767 int old_offset;
769 ALIGN_TO_4_BYTES;
771 old_offset = offset;
773 if (parent_tree) {
774 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
775 tree = proto_item_add_subtree(item, ett_drsuapi_supplementalCredentialsBlob);
776 }
778 ndr_size_ptr = wmem_new0(pinfo->pool, dcerpc_ptr_stack);
779 if (ndr_size_ptr != NULL) {
780 ndr_size_ptr->parent = saved_ptr;
781 }
782 di->ptr_stack = ndr_size_ptr;
784 offset = drsuapi_dissect_element_supplementalCredentialsBlob_unknown1(tvb, offset, pinfo, tree, di, drep);
786 offset = drsuapi_dissect_element_supplementalCredentialsBlob___ndr_size(tvb, offset, pinfo, tree, di, drep);
788 offset = drsuapi_dissect_element_supplementalCredentialsBlob_unknown2(tvb, offset, pinfo, tree, di, drep);
790 offset = drsuapi_dissect_element_supplementalCredentialsBlob_sub(tvb, offset, pinfo, tree, di, drep);
792 offset = drsuapi_dissect_element_supplementalCredentialsBlob_unknown3(tvb, offset, pinfo, tree, di, drep);
794 di->ptr_stack = saved_ptr;
796 proto_item_set_len(item, offset-old_offset);
799 if (di->call_data->flags & DCERPC_IS_NDR64) {
800 ALIGN_TO_4_BYTES;
801 }
803 return offset;
804 }
805 static int
806 drsuapi_dissect_supplementalCredentials(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* parent_di _U_)
807 {
808 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
809 static dcerpc_info di = {0, }; /* fake dcerpc_info struct */
810 static dcerpc_call_value call_data = { 0, };
811 int offset;
813 /* fake whatever state the dcerpc runtime support needs */
814 di.conformant_run=0;
815 /* we need di->call_data->flags.NDR64 == 0 */
816 di.call_data=&call_data;
817 init_ndr_pointer_list(&di);
818 di.ptr_stack = parent_di->ptr_stack;
819 offset = drsuapi_dissect_struct_supplementalCredentialsBlob(tvb, 0, pinfo, parent_tree, &di, drep,
820 hf_drsuapi_sch_supplementalCredentials, 0);
821 free_ndr_pointer_list(&di);
822 return offset;
823 }
825 static int
826 drsuapi_dissect_unicodePwd(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* parent_di _U_)
827 {
828 int offset = 0;
829 dcerpc_ptr_stack *ptr = parent_di->ptr_stack;
830 guint32 rid = 0;
831 int keytype = 23;
832 int keylength = 16;
833 tvbuff_t *keytvb = tvb_new_subset_length(tvb, offset, keylength);
834 guint8 keyvalue[KRB_MAX_KEY_LENGTH] = {0,};
835 char origin[128] = {0, };
837 if (ptr != NULL) {
838 rid = ptr->private_data.val64;
839 }
841 tvb_memcpy(keytvb, keyvalue, 0, MIN(keylength, KRB_MAX_KEY_LENGTH));
842 snprintf(origin, sizeof(origin)-1, "RID=%u drsuapi.unicodePwd", rid);
844 kerberos_inject_longterm_key(pinfo, parent_tree, NULL, keytvb,
845 keytype, keylength, keyvalue,
846 origin);
847 offset += 16;
849 return offset;
850 }
852 static int
853 drsuapi_dissect_ntPwdHistory(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* parent_di _U_)
854 {
855 dcerpc_ptr_stack *ptr = parent_di->ptr_stack;
856 guint32 rid = 0;
857 guint num_hashes = tvb_reported_length(tvb)/16;
858 guint idx;
859 int offset = 0;
861 if (ptr != NULL) {
862 rid = ptr->private_data.val64;
863 }
865 for (idx = 0; idx < num_hashes; idx++) {
866 int keytype = 23;
867 int keylength = 16;
868 tvbuff_t *keytvb = tvb_new_subset_length(tvb, offset, keylength);
869 guint8 keyvalue[KRB_MAX_KEY_LENGTH] = {0,};
