/src/wireshark/epan/dissectors/packet-dcerpc-misc.c
Line | Count | Source |
1 | | /* DO NOT EDIT |
2 | | This file was automatically generated by Pidl |
3 | | from misc.idl and misc.cnf. |
4 | | |
5 | | Pidl is a perl based IDL compiler for DCE/RPC idl files. |
6 | | It is maintained by the Samba team, not the Wireshark team. |
7 | | Instructions on how to download and install Pidl can be |
8 | | found at https://wiki.wireshark.org/Pidl |
9 | | */ |
10 | | |
11 | | |
12 | | #include "config.h" |
13 | | #include <string.h> |
14 | | #include <wsutil/array.h> |
15 | | #include <epan/packet.h> |
16 | | #include <epan/tfs.h> |
17 | | |
18 | | #include "packet-dcerpc.h" |
19 | | #include "packet-dcerpc-nt.h" |
20 | | #include "packet-windows-common.h" |
21 | | #include "packet-dcerpc-misc.h" |
22 | | void proto_register_dcerpc_misc(void); |
23 | | void proto_reg_handoff_dcerpc_misc(void); |
24 | | |
25 | | /* Ett declarations */ |
26 | | static int ett_dcerpc_misc; |
27 | | static int ett_misc_GUID; |
28 | | static int ett_misc_ndr_syntax_id; |
29 | | static int ett_misc_policy_handle; |
30 | | static int ett_misc_KRB5_EDATA_NTSTATUS; |
31 | | |
32 | | |
33 | | /* Header field declarations */ |
34 | | static int hf_misc_GUID_clock_seq; |
35 | | static int hf_misc_GUID_node; |
36 | | static int hf_misc_GUID_time_hi_and_version; |
37 | | static int hf_misc_GUID_time_low; |
38 | | static int hf_misc_GUID_time_mid; |
39 | | static int hf_misc_KRB5_EDATA_NTSTATUS_ntstatus; |
40 | | static int hf_misc_KRB5_EDATA_NTSTATUS_unknown1; |
41 | | static int hf_misc_KRB5_EDATA_NTSTATUS_unknown2; |
42 | | static int hf_misc_ndr_syntax_id_if_version; |
43 | | static int hf_misc_ndr_syntax_id_uuid; |
44 | | static int hf_misc_opnum; |
45 | | static int hf_misc_policy_handle_handle_type; |
46 | | static int hf_misc_policy_handle_uuid; |
47 | | |
48 | | static int proto_dcerpc_misc; |
49 | | /* Version information */ |
50 | | |
51 | | |
52 | | static e_guid_t uuid_dcerpc_misc = { |
53 | | 0x12345678, 0x1234, 0x1234, |
54 | | { 0x12, 0x34, 0xab, 0xcd, 0xef, 0x12, 0x34, 0x56 } |
55 | | }; |
56 | | static uint16_t ver_dcerpc_misc = 1; |
57 | | |
58 | | static unsigned misc_dissect_element_GUID_time_low(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
59 | | static unsigned misc_dissect_element_GUID_time_mid(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
60 | | static unsigned misc_dissect_element_GUID_time_hi_and_version(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
61 | | static unsigned misc_dissect_element_GUID_clock_seq(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
62 | | static unsigned misc_dissect_element_GUID_clock_seq_(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
63 | | static unsigned misc_dissect_element_GUID_node(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
64 | | static unsigned misc_dissect_element_GUID_node_(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
65 | | static unsigned misc_dissect_element_ndr_syntax_id_uuid(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
66 | | static unsigned misc_dissect_element_ndr_syntax_id_if_version(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
67 | | static unsigned misc_dissect_element_policy_handle_handle_type(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
68 | | static unsigned misc_dissect_element_policy_handle_uuid(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
