Ethereal-dev: [Ethereal-dev] samr, epm, and ndr updates
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Todd Sabin <tas@xxxxxxxxxxx>
Date: 06 Dec 2001 13:01:51 -0500
Here's the patch referred to in my reply to the SPOOLSS mail from
Ronnie. Note this doesn't (yet) have the code to do the UNISTR2 (or
dissect_ndr_conformant_varying_array) stuff in it.
Todd
p.s. On the winnt_errs[] array in there, I've got tons more error
codes that could be added. The question is do we add everything
that's documented (many of which will never be seen on the network) or
only add the ones that are known to be used on the network. It mainly
boils down to a question of memory usage. So, for reference, I've got
around 800 that I know. Want em?
cvs server: Diffing .
Index: packet-dcerpc-epm.c
===================================================================
RCS file: /cvsroot/ethereal/packet-dcerpc-epm.c,v
retrieving revision 1.2
diff -u -r1.2 packet-dcerpc-epm.c
--- packet-dcerpc-epm.c 2001/11/27 09:27:29 1.2
+++ packet-dcerpc-epm.c 2001/12/06 16:18:33
@@ -105,12 +105,9 @@
{
guint32 dummy;
- /* need a dissect_ndr_ctx_handle */
- if (tree) {
- proto_tree_add_bytes (tree, hf_epm_lookup_hnd, tvb, offset, 20,
- tvb_get_ptr (tvb, offset, 20));
- }
- offset += 20;
+
+ offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
+ hf_epm_lookup_hnd, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_epm_num_ents, NULL);
Index: packet-dcerpc-ndr.c
===================================================================
RCS file: /cvsroot/ethereal/packet-dcerpc-ndr.c,v
retrieving revision 1.1
diff -u -r1.1 packet-dcerpc-ndr.c
--- packet-dcerpc-ndr.c 2001/11/27 09:27:29 1.1
+++ packet-dcerpc-ndr.c 2001/12/06 16:18:33
@@ -106,3 +106,26 @@
return offset + 16;
}
+
+int
+dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, e_ctx_hnd *pdata)
+{
+ e_ctx_hnd ctx_hnd;
+
+ if (offset % 4) {
+ offset += 4 - (offset % 4);
+ }
+ ctx_hnd.Data1 = dcerpc_tvb_get_ntohl (tvb, offset, drep);
+ dcerpc_tvb_get_uuid (tvb, offset+4, drep, &ctx_hnd.uuid);
+ if (tree) {
+ proto_tree_add_bytes (tree, hfindex, tvb, offset, 20,
+ tvb_get_ptr (tvb, offset, 20));
+ }
+ if (pdata) {
+ *pdata = ctx_hnd;
+ }
+ return offset + 20;
+}
+
Index: packet-dcerpc-samr.c
===================================================================
RCS file: /cvsroot/ethereal/packet-dcerpc-samr.c,v
retrieving revision 1.1
diff -u -r1.1 packet-dcerpc-samr.c
--- packet-dcerpc-samr.c 2001/11/21 02:08:57 1.1
+++ packet-dcerpc-samr.c 2001/12/06 16:18:33
@@ -33,6 +33,12 @@
#include "packet-dcerpc-samr.h"
static int proto_dcerpc_samr = -1;
+
+static int hf_samr_hnd = -1;
+static int hf_samr_perms = -1;
+static int hf_samr_rid = -1;
+static int hf_samr_rc = -1;
+
static gint ett_dcerpc_samr = -1;
static e_uuid_t uuid_dcerpc_samr = {
@@ -42,15 +48,93 @@
static guint16 ver_dcerpc_samr = 1;
+static const value_string winnt_errs[] = {
+ { 0xC0000001, "STATUS_UNSUCCESSFUL" },
+ { 0xC0000002, "STATUS_NOT_IMPLEMENTED" },
+ { 0xC0000003, "STATUS_INVALID_INFO_CLASS" },
+ { 0xC0000004, "STATUS_INFO_LENGTH_MISMATCH" },
+ { 0xC0000005, "STATUS_ACCESS_VIOLATION" },
+ { 0xC0000006, "STATUS_IN_PAGE_ERROR" },
+ { 0xC0000007, "STATUS_PAGEFILE_QUOTA" },
+ { 0xC0000008, "STATUS_INVALID_HANDLE" },
+ { 0xC0000009, "STATUS_BAD_INITIAL_STACK" },
+ { 0xC000000A, "STATUS_BAD_INITIAL_PC" },
+ { 0xC000000B, "STATUS_INVALID_CID" },
+ { 0xC000000C, "STATUS_TIMER_NOT_CANCELED" },
+ { 0xC000000D, "STATUS_INVALID_PARAMETER" },
