Wireshark  2.9.0-477-g68ec514b
The Wireshark network protocol analyzer
packet-dcerpc.h
1 /* packet-dcerpc.h
2  * Copyright 2001, Todd Sabin <tas@webspan.net>
3  * Copyright 2003, Tim Potter <tpot@samba.org>
4  *
5  * Wireshark - Network traffic analyzer
6  * By Gerald Combs <gerald@wireshark.org>
7  * Copyright 1998 Gerald Combs
8  *
9  * SPDX-License-Identifier: GPL-2.0-or-later
10  */
11 
12 #ifndef __PACKET_DCERPC_H__
13 #define __PACKET_DCERPC_H__
14 
15 #include <epan/conversation.h>
16 #include "ws_symbol_export.h"
17 
18 #ifdef __cplusplus
19 extern "C" {
20 #endif /* __cplusplus */
21 
22 /*
23  * Data representation.
24  */
25 #define DREP_LITTLE_ENDIAN 0x10
26 
27 #define DREP_EBCDIC 0x01
28 
29 /*
30  * Data representation to integer byte order.
31  */
32 #define DREP_ENC_INTEGER(drep) \
33  (((drep)[0] & DREP_LITTLE_ENDIAN) ? ENC_LITTLE_ENDIAN : ENC_BIG_ENDIAN)
34 
35 /*
36  * Data representation to (octet-string) character encoding.
37  */
38 #define DREP_ENC_CHAR(drep) \
39  (((drep)[0] & DREP_EBCDIC) ? ENC_EBCDIC|ENC_NA : ENC_ASCII|ENC_NA)
40 
41 #ifdef PT_R4
42 /* now glib always includes signal.h and on linux PPC
43  * signal.h defines PT_R4
44 */
45 #undef PT_R4
46 #endif
47 
48 #define DCERPC_UUID_NULL { 0,0,0, {0,0,0,0,0,0,0,0} }
49 
50 /* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */
51 #define DCERPC_UUID_STR_LEN 36+1
52 
53 typedef struct _e_ctx_hnd {
54  guint32 attributes;
55  e_guid_t uuid;
56 } e_ctx_hnd;
57 
58 typedef struct _e_dce_cn_common_hdr_t {
59  guint8 rpc_ver;
60  guint8 rpc_ver_minor;
61  guint8 ptype;
62  guint8 flags;
63  guint8 drep[4];
64  guint16 frag_len;
65  guint16 auth_len;
66  guint32 call_id;
68 
69 typedef struct _e_dce_dg_common_hdr_t {
70  guint8 rpc_ver;
71  guint8 ptype;
72  guint8 flags1;
73  guint8 flags2;
74  guint8 drep[3];
75  guint8 serial_hi;
76  e_guid_t obj_id;
77  e_guid_t if_id;
78  e_guid_t act_id;
79  guint32 server_boot;
80  guint32 if_ver;
81  guint32 seqnum;
82  guint16 opnum;
83  guint16 ihint;
84  guint16 ahint;
85  guint16 frag_len;
86  guint16 frag_num;
87  guint8 auth_proto;
88  guint8 serial_lo;
90 
92 
93 typedef struct _dcerpc_auth_info {
94  guint8 auth_type;
95  guint8 auth_level;
96  guint32 auth_context_id;
97  guint8 auth_pad_len;
98  guint32 auth_size;
99  struct _dcerpc_auth_subdissector_fns *auth_fns;
100  tvbuff_t *auth_tvb;
101  proto_item *auth_item;
102  proto_tree *auth_tree;
104 
105 typedef struct dcerpcstat_tap_data
106 {
107  const char *prog;
108  e_guid_t uuid;
109  guint16 ver;
110  int num_procedures;
112 
113 /* Private data passed to subdissectors from the main DCERPC dissector.
114  * One unique instance of this structure is created for each
115  * DCERPC request/response transaction when we see the initial request
116  * of the transaction.
117  * These instances are persistent and will remain available until the
118  * capture file is closed and a new one is read.
