search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
epan/dissectors/pidl/samr/samr.cnf cnf_dissect_lsa_BinaryString => lsarpc_dissect_str...
[wireshark-sm.git] / epan / dissectors / packet-dcerpc.h
blob8e713e66eefe5a459391e0590e877ba41f74bc91
1 /* packet-dcerpc.h
2 * Copyright 2001, Todd Sabin <tas@webspan.net>
3 * Copyright 2003, Tim Potter <tpot@samba.org>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 #ifndef __PACKET_DCERPC_H__
13 #define __PACKET_DCERPC_H__
14
15 #include <epan/conversation.h>
16 #include "ws_symbol_export.h"
17
18 #ifdef __cplusplus
19 extern "C" {
20 #endif /* __cplusplus */
21
22 #define DCERPC_TABLE_NAME "dcerpc.uuid"
23 /*
24 * Data representation.
25 */
26 #define DREP_LITTLE_ENDIAN 0x10
27
28 #define DREP_EBCDIC 0x01
29
30 /*
31 * Data representation to integer byte order.
32 */
33 #define DREP_ENC_INTEGER(drep) \
34 (((drep)[0] & DREP_LITTLE_ENDIAN) ? ENC_LITTLE_ENDIAN : ENC_BIG_ENDIAN)
35
36 /*
37 * Data representation to (octet-string) character encoding.
38 */
39 #define DREP_ENC_CHAR(drep) \
40 (((drep)[0] & DREP_EBCDIC) ? ENC_EBCDIC|ENC_NA : ENC_ASCII|ENC_NA)
41
42 #ifdef PT_R4
43 /* now glib always includes signal.h and on linux PPC
44 * signal.h defines PT_R4
45 */
46 #undef PT_R4
47 #endif
48
49 #define DCERPC_UUID_NULL { 0,0,0, {0,0,0,0,0,0,0,0} }
50
51 /* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */
52 #define DCERPC_UUID_STR_LEN 36+1
53
54 typedef struct _e_ctx_hnd {
55 uint32_t attributes;
56 e_guid_t uuid;
57 } e_ctx_hnd;
58
59 typedef struct _e_dce_cn_common_hdr_t {
60 uint8_t rpc_ver;
61 uint8_t rpc_ver_minor;
62 uint8_t ptype;
63 uint8_t flags;
64 uint8_t drep[4];
65 uint16_t frag_len;
66 uint16_t auth_len;
67 uint32_t call_id;
68 } e_dce_cn_common_hdr_t;
69
70 typedef struct _e_dce_dg_common_hdr_t {
71 uint8_t rpc_ver;
72 uint8_t ptype;
73 uint8_t flags1;
74 uint8_t flags2;
75 uint8_t drep[3];
76 uint8_t serial_hi;
77 e_guid_t obj_id;
78 e_guid_t if_id;
79 e_guid_t act_id;
80 uint32_t server_boot;
81 uint32_t if_ver;
82 uint32_t seqnum;
83 uint16_t opnum;
84 uint16_t ihint;
85 uint16_t ahint;
86 uint16_t frag_len;
87 uint16_t frag_num;
88 uint8_t auth_proto;
89 uint8_t serial_lo;
90 } e_dce_dg_common_hdr_t;
91
92 struct _dcerpc_auth_subdissector_fns;
93
94 typedef struct _dcerpc_auth_info {
95 bool hdr_signing;
96 uint8_t auth_type;
97 uint8_t auth_level;
98 uint32_t auth_context_id;
99 uint8_t auth_pad_len;
100 uint32_t auth_size;
101 struct _dcerpc_auth_subdissector_fns *auth_fns;
102 tvbuff_t *auth_hdr_tvb;
103 tvbuff_t *auth_tvb;
104 proto_item *auth_item;
105 proto_tree *auth_tree;
106 } dcerpc_auth_info;
107
108 typedef struct dcerpcstat_tap_data
109 {
110 const char *prog;
111 e_guid_t uuid;
112 uint16_t ver;
113 int num_procedures;
114 } dcerpcstat_tap_data_t;
115
116 /* Private data passed to subdissectors from the main DCERPC dissector.
