static int DCE2_ReloadVerifyPolicy(
tSfPolicyUserContextId config,
tSfPolicyId policyId,
void* pData
)
{
DCE2_Config *swap_config = (DCE2_Config *)pData;
DCE2_Config *current_config = (DCE2_Config *)sfPolicyUserDataGet(dce2_config, policyId);
DCE2_ServerConfig *dconfig;
//do any housekeeping before freeing DCE2_Config
if ( swap_config == NULL || swap_config->gconfig->disabled )
return 0;
if (!_dpd.isPreprocEnabled(PP_STREAM5))
{
DCE2_Die("%s(%d) \"%s\" configuration: "
"Stream5 must be enabled with TCP and UDP tracking.",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
dconfig = swap_config->dconfig;
if (dconfig == NULL)
DCE2_CreateDefaultServerConfig(swap_config, policyId);
#ifdef TARGET_BASED
if (!_dpd.isAdaptiveConfigured(policyId, 1))
#endif
{
DCE2_ScCheckTransports(swap_config);
}
#ifdef ENABLE_PAF
DCE2_AddPortsToPaf(swap_config, policyId);
#endif
/* Register routing table memory */
if (swap_config->sconfigs != NULL)
DCE2_RegMem(sfrt_usage(swap_config->sconfigs), DCE2_MEM_TYPE__RT);
if (current_config == NULL)
return 0;
if (swap_config->gconfig->memcap != current_config->gconfig->memcap)
{
_dpd.errMsg("dcerpc2 reload: Changing the memcap requires a restart.\n");
DCE2_FreeConfigs(dce2_swap_config);
dce2_swap_config = NULL;
return -1;
}
return 0;
}
/*********************************************************************
* Function: DCE2_InitRpkts()
*
* Purpose: Allocate and initialize reassembly packets.
*
* Arguments: None
*
* Returns: None
*
*********************************************************************/
void DCE2_InitRpkts(void)
{
int i;
dce2_pkt_stack = DCE2_CStackNew(DCE2_PKT_STACK__SIZE, NULL, DCE2_MEM_TYPE__INIT);
if (dce2_pkt_stack == NULL)
{
DCE2_Die("%s(%d) Failed to allocate memory for packet stack.",
__FILE__, __LINE__);
}
for ( i = 0; i < DCE2_RPKT_TYPE__MAX; i++ )
dce2_rpkt[i] = _dpd.encodeNew();
}
/********************************************************************
* Function:
*
* Purpose:
*
* Arguments:
*
* Returns:
*
********************************************************************/
static inline void DCE2_CreateTransStr(char **trans_buf, DCE2_TransType ttype, char *trans_str)
{
if ((trans_buf == NULL) || (trans_str == NULL))
return;
trans_buf[ttype] = (char *)DCE2_Alloc(strlen(trans_str) + 1, DCE2_MEM_TYPE__INIT);
if (trans_buf[ttype] == NULL)
{
DCE2_Die("%s(%d) Failed to allocate memory for transport string",
__FILE__, __LINE__);
}
snprintf(trans_buf[ttype], strlen(trans_str) + 1, "%s", trans_str);
}
/********************************************************************
* Function:
*
* Purpose:
*
* Arguments:
*
* Returns:
*
********************************************************************/
void * DCE2_Alloc(uint32_t size, DCE2_MemType mtype)
{
void *mem;
if (DCE2_CheckMemcap(size, mtype) != DCE2_MEMCAP_OK)
return NULL;
mem = calloc(1, (size_t)size);
if (mem == NULL)
{
DCE2_Die("%s(%d) Out of memory!", __FILE__, __LINE__);
}
DCE2_RegMem(size, mtype);
return mem;
}
/*********************************************************************
* Function: DCE2_ReloadServer()
*
* Purpose: Creates a new DCE/RPC server configuration
*
* Arguments: snort.conf argument line for the DCE/RPC preprocessor.
