search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: pinfo->private_data points to smb_info again
[wireshark-wip.git] / epan / dissectors / packet-dcerpc-efs.c
blobf9d544abf835b233b837f27dafadd964be1ee9c0
1 /* DO NOT EDIT
2 This filter was automatically generated
3 from efs.idl and efs.cnf.
4
5 Pidl is a perl based IDL compiler for DCE/RPC idl files.
6 It is maintained by the Samba team, not the Wireshark team.
7 Instructions on how to download and install Pidl can be
8 found at http://wiki.wireshark.org/Pidl
9
10 $Id$
11 */
12
13
14 #include "config.h"
15 #ifdef _MSC_VER
16 #pragma warning(disable:4005)
17 #pragma warning(disable:4013)
18 #pragma warning(disable:4018)
19 #pragma warning(disable:4101)
20 #endif
21
22 #include <glib.h>
23 #include <string.h>
24 #include <epan/packet.h>
25
26 #include "packet-dcerpc.h"
27 #include "packet-dcerpc-nt.h"
28 #include "packet-windows-common.h"
29 #include "packet-dcerpc-efs.h"
30
31 /* Ett declarations */
32 static gint ett_dcerpc_efs = -1;
33 static gint ett_efs_EFS_HASH_BLOB = -1;
34 static gint ett_efs_ENCRYPTION_CERTIFICATE_HASH = -1;
35 static gint ett_efs_ENCRYPTION_CERTIFICATE_HASH_LIST = -1;
36 static gint ett_efs_EFS_CERTIFICATE_BLOB = -1;
37 static gint ett_efs_ENCRYPTION_CERTIFICATE = -1;
38
39
40 /* Header field declarations */
41 static gint hf_efs_EfsRpcQueryUsersOnFile_pUsers = -1;
42 static gint hf_efs_EfsRpcDecryptFileSrv_FileName = -1;
43 static gint hf_efs_EfsRpcEncryptFileSrv_Filename = -1;
44 static gint hf_efs_EfsRpcOpenFileRaw_pvContext = -1;
45 static gint hf_efs_ENCRYPTION_CERTIFICATE_TotalLength = -1;
46 static gint hf_efs_EFS_CERTIFICATE_BLOB_dwCertEncodingType = -1;
47 static gint hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob = -1;
48 static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers = -1;
49 static gint hf_efs_EfsRpcWriteFileRaw_pvContext = -1;
50 static gint hf_efs_EFS_HASH_BLOB_pbData = -1;
51 static gint hf_efs_EfsRpcAddUsersToFile_FileName = -1;
52 static gint hf_efs_EfsRpcReadFileRaw_pvContext = -1;
53 static gint hf_efs_werror = -1;
54 static gint hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate = -1;
55 static gint hf_efs_EfsRpcQueryRecoveryAgents_FileName = -1;
56 static gint hf_efs_EfsRpcOpenFileRaw_FileName = -1;
57 static gint hf_efs_opnum = -1;
58 static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash = -1;
59 static gint hf_efs_EfsRpcDecryptFileSrv_Reserved = -1;
60 static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_pHash = -1;
61 static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid = -1;
62 static gint hf_efs_ENCRYPTION_CERTIFICATE_pUserSid = -1;
63 static gint hf_efs_EFS_CERTIFICATE_BLOB_pbData = -1;
64 static gint hf_efs_EFS_HASH_BLOB_cbData = -1;
65 static gint hf_efs_EfsRpcCloseRaw_pvContext = -1;
66 static gint hf_efs_EFS_CERTIFICATE_BLOB_cbData = -1;
67 static gint hf_efs_EfsRpcQueryUsersOnFile_FileName = -1;
68 static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength = -1;
69 static gint hf_efs_EfsRpcOpenFileRaw_Flags = -1;
70 static gint hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents = -1;
71 static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation = -1;
72 static gint hf_efs_EfsRpcRemoveUsersFromFile_FileName = -1;
73
74 static gint proto_dcerpc_efs = -1;
75 /* Version information */
76
77
78 static e_uuid_t uuid_dcerpc_efs = {
79 0xc681d488, 0xd850, 0x11d0,
80 { 0x8c, 0x52, 0x00, 0xc0, 0x4f, 0xd9, 0x0f, 0x7e }
81 };
82 static guint16 ver_dcerpc_efs = 1;
83
84 static int efs_dissect_element_EFS_HASH_BLOB_cbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
85 static int efs_dissect_element_EFS_HASH_BLOB_pbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
86 static int efs_dissect_element_EFS_HASH_BLOB_pbData_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
87 static int efs_dissect_element_EFS_HASH_BLOB_pbData__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
88 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
89 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pUserSid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
90 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pUserSid_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
91 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pHash(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
92 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pHash_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
93 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
94 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
95 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
96 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
97 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
98 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
99 static int efs_dissect_element_EFS_CERTIFICATE_BLOB_dwCertEncodingType(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
100 static int efs_dissect_element_EFS_CERTIFICATE_BLOB_cbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
101 static int efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
102 static int efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
103 static int efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
104 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_TotalLength(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
105 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_pUserSid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
106 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_pUserSid_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
107 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_pCertBlob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
108 static int efs_dissect_element_ENCRYPTION_CERTIFICATE_pCertBlob_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
109 static int efs_dissect_element_EfsRpcOpenFileRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
110 static int efs_dissect_element_EfsRpcOpenFileRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
