diff options
| -rw-r--r-- | packet-dcerpc-lsa.c | 132 | ||||
| -rw-r--r-- | packet-dcerpc-lsa.h | 17 | ||||
| -rw-r--r-- | packet-dcerpc-samr.c | 490 | ||||
| -rw-r--r-- | packet-dcerpc-samr.h | 47 | ||||
| -rw-r--r-- | packet-dcerpc-spoolss.c | 82 | ||||
| -rw-r--r-- | packet-dcerpc-spoolss.h | 10 |
6 files changed, 743 insertions, 35 deletions
diff --git a/packet-dcerpc-lsa.c b/packet-dcerpc-lsa.c index fcfe933722..71e4dc0bd5 100644 --- a/packet-dcerpc-lsa.c +++ b/packet-dcerpc-lsa.c @@ -3,7 +3,7 @@ * Copyright 2001, Tim Potter <tpot@samba.org> * 2002 Added LSA command dissectors Ronnie Sahlberg * - * $Id: packet-dcerpc-lsa.c,v 1.54 2002/08/09 09:27:33 sahlberg Exp $ + * $Id: packet-dcerpc-lsa.c,v 1.55 2002/08/21 21:31:15 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -384,13 +384,78 @@ lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset, return offset; } +/* Dissect LSA specific access rights */ + +static gint hf_view_local_info = -1; +static gint hf_view_audit_info = -1; +static gint hf_get_private_info = -1; +static gint hf_trust_admin = -1; +static gint hf_create_account = -1; +static gint hf_create_secret = -1; +static gint hf_create_priv = -1; +static gint hf_set_default_quota_limits = -1; +static gint hf_set_audit_requirements = -1; +static gint hf_server_admin = -1; +static gint hf_lookup_names = -1; + +static int +lsa_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, + guint32 access) +{ + proto_tree_add_boolean( + tree, hf_lookup_names, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_server_admin, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_set_audit_requirements, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_set_default_quota_limits, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_create_priv, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_create_secret, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_create_account, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_trust_admin, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_get_private_info, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_view_audit_info, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_view_local_info, + tvb, offset, 4, access); + + return offset; +} + static int lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep) { - /* XXX is this some bitmask ?*/ - offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, - hf_lsa_access_mask, NULL); + offset = dissect_nt_access_mask( + tvb, offset, pinfo, tree, drep, hf_lsa_access_mask, + lsa_specific_rights); return offset; } @@ -4363,8 +4428,63 @@ proto_register_dcerpc_lsa(void) { &hf_lsa_remove_all, { "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC, - NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }} - }; + NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }}, + + { &hf_view_local_info, + { "View local info", "lsa.access_mask.view_local_info", + FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_LOCAL_INFORMATION, + "View local info", HFILL }}, + + { &hf_view_audit_info, + { "View audit info", "lsa.access_mask.view_audit_info", + FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_AUDIT_INFORMATION, + "View audit info", HFILL }}, + + { &hf_get_private_info, + { "Get private info", "lsa.access_mask.get_privateinfo", + FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_GET_PRIVATE_INFORMATION, + "Get private info", HFILL }}, + + { &hf_trust_admin, + { "Trust admin", "lsa.access_mask.trust_admin", + FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_TRUST_ADMIN, + "Trust admin", HFILL }}, + + { &hf_create_account, + { "Create account", "lsa.access_mask.create_account", + FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_ACCOUNT, + "Create account", HFILL }}, + + { &hf_create_secret, + { "Create secret", "lsa.access_mask.create_secret", + FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_SECRET, + "Create