119  *
120  * For transactions where we never saw the request (missing from the trace)
121  * the dcerpc runtime will create a temporary "fake" such structure to pass
122  * to the response dissector. These fake structures are not persistent
123  * and can not be used to keep data hanging around.
124  */
125 typedef struct _dcerpc_call_value {
126  e_guid_t uuid; /* interface UUID */
127  guint16 ver; /* interface version */
128  e_guid_t object_uuid; /* optional object UUID (or DCERPC_UUID_NULL) */
129  guint16 opnum;
130  guint32 req_frame;
131  nstime_t req_time;
132  guint32 rep_frame;
133  guint32 max_ptr;
134  void *se_data; /* This holds any data with se allocation scope
135  * that we might want to keep
136  * for this request/response transaction.
137  * The pointer is initialized to NULL and must be
138  * checked before being dereferenced.
139  * This is useful for such things as when we
140  * need to pass persistent data from the request
141  * to the reply, such as LSA/OpenPolicy2() that
142  * uses this to pass the domain name from the
143  * request to the reply.
144  */
145  void *private_data; /* XXX This will later be renamed as ep_data */
146  e_ctx_hnd *pol; /* policy handle tracked between request/response*/
147 #define DCERPC_IS_NDR64 0x00000001
148  guint32 flags; /* flags for this transaction */
150 
151 typedef struct _dcerpc_info {
152  conversation_t *conv; /* Which TCP stream we are in */
153  guint32 call_id; /* Call ID for this call */
154  guint64 transport_salt; /* e.g. FID for DCERPC over SMB */
155  guint8 ptype; /* packet type: PDU_REQ, PDU_RESP, ... */
156  gboolean conformant_run;
157  gboolean no_align; /* are data aligned? (default yes) */
158  gint32 conformant_eaten; /* how many bytes did the conformant run eat?*/
159  guint32 array_max_count; /* max_count for conformant arrays */
160  guint32 array_max_count_offset;
161  guint32 array_offset;
162  guint32 array_offset_offset;
163  guint32 array_actual_count;
164  guint32 array_actual_count_offset;
165  int hf_index;
166  dcerpc_call_value *call_data;
167  const char *dcerpc_procedure_name; /* Used by PIDL to store the name of the current dcerpc procedure */
168  void *private_data;
169 } dcerpc_info;
170 
171 #define PDU_REQ 0
172 #define PDU_PING 1
173 #define PDU_RESP 2
174 #define PDU_FAULT 3
175 #define PDU_WORKING 4
176 #define PDU_NOCALL 5
177 #define PDU_REJECT 6
178 #define PDU_ACK 7
179 #define PDU_CL_CANCEL 8
180 #define PDU_FACK 9
181 #define PDU_CANCEL_ACK 10
182 #define PDU_BIND 11
183 #define PDU_BIND_ACK 12
184 #define PDU_BIND_NAK 13
185 #define PDU_ALTER 14
186 #define PDU_ALTER_ACK 15
187 #define PDU_AUTH3 16
188 #define PDU_SHUTDOWN 17
189 #define PDU_CO_CANCEL 18
190 #define PDU_ORPHANED 19
191 #define PDU_RTS 20
192 
193 /*
194  * helpers for packet-dcerpc.c and packet-dcerpc-ndr.c
195  * If you're writing a subdissector, you almost certainly want the
196  * NDR functions below.
