Wireshark · Ethereal-dev: [Ethereal-dev] drsuapi dissector

Ethereal-dev: [Ethereal-dev] drsuapi dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jean-Baptiste Marchand <jbm@xxxxxx>

Date: Thu, 18 Sep 2003 16:30:06 +0200

Hello,

attached to this email is a dissector for the drsuapi MSRPC interface,
used in Active Directory domains.

The dissector only contains operations names, because, as far as I know,
stub data for operations in this interface is always encrypted.

Jean-Baptiste Marchand
-- 
Jean-Baptiste.Marchand@xxxxxx
HSC - http://www.hsc.fr/

/* packet-dcerpc-drsuapi.c
 * Routines for the drsuapi (Directory Replication Service) MSRPC interface 
 * Copyright 2003 Jean-Baptiste Marchand <jbm@xxxxxx>
 *
 * $Id$
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */


#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include <glib.h>
#include <epan/packet.h>
#include "packet-dcerpc.h"
#include "packet-dcerpc-drsuapi.h"

static int proto_dcerpc_drsuapi = -1;

static int hf_drsuapi_opnum = 0;

static gint ett_dcerpc_drsuapi = -1;

/* 
IDL [ uuid(e3514235-4b06-11d1-ab04-00c04fc2dcd2),
IDL  version(4.0),
IDL  implicit_handle(handle_t rpc_binding)
IDL ] interface drsuapi
*/

static e_uuid_t uuid_dcerpc_drsuapi = {
	0xe3514235, 0x4b06, 0x11d1,
	{ 0xab, 0x04, 0x00, 0xc0, 0x4f, 0xc2, 0xdc, 0xd2 }
};

static guint16 ver_dcerpc_drsuapi = 4; 


static dcerpc_sub_dissector dcerpc_drsuapi_dissectors[] = {
	{ DRSUAPI_BIND, "DRSBind", NULL, NULL},
	{ DRSUAPI_UNBIND, "DRSUnbind", NULL, NULL},
	{ DRSUAPI_REPLICA_SYNC, "DRSReplicaSync", NULL, NULL},
	{ DRSUAPI_GET_NC_CHANGES, "DRSGetNCChanges", NULL, NULL},
	{ DRSUAPI_UPDATE_REFS, "DRSUpdateRefs", NULL, NULL},
	{ DRSUAPI_REPLICA_ADD, "DRSReplicaAdd", NULL, NULL},
	{ DRSUAPI_REPLICA_DEL, "DRSReplicaDel", NULL, NULL},
	{ DRSUAPI_REPLICA_MODIFY, "DRSReplicaModify", NULL, NULL},
	{ DRSUAPI_VERIFY_NAMES, "DRSVerifyNames", NULL, NULL},
	{ DRSUAPI_GET_MEMBERSHIPS, "DRSGetMemberships", NULL, NULL},
	{ DRSUAPI_INTER_DOMAIN_MOVE, "DRSInterDomainMove", NULL, NULL},
	{ DRSUAPI_GET_NT4_CHANGELOG, "DRSGetNT4ChangeLog", NULL, NULL},
	{ DRSUAPI_CRACKNAMES, "DRSCrackNames", NULL, NULL},	
	{ DRSUAPI_WRITE_SPN, "DRSWriteSPN", NULL, NULL},
	{ DRSUAPI_REMOVE_DS_SERVER, "DRSRemoveDsServer", NULL, NULL},
	{ DRSUAPI_REMOVE_DS_DOMAIN, "DRSRemoveDsDomain", NULL, NULL},
	{ DRSUAPI_DOMAIN_CONTROLLER_INFO, "DRSDomainControllerInfo", NULL, NULL},
	{ DRSUAPI_ADD_ENTRY, "DRSAddEntry", NULL, NULL},
	{ DRSUAPI_EXECUTE_KCC, "DRSExecuteKCC", NULL, NULL},
	{ DRSUAPI_GET_REPL_INFO, "DRSGetReplInfo", NULL, NULL},
	{ DRSUAPI_ADD_SID_HISTORY, "DRSAddSidHistory", NULL, NULL},
	{ DRSUAPI_GET_MEMBERSHIPS2, "DRSGetMemberships2", NULL, NULL},
	{ DRSUAPI_REPLICA_VERIFY_OBJECTS, "DRSReplicaVerifyObjects", NULL, NULL},
	{ DRSUAPI_GET_OBJECT_EXISTENCE, "DRSGetObjectExistence", NULL, NULL},
	{ DRSUAPI_QUERY_SITES_BY_COST, "DRSQuerySitesByCost", NULL, NULL},
        { 0, NULL, NULL,  NULL }
};


