Wireshark  4.3.0
The Wireshark network protocol analyzer
packet-dcerpc.h
1 /* packet-dcerpc.h
2  * Copyright 2001, Todd Sabin <tas@webspan.net>
3  * Copyright 2003, Tim Potter <tpot@samba.org>
4  *
5  * Wireshark - Network traffic analyzer
6  * By Gerald Combs <gerald@wireshark.org>
7  * Copyright 1998 Gerald Combs
8  *
9  * SPDX-License-Identifier: GPL-2.0-or-later
10  */
11 
12 #ifndef __PACKET_DCERPC_H__
13 #define __PACKET_DCERPC_H__
14 
15 #include <epan/conversation.h>
16 #include "ws_symbol_export.h"
17 
18 #ifdef __cplusplus
19 extern "C" {
20 #endif /* __cplusplus */
21 
22 #define DCERPC_TABLE_NAME "dcerpc.uuid"
23 /*
24  * Data representation.
25  */
26 #define DREP_LITTLE_ENDIAN 0x10
27 
28 #define DREP_EBCDIC 0x01
29 
30 /*
31  * Data representation to integer byte order.
32  */
33 #define DREP_ENC_INTEGER(drep) \
34  (((drep)[0] & DREP_LITTLE_ENDIAN) ? ENC_LITTLE_ENDIAN : ENC_BIG_ENDIAN)
35 
36 /*
37  * Data representation to (octet-string) character encoding.
38  */
39 #define DREP_ENC_CHAR(drep) \
40  (((drep)[0] & DREP_EBCDIC) ? ENC_EBCDIC|ENC_NA : ENC_ASCII|ENC_NA)
41 
42 #ifdef PT_R4
43 /* now glib always includes signal.h and on linux PPC
44  * signal.h defines PT_R4
45 */
46 #undef PT_R4
47 #endif
48 
49 #define DCERPC_UUID_NULL { 0,0,0, {0,0,0,0,0,0,0,0} }
50 
51 /* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */
52 #define DCERPC_UUID_STR_LEN 36+1
53 
54 typedef struct _e_ctx_hnd {
55  guint32 attributes;
56  e_guid_t uuid;
57 } e_ctx_hnd;
58 
59 typedef struct _e_dce_cn_common_hdr_t {
60  guint8 rpc_ver;
61  guint8 rpc_ver_minor;
62  guint8 ptype;
63  guint8 flags;
64  guint8 drep[4];
65  guint16 frag_len;
66  guint16 auth_len;
67  guint32 call_id;
69 
70 typedef struct _e_dce_dg_common_hdr_t {
71  guint8 rpc_ver;
72  guint8 ptype;
73  guint8 flags1;
74  guint8 flags2;
75  guint8 drep[3];
76  guint8 serial_hi;
77  e_guid_t obj_id;
78  e_guid_t if_id;
79  e_guid_t act_id;
80  guint32 server_boot;
81  guint32 if_ver;
82  guint32 seqnum;
83  guint16 opnum;
84  guint16 ihint;
85  guint16 ahint;
86  guint16 frag_len;
87  guint16 frag_num;
88  guint8 auth_proto;
89  guint8 serial_lo;
91 
93 
94 typedef struct _dcerpc_auth_info {
95  gboolean hdr_signing;
96  guint8 auth_type;
97  guint8 auth_level;
98  guint32 auth_context_id;
99  guint8 auth_pad_len;
100  guint32 auth_size;
101  struct _dcerpc_auth_subdissector_fns *auth_fns;
102  tvbuff_t *auth_hdr_tvb;
103  tvbuff_t *auth_tvb;
104  proto_item *auth_item;
105  proto_tree *auth_tree;
107 
108 typedef struct dcerpcstat_tap_data
109 {
110  const char *prog;
111  e_guid_t uuid;
112  guint16 ver;
113  int num_procedures;
115 
116 /* Private data passed to subdissectors from the main DCERPC dissector.
117  * One unique instance of this structure is created for each
118  * DCERPC request/response transaction when we see the initial request
119  * of the transaction.
120  * These instances are persistent and will remain available until the
121  * capture file is closed and a new one is read.