111 static int efs_dissect_element_EfsRpcOpenFileRaw_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
112 static int efs_dissect_element_EfsRpcOpenFileRaw_Flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
113 static int efs_dissect_element_EfsRpcReadFileRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
114 static int efs_dissect_element_EfsRpcReadFileRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
115 static int efs_dissect_element_EfsRpcWriteFileRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
116 static int efs_dissect_element_EfsRpcWriteFileRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
117 static int efs_dissect_element_EfsRpcCloseRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
118 static int efs_dissect_element_EfsRpcCloseRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
119 static int efs_dissect_element_EfsRpcEncryptFileSrv_Filename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
120 static int efs_dissect_element_EfsRpcDecryptFileSrv_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
121 static int efs_dissect_element_EfsRpcDecryptFileSrv_Reserved(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
122 static int efs_dissect_element_EfsRpcQueryUsersOnFile_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
123 static int efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
124 static int efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
125 static int efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
126 static int efs_dissect_element_EfsRpcQueryRecoveryAgents_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
127 static int efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
128 static int efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
129 static int efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
130 static int efs_dissect_element_EfsRpcRemoveUsersFromFile_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
131 static int efs_dissect_element_EfsRpcAddUsersToFile_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
132 static int efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
133 static int efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
134 static int
135 efs_dissect_struct_dom_sid(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
136 {
137 if(di->conformant_run){
138 /* just a run to handle conformant arrays, no scalars to dissect */
139 return offset;
140 }
141 offset=dissect_nt_sid(tvb, offset, tree, "SID", NULL, -1);
142 return offset;
143 }
144
145
146 /* IDL: struct { */
147 /* IDL: uint32 cbData; */
148 /* IDL: [unique(1)] [size_is(cbData)] uint8 *pbData; */
149 /* IDL: } */
150
151 static int
152 efs_dissect_element_EFS_HASH_BLOB_cbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
153 {
154 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_EFS_HASH_BLOB_cbData, 0);
155
156 return offset;
157 }
158
159 static int
160 efs_dissect_element_EFS_HASH_BLOB_pbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
161 {
162 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EFS_HASH_BLOB_pbData_, NDR_POINTER_UNIQUE, "Pointer to Pbdata (uint8)",hf_efs_EFS_HASH_BLOB_pbData);
163
164 return offset;
165 }
166
167 static int
168 efs_dissect_element_EFS_HASH_BLOB_pbData_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
169 {
170 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EFS_HASH_BLOB_pbData__);
171
172 return offset;
173 }
174
175 static int
176 efs_dissect_element_EFS_HASH_BLOB_pbData__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
177 {
178 offset = PIDL_dissect_uint8(tvb, offset, pinfo, tree, di, drep, hf_efs_EFS_HASH_BLOB_pbData, 0);
179
180 return offset;
181 }
182
183 int
184 efs_dissect_struct_EFS_HASH_BLOB(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
185 {
186 proto_item *item = NULL;
187 proto_tree *tree = NULL;
188 int old_offset;
189
190 ALIGN_TO_5_BYTES;
191
192 old_offset = offset;
193
194 if (parent_tree) {
195 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
196 tree = proto_item_add_subtree(item, ett_efs_EFS_HASH_BLOB);
197 }
198
199 offset = efs_dissect_element_EFS_HASH_BLOB_cbData(tvb, offset, pinfo, tree, di, drep);
200
201 offset = efs_dissect_element_EFS_HASH_BLOB_pbData(tvb, offset, pinfo, tree, di, drep);
202
203
204 proto_item_set_len(item, offset-old_offset);
205
206
207 if (di->call_data->flags & DCERPC_IS_NDR64) {
208 ALIGN_TO_5_BYTES;
209 }
210
211 return offset;
212 }
213
214
215 /* IDL: struct { */
216 /* IDL: uint32 cbTotalLength; */
217 /* IDL: [unique(1)] dom_sid *pUserSid; */
218 /* IDL: [unique(1)] EFS_HASH_BLOB *pHash; */
219 /* IDL: [unique(1)] [charset(UTF16)] uint16 *lpDisplayInformation; */
220 /* IDL: } */
221
222 static int
223 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
224 {
225 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength, 0);
226
227 return offset;
228 }
229
230 static int
231 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pUserSid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
232 {
233 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pUserSid_, NDR_POINTER_UNIQUE, "Pointer to Pusersid (dom_sid)",hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid);
234
235 return offset;
236 }
237
238 static int
239 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pUserSid_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
240 {
241 offset = efs_dissect_struct_dom_sid(tvb,offset,pinfo,tree,di,drep,hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid,0);
242
243 return offset;
244 }
245
246 static int
247 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pHash(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
248 {
249 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pHash_, NDR_POINTER_UNIQUE, "Pointer to Phash (EFS_HASH_BLOB)",hf_efs_ENCRYPTION_CERTIFICATE_HASH_pHash);
250
251 return offset;
252 }
253
254 static int
255 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pHash_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
256 {
257 offset = efs_dissect_struct_EFS_HASH_BLOB(tvb,offset,pinfo,tree,di,drep,hf_efs_ENCRYPTION_CERTIFICATE_HASH_pHash,0);
258
259 return offset;
260 }
261
262 static int
263 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
264 {
265 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation_, NDR_POINTER_UNIQUE, "Pointer to Lpdisplayinformation (uint16)",hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation);
266
267 return offset;
268 }
269
270 static int
271 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
272 {
273 char *data;
274
275 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation, FALSE, &data);
276 proto_item_append_text(tree, ": %s", data);
277
278 return offset;
279 }
280
281 int
282 efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
283 {
284 proto_item *item = NULL;
285 proto_tree *tree = NULL;
286 int old_offset;
287
288 ALIGN_TO_5_BYTES;
289
290 old_offset = offset;
291
292 if (parent_tree) {
293 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
294 tree = proto_item_add_subtree(item, ett_efs_ENCRYPTION_CERTIFICATE_HASH);
295 }
296
297 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength(tvb, offset, pinfo, tree, di, drep);
298
299 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pUserSid(tvb, offset, pinfo, tree, di, drep);
300
301 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_pHash(tvb, offset, pinfo, tree, di, drep);
302
303 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation(tvb, offset, pinfo, tree, di, drep);
304
305
306 proto_item_set_len(item, offset-old_offset);
307
308
309 if (di->call_data->flags & DCERPC_IS_NDR64) {
310 ALIGN_TO_5_BYTES;
311 }
312
313 return offset;
314 }
315
316
317 /* IDL: struct { */
318 /* IDL: uint32 nCert_Hash; */
319 /* IDL: [unique(1)] [size_is(nCert_Hash)] ENCRYPTION_CERTIFICATE_HASH *pUsers[*]; */
320 /* IDL: } */
321
322 static int
323 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
324 {
325 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash, 0);
326
327 return offset;
328 }
329
330 static int
331 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
332 {
333 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers_);
334
335 return offset;
336 }
337
338 static int
339 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
340 {
341 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers__, NDR_POINTER_UNIQUE, "Pointer to Pusers (ENCRYPTION_CERTIFICATE_HASH)",hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers);
342
343 return offset;
344 }
345
346 static int
347 efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
348 {
349 offset = efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH(tvb,offset,pinfo,tree,di,drep,hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers,0);
350
351 return offset;
352 }
353
354 int
355 efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH_LIST(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
356 {
357 proto_item *item = NULL;
358 proto_tree *tree = NULL;
359 int old_offset;
360
361 ALIGN_TO_5_BYTES;
362
363 old_offset = offset;
364
365 if (parent_tree) {
366 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
367 tree = proto_item_add_subtree(item, ett_efs_ENCRYPTION_CERTIFICATE_HASH_LIST);
368 }
369
370 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash(tvb, offset, pinfo, tree, di, drep);
371
372 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers(tvb, offset, pinfo, tree, di, drep);
373
374
375 proto_item_set_len(item, offset-old_offset);
376
377
378 if (di->call_data->flags & DCERPC_IS_NDR64) {
379 ALIGN_TO_5_BYTES;
380 }
381
382 return offset;
383 }
384
385
386 /* IDL: struct { */
387 /* IDL: uint32 dwCertEncodingType; */
388 /* IDL: uint32 cbData; */
389 /* IDL: [unique(1)] [size_is(cbData)] uint8 *pbData; */
390 /* IDL: } */
391
392 static int
393 efs_dissect_element_EFS_CERTIFICATE_BLOB_dwCertEncodingType(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
394 {
395 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_EFS_CERTIFICATE_BLOB_dwCertEncodingType, 0);
396
397 return offset;
398 }
399
400 static int
401 efs_dissect_element_EFS_CERTIFICATE_BLOB_cbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
402 {
403 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_EFS_CERTIFICATE_BLOB_cbData, 0);
404
405 return offset;
406 }
407
408 static int
409 efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
410 {
411 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData_, NDR_POINTER_UNIQUE, "Pointer to Pbdata (uint8)",hf_efs_EFS_CERTIFICATE_BLOB_pbData);
412
413 return offset;
414 }
415
416 static int
417 efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
418 {
419 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData__);
420
421 return offset;
422 }
423
424 static int
425 efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
426 {
427 offset = PIDL_dissect_uint8(tvb, offset, pinfo, tree, di, drep, hf_efs_EFS_CERTIFICATE_BLOB_pbData, 0);
428
429 return offset;
430 }
431
432 int
433 efs_dissect_struct_EFS_CERTIFICATE_BLOB(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
434 {
435 proto_item *item = NULL;
436 proto_tree *tree = NULL;
437 int old_offset;
438
439 ALIGN_TO_5_BYTES;
440
441 old_offset = offset;
442
443 if (parent_tree) {
444 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
445 tree = proto_item_add_subtree(item, ett_efs_EFS_CERTIFICATE_BLOB);
446 }
447
448 offset = efs_dissect_element_EFS_CERTIFICATE_BLOB_dwCertEncodingType(tvb, offset, pinfo, tree, di, drep);
449
450 offset = efs_dissect_element_EFS_CERTIFICATE_BLOB_cbData(tvb, offset, pinfo, tree, di, drep);
451
452 offset = efs_dissect_element_EFS_CERTIFICATE_BLOB_pbData(tvb, offset, pinfo, tree, di, drep);
453
454
455 proto_item_set_len(item, offset-old_offset);
456
457
458 if (di->call_data->flags & DCERPC_IS_NDR64) {
459 ALIGN_TO_5_BYTES;
460 }
461
462 return offset;
463 }
464
465
466 /* IDL: struct { */
467 /* IDL: uint32 TotalLength; */
468 /* IDL: [unique(1)] dom_sid *pUserSid; */
469 /* IDL: [unique(1)] EFS_CERTIFICATE_BLOB *pCertBlob; */
470 /* IDL: } */
471
472 static int
473 efs_dissect_element_ENCRYPTION_CERTIFICATE_TotalLength(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
474 {
475 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_ENCRYPTION_CERTIFICATE_TotalLength, 0);
476
477 return offset;
478 }
479
480 static int
481 efs_dissect_element_ENCRYPTION_CERTIFICATE_pUserSid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
482 {
483 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_pUserSid_, NDR_POINTER_UNIQUE, "Pointer to Pusersid (dom_sid)",hf_efs_ENCRYPTION_CERTIFICATE_pUserSid);
484
485 return offset;
486 }
487
488 static int
489 efs_dissect_element_ENCRYPTION_CERTIFICATE_pUserSid_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
490 {
491 offset = efs_dissect_struct_dom_sid(tvb,offset,pinfo,tree,di,drep,hf_efs_ENCRYPTION_CERTIFICATE_pUserSid,0);
492
493 return offset;
494 }
495
496 static int
497 efs_dissect_element_ENCRYPTION_CERTIFICATE_pCertBlob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
498 {
499 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_ENCRYPTION_CERTIFICATE_pCertBlob_, NDR_POINTER_UNIQUE, "Pointer to Pcertblob (EFS_CERTIFICATE_BLOB)",hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob);
500
501 return offset;
502 }
503
504 static int
505 efs_dissect_element_ENCRYPTION_CERTIFICATE_pCertBlob_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
506 {
507 offset = efs_dissect_struct_EFS_CERTIFICATE_BLOB(tvb,offset,pinfo,tree,di,drep,hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob,0);
508
509 return offset;
510 }
511
512 int
513 efs_dissect_struct_ENCRYPTION_CERTIFICATE(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
514 {
515 proto_item *item = NULL;
516 proto_tree *tree = NULL;
517 int old_offset;
518
519 ALIGN_TO_5_BYTES;
520
521 old_offset = offset;
522
523 if (parent_tree) {
524 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
525 tree = proto_item_add_subtree(item, ett_efs_ENCRYPTION_CERTIFICATE);
526 }
527
528 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_TotalLength(tvb, offset, pinfo, tree, di, drep);
529
530 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_pUserSid(tvb, offset, pinfo, tree, di, drep);
531
532 offset = efs_dissect_element_ENCRYPTION_CERTIFICATE_pCertBlob(tvb, offset, pinfo, tree, di, drep);
533
534
535 proto_item_set_len(item, offset-old_offset);
536
537
538 if (di->call_data->flags & DCERPC_IS_NDR64) {
539 ALIGN_TO_5_BYTES;
540 }
541
542 return offset;
543 }
544
545 static int
546 efs_dissect_element_EfsRpcOpenFileRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
547 {
548 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcOpenFileRaw_pvContext_, NDR_POINTER_REF, "Pointer to Pvcontext (policy_handle)",hf_efs_EfsRpcOpenFileRaw_pvContext);
549
550 return offset;
551 }
552
553 static int
554 efs_dissect_element_EfsRpcOpenFileRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
555 {
556 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_efs_EfsRpcOpenFileRaw_pvContext, PIDL_POLHND_OPEN);
557
558 return offset;
559 }
560
561 static int
562 efs_dissect_element_EfsRpcOpenFileRaw_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
563 {
564 char *data;
565
566 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_efs_EfsRpcOpenFileRaw_FileName, FALSE, &data);
567 proto_item_append_text(tree, ": %s", data);
568
569 return offset;
570 }
571
572 static int
573 efs_dissect_element_EfsRpcOpenFileRaw_Flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
574 {
575 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_EfsRpcOpenFileRaw_Flags, 0);
576
577 return offset;
578 }
579
580 /* IDL: WERROR EfsRpcOpenFileRaw( */
581 /* IDL: [out] [ref] policy_handle *pvContext, */
582 /* IDL: [in] [charset(UTF16)] uint16 FileName[*], */
583 /* IDL: [in] uint32 Flags */
584 /* IDL: ); */
585
586 static int
587 efs_dissect_EfsRpcOpenFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
588 {
589 guint32 status;
590
591 pinfo->dcerpc_procedure_name="EfsRpcOpenFileRaw";
592 offset = efs_dissect_element_EfsRpcOpenFileRaw_pvContext(tvb, offset, pinfo, tree, di, drep);
593 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
594
595 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
596
597 if (status != 0)
598 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x"));
599
600 return offset;
601 }
602
603 static int
604 efs_dissect_EfsRpcOpenFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
605 {
606 pinfo->dcerpc_procedure_name="EfsRpcOpenFileRaw";
607 offset = efs_dissect_element_EfsRpcOpenFileRaw_FileName(tvb, offset, pinfo, tree, di, drep);
608 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
609 offset = efs_dissect_element_EfsRpcOpenFileRaw_Flags(tvb, offset, pinfo, tree, di, drep);
610 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
611 return offset;
612 }
613
614 static int
615 efs_dissect_element_EfsRpcReadFileRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
616 {
617 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcReadFileRaw_pvContext_, NDR_POINTER_REF, "Pointer to Pvcontext (policy_handle)",hf_efs_EfsRpcReadFileRaw_pvContext);
618
619 return offset;
620 }
621
622 static int
623 efs_dissect_element_EfsRpcReadFileRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
624 {
625 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_efs_EfsRpcReadFileRaw_pvContext, 0);
626
627 return offset;
628 }
629
630 /* IDL: WERROR EfsRpcReadFileRaw( */
631 /* IDL: [in] [ref] policy_handle *pvContext */
632 /* IDL: ); */
633
634 static int
635 efs_dissect_EfsRpcReadFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
636 {
637 guint32 status;
638
639 pinfo->dcerpc_procedure_name="EfsRpcReadFileRaw";
640 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
641
642 if (status != 0)
643 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x"));
644
645 return offset;
646 }
647
648 static int
649 efs_dissect_EfsRpcReadFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
650 {
651 pinfo->dcerpc_procedure_name="EfsRpcReadFileRaw";
