search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: 2nd try to match RowsetProperties
[wireshark-wip.git] / epan / dissectors / packet-dcom-sysact.c
blob7ac9c8385674f6f539171fd2032172d279822d73
1 /* packet-dcerpc-sysact.c
2 * Routines for the ISystemActivator interface
3 * Copyright 2004, Jelmer Vernooij <jelmer@samba.org>
4 * Copyright 2012, Litao Gao <ltgao@juniper.net>
5 *
6 * $Id$
7 *
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
16 *
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 */
26
27 #include "config.h"
28
29 #include <glib.h>
30 #include <epan/packet.h>
31 #include <epan/wmem/wmem.h>
32 #include "packet-dcerpc.h"
33 #include "packet-dcom.h"
34
35
36 static int proto_ISystemActivator = -1;
37
38 static gint ett_isystemactivator = -1;
39 static int hf_opnum = -1;
40 static int hf_sysact_actproperties = -1;
41 /* static int hf_sysact_unknown = -1; */
42
43 static gint ett_actproperties = -1;
44 static int hf_sysact_totalsize = -1;
45 static int hf_sysact_res = -1;
46
47 static gint ett_commonheader = -1;
48 static gint ett_propguids = -1;
49 static gint ett_properties = -1;
50 static int hf_sysact_customhdrsize = -1;
51 static int hf_sysact_dstctx = -1;
52 static int hf_sysact_actpropnumber = -1;
53 static int hf_sysact_actpropclsinfoid = -1;
54 /* static int hf_sysact_actpropclsids = -1; */
55 static int hf_sysact_actpropclsid = -1;
56 /* static int hf_sysact_actpropsizes = -1; */
57 static int hf_sysact_actpropsize = -1;
58
59
60 static gint ett_dcom_spclsysprop = -1;
61 static gint ett_dcom_reserved = -1;
62 static int hf_sysact_spsysprop_sid = -1;
63 static int hf_sysact_spsysprop_remotethissid = -1;
64 static int hf_sysact_spsysprop_cltimpersonating = -1;
65 static int hf_sysact_spsysprop_partitionid = -1;
66 static int hf_sysact_spsysprop_defauthlvl = -1;
67 static int hf_sysact_spsysprop_partition = -1;
68 static int hf_sysact_spsysprop_procrqstflgs = -1;
69 static int hf_sysact_spsysprop_origclsctx = -1;
70 static int hf_sysact_spsysprop_flags = -1;
71 /* static int hf_sysact_spsysprop_procid = -1; */
72 /* static int hf_sysact_spsysprop_hwnd = -1; */
73
74 static gint ett_dcom_instantianinfo = -1;
75 static int hf_sysact_instninfo_clsid = -1;
76 static int hf_sysact_instninfo_clsctx = -1;
77 static int hf_sysact_instninfo_actflags = -1;
78 static int hf_sysact_instninfo_issurrogate = -1;
79 static int hf_sysact_instninfo_iidcount = -1;
80 static int hf_sysact_instninfo_instflags = -1;
81 static int hf_sysact_instninfo_entiresize = -1;
82 static int hf_sysact_instninfo_iid = -1;
83
84 static gint ett_dcom_actctxinfo = -1;
85 static int hf_sysact_actctxinfo_cltok = -1;
86 static int hf_sysact_context = -1;
87
88 static gint ett_dcom_context = -1;
89 static int hf_sysact_ctx_id = -1;
90 static int hf_sysact_ctx_flags = -1;
91 static int hf_sysact_ctx_res = -1;
92 static int hf_sysact_ctx_numextents = -1;
93 static int hf_sysact_ctx_extentscnt = -1;
94 static int hf_sysact_ctx_mashflags = -1;
95 static int hf_sysact_ctx_count = -1;
96 static int hf_sysact_ctx_frozen = -1;
97
98 static gint ett_dcom_securityinfo = -1;
99 static int hf_sysact_si_authflalgs = -1;
100 static int hf_sysact_si_ci_res = -1;
101 static int hf_sysact_si_ci_string = -1;
102 static int hf_sysact_si_serverinfo = -1;
103
104 static gint ett_dcom_locationinfo = -1;
105 static int hf_sysact_li_string = -1;
106 static int hf_sysact_li_procid = -1;
107 static int hf_sysact_li_apartid = -1;
108 static int hf_sysact_li_ctxid = -1;
109
110 static gint ett_dcom_scmrqstinfo = -1;
111 static gint ett_dcom_rmtrqst = -1;
112
113 static int hf_sysact_sri_cltimplvl = -1;
114 static int hf_sysact_sri_protseqnum = -1;
115 static int hf_sysact_sri_protseq = -1;
116
117 static gint ett_dcom_propsoutput = -1;
118 static int hf_sysact_pi_ifnum = -1;
119 static int hf_sysact_pi_retval = -1;
120 static int hf_sysact_pi_interf = -1;
121 static int hf_sysact_pi_iid = -1;
122
123 static gint ett_dcom_scmrespinfo = -1;
124 static gint ett_dcom_rmtresp = -1;
125 static gint ett_dcom_oxidbinding = -1;
126 static int hf_sysact_scmri_rmtunknid = -1;
127 static int hf_sysact_scmri_authhint = -1;
128 static int hf_sysact_scmri_binding = -1;
129 static int hf_sysact_scmri_oxid = -1;
130
131 static gint ett_typeszcommhdr = -1;
132 static gint ett_typeszprivhdr = -1;
133 static int hf_typeszch = -1;
134 static int hf_typeszph = -1;
135 static int hf_typesz_ver = -1;
136 static int hf_typesz_endianness = -1;
137 static int hf_typesz_commhdrlen = -1;
138 static int hf_typesz_filler = -1;
139 static int hf_typesz_buflen = -1;
140
141 static e_uuid_t uuid_ISystemActivator = { 0x000001a0, 0x0000, 0x0000, { 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 } };
142 static guint16 ver_ISystemActivator = 0;
143
144 /*static e_uuid_t clsid_ActivationPropertiesIn = { 0x00000338, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };*/
145 /*static e_uuid_t clsid_ActivationPropertiesOut = { 0x00000339, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };*/
146 static e_uuid_t iid_ActivationPropertiesIn = { 0x000001a2, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
147 static e_uuid_t iid_ActivationPropertiesOut = { 0x000001a3, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
148
149 static e_uuid_t clsid_SpecialSystemProperties = { 0x000001b9, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
150 static e_uuid_t clsid_InstantiationInfo = { 0x000001ab, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
151 static e_uuid_t clsid_ActivationContextInfo = { 0x000001a5, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
152 static e_uuid_t clsid_ContextMarshaler = { 0x0000033b, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
153 static e_uuid_t clsid_SecurityInfo = { 0x000001a6, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
154 static e_uuid_t clsid_ServerLocationInfo = { 0x000001a4, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
155 static e_uuid_t clsid_ScmRequestInfo = { 0x000001aa, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
156 static e_uuid_t clsid_PropsOutInfo = { 0x00000339, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
157 static e_uuid_t clsid_ScmReplyInfo = { 0x000001b6, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
158 /*static e_uuid_t clsid_InstanceInfo = { 0x000001ad, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };*/
