1 /* packet-dcerpc-rs_pgo.c
2 *
3 * Routines for dcerpc Afs4Int dissection
4 * Copyright 2002, Jaime Fournier <Jaime.Fournier@hush.com>
5 * This information is based off the released idl files from opengroup.
6 * ftp://ftp.opengroup.org/pub/dce122/dce/src/security.tar.gz security/idl/rs_pgo.idl
7 *
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
11 *
12 * SPDX-License-Identifier: GPL-2.0-or-later
13 */
14
15 #include "config.h"
16
17
18 #include <epan/packet.h>
19 #include "packet-dcerpc.h"
20 #include "packet-dcerpc-dce122.h"
21
22 void proto_register_rs_pgo (void);
23 void proto_reg_handoff_rs_pgo (void);
24
25 /*
26 delete
27 dissect_rgy_acct_user_flags_t
28 */
29
30 static int proto_rs_pgo = -1;
31 static int hf_rs_pgo_opnum = -1;
32 static int hf_rs_var1 = -1;
33 static int hf_rs_pgo_query_result_t = -1;
34 static int hf_rs_pgo_query_t = -1;
35 static int hf_rs_pgo_query_key_t = -1;
36 static int hf_error_status_t = -1;
37 static int hf_sec_rgy_pgo_flags_t = -1;
38 static int hf_rs_sec_rgy_pgo_item_t_quota = -1;
39 static int hf_rs_sec_rgy_pgo_item_t_unix_num = -1;
40 static int hf_rs_timeval = -1;
41 static int hf_rs_uuid1 = -1;
42 static int hf_sec_rgy_domain_t = -1;
43 static int hf_sec_rgy_name_t_principalName_string = -1;
44 static int hf_sec_rgy_name_t_size = -1;
45 static int hf_sec_rgy_pname_t_principalName_string = -1;
46 static int hf_sec_rgy_pname_t_size = -1;
47 static int hf_rs_pgo_unix_num_key_t = -1;
48
49 static gint ett_rs_cache_data_t = -1;
50 static gint ett_sec_rgy_domain_t = -1;
51 static gint ett_rgy_acct_user_flags_t = -1;
52 static gint ett_sec_attr_component_name_t = -1;
53 static gint ett_sec_passwd_type_t = -1;
54 static gint ett_sec_rgy_acct_admin_flags_t = -1;
55 static gint ett_sec_rgy_acct_admin_t = -1;
56 static gint ett_sec_rgy_acct_auth_flags_t = -1;
57 static gint ett_sec_rgy_acct_key_t = -1;
58 static gint ett_sec_rgy_acct_user_t = -1;
59 static gint ett_sec_rgy_cursor_t = -1;
60 static gint ett_sec_rgy_foreign_id_t = -1;
61 static gint ett_sec_rgy_login_name_t = -1;
62 static gint ett_sec_rgy_name_t = -1;
63 static gint ett_sec_rgy_pgo_item_t = -1;
64 static gint ett_sec_rgy_pname_t = -1;
65 static gint ett_sec_rgy_sid_t = -1;
66 static gint ett_sec_rgy_unix_passwd_buf_t = -1;
67 static gint ett_sec_rgy_unix_sid_t = -1;
68 static gint ett_sec_timeval_sec_t = -1;
69 static gint ett_sec_rgy_pgo_flags_t = -1;
70 static gint ett_error_status_t = -1;
71 static gint ett_rs_pgo_query_t = -1;
72 static gint ett_rs_pgo_query_key_t = -1;
73 static gint ett_rs_pgo_id_key_t = -1;
74 static gint ett_rs_pgo_unix_num_key_t = -1;
75 static gint ett_rs_pgo_query_result_t = -1;
76 static gint ett_rs_pgo_result_t = -1;
77
78
79 #define sec_rgy_acct_admin_valid 0x01
80 #define sec_rgy_acct_admin_audit 0x02
81 #define sec_rgy_acct_admin_server 0x04
82 #define sec_rgy_acct_admin_client 0x08
83 #define sec_rgy_acct_admin_flags_none 0x00
84 #define sec_rgy_acct_auth_post_dated 0x01
85 #define sec_rgy_acct_auth_forwardable 0x02
86 #define sec_rgy_acct_auth_tgt 0x04
87 #define sec_rgy_acct_auth_renewable 0x08
88 #define sec_rgy_acct_auth_proxiable 0x10
89 #define sec_rgy_acct_auth_dup_skey 0x20
90 #define sec_rgy_acct_auth_user_to_user 0x40
91 #define sec_rgy_acct_auth_flags_none 0x00
92 #define sec_rgy_acct_user_passwd_valid 0x01
93 #define sec_rgy_acct_user_flags_none 0x00
94 #define rs_acct_part_user 0x01
95 #define rs_acct_part_admin 0x02
96 #define rs_acct_part_passwd 0x04
97 #define rs_acct_part_unused 0x08
98 #define rs_acct_part_login_name 0x10
99 #define sec_rgy_pgo_is_an_alias 0x01
100 #define sec_rgy_pgo_is_required 0x02
101 #define sec_rgy_pgo_projlist_ok 0x04
102 #define sec_rgy_pgo_flags_none 0x00
103 #define sec_rgy_acct_user_passwd_valid 0x01
104 #define sec_rgy_acct_user_flags_none 0x00
105
106 static gint ett_rs_pgo = -1;
107
108 static e_guid_t uuid_rs_pgo =
109 { 0x4c878280, 0x3000, 0x0000, {0x0d, 0x00, 0x02, 0x87, 0x14, 0x00, 0x00,
110 0x00}
111 };
112 static guint16 ver_rs_pgo = 1;
113
114
115 static int
dissect_error_status_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)116 dissect_error_status_t (tvbuff_t * tvb, int offset,
117 packet_info * pinfo, proto_tree * parent_tree,
118 dcerpc_info *di, guint8 * drep)
119 {
120 proto_item *item;
121 proto_tree *tree;
122 int old_offset = offset;
123 guint32 st;
124 const char *st_str;
125
126 if (di->conformant_run)
127 {
128 return offset;
129 }
130
131 tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_error_status_t, &item, "error_status_t");
132
133 offset =
134 dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_error_status_t,
135 &st);
136 st_str = val_to_str_ext (st, &dce_error_vals_ext, "%u");
137
138 col_append_fstr (pinfo->cinfo, COL_INFO, " st:%s ", st_str);
139
140 proto_item_set_len (item, offset - old_offset);
141 return offset;
142 }
143
144
145 static int
dissect_sec_rgy_pname_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)146 dissect_sec_rgy_pname_t (tvbuff_t * tvb, int offset,
147 packet_info * pinfo, proto_tree * parent_tree,
148 dcerpc_info *di, guint8 * drep)
149 {
150
151
152 proto_item *item;
153 proto_tree *tree;
154 int old_offset = offset;
155 const guint8 *principal;
156 #define sec_rgy_pname_t_size 257
157 /*
158 dissect sec_rgy_pname const signed32 sec_rgy_pname_t_size = 257; * Include final '\0' *
159 typedef [string] char sec_rgy_pname_t[sec_rgy_pname_t_size];
160 */
161 guint32 string_size;
162
163 if (di->conformant_run)
164 {
165 return offset;
166 }
167
168
169 tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_sec_rgy_pname_t, &item, "sec_rgy_pname_t");
170
171 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
172 hf_sec_rgy_pname_t_size, &string_size);
173 col_append_fstr (pinfo->cinfo, COL_INFO, " String_size:%u", string_size);
174 if (string_size < sec_rgy_pname_t_size)
175 {
176 /* proto_tree_add_string(tree, id, tvb, start, length, value_ptr); */
177
178 proto_tree_add_item_ret_string(tree, hf_sec_rgy_pname_t_principalName_string,
179 tvb, offset, string_size, ENC_ASCII|ENC_NA, pinfo->pool, &principal);
180 if (string_size > 1)
181 {
182 col_append_fstr (pinfo->cinfo, COL_INFO, " Principal:%s", principal);
183 }
184 offset += string_size;
185 }
186 else
187 {
188 col_append_fstr (pinfo->cinfo, COL_INFO,
189 " :FIXME!: Invalid string length of %u",
190 string_size);
191 }
192
193 proto_item_set_len (item, offset - old_offset);
194 return offset;
195 }
196
197 static int
dissect_sec_rgy_pgo_flags_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)198 dissect_sec_rgy_pgo_flags_t (tvbuff_t * tvb, int offset,
199 packet_info * pinfo, proto_tree * parent_tree,
200 dcerpc_info *di, guint8 * drep)
201 {
202
203 /*
204
205 */
206
207 proto_item *item = NULL;
208 proto_tree *tree = NULL;
209 int old_offset = offset;
210 guint32 flags;
211
212 /*
213 typedef bitset sec_rgy_pgo_flags_t;
214 */
215
216 if (di->conformant_run)
217 {
218 return offset;
219 }
220
221
222 if (parent_tree)
223 {
224 tree =
225 proto_tree_add_subtree(parent_tree, tvb, offset, -1,
226 ett_sec_rgy_pgo_flags_t, &item, "sec_rgy_pgo_flags_t ");
227 }
228
229 offset =
230 dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
231 hf_sec_rgy_pgo_flags_t, &flags);
232
233 /*
234 *
235 * s e c _ r g y _ p g o _ f l a g s _ t
236 *
237
238 * pgo item is an alias *
239 const unsigned32 sec_rgy_pgo_is_an_alias = 0x1;
240
241 * pgo item is required - cannot be deleted *
242 const unsigned32 sec_rgy_pgo_is_required = 0x2;
243
244 *
245 * projlist_ok: on person items indicates person can have a concurrent
246 * group set on group items indicates this group can appear on a
247 * concurrent group set. On org items this flag is undefined.
248 *
249 const unsigned32 sec_rgy_pgo_projlist_ok = 0x4;
250
251 *
252 * bits 4-32 unused
253 *
254 const unsigned32 sec_rgy_pgo_flags_none = 0;
255 */
256 #define sec_rgy_pgo_is_an_alias 0x01
257 #define sec_rgy_pgo_is_required 0x02
258 #define sec_rgy_pgo_projlist_ok 0x04
259 #define sec_rgy_pgo_flags_none 0x00
260
261
262 col_append_str (pinfo->cinfo, COL_INFO, " PgoFlags=");
263 if ((flags & sec_rgy_pgo_is_an_alias) == sec_rgy_pgo_is_an_alias)
264 {
265 col_append_str (pinfo->cinfo, COL_INFO, ":IS_AN_ALIAS");
266 }
267 if ((flags & sec_rgy_pgo_is_required) == sec_rgy_pgo_is_required)
268 {
269 col_append_str (pinfo->cinfo, COL_INFO, ":IS_REQUIRED");
270 }
271 if ((flags & sec_rgy_pgo_projlist_ok) == sec_rgy_pgo_projlist_ok)
272 {
273 col_append_str (pinfo->cinfo, COL_INFO, ":PROJLIST_OK");
274 }
275 if ((flags & sec_rgy_acct_admin_client) == sec_rgy_acct_admin_client)
276 {
277 col_append_str (pinfo->cinfo, COL_INFO, ":NONE");
278 }
279 if ((flags & sec_rgy_pgo_flags_none) == sec_rgy_pgo_flags_none)
280 {
281 col_append_str (pinfo->cinfo, COL_INFO, ":NONE");
282 }
283
284 proto_item_set_len (item, offset - old_offset);
285 return offset;
286 }
287
288
289
290
291 static int
dissect_rs_cache_data_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)292 dissect_rs_cache_data_t (tvbuff_t * tvb, int offset,
293 packet_info * pinfo, proto_tree * parent_tree,
294 dcerpc_info *di, guint8 * drep)
295 {
296
297 /*
298 typedef struct {
299 uuid_t site_id;
300 sec_timeval_sec_t person_dtm;
301 sec_timeval_sec_t group_dtm;
302 sec_timeval_sec_t org_dtm;
303 } rs_cache_data_t;
304 */
305
306
307 proto_item *item = NULL;
308 proto_tree *tree = NULL;
309 int old_offset = offset;
310 guint32 person_dtm, group_dtm, org_dtm;
311 e_guid_t uuid1;
312
313
314 if (di->conformant_run)
315 {
316 return offset;
317 }
318
319
320 if (parent_tree)
321 {
322 tree =
323 proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_rs_cache_data_t, &item, "rs_cache_data_t");
324 }
325
326
327 offset =
328 dissect_ndr_uuid_t(tvb, offset, pinfo, tree, di, drep, hf_rs_uuid1, &uuid1);
329 offset =
330 dissect_dcerpc_time_t (tvb, offset, pinfo, tree, drep, hf_rs_timeval,
331 &person_dtm);
332 offset =
333 dissect_dcerpc_time_t (tvb, offset, pinfo, tree, drep, hf_rs_timeval,
334 &group_dtm);
335 offset =
336 dissect_dcerpc_time_t (tvb, offset, pinfo, tree, drep, hf_rs_timeval,
337 &org_dtm);
338
339 col_append_fstr (pinfo->cinfo, COL_INFO,
340 " siteid %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x person_dtm:%u group_dtm:%u org_dtm:%u",
341 uuid1.data1, uuid1.data2, uuid1.data3, uuid1.data4[0],
342 uuid1.data4[1], uuid1.data4[2], uuid1.data4[3],
343 uuid1.data4[4], uuid1.data4[5], uuid1.data4[6],
344 uuid1.data4[7], person_dtm, group_dtm, org_dtm);
345
346 proto_item_set_len (item, offset - old_offset);
347 return offset;
348 }
349
350
351
352 static int
dissect_sec_rgy_name_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)353 dissect_sec_rgy_name_t (tvbuff_t * tvb, int offset,
354 packet_info * pinfo, proto_tree * parent_tree,
355 dcerpc_info *di, guint8 * drep)
356 {
357
358
359 proto_item *item;
360 proto_tree *tree;
361 int old_offset = offset;
362 const guint8 *principal;
363 #define sec_rgy_name_t_size 1025
364 /* typedef [string] char sec_rgy_name_t[sec_rgy_name_t_size]; */
365 guint32 string_size;
366
367 if (di->conformant_run)
368 {
369 return offset;
370 }
371
372
373 tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_sec_rgy_name_t, &item, "sec_rgy_name_t");
374
375 offset =
376 dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
377 hf_sec_rgy_name_t_size, &string_size);