652 offset = efs_dissect_element_EfsRpcReadFileRaw_pvContext(tvb, offset, pinfo, tree, di, drep);
653 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
654 return offset;
655 }
656
657 static int
658 efs_dissect_element_EfsRpcWriteFileRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
659 {
660 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcWriteFileRaw_pvContext_, NDR_POINTER_REF, "Pointer to Pvcontext (policy_handle)",hf_efs_EfsRpcWriteFileRaw_pvContext);
661
662 return offset;
663 }
664
665 static int
666 efs_dissect_element_EfsRpcWriteFileRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
667 {
668 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_efs_EfsRpcWriteFileRaw_pvContext, 0);
669
670 return offset;
671 }
672
673 /* IDL: WERROR EfsRpcWriteFileRaw( */
674 /* IDL: [in] [ref] policy_handle *pvContext */
675 /* IDL: ); */
676
677 static int
678 efs_dissect_EfsRpcWriteFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
679 {
680 guint32 status;
681
682 pinfo->dcerpc_procedure_name="EfsRpcWriteFileRaw";
683 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
684
685 if (status != 0)
686 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x"));
687
688 return offset;
689 }
690
691 static int
692 efs_dissect_EfsRpcWriteFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
693 {
694 pinfo->dcerpc_procedure_name="EfsRpcWriteFileRaw";
695 offset = efs_dissect_element_EfsRpcWriteFileRaw_pvContext(tvb, offset, pinfo, tree, di, drep);
696 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
697 return offset;
698 }
699
700 static int
701 efs_dissect_element_EfsRpcCloseRaw_pvContext(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
702 {
703 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcCloseRaw_pvContext_, NDR_POINTER_REF, "Pointer to Pvcontext (policy_handle)",hf_efs_EfsRpcCloseRaw_pvContext);
704
705 return offset;
706 }
707
708 static int
709 efs_dissect_element_EfsRpcCloseRaw_pvContext_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
710 {
711 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_efs_EfsRpcCloseRaw_pvContext, PIDL_POLHND_CLOSE);
712
713 return offset;
714 }
715
716 /* IDL: void EfsRpcCloseRaw( */
717 /* IDL: [out] [in] [ref] policy_handle *pvContext */
718 /* IDL: ); */
719
720 static int
721 efs_dissect_EfsRpcCloseRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
722 {
723 pinfo->dcerpc_procedure_name="EfsRpcCloseRaw";
724 offset = efs_dissect_element_EfsRpcCloseRaw_pvContext(tvb, offset, pinfo, tree, di, drep);
725 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
726
727 return offset;
728 }
729
730 static int
731 efs_dissect_EfsRpcCloseRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
732 {
733 pinfo->dcerpc_procedure_name="EfsRpcCloseRaw";
734 offset = efs_dissect_element_EfsRpcCloseRaw_pvContext(tvb, offset, pinfo, tree, di, drep);
735 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
736 return offset;
737 }
738
739 static int
740 efs_dissect_element_EfsRpcEncryptFileSrv_Filename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
741 {
742 char *data;
743
744 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_efs_EfsRpcEncryptFileSrv_Filename, FALSE, &data);
745 proto_item_append_text(tree, ": %s", data);
746
747 return offset;
748 }
749
750 /* IDL: WERROR EfsRpcEncryptFileSrv( */
751 /* IDL: [in] [charset(UTF16)] uint16 Filename[*] */
752 /* IDL: ); */
753
754 static int
755 efs_dissect_EfsRpcEncryptFileSrv_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
756 {
757 guint32 status;
758
759 pinfo->dcerpc_procedure_name="EfsRpcEncryptFileSrv";
760 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
761
762 if (status != 0)
763 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x"));
764
765 return offset;
766 }
767
768 static int
769 efs_dissect_EfsRpcEncryptFileSrv_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
770 {
771 pinfo->dcerpc_procedure_name="EfsRpcEncryptFileSrv";
772 offset = efs_dissect_element_EfsRpcEncryptFileSrv_Filename(tvb, offset, pinfo, tree, di, drep);
773 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
774 return offset;
775 }
776
777 static int
778 efs_dissect_element_EfsRpcDecryptFileSrv_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
779 {
780 char *data;
781
782 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_efs_EfsRpcDecryptFileSrv_FileName, FALSE, &data);
783 proto_item_append_text(tree, ": %s", data);
784
785 return offset;
786 }
787
788 static int
789 efs_dissect_element_EfsRpcDecryptFileSrv_Reserved(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
790 {
791 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_EfsRpcDecryptFileSrv_Reserved, 0);
792
793 return offset;
794 }
795
796 /* IDL: WERROR EfsRpcDecryptFileSrv( */
797 /* IDL: [in] [charset(UTF16)] uint16 FileName[*], */
798 /* IDL: [in] uint32 Reserved */
799 /* IDL: ); */
800
801 static int
802 efs_dissect_EfsRpcDecryptFileSrv_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
803 {
804 guint32 status;
805
806 pinfo->dcerpc_procedure_name="EfsRpcDecryptFileSrv";
807 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
808
809 if (status != 0)
810 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x"));
811
812 return offset;
813 }
814
815 static int
816 efs_dissect_EfsRpcDecryptFileSrv_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
817 {
818 pinfo->dcerpc_procedure_name="EfsRpcDecryptFileSrv";
819 offset = efs_dissect_element_EfsRpcDecryptFileSrv_FileName(tvb, offset, pinfo, tree, di, drep);
820 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
821 offset = efs_dissect_element_EfsRpcDecryptFileSrv_Reserved(tvb, offset, pinfo, tree, di, drep);
822 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
823 return offset;
824 }
825
826 static int
827 efs_dissect_element_EfsRpcQueryUsersOnFile_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
828 {
829 char *data;
830
831 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_efs_EfsRpcQueryUsersOnFile_FileName, FALSE, &data);