secret", HFILL }}, + + { &hf_create_priv, + { "Create privilege", "lsa.access_mask.create_priv", + FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_PRIVILEGE, + "Create privilege", HFILL }}, + + { &hf_set_default_quota_limits, + { "Set default quota limits", "lsa.access_mask.set_default_quota_limits", + FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_DEFAULT_QUOTA_LIMITS, + "Set default quota limits", HFILL }}, + + { &hf_set_audit_requirements, + { "Set audit requirements", "lsa.access_mask.set_audit_requirements", + FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_AUDIT_REQUIREMENTS, + "Set audit requirements", HFILL }}, + + { &hf_server_admin, + { "Server admin", "lsa.access_mask.server_admin", + FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SERVER_ADMIN, + "Server admin", HFILL }}, + + { &hf_lookup_names, + { "Lookup names", "lsa.access_mask.lookup_names", + FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_LOOKUP_NAMES, + "Lookup names", HFILL }} +}; static gint *ett[] = { &ett_dcerpc_lsa, diff --git a/packet-dcerpc-lsa.h b/packet-dcerpc-lsa.h index e27782c793..5c7ffa203e 100644 --- a/packet-dcerpc-lsa.h +++ b/packet-dcerpc-lsa.h @@ -2,7 +2,7 @@ * Routines for SMB \PIPE\lsarpc packet disassembly * Copyright 2001, Tim Potter <tpot@samba.org> * - * $Id: packet-dcerpc-lsa.h,v 1.7 2002/08/09 09:27:33 sahlberg Exp $ + * $Id: packet-dcerpc-lsa.h,v 1.8 2002/08/21 21:31:15 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -100,4 +100,19 @@ lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, char *drep); +/* Specific access rights */ + +#define POLICY_VIEW_LOCAL_INFORMATION 0x00000001 +#define POLICY_VIEW_AUDIT_INFORMATION 0x00000002 +#define POLICY_GET_PRIVATE_INFORMATION 0x00000004 +#define POLICY_TRUST_ADMIN 0x00000008 +#define POLICY_CREATE_ACCOUNT 0x00000010 +#define POLICY_CREATE_SECRET 0x00000020 +#define POLICY_CREATE_PRIVILEGE 0x00000040 +#define POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080 +#define POLICY_SET_AUDIT_REQUIREMENTS 0x00000100 +#define POLICY_AUDIT_LOG_ADMIN 0x00000200 +#define POLICY_SERVER_ADMIN 0x00000400 +#define POLICY_LOOKUP_NAMES 0x00000800 + #endif /* packet-dcerpc-lsa.h */ diff --git a/packet-dcerpc-samr.c b/packet-dcerpc-samr.c index 9b425b1d3b..a58a4ba3c6 100644 --- a/packet-dcerpc-samr.c +++ b/packet-dcerpc-samr.c @@ -3,7 +3,7 @@ * Copyright 2001, Tim Potter <tpot@samba.org> * 2002 Added all command dissectors Ronnie Sahlberg * - * $Id: packet-dcerpc-samr.c,v 1.54 2002/08/13 07:59:33 tpot Exp $ + * $Id: packet-dcerpc-samr.c,v 1.55 2002/08/21 21:31:15 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -199,6 +199,245 @@ static e_uuid_t uuid_dcerpc_samr = { static guint16 ver_dcerpc_samr = 1; +/* Dissect connect specific access rights */ + +static gint hf_access_connect_unknown_01 = -1; +static gint hf_access_connect_shutdown_server = -1; +static gint hf_access_connect_unknown_04 = -1; +static gint hf_access_connect_unknown_08 = -1; +static gint hf_access_connect_enum_domains = -1; +static gint hf_access_connect_open_domain = -1; + +static int +specific_rights_connect(tvbuff_t *tvb, gint offset, proto_tree *tree, + guint32 access) +{ + proto_tree_add_boolean( + tree, hf_access_connect_open_domain, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_connect_enum_domains, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_connect_unknown_08, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_connect_unknown_04, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_connect_shutdown_server, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_connect_unknown_01, + tvb, offset, 4, access); + + return offset; +} + +/* Dissect domain specific access rights */ + +static gint hf_access_domain_lookup_info1 = -1; +static gint hf_access_domain_set_info1 = -1; +static gint hf_access_domain_lookup_info2 = -1; +static gint hf_access_domain_set_info2 = -1; +static gint hf_access_domain_create_user = -1; +static gint hf_access_domain_create_group = -1; +static gint hf_access_domain_create_alias = -1; +static gint hf_access_domain_unknown_80 = -1; +static gint hf_access_domain_enum_accounts = -1; +static gint hf_access_domain_open_account = -1; +static gint hf_access_domain_set_info3 = -1; + +static int +specific_rights_domain(tvbuff_t *tvb, gint offset, proto_tree *tree, + guint32 access) +{ + proto_tree_add_boolean( + tree, hf_access_domain_set_info3, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_domain_open_account, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_domain_enum_accounts, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_domain_unknown_80, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_domain_create_alias, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_domain_create_group, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_domain_create_user, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_domain_set_info2, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_domain_lookup_info2, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_domain_set_info1, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_domain_lookup_info1, + tvb, offset, 4, access); + + return offset; +} + +/* Dissect user specific access rights */ + +static gint hf_access_user_get_name_etc = -1; +static gint hf_access_user_get_locale = -1; +static gint hf_access_user_get_loc_com = -1; +static gint hf_access_user_get_logoninfo = -1; +static gint hf_access_user_unknown_10 = -1; +static gint hf_access_user_set_attributes = -1; +static gint hf_access_user_change_password = -1; +static gint hf_access_user_set_password = -1; +static gint hf_access_user_get_groups = -1; +static gint hf_access_user_unknown_200 = -1; +static gint hf_access_user_unknown_400 = -1; + +static int +specific_rights_user(tvbuff_t *tvb, gint offset, proto_tree *tree, + guint32 access) +{ + proto_tree_add_boolean( + tree, hf_access_user_unknown_400, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_user_unknown_200, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_user_get_groups, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_user_set_password, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_user_change_password, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_user_set_attributes, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_user_unknown_10, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_user_get_logoninfo, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_user_get_loc_com, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_user_get_locale, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_user_get_name_etc, + tvb, offset, 4, access); + + return offset; +} + +/* Dissect alias specific access rights */ + +static gint hf_access_alias_add_member = -1; +static gint hf_access_alias_remove_member = -1; +static gint hf_access_alias_get_members = -1; +static gint hf_access_alias_lookup_info = -1; +static gint hf_access_alias_set_info = -1; + +static int +specific_rights_alias(tvbuff_t *tvb, gint offset, proto_tree *tree, + guint32 access) +{ + proto_tree_add_boolean( + tree, hf_access_alias_set_info, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_alias_lookup_info, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_alias_get_members, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_alias_remove_member, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_alias_add_member, + tvb, offset, 4, access); + + return offset; +} + +/* Dissect group specific access rights */ + +static gint hf_access_group_lookup_info = -1; +static gint hf_access_group_set_info = -1; +static gint hf_access_group_add_member = -1; +static gint hf_access_group_remove_member = -1; +static gint hf_access_group_get_members = -1; + +static int +specific_rights_group(tvbuff_t *tvb, gint