378 col_append_fstr (pinfo->cinfo, COL_INFO, " String_size:%u", string_size);
379 if (string_size < sec_rgy_name_t_size)
380 {
381 /* proto_tree_add_string(tree, id, tvb, start, length, value_ptr); */
382
383 proto_tree_add_item_ret_string(tree, hf_sec_rgy_name_t_principalName_string,
384 tvb, offset, string_size, ENC_ASCII|ENC_NA, pinfo->pool, &principal);
385 if (string_size > 1)
386 {
387 col_append_fstr (pinfo->cinfo, COL_INFO, " Principal:%s", principal);
388 }
389 offset += string_size;
390 }
391 else
392 {
393 col_append_fstr (pinfo->cinfo, COL_INFO,
394 " :FIXME!: Invalid string length of %u",
395 string_size);
396 }
397
398 proto_item_set_len (item, offset - old_offset);
399 return offset;
400 }
401
402
403 static int
dissect_sec_rgy_domain_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)404 dissect_sec_rgy_domain_t (tvbuff_t * tvb, int offset,
405 packet_info * pinfo, proto_tree * parent_tree,
406 dcerpc_info *di, guint8 * drep)
407 {
408
409 /*
410 typedef signed32 sec_rgy_domain_t;
411 */
412
413 proto_item *item = NULL;
414 proto_tree *tree = NULL;
415 int old_offset = offset;
416 guint32 domain_t;
417
418 if (di->conformant_run)
419 {
420 return offset;
421 }
422
423
424 if (parent_tree)
425 {
426 tree =
427 proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_sec_rgy_domain_t, &item, "sec_rgy_domain_t");
428 }
429
430
431 offset =
432 dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_sec_rgy_domain_t,
433 &domain_t);
434
435 col_append_fstr (pinfo->cinfo, COL_INFO, " sec_rgy_domain_t:%u",
436 domain_t);
437
438
439 proto_item_set_len (item, offset - old_offset);
440 return offset;
441 }
442
443 static int
dissect_sec_rgy_pgo_item_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)444 dissect_sec_rgy_pgo_item_t (tvbuff_t * tvb, int offset,
445 packet_info * pinfo, proto_tree * parent_tree,
446 dcerpc_info *di, guint8 * drep)
447 {
448
449 /*
450 typedef struct {
451 uuid_t id;
452 signed32 unix_num;
453 signed32 quota;
454 sec_rgy_pgo_flags_t flags;
455 sec_rgy_pname_t fullname;
456 } sec_rgy_pgo_item_t;
457
458 */
459
460 proto_item *item = NULL;
461 proto_tree *tree = NULL;
462 int old_offset = offset;
463 e_guid_t id;
464 guint32 unix_num, quota;
465
466 if (di->conformant_run)
467 {
468 return offset;
469 }
470
471
472 if (parent_tree)
473 {
474 tree =
475 proto_tree_add_subtree(parent_tree, tvb, offset, -1,
476 ett_sec_rgy_pgo_item_t, &item, " sec_rgy_pgo_item_t ");
477 }
478
479 offset =
480 dissect_ndr_uuid_t(tvb, offset, pinfo, tree, di, drep, hf_rs_uuid1, &id);
481 offset =
482 dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
483 hf_rs_sec_rgy_pgo_item_t_unix_num, &unix_num);
484 offset =
485 dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
486 hf_rs_sec_rgy_pgo_item_t_quota, "a);
487 offset = dissect_sec_rgy_pgo_flags_t (tvb, offset, pinfo, tree, di, drep);
488 offset += 4; /* XXX */
489 offset = dissect_sec_rgy_pname_t (tvb, offset, pinfo, tree, di, drep);
490
491 col_append_fstr (pinfo->cinfo, COL_INFO,
492 " sec_rgy_pgo_item_t - id %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x unix_num:%u quota:%u",
493 id.data1, id.data2, id.data3, id.data4[0],
494 id.data4[1], id.data4[2], id.data4[3],
495 id.data4[4], id.data4[5], id.data4[6],
496 id.data4[7], unix_num, quota);
497
498 proto_item_set_len (item, offset - old_offset);
499 return offset;
500 }
501
502
503 static int
dissect_sec_rgy_cursor_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)504 dissect_sec_rgy_cursor_t (tvbuff_t * tvb, int offset,
505 packet_info * pinfo, proto_tree * parent_tree,
506 dcerpc_info *di, guint8 * drep)
507 {
508
509 /*
510 * Database cursor for iterative operations
511 *
512 typedef struct {
513 uuid_t source;
514 signed32 handle;
515 boolean32 valid;
516 } sec_rgy_cursor_t;
517
518
519 */
520
521 proto_item *item = NULL;
522 proto_tree *tree = NULL;
523 int old_offset = offset;
524 e_guid_t source;
525 guint32 handle, valid;
526
527 if (di->conformant_run)
528 {
529 return offset;
530 }
531
532
533 if (parent_tree)
534 {
535 tree =
536 proto_tree_add_subtree(parent_tree, tvb, offset, -1,
537 ett_sec_rgy_cursor_t, &item, " sec_rgy_cursor_t ");
538 }
539
540 offset =
541 dissect_ndr_uuid_t(tvb, offset, pinfo, tree, di, drep, hf_rs_uuid1, &source);
542 offset =
543 dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
544 hf_rs_sec_rgy_pgo_item_t_unix_num, &handle);
545 offset =
546 dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
547 hf_rs_sec_rgy_pgo_item_t_quota, &valid);
548
549 col_append_fstr (pinfo->cinfo, COL_INFO,
550 " sec_rgy_cursor_t - source %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x handle:%u valid:%u",
551 source.data1, source.data2, source.data3,
552 source.data4[0], source.data4[1], source.data4[2],
553 source.data4[3], source.data4[4], source.data4[5],
554 source.data4[6], source.data4[7], handle, valid);
555
556 proto_item_set_len (item, offset - old_offset);
557 return offset;
558 }
559
560 static int
dissect_rs_pgo_query_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)561 dissect_rs_pgo_query_t (tvbuff_t * tvb, int offset,
562 packet_info * pinfo, proto_tree * parent_tree,
563 dcerpc_info *di, guint8 * drep)
564 {
565
566 enum
567 {
568 rs_pgo_query_name,
569 rs_pgo_query_id,
570 rs_pgo_query_unix_num,
571 rs_pgo_query_next,
572 rs_pgo_query_none
573 };
574
575
576 proto_item *item = NULL;
577 proto_tree *tree = NULL;
578 int old_offset = offset;
579 guint8 query_t;
580
581 if (di->conformant_run)
582 {
583 return offset;
584 }
585
586
587 if (parent_tree)
588 {
589 tree =
590 proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_rs_pgo_query_t, &item, "rs_pgo_query_t ");
