static int
rs_pgo_dissect_add_resp (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
dcerpc_info *di, guint8 * drep)
{
gint buff_remain;
if (di->conformant_run)
{
return offset;
}
/*
[out] rs_cache_data_t *cache_info,
[out] error_status_t *status
*/
buff_remain = tvb_length_remaining(tvb, offset);
/* found several add_member responses that had 8 bytes of data. first was 4 0's and last was 3 zeros and a 1 */
if (buff_remain > 8) {
offset =
dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_rs_cache_data_t, NDR_POINTER_REF,
"cache_info: ", -1);
}
offset =
dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_error_status_t, NDR_POINTER_REF, "status: ",
-1);
return offset;
}
/*
IDL typedef [switch_type(long)] union {
IDL [case(100)] [unique] TYPE_3 *element_3;
IDL [case(101)] [unique] TYPE_4 *element_4;
IDL } TYPE_2;
*/
static int
dissect_browser_TYPE_2(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
guint32 level;
/* this is really the union switch arm */
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_browser_unknown_long, &level);
ALIGN_TO_4_BYTES;
switch(level) {
case 100:
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_browser_TYPE_3, NDR_POINTER_UNIQUE,
"unknown TYPE_3", -1);
break;
case 101:
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_browser_TYPE_4, NDR_POINTER_UNIQUE,
"unknown TYPE_4", -1);
break;
}
return offset;
}
static int
rs_pgo_dissect_delete_member_resp (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
dcerpc_info *di, guint8 * drep)
{
if (di->conformant_run)
{
return offset;
}
/*
[out] rs_cache_data_t *cache_info,
[out] error_status_t *status
*/
offset =
dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_rs_cache_data_t, NDR_POINTER_REF,
"cache_info:", -1);
offset =
dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_error_status_t, NDR_POINTER_REF, "status:",
-1);
return offset;
}
static int
epm_dissect_ept_lookup_rqst (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_epm_inquiry_type, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
epm_dissect_pointer_UUID, NDR_POINTER_PTR,
"Object:", hf_epm_object);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
epm_dissect_pointer_IF_ID, NDR_POINTER_PTR,
"Interface:", hf_epm_if_id);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_epm_ver_opt, NULL);
offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, di, drep,
hf_epm_hnd, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_epm_max_ents, NULL);
return offset;
}
static int
rs_pgo_dissect_key_transfer_resp (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
guint8 * drep)
{
dcerpc_info *di;
di = (dcerpc_info *)pinfo->private_data;
if (di->conformant_run)
{
return offset;
}
/*
[in, out] rs_pgo_query_key_t *key,
[out] rs_cache_data_t *cache_info,
[out] error_status_t *status
*/
offset =
dissect_ndr_pointer (tvb, offset, pinfo, tree, drep,
dissect_rs_pgo_query_key_t, NDR_POINTER_REF, "key:",
-1);
offset =
dissect_ndr_pointer (tvb, offset, pinfo, tree, drep,
dissect_rs_cache_data_t, NDR_POINTER_REF,
"cache_info:", -1);
offset =
dissect_ndr_pointer (tvb, offset, pinfo, tree, drep,
dissect_error_status_t, NDR_POINTER_REF, "status:",
-1);
return offset;
}
static int
rs_pgo_dissect_get_resp (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
dcerpc_info *di, guint8 * drep)
{
if (di->conformant_run)
{
return offset;
}
/*
[in, out] sec_rgy_cursor_t *item_cursor,
[out] rs_cache_data_t *cache_info,
[out] rs_pgo_query_result_t *result
*/
offset =
dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_sec_rgy_cursor_t, NDR_POINTER_REF,
"item_cursor:", -1);
offset =
dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_rs_cache_data_t, NDR_POINTER_REF,
"cache_info:", -1);
offset =
dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_rs_pgo_query_result_t, NDR_POINTER_REF,
"result:", -1);
return offset;
}
static int
rs_pgo_dissect_key_transfer_rqst (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
dcerpc_info *di, guint8 * drep)
{
if (di->conformant_run)
{
return offset;
}
/*
[in] sec_rgy_domain_t name_domain,
[in] rs_pgo_query_t requested_result_type,
[in, out] rs_pgo_query_key_t *key,
*/
offset += 4;
offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
offset = dissect_rs_pgo_query_t (tvb, offset, pinfo, tree, di, drep);
offset =
dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_rs_pgo_query_key_t, NDR_POINTER_REF, "key:",
-1);
return offset;
}
static int
rs_pgo_dissect_replace_rqst (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