122  *
123  * For transactions where we never saw the request (missing from the trace)
124  * the dcerpc runtime will create a temporary "fake" such structure to pass
125  * to the response dissector. These fake structures are not persistent
126  * and can not be used to keep data hanging around.
127  */
128 typedef struct _dcerpc_call_value {
129  e_guid_t uuid; /* interface UUID */
130  guint16 ver; /* interface version */
131  e_guid_t object_uuid; /* optional object UUID (or DCERPC_UUID_NULL) */
132  guint16 opnum;
133  guint32 req_frame;
134  nstime_t req_time;
135  guint32 rep_frame;
136  guint32 max_ptr;
137  void *se_data; /* This holds any data with se allocation scope
138  * that we might want to keep
139  * for this request/response transaction.
140  * The pointer is initialized to NULL and must be
141  * checked before being dereferenced.
142  * This is useful for such things as when we
143  * need to pass persistent data from the request
144  * to the reply, such as LSA/OpenPolicy2() that
145  * uses this to pass the domain name from the
146  * request to the reply.
147  */
148  void *private_data; /* XXX This will later be renamed as ep_data */
149  e_ctx_hnd *pol; /* policy handle tracked between request/response*/
150 #define DCERPC_IS_NDR64 0x00000001
151  guint32 flags; /* flags for this transaction */
153 
154 typedef struct _dcerpc_info {
155  conversation_t *conv; /* Which TCP stream we are in */
156  guint32 call_id; /* Call ID for this call */
157  guint64 transport_salt; /* e.g. FID for DCERPC over SMB */
158  guint8 ptype; /* packet type: PDU_REQ, PDU_RESP, ... */
159  gboolean conformant_run;
160  gboolean no_align; /* are data aligned? (default yes) */
161  gint32 conformant_eaten; /* how many bytes did the conformant run eat?*/
162  guint32 array_max_count; /* max_count for conformant arrays */
163  guint32 array_max_count_offset;
164  guint32 array_offset;
165  guint32 array_offset_offset;
166  guint32 array_actual_count;
167  guint32 array_actual_count_offset;
168  int hf_index;
169  dcerpc_call_value *call_data;
170  const char *dcerpc_procedure_name; /* Used by PIDL to store the name of the current dcerpc procedure */
171  void *private_data;
172 } dcerpc_info;
173 
174 #define PDU_REQ 0
175 #define PDU_PING 1
176 #define PDU_RESP 2
177 #define PDU_FAULT 3
178 #define PDU_WORKING 4
179 #define PDU_NOCALL 5
180 #define PDU_REJECT 6
181 #define PDU_ACK 7
182 #define PDU_CL_CANCEL 8
183 #define PDU_FACK 9
184 #define PDU_CANCEL_ACK 10
185 #define PDU_BIND 11
186 #define PDU_BIND_ACK 12
187 #define PDU_BIND_NAK 13
188 #define PDU_ALTER 14
189 #define PDU_ALTER_ACK 15
190 #define PDU_AUTH3 16
191 #define PDU_SHUTDOWN 17
192 #define PDU_CO_CANCEL 18
193 #define PDU_ORPHANED 19
194 #define PDU_RTS 20
195 
196 /*
197  * helpers for packet-dcerpc.c and packet-dcerpc-ndr.c
198  * If you're writing a subdissector, you almost certainly want the
199  * NDR functions below.
