dcerpc.h

snort2.8.4版本

    uint16_t context_id;
    uint8_t cancel_count;
    uint8_t reserved;
    uint32_t status;
    uint8_t reserved2[4];
#if 0
    uint8_t stub data[]   /* 8 octet aligned if auth_verifier, which will
                             take care of the pad. */
    auth_verifier_co_t auth_verifier;
#endif
} DceRpcCoFault;

#if 0
typedef struct _DceRpcCoOrphaned
{
    auth_verifier_co_t auth_verifier;
} DceRpcCoOrphaned;
#endif

typedef struct _DceRpcCoRequest
{
    uint32_t alloc_hint;
    uint16_t context_id;
    uint16_t opnum;
#if 0
    Uuid object;           /* only if object flag is set */
    uint8_t stub data[];   /* 8 octet aligned if auth_verifier, which will
                              take care of the pad. */
    auth_verifier_co_t auth_verifier;
#endif
} DceRpcCoRequest;

typedef struct _DceRpcCoResponse
{
    uint32_t alloc_hint;
    uint16_t context_id;
    uint8_t cancel_count;
    uint8_t reserved;
#if 0
    uint8_t stub data[]   /* 8 octet aligned if auth_verifier, which will
                             take care of the pad. */
    auth_verifier_co_t auth_verifier;
#endif
} DceRpcCoResponse;

#if 0
typedef struct _DceRpcCoShutdown
{
    // nothing
 
} DceRpcCoShutdown;
#endif

typedef struct _DceRpcCoAuthVerifier
{
#if 0
    uint8_t auth_pad[];  /* variable length to restore 4 byte alignment */
#endif
    uint8_t auth_type;
    uint8_t auth_level;
    uint8_t auth_pad_length;
    uint8_t auth_reserved;
    uint32_t auth_context_id;
#if 0
    uint8_t auth_value[];  /* variable auth_length */
#endif

} DceRpcCoAuthVerifier;

/* Optional Data used with Reject/Disconnect header
 * These do not share the common header, but are special
 * cases (pretty much the same as the common header) */
typedef uint16_t DceRpcReasonCode;

typedef struct _DceRpcCoOptData
{
    DceRpcCoVersion pversion;
    uint8_t reserved[2];
    uint8_t packed_drep[4];
    uint32_t reject_status;
    uint8_t reserved2[4];

} DceRpcCoOptData;

typedef struct _DceRpcCoRejHdr
{
    DceRpcReasonCode reason_code;
    DceRpcCoOptData rpc_info;

} DceRpcCoRejHdr;

/* Disconnect header same as Reject header */
typedef DceRpcCoRejHdr DceRpcCoDiscHdr;

#ifdef WIN32
#pragma pack(pop, dcerpc_hdrs)
#else
#pragma pack()
#endif

/********************************************************************
 * Inline functions prototypes
 ********************************************************************/
static INLINE DceRpcBoFlag DceRpcByteOrder(const uint8_t);
static INLINE uint16_t DceRpcNtohs(const uint16_t, const DceRpcBoFlag);
static INLINE uint16_t DceRpcHtons(const uint16_t, const DceRpcBoFlag);
static INLINE uint32_t DceRpcNtohl(const uint32_t, const DceRpcBoFlag);
static INLINE uint32_t DceRpcHtonl(const uint32_t, const DceRpcBoFlag);

/* Connectionless */
static INLINE uint8_t DceRpcClRpcVers(const DceRpcClHdr *);
static INLINE DceRpcBoFlag DceRpcClByteOrder(const DceRpcClHdr *);
static INLINE uint32_t DceRpcClIfaceVers(const DceRpcClHdr *);
static INLINE uint16_t DceRpcClOpnum(const DceRpcClHdr *);
static INLINE uint32_t DceRpcClSeqNum(const DceRpcClHdr *);
static INLINE uint16_t DceRpcClFragNum(const DceRpcClHdr *);
static INLINE int DceRpcClFragFlag(const DceRpcClHdr *);
static INLINE int DceRpcClLastFrag(const DceRpcClHdr *);
static INLINE int DceRpcClFirstFrag(const DceRpcClHdr *);
static INLINE uint16_t DceRpcClLen(const DceRpcClHdr *);
static INLINE int DceRpcClFrag(const DceRpcClHdr *);

