search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MSWSP: add two more Property Sets
[wireshark-wip.git] / epan / dissectors / packet-dcom-oxid.c
blob47800bb971d1a25ea848b51c066139cfeaa5f34f
1 /* packet-dcom-oxid.c
2 * Routines for DCOM OXID Resolver
3 * Copyright 2001, Todd Sabin <tas@webspan.net>
4 *
5 * $Id$
6 *
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
10 *
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26 /* see packet-dcom.c for details about DCOM */
27
28 #include "config.h"
29
30 #include <glib.h>
31 #include <epan/packet.h>
32 #include "packet-dcerpc.h"
33 #include "packet-dcom.h"
34
35 static int proto_oxid = -1;
36
37 static int hf_oxid_opnum = -1;
38 static int hf_oxid_setid = -1;
39 static int hf_oxid_seqnum = -1;
40 static int hf_oxid_addtoset = -1;
41 static int hf_oxid_delfromset = -1;
42 static int hf_oxid_oid = -1;
43 static int hf_oxid_ping_backoff_factor = -1;
44 static int hf_oxid_oxid = -1;
45 static int hf_oxid_requested_protseqs = -1;
46 static int hf_oxid_protseqs = -1;
47 static int hf_oxid_bindings = -1;
48 static int hf_oxid_ipid = -1;
49 static int hf_oxid_authn_hint = -1;
50
51 static int hf_oxid_Unknown1 = -1;
52 static int hf_oxid_Unknown2 = -1;
53 static int hf_oxid_ds_array = -1;
54
55
56 static gint ett_oxid = -1;
57
58 static e_uuid_t uuid_oxid = { 0x99fcfec4, 0x5260, 0x101b, { 0xbb, 0xcb, 0x00, 0xaa, 0x00, 0x21, 0x34, 0x7a } };
59 static guint16 ver_oxid = 0;
60
61
62 static int
63 dissect_oxid_simple_ping_rqst(tvbuff_t *tvb, int offset,
64 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
65 {
66 offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
67 hf_oxid_setid, NULL);
68
69 return offset;
70 }
71
72
73 static int
74 dissect_oxid_simple_ping_resp(tvbuff_t *tvb, int offset,
75 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
76 {
77 guint32 u32HResult;
78
79
80 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
81 &u32HResult);
82
83 col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
84 val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
85
86 return offset;
87 }
88
89
90 static int
91 dissect_oxid_server_alive_resp(tvbuff_t *tvb, int offset,
92 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
93 {
94 guint32 u32HResult;
95
96
97 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
98 &u32HResult);
99
100 col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
101 val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
102
103 return offset;
104 }
105
106
107 static int
108 dissect_oxid_complex_ping_rqst(tvbuff_t *tvb, int offset,
109 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
110 {
111 guint16 u16SeqNum;
112 guint16 u16AddToSet;
113 guint16 u16DelFromSet;
114 guint32 u32Pointer;
115 guint32 u32ArraySize;
116
117 offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
118 hf_oxid_setid, NULL);
119
120 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
121 hf_oxid_seqnum, &u16SeqNum);
122 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
123 hf_oxid_addtoset, &u16AddToSet);
124 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
125 hf_oxid_delfromset, &u16DelFromSet);
126
127 col_append_fstr(pinfo->cinfo, COL_INFO, " AddToSet=%u DelFromSet=%u",
128 u16AddToSet, u16DelFromSet);
129
130 offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
131 &u32Pointer);
132 if (u32Pointer) {
133 offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
134 &u32ArraySize);
135
136 while (u16AddToSet--) {
137 offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
138 hf_oxid_oid, NULL);
139 }
140 }
141
142 offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
143 &u32Pointer);
144 if (u32Pointer) {
145 offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
146 &u32ArraySize);
147
148 while (u16DelFromSet--) {
149 offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
150 hf_oxid_oid, NULL);
151 }
152 }
153
154 return offset;
155 }
156
157
158 static int
159 dissect_oxid_complex_ping_resp(tvbuff_t *tvb, int offset,
160 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
161 {
162 guint16 u16PingBackoffFactor;
163 guint32 u32HResult;
164
165
166 offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
167 hf_oxid_setid, NULL);
168 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
169 hf_oxid_ping_backoff_factor, &u16PingBackoffFactor);
170
171 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
172 &u32HResult);
173
174 col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
175 val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
176
177 return offset;
178 }
179
180
181 static int
182 dissect_oxid_resolve_oxid2_rqst(tvbuff_t *tvb, int offset,
183 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
184 {
185 guint16 u16ProtSeqs;
186 guint32 u32ArraySize;
187 guint32 u32ItemIdx;
188
189
190 offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
191 hf_oxid_oxid, NULL);
192
193 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
194 hf_oxid_requested_protseqs, &u16ProtSeqs);
195
196 offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
197 &u32ArraySize);
198
199 u32ItemIdx = 1;
200 while (u32ArraySize--) {