159
160
161 static const value_string instninfo_actflags[] = {
162 { 0x00000002, "ACTVFLAGS_DISABLE_AAA" },
163 { 0x00000004, "ACTVFLAGS_ACTIVATE_32_BIT_SERVER" },
164 { 0x00000008, "ACTVFLAGS_ACTIVATE_64_BIT_SERVER" },
165 { 0x00000020, "ACTVFLAGS_NO_FAILURE_LOG" },
166 { 0, NULL }
167 };
168
169 static const value_string boolean_flag_vals[] = {
170 { 0x00000001, "TRUE" },
171 { 0x00000000, "FALSE" },
172 { 0, NULL }
173 };
174
175 static const value_string dcom_context_flag_vals[] = {
176 { 0x00000002, "MarshalByValue" },
177 { 0, NULL }
178 };
179
180 static const value_string ts_endian_vals[] = {
181 { 0x10, "Little-endian" },
182 { 0x00, "Big-endian" },
183 { 0, NULL }
184 };
185
186 /* MS-DCOM 2.2.28.1 */
187 #define MIN_ACTPROP_LIMIT 1
188 #define MAX_ACTPROP_LIMIT 10
189
190 typedef struct property_guids {
191 e_uuid_t guid[MAX_ACTPROP_LIMIT];
192 guint32 size[MAX_ACTPROP_LIMIT];
193 guint32 id_idx;
194 guint32 size_idx;
195 } property_guids_t;
196
197 /* Type Serialization Version 1 */
198 static int
199 dissect_TypeSzCommPrivHdr(tvbuff_t *tvb, gint offset, packet_info *pinfo,
200 proto_tree *tree, dcerpc_info *di, guint8 *drep)
201 {
202 proto_item *sub_item;
203 proto_tree *sub_tree;
204 guint8 drep_tmp;
205 guint8 endian = 0x10;
206 gint old_offset;
207
208 /* Common Header use little endian */
209 sub_item = proto_tree_add_item(tree, hf_typeszch, tvb, offset, 0, ENC_NA);
210 sub_tree = proto_item_add_subtree(sub_item, ett_typeszcommhdr);
211
212 old_offset = offset;
213 offset = dissect_dcom_BYTE(tvb, offset, pinfo, sub_tree, di, drep,
214 hf_typesz_ver, NULL);
215
216 offset = dissect_dcom_BYTE(tvb, offset, pinfo, sub_tree, di, drep,
217 hf_typesz_endianness, &endian);
218 if (endian == 0x10)
219 *drep = DREP_LITTLE_ENDIAN;
220 else
221 *drep &= ~DREP_LITTLE_ENDIAN;
222
223 drep_tmp = DREP_LITTLE_ENDIAN;
224 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, &drep_tmp,
225 hf_typesz_commhdrlen, NULL);
226 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, &drep_tmp,
227 hf_typesz_filler, NULL);
228 proto_item_set_len(sub_item, offset - old_offset);
229
230 /* Private Header */
231 old_offset = offset;
232 sub_item = proto_tree_add_item(tree, hf_typeszph, tvb, offset, 0, ENC_NA);
233 sub_tree = proto_item_add_subtree(sub_item, ett_typeszprivhdr);
234 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
235 hf_typesz_buflen, NULL);
236 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
237 hf_typesz_filler, NULL);
238 proto_item_set_len(sub_item, offset - old_offset);
239
240 return offset;
241 }
242
243
244
245 static int
246 dissect_dcom_Property_Guid(tvbuff_t *tvb, gint offset, packet_info *pinfo,
247 proto_tree *tree, dcerpc_info *di, guint8 *drep)
248 {
249 property_guids_t *pg;
250
251 pg = (property_guids_t*)di->private_data;
252
253 if (pg->id_idx < MAX_ACTPROP_LIMIT) {
254 offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
255 hf_sysact_actpropclsid, &pg->guid[pg->id_idx++]);
256 }
257 else {
258 /* TODO: expert info */
259 tvb_ensure_bytes_exist(tvb, offset, 16);
260 offset += 16;
261 }
262
263 return offset;
264 }
265
266 static int
267 dissect_dcom_ActivationPropertiesCustomerHdr_PropertyGuids(tvbuff_t *tvb, gint offset,
268 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
269 {
270 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, dissect_dcom_Property_Guid);
271 return offset;
272 }
273
274 static int
275 dissect_dcom_Property_Size(tvbuff_t *tvb, gint offset, packet_info *pinfo,
276 proto_tree *tree, dcerpc_info *di, guint8 *drep)
277 {
278 property_guids_t *pg;
279
280 pg = (property_guids_t*)di->private_data;
281
282 if (pg->size_idx < MAX_ACTPROP_LIMIT) {
283 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
284 hf_sysact_actpropsize, &pg->size[pg->size_idx++]);
285 }
286 else {
287 /* TODO: expert info */
288 tvb_ensure_bytes_exist(tvb, offset, 4);
289 offset += 4;
290 }
291
292 return offset;
293 }
294
295 static int
296 dissect_dcom_ActivationPropertiesCustomerHdr_PropertySizes(tvbuff_t *tvb, gint offset,
297 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
298 {
299 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, dissect_dcom_Property_Size);
300 return offset;
301 }
302
303 static int
304 dissect_dcom_ActivationPropertiesCustomerHdr(tvbuff_t *tvb, gint offset, packet_info *pinfo,
305 proto_tree *tree, dcerpc_info *di, guint8 *drep)
306 {
307 guint32 u32TotalSize;
308 guint32 u32CustomHdrSize;
309 guint32 u32ActPropNumber;
310 gint old_offset;
311
312 proto_item *sub_item;
313 proto_tree *sub_tree;
314
315 sub_item = proto_tree_add_text(tree, tvb, offset, 0, "CustomHeader");
316
317 sub_tree = proto_item_add_subtree(sub_item, ett_commonheader);
318
319 old_offset = offset;
320 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
321
322 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
323 hf_sysact_totalsize, &u32TotalSize);
324 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
325 hf_sysact_customhdrsize, &u32CustomHdrSize);
326 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
327 hf_sysact_res, NULL);
328 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
329 hf_sysact_dstctx, NULL);
330 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
331 hf_sysact_actpropnumber, &u32ActPropNumber);
332 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
333 hf_sysact_actpropclsinfoid, NULL);
334
335 /* ClsIdPtr, SizesPtr */
336 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
337 dissect_dcom_ActivationPropertiesCustomerHdr_PropertyGuids, NDR_POINTER_UNIQUE,
338 "ClsIdPtr",hf_sysact_actpropclsid);
339 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
340 dissect_dcom_ActivationPropertiesCustomerHdr_PropertySizes, NDR_POINTER_UNIQUE,
341 "ClsSizesPtr",hf_sysact_actpropclsid);
342 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
343 NULL, NDR_POINTER_UNIQUE, "OpaqueDataPtr: Pointer To NULL", 0);
344
345 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
346 proto_item_set_len(sub_item, offset - old_offset);
347
348 return offset;
349 }
350
351
352 static int
353 dissect_dcom_ActivationProperty(tvbuff_t *tvb, gint offset, packet_info *pinfo,
354 proto_tree *tree, dcerpc_info *di, guint8 *drep, e_uuid_t *clsid, gint size)
355 {
356 dcom_dissect_fn_t routine = NULL;
357