void
proto_register_dcerpc_drsuapi(void)
{

        static hf_register_info hf[] = {

		{ &hf_drsuapi_opnum, 
		  { "Operation", "drsuapi.opnum", FT_UINT16, BASE_DEC,
		   NULL, 0x0, "Operation", HFILL }},	
	};


        static gint *ett[] = {
                &ett_dcerpc_drsuapi,
        };


	proto_dcerpc_drsuapi = proto_register_protocol(
		"Microsoft Directory Replication Service", "DRSUAPI", "drsuapi");

	proto_register_field_array(proto_dcerpc_drsuapi, hf, array_length(hf));

        proto_register_subtree_array(ett, array_length(ett));

}


void
proto_reg_handoff_dcerpc_drsuapi(void)
{
	/* register protocol as dcerpc */

	dcerpc_init_uuid(
		proto_dcerpc_drsuapi, ett_dcerpc_drsuapi, &uuid_dcerpc_drsuapi,
		ver_dcerpc_drsuapi, dcerpc_drsuapi_dissectors, hf_drsuapi_opnum);
}

/* packet-dcerpc-drsuapi.h
 * Routines for the drsuapi (Directory Replication Service) MSRPC interface 
 * Copyright 2003 Jean-Baptiste Marchand <jbm@xxxxxx>
 *
 * $Id$
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

#ifndef __PACKET_DCERPC_DRSUAPI_H
#define __PACKET_DCERPC_DRSUAPI_H

/* MSRPC functions available in the drsuapi interface */

#define DRSUAPI_BIND 			0x00
#define DRSUAPI_UNBIND			0x01
#define DRSUAPI_REPLICA_SYNC		0x02
#define DRSUAPI_GET_NC_CHANGES		0x03
#define DRSUAPI_UPDATE_REFS 		0x04
#define DRSUAPI_REPLICA_ADD		0x05	
#define DRSUAPI_REPLICA_DEL		0x06
#define DRSUAPI_REPLICA_MODIFY		0x07
#define DRSUAPI_VERIFY_NAMES		0x08
#define DRSUAPI_GET_MEMBERSHIPS		0x09
#define DRSUAPI_INTER_DOMAIN_MOVE	0x0a
#define DRSUAPI_GET_NT4_CHANGELOG	0x0b
#define DRSUAPI_CRACKNAMES		0x0c
#define DRSUAPI_WRITE_SPN		0x0d
#define DRSUAPI_REMOVE_DS_SERVER	0x0e
#define DRSUAPI_REMOVE_DS_DOMAIN	0x0f
#define DRSUAPI_DOMAIN_CONTROLLER_INFO	0x10
#define DRSUAPI_ADD_ENTRY		0x11
#define DRSUAPI_EXECUTE_KCC		0x12
#define DRSUAPI_GET_REPL_INFO		0x13
#define DRSUAPI_ADD_SID_HISTORY		0x14
#define DRSUAPI_GET_MEMBERSHIPS2	0x15
#define DRSUAPI_REPLICA_VERIFY_OBJECTS	0x16
#define DRSUAPI_GET_OBJECT_EXISTENCE	0x17
#define DRSUAPI_QUERY_SITES_BY_COST	0x18

#endif /* packet-dcerpc-drsuapi.h */

Follow-Ups:
- Re: [Ethereal-dev] drsuapi dissector
  - From: Guy Harris

Prev by Date: RE: [Ethereal-dev] GTK+ 2.2.3 Ethereal 0.9.15
Next by Date: [Ethereal-dev] Patch to find summary data
Previous by thread: Re: [Ethereal-dev] Something I would really like
Next by thread: Re: [Ethereal-dev] drsuapi dissector
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$