117 * One unique instance of this structure is created for each
118 * DCERPC request/response transaction when we see the initial request
119 * of the transaction.
120 * These instances are persistent and will remain available until the
121 * capture file is closed and a new one is read.
122 *
123 * For transactions where we never saw the request (missing from the trace)
124 * the dcerpc runtime will create a temporary "fake" such structure to pass
125 * to the response dissector. These fake structures are not persistent
126 * and can not be used to keep data hanging around.
127 */
128 typedef struct _dcerpc_call_value {
129 e_guid_t uuid; /* interface UUID */
130 uint16_t ver; /* interface version */
131 e_guid_t object_uuid; /* optional object UUID (or DCERPC_UUID_NULL) */
132 uint16_t opnum;
133 uint32_t req_frame;
134 nstime_t req_time;
135 uint32_t rep_frame;
136 uint32_t max_ptr;
137 void *se_data; /* This holds any data with se allocation scope
138 * that we might want to keep
139 * for this request/response transaction.
140 * The pointer is initialized to NULL and must be
141 * checked before being dereferenced.
142 * This is useful for such things as when we
143 * need to pass persistent data from the request
144 * to the reply, such as LSA/OpenPolicy2() that
145 * uses this to pass the domain name from the
146 * request to the reply.
147 */
148 void *private_data; /* XXX This will later be renamed as ep_data */
149 e_ctx_hnd *pol; /* policy handle tracked between request/response*/
150 #define DCERPC_IS_NDR64 0x00000001
151 uint32_t flags; /* flags for this transaction */
152 } dcerpc_call_value;
153
154 typedef struct _dcerpc_ptr_stack {
155 struct _dcerpc_ptr_stack *parent;
156 union {
157 void *ptr;
158 uint64_t val64;
159 } private_data;
160 } dcerpc_ptr_stack;
161
162 typedef struct _dcerpc_info {
163 conversation_t *conv; /* Which TCP stream we are in */
164 uint32_t call_id; /* Call ID for this call */
165 uint64_t transport_salt; /* e.g. FID for DCERPC over SMB */
166 uint8_t ptype; /* packet type: PDU_REQ, PDU_RESP, ... */
167 bool conformant_run;
168 bool no_align; /* are data aligned? (default yes) */
169 int32_t conformant_eaten; /* how many bytes did the conformant run eat?*/
170 uint32_t array_max_count; /* max_count for conformant arrays */
171 uint32_t array_max_count_offset;
172 uint32_t array_offset;
173 uint32_t array_offset_offset;
174 uint32_t array_actual_count;
175 uint32_t array_actual_count_offset;
176 int hf_index;
177 dcerpc_call_value *call_data;
178 dcerpc_ptr_stack *ptr_stack;
179 uint64_t switch_level;
180 const char *dcerpc_procedure_name; /* Used by PIDL to store the name of the current dcerpc procedure */
181 struct _dcerpc_auth_info *auth_info;
182 void *private_data;
183
184 /* ndr pointer handling */
185 struct {
186 /* Should we re-read the size of the list ?
187 * Instead of re-calculating the size every time, use the stored value unless this
188 * flag is set which means: re-read the size of the list
189 */
190 bool must_check_size;
191 /*
192 * List of pointers encountered so far in the current level. Points to an
193 * element of list_ndr_pointer_list.
194 */
195 GSList *list;
196 GHashTable *hash;
197 /*
198 * List of pointer list, in order to avoid huge performance penalty
199 * when dealing with list bigger than 100 elements due to the way we
200 * try to insert in the list.
