• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# SPDX-License-Identifier: GPL-2.0-only
2# This file is part of Scapy
3# See https://scapy.net/ for more information
4# Copyright (C) Gabriel Potter
5
6"""
7Very partial RPC definitions for the following interfaces:
8- ept (v3.0): e1af8308-5d1f-11c9-91a4-08002b14a0fa
9"""
10
11import uuid
12
13from scapy.fields import StrFixedLenField
14from scapy.layers.dcerpc import (
15    register_dcerpc_interface,
16    DceRpcOp,
17    NDRConfStrLenField,
18    NDRConfVarPacketListField,
19    NDRContextHandle,
20    NDRFullPointerField,
21    NDRIntField,
22    NDRPacket,
23    NDRPacketField,
24    NDRShortField,
25    NDRVarStrLenField,
26)
27
28
29class UUID(NDRPