static int svcctl_dissect_EnumServicesStatus_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { /* policy handle */ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_svcctl_hnd, NULL, NULL, FALSE, FALSE); /* service type */ offset = svcctl_dissect_dwServiceType_flags(tvb, offset, pinfo, tree, drep, SVC_ENUM_SERVICES_STATUS_W); /* service state */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_svcctl_service_state, NULL); /* size */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_svcctl_size, NULL); /* resume handle */ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, svcctl_dissect_pointer_long, NDR_POINTER_UNIQUE, "Resume Handle", hf_svcctl_resume); return offset; }
static int rs_acct_dissect_get_projlist_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { guint32 key_size; const char *keyx_t = NULL; offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rs_acct_get_projlist_rqst_var1, NULL); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rs_acct_get_projlist_rqst_key_size, &key_size); proto_tree_add_string (tree, hf_rs_acct_get_projlist_rqst_key_t, tvb, offset, hf_rs_acct_get_projlist_rqst_key_size, tvb_get_ptr (tvb, offset, key_size)); keyx_t = (const char *)tvb_get_ptr(tvb,offset,key_size); offset += key_size; if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, " Request for: %s", keyx_t); } return offset; }
static int rs_misc_dissect_login_get_info_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { guint32 key_size; const guint8 *key_t1 = NULL; offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_rs_misc_login_get_info_rqst_var, NULL); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_rs_misc_login_get_info_rqst_key_size, &key_size); if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */ proto_tree_add_item_ret_string(tree, hf_rs_misc_login_get_info_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA, wmem_packet_scope(), &key_t1); offset += key_size; col_append_fstr(pinfo->cinfo, COL_INFO, "rs_login_get_info Request for: %s ", key_t1); } else { col_append_str(pinfo->cinfo, COL_INFO, "rs_login_get_info Request (other)"); } return offset; }
static int rs_acct_dissect_lookup_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { guint32 key_size; const char *keyx_t = NULL; offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rs_acct_lookup_rqst_var, NULL); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rs_acct_lookup_rqst_key_size, &key_size); if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */ proto_tree_add_item (tree, hf_rs_acct_lookup_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA); keyx_t = tvb_get_ephemeral_string(tvb, offset, key_size); offset += key_size; if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, " Request for: %s ", keyx_t); } } else { col_append_str(pinfo->cinfo, COL_INFO, " Request (other)"); } return offset; }
static int krb5rpc_dissect_sendto_kdc_rqst (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * tree, guint8 *drep) { guint32 keysize, spare1, remain; proto_item *item; tvbuff_t *krb5_tvb; proto_tree *subtree; /* * [in] handle_t h, * [in] unsigned32 len, * [in, size_is(len)] * byte message[], * [in] unsigned32 out_buf_len, */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_krb5rpc_sendto_kdc_rqst_keysize, &keysize); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_krb5rpc_sendto_kdc_rqst_spare1, &spare1); item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, ENC_NA); subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5); remain = tvb_length_remaining(tvb, offset); krb5_tvb = tvb_new_subset (tvb, offset, remain, remain); offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE, NULL); return offset; }
static int epm_dissect_ept_lookup_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_epm_inquiry_type, NULL); offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep, epm_dissect_pointer_UUID, NDR_POINTER_PTR, "Object:", hf_epm_object); offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep, epm_dissect_pointer_IF_ID, NDR_POINTER_PTR, "Interface:", hf_epm_if_id); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_epm_ver_opt, NULL); offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, di, drep, hf_epm_hnd, NULL); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_epm_max_ents, NULL); return offset; }
static int dissect_sec_rgy_cursor_t (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * parent_tree, guint8 * drep) { /* * Database cursor for iterative operations * typedef struct { uuid_t source; signed32 handle; boolean32 valid; } sec_rgy_cursor_t; */ proto_item *item = NULL; proto_tree *tree = NULL; int old_offset = offset; dcerpc_info *di; e_uuid_t source; guint32 handle, valid; di = (dcerpc_info *)pinfo->private_data; if (di->conformant_run) { return offset; } if (parent_tree) { item = proto_tree_add_text (parent_tree, tvb, offset, -1, " sec_rgy_cursor_t "); tree = proto_item_add_subtree (item, ett_sec_rgy_cursor_t); } offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep, hf_rs_uuid1, &source); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rs_sec_rgy_pgo_item_t_unix_num, &handle); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rs_sec_rgy_pgo_item_t_quota, &valid); if (check_col (pinfo->cinfo, COL_INFO)) col_append_fstr (pinfo->cinfo, COL_INFO, " sec_rgy_cursor_t - source %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x handle:%u valid:%u", source.Data1, source.Data2, source.Data3, source.Data4[0], source.Data4[1], source.Data4[2], source.Data4[3], source.Data4[4], source.Data4[5], source.Data4[6], source.Data4[7], handle, valid); proto_item_set_len (item, offset - old_offset); return offset; }
static int conv_dissect_who_are_you2_resp (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { /* * [out] unsigned32 *seq, * [out] uuid_t *cas_uuid, * * [out] unsigned32 *st */ guint32 seq, st; e_guid_t cas_uuid; offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_conv_who_are_you2_resp_seq, &seq); offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, di, drep, hf_conv_who_are_you2_resp_casuuid, &cas_uuid); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_conv_rc, &st); col_add_fstr(pinfo->cinfo, COL_INFO, "conv_who_are_you2 response seq:%u st:%s cas:%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", seq, val_to_str_ext(st, &dce_error_vals_ext, "%u"), cas_uuid.data1, cas_uuid.data2, cas_uuid.data3, cas_uuid.data4[0], cas_uuid.data4[1], cas_uuid.data4[2], cas_uuid.data4[3], cas_uuid.data4[4], cas_uuid.data4[5], cas_uuid.data4[6], cas_uuid.data4[7]); return offset; }
static int dissect_sec_rgy_pgo_item_t (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * parent_tree, dcerpc_info *di, guint8 * drep) { /* typedef struct { uuid_t id; signed32 unix_num; signed32 quota; sec_rgy_pgo_flags_t flags; sec_rgy_pname_t fullname; } sec_rgy_pgo_item_t; */ proto_item *item = NULL; proto_tree *tree = NULL; int old_offset = offset; e_uuid_t id; guint32 unix_num, quota; if (di->conformant_run) { return offset; } if (parent_tree) { item = proto_tree_add_text (parent_tree, tvb, offset, -1, " sec_rgy_pgo_item_t "); tree = proto_item_add_subtree (item, ett_sec_rgy_pgo_item_t); } offset = dissect_ndr_uuid_t(tvb, offset, pinfo, tree, di, drep, hf_rs_uuid1, &id); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rs_sec_rgy_pgo_item_t_unix_num, &unix_num); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rs_sec_rgy_pgo_item_t_quota, "a); offset = dissect_sec_rgy_pgo_flags_t (tvb, offset, pinfo, tree, di, drep); offset += 4; /* XXX */ offset = dissect_sec_rgy_pname_t (tvb, offset, pinfo, tree, di, drep); col_append_fstr (pinfo->cinfo, COL_INFO, " sec_rgy_pgo_item_t - id %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x unix_num:%u quota:%u", id.Data1, id.Data2, id.Data3, id.Data4[0], id.Data4[1], id.Data4[2], id.Data4[3], id.Data4[4], id.Data4[5], id.Data4[6], id.Data4[7], unix_num, quota); proto_item_set_len (item, offset - old_offset); return offset; }
static int dissect_browser_browserr_query_other_domains_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_browser_unknown_long, NULL); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_browser_rc, NULL); return offset; }
static int epm_dissect_ept_entry_t(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep) { proto_item *item=NULL; proto_tree *tree=NULL; int old_offset=offset; guint32 len; dcerpc_info *di; const char *str; di=pinfo->private_data; if(di->conformant_run){ return offset; } if(parent_tree){ item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Entry:"); tree = proto_item_add_subtree(item, ett_epm_entry); } offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep, hf_epm_object, NULL); offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, epm_dissect_tower, NDR_POINTER_PTR, "Tower pointer:", -1); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_epm_ann_offset, NULL); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_epm_ann_len, &len); str=tvb_get_ephemeral_string(tvb, offset, len); proto_tree_add_item(tree, hf_epm_annotation, tvb, offset, len, ENC_ASCII|ENC_NA); offset += len; if(str&&str[0]){ if(parent_tree) { proto_item_append_text(item, " Service:%s ", str); proto_item_append_text(tree->parent, " Service:%s ", str); } if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, ", Service:%s", str); } } proto_item_set_len(item, offset-old_offset); return offset; }