/* Connection oriented */
static INLINE uint8_t DceRpcCoVersMaj(const DceRpcCoHdr *);
static INLINE uint8_t DceRpcCoVersMin(const DceRpcCoHdr *);
static INLINE DceRpcPduType DceRpcCoPduType(const DceRpcCoHdr *);
static INLINE int DceRpcCoFirstFrag(const DceRpcCoHdr *);
static INLINE int DceRpcCoLastFrag(const DceRpcCoHdr *);
static INLINE int DceRpcCoObjectFlag(const DceRpcCoHdr *);
static INLINE DceRpcBoFlag DceRpcCoByteOrder(const DceRpcCoHdr *);
static INLINE uint16_t DceRpcCoFragLen(const DceRpcCoHdr *);
static INLINE uint16_t DceRpcCoAuthLen(const DceRpcCoHdr *);
static INLINE uint32_t DceRpcCoCallId(const DceRpcCoHdr *);
static INLINE uint16_t DceRpcCoCtxId(const DceRpcCoHdr *, const DceRpcCoRequest *);
static INLINE uint16_t DceRpcCoCtxIdResp(const DceRpcCoHdr *, const DceRpcCoResponse *);
static INLINE uint16_t DceRpcCoOpnum(const DceRpcCoHdr *, const DceRpcCoRequest *);
static INLINE uint16_t DceRpcCoBindMaxXmitFrag(const DceRpcCoHdr *, const DceRpcCoBind *);
static INLINE uint16_t DceRpcCoBindAckMaxRecvFrag(const DceRpcCoHdr *, const DceRpcCoBindAck *);
static INLINE uint8_t DceRpcCoNumCtxItems(const DceRpcCoBind *);
static INLINE uint16_t DceRpcCoContElemCtxId(const DceRpcCoHdr *, const DceRpcCoContElem *);
static INLINE uint8_t DceRpcCoContElemNumTransSyntaxes(const DceRpcCoContElem *);
static INLINE const Uuid * DceRpcCoContElemIface(const DceRpcCoContElem *);
static INLINE uint16_t DceRpcCoContElemIfaceVersMaj(const DceRpcCoHdr *, const DceRpcCoContElem *);
static INLINE uint16_t DceRpcCoContElemIfaceVersMin(const DceRpcCoHdr *, const DceRpcCoContElem *);
static INLINE uint16_t DceRpcCoSecAddrLen(const DceRpcCoHdr *, const DceRpcCoBindAck *);
static INLINE uint8_t DceRpcCoContNumResults(const DceRpcCoContResultList *);
static INLINE uint16_t DceRpcCoContRes(const DceRpcCoHdr *, const DceRpcCoContResult *);
static INLINE uint16_t DceRpcCoAuthPad(const DceRpcCoAuthVerifier *);

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE DceRpcBoFlag DceRpcByteOrder(const uint8_t value)
{
    if ((value & 0x10) >> 4)
        return DCERPC_BO_FLAG__LITTLE_ENDIAN;

    return DCERPC_BO_FLAG__BIG_ENDIAN;
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE uint16_t DceRpcNtohs(const uint16_t value, const DceRpcBoFlag bo_flag)
{
    if (bo_flag == DCERPC_BO_FLAG__NONE)
        return value;

#ifdef WORDS_BIGENDIAN
    if (bo_flag == DCERPC_BO_FLAG__BIG_ENDIAN)
#else
    if (bo_flag == DCERPC_BO_FLAG__LITTLE_ENDIAN)
#endif
        return value;

    return ((value & 0xff00) >> 8) | ((value & 0x00ff) << 8);
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE uint16_t DceRpcHtons(const uint16_t value, const DceRpcBoFlag bo_flag)
{
    return DceRpcNtohs(value, bo_flag);
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE uint32_t DceRpcNtohl(const uint32_t value, const DceRpcBoFlag bo_flag)
{
    if (bo_flag == DCERPC_BO_FLAG__NONE)
        return value;

#ifdef WORDS_BIGENDIAN
    if (bo_flag == DCERPC_BO_FLAG__BIG_ENDIAN)
#else
    if (bo_flag == DCERPC_BO_FLAG__LITTLE_ENDIAN)
#endif
        return value;

    return ((value & 0xff000000) >> 24) | ((value & 0x00ff0000) >> 8) |
           ((value & 0x0000ff00) << 8) | ((value & 0x000000ff) << 24);
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE uint32_t DceRpcHtonl(const uint32_t value, const DceRpcBoFlag bo_flag)
{
    return DceRpcNtohl(value, bo_flag);
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE uint8_t DceRpcClRpcVers(const DceRpcClHdr *cl)
{
    return cl->rpc_vers;
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE uint8_t DceRpcClPduType(const DceRpcClHdr *cl)
{
    return cl->ptype;
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE DceRpcBoFlag DceRpcClByteOrder(const DceRpcClHdr *cl)
{
    return DceRpcByteOrder(cl->drep[0]);
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE const Uuid * DceRpcClIface(const DceRpcClHdr *cl)
{
    return &cl->if_id;
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE uint32_t DceRpcClIfaceVers(const DceRpcClHdr *cl)
{
    return DceRpcNtohl(cl->if_vers, DceRpcClByteOrder(cl));
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE uint16_t DceRpcClOpnum(const DceRpcClHdr *cl)
{
    return DceRpcNtohs(cl->opnum, DceRpcClByteOrder(cl));
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE uint32_t DceRpcClSeqNum(const DceRpcClHdr *cl)
{
    return DceRpcNtohl(cl->seqnum, DceRpcClByteOrder(cl));
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE uint16_t DceRpcClFragNum(const DceRpcClHdr *cl)
{
    return DceRpcNtohs(cl->fragnum, DceRpcClByteOrder(cl));
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE int DceRpcClFragFlag(const DceRpcClHdr *cl)
{
    return cl->flags1 & DCERPC_CL_FLAGS1__FRAG;
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE int DceRpcClLastFrag(const DceRpcClHdr *cl)
{
    return cl->flags1 & DCERPC_CL_FLAGS1__LASTFRAG;
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE int DceRpcClFirstFrag(const DceRpcClHdr *cl)
{
    return (DceRpcClFragFlag(cl) && (DceRpcClFragNum(cl) == 0));
}

/********************************************************************
 * Function: