diff options
Diffstat (limited to 'epan/dissectors/pidl/efs')
| -rw-r--r-- | epan/dissectors/pidl/efs/efs.cnf | 27 | ||||
| -rw-r--r-- | epan/dissectors/pidl/efs/efs.idl | 108 |
2 files changed, 135 insertions, 0 deletions
diff --git a/epan/dissectors/pidl/efs/efs.cnf b/epan/dissectors/pidl/efs/efs.cnf new file mode 100644 index 00000000..cac75869 --- /dev/null +++ b/epan/dissectors/pidl/efs/efs.cnf @@ -0,0 +1,27 @@ +# Conformance file for EFS + +# +# policyhandle tracking +# This block is to specify where a policyhandle is opened and where it is +# closed so that policyhandles when dissected contain nice info such as +# [opened in xxx] [closed in yyy] +# +# Policyhandles are opened in these functions +PARAM_VALUE efs_dissect_element_EfsRpcOpenFileRaw_pvContext_ PIDL_POLHND_OPEN +# Policyhandles are closed in these functions +PARAM_VALUE efs_dissect_element_EfsRpcCloseRaw_pvContext_ PIDL_POLHND_CLOSE + +CODE START +static int +efs_dissect_struct_dom_sid(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info* di, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + if(di->conformant_run){ + /* just a run to handle conformant arrays, no scalars to dissect */ + return offset; + } + + offset=dissect_nt_sid(tvb, offset, tree, "SID", NULL, -1); + return offset; +} + +CODE END diff --git a/epan/dissectors/pidl/efs/efs.idl b/epan/dissectors/pidl/efs/efs.idl new file mode 100644 index 00000000..54f971d1 --- /dev/null +++ b/epan/dissectors/pidl/efs/efs.idl @@ -0,0 +1,108 @@ +/* + IDL definitions from original packet-dcerpc-efs.c + by Jean-Baptiste Marchand +*/ + +/* import "security.idl";*/ + +[ + uuid("c681d488-d850-11d0-8c52-00c04fd90f7e"), + version(1.0), + pointer_default(unique) +] interface efs +{ + +WERROR EfsRpcOpenFileRaw( + [out,ref] policy_handle *pvContext, + [in] [charset(UTF16),string] uint16 FileName[], + [in] uint32 Flags + ); + +WERROR EfsRpcReadFileRaw( + [in,ref] policy_handle *pvContext +/* incomplete */ +); + + +WERROR EfsRpcWriteFileRaw( + [in,ref] policy_handle *pvContext +/* incomplete */ +); + +void EfsRpcCloseRaw( + [in,out,ref] policy_handle *pvContext +); + +WERROR EfsRpcEncryptFileSrv( + [in] [charset(UTF16),string] uint16 Filename[] +); + +WERROR EfsRpcDecryptFileSrv( + [in] [charset(UTF16),string] uint16 FileName[], + [in] uint32 Reserved +); + +typedef struct { + uint32 cbData; + [size_is(cbData), unique] uint8 *pbData; +} EFS_HASH_BLOB; + +typedef struct { + uint32 cbTotalLength; + [unique] dom_sid *pUserSid; + [unique] EFS_HASH_BLOB *pHash; + [unique] [charset(UTF16),string] uint16 *lpDisplayInformation; +} ENCRYPTION_CERTIFICATE_HASH; + +typedef struct { + uint32 nCert_Hash; + /* this is a pointer to an array of pointers */ + [size_is(nCert_Hash)] ENCRYPTION_CERTIFICATE_HASH *pUsers[*]; +} ENCRYPTION_CERTIFICATE_HASH_LIST; + +WERROR EfsRpcQueryUsersOnFile( + [in] [charset(UTF16),string] uint16 FileName[], + [out,ref,unique] ENCRYPTION_CERTIFICATE_HASH_LIST **pUsers +); + +WERROR EfsRpcQueryRecoveryAgents( + [in] [charset(UTF16),string] uint16 FileName[], + [out,ref,unique] ENCRYPTION_CERTIFICATE_HASH_LIST **pRecoveryAgents +); + +WERROR EfsRpcRemoveUsersFromFile( + [in] [charset(UTF16),string] uint16 FileName[] + /* [in] ENCRYPTION_CERTIFICATE_LIST Hashes*/ +); + +WERROR EfsRpcAddUsersToFile( + [in] [charset(UTF16),string] uint16 FileName[] + /* [in] ENCRYPTION_CERTIFICATE_LIST Hashes*/ +); + +typedef struct { + uint32 dwCertEncodingType; + uint32 cbData; + [size_is(cbData)] [unique] uint8 *pbData; +} EFS_CERTIFICATE_BLOB; + +typedef struct { + uint32 TotalLength; + [unique] dom_sid *pUserSid; + [unique] EFS_CERTIFICATE_BLOB *pCertBlob; +} ENCRYPTION_CERTIFICATE; + +WERROR EfsRpcSetFileEncryptionKey( + [in] [unique] ENCRYPTION_CERTIFICATE *pEncryptionCertificate +); + +WERROR EfsRpcNotSupported( +); + +WERROR EfsRpcFileKeyInfo( +); + +WERROR EfsRpcDuplicateEncryptionInfoFile( +); + +} |