epan/dissectors/packet-windows-common.h

   1 /* packet-windows-common.h
   2  * Declarations for dissecting various Windows data types
   3  *
   4  * $Id$
   5  *
   6  * Wireshark - Network traffic analyzer
   7  * By Gerald Combs <gerald@wireshark.org>
   8  * Copyright 1998 Gerald Combs
   9  *
  10  * This program is free software; you can redistribute it and/or
  11  * modify it under the terms of the GNU General Public License
  12  * as published by the Free Software Foundation; either version 2
  13  * of the License, or (at your option) any later version.
  14  *
  15  * This program is distributed in the hope that it will be useful,
  16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18  * GNU General Public License for more details.
  19  *
  20  * You should have received a copy of the GNU General Public License
  21  * along with this program; if not, write to the Free Software
  22  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  23  */
  24
  25 #ifndef __PACKET_WINDOWS_COMMON_H__
  26 #define __PACKET_WINDOWS_COMMON_H__
  27
  28 #include "ws_symbol_export.h"
  29 #include "packet-dcerpc.h"
  30
  31 /* Win32 errors.
  32  * These defines specify the WERR error codes often encountered in ms DCE/RPC
  33  * interfaces (those that do not return NT status that is)
  34  *
  35  * The list is generated from the samba doserr.h file by running :
  36 (echo "#include \"doserr.h\"";echo "#define W_ERROR(x) x";cat doserr.h | grep "^#define WERR" | grep -v "FOOBAR" | sed -e "s/^#define[ \t]//" | while read WERR junk;do echo int foo${WERR}=${WERR}";" ; done ) | cpp | grep "^int foo" | sed -e "s/^int foo/#define /" -e "s/=/ /" -e "s/;$//"
  37  */
  38 #define WERR_OK 0
  39 #define WERR_BADFUNC 1
  40 #define WERR_BADFILE 2
  41 #define WERR_ACCESS_DENIED 5
  42 #define WERR_BADFID 6
  43 #define WERR_NOMEM 8
  44 #define WERR_GENERAL_FAILURE 31
  45 #define WERR_NOT_SUPPORTED 50
  46 #define WERR_BAD_NETPATH 53
  47 #define WERR_UNEXP_NET_ERR 59
  48 #define WERR_PRINTQ_FULL 61
  49 #define WERR_NO_SPOOL_SPACE 62
  50 #define WERR_NO_SUCH_SHARE 67
  51 #define WERR_FILE_EXISTS 80
  52 #define WERR_BAD_PASSWORD 86
  53 #define WERR_INVALID_PARAM 87
  54 #define WERR_INSUFFICIENT_BUFFER 122
  55 #define WERR_INVALID_NAME 123
  56 #define WERR_UNKNOWN_LEVEL 124
  57 #define WERR_OBJECT_PATH_INVALID 161
  58 #define WERR_ALREADY_EXISTS 183
  59 #define WERR_NO_MORE_ITEMS 259
  60 #define WERR_MORE_DATA 234
  61 #define WERR_CAN_NOT_COMPLETE 1003
  62 #define WERR_NOT_FOUND 1168
  63 #define WERR_INVALID_COMPUTERNAME 1210
  64 #define WERR_INVALID_DOMAINNAME 1212
  65 #define WERR_UNKNOWN_REVISION 1305
  66 #define WERR_REVISION_MISMATCH 1306
  67 #define WERR_INVALID_OWNER 1307
  68 #define WERR_NO_SUCH_PRIVILEGE 1313
  69 #define WERR_PRIVILEGE_NOT_HELD 1314
  70 #define WERR_NO_SUCH_USER 1317
  71 #define WERR_INVALID_SECURITY_DESCRIPTOR 1338