static int dissect_rs_pgo_query_result_t (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * parent_tree, guint8 * drep) { proto_item *item = NULL; proto_tree *tree = NULL; int old_offset = offset; guint32 st; dcerpc_info *di; const char *status; #define error_status_ok 0 /* typedef union switch (signed32 status) tagged_union { case error_status_ok: rs_pgo_result_t result; default: ; * empty branch of union * } rs_pgo_query_result_t; */ di = (dcerpc_info *)pinfo->private_data; if (di->conformant_run) { return offset; } if (parent_tree) { item = proto_tree_add_text (parent_tree, tvb, offset, -1, "rs_pgo_query_result_t"); tree = proto_item_add_subtree (item, ett_rs_pgo_query_result_t); } offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rs_pgo_query_result_t, &st); status = val_to_str_ext (st, &dce_error_vals_ext, "%u"); if (check_col (pinfo->cinfo, COL_INFO)) col_append_fstr (pinfo->cinfo, COL_INFO, " status:%s ", status); offset += 4; /* XXX */ switch (st) { case error_status_ok: offset = dissect_rs_pgo_result_t (tvb, offset, pinfo, tree, drep); break; default: ; } proto_item_set_len (item, offset - old_offset); return offset; }
/* IDL typedef [switch_type(long)] union { IDL [case(100)] [unique] TYPE_3 *element_3; IDL [case(101)] [unique] TYPE_4 *element_4; IDL } TYPE_2; */ static int dissect_browser_TYPE_2(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { guint32 level; /* this is really the union switch arm */ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_browser_unknown_long, &level); ALIGN_TO_4_BYTES; switch(level) { case 100: offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep, dissect_browser_TYPE_3, NDR_POINTER_UNIQUE, "unknown TYPE_3", -1); break; case 101: offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep, dissect_browser_TYPE_4, NDR_POINTER_UNIQUE, "unknown TYPE_4", -1); break; } return offset; }
static int dissect_error_status_t (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * parent_tree, dcerpc_info *di, guint8 * drep) { proto_item *item; proto_tree *tree; int old_offset = offset; guint32 st; const char *st_str; if (di->conformant_run) { return offset; } item = proto_tree_add_text (parent_tree, tvb, offset, -1, "error_status_t"); tree = proto_item_add_subtree (item, ett_error_status_t); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_error_status_t, &st); st_str = val_to_str_ext (st, &dce_error_vals_ext, "%u"); col_append_fstr (pinfo->cinfo, COL_INFO, " st:%s ", st_str); proto_item_set_len (item, offset - old_offset); return offset; }
/* IDL typedef struct { IDL long element_82; IDL [size_is(element_82)] [unique] byte *element_83; IDL } TYPE_12; */ static int dissect_browser_TYPE_12_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { guint32 len; dcerpc_info *di; int old_offset = offset; di=pinfo->private_data; if(di->conformant_run){ /* this call is to make wireshark eat the array header for the conformant run */ offset =dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep, NULL); return offset; } /* this is really the length of the encoded data */ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_browser_unknown_long, &len); proto_tree_add_item(tree, hf_browser_unknown_bytes, tvb, offset, len, FALSE); offset += len; if (offset < old_offset) THROW(ReportedBoundsError); return offset; }
/* IDL typedef struct { IDL long element_7; IDL [size_is(element_7)] [unique] byte *element_8; IDL } TYPE_4; */ static int dissect_browser_TYPE_4_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { guint32 len; int old_offset = offset; if(di->conformant_run) { /* this call is to make wireshark eat the array header for the conformant run */ offset =dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, NULL); return offset; } offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_browser_unknown_long, &len); proto_tree_add_item(tree, hf_browser_unknown_bytes, tvb, offset, len, ENC_NA); offset += len; if (offset < old_offset) THROW(ReportedBoundsError); return len; }
static int rs_pgo_dissect_get_members_rqst (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * tree, dcerpc_info *di, guint8 * drep) { guint32 max_members; if (di->conformant_run) { return offset; } /* [in] sec_rgy_domain_t name_domain, [in] sec_rgy_name_t go_name, [in, out] sec_rgy_cursor_t *member_cursor, [in] signed32 max_members, */ offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep); offset += 4; offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep); offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep, dissect_sec_rgy_cursor_t, NDR_POINTER_REF, "member_cursor:", -1); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rs_var1, &max_members); col_append_fstr (pinfo->cinfo, COL_INFO, " :max_members:%u", max_members); return offset; }
