search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: 2nd try to match RowsetProperties
[wireshark-wip.git] / epan / dissectors / packet-dcerpc-ndr.c
blob999e7785320ad4e9576a0dd23630b08c1508a8b5
1 /* packet-dcerpc-ndr.c
2 * Routines for DCERPC NDR dissection
3 * Copyright 2001, Todd Sabin <tas@webspan.net>
4 *
5 * $Id$
6 *
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
10 *
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26 #include "config.h"
27
28 #include <glib.h>
29
30 #include <epan/packet.h>
31 #include <epan/wmem/wmem.h>
32 #include "packet-dcerpc.h"
33
34
35 /*
36 * The NDR routines are for use by dcerpc subdissetors. They're
37 * primarily for making sure things are aligned properly according
38 * to the rules of NDR.
39 */
40
41 int
42 dissect_ndr_uint8(tvbuff_t *tvb, gint offset, packet_info *pinfo,
43 proto_tree *tree, dcerpc_info *di, guint8 *drep,
44 int hfindex, guint8 *pdata)
45 {
46 /* Some callers expect us to initialize pdata, even in error conditions, so
47 * do it right away in case we forget later */
48 if (pdata)
49 *pdata = 0;
50
51 if (di->conformant_run) {
52 /* just a run to handle conformant arrays, no scalars to dissect */
53 return offset;
54 }
55
56 /* no alignment needed */
57 return dissect_dcerpc_uint8(tvb, offset, pinfo,
58 tree, drep, hfindex, pdata);
59 }
60
61 int
62 PIDL_dissect_uint8_val(tvbuff_t *tvb, gint offset, packet_info *pinfo,
63 proto_tree *tree, dcerpc_info *di, guint8 *drep,
64 int hfindex, guint32 param, guint8 *pval)
65 {
66 guint8 val;
67
68 if (di->conformant_run) {
69 /* just a run to handle conformant arrays, no scalars to dissect */
70 return offset;
71 }
72
73 /* no alignment needed */
74 offset = dissect_dcerpc_uint8(tvb, offset, pinfo,
75 tree, drep, hfindex, &val);
76
77 if (param&PIDL_SET_COL_INFO) {
78 header_field_info *hf_info;
79 char *valstr;
80
81 hf_info = proto_registrar_get_nth(hfindex);
82
83 valstr = (char *)wmem_alloc(wmem_packet_scope(), 64);
84 valstr[0]=0;
85
86 switch (hf_info->display) {
87 case BASE_DEC:
88 if (hf_info->strings) {
89 g_snprintf(valstr, 64, "%s(%d)",val_to_str(val, (const value_string *)hf_info->strings, "Unknown:%u"), val);
90 } else {
91 g_snprintf(valstr, 64, "%d", val);
92 }
93 break;
94 case BASE_HEX:
95 if (hf_info->strings) {
96 g_snprintf(valstr, 64, "%s(0x%02x)",val_to_str(val, (const value_string *)hf_info->strings, "Unknown:%u"), val);
97 } else {
98 g_snprintf(valstr, 64, "0x%02x", val);
99 }
100 break;
101 default:
102 REPORT_DISSECTOR_BUG("Invalid hf->display value");
103 }
104
105 col_append_fstr(pinfo->cinfo, COL_INFO," %s:%s", hf_info->name, valstr);
106 }
107 if (pval) {
108 *pval = val;
109 }
110
111 return offset;
112 }
113
114 int
115 PIDL_dissect_uint8(tvbuff_t *tvb, gint offset, packet_info *pinfo,
116 proto_tree *tree, dcerpc_info *di, guint8 *drep,
117 int hfindex, guint32 param)
118 {
119 return PIDL_dissect_uint8_val(tvb, offset, pinfo, tree, di, drep, hfindex, param, NULL);
120 }
121
122
123 int
124 dissect_ndr_uint16(tvbuff_t *tvb, gint offset, packet_info *pinfo,
125 proto_tree *tree, dcerpc_info *di, guint8 *drep,
126 int hfindex, guint16 *pdata)
127 {
128 /* Some callers expect us to initialize pdata, even in error conditions, so
129 * do it right away in case we forget later */
130 if (pdata)
131 *pdata = 0;
132
133 if (di->conformant_run) {
134 /* just a run to handle conformant arrays, no scalars to dissect */
135 return offset;
136 }
137
138
139 if (!di->no_align && (offset % 2)) {
140 offset++;
141 }
142 return dissect_dcerpc_uint16(tvb, offset, pinfo,
143 tree, drep, hfindex, pdata);
144 }
145
146 int
147 PIDL_dissect_uint16_val(tvbuff_t *tvb, gint offset, packet_info *pinfo,
148 proto_tree *tree, dcerpc_info *di, guint8 *drep,
149 int hfindex, guint32 param, guint16 *pval)
150 {
151 guint16 val;
152
153 if (di->conformant_run) {
154 /* just a run to handle conformant arrays, no scalars to dissect */
155 return offset;
156 }
157
158
159 if (!di->no_align && (offset % 2)) {
160 offset++;
161 }
162 offset = dissect_dcerpc_uint16(tvb, offset, pinfo,
163 tree, drep, hfindex, &val);
164
165 if (param&PIDL_SET_COL_INFO) {
166 header_field_info *hf_info;
167 char *valstr;
168
169 hf_info = proto_registrar_get_nth(hfindex);
170
171 valstr = (char *)wmem_alloc(wmem_packet_scope(), 64);
172 valstr[0]=0;
173
174 switch (hf_info->display) {
175 case BASE_DEC:
176 if (hf_info->strings) {
177 g_snprintf(valstr, 64, "%s(%d)",val_to_str(val, (const value_string *)hf_info->strings, "Unknown:%u"), val);
178 } else {
179 g_snprintf(valstr, 64, "%d", val);
180 }
181 break;
182 case BASE_HEX:
183 if (hf_info->strings) {
184 g_snprintf(valstr, 64, "%s(0x%04x)",val_to_str(val, (const value_string *)hf_info->strings, "Unknown:%u"), val);
185 } else {
186 g_snprintf(valstr, 64, "0x%04x", val);
187 }
188 break;
189 default:
190 REPORT_DISSECTOR_BUG("Invalid hf->display value");
191 }
192
193 col_append_fstr(pinfo->cinfo, COL_INFO," %s:%s", hf_info->name, valstr);
194 }
195
196 if (pval) {
197 *pval = val;
198 }
199 return offset;
200 }
201
202 int
203 PIDL_dissect_uint16(tvbuff_t *tvb, gint offset, packet_info *pinfo,
204 proto_tree *tree, dcerpc_info *di, guint8 *drep,
205 int hfindex, guint32 param _U_)
206 {
207 return PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hfindex, param, NULL);
208 }
209
210 int
211 dissect_ndr_uint32(tvbuff_t *tvb, gint offset, packet_info *pinfo,
212 proto_tree *tree, dcerpc_info *di, guint8 *drep,
213 int hfindex, guint32 *pdata)
214 {
215 /* Some callers expect us to initialize pdata, even in error conditions, so
216 * do it right away in case we forget later */
217 if (pdata)
218 *pdata = 0;
219
220 if ((di != NULL) && (di->conformant_run)) {
221 /* just a run to handle conformant arrays, no scalars to dissect */
222 return offset;
223 }
224
225
226 if ((di != NULL) && (!di->no_align) && (offset % 4)) {
227 offset += 4 - (offset % 4);
228 }
229 return dissect_dcerpc_uint32(tvb, offset, pinfo,
230 tree, drep, hfindex, pdata);
231 }
232
233 /* This is used to dissect the new datatypes, such as pointers and conformance
234 data, which is 4 bytes in size in NDR but 8 bytes in NDR64.
235 */
236 int
237 dissect_ndr_uint3264(tvbuff_t *tvb, gint offset, packet_info *pinfo,
238 proto_tree *tree, dcerpc_info *di, guint8 *drep,
239 int hfindex, guint3264 *pdata)
240 {
241 if (di->call_data->flags & DCERPC_IS_NDR64) {
242 return dissect_ndr_uint64(tvb, offset, pinfo, tree, di, drep, hfindex, pdata);
243 } else {
244 guint32 val = 0;
245 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hfindex, &val);
246 if (pdata) {
247 *pdata = val;
248 }
249 return offset;
250 }
251 }
252
253 /* This is used to dissect the new datatypes, such as enums
254 that are 2 bytes in size in NDR but 4 bytes in NDR64.
255 */
256 int
257 dissect_ndr_uint1632(tvbuff_t *tvb, gint offset, packet_info *pinfo,
258 proto_tree *tree, dcerpc_info *di, guint8 *drep,
259 int hfindex, guint1632 *pdata)
260 {
261 if (di->call_data->flags & DCERPC_IS_NDR64) {
262 return dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hfindex, pdata);
263 } else {
264 guint16 val = 0;
265 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, di, drep, hfindex, &val);
266 if (pdata) {
267 *pdata = val;
268 }
269 return offset;
270 }
271 }
272
273 int
274 PIDL_dissect_uint32_val(tvbuff_t *tvb, gint offset, packet_info *pinfo,
275 proto_tree *tree, dcerpc_info *di, guint8 *drep,
276 int hfindex, guint32 param, guint32 *rval)
277 {
278 guint32 val;
279
280 if (di->conformant_run) {
281 /* just a run to handle conformant arrays, no scalars to dissect */
282 return offset;
283 }
284
285
286 if (!di->no_align && (offset % 4)) {
287 offset += 4 - (offset % 4);
288 }
289 offset = dissect_dcerpc_uint32(tvb, offset, pinfo,
290 tree, drep, hfindex, &val);
291
292 if (param&PIDL_SET_COL_INFO) {
293 header_field_info *hf_info;
294 char *valstr;
295
296 hf_info = proto_registrar_get_nth(hfindex);
297
298 valstr = (char *)wmem_alloc(wmem_packet_scope(), 64);
299 valstr[0]=0;
300
301 switch (hf_info->display) {
302 case BASE_DEC:
303 if (hf_info->strings) {
304 g_snprintf(valstr, 64, "%s(%d)",val_to_str(val, (const value_string *)hf_info->strings, "Unknown:%u"), val);
305 } else {
306 g_snprintf(valstr, 64, "%d", val);
307 }
308 break;
309 case BASE_HEX:
310 if (hf_info->strings) {
311 g_snprintf(valstr, 64, "%s(0x%08x)",val_to_str(val, (const value_string *)hf_info->strings, "Unknown:%u"), val);
312 } else {
313 g_snprintf(valstr, 64, "0x%08x", val);
314 }
315 break;
316 default:
317 REPORT_DISSECTOR_BUG("Invalid hf->display value");
318 }
319
320 col_append_fstr(pinfo->cinfo, COL_INFO," %s:%s", hf_info->name, valstr);
321 }
322 if (rval != NULL) {
323 *rval = val;
324 }
325 return offset;
326 }
327
328 int
329 PIDL_dissect_uint32(tvbuff_t *tvb, gint offset, packet_info *pinfo,
330 proto_tree *tree, dcerpc_info *di, guint8 *drep,
331 int hfindex, guint32 param)
332 {
333 return PIDL_dissect_uint32_val(tvb, offset, pinfo, tree, di, drep, hfindex, param, NULL);
334 }
335
336 /* Double uint32
337 This function dissects the 64bit datatype that is common for
338 ms interfaces and which is 32bit aligned.
339 It is really just 2 uint32's
340 */
341 int
342 dissect_ndr_duint32(tvbuff_t *tvb, gint offset, packet_info *pinfo,
343 proto_tree *tree, dcerpc_info *di, guint8 *drep,
344 int hfindex, guint64 *pdata)
345 {
346 /* Some callers expect us to initialize pdata, even in error conditions, so
347 * do it right away in case we forget later */
348 if (pdata)
349 *pdata = 0;
350
351 if (di->conformant_run) {
352 /* just a run to handle conformant arrays, no scalars to dissect */
353 return offset;
354 }
355
356 if (!di->no_align && (offset % 4)) {
357 offset += 4 - (offset % 4);
358 }
359 return dissect_dcerpc_uint64(tvb, offset, pinfo,
360 tree, drep, hfindex, pdata);
361 }
362
363 /* uint64 : hyper
364 a 64 bit integer aligned to proper 8 byte boundaries
365 */
366 int
367 dissect_ndr_uint64(tvbuff_t *tvb, gint offset, packet_info *pinfo,
368 proto_tree *tree, dcerpc_info *di, guint8 *drep,
369 int hfindex, guint64 *pdata)
370 {
371 /* Some callers expect us to initialize pdata, even in error conditions, so
372 * do it right away in case we forget later */
373 if (pdata)
374 *pdata = 0;
375
376 if (di->conformant_run) {
377 /* just a run to handle conformant arrays, no scalars to dissect */
378 return offset;
379 }
380
381 if (!di->no_align && (offset % 8)) {
382 gint padding = 8 - (offset % 8);
383 /*add the item for padding bytes*/
384 proto_tree_add_text(tree, tvb, offset, padding, "NDR-Padding: %d bytes", padding);
385 offset += padding;
386 }
387 return dissect_dcerpc_uint64(tvb, offset, pinfo,
388 tree, drep, hfindex, pdata);
389 }
390
391 int
392 PIDL_dissect_uint64_val(tvbuff_t *tvb, gint offset, packet_info *pinfo,
393 proto_tree *tree, dcerpc_info *di, guint8 *drep,
394 int hfindex, guint32 param, guint64 *pval)
395 {
396 guint64 val;
397
398 if (di->conformant_run) {
399 /* just a run to handle conformant arrays, no scalars to dissect */
400 return offset;
401 }
402
403 if (!di->no_align && (offset % 8)) {
404 offset += 8 - (offset % 8);
405 }
406 offset = dissect_dcerpc_uint64(tvb, offset, pinfo,
407 tree, drep, hfindex, &val);
408
409 if (param&PIDL_SET_COL_INFO) {
410 header_field_info *hf_info;
411 char *valstr;
412
413 hf_info = proto_registrar_get_nth(hfindex);
414
415 valstr = (char *)wmem_alloc(wmem_packet_scope(), 64);
416 valstr[0]=0;
417
418 switch (hf_info->display) {
419 case BASE_DEC:
420 if (hf_info->strings) {
421 g_snprintf(valstr, 64, "%s(%" G_GINT64_MODIFIER "u)",val_to_str( (guint32) val, (const value_string *)hf_info->strings, "Unknown:%u"), val);
422 } else {
423 g_snprintf(valstr, 64, "%" G_GINT64_MODIFIER "u", val);
424 }
425 break;
426 case BASE_HEX:
427 if (hf_info->strings) {
428 g_snprintf(valstr, 64, "%s(0x%" G_GINT64_MODIFIER "x)",val_to_str( (guint32) val, (const value_string *)hf_info->strings, "Unknown:%u"), val);
429 } else {
430 g_snprintf(valstr, 64, "0x%" G_GINT64_MODIFIER "x", val);
431 }
432 break;
433 default:
434 REPORT_DISSECTOR_BUG("Invalid hf->display value");
435 }
436
437 col_append_fstr(pinfo->cinfo, COL_INFO," %s:%s", hf_info->name, valstr);
438 }
439
440 if (pval) {
441 *pval = val;
442 }
443 return offset;
444 }
445
446 int
447 PIDL_dissect_uint64(tvbuff_t *tvb, gint offset, packet_info *pinfo,
448 proto_tree *tree, dcerpc_info *di, guint8 *drep,
449 int hfindex, guint32 param)
450 {
451 return PIDL_dissect_uint64_val(tvb, offset, pinfo, tree, di, drep, hfindex, param, NULL);
452 }
453
454 int
455 dissect_ndr_float(tvbuff_t *tvb, gint offset, packet_info *pinfo,
456 proto_tree *tree, dcerpc_info *di, guint8 *drep,
457 int hfindex, gfloat *pdata)
458 {
459 /* Some callers expect us to initialize pdata, even in error conditions, so
460 * do it right away in case we forget later */
461 if (pdata)
462 *pdata = 0;
463
464
465 if (di->conformant_run) {
466 /* just a run to handle conformant arrays, no scalars to dissect */
467 return offset;
468 }
469
470 if (!di->no_align && (offset % 4)) {
471 offset += 4 - (offset % 4);
472 }
473 return dissect_dcerpc_float(tvb, offset, pinfo,
474 tree, drep, hfindex, pdata);
475 }
476
477
478 int
479 dissect_ndr_double(tvbuff_t *tvb, gint offset, packet_info *pinfo,
480 proto_tree *tree, dcerpc_info *di, guint8 *drep,
481 int hfindex, gdouble *pdata)
482 {
483 /* Some callers expect us to initialize pdata, even in error conditions, so
484 * do it right away in case we forget later */
485 if (pdata)
486 *pdata = 0;
487
488 if (di->conformant_run) {
489 /* just a run to handle conformant arrays, no scalars to dissect */
490 return offset;
491 }
492
493 if (!di->no_align && (offset % 8)) {
494 offset += 8 - (offset % 8);
495 }
496 return dissect_dcerpc_double(tvb, offset, pinfo,
497 tree, drep, hfindex, pdata);
498 }
499
500 /* handles unix 32 bit time_t */
501 int
502 dissect_ndr_time_t(tvbuff_t *tvb, gint offset, packet_info *pinfo,
503 proto_tree *tree, dcerpc_info *di, guint8 *drep,
504 int hfindex, guint32 *pdata)
505 {
506 /* Some callers expect us to initialize pdata, even in error conditions, so
507 * do it right away in case we forget later */
508 if (pdata)
509 *pdata = 0;
510
511 if (di->conformant_run) {
512 /* just a run to handle conformant arrays, no scalars to dissect */
513 return offset;
514 }
515
516
517 if (!di->no_align && (offset % 4)) {
518 offset += 4 - (offset % 4);
519 }
520 return dissect_dcerpc_time_t(tvb, offset, pinfo,
521 tree, drep, hfindex, pdata);
522 }
523
524 int
525 dissect_ndr_uuid_t(tvbuff_t *tvb, gint offset, packet_info *pinfo,
526 proto_tree *tree, dcerpc_info *di, guint8 *drep,
527 int hfindex, e_uuid_t *pdata)
528 {
529 /* Some callers expect us to initialize pdata, even in error conditions, so
530 * do it right away in case we forget later */
531 if (pdata)
532 memset(pdata, 0, sizeof(*pdata));
533
534 if (di->conformant_run) {
535 /* just a run to handle conformant arrays, no scalars to dissect */
536 return offset;
537 }
538
539 /* uuid's are aligned to 4 bytes, due to initial uint32 in struct */
540 if (!di->no_align && (offset % 4)) {
541 offset += 4 - (offset % 4);
542 }
543 return dissect_dcerpc_uuid_t(tvb, offset, pinfo,
544 tree, drep, hfindex, pdata);
545 }
546
547 /*
548 * XXX - at least according to the DCE RPC 1.1 "nbase.idl", an
549 * "ndr_context_handle" is an unsigned32 "context_handle_attributes"
550 * and a uuid_t "context_handle_uuid". The attributes do not appear to
551 * be used, and always appear to be set to 0, in the DCE RPC 1.1 code.
552 *
553 * Should we display an "ndr_context_handle" with a tree holding the
554 * attributes and the uuid_t?
555 */
556 int
557 dissect_ndr_ctx_hnd(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
558 proto_tree *tree, dcerpc_info *di, guint8 *drep,
559 int hfindex, e_ctx_hnd *pdata)
560 {
561 static e_ctx_hnd ctx_hnd;
562
563 if (di->conformant_run) {
564 /* just a run to handle conformant arrays, no scalars to dissect */
565 return offset;
566 }
567
568 if (!di->no_align && (offset % 2)) {
569 offset += 4 - (offset % 4);
570 }
571 ctx_hnd.attributes = dcerpc_tvb_get_ntohl(tvb, offset, drep);
572 dcerpc_tvb_get_uuid(tvb, offset+4, drep, &ctx_hnd.uuid);
573 if (tree) {
574 /* Bytes is bytes - don't worry about the data representation */
575 proto_tree_add_item(tree, hfindex, tvb, offset, 20, ENC_NA);
576 }
577 if (pdata) {
578 *pdata = ctx_hnd;
579 }
580 return offset + 20;
581 }