870 char origin[128] = {0, };
872 tvb_memcpy(keytvb, keyvalue, 0, MIN(keylength, KRB_MAX_KEY_LENGTH));
873 snprintf(origin, sizeof(origin)-1, "RID=%u drsuapi.ntPwdHistory[%u]", rid, idx);
875 kerberos_inject_longterm_key(pinfo, parent_tree, NULL, keytvb,
876 keytype, keylength, keyvalue,
877 origin);
878 offset += 16;
879 }
881 return offset;
882 }
884 typedef int (*attr_dissector_fn_t)(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* parent_di _U_);
886 static int
887 drsuapi_dissect_element_DsAttributeValue_blob_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
888 {
889 /*manual*/
890 dcerpc_ptr_stack *ptr = di->ptr_stack;
891 guint32 rid = 0;
892 guint32 attid = 0;
893 int start_offset = offset;
894 int length;
895 guint8 _confounder[16] = { 0, };
896 guint8 *confounder;
897 guint8 decryption_key[HASH_MD5_LENGTH] = { 0, };
898 gcry_cipher_hd_t rc4_handle = NULL;
899 gcry_buffer_t iov[2] = { {0, },};
900 gcry_error_t err;
901 guint8 *buf = NULL;
902 int buf_len;
903 guint8 *payload_buf = NULL;
904 int payload_len = 0;
905 tvbuff_t *payload_tvb = NULL;
906 gboolean rid_crypt = FALSE;
907 const char *attr_name = NULL;
908 attr_dissector_fn_t attr_dissector_fn = NULL;
909 char source_name[64] = { 0,};
911 offset = dissect_ndr_datablob(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_drsuapi_DsAttributeValue_blob, 0);
912 if (ptr == NULL) {
913 return offset;
914 }
915 if (ptr->parent == NULL) {
916 return offset;
917 }
919 // TODO check dissect_ndr_lm_nt_hash_cb...
920 rid = ptr->parent->private_data.val64;
921 attid = ptr->private_data.val64;
923 switch (attid) {
924 case DRSUAPI_ATTID_dBCSPwd:
925 attr_name = "dBCSPwd";
926 rid_crypt = TRUE;
927 break;
928 case DRSUAPI_ATTID_unicodePwd:
929 attr_name = "unicodePwd";
930 attr_dissector_fn = drsuapi_dissect_unicodePwd;
931 rid_crypt = TRUE;
932 break;
933 case DRSUAPI_ATTID_ntPwdHistory:
934 attr_name = "ntPwdHistory";
935 attr_dissector_fn = drsuapi_dissect_ntPwdHistory;
936 rid_crypt = TRUE;
937 break;
938 case DRSUAPI_ATTID_lmPwdHistory:
939 attr_name = "lmPwdHistory";
940 rid_crypt = TRUE;
941 break;
942 case DRSUAPI_ATTID_supplementalCredentials:
943 attr_name = "supplementalCredentials";
944 attr_dissector_fn = drsuapi_dissect_supplementalCredentials;
945 break;
946 case DRSUAPI_ATTID_priorValue:
947 attr_name = "priorValue";
948 break;
949 case DRSUAPI_ATTID_currentValue:
950 attr_name = "currentValue";
951 break;
952 case DRSUAPI_ATTID_trustAuthOutgoing:
953 attr_name = "trustAuthOutgoing";
954 break;
955 case DRSUAPI_ATTID_trustAuthIncoming:
956 attr_name = "trustAuthIncoming";
957 break;
958 case DRSUAPI_ATTID_initialAuthOutgoing:
959 attr_name = "initialAuthOutgoing";
960 break;
961 case DRSUAPI_ATTID_initialAuthIncoming:
962 attr_name = "initialAuthIncoming";
963 break;
964 default:
965 return offset;
966 }
968 length = offset - start_offset;
970 if (length < 24) {
971 return offset;
972 }
973 start_offset += 4;
974 length -= 4;
976 if (0) {
977 proto_tree_add_text_internal(tree, tvb, start_offset, length,
978 "METZE rid_crypt:%s RID:%d ATTID:0x%08X ATTR[%s] length=%d session_key=%s",
979 rid_crypt ? "YES" : "NO",
980 rid, attid, attr_name,
981 length,
982 di->auth_session_key != NULL ?
