static int
svcctl_dissect_EnumServicesStatus_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
/* policy handle */
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
hf_svcctl_hnd, NULL, NULL, FALSE, FALSE);
/* service type */
offset = svcctl_dissect_dwServiceType_flags(tvb, offset, pinfo, tree, drep, SVC_ENUM_SERVICES_STATUS_W);
/* service state */
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_svcctl_service_state, NULL);
/* size */
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_svcctl_size, NULL);
/* resume handle */
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
svcctl_dissect_pointer_long, NDR_POINTER_UNIQUE,
"Resume Handle", hf_svcctl_resume);
return offset;
}
static int
rs_acct_dissect_get_projlist_rqst (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint32 key_size;
const char *keyx_t = NULL;
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_rs_acct_get_projlist_rqst_var1, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_rs_acct_get_projlist_rqst_key_size, &key_size);
proto_tree_add_string (tree, hf_rs_acct_get_projlist_rqst_key_t,
tvb, offset, hf_rs_acct_get_projlist_rqst_key_size,
tvb_get_ptr (tvb, offset, key_size));
keyx_t = (const char *)tvb_get_ptr(tvb,offset,key_size);
offset += key_size;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO,
" Request for: %s", keyx_t);
}
return offset;
}
static int
rs_misc_dissect_login_get_info_rqst (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
guint32 key_size;
const guint8 *key_t1 = NULL;
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
hf_rs_misc_login_get_info_rqst_var, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
hf_rs_misc_login_get_info_rqst_key_size, &key_size);
if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */
proto_tree_add_item_ret_string(tree, hf_rs_misc_login_get_info_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA, wmem_packet_scope(), &key_t1);
offset += key_size;
col_append_fstr(pinfo->cinfo, COL_INFO,
"rs_login_get_info Request for: %s ", key_t1);
} else {
col_append_str(pinfo->cinfo, COL_INFO,
"rs_login_get_info Request (other)");
}
return offset;
}
static int
rs_acct_dissect_lookup_rqst (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint32 key_size;
const char *keyx_t = NULL;
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_rs_acct_lookup_rqst_var, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_rs_acct_lookup_rqst_key_size, &key_size);
if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */
proto_tree_add_item (tree, hf_rs_acct_lookup_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA);
keyx_t = tvb_get_ephemeral_string(tvb, offset, key_size);
offset += key_size;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO,
" Request for: %s ", keyx_t);
}
} else {
col_append_str(pinfo->cinfo, COL_INFO,
" Request (other)");
}
return offset;
}
static int
krb5rpc_dissect_sendto_kdc_rqst (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
guint8 *drep)
{
guint32 keysize, spare1, remain;
proto_item *item;
tvbuff_t *krb5_tvb;
proto_tree *subtree;
/*
* [in] handle_t h,
* [in] unsigned32 len,
* [in, size_is(len)]
* byte message[],
* [in] unsigned32 out_buf_len,
*/
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_krb5rpc_sendto_kdc_rqst_keysize, &keysize);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_krb5rpc_sendto_kdc_rqst_spare1, &spare1);
item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, ENC_NA);
subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5);
remain = tvb_length_remaining(tvb, offset);
krb5_tvb = tvb_new_subset (tvb, offset, remain, remain);
offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE, NULL);
return offset;
}
static int
epm_dissect_ept_lookup_rqst (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_epm_inquiry_type, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
epm_dissect_pointer_UUID, NDR_POINTER_PTR,
"Object:", hf_epm_object);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
epm_dissect_pointer_IF_ID, NDR_POINTER_PTR,
"Interface:", hf_epm_if_id);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_epm_ver_opt, NULL);
offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, di, drep,
hf_epm_hnd, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_epm_max_ents, NULL);
return offset;
}
static int
dissect_sec_rgy_cursor_t (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * parent_tree,
guint8 * drep)
{
/*
* Database cursor for iterative operations
*
typedef struct {
uuid_t source;
signed32 handle;
boolean32 valid;
} sec_rgy_cursor_t;
*/
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset = offset;
dcerpc_info *di;
e_uuid_t source;
guint32 handle, valid;
di = (dcerpc_info *)pinfo->private_data;