201 * We instead maintain a stack of pointer list
202 * To make it easier to manage we just use a list to materialize the stack
203 */
204 GSList *list_list;
205
206 /* Boolean controlling whether pointers are top-level or embedded */
207 bool are_top_level;
208 } pointers;
209 } dcerpc_info;
210
211 #define PDU_REQ 0
212 #define PDU_PING 1
213 #define PDU_RESP 2
214 #define PDU_FAULT 3
215 #define PDU_WORKING 4
216 #define PDU_NOCALL 5
217 #define PDU_REJECT 6
218 #define PDU_ACK 7
219 #define PDU_CL_CANCEL 8
220 #define PDU_FACK 9
221 #define PDU_CANCEL_ACK 10
222 #define PDU_BIND 11
223 #define PDU_BIND_ACK 12
224 #define PDU_BIND_NAK 13
225 #define PDU_ALTER 14
226 #define PDU_ALTER_ACK 15
227 #define PDU_AUTH3 16
228 #define PDU_SHUTDOWN 17
229 #define PDU_CO_CANCEL 18
230 #define PDU_ORPHANED 19
231 #define PDU_RTS 20
232
233 /*
234 * helpers for packet-dcerpc.c and packet-dcerpc-ndr.c
235 * If you're writing a subdissector, you almost certainly want the
236 * NDR functions below.
237 */
238 uint16_t dcerpc_tvb_get_ntohs (tvbuff_t *tvb, int offset, uint8_t *drep);
239 uint32_t dcerpc_tvb_get_ntohl (tvbuff_t *tvb, int offset, uint8_t *drep);
240 void dcerpc_tvb_get_uuid (tvbuff_t *tvb, int offset, uint8_t *drep, e_guid_t *uuid);
241 WS_DLL_PUBLIC
242 int dissect_dcerpc_char (tvbuff_t *tvb, int offset, packet_info *pinfo,
243 proto_tree *tree, uint8_t *drep,
244 int hfindex, uint8_t *pdata);
245 WS_DLL_PUBLIC
246 int dissect_dcerpc_uint8 (tvbuff_t *tvb, int offset, packet_info *pinfo,
247 proto_tree *tree, uint8_t *drep,
248 int hfindex, uint8_t *pdata);
249 WS_DLL_PUBLIC
250 int dissect_dcerpc_uint16 (tvbuff_t *tvb, int offset, packet_info *pinfo,
251 proto_tree *tree, uint8_t *drep,
252 int hfindex, uint16_t *pdata);
253 WS_DLL_PUBLIC
254 int dissect_dcerpc_uint32 (tvbuff_t *tvb, int offset, packet_info *pinfo,
255 proto_tree *tree, uint8_t *drep,
256 int hfindex, uint32_t *pdata);
257 WS_DLL_PUBLIC
258 int dissect_dcerpc_uint64 (tvbuff_t *tvb, int offset, packet_info *pinfo,
259 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
260 int hfindex, uint64_t *pdata);
261 int dissect_dcerpc_float (tvbuff_t *tvb, int offset, packet_info *pinfo,
262 proto_tree *tree, uint8_t *drep,
263 int hfindex, float *pdata);
264 int dissect_dcerpc_double (tvbuff_t *tvb, int offset, packet_info *pinfo,
265 proto_tree *tree, uint8_t *drep,
266 int hfindex, double *pdata);
267 int dissect_dcerpc_time_t (tvbuff_t *tvb, int offset, packet_info *pinfo,
268 proto_tree *tree, uint8_t *drep,
269 int hfindex, uint32_t *pdata);
270 WS_DLL_PUBLIC
271 int dissect_dcerpc_uuid_t (tvbuff_t *tvb, int offset, packet_info *pinfo,
272 proto_tree *tree, uint8_t *drep,
273 int hfindex, e_guid_t *pdata);
274
275 /*
276 * NDR routines for subdissectors.