591 }
592 offset =
593 dissect_ndr_uint8 (tvb, offset, pinfo, tree, di, drep, hf_rs_pgo_query_t,
594 &query_t);
595 col_append_str (pinfo->cinfo, COL_INFO, " rs_pgo_query_t:");
596
597 switch (query_t)
598 {
599 case rs_pgo_query_name:
600 col_append_str (pinfo->cinfo, COL_INFO, "NAME");
601 break;
602 case rs_pgo_query_id:
603 col_append_str (pinfo->cinfo, COL_INFO, "ID");
604 break;
605 case rs_pgo_query_unix_num:
606 col_append_str (pinfo->cinfo, COL_INFO, "UNIX_NUM");
607 break;
608 case rs_pgo_query_next:
609 col_append_str (pinfo->cinfo, COL_INFO, "NEXT");
610 break;
611 case rs_pgo_query_none:
612 col_append_str (pinfo->cinfo, COL_INFO, "NONE");
613 break;
614 default:
615 col_append_fstr (pinfo->cinfo, COL_INFO, " unknown:%u", query_t);
616 break;
617 ;
618 }
619
620
621 proto_item_set_len (item, offset - old_offset);
622 return offset;
623 }
624 static int
dissect_rs_pgo_id_key_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)625 dissect_rs_pgo_id_key_t (tvbuff_t * tvb, int offset,
626 packet_info * pinfo, proto_tree * parent_tree,
627 dcerpc_info *di, guint8 * drep)
628 {
629
630 /*
631 typedef struct {
632 uuid_t id;
633 sec_rgy_name_t scope;
634 } rs_pgo_id_key_t;
635
636 */
637
638 proto_item *item = NULL;
639 proto_tree *tree = NULL;
640 int old_offset = offset;
641 e_guid_t id;
642
643 if (di->conformant_run)
644 {
645 return offset;
646 }
647
648
649 if (parent_tree)
650 {
651 tree =
652 proto_tree_add_subtree(parent_tree, tvb, offset, -1,
653 ett_rs_pgo_id_key_t, &item, "rs_pgo_id_key_t ");
654 }
655
656 offset =
657 dissect_ndr_uuid_t(tvb, offset, pinfo, tree, di, drep, hf_rs_uuid1, &id);
658 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
659
660 col_append_fstr (pinfo->cinfo, COL_INFO,
661 " rs_pgo_id_key_t - id %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
662 id.data1, id.data2, id.data3, id.data4[0],
663 id.data4[1], id.data4[2], id.data4[3],
664 id.data4[4], id.data4[5], id.data4[6], id.data4[7]);
665
666 proto_item_set_len (item, offset - old_offset);
667 return offset;
668 }
669
670
671 static int
dissect_rs_pgo_result_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)672 dissect_rs_pgo_result_t (tvbuff_t * tvb, int offset,
673 packet_info * pinfo, proto_tree * parent_tree,
674 dcerpc_info *di, guint8 * drep)
675 {
676
677 /*
678 typedef struct {
679 sec_rgy_name_t name;
680 sec_rgy_pgo_item_t item;
681 } rs_pgo_result_t;
682
683
684 */
685
686 proto_item *item = NULL;
687 proto_tree *tree = NULL;
688 int old_offset = offset;
689
690 if (di->conformant_run)
691 {
692 return offset;
693 }
694
695 if (parent_tree)
696 {
697 tree =
698 proto_tree_add_subtree(parent_tree, tvb, offset, -1,
699 ett_rs_pgo_result_t, &item, "rs_pgo_result_t ");
700 }
701
702 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
703 offset = dissect_sec_rgy_pgo_item_t (tvb, offset, pinfo, tree, di, drep);
704
705 proto_item_set_len (item, offset - old_offset);
706 return offset;
707 }
708
709
710
711 static int
dissect_rs_pgo_unix_num_key_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)712 dissect_rs_pgo_unix_num_key_t (tvbuff_t * tvb, int offset,
713 packet_info * pinfo, proto_tree * parent_tree,
714 dcerpc_info *di, guint8 * drep)
715 {
716
717 /*
718 typedef struct {
719 signed32 unix_num;
720 sec_rgy_name_t scope;
721 } rs_pgo_unix_num_key_t;
722
723
724 r
725
726 */
727
728 proto_item *item = NULL;
729 proto_tree *tree = NULL;
730 int old_offset = offset;
731 guint32 rs_pgo_unix_num_key_t;
732
733 if (di->conformant_run)
734 {
735 return offset;
736 }
737
738
739 if (parent_tree)
740 {
741 tree =
742 proto_tree_add_subtree(parent_tree, tvb, offset, -1,
743 ett_rs_pgo_unix_num_key_t, &item, " rs_pgo_unix_num_key_t ");
744 }
745
746 offset =
747 dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
748 hf_rs_pgo_unix_num_key_t, &rs_pgo_unix_num_key_t);
749 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
750
751 col_append_fstr (pinfo->cinfo, COL_INFO,
752 " rs_pgo_unix_num_key_t:%u", rs_pgo_unix_num_key_t);
753
754 proto_item_set_len (item, offset - old_offset);
755 return offset;
756 }
757
758
759 static int
dissect_rs_pgo_query_key_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)760 dissect_rs_pgo_query_key_t (tvbuff_t * tvb, int offset,
761 packet_info * pinfo, proto_tree * parent_tree,
762 dcerpc_info *di, guint8 * drep)
763 {
764
765 enum
766 {
767 rs_pgo_query_name,
768 rs_pgo_query_id,
769 rs_pgo_query_unix_num,
770 rs_pgo_query_next,
771 rs_pgo_query_none
772 };
773 /*
774 typedef union switch (rs_pgo_query_t query) tagged_union {
775 case rs_pgo_query_name:
776 sec_rgy_name_t name;
777
778 case rs_pgo_query_id:
779 rs_pgo_id_key_t id_key;
780
781 case rs_pgo_query_unix_num:
782 rs_pgo_unix_num_key_t unix_num_key;
783
784 case rs_pgo_query_next:
785 sec_rgy_name_t scope;
786
787 default:
788 ; * empty branch of union *
789
790 } rs_pgo_query_key_t;
791 */
792
793
794 proto_item *item = NULL;
795 proto_tree *tree = NULL;
796 int old_offset = offset;
797 guint16 query_t;
798
799 if (di->conformant_run)
800 {
801 return offset;
802 }
803
804
805 if (parent_tree)
806 {
807 tree =
808 proto_tree_add_subtree(parent_tree, tvb, offset, -1,
809 ett_rs_pgo_query_key_t, &item, "rs_pgo_query_key_t ");
810 }
811 offset =
812 dissect_ndr_uint16 (tvb, offset, pinfo, tree, di, drep, hf_rs_pgo_query_key_t,
813 &query_t);
814 col_append_str (pinfo->cinfo, COL_INFO, " rs_pgo_query_key_t:");
815 offset += 4;
816 switch (query_t)
817 {
818 case rs_pgo_query_name:
819 col_append_str (pinfo->cinfo, COL_INFO, "NAME");
820 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
821 break;
822 case rs_pgo_query_id:
823 col_append_str (pinfo->cinfo, COL_INFO, "ID");
824 offset = dissect_rs_pgo_id_key_t (tvb, offset, pinfo, tree, di, drep);
825 break;
826 case rs_pgo_query_unix_num:
827 col_append_str (pinfo->cinfo, COL_INFO, "UNIX_NUM");
828 offset = dissect_rs_pgo_unix_num_key_t (tvb, offset, pinfo, tree, di, drep);
829 break;
830 case rs_pgo_query_next:
831 col_append_str (pinfo->cinfo, COL_INFO, "NEXT");
832 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
833 break;
834 case rs_pgo_query_none:
835 col_append_str (pinfo->cinfo, COL_INFO, "NONE");
836 break;
837
838 default:
839 col_append_fstr (pinfo->cinfo, COL_INFO, " unknown:%u", query_t);
840 break;
841 }
842
843 proto_item_set_len (item, offset - old_offset);
844 return offset;
845 }
846
847
848 static int
dissect_rs_pgo_query_result_t(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * parent_tree,dcerpc_info * di,guint8 * drep)849 dissect_rs_pgo_query_result_t (tvbuff_t * tvb, int offset,
850 packet_info * pinfo, proto_tree * parent_tree,
851 dcerpc_info *di, guint8 * drep)
852 {
853 proto_item *item = NULL;
854 proto_tree *tree = NULL;
855 int old_offset = offset;
856 guint32 st;
857 const char *status;
858 #define error_status_ok 0
859
860 /*
861 typedef union switch (signed32 status) tagged_union {
862 case error_status_ok:
863 rs_pgo_result_t result;
864
865 default:
866 ; * empty branch of union *
867
868 } rs_pgo_query_result_t;
869 */
870
871 if (di->conformant_run)
872 {
873 return offset;
874 }
875
876 if (parent_tree)
877 {
878 tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1,
879 ett_rs_pgo_query_result_t, &item, "rs_pgo_query_result_t");
880 }
881
882 offset =
883 dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
884 hf_rs_pgo_query_result_t, &st);
885 status = val_to_str_ext (st, &dce_error_vals_ext, "%u");
886
887 col_append_fstr (pinfo->cinfo, COL_INFO, " status:%s ", status);
888
889 offset += 4; /* XXX */
890
891 switch (st)
892 {
893 case error_status_ok:
894 offset = dissect_rs_pgo_result_t (tvb, offset, pinfo, tree, di, drep);
895 break;
896 default:
897 ;
898
899 }
900
901 proto_item_set_len (item, offset - old_offset);
902 return offset;
903 }
904
905
906
907 static int
rs_pgo_dissect_add_rqst(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)908 rs_pgo_dissect_add_rqst (tvbuff_t * tvb, int offset,
909 packet_info * pinfo, proto_tree * tree,
910 dcerpc_info *di, guint8 * drep)
911 {
912 if (di->conformant_run)
913 {
914 return offset;
915 }
916
917 /*
918 [in] sec_rgy_domain_t name_domain,
919 [in] sec_rgy_name_t pgo_name,
920 [in] sec_rgy_pgo_item_t *pgo_item,
921 */
922
923 offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
924 offset += 4;
925 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
926 offset =
927 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
928 dissect_sec_rgy_pgo_item_t, NDR_POINTER_REF,
929 "sec_rgy_pgo_item_t: ", -1);
930
931 return offset;
932 }
933 static int
rs_pgo_dissect_add_resp(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)934 rs_pgo_dissect_add_resp (tvbuff_t * tvb, int offset,
935 packet_info * pinfo, proto_tree * tree,
936 dcerpc_info *di, guint8 * drep)
937 {
938 gint buff_remain;
939
940 if (di->conformant_run)
941 {
942 return offset;
943 }
944
945 /*
946 [out] rs_cache_data_t *cache_info,
947 [out] error_status_t *status
948 */
949
950 buff_remain = tvb_captured_length_remaining(tvb, offset);
951
952 /* found several add_member responses that had 8 bytes of data. first was 4 0's and last was 3 zeros and a 1 */
953 if (buff_remain > 8) {
954 offset =
955 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
956 dissect_rs_cache_data_t, NDR_POINTER_REF,
957 "cache_info: ", -1);
958 }
959 offset =
960 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
961 dissect_error_status_t, NDR_POINTER_REF, "status: ",
962 -1);
963 return offset;
964 }
965
966 static int
rs_pgo_dissect_delete_rqst(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)967 rs_pgo_dissect_delete_rqst (tvbuff_t * tvb, int offset,
968 packet_info * pinfo, proto_tree * tree,
969 dcerpc_info *di, guint8 * drep)
970 {
971 if (di->conformant_run)
972 {
973 return offset;
974 }
975
976 /*
977 [in] sec_rgy_domain_t name_domain,
978 [in] sec_rgy_name_t pgo_name,
979 */
980 offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
981 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
982
983 return offset;
984 }
985
986 static int
rs_pgo_dissect_delete_resp(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)987 rs_pgo_dissect_delete_resp (tvbuff_t * tvb, int offset,
988 packet_info * pinfo, proto_tree * tree,
989 dcerpc_info *di, guint8 * drep)
990 {
991 gint buff_remain;
992
993 if (di->conformant_run)
994 {
995 return offset;
996 }
997
998 /*
999 [out] rs_cache_data_t *cache_info,
1000 [out] error_status_t *status
1001 */
1002 buff_remain = tvb_captured_length_remaining(tvb, offset);
1003
1004 /* found several add_member responses that had 8 bytes of data. first was 4 0's and last was 3 zeros and a 1 */
1005
1006 if (buff_remain > 8) {
1007 offset =
1008 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1009 dissect_rs_cache_data_t, NDR_POINTER_REF,
1010 "cache_info:", -1);
1011 }
1012
1013 offset =
1014 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1015 dissect_error_status_t, NDR_POINTER_REF, "status:",
1016 -1);
1017
1018 return offset;
1019 }
1020
1021 static int
rs_pgo_dissect_replace_rqst(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1022 rs_pgo_dissect_replace_rqst (tvbuff_t * tvb, int offset,
1023 packet_info * pinfo, proto_tree * tree,
1024 dcerpc_info *di, guint8 * drep)
1025 {
1026 if (di->conformant_run)
1027 {