if (di->conformant_run)
{
return offset;
}
if (parent_tree)
{
item =
proto_tree_add_text (parent_tree, tvb, offset, -1,
" sec_rgy_cursor_t ");
tree = proto_item_add_subtree (item, ett_sec_rgy_cursor_t);
}
offset =
dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep, hf_rs_uuid1, &source);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_rs_sec_rgy_pgo_item_t_unix_num, &handle);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_rs_sec_rgy_pgo_item_t_quota, &valid);
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO,
" sec_rgy_cursor_t - source %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x handle:%u valid:%u",
source.Data1, source.Data2, source.Data3,
source.Data4[0], source.Data4[1], source.Data4[2],
source.Data4[3], source.Data4[4], source.Data4[5],
source.Data4[6], source.Data4[7], handle, valid);
proto_item_set_len (item, offset - old_offset);
return offset;
}
static int
conv_dissect_who_are_you2_resp (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
/*
* [out] unsigned32 *seq,
* [out] uuid_t *cas_uuid,
*
* [out] unsigned32 *st
*/
guint32 seq, st;
e_guid_t cas_uuid;
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_conv_who_are_you2_resp_seq, &seq);
offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, di, drep, hf_conv_who_are_you2_resp_casuuid, &cas_uuid);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_conv_rc, &st);
col_add_fstr(pinfo->cinfo, COL_INFO,
"conv_who_are_you2 response seq:%u st:%s cas:%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
seq, val_to_str_ext(st, &dce_error_vals_ext, "%u"),
cas_uuid.data1, cas_uuid.data2, cas_uuid.data3,
cas_uuid.data4[0], cas_uuid.data4[1], cas_uuid.data4[2], cas_uuid.data4[3],
cas_uuid.data4[4], cas_uuid.data4[5], cas_uuid.data4[6], cas_uuid.data4[7]);
return offset;
}
static int
dissect_sec_rgy_pgo_item_t (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * parent_tree,
dcerpc_info *di, guint8 * drep)
{
/*
typedef struct {
uuid_t id;
signed32 unix_num;
signed32 quota;
sec_rgy_pgo_flags_t flags;
sec_rgy_pname_t fullname;
} sec_rgy_pgo_item_t;
*/
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset = offset;
e_uuid_t id;
guint32 unix_num, quota;
if (di->conformant_run)
{
return offset;
}
if (parent_tree)
{
item =
proto_tree_add_text (parent_tree, tvb, offset, -1,
" sec_rgy_pgo_item_t ");
tree = proto_item_add_subtree (item, ett_sec_rgy_pgo_item_t);
}
offset =
dissect_ndr_uuid_t(tvb, offset, pinfo, tree, di, drep, hf_rs_uuid1, &id);
offset =
dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_rs_sec_rgy_pgo_item_t_unix_num, &unix_num);
offset =
dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_rs_sec_rgy_pgo_item_t_quota, "a);
offset = dissect_sec_rgy_pgo_flags_t (tvb, offset, pinfo, tree, di, drep);
offset += 4; /* XXX */
offset = dissect_sec_rgy_pname_t (tvb, offset, pinfo, tree, di, drep);
col_append_fstr (pinfo->cinfo, COL_INFO,
" sec_rgy_pgo_item_t - id %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x unix_num:%u quota:%u",
id.Data1, id.Data2, id.Data3, id.Data4[0],
id.Data4[1], id.Data4[2], id.Data4[3],
id.Data4[4], id.Data4[5], id.Data4[6],
id.Data4[7], unix_num, quota);
proto_item_set_len (item, offset - old_offset);
return offset;
}
static int
dissect_browser_browserr_query_other_domains_reply(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_browser_unknown_long, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_browser_rc, NULL);
return offset;
}
static int
epm_dissect_ept_entry_t(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
int old_offset=offset;
guint32 len;
dcerpc_info *di;
const char *str;
di=pinfo->private_data;
if(di->conformant_run){
return offset;
}
if(parent_tree){
item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Entry:");
tree = proto_item_add_subtree(item, ett_epm_entry);
}
offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep,
hf_epm_object, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
epm_dissect_tower, NDR_POINTER_PTR,
"Tower pointer:", -1);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_epm_ann_offset, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_epm_ann_len, &len);
str=tvb_get_ephemeral_string(tvb, offset, len);
proto_tree_add_item(tree, hf_epm_annotation, tvb, offset, len, ENC_ASCII|ENC_NA);
offset += len;
if(str&&str[0]){
if(parent_tree) {
proto_item_append_text(item, " Service:%s ", str);
proto_item_append_text(tree->parent, " Service:%s ", str);
}
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, ", Service:%s", str);
}
}
proto_item_set_len(item, offset-old_offset);
return offset;
}
static int
dissect_rs_pgo_query_result_t (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * parent_tree,