69 | | const value_string misc_netr_SchannelType_vals[] = { |
70 | | { SEC_CHAN_NULL, "SEC_CHAN_NULL" }, |
71 | | { SEC_CHAN_LOCAL, "SEC_CHAN_LOCAL" }, |
72 | | { SEC_CHAN_WKSTA, "SEC_CHAN_WKSTA" }, |
73 | | { SEC_CHAN_DNS_DOMAIN, "SEC_CHAN_DNS_DOMAIN" }, |
74 | | { SEC_CHAN_DOMAIN, "SEC_CHAN_DOMAIN" }, |
75 | | { SEC_CHAN_LANMAN, "SEC_CHAN_LANMAN" }, |
76 | | { SEC_CHAN_BDC, "SEC_CHAN_BDC" }, |
77 | | { SEC_CHAN_RODC, "SEC_CHAN_RODC" }, |
78 | | { 0, NULL } |
79 | | }; |
80 | | static unsigned misc_dissect_element_KRB5_EDATA_NTSTATUS_ntstatus(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
81 | | static unsigned misc_dissect_element_KRB5_EDATA_NTSTATUS_unknown1(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
82 | | static unsigned misc_dissect_element_KRB5_EDATA_NTSTATUS_unknown2(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_); |
83 | | const value_string misc_winreg_Type_vals[] = { |
84 | | { REG_NONE, "REG_NONE" }, |
85 | | { REG_SZ, "REG_SZ" }, |
86 | | { REG_EXPAND_SZ, "REG_EXPAND_SZ" }, |
87 | | { REG_BINARY, "REG_BINARY" }, |
88 | | { REG_DWORD, "REG_DWORD" }, |
89 | | { REG_DWORD_BIG_ENDIAN, "REG_DWORD_BIG_ENDIAN" }, |
90 | | { REG_LINK, "REG_LINK" }, |
91 | | { REG_MULTI_SZ, "REG_MULTI_SZ" }, |
92 | | { REG_RESOURCE_LIST, "REG_RESOURCE_LIST" }, |
93 | | { REG_FULL_RESOURCE_DESCRIPTOR, "REG_FULL_RESOURCE_DESCRIPTOR" }, |
94 | | { REG_RESOURCE_REQUIREMENTS_LIST, "REG_RESOURCE_REQUIREMENTS_LIST" }, |
95 | | { REG_QWORD, "REG_QWORD" }, |
96 | | { 0, NULL } |
97 | | }; |
98 | | |
99 | | |
100 | | /* IDL: struct { */ |
101 | | /* IDL: uint32 time_low; */ |
102 | | /* IDL: uint16 time_mid; */ |
103 | | /* IDL: uint16 time_hi_and_version; */ |
104 | | /* IDL: uint8 clock_seq[2]; */ |
105 | | /* IDL: uint8 node[6]; */ |
106 | | /* IDL: } */ |
107 | | |
108 | | static unsigned |
109 | | misc_dissect_element_GUID_time_low(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
110 | 0 | { |
111 | 0 | offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_misc_GUID_time_low, 0); |
112 | |
|
113 | 0 | return offset; |
114 | 0 | } |
115 | | |
116 | | static unsigned |
117 | | misc_dissect_element_GUID_time_mid(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
118 | 0 | { |
119 | 0 | offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_misc_GUID_time_mid, 0); |
120 | |
|
121 | 0 | return offset; |
122 | 0 | } |
123 | | |
124 | | static unsigned |
125 | | misc_dissect_element_GUID_time_hi_and_version(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
126 | 0 | { |
127 | 0 | offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_misc_GUID_time_hi_and_version, 0); |
128 | |
|
129 | 0 | return offset; |
130 | 0 | } |
131 | | |
132 | | static unsigned |
133 | | misc_dissect_element_GUID_clock_seq(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
134 | 0 | { |
135 | 0 | int i; |
136 | 0 | for (i = 0; i < 2; i++) |
137 | 0 | offset = misc_dissect_element_GUID_clock_seq_(tvb, offset, pinfo, tree, di, drep); |
138 | |
|
139 | 0 | return offset; |
140 | 0 | } |
141 | | |
142 | | static unsigned |
143 | | misc_dissect_element_GUID_clock_seq_(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
144 | 0 | { |
145 | 0 | offset = PIDL_dissect_uint8(tvb, offset, pinfo, tree, di, drep, hf_misc_GUID_clock_seq, 0); |
146 | |
|
147 | 0 | return offset; |
148 | 0 | } |
149 | | |
