search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: pinfo->private_data points to smb_info again
[wireshark-wip.git] / epan / dissectors / packet-dcerpc.h
blob2a26bfc91dadf27fe84c15fc52357a47ffa02333
1 /* packet-dcerpc.h
2 * Copyright 2001, Todd Sabin <tas@webspan.net>
3 * Copyright 2003, Tim Potter <tpot@samba.org>
4 *
5 * $Id$
6 *
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
10 *
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26 #ifndef __PACKET_DCERPC_H__
27 #define __PACKET_DCERPC_H__
28
29 #include <epan/conversation.h>
30 #include "ws_symbol_export.h"
31
32 /*
33 * Data representation.
34 */
35 #define DREP_LITTLE_ENDIAN 0x10
36
37 /*
38 * Data representation to integer byte order.
39 */
40 #define DREP_ENC_INTEGER(drep) \
41 (((drep)[0] & DREP_LITTLE_ENDIAN) ? ENC_LITTLE_ENDIAN : ENC_BIG_ENDIAN)
42
43 #ifdef PT_R4
44 /* now glib always includes signal.h and on linux PPC
45 * signal.h defines PT_R4
46 */
47 #undef PT_R4
48 #endif
49
50 typedef struct _e_uuid_t {
51 guint32 Data1;
52 guint16 Data2;
53 guint16 Data3;
54 guint8 Data4[8];
55 } e_uuid_t;
56
57 #define DCERPC_UUID_NULL { 0,0,0, {0,0,0,0,0,0,0,0} }
58
59 /* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */
60 #define DCERPC_UUID_STR_LEN 36+1
61
62 typedef struct _e_ctx_hnd {
63 guint32 attributes;
64 e_uuid_t uuid;
65 } e_ctx_hnd;
66
67 typedef struct _e_dce_cn_common_hdr_t {
68 guint8 rpc_ver;
69 guint8 rpc_ver_minor;
70 guint8 ptype;
71 guint8 flags;
72 guint8 drep[4];
73 guint16 frag_len;
74 guint16 auth_len;
75 guint32 call_id;
76 } e_dce_cn_common_hdr_t;
77
78 typedef struct _e_dce_dg_common_hdr_t {
79 guint8 rpc_ver;
80 guint8 ptype;
81 guint8 flags1;
82 guint8 flags2;
83 guint8 drep[3];
84 guint8 serial_hi;
85 e_uuid_t obj_id;
86 e_uuid_t if_id;
87 e_uuid_t act_id;
88 guint32 server_boot;
89 guint32 if_ver;
90 guint32 seqnum;
91 guint16 opnum;
92 guint16 ihint;
93 guint16 ahint;
94 guint16 frag_len;
95 guint16 frag_num;
96 guint8 auth_proto;
97 guint8 serial_lo;
98 } e_dce_dg_common_hdr_t;
99
100 typedef struct _dcerpc_auth_info {
101 guint8 auth_pad_len;
102 guint8 auth_level;
103 guint8 auth_type;
104 guint32 auth_size;
105 tvbuff_t *auth_data;
106 } dcerpc_auth_info;
107
108 /* Private data passed to subdissectors from the main DCERPC dissector.
109 * One unique instance of this structure is created for each
110 * DCERPC request/response transaction when we see the initial request
111 * of the transaction.
112 * These instances are persistent and will remain available until the
113 * capture file is closed and a new one is read.
114 *
115 * For transactions where we never saw the request (missing from the trace)
116 * the dcerpc runtime will create a temporary "fake" such structure to pass
117 * to the response dissector. These fake structures are not persistent
118 * and can not be used to keep data hanging around.
119 */
120 typedef struct _dcerpc_call_value {
121 e_uuid_t uuid; /* interface UUID */
122 guint16 ver; /* interface version */
123 e_uuid_t object_uuid; /* optional object UUID (or DCERPC_UUID_NULL) */
124 guint16 opnum;
125 guint32 req_frame;
126 nstime_t req_time;
127 guint32 rep_frame;
128 guint32 max_ptr;
129 void *se_data; /* This holds any data with se allocation scope
130 * that we might want to keep
131 * for this request/response transaction.
132 * The pointer is initialized to NULL and must be
133 * checked before being dereferenced.
134 * This is useful for such things as when we
135 * need to pass persistent data from the request
136 * to the reply, such as LSA/OpenPolicy2() that
137 * uses this to pass the domain name from the
138 * request to the reply.