guint8 * drep)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset = offset;
guint32 st;
dcerpc_info *di;
const char *status;
#define error_status_ok 0
/*
typedef union switch (signed32 status) tagged_union {
case error_status_ok:
rs_pgo_result_t result;
default:
; * empty branch of union *
} rs_pgo_query_result_t;
*/
di = (dcerpc_info *)pinfo->private_data;
if (di->conformant_run)
{
return offset;
}
if (parent_tree)
{
item = proto_tree_add_text (parent_tree, tvb, offset, -1,
"rs_pgo_query_result_t");
tree = proto_item_add_subtree (item, ett_rs_pgo_query_result_t);
}
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_rs_pgo_query_result_t, &st);
status = val_to_str_ext (st, &dce_error_vals_ext, "%u");
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO, " status:%s ", status);
offset += 4; /* XXX */
switch (st)
{
case error_status_ok:
offset = dissect_rs_pgo_result_t (tvb, offset, pinfo, tree, drep);
break;
default:
;
}
proto_item_set_len (item, offset - old_offset);
return offset;
}
/*
IDL typedef [switch_type(long)] union {
IDL [case(100)] [unique] TYPE_3 *element_3;
IDL [case(101)] [unique] TYPE_4 *element_4;
IDL } TYPE_2;
*/
static int
dissect_browser_TYPE_2(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
guint32 level;
/* this is really the union switch arm */
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_browser_unknown_long, &level);
ALIGN_TO_4_BYTES;
switch(level) {
case 100:
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_browser_TYPE_3, NDR_POINTER_UNIQUE,
"unknown TYPE_3", -1);
break;
case 101:
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_browser_TYPE_4, NDR_POINTER_UNIQUE,
"unknown TYPE_4", -1);
break;
}
return offset;
}
static int
dissect_error_status_t (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * parent_tree,
dcerpc_info *di, guint8 * drep)
{
proto_item *item;
proto_tree *tree;
int old_offset = offset;
guint32 st;
const char *st_str;
if (di->conformant_run)
{
return offset;
}
item = proto_tree_add_text (parent_tree, tvb, offset, -1, "error_status_t");
tree = proto_item_add_subtree (item, ett_error_status_t);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_error_status_t,
&st);
st_str = val_to_str_ext (st, &dce_error_vals_ext, "%u");
col_append_fstr (pinfo->cinfo, COL_INFO, " st:%s ", st_str);
proto_item_set_len (item, offset - old_offset);
return offset;
}
/*
IDL typedef struct {
IDL long element_82;
IDL [size_is(element_82)] [unique] byte *element_83;
IDL } TYPE_12;
*/
static int
dissect_browser_TYPE_12_data(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
guint8 *drep)
{
guint32 len;
dcerpc_info *di;
int old_offset = offset;
di=pinfo->private_data;
if(di->conformant_run){
/* this call is to make wireshark eat the array header for the conformant run */
offset =dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep, NULL);
return offset;
}
/* this is really the length of the encoded data */
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_browser_unknown_long, &len);
proto_tree_add_item(tree, hf_browser_unknown_bytes, tvb, offset, len,
FALSE);
offset += len;
if (offset < old_offset)
THROW(ReportedBoundsError);
return offset;
}
/*
IDL typedef struct {
IDL long element_7;
IDL [size_is(element_7)] [unique] byte *element_8;
IDL } TYPE_4;
*/
static int
dissect_browser_TYPE_4_data(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
guint32 len;
int old_offset = offset;
if(di->conformant_run) {
/* this call is to make wireshark eat the array header for the conformant run */
offset =dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, NULL);
return offset;
}
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_browser_unknown_long, &len);
proto_tree_add_item(tree, hf_browser_unknown_bytes, tvb, offset, len,
ENC_NA);
offset += len;
if (offset < old_offset)
THROW(ReportedBoundsError);
return len;
}
static int
rs_pgo_dissect_get_members_rqst (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
dcerpc_info *di, guint8 * drep)
{
guint32 max_members;
if (di->conformant_run)
{
return offset;
}
/*
[in] sec_rgy_domain_t name_domain,
[in] sec_rgy_name_t go_name,
[in, out] sec_rgy_cursor_t *member_cursor,
[in] signed32 max_members,
*/
offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
offset += 4;
offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
offset =
dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
dissect_sec_rgy_cursor_t, NDR_POINTER_REF,
"member_cursor:", -1);
offset =
dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rs_var1,
&max_members);
col_append_fstr (pinfo->cinfo, COL_INFO, " :max_members:%u", max_members);
return offset;
}
static int
dissect_tapi_client_attach_reply(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
