From Ronnie Sahlberg:

	NDR pointer handling in DCE RPC
	SAMR updates

svn path=/trunk/; revision=4608

1 files changed, 159 insertions, 1 deletions

diff --git a/packet-dcerpc-nt.c b/packet-dcerpc-nt.c
index 4721930cb0..f4aa4396fe 100644
--- a/packet-dcerpc-nt.c
+++ b/packet-dcerpc-nt.c
@@ -2,7 +2,7 @@
  * Routines for DCERPC over SMB packet disassembly
  * Copyright 2001, Tim Potter <tpot@samba.org>
  *
- * $Id: packet-dcerpc-nt.c,v 1.4 2002/01/21 07:36:33 guy Exp $
+ * $Id: packet-dcerpc-nt.c,v 1.5 2002/01/25 08:35:59 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -390,3 +390,161 @@ int prs_policy_hnd(tvbuff_t *tvb, int offset, packet_info *pinfo,
 
 	return offset + 20;
 }
+
+
+
+/* functions to dissect a UNICODE_STRING structure, common to many 
+   NT services
+   struct {
+     short len;
+     short size;
+     [size_is(size/2), length_is(len/2), ptr] unsigned short *string;
+   } UNICODE_STRING;
+
+   these variables can be found in packet-dcerpc-samr.c 
+*/
+extern int hf_nt_str_len;
+extern int hf_nt_str_off;
+extern int hf_nt_str_max_len;
+extern int hf_nt_string_length;
+extern int hf_nt_string_size;
+extern gint ett_nt_unicode_string;
+
+static int
+dissect_ndr_nt_UNICODE_STRING_string (tvbuff_t *tvb, int offset, 
+                             packet_info *pinfo, proto_tree *tree, 
+                             char *drep)
+{
+	guint32 len, off, max_len;
+	guint16 *data16;
+	char *text;
+	int old_offset;
+	dcerpc_info *di;
+	header_field_info *hfi;
+
+	di=pinfo->private_data;
+
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_nt_str_len, &len);
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_nt_str_off, &off);
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_nt_str_max_len, &max_len);
+
+	old_offset=offset;
+	offset = prs_uint16s(tvb, offset, pinfo, tree, max_len, &data16, NULL);
+	text = fake_unicode(data16, max_len);
+
+	hfi = proto_registrar_get_nth(di->hf_index);
+	proto_tree_add_string_format(tree, di->hf_index, 
+		tvb, old_offset, offset-old_offset,
+		text, "%s: %s", hfi->name, text);
+
+	if(tree){
+		proto_item_set_text(tree, "%s: %s", hfi->name, text);
+		proto_item_set_text(tree->parent, "%s: %s", hfi->name, text);
+	}
+  	return offset;
+}
+
+int
+dissect_ndr_nt_UNICODE_STRING (tvbuff_t *tvb, int offset, 
+                             packet_info *pinfo, proto_tree *parent_tree, 
+                             char *drep, int hf_index)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+			"Unicode String");
+		tree = proto_item_add_subtree(item, ett_nt_unicode_string);
+	}
+
+        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+                                     hf_nt_string_length, NULL);
+        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+                                     hf_nt_string_size, NULL);
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			dissect_ndr_nt_UNICODE_STRING_string, NDR_POINTER_PTR,
+			hf_index);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+/* functions to dissect a STRING structure, common to many 
+   NT services
+   struct {
+     short len;
+     short size;
+     [size_is(size), length_is(len), ptr] char *string;
+   } STRING;
+*/
+
+static int
+dissect_ndr_nt_STRING_string (tvbuff_t *tvb, int offset, 
+                             packet_info *pinfo, proto_tree *tree, 
+                             char *drep)
+{
+	guint32 len, off, max_len;
+	guint8 *text;
+	int old_offset;
+	dcerpc_info *di;
+	header_field_info *hfi;
+
+	di=pinfo->private_data;
+
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_nt_str_len, &len);
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_nt_str_off, &off);
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_nt_str_max_len, &max_len);
+
+	old_offset=offset;
+	offset = prs_uint8s(tvb, offset, pinfo, tree, max_len, &text, NULL);
+
+	hfi = proto_registrar_get_nth(di->hf_index);
+	proto_tree_add_string_format(tree, di->hf_index, 
+		tvb, old_offset, offset-old_offset,
+		text, "%s: %s", hfi->name, text);
+
+	if(tree){
+		proto_item_set_text(tree, "%s: %s", hfi->name, text);
+		proto_item_set_text(tree->parent, "%s: %s", hfi->name, text);
+	}
+  	return offset;
+}
+
+int
+dissect_ndr_nt_STRING (tvbuff_t *tvb, int offset, 
+                             packet_info *pinfo, proto_tree *parent_tree, 
+                             char *drep, int hf_index)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+			"Unicode String");
+		tree = proto_item_add_subtree(item, ett_nt_unicode_string);
+	}
+
+        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+                                     hf_nt_string_length, NULL);
+        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+                                     hf_nt_string_size, NULL);
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			dissect_ndr_nt_STRING_string, NDR_POINTER_PTR,
+			hf_index);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+
+
+