139 */
140 void *private_data; /* XXX This will later be renamed as ep_data */
141 e_ctx_hnd *pol; /* policy handle tracked between request/response*/
142 #define DCERPC_IS_NDR64 0x00000001
143 guint32 flags; /* flags for this transaction */
144 } dcerpc_call_value;
145
146 typedef struct _dcerpc_info {
147 conversation_t *conv; /* Which TCP stream we are in */
148 guint32 call_id; /* Call ID for this call */
149 guint16 smb_fid; /* FID for DCERPC over SMB */
150 guint8 ptype; /* packet type: PDU_REQ, PDU_RESP, ... */
151 gboolean conformant_run;
152 gboolean no_align; /* are data aligned? (default yes) */
153 gint32 conformant_eaten; /* how many bytes did the conformant run eat?*/
154 guint32 array_max_count; /* max_count for conformant arrays */
155 guint32 array_max_count_offset;
156 guint32 array_offset;
157 guint32 array_offset_offset;
158 guint32 array_actual_count;
159 guint32 array_actual_count_offset;
160 int hf_index;
161 dcerpc_call_value *call_data;
162 void *private_data;
163 } dcerpc_info;
164
165 #define PDU_REQ 0
166 #define PDU_PING 1
167 #define PDU_RESP 2
168 #define PDU_FAULT 3
169 #define PDU_WORKING 4
170 #define PDU_NOCALL 5
171 #define PDU_REJECT 6
172 #define PDU_ACK 7
173 #define PDU_CL_CANCEL 8
174 #define PDU_FACK 9
175 #define PDU_CANCEL_ACK 10
176 #define PDU_BIND 11
177 #define PDU_BIND_ACK 12
178 #define PDU_BIND_NAK 13
179 #define PDU_ALTER 14
180 #define PDU_ALTER_ACK 15
181 #define PDU_AUTH3 16
182 #define PDU_SHUTDOWN 17
183 #define PDU_CO_CANCEL 18
184 #define PDU_ORPHANED 19
185 #define PDU_RTS 20
186
187 /*
188 * helpers for packet-dcerpc.c and packet-dcerpc-ndr.c
189 * If you're writing a subdissector, you almost certainly want the
190 * NDR functions below.
191 */
192 guint16 dcerpc_tvb_get_ntohs (tvbuff_t *tvb, gint offset, guint8 *drep);
193 guint32 dcerpc_tvb_get_ntohl (tvbuff_t *tvb, gint offset, guint8 *drep);
194 void dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid);
195 WS_DLL_PUBLIC
196 int dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
197 proto_tree *tree, guint8 *drep,
198 int hfindex, guint8 *pdata);
199 WS_DLL_PUBLIC
200 int dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
201 proto_tree *tree, guint8 *drep,
202 int hfindex, guint16 *pdata);
203 WS_DLL_PUBLIC
204 int dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
205 proto_tree *tree, guint8 *drep,
206 int hfindex, guint32 *pdata);
207 WS_DLL_PUBLIC
208 int dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
209 proto_tree *tree, guint8 *drep,
210 int hfindex, guint64 *pdata);
211 int dissect_dcerpc_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
212 proto_tree *tree, guint8 *drep,
213 int hfindex, gfloat *pdata);
214 int dissect_dcerpc_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
215 proto_tree *tree, guint8 *drep,
216 int hfindex, gdouble *pdata);
217 int dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
218 proto_tree *tree, guint8 *drep,
219 int hfindex, guint32 *pdata);
220 WS_DLL_PUBLIC
221 int dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
222 proto_tree *tree, guint8 *drep,
223 int hfindex, e_uuid_t *pdata);
224
225 /*
226 * NDR routines for subdissectors.