guint8 * drep)
{
dcerpc_info *di;
di = (dcerpc_info *)pinfo->private_data;
if (di->conformant_run)
{
return offset;
}
/*
[in] sec_rgy_domain_t name_domain,
[in] sec_rgy_name_t pgo_name,
[in] sec_rgy_pgo_item_t *pgo_item,
*/
offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, drep);
offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, drep);
offset =
dissect_ndr_pointer (tvb, offset, pinfo, tree, drep,
dissect_sec_rgy_pgo_item_t, NDR_POINTER_REF,
"pgo_item:", -1);
return offset;
}
static int
rs_pgo_dissect_get_members_rqst (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
dcerpc_info *di, guint8 * drep)
{
guint32 max_members;
if (di->conformant_run)
{
return offset;
}
/*
[in] sec_rgy_domain_t name_domain,
[in] sec_rgy_name_t go_name,
[in, out] sec_rgy_cursor_t *member_cursor,
[in] signed32 max_members,
*/
offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
offset += 4;
offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
offset =
dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_sec_rgy_cursor_t, NDR_POINTER_REF,
"member_cursor:", -1);
offset =
dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rs_var1,
&max_members);
col_append_fstr (pinfo->cinfo, COL_INFO, " :max_members:%u", max_members);
return offset;
}
static int
svcctl_dissect_EnumServicesStatus_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
/* policy handle */
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
hf_svcctl_hnd, NULL, NULL, FALSE, FALSE);
/* service type */
offset = svcctl_dissect_dwServiceType_flags(tvb, offset, pinfo, tree, drep, SVC_ENUM_SERVICES_STATUS_W);
/* service state */
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_svcctl_service_state, NULL);
/* size */
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_svcctl_size, NULL);
/* resume handle */
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
svcctl_dissect_pointer_long, NDR_POINTER_UNIQUE,
"Resume Handle", hf_svcctl_resume);
return offset;
}
static int
rs_pgo_dissect_add_rqst (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
dcerpc_info *di, guint8 * drep)
{
if (di->conformant_run)
{
return offset;
}
/*
[in] sec_rgy_domain_t name_domain,
[in] sec_rgy_name_t pgo_name,
[in] sec_rgy_pgo_item_t *pgo_item,
*/
offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
offset += 4;
offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
offset =
dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_sec_rgy_pgo_item_t, NDR_POINTER_REF,
"sec_rgy_pgo_item_t: ", -1);
return offset;
}
/*
* IDL [in][string][ref] char *server;
* IDL [in][string][ref] char *client;
* IDL [in][string][ref] char *message;
*/
static int
messenger_dissect_send_message_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_ndr_char_cvstring, NDR_POINTER_REF,
"Server", hf_messenger_server);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_ndr_char_cvstring, NDR_POINTER_REF,
"Client", hf_messenger_client);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_ndr_char_cvstring, NDR_POINTER_REF,
"Message", hf_messenger_message);
return offset;
}
static int
rs_pgo_dissect_get_rqst (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
guint8 * drep)
{
dcerpc_info *di;
guint32 allow_aliases;
di = (dcerpc_info *)pinfo->private_data;
if (di->conformant_run)
{
return offset;
}
/*
[in] sec_rgy_domain_t name_domain,
[in] rs_pgo_query_key_t *key,
[in] boolean32 allow_aliases,
[in, out] sec_rgy_cursor_t *item_cursor,
*/
offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, drep);
offset =
dissect_ndr_pointer (tvb, offset, pinfo, tree, drep,
dissect_rs_pgo_query_key_t, NDR_POINTER_REF, "key:",
-1);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rs_var1,
&allow_aliases);
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO, " :allow_aliases:%u",
allow_aliases);
offset += 4; /* XXX */
offset =
dissect_ndr_pointer (tvb, offset, pinfo, tree, drep,
dissect_sec_rgy_cursor_t, NDR_POINTER_REF,
"item_cursor:", -1);
return offset;
}
static int
dissect_browser_browserr_server_enum_reply(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_browser_TYPE_1, NDR_POINTER_REF,
"unknown TYPE_1", -1);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_browser_unknown_long, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_browser_long_pointer, NDR_POINTER_UNIQUE,
"unknown long", hf_browser_unknown_long);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_browser_rc, NULL);
return offset;
}
static int