1028 return offset;
1029 }
1030
1031 /*
1032 [in] sec_rgy_domain_t name_domain,
1033 [in] sec_rgy_name_t pgo_name,
1034 [in] sec_rgy_pgo_item_t *pgo_item,
1035 */
1036 offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
1037 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
1038 offset =
1039 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1040 dissect_sec_rgy_pgo_item_t, NDR_POINTER_REF,
1041 "pgo_item:", -1);
1042
1043 return offset;
1044 }
1045
1046 static int
rs_pgo_dissect_replace_resp(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1047 rs_pgo_dissect_replace_resp (tvbuff_t * tvb, int offset,
1048 packet_info * pinfo, proto_tree * tree,
1049 dcerpc_info *di, guint8 * drep)
1050 {
1051 if (di->conformant_run)
1052 {
1053 return offset;
1054 }
1055
1056 /*
1057 [out] rs_cache_data_t *cache_info,
1058 [out] error_status_t *status
1059
1060 */
1061
1062 offset =
1063 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1064 dissect_rs_cache_data_t, NDR_POINTER_REF,
1065 "cache_info:", -1);
1066 offset =
1067 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1068 dissect_error_status_t, NDR_POINTER_REF, "status:",
1069 -1);
1070
1071 return offset;
1072 }
1073
1074
1075 static int
rs_pgo_dissect_add_member_rqst(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1076 rs_pgo_dissect_add_member_rqst (tvbuff_t * tvb, int offset,
1077 packet_info * pinfo, proto_tree * tree,
1078 dcerpc_info *di, guint8 * drep)
1079 {
1080 if (di->conformant_run)
1081 {
1082 return offset;
1083 }
1084
1085
1086
1087 /*
1088 [in] sec_rgy_domain_t name_domain,
1089 [in] sec_rgy_name_t go_name,
1090 [in] sec_rgy_name_t person_name,
1091 */
1092
1093 offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
1094 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
1095 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
1096
1097
1098 return offset;
1099
1100 }
1101 static int
rs_pgo_dissect_rename_rqst(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1102 rs_pgo_dissect_rename_rqst (tvbuff_t * tvb, int offset,
1103 packet_info * pinfo, proto_tree * tree,
1104 dcerpc_info *di, guint8 * drep)
1105 {
1106 if (di->conformant_run)
1107 {
1108 return offset;
1109 }
1110
1111 /*
1112 [in] sec_rgy_domain_t name_domain,
1113 [in] sec_rgy_name_t old_name,
1114 [in] sec_rgy_name_t new_name,
1115 */
1116 offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
1117 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
1118 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
1119
1120
1121 return offset;
1122 }
1123
1124 static int
rs_pgo_dissect_rename_resp(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1125 rs_pgo_dissect_rename_resp (tvbuff_t * tvb, int offset,
1126 packet_info * pinfo, proto_tree * tree,
1127 dcerpc_info *di, guint8 * drep)
1128 {
1129 if (di->conformant_run)
1130 {
1131 return offset;
1132 }
1133
1134 /*
1135 [out] rs_cache_data_t *cache_info,
1136 [out] error_status_t *status
1137 */
1138 offset =
1139 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1140 dissect_rs_cache_data_t, NDR_POINTER_REF,
1141 "cache_info:", -1);
1142 offset =
1143 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1144 dissect_error_status_t, NDR_POINTER_REF, "status:",
1145 -1);
1146
1147 return offset;
1148 }
1149
1150
1151 static int
rs_pgo_dissect_add_member_resp(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1152 rs_pgo_dissect_add_member_resp (tvbuff_t * tvb, int offset,
1153 packet_info * pinfo, proto_tree * tree,
1154 dcerpc_info *di, guint8 * drep)
1155 {
1156 gint buff_remain;
1157
1158 if (di->conformant_run)
1159 {
1160 return offset;
1161 }
1162
1163 /*
1164 [out] rs_cache_data_t *cache_info,
1165 [out] error_status_t *status
1166 */
1167
1168 buff_remain = tvb_captured_length_remaining(tvb, offset);
1169
1170 /* found several add responses that had 8 bytes of data. first was 4 0's and last was 3 zeros and a 1 */
1171 if (buff_remain > 8) {
1172
1173 offset =
1174 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1175 dissect_rs_cache_data_t, NDR_POINTER_REF,
1176 "cache_info:", -1);
1177 }
1178 offset =
1179 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1180 dissect_error_status_t, NDR_POINTER_REF, "status:",
1181 -1);
1182
1183
1184 return offset;
1185 }
1186
1187 static int
rs_pgo_dissect_delete_member_rqst(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1188 rs_pgo_dissect_delete_member_rqst (tvbuff_t * tvb, int offset,
1189 packet_info * pinfo, proto_tree * tree,
1190 dcerpc_info *di, guint8 * drep)
1191 {
1192 if (di->conformant_run)
1193 {
1194 return offset;
1195 }
1196
1197 /*
1198 void rs_pgo_delete_member (
1199 [in] sec_rgy_domain_t name_domain,
1200 [in] sec_rgy_name_t go_name,
1201 [in] sec_rgy_name_t person_name,
1202 );
1203 */
1204
1205 offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
1206 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
1207 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
1208
1209 return offset;
1210
1211 }
1212
1213
1214 static int
rs_pgo_dissect_get_members_rqst(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1215 rs_pgo_dissect_get_members_rqst (tvbuff_t * tvb, int offset,
1216 packet_info * pinfo, proto_tree * tree,
1217 dcerpc_info *di, guint8 * drep)
1218 {
1219
1220 guint32 max_members;
1221
1222 if (di->conformant_run)
1223 {
1224 return offset;
1225 }
1226
1227 /*
1228 [in] sec_rgy_domain_t name_domain,
1229 [in] sec_rgy_name_t go_name,
1230 [in, out] sec_rgy_cursor_t *member_cursor,
1231 [in] signed32 max_members,
1232 */
1233
1234 offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
1235 offset += 4;
1236 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