200  */
201 guint16 dcerpc_tvb_get_ntohs (tvbuff_t *tvb, gint offset, guint8 *drep);
202 guint32 dcerpc_tvb_get_ntohl (tvbuff_t *tvb, gint offset, guint8 *drep);
203 void dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_guid_t *uuid);
204 WS_DLL_PUBLIC
205 int dissect_dcerpc_char (tvbuff_t *tvb, gint offset, packet_info *pinfo,
206  proto_tree *tree, guint8 *drep,
207  int hfindex, guint8 *pdata);
208 WS_DLL_PUBLIC
209 int dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
210  proto_tree *tree, guint8 *drep,
211  int hfindex, guint8 *pdata);
212 WS_DLL_PUBLIC
213 int dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
214  proto_tree *tree, guint8 *drep,
215  int hfindex, guint16 *pdata);
216 WS_DLL_PUBLIC
217 int dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
218  proto_tree *tree, guint8 *drep,
219  int hfindex, guint32 *pdata);
220 WS_DLL_PUBLIC
221 int dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
222  proto_tree *tree, dcerpc_info *di, guint8 *drep,
223  int hfindex, guint64 *pdata);
224 int dissect_dcerpc_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
225  proto_tree *tree, guint8 *drep,
226  int hfindex, gfloat *pdata);
227 int dissect_dcerpc_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
228  proto_tree *tree, guint8 *drep,
229  int hfindex, gdouble *pdata);
230 int dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
231  proto_tree *tree, guint8 *drep,
232  int hfindex, guint32 *pdata);
233 WS_DLL_PUBLIC
234 int dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
235  proto_tree *tree, guint8 *drep,
236  int hfindex, e_guid_t *pdata);
237 
238 /*
239  * NDR routines for subdissectors.
240  */
241 WS_DLL_PUBLIC
242 int dissect_ndr_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
243  proto_tree *tree, dcerpc_info *di, guint8 *drep,
244  int hfindex, guint8 *pdata);
245 int PIDL_dissect_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param);
246 int PIDL_dissect_uint8_val (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param, guint8 *pval);
247 WS_DLL_PUBLIC
248 int dissect_ndr_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
249  proto_tree *tree, dcerpc_info *di, guint8 *drep,
250  int hfindex, guint16 *pdata);
251 int PIDL_dissect_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param);
252 int PIDL_dissect_uint16_val (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param, guint16 *pval);
253 WS_DLL_PUBLIC
254 int dissect_ndr_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
255  proto_tree *tree, dcerpc_info *di, guint8 *drep,
256  int hfindex, guint32 *pdata);
257 int PIDL_dissect_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param);
258 int PIDL_dissect_uint32_val (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param, guint32 *rval);
259 WS_DLL_PUBLIC
260 int dissect_ndr_duint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
261  proto_tree *tree, dcerpc_info *di, guint8 *drep,
262  int hfindex, guint64 *pdata);
263 WS_DLL_PUBLIC
264 int dissect_ndr_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
265  proto_tree *tree, dcerpc_info *di, guint8 *drep,
266  int hfindex, guint64 *pdata);
267 int PIDL_dissect_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param);
268 int PIDL_dissect_uint64_val (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param, guint64 *pval);
269 WS_DLL_PUBLIC
270 int dissect_ndr_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
271  proto_tree *tree, dcerpc_info *di, guint8 *drep,
272  int hfindex, gfloat *pdata);
273 WS_DLL_PUBLIC
274 int dissect_ndr_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
275  proto_tree *tree, dcerpc_info *di, guint8 *drep,
276  int hfindex, gdouble *pdata);
277 
278 WS_DLL_PUBLIC
279 int dissect_ndr_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
280  proto_tree *tree, dcerpc_info *di, guint8 *drep,
281  int hfindex, guint32 *pdata);
282 WS_DLL_PUBLIC
283 int dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
284  proto_tree *tree, dcerpc_info *di, guint8 *drep,
285  int hfindex, e_guid_t *pdata);
286 int dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo,
287  proto_tree *tree, dcerpc_info *di, guint8 *drep,
288  int hfindex, e_ctx_hnd *pdata);
289 
290 #define FT_UINT1632 FT_UINT32
291 typedef guint32 guint1632;
292 
293 WS_DLL_PUBLIC
294 int dissect_ndr_uint1632 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
295  proto_tree *tree, dcerpc_info *di, guint8 *drep,
296  int hfindex, guint1632 *pdata);
297 
298 typedef guint64 guint3264;
299 
300 WS_DLL_PUBLIC
301 int dissect_ndr_uint3264 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
302  proto_tree *tree, dcerpc_info *di, guint8 *drep,
303  int hfindex, guint3264 *pdata);
304 
305 typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep);
306 typedef int (dcerpc_dissect_fnct_blk_t)(tvbuff_t *tvb, int offset, int length, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep);