  72 #define WERR_NO_SUCH_DOMAIN 1355
  73 #define WERR_NO_SYSTEM_RESOURCES 1450
  74 #define WERR_SERVER_UNAVAILABLE 1722
  75 #define WERR_INVALID_FORM_NAME 1902
  76 #define WERR_INVALID_FORM_SIZE 1903
  77 #define WERR_ALREADY_SHARED 2118
  78 #define WERR_BUF_TOO_SMALL 2123
  79 #define WERR_JOB_NOT_FOUND 2151
  80 #define WERR_DEST_NOT_FOUND 2152
  81 #define WERR_NOT_LOCAL_DOMAIN 2320
  82 #define WERR_DEVICE_NOT_AVAILABLE 4319
  83 #define WERR_STATUS_MORE_ENTRIES 0x0105
  84 #define WERR_PRINTER_DRIVER_ALREADY_INSTALLED 1795
  85 #define WERR_UNKNOWN_PORT 1796
  86 #define WERR_UNKNOWN_PRINTER_DRIVER 1797
  87 #define WERR_UNKNOWN_PRINTPROCESSOR 1798
  88 #define WERR_INVALID_SEPARATOR_FILE 1799
  89 #define WERR_INVALID_PRIORITY 1800
  90 #define WERR_INVALID_PRINTER_NAME 1801
  91 #define WERR_PRINTER_ALREADY_EXISTS 1802
  92 #define WERR_INVALID_PRINTER_COMMAND 1803
  93 #define WERR_INVALID_DATATYPE 1804
  94 #define WERR_INVALID_ENVIRONMENT 1805
  95 #define WERR_SESSION_NOT_FOUND 2312
  96 #define WERR_FID_NOT_FOUND 2314
  97 #define WERR_UNKNOWN_PRINT_MONITOR 3000
  98 #define WERR_PRINTER_DRIVER_IN_USE 3001
  99 #define WERR_SPOOL_FILE_NOT_FOUND 3002
 100 #define WERR_SPL_NO_STARTDOC 3003
 101 #define WERR_SPL_NO_ADDJOB 3004
 102 #define WERR_PRINT_PROCESSOR_ALREADY_INSTALLED 3005
 103 #define WERR_PRINT_MONITOR_ALREADY_INSTALLED 3006
 104 #define WERR_INVALID_PRINT_MONITOR 3007
 105 #define WERR_PRINT_MONITOR_IN_USE 3008
 106 #define WERR_PRINTER_HAS_JOBS_QUEUED 3009
 107 #define WERR_CLASS_NOT_REGISTERED 0x40154
 108 #define WERR_NO_SHUTDOWN_IN_PROGRESS 0x45c
 109 #define WERR_SHUTDOWN_ALREADY_IN_PROGRESS 0x45b
 110 #define WERR_NET_NAME_NOT_FOUND (2100)+210
 111 #define WERR_DEVICE_NOT_SHARED (2100)+211
 112 #define WERR_DFS_NO_SUCH_VOL (2100)+562
 113 #define WERR_DFS_NO_SUCH_SHARE (2100)+565
 114 #define WERR_DFS_NO_SUCH_SERVER (2100)+573
 115 #define WERR_DFS_INTERNAL_ERROR (2100)+590
 116 #define WERR_DFS_CANT_CREATE_JUNCT (2100)+569
 117 #define WERR_DS_SERVICE_BUSY 0x0000200e
 118 #define WERR_DS_SERVICE_UNAVAILABLE 0x0000200f
 119 #define WERR_DS_NO_SUCH_OBJECT 0x00002030
 120 #define WERR_DS_OBJ_NOT_FOUND 0x0000208d
 121 #define WERR_DS_DRA_INVALID_PARAMETER 0x000020f5
 122 #define WERR_DS_DRA_BAD_DN 0x000020f7
 123 #define WERR_DS_DRA_BAD_NC 0x000020f8
 124 #define WERR_DS_DRA_INTERNAL_ERROR 0x000020fa
 125 #define WERR_DS_DRA_OUT_OF_MEM 0x000020fe
 126 #define WERR_DS_SINGLE_VALUE_CONSTRAINT 0x00002081
 127 #define WERR_DS_DRA_DB_ERROR 0x00002103
 128 #define WERR_DS_DRA_NO_REPLICA 0x00002104
 129 #define WERR_DS_DRA_ACCESS_DENIED 0x00002105
 130 #define WERR_DS_DNS_LOOKUP_FAILURE 0x0000214c
 131 #define WERR_DS_WRONG_LINKED_ATTRIBUTE_SYNTAX 0x00002150
 132 #define WERR_SEC_E_ALGORITHM_MISMATCH 0x80090331
 133
 134 extern const value_string WERR_errors[];
 135
 136
 137 /*
 138  * DOS error codes used by other dissectors.