832 proto_item_append_text(tree, ": %s", data);
833
834 return offset;
835 }
836
837 static int
838 efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
839 {
840 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers_, NDR_POINTER_REF, "Pointer to Pusers (ENCRYPTION_CERTIFICATE_HASH_LIST)",hf_efs_EfsRpcQueryUsersOnFile_pUsers);
841
842 return offset;
843 }
844
845 static int
846 efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
847 {
848 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers__, NDR_POINTER_UNIQUE, "Pointer to Pusers (ENCRYPTION_CERTIFICATE_HASH_LIST)",hf_efs_EfsRpcQueryUsersOnFile_pUsers);
849
850 return offset;
851 }
852
853 static int
854 efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
855 {
856 offset = efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH_LIST(tvb,offset,pinfo,tree,di,drep,hf_efs_EfsRpcQueryUsersOnFile_pUsers,0);
857
858 return offset;
859 }
860
861 /* IDL: WERROR EfsRpcQueryUsersOnFile( */
862 /* IDL: [in] [charset(UTF16)] uint16 FileName[*], */
863 /* IDL: [out] [unique(1)] [ref] ENCRYPTION_CERTIFICATE_HASH_LIST **pUsers */
864 /* IDL: ); */
865
866 static int
867 efs_dissect_EfsRpcQueryUsersOnFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
868 {
869 guint32 status;
870
871 pinfo->dcerpc_procedure_name="EfsRpcQueryUsersOnFile";
872 offset = efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers(tvb, offset, pinfo, tree, di, drep);
873 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
874
875 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
876
877 if (status != 0)
878 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x"));
879
880 return offset;
881 }
882
883 static int
884 efs_dissect_EfsRpcQueryUsersOnFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
885 {
886 pinfo->dcerpc_procedure_name="EfsRpcQueryUsersOnFile";
887 offset = efs_dissect_element_EfsRpcQueryUsersOnFile_FileName(tvb, offset, pinfo, tree, di, drep);
888 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
889 return offset;
890 }
891
892 static int
893 efs_dissect_element_EfsRpcQueryRecoveryAgents_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
894 {
895 char *data;
896
897 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_efs_EfsRpcQueryRecoveryAgents_FileName, FALSE, &data);
898 proto_item_append_text(tree, ": %s", data);
899
900 return offset;
901 }
902
903 static int
904 efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
905 {
906 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents_, NDR_POINTER_REF, "Pointer to Precoveryagents (ENCRYPTION_CERTIFICATE_HASH_LIST)",hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents);
907
908 return offset;
909 }
910
911 static int
912 efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
913 {
914 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents__, NDR_POINTER_UNIQUE, "Pointer to Precoveryagents (ENCRYPTION_CERTIFICATE_HASH_LIST)",hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents);
915
916 return offset;
917 }
918
919 static int
920 efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
921 {
922 offset = efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH_LIST(tvb,offset,pinfo,tree,di,drep,hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents,0);
923
924 return offset;
925 }
926
927 /* IDL: WERROR EfsRpcQueryRecoveryAgents( */
928 /* IDL: [in] [charset(UTF16)] uint16 FileName[*], */
929 /* IDL: [out] [unique(1)] [ref] ENCRYPTION_CERTIFICATE_HASH_LIST **pRecoveryAgents */
930 /* IDL: ); */
931
932 static int
933 efs_dissect_EfsRpcQueryRecoveryAgents_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
934 {
935 guint32 status;
936
937 pinfo->dcerpc_procedure_name="EfsRpcQueryRecoveryAgents";
938 offset = efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents(tvb, offset, pinfo, tree, di, drep);
939 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
940
941 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
942
943 if (status != 0)
944 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x"));
945
946 return offset;
947 }
948
949 static int
950 efs_dissect_EfsRpcQueryRecoveryAgents_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
951 {
952 pinfo->dcerpc_procedure_name="EfsRpcQueryRecoveryAgents";
953 offset = efs_dissect_element_EfsRpcQueryRecoveryAgents_FileName(tvb, offset, pinfo, tree, di, drep);
954 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
955 return offset;
956 }
957
958 static int
959 efs_dissect_element_EfsRpcRemoveUsersFromFile_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
960 {
961 char *data;
962
963 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_efs_EfsRpcRemoveUsersFromFile_FileName, FALSE, &data);
964 proto_item_append_text(tree, ": %s", data);
965
966 return offset;
967 }
968
969 /* IDL: WERROR EfsRpcRemoveUsersFromFile( */
970 /* IDL: [in] [charset(UTF16)] uint16 FileName[*] */
971 /* IDL: ); */
972
973 static int
974 efs_dissect_EfsRpcRemoveUsersFromFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
975 {
976 guint32 status;
977
978 pinfo->dcerpc_procedure_name="EfsRpcRemoveUsersFromFile";
979 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
980
981 if (status != 0)
982 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x"));
983
984 return offset;
985 }
986
987 static int
988 efs_dissect_EfsRpcRemoveUsersFromFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
989 {
990 pinfo->dcerpc_procedure_name="EfsRpcRemoveUsersFromFile";
991 offset = efs_dissect_element_EfsRpcRemoveUsersFromFile_FileName(tvb, offset, pinfo, tree, di, drep);
992 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
993 return offset;
994 }
995
996 static int
997 efs_dissect_element_EfsRpcAddUsersToFile_FileName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
998 {
999 char *data;
1000
1001 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_efs_EfsRpcAddUsersToFile_FileName, FALSE, &data);
1002 proto_item_append_text(tree, ": %s", data);
1003
1004 return offset;
1005 }
1006
1007 /* IDL: WERROR EfsRpcAddUsersToFile( */