983 di->auth_session_key->id_str : "NO");
984 }
986 if (di->auth_session_key == NULL) {
987 return offset;
988 }
990 if (!tvb_bytes_exist(tvb, start_offset, length)) {
991 return offset;
992 }
994 confounder = tvb_memcpy(tvb, _confounder, start_offset, 16);
995 buf_len = length - 16;
996 buf = tvb_memdup(pinfo->pool, tvb, start_offset + 16, buf_len);
997 if (buf == NULL) {
998 return offset;
999 }
1001 iov[0].len = di->auth_session_key->keylength;
1002 iov[0].data = di->auth_session_key->keyvalue;
1003 iov[1].len = 16;
1004 iov[1].data = confounder;
1006 err = gcry_md_hash_buffers(GCRY_MD_MD5, 0, decryption_key, iov, 2);
1007 if (err != 0) {
1008 ws_warning("GCRY: gcry_md_hash_buffers(GCRY_MD_MD5) - %s/%s\n", gcry_strsource(err), gcry_strerror(err));
1009 return offset;
1010 }
1012 err = gcry_cipher_open(&rc4_handle, GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM, 0);
1013 if (err != 0) {
1014 ws_warning("GCRY: gcry_cipher_open(GCRY_CIPHER_ARCFOUR) - %s/%s\n", gcry_strsource(err), gcry_strerror(err));
1015 return offset;
1016 }
1017 err = gcry_cipher_setkey(rc4_handle, decryption_key, HASH_MD5_LENGTH);
1018 if (err != 0) {
1019 ws_warning("GCRY: gcry_cipher_setkey(GCRY_CIPHER_ARCFOUR) - %s/%s\n", gcry_strsource(err), gcry_strerror(err));
1020 gcry_cipher_close(rc4_handle);
1021 return offset;
1022 }
1024 err = gcry_cipher_decrypt(rc4_handle, buf, buf_len, NULL, 0);
1025 if (err != 0) {
1026 ws_warning("GCRY: gcry_cipher_decrypt(GCRY_CIPHER_ARCFOUR) - %s/%s\n", gcry_strsource(err), gcry_strerror(err));
1027 gcry_cipher_close(rc4_handle);
1028 return offset;
1029 }
1030 gcry_cipher_close(rc4_handle);
1032 payload_buf = buf + 4;
1033 payload_len = buf_len - 4;
1035 if (rid_crypt && rid != 0) {
1036 guint8 rk[14];
1037 guint8 ri = 0;
1038 guint8 *hb = payload_buf;
1039 guint32 hl = payload_len;
1040 guint32 hi;
1042 /*
1043 * We have a payload contains one or more
1044 * NT Hashes (16 bytes each).
1045 */
1046 if ((hl % 16) != 0) {
1047 return offset;
1048 }
1050 /*
1051 * We build a 112 bit key based on the RID
1052 *
1053 * With that we need to decrypt each NT Hash (16 byte)
1054 *
1055 * DES is based on 8 byte blocks, which mean
1056 * we can use the first 7 bytes (56Bit) of the key to
1057 * decrypt the first 8 bytes of the NT Hash and
1058 * the last 7 bytes (also 56Bit) of the key to
1059 * decrypt the 2nd 8 bytes of the NT Hash.
1060 */
1062 rk[0] = rk[4] = rk[8] = rk[12] = (guint8)(rid & 0xFF);
1063 rk[1] = rk[5] = rk[9] = rk[13] = (guint8)((rid >> 8) & 0xFF);
1064 rk[2] = rk[6] = rk[10] = (guint8)((rid >> 16) & 0xFF);
1065 rk[3] = rk[7] = rk[11] = (guint8)((rid >> 24) & 0xFF);
1067 /* loop in 8 byte steps and toggle the key index between 0 and 7 */
1068 for (hi=0, ri = 0; hi < hl; hi += 8, ri = ri == 0 ? 7 : 0) {
1069 guint8 *h64 = &hb[hi];
1070 guint8 *rk56 = &rk[ri];
1071 guint8 tmp64[8];
1072 memcpy(tmp64, h64, 8);
1073 decrypt_des_ecb(h64, tmp64, rk56);
1074 }
1075 }
1077 payload_tvb = tvb_new_child_real_data(tvb, payload_buf, payload_len, payload_len);
1079 snprintf(source_name, sizeof(source_name)-1, "DRSUAPI Decrypted %s RID=%u", attr_name, rid);
1080 add_new_data_source(pinfo, payload_tvb, source_name);
1081 proto_tree_add_text_internal(tree, payload_tvb, 0, payload_len, "%s", source_name);
1083 if (attr_dissector_fn == NULL) {
1084 return offset;
1085 }
1087 di->ptr_stack = ptr->parent;
1088 attr_dissector_fn(payload_tvb, pinfo, tree, di);
1089 di->ptr_stack = ptr;
1091 return offset;
1092 }
1094 int
1095 drsuapi_dissect_struct_DsReplicaAttribute(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
1096 {
1097 /*manual*/
1098 dcerpc_ptr_stack *rid_ptr = di->ptr_stack;
1099 proto_item *item = NULL;
1100 proto_tree *tree = NULL;
1101 int old_offset;
1103 ALIGN_TO_5_BYTES;
1105 old_offset = offset;
1107 if (parent_tree) {
1108 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
1109 tree = proto_item_add_subtree(item, ett_drsuapi_drsuapi_DsReplicaAttribute);
1110 }
1112 if (rid_ptr != NULL) {
1113 dcerpc_ptr_stack *attid_ptr = wmem_new0(pinfo->pool, dcerpc_ptr_stack);
1114 if (attid_ptr != NULL) {
1115 attid_ptr->parent = rid_ptr;
1116 }
1117 di->ptr_stack = attid_ptr;
1118 }
1120 offset = drsuapi_dissect_element_DsReplicaAttribute_attid(tvb, offset, pinfo, tree, di, drep);
1122 offset = drsuapi_dissect_element_DsReplicaAttribute_value_ctr(tvb, offset, pinfo, tree, di, drep);
1124 di->ptr_stack = rid_ptr;
1126 proto_item_set_len(item, offset-old_offset);
1129 if (di->call_data->flags & DCERPC_IS_NDR64) {
1130 ALIGN_TO_5_BYTES;
1131 }
1133 return offset;
1134 }
1136 int
1137 drsuapi_dissect_struct_DsReplicaObject(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
1138 {
1139 /*manual*/
1140 dcerpc_ptr_stack *saved_ptr = di->ptr_stack;
1141 dcerpc_ptr_stack *rid_ptr = NULL;
1142 proto_item *item = NULL;
1143 proto_tree *tree = NULL;
1144 int old_offset;
1146 ALIGN_TO_5_BYTES;
1148 old_offset = offset;
1150 if (parent_tree) {
1151 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
1152 tree = proto_item_add_subtree(item, ett_drsuapi_drsuapi_DsReplicaObject);
1153 }
1155 rid_ptr = wmem_new0(pinfo->pool, dcerpc_ptr_stack);
1156 di->ptr_stack = rid_ptr;
1158 offset = drsuapi_dissect_element_DsReplicaObject_identifier(tvb, offset, pinfo, tree, di, drep);
1160 offset = drsuapi_dissect_element_DsReplicaObject_flags(tvb, offset, pinfo, tree, di, drep);
1162 offset = drsuapi_dissect_element_DsReplicaObject_attribute_ctr(tvb, offset, pinfo, tree, di, drep);
1164 di->ptr_stack = saved_ptr;
1166 proto_item_set_len(item, offset-old_offset);
1169 if (di->call_data->flags & DCERPC_IS_NDR64) {
1170 ALIGN_TO_5_BYTES;
1171 }
1173 return offset;
1174 }
1176 static int
1177 drsuapi_dissect_element_DsReplicaObjectListItem_next_object_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1178 {
1179 offset = drsuapi_dissect_struct_DsReplicaObjectListItem(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_drsuapi_DsReplicaObjectListItem_next_object,0);
1181 return offset;
1182 }
1184 static int
1185 drsuapi_dissect_element_DsReplicaObjectListItemEx_next_object_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1186 {
1187 offset = drsuapi_dissect_struct_DsReplicaObjectListItemEx(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_drsuapi_DsReplicaObjectListItemEx_next_object,0);
1189 return offset;
1190 }
1192 static int
1193 drsuapi_dissect_element_DsAddEntry_AttrErrListItem_V1_next_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1194 {
1195 offset = drsuapi_dissect_struct_DsAddEntry_AttrErrListItem_V1(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_drsuapi_DsAddEntry_AttrErrListItem_V1_next,0);
1197 return offset;
1198 }
1200 static int
1201 drsuapi_dissect_element_DsaAddressListItem_V1_next_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1202 {
1203 offset = drsuapi_dissect_struct_DsaAddressListItem_V1(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_drsuapi_DsaAddressListItem_V1_next,0);
1205 return offset;
1206 }
1208 static int
1209 drsuapi_dissect_element_DsAddEntry_RefErrListItem_V1_next_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1210 {
1211 offset = drsuapi_dissect_struct_DsAddEntry_RefErrListItem_V1(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_drsuapi_DsAddEntry_RefErrListItem_V1_next,0);
1213 return offset;
1214 }
1216 static int
1217 drsuapi_dissect_element_lsa_String_string_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di, guint8 *drep _U_)
1218 {
1219 char *data;
1221 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_drsuapi_String_name, FALSE, &data);
1222 proto_item_append_text(tree, ": %s", data);
1224 return offset;
1225 }
1227 static int
1228 drsuapi_dissect_element_DsReplicaObjectIdentifier_dn(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, struct ndr_generic_array *nga)
1229 {
1230 char *data = NULL;
1232 offset = dissect_ndr_generic_array_string(tvb, offset, pinfo, tree, di, drep,
1233 sizeof(guint16), hf_DsReplicaObjectIdentifier_dn,
1234 FALSE, nga, &data);
1235 proto_item_append_text(tree, ": %s", data);
1237 return offset;
1238 }
1240 /* IDL: struct { */
1241 /* IDL: [range(1,10000)] uint32 length; */
1242 /* IDL: [size_is(length)] uint8 data[*]; */
1243 /* IDL: } */
1245 static int
1246 drsuapi_dissect_element_DsBindInfoCtr_length_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1247 {
1248 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_drsuapi_DsBindInfoCtr_length, 0);
1250 return offset;
1251 }
1253 static int
1254 drsuapi_dissect_DsBindInfo(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_);
1256 static int
1257 drsuapi_dissect_element_DsBindInfoCtr_data_(tvbuff_t *tvb, int offset, int length, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1258 {
1259 offset = drsuapi_dissect_DsBindInfo(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_drsuapi_DsBindInfoCtr_info, length);
1261 return offset;
1262 }
1264 static int
1265 drsuapi_dissect_element_DsBindInfoCtr_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1266 {
1267 offset = dissect_ndr_ucarray_block(tvb, offset, pinfo, tree, di, drep, drsuapi_dissect_element_DsBindInfoCtr_data_);
1269 return offset;
1270 }
1272 int
1273 drsuapi_dissect_struct_DsBindInfoCtr(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
1274 {
1275 proto_item *item = NULL;
1276 proto_tree *tree = NULL;
1277 int old_offset;
1279 ALIGN_TO_4_BYTES;
1281 old_offset = offset;
1283 if (parent_tree) {
1284 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
1285 tree = proto_item_add_subtree(item, ett_drsuapi_drsuapi_DsBindInfoCtr);
1286 }
1288 offset = drsuapi_dissect_element_DsBindInfoCtr_length_(tvb, offset, pinfo, tree, di, drep);
1290 offset = drsuapi_dissect_element_DsBindInfoCtr_data(tvb, offset, pinfo, tree, di, drep);
1293 proto_item_set_len(item, offset-old_offset);
1295 if (di->call_data->flags & DCERPC_IS_NDR64) {
1296 ALIGN_TO_4_BYTES;
1297 }
1299 return offset;
1300 }
1302 static int
1303 drsuapi_dissect_DsBindInfo(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
1304 {
1305 proto_item *item = NULL;
1306 proto_tree *tree = NULL;
1307 int old_offset;
1308 guint32 length = param;
1310 old_offset = offset;
1311 if (parent_tree) {
1312 tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_drsuapi_drsuapi_DsBindInfo, &item, "drsuapi_DsBindInfo");
1313 }
1315 if (length >= 52) {
1316 drsuapi_dissect_struct_DsBindInfo52(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_drsuapi_DsBindInfo_info52,0);
1317 } else if (length >= 48) {