*
* Returns: None
*
*********************************************************************/
static void DCE2_ReloadServer(char *args)
{
tSfPolicyId policy_id = _dpd.getParserPolicy();
DCE2_Config *pPolicyConfig = NULL;
sfPolicyUserPolicySet (dce2_swap_config, policy_id);
pPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetCurrent(dce2_swap_config);
if ((pPolicyConfig == NULL) || (pPolicyConfig->gconfig == NULL))
{
DCE2_Die("%s(%d) \"%s\" configuration: \"%s\" must be configured "
"before \"%s\".", *_dpd.config_file, *_dpd.config_line,
DCE2_SNAME, DCE2_GNAME, DCE2_SNAME);
}
/* Parse configuration args */
DCE2_ServerConfigure(pPolicyConfig, args);
}
static int DCE2_CheckConfigPolicy(
tSfPolicyUserContextId config,
tSfPolicyId policyId,
void* pData
)
{
DCE2_Config *pPolicyConfig = (DCE2_Config *)pData;
DCE2_ServerConfig *dconfig;
if ( pPolicyConfig->gconfig->disabled )
return 0;
_dpd.setParserPolicy(policyId);
// config_file/config_line are not set here
if (!_dpd.isPreprocEnabled(PP_STREAM5))
{
DCE2_Die("Stream5 must be enabled with TCP and UDP tracking.");
}
dconfig = pPolicyConfig->dconfig;
if (dconfig == NULL)
DCE2_CreateDefaultServerConfig(pPolicyConfig, policyId);
#ifdef TARGET_BASED
if (!_dpd.isAdaptiveConfigured(policyId, 1))
#endif
{
DCE2_ScCheckTransports(pPolicyConfig);
}
#ifdef ENABLE_PAF
DCE2_AddPortsToPaf(pPolicyConfig, policyId);
#endif
/* Register routing table memory */
if (pPolicyConfig->sconfigs != NULL)
DCE2_RegMem(sfrt_usage(pPolicyConfig->sconfigs), DCE2_MEM_TYPE__RT);
return 0;
}
/*********************************************************************
* Function: DCE2_ReloadGlobal()
*
* Purpose: Creates a new global DCE/RPC preprocessor config.
*
* Arguments: snort.conf argument line for the DCE/RPC preprocessor.
*
* Returns: None
*
*********************************************************************/
static void DCE2_ReloadGlobal(char *args)
{
tSfPolicyId policy_id = _dpd.getParserPolicy();
DCE2_Config *pDefaultPolicyConfig = NULL;
DCE2_Config *pCurrentPolicyConfig = NULL;
if ((_dpd.streamAPI == NULL) || (_dpd.streamAPI->version != STREAM_API_VERSION5))
{
DCE2_Die("%s(%d) \"%s\" configuration: "
"Stream5 must be enabled with TCP and UDP tracking.",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
if (dce2_swap_config == NULL)
{
//create a context
dce2_swap_config = sfPolicyConfigCreate();
if (dce2_swap_config == NULL)
{
DCE2_Die("%s(%d) \"%s\" configuration: Could not allocate memory "
"configuration.\n",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
_dpd.addPreprocReloadVerify(DCE2_ReloadVerify);
}
sfPolicyUserPolicySet(dce2_swap_config, policy_id);
pDefaultPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetDefault(dce2_swap_config);
pCurrentPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetCurrent(dce2_swap_config);
if ((policy_id != 0) && (pDefaultPolicyConfig == NULL))
{
DCE2_Die("%s(%d) \"%s\" configuration: Must configure default policy "
"if other policies are to be configured.\n",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
/* Can only do one global configuration */
if (pCurrentPolicyConfig != NULL)
{
DCE2_Die("%s(%d) \"%s\" configuration: Only one global configuration can be specified.",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
DCE2_RegRuleOptions();
pCurrentPolicyConfig = (DCE2_Config *)DCE2_Alloc(sizeof(DCE2_Config),
DCE2_MEM_TYPE__CONFIG);
sfPolicyUserDataSetCurrent(dce2_swap_config, pCurrentPolicyConfig);
/* Parse configuration args */
DCE2_GlobalConfigure(pCurrentPolicyConfig, args);
if ( pCurrentPolicyConfig->gconfig->disabled )
return;
_dpd.addPreproc(DCE2_Main, PRIORITY_APPLICATION, PP_DCE2,
PROTO_BIT__TCP | PROTO_BIT__UDP);
#ifdef TARGET_BASED
_dpd.streamAPI->set_service_filter_status
(dce2_proto_ids.dcerpc, PORT_MONITOR_SESSION, policy_id, 1);
_dpd.streamAPI->set_service_filter_status
(dce2_proto_ids.nbss, PORT_MONITOR_SESSION, policy_id, 1);
#endif
if (policy_id != 0)
pCurrentPolicyConfig->gconfig->memcap = pDefaultPolicyConfig->gconfig->memcap;
}
/*********************************************************************
* Function: DCE2_InitGlobal()
*
* Purpose: Initializes the global DCE/RPC preprocessor config.