1008 /* IDL: [in] [charset(UTF16)] uint16 FileName[*] */
1009 /* IDL: ); */
1010
1011 static int
1012 efs_dissect_EfsRpcAddUsersToFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1013 {
1014 guint32 status;
1015
1016 pinfo->dcerpc_procedure_name="EfsRpcAddUsersToFile";
1017 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
1018
1019 if (status != 0)
1020 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x"));
1021
1022 return offset;
1023 }
1024
1025 static int
1026 efs_dissect_EfsRpcAddUsersToFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1027 {
1028 pinfo->dcerpc_procedure_name="EfsRpcAddUsersToFile";
1029 offset = efs_dissect_element_EfsRpcAddUsersToFile_FileName(tvb, offset, pinfo, tree, di, drep);
1030 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1031 return offset;
1032 }
1033
1034 static int
1035 efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1036 {
1037 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate_, NDR_POINTER_UNIQUE, "Pointer to Pencryptioncertificate (ENCRYPTION_CERTIFICATE)",hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate);
1038
1039 return offset;
1040 }
1041
1042 static int
1043 efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1044 {
1045 offset = efs_dissect_struct_ENCRYPTION_CERTIFICATE(tvb,offset,pinfo,tree,di,drep,hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate,0);
1046
1047 return offset;
1048 }
1049
1050 /* IDL: WERROR EfsRpcSetFileEncryptionKey( */
1051 /* IDL: [unique(1)] [in] ENCRYPTION_CERTIFICATE *pEncryptionCertificate */
1052 /* IDL: ); */
1053
1054 static int
1055 efs_dissect_EfsRpcSetFileEncryptionKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1056 {
1057 guint32 status;
1058
1059 pinfo->dcerpc_procedure_name="EfsRpcSetFileEncryptionKey";
1060 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
1061
1062 if (status != 0)
1063 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x"));
1064
1065 return offset;
1066 }
1067
1068 static int
1069 efs_dissect_EfsRpcSetFileEncryptionKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1070 {
1071 pinfo->dcerpc_procedure_name="EfsRpcSetFileEncryptionKey";
1072 offset = efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate(tvb, offset, pinfo, tree, di, drep);
1073 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1074 return offset;
1075 }
1076
1077 /* IDL: WERROR EfsRpcNotSupported( */
1078 /* IDL: */
1079 /* IDL: ); */
1080
1081 static int
1082 efs_dissect_EfsRpcNotSupported_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1083 {
1084 guint32 status;
1085
1086 pinfo->dcerpc_procedure_name="EfsRpcNotSupported";
1087 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
1088
1089 if (status != 0)
1090 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x"));
1091
1092 return offset;
1093 }
1094
1095 static int
1096 efs_dissect_EfsRpcNotSupported_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1097 {
1098 pinfo->dcerpc_procedure_name="EfsRpcNotSupported";
1099 return offset;
1100 }
1101
1102 /* IDL: WERROR EfsRpcFileKeyInfo( */
1103 /* IDL: */
1104 /* IDL: ); */
1105
1106 static int
1107 efs_dissect_EfsRpcFileKeyInfo_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1108 {
1109 guint32 status;
1110
1111 pinfo->dcerpc_procedure_name="EfsRpcFileKeyInfo";
1112 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
1113
1114 if (status != 0)
1115 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x"));
1116
1117 return offset;
1118 }
1119
1120 static int
1121 efs_dissect_EfsRpcFileKeyInfo_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1122 {
1123 pinfo->dcerpc_procedure_name="EfsRpcFileKeyInfo";
1124 return offset;
1125 }
1126
1127 /* IDL: WERROR EfsRpcDuplicateEncryptionInfoFile( */
1128 /* IDL: */
1129 /* IDL: ); */
1130
1131 static int
1132 efs_dissect_EfsRpcDuplicateEncryptionInfoFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1133 {
1134 guint32 status;
1135
1136 pinfo->dcerpc_procedure_name="EfsRpcDuplicateEncryptionInfoFile";
1137 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_efs_werror, &status);
1138
1139 if (status != 0)
1140 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x"));
1141
1142 return offset;
1143 }
1144
1145 static int
1146 efs_dissect_EfsRpcDuplicateEncryptionInfoFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1147 {
1148 pinfo->dcerpc_procedure_name="EfsRpcDuplicateEncryptionInfoFile";
1149 return offset;
1150 }
1151
1152
1153 static dcerpc_sub_dissector efs_dissectors[] = {
1154 { 0, "EfsRpcOpenFileRaw",
1155 efs_dissect_EfsRpcOpenFileRaw_request, efs_dissect_EfsRpcOpenFileRaw_response},
1156 { 1, "EfsRpcReadFileRaw",
1157 efs_dissect_EfsRpcReadFileRaw_request, efs_dissect_EfsRpcReadFileRaw_response},
1158 { 2, "EfsRpcWriteFileRaw",
1159 efs_dissect_EfsRpcWriteFileRaw_request, efs_dissect_EfsRpcWriteFileRaw_response},
1160 { 3, "EfsRpcCloseRaw",
1161 efs_dissect_EfsRpcCloseRaw_request, efs_dissect_EfsRpcCloseRaw_response},
1162 { 4, "EfsRpcEncryptFileSrv",
1163 efs_dissect_EfsRpcEncryptFileSrv_request, efs_dissect_EfsRpcEncryptFileSrv_response},
1164 { 5, "EfsRpcDecryptFileSrv",
1165 efs_dissect_EfsRpcDecryptFileSrv_request, efs_dissect_EfsRpcDecryptFileSrv_response},
1166 { 6, "EfsRpcQueryUsersOnFile",
1167 efs_dissect_EfsRpcQueryUsersOnFile_request, efs_dissect_EfsRpcQueryUsersOnFile_response},
1168 { 7, "EfsRpcQueryRecoveryAgents",
1169 efs_dissect_EfsRpcQueryRecoveryAgents_request, efs_dissect_EfsRpcQueryRecoveryAgents_response},
1170 { 8, "EfsRpcRemoveUsersFromFile",
1171 efs_dissect_EfsRpcRemoveUsersFromFile_request, efs_dissect_EfsRpcRemoveUsersFromFile_response},
1172 { 9, "EfsRpcAddUsersToFile",
1173 efs_dissect_EfsRpcAddUsersToFile_request, efs_dissect_EfsRpcAddUsersToFile_response},
1174 { 10, "EfsRpcSetFileEncryptionKey",
1175 efs_dissect_EfsRpcSetFileEncryptionKey_request, efs_dissect_EfsRpcSetFileEncryptionKey_response},
1176 { 11, "EfsRpcNotSupported",
1177 efs_dissect_EfsRpcNotSupported_request, efs_dissect_EfsRpcNotSupported_response},
1178 { 12, "EfsRpcFileKeyInfo",
1179 efs_dissect_EfsRpcFileKeyInfo_request, efs_dissect_EfsRpcFileKeyInfo_response},
