summaryrefslogtreecommitdiffstats
path: root/epan/dissectors/pidl/witness
diff options
context:
space:
mode:
Diffstat (limited to 'epan/dissectors/pidl/witness')
-rw-r--r--epan/dissectors/pidl/witness/witness.cnf240
-rw-r--r--epan/dissectors/pidl/witness/witness.idl152
2 files changed, 392 insertions, 0 deletions
diff --git a/epan/dissectors/pidl/witness/witness.cnf b/epan/dissectors/pidl/witness/witness.cnf
new file mode 100644
index 00000000..76d255e4
--- /dev/null
+++ b/epan/dissectors/pidl/witness/witness.cnf
@@ -0,0 +1,240 @@
+MANUAL witness_dissect_element_interfaceInfo_group_name
+NOEMIT witness_dissect_element_interfaceInfo_group_name
+MANUAL witness_dissect_struct_notifyResponse
+MANUAL witness_dissect_element_notifyResponse_messages
+NOEMIT witness_dissect_element_notifyResponse_messages
+MANUAL witness_dissect_struct_IPaddrInfoList
+NOEMIT witness_dissect_struct_IPaddrInfoList
+NOEMIT witness_dissect_element_IPaddrInfoList_addr
+
+HF_FIELD hf_witness_witness_notifyResponse_messages_ "Messages" "witness.witness_notifyResponse.messages_" FT_NONE BASE_NONE NULL 0 "" "" ""
+
+TYPE ipv4address "offset=PIDL_dissect_ipv4address(tvb, offset, pinfo, tree, di, drep, @HF@, PIDL_SET_COL_INFO);" FT_IPv4 BASE_NONE 0 NULL 4
+
+TYPE ipv6address "offset=PIDL_dissect_ipv6address(tvb, offset, pinfo, tree, di, drep, @HF@, PIDL_SET_COL_INFO);" FT_IPv6 BASE_NONE 0 NULL 2
+
+CODE START
+
+ #include "to_str.h"
+
+static int
+witness_dissect_notifyResponse_message(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_);
+
+static int
+witness_dissect_notifyResponse_message_(tvbuff_t *tvb, int offset, int length _U_, packet_info *pinfo,
+ proto_tree *tree, dcerpc_info *di, guint8 *drep _U_)
+{
+ guint32 *type = (guint32 *)di->private_data;
+ guint8 le_drep[4] = { DREP_LITTLE_ENDIAN, };
+ return witness_dissect_notifyResponse_message(tvb, offset, pinfo, tree, di, le_drep,
+ hf_witness_witness_notifyResponse_messages_, *type);
+}
+
+static int
+witness_dissect_element_notifyResponse_messages(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info *di _U_, guint8 *drep _U_)
+{
+ offset = dissect_ndr_ucarray_block(tvb, offset, pinfo, tree, di, drep,
+ witness_dissect_notifyResponse_message_);
+ return offset;
+}
+
+int
+witness_dissect_struct_notifyResponse(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ guint32 *type = NULL;
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ int old_offset;
+
+ ALIGN_TO_4_BYTES;
+
+ ALIGN_TO_4_BYTES;
+
+ old_offset = offset;
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_witness_witness_notifyResponse);
+ }
+
+ type = wmem_new0(pinfo->pool, guint32);
+
+ offset = witness_dissect_element_notifyResponse_type(tvb, offset, pinfo, tree, di, drep, type);
+
+ offset = witness_dissect_element_notifyResponse_length(tvb, offset, pinfo, tree, di, drep);
+
+ offset = witness_dissect_element_notifyResponse_num(tvb, offset, pinfo, tree, di, drep);
+
+ di->private_data = type;
+ offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep,
+ witness_dissect_element_notifyResponse_messages,
+ NDR_POINTER_UNIQUE, "Pointer to Message Buffer (uint8)",