 139  * At least some of these are from the SMB X/Open spec, as errors for
 140  * the ERRDOS error class, but they might be error codes returned from
 141  * DOS.
 142  */
 143 #define SMBE_badfunc 1             /* Invalid function (or system call) */
 144 #define SMBE_badfile 2             /* File not found (pathname error) */
 145 #define SMBE_badpath 3             /* Directory not found */
 146 #define SMBE_nofids 4              /* Too many open files */
 147 #define SMBE_noaccess 5            /* Access denied */
 148 #define SMBE_badfid 6              /* Invalid fid */
 149 #define SMBE_badmcb 7              /* Memory control blocks destroyed */
 150 #define SMBE_nomem 8               /* Out of memory */
 151 #define SMBE_badmem 9              /* Invalid memory block address */
 152 #define SMBE_badenv 10             /* Invalid environment */
 153 #define SMBE_badformat 11          /* Invalid format */
 154 #define SMBE_badaccess 12          /* Invalid open mode */
 155 #define SMBE_baddata 13            /* Invalid data (only from ioctl call) */
 156 #define SMBE_res 14
 157 #define SMBE_baddrive 15           /* Invalid drive */
 158 #define SMBE_remcd 16              /* Attempt to delete current directory */
 159 #define SMBE_diffdevice 17         /* rename/move across different filesystems */
 160 #define SMBE_nofiles 18            /* no more files found in file search */
 161 #define SMBE_badshare 32           /* Share mode on file conflict with open mode */
 162 #define SMBE_lock 33               /* Lock request conflicts with existing lock */
 163 #define SMBE_unsup 50              /* Request unsupported, returned by Win 95, RJS 20Jun98 */
 164 #define SMBE_nosuchshare 67        /* Share does not exist */
 165 #define SMBE_filexists 80          /* File in operation already exists */
 166 #define SMBE_invalidparam 87       /* Invalid parameter */
 167 #define SMBE_cannotopen 110        /* Cannot open the file specified */
 168 #define SMBE_insufficientbuffer 122/* Insufficient buffer size */
 169 #define SMBE_invalidname 123       /* Invalid name */
 170 #define SMBE_unknownlevel 124      /* Unknown info level */
 171 #define SMBE_alreadyexists 183     /* File already exists */
 172 #define SMBE_badpipe 230           /* Named pipe invalid */
 173 #define SMBE_pipebusy 231          /* All instances of pipe are busy */
 174 #define SMBE_pipeclosing 232       /* named pipe close in progress */
 175 #define SMBE_notconnected 233      /* No process on other end of named pipe */
 176 #define SMBE_moredata 234          /* More data to be returned */
 177 #define SMBE_nomoreitems 259       /* No more items */
 178 #define SMBE_baddirectory 267      /* Invalid directory name in a path. */
 179 #define SMBE_eas_didnt_fit 275     /* Extended attributes didn't fit */
 180 #define SMBE_eas_nsup 282          /* Extended attributes not supported */
 181 #define SMBE_notify_buf_small 1022 /* Buffer too small to return change notify. */
 182 #define SMBE_serverunavailable 1722/* Server unavailable */
 183 #define SMBE_unknownipc 2142
 184 #define SMBE_noipc 66              /* don't support ipc */
 185
 186 /* These errors seem to be only returned by the NT printer driver system */
 187
 188 #define SMBE_invalidowner 1307  /* Invalid security descriptor owner */
 189 #define SMBE_invalidsecuritydescriptor 1338 /* Invalid security descriptor */
 190 #define SMBE_unknownprinterdriver 1797 /* Unknown printer driver */
 191 #define SMBE_invalidprintername 1801   /* Invalid printer name */
 192 #define SMBE_printeralreadyexists 1802 /* Printer already exists */
 193 #define SMBE_invaliddatatype 1804      /* Invalid datatype */
 194 #define SMBE_invalidenvironment 1805   /* Invalid environment */
 195 #define SMBE_invalidformsize    1903   /* Invalid form size */
 196 #define SMBE_printerdriverinuse 3001   /* Printer driver in use */
 197
 198 extern const value_string DOS_errors[];
 199
 200 /*
 201  * NT error codes used by other dissectors.
