/src/wireshark/epan/dissectors/packet-dcerpc-rs_acct.c

Source (jump to first uncovered line)
/* packet-dcerpc-rs_acct.c
 *
 * Routines for DFS/RS_ACCT
 * Copyright 2002, Jaime Fournier <Jaime.Fournier@hush.com>
 * This information is based off the released idl files from opengroup.
 * ftp://ftp.opengroup.org/pub/dce122/dce/src/security.tar.gz security/idl/rs_acct.idl
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <gerald@wireshark.org>
 * Copyright 1998 Gerald Combs
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

#include "config.h"


#include <epan/packet.h>
#include "packet-dcerpc.h"

void proto_register_rs_acct (void);
void proto_reg_handoff_rs_acct (void);

static int proto_rs_acct;
static int hf_rs_acct_opnum;
static int hf_rs_acct_lookup_rqst_var;
static int hf_rs_acct_lookup_rqst_key_size;
static int hf_rs_acct_lookup_rqst_key_t;
static int hf_rs_acct_get_projlist_rqst_var1;
static int hf_rs_acct_get_projlist_rqst_key_size;
static int hf_rs_acct_get_projlist_rqst_key_t;


static int ett_rs_acct;



static e_guid_t uuid_rs_acct = { 0x4c878280, 0x2000, 0x0000, { 0x0d, 0x00, 0x02, 0x87, 0x14, 0x00, 0x00, 0x00 } };
static uint16_t ver_rs_acct = 1;


static int
rs_acct_dissect_lookup_rqst (tvbuff_t *tvb, int offset,
    packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
{
  uint32_t key_size;
  const uint8_t *keyx_t = NULL;

  offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
      hf_rs_acct_lookup_rqst_var, NULL);
  offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
      hf_rs_acct_lookup_rqst_key_size, &key_size);

  if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */
    proto_tree_add_item_ret_string(tree, hf_rs_acct_lookup_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA, pinfo->pool, &keyx_t);
    offset += key_size;

    col_append_fstr(pinfo->cinfo, COL_INFO,
        " Request for: %s ", keyx_t);
  } else {
    col_append_str(pinfo->cinfo, COL_INFO,
        " Request (other)");
  }

  return offset;
}



static int
rs_acct_dissect_get_projlist_rqst (tvbuff_t *tvb, int offset,
    packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
{
  uint32_t key_size;
  const uint8_t *keyx_t = NULL;

  offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
      hf_rs_acct_get_projlist_rqst_var1, NULL);
  offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
      hf_rs_acct_get_projlist_rqst_key_size, &key_size);

  proto_tree_add_item_ret_string(tree, hf_rs_acct_get_projlist_rqst_key_t,
           tvb, offset, key_size, ENC_ASCII|ENC_NA, pinfo->pool, &keyx_t);
  offset += key_size;

  col_append_fstr(pinfo->cinfo, COL_INFO,
      " Request for: %s", keyx_t);

  return offset;
}


static const dcerpc_sub_dissector rs_acct_dissectors[] = {
  { 0, "add",      NULL,        NULL},
  { 1, "delete",       NULL,        NULL},
  { 2, "rename",       NULL,        NULL},
  { 3, "lookup",       rs_acct_dissect_lookup_rqst, NULL},
  { 4, "replace",      NULL,        NULL},
  { 5, "get_projlist", rs_acct_dissect_get_projlist_rqst, NULL},
  { 0, NULL, NULL, NULL }
};

void
proto_register_rs_acct (void)
{
  static hf_register_info hf[] = {
  { &hf_rs_acct_opnum,
    { "Operation", "rs_acct.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
  { &hf_rs_acct_lookup_rqst_var,
    { "Var", "rs_acct.lookup_rqst_var", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
  { &hf_rs_acct_lookup_rqst_key_size,
    { "Key Size", "rs_acct.lookup_rqst_key_size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
  { &hf_rs_acct_lookup_rqst_key_t,
    { "Key", "rs_acct.lookup_rqst_key_t", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
  { &hf_rs_acct_get_projlist_rqst_var1,
    { "Var1", "rs_acct.get_projlist_rqst_var1", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
  { &hf_rs_acct_get_projlist_rqst_key_size,
    { "Var1", "rs_acct.get_projlist_rqst_key_size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
  { &hf_rs_acct_get_projlist_rqst_key_t,
    { "Var1", "rs_acct.get_projlist_rqst_key_t", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }}
  };

