search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
epan/dissectors/pidl/ C99 drsuapi
[wireshark-sm.git] / epan / dissectors / packet-dcerpc.h
blob8923e4a36e1ea19918f6b2d8da09157e5d2dd1be
1 /* packet-dcerpc.h
2 * Copyright 2001, Todd Sabin <tas@webspan.net>
3 * Copyright 2003, Tim Potter <tpot@samba.org>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 #ifndef __PACKET_DCERPC_H__
13 #define __PACKET_DCERPC_H__
14
15 #include <epan/conversation.h>
16 #include "ws_symbol_export.h"
17
18 #ifdef __cplusplus
19 extern "C" {
20 #endif /* __cplusplus */
21
22 #define DCERPC_TABLE_NAME "dcerpc.uuid"
23 /*
24 * Data representation.
25 */
26 #define DREP_LITTLE_ENDIAN 0x10
27
28 #define DREP_EBCDIC 0x01
29
30 /*
31 * Data representation to integer byte order.
32 */
33 #define DREP_ENC_INTEGER(drep) \
34 (((drep)[0] & DREP_LITTLE_ENDIAN) ? ENC_LITTLE_ENDIAN : ENC_BIG_ENDIAN)
35
36 /*
37 * Data representation to (octet-string) character encoding.
38 */
39 #define DREP_ENC_CHAR(drep) \
40 (((drep)[0] & DREP_EBCDIC) ? ENC_EBCDIC|ENC_NA : ENC_ASCII|ENC_NA)
41
42 #ifdef PT_R4
43 /* now glib always includes signal.h and on linux PPC
44 * signal.h defines PT_R4
45 */
46 #undef PT_R4
47 #endif
48
49 #define DCERPC_UUID_NULL { 0,0,0, {0,0,0,0,0,0,0,0} }
50
51 /* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */
52 #define DCERPC_UUID_STR_LEN 36+1
53
54 typedef struct _e_ctx_hnd {
55 uint32_t attributes;
56 e_guid_t uuid;
57 } e_ctx_hnd;
58
59 typedef struct _e_dce_cn_common_hdr_t {
60 uint8_t rpc_ver;
61 uint8_t rpc_ver_minor;
62 uint8_t ptype;
63 uint8_t flags;
64 uint8_t drep[4];
65 uint16_t frag_len;
66 uint16_t auth_len;
67 uint32_t call_id;
68 } e_dce_cn_common_hdr_t;
69
70 typedef struct _e_dce_dg_common_hdr_t {
71 uint8_t rpc_ver;
72 uint8_t ptype;
73 uint8_t flags1;
74 uint8_t flags2;
75 uint8_t drep[3];
76 uint8_t serial_hi;
77 e_guid_t obj_id;
78 e_guid_t if_id;
79 e_guid_t act_id;
80 uint32_t server_boot;
81 uint32_t if_ver;
82 uint32_t seqnum;
83 uint16_t opnum;
84 uint16_t ihint;
85 uint16_t ahint;
86 uint16_t frag_len;
87 uint16_t frag_num;
88 uint8_t auth_proto;
89 uint8_t serial_lo;
90 } e_dce_dg_common_hdr_t;
91
92 struct _dcerpc_auth_subdissector_fns;
93
94 struct _enc_key_t;
95
96 typedef struct _dcerpc_auth_info {
97 bool hdr_signing;
98 uint8_t auth_type;
99 uint8_t auth_level;
100 uint32_t auth_context_id;
101 uint8_t auth_pad_len;
102 uint32_t auth_size;
103 struct _dcerpc_auth_subdissector_fns *auth_fns;
104 tvbuff_t *auth_hdr_tvb;
105 tvbuff_t *auth_tvb;
106 proto_item *auth_item;
107 proto_tree *auth_tree;
108 struct _enc_key_t *session_key;
109 } dcerpc_auth_info;
110
111 typedef struct dcerpcstat_tap_data
112 {
113 const char *prog;
114 e_guid_t uuid;
115 uint16_t ver;
116 int num_procedures;
117 } dcerpcstat_tap_data_t;
118
119 /* Private data passed to subdissectors from the main DCERPC dissector.