1180 { 13, "EfsRpcDuplicateEncryptionInfoFile",
1181 efs_dissect_EfsRpcDuplicateEncryptionInfoFile_request, efs_dissect_EfsRpcDuplicateEncryptionInfoFile_response},
1182 { 0, NULL, NULL, NULL }
1183 };
1184
1185 void proto_register_dcerpc_efs(void)
1186 {
1187 static hf_register_info hf[] = {
1188 { &hf_efs_EfsRpcQueryUsersOnFile_pUsers,
1189 { "Pusers", "efs.EfsRpcQueryUsersOnFile.pUsers", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1190 { &hf_efs_EfsRpcDecryptFileSrv_FileName,
1191 { "Filename", "efs.EfsRpcDecryptFileSrv.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1192 { &hf_efs_EfsRpcEncryptFileSrv_Filename,
1193 { "Filename", "efs.EfsRpcEncryptFileSrv.Filename", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1194 { &hf_efs_EfsRpcOpenFileRaw_pvContext,
1195 { "Pvcontext", "efs.EfsRpcOpenFileRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
1196 { &hf_efs_ENCRYPTION_CERTIFICATE_TotalLength,
1197 { "Totallength", "efs.ENCRYPTION_CERTIFICATE.TotalLength", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1198 { &hf_efs_EFS_CERTIFICATE_BLOB_dwCertEncodingType,
1199 { "Dwcertencodingtype", "efs.EFS_CERTIFICATE_BLOB.dwCertEncodingType", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1200 { &hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob,
1201 { "Pcertblob", "efs.ENCRYPTION_CERTIFICATE.pCertBlob", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1202 { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers,
1203 { "Pusers", "efs.ENCRYPTION_CERTIFICATE_HASH_LIST.pUsers", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1204 { &hf_efs_EfsRpcWriteFileRaw_pvContext,
1205 { "Pvcontext", "efs.EfsRpcWriteFileRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
1206 { &hf_efs_EFS_HASH_BLOB_pbData,
1207 { "Pbdata", "efs.EFS_HASH_BLOB.pbData", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
1208 { &hf_efs_EfsRpcAddUsersToFile_FileName,
1209 { "Filename", "efs.EfsRpcAddUsersToFile.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1210 { &hf_efs_EfsRpcReadFileRaw_pvContext,
1211 { "Pvcontext", "efs.EfsRpcReadFileRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
1212 { &hf_efs_werror,
1213 { "Windows Error", "efs.werror", FT_UINT32, BASE_HEX, VALS(WERR_errors), 0, NULL, HFILL }},
1214 { &hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate,
1215 { "Pencryptioncertificate", "efs.EfsRpcSetFileEncryptionKey.pEncryptionCertificate", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1216 { &hf_efs_EfsRpcQueryRecoveryAgents_FileName,
1217 { "Filename", "efs.EfsRpcQueryRecoveryAgents.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1218 { &hf_efs_EfsRpcOpenFileRaw_FileName,
1219 { "Filename", "efs.EfsRpcOpenFileRaw.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1220 { &hf_efs_opnum,
1221 { "Operation", "efs.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
1222 { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash,
1223 { "Ncert Hash", "efs.ENCRYPTION_CERTIFICATE_HASH_LIST.nCert_Hash", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1224 { &hf_efs_EfsRpcDecryptFileSrv_Reserved,
1225 { "Reserved", "efs.EfsRpcDecryptFileSrv.Reserved", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1226 { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_pHash,
1227 { "Phash", "efs.ENCRYPTION_CERTIFICATE_HASH.pHash", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1228 { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid,
1229 { "Pusersid", "efs.ENCRYPTION_CERTIFICATE_HASH.pUserSid", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1230 { &hf_efs_ENCRYPTION_CERTIFICATE_pUserSid,
1231 { "Pusersid", "efs.ENCRYPTION_CERTIFICATE.pUserSid", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1232 { &hf_efs_EFS_CERTIFICATE_BLOB_pbData,
1233 { "Pbdata", "efs.EFS_CERTIFICATE_BLOB.pbData", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
1234 { &hf_efs_EFS_HASH_BLOB_cbData,
1235 { "Cbdata", "efs.EFS_HASH_BLOB.cbData", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1236 { &hf_efs_EfsRpcCloseRaw_pvContext,
1237 { "Pvcontext", "efs.EfsRpcCloseRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
1238 { &hf_efs_EFS_CERTIFICATE_BLOB_cbData,
1239 { "Cbdata", "efs.EFS_CERTIFICATE_BLOB.cbData", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1240 { &hf_efs_EfsRpcQueryUsersOnFile_FileName,
1241 { "Filename", "efs.EfsRpcQueryUsersOnFile.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1242 { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength,
1243 { "Cbtotallength", "efs.ENCRYPTION_CERTIFICATE_HASH.cbTotalLength", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1244 { &hf_efs_EfsRpcOpenFileRaw_Flags,
1245 { "Flags", "efs.EfsRpcOpenFileRaw.Flags", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
1246 { &hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents,
1247 { "Precoveryagents", "efs.EfsRpcQueryRecoveryAgents.pRecoveryAgents", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1248 { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation,
1249 { "Lpdisplayinformation", "efs.ENCRYPTION_CERTIFICATE_HASH.lpDisplayInformation", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1250 { &hf_efs_EfsRpcRemoveUsersFromFile_FileName,
1251 { "Filename", "efs.EfsRpcRemoveUsersFromFile.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1252 };
1253
1254
1255 static gint *ett[] = {
1256 &ett_dcerpc_efs,
1257 &ett_efs_EFS_HASH_BLOB,
1258 &ett_efs_ENCRYPTION_CERTIFICATE_HASH,
1259 &ett_efs_ENCRYPTION_CERTIFICATE_HASH_LIST,
1260 &ett_efs_EFS_CERTIFICATE_BLOB,
1261 &ett_efs_ENCRYPTION_CERTIFICATE,
1262 };
1263
1264 proto_dcerpc_efs = proto_register_protocol("EFS (pidl)", "EFS", "efs");
1265 proto_register_field_array(proto_dcerpc_efs, hf, array_length (hf));
1266 proto_register_subtree_array(ett, array_length(ett));
1267 }
1268
1269 void proto_reg_handoff_dcerpc_efs(void)
1270 {
1271 dcerpc_init_uuid(proto_dcerpc_efs, ett_dcerpc_efs,
1272 &uuid_dcerpc_efs, ver_dcerpc_efs,
1273 efs_dissectors, hf_efs_opnum);
1274 }