*
* Arguments: snort.conf argument line for the DCE/RPC preprocessor.
*
* Returns: None
*
*********************************************************************/
static void DCE2_InitGlobal(char *args)
{
tSfPolicyId policy_id = _dpd.getParserPolicy();
DCE2_Config *pDefaultPolicyConfig = NULL;
DCE2_Config *pCurrentPolicyConfig = NULL;
if ((_dpd.streamAPI == NULL) || (_dpd.streamAPI->version != STREAM_API_VERSION5))
{
DCE2_Die("%s(%d) \"%s\" configuration: "
"Stream5 must be enabled with TCP and UDP tracking.",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
if (dce2_config == NULL)
{
dce2_config = sfPolicyConfigCreate();
if (dce2_config == NULL)
{
DCE2_Die("%s(%d) \"%s\" configuration: Could not allocate memory "
"configuration.\n",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
DCE2_MemInit();
DCE2_StatsInit();
DCE2_EventsInit();
/* Initialize reassembly packet */
DCE2_InitRpkts();
DCE2_SmbInitGlobals();
_dpd.addPreprocConfCheck(DCE2_CheckConfig);
_dpd.registerPreprocStats(DCE2_GNAME, DCE2_PrintStats);
_dpd.addPreprocReset(DCE2_Reset, NULL, PRIORITY_LAST, PP_DCE2);
_dpd.addPreprocResetStats(DCE2_ResetStats, NULL, PRIORITY_LAST, PP_DCE2);
_dpd.addPreprocExit(DCE2_CleanExit, NULL, PRIORITY_LAST, PP_DCE2);
#ifdef PERF_PROFILING
_dpd.addPreprocProfileFunc(DCE2_PSTAT__MAIN, &dce2_pstat_main, 0, _dpd.totalPerfStats);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SESSION, &dce2_pstat_session, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__NEW_SESSION, &dce2_pstat_new_session, 2, &dce2_pstat_session);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SSN_STATE, &dce2_pstat_session_state, 2, &dce2_pstat_session);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__LOG, &dce2_pstat_log, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__DETECT, &dce2_pstat_detect, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_SEG, &dce2_pstat_smb_seg, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_REQ, &dce2_pstat_smb_req, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_UID, &dce2_pstat_smb_uid, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_TID, &dce2_pstat_smb_tid, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_FID, &dce2_pstat_smb_fid, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_FP, &dce2_pstat_smb_fingerprint, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_NEG, &dce2_pstat_smb_negotiate, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_SEG, &dce2_pstat_co_seg, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_FRAG, &dce2_pstat_co_frag, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_REASS, &dce2_pstat_co_reass, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_CTX, &dce2_pstat_co_ctx, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CL_ACTS, &dce2_pstat_cl_acts, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CL_FRAG, &dce2_pstat_cl_frag, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CL_REASS, &dce2_pstat_cl_reass, 1, &dce2_pstat_main);
#endif
#ifdef TARGET_BASED
dce2_proto_ids.dcerpc = _dpd.findProtocolReference(DCE2_PROTO_REF_STR__DCERPC);
if (dce2_proto_ids.dcerpc == SFTARGET_UNKNOWN_PROTOCOL)
dce2_proto_ids.dcerpc = _dpd.addProtocolReference(DCE2_PROTO_REF_STR__DCERPC);