358 /* the following data depends on the clsid, get the routine by clsid */
359 routine = dcom_get_rountine_by_uuid(clsid);
360 if (routine){
361 offset = routine(tvb, offset, pinfo, tree, di, drep, size);
362 }
363
364 return offset;
365 }
366
367
368
369 static int
370 dissect_dcom_ActivationPropertiesBody(tvbuff_t *tvb, gint offset, packet_info *pinfo,
371 proto_tree *tree, dcerpc_info *di, guint8 *drep)
372 {
373 gint old_offset;
374
375 proto_item *sub_item;
376 proto_tree *sub_tree;
377 property_guids_t *pg;
378 guint32 i;
379 guint32 min_idx;
380
381 pg = (property_guids_t*)di->private_data;
382
383 if (pg->id_idx == pg->size_idx) {
384 min_idx = pg->id_idx;
385 }
386 else {
387 /* TODO: expert info */
388 min_idx = MIN(pg->id_idx, pg->size_idx);
389 }
390
391 sub_item = proto_tree_add_text(tree, tvb, offset, 0, "Properties");
392 sub_tree = proto_item_add_subtree(sub_item, ett_properties);
393
394 old_offset = offset;
395 for (i = 0; i < min_idx; i++) {
396 offset = dissect_dcom_ActivationProperty(tvb, offset, pinfo, sub_tree, di, drep,
397 &pg->guid[i], pg->size[i]);
398 }
399 proto_item_set_len(sub_item, offset - old_offset);
400
401 return offset;
402 }
403
404 static int
405 dissect_dcom_ActivationProperties(tvbuff_t *tvb, gint offset, packet_info *pinfo,
406 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size _U_)
407 {
408 proto_item *sub_item;
409 proto_tree *sub_tree;
410 property_guids_t *old_pg = NULL;
411
412 guint32 u32TotalSize;
413 guint32 u32Res;
414
415 sub_item = proto_tree_add_item(tree, hf_sysact_actproperties, tvb, offset, 0, ENC_NA);
416 sub_tree = proto_item_add_subtree(sub_item, ett_actproperties);
417
418 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
419 hf_sysact_totalsize, &u32TotalSize);
420 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
421 hf_sysact_res, &u32Res);
422
423 old_pg = (property_guids_t*)di->private_data;
424 di->private_data = wmem_new0(wmem_packet_scope(), property_guids_t);
425
426 offset = dissect_dcom_ActivationPropertiesCustomerHdr(tvb, offset, pinfo, sub_tree, di, drep);
427 offset = dissect_dcom_ActivationPropertiesBody(tvb, offset, pinfo, sub_tree, di, drep);
428
429 di->private_data = old_pg;
430
431 return offset;
432 }
433
434 static int
435 dissect_dcom_ContextMarshaler(tvbuff_t *tvb, gint offset, packet_info *pinfo,
436 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size _U_)
437 {
438 proto_item *sub_item;
439 proto_tree *sub_tree;
440 gint old_offset;
441
442 guint32 u32Count;
443
444 old_offset = offset;
445 sub_item = proto_tree_add_text(tree, tvb, offset, 0, "Context");
446 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_context);
447
448 offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, sub_tree, di, drep,
449 NULL, NULL);
450 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
451 hf_sysact_ctx_id, NULL);
452 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
453 hf_sysact_ctx_flags, NULL);
454 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
455 hf_sysact_ctx_res, NULL);
456 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
457 hf_sysact_ctx_numextents, NULL);
458 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
459 hf_sysact_ctx_extentscnt, NULL);
460 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
461 hf_sysact_ctx_mashflags, NULL);
462 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
463 hf_sysact_ctx_count, &u32Count);
464 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
465 hf_sysact_ctx_frozen, NULL);
466
467 if (u32Count) {
468 /*PropMarshalHeader array*/
469 /*TBD*/
470 }
471
472 proto_item_set_len(sub_item, offset - old_offset);
473
474 return offset;
475 }
476
477 static int
478 dissect_dcom_SpecialSystemProperties(tvbuff_t *tvb, gint offset, packet_info *pinfo,
479 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
480 {
481 proto_item *sub_item, *it;
482 proto_tree *sub_tree, *tr;
483 gint old_offset, len, i;
484
485 old_offset = offset;
486
487 if (size <= 0) {
488 /* TODO: expert info */
489 size = -1;
490 }
491
492 sub_item = proto_tree_add_text(tree, tvb, offset, size, "SpecialSystemProperties");
493 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_spclsysprop);
494
495 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
496
497 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
498 hf_sysact_spsysprop_sid, NULL);
499 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
500 hf_sysact_spsysprop_remotethissid, NULL);
501 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
502 hf_sysact_spsysprop_cltimpersonating, NULL);
503 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
504 hf_sysact_spsysprop_partitionid, NULL);
505 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
506 hf_sysact_spsysprop_defauthlvl, NULL);
507 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
508 hf_sysact_spsysprop_partition, NULL);
509 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
510 hf_sysact_spsysprop_procrqstflgs, NULL);
511 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
512 hf_sysact_spsysprop_origclsctx, NULL);
513 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
514 hf_sysact_spsysprop_flags, NULL);
515 /*
516 *
517 * offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
518 * hf_sysact_spsysprop_procid, NULL);
519 * offset = dissect_dcom_I8(tvb, offset, pinfo, sub_tree, drep,
520 * hf_sysact_spsysprop_hwnd, NULL);
521 *
522 */
523 it = proto_tree_add_text(sub_tree, tvb, offset, sizeof(guint32)*8,
524 "Reserved: 8 DWORDs");
525 tr = proto_item_add_subtree(it, ett_dcom_reserved);
526 for (i = 0; i < 8; i++) {
527 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tr, di, drep,
528 hf_sysact_res, NULL);
529 }
530
531 len = offset - old_offset;
532 if (size < len) {
533 /* TODO expert info */
534 size = len;
535 }
536 else if (size > len) {
537 proto_tree_add_text(sub_tree, tvb, offset, size - len,
538 "UnusedBuffer: %d bytes", size - len);
539 }
540
541 offset = old_offset + size;
542 return offset;
543 }
544
545 static int
546 dissect_dcom_InterfaceId(tvbuff_t *tvb, gint offset, packet_info *pinfo,
547 proto_tree *tree, dcerpc_info *di, guint8 *drep)
548 {
549 offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
550 hf_sysact_instninfo_iid, NULL);
551 return offset;
552 }
553
554 static int
555 dissect_InstantiationInfoIids(tvbuff_t *tvb, gint offset,
556 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
557 {
558 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
559 dissect_dcom_InterfaceId);
560
561 return offset;
562 }
563
564 static int
565 dissect_dcom_InstantiationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
566 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
567 {
568 proto_item *sub_item;
569 proto_tree *sub_tree;
570 gint old_offset, len;
571
572 old_offset = offset;
573
574 if (size <= 0) {
575 /* TODO: expert info */
576 size = -1;
577 }
578
579 sub_item = proto_tree_add_text(tree, tvb, offset, size, "InstantiationInfo");
580 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_instantianinfo);
581
582 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
583
584 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
585 hf_sysact_instninfo_clsid, NULL);
586 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
587 hf_sysact_instninfo_clsctx, NULL);
588 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
589 hf_sysact_instninfo_actflags, NULL);
590 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
591 hf_sysact_instninfo_issurrogate, NULL);
592 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
593 hf_sysact_instninfo_iidcount, NULL);
594 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
595 hf_sysact_instninfo_instflags, NULL);
596
597 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
598 dissect_InstantiationInfoIids, NDR_POINTER_UNIQUE,
599 "InterfaceIdsPtr", -1);
600
601 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
602 hf_sysact_instninfo_entiresize, NULL);
603 offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, sub_tree, di, drep,
604 NULL, NULL);
605
606 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
607
608 len = offset - old_offset;
609 if (size < len) {
610 /* TODO expert info */
611 size = len;
612 }
613 else if (size > len) {
614 proto_tree_add_text(sub_tree, tvb, offset, size - len,
615 "UnusedBuffer: %d bytes", size - len);
616 }
617
618 offset = old_offset + size;
619 return offset;
620 }
621
622 static int
623 dissect_ActCtxInfo_PropCtx(tvbuff_t *tvb _U_, gint offset _U_,
624 packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info *di _U_, guint8 *drep _U_)
625 {
626 /*TBD*/
627 return offset;
628 }
629
630
631 static int
632 dissect_ActCtxInfo_CltCtx(tvbuff_t *tvb, gint offset,
633 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
634 {
635 if (di->conformant_run) {
636 return offset;
637 }
638
639 offset = dissect_dcom_MInterfacePointer(tvb, offset, pinfo, tree, di, drep,
640 hf_sysact_context, NULL);
641 return offset;
642 }
643
644 static int
645 dissect_dcom_ActivationContextInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
646 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
647 {
648 proto_item *sub_item;
649 proto_tree *sub_tree;
650 gint old_offset, len;
651
652 old_offset = offset;
653
654 if (size <= 0) {
655 /* TODO: expert info */
656 size = -1;
657 }
658
659 sub_item = proto_tree_add_text(tree, tvb, offset, size, "ActivationContextInfo");
660 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_actctxinfo);
661
662 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
663
664 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
665 hf_sysact_actctxinfo_cltok, NULL);
666 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
667 hf_sysact_res, NULL);
668 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
669 hf_sysact_res, NULL);
670 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
671 hf_sysact_res, NULL);
672
673 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
674 dissect_ActCtxInfo_CltCtx, NDR_POINTER_UNIQUE,
675 "ClientPtr", -1);
676 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
677 dissect_ActCtxInfo_PropCtx, NDR_POINTER_UNIQUE,
678 "PrototypePtr", -1);
679 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
680
681 len = offset - old_offset;
682 if (size < len) {
683 /* TODO expert info */
684 size = len;
685 }
686 else if (size > len) {
687 proto_tree_add_text(sub_tree, tvb, offset, size - len,
688 "UnusedBuffer: %d bytes", size - len);
689 }
690
691 offset = old_offset + size;
692 return offset;
693 }
694
695
696 static int
697 dissect_dcom_COSERVERINFO(tvbuff_t *tvb, gint offset,
698 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex)
699 {
700 proto_item *sub_item;
701 proto_tree *sub_tree;
702 gint old_offset;
703
704 if (di->conformant_run) {
705 return offset;
706 }
707
708 sub_item = proto_tree_add_item(tree, hfindex, tvb, offset, 0, ENC_NA);
709 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_securityinfo);
710
711 old_offset = offset;
712 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
713 hf_sysact_si_ci_res, NULL);
714 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
715 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Name(wstring)",
716 hf_sysact_si_ci_string);
717 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
718 NULL, NDR_POINTER_UNIQUE, "AuthInfoPtr", -1);
719 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
720 hf_sysact_si_ci_res, NULL);
721
722 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
723
724 proto_item_set_len(sub_item, offset - old_offset);
725
726 return offset;
727 }
728
729 static int
730 dissect_dcom_SI_ServerInfo(tvbuff_t *tvb, gint offset,
731 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
732 {
733 offset = dissect_dcom_COSERVERINFO(tvb, offset, pinfo, tree, di, drep,
734 hf_sysact_si_serverinfo);
735 return offset;
736 }
737
738 static int
739 dissect_dcom_SecurtiyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
740 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
741 {
742 proto_item *sub_item;
743 proto_tree *sub_tree;
744 gint old_offset, len;
745
746 old_offset = offset;
747
748 if (size <= 0) {
749 /* TODO: expert info */
750 size = -1;
751 }
752
753 sub_item = proto_tree_add_text(tree, tvb, offset, size, "SecurityInfo");
754 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_securityinfo);
755
756 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di ,drep);
757
758 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
759 hf_sysact_si_authflalgs, NULL);
760 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
761 dissect_dcom_SI_ServerInfo, NDR_POINTER_UNIQUE, "ServerInfoPtr", -1);
762 /*This SHOULD be NULL and MUST be ignored on receipt*/
763 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
764 NULL, NDR_POINTER_UNIQUE, "ReservedPtr", -1);
765 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
766
767 len = offset - old_offset;
768 if (size < len) {
769 /* TODO expert info */
770 size = len;
771 }
772 else if (size > len) {
773 proto_tree_add_text(sub_tree, tvb, offset, size - len,
774 "UnusedBuffer: %d bytes", size - len);
775 }
776
777 offset = old_offset + size;
778 return offset;
779 }
780
781 static int
782 dissect_dcom_LocationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
783 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
784 {
785 proto_item *sub_item;
786 proto_tree *sub_tree;
787 gint old_offset, len;
788
789 old_offset = offset;
790
791 if (size <= 0) {
792 /* TODO: expert info */
793 size = -1;
794 }
795
796 sub_item = proto_tree_add_text(tree, tvb, offset, size, "LocationInfo");
797 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_locationinfo);
798
799 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
800
801 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
802 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "MachineNamePtr",
803 hf_sysact_li_string);
804
805 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
806 hf_sysact_li_procid, NULL);
807 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
808 hf_sysact_li_apartid, NULL);
809 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
810 hf_sysact_li_ctxid, NULL);
811
812 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
813
814 len = offset - old_offset;
815 if (size < len) {
816 /* TODO expert info */
817 size = len;
818 }
819 else if (size > len) {
820 proto_tree_add_text(sub_tree, tvb, offset, size - len,
821 "UnusedBuffer: %d bytes", size - len);
822 }
823
824 offset = old_offset + size;
825
826 return offset;
827 }
828
829 static int
830 dissect_dcom_ProtoSeq(tvbuff_t *tvb, gint offset, packet_info *pinfo,
831 proto_tree *tree, dcerpc_info *di, guint8 *drep)
832 {
833 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
834 hf_sysact_sri_protseq, NULL);
835
836 return offset;
837 }
838
839 static int
840 dissect_dcom_ProtoSeqArray(tvbuff_t *tvb, gint offset,
841 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
842 {
843 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
844 dissect_dcom_ProtoSeq);
845 return offset;
846 }
847
848 static int
849 dissect_dcom_customREMOTE_REQUEST_SCM_INFO(tvbuff_t *tvb, gint offset,
850 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
851 {
852 proto_item *sub_item;
853 proto_tree *sub_tree;
854 gint old_offset;
855
856 if (di->conformant_run) {
857 return offset;
858 }
859
860 sub_item = proto_tree_add_text(tree, tvb, offset, 0, "RemoteRequest");
861 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_rmtrqst);
862
863 old_offset = offset;
864 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
865 hf_sysact_sri_cltimplvl, NULL);
866 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
867 hf_sysact_sri_protseqnum, NULL);
868 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
869 dissect_dcom_ProtoSeqArray, NDR_POINTER_UNIQUE, "ProtocolSeqsArrayPtr", -1);
870 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
871
872 proto_item_set_len(sub_item, offset - old_offset);
873
874 return offset;
875 }
876
877 static int
878 dissect_dcom_ScmRqstInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
879 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
880 {
881 proto_item *sub_item;
882 proto_tree *sub_tree;
883 gint old_offset, len;
884
885 old_offset = offset;
886
887 if (size <= 0) {
888 /* TODO: expert info */
889 size = -1;
890 }
891
892 sub_item = proto_tree_add_text(tree, tvb, offset, size, "ScmRequestInfo");
893 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_scmrqstinfo);
894
895 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
896
897 /*This MUST be set to NULL and MUST be ignored on receipt*/
898 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
899 NULL, NDR_POINTER_UNIQUE, "Ptr", -1);
900 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
901 dissect_dcom_customREMOTE_REQUEST_SCM_INFO, NDR_POINTER_UNIQUE,
902 "RemoteRequestPtr", -1);
903 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
904
905 len = offset - old_offset;
906 if (size < len) {
907 /* TODO expert info */
908 size = len;
909 }
910 else if (size > len) {
911 proto_tree_add_text(sub_tree, tvb, offset, size - len,
912 "UnusedBuffer: %d bytes", size - len);
913 }
914
915 offset = old_offset + size;
916
917 return offset;
918 }
919
920 static int
921 dissect_dcom_IfId(tvbuff_t *tvb, gint offset, packet_info *pinfo,
922 proto_tree *tree, dcerpc_info *di, guint8 *drep)
923 {
924 offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
925 hf_sysact_pi_iid, NULL);
926 return offset;
927 }
928
929 static int
930 dissect_dcom_IfIds(tvbuff_t *tvb, gint offset,
931 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
932 {
933 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
934 dissect_dcom_IfId);
935 return offset;
936 }
937
938 static int
939 dissect_dcom_ReturnVal(tvbuff_t *tvb, gint offset, packet_info *pinfo,
940 proto_tree *tree, dcerpc_info *di, guint8 *drep)
941 {
942 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
943 hf_sysact_pi_retval, NULL);
944 return offset;
945 }
946
947 static int
948 dissect_dcom_ReturnVals(tvbuff_t *tvb, gint offset,
949 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
950 {
951 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
952 dissect_dcom_ReturnVal);
953 return offset;
954 }
955
956 static int
957 dissect_OneInterfData(tvbuff_t *tvb, gint offset,
958 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
959 {
960 offset = dissect_dcom_MInterfacePointer(tvb, offset, pinfo, tree, di, drep,
961 hf_sysact_pi_interf, NULL);
962 return offset;
963 }
964
965 static int
966 dissect_dcom_OneInterfDataPtr(tvbuff_t *tvb, gint offset, packet_info *pinfo,
967 proto_tree *tree, dcerpc_info *di, guint8 *drep)
968 {
969 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep,
970 dissect_OneInterfData, NDR_POINTER_UNIQUE, "InterfacePtr", -1);
971 return offset;
972 }
973
974 /*
975 * This MUST be an array of MInterfacePointer pointers containing the OBJREFs for
976 * the interfaces returned by the server.
977 */
978 static int
979 dissect_dcom_InterfData(tvbuff_t *tvb, gint offset,
980 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
981 {
982 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
983 dissect_dcom_OneInterfDataPtr);
984 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
985 return offset;
986 }
987
988 static int
989 dissect_dcom_PropsOutInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
990 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
991 {
992 proto_item *sub_item;
993 proto_tree *sub_tree;
994 gint old_offset, len;
995
996 old_offset = offset;
997
998 if (size <= 0) {
999 /* TODO: expert info */
1000 size = -1;
1001 }
1002
1003 sub_item = proto_tree_add_text(tree, tvb, offset, size, "PropertiesOutput");
1004 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_propsoutput);
1005
1006 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
1007
1008 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
1009 hf_sysact_pi_ifnum, NULL);
1010
1011 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1012 dissect_dcom_IfIds, NDR_POINTER_UNIQUE, "InterfaceIdsPtr", -1);
1013 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1014 dissect_dcom_ReturnVals, NDR_POINTER_UNIQUE, "ReturnValuesPtr", -1);
1015 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1016 dissect_dcom_InterfData, NDR_POINTER_UNIQUE, "InterfacePtrsPtr", -1);
1017 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1018
1019 len = offset - old_offset;
1020 if (size < len) {
1021 /* TODO expert info */
1022 size = len;
1023 }
1024 else if (size > len) {
1025 proto_tree_add_text(sub_tree, tvb, offset, size - len,
1026 "UnusedBuffer: %d bytes", size - len);
1027 }
1028
1029 offset = old_offset + size;
1030
1031 return offset;
1032 }
1033
1034
1035 /*
1036 *typedef struct tagDUALSTRINGARRAY {
1037 * unsigned short wNumEntries;
1038 * unsigned short wSecurityOffset;
1039 * [size_is(wNumEntries)] unsigned short aStringArray[];
1040 *} DUALSTRINGARRAY;
1041 */
1042 static int
1043 dissect_dcom_OxidBindings(tvbuff_t *tvb, gint offset,
1044 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1045 {
1046 proto_item *sub_item;
1047 proto_tree *sub_tree;
1048 gint old_offset;
1049
1050 if (di->conformant_run) {
1051 return offset;
1052 }
1053
1054 old_offset = offset;
1055 sub_item = proto_tree_add_text(tree, tvb, offset, 0, "OxidBindings");
1056 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_oxidbinding);
1057
1058 offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, sub_tree, di, drep, NULL);
1059 offset = dissect_dcom_DUALSTRINGARRAY(tvb, offset, pinfo, sub_tree, di, drep,
1060 hf_sysact_scmri_binding, NULL);
1061
1062 proto_item_set_len(sub_item, offset - old_offset);
1063 return offset;
1064 }
1065
1066
1067 static int
1068 dissect_dcom_customREMOTE_REPLY_SCM_INFO(tvbuff_t *tvb, gint offset,
1069 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1070 {
1071 proto_item *sub_item;
1072 proto_tree *sub_tree;
1073 gint old_offset;
1074
1075 if (di->conformant_run) {
1076 return offset;
1077 }
1078
1079 sub_item = proto_tree_add_text(tree, tvb, offset, 0, "RemoteReply");
1080 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_rmtresp);
1081
1082 old_offset = offset;
1083 offset = dissect_dcom_ID(tvb, offset, pinfo, sub_tree, di, drep,
1084 hf_sysact_scmri_oxid, NULL);
1085 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1086 dissect_dcom_OxidBindings, NDR_POINTER_UNIQUE, "OxidBindingsPtr", -1);
1087 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
1088 hf_sysact_scmri_rmtunknid, NULL);
1089 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
1090 hf_sysact_scmri_authhint, NULL);
1091 offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, sub_tree, di, drep,
1092 NULL, NULL);
1093 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1094
1095 proto_item_set_len(sub_item, offset - old_offset);
1096
1097 return offset;
1098 }
1099
1100
1101 static int
1102 dissect_dcom_ScmReplyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
1103 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
1104 {
1105 proto_item *sub_item;
1106 proto_tree *sub_tree;
1107 gint old_offset, len;
1108
1109 old_offset = offset;
1110
1111 if (size <= 0) {
1112 /* TODO: expert info */
1113 size = -1;
1114 }
1115
1116 sub_item = proto_tree_add_text(tree, tvb, offset, size, "ScmReplyInfo");
1117 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_scmrespinfo);
1118
1119 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
1120
1121 /*This MUST be set to NULL and MUST be ignored on receipt*/
1122 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1123 NULL, NDR_POINTER_UNIQUE, "Ptr", -1);
1124 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1125 dissect_dcom_customREMOTE_REPLY_SCM_INFO, NDR_POINTER_UNIQUE,
1126 "RemoteRequestPtr", -1);
1127 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1128
1129 len = offset - old_offset;
1130 if (size < len) {
1131 /* TODO expert info */
1132 size = len;
1133 }
1134 else if (size > len) {
1135 proto_tree_add_text(sub_tree, tvb, offset, size - len,
1136 "UnusedBuffer: %d bytes", size - len);
1137 }
1138
1139 offset = old_offset + size;
1140
1141 return offset;
1142 }
1143
1144 void
1145 sysact_register_routines(void)
1146 {
1147 dcom_register_rountine(dissect_dcom_ActivationProperties, &iid_ActivationPropertiesIn);
1148 dcom_register_rountine(dissect_dcom_ActivationProperties, &iid_ActivationPropertiesOut);
1149 dcom_register_rountine(dissect_dcom_SpecialSystemProperties, &clsid_SpecialSystemProperties);
1150 dcom_register_rountine(dissect_dcom_InstantiationInfo, &clsid_InstantiationInfo);
1151 dcom_register_rountine(dissect_dcom_ActivationContextInfo, &clsid_ActivationContextInfo);
1152 dcom_register_rountine(dissect_dcom_ContextMarshaler, &clsid_ContextMarshaler);
1153 dcom_register_rountine(dissect_dcom_SecurtiyInfo, &clsid_SecurityInfo);
1154 dcom_register_rountine(dissect_dcom_LocationInfo, &clsid_ServerLocationInfo);
1155 dcom_register_rountine(dissect_dcom_ScmRqstInfo, &clsid_ScmRequestInfo);
1156 dcom_register_rountine(dissect_dcom_PropsOutInfo, &clsid_PropsOutInfo);
1157 dcom_register_rountine(dissect_dcom_ScmReplyInfo, &clsid_ScmReplyInfo);
1158
1159 return;
1160 }
1161
1162 static int
1163 dissect_remsysact_remotecreateinstance_rqst(tvbuff_t *tvb, int offset,
1164 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1165 {
1166
1167 sysact_register_routines();
1168
1169 offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep);
1170
1171 /* XXX - what is this? */
1172 offset = dissect_dcom_nospec_data(tvb, offset, pinfo, tree, drep, 4);
1173 offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