197  */
198 guint16 dcerpc_tvb_get_ntohs (tvbuff_t *tvb, gint offset, guint8 *drep);
199 guint32 dcerpc_tvb_get_ntohl (tvbuff_t *tvb, gint offset, guint8 *drep);
200 void dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_guid_t *uuid);
201 WS_DLL_PUBLIC
202 int dissect_dcerpc_char (tvbuff_t *tvb, gint offset, packet_info *pinfo,
203  proto_tree *tree, guint8 *drep,
204  int hfindex, guint8 *pdata);
205 WS_DLL_PUBLIC
206 int dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
207  proto_tree *tree, guint8 *drep,
208  int hfindex, guint8 *pdata);
209 WS_DLL_PUBLIC
210 int dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
211  proto_tree *tree, guint8 *drep,
212  int hfindex, guint16 *pdata);
213 WS_DLL_PUBLIC
214 int dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
215  proto_tree *tree, guint8 *drep,
216  int hfindex, guint32 *pdata);
217 WS_DLL_PUBLIC
218 int dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
219  proto_tree *tree, dcerpc_info *di, guint8 *drep,
220  int hfindex, guint64 *pdata);
221 int dissect_dcerpc_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
222  proto_tree *tree, guint8 *drep,
223  int hfindex, gfloat *pdata);
224 int dissect_dcerpc_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
225  proto_tree *tree, guint8 *drep,
226  int hfindex, gdouble *pdata);
227 int dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
228  proto_tree *tree, guint8 *drep,
229  int hfindex, guint32 *pdata);
230 WS_DLL_PUBLIC
231 int dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
232  proto_tree *tree, guint8 *drep,
233  int hfindex, e_guid_t *pdata);
234 
235 /*
236  * NDR routines for subdissectors.
237  */
238 WS_DLL_PUBLIC
239 int dissect_ndr_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
240  proto_tree *tree, dcerpc_info *di, guint8 *drep,
241  int hfindex, guint8 *pdata);
242 int PIDL_dissect_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param);
243 int PIDL_dissect_uint8_val (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param, guint8 *pval);
244 WS_DLL_PUBLIC
245 int dissect_ndr_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
246  proto_tree *tree, dcerpc_info *di, guint8 *drep,
247  int hfindex, guint16 *pdata);
248 int PIDL_dissect_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param);
249 int PIDL_dissect_uint16_val (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param, guint16 *pval);
250 WS_DLL_PUBLIC
251 int dissect_ndr_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
252  proto_tree *tree, dcerpc_info *di, guint8 *drep,
253  int hfindex, guint32 *pdata);
254 int PIDL_dissect_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param);
255 int PIDL_dissect_uint32_val (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param, guint32 *rval);
256 WS_DLL_PUBLIC
257 int dissect_ndr_duint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
258  proto_tree *tree, dcerpc_info *di, guint8 *drep,
259  int hfindex, guint64 *pdata);
260 WS_DLL_PUBLIC
261 int dissect_ndr_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
262  proto_tree *tree, dcerpc_info *di, guint8 *drep,
263  int hfindex, guint64 *pdata);
264 int PIDL_dissect_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param);
265 int PIDL_dissect_uint64_val (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, guint32 param, guint64 *pval);
266 WS_DLL_PUBLIC
267 int dissect_ndr_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
268  proto_tree *tree, dcerpc_info *di, guint8 *drep,
269  int hfindex, gfloat *pdata);
270 WS_DLL_PUBLIC
271 int dissect_ndr_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
272  proto_tree *tree, dcerpc_info *di, guint8 *drep,
273  int hfindex, gdouble *pdata);
274 
275 WS_DLL_PUBLIC
276 int dissect_ndr_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
277  proto_tree *tree, dcerpc_info *di, guint8 *drep,
278  int hfindex, guint32 *pdata);
279 WS_DLL_PUBLIC
280 int dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
281  proto_tree *tree, dcerpc_info *di, guint8 *drep,
282  int hfindex, e_guid_t *pdata);
283 int dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo,
284  proto_tree *tree, dcerpc_info *di, guint8 *drep,
285  int hfindex, e_ctx_hnd *pdata);
286 
287 #define FT_UINT1632 FT_UINT32
288 typedef guint32 guint1632;
289 
290 WS_DLL_PUBLIC
291 int dissect_ndr_uint1632 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
292  proto_tree *tree, dcerpc_info *di, guint8 *drep,
293  int hfindex, guint1632 *pdata);
294 
295 typedef guint64 guint3264;
296 
297 WS_DLL_PUBLIC
298 int dissect_ndr_uint3264 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
299  proto_tree *tree, dcerpc_info *di, guint8 *drep,
300  int hfindex, guint3264 *pdata);
301 
302 typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep);
303 typedef int (dcerpc_dissect_fnct_blk_t)(tvbuff_t *tvb, int offset, int length, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep);