277 */
278 WS_DLL_PUBLIC
279 int dissect_ndr_uint8 (tvbuff_t *tvb, int offset, packet_info *pinfo,
280 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
281 int hfindex, uint8_t *pdata);
282 int PIDL_dissect_uint8 (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param);
283 int PIDL_dissect_uint8_val (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param, uint8_t *pval);
284 WS_DLL_PUBLIC
285 int dissect_ndr_uint16 (tvbuff_t *tvb, int offset, packet_info *pinfo,
286 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
287 int hfindex, uint16_t *pdata);
288 int PIDL_dissect_uint16 (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param);
289 int PIDL_dissect_uint16_val (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param, uint16_t *pval);
290 WS_DLL_PUBLIC
291 int dissect_ndr_uint32 (tvbuff_t *tvb, int offset, packet_info *pinfo,
292 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
293 int hfindex, uint32_t *pdata);
294 int PIDL_dissect_uint32 (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param);
295 int PIDL_dissect_uint32_val (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param, uint32_t *rval);
296 WS_DLL_PUBLIC
297 int dissect_ndr_duint32 (tvbuff_t *tvb, int offset, packet_info *pinfo,
298 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
299 int hfindex, uint64_t *pdata);
300 WS_DLL_PUBLIC
301 int dissect_ndr_uint64 (tvbuff_t *tvb, int offset, packet_info *pinfo,
302 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
303 int hfindex, uint64_t *pdata);
304 int PIDL_dissect_uint64 (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param);
305 int PIDL_dissect_uint64_val (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param, uint64_t *pval);
306 WS_DLL_PUBLIC
307 int dissect_ndr_float (tvbuff_t *tvb, int offset, packet_info *pinfo,
308 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
309 int hfindex, float *pdata);
310 WS_DLL_PUBLIC
311 int dissect_ndr_double (tvbuff_t *tvb, int offset, packet_info *pinfo,
312 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
313 int hfindex, double *pdata);
314
315 WS_DLL_PUBLIC
316 int dissect_ndr_time_t (tvbuff_t *tvb, int offset, packet_info *pinfo,
317 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
318 int hfindex, uint32_t *pdata);
319 WS_DLL_PUBLIC
320 int dissect_ndr_uuid_t (tvbuff_t *tvb, int offset, packet_info *pinfo,
321 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
322 int hfindex, e_guid_t *pdata);
323 int dissect_ndr_ctx_hnd (tvbuff_t *tvb, int offset, packet_info *pinfo,
324 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
325 int hfindex, e_ctx_hnd *pdata);
326
327 #define FT_UINT1632 FT_UINT32
328 typedef uint32_t uint1632_t;
329
330 WS_DLL_PUBLIC
331 int dissect_ndr_uint1632 (tvbuff_t *tvb, int offset, packet_info *pinfo,
332 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
333 int hfindex, uint1632_t *pdata);
334
335 typedef uint64_t uint3264_t;
336
337 WS_DLL_PUBLIC
338 int dissect_ndr_uint3264 (tvbuff_t *tvb, int offset, packet_info *pinfo,
339 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
340 int hfindex, uint3264_t *pdata);
341
342 typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
343 typedef int (dcerpc_dissect_fnct_blk_t)(tvbuff_t *tvb, int offset, int length, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
344
345 typedef void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, dcerpc_info *di, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args);
346
347 #define NDR_POINTER_REF 1
348 #define NDR_POINTER_UNIQUE 2
349 #define NDR_POINTER_PTR 3
350
351 int dissect_ndr_pointer_cb(tvbuff_t *tvb, int offset, packet_info *pinfo,
352 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
353 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
354 int hf_index, dcerpc_callback_fnct_t *callback,
355 void *callback_args);
356
357 int dissect_ndr_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
358 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
359 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
360 int hf_index);
361 int dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, dcerpc_info *di, uint8_t *drep);
362 int dissect_ndr_embedded_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
363 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
364 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
365 int hf_index);
366 int dissect_ndr_toplevel_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
367 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
368 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
369 int hf_index);
370
371 struct ndr_generic_array {
372 bool is_conformant;
373 bool is_varying;
374 uint32_t max_count;
375 uint32_t max_count_offset;
376 uint32_t offset;
377 uint32_t offset_offset;
378 uint32_t actual_count;
379 uint32_t actual_count_offset;
380 };
381
382 int