150 | | static unsigned |
151 | | misc_dissect_element_GUID_node(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
152 | 0 | { |
153 | 0 | int i; |
154 | 0 | for (i = 0; i < 6; i++) |
155 | 0 | offset = misc_dissect_element_GUID_node_(tvb, offset, pinfo, tree, di, drep); |
156 | |
|
157 | 0 | return offset; |
158 | 0 | } |
159 | | |
160 | | static unsigned |
161 | | misc_dissect_element_GUID_node_(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
162 | 0 | { |
163 | 0 | offset = PIDL_dissect_uint8(tvb, offset, pinfo, tree, di, drep, hf_misc_GUID_node, 0); |
164 | |
|
165 | 0 | return offset; |
166 | 0 | } |
167 | | |
168 | | unsigned |
169 | | misc_dissect_struct_GUID(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_) |
170 | 0 | { |
171 | 0 | proto_item *item = NULL; |
172 | 0 | proto_tree *tree = NULL; |
173 | 0 | unsigned old_offset; |
174 | |
|
175 | 0 | ALIGN_TO_4_BYTES; |
176 | |
|
177 | 0 | old_offset = offset; |
178 | |
|
179 | 0 | if (parent_tree) { |
180 | 0 | item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA); |
181 | 0 | tree = proto_item_add_subtree(item, ett_misc_GUID); |
182 | 0 | } |
183 | |
|
184 | 0 | offset = misc_dissect_element_GUID_time_low(tvb, offset, pinfo, tree, di, drep); |
185 | |
|
186 | 0 | offset = misc_dissect_element_GUID_time_mid(tvb, offset, pinfo, tree, di, drep); |
187 | |
|
188 | 0 | offset = misc_dissect_element_GUID_time_hi_and_version(tvb, offset, pinfo, tree, di, drep); |
189 | |
|
190 | 0 | offset = misc_dissect_element_GUID_clock_seq(tvb, offset, pinfo, tree, di, drep); |
191 | |
|
192 | 0 | offset = misc_dissect_element_GUID_node(tvb, offset, pinfo, tree, di, drep); |
193 | | |
194 | |
|
195 | 0 | proto_item_set_len(item, offset-old_offset); |
196 | | |
197 | |
|
198 | 0 | if (di->call_data->flags & DCERPC_IS_NDR64) { |
199 | 0 | ALIGN_TO_4_BYTES; |
200 | 0 | } |
201 | |
|
202 | 0 | return offset; |
203 | 0 | } |
204 | | |
205 | | |
206 | | /* IDL: struct { */ |
207 | | /* IDL: GUID uuid; */ |
208 | | /* IDL: uint32 if_version; */ |
209 | | /* IDL: } */ |
210 | | |
211 | | static unsigned |
212 | | misc_dissect_element_ndr_syntax_id_uuid(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
213 | 0 | { |
214 | 0 | offset = dissect_ndr_uuid_t(tvb, offset, pinfo, tree, di, drep, hf_misc_ndr_syntax_id_uuid, NULL); |
215 | |
|
216 | 0 | return offset; |
217 | 0 | } |
218 | | |
219 | | static unsigned |
220 | | misc_dissect_element_ndr_syntax_id_if_version(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
221 | 0 | { |
222 | 0 | offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_misc_ndr_syntax_id_if_version, 0); |
223 | |
|
224 | 0 | return offset; |
225 | 0 | } |
226 | | |
227 | | unsigned |
228 | | misc_dissect_struct_ndr_syntax_id(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_) |
229 | 0 | { |
230 | 0 | proto_item *item = NULL; |
231 | 0 | proto_tree *tree = NULL; |
232 | 0 | unsigned old_offset; |
233 | |
|
234 | 0 | ALIGN_TO_4_BYTES; |
235 | |
|
236 | 0 | old_offset = offset; |
237 | |
|
238 | 0 | if (parent_tree) { |
239 | 0 | item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA); |
240 | 0 | tree = proto_item_add_subtree(item, ett_misc_ndr_syntax_id); |
241 | 0 | } |
242 | |
|
243 | 0 | offset = misc_dissect_element_ndr_syntax_id_uuid(tvb, offset, pinfo, tree, di, drep); |
244 | |
|
245 | 0 | offset = misc_dissect_element_ndr_syntax_id_if_version(tvb, offset, pinfo, tree, di, drep); |