+ { 0xC000000E, "STATUS_NO_SUCH_DEVICE" },
+ { 0xC000000F, "STATUS_NO_SUCH_FILE" },
+ { 0xC0000010, "STATUS_INVALID_DEVICE_REQUEST" },
+ { 0xC0000011, "STATUS_END_OF_FILE" },
+ { 0xC0000012, "STATUS_WRONG_VOLUME" },
+ { 0xC0000013, "STATUS_NO_MEDIA_IN_DEVICE" },
+ { 0xC0000014, "STATUS_UNRECOGNIZED_MEDIA" },
+ { 0xC0000015, "STATUS_NONEXISTENT_SECTOR" },
+ { 0xC0000016, "STATUS_MORE_PROCESSING_REQUIRED" },
+ { 0xC0000017, "STATUS_NO_MEMORY" },
+ { 0xC0000018, "STATUS_CONFLICTING_ADDRESSES" },
+ { 0xC0000019, "STATUS_NOT_MAPPED_VIEW" },
+ { 0xC000001A, "STATUS_UNABLE_TO_FREE_VM" },
+ { 0xC000001B, "STATUS_UNABLE_TO_DELETE_SECTION" },
+ { 0xC000001C, "STATUS_INVALID_SYSTEM_SERVICE" },
+ { 0xC000001D, "STATUS_ILLEGAL_INSTRUCTION" },
+ { 0xC000001E, "STATUS_INVALID_LOCK_SEQUENCE" },
+ { 0xC000001F, "STATUS_INVALID_VIEW_SIZE" },
+ { 0xC0000020, "STATUS_INVALID_FILE_FOR_SECTION" },
+ { 0xC0000021, "STATUS_ALREADY_COMMITTED" },
+ { 0xC0000022, "STATUS_ACCESS_DENIED" },
+ { 0xC0000023, "STATUS_BUFFER_TOO_SMALL" },
+ { 0xC0000024, "STATUS_OBJECT_TYPE_MISMATCH" },
+ /* etc, etc, etc. */
+ { 0, NULL },
+};
+
+static int
+samr_dissect_gen_open_reply (tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
+ char *drep)
+{
+ offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
+ hf_samr_hnd, NULL);
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_samr_rc, NULL);
+ return offset;
+}
+
+static int
+samr_dissect_close_hnd_rqst (tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
+ char *drep)
+{
+ offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
+ hf_samr_hnd, NULL);
+ return offset;
+}
+
+static int
+samr_dissect_open_user_rqst (tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
+ char *drep)
+{
+ offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
+ hf_samr_hnd, NULL);
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_samr_perms, NULL);
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_samr_rid, NULL);
+ return offset;
+}
+
+
static dcerpc_sub_dissector dcerpc_samr_dissectors[] = {
- { SAMR_CONNECT_ANON, "SAMR_CONNECT_ANON", NULL, NULL },
- { SAMR_CLOSE_HND, "SAMR_CLOSE_HND", NULL, NULL },
+ { SAMR_CONNECT_ANON, "SAMR_CONNECT_ANON", NULL, samr_dissect_gen_open_reply },
+ { SAMR_CLOSE_HND, "SAMR_CLOSE_HND", samr_dissect_close_hnd_rqst, samr_dissect_gen_open_reply },
{ SAMR_UNKNOWN_2, "SAMR_UNKNOWN_2", NULL, NULL },
{ SAMR_QUERY_SEC_OBJECT, "SAMR_QUERY_SEC_OBJECT", NULL, NULL },
{ SAMR_UNKNOWN_4, "SAMR_UNKNOWN_4", NULL, NULL },
{ SAMR_LOOKUP_DOMAIN, "SAMR_LOOKUP_DOMAIN", NULL, NULL },
{ SAMR_ENUM_DOMAINS, "SAMR_ENUM_DOMAINS", NULL, NULL },
- { SAMR_OPEN_DOMAIN, "SAMR_OPEN_DOMAIN", NULL, NULL },
+ { SAMR_OPEN_DOMAIN, "SAMR_OPEN_DOMAIN", NULL, samr_dissect_gen_open_reply },
{ SAMR_QUERY_DOMAIN_INFO, "SAMR_QUERY_DOMAIN_INFO", NULL, NULL },
{ SAMR_CREATE_DOM_GROUP, "SAMR_CREATE_DOM_GROUP", NULL, NULL },
{ SAMR_ENUM_DOM_GROUPS, "SAMR_ENUM_DOM_GROUPS", NULL, NULL },
@@ -60,7 +144,7 @@
{ SAMR_QUERY_USERALIASES, "SAMR_QUERY_USERALIASES", NULL, NULL },
{ SAMR_LOOKUP_NAMES, "SAMR_LOOKUP_NAMES", NULL, NULL },
{ SAMR_LOOKUP_RIDS, "SAMR_LOOKUP_RIDS", NULL, NULL },
- { SAMR_OPEN_GROUP, "SAMR_OPEN_GROUP", NULL, NULL },
+ { SAMR_OPEN_GROUP, "SAMR_OPEN_GROUP", NULL, samr_dissect_gen_open_reply },
{ SAMR_QUERY_GROUPINFO, "SAMR_QUERY_GROUPINFO", NULL, NULL },
{ SAMR_SET_GROUPINFO, "SAMR_SET_GROUPINFO", NULL, NULL },
{ SAMR_ADD_GROUPMEM, "SAMR_ADD_GROUPMEM", NULL, NULL },