offset, proto_tree *tree, + guint32 access) +{ + proto_tree_add_boolean( + tree, hf_access_group_get_members, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_group_remove_member, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_group_add_member, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_group_set_info, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_access_group_lookup_info, + tvb, offset, 4, access); + + return offset; +} int dissect_ndr_nt_SID(tvbuff_t *tvb, int offset, @@ -918,8 +1157,10 @@ samr_dissect_connect2_rqst(tvbuff_t *tvb, int offset, samr_dissect_connect2_server, NDR_POINTER_UNIQUE, "Server", hf_samr_server, 1); - offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, - hf_samr_access, NULL); + offset = dissect_nt_access_mask( + tvb, offset, pinfo, tree, drep, hf_samr_access, + specific_rights_connect); + return offset; } @@ -934,8 +1175,11 @@ samr_dissect_connect4_rqst(tvbuff_t *tvb, int offset, offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_samr_unknown_long, NULL); - offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, - hf_samr_access, NULL); + + offset = dissect_nt_access_mask( + tvb, offset, pinfo, tree, drep, hf_samr_access, + specific_rights_connect); + return offset; } @@ -1099,8 +1343,10 @@ samr_dissect_open_domain_rqst(tvbuff_t *tvb, int offset, offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_hnd, NULL, FALSE, FALSE); - offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, - hf_samr_access, NULL); + offset = dissect_nt_access_mask( + tvb, offset, pinfo, tree, drep, hf_samr_access, + specific_rights_domain); + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, dissect_ndr_nt_SID, NDR_POINTER_REF, "SID:", -1, 0); @@ -1206,8 +1452,9 @@ samr_dissect_create_alias_in_domain_rqst(tvbuff_t *tvb, int offset, samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF, "Account Name", hf_samr_acct_name, 0); - offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, - hf_samr_access, NULL); + offset = dissect_nt_access_mask( + tvb, offset, pinfo, tree, drep, hf_samr_access, + specific_rights_alias); return offset; } @@ -1498,9 +1745,12 @@ samr_dissect_create_user2_in_domain_rqst(tvbuff_t *tvb, int offset, offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF, "Account Name", hf_samr_acct_name, 0); + offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep); - offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, - hf_samr_access, NULL); + + offset = dissect_nt_access_mask( + tvb, offset, pinfo, tree, drep, hf_samr_access, + specific_rights_user); return offset; } @@ -1517,8 +1767,12 @@ samr_dissect_create_user2_in_domain_reply(tvbuff_t *tvb, int offset, dcerpc_smb_store_pol_name(&policy_hnd, "CreateUser2 handle"); + offset = dissect_nt_access_mask( + tvb, offset, pinfo, tree, drep, hf_samr_access_granted, + specific_rights_user); + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, - hf_samr_access_granted, NULL); + hf_samr_unknown_long, NULL); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_samr_rid, NULL); @@ -3954,8 +4208,9 @@ samr_dissect_open_group_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_hnd, NULL, FALSE, FALSE); - offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, - hf_samr_access, NULL); + offset = dissect_nt_access_mask( + tvb, offset, pinfo, tree, drep, hf_samr_access, + specific_rights_group); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_samr_rid, &rid); @@ -3997,8 +4252,9 @@ samr_dissect_open_alias_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_hnd, NULL, FALSE, FALSE); - offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, - hf_samr_access, NULL); + offset = dissect_nt_access_mask( + tvb, offset, pinfo, tree, drep, hf_samr_access, + specific_rights_alias); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_samr_rid, &rid); @@ -4067,8 +4323,9 @@ samr_dissect_create_group_in_domain_rqst(tvbuff_t *tvb, int