+ hf_witness_witness_notifyResponse_messages);
+
+ proto_item_set_len(item, offset-old_offset);
+
+ if (di->call_data->flags & DCERPC_IS_NDR64) {
+ ALIGN_TO_4_BYTES;
+ }
+
+ return offset;
+}
+
+static int
+witness_dissect_element_IPaddrInfoList_addr(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ offset = witness_dissect_struct_IPaddrInfo(tvb,offset,pinfo,tree,di,drep,hf_witness_witness_IPaddrInfoList_addr,0);
+
+ return offset;
+}
+
+int
+witness_dissect_struct_IPaddrInfoList(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ gboolean oldalign = di->no_align;
+ int old_offset;
+ guint32 i, num;
+
+ di->no_align = TRUE;
+
+ old_offset = offset;
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_witness_witness_IPaddrInfoList);
+ }
+
+ offset = witness_dissect_element_IPaddrInfoList_length(tvb, offset, pinfo, tree, di, drep);
+
+ offset = witness_dissect_element_IPaddrInfoList_reserved(tvb, offset, pinfo, tree, di, drep);
+
+ num = tvb_get_letohl(tvb, offset);
+
+ offset = witness_dissect_element_IPaddrInfoList_num(tvb, offset, pinfo, tree, di, drep);
+
+ for (i = 0; i < num; i++) {
+ offset = witness_dissect_element_IPaddrInfoList_addr(tvb, offset, pinfo, tree, di, drep);
+ }
+
+ proto_item_set_len(item, offset-old_offset);
+
+ di->no_align = oldalign;
+
+ return offset;
+}
+
+static int
+witness_dissect_element_interfaceInfo_group_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *parent_tree, dcerpc_info *di _U_, guint8 *drep _U_)
+{
+ int totlen, stringlen;
+ char *str;
+ proto_item *pi;
+
+ /*
+ * XXX - this is described as
+ *
+ * [charset(UTF16),to_null] uint16 group_name[260];
+ *
+ * I haven't found any documentation for what "to_null" means
+ * in PIDL; is this a null-padded 260*2-byte array, so that
+ * strings can be up to 260 16-bit units in length, or is
+ * it a null-*terminated* string, so that it can be up to 259
+ * 16-bit units in length?
+ *
+ * We assume it's null-padded, for now, and scan for a 2-byte
+ * null terminator within the 260 2-byte units, and use
+ * that as the length, with the length being 2*260 if there
+ * isn't one.
+ *
+ * This will result in totlen being the total length, in
+ * bytes, of the string, including the null terminator, if
+ * present, and stringlen being the total length, in bytes.
+ * not counting any null terminator.
+ */
+ totlen = 0;
+ stringlen = 0;
+ while (totlen < 2*260) {
+ /*
+ * These 2 bytes are either part of the string
+ * or part of the null terminator, so count
+ * them.
+ */
+ totlen += 2;
+ if (tvb_get_letohs(tvb, offset + stringlen) == 0)
+ break;
+ /*
+ * Those 2 bytes are part of the string, so
+ * count them.
+ */
+ stringlen += 2;
+ }
+ pi = proto_tree_add_item_ret_display_string(parent_tree,
+ hf_witness_witness_interfaceInfo_group_name, tvb, offset, stringlen,
+ ENC_UTF_16|ENC_LITTLE_ENDIAN,
+ pinfo->pool, &str);
+ proto_item_append_text(pi, " [%d]", totlen);
+ proto_item_append_text(parent_tree, ": %s", str);
+
+ /*
+ * All 260 16-bit units are part of the field, as they're always
+ * there even if they don't need to be.
+ */
+ return offset + 2*260;
+}
+
+static int
+PIDL_dissect_ipv4address(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep _U_, int hfindex, guint32 param)
+{
+ if (di->conformant_run) {
+ /* just a run to handle conformant arrays, no scalars to dissect */
+ return offset;
+ }
+
+
+ if (!di->no_align && (offset % 4)) {
+ offset += 4 - (offset % 4);
+ }
+
+ proto_tree_add_item(tree, hfindex, tvb, offset, 4, ENC_BIG_ENDIAN);
+
+ if (param & PIDL_SET_COL_INFO) {
+ const char *ip = tvb_ip_to_str(pinfo->pool, tvb, offset);
+ header_field_info *hf_info = proto_registrar_get_nth(hfindex);
+
+ proto_item_append_text(proto_tree_get_parent(tree), " %s:%s", hf_info->name, ip);
+
+ col_append_fstr(pinfo->cinfo, COL_INFO," %s:%s", hf_info->name, ip);
+ }
+ return offset + 4;
+}
+
+static int
+PIDL_dissect_ipv6address(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep _U_, int hfindex, guint32 param)
+{
+ if (di->conformant_run) {
+ /* just a run to handle conformant arrays, no scalars to dissect */
+ return offset;
+ }
+
+
+ if (!di->no_align && (offset % 2)) {
+ offset += 2 - (offset % 2);
+ }
+
+ proto_tree_add_item(tree, hfindex, tvb, offset, 16, ENC_BIG_ENDIAN);
+
+ if (param & PIDL_SET_COL_INFO) {
+ const char *ip = tvb_ip6_to_str(pinfo->pool, tvb, offset);
+ header_field_info *hf_info = proto_registrar_get_nth(hfindex);
+
+ proto_item_append_text(proto_tree_get_parent(tree), " %s:%s", hf_info->name, ip);
+
+ col_append_fstr(pinfo->cinfo, COL_INFO," %s:%s", hf_info->name, ip);
+ }
+
+ return offset + 16;
+}
+
+CODE END
diff --git a/epan/dissectors/pidl/witness/witness.idl b/epan/dissectors/pidl/witness/witness.idl
new file mode 100644
index 00000000..ecfa1af8
--- /dev/null
+++ b/epan/dissectors/pidl/witness/witness.idl
@@ -0,0 +1,152 @@
+#include "idl_types.h"
+
+import "misc/misc.idl";
+
+[
+ uuid("ccd8c074-d0e5-4a40-92b4-d074faa6ba28"),
+ version(1.1),
+ pointer_default(unique),
+ helpstring("SMB Witness Service"),
+ helper("../librpc/ndr/ndr_witness.h"),
+ endpoint("ncacn_ip_tcp:")
+]
+interface witness
+{
+ typedef [v1_enum] enum {
+ WITNESS_V1 = 0x00010001,
+ WITNESS_V2 = 0x00020000,
+ WITNESS_UNSPECIFIED_VERSION = 0xFFFFFFFF
+ } witness_version;
+
+ /*****************/
+ /* Function 0x00 */
+
+ typedef [enum16bit] enum {
+ WITNESS_STATE_UNKNOWN = 0x00,
+ WITNESS_STATE_AVAILABLE = 0x01,
+ WITNESS_STATE_UNAVAILABLE = 0xff
+ } witness_interfaceInfo_state;
+
+ typedef [bitmap32bit] bitmap {
+ WITNESS_INFO_IPv4_VALID = 0x01,
+ WITNESS_INFO_IPv6_VALID = 0x02,
+ WITNESS_INFO_WITNESS_IF = 0x04
+ } witness_interfaceInfo_flags;
+
+ typedef struct {
+ [charset(UTF16),to_null] uint16 group_name[260];
+ witness_version version;
+ witness_interfaceInfo_state state;
+ [flag(NDR_BIG_ENDIAN)] ipv4address ipv4;
+ [flag(NDR_BIG_ENDIAN)] ipv6address ipv6;
+ witness_interfaceInfo_flags flags;
+ } witness_interfaceInfo;
+
+ typedef struct {
+ uint32 num_interfaces;
+ [size_is(num_interfaces)] witness_interfaceInfo *interfaces;
+ } witness_interfaceList;
+
+ [public] WERROR witness_GetInterfaceList(
+ [out] witness_interfaceList **interface_list
+ );
+
+ /*****************/
+ /* Function 0x01 */
+
+ [public] WERROR witness_Register(
+ [out,ref] policy_handle *context_handle,
+ [in] witness_version version,