/* smb and netbios-ssn refer to the same thing */
dce2_proto_ids.nbss = _dpd.findProtocolReference(DCE2_PROTO_REF_STR__NBSS);
if (dce2_proto_ids.nbss == SFTARGET_UNKNOWN_PROTOCOL)
dce2_proto_ids.nbss = _dpd.addProtocolReference(DCE2_PROTO_REF_STR__NBSS);
#endif
}
sfPolicyUserPolicySet(dce2_config, policy_id);
pDefaultPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetDefault(dce2_config);
pCurrentPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetCurrent(dce2_config);
if ((policy_id != 0) && (pDefaultPolicyConfig == NULL))
{
DCE2_Die("%s(%d) \"%s\" configuration: Must configure default policy "
"if other policies are to be configured.\n",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
/* Can only do one global configuration */
if (pCurrentPolicyConfig != NULL)
{
DCE2_Die("%s(%d) \"%s\" configuration: Only one global configuration can be specified.",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
DCE2_RegRuleOptions();
pCurrentPolicyConfig = (DCE2_Config *)DCE2_Alloc(sizeof(DCE2_Config), DCE2_MEM_TYPE__CONFIG);
sfPolicyUserDataSetCurrent(dce2_config, pCurrentPolicyConfig);
/* Parse configuration args */
DCE2_GlobalConfigure(pCurrentPolicyConfig, args);
if (policy_id != 0)
pCurrentPolicyConfig->gconfig->memcap = pDefaultPolicyConfig->gconfig->memcap;
if ( pCurrentPolicyConfig->gconfig->disabled )
return;
/* Register callbacks */
_dpd.addPreproc(DCE2_Main, PRIORITY_APPLICATION,
PP_DCE2, PROTO_BIT__TCP | PROTO_BIT__UDP);
#ifdef TARGET_BASED
_dpd.streamAPI->set_service_filter_status
(dce2_proto_ids.dcerpc, PORT_MONITOR_SESSION, policy_id, 1);
_dpd.streamAPI->set_service_filter_status
(dce2_proto_ids.nbss, PORT_MONITOR_SESSION, policy_id, 1);
#endif
}
/********************************************************************
* Function:
*
* Purpose:
*
* Arguments:
*
* Returns:
*
********************************************************************/
void DCE2_StatsInit(void)
{
memset(&dce2_stats, 0, sizeof(dce2_stats));
if (dce2_trans_strs == NULL)
{
DCE2_TransType ttype;
dce2_trans_strs = (char **)DCE2_Alloc((DCE2_TRANS_TYPE__MAX * sizeof(char *)), DCE2_MEM_TYPE__INIT);
if (dce2_trans_strs == NULL)
{
DCE2_Die("%s(%d) Failed to allocate memory for transport string "
"array", __FILE__, __LINE__);
}
for (ttype = DCE2_TRANS_TYPE__NONE; ttype < DCE2_TRANS_TYPE__MAX; ttype++)
{
switch (ttype)
{
case DCE2_TRANS_TYPE__NONE:
break;
case DCE2_TRANS_TYPE__SMB:
{
char *str = "SMB";
DCE2_CreateTransStr(dce2_trans_strs, ttype, str);
}
break;
case DCE2_TRANS_TYPE__TCP:
{
char *str = "TCP";
DCE2_CreateTransStr(dce2_trans_strs, ttype, str);
}
break;
case DCE2_TRANS_TYPE__UDP:
{
char *str = "UDP";
DCE2_CreateTransStr(dce2_trans_strs, ttype, str);
}
break;
case DCE2_TRANS_TYPE__HTTP_PROXY:
{
char *str = "HTTP Proxy";
DCE2_CreateTransStr(dce2_trans_strs, ttype, str);
}
break;
case DCE2_TRANS_TYPE__HTTP_SERVER:
{
char *str = "HTTP Server";
DCE2_CreateTransStr(dce2_trans_strs, ttype, str);
}
break;
default:
DCE2_Die("%s(%d) Invalid transport type for allocing "
"transport strings: %d", __FILE__, __LINE__, ttype);
break;
}
}
}
}
/******************************************************************
* Function: DCE2_EventsInit()
*
* Initializes global data.