offset, samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF, "Account Name", hf_samr_acct_name, 0); - offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, - hf_samr_access, NULL); + offset = dissect_nt_access_mask( + tvb, offset, pinfo, tree, drep, hf_samr_access, + specific_rights_group); return offset; } @@ -4576,7 +4833,6 @@ proto_register_dcerpc_samr(void) { "Expired flag", "samr.pwd_Expired", FT_UINT8, BASE_HEX, NULL, 0x0, "Flag indicating if the password for this account has expired or not", HFILL }}, - /* XXX - is this a standard NT access mask? */ { &hf_samr_access, { "Access Mask", "samr.access", FT_UINT32, BASE_HEX, NULL, 0x0, "Access", HFILL }}, @@ -4731,8 +4987,202 @@ proto_register_dcerpc_samr(void) { &hf_nt_acb_autolock, { "", "nt.acb.autolock", FT_BOOLEAN, 32, - TFS(&tfs_nt_acb_autolock), 0x0400, "If this account has been autolocked", HFILL }} + TFS(&tfs_nt_acb_autolock), 0x0400, "If this account has been autolocked", HFILL }}, + + /* Object specific access rights */ + + { &hf_access_domain_lookup_info1, + { "Lookup info1", "samr_access_mask.domain_lookup_info1", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + DOMAIN_ACCESS_LOOKUP_INFO_1, "Lookup info1", HFILL }}, + + { &hf_access_domain_set_info1, + { "Set info1", "samr_access_mask.domain_set_info1", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + DOMAIN_ACCESS_SET_INFO_1, "Set info1", HFILL }}, + + { &hf_access_domain_lookup_info2, + { "Lookup info2", "samr_access_mask.domain_lookup_info2", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + DOMAIN_ACCESS_LOOKUP_INFO_2, "Lookup info2", HFILL }}, + + { &hf_access_domain_set_info2, + { "Set info2", "samr_access_mask.domain_set_info2", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + DOMAIN_ACCESS_SET_INFO_2, "Set info2", HFILL }}, + + { &hf_access_domain_create_user, + { "Create user", "samr_access_mask.domain_create_user", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + DOMAIN_ACCESS_CREATE_USER, "Create user", HFILL }}, + + { &hf_access_domain_create_group, + { "Create group", "samr_access_mask.domain_create_group", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + DOMAIN_ACCESS_CREATE_GROUP, "Create group", HFILL }}, + + { &hf_access_domain_create_alias, + { "Create alias", "samr_access_mask.domain_create_alias", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + DOMAIN_ACCESS_CREATE_ALIAS, "Create alias", HFILL }}, + + { &hf_access_domain_unknown_80, + { "Unknown 0x80", "samr_access_mask.domain_unknown_80", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + DOMAIN_ACCESS_UNKNOWN_80, "Unknown 0x80", HFILL }}, + + { &hf_access_domain_enum_accounts, + { "Enum accounts", "samr_access_mask.domain_enum_accounts", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + DOMAIN_ACCESS_ENUM_ACCOUNTS, "Enum accounts", HFILL }}, + + { &hf_access_domain_open_account, + { "Open account", "samr_access_mask.domain_open_account", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + DOMAIN_ACCESS_OPEN_ACCOUNT, "Open account", HFILL }}, + + { &hf_access_domain_set_info3, + { "Set info3", "samr_access_mask.domain_set_info3", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + DOMAIN_ACCESS_SET_INFO_3, "Set info3", HFILL }}, + + { &hf_access_user_get_name_etc, + { "Get name, etc", "samr_access_mask.user_get_name_etc", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + USER_ACCESS_GET_NAME_ETC, "Get name, etc", HFILL }}, + + { &hf_access_user_get_locale, + { "Get locale", "samr_access_mask.user_get_locale", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + USER_ACCESS_GET_LOCALE, "Get locale", HFILL }}, + + { &hf_access_user_get_loc_com, + { "Set loc com", "samr_access_mask.user_set_loc_com", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + USER_ACCESS_SET_LOC_COM, "Set loc com", HFILL }}, + + { &hf_access_user_get_logoninfo, + { "Get logon