383 dissect_ndr_conformant_array_hdr(tvbuff_t *tvb, int offset, packet_info *pinfo,
384 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
385 struct ndr_generic_array *nga);
386
387 int
388 dissect_ndr_varying_array_hdr(tvbuff_t *tvb, int offset, packet_info *pinfo,
389 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
390 struct ndr_generic_array *nga);
391
392 int
393 dissect_ndr_generic_array_bytes(tvbuff_t *tvb, int offset, packet_info *pinfo,
394 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
395 struct ndr_generic_array *nga,
396 dcerpc_dissect_fnct_t *fnct_bytes);
397
398 int
399 dissect_ndr_generic_array_block(tvbuff_t *tvb, int offset, packet_info *pinfo,
400 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
401 struct ndr_generic_array *nga,
402 dcerpc_dissect_fnct_blk_t *fnct_block);
403
404 int
405 dissect_ndr_generic_array_string(tvbuff_t *tvb, int offset, packet_info *pinfo,
406 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
407 int size_is, int hfindex, bool add_subtree,
408 struct ndr_generic_array *nga,
409 char **data);
410
411 /* dissect a NDR unidimensional conformant array */
412 int dissect_ndr_ucarray(tvbuff_t *tvb, int offset, packet_info *pinfo,
413 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
414 dcerpc_dissect_fnct_t *fnct);
415
416 int dissect_ndr_ucarray_block(tvbuff_t *tvb, int offset, packet_info *pinfo,
417 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
418 dcerpc_dissect_fnct_blk_t *fnct);
419
420 /* dissect a NDR unidimensional conformant and varying array
421 * each byte in the array is processed separately
422 */
423 int dissect_ndr_ucvarray(tvbuff_t *tvb, int offset, packet_info *pinfo,
424 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
425 dcerpc_dissect_fnct_t *fnct);
426
427 int dissect_ndr_ucvarray_block(tvbuff_t *tvb, int offset, packet_info *pinfo,
428 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
429 dcerpc_dissect_fnct_blk_t *fnct);
430
431 /* dissect a NDR unidimensional varying array */
432 int dissect_ndr_uvarray(tvbuff_t *tvb, int offset, packet_info *pinfo,
433 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
434 dcerpc_dissect_fnct_t *fnct);
435
436 int dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
437 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
438
439 int dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
440 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int size_is,
441 int hfinfo, bool add_subtree,
442 char **data);
443 int dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
444 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
445 int dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
446 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
447 int PIDL_dissect_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int chsize, int hfindex, uint32_t param);
448
449 int dissect_ndr_cstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
450 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int size_is,
451 int hfindex, bool add_subtree, char **data);
452 int dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
453 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int size_is,
454 int hfinfo, bool add_subtree,
455 char **data);
456 int dissect_ndr_char_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
457 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
458 int dissect_ndr_wchar_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
459 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
460
461 typedef struct _dcerpc_sub_dissector {
462 uint16_t num;
463 const char *name;
464 dcerpc_dissect_fnct_t *dissect_rqst;
465 dcerpc_dissect_fnct_t *dissect_resp;
466 } dcerpc_sub_dissector;
467
468 /* registration function for subdissectors */
469 WS_DLL_PUBLIC
470 void dcerpc_init_uuid (int proto, int ett, e_guid_t *uuid, uint16_t ver, const dcerpc_sub_dissector *procs, int opnum_hf);
471 WS_DLL_PUBLIC
472 void dcerpc_init_from_handle(int proto, e_guid_t *uuid, uint16_t ver, dissector_handle_t guid_handle);
473 WS_DLL_PUBLIC
474 const char *dcerpc_get_proto_name(e_guid_t *uuid, uint16_t ver);
475 WS_DLL_PUBLIC
476 int dcerpc_get_proto_hf_opnum(e_guid_t *uuid, uint16_t ver);
477 WS_DLL_PUBLIC
478 const dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_guid_t *uuid, uint16_t ver);
479
480 /* Create a opnum, name value_string from a subdissector list */
481
482 value_string *value_string_from_subdissectors(const dcerpc_sub_dissector *sd);
483
484 /* Decode As... functionality */
485 /* remove all bindings */
486 WS_DLL_PUBLIC void decode_dcerpc_reset_all(void);
487 typedef void (*decode_add_show_list_func)(void *data, void *user_data);
488 WS_DLL_PUBLIC void decode_dcerpc_add_show_list(decode_add_show_list_func func, void *user_data);
489
490
491 /* the registered subdissectors. With MSVC and a
492 * libwireshark.dll, we need a special declaration.