246 | | |
247 | |
|
248 | 0 | proto_item_set_len(item, offset-old_offset); |
249 | | |
250 | |
|
251 | 0 | if (di->call_data->flags & DCERPC_IS_NDR64) { |
252 | 0 | ALIGN_TO_4_BYTES; |
253 | 0 | } |
254 | |
|
255 | 0 | return offset; |
256 | 0 | } |
257 | | |
258 | | |
259 | | /* IDL: struct { */ |
260 | | /* IDL: uint32 handle_type; */ |
261 | | /* IDL: GUID uuid; */ |
262 | | /* IDL: } */ |
263 | | |
264 | | static unsigned |
265 | | misc_dissect_element_policy_handle_handle_type(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
266 | 0 | { |
267 | 0 | offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_misc_policy_handle_handle_type, 0); |
268 | |
|
269 | 0 | return offset; |
270 | 0 | } |
271 | | |
272 | | static unsigned |
273 | | misc_dissect_element_policy_handle_uuid(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
274 | 0 | { |
275 | 0 | offset = dissect_ndr_uuid_t(tvb, offset, pinfo, tree, di, drep, hf_misc_policy_handle_uuid, NULL); |
276 | |
|
277 | 0 | return offset; |
278 | 0 | } |
279 | | |
280 | | unsigned |
281 | | misc_dissect_struct_policy_handle(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_) |
282 | 0 | { |
283 | 0 | proto_item *item = NULL; |
284 | 0 | proto_tree *tree = NULL; |
285 | 0 | unsigned old_offset; |
286 | |
|
287 | 0 | ALIGN_TO_4_BYTES; |
288 | |
|
289 | 0 | old_offset = offset; |
290 | |
|
291 | 0 | if (parent_tree) { |
292 | 0 | item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA); |
293 | 0 | tree = proto_item_add_subtree(item, ett_misc_policy_handle); |
294 | 0 | } |
295 | |
|
296 | 0 | offset = misc_dissect_element_policy_handle_handle_type(tvb, offset, pinfo, tree, di, drep); |
297 | |
|
298 | 0 | offset = misc_dissect_element_policy_handle_uuid(tvb, offset, pinfo, tree, di, drep); |
299 | | |
300 | |
|
301 | 0 | proto_item_set_len(item, offset-old_offset); |
302 | | |
303 | |
|
304 | 0 | if (di->call_data->flags & DCERPC_IS_NDR64) { |
305 | 0 | ALIGN_TO_4_BYTES; |
306 | 0 | } |
307 | |
|
308 | 0 | return offset; |
309 | 0 | } |
310 | | |
311 | | |
312 | | /* IDL: enum { */ |
313 | | /* IDL: SEC_CHAN_NULL=0, */ |
314 | | /* IDL: SEC_CHAN_LOCAL=1, */ |
315 | | /* IDL: SEC_CHAN_WKSTA=2, */ |
316 | | /* IDL: SEC_CHAN_DNS_DOMAIN=3, */ |
317 | | /* IDL: SEC_CHAN_DOMAIN=4, */ |
318 | | /* IDL: SEC_CHAN_LANMAN=5, */ |
319 | | /* IDL: SEC_CHAN_BDC=6, */ |
320 | | /* IDL: SEC_CHAN_RODC=7, */ |
321 | | /* IDL: } */ |
322 | | |
323 | | unsigned |
324 | | misc_dissect_enum_netr_SchannelType(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t *param _U_) |
325 | 0 | { |
326 | 0 | uint32_t parameter=0; |
327 | 0 | if (param) { |
328 | 0 | parameter = *param; |
329 | 0 | } |
330 | 0 | offset = dissect_ndr_uint1632(tvb, offset, pinfo, tree, di, drep, hf_index, ¶meter); |
331 | 0 | if (param) { |
332 | 0 | *param = parameter; |
333 | 0 | } |
334 | 0 | return offset; |
335 | 0 | } |
336 | | |
337 | | |
338 | | /* IDL: struct { */ |
339 | | /* IDL: NTSTATUS ntstatus; */ |
340 | | /* IDL: uint32 unknown1; */ |
341 | | /* IDL: uint32 unknown2; */ |
342 | | /* IDL: } */ |
343 | | |
344 | | static unsigned |
345 | | misc_dissect_element_KRB5_EDATA_NTSTATUS_ntstatus(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
346 | 0 | { |
347 | 0 | offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_misc_KRB5_EDATA_NTSTATUS_ntstatus, 0); |