227 */
228 WS_DLL_PUBLIC
229 int dissect_ndr_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
230 proto_tree *tree, dcerpc_info *di, guint8 *drep,
231 int hfindex, guint8 *pdata);
232 int PIDL_dissect_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param);
233 int PIDL_dissect_uint8_val (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param, guint8 *pval);
234 WS_DLL_PUBLIC
235 int dissect_ndr_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
236 proto_tree *tree, dcerpc_info *di, guint8 *drep,
237 int hfindex, guint16 *pdata);
238 int PIDL_dissect_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param);
239 int PIDL_dissect_uint16_val (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param, guint16 *pval);
240 WS_DLL_PUBLIC
241 int dissect_ndr_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
242 proto_tree *tree, dcerpc_info *di, guint8 *drep,
243 int hfindex, guint32 *pdata);
244 int PIDL_dissect_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param);
245 int PIDL_dissect_uint32_val (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param, guint32 *rval);
246 WS_DLL_PUBLIC
247 int dissect_ndr_duint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
248 proto_tree *tree, dcerpc_info *di, guint8 *drep,
249 int hfindex, guint64 *pdata);
250 int dissect_ndr_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
251 proto_tree *tree, dcerpc_info *di, guint8 *drep,
252 int hfindex, guint64 *pdata);
253 int PIDL_dissect_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param);
254 int PIDL_dissect_uint64_val (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param, guint64 *pval);
255 int dissect_ndr_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
256 proto_tree *tree, dcerpc_info *di, guint8 *drep,
257 int hfindex, gfloat *pdata);
258 WS_DLL_PUBLIC
259 int dissect_ndr_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
260 proto_tree *tree, dcerpc_info *di, guint8 *drep,
261 int hfindex, gdouble *pdata);
262 int dissect_ndr_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
263 proto_tree *tree, dcerpc_info *di, guint8 *drep,
264 int hfindex, guint32 *pdata);
265 WS_DLL_PUBLIC
266 int dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
267 proto_tree *tree, dcerpc_info *di, guint8 *drep,
268 int hfindex, e_uuid_t *pdata);
269 int dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo,
270 proto_tree *tree, dcerpc_info *di, guint8 *drep,
271 int hfindex, e_ctx_hnd *pdata);
272
273 #define FT_UINT1632 FT_UINT32
274 typedef guint32 guint1632;
275
276 WS_DLL_PUBLIC
277 int dissect_ndr_uint1632 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
278 proto_tree *tree, dcerpc_info *di, guint8 *drep,
279 int hfindex, guint1632 *pdata);
280
281 typedef guint64 guint3264;
282
283 WS_DLL_PUBLIC
284 int dissect_ndr_uint3264 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
285 proto_tree *tree, dcerpc_info *di, guint8 *drep,
286 int hfindex, guint3264 *pdata);
287
288 typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep);
289 typedef int (dcerpc_dissect_fnct_blk_t)(tvbuff_t *tvb, int offset, int length, packet_info *pinfo, proto_tree *tree, guint8 *drep);
290
291 typedef void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, dcerpc_info *di, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args);
292
293 #define NDR_POINTER_REF 1
294 #define NDR_POINTER_UNIQUE 2
295 #define NDR_POINTER_PTR 3
296
297 int dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
298 proto_tree *tree, dcerpc_info *di, guint8 *drep,
299 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
300 int hf_index, dcerpc_callback_fnct_t *callback,
301 void *callback_args);
302
303 int dissect_ndr_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
304 proto_tree *tree, dcerpc_info *di, guint8 *drep,
305 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
306 int hf_index);
307 int dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, dcerpc_info *di, guint8 *drep);
308 int dissect_ndr_embedded_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
309 proto_tree *tree, dcerpc_info *di, guint8 *drep,
310 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
311 int hf_index);
312 int dissect_ndr_toplevel_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
313 proto_tree *tree, dcerpc_info *di, guint8 *drep,
