search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
epan/dissectors/pidl/samr/samr.cnf cnf_dissect_lsa_BinaryString => lsarpc_dissect_str...
[wireshark-sm.git] / epan / dissectors / packet-dcerpc-efs.c
blobdef60ec6113ff231f913baa5563a0d89f8924c0d
1 /* DO NOT EDIT
2 This file was automatically generated by Pidl
3 from efs.idl and efs.cnf.
4
5 Pidl is a perl based IDL compiler for DCE/RPC idl files.
6 It is maintained by the Samba team, not the Wireshark team.
7 Instructions on how to download and install Pidl can be
8 found at https://wiki.wireshark.org/Pidl
9 */
10
11
12 #include "config.h"
13 #include <string.h>
14 #include <wsutil/array.h>
15 #include <epan/packet.h>
16 #include <epan/tfs.h>
17
18 #include "packet-dcerpc.h"
19 #include "packet-dcerpc-nt.h"
20 #include "packet-windows-common.h"
21 #include "packet-dcerpc-efs.h"
22 void proto_register_dcerpc_efs(void);
23 void proto_reg_handoff_dcerpc_efs(void);
24
25 /* Ett declarations */
26 static int ett_dcerpc_efs;
27 static int ett_efs_EFS_HASH_BLOB;
28 static int ett_efs_ENCRYPTION_CERTIFICATE_HASH;
29 static int ett_efs_ENCRYPTION_CERTIFICATE_HASH_LIST;
30 static int ett_efs_EFS_CERTIFICATE_BLOB;
31 static int ett_efs_ENCRYPTION_CERTIFICATE;
32
33
34 /* Header field declarations */
35 static int hf_efs_EFS_CERTIFICATE_BLOB_cbData;
36 static int hf_efs_EFS_CERTIFICATE_BLOB_dwCertEncodingType;
37 static int hf_efs_EFS_CERTIFICATE_BLOB_pbData;
38 static int hf_efs_EFS_HASH_BLOB_cbData;
39 static int hf_efs_EFS_HASH_BLOB_pbData;
40 static int hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash;
41 static int hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers;
42 static int hf_efs_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength;
43 static int hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation;
44 static int hf_efs_ENCRYPTION_CERTIFICATE_HASH_pHash;
45 static int hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid;
46 static int hf_efs_ENCRYPTION_CERTIFICATE_TotalLength;
47 static int hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob;
48 static int hf_efs_ENCRYPTION_CERTIFICATE_pUserSid;
49 static int hf_efs_EfsRpcAddUsersToFile_FileName;
50 static int hf_efs_EfsRpcCloseRaw_pvContext;
51 static int hf_efs_EfsRpcDecryptFileSrv_FileName;
52 static int hf_efs_EfsRpcDecryptFileSrv_Reserved;
53 static int hf_efs_EfsRpcEncryptFileSrv_Filename;
54 static int hf_efs_EfsRpcOpenFileRaw_FileName;
55 static int hf_efs_EfsRpcOpenFileRaw_Flags;
56 static int hf_efs_EfsRpcOpenFileRaw_pvContext;
57 static int hf_efs_EfsRpcQueryRecoveryAgents_FileName;
58 static int hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents;
59 static int hf_efs_EfsRpcQueryUsersOnFile_FileName;
60 static int hf_efs_EfsRpcQueryUsersOnFile_pUsers;
61 static int hf_efs_EfsRpcReadFileRaw_pvContext;
62 static int hf_efs_EfsRpcRemoveUsersFromFile_FileName;
63 static int hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate;
64 static int hf_efs_EfsRpcWriteFileRaw_pvContext;
65 static int hf_efs_opnum;
66 static int hf_efs_werror;
67
68 static int proto_dcerpc_efs;
69 /* Version information */
70
71
72 static e_guid_t uuid_dcerpc_efs = {
73 0xc681d488, 0xd850, 0x11d0,
74 { 0x8c, 0x52, 0x00, 0xc0, 0x4f, 0xd9, 0x0f, 0x7e }
75 };
76 static uint16_t ver_dcerpc_efs = 1;
77
78 static int efs_dissect_element_EFS_HASH_BLOB_cbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
79 static int efs_dissect_element_EFS_HASH_BLOB_pbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
80 static int efs_dissect_element_EFS_HASH_BLOB_pbData_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
81 static int efs_dissect_element_EFS_HASH_BLOB_pbData__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
82 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
83 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pUserSid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
84 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pUserSid_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
85 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pHash(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
86 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pHash_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
87 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
88 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
89 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
90 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
91 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
92 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
93 static int efs_dissect_element_EFS_CERTIFICATE_BLOB_dwCertEncodingType(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
94 static int efs_dissect_element_EFS_CERTIFICATE_BLOB_cbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
95 static int efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
96 static int efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
97 static int efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
98 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_TotalLength(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
99 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_pUserSid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
100 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_pUserSid_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
101 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_pCertBlob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
102 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_pCertBlob_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
103 static int efs_dissect_element_EfsRpcOpenFileRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
104 static int efs_dissect_element_EfsRpcOpenFileRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
105 static int efs_dissect_element_EfsRpcOpenFileRaw_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
106 static int efs_dissect_element_EfsRpcOpenFileRaw_Flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
107 static int efs_dissect_element_EfsRpcReadFileRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
108 static int efs_dissect_element_EfsRpcReadFileRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
109 static int efs_dissect_element_EfsRpcWriteFileRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
110 static int efs_dissect_element_EfsRpcWriteFileRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
111 static int efs_dissect_element_EfsRpcCloseRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
112 static int efs_dissect_element_EfsRpcCloseRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
113 static int efs_dissect_element_EfsRpcEncryptFileSrv_Filename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
114 static int efs_dissect_element_EfsRpcDecryptFileSrv_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
115 static int efs_dissect_element_EfsRpcDecryptFileSrv_Reserved(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
116 static int efs_dissect_element_EfsRpcQueryUsersOnFile_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
117 static int efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
118 static int efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
119 static int efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
120 static int efs_dissect_element_EfsRpcQueryRecoveryAgents_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
121 static int efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
122 static int efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
123 static int efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
124 static int efs_dissect_element_EfsRpcRemoveUsersFromFile_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
125 static int efs_dissect_element_EfsRpcAddUsersToFile_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
126 static int efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
127 static int efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
128 static int
129 efs_dissect_struct_dom_sid(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info* di, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
130 {
131 if(di->conformant_run){
132 /* just a run to handle conformant arrays, no scalars to dissect */
133 return offset;
134 }
135 offset=dissect_nt_sid(tvb, offset, tree, "SID", NULL, -1);
136 return offset;
137 }
138
139
140 /* IDL: struct { */
141 /* IDL: uint32 cbData; */
142 /* IDL: [size_is(cbData)] [unique(1)] uint8 *pbData; */
143 /* IDL: } */
144
145 static int
146 efs_dissect_element_EFS_HASH_BLOB_cbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
147 {
148 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_EFS_HASH_BLOB_cbData, 0);
149
150 return offset;
151 }
152
153 static int
154 efs_dissect_element_EFS_HASH_BLOB_pbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
155 {
156 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EFS_HASH_BLOB_pbData_, NDR_POINTER_UNIQUE, "Pointer to PbData (uint8)",hf_efs_EFS_HASH_BLOB_pbData);
157
158 return offset;
159 }
160
161 static int
162 efs_dissect_element_EFS_HASH_BLOB_pbData_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
163 {
164 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EFS_HASH_BLOB_pbData__);
165
166 return offset;
167 }
168
169 static int
170 efs_dissect_element_EFS_HASH_BLOB_pbData__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
171 {
172 offset = PIDL_dissect_uint8(tvb, offset, pinfo, tree, di, drep, hf_efs_EFS_HASH_BLOB_pbData, 0);
173
174 return offset;
175 }
176
177 int
178 efs_dissect_struct_EFS_HASH_BLOB(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
179 {
180 proto_item *item = NULL;
181 proto_tree *tree = NULL;
182 int old_offset;
183
184 ALIGN_TO_5_BYTES;
185
186 old_offset = offset;
187
188 if (parent_tree) {
189 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
190 tree = proto_item_add_subtree(item, ett_efs_EFS_HASH_BLOB);
191 }
192
193 offset = efs_dissect_element_EFS_HASH_BLOB_cbData(tvb, offset, pinfo, tree, di, drep);
194
195 offset = efs_dissect_element_EFS_HASH_BLOB_pbData(tvb, offset, pinfo, tree, di, drep);
196
197
198 proto_item_set_len(item, offset-old_offset);
199
200
201 if (di->call_data->flags & DCERPC_IS_NDR64) {
202 ALIGN_TO_5_BYTES;
203 }
204
205 return offset;
206 }
207
208
209 /* IDL: struct { */
210 /* IDL: uint32 cbTotalLength; */
211 /* IDL: [unique(1)] dom_sid *pUserSid; */
212 /* IDL: [unique(1)] EFS_HASH_BLOB *pHash; */
213 /* IDL: [charset(UTF16)] [unique(1)] uint16 *lpDisplayInformation; */
214 /* IDL: } */
215
216 static int
217 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
218 {
219 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength, 0);
220
221 return offset;
222 }
223
224 static int
225 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pUserSid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
226 {
227 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pUserSid_, NDR_POINTER_UNIQUE, "Pointer to PUserSid (dom_sid)",hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid);
228
229 return offset;
230 }
231
232 static int
233 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pUserSid_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
234 {
235 offset = efs_dissect_struct_dom_sid(tvb,offset,pinfo,tree,di,drep,hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid,0);
236
237 return offset;
238 }
239
240 static int
241 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pHash(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
242 {
243 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pHash_, NDR_POINTER_UNIQUE, "Pointer to PHash (EFS_HASH_BLOB)",hf_efs_ENCRYPTION_CERTIFICATE_HASH_pHash);
244
245 return offset;
246 }
247
248 static int
249 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pHash_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
250 {
251 offset = efs_dissect_struct_EFS_HASH_BLOB(tvb,offset,pinfo,tree,di,drep,hf_efs_ENCRYPTION_CERTIFICATE_HASH_pHash,0);
252
253 return offset;
254 }
255
256 static int
257 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
258 {
259 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation_, NDR_POINTER_UNIQUE, "Pointer to LpDisplayInformation (uint16)",hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation);
260
261 return offset;
262 }
263
264 static int
265 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
266 {
267 char *data;
268
269 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(uint16_t), hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation, false, &data);
270 proto_item_append_text(tree, ": %s", data);
271
272 return offset;
273 }
274
275 int
276 efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
277 {
278 proto_item *item = NULL;
279 proto_tree *tree = NULL;
280 int old_offset;
281
282 ALIGN_TO_5_BYTES;
283
284 old_offset = offset;
285
286 if (parent_tree) {
287 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
288 tree = proto_item_add_subtree(item, ett_efs_ENCRYPTION_CERTIFICATE_HASH);
289 }
290
291 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength(tvb, offset, pinfo, tree, di, drep);
292
293 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pUserSid(tvb, offset, pinfo, tree, di, drep);
294
295 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pHash(tvb, offset, pinfo, tree, di, drep);
296
297 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation(tvb, offset, pinfo, tree, di, drep);
298
299
300 proto_item_set_len(item, offset-old_offset);
301
302
303 if (di->call_data->flags & DCERPC_IS_NDR64) {
304 ALIGN_TO_5_BYTES;
305 }
306
307 return offset;
308 }
309
310
311 /* IDL: struct { */
312 /* IDL: uint32 nCert_Hash; */
313 /* IDL: [size_is(nCert_Hash)] [unique(1)] ENCRYPTION_CERTIFICATE_HASH *pUsers[*]; */
314 /* IDL: } */
315
316 static int
317 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
318 {
319 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash, 0);
320
321 return offset;
322 }
323
324 static int
325 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
326 {
327 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers_);
328
329 return offset;
330 }
331
332 static int
333 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
334 {
335 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers__, NDR_POINTER_UNIQUE, "Pointer to PUsers (ENCRYPTION_CERTIFICATE_HASH)",hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers);
336
337 return offset;
338 }
339
340 static int
341 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
342 {
343 offset = efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH(tvb,offset,pinfo,tree,di,drep,hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers,0);
344
345 return offset;
346 }
347
348 int
349 efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH_LIST(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
350 {
351 proto_item *item = NULL;
352 proto_tree *tree = NULL;
353 int old_offset;
354
355 ALIGN_TO_5_BYTES;
356
357 old_offset = offset;
358
359 if (parent_tree) {
360 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
361 tree = proto_item_add_subtree(item, ett_efs_ENCRYPTION_CERTIFICATE_HASH_LIST);
362 }
363
364 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash(tvb, offset, pinfo, tree, di, drep);
365
366 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers(tvb, offset, pinfo, tree, di, drep);
367
368
369 proto_item_set_len(item, offset-old_offset);
370
371
372 if (di->call_data->flags & DCERPC_IS_NDR64) {
373 ALIGN_TO_5_BYTES;
374 }
375
376 return offset;
377 }
378
379
380 /* IDL: struct { */
381 /* IDL: uint32 dwCertEncodingType; */
382 /* IDL: uint32 cbData; */
383 /* IDL: [size_is(cbData)] [unique(1)] uint8 *pbData; */
384 /* IDL: } */
385
386 static int
387 efs_dissect_element_EFS_CERTIFICATE_BLOB_dwCertEncodingType(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
388 {
389 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_EFS_CERTIFICATE_BLOB_dwCertEncodingType, 0);
390
391 return offset;
392 }
393
394 static int
395 efs_dissect_element_EFS_CERTIFICATE_BLOB_cbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
396 {
397 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_EFS_CERTIFICATE_BLOB_cbData, 0);
398
399 return offset;
400 }
401
402 static int
403 efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
404 {
405 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData_, NDR_POINTER_UNIQUE, "Pointer to PbData (uint8)",hf_efs_EFS_CERTIFICATE_BLOB_pbData);
406
407 return offset;
408 }
409
410 static int
411 efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
412 {
413 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData__);
414
415 return offset;
416 }
417
418 static int
419 efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
420 {
421 offset = PIDL_dissect_uint8(tvb, offset, pinfo, tree, di, drep, hf_efs_EFS_CERTIFICATE_BLOB_pbData, 0);
422
423 return offset;
424 }
425
426 int
427 efs_dissect_struct_EFS_CERTIFICATE_BLOB(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
428 {
429 proto_item *item = NULL;
430 proto_tree *tree = NULL;
431 int old_offset;
432
433 ALIGN_TO_5_BYTES;
434
435 old_offset = offset;
436
437 if (parent_tree) {
438 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
439 tree = proto_item_add_subtree(item, ett_efs_EFS_CERTIFICATE_BLOB);
440 }
441
442 offset = efs_dissect_element_EFS_CERTIFICATE_BLOB_dwCertEncodingType(tvb, offset, pinfo, tree, di, drep);
443
444 offset = efs_dissect_element_EFS_CERTIFICATE_BLOB_cbData(tvb, offset, pinfo, tree, di, drep);
445
446 offset = efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData(tvb, offset, pinfo, tree, di, drep);
447
448
449 proto_item_set_len(item, offset-old_offset);
450
451
452 if (di->call_data->flags & DCERPC_IS_NDR64) {
453 ALIGN_TO_5_BYTES;
454 }
455
456 return offset;
457 }
458
459
460 /* IDL: struct { */
461 /* IDL: uint32 TotalLength; */
462 /* IDL: [unique(1)] dom_sid *pUserSid; */
463 /* IDL: [unique(1)] EFS_CERTIFICATE_BLOB *pCertBlob; */
464 /* IDL: } */
465
466 static int
467 efs_dissect_element_ENCRYPTION_CERTIFICATE_TotalLength(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
468 {
469 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_ENCRYPTION_CERTIFICATE_TotalLength, 0);
470
471 return offset;
472 }
473
474 static int
475 efs_dissect_element_ENCRYPTION_CERTIFICATE_pUserSid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
476 {
477 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_pUserSid_, NDR_POINTER_UNIQUE, "Pointer to PUserSid (dom_sid)",hf_efs_ENCRYPTION_CERTIFICATE_pUserSid);
478
479 return offset;
480 }
481
482 static int
483 efs_dissect_element_ENCRYPTION_CERTIFICATE_pUserSid_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
484 {
485 offset = efs_dissect_struct_dom_sid(tvb,offset,pinfo,tree,di,drep,hf_efs_ENCRYPTION_CERTIFICATE_pUserSid,0);
486
487 return offset;
488 }
489
490 static int
491 efs_dissect_element_ENCRYPTION_CERTIFICATE_pCertBlob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
492 {
493 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_pCertBlob_, NDR_POINTER_UNIQUE, "Pointer to PCertBlob (EFS_CERTIFICATE_BLOB)",hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob);
494
495 return offset;
496 }
497
498 static int
499 efs_dissect_element_ENCRYPTION_CERTIFICATE_pCertBlob_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
500 {
501 offset = efs_dissect_struct_EFS_CERTIFICATE_BLOB(tvb,offset,pinfo,tree,di,drep,hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob,0);
502
503 return offset;
504 }
505
506 int
507 efs_dissect_struct_ENCRYPTION_CERTIFICATE(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
508 {
509 proto_item *item = NULL;
510 proto_tree *tree = NULL;
511 int old_offset;
512
513 ALIGN_TO_5_BYTES;
514
515 old_offset = offset;
516
517 if (parent_tree) {
518 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
519 tree = proto_item_add_subtree(item, ett_efs_ENCRYPTION_CERTIFICATE);
520 }
521
522 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_TotalLength(tvb, offset, pinfo, tree, di, drep);
523
524 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_pUserSid(tvb, offset, pinfo, tree, di, drep);
525
526 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_pCertBlob(tvb, offset, pinfo, tree, di, drep);
527
528
529 proto_item_set_len(item, offset-old_offset);
530
531
532 if (di->call_data->flags & DCERPC_IS_NDR64) {
533 ALIGN_TO_5_BYTES;
534 }
535
536 return offset;
537 }
538
539 static int
540 efs_dissect_element_EfsRpcOpenFileRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
541 {
542 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcOpenFileRaw_pvContext_, NDR_POINTER_REF, "Pointer to PvContext (policy_handle)",hf_efs_EfsRpcOpenFileRaw_pvContext);
543
544 return offset;
545 }
546
547 static int
548 efs_dissect_element_EfsRpcOpenFileRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
549 {
550 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_efs_EfsRpcOpenFileRaw_pvContext, PIDL_POLHND_OPEN);
551
552 return offset;
553 }
554
555 static int
556 efs_dissect_element_EfsRpcOpenFileRaw_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
557 {
558 char *data;
559
560 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(uint16_t), hf_efs_EfsRpcOpenFileRaw_FileName, false, &data);
561 proto_item_append_text(tree, ": %s", data);
562
563 return offset;
564 }
565
566 static int
567 efs_dissect_element_EfsRpcOpenFileRaw_Flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
568 {
569 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_EfsRpcOpenFileRaw_Flags, 0);
570
571 return offset;
572 }
573
574 /* IDL: WERROR EfsRpcOpenFileRaw( */
575 /* IDL: [out] [ref] policy_handle *pvContext, */
576 /* IDL: [charset(UTF16)] [in] uint16 FileName[*], */
577 /* IDL: [in] uint32 Flags */
578 /* IDL: ); */
579
580 static int
581 efs_dissect_EfsRpcOpenFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
582 {
583 uint32_t status;
584
585 di->dcerpc_procedure_name="EfsRpcOpenFileRaw";
586 offset = efs_dissect_element_EfsRpcOpenFileRaw_pvContext(tvb, offset, pinfo, tree, di, drep);
587 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
588
589 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
590
591 if (status != 0)
592 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &WERR_errors_ext, "Unknown DOS error 0x%08x"));
593
594 return offset;
595 }
596
597 static int
598 efs_dissect_EfsRpcOpenFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
599 {
600 di->dcerpc_procedure_name="EfsRpcOpenFileRaw";
601 offset = efs_dissect_element_EfsRpcOpenFileRaw_FileName(tvb, offset, pinfo, tree, di, drep);
602 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
603 offset = efs_dissect_element_EfsRpcOpenFileRaw_Flags(tvb, offset, pinfo, tree, di, drep);
604 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
605 return offset;
606 }
607
608 static int
609 efs_dissect_element_EfsRpcReadFileRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
610 {
611 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcReadFileRaw_pvContext_, NDR_POINTER_REF, "Pointer to PvContext (policy_handle)",hf_efs_EfsRpcReadFileRaw_pvContext);
612
613 return offset;
614 }
615
616 static int
617 efs_dissect_element_EfsRpcReadFileRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
618 {
619 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_efs_EfsRpcReadFileRaw_pvContext, 0);
620
621 return offset;
622 }
623
624 /* IDL: WERROR EfsRpcReadFileRaw( */
625 /* IDL: [in] [ref] policy_handle *pvContext */
626 /* IDL: ); */
627
628 static int
629 efs_dissect_EfsRpcReadFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
630 {
631 uint32_t status;
632
633 di->dcerpc_procedure_name="EfsRpcReadFileRaw";
634 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
635
636 if (status != 0)
637 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &WERR_errors_ext, "Unknown DOS error 0x%08x"));
638
639 return offset;
640 }
641
642 static int
643 efs_dissect_EfsRpcReadFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
644 {
645 di->dcerpc_procedure_name="EfsRpcReadFileRaw";
646 offset = efs_dissect_element_EfsRpcReadFileRaw_pvContext(tvb, offset, pinfo, tree, di, drep);
647 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
648 return offset;
649 }
650
651 static int