201 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
202 hf_oxid_protseqs, &u16ProtSeqs);
203 u32ItemIdx++;
204 }
205
206 return offset;
207 }
208
209
210 static int
211 dissect_oxid_resolve_oxid2_resp(tvbuff_t *tvb, int offset,
212 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
213 {
214 guint32 u32Pointer;
215 guint32 u32ArraySize;
216 e_uuid_t ipid;
217 guint32 u32AuthnHint;
218 guint16 u16VersionMajor;
219 guint16 u16VersionMinor;
220 guint32 u32HResult;
221
222
223 offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
224 &u32Pointer);
225 if (u32Pointer) {
226 offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
227 &u32ArraySize);
228
229 offset = dissect_dcom_DUALSTRINGARRAY(tvb, offset, pinfo, tree, di, drep,
230 hf_oxid_bindings, NULL);
231
232 offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
233 hf_oxid_ipid, &ipid);
234
235 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
236 hf_oxid_authn_hint, &u32AuthnHint);
237
238 offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, tree, di, drep,
239 &u16VersionMajor, &u16VersionMinor);
240 }
241
242 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
243 &u32HResult);
244
245 col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
246 val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
247
248 return offset;
249 }
250
251
252 static int
253 dissect_oxid_server_alive2_resp(tvbuff_t *tvb, int offset, packet_info *pinfo,
254 proto_tree *tree, dcerpc_info *di, guint8 *drep) {
255 guint16 u16VersionMajor;
256 guint16 u16VersionMinor;
257
258 offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, tree, di, drep, &u16VersionMajor, &u16VersionMinor);
259
260 /* XXX - understand what those 8 bytes mean! don't skip'em!*/
261 dissect_dcerpc_uint64(tvb , offset, pinfo, tree, drep, hf_oxid_Unknown1, NULL);
262 offset += 8;
263
264 offset = dissect_dcom_DUALSTRINGARRAY(tvb, offset, pinfo, tree, di, drep, hf_oxid_ds_array, NULL);
265
266 /* unknown field 2 */
267 dissect_dcerpc_uint64(tvb, offset, pinfo, tree, drep, hf_oxid_Unknown2, NULL);
268 offset += 8;
269 return offset;
270 }
271
272
273 /* XXX - some dissectors still need to be done */
274 static dcerpc_sub_dissector oxid_dissectors[] = {
275 { 0, "ResolveOxid", NULL, NULL },
276 { 1, "SimplePing", dissect_oxid_simple_ping_rqst, dissect_oxid_simple_ping_resp },
277 { 2, "ComplexPing", dissect_oxid_complex_ping_rqst, dissect_oxid_complex_ping_resp },
278 { 3, "ServerAlive", NULL /* no input parameters */, dissect_oxid_server_alive_resp },
279 { 4, "ResolveOxid2", dissect_oxid_resolve_oxid2_rqst, dissect_oxid_resolve_oxid2_resp },
280 { 5, "ServerAlive2", NULL, dissect_oxid_server_alive2_resp },
281 { 0, NULL, NULL, NULL },
282 };
283
284
285 void
286 proto_register_oxid (void)
287 {
288 static hf_register_info hf[] = {
289 { &hf_oxid_opnum,
290 { "Operation", "oxid.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
291
292 { &hf_oxid_setid,
293 { "SetId", "oxid.setid", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
294 { &hf_oxid_seqnum,
295 { "SeqNum", "oxid.seqnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
296 { &hf_oxid_addtoset,
297 { "AddToSet", "oxid.addtoset", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
298 { &hf_oxid_delfromset,
299 { "DelFromSet", "oxid.delfromset", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
300 { &hf_oxid_oid,
301 { "OID", "oxid.oid", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
302 { &hf_oxid_ping_backoff_factor,
303 { "PingBackoffFactor", "oxid.ping_backoff_factor", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
304 { &hf_oxid_oxid,
305 { "OXID", "oxid.oxid", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
306
307 { &hf_oxid_requested_protseqs,
308 { "RequestedProtSeq", "oxid.requested_protseqs", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
309 { &hf_oxid_protseqs,
310 { "ProtSeq", "oxid.protseqs", FT_UINT16, BASE_DEC, VALS(dcom_protseq_vals), 0x0, NULL, HFILL }},
311
312 { &hf_oxid_bindings,
313 { "OxidBindings", "oxid.bindings", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
314 { &hf_oxid_ipid,
315 { "IPID", "oxid.ipid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
316 { &hf_oxid_authn_hint,
317 { "AuthnHint", "oxid.authn_hint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
318
319 { &hf_oxid_ds_array,
320 { "Address", "dcom.oxid.address", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
321 { &hf_oxid_Unknown1,
322 { "unknown 8 bytes 1", "oxid.unknown1", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
323 { &hf_oxid_Unknown2,
324 { "unknown 8 bytes 2", "oxid.unknown2", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }}
325 };
326 static gint *ett[] = {
327 &ett_oxid
328 };
329 proto_oxid = proto_register_protocol ("DCOM OXID Resolver", "IOXIDResolver", "oxid");
330 proto_register_field_array (proto_oxid, hf, array_length (hf));
331 proto_register_subtree_array (ett, array_length (ett));
332 }
333
334 void
335 proto_reg_handoff_oxid (void)
336 {
337 /* Register the protocol as dcerpc */
338 dcerpc_init_uuid (proto_oxid, ett_oxid, &uuid_oxid, ver_oxid, oxid_dissectors, hf_oxid_opnum);
339 }