offset = dissect_ndr_ctx_hnd(tvb, offset, pinfo, tree, di, drep,
hf_tapi_hnd, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_tapi_unknown_long, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_tapi_rc, NULL);
return offset;
}
static int
dissect_sec_rgy_name_t (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * parent_tree,
guint8 * drep)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset = offset;
#define sec_rgy_name_t_size 1025
/* typedef [string] char sec_rgy_name_t[sec_rgy_name_t_size]; */
guint32 string_size;
dcerpc_info *di;
di = (dcerpc_info *)pinfo->private_data;
if (di->conformant_run)
{
return offset;
}
if (parent_tree)
{
item =
proto_tree_add_text (parent_tree, tvb, offset, -1, "sec_rgy_name_t");
tree = proto_item_add_subtree (item, ett_sec_rgy_name_t);
}
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_sec_rgy_name_t_size, &string_size);
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO, " String_size:%u", string_size);
if (string_size < sec_rgy_name_t_size)
{
/* proto_tree_add_string(tree, id, tvb, start, length, value_ptr); */
proto_tree_add_item (tree, hf_sec_rgy_name_t_principalName_string,
tvb, offset, string_size, ENC_ASCII|ENC_NA);
if (string_size > 1)
{
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO, " Principal:%s",
tvb_get_ephemeral_string (tvb, offset, string_size));
}
offset += string_size;
}
else
{
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO,
" :FIXME!: Invalid string length of %u",
string_size);
}
proto_item_set_len (item, offset - old_offset);
return offset;
}
static int
dissect_browser_browserr_server_enum_ex_reply(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_browser_TYPE_1, NDR_POINTER_REF,
"unknown TYPE_1", -1);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_browser_unknown_long, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_browser_rc, NULL);
return offset;
}
/*
IDL long BrowserrDebugCall(
IDL [in] [unique] [string] wchar_t *element_18,
IDL [in] long element_19,
IDL [in] long element_20
IDL );
*/
static int
dissect_browser_browserr_debug_call_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
NDR_POINTER_UNIQUE, "unknown string",
hf_browser_unknown_string, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_browser_unknown_long, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_browser_unknown_long, NULL);
return offset;
}
int
dssetup_dissect_bitmap_DsRoleFlags(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
guint32 flags;
ALIGN_TO_4_BYTES;
if(parent_tree) {
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, 4, TRUE);
tree = proto_item_add_subtree(item,ett_dssetup_dssetup_DsRoleFlags);
}
offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep, -1, &flags);
proto_item_append_text(item, ": ");
if (!flags)
proto_item_append_text(item, "(No values set)");
proto_tree_add_boolean(tree, hf_dssetup_dssetup_DsRoleFlags_DS_ROLE_PRIMARY_DS_RUNNING, tvb, offset-4, 4, flags);
if (flags&( 0x00000001 )){
proto_item_append_text(item, "DS_ROLE_PRIMARY_DS_RUNNING");
if (flags & (~( 0x00000001 )))
proto_item_append_text(item, ", ");
}
flags&=(~( 0x00000001 ));
proto_tree_add_boolean(tree, hf_dssetup_dssetup_DsRoleFlags_DS_ROLE_PRIMARY_DS_MIXED_MODE, tvb, offset-4, 4, flags);
if (flags&( 0x00000002 )){
proto_item_append_text(item, "DS_ROLE_PRIMARY_DS_MIXED_MODE");
if (flags & (~( 0x00000002 )))
proto_item_append_text(item, ", ");
}
flags&=(~( 0x00000002 ));
proto_tree_add_boolean(tree, hf_dssetup_dssetup_DsRoleFlags_DS_ROLE_UPGRADE_IN_PROGRESS, tvb, offset-4, 4, flags);
if (flags&( 0x00000004 )){
proto_item_append_text(item, "DS_ROLE_UPGRADE_IN_PROGRESS");
if (flags & (~( 0x00000004 )))
proto_item_append_text(item, ", ");
}
flags&=(~( 0x00000004 ));
proto_tree_add_boolean(tree, hf_dssetup_dssetup_DsRoleFlags_DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT, tvb, offset-4, 4, flags);
if (flags&( 0x01000000 )){
proto_item_append_text(item, "DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT");
if (flags & (~( 0x01000000 )))
proto_item_append_text(item, ", ");
}
flags&=(~( 0x01000000 ));
if(flags){
proto_item_append_text(item, "Unknown bitmap value 0x%x", flags);
}
return offset;
}
/*
* IDL typedef struct {
* IDL long is_locked,
* IDL [unique][string] char *lock_owner,
* IDL long lock_duration,
* IDL };
*/
static int
svcctl_dissect_QUERY_SERVICE_LOCK_STATUS(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
guint8 *drep)
{
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_svcctl_is_locked, NULL);
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_ndr_char_cvstring, NDR_POINTER_UNIQUE,
"Owner", hf_svcctl_lock_owner);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_svcctl_lock_duration, NULL);
return offset;