652 efs_dissect_element_EfsRpcWriteFileRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
653 {
654 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcWriteFileRaw_pvContext_, NDR_POINTER_REF, "Pointer to PvContext (policy_handle)",hf_efs_EfsRpcWriteFileRaw_pvContext);
655
656 return offset;
657 }
658
659 static int
660 efs_dissect_element_EfsRpcWriteFileRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
661 {
662 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_efs_EfsRpcWriteFileRaw_pvContext, 0);
663
664 return offset;
665 }
666
667 /* IDL: WERROR EfsRpcWriteFileRaw( */
668 /* IDL: [in] [ref] policy_handle *pvContext */
669 /* IDL: ); */
670
671 static int
672 efs_dissect_EfsRpcWriteFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
673 {
674 uint32_t status;
675
676 di->dcerpc_procedure_name="EfsRpcWriteFileRaw";
677 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
678
679 if (status != 0)
680 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &WERR_errors_ext, "Unknown DOS error 0x%08x"));
681
682 return offset;
683 }
684
685 static int
686 efs_dissect_EfsRpcWriteFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
687 {
688 di->dcerpc_procedure_name="EfsRpcWriteFileRaw";
689 offset = efs_dissect_element_EfsRpcWriteFileRaw_pvContext(tvb, offset, pinfo, tree, di, drep);
690 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
691 return offset;
692 }
693
694 static int
695 efs_dissect_element_EfsRpcCloseRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
696 {
697 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcCloseRaw_pvContext_, NDR_POINTER_REF, "Pointer to PvContext (policy_handle)",hf_efs_EfsRpcCloseRaw_pvContext);
698
699 return offset;
700 }
701
702 static int
703 efs_dissect_element_EfsRpcCloseRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
704 {
705 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_efs_EfsRpcCloseRaw_pvContext, PIDL_POLHND_CLOSE);
706
707 return offset;
708 }
709
710 /* IDL: void EfsRpcCloseRaw( */
711 /* IDL: [in] [out] [ref] policy_handle *pvContext */
712 /* IDL: ); */
713
714 static int
715 efs_dissect_EfsRpcCloseRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
716 {
717 di->dcerpc_procedure_name="EfsRpcCloseRaw";
718 offset = efs_dissect_element_EfsRpcCloseRaw_pvContext(tvb, offset, pinfo, tree, di, drep);
719 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
720
721 return offset;
722 }
723
724 static int
725 efs_dissect_EfsRpcCloseRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
726 {
727 di->dcerpc_procedure_name="EfsRpcCloseRaw";
728 offset = efs_dissect_element_EfsRpcCloseRaw_pvContext(tvb, offset, pinfo, tree, di, drep);
729 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
730 return offset;
731 }
732
733 static int
734 efs_dissect_element_EfsRpcEncryptFileSrv_Filename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
735 {
736 char *data;
737
738 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(uint16_t), hf_efs_EfsRpcEncryptFileSrv_Filename, false, &data);
739 proto_item_append_text(tree, ": %s", data);
740
741 return offset;
742 }
743
744 /* IDL: WERROR EfsRpcEncryptFileSrv( */
745 /* IDL: [charset(UTF16)] [in] uint16 Filename[*] */
746 /* IDL: ); */
747
748 static int
749 efs_dissect_EfsRpcEncryptFileSrv_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
750 {
751 uint32_t status;
752
753 di->dcerpc_procedure_name="EfsRpcEncryptFileSrv";
754 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
755
756 if (status != 0)
757 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &WERR_errors_ext, "Unknown DOS error 0x%08x"));
758
759 return offset;
760 }
761
762 static int
763 efs_dissect_EfsRpcEncryptFileSrv_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
764 {
765 di->dcerpc_procedure_name="EfsRpcEncryptFileSrv";
766 offset = efs_dissect_element_EfsRpcEncryptFileSrv_Filename(tvb, offset, pinfo, tree, di, drep);
767 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
768 return offset;
769 }
770
771 static int
772 efs_dissect_element_EfsRpcDecryptFileSrv_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
773 {
774 char *data;
775
776 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(uint16_t), hf_efs_EfsRpcDecryptFileSrv_FileName, false, &data);
777 proto_item_append_text(tree, ": %s", data);
778
779 return offset;
780 }
781
782 static int
783 efs_dissect_element_EfsRpcDecryptFileSrv_Reserved(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
784 {
785 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_EfsRpcDecryptFileSrv_Reserved, 0);
786
787 return offset;
788 }
789
790 /* IDL: WERROR EfsRpcDecryptFileSrv( */
791 /* IDL: [charset(UTF16)] [in] uint16 FileName[*], */
792 /* IDL: [in] uint32 Reserved */
793 /* IDL: ); */
794
795 static int
796 efs_dissect_EfsRpcDecryptFileSrv_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
797 {
798 uint32_t status;
799
800 di->dcerpc_procedure_name="EfsRpcDecryptFileSrv";
801 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
802
803 if (status != 0)
804 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &WERR_errors_ext, "Unknown DOS error 0x%08x"));
805
806 return offset;
807 }
808
809 static int
810 efs_dissect_EfsRpcDecryptFileSrv_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
811 {
812 di->dcerpc_procedure_name="EfsRpcDecryptFileSrv";
813 offset = efs_dissect_element_EfsRpcDecryptFileSrv_FileName(tvb, offset, pinfo, tree, di, drep);
814 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
815 offset = efs_dissect_element_EfsRpcDecryptFileSrv_Reserved(tvb, offset, pinfo, tree, di, drep);
816 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
817 return offset;
818 }
819
820 static int
821 efs_dissect_element_EfsRpcQueryUsersOnFile_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
822 {
823 char *data;
824
825 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(uint16_t), hf_efs_EfsRpcQueryUsersOnFile_FileName, false, &data);
826 proto_item_append_text(tree, ": %s", data);
827
828 return offset;
829 }
830
831 static int
832 efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
833 {