1318 drsuapi_dissect_struct_DsBindInfo48(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_drsuapi_DsBindInfo_info48,0);
1319 } else if (length >= 32) {
1320 drsuapi_dissect_struct_DsBindInfo32(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_drsuapi_DsBindInfo_info32,0);
1321 } else if (length >= 28) {
1322 drsuapi_dissect_struct_DsBindInfo28(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_drsuapi_DsBindInfo_info28,0);
1323 } else if (length >= 24) {
1324 drsuapi_dissect_struct_DsBindInfo24(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_drsuapi_DsBindInfo_info24,0);
1325 }
1326 offset += length;
1327 proto_item_set_len(item, offset-old_offset);
1329 return offset;
1330 }
1332 static int
1333 drsuapi_dissect_element_DsGetNCChangesCtr1TS_ctr1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1334 {
1335 /*
1336 guint64 size;
1337 int conformant = di->conformant_run;
1338 tvbuff_t *subtvb = NULL;
1340 if (!conformant) {
1341 guint32 saved_flags = di->call_data->flags;
1342 offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_drsuapi_DsGetNCChangesCtr1TS_ctr1_, &size);
1343 di->call_data->flags &= ~DCERPC_IS_NDR64;
1344 subtvb = tvb_new_subset_length_caplen(tvb, offset, (const gint)size, -1);
1345 drsuapi_dissect_element_DsGetNCChangesCtr1TS_ctr1_(subtvb, 0, pinfo, tree, di, drep);
1346 offset += (int)size;
1347 di->call_data->flags = saved_flags;
1348 }
1349 */
1350 return offset;
1351 }
1353 static int
1354 drsuapi_dissect_element_DsGetNCChangesCtr6TS_ctr6(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1355 {
1356 /*
1357 guint64 size;
1358 int conformant = di->conformant_run;
1359 tvbuff_t *subtvb;
1361 if (!conformant) {
1362 guint32 saved_flags = di->call_data->flags;
1363 offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_drsuapi_DsGetNCChangesCtr6TS_ctr6_, &size);
1364 di->call_data->flags &= ~DCERPC_IS_NDR64;
1365 subtvb = tvb_new_subset_length_caplen(tvb, offset, (const gint)size, -1);
1366 drsuapi_dissect_element_DsGetNCChangesCtr6TS_ctr6_(subtvb, 0, pinfo, tree, di, drep);
1367 offset += (int)size;
1368 di->call_data->flags = saved_flags;
1369 }
1370 */
1371 return offset;
1372 }
1374 static int
1375 drsuapi_dissect_element_DsGetNCChangesCtr9TS_ctr9(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1376 {
1377 /*
1378 guint64 size;
1379 int conformant = di->conformant_run;
1380 tvbuff_t *subtvb;
1382 if (!conformant) {
1383 guint32 saved_flags = di->call_data->flags;
1384 offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_drsuapi_DsGetNCChangesCtr6TS_ctr6_, &size);
1385 di->call_data->flags &= ~DCERPC_IS_NDR64;
1386 subtvb = tvb_new_subset_length_caplen(tvb, offset, (const gint)size, -1);
1387 drsuapi_dissect_element_DsGetNCChangesCtr9TS_ctr9_(subtvb, 0, pinfo, tree, di, drep);
1388 offset += (int)size;
1389 di->call_data->flags = saved_flags;
1390 }
1391 */
1392 return offset;
1393 }
1395 static int
1396 drsuapi_dissect_DsGetNCChangesCompressedCtr(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_);
1398 static int
1399 drsuapi_dissect_element_DsGetNCChangesCtr7_level(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint32 *level)
1400 {
1401 offset = PIDL_dissect_uint32_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_drsuapi_DsGetNCChangesCtr7_level, 0, level);
1403 return offset;
1404 }
1406 static int
1407 drsuapi_dissect_element_DsGetNCChangesCtr7_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint16 *type)
1408 {
1409 offset = drsuapi_dissect_enum_DsGetNCChangesCompressionType(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_drsuapi_DsGetNCChangesCtr7_type, type);
1411 return offset;
1412 }
1414 static int
1415 drsuapi_dissect_element_DsGetNCChangesCtr7_ctr(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint32 level _U_)
1416 {
1417 offset = drsuapi_dissect_DsGetNCChangesCompressedCtr(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_drsuapi_DsGetNCChangesCtr7_ctr, level);
1419 return offset;
1420 }
1422 int
1423 drsuapi_dissect_struct_DsGetNCChangesCtr7(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
1424 {
1425 guint32 level;
1426 guint16 type;