1174 hf_sysact_actproperties, NULL /* XXX */);
1175 return offset;
1176 }
1177
1178 static int
1179 dissect_remsysact_remotecreateinstance_resp(tvbuff_t *tvb, int offset,
1180 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1181 {
1182 sysact_register_routines();
1183
1184 offset = dissect_dcom_that(tvb, offset, pinfo, tree, di, drep);
1185
1186 offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
1187 hf_sysact_actproperties, NULL /* XXX */);
1188
1189 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
1190 NULL /* pu32HResult */);
1191
1192 return offset;
1193 }
1194
1195
1196 static dcerpc_sub_dissector ISystemActivator_dissectors[] = {
1197 { 0, "QueryInterfaceIRemoteSCMActivator", NULL, NULL },
1198 { 1, "AddRefIRemoteISCMActivator", NULL, NULL },
1199 { 2, "ReleaseIRemoteISCMActivator", NULL, NULL },
1200 { 3, "RemoteGetClassObject", NULL, NULL },
1201 { 4, "RemoteCreateInstance", dissect_remsysact_remotecreateinstance_rqst, dissect_remsysact_remotecreateinstance_resp },
1202 { 0, NULL, NULL, NULL },
1203 };
1204
1205 void
1206 proto_register_ISystemActivator (void)
1207 {
1208 /* fields */
1209 static hf_register_info hf[] = {
1210 { &hf_opnum,
1211 { "Operation", "isystemactivator.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1212 { &hf_sysact_actproperties,
1213 { "IActProperties", "isystemactivator.actproperties", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1214 #if 0
1215 { &hf_sysact_unknown,
1216 { "IUnknown", "isystemactivator.unknown", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1217 #endif
1218 };
1219
1220 static hf_register_info hf_actproperties[] = {
1221 { &hf_sysact_totalsize,
1222 { "Totalsize", "isystemactivator.actproperties.size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1223 { &hf_sysact_res,
1224 { "Reserved", "isystemactivator.actproperties.resv", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1225
1226 { &hf_sysact_customhdrsize,
1227 { "CustomHeaderSize", "isystemactivator.customhdr.size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1228 { &hf_sysact_dstctx,
1229 { "DestinationContext", "isystemactivator.customhdr.dc", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1230 { &hf_sysact_actpropnumber,
1231 { "NumActivationPropertyStructs", "isystemactivator.customhdr.actpropnumber", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1232 { &hf_sysact_actpropclsinfoid,
1233 { "ClassInfoClsid", "isystemactivator.customhdr.clsinfoid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1234 #if 0
1235 { &hf_sysact_actpropclsids,
1236 { "PropertyGuids", "isystemactivator.customhdr.clsids", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1237 #endif
1238 { &hf_sysact_actpropclsid,
1239 { "PropertyStructGuid", "isystemactivator.customhdr.clsid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1240 #if 0
1241 { &hf_sysact_actpropsizes,
1242 { "PropertyDataSizes", "isystemactivator.customhdr.datasizes", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1243 #endif
1244 { &hf_sysact_actpropsize,
1245 { "PropertyDataSize", "isystemactivator.customhdr.datasize", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1246
1247 /*SpecialSystemProperties*/
1248 { &hf_sysact_spsysprop_sid,
1249 { "SessionID", "isystemactivator.properties.spcl.sid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, "A value that uniquely identifies a logon session on the server", HFILL }},
1250 { &hf_sysact_spsysprop_remotethissid,
1251 { "RemoteThisSessionID", "isystemactivator.properties.spcl.remotesid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1252 { &hf_sysact_spsysprop_cltimpersonating,
1253 { "ClientImpersonating", "isystemactivator.properties.spcl.cltimp", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1254 { &hf_sysact_spsysprop_partitionid,
1255 { "PartitionIDPresent", "isystemactivator.properties.spcl.cltimp", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1256 { &hf_sysact_spsysprop_defauthlvl,
1257 { "DefaultAuthnLevel", "isystemactivator.properties.spcl.defauthlvl", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1258 { &hf_sysact_spsysprop_partition,
1259 { "PartitionGuid", "isystemactivator.properties.spcl.partition", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1260 { &hf_sysact_spsysprop_procrqstflgs,
1261 { "ProcessRequestFlags", "isystemactivator.properties.spcl.procreqstflgs", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1262 { &hf_sysact_spsysprop_origclsctx,
1263 { "OriginalClassContext", "isystemactivator.properties.spcl.origclsctx", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1264 { &hf_sysact_spsysprop_flags,
1265 { "Flags", "isystemactivator.properties.spcl.flags", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1266 #if 0
1267 { &hf_sysact_spsysprop_procid,
1268 { "ProcessID", "isystemactivator.properties.spcl.procid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1269 #endif
1270 #if 0
1271 { &hf_sysact_spsysprop_hwnd,
1272 { "hWnd", "isystemactivator.properties.spcl.hwnd", FT_UINT64, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1273 #endif
1274
1275 /*InstantiationInfo*/
1276 { &hf_sysact_instninfo_clsid,
1277 { "InstantiatedObjectClsId", "isystemactivator.properties.instninfo.clsid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1278 { &hf_sysact_instninfo_clsctx,
1279 { "ClassContext", "isystemactivator.properties.instninfo.clsctx", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1280 { &hf_sysact_instninfo_actflags,
1281 { "ActivationFlags", "isystemactivator.properties.instninfo.actflags", FT_UINT32, BASE_DEC_HEX, VALS(instninfo_actflags), 0x0, NULL, HFILL }},
1282 { &hf_sysact_instninfo_issurrogate,
1283 { "FlagsSurrogate", "isystemactivator.properties.instninfo.actflags", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1284 { &hf_sysact_instninfo_iidcount,
1285 { "InterfaceIdCount", "isystemactivator.properties.instninfo.iidcount", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1286 { &hf_sysact_instninfo_instflags,
1287 { "InstantiationFlag", "isystemactivator.properties.instninfo.instflags", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1288 { &hf_sysact_instninfo_entiresize,
1289 { "EntirePropertySize", "isystemactivator.properties.instninfo.entiresize", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1290 { &hf_sysact_instninfo_iid,
1291 { "InterfaceIds", "isystemactivator.properties.instninfo.iid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1292
1293 /*ActivationContextInfo*/
1294 { &hf_sysact_actctxinfo_cltok,
1295 { "ClientOk", "isystemactivator.properties.actctxinfo.cltok", FT_INT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1296 { &hf_sysact_context,