834 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers_, NDR_POINTER_REF, "Pointer to PUsers (ENCRYPTION_CERTIFICATE_HASH_LIST)",hf_efs_EfsRpcQueryUsersOnFile_pUsers);
835
836 return offset;
837 }
838
839 static int
840 efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
841 {
842 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers__, NDR_POINTER_UNIQUE, "Pointer to PUsers (ENCRYPTION_CERTIFICATE_HASH_LIST)",hf_efs_EfsRpcQueryUsersOnFile_pUsers);
843
844 return offset;
845 }
846
847 static int
848 efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
849 {
850 offset = efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH_LIST(tvb,offset,pinfo,tree,di,drep,hf_efs_EfsRpcQueryUsersOnFile_pUsers,0);
851
852 return offset;
853 }
854
855 /* IDL: WERROR EfsRpcQueryUsersOnFile( */
856 /* IDL: [charset(UTF16)] [in] uint16 FileName[*], */
857 /* IDL: [out] [ref] [unique(1)] ENCRYPTION_CERTIFICATE_HASH_LIST **pUsers */
858 /* IDL: ); */
859
860 static int
861 efs_dissect_EfsRpcQueryUsersOnFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
862 {
863 uint32_t status;
864
865 di->dcerpc_procedure_name="EfsRpcQueryUsersOnFile";
866 offset = efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers(tvb, offset, pinfo, tree, di, drep);
867 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
868
869 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
870
871 if (status != 0)
872 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &WERR_errors_ext, "Unknown DOS error 0x%08x"));
873
874 return offset;
875 }
876
877 static int
878 efs_dissect_EfsRpcQueryUsersOnFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
879 {
880 di->dcerpc_procedure_name="EfsRpcQueryUsersOnFile";
881 offset = efs_dissect_element_EfsRpcQueryUsersOnFile_FileName(tvb, offset, pinfo, tree, di, drep);
882 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
883 return offset;
884 }
885
886 static int
887 efs_dissect_element_EfsRpcQueryRecoveryAgents_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
888 {
889 char *data;
890
891 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(uint16_t), hf_efs_EfsRpcQueryRecoveryAgents_FileName, false, &data);
892 proto_item_append_text(tree, ": %s", data);
893
894 return offset;
895 }
896
897 static int
898 efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
899 {
900 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents_, NDR_POINTER_REF, "Pointer to PRecoveryAgents (ENCRYPTION_CERTIFICATE_HASH_LIST)",hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents);
901
902 return offset;
903 }
904
905 static int
906 efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
907 {
908 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents__, NDR_POINTER_UNIQUE, "Pointer to PRecoveryAgents (ENCRYPTION_CERTIFICATE_HASH_LIST)",hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents);
909
910 return offset;
911 }
912
913 static int
914 efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
915 {
916 offset = efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH_LIST(tvb,offset,pinfo,tree,di,drep,hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents,0);
917
918 return offset;
919 }
920
921 /* IDL: WERROR EfsRpcQueryRecoveryAgents( */
922 /* IDL: [charset(UTF16)] [in] uint16 FileName[*], */
923 /* IDL: [out] [ref] [unique(1)] ENCRYPTION_CERTIFICATE_HASH_LIST **pRecoveryAgents */
924 /* IDL: ); */
925
926 static int
927 efs_dissect_EfsRpcQueryRecoveryAgents_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
928 {
929 uint32_t status;
930
931 di->dcerpc_procedure_name="EfsRpcQueryRecoveryAgents";
932 offset = efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents(tvb, offset, pinfo, tree, di, drep);
933 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
934
935 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
936
937 if (status != 0)
938 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &WERR_errors_ext, "Unknown DOS error 0x%08x"));
939
940 return offset;
941 }
942
943 static int
944 efs_dissect_EfsRpcQueryRecoveryAgents_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
945 {
946 di->dcerpc_procedure_name="EfsRpcQueryRecoveryAgents";
947 offset = efs_dissect_element_EfsRpcQueryRecoveryAgents_FileName(tvb, offset, pinfo, tree, di, drep);
948 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
949 return offset;
950 }
951
952 static int
953 efs_dissect_element_EfsRpcRemoveUsersFromFile_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
954 {
955 char *data;
956
957 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(uint16_t), hf_efs_EfsRpcRemoveUsersFromFile_FileName, false, &data);
958 proto_item_append_text(tree, ": %s", data);
959
960 return offset;
961 }
962
963 /* IDL: WERROR EfsRpcRemoveUsersFromFile( */
964 /* IDL: [charset(UTF16)] [in] uint16 FileName[*] */
965 /* IDL: ); */
966
967 static int
968 efs_dissect_EfsRpcRemoveUsersFromFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
969 {
970 uint32_t status;
971
972 di->dcerpc_procedure_name="EfsRpcRemoveUsersFromFile";
973 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
974
975 if (status != 0)
976 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &WERR_errors_ext, "Unknown DOS error 0x%08x"));
977
978 return offset;
979 }
980
981 static int
982 efs_dissect_EfsRpcRemoveUsersFromFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
983 {
984 di->dcerpc_procedure_name="EfsRpcRemoveUsersFromFile";
985 offset = efs_dissect_element_EfsRpcRemoveUsersFromFile_FileName(tvb, offset, pinfo, tree, di, drep);
986 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
987 return offset;
988 }
989
990 static int
991 efs_dissect_element_EfsRpcAddUsersToFile_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
992 {
993 char *data;
994
995 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(uint16_t), hf_efs_EfsRpcAddUsersToFile_FileName, false, &data);
996 proto_item_append_text(tree, ": %s", data);
997
998 return offset;
999 }
1000
1001 /* IDL: WERROR EfsRpcAddUsersToFile( */
1002 /* IDL: [charset(UTF16)] [in] uint16 FileName[*] */
1003 /* IDL: ); */
1004
1005 static int