 202  */
 203 extern const value_string NT_errors[];
 204
 205 extern const value_string ms_country_codes[];
 206
 207 WS_DLL_PUBLIC
 208 int dissect_nt_64bit_time(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date);
 209
 210
 211 /*
 212  *  SIDs and RIDs
 213  */
 214
 215 typedef struct _sid_strings {
 216         const char* sid;
 217         const char* name;
 218 } sid_strings;
 219
 220 /* Dissect a NT SID.  Label it with 'name' and return a string version
 221  * of the SID in the 'sid_str' parameter which has a packet lifetime
 222  * scope and should NOT be freed by the caller. hf_sid can be -1 if
 223  * the caller doesnt care what name is used and then "nt.sid" will be
 224  * the default instead. If the caller wants a more appropriate hf
 225  * field, it will just pass a FT_STRING hf field here
 226  */
 227
 228 WS_DLL_PUBLIC
 229 int dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
 230                    const char *name, char **sid_str, int hf_sid);
 231
 232 /*
 233  * Stuff for dissecting NT access masks
 234  */
 235
 236 /*
 237  * Access mask values
 238  */
 239
 240 /* Generic rights */
 241
 242 #define GENERIC_RIGHTS_MASK    0xF0000000
 243
 244 #define GENERIC_ALL_ACCESS     0x10000000
 245 #define GENERIC_EXECUTE_ACCESS 0x20000000
 246 #define GENERIC_WRITE_ACCESS   0x40000000
 247 #define GENERIC_READ_ACCESS    0x80000000
 248
 249 /* Misc/reserved */
 250
 251 #define ACCESS_SACL_ACCESS     0x00800000
 252 #define SYSTEM_SECURITY_ACCESS 0x01000000
 253 #define MAXIMUM_ALLOWED_ACCESS 0x02000000
 254
 255 /* Standard rights */
 256
 257 #define STANDARD_RIGHTS_MASK 0x00FF0000
 258
 259 #define DELETE_ACCESS        0x00010000
 260 #define READ_CONTROL_ACCESS  0x00020000
 261 #define WRITE_DAC_ACCESS     0x00040000
 262 #define WRITE_OWNER_ACCESS   0x00080000
 263 #define SYNCHRONIZE_ACCESS   0x00100000
 264
 265 /* Specific rights */
 266
 267 #define SPECIFIC_RIGHTS_MASK 0x0000FFFF /* Specific rights defined per-object */
 268
 269 typedef void (nt_access_mask_fn_t)(tvbuff_t *tvb, gint offset,
 270                                    proto_tree *tree, guint32 access);
 271
 272 /* Map generic access permissions to specific permissions */
 273
 274 struct generic_mapping {
 275         guint32 generic_read;
 276         guint32 generic_write;
 277         guint32 generic_execute;
 278         guint32 generic_all;
 279 };
 280
 281 /* Map standard access permissions to specific permissions */
 282
 283 struct standard_mapping {
 284         guint32 std_read;
 285         guint32 std_write;
 286         guint32 std_execute;
 287         guint32 std_all;
 288 };
 289
 290 struct access_mask_info {
 291         const char *specific_rights_name;
 292         nt_access_mask_fn_t *specific_rights_fn;
 293         struct generic_mapping *generic_mapping;
 294         struct standard_mapping *standard_mapping;
 295 };
 296
 297 int
 298 dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 299                        proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex,
 300                        struct access_mask_info *ami,
 301                        guint32 *perms);
 302
 303 int
 304 dissect_nt_sec_desc(tvbuff_t *tvb, int offset, packet_info *pinfo,
 305                     proto_tree *parent_tree, guint8 *drep,
 306                     gboolean len_supplied, int len,
 307                     struct access_mask_info *ami);
 308
 309 void
 310 proto_do_register_windows_common(int proto_smb);
 311
 312 int
 313 dissect_nt_security_information(tvbuff_t *tvb, int offset, proto_tree *parent_tree);
 314
 315 #endif
 316