epan/dissectors/packet-dcerpc-rs_acct.c

   1 /* packet-dcerpc-rs_acct.c
   2  *
   3  * Routines for DFS/RS_ACCT
   4  * Copyright 2002, Jaime Fournier <Jaime.Fournier@hush.com>
   5  * This information is based off the released idl files from opengroup.
   6  * ftp://ftp.opengroup.org/pub/dce122/dce/src/security.tar.gz security/idl/rs_acct.idl
   7  *
   8  * Wireshark - Network traffic analyzer
   9  * By Gerald Combs <gerald@wireshark.org>
  10  * Copyright 1998 Gerald Combs
  11  *
  12  * SPDX-License-Identifier: GPL-2.0-or-later
  13  */
  14
  15 #include "config.h"
  16
  17
  18 #include <epan/packet.h>
  19 #include "packet-dcerpc.h"
  20
  21 void proto_register_rs_acct (void);
  22 void proto_reg_handoff_rs_acct (void);
  23
  24 static int proto_rs_acct;
  25 static int hf_rs_acct_opnum;
  26 static int hf_rs_acct_lookup_rqst_var;
  27 static int hf_rs_acct_lookup_rqst_key_size;
  28 static int hf_rs_acct_lookup_rqst_key_t;
  29 static int hf_rs_acct_get_projlist_rqst_var1;
  30 static int hf_rs_acct_get_projlist_rqst_key_size;
  31 static int hf_rs_acct_get_projlist_rqst_key_t;
  32
  33
  34 static int ett_rs_acct;
  35
  36
  37
  38 static e_guid_t uuid_rs_acct = { 0x4c878280, 0x2000, 0x0000, { 0x0d, 0x00, 0x02, 0x87, 0x14, 0x00, 0x00, 0x00 } };
  39 static uint16_t ver_rs_acct = 1;
  40
  41
  42 static int
  43 rs_acct_dissect_lookup_rqst (tvbuff_t *tvb, int offset,
  44                 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
  45 {
  46         uint32_t key_size;
  47         const uint8_t *keyx_t = NULL;
  48
  49         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
  50                         hf_rs_acct_lookup_rqst_var, NULL);
  51         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
  52                         hf_rs_acct_lookup_rqst_key_size, &key_size);
  53
  54         if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */
  55                 proto_tree_add_item_ret_string(tree, hf_rs_acct_lookup_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA, pinfo->pool, &keyx_t);
  56                 offset += key_size;
  57
  58                 col_append_fstr(pinfo->cinfo, COL_INFO,
  59                                 " Request for: %s ", keyx_t);
  60         } else {
  61                 col_append_str(pinfo->cinfo, COL_INFO,
  62                                 " Request (other)");
  63         }
  64
  65         return offset;
  66 }
  67
  68
  69
  70 static int
  71 rs_acct_dissect_get_projlist_rqst (tvbuff_t *tvb, int offset,
  72                 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
  73 {
  74         uint32_t key_size;
  75         const uint8_t *keyx_t = NULL;
  76
  77         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
  78                         hf_rs_acct_get_projlist_rqst_var1, NULL);
  79         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
  80                         hf_rs_acct_get_projlist_rqst_key_size, &key_size);
  81
  82         proto_tree_add_item_ret_string(tree, hf_rs_acct_get_projlist_rqst_key_t,
  83                              tvb, offset, key_size, ENC_ASCII|ENC_NA, pinfo->pool, &keyx_t);
  84         offset += key_size;
  85
  86         col_append_fstr(pinfo->cinfo, COL_INFO,
  87                         " Request for: %s", keyx_t);
  88
  89         return offset;
  90 }
  91
  92
  93 static const dcerpc_sub_dissector rs_acct_dissectors[] = {
  94         { 0, "add",          NULL,                              NULL},
  95         { 1, "delete",       NULL,                              NULL},
  96         { 2, "rename",       NULL,                              NULL},
  97         { 3, "lookup",       rs_acct_dissect_lookup_rqst,       NULL},
  98         { 4, "replace",      NULL,                              NULL},
  99         { 5, "get_projlist", rs_acct_dissect_get_projlist_rqst, NULL},
 100         { 0, NULL, NULL, NULL }
 101 };
 102
 103 void
 104 proto_register_rs_acct (void)
 105 {
 106         static hf_register_info hf[] = {
 107         { &hf_rs_acct_opnum,
 108                 { "Operation", "rs_acct.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
 109         { &hf_rs_acct_lookup_rqst_var,
 110                 { "Var", "rs_acct.lookup_rqst_var", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
 111         { &hf_rs_acct_lookup_rqst_key_size,
 112                 { "Key Size", "rs_acct.lookup_rqst_key_size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
 113         { &hf_rs_acct_lookup_rqst_key_t,
 114                 { "Key", "rs_acct.lookup_rqst_key_t", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
 115         { &hf_rs_acct_get_projlist_rqst_var1,
 116                 { "Var1", "rs_acct.get_projlist_rqst_var1", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
 117         { &hf_rs_acct_get_projlist_rqst_key_size,
 118                 { "Var1", "rs_acct.get_projlist_rqst_key_size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
 119         { &hf_rs_acct_get_projlist_rqst_key_t,
 120                 { "Var1", "rs_acct.get_projlist_rqst_key_t", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }}
 121         };
 122
 123         static int *ett[] = {
 124                 &ett_rs_acct,
 125         };
 126         proto_rs_acct = proto_register_protocol ("DCE/RPC RS_ACCT", "RS_ACCT", "rs_acct");
 127         proto_register_field_array (proto_rs_acct, hf, array_length (hf));
 128         proto_register_subtree_array (ett, array_length (ett));
 129 }
 130
 131
 132
 133 void
 134 proto_reg_handoff_rs_acct (void)
 135 {
 136         /* Register the protocol as dcerpc */
 137         dcerpc_init_uuid (proto_rs_acct, ett_rs_acct, &uuid_rs_acct, ver_rs_acct, rs_acct_dissectors, hf_rs_acct_opnum);
 138 }
 139
 140 /*
 141  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 142  *
 143  * Local variables:
 144  * c-basic-offset: 8
 145  * tab-width: 8
 146  * indent-tabs-mode: t
 147  * End:
 148  *
 149  * vi: set shiftwidth=8 tabstop=8 noexpandtab:
 150  * :indentSize=8:tabSize=8:noTabs=false:
 151  */