1006 efs_dissect_EfsRpcAddUsersToFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1007 {
1008 uint32_t status;
1009
1010 di->dcerpc_procedure_name="EfsRpcAddUsersToFile";
1011 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
1012
1013 if (status != 0)
1014 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &WERR_errors_ext, "Unknown DOS error 0x%08x"));
1015
1016 return offset;
1017 }
1018
1019 static int
1020 efs_dissect_EfsRpcAddUsersToFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1021 {
1022 di->dcerpc_procedure_name="EfsRpcAddUsersToFile";
1023 offset = efs_dissect_element_EfsRpcAddUsersToFile_FileName(tvb, offset, pinfo, tree, di, drep);
1024 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1025 return offset;
1026 }
1027
1028 static int
1029 efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1030 {
1031 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate_, NDR_POINTER_UNIQUE, "Pointer to PEncryptionCertificate (ENCRYPTION_CERTIFICATE)",hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate);
1032
1033 return offset;
1034 }
1035
1036 static int
1037 efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1038 {
1039 offset = efs_dissect_struct_ENCRYPTION_CERTIFICATE(tvb,offset,pinfo,tree,di,drep,hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate,0);
1040
1041 return offset;
1042 }
1043
1044 /* IDL: WERROR EfsRpcSetFileEncryptionKey( */
1045 /* IDL: [in] [unique(1)] ENCRYPTION_CERTIFICATE *pEncryptionCertificate */
1046 /* IDL: ); */
1047
1048 static int
1049 efs_dissect_EfsRpcSetFileEncryptionKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1050 {
1051 uint32_t status;
1052
1053 di->dcerpc_procedure_name="EfsRpcSetFileEncryptionKey";
1054 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
1055
1056 if (status != 0)
1057 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &WERR_errors_ext, "Unknown DOS error 0x%08x"));
1058
1059 return offset;
1060 }
1061
1062 static int
1063 efs_dissect_EfsRpcSetFileEncryptionKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1064 {
1065 di->dcerpc_procedure_name="EfsRpcSetFileEncryptionKey";
1066 offset = efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate(tvb, offset, pinfo, tree, di, drep);
1067 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1068 return offset;
1069 }
1070
1071 /* IDL: WERROR EfsRpcNotSupported( */
1072 /* IDL: */
1073 /* IDL: ); */
1074
1075 static int
1076 efs_dissect_EfsRpcNotSupported_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1077 {
1078 uint32_t status;
1079
1080 di->dcerpc_procedure_name="EfsRpcNotSupported";
1081 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
1082
1083 if (status != 0)
1084 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &WERR_errors_ext, "Unknown DOS error 0x%08x"));
1085
1086 return offset;
1087 }
1088
1089 static int
1090 efs_dissect_EfsRpcNotSupported_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1091 {
1092 di->dcerpc_procedure_name="EfsRpcNotSupported";
1093 return offset;
1094 }
1095
1096 /* IDL: WERROR EfsRpcFileKeyInfo( */
1097 /* IDL: */
1098 /* IDL: ); */
1099
1100 static int
1101 efs_dissect_EfsRpcFileKeyInfo_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1102 {
1103 uint32_t status;
1104
1105 di->dcerpc_procedure_name="EfsRpcFileKeyInfo";
1106 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
1107
1108 if (status != 0)
1109 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &WERR_errors_ext, "Unknown DOS error 0x%08x"));
1110
1111 return offset;
1112 }
1113
1114 static int
1115 efs_dissect_EfsRpcFileKeyInfo_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1116 {
1117 di->dcerpc_procedure_name="EfsRpcFileKeyInfo";
1118 return offset;
1119 }
1120
1121 /* IDL: WERROR EfsRpcDuplicateEncryptionInfoFile( */
1122 /* IDL: */
1123 /* IDL: ); */
1124
1125 static int
1126 efs_dissect_EfsRpcDuplicateEncryptionInfoFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1127 {
1128 uint32_t status;
1129
1130 di->dcerpc_procedure_name="EfsRpcDuplicateEncryptionInfoFile";
1131 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
1132
1133 if (status != 0)
1134 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &WERR_errors_ext, "Unknown DOS error 0x%08x"));
1135
1136 return offset;
1137 }
1138
1139 static int
1140 efs_dissect_EfsRpcDuplicateEncryptionInfoFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1141 {
1142 di->dcerpc_procedure_name="EfsRpcDuplicateEncryptionInfoFile";
1143 return offset;
1144 }
1145
1146
1147 static const dcerpc_sub_dissector efs_dissectors[] = {
1148 { 0, "EfsRpcOpenFileRaw",
1149 efs_dissect_EfsRpcOpenFileRaw_request, efs_dissect_EfsRpcOpenFileRaw_response},
1150 { 1, "EfsRpcReadFileRaw",
1151 efs_dissect_EfsRpcReadFileRaw_request, efs_dissect_EfsRpcReadFileRaw_response},
1152 { 2, "EfsRpcWriteFileRaw",
1153 efs_dissect_EfsRpcWriteFileRaw_request, efs_dissect_EfsRpcWriteFileRaw_response},
1154 { 3, "EfsRpcCloseRaw",
1155 efs_dissect_EfsRpcCloseRaw_request, efs_dissect_EfsRpcCloseRaw_response},
1156 { 4, "EfsRpcEncryptFileSrv",
1157 efs_dissect_EfsRpcEncryptFileSrv_request, efs_dissect_EfsRpcEncryptFileSrv_response},
1158 { 5, "EfsRpcDecryptFileSrv",
1159 efs_dissect_EfsRpcDecryptFileSrv_request, efs_dissect_EfsRpcDecryptFileSrv_response},
1160 { 6, "EfsRpcQueryUsersOnFile",
1161 efs_dissect_EfsRpcQueryUsersOnFile_request, efs_dissect_EfsRpcQueryUsersOnFile_response},
1162 { 7, "EfsRpcQueryRecoveryAgents",
1163 efs_dissect_EfsRpcQueryRecoveryAgents_request, efs_dissect_EfsRpcQueryRecoveryAgents_response},
1164 { 8, "EfsRpcRemoveUsersFromFile",
1165 efs_dissect_EfsRpcRemoveUsersFromFile_request, efs_dissect_EfsRpcRemoveUsersFromFile_response},
1166 { 9, "EfsRpcAddUsersToFile",
1167 efs_dissect_EfsRpcAddUsersToFile_request, efs_dissect_EfsRpcAddUsersToFile_response},
1168 { 10, "EfsRpcSetFileEncryptionKey",
1169 efs_dissect_EfsRpcSetFileEncryptionKey_request, efs_dissect_EfsRpcSetFileEncryptionKey_response},
1170 { 11, "EfsRpcNotSupported",
1171 efs_dissect_EfsRpcNotSupported_request, efs_dissect_EfsRpcNotSupported_response},
1172 { 12, "EfsRpcFileKeyInfo",