314 dcerpc_dissect_fnct_t *fnct, int type, const char *text,
315 int hf_index);
316
317 /* dissect a NDR unidimensional conformant array */
318 int dissect_ndr_ucarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
319 proto_tree *tree, dcerpc_info *di, guint8 *drep,
320 dcerpc_dissect_fnct_t *fnct);
321
322 /* dissect a NDR unidimensional conformant and varying array
323 * each byte in the array is processed separately
324 */
325 int dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
326 proto_tree *tree, dcerpc_info *di, guint8 *drep,
327 dcerpc_dissect_fnct_t *fnct);
328
329 int dissect_ndr_ucvarray_block(tvbuff_t *tvb, gint offset, packet_info *pinfo,
330 proto_tree *tree, dcerpc_info *di, guint8 *drep,
331 dcerpc_dissect_fnct_blk_t *fnct);
332
333 /* dissect a NDR unidimensional varying array */
334 int dissect_ndr_uvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
335 proto_tree *tree, dcerpc_info *di, guint8 *drep,
336 dcerpc_dissect_fnct_t *fnct);
337
338 int dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
339 proto_tree *tree, dcerpc_info *di, guint8 *drep);
340
341 int dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
342 proto_tree *tree, dcerpc_info *di, guint8 *drep, int size_is,
343 int hfinfo, gboolean add_subtree,
344 char **data);
345 int dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
346 proto_tree *tree, dcerpc_info *di, guint8 *drep);
347 int dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
348 proto_tree *tree, dcerpc_info *di, guint8 *drep);
349 int PIDL_dissect_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int chsize, int hfindex, guint32 param);
350
351 int dissect_ndr_cstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
352 proto_tree *tree, dcerpc_info *di, guint8 *drep, int size_is,
353 int hfindex, gboolean add_subtree, char **data);
354 int dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
355 proto_tree *tree, dcerpc_info *di, guint8 *drep, int size_is,
356 int hfinfo, gboolean add_subtree,
357 char **data);
358 int dissect_ndr_char_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
359 proto_tree *tree, dcerpc_info *di, guint8 *drep);
360 int dissect_ndr_wchar_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
361 proto_tree *tree, dcerpc_info *di, guint8 *drep);
362
363 typedef struct _dcerpc_sub_dissector {
364 guint16 num;
365 const gchar *name;
366 dcerpc_dissect_fnct_t *dissect_rqst;
367 dcerpc_dissect_fnct_t *dissect_resp;
368 } dcerpc_sub_dissector;
369
370 /* registration function for subdissectors */
371 WS_DLL_PUBLIC
372 void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs, int opnum_hf);
373 WS_DLL_PUBLIC
374 const char *dcerpc_get_proto_name(e_uuid_t *uuid, guint16 ver);
375 WS_DLL_PUBLIC
376 int dcerpc_get_proto_hf_opnum(e_uuid_t *uuid, guint16 ver);
377 WS_DLL_PUBLIC
378 dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver);
379
380 /* Create a opnum, name value_string from a subdissector list */
381
382 value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd);
383
384
385 /* the init_protocol hooks. With MSVC and a
386 * libwireshark.dll, we need a special declaration.
387 */
388 WS_DLL_PUBLIC GHookList dcerpc_hooks_init_protos;
389
390 /* the registered subdissectors. With MSVC and a
391 * libwireshark.dll, we need a special declaration.
392 */
393 WS_DLL_PUBLIC GHashTable *dcerpc_uuids;
394
395 typedef struct _dcerpc_uuid_key {
396 e_uuid_t uuid;
397 guint16 ver;
398 } dcerpc_uuid_key;
399
400 typedef struct _dcerpc_uuid_value {
401 protocol_t *proto;
402 int proto_id;
403 int ett;
404 const gchar *name;
405 dcerpc_sub_dissector *procs;
406 int opnum_hf;
407 } dcerpc_uuid_value;
408
409 /* Authenticated pipe registration functions and miscellanea */
410
411 typedef tvbuff_t *(dcerpc_decode_data_fnct_t)(tvbuff_t *data_tvb,
412 tvbuff_t *auth_tvb,
413 int offset,
414 packet_info *pinfo,
415 dcerpc_auth_info *auth_info);
416
417 typedef struct _dcerpc_auth_subdissector_fns {
418
419 /* Dissect credentials and verifiers */
420
421 dcerpc_dissect_fnct_t *bind_fn;
422 dcerpc_dissect_fnct_t *bind_ack_fn;
423 dcerpc_dissect_fnct_t *auth3_fn;
424 dcerpc_dissect_fnct_t *req_verf_fn;
425 dcerpc_dissect_fnct_t *resp_verf_fn;
426
427 /* Decrypt encrypted requests/response PDUs */
428