307 
308 typedef void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, dcerpc_info *di, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args);
309 
310 #define NDR_POINTER_REF 1
311 #define NDR_POINTER_UNIQUE 2
312 #define NDR_POINTER_PTR 3
313 
314 int dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
315  proto_tree *tree, dcerpc_info *di, guint8 *drep,
316  dcerpc_dissect_fnct_t *fnct, int type, const char *text,
317  int hf_index, dcerpc_callback_fnct_t *callback,
318  void *callback_args);
319 
320 int dissect_ndr_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
321  proto_tree *tree, dcerpc_info *di, guint8 *drep,
322  dcerpc_dissect_fnct_t *fnct, int type, const char *text,
323  int hf_index);
324 int dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, dcerpc_info *di, guint8 *drep);
325 int dissect_ndr_embedded_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
326  proto_tree *tree, dcerpc_info *di, guint8 *drep,
327  dcerpc_dissect_fnct_t *fnct, int type, const char *text,
328  int hf_index);
329 int dissect_ndr_toplevel_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
330  proto_tree *tree, dcerpc_info *di, guint8 *drep,
331  dcerpc_dissect_fnct_t *fnct, int type, const char *text,
332  int hf_index);
333 
334 /* dissect a NDR unidimensional conformant array */
335 int dissect_ndr_ucarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
336  proto_tree *tree, dcerpc_info *di, guint8 *drep,
337  dcerpc_dissect_fnct_t *fnct);
338 
339 int dissect_ndr_ucarray_block(tvbuff_t *tvb, gint offset, packet_info *pinfo,
340  proto_tree *tree, dcerpc_info *di, guint8 *drep,
341  dcerpc_dissect_fnct_blk_t *fnct);
342 
343 /* dissect a NDR unidimensional conformant and varying array
344  * each byte in the array is processed separately
345  */
346 int dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
347  proto_tree *tree, dcerpc_info *di, guint8 *drep,
348  dcerpc_dissect_fnct_t *fnct);
349 
350 int dissect_ndr_ucvarray_block(tvbuff_t *tvb, gint offset, packet_info *pinfo,
351  proto_tree *tree, dcerpc_info *di, guint8 *drep,
352  dcerpc_dissect_fnct_blk_t *fnct);
353 
354 /* dissect a NDR unidimensional varying array */
355 int dissect_ndr_uvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
356  proto_tree *tree, dcerpc_info *di, guint8 *drep,
357  dcerpc_dissect_fnct_t *fnct);
358 
359 int dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
360  proto_tree *tree, dcerpc_info *di, guint8 *drep);
361 
362 int dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
363  proto_tree *tree, dcerpc_info *di, guint8 *drep, int size_is,
364  int hfinfo, gboolean add_subtree,
365  char **data);
366 int dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
367  proto_tree *tree, dcerpc_info *di, guint8 *drep);
368 int dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
369  proto_tree *tree, dcerpc_info *di, guint8 *drep);
370 int PIDL_dissect_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int chsize, int hfindex, guint32 param);
371 
372 int dissect_ndr_cstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
373  proto_tree *tree, dcerpc_info *di, guint8 *drep, int size_is,
374  int hfindex, gboolean add_subtree, char **data);
375 int dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
376  proto_tree *tree, dcerpc_info *di, guint8 *drep, int size_is,
377  int hfinfo, gboolean add_subtree,
378  char **data);
379 int dissect_ndr_char_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
380  proto_tree *tree, dcerpc_info *di, guint8 *drep);
381 int dissect_ndr_wchar_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
382  proto_tree *tree, dcerpc_info *di, guint8 *drep);
383 
384 typedef struct _dcerpc_sub_dissector {
385  guint16 num;
386  const gchar *name;
387  dcerpc_dissect_fnct_t *dissect_rqst;
388  dcerpc_dissect_fnct_t *dissect_resp;
390 
391 /* registration function for subdissectors */
392 WS_DLL_PUBLIC
393 void dcerpc_init_uuid (int proto, int ett, e_guid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs, int opnum_hf);
394 WS_DLL_PUBLIC
395 const char *dcerpc_get_proto_name(e_guid_t *uuid, guint16 ver);
396 WS_DLL_PUBLIC
397 int dcerpc_get_proto_hf_opnum(e_guid_t *uuid, guint16 ver);
398 WS_DLL_PUBLIC
399 dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_guid_t *uuid, guint16 ver);
400 
401 /* Create a opnum, name value_string from a subdissector list */
402 
403 value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd);
404 
405 /* Decode As... functionality */
406 /* remove all bindings */
407 WS_DLL_PUBLIC void decode_dcerpc_reset_all(void);
408 typedef void (*decode_add_show_list_func)(gpointer data, gpointer user_data);
409 WS_DLL_PUBLIC void decode_dcerpc_add_show_list(decode_add_show_list_func func, gpointer user_data);
410 
411 
412 /* the registered subdissectors. With MSVC and a
413  * libwireshark.dll, we need a special declaration.