+ [in,unique,string,charset(UTF16)] uint16 *net_name,
+ [in,unique,string,charset(UTF16)] uint16 *ip_address,
+ [in,unique,string,charset(UTF16)] uint16 *client_computer_name
+ );
+
+ /*****************/
+ /* Function 0x02 */
+
+ [public] WERROR witness_UnRegister(
+ [in] policy_handle context_handle
+ );
+
+ /*****************/
+ /* Function 0x03 */
+
+ typedef [v1_enum,public] enum {
+ WITNESS_NOTIFY_RESOURCE_CHANGE = 1,
+ WITNESS_NOTIFY_CLIENT_MOVE = 2,
+ WITNESS_NOTIFY_SHARE_MOVE = 3,
+ WITNESS_NOTIFY_IP_CHANGE = 4
+ } witness_notifyResponse_type;
+
+ typedef [v1_enum] enum {
+ WITNESS_RESOURCE_STATE_UNKNOWN = 0x00,
+ WITNESS_RESOURCE_STATE_AVAILABLE = 0x01,
+ WITNESS_RESOURCE_STATE_UNAVAILABLE = 0xff
+ } witness_ResourceChange_type;
+
+ typedef [flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN),gensize,public] struct {
+ [value(ndr_size_witness_ResourceChange(r,ndr->flags))] uint32 length;
+ witness_ResourceChange_type type;
+ nstring name;
+ } witness_ResourceChange;
+
+ typedef [bitmap32bit] bitmap {
+ WITNESS_IPADDR_V4 = 0x01,
+ WITNESS_IPADDR_V6 = 0x02,
+ WITNESS_IPADDR_ONLINE = 0x08,
+ WITNESS_IPADDR_OFFLINE = 0x10
+ } witness_IPaddrInfo_flags;
+
+ typedef [flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN),gensize] struct {
+ witness_IPaddrInfo_flags flags;
+ ipv4address ipv4;
+ ipv6address ipv6;
+ } witness_IPaddrInfo;
+
+ typedef [flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN)] struct {
+ [value(r->num*ndr_size_witness_IPaddrInfo(r->addr, ndr->flags))] uint32 length;
+ [value(0)] uint32 reserved;
+ uint32 num;
+ witness_IPaddrInfo addr[num];
+ } witness_IPaddrInfoList;
+
+ typedef [public,switch_type(witness_notifyResponse_type),nodiscriminant, flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN)] union {
+ [case(WITNESS_NOTIFY_RESOURCE_CHANGE)] witness_ResourceChange resource_change;
+ [case(WITNESS_NOTIFY_CLIENT_MOVE)] witness_IPaddrInfoList client_move;
+ [case(WITNESS_NOTIFY_SHARE_MOVE)] witness_IPaddrInfoList share_move;
+ [case(WITNESS_NOTIFY_IP_CHANGE)] witness_IPaddrInfoList ip_change;
+ [default,flag(NDR_REMAINING)] DATA_BLOB data;
+ } witness_notifyResponse_message;
+
+ typedef [flag(NDR_PAHEX),gensize,public,nopush,nopull] struct {
+ witness_notifyResponse_type type;
+ [value(ndr_size_witness_notifyResponse(r, ndr->flags)-20)] uint32 length;
+ uint32 num;
+ [subcontext(4), subcontext_size(length), flag(NDR_REMAINING), switch_is(type)] witness_notifyResponse_message messages[num];
+ } witness_notifyResponse;
+
+ [public] WERROR witness_AsyncNotify(
+ [in] policy_handle context_handle,
+ [out] witness_notifyResponse **response
+ );
+
+ /*****************/
+ /* Function 0x04 */
+
+ typedef [bitmap32bit] bitmap {
+ WITNESS_REGISTER_NONE = 0x00,
+ WITNESS_REGISTER_IP_NOTIFICATION = 0x01
+ } witness_RegisterEx_flags;
+
+ WERROR witness_RegisterEx(
+ [out,ref] policy_handle *context_handle,
+ [in] witness_version version,
+ [in,unique,string,charset(UTF16)] uint16 *net_name,
+ [in,unique,string,charset(UTF16)] uint16 *share_name,
+ [in,unique,string,charset(UTF16)] uint16 *ip_address,
+ [in,unique,string,charset(UTF16)] uint16 *client_computer_name,
+ [in] witness_RegisterEx_flags flags,
+ [in] uint32 timeout
+ );
+}