static int dissect_tapi_client_attach_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { offset = dissect_ndr_ctx_hnd(tvb, offset, pinfo, tree, di, drep, hf_tapi_hnd, NULL); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_tapi_unknown_long, NULL); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_tapi_rc, NULL); return offset; }
static int dissect_sec_rgy_name_t (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * parent_tree, guint8 * drep) { proto_item *item = NULL; proto_tree *tree = NULL; int old_offset = offset; #define sec_rgy_name_t_size 1025 /* typedef [string] char sec_rgy_name_t[sec_rgy_name_t_size]; */ guint32 string_size; dcerpc_info *di; di = (dcerpc_info *)pinfo->private_data; if (di->conformant_run) { return offset; } if (parent_tree) { item = proto_tree_add_text (parent_tree, tvb, offset, -1, "sec_rgy_name_t"); tree = proto_item_add_subtree (item, ett_sec_rgy_name_t); } offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_sec_rgy_name_t_size, &string_size); if (check_col (pinfo->cinfo, COL_INFO)) col_append_fstr (pinfo->cinfo, COL_INFO, " String_size:%u", string_size); if (string_size < sec_rgy_name_t_size) { /* proto_tree_add_string(tree, id, tvb, start, length, value_ptr); */ proto_tree_add_item (tree, hf_sec_rgy_name_t_principalName_string, tvb, offset, string_size, ENC_ASCII|ENC_NA); if (string_size > 1) { if (check_col (pinfo->cinfo, COL_INFO)) col_append_fstr (pinfo->cinfo, COL_INFO, " Principal:%s", tvb_get_ephemeral_string (tvb, offset, string_size)); } offset += string_size; } else { if (check_col (pinfo->cinfo, COL_INFO)) col_append_fstr (pinfo->cinfo, COL_INFO, " :FIXME!: Invalid string length of %u", string_size); } proto_item_set_len (item, offset - old_offset); return offset; }
static int dissect_browser_browserr_server_enum_ex_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, dissect_browser_TYPE_1, NDR_POINTER_REF, "unknown TYPE_1", -1); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_browser_unknown_long, NULL); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_browser_rc, NULL); return offset; }
/* IDL long BrowserrDebugCall( IDL [in] [unique] [string] wchar_t *element_18, IDL [in] long element_19, IDL [in] long element_20 IDL ); */ static int dissect_browser_browserr_debug_call_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep, NDR_POINTER_UNIQUE, "unknown string", hf_browser_unknown_string, 0); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_browser_unknown_long, NULL); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_browser_unknown_long, NULL); return offset; }
int dssetup_dissect_bitmap_DsRoleFlags(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_) { proto_item *item = NULL; proto_tree *tree = NULL; guint32 flags; ALIGN_TO_4_BYTES; if(parent_tree) { item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, 4, TRUE); tree = proto_item_add_subtree(item,ett_dssetup_dssetup_DsRoleFlags); } offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep, -1, &flags); proto_item_append_text(item, ": "); if (!flags) proto_item_append_text(item, "(No values set)"); proto_tree_add_boolean(tree, hf_dssetup_dssetup_DsRoleFlags_DS_ROLE_PRIMARY_DS_RUNNING, tvb, offset-4, 4, flags); if (flags&( 0x00000001 )){ proto_item_append_text(item, "DS_ROLE_PRIMARY_DS_RUNNING"); if (flags & (~( 0x00000001 ))) proto_item_append_text(item, ", "); } flags&=(~( 0x00000001 )); proto_tree_add_boolean(tree, hf_dssetup_dssetup_DsRoleFlags_DS_ROLE_PRIMARY_DS_MIXED_MODE, tvb, offset-4, 4, flags); if (flags&( 0x00000002 )){ proto_item_append_text(item, "DS_ROLE_PRIMARY_DS_MIXED_MODE"); if (flags & (~( 0x00000002 ))) proto_item_append_text(item, ", "); } flags&=(~( 0x00000002 )); proto_tree_add_boolean(tree, hf_dssetup_dssetup_DsRoleFlags_DS_ROLE_UPGRADE_IN_PROGRESS, tvb, offset-4, 4, flags); if (flags&( 0x00000004 )){ proto_item_append_text(item, "DS_ROLE_UPGRADE_IN_PROGRESS"); if (flags & (~( 0x00000004 ))) proto_item_append_text(item, ", "); } flags&=(~( 0x00000004 )); proto_tree_add_boolean(tree, hf_dssetup_dssetup_DsRoleFlags_DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT, tvb, offset-4, 4, flags); if (flags&( 0x01000000 )){ proto_item_append_text(item, "DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT"); if (flags & (~( 0x01000000 ))) proto_item_append_text(item, ", "); } flags&=(~( 0x01000000 )); if(flags){ proto_item_append_text(item, "Unknown bitmap value 0x%x", flags); } return offset; }
/* * IDL typedef struct { * IDL long is_locked, * IDL [unique][string] char *lock_owner, * IDL long lock_duration, * IDL }; */ static int svcctl_dissect_QUERY_SERVICE_LOCK_STATUS(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_svcctl_is_locked, NULL); offset = dissect_ndr_pointer( tvb, offset, pinfo, tree, drep, dissect_ndr_char_cvstring, NDR_POINTER_UNIQUE, "Owner", hf_svcctl_lock_owner); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_svcctl_lock_duration, NULL); return offset; }