  static int *ett[] = {
    &ett_rs_acct,
  };
  proto_rs_acct = proto_register_protocol ("DCE/RPC RS_ACCT", "RS_ACCT", "rs_acct");
  proto_register_field_array (proto_rs_acct, hf, array_length (hf));
  proto_register_subtree_array (ett, array_length (ett));
}



void
proto_reg_handoff_rs_acct (void)
{
  /* Register the protocol as dcerpc */
  dcerpc_init_uuid (proto_rs_acct, ett_rs_acct, &uuid_rs_acct, ver_rs_acct, rs_acct_dissectors, hf_rs_acct_opnum);
}

/*
 * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 *
 * Local variables:
 * c-basic-offset: 8
 * tab-width: 8
 * indent-tabs-mode: t
 * End:
 *
 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
 * :indentSize=8:tabSize=8:noTabs=false:
 */

Coverage Report

Created: 2025-02-15 06:25

Line	Count	Source (jump to first uncovered line)
1		/* packet-dcerpc-rs_acct.c
2		*
3		* Routines for DFS/RS_ACCT
4		* Copyright 2002, Jaime Fournier <Jaime.Fournier@hush.com>
5		* This information is based off the released idl files from opengroup.
6		* ftp://ftp.opengroup.org/pub/dce122/dce/src/security.tar.gz security/idl/rs_acct.idl
7		*
8		* Wireshark - Network traffic analyzer
9		* By Gerald Combs <gerald@wireshark.org>
10		* Copyright 1998 Gerald Combs
11		*
12		* SPDX-License-Identifier: GPL-2.0-or-later
13		*/
14
15		#include "config.h"
16
17
18		#include <epan/packet.h>
19		#include "packet-dcerpc.h"
20
21		void proto_register_rs_acct (void);
22		void proto_reg_handoff_rs_acct (void);
23
24		static int proto_rs_acct;
25		static int hf_rs_acct_opnum;
26		static int hf_rs_acct_lookup_rqst_var;
27		static int hf_rs_acct_lookup_rqst_key_size;
28		static int hf_rs_acct_lookup_rqst_key_t;
29		static int hf_rs_acct_get_projlist_rqst_var1;
30		static int hf_rs_acct_get_projlist_rqst_key_size;
31		static int hf_rs_acct_get_projlist_rqst_key_t;
32
33
34		static int ett_rs_acct;
35
36
37
38		static e_guid_t uuid_rs_acct = { 0x4c878280, 0x2000, 0x0000, { 0x0d, 0x00, 0x02, 0x87, 0x14, 0x00, 0x00, 0x00 } };
39		static uint16_t ver_rs_acct = 1;
40
41
42		static int
43		rs_acct_dissect_lookup_rqst (tvbuff_t *tvb, int offset,
44		packet_info pinfo, proto_tree tree, dcerpc_info di, uint8_t drep)
45	0	{
46	0	uint32_t key_size;
47	0	const uint8_t *keyx_t = NULL;
48
49	0	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
50	0	hf_rs_acct_lookup_rqst_var, NULL);
51	0	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
52	0	hf_rs_acct_lookup_rqst_key_size, &key_size);
53
54	0	if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */
55	0	proto_tree_add_item_ret_string(tree, hf_rs_acct_lookup_rqst_key_t, tvb, offset, key_size, ENC_ASCII\|ENC_NA, pinfo->pool, &keyx_t);
56	0	offset += key_size;
57
58	0	col_append_fstr(pinfo->cinfo, COL_INFO,
59	0	" Request for: %s ", keyx_t);
60	0	} else {
61	0	col_append_str(pinfo->cinfo, COL_INFO,
62	0	" Request (other)");
63	0	}
64
65	0	return offset;
66	0	}
67
68
69
70		static int
71		rs_acct_dissect_get_projlist_rqst (tvbuff_t *tvb, int offset,