*
* Arguments: None
*
* Returns: None
*
******************************************************************/
void DCE2_EventsInit(void)
{
DCE2_Event event;
char gname[100];
unsigned int i;
static const DCE2_EventNode events[DCE2_EVENT__MAX] =
{
{
DCE2_EVENT_FLAG__NONE,
DCE2_EVENT__NO_EVENT,
"Have to use this because can't have an event sid of zero"
},
{
DCE2_EVENT_FLAG__MEMCAP,
DCE2_EVENT__MEMCAP,
"Memory cap exceeded"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_BAD_NBSS_TYPE,
"SMB - Bad NetBIOS Session Service session type"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_BAD_TYPE,
"SMB - Bad SMB message type"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_BAD_ID,
"SMB - Bad SMB Id (not \\xffSMB for SMB1 or not \\xfeSMB for SMB2)"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_BAD_WCT,
"SMB - Bad word count or structure size: %u"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_BAD_BCC,
"SMB - Bad byte count: %u"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_BAD_FORMAT,
"SMB - Bad format type: %u"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_BAD_OFF,
"SMB - Bad offset: %p not between %p and %p"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_TDCNT_ZERO,
"SMB - Zero total data count"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_NB_LT_SMBHDR,
"SMB - NetBIOS data length (%u) less than SMB header length (%u)"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_NB_LT_COM,
"SMB - Remaining NetBIOS data length (%u) less than command length (%u)"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_NB_LT_BCC,
"SMB - Remaining NetBIOS data length (%u) less than command byte count (%u)"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_NB_LT_DSIZE,
"SMB - Remaining NetBIOS data length (%u) less than command data size (%u)"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_TDCNT_LT_DSIZE,
"SMB - Remaining total data count (%u) less than this command data size (%u)"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_DSENT_GT_TDCNT,
"SMB - Total data sent ("STDu64") greater than command total data expected (%u)"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_BCC_LT_DSIZE,
"SMB - Byte count (%u) less than command data size ("STDu64")"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_INVALID_DSIZE,
"SMB - Invalid command data size (%u) for byte count (%u)"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_EXCESSIVE_TREE_CONNECTS,
"SMB - Excessive Tree Connect requests (>%u) with pending Tree Connect responses"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_EXCESSIVE_READS,
"SMB - Excessive Read requests (>%u) with pending Read responses"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_EXCESSIVE_CHAINING,
"SMB - Excessive command chaining (>%u)"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_MULT_CHAIN_SS,
"SMB - Multiple chained login requests"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_MULT_CHAIN_TC,
"SMB - Multiple chained tree connect requests"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_CHAIN_SS_LOGOFF,
"SMB - Chained/Compounded login followed by logoff"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_CHAIN_TC_TDIS,
"SMB - Chained/Compounded tree connect followed by tree disconnect"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_CHAIN_OPEN_CLOSE,