429 dcerpc_decode_data_fnct_t *req_data_fn;
430 dcerpc_decode_data_fnct_t *resp_data_fn;
431
432 } dcerpc_auth_subdissector_fns;
433
434 void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type,
435 dcerpc_auth_subdissector_fns *fns);
436
437 /* all values needed to (re-)build a dcerpc binding */
438 typedef struct decode_dcerpc_bind_values_s {
439 /* values of a typical conversation */
440 address addr_a;
441 address addr_b;
442 port_type ptype;
443 guint32 port_a;
444 guint32 port_b;
445 /* dcerpc conversation specific */
446 guint16 ctx_id;
447 guint16 smb_fid;
448 /* corresponding "interface" */
449 GString *ifname;
450 e_uuid_t uuid;
451 guint16 ver;
452 } decode_dcerpc_bind_values_t;
453
454 /* Helper for "decode as" dialog to set up a UUID/conversation binding. */
455 WS_DLL_PUBLIC
456 struct _dcerpc_bind_value *
457 dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding);
458
459 WS_DLL_PUBLIC
460 guint16
461 dcerpc_get_transport_salt (packet_info *pinfo);
462
463 /* Authentication services */
464
465 /*
466 * For MS-specific SSPs (Security Service Provider), see
467 *
468 * http://msdn.microsoft.com/library/en-us/rpc/rpc/authentication_level_constants.asp
469 */
470
471 #define DCE_C_RPC_AUTHN_PROTOCOL_NONE 0
472 #define DCE_C_RPC_AUTHN_PROTOCOL_KRB5 1
473 #define DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO 9
474 #define DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP 10
475 #define DCE_C_RPC_AUTHN_PROTOCOL_GSS_SCHANNEL 14
476 #define DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS 16
477 #define DCE_C_RPC_AUTHN_PROTOCOL_DPA 17
478 #define DCE_C_RPC_AUTHN_PROTOCOL_MSN 18
479 #define DCE_C_RPC_AUTHN_PROTOCOL_DIGEST 21
480 #define DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN 68
481 #define DCE_C_RPC_AUTHN_PROTOCOL_MQ 100
482
483 /* Protection levels */
484
485 #define DCE_C_AUTHN_LEVEL_NONE 1
486 #define DCE_C_AUTHN_LEVEL_CONNECT 2
487 #define DCE_C_AUTHN_LEVEL_CALL 3
488 #define DCE_C_AUTHN_LEVEL_PKT 4
489 #define DCE_C_AUTHN_LEVEL_PKT_INTEGRITY 5
490 #define DCE_C_AUTHN_LEVEL_PKT_PRIVACY 6
491
492 void
493 init_ndr_pointer_list(dcerpc_info *di);
494
495
496
497 /* These defines are used in the PIDL conformance files when using
498 * the PARAM_VALUE directive.
499 */
500 /* Policy handle tracking. Describes in which function a handle is
501 * opened/closed. See "winreg.cnf" for example.
502 *
503 * The guint32 param is divided up into multiple fields
504 *
505 * +--------+--------+--------+--------+
506 * | Flags | Type | | |
507 * +--------+--------+--------+--------+
508 */
509 /* Flags : */
510 #define PIDL_POLHND_OPEN 0x80000000
511 #define PIDL_POLHND_CLOSE 0x40000000
512 /* To "save" a pointer to the string in dcv->private_data */
513 #define PIDL_STR_SAVE 0x20000000
514 /* To make this value appear on the summary line for the packet */
515 #define PIDL_SET_COL_INFO 0x10000000
516
517 /* Type */
518 #define PIDL_POLHND_TYPE_MASK 0x00ff0000
519 #define PIDL_POLHND_TYPE_SAMR_USER 0x00010000
520 #define PIDL_POLHND_TYPE_SAMR_CONNECT 0x00020000
521 #define PIDL_POLHND_TYPE_SAMR_DOMAIN 0x00030000
522 #define PIDL_POLHND_TYPE_SAMR_GROUP 0x00040000
523 #define PIDL_POLHND_TYPE_SAMR_ALIAS 0x00050000
524
525 #define PIDL_POLHND_TYPE_LSA_POLICY 0x00060000
526 #define PIDL_POLHND_TYPE_LSA_ACCOUNT 0x00070000
527 #define PIDL_POLHND_TYPE_LSA_SECRET 0x00080000
528 #define PIDL_POLHND_TYPE_LSA_DOMAIN 0x00090000
529
530 /* a structure we store for all policy handles we track */
531 typedef struct pol_value {
532 struct pol_value *next; /* Next entry in hash bucket */
533 guint32 open_frame, close_frame; /* Frame numbers for open/close */
534 guint32 first_frame; /* First frame in which this instance was seen */
535 guint32 last_frame; /* Last frame in which this instance was seen */
536 char *name; /* Name of policy handle */
537 guint32 type; /* policy handle type */
538 } pol_value;
539
540
541 extern int hf_dcerpc_drep_byteorder;
542
543 #define FAKE_DCERPC_INFO_STRUCTURE \
544 /* Fake dcerpc_info structure */ \
545 dcerpc_info di; \
546 dcerpc_call_value call_data; \
547 \
548 di.conformant_run = FALSE; \
549 di.no_align = TRUE; \
550 \
551 /* we need di->call_data->flags.NDR64 == 0 */ \
552 call_data.flags = 0; \
553 di.call_data = &call_data;
554
555 #endif /* packet-dcerpc.h */