1237 offset =
1238 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1239 dissect_sec_rgy_cursor_t, NDR_POINTER_REF,
1240 "member_cursor:", -1);
1241 offset =
1242 dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rs_var1,
1243 &max_members);
1244
1245 col_append_fstr (pinfo->cinfo, COL_INFO, " :max_members:%u", max_members);
1246
1247 return offset;
1248 }
1249
1250 static int
rs_pgo_dissect_key_transfer_rqst(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1251 rs_pgo_dissect_key_transfer_rqst (tvbuff_t * tvb, int offset,
1252 packet_info * pinfo, proto_tree * tree,
1253 dcerpc_info *di, guint8 * drep)
1254 {
1255
1256 if (di->conformant_run)
1257 {
1258 return offset;
1259 }
1260
1261 /*
1262 [in] sec_rgy_domain_t name_domain,
1263 [in] rs_pgo_query_t requested_result_type,
1264 [in, out] rs_pgo_query_key_t *key,
1265 */
1266
1267 offset += 4;
1268 offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
1269 offset = dissect_rs_pgo_query_t (tvb, offset, pinfo, tree, di, drep);
1270 offset =
1271 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1272 dissect_rs_pgo_query_key_t, NDR_POINTER_REF, "key:",
1273 -1);
1274
1275 return offset;
1276 }
1277
1278 static int
rs_pgo_dissect_key_transfer_resp(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1279 rs_pgo_dissect_key_transfer_resp (tvbuff_t * tvb, int offset,
1280 packet_info * pinfo, proto_tree * tree,
1281 dcerpc_info *di, guint8 * drep)
1282 {
1283 if (di->conformant_run)
1284 {
1285 return offset;
1286 }
1287
1288 /*
1289 [in, out] rs_pgo_query_key_t *key,
1290 [out] rs_cache_data_t *cache_info,
1291 [out] error_status_t *status
1292 */
1293
1294 offset =
1295 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1296 dissect_rs_pgo_query_key_t, NDR_POINTER_REF, "key:",
1297 -1);
1298 offset =
1299 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1300 dissect_rs_cache_data_t, NDR_POINTER_REF,
1301 "cache_info:", -1);
1302 offset =
1303 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1304 dissect_error_status_t, NDR_POINTER_REF, "status:",
1305 -1);
1306
1307 return offset;
1308 }
1309
1310
1311 static int
rs_pgo_dissect_is_member_resp(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1312 rs_pgo_dissect_is_member_resp (tvbuff_t * tvb, int offset,
1313 packet_info * pinfo, proto_tree * tree,
1314 dcerpc_info *di, guint8 * drep)
1315 {
1316
1317 if (di->conformant_run)
1318 {
1319 return offset;
1320 }
1321
1322 /*
1323 [out] rs_cache_data_t *cache_info,
1324 [out] error_status_t *status
1325 */
1326 offset =
1327 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1328 dissect_rs_cache_data_t, NDR_POINTER_REF,
1329 "cache_info:", -1);
1330 offset =
1331 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1332 dissect_error_status_t, NDR_POINTER_REF, "status:",
1333 -1);
1334
1335 return offset;
1336 }
1337
1338 static int
rs_pgo_dissect_is_member_rqst(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1339 rs_pgo_dissect_is_member_rqst (tvbuff_t * tvb, int offset,
1340 packet_info * pinfo, proto_tree * tree,
1341 dcerpc_info *di, guint8 * drep)
1342 {
1343 /*
1344 [in] sec_rgy_domain_t name_domain,
1345 [in] sec_rgy_name_t go_name,
1346 [in] sec_rgy_name_t person_name,
1347 */
1348
1349 if (di->conformant_run)
1350 {
1351 return offset;
1352 }
1353
1354 offset += 4;
1355 offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
1356 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
1357 offset += 4;
1358 offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, di, drep);
1359
1360
1361 return offset;
1362
1363 }
1364
1365
1366 static int
rs_pgo_dissect_get_rqst(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1367 rs_pgo_dissect_get_rqst (tvbuff_t * tvb, int offset,
1368 packet_info * pinfo, proto_tree * tree,
1369 dcerpc_info *di, guint8 * drep)
1370 {
1371 guint32 allow_aliases;
1372
1373 if (di->conformant_run)
1374 {
1375 return offset;
1376 }
1377
1378 /*
1379 [in] sec_rgy_domain_t name_domain,
1380 [in] rs_pgo_query_key_t *key,
1381 [in] boolean32 allow_aliases,
1382 [in, out] sec_rgy_cursor_t *item_cursor,
1383 */
1384
1385 offset = dissect_sec_rgy_domain_t (tvb, offset, pinfo, tree, di, drep);
1386 offset =
1387 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1388 dissect_rs_pgo_query_key_t, NDR_POINTER_REF, "key:",
1389 -1);
1390 offset =
1391 dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rs_var1,
1392 &allow_aliases);
1393
1394 col_append_fstr (pinfo->cinfo, COL_INFO, " :allow_aliases:%u",
1395 allow_aliases);
1396
1397
1398 offset += 4; /* XXX */
1399
1400 offset =
1401 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1402 dissect_sec_rgy_cursor_t, NDR_POINTER_REF,
1403 "item_cursor:", -1);
1404 return offset;
1405
1406 }
1407
1408 static int
rs_pgo_dissect_get_resp(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1409 rs_pgo_dissect_get_resp (tvbuff_t * tvb, int offset,
1410 packet_info * pinfo, proto_tree * tree,
1411 dcerpc_info *di, guint8 * drep)
1412 {
1413 if (di->conformant_run)
1414 {
1415 return offset;
1416 }
1417
1418 /*
1419 [in, out] sec_rgy_cursor_t *item_cursor,
1420 [out] rs_cache_data_t *cache_info,
1421 [out] rs_pgo_query_result_t *result
1422 */
1423
1424 offset =
1425 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1426 dissect_sec_rgy_cursor_t, NDR_POINTER_REF,
1427 "item_cursor:", -1);
1428 offset =
1429 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1430 dissect_rs_cache_data_t, NDR_POINTER_REF,
1431 "cache_info:", -1);
1432 offset =
1433 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1434 dissect_rs_pgo_query_result_t, NDR_POINTER_REF,
1435 "result:", -1);
1436
1437 return offset;