}
static int
dissect_browser_long_pointer(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
di->hf_index, NULL);
return offset;
}
static int
krb5rpc_dissect_sendto_kdc_resp (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * tree,
guint8 *drep)
{
guint32 resp_len, maxsize, spare1, keysize, remain;
proto_item *item;
tvbuff_t *krb5_tvb;
proto_tree *subtree;
/*
*
* [out] unsigned32 *resp_len,
* [out, length_is(*resp_len), size_is(out_buf_len)]
* byte out_buf[],
* [out] error_status_t *st unsigned long
*
*/
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_krb5rpc_sendto_kdc_resp_len, &resp_len);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_krb5rpc_sendto_kdc_resp_max, &maxsize);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_krb5rpc_sendto_kdc_resp_spare1, &spare1);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_krb5rpc_sendto_kdc_resp_keysize, &keysize);
item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, ENC_NA);
subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5);
remain = tvb_length_remaining(tvb, offset);
krb5_tvb = tvb_new_subset (tvb, offset, remain, remain);
offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE, NULL);
offset += 16; /* no idea what this is, probably just extended encrypted text. */
return offset;
}
static int
rpriv_dissect_get_eptgt_rqst (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
guint8 *drep)
{
/* [in] handle_t handle,
* [in] unsigned32 authn_svc,
* [in] unsigned32 authz_svc,
* [in] rpriv_pickle_t *ptgt_req,
* unsigned32 num_bytes;
* [size_is(num_bytes)]
* byte bytes[];
*/
guint32 authn_svc, authz_svc, key_size, key_size2, var1;
const char *key_t1 = NULL;
const char *key_t2 = NULL;
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_authn_svc, &authn_svc);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_authz_svc, &authz_svc);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_var1, &var1);
offset += 276;
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size);
/* advance to get size of cell, and princ */
proto_tree_add_item (tree, hf_rpriv_get_eptgt_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA);
key_t1 = tvb_get_ephemeral_string(tvb, offset, key_size);
offset += key_size;
offset += 8;
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size2);
proto_tree_add_item (tree, hf_rpriv_get_eptgt_rqst_key_t2, tvb, offset, key_size2, ENC_ASCII|ENC_NA);
key_t2 = tvb_get_ephemeral_string(tvb, offset, key_size2);
offset += key_size2;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO,
" Request for: %s in %s ", key_t2, key_t1);
}
return offset;
}
static int
dissect_sec_rgy_pname_t (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * parent_tree,
dcerpc_info *di, guint8 * drep)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset = offset;
#define sec_rgy_pname_t_size 257
/*
dissect sec_rgy_pname const signed32 sec_rgy_pname_t_size = 257; * Include final '\0' *
typedef [string] char sec_rgy_pname_t[sec_rgy_pname_t_size];
*/
guint32 string_size;
if (di->conformant_run)
{
return offset;
}
if (parent_tree)
{
item =
proto_tree_add_text (parent_tree, tvb, offset, -1, "sec_rgy_pname_t");
tree = proto_item_add_subtree (item, ett_sec_rgy_pname_t);
}
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
hf_sec_rgy_pname_t_size, &string_size);
col_append_fstr (pinfo->cinfo, COL_INFO, " String_size:%u", string_size);
if (string_size < sec_rgy_pname_t_size)
{
/* proto_tree_add_string(tree, id, tvb, start, length, value_ptr); */
proto_tree_add_item (tree, hf_sec_rgy_pname_t_principalName_string,
tvb, offset, string_size, ENC_ASCII|ENC_NA);
if (string_size > 1)
{
col_append_fstr (pinfo->cinfo, COL_INFO, " Principal:%s",
tvb_get_string(wmem_packet_scope(), tvb, offset, string_size));
}
offset += string_size;
}
else
{
col_append_fstr (pinfo->cinfo, COL_INFO,
" :FIXME!: Invalid string length of %u",
string_size);
}
proto_item_set_len (item, offset - old_offset);
return offset;
}
static int
dissect_tapi_client_request_reply(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_tapi_rc, NULL);
return offset;
}
static int
dissect_browser_browserr_set_netlogon_state_reply(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_browser_rc, NULL);
return offset;
}
static int
epm_dissect_ept_lookup_resp (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
dcerpc_info *di, guint8 *drep)
{
offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, di, drep,
hf_epm_hnd, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_epm_num_ents, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
epm_dissect_ept_entry_t_array, NDR_POINTER_REF,
"Entries:", -1);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_epm_rc, NULL);
return offset;
}