414  */
415 /* Key: guid_key *
416  * Value: dcerpc_uuid_value *
417  */
418 WS_DLL_PUBLIC GHashTable *dcerpc_uuids;
419 
420 typedef struct _dcerpc_uuid_value {
421  protocol_t *proto;
422  int proto_id;
423  int ett;
424  const gchar *name;
425  dcerpc_sub_dissector *procs;
426  int opnum_hf;
428 
429 /* Authenticated pipe registration functions and miscellanea */
430 
431 typedef tvbuff_t *(dcerpc_decode_data_fnct_t)(tvbuff_t *header_tvb,
432  tvbuff_t *payload_tvb,
433  tvbuff_t *trailer_tvb,
434  tvbuff_t *auth_tvb,
435  packet_info *pinfo,
436  dcerpc_auth_info *auth_info);
437 
439 
440  /* Dissect credentials and verifiers */
441 
442  dcerpc_dissect_fnct_t *bind_fn;
443  dcerpc_dissect_fnct_t *bind_ack_fn;
444  dcerpc_dissect_fnct_t *auth3_fn;
445  dcerpc_dissect_fnct_t *req_verf_fn;
446  dcerpc_dissect_fnct_t *resp_verf_fn;
447 
448  /* Decrypt encrypted requests/response PDUs */
449 
450  dcerpc_decode_data_fnct_t *req_data_fn;
451  dcerpc_decode_data_fnct_t *resp_data_fn;
452 
454 
455 void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type,
457 
458 /* all values needed to (re-)build a dcerpc binding */
460  /* values of a typical conversation */
461  address addr_a;
462  address addr_b;
463  port_type ptype;
464  guint32 port_a;
465  guint32 port_b;
466  /* dcerpc conversation specific */
467  guint16 ctx_id;
468  guint64 transport_salt;
469  /* corresponding "interface" */
470  GString *ifname;
471  e_guid_t uuid;
472  guint16 ver;
474 
475 WS_DLL_PUBLIC guint64 dcerpc_get_transport_salt(packet_info *pinfo);
476 WS_DLL_PUBLIC void dcerpc_set_transport_salt(guint64 dcetransportsalt, packet_info *pinfo);
477 
478 /* Authentication services */
479 
480 /*
481  * For MS-specific SSPs (Security Service Provider), see
482  *
483  * https://docs.microsoft.com/en-us/windows/win32/rpc/authentication-level-constants
484  */
485 
486 #define DCE_C_RPC_AUTHN_PROTOCOL_NONE 0
487 #define DCE_C_RPC_AUTHN_PROTOCOL_KRB5 1
488 #define DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO 9
489 #define DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP 10
490 #define DCE_C_RPC_AUTHN_PROTOCOL_GSS_SCHANNEL 14
491 #define DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS 16
492 #define DCE_C_RPC_AUTHN_PROTOCOL_DPA 17
493 #define DCE_C_RPC_AUTHN_PROTOCOL_MSN 18
494 #define DCE_C_RPC_AUTHN_PROTOCOL_DIGEST 21
495 #define DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN 68
496 #define DCE_C_RPC_AUTHN_PROTOCOL_MQ 100
497 
498 /* Protection levels */
499 
500 #define DCE_C_AUTHN_LEVEL_NONE 1
501 #define DCE_C_AUTHN_LEVEL_CONNECT 2
502 #define DCE_C_AUTHN_LEVEL_CALL 3
503 #define DCE_C_AUTHN_LEVEL_PKT 4
504 #define DCE_C_AUTHN_LEVEL_PKT_INTEGRITY 5
505 #define DCE_C_AUTHN_LEVEL_PKT_PRIVACY 6
506 
507 void
508 init_ndr_pointer_list(dcerpc_info *di);
509 
510 
511 
512 /* These defines are used in the PIDL conformance files when using
513  * the PARAM_VALUE directive.