1438
1439 }
1440
1441 static int
rs_pgo_dissect_delete_member_resp(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1442 rs_pgo_dissect_delete_member_resp (tvbuff_t * tvb, int offset,
1443 packet_info * pinfo, proto_tree * tree,
1444 dcerpc_info *di, guint8 * drep)
1445 {
1446
1447 if (di->conformant_run)
1448 {
1449 return offset;
1450 }
1451
1452 /*
1453 [out] rs_cache_data_t *cache_info,
1454 [out] error_status_t *status
1455
1456 */
1457
1458 offset =
1459 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1460 dissect_rs_cache_data_t, NDR_POINTER_REF,
1461 "cache_info:", -1);
1462 offset =
1463 dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1464 dissect_error_status_t, NDR_POINTER_REF, "status:",
1465 -1);
1466
1467 return offset;
1468
1469 }
1470
1471
1472 static dcerpc_sub_dissector rs_pgo_dissectors[] = {
1473 {0, "add", rs_pgo_dissect_add_rqst, rs_pgo_dissect_add_resp},
1474 {1, "delete", rs_pgo_dissect_delete_rqst, rs_pgo_dissect_delete_resp},
1475 {2, "replace", rs_pgo_dissect_replace_rqst, rs_pgo_dissect_replace_resp},
1476 {3, "rename", rs_pgo_dissect_rename_rqst, rs_pgo_dissect_rename_resp},
1477 {4, "get", rs_pgo_dissect_get_rqst, rs_pgo_dissect_get_resp},
1478 {5, "key_transfer", rs_pgo_dissect_key_transfer_rqst,
1479 rs_pgo_dissect_key_transfer_resp},
1480 {6, "add_member", rs_pgo_dissect_add_member_rqst,
1481 rs_pgo_dissect_add_member_resp},
1482 {7, "delete_member", rs_pgo_dissect_delete_member_rqst,
1483 rs_pgo_dissect_delete_member_resp},
1484 {8, "is_member", rs_pgo_dissect_is_member_rqst,
1485 rs_pgo_dissect_is_member_resp},
1486 {9, "get_members", rs_pgo_dissect_get_members_rqst, NULL},
1487 {0, NULL, NULL, NULL},
1488 };
1489
1490
1491 void
proto_register_rs_pgo(void)1492 proto_register_rs_pgo (void)
1493 {
1494 static hf_register_info hf[] = {
1495 {&hf_rs_pgo_opnum,
1496 {"Operation", "rs_pgo.opnum", FT_UINT16, BASE_DEC, NULL, 0x0,
1497 NULL, HFILL}},
1498 {&hf_error_status_t,
1499 {"Error status", "rs_pgo.error_status", FT_UINT32, BASE_DEC, NULL,
1500 0x0, NULL, HFILL}},
1501 {&hf_rs_pgo_query_key_t,
1502 {"Query key", "rs_pgo.query_key", FT_UINT32, BASE_DEC,
1503 NULL, 0x0, NULL, HFILL}},
1504 {&hf_rs_pgo_query_result_t,
1505 {"Query result", "rs_pgo.query_result", FT_UINT32,
1506 BASE_DEC, NULL, 0x0, NULL, HFILL}},
1507 {&hf_rs_pgo_query_t,
1508 {"Query", "rs_pgo.query", FT_UINT32, BASE_DEC, NULL,
1509 0x0, NULL, HFILL}},
1510 {&hf_rs_sec_rgy_pgo_item_t_quota,
1511 {"Quota", "rs_pgo.quota",
1512 FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL}},
1513 {&hf_rs_sec_rgy_pgo_item_t_unix_num,
1514 {"Unix num",
1515 "rs_pgo.unix_num", FT_UINT32, BASE_DEC, NULL, 0x0, NULL,
1516 HFILL}},
1517 {&hf_rs_timeval,
1518 {"Timeval", "rs_pgo.timeval", FT_RELATIVE_TIME, BASE_NONE, NULL,
1519 0x0, NULL, HFILL}},
1520 {&hf_rs_uuid1,
1521 {"Uuid1", "rs_pgo.uuid1", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL}},
1522 {&hf_rs_var1,
1523 {"Var1", "rs_pgo.var1", FT_UINT32, BASE_DEC, NULL, 0x0, NULL,
1524 HFILL}},
1525 {&hf_sec_rgy_domain_t,
1526 {"Domain", "rs_pgo.domain", FT_UINT32, BASE_DEC,
1527 NULL, 0x0, NULL, HFILL}},
1528 {&hf_sec_rgy_name_t_principalName_string,
1529 {"Name principalName", "rs_pgo.name_principalName", FT_STRING, BASE_NONE, NULL,
1530 0x0, NULL, HFILL}},
1531 {&hf_sec_rgy_name_t_size,
1532 {"Name_t size", "rs_pgo.name_t_size", FT_UINT32,
1533 BASE_DEC, NULL, 0x0, NULL, HFILL}},
1534 {&hf_sec_rgy_pgo_flags_t,
1535 {"Flags", "rs_pgo.flags", FT_UINT32,
1536 BASE_HEX, NULL, 0x0, NULL, HFILL}},
1537 {&hf_sec_rgy_pname_t_size,
1538 {"Pname_t size", "rs_pgo.pname_t_size", FT_UINT32, BASE_DEC, NULL,
1539 0x0, NULL, HFILL}},
1540 {&hf_sec_rgy_pname_t_principalName_string,
1541 {"Pname principalName", "rs_pgo.pname_principalName", FT_STRING,
1542 BASE_NONE, NULL, 0x0, NULL, HFILL}},
1543 {&hf_rs_pgo_unix_num_key_t,
1544 {"Unix num key", "rs_pgo.unix_num_key_t", FT_UINT32,
1545 BASE_DEC,
1546 NULL, 0x0, NULL, HFILL}}
1547 };
1548
1549 static gint *ett[] = {
1550 &ett_error_status_t,
1551 &ett_rgy_acct_user_flags_t,
1552 &ett_rs_pgo,
1553 &ett_rs_pgo_id_key_t,
1554 &ett_rs_pgo_query_key_t,
1555 &ett_rs_pgo_query_result_t,
1556 &ett_rs_pgo_query_t,
1557 &ett_rs_pgo_result_t,
1558 &ett_rs_pgo_unix_num_key_t,
1559 &ett_sec_attr_component_name_t,
1560 &ett_sec_passwd_type_t,
1561 &ett_sec_rgy_acct_admin_flags_t,
1562 &ett_sec_rgy_acct_admin_t,
1563 &ett_sec_rgy_acct_auth_flags_t,
1564 &ett_sec_rgy_acct_key_t,
1565 &ett_sec_rgy_acct_user_t,
1566 &ett_sec_rgy_cursor_t,
1567 &ett_sec_rgy_foreign_id_t,
1568 &ett_sec_rgy_login_name_t,
1569 &ett_sec_rgy_name_t,
1570 &ett_sec_rgy_domain_t,
1571 &ett_sec_rgy_pgo_flags_t,
1572 &ett_sec_rgy_pgo_item_t,
1573 &ett_sec_rgy_pname_t,
1574 &ett_sec_rgy_sid_t,
1575 &ett_sec_rgy_unix_passwd_buf_t,
1576 &ett_sec_rgy_unix_sid_t,
1577 &ett_sec_timeval_sec_t,
1578 &ett_rs_cache_data_t,
1579 };
1580 proto_rs_pgo =
1581 proto_register_protocol ("DCE Name Service", "RS_PGO", "rs_pgo");
1582 proto_register_field_array (proto_rs_pgo, hf, array_length (hf));
1583 proto_register_subtree_array (ett, array_length (ett));
1584 }
1585
1586 void
proto_reg_handoff_rs_pgo(void)1587 proto_reg_handoff_rs_pgo (void)
1588 {
1589 /* Register the protocol as dcerpc */
1590 dcerpc_init_uuid (proto_rs_pgo, ett_rs_pgo, &uuid_rs_pgo, ver_rs_pgo,
1591 rs_pgo_dissectors, hf_rs_pgo_opnum);
1592 }
1593
1594 /*
1595 * Editor modelines - https://www.wireshark.org/tools/modelines.html
1596 *
1597 * Local Variables:
1598 * c-basic-offset: 2
1599 * tab-width: 8
1600 * indent-tabs-mode: nil
1601 * End:
1602 *
1603 * ex: set shiftwidth=2 tabstop=8 expandtab:
1604 * :indentSize=2:tabSize=8:noTabs=true:
1605 */
1606