348 | |
|
349 | 0 | return offset; |
350 | 0 | } |
351 | | |
352 | | static unsigned |
353 | | misc_dissect_element_KRB5_EDATA_NTSTATUS_unknown1(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
354 | 0 | { |
355 | 0 | offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_misc_KRB5_EDATA_NTSTATUS_unknown1, 0); |
356 | |
|
357 | 0 | return offset; |
358 | 0 | } |
359 | | |
360 | | static unsigned |
361 | | misc_dissect_element_KRB5_EDATA_NTSTATUS_unknown2(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_) |
362 | 0 | { |
363 | 0 | offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_misc_KRB5_EDATA_NTSTATUS_unknown2, 0); |
364 | |
|
365 | 0 | return offset; |
366 | 0 | } |
367 | | |
368 | | unsigned |
369 | | misc_dissect_struct_KRB5_EDATA_NTSTATUS(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_) |
370 | 0 | { |
371 | 0 | proto_item *item = NULL; |
372 | 0 | proto_tree *tree = NULL; |
373 | 0 | unsigned old_offset; |
374 | |
|
375 | 0 | ALIGN_TO_4_BYTES; |
376 | |
|
377 | 0 | old_offset = offset; |
378 | |
|
379 | 0 | if (parent_tree) { |
380 | 0 | item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA); |
381 | 0 | tree = proto_item_add_subtree(item, ett_misc_KRB5_EDATA_NTSTATUS); |
382 | 0 | } |
383 | |
|
384 | 0 | offset = misc_dissect_element_KRB5_EDATA_NTSTATUS_ntstatus(tvb, offset, pinfo, tree, di, drep); |
385 | |
|
386 | 0 | offset = misc_dissect_element_KRB5_EDATA_NTSTATUS_unknown1(tvb, offset, pinfo, tree, di, drep); |
387 | |
|
388 | 0 | offset = misc_dissect_element_KRB5_EDATA_NTSTATUS_unknown2(tvb, offset, pinfo, tree, di, drep); |
389 | | |
390 | |
|
391 | 0 | proto_item_set_len(item, offset-old_offset); |
392 | | |
393 | |
|
394 | 0 | if (di->call_data->flags & DCERPC_IS_NDR64) { |
395 | 0 | ALIGN_TO_4_BYTES; |
396 | 0 | } |
397 | |
|
398 | 0 | return offset; |
399 | 0 | } |
400 | | |
401 | | |
402 | | /* IDL: enum { */ |
403 | | /* IDL: REG_NONE=0, */ |
404 | | /* IDL: REG_SZ=1, */ |
405 | | /* IDL: REG_EXPAND_SZ=2, */ |
406 | | /* IDL: REG_BINARY=3, */ |
407 | | /* IDL: REG_DWORD=4, */ |
408 | | /* IDL: REG_DWORD_BIG_ENDIAN=5, */ |
409 | | /* IDL: REG_LINK=6, */ |
410 | | /* IDL: REG_MULTI_SZ=7, */ |
411 | | /* IDL: REG_RESOURCE_LIST=8, */ |
412 | | /* IDL: REG_FULL_RESOURCE_DESCRIPTOR=9, */ |
413 | | /* IDL: REG_RESOURCE_REQUIREMENTS_LIST=10, */ |
414 | | /* IDL: REG_QWORD=11, */ |
415 | | /* IDL: } */ |
416 | | |
417 | | unsigned |
418 | | misc_dissect_enum_winreg_Type(tvbuff_t *tvb _U_, unsigned offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t *param _U_) |
419 | 0 | { |
420 | 0 | uint32_t parameter=0; |
421 | 0 | if (param) { |
422 | 0 | parameter = *param; |
423 | 0 | } |
424 | 0 | offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_index, ¶meter); |
425 | 0 | if (param) { |
426 | 0 | *param = parameter; |
427 | 0 | } |
428 | 0 | return offset; |
429 | 0 | } |
430 | | |
431 | | |
432 | | /* IDL: [flag(LIBNDR_FLAG_LITTLE_ENDIAN)] [nodiscriminant(1)] [public(1)] union { */ |
433 | | /* IDL: [case(REG_NONE)] [case(REG_NONE)] EMPTY ; */ |
434 | | /* IDL: [case(REG_SZ)] [case(REG_SZ)] [flag(LIBNDR_FLAG_STR_NULLTERM)] string string; */ |
435 | | /* IDL: [case(REG_EXPAND_SZ)] [case(REG_EXPAND_SZ)] [flag(LIBNDR_FLAG_STR_NULLTERM)] string string; */ |
436 | | /* IDL: [case(REG_BINARY)] [case(REG_BINARY)] [flag(LIBNDR_FLAG_REMAINING)] DATA_BLOB binary; */ |
