Hi everyone. Here's a mostly complete patch for the SPOOLSS pipe for
DCERPC over SMB. This is used by the NT/2K/XP printing system. Although
it's unfinished I'd like to submit it for inclusion in CVS as it's
pretty darn useful as it is.
Regards,
Tim.
What this patch does:
- break out more common code from packet-dcerpc-lsa.c into
packet-dcerpc-nt.c (anyone think of a better name for this?)
- change prs_policy_hnd() function to be consistent with other
parsing functions
- we use the fake_unicode() function elsewhere in spoolss so
make it non-static
- added a value_string to packet-dcerpc-reg.[ch] as for some
reason it's use in the SPOOLSS dissector
- major changes to the way deferred pointers are handled. We
act more like the NDR specification and keep a list of pointers
which are processed after the structure is parsed. This gets
rid of the PARSE_SCALARS and PARSE_BUFFERS crap which was
how this dissector was originally written.
- hash printer names to policy handles
- hash per-request private information so the reply dissector
can use this information
- pass some information from Todd's DCERPC dissector down to
the subdissectors in the pinfo->private field. We need to
know at least the call id from the DCERPC header as well as
the SMB fid in order to make a unique hash key
- added some printer related error codes do the DOS_errors
value_string in packet-smb.c and smb.h
- made DOS_errors non-static so we can refer to it in other
dissectors
Still to do:
- fix memory leaks using exception code (LSA still needs this
as well)
- fix memory leaks in pointer deferral code )-:
- parsing of device mode which is sometimes present in
OpenPrinterEx calls doesn't work
- fake_unicode() cheats and takes every second byte )-:
- move array processing into parse functions instead of
unmarshalling array size and offset by hand
- convert packet-dcerpc-lsa.c to deferred pointers method instead
of PARSE_SCALARS|PARSE_BUFFERS
Regards,
Tim.
Attachment:
spoolss-patch.txt.gz
Description: Binary data