304 
305 typedef void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, dcerpc_info *di, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args);
306 
307 #define NDR_POINTER_REF 1
308 #define NDR_POINTER_UNIQUE 2
309 #define NDR_POINTER_PTR 3
310 
311 int dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
312  proto_tree *tree, dcerpc_info *di, guint8 *drep,
313  dcerpc_dissect_fnct_t *fnct, int type, const char *text,
314  int hf_index, dcerpc_callback_fnct_t *callback,
315  void *callback_args);
316 
317 int dissect_ndr_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
318  proto_tree *tree, dcerpc_info *di, guint8 *drep,
319  dcerpc_dissect_fnct_t *fnct, int type, const char *text,
320  int hf_index);
321 int dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, dcerpc_info *di, guint8 *drep);
322 int dissect_ndr_embedded_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
323  proto_tree *tree, dcerpc_info *di, guint8 *drep,
324  dcerpc_dissect_fnct_t *fnct, int type, const char *text,
325  int hf_index);
326 int dissect_ndr_toplevel_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
327  proto_tree *tree, dcerpc_info *di, guint8 *drep,
328  dcerpc_dissect_fnct_t *fnct, int type, const char *text,
329  int hf_index);
330 
331 /* dissect a NDR unidimensional conformant array */
332 int dissect_ndr_ucarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
333  proto_tree *tree, dcerpc_info *di, guint8 *drep,
334  dcerpc_dissect_fnct_t *fnct);
335 
336 int dissect_ndr_ucarray_block(tvbuff_t *tvb, gint offset, packet_info *pinfo,
337  proto_tree *tree, dcerpc_info *di, guint8 *drep,
338  dcerpc_dissect_fnct_blk_t *fnct);
339 
340 /* dissect a NDR unidimensional conformant and varying array
341  * each byte in the array is processed separately
342  */
343 int dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
344  proto_tree *tree, dcerpc_info *di, guint8 *drep,
345  dcerpc_dissect_fnct_t *fnct);
346 
347 int dissect_ndr_ucvarray_block(tvbuff_t *tvb, gint offset, packet_info *pinfo,
348  proto_tree *tree, dcerpc_info *di, guint8 *drep,
349  dcerpc_dissect_fnct_blk_t *fnct);
350 
351 /* dissect a NDR unidimensional varying array */
352 int dissect_ndr_uvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
353  proto_tree *tree, dcerpc_info *di, guint8 *drep,
354  dcerpc_dissect_fnct_t *fnct);
355 
356 int dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
357  proto_tree *tree, dcerpc_info *di, guint8 *drep);
358 
359 int dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
360  proto_tree *tree, dcerpc_info *di, guint8 *drep, int size_is,
361  int hfinfo, gboolean add_subtree,
362  char **data);
363 int dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
364  proto_tree *tree, dcerpc_info *di, guint8 *drep);
365 int dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
366  proto_tree *tree, dcerpc_info *di, guint8 *drep);
367 int PIDL_dissect_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int chsize, int hfindex, guint32 param);
368 
369 int dissect_ndr_cstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
370  proto_tree *tree, dcerpc_info *di, guint8 *drep, int size_is,
371  int hfindex, gboolean add_subtree, char **data);
372 int dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
373  proto_tree *tree, dcerpc_info *di, guint8 *drep, int size_is,
374  int hfinfo, gboolean add_subtree,
375  char **data);
376 int dissect_ndr_char_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
377  proto_tree *tree, dcerpc_info *di, guint8 *drep);
378 int dissect_ndr_wchar_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
379  proto_tree *tree, dcerpc_info *di, guint8 *drep);
380 
381 typedef struct _dcerpc_sub_dissector {
382  guint16 num;
383  const gchar *name;
384  dcerpc_dissect_fnct_t *dissect_rqst;
385  dcerpc_dissect_fnct_t *dissect_resp;
387 
388 /* registration function for subdissectors */
389 WS_DLL_PUBLIC
390 void dcerpc_init_uuid (int proto, int ett, e_guid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs, int opnum_hf);
391 WS_DLL_PUBLIC
392 const char *dcerpc_get_proto_name(e_guid_t *uuid, guint16 ver);
393 WS_DLL_PUBLIC
394 int dcerpc_get_proto_hf_opnum(e_guid_t *uuid, guint16 ver);
395 WS_DLL_PUBLIC
396 dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_guid_t *uuid, guint16 ver);
397 
398 /* Create a opnum, name value_string from a subdissector list */
399 
400 value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd);
401 
402 /* Decode As... functionality */
403 /* remove all bindings */
404 WS_DLL_PUBLIC void decode_dcerpc_reset_all(void);
405 typedef void (*decode_add_show_list_func)(gpointer data, gpointer user_data);
406 WS_DLL_PUBLIC void decode_dcerpc_add_show_list(decode_add_show_list_func func, gpointer user_data);
407 
408 
409 /* the registered subdissectors. With MSVC and a
410  * libwireshark.dll, we need a special declaration.
411  */
412 /* Key: guid_key *
413  * Value: dcerpc_uuid_value *
414  */
415 WS_DLL_PUBLIC GHashTable *dcerpc_uuids;
416 
417 typedef struct _dcerpc_uuid_value {
418  protocol_t *proto;
419  int proto_id;
420  int ett;
421  const gchar *name;
422  dcerpc_sub_dissector *procs;
423  int opnum_hf;
425 
426 /* Authenticated pipe registration functions and miscellanea */
427 
428 typedef tvbuff_t *(dcerpc_decode_data_fnct_t)(tvbuff_t *data_tvb,
429  tvbuff_t *auth_tvb,
430  int offset,
431  packet_info *pinfo,
432  dcerpc_auth_info *auth_info);
433 
435 
436  /* Dissect credentials and verifiers */
437 
438  dcerpc_dissect_fnct_t *bind_fn;
439  dcerpc_dissect_fnct_t *bind_ack_fn;
440  dcerpc_dissect_fnct_t *auth3_fn;
441  dcerpc_dissect_fnct_t *req_verf_fn;
442  dcerpc_dissect_fnct_t *resp_verf_fn;
443 
444  /* Decrypt encrypted requests/response PDUs */
445 
446  dcerpc_decode_data_fnct_t *req_data_fn;
447  dcerpc_decode_data_fnct_t *resp_data_fn;
448 
450 
451 void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type,
453 
454 /* all values needed to (re-)build a dcerpc binding */
456  /* values of a typical conversation */
457  address addr_a;
458  address addr_b;
459  port_type ptype;
460  guint32 port_a;
461  guint32 port_b;
462  /* dcerpc conversation specific */
463  guint16 ctx_id;
464  guint64 transport_salt;
465  /* corresponding "interface" */
466  GString *ifname;
467  e_guid_t uuid;
468  guint16 ver;
470 
471 WS_DLL_PUBLIC guint64 dcerpc_get_transport_salt(packet_info *pinfo);
472 WS_DLL_PUBLIC void dcerpc_set_transport_salt(guint64 dcetransportsalt, packet_info *pinfo);
473 
474 /* Authentication services */
475 
476 /*
477  * For MS-specific SSPs (Security Service Provider), see
478  *
479  * http://msdn.microsoft.com/library/en-us/rpc/rpc/authentication_level_constants.asp
480  */
481 
482 #define DCE_C_RPC_AUTHN_PROTOCOL_NONE 0
483 #define DCE_C_RPC_AUTHN_PROTOCOL_KRB5 1
484 #define DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO 9
485 #define DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP 10
486 #define DCE_C_RPC_AUTHN_PROTOCOL_GSS_SCHANNEL 14
487 #define DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS 16
488 #define DCE_C_RPC_AUTHN_PROTOCOL_DPA 17
489 #define DCE_C_RPC_AUTHN_PROTOCOL_MSN 18
490 #define DCE_C_RPC_AUTHN_PROTOCOL_DIGEST 21
491 #define DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN 68
492 #define DCE_C_RPC_AUTHN_PROTOCOL_MQ 100
493 
494 /* Protection levels */
495 
496 #define DCE_C_AUTHN_LEVEL_NONE 1
497 #define DCE_C_AUTHN_LEVEL_CONNECT 2
498 #define DCE_C_AUTHN_LEVEL_CALL 3
499 #define DCE_C_AUTHN_LEVEL_PKT 4
500 #define DCE_C_AUTHN_LEVEL_PKT_INTEGRITY 5
501 #define DCE_C_AUTHN_LEVEL_PKT_PRIVACY 6
502 
503 void
504 init_ndr_pointer_list(dcerpc_info *di);
505 
506 
507 
508 /* These defines are used in the PIDL conformance files when using
509  * the PARAM_VALUE directive.
510  */
511 /* Policy handle tracking. Describes in which function a handle is
512  * opened/closed. See "winreg.cnf" for example.
513  *
514  * The guint32 param is divided up into multiple fields
515  *
516  * +--------+--------+--------+--------+
517  * | Flags | Type | | |
518  * +--------+--------+--------+--------+
519  */
520 /* Flags : */
521 #define PIDL_POLHND_OPEN 0x80000000
522 #define PIDL_POLHND_CLOSE 0x40000000
523 /* To "save" a pointer to the string in dcv->private_data */
524 #define PIDL_STR_SAVE 0x20000000
525 /* To make this value appear on the summary line for the packet */
526 #define PIDL_SET_COL_INFO 0x10000000
527 
528 /* Type */
529 #define PIDL_POLHND_TYPE_MASK 0x00ff0000
530 #define PIDL_POLHND_TYPE_SAMR_USER 0x00010000
531 #define PIDL_POLHND_TYPE_SAMR_CONNECT 0x00020000
532 #define PIDL_POLHND_TYPE_SAMR_DOMAIN 0x00030000
533 #define PIDL_POLHND_TYPE_SAMR_GROUP 0x00040000
534 #define PIDL_POLHND_TYPE_SAMR_ALIAS 0x00050000
535 
536 #define PIDL_POLHND_TYPE_LSA_POLICY 0x00060000
537 #define PIDL_POLHND_TYPE_LSA_ACCOUNT 0x00070000
538 #define PIDL_POLHND_TYPE_LSA_SECRET 0x00080000
539 #define PIDL_POLHND_TYPE_LSA_DOMAIN 0x00090000
540 
541 /* a structure we store for all policy handles we track */
542 typedef struct pol_value {
543  struct pol_value *next; /* Next entry in hash bucket */
544  guint32 open_frame, close_frame; /* Frame numbers for open/close */
545  guint32 first_frame; /* First frame in which this instance was seen */
546  guint32 last_frame; /* Last frame in which this instance was seen */
547  char *name; /* Name of policy handle */
548  guint32 type; /* policy handle type */
549 } pol_value;
550 
551 
552 extern int hf_dcerpc_drep_byteorder;
553 extern int hf_dcerpc_ndr_padding;
554 
555 #define FAKE_DCERPC_INFO_STRUCTURE \
556  /* Fake dcerpc_info structure */ \
557  dcerpc_info di; \
558  dcerpc_call_value call_data; \
559  \
560  di.conformant_run = FALSE; \
561  di.no_align = TRUE; \
562  \
563  /* we need di->call_data->flags.NDR64 == 0 */ \
564  call_data.flags = 0; \
565  di.call_data = &call_data;
566 
567 #ifdef __cplusplus
568 }
569 #endif /* __cplusplus */
570 
571 #endif /* packet-dcerpc.h */
Definition: packet-dcerpc.h:455
Definition: packet-dcerpc.h:417
Definition: packet_info.h:44
Definition: packet-dcerpc.h:381
Definition: packet-dcerpc.h:125
Definition: tvbuff-int.h:35
Definition: packet-dcerpc.h:434
Definition: packet-dcerpc.h:542
Definition: nstime.h:27
Definition: conversation.h:89
Definition: guid-utils.h:21
Definition: packet-dcerpc.h:93
Definition: packet-dcerpc.h:58
Definition: packet-dcerpc.h:53
Definition: packet-dcerpc.h:69
Definition: value_string.h:24
Definition: proto.h:759
Definition: packet-dcerpc.h:151
Definition: packet-dcerpc.h:105
Definition: proto.c:312
Definition: address.h:47