120 * One unique instance of this structure is created for each
121 * DCERPC request/response transaction when we see the initial request
122 * of the transaction.
123 * These instances are persistent and will remain available until the
124 * capture file is closed and a new one is read.
125 *
126 * For transactions where we never saw the request (missing from the trace)
127 * the dcerpc runtime will create a temporary "fake" such structure to pass
128 * to the response dissector. These fake structures are not persistent
129 * and can not be used to keep data hanging around.
130 */
131 typedef struct _dcerpc_call_value {
132 e_guid_t uuid; /* interface UUID */
133 uint16_t ver; /* interface version */
134 e_guid_t object_uuid; /* optional object UUID (or DCERPC_UUID_NULL) */
135 uint16_t opnum;
136 uint32_t req_frame;
137 nstime_t req_time;
138 uint32_t rep_frame;
139 uint32_t max_ptr;
140 void *se_data; /* This holds any data with se allocation scope
141 * that we might want to keep
142 * for this request/response transaction.
143 * The pointer is initialized to NULL and must be
144 * checked before being dereferenced.
145 * This is useful for such things as when we
146 * need to pass persistent data from the request
147 * to the reply, such as LSA/OpenPolicy2() that
148 * uses this to pass the domain name from the
149 * request to the reply.
150 */
151 void *private_data; /* XXX This will later be renamed as ep_data */
152 e_ctx_hnd *pol; /* policy handle tracked between request/response*/
153 #define DCERPC_IS_NDR64 0x00000001
154 uint32_t flags; /* flags for this transaction */
155 } dcerpc_call_value;
156
157 typedef struct _dcerpc_ptr_stack {
158 struct _dcerpc_ptr_stack *parent;
159 union {
160 void *ptr;
161 uint64_t val64;
162 } private_data;
163 } dcerpc_ptr_stack;
164
165 typedef struct _dcerpc_info {
166 conversation_t *conv; /* Which TCP stream we are in */
167 uint32_t call_id; /* Call ID for this call */
168 uint64_t transport_salt; /* e.g. FID for DCERPC over SMB */
169 uint8_t ptype; /* packet type: PDU_REQ, PDU_RESP, ... */
170 bool conformant_run;
171 bool no_align; /* are data aligned? (default yes) */
172 int32_t conformant_eaten; /* how many bytes did the conformant run eat?*/
173 uint32_t array_max_count; /* max_count for conformant arrays */
174 uint32_t array_max_count_offset;
175 uint32_t array_offset;
176 uint32_t array_offset_offset;
177 uint32_t array_actual_count;
178 uint32_t array_actual_count_offset;
179 int hf_index;
180 dcerpc_call_value *call_data;
181 dcerpc_ptr_stack *ptr_stack;
182 uint64_t switch_level;
183 const char *dcerpc_procedure_name; /* Used by PIDL to store the name of the current dcerpc procedure */
184 struct _dcerpc_auth_info *auth_info;
185 void *private_data;
186 struct _enc_key_t *auth_session_key;
187
188 /* ndr pointer handling */
189 struct {
190 /* Should we re-read the size of the list ?
191 * Instead of re-calculating the size every time, use the stored value unless this
192 * flag is set which means: re-read the size of the list
193 */
194 bool must_check_size;
195 /*
196 * List of pointers encountered so far in the current level. Points to an
197 * element of list_ndr_pointer_list.
198 */
199 GSList *list;
200 GHashTable *hash;
201 /*
202 * List of pointer list, in order to avoid huge performance penalty
203 * when dealing with list bigger than 100 elements due to the way we
204 * try to insert in the list.