@@ -68,14 +152,14 @@
{ SAMR_DEL_GROUPMEM, "SAMR_DEL_GROUPMEM", NULL, NULL },
{ SAMR_QUERY_GROUPMEM, "SAMR_QUERY_GROUPMEM", NULL, NULL },
{ SAMR_UNKNOWN_1A, "SAMR_UNKNOWN_1A", NULL, NULL },
- { SAMR_OPEN_ALIAS, "SAMR_OPEN_ALIAS", NULL, NULL },
+ { SAMR_OPEN_ALIAS, "SAMR_OPEN_ALIAS", NULL, samr_dissect_gen_open_reply },
{ SAMR_QUERY_ALIASINFO, "SAMR_QUERY_ALIASINFO", NULL, NULL },
{ SAMR_SET_ALIASINFO, "SAMR_SET_ALIASINFO", NULL, NULL },
{ SAMR_DELETE_DOM_ALIAS, "SAMR_DELETE_DOM_ALIAS", NULL, NULL },
{ SAMR_ADD_ALIASMEM, "SAMR_ADD_ALIASMEM", NULL, NULL },
{ SAMR_DEL_ALIASMEM, "SAMR_DEL_ALIASMEM", NULL, NULL },
{ SAMR_QUERY_ALIASMEM, "SAMR_QUERY_ALIASMEM", NULL, NULL },
- { SAMR_OPEN_USER, "SAMR_OPEN_USER", NULL, NULL },
+ { SAMR_OPEN_USER, "SAMR_OPEN_USER", samr_dissect_open_user_rqst, samr_dissect_gen_open_reply },
{ SAMR_DELETE_DOM_USER, "SAMR_DELETE_DOM_USER", NULL, NULL },
{ SAMR_QUERY_USERINFO, "SAMR_QUERY_USERINFO", NULL, NULL },
{ SAMR_SET_USERINFO2, "SAMR_SET_USERINFO2", NULL, NULL },
@@ -97,7 +181,7 @@
{ SAMR_UNKNOWN_36, "SAMR_UNKNOWN_36", NULL, NULL },
{ SAMR_CHGPASSWD_USER, "SAMR_CHGPASSWD_USER", NULL, NULL },
{ SAMR_GET_DOM_PWINFO, "SAMR_GET_DOM_PWINFO", NULL, NULL },
- { SAMR_CONNECT, "SAMR_CONNECT", NULL, NULL },
+ { SAMR_CONNECT, "SAMR_CONNECT", NULL, samr_dissect_gen_open_reply },
{ SAMR_SET_USERINFO, "SAMR_SET_USERINFO", NULL, NULL },
{0, NULL, NULL, NULL },
@@ -106,6 +190,16 @@
void
proto_register_dcerpc_samr(void)
{
+ static hf_register_info hf[] = {
+ { &hf_samr_hnd,
+ { "Context Handle", "samr.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { &hf_samr_perms,
+ { "Access Mask", "samr.perms", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { &hf_samr_rid,
+ { "Rid", "samr.rid", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { &hf_samr_rc,
+ { "Return code", "samr.rc", FT_UINT32, BASE_HEX, VALS (winnt_errs), 0x0, "", HFILL }},
+ };
static gint *ett[] = {
&ett_dcerpc_samr,
};
@@ -113,6 +207,7 @@
proto_dcerpc_samr = proto_register_protocol(
"Microsoft Security Account Manager", "SAMR", "samr");
+ proto_register_field_array (proto_dcerpc_samr, hf, array_length (hf));
proto_register_subtree_array(ett, array_length(ett));
}
Index: packet-dcerpc.h
===================================================================
RCS file: /cvsroot/ethereal/packet-dcerpc.h,v
retrieving revision 1.4
diff -u -r1.4 packet-dcerpc.h
--- packet-dcerpc.h 2001/11/27 09:27:29 1.4
+++ packet-dcerpc.h 2001/12/06 16:18:33
@@ -32,6 +32,11 @@
guint8 Data4[8];
} e_uuid_t;
+typedef struct _e_ctx_hnd {
+ guint32 Data1;
+ e_uuid_t uuid;
+} e_ctx_hnd;
+
typedef struct _e_dce_cn_common_hdr_t {
guint8 rpc_ver;
guint8 rpc_ver_minor;
@@ -117,6 +122,9 @@
int dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, char *drep,
int hfindex, e_uuid_t *pdata);
+int dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, e_ctx_hnd *pdata);
typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep);
- Follow-Ups:
- Re: [Ethereal-dev] samr, epm, and ndr updates
- From: Guy Harris
- Re: [Ethereal-dev] samr, epm, and ndr updates
- From: Guy Harris
- Re: [Ethereal-dev] samr, epm, and ndr updates
- Prev by Date: Re: [Ethereal-dev] SPOOLSS, msrpc dissection, please comment
- Next by Date: Re: [Ethereal-dev] SPOOLSS, msrpc dissection, please comment
- Previous by thread: Re: [Ethereal-dev] SPOOLSS, msrpc dissection, please comment
- Next by thread: Re: [Ethereal-dev] samr, epm, and ndr updates
- Index(es):