514  */
515 /* Policy handle tracking. Describes in which function a handle is
516  * opened/closed. See "winreg.cnf" for example.
517  *
518  * The guint32 param is divided up into multiple fields
519  *
520  * +--------+--------+--------+--------+
521  * | Flags | Type | | |
522  * +--------+--------+--------+--------+
523  */
524 /* Flags : */
525 #define PIDL_POLHND_OPEN 0x80000000
526 #define PIDL_POLHND_CLOSE 0x40000000
527 /* To "save" a pointer to the string in dcv->private_data */
528 #define PIDL_STR_SAVE 0x20000000
529 /* To make this value appear on the summary line for the packet */
530 #define PIDL_SET_COL_INFO 0x10000000
531 
532 /* Type */
533 #define PIDL_POLHND_TYPE_MASK 0x00ff0000
534 #define PIDL_POLHND_TYPE_SAMR_USER 0x00010000
535 #define PIDL_POLHND_TYPE_SAMR_CONNECT 0x00020000
536 #define PIDL_POLHND_TYPE_SAMR_DOMAIN 0x00030000
537 #define PIDL_POLHND_TYPE_SAMR_GROUP 0x00040000
538 #define PIDL_POLHND_TYPE_SAMR_ALIAS 0x00050000
539 
540 #define PIDL_POLHND_TYPE_LSA_POLICY 0x00060000
541 #define PIDL_POLHND_TYPE_LSA_ACCOUNT 0x00070000
542 #define PIDL_POLHND_TYPE_LSA_SECRET 0x00080000
543 #define PIDL_POLHND_TYPE_LSA_DOMAIN 0x00090000
544 
545 /* a structure we store for all policy handles we track */
546 typedef struct pol_value {
547  struct pol_value *next; /* Next entry in hash bucket */
548  guint32 open_frame, close_frame; /* Frame numbers for open/close */
549  guint32 first_frame; /* First frame in which this instance was seen */
550  guint32 last_frame; /* Last frame in which this instance was seen */
551  char *name; /* Name of policy handle */
552  guint32 type; /* policy handle type */
553 } pol_value;
554 
555 
556 extern int hf_dcerpc_drep_byteorder;
557 extern int hf_dcerpc_ndr_padding;
558 
559 #define FAKE_DCERPC_INFO_STRUCTURE \
560  /* Fake dcerpc_info structure */ \
561  dcerpc_info di; \
562  dcerpc_call_value call_data; \
563  \
564  di.conformant_run = FALSE; \
565  di.no_align = TRUE; \
566  \
567  /* we need di->call_data->flags.NDR64 == 0 */ \
568  call_data.flags = 0; \
569  di.call_data = &call_data;
570 
571 #ifdef __cplusplus
572 }
573 #endif /* __cplusplus */
574 
575 #endif /* packet-dcerpc.h */
Definition: address.h:55
Definition: packet-dcerpc.h:94
Definition: packet-dcerpc.h:438
Definition: packet-dcerpc.h:128
Definition: packet-dcerpc.h:154
Definition: packet-dcerpc.h:384
Definition: packet-dcerpc.h:420
Definition: packet-dcerpc.h:54
Definition: packet-dcerpc.h:59
Definition: packet-dcerpc.h:70
Definition: guid-utils.h:22
Definition: packet_info.h:44
Definition: proto.h:897
Definition: proto.c:361
Definition: value_string.h:26
Definition: conversation.h:202
Definition: packet-dcerpc.h:109
Definition: packet-dcerpc.h:459
Definition: nstime.h:26
Definition: packet-dcerpc.h:546
Definition: tvbuff-int.h:35