205 * We instead maintain a stack of pointer list
206 * To make it easier to manage we just use a list to materialize the stack
207 */
208 GSList *list_list;
209
210 /* Boolean controlling whether pointers are top-level or embedded */
211 bool are_top_level;
212 } pointers;
213 } dcerpc_info;
214
215 #define PDU_REQ 0
216 #define PDU_PING 1
217 #define PDU_RESP 2
218 #define PDU_FAULT 3
219 #define PDU_WORKING 4
220 #define PDU_NOCALL 5
221 #define PDU_REJECT 6
222 #define PDU_ACK 7
223 #define PDU_CL_CANCEL 8
224 #define PDU_FACK 9
225 #define PDU_CANCEL_ACK 10
226 #define PDU_BIND 11
227 #define PDU_BIND_ACK 12
228 #define PDU_BIND_NAK 13
229 #define PDU_ALTER 14
230 #define PDU_ALTER_ACK 15
231 #define PDU_AUTH3 16
232 #define PDU_SHUTDOWN 17
233 #define PDU_CO_CANCEL 18
234 #define PDU_ORPHANED 19
235 #define PDU_RTS 20
236
237 /*
238 * helpers for packet-dcerpc.c and packet-dcerpc-ndr.c
239 * If you're writing a subdissector, you almost certainly want the
240 * NDR functions below.
241 */
242 uint16_t dcerpc_tvb_get_ntohs (tvbuff_t *tvb, int offset, uint8_t *drep);
243 uint32_t dcerpc_tvb_get_ntohl (tvbuff_t *tvb, int offset, uint8_t *drep);
244 void dcerpc_tvb_get_uuid (tvbuff_t *tvb, int offset, uint8_t *drep, e_guid_t *uuid);
245 WS_DLL_PUBLIC
246 int dissect_dcerpc_char (tvbuff_t *tvb, int offset, packet_info *pinfo,
247 proto_tree *tree, uint8_t *drep,
248 int hfindex, uint8_t *pdata);
249 WS_DLL_PUBLIC
250 int dissect_dcerpc_uint8 (tvbuff_t *tvb, int offset, packet_info *pinfo,
251 proto_tree *tree, uint8_t *drep,
252 int hfindex, uint8_t *pdata);
253 WS_DLL_PUBLIC
254 int dissect_dcerpc_uint16 (tvbuff_t *tvb, int offset, packet_info *pinfo,
255 proto_tree *tree, uint8_t *drep,
256 int hfindex, uint16_t *pdata);
257 WS_DLL_PUBLIC
258 int dissect_dcerpc_uint32 (tvbuff_t *tvb, int offset, packet_info *pinfo,
259 proto_tree *tree, uint8_t *drep,
260 int hfindex, uint32_t *pdata);
261 WS_DLL_PUBLIC
262 int dissect_dcerpc_uint64 (tvbuff_t *tvb, int offset, packet_info *pinfo,
263 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
264 int hfindex, uint64_t *pdata);
265 int dissect_dcerpc_float (tvbuff_t *tvb, int offset, packet_info *pinfo,
266 proto_tree *tree, uint8_t *drep,
267 int hfindex, float *pdata);
268 int dissect_dcerpc_double (tvbuff_t *tvb, int offset, packet_info *pinfo,
269 proto_tree *tree, uint8_t *drep,
270 int hfindex, double *pdata);
271 int dissect_dcerpc_time_t (tvbuff_t *tvb, int offset, packet_info *pinfo,
272 proto_tree *tree, uint8_t *drep,
273 int hfindex, uint32_t *pdata);
274 WS_DLL_PUBLIC
275 int dissect_dcerpc_uuid_t (tvbuff_t *tvb, int offset, packet_info *pinfo,
276 proto_tree *tree, uint8_t *drep,
277 int hfindex, e_guid_t *pdata);
278
279 /*
280 * NDR routines for subdissectors.