1173 efs_dissect_EfsRpcFileKeyInfo_request, efs_dissect_EfsRpcFileKeyInfo_response},
1174 { 13, "EfsRpcDuplicateEncryptionInfoFile",
1175 efs_dissect_EfsRpcDuplicateEncryptionInfoFile_request, efs_dissect_EfsRpcDuplicateEncryptionInfoFile_response},
1176 { 0, NULL, NULL, NULL }
1177 };
1178
1179 void proto_register_dcerpc_efs(void)
1180 {
1181 static hf_register_info hf[] = {
1182 { &hf_efs_EFS_CERTIFICATE_BLOB_cbData,
1183 { "CbData", "efs.EFS_CERTIFICATE_BLOB.cbData", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1184 { &hf_efs_EFS_CERTIFICATE_BLOB_dwCertEncodingType,
1185 { "DwCertEncodingType", "efs.EFS_CERTIFICATE_BLOB.dwCertEncodingType", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1186 { &hf_efs_EFS_CERTIFICATE_BLOB_pbData,
1187 { "PbData", "efs.EFS_CERTIFICATE_BLOB.pbData", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
1188 { &hf_efs_EFS_HASH_BLOB_cbData,
1189 { "CbData", "efs.EFS_HASH_BLOB.cbData", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1190 { &hf_efs_EFS_HASH_BLOB_pbData,
1191 { "PbData", "efs.EFS_HASH_BLOB.pbData", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
1192 { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash,
1193 { "NCert Hash", "efs.ENCRYPTION_CERTIFICATE_HASH_LIST.nCert_Hash", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1194 { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers,
1195 { "PUsers", "efs.ENCRYPTION_CERTIFICATE_HASH_LIST.pUsers", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1196 { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength,
1197 { "CbTotalLength", "efs.ENCRYPTION_CERTIFICATE_HASH.cbTotalLength", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1198 { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation,
1199 { "LpDisplayInformation", "efs.ENCRYPTION_CERTIFICATE_HASH.lpDisplayInformation", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1200 { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_pHash,
1201 { "PHash", "efs.ENCRYPTION_CERTIFICATE_HASH.pHash", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1202 { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid,
1203 { "PUserSid", "efs.ENCRYPTION_CERTIFICATE_HASH.pUserSid", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1204 { &hf_efs_ENCRYPTION_CERTIFICATE_TotalLength,
1205 { "TotalLength", "efs.ENCRYPTION_CERTIFICATE.TotalLength", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1206 { &hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob,
1207 { "PCertBlob", "efs.ENCRYPTION_CERTIFICATE.pCertBlob", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1208 { &hf_efs_ENCRYPTION_CERTIFICATE_pUserSid,
1209 { "PUserSid", "efs.ENCRYPTION_CERTIFICATE.pUserSid", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1210 { &hf_efs_EfsRpcAddUsersToFile_FileName,
1211 { "FileName", "efs.EfsRpcAddUsersToFile.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1212 { &hf_efs_EfsRpcCloseRaw_pvContext,
1213 { "PvContext", "efs.EfsRpcCloseRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
1214 { &hf_efs_EfsRpcDecryptFileSrv_FileName,
1215 { "FileName", "efs.EfsRpcDecryptFileSrv.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1216 { &hf_efs_EfsRpcDecryptFileSrv_Reserved,
1217 { "Reserved", "efs.EfsRpcDecryptFileSrv.Reserved", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1218 { &hf_efs_EfsRpcEncryptFileSrv_Filename,
1219 { "Filename", "efs.EfsRpcEncryptFileSrv.Filename", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1220 { &hf_efs_EfsRpcOpenFileRaw_FileName,
1221 { "FileName", "efs.EfsRpcOpenFileRaw.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1222 { &hf_efs_EfsRpcOpenFileRaw_Flags,
1223 { "Flags", "efs.EfsRpcOpenFileRaw.Flags", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1224 { &hf_efs_EfsRpcOpenFileRaw_pvContext,
1225 { "PvContext", "efs.EfsRpcOpenFileRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
1226 { &hf_efs_EfsRpcQueryRecoveryAgents_FileName,
1227 { "FileName", "efs.EfsRpcQueryRecoveryAgents.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1228 { &hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents,
1229 { "PRecoveryAgents", "efs.EfsRpcQueryRecoveryAgents.pRecoveryAgents", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1230 { &hf_efs_EfsRpcQueryUsersOnFile_FileName,
1231 { "FileName", "efs.EfsRpcQueryUsersOnFile.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1232 { &hf_efs_EfsRpcQueryUsersOnFile_pUsers,
1233 { "PUsers", "efs.EfsRpcQueryUsersOnFile.pUsers", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1234 { &hf_efs_EfsRpcReadFileRaw_pvContext,
1235 { "PvContext", "efs.EfsRpcReadFileRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
1236 { &hf_efs_EfsRpcRemoveUsersFromFile_FileName,
1237 { "FileName", "efs.EfsRpcRemoveUsersFromFile.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1238 { &hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate,
1239 { "PEncryptionCertificate", "efs.EfsRpcSetFileEncryptionKey.pEncryptionCertificate", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1240 { &hf_efs_EfsRpcWriteFileRaw_pvContext,
1241 { "PvContext", "efs.EfsRpcWriteFileRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
1242 { &hf_efs_opnum,
1243 { "Operation", "efs.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
1244 { &hf_efs_werror,
1245 { "Windows Error", "efs.werror", FT_UINT32, BASE_HEX|BASE_EXT_STRING, &WERR_errors_ext, 0, NULL, HFILL }},
1246 };
1247
1248
1249 static int *ett[] = {
1250 &ett_dcerpc_efs,
1251 &ett_efs_EFS_HASH_BLOB,
1252 &ett_efs_ENCRYPTION_CERTIFICATE_HASH,
1253 &ett_efs_ENCRYPTION_CERTIFICATE_HASH_LIST,
1254 &ett_efs_EFS_CERTIFICATE_BLOB,
1255 &ett_efs_ENCRYPTION_CERTIFICATE,
1256 };
1257
1258 proto_dcerpc_efs = proto_register_protocol("EFS (pidl)", "EFS", "efs");
1259 proto_register_field_array(proto_dcerpc_efs, hf, array_length (hf));
1260 proto_register_subtree_array(ett, array_length(ett));
1261 }
1262
1263 void proto_reg_handoff_dcerpc_efs(void)
1264 {
1265 dcerpc_init_uuid(proto_dcerpc_efs, ett_dcerpc_efs,
1266 &uuid_dcerpc_efs, ver_dcerpc_efs,
1267 efs_dissectors, hf_efs_opnum);
1268 }
Metzes wireshark repo