437 | | /* IDL: [case(REG_DWORD)] [case(REG_DWORD)] uint32 value; */ |
438 | | /* IDL: [case(REG_DWORD_BIG_ENDIAN)] [case(REG_DWORD_BIG_ENDIAN)] [flag(LIBNDR_FLAG_BIGENDIAN)] uint32 value; */ |
439 | | /* IDL: [case(REG_MULTI_SZ)] [case(REG_MULTI_SZ)] [flag(LIBNDR_FLAG_STR_NULLTERM)] string_array string_array; */ |
440 | | /* IDL: [default] ; */ |
441 | | /* IDL: } */ |
442 | | |
443 | | |
444 | | static const dcerpc_sub_dissector misc_dissectors[] = { |
445 | | { 0, NULL, NULL, NULL } |
446 | | }; |
447 | | |
448 | | void proto_register_dcerpc_misc(void) |
449 | 15 | { |
450 | 15 | static hf_register_info hf[] = { |
451 | 15 | { &hf_misc_GUID_clock_seq, |
452 | 15 | { "Clock Seq", "misc.GUID.clock_seq", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }}, |
453 | 15 | { &hf_misc_GUID_node, |
454 | 15 | { "Node", "misc.GUID.node", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }}, |
455 | 15 | { &hf_misc_GUID_time_hi_and_version, |
456 | 15 | { "Time Hi And Version", "misc.GUID.time_hi_and_version", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, |
457 | 15 | { &hf_misc_GUID_time_low, |
458 | 15 | { "Time Low", "misc.GUID.time_low", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, |
459 | 15 | { &hf_misc_GUID_time_mid, |
460 | 15 | { "Time Mid", "misc.GUID.time_mid", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, |
461 | 15 | { &hf_misc_KRB5_EDATA_NTSTATUS_ntstatus, |
462 | 15 | { "Ntstatus", "misc.KRB5_EDATA_NTSTATUS.ntstatus", FT_UINT32, BASE_HEX|BASE_EXT_STRING, &NT_errors_ext, 0, NULL, HFILL }}, |
463 | 15 | { &hf_misc_KRB5_EDATA_NTSTATUS_unknown1, |
464 | 15 | { "Unknown1", "misc.KRB5_EDATA_NTSTATUS.unknown1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, |
465 | 15 | { &hf_misc_KRB5_EDATA_NTSTATUS_unknown2, |
466 | 15 | { "Unknown2", "misc.KRB5_EDATA_NTSTATUS.unknown2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, |
467 | 15 | { &hf_misc_ndr_syntax_id_if_version, |
468 | 15 | { "If Version", "misc.ndr_syntax_id.if_version", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, |
469 | 15 | { &hf_misc_ndr_syntax_id_uuid, |
470 | 15 | { "Uuid", "misc.ndr_syntax_id.uuid", FT_GUID, BASE_NONE, NULL, 0, NULL, HFILL }}, |
471 | 15 | { &hf_misc_opnum, |
472 | 15 | { "Operation", "misc.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, |
473 | 15 | { &hf_misc_policy_handle_handle_type, |
474 | 15 | { "Handle Type", "misc.policy_handle.handle_type", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, |
475 | 15 | { &hf_misc_policy_handle_uuid, |
476 | 15 | { "Uuid", "misc.policy_handle.uuid", FT_GUID, BASE_NONE, NULL, 0, NULL, HFILL }}, |
477 | 15 | }; |
478 | | |
479 | | |
480 | 15 | static int *ett[] = { |
481 | 15 | &ett_dcerpc_misc, |
482 | 15 | &ett_misc_GUID, |
483 | 15 | &ett_misc_ndr_syntax_id, |
484 | 15 | &ett_misc_policy_handle, |
485 | 15 | &ett_misc_KRB5_EDATA_NTSTATUS, |
486 | 15 | }; |
487 | | |
488 | 15 | proto_dcerpc_misc = proto_register_protocol("MISC (pidl)", "MISC", "misc"); |
489 | 15 | proto_register_field_array(proto_dcerpc_misc, hf, array_length (hf)); |
490 | 15 | proto_register_subtree_array(ett, array_length(ett)); |
491 | 15 | } |
492 | | |
493 | | void proto_reg_handoff_dcerpc_misc(void) |
494 | 15 | { |
495 | 15 | dcerpc_init_uuid(proto_dcerpc_misc, ett_dcerpc_misc, |
496 | 15 | &uuid_dcerpc_misc, ver_dcerpc_misc, |
497 | 15 | misc_dissectors, hf_misc_opnum); |
498 | 15 | } |