"SMB - Chained/Compounded open pipe followed by close pipe"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_INVALID_SHARE,
"SMB - Invalid share access: %s"
},
{
DCE2_EVENT_FLAG__CO,
DCE2_EVENT__CO_BAD_MAJ_VERSION,
"Connection-oriented DCE/RPC - Invalid major version: %u"
},
{
DCE2_EVENT_FLAG__CO,
DCE2_EVENT__CO_BAD_MIN_VERSION,
"Connection-oriented DCE/RPC - Invalid minor version: %u"
},
{
DCE2_EVENT_FLAG__CO,
DCE2_EVENT__CO_BAD_PDU_TYPE,
"Connection-oriented DCE/RPC - Invalid pdu type: 0x%02x"
},
{
DCE2_EVENT_FLAG__CO,
DCE2_EVENT__CO_FLEN_LT_HDR,
"Connection-oriented DCE/RPC - Fragment length (%u) less than header size (%u)"
},
{
DCE2_EVENT_FLAG__CO,
DCE2_EVENT__CO_FLEN_LT_SIZE,
"Connection-oriented DCE/RPC - %s: Remaining fragment length (%u) less than size needed (%u)"
},
{
DCE2_EVENT_FLAG__CO,
DCE2_EVENT__CO_ZERO_CTX_ITEMS,
"Connection-oriented DCE/RPC - %s: No context items specified"
},
{
DCE2_EVENT_FLAG__CO,
DCE2_EVENT__CO_ZERO_TSYNS,
"Connection-oriented DCE/RPC - %s: No transfer syntaxes specified"
},
{
DCE2_EVENT_FLAG__CO,
DCE2_EVENT__CO_FRAG_LT_MAX_XMIT_FRAG,
"Connection-oriented DCE/RPC - %s: Fragment length on non-last fragment (%u) less than "
"maximum negotiated fragment transmit size for client (%u)"
},
{
DCE2_EVENT_FLAG__CO,
DCE2_EVENT__CO_FRAG_GT_MAX_XMIT_FRAG,
"Connection-oriented DCE/RPC - %s: Fragment length (%u) greater than "
"maximum negotiated fragment transmit size (%u)"
},
{
DCE2_EVENT_FLAG__CO,
DCE2_EVENT__CO_ALTER_CHANGE_BYTE_ORDER,
"Connection-oriented DCE/RPC - Alter Context byte order different from Bind"
},
{
DCE2_EVENT_FLAG__CO,
DCE2_EVENT__CO_FRAG_DIFF_CALL_ID,
"Connection-oriented DCE/RPC - Call id (%u) of non first/last fragment different "
"from call id established for fragmented request (%u)"
},
{
DCE2_EVENT_FLAG__CO,
DCE2_EVENT__CO_FRAG_DIFF_OPNUM,
"Connection-oriented DCE/RPC - Opnum (%u) of non first/last fragment different "
"from opnum established for fragmented request (%u)"
},
{
DCE2_EVENT_FLAG__CO,
DCE2_EVENT__CO_FRAG_DIFF_CTX_ID,
"Connection-oriented DCE/RPC - Context id (%u) of non first/last fragment different "
"from context id established for fragmented request (%u)"
},
{
DCE2_EVENT_FLAG__CL,
DCE2_EVENT__CL_BAD_MAJ_VERSION,
"Connection-less DCE/RPC - Invalid major version: %u"
},
{
DCE2_EVENT_FLAG__CL,
DCE2_EVENT__CL_BAD_PDU_TYPE,
"Connection-less DCE/RPC - Invalid pdu type: 0x%02x"
},
{
DCE2_EVENT_FLAG__CL,
DCE2_EVENT__CL_DATA_LT_HDR,
"Connection-less DCE/RPC - Data length (%u) less than header size (%u)"
},
{
DCE2_EVENT_FLAG__CL,
DCE2_EVENT__CL_BAD_SEQ_NUM,
"Connection-less DCE/RPC - %s: Bad sequence number"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_V1,
"SMB - Invalid SMB version 1 seen"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_V2,
"SMB - Invalid SMB version 2 seen"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_INVALID_BINDING,
"SMB - Invalid user, tree connect, file binding"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB2_EXCESSIVE_COMPOUNDING,
"SMB - Excessive command compounding (>%u)"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_DCNT_ZERO,
"SMB - Zero data count"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_DCNT_MISMATCH,
"SMB - Data count mismatch %u in command / %u in format"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_MAX_REQS_EXCEEDED,
"SMB - Maximum number of outstanding requests exceeded: %u"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_REQS_SAME_MID,