281 */
282 WS_DLL_PUBLIC
283 int dissect_ndr_uint8 (tvbuff_t *tvb, int offset, packet_info *pinfo,
284 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
285 int hfindex, uint8_t *pdata);
286 int PIDL_dissect_uint8 (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param);
287 int PIDL_dissect_uint8_val (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param, uint8_t *pval);
288 WS_DLL_PUBLIC
289 int dissect_ndr_uint16 (tvbuff_t *tvb, int offset, packet_info *pinfo,
290 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
291 int hfindex, uint16_t *pdata);
292 int PIDL_dissect_uint16 (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param);
293 int PIDL_dissect_uint16_val (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param, uint16_t *pval);
294 WS_DLL_PUBLIC
295 int dissect_ndr_uint32 (tvbuff_t *tvb, int offset, packet_info *pinfo,
296 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
297 int hfindex, uint32_t *pdata);
298 int PIDL_dissect_uint32 (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param);
299 int PIDL_dissect_uint32_val (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param, uint32_t *rval);
300 WS_DLL_PUBLIC
301 int dissect_ndr_duint32 (tvbuff_t *tvb, int offset, packet_info *pinfo,
302 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
303 int hfindex, uint64_t *pdata);
304 WS_DLL_PUBLIC
305 int dissect_ndr_uint64 (tvbuff_t *tvb, int offset, packet_info *pinfo,
306 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
307 int hfindex, uint64_t *pdata);
308 int PIDL_dissect_uint64 (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param);
309 int PIDL_dissect_uint64_val (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, uint32_t param, uint64_t *pval);
310 WS_DLL_PUBLIC
311 int dissect_ndr_float (tvbuff_t *tvb, int offset, packet_info *pinfo,
312 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
313 int hfindex, float *pdata);
314 WS_DLL_PUBLIC
315 int dissect_ndr_double (tvbuff_t *tvb, int offset, packet_info *pinfo,
316 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
317 int hfindex, double *pdata);
318
319 WS_DLL_PUBLIC
320 int dissect_ndr_time_t (tvbuff_t *tvb, int offset, packet_info *pinfo,
321 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
322 int hfindex, uint32_t *pdata);
323 WS_DLL_PUBLIC
324 int dissect_ndr_uuid_t (tvbuff_t *tvb, int offset, packet_info *pinfo,
325 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
326 int hfindex, e_guid_t *pdata);
327 int dissect_ndr_ctx_hnd (tvbuff_t *tvb, int offset, packet_info *pinfo,
328 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
329 int hfindex, e_ctx_hnd *pdata);
330
331 #define FT_UINT1632 FT_UINT32
332 typedef uint32_t uint1632_t;
333
334 WS_DLL_PUBLIC
335 int dissect_ndr_uint1632 (tvbuff_t *tvb, int offset, packet_info *pinfo,
336 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
337 int hfindex, uint1632_t *pdata);
338
339 typedef uint64_t uint3264_t;
340
341 WS_DLL_PUBLIC
342 int dissect_ndr_uint3264 (tvbuff_t *tvb, int offset, packet_info *pinfo,
343 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
344 int hfindex, uint3264_t *pdata);
345
346 typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
347 typedef int (dcerpc_dissect_fnct_blk_t)(tvbuff_t *tvb, int offset, int length, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
348
349 typedef void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, dcerpc_info *di, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args);
350
351 #define NDR_POINTER_REF 1
352 #define NDR_POINTER_UNIQUE 2
353 #define NDR_POINTER_PTR 3
354
355 int dissect_ndr_pointer_cb(tvbuff_t *tvb, int offset, packet_info *pinfo,
356 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
357 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
358 int hf_index, dcerpc_callback_fnct_t *callback,
359 void *callback_args);
360
361 int dissect_ndr_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
362 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
363 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
364 int hf_index);
365 int dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, dcerpc_info *di, uint8_t *drep);
366 int dissect_ndr_embedded_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
367 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
368 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
369 int hf_index);
370 int dissect_ndr_toplevel_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
371 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
372 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
373 int hf_index);
374
375 struct ndr_generic_array {
376 bool is_conformant;
377 bool is_varying;
378 uint32_t max_count;
379 uint32_t max_count_offset;
380 uint32_t offset;
381 uint32_t offset_offset;
382 uint32_t actual_count;
383 uint32_t actual_count_offset;
384 };
385
386 int
387 dissect_ndr_conformant_array_hdr(tvbuff_t *tvb, int offset, packet_info *pinfo,
388 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
389 struct ndr_generic_array *nga);
390
391 int
392 dissect_ndr_varying_array_hdr(tvbuff_t *tvb, int offset, packet_info *pinfo,
393 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
394 struct ndr_generic_array *nga);
395
396 int
397 dissect_ndr_generic_array_bytes(tvbuff_t *tvb, int offset, packet_info *pinfo,
398 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
399 struct ndr_generic_array *nga,
400 dcerpc_dissect_fnct_t *fnct_bytes);
401
402 int
403 dissect_ndr_generic_array_block(tvbuff_t *tvb, int offset, packet_info *pinfo,
404 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
405 struct ndr_generic_array *nga,
406 dcerpc_dissect_fnct_blk_t *fnct_block);
407
408 int
409 dissect_ndr_generic_array_string(tvbuff_t *tvb, int offset, packet_info *pinfo,
410 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
411 int size_is, int hfindex, bool add_subtree,
412 struct ndr_generic_array *nga,
413 char **data);
414
415 /* dissect a NDR unidimensional conformant array */
416 int dissect_ndr_ucarray(tvbuff_t *tvb, int offset, packet_info *pinfo,
417 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
418 dcerpc_dissect_fnct_t *fnct);
419
420 int dissect_ndr_ucarray_block(tvbuff_t *tvb, int offset, packet_info *pinfo,
421 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
422 dcerpc_dissect_fnct_blk_t *fnct);
423
424 /* dissect a NDR unidimensional conformant and varying array
425 * each byte in the array is processed separately
426 */
427 int dissect_ndr_ucvarray(tvbuff_t *tvb, int offset, packet_info *pinfo,
428 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
429 dcerpc_dissect_fnct_t *fnct);
430
431 int dissect_ndr_ucvarray_block(tvbuff_t *tvb, int offset, packet_info *pinfo,
432 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
433 dcerpc_dissect_fnct_blk_t *fnct);
434
435 /* dissect a NDR unidimensional varying array */
436 int dissect_ndr_uvarray(tvbuff_t *tvb, int offset, packet_info *pinfo,
437 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
438 dcerpc_dissect_fnct_t *fnct);
439
440 int dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
441 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
442
443 int dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
444 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int size_is,
445 int hfinfo, bool add_subtree,
446 char **data);
447 int dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
448 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
449 int dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
450 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
451 int PIDL_dissect_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int chsize, int hfindex, uint32_t param);
452
453 int dissect_ndr_cstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
454 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int size_is,
455 int hfindex, bool add_subtree, char **data);
456 int dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
457 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int size_is,
458 int hfinfo, bool add_subtree,
459 char **data);
460 int dissect_ndr_char_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
461 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
462 int dissect_ndr_wchar_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
463 proto_tree *tree, dcerpc_info *di, uint8_t *drep);
464
465 typedef struct _dcerpc_sub_dissector {
466 uint16_t num;
467 const char *name;
468 dcerpc_dissect_fnct_t *dissect_rqst;
469 dcerpc_dissect_fnct_t *dissect_resp;
470 } dcerpc_sub_dissector;
471
472 /* registration function for subdissectors */
473 WS_DLL_PUBLIC
474 void dcerpc_init_uuid (int proto, int ett, e_guid_t *uuid, uint16_t ver, const dcerpc_sub_dissector *procs, int opnum_hf);
475 WS_DLL_PUBLIC
476 void dcerpc_init_from_handle(int proto, e_guid_t *uuid, uint16_t ver, dissector_handle_t guid_handle);
477 WS_DLL_PUBLIC
478 const char *dcerpc_get_proto_name(e_guid_t *uuid, uint16_t ver);
479 WS_DLL_PUBLIC
480 int dcerpc_get_proto_hf_opnum(e_guid_t *uuid, uint16_t ver);
481 WS_DLL_PUBLIC
482 const dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_guid_t *uuid, uint16_t ver);
483
484 /* Create a opnum, name value_string from a subdissector list */
485
486 value_string *value_string_from_subdissectors(const dcerpc_sub_dissector *sd);
487
488 /* Decode As... functionality */
489 /* remove all bindings */
490 WS_DLL_PUBLIC void decode_dcerpc_reset_all(void);
491 typedef void (*decode_add_show_list_func)(void *data, void *user_data);
492 WS_DLL_PUBLIC void decode_dcerpc_add_show_list(decode_add_show_list_func func, void *user_data);
493
494
495 /* the registered subdissectors. With MSVC and a
496 * libwireshark.dll, we need a special declaration.
497 */
498 /* Key: guid_key *
499 * Value: dcerpc_uuid_value *
500 */
501 WS_DLL_PUBLIC GHashTable *dcerpc_uuids;
502
503 typedef struct _dcerpc_uuid_value {
504 protocol_t *proto;
505 int proto_id;
506 int ett;
507 const char *name;
508 const dcerpc_sub_dissector *procs;
509 int opnum_hf;
510 } dcerpc_uuid_value;
511
512 /* Authenticated pipe registration functions and miscellanea */
513
514 typedef tvbuff_t *(dcerpc_decode_data_fnct_t)(tvbuff_t *header_tvb,
515 tvbuff_t *payload_tvb,
516 tvbuff_t *trailer_tvb,
517 tvbuff_t *auth_tvb,
518 packet_info *pinfo,
519 dcerpc_auth_info *auth_info);
520
521 typedef struct _dcerpc_auth_subdissector_fns {
522
523 /* Dissect credentials and verifiers */
524
525 dcerpc_dissect_fnct_t *bind_fn;
526 dcerpc_dissect_fnct_t *bind_ack_fn;
527 dcerpc_dissect_fnct_t *auth3_fn;
528 dcerpc_dissect_fnct_t *req_verf_fn;
529 dcerpc_dissect_fnct_t *resp_verf_fn;
530
531 /* Decrypt encrypted requests/response PDUs */
532
533 dcerpc_decode_data_fnct_t *req_data_fn;
534 dcerpc_decode_data_fnct_t *resp_data_fn;
535
536 } dcerpc_auth_subdissector_fns;
537
538 void register_dcerpc_auth_subdissector(uint8_t auth_level, uint8_t auth_type,
539 dcerpc_auth_subdissector_fns *fns);
540
541 /* all values needed to (re-)build a dcerpc binding */
542 typedef struct decode_dcerpc_bind_values_s {
543 /* values of a typical conversation */
544 address addr_a;
545 address addr_b;
546 port_type ptype;
547 uint32_t port_a;
548 uint32_t port_b;
549 /* dcerpc conversation specific */
550 uint16_t ctx_id;
551 uint64_t transport_salt;
552 /* corresponding "interface" */
553 GString *ifname;
554 e_guid_t uuid;
555 uint16_t ver;
556 } decode_dcerpc_bind_values_t;
557
558 WS_DLL_PUBLIC uint64_t dcerpc_get_transport_salt(packet_info *pinfo);
559 WS_DLL_PUBLIC void dcerpc_set_transport_salt(uint64_t dcetransportsalt, packet_info *pinfo);
560
561 /* Authentication services */
562
563 /*
564 * For MS-specific SSPs (Security Service Provider), see
565 *
566 * https://docs.microsoft.com/en-us/windows/win32/rpc/authentication-level-constants
567 */
568
569 #define DCE_C_RPC_AUTHN_PROTOCOL_NONE 0
570 #define DCE_C_RPC_AUTHN_PROTOCOL_KRB5 1
571 #define DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO 9
572 #define DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP 10
573 #define DCE_C_RPC_AUTHN_PROTOCOL_GSS_SCHANNEL 14
574 #define DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS 16
575 #define DCE_C_RPC_AUTHN_PROTOCOL_DPA 17
576 #define DCE_C_RPC_AUTHN_PROTOCOL_MSN 18
577 #define DCE_C_RPC_AUTHN_PROTOCOL_DIGEST 21
578 #define DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN 68
579 #define DCE_C_RPC_AUTHN_PROTOCOL_MQ 100
580
581 /* Protection levels */
582
583 #define DCE_C_AUTHN_LEVEL_NONE 1
584 #define DCE_C_AUTHN_LEVEL_CONNECT 2
585 #define DCE_C_AUTHN_LEVEL_CALL 3
586 #define DCE_C_AUTHN_LEVEL_PKT 4
587 #define DCE_C_AUTHN_LEVEL_PKT_INTEGRITY 5
588 #define DCE_C_AUTHN_LEVEL_PKT_PRIVACY 6
589
590 void
591 free_ndr_pointer_list(dcerpc_info *di);
592 void
593 init_ndr_pointer_list(dcerpc_info *di);
594
595
596
597 /* These defines are used in the PIDL conformance files when using
598 * the PARAM_VALUE directive.
599 */
600 /* Policy handle tracking. Describes in which function a handle is
601 * opened/closed. See "winreg.cnf" for example.
602 *
603 * The uint32_t param is divided up into multiple fields
604 *
605 * +--------+--------+--------+--------+
606 * | Flags | Type | | |
607 * +--------+--------+--------+--------+
608 */
609 /* Flags : */
610 #define PIDL_POLHND_OPEN 0x80000000
611 #define PIDL_POLHND_CLOSE 0x40000000
612 #define PIDL_POLHND_USE 0x00000000 /* just use, not open or cose */
613 /* To "save" a pointer to the string in dcv->private_data */
614 #define PIDL_STR_SAVE 0x20000000
615 /* To make this value appear on the summary line for the packet */
616 #define PIDL_SET_COL_INFO 0x10000000
617
618 /* Type */
619 #define PIDL_POLHND_TYPE_MASK 0x00ff0000
620 #define PIDL_POLHND_TYPE_SAMR_USER 0x00010000
621 #define PIDL_POLHND_TYPE_SAMR_CONNECT 0x00020000
622 #define PIDL_POLHND_TYPE_SAMR_DOMAIN 0x00030000
623 #define PIDL_POLHND_TYPE_SAMR_GROUP 0x00040000
624 #define PIDL_POLHND_TYPE_SAMR_ALIAS 0x00050000
625
626 #define PIDL_POLHND_TYPE_LSA_POLICY 0x00060000
627 #define PIDL_POLHND_TYPE_LSA_ACCOUNT 0x00070000
628 #define PIDL_POLHND_TYPE_LSA_SECRET 0x00080000
629 #define PIDL_POLHND_TYPE_LSA_DOMAIN 0x00090000
630
631 /* a structure we store for all policy handles we track */
632 typedef struct pol_value {
633 struct pol_value *next; /* Next entry in hash bucket */
634 uint32_t open_frame, close_frame; /* Frame numbers for open/close */
635 uint32_t first_frame; /* First frame in which this instance was seen */
636 uint32_t last_frame; /* Last frame in which this instance was seen */
637 char *name; /* Name of policy handle */
638 uint32_t type; /* policy handle type */
639 } pol_value;
640
641
642 extern int hf_dcerpc_drep_byteorder;
643 extern int hf_dcerpc_ndr_padding;
644
645 #define FAKE_DCERPC_INFO_STRUCTURE \
646 /* Fake dcerpc_info structure */ \
647 dcerpc_info di; \
648 dcerpc_call_value call_data; \
649 \
650 di.conformant_run = false; \
651 di.no_align = true; \
652 \
653 /* we need di->call_data->flags.NDR64 == 0 */ \
654 call_data.flags = 0; \
655 di.call_data = &call_data;
656
657 #ifdef __cplusplus
658 }
659 #endif /* __cplusplus */
660
661 #endif /* packet-dcerpc.h */
Metzes wireshark repo