493 */
494 /* Key: guid_key *
495 * Value: dcerpc_uuid_value *
496 */
497 WS_DLL_PUBLIC GHashTable *dcerpc_uuids;
498
499 typedef struct _dcerpc_uuid_value {
500 protocol_t *proto;
501 int proto_id;
502 int ett;
503 const char *name;
504 const dcerpc_sub_dissector *procs;
505 int opnum_hf;
506 } dcerpc_uuid_value;
507
508 /* Authenticated pipe registration functions and miscellanea */
509
510 typedef tvbuff_t *(dcerpc_decode_data_fnct_t)(tvbuff_t *header_tvb,
511 tvbuff_t *payload_tvb,
512 tvbuff_t *trailer_tvb,
513 tvbuff_t *auth_tvb,
514 packet_info *pinfo,
515 dcerpc_auth_info *auth_info);
516
517 typedef struct _dcerpc_auth_subdissector_fns {
518
519 /* Dissect credentials and verifiers */
520
521 dcerpc_dissect_fnct_t *bind_fn;
522 dcerpc_dissect_fnct_t *bind_ack_fn;
523 dcerpc_dissect_fnct_t *auth3_fn;
524 dcerpc_dissect_fnct_t *req_verf_fn;
525 dcerpc_dissect_fnct_t *resp_verf_fn;
526
527 /* Decrypt encrypted requests/response PDUs */
528
529 dcerpc_decode_data_fnct_t *req_data_fn;
530 dcerpc_decode_data_fnct_t *resp_data_fn;
531
532 } dcerpc_auth_subdissector_fns;
533
534 void register_dcerpc_auth_subdissector(uint8_t auth_level, uint8_t auth_type,
535 dcerpc_auth_subdissector_fns *fns);
536
537 /* all values needed to (re-)build a dcerpc binding */
538 typedef struct decode_dcerpc_bind_values_s {
539 /* values of a typical conversation */
540 address addr_a;
541 address addr_b;
542 port_type ptype;
543 uint32_t port_a;
544 uint32_t port_b;
545 /* dcerpc conversation specific */
546 uint16_t ctx_id;
547 uint64_t transport_salt;
548 /* corresponding "interface" */
549 GString *ifname;
550 e_guid_t uuid;
551 uint16_t ver;
552 } decode_dcerpc_bind_values_t;
553
554 WS_DLL_PUBLIC uint64_t dcerpc_get_transport_salt(packet_info *pinfo);
555 WS_DLL_PUBLIC void dcerpc_set_transport_salt(uint64_t dcetransportsalt, packet_info *pinfo);
556
557 /* Authentication services */
558
559 /*
560 * For MS-specific SSPs (Security Service Provider), see
561 *
562 * https://docs.microsoft.com/en-us/windows/win32/rpc/authentication-level-constants
563 */
564
565 #define DCE_C_RPC_AUTHN_PROTOCOL_NONE 0
566 #define DCE_C_RPC_AUTHN_PROTOCOL_KRB5 1
567 #define DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO 9
568 #define DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP 10
569 #define DCE_C_RPC_AUTHN_PROTOCOL_GSS_SCHANNEL 14
570 #define DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS 16
571 #define DCE_C_RPC_AUTHN_PROTOCOL_DPA 17
572 #define DCE_C_RPC_AUTHN_PROTOCOL_MSN 18
573 #define DCE_C_RPC_AUTHN_PROTOCOL_DIGEST 21
574 #define DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN 68
575 #define DCE_C_RPC_AUTHN_PROTOCOL_MQ 100
576
577 /* Protection levels */
578
579 #define DCE_C_AUTHN_LEVEL_NONE 1
580 #define DCE_C_AUTHN_LEVEL_CONNECT 2
581 #define DCE_C_AUTHN_LEVEL_CALL 3
582 #define DCE_C_AUTHN_LEVEL_PKT 4
583 #define DCE_C_AUTHN_LEVEL_PKT_INTEGRITY 5
584 #define DCE_C_AUTHN_LEVEL_PKT_PRIVACY 6
585
586 void
587 free_ndr_pointer_list(dcerpc_info *di);
588 void
589 init_ndr_pointer_list(dcerpc_info *di);
590
591
592
593 /* These defines are used in the PIDL conformance files when using
594 * the PARAM_VALUE directive.