info", "samr_access_mask.user_get_logoninfo", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + USER_ACCESS_GET_LOGONINFO, "Get logon info", HFILL }}, + + { &hf_access_user_unknown_10, + { "Unknown 0x10", "samr_access_mask.user_unknown_10", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + USER_ACCESS_UNKNOWN_10, "Unknown 0x10", HFILL }}, + + { &hf_access_user_set_attributes, + { "Set attributes", "samr_access_mask.user_set_attributes", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + USER_ACCESS_SET_ATTRIBUTES, "Set attributes", HFILL }}, + + { &hf_access_user_change_password, + { "Change password", "samr_access_mask.user_change_password", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + USER_ACCESS_CHANGE_PASSWORD, "Change password", HFILL }}, + + { &hf_access_user_set_password, + { "Set password", "samr_access_mask.user_set_password", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + USER_ACCESS_SET_PASSWORD, "Set password", HFILL }}, + + { &hf_access_user_get_groups, + { "Get groups", "samr_access_mask.user_get_groups", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + USER_ACCESS_GET_GROUPS, "Get groups", HFILL }}, + + { &hf_access_user_unknown_200, + { "Unknown 0x200", "samr_access_mask.user_unknown_200", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + USER_ACCESS_UNKNOWN_200, "Unknown 0x200", HFILL }}, + + { &hf_access_user_unknown_400, + { "Unknown 0x400", "samr_access_mask.user_unknown_400", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + USER_ACCESS_UNKNOWN_400, "Unknown 0x400", HFILL }}, + + { &hf_access_group_lookup_info, + { "Lookup info", "samr_access_mask.group_lookup_info", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + GROUP_ACCESS_LOOKUP_INFO, "Lookup info", HFILL }}, + + { &hf_access_group_set_info, + { "Get info", "samr_access_mask.group_set_info", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + GROUP_ACCESS_SET_INFO, "Get info", HFILL }}, + + { &hf_access_group_add_member, + { "Add member", "samr_access_mask.group_add_member", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + GROUP_ACCESS_ADD_MEMBER, "Add member", HFILL }}, + + { &hf_access_group_remove_member, + { "Remove member", "samr_access_mask.group_remove_member", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + GROUP_ACCESS_REMOVE_MEMBER, "Remove member", HFILL }}, + + { &hf_access_group_get_members, + { "Get members", "samr_access_mask.group_get_members", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + GROUP_ACCESS_GET_MEMBERS, "Get members", HFILL }}, + + { &hf_access_alias_add_member, + { "Add member", "samr_access_mask.alias_add_member", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + ALIAS_ACCESS_ADD_MEMBER, "Add member", HFILL }}, + + { &hf_access_alias_remove_member, + { "Remove member", "samr_access_mask.alias_remove_member", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + ALIAS_ACCESS_REMOVE_MEMBER, "Remove member", HFILL }}, + + { &hf_access_alias_get_members, + { "Get members", "samr_access_mask.alias_get_members", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + ALIAS_ACCESS_GET_MEMBERS, "Get members", HFILL }}, + + { &hf_access_alias_lookup_info, + { "Lookup info", "samr_access_mask.alias_lookup_info", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + ALIAS_ACCESS_LOOKUP_INFO, "Lookup info", HFILL }}, + + { &hf_access_alias_set_info, + { "Set info", "samr_access_mask.alias_set_info", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + ALIAS_ACCESS_SET_INFO, "Set info", HFILL }}, + + { &hf_access_connect_unknown_01, + { "Unknown 0x01", "samr_access_mask.connect_unknown_01", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + SAMR_ACCESS_UNKNOWN_1, "Unknown 0x01", HFILL }}, + + { &hf_access_connect_shutdown_server, + { "Shutdown server", "samr_access_mask.connect_shutdown_server", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + SAMR_ACCESS_SHUTDOWN_SERVER, "Shutdown server", HFILL }}, + + { &hf_access_connect_unknown_04, + { "Unknown 0x04", "samr_access_mask.connect_unknown_04", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + SAMR_ACCESS_UNKNOWN_4, "Unknown 0x04", HFILL }}, + + { &hf_access_connect_unknown_08, + { "Unknown 0x08", "samr_access_mask.connect_unknown_08", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + SAMR_ACCESS_UNKNOWN_8, "Unknown 0x08", HFILL }}, + + { &hf_access_connect_enum_domains, + { "Enum domains", "samr_access_mask.connect_enum_domains", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + SAMR_ACCESS_ENUM_DOMAINS, "Enum domains", HFILL }}, + + { &hf_access_connect_open_domain, + { "Open domain", "samr_access_mask.connect_open_domain", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + SAMR_ACCESS_OPEN_DOMAIN, "Open domain", HFILL }} + }; + static gint *ett[] = { &ett_dcerpc_samr, &ett_samr_user_dispinfo_1, diff --git a/packet-dcerpc-samr.h b/packet-dcerpc-samr.h index b2edf20c7b..2c6073b892 100644 --- a/packet-dcerpc-samr.h +++ b/packet-dcerpc-samr.h @@ -2,7 +2,7 @@ * Routines for SMB \PIPE\samr packet disassembly * Copyright 2001, Tim Potter <tpot@samba.org> * - * $Id: packet-dcerpc-samr.h,v 1.6 2002/08/06 21:58:09 sharpe Exp $ + * $Id: packet-dcerpc-samr.h,v 1.7 2002/08/21 21:31:15 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -92,4 +92,49 @@ #define SAMR_CONNECT3 0x3D #define SAMR_CONNECT4 0x3E +/* Specific access rights */ + +#define SAMR_ACCESS_UNKNOWN_1 0x00000001 +#define SAMR_ACCESS_SHUTDOWN_SERVER 0x00000002 +#define SAMR_ACCESS_UNKNOWN_4 0x00000004 +#define SAMR_ACCESS_UNKNOWN_8 0x00000008 +#define SAMR_ACCESS_ENUM_DOMAINS 0x00000010 +#define SAMR_ACCESS_OPEN_DOMAIN 0x00000020 + +#define DOMAIN_ACCESS_LOOKUP_INFO_1 0x00000001 +#define DOMAIN_ACCESS_SET_INFO_1 0x00000002 +#define DOMAIN_ACCESS_LOOKUP_INFO_2 0x00000004 +#define DOMAIN_ACCESS_SET_INFO_2 0x00000008 +#define DOMAIN_ACCESS_CREATE_USER 0x00000010 +#define DOMAIN_ACCESS_CREATE_GROUP 0x00000020 +#define DOMAIN_ACCESS_CREATE_ALIAS 0x00000040 +#define DOMAIN_ACCESS_UNKNOWN_80 0x00000080 +#define DOMAIN_ACCESS_ENUM_ACCOUNTS 0x00000100 +#define DOMAIN_ACCESS_OPEN_ACCOUNT 0x00000200 +#define DOMAIN_ACCESS_SET_INFO_3 0x00000400 + +#define USER_ACCESS_GET_NAME_ETC 0x00000001 +#define USER_ACCESS_GET_LOCALE 0x00000002 +#define USER_ACCESS_SET_LOC_COM 0x00000004 +#define USER_ACCESS_GET_LOGONINFO 0x00000008 +#define USER_ACCESS_UNKNOWN_10 0x00000010 +#define USER_ACCESS_SET_ATTRIBUTES 0x00000020 +#define USER_ACCESS_CHANGE_PASSWORD 0x00000040 +#define USER_ACCESS_SET_PASSWORD 0x00000080 +#define USER_ACCESS_GET_GROUPS 0x00000100 +#define USER_ACCESS_UNKNOWN_200 0x00000200 +#define USER_ACCESS_UNKNOWN_400 0x00000400 + +#define ALIAS_ACCESS_ADD_MEMBER 0x00000001 +#define ALIAS_ACCESS_REMOVE_MEMBER 0x00000002 +#define ALIAS_ACCESS_GET_MEMBERS 0x00000004 +#define ALIAS_ACCESS_LOOKUP_INFO 0x00000008 +#define ALIAS_ACCESS_SET_INFO 0x00000010 + +#define GROUP_ACCESS_LOOKUP_INFO 0x00000001 +#define GROUP_ACCESS_SET_INFO 0x00000002 +#define GROUP_ACCESS_ADD_MEMBER 0x00000004 +#define GROUP_ACCESS_REMOVE_MEMBER 0x00000008 +#define GROUP_ACCESS_GET_MEMBERS 0x00000010 + #endif /* packet-dcerpc-samr.h */ diff --git a/packet-dcerpc-spoolss.c b/packet-dcerpc-spoolss.c index b1b39ac907..80aaaa4aa2 100644 --- a/packet-dcerpc-spoolss.c +++ b/packet-dcerpc-spoolss.c @@ -2,7 +2,7 @@ * Routines for SMB \PIPE\spoolss packet disassembly * Copyright 2001-2002, Tim Potter <tpot@samba.org> * - * $Id: packet-dcerpc-spoolss.c,v 1.47 2002/07/10 02:59:38 tpot Exp $ + * $Id: packet-dcerpc-spoolss.c,v 1.48 2002/08/21 21:31:14 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -143,6 +143,7 @@ static int hf_spoolss_outputfile = -1; static int hf_spoolss_datatype = -1; static int hf_spoolss_textstatus = -1; static int hf_spoolss_level = -1; +static int hf_access_required = -1; /* Print job */ @@ -480,6 +481,43 @@ static int hf_spoolss_enumforms_num = -1; static int hf_spoolss_printerdata_size = -1; static int hf_spoolss_printerdata_data = -1; +/* + * Dissect SPOOLSS specific access rights + */ + +static int hf_server_access_admin = -1; +static int hf_server_access_enum = -1; +static int hf_printer_access_admin = -1; +static int hf_printer_access_use = -1; +static int hf_job_access_admin = -1; + +static int +spoolss_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, + guint32 access) +{ + proto_tree_add_boolean( + tree, hf_job_access_admin, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_printer_access_use, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_printer_access_admin, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_server_access_enum, + tvb, offset, 4, access); + + proto_tree_add_boolean( + tree, hf_server_access_admin, + tvb, offset, 4, access); + + return offset; +} + /* * Routines to dissect a spoolss BUFFER */ @@ -1768,7 +1806,8 @@ static int prs_PRINTER_DEFAULT(tvbuff_t *tvb, int offset, packet_info *pinfo, GList *child_dp_list = NULL; proto_item *item; proto_tree *subtree; - guint32 ptr = 0, access; + guint32 ptr = 0; + char drep = 0x10; item = proto_tree_add_text(tree, tvb, offset, 0, "PRINTER_DEFAULT"); @@ -1786,10 +1825,11 @@ static int prs_PRINTER_DEFAULT(tvbuff_t *tvb, int offset, packet_info *pinfo, offset = prs_DEVMODE_CTR(tvb, offset, pinfo, subtree, &child_dp_list, NULL); - offset = prs_uint32(tvb, offset, pinfo, subtree, &access, NULL); + dissect_nt_access_mask( + tvb, offset, pinfo, subtree, &drep, hf_access_required, + spoolss_specific_rights); - proto_tree_add_text(subtree, tvb, offset - 4, 4, - "Access required: 0x%08x", access); + offset += 4; offset = prs_referents(tvb, offset, pinfo, subtree, dp_list, &child_dp_list, NULL); @@ -6554,7 +6594,37 @@ proto_register_dcerpc_spoolss(void) { "Data", "spoolss.printerdata.data", FT_BYTES, BASE_HEX, NULL, 0, "Data", HFILL }}, - + /* Specific access rights */ + + { &hf_access_required, + { "Access required", "spoolss.access_required", + FT_UINT32, BASE_HEX, NULL, 0x0, "Access REQUIRED", + HFILL }}, + + { &hf_server_access_admin, + { "Server admin", "spoolss.access_mask.server_admin", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + SERVER_ACCESS_ADMINISTER, "Server admin", HFILL }}, + + { &hf_server_access_enum, + { "Server enum", "spoolss.access_mask.server_enum", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + SERVER_ACCESS_ENUMERATE, "Server enum", HFILL }}, + + { &hf_printer_access_admin, + { "Printer admin", "spoolss.access_mask.printer_admin", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + PRINTER_ACCESS_ADMINISTER, "Printer admin", HFILL }}, + + { &hf_printer_access_use, + { "Printer use", "spoolss.access_mask.printer_use", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + PRINTER_ACCESS_USE, "Printer use", HFILL }}, + + { &hf_job_access_admin, + { "Job admin", "spoolss.access_mask.job_admin", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + JOB_ACCESS_ADMINISTER, "Job admin", HFILL }} }; static gint *ett[] = { diff --git a/packet-dcerpc-spoolss.h b/packet-dcerpc-spoolss.h index fb475a97a8..55c0114c3d 100644 --- a/packet-dcerpc-spoolss.h +++ b/packet-dcerpc-spoolss.h @@ -2,7 +2,7 @@ * Routines for SMB \PIPE\spoolss packet disassembly * Copyright 2001, Tim Potter <tpot@samba.org> * - * $Id: packet-dcerpc-spoolss.h,v 1.10 2002/06/24 08:01:07 tpot Exp $ + * $Id: packet-dcerpc-spoolss.h,v 1.11 2002/08/21 21:31:14 tpot Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -299,4 +299,12 @@ #define PRINTER_CONTROL_PURGE 0x00000003 #define PRINTER_CONTROL_SET_STATUS 0x00000004 +/* Specific access rights */ + +#define SERVER_ACCESS_ADMINISTER 0x00000001 +#define SERVER_ACCESS_ENUMERATE 0x00000002 +#define PRINTER_ACCESS_ADMINISTER 0x00000004 +#define PRINTER_ACCESS_USE 0x00000008 +#define JOB_ACCESS_ADMINISTER 0x00000010 + #endif /* packet-dcerpc-spoolss.h */ |