• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# SPDX-License-Identifier: GPL-2.0-only
2# This file is part of Scapy
3# See https://scapy.net/ for more information
4# Copyright (C) Gabriel Potter
5
6"""
7Very partial RPC definitions for the following interfaces:
8- srvsvc (v3.0): 4B324FC8-1670-01D3-1278-5A47BF6EE188
9"""
10
11import uuid
12
13from scapy.fields import StrFixedLenField
14from scapy.layers.dcerpc import (
15    register_dcerpc_interface,
16    DceRpcOp,
17    NDRConfPacketListField,
18    NDRConfVarStrNullFieldUtf16,
19    NDRFullPointerField,
20    NDRIntField,
21    NDRPacket,
22    NDRPacketField,
23    NDRUnionField,
24)
25
26
27class LPSHARE_INFO_1(NDRPacket):
28    ALIGNMENT = (4, 8)
29    fields_desc = [
30        NDRFullPointerField(
31            NDRConfVarStrNullFieldUtf16("shi1_netname", ""), deferred=True
32        ),
33        NDRIntField("shi1_type", 0),
34        NDRFullPointerField(
35            NDRConfVarStrNullFieldUtf16("shi1_remark", ""), deferred=True
36        ),
37    ]
38
39
40class SHARE_INFO_1_CONTAINER(NDRPacket):
41    ALIGNMENT = (4, 8)
42    fields_desc = [
43        NDRIntField("EntriesRead", None, size_of="Buffer"),
44        NDRFullPointerField(
45            NDRConfPacketListField(
46                "Buffer",
47                [LPSHARE_INFO_1()],
48                LPSHARE_INFO_1,
49                count_from=lambda pkt: pkt.EntriesRead,
50            ),
51            deferred=True,
52        ),
53    ]
54
55
56class LPSHARE_ENUM_STRUCT(NDRPacket):
57    ALIGNMENT = (4, 8)
58    fields_desc = [
59        NDRIntField("Level", 0),
60        NDRUnionField(
61            [
62                (
63                    NDRFullPointerField(
64                        NDRPacketField(
65                            "ShareInfo",
66                            SHARE_INFO_1_CONTAINER(),
67                            SHARE_INFO_1_CONTAINER,
68                        ),
69                        deferred=True,
70                    ),
71                    (
72                        (lambda pkt: getattr(pkt, "Level", None) == 1),
73                        (lambda _, val: val.tag == 1),
74                    ),
75                ),
76            ],
77            StrFixedLenField("ShareInfo", "", length=0),
78            align=(4, 8),
79            switch_fmt=("L", "L"),
80        ),
81    ]
82
83
84class NetrShareEnum_Request(NDRPacket):
85    fields_desc = [
86        NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")),
87        NDRPacketField("InfoStruct", LPSHARE_ENUM_STRUCT(), LPSHARE_ENUM_STRUCT),
88        NDRIntField("PreferedMaximumLength", 0),
89        NDRFullPointerField(NDRIntField("ResumeHandle", 0)),
90    ]
91
92
93class NetrShareEnum_Response(NDRPacket):
94    fields_desc = [
95        NDRPacketField("InfoStruct", LPSHARE_ENUM_STRUCT(), LPSHARE_ENUM_STRUCT),
96        NDRIntField("TotalEntries", 0),
97        NDRFullPointerField(NDRIntField("ResumeHandle", 0)),
98        NDRIntField("status", 0),
99    ]
100
101
102class NetrShareGetInfo_Request(NDRPacket):
103    fields_desc = [
104        NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")),
105        NDRConfVarStrNullFieldUtf16("NetName", ""),
106        NDRIntField("Level", 0),
107    ]
108
109
110class NetrShareGetInfo_Response(NDRPacket):
111    fields_desc = [
112        NDRUnionField(
113            [
114                (
115                    NDRFullPointerField(
116                        NDRPacketField("ShareInfo", LPSHARE_INFO_1(), LPSHARE_INFO_1)
117                    ),
118                    (
119                        (lambda pkt: getattr(pkt, "Level", None) == 1),
120                        (lambda _, val: val.tag == 1),
121                    ),
122                ),
123            ],
124            StrFixedLenField("ShareInfo", "", length=0),
125            align=(4, 8),
126            switch_fmt=("L", "L"),
127        ),
128        NDRIntField("status", 0),
129    ]
130
131
132class LPSERVER_INFO_101(NDRPacket):
133    ALIGNMENT = (4, 8)
134    fields_desc = [
135        NDRIntField("sv101_platform_id", 0),
136        NDRFullPointerField(
137            NDRConfVarStrNullFieldUtf16("sv101_name", ""), deferred=True
138        ),
139        NDRIntField("sv101_version_major", 0),
140        NDRIntField("sv101_version_minor", 0),
141        NDRIntField("sv101_type", 0),
142        NDRFullPointerField(
143            NDRConfVarStrNullFieldUtf16("sv101_comment", ""), deferred=True
144        ),
145    ]
146
147
148class NetrServerGetInfo_Request(NDRPacket):
149    fields_desc = [
150        NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")),
151        NDRIntField("Level", 0),
152    ]
153
154
155class NetrServerGetInfo_Response(NDRPacket):
156    fields_desc = [
157        NDRUnionField(
158            [
159                (
160                    NDRFullPointerField(
161                        NDRPacketField(
162                            "ServerInfo", LPSERVER_INFO_101(), LPSERVER_INFO_101
163                        )
164                    ),
165                    (
166                        (lambda pkt: getattr(pkt, "Level", None) == 101),
167                        (lambda _, val: val.tag == 101),
168                    ),
169                ),
170            ],
171            StrFixedLenField("ServerInfo", "", length=0),
172            align=(4, 8),
173            switch_fmt=("L", "L"),
174        ),
175        NDRIntField("status", 0),
176    ]
177
178
179SRVSVC_OPNUMS = {
180    15: DceRpcOp(NetrShareEnum_Request, NetrShareEnum_Response),
181    16: DceRpcOp(NetrShareGetInfo_Request, NetrShareGetInfo_Response),
182    21: DceRpcOp(NetrServerGetInfo_Request, NetrServerGetInfo_Response),
183}
184register_dcerpc_interface(
185    name="srvsvc",
186    uuid=uuid.UUID("4B324FC8-1670-01D3-1278-5A47BF6EE188"),
187    version="3.0",
188    opnums=SRVSVC_OPNUMS,
189)
190