72		packet_info pinfo, proto_tree tree, dcerpc_info di, uint8_t drep)
73	0	{
74	0	uint32_t key_size;
75	0	const uint8_t *keyx_t = NULL;
76
77	0	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
78	0	hf_rs_acct_get_projlist_rqst_var1, NULL);
79	0	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
80	0	hf_rs_acct_get_projlist_rqst_key_size, &key_size);
81
82	0	proto_tree_add_item_ret_string(tree, hf_rs_acct_get_projlist_rqst_key_t,
83	0	tvb, offset, key_size, ENC_ASCII\|ENC_NA, pinfo->pool, &keyx_t);
84	0	offset += key_size;
85
86	0	col_append_fstr(pinfo->cinfo, COL_INFO,
87	0	" Request for: %s", keyx_t);
88
89	0	return offset;
90	0	}
91
92
93		static const dcerpc_sub_dissector rs_acct_dissectors[] = {
94		{ 0, "add", NULL, NULL},
95		{ 1, "delete", NULL, NULL},
96		{ 2, "rename", NULL, NULL},
97		{ 3, "lookup", rs_acct_dissect_lookup_rqst, NULL},
98		{ 4, "replace", NULL, NULL},
99		{ 5, "get_projlist", rs_acct_dissect_get_projlist_rqst, NULL},
100		{ 0, NULL, NULL, NULL }
101		};
102
103		void
104		proto_register_rs_acct (void)
105	14	{
106	14	static hf_register_info hf[] = {
107	14	{ &hf_rs_acct_opnum,
108	14	{ "Operation", "rs_acct.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
109	14	{ &hf_rs_acct_lookup_rqst_var,
110	14	{ "Var", "rs_acct.lookup_rqst_var", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
111	14	{ &hf_rs_acct_lookup_rqst_key_size,
112	14	{ "Key Size", "rs_acct.lookup_rqst_key_size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
113	14	{ &hf_rs_acct_lookup_rqst_key_t,
114	14	{ "Key", "rs_acct.lookup_rqst_key_t", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
115	14	{ &hf_rs_acct_get_projlist_rqst_var1,
116	14	{ "Var1", "rs_acct.get_projlist_rqst_var1", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
117	14	{ &hf_rs_acct_get_projlist_rqst_key_size,
118	14	{ "Var1", "rs_acct.get_projlist_rqst_key_size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
119	14	{ &hf_rs_acct_get_projlist_rqst_key_t,
120	14	{ "Var1", "rs_acct.get_projlist_rqst_key_t", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }}
121	14	};
122
123	14	static int *ett[] = {
124	14	&ett_rs_acct,
125	14	};
126	14	proto_rs_acct = proto_register_protocol ("DCE/RPC RS_ACCT", "RS_ACCT", "rs_acct");
127	14	proto_register_field_array (proto_rs_acct, hf, array_length (hf));
128	14	proto_register_subtree_array (ett, array_length (ett));
129	14	}
130
131
132
133		void
134		proto_reg_handoff_rs_acct (void)
135	14	{
136		/* Register the protocol as dcerpc */
137	14	dcerpc_init_uuid (proto_rs_acct, ett_rs_acct, &uuid_rs_acct, ver_rs_acct, rs_acct_dissectors, hf_rs_acct_opnum);
138	14	}
139
140		/*
141		* Editor modelines - https://www.wireshark.org/tools/modelines.html
142		*
143		* Local variables:
144		* c-basic-offset: 8
145		* tab-width: 8
146		* indent-tabs-mode: t
147		* End:
148		*
149		* vi: set shiftwidth=8 tabstop=8 noexpandtab:
150		* :indentSize=8:tabSize=8:noTabs=false:
151		*/