"SMB - Outstanding requests with same MID",
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_DEPR_DIALECT_NEGOTIATED,
"SMB - Deprecated dialect negotiated"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_DEPR_COMMAND_USED,
"SMB - Deprecated command used: %s"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_UNUSUAL_COMMAND_USED,
"SMB - Unusual command used: %s"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_INVALID_SETUP_COUNT,
"SMB - Invalid setup count for %s/%s command: %u"
},
{
DCE2_EVENT_FLAG__SMB,
DCE2_EVENT__SMB_MULTIPLE_NEGOTIATIONS,
"SMB - Client attempted multiple dialect negotiations on session"
}
};
snprintf(gname, sizeof(gname) - 1, "(%s) ", DCE2_GNAME);
gname[sizeof(gname) - 1] = '\0';
for (event = DCE2_EVENT__NO_EVENT; event < DCE2_EVENT__MAX; event++)
{
int size = strlen(gname) + strlen(events[event].format) + 1;
/* This is a check to make sure all of the events in the array are
* in the same order as the enum, so we index the right thing when
* alerting - DO NOT REMOVE THIS CHECK */
if (events[event].event != event)
{
DCE2_Die("%s(%d) Events are not in the right order.",
__FILE__, __LINE__);
}
dce2_events[event].format = (char *)DCE2_Alloc(size, DCE2_MEM_TYPE__INIT);
if (dce2_events[event].format == NULL)
{
DCE2_Die("%s(%d) Could not allocate memory for events array.",
__FILE__, __LINE__);
}
dce2_events[event].format[size - 1] = '\0';
snprintf(dce2_events[event].format, size, "%s%s", gname, events[event].format);
if (dce2_events[event].format[size - 1] != '\0')
{
DCE2_Die("%s(%d) Event string truncated.", __FILE__, __LINE__);
}
dce2_events[event].eflag = events[event].eflag;
dce2_events[event].event = events[event].event;
}
for (i = 0; i < (sizeof(dce2_pdu_types) / sizeof(char *)); i++)
{
char *type;
switch (i)
{
case DCERPC_PDU_TYPE__REQUEST:
type = "Request";
break;
case DCERPC_PDU_TYPE__PING:
type = "Ping";
break;
case DCERPC_PDU_TYPE__RESPONSE:
type = "Response";
break;
case DCERPC_PDU_TYPE__FAULT:
type = "Fault";
break;
case DCERPC_PDU_TYPE__WORKING:
type = "Working";
break;
case DCERPC_PDU_TYPE__NOCALL:
type = "NoCall";
break;
case DCERPC_PDU_TYPE__REJECT:
type = "Reject";
break;
case DCERPC_PDU_TYPE__ACK:
type = "Ack";
break;
case DCERPC_PDU_TYPE__CL_CANCEL:
type = "Cancel";
break;
case DCERPC_PDU_TYPE__FACK:
type = "Fack";
break;
case DCERPC_PDU_TYPE__CANCEL_ACK:
type = "Cancel Ack";
break;
case DCERPC_PDU_TYPE__BIND:
type = "Bind";
break;
case DCERPC_PDU_TYPE__BIND_ACK:
type = "Bind Ack";
break;
case DCERPC_PDU_TYPE__BIND_NACK:
type = "Bind Nack";
break;
case DCERPC_PDU_TYPE__ALTER_CONTEXT:
type = "Alter Context";
break;
case DCERPC_PDU_TYPE__ALTER_CONTEXT_RESP:
type = "Alter Context Response";
break;
case DCERPC_PDU_TYPE__AUTH3:
type = "Auth3";
break;
case DCERPC_PDU_TYPE__SHUTDOWN:
type = "Shutdown";
break;
case DCERPC_PDU_TYPE__CO_CANCEL:
type = "Cancel";
break;
case DCERPC_PDU_TYPE__ORPHANED:
type = "Orphaned";
break;
case DCERPC_PDU_TYPE__MICROSOFT_PROPRIETARY_OUTLOOK2003_RPC_OVER_HTTP:
type = "Microsoft Exchange/Outlook 2003";
break;
default:
type = "Unknown DCE/RPC type";
break;
}
dce2_pdu_types[i] = (char *)DCE2_Alloc(strlen(type) + 1, DCE2_MEM_TYPE__INIT);
strncpy(dce2_pdu_types[i], type, strlen(type));
dce2_pdu_types[i][strlen(type)] = '\0';
#ifdef DCE2_EVENT_PRINT_DEBUG
printf("%s\n", dce2_pdu_types[i]);
#endif
}
}