1427 guint32 ctr_level;
1428 proto_item *item = NULL;
1429 proto_tree *tree = NULL;
1430 int old_offset;
1432 ALIGN_TO_5_BYTES;
1434 old_offset = offset;
1436 if (parent_tree) {
1437 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
1438 tree = proto_item_add_subtree(item, ett_drsuapi_drsuapi_DsGetNCChangesCtr7);
1439 }
1441 offset = drsuapi_dissect_element_DsGetNCChangesCtr7_level(tvb, offset, pinfo, tree, di, drep, &level);
1443 offset = drsuapi_dissect_element_DsGetNCChangesCtr7_type(tvb, offset, pinfo, tree, di, drep, &type);
1445 ctr_level = (level & 0xFFFF) | (((guint32)type)<<16);
1447 offset = drsuapi_dissect_element_DsGetNCChangesCtr7_ctr(tvb, offset, pinfo, tree, di, drep, ctr_level);
1450 proto_item_set_len(item, offset-old_offset);
1453 if (di->call_data->flags & DCERPC_IS_NDR64) {
1454 ALIGN_TO_5_BYTES;
1455 }
1457 return offset;
1458 }
1460 static int
1461 drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_decompressed_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint32 *decompressed_length)
1462 {
1463 offset = PIDL_dissect_uint32_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_drsuapi_DsGetNCChangesXPRESSCtr6_decompressed_length, 0, decompressed_length);
1465 return offset;
1466 }
1468 static int
1469 drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_compressed_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint32 *compressed_length)
1470 {
1471 offset = PIDL_dissect_uint32_val(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_drsuapi_DsGetNCChangesXPRESSCtr6_compressed_length, 0, compressed_length);
1473 return offset;
1474 }
1476 static int
1477 drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_ts__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1478 {
1479 offset = drsuapi_dissect_struct_DsGetNCChangesCtr6TS(tvb,offset,pinfo,tree,di,drep,hf_drsuapi_drsuapi_DsGetNCChangesXPRESSCtr6_ts,0);
1481 return offset;
1482 }
1484 static int
1485 drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_ts_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1486 {
1487 guint3264 size;
1488 int conformant = di->conformant_run;
1489 tvbuff_t *subtvb;
1491 if (!conformant) {
1492 guint32 saved_flags = di->call_data->flags;
1493 offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, di, drep, hf_drsuapi_drsuapi_DsGetNCChangesXPRESSCtr6_ts_, &size);
1494 di->call_data->flags &= ~DCERPC_IS_NDR64;
1495 subtvb = tvb_new_subset_length_caplen(tvb, offset, (const gint)size, -1);
1496 drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_ts__(subtvb, 0, pinfo, tree, di, drep);
1497 offset += (int)size;
1498 di->call_data->flags = saved_flags;
1499 }
1501 return offset;
1502 }
1504 static int
1505 drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_ts(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1506 {
1507 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_ts_, NDR_POINTER_UNIQUE, "Pointer to Ts (drsuapi_DsGetNCChangesCtr6TS)",hf_drsuapi_drsuapi_DsGetNCChangesXPRESSCtr6_ts);
1509 return offset;
1510 }
1512 int
1513 drsuapi_dissect_struct_DsGetNCChangesXPRESSCtr6(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
1514 {
1515 proto_item *item = NULL;
1516 proto_tree *tree = NULL;
1517 int old_offset;
1518 guint32 decompressed_length;
1519 guint32 compressed_length;
1521 ALIGN_TO_5_BYTES;
1523 old_offset = offset;
1525 if (parent_tree) {
1526 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
1527 tree = proto_item_add_subtree(item, ett_drsuapi_drsuapi_DsGetNCChangesXPRESSCtr6);
1528 }
1530 offset = drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_decompressed_length(tvb, offset, pinfo, tree, di, drep, &decompressed_length);
1532 offset = drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_compressed_length(tvb, offset, pinfo, tree, di, drep, &compressed_length);
1534 offset = drsuapi_dissect_element_DsGetNCChangesXPRESSCtr6_ts(tvb, offset, pinfo, tree, di, drep);
1537 proto_item_set_len(item, offset-old_offset);
1540 if (di->call_data->flags & DCERPC_IS_NDR64) {
1541 ALIGN_TO_5_BYTES;
1542 }
1544 return offset;
1545 }
1546 CODE END