1297 { "ClientContext", "isystemactivator.properties.context", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1298
1299 /*dcom Context*/
1300 { &hf_sysact_ctx_id,
1301 { "ContextID", "isystemactivator.properties.context.id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1302 { &hf_sysact_ctx_flags,
1303 { "Flags", "isystemactivator.properties.context.flags", FT_UINT32, BASE_HEX, VALS(dcom_context_flag_vals), 0x0, NULL, HFILL }},
1304 { &hf_sysact_ctx_res,
1305 { "Reserved", "isystemactivator.properties.context.res", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1306 { &hf_sysact_ctx_numextents,
1307 { "NumExtents", "isystemactivator.properties.context.numext", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1308 { &hf_sysact_ctx_extentscnt,
1309 { "ExtentCount", "isystemactivator.properties.context.extcnt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1310 { &hf_sysact_ctx_mashflags,
1311 { "MarshalFlags", "isystemactivator.properties.context.mashflags", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1312 { &hf_sysact_ctx_count,
1313 { "ContextPropertyCount", "isystemactivator.properties.context.cnt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1314 { &hf_sysact_ctx_frozen,
1315 { "Frozen", "isystemactivator.properties.context.frz", FT_UINT32, BASE_HEX, VALS(boolean_flag_vals), 0x0, NULL, HFILL }},
1316
1317 /*Security Info*/
1318 { &hf_sysact_si_authflalgs,
1319 { "AuthenticationFlags", "isystemactivator.properties.si.authflags", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1320 { &hf_sysact_si_serverinfo,
1321 { "ServerInfo", "isystemactivator.properties.si.ci", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1322 { &hf_sysact_si_ci_res,
1323 { "Reserved", "isystemactivator.properties.si.ci.res", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1324 { &hf_sysact_si_ci_string,
1325 { "String", "isystemactivator.properties.si.ci.name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1326
1327 /*Location info*/
1328 { &hf_sysact_li_string,
1329 { "String", "isystemactivator.properties.li.name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1330 { &hf_sysact_li_procid,
1331 { "ProcessId", "isystemactivator.properties.li.procid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1332 { &hf_sysact_li_apartid,
1333 { "ApartmentId", "isystemactivator.properties.li.apartid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1334 { &hf_sysact_li_ctxid,
1335 { "ContextId", "isystemactivator.properties.li.ctxid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1336
1337 /*ScmRequst info*/
1338 { &hf_sysact_sri_cltimplvl,
1339 { "ClientImpersonationLevel", "isystemactivator.properties.sri.cltimplvl", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1340 { &hf_sysact_sri_protseqnum,
1341 { "NumProtocolSequences", "isystemactivator.properties.sri.protseqnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1342 { &hf_sysact_sri_protseq,
1343 { "ProtocolSeq", "isystemactivator.properties.sri.protseq", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1344
1345 /*PropsOutInfo*/
1346 { &hf_sysact_pi_ifnum,
1347 { "NumInterfaces", "isystemactivator.properties.pi.ifnum", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1348 { &hf_sysact_pi_retval,
1349 { "ReturnValue", "isystemactivator.properties.retval", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1350 { &hf_sysact_pi_interf,
1351 { "Interface", "isystemactivator.properties.interf", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1352 { &hf_sysact_pi_iid,
1353 { "IID", "isystemactivator.properties.iid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1354
1355 /*ScmReply info*/
1356 { &hf_sysact_scmri_rmtunknid,
1357 { "IRemUnknownInterfacePointerId", "isystemactivator.properties.scmresp.rmtunknid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1358 { &hf_sysact_scmri_authhint,
1359 { "AuthenticationHint", "isystemactivator.properties.scmresp.authhint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1360 { &hf_sysact_scmri_binding,
1361 { "Bindings", "isystemactivator.properties.scmresp.binding", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1362 { &hf_sysact_scmri_oxid,
1363 { "OXID", "isystemactivator.properties.scmresp.oxid", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1364 };
1365
1366 static hf_register_info hf_tshdr[] = {
1367 { &hf_typeszch,
1368 { "CommonHeader", "isystemactivator.actproperties.ts.hdr", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1369 { &hf_typeszph,
1370 { "PrivateHeader", "isystemactivator.actproperties.ts.hdr", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1371 { &hf_typesz_ver,
1372 { "Version", "isystemactivator.actproperties.ts.ver", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1373 { &hf_typesz_endianness,
1374 { "Endianness", "isystemactivator.actproperties.ts.end", FT_UINT8, BASE_HEX, VALS(ts_endian_vals), 0x0, NULL, HFILL }},
1375 { &hf_typesz_commhdrlen,
1376 { "CommonHeaderLength", "isystemactivator.actproperties.ts.chl", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1377 { &hf_typesz_filler,
1378 { "Filler", "isystemactivator.actproperties.ts.fil", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1379 { &hf_typesz_buflen,
1380 { "ObjectBufferLength", "isystemactivator.actproperties.ts.buflen", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1381 };
1382
1383
1384 /* Tree */
1385 static gint *ett[] = {
1386 &ett_isystemactivator,
1387 &ett_actproperties,
1388 &ett_properties,
1389 &ett_commonheader,
1390 &ett_propguids,
1391 &ett_typeszcommhdr,
1392 &ett_typeszprivhdr,
1393 &ett_dcom_spclsysprop,
1394 &ett_dcom_reserved,
1395 &ett_dcom_instantianinfo,
1396 &ett_dcom_actctxinfo,
1397 &ett_dcom_context,
1398 &ett_dcom_securityinfo,
1399 &ett_dcom_locationinfo,
1400 &ett_dcom_scmrqstinfo,
1401 &ett_dcom_rmtrqst,
1402
1403 &ett_dcom_propsoutput,
1404 &ett_dcom_scmrespinfo,
1405 &ett_dcom_rmtresp,
1406 &ett_dcom_oxidbinding,
1407
1408 };
1409
1410 proto_ISystemActivator = proto_register_protocol ("ISystemActivator ISystemActivator Resolver", "ISystemActivator", "isystemactivator");
1411 proto_register_field_array (proto_ISystemActivator, hf, array_length (hf));
1412 proto_register_field_array (proto_ISystemActivator, hf_actproperties, array_length (hf_actproperties));
1413 proto_register_field_array(proto_ISystemActivator, hf_tshdr, array_length(hf_tshdr));
1414 proto_register_subtree_array (ett, array_length (ett));
1415 }
1416
1417 void
1418 proto_reg_handoff_ISystemActivator (void)
1419 {
1420 /* Register the protocol as dcerpc */
1421 dcerpc_init_uuid (proto_ISystemActivator, ett_isystemactivator, &uuid_ISystemActivator,
1422 ver_ISystemActivator, ISystemActivator_dissectors, hf_opnum);
1423 }