static int dissect_browser_long_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, di->hf_index, NULL); return offset; }
static int krb5rpc_dissect_sendto_kdc_resp (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * tree, guint8 *drep) { guint32 resp_len, maxsize, spare1, keysize, remain; proto_item *item; tvbuff_t *krb5_tvb; proto_tree *subtree; /* * * [out] unsigned32 *resp_len, * [out, length_is(*resp_len), size_is(out_buf_len)] * byte out_buf[], * [out] error_status_t *st unsigned long * */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_krb5rpc_sendto_kdc_resp_len, &resp_len); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_krb5rpc_sendto_kdc_resp_max, &maxsize); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_krb5rpc_sendto_kdc_resp_spare1, &spare1); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_krb5rpc_sendto_kdc_resp_keysize, &keysize); item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, ENC_NA); subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5); remain = tvb_length_remaining(tvb, offset); krb5_tvb = tvb_new_subset (tvb, offset, remain, remain); offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE, NULL); offset += 16; /* no idea what this is, probably just extended encrypted text. */ return offset; }
static int rpriv_dissect_get_eptgt_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { /* [in] handle_t handle, * [in] unsigned32 authn_svc, * [in] unsigned32 authz_svc, * [in] rpriv_pickle_t *ptgt_req, * unsigned32 num_bytes; * [size_is(num_bytes)] * byte bytes[]; */ guint32 authn_svc, authz_svc, key_size, key_size2, var1; const char *key_t1 = NULL; const char *key_t2 = NULL; offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_authn_svc, &authn_svc); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_authz_svc, &authz_svc); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_var1, &var1); offset += 276; offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size); /* advance to get size of cell, and princ */ proto_tree_add_item (tree, hf_rpriv_get_eptgt_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA); key_t1 = tvb_get_ephemeral_string(tvb, offset, key_size); offset += key_size; offset += 8; offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size2); proto_tree_add_item (tree, hf_rpriv_get_eptgt_rqst_key_t2, tvb, offset, key_size2, ENC_ASCII|ENC_NA); key_t2 = tvb_get_ephemeral_string(tvb, offset, key_size2); offset += key_size2; if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, " Request for: %s in %s ", key_t2, key_t1); } return offset; }
static int dissect_sec_rgy_pname_t (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * parent_tree, dcerpc_info *di, guint8 * drep) { proto_item *item = NULL; proto_tree *tree = NULL; int old_offset = offset; #define sec_rgy_pname_t_size 257 /* dissect sec_rgy_pname const signed32 sec_rgy_pname_t_size = 257; * Include final '\0' * typedef [string] char sec_rgy_pname_t[sec_rgy_pname_t_size]; */ guint32 string_size; if (di->conformant_run) { return offset; } if (parent_tree) { item = proto_tree_add_text (parent_tree, tvb, offset, -1, "sec_rgy_pname_t"); tree = proto_item_add_subtree (item, ett_sec_rgy_pname_t); } offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_sec_rgy_pname_t_size, &string_size); col_append_fstr (pinfo->cinfo, COL_INFO, " String_size:%u", string_size); if (string_size < sec_rgy_pname_t_size) { /* proto_tree_add_string(tree, id, tvb, start, length, value_ptr); */ proto_tree_add_item (tree, hf_sec_rgy_pname_t_principalName_string, tvb, offset, string_size, ENC_ASCII|ENC_NA); if (string_size > 1) { col_append_fstr (pinfo->cinfo, COL_INFO, " Principal:%s", tvb_get_string(wmem_packet_scope(), tvb, offset, string_size)); } offset += string_size; } else { col_append_fstr (pinfo->cinfo, COL_INFO, " :FIXME!: Invalid string length of %u", string_size); } proto_item_set_len (item, offset - old_offset); return offset; }
static int dissect_tapi_client_request_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_tapi_rc, NULL); return offset; }
static int dissect_browser_browserr_set_netlogon_state_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_browser_rc, NULL); return offset; }
static int epm_dissect_ept_lookup_resp (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, di, drep, hf_epm_hnd, NULL); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_epm_num_ents, NULL); offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep, epm_dissect_ept_entry_t_array, NDR_POINTER_REF, "Entries:", -1); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_epm_rc, NULL); return offset; }