595 */
596 /* Policy handle tracking. Describes in which function a handle is
597 * opened/closed. See "winreg.cnf" for example.
598 *
599 * The uint32_t param is divided up into multiple fields
600 *
601 * +--------+--------+--------+--------+
602 * | Flags | Type | | |
603 * +--------+--------+--------+--------+
604 */
605 /* Flags : */
606 #define PIDL_POLHND_OPEN 0x80000000
607 #define PIDL_POLHND_CLOSE 0x40000000
608 #define PIDL_POLHND_USE 0x00000000 /* just use, not open or cose */
609 /* To "save" a pointer to the string in dcv->private_data */
610 #define PIDL_STR_SAVE 0x20000000
611 /* To make this value appear on the summary line for the packet */
612 #define PIDL_SET_COL_INFO 0x10000000
613
614 /* Type */
615 #define PIDL_POLHND_TYPE_MASK 0x00ff0000
616 #define PIDL_POLHND_TYPE_SAMR_USER 0x00010000
617 #define PIDL_POLHND_TYPE_SAMR_CONNECT 0x00020000
618 #define PIDL_POLHND_TYPE_SAMR_DOMAIN 0x00030000
619 #define PIDL_POLHND_TYPE_SAMR_GROUP 0x00040000
620 #define PIDL_POLHND_TYPE_SAMR_ALIAS 0x00050000
621
622 #define PIDL_POLHND_TYPE_LSA_POLICY 0x00060000
623 #define PIDL_POLHND_TYPE_LSA_ACCOUNT 0x00070000
624 #define PIDL_POLHND_TYPE_LSA_SECRET 0x00080000
625 #define PIDL_POLHND_TYPE_LSA_DOMAIN 0x00090000
626
627 /* a structure we store for all policy handles we track */
628 typedef struct pol_value {
629 struct pol_value *next; /* Next entry in hash bucket */
630 uint32_t open_frame, close_frame; /* Frame numbers for open/close */
631 uint32_t first_frame; /* First frame in which this instance was seen */
632 uint32_t last_frame; /* Last frame in which this instance was seen */
633 char *name; /* Name of policy handle */
634 uint32_t type; /* policy handle type */
635 } pol_value;
636
637
638 extern int hf_dcerpc_drep_byteorder;
639 extern int hf_dcerpc_ndr_padding;
640
641 #define FAKE_DCERPC_INFO_STRUCTURE \
642 /* Fake dcerpc_info structure */ \
643 dcerpc_info di; \
644 dcerpc_call_value call_data; \
645 \
646 di.conformant_run = false; \
647 di.no_align = true; \
648 \
649 /* we need di->call_data->flags.NDR64 == 0 */ \
650 call_data.flags = 0; \
651 di.call_data = &call_data;
652
653 #ifdef __cplusplus
654 }
655 #endif /* __cplusplus */
656
657 #endif /* packet-dcerpc.h */
Metzes wireshark repo