Coverage Report

Created: 2025-08-04 07:15

/src/wireshark/epan/dissectors/packet-dcerpc-rpriv.c
Line
Count
Source (jump to first uncovered line)
1
/* packet-dcerpc-rpriv.c
2
 *
3
 * Routines for DCERPC Privilege Server operations
4
 * Copyright 2002, Jaime Fournier <Jaime.Fournier@hush.com>
5
 * This information is based off the released idl files from opengroup.
6
 * ftp://ftp.opengroup.org/pub/dce122/dce/src/security.tar.gz  security/idl/rpriv.idl
7
 *
8
 * Wireshark - Network traffic analyzer
9
 * By Gerald Combs <gerald@wireshark.org>
10
 * Copyright 1998 Gerald Combs
11
 *
12
 * SPDX-License-Identifier: GPL-2.0-or-later
13
 */
14
15
#include "config.h"
16
17
18
#include <epan/packet.h>
19
#include "packet-dcerpc.h"
20
21
void proto_register_rpriv (void);
22
void proto_reg_handoff_rpriv (void);
23
24
static int proto_rpriv;
25
static int hf_rpriv_opnum;
26
static int hf_rpriv_get_eptgt_rqst_authn_svc;
27
static int hf_rpriv_get_eptgt_rqst_authz_svc;
28
static int hf_rpriv_get_eptgt_rqst_var1;
29
/* static int hf_rpriv_get_eptgt_rqst_key_size; */
30
static int hf_rpriv_get_eptgt_rqst_key_size2;
31
static int hf_rpriv_get_eptgt_rqst_key_t;
32
static int hf_rpriv_get_eptgt_rqst_key_t2;
33
34
static int ett_rpriv;
35
36
37
static e_guid_t uuid_rpriv = { 0xb1e338f8, 0x9533, 0x11c9, { 0xa3, 0x4a, 0x08, 0x00, 0x1e, 0x01, 0x9c, 0x1e } };
38
static uint16_t ver_rpriv = 1;
39
40
41
static int
42
rpriv_dissect_get_eptgt_rqst (tvbuff_t *tvb, int offset,
43
            packet_info *pinfo, proto_tree *tree,
44
            dcerpc_info *di, uint8_t *drep)
45
0
{
46
  /*        [in]        handle_t         handle,
47
   *        [in]        unsigned32       authn_svc,
48
   *        [in]        unsigned32       authz_svc,
49
   *        [in]        rpriv_pickle_t   *ptgt_req,
50
   *                    unsigned32          num_bytes;
51
   *                    [size_is(num_bytes)]
52
   *                    byte            bytes[];
53
   */
54
55
0
  uint32_t authn_svc, authz_svc, key_size, key_size2, var1;
56
0
  const uint8_t *key_t1 = NULL;
57
0
  const uint8_t *key_t2 = NULL;
58
59
0
  offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_authn_svc, &authn_svc);
60
0
  offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_authz_svc, &authz_svc);
61
0
  offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_var1, &var1);
62
0
  offset += 276;
63
0
  offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size);
64
  /* advance to get size of cell, and princ */
65
66
0
  proto_tree_add_item_ret_string(tree, hf_rpriv_get_eptgt_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA, pinfo->pool, &key_t1);
67
0
  offset += key_size;
68
69
0
  offset += 8;
70
0
  offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size2);
71
0
  proto_tree_add_item_ret_string(tree, hf_rpriv_get_eptgt_rqst_key_t2, tvb, offset, key_size2, ENC_ASCII|ENC_NA, pinfo->pool, &key_t2);
72
0
  offset += key_size2;
73
74
75
0
  col_append_fstr(pinfo->cinfo, COL_INFO,
76
0
        " Request for: %s in %s ", key_t2, key_t1);
77
78
0
  return offset;
79
80
0
}
81
82
83
static const dcerpc_sub_dissector rpriv_dissectors[] = {
84
  { 0, "get_ptgt", NULL,NULL},
85
  { 1, "become_delegate", NULL, NULL},
86
  { 2, "become_impersonator", NULL, NULL},
87
  { 3, "get_eptgt", rpriv_dissect_get_eptgt_rqst , NULL},
88
  { 0, NULL, NULL, NULL }
89
};
90
91
void
92
proto_register_rpriv (void)
93
14
{
94
14
  static hf_register_info hf[] = {
95
14
    { &hf_rpriv_opnum,
96
14
      { "Operation", "rpriv.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
97
14
    { &hf_rpriv_get_eptgt_rqst_authn_svc,
98
14
      { "Authn_Svc", "rpriv.get_eptgt_rqst_authn_svc", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
99
14
    { &hf_rpriv_get_eptgt_rqst_authz_svc,
100
14
      { "Authz_Svc", "rpriv.get_eptgt_rqst_authz_svc", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
101
#if 0
102
    { &hf_rpriv_get_eptgt_rqst_key_size,
103
      { "Key_Size", "rpriv.get_eptgt_rqst_key_size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
104
#endif
105
14
    { &hf_rpriv_get_eptgt_rqst_var1,
106
14
      { "Var1", "rpriv.get_eptgt_rqst_var1", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
107
14
    { &hf_rpriv_get_eptgt_rqst_key_size2,
108
14
      { "Key_Size", "rpriv.get_eptgt_rqst_key_size2", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
109
14
    { &hf_rpriv_get_eptgt_rqst_key_t,
110
14
      { "Key_t", "rpriv.get_eptgt_rqst_key_t", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
111
14
    { &hf_rpriv_get_eptgt_rqst_key_t2,
112
14
      { "Key_t2", "rpriv.get_eptgt_rqst_key_t2", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
113
114
14
  };
115
116
14
  static int *ett[] = {
117
14
    &ett_rpriv,
118
14
  };
119
14
  proto_rpriv = proto_register_protocol ("Privilege Server operations", "rpriv", "rpriv");
120
14
  proto_register_field_array (proto_rpriv, hf, array_length (hf));
121
14
  proto_register_subtree_array (ett, array_length (ett));
122
14
}
123
124
void
125
proto_reg_handoff_rpriv (void)
126
14
{
127
  /* Register the protocol as dcerpc */
128
14
  dcerpc_init_uuid (proto_rpriv, ett_rpriv, &uuid_rpriv, ver_rpriv, rpriv_dissectors, hf_rpriv_opnum);
129
14
}
130
131
/*
132
 * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
133
 *
134
 * Local variables:
135
 * c-basic-offset: 8
136
 * tab-width: 8
137
 * indent-tabs-mode: t
138
 * End:
139
 *
140
 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
141
 * :indentSize=8:tabSize=8:noTabs=false:
142
 */