epm_dissect_ept_entry_t(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
int old_offset=offset;
guint32 len;
dcerpc_info *di;
const char *str;
di=pinfo->private_data;
if(di->conformant_run){
return offset;
}
if(parent_tree){
item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Entry:");
tree = proto_item_add_subtree(item, ett_epm_entry);
}
offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep,
hf_epm_object, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
epm_dissect_tower, NDR_POINTER_PTR,
"Tower pointer:", -1);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_epm_ann_offset, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_epm_ann_len, &len);
str=tvb_get_ephemeral_string(tvb, offset, len);
proto_tree_add_item(tree, hf_epm_annotation, tvb, offset, len, ENC_ASCII|ENC_NA);
offset += len;
if(str&&str[0]){
if(parent_tree) {
proto_item_append_text(item, " Service:%s ", str);
proto_item_append_text(tree->parent, " Service:%s ", str);
}
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, ", Service:%s", str);
}
}
proto_item_set_len(item, offset-old_offset);
return offset;
}
static int
dissect_browser_netr_browser_statistics_get_reply(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_browser_TYPE_7, NDR_POINTER_REF,
"unknown TYPE_7", -1);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_browser_rc, NULL);
return offset;
}
static int
dissect_browser_TYPE_3(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_browser_unknown_long, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_browser_TYPE_3_data, NDR_POINTER_UNIQUE,
"unknown TYPE_3", -1);
return offset;
}
static int
dissect_browser_browserr_query_emulated_domains_reply(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_browser_TYPE_12, NDR_POINTER_REF,
"unknown TYPE_12", -1);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_browser_rc, NULL);
return offset;
}
/*
IDL long BrowserrQueryEmulatedDomains(
IDL [in] [unique] [string] wchar_t *element_84,
IDL [in,out] [ref] TYPE_12 *element_85
);
*/
static int
dissect_browser_browserr_query_emulated_domains_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_UNIQUE, "unknown string",
hf_browser_unknown_string, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_browser_TYPE_12, NDR_POINTER_REF,
"unknown TYPE_12", -1);
return offset;
}
static int
dissect_tapi_client_request_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
offset = dissect_ndr_ctx_hnd(tvb, offset, pinfo, tree, di, drep,
hf_tapi_hnd, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_tapi_TYPE_1, NDR_POINTER_REF,
"unknown array", -1);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_tapi_unknown_long, NULL);
return offset;
}
static int
svcctl_dissect_QueryServiceLockStatus_reply(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
svcctl_dissect_QUERY_SERVICE_LOCK_STATUS, NDR_POINTER_REF,
"LOCK_STATUS", -1);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_svcctl_required_size, NULL);
offset = dissect_doserror(
tvb, offset, pinfo, tree, drep, hf_svcctl_rc, NULL);
return offset;
}
/*
* IDL typedef struct {
* IDL long is_locked,
* IDL [unique][string] char *lock_owner,
* IDL long lock_duration,
* IDL };
*/
static int
svcctl_dissect_QUERY_SERVICE_LOCK_STATUS(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
guint8 *drep)
{
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_svcctl_is_locked, NULL);
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_ndr_char_cvstring, NDR_POINTER_UNIQUE,
"Owner", hf_svcctl_lock_owner);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_svcctl_lock_duration, NULL);
return offset;
}
/*
IDL long NetrBrowserStatisticsGet(
IDL [in] [unique] [string] wchar_t *element_75,
IDL [in] long element_76,
IDL [in,out] [ref] TYPE_7 *element_77
IDL );
*/
static int
dissect_browser_netr_browser_statistics_get_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_UNIQUE, "unknown string",
hf_browser_unknown_string, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_browser_unknown_long, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_browser_TYPE_7, NDR_POINTER_REF,
"unknown TYPE_7", -1);
return offset;
}
static int
epm_dissect_ept_lookup_resp (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, di, drep,
hf_epm_hnd, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_epm_num_ents, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
epm_dissect_ept_entry_t_array, NDR_POINTER_REF,
"Entries:", -1);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_epm_rc, NULL);
return offset;
}