search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
epan/dissectors/pidl/ C99 drsuapi
[wireshark-sm.git] / epan / dissectors / packet-dcom-oxid.c
blobb1d31971d6215f7054a8e8a567fa57663f6dfdb7
1 /* packet-dcom-oxid.c
2 * Routines for DCOM OXID Resolver
3 * Copyright 2001, Todd Sabin <tas@webspan.net>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 /* see packet-dcom.c for details about DCOM */
13
14 #include "config.h"
15
16 #include <epan/packet.h>
17 #include "packet-dcerpc.h"
18 #include "packet-dcom.h"
19
20 void proto_register_oxid(void);
21 void proto_reg_handoff_oxid(void);
22
23 static int proto_oxid;
24
25 static int hf_oxid_opnum;
26 static int hf_oxid_setid;
27 static int hf_oxid_seqnum;
28 static int hf_oxid_addtoset;
29 static int hf_oxid_delfromset;
30 static int hf_oxid_oid;
31 static int hf_oxid_ping_backoff_factor;
32 static int hf_oxid_oxid;
33 static int hf_oxid_requested_protseqs;
34 static int hf_oxid_protseqs;
35 static int hf_oxid_bindings;
36 static int hf_oxid_ipid;
37 static int hf_oxid_authn_hint;
38
39 static int hf_oxid_Unknown1;
40 static int hf_oxid_Unknown2;
41 static int hf_oxid_ds_array;
42
43
44 static int ett_oxid;
45
46 static e_guid_t uuid_oxid = { 0x99fcfec4, 0x5260, 0x101b, { 0xbb, 0xcb, 0x00, 0xaa, 0x00, 0x21, 0x34, 0x7a } };
47 static uint16_t ver_oxid;
48
49
50 static int
51 dissect_oxid_simple_ping_rqst(tvbuff_t *tvb, int offset,
52 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
53 {
54 offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
55 hf_oxid_setid, NULL);
56
57 return offset;
58 }
59
60
61 static int
62 dissect_oxid_simple_ping_resp(tvbuff_t *tvb, int offset,
63 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
64 {
65 uint32_t u32HResult;
66
67
68 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
69 &u32HResult);
70
71 col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
72 val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
73
74 return offset;
75 }
76
77
78 static int
79 dissect_oxid_server_alive_resp(tvbuff_t *tvb, int offset,
80 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
81 {
82 uint32_t u32HResult;
83
84
85 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
86 &u32HResult);
87
88 col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
89 val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
90
91 return offset;
92 }
93
94
95 static int
96 dissect_oxid_complex_ping_rqst(tvbuff_t *tvb, int offset,
97 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
98 {
99 uint16_t u16SeqNum;
100 uint16_t u16AddToSet;
101 uint16_t u16DelFromSet;
102 uint32_t u32Pointer;
103 uint32_t u32ArraySize;
104
105 offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
106 hf_oxid_setid, NULL);
107
108 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
109 hf_oxid_seqnum, &u16SeqNum);
110 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
111 hf_oxid_addtoset, &u16AddToSet);
112 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
113 hf_oxid_delfromset, &u16DelFromSet);
114
115 col_append_fstr(pinfo->cinfo, COL_INFO, " AddToSet=%u DelFromSet=%u",
116 u16AddToSet, u16DelFromSet);
117
118 offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
119 &u32Pointer);
120 if (u32Pointer) {
121 offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
122 &u32ArraySize);
123
124 while (u16AddToSet--) {
125 offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
126 hf_oxid_oid, NULL);
127 }
128 }
129
130 offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
131 &u32Pointer);
132 if (u32Pointer) {
133 offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
134 &u32ArraySize);
135
136 while (u16DelFromSet--) {
137 offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
138 hf_oxid_oid, NULL);
139 }
140 }
141
142 return offset;
143 }
144
145
146 static int
147 dissect_oxid_complex_ping_resp(tvbuff_t *tvb, int offset,
148 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
149 {
150 uint16_t u16PingBackoffFactor;
151 uint32_t u32HResult;
152
153
154 offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
155 hf_oxid_setid, NULL);
156 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
157 hf_oxid_ping_backoff_factor, &u16PingBackoffFactor);
158
159 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
160 &u32HResult);
161
162 col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
163 val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
164
165 return offset;
166 }
167
168
169 static int
170 dissect_oxid_resolve_oxid2_rqst(tvbuff_t *tvb, int offset,
171 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
172 {
173 uint16_t u16ProtSeqs;
174 uint32_t u32ArraySize;
175
176
177 offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
178 hf_oxid_oxid, NULL);
179
180 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
181 hf_oxid_requested_protseqs, &u16ProtSeqs);
182
183 offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
184 &u32ArraySize);
185
186 while (u32ArraySize--) {
187 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
188 hf_oxid_protseqs, &u16ProtSeqs);
189 }
190
191 return offset;
192 }
193
194
195 static int
196 dissect_oxid_resolve_oxid2_resp(tvbuff_t *tvb, int offset,
197 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
198 {
199 uint32_t u32Pointer;
200 uint32_t u32ArraySize;
201 e_guid_t ipid;
202 uint32_t u32AuthnHint;
203 uint16_t u16VersionMajor;
204 uint16_t u16VersionMinor;
205 uint32_t u32HResult;
206
207
208 offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
209 &u32Pointer);
210 if (u32Pointer) {
211 offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
212 &u32ArraySize);
213
214 offset = dissect_dcom_DUALSTRINGARRAY(tvb, offset, pinfo, tree, di, drep,
215 hf_oxid_bindings, NULL);
216
217 offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
218 hf_oxid_ipid, &ipid);
219
220 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
221 hf_oxid_authn_hint, &u32AuthnHint);
222
223 offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, tree, di, drep,
224 &u16VersionMajor, &u16VersionMinor);
225 }
226
227 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
228 &u32HResult);
229
230 col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
231 val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
232
233 return offset;
234 }
235
236
237 static int
238 dissect_oxid_server_alive2_resp(tvbuff_t *tvb, int offset, packet_info *pinfo,
239 proto_tree *tree, dcerpc_info *di, uint8_t *drep) {
240 uint16_t u16VersionMajor;
241 uint16_t u16VersionMinor;
242
243 offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, tree, di, drep, &u16VersionMajor, &u16VersionMinor);
244
245 /* XXX - understand what those 8 bytes mean! don't skip'em!*/
246 dissect_dcerpc_uint64(tvb, offset, pinfo, tree, di, drep, hf_oxid_Unknown1, NULL);
247 offset += 8;
248
249 offset = dissect_dcom_DUALSTRINGARRAY(tvb, offset, pinfo, tree, di, drep, hf_oxid_ds_array, NULL);
250
251 /* unknown field 2 */
252 dissect_dcerpc_uint64(tvb, offset, pinfo, tree, di, drep, hf_oxid_Unknown2, NULL);
253 offset += 8;
254 return offset;
255 }
256
257
258 /* XXX - some dissectors still need to be done */
259 static const dcerpc_sub_dissector oxid_dissectors[] = {
260 { 0, "ResolveOxid", NULL, NULL },
261 { 1, "SimplePing", dissect_oxid_simple_ping_rqst, dissect_oxid_simple_ping_resp },
262 { 2, "ComplexPing", dissect_oxid_complex_ping_rqst, dissect_oxid_complex_ping_resp },
263 { 3, "ServerAlive", NULL /* no input parameters */, dissect_oxid_server_alive_resp },
264 { 4, "ResolveOxid2", dissect_oxid_resolve_oxid2_rqst, dissect_oxid_resolve_oxid2_resp },
265 { 5, "ServerAlive2", NULL, dissect_oxid_server_alive2_resp },
266 { 0, NULL, NULL, NULL },
267 };
268
269
270 void
271 proto_register_oxid (void)
272 {
273 static hf_register_info hf[] = {
274 { &hf_oxid_opnum,
275 { "Operation", "oxid.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
276
277 { &hf_oxid_setid,
278 { "SetId", "oxid.setid", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
279 { &hf_oxid_seqnum,
280 { "SeqNum", "oxid.seqnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
281 { &hf_oxid_addtoset,
282 { "AddToSet", "oxid.addtoset", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
283 { &hf_oxid_delfromset,
284 { "DelFromSet", "oxid.delfromset", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
285 { &hf_oxid_oid,
286 { "OID", "oxid.oid", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
287 { &hf_oxid_ping_backoff_factor,
288 { "PingBackoffFactor", "oxid.ping_backoff_factor", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
289 { &hf_oxid_oxid,
290 { "OXID", "oxid.oxid", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
291
292 { &hf_oxid_requested_protseqs,
293 { "RequestedProtSeq", "oxid.requested_protseqs", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
294 { &hf_oxid_protseqs,
295 { "ProtSeq", "oxid.protseqs", FT_UINT16, BASE_DEC, VALS(dcom_protseq_vals), 0x0, NULL, HFILL }},
296
297 { &hf_oxid_bindings,
298 { "OxidBindings", "oxid.bindings", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
299 { &hf_oxid_ipid,
300 { "IPID", "oxid.ipid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
301 { &hf_oxid_authn_hint,
302 { "AuthnHint", "oxid.authn_hint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
303
304 { &hf_oxid_ds_array,
305 { "Address", "dcom.oxid.address", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
306 { &hf_oxid_Unknown1,
307 { "unknown 8 bytes 1", "oxid.unknown1", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
308 { &hf_oxid_Unknown2,
309 { "unknown 8 bytes 2", "oxid.unknown2", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }}
310 };
311 static int *ett[] = {
312 &ett_oxid
313 };
314 proto_oxid = proto_register_protocol ("DCOM OXID Resolver", "IOXIDResolver", "oxid");
315 proto_register_field_array (proto_oxid, hf, array_length (hf));
316 proto_register_subtree_array (ett, array_length (ett));
317 }
318
319 void
320 proto_reg_handoff_oxid (void)
321 {
322 /* Register the protocol as dcerpc */
323 dcerpc_init_uuid (proto_oxid, ett_oxid, &uuid_oxid, ver_oxid, oxid_dissectors, hf_oxid_opnum);
324 }
325
326 /*
327 * Editor modelines - https://www.wireshark.org/tools/modelines.html
328 *
329 * Local variables:
330 * c-basic-offset: 4
331 * tab-width: 8
332 * indent-tabs-mode: nil
333 * End:
334 *
335 * vi: set shiftwidth=4 tabstop=8 expandtab:
336 * :indentSize=4:tabSize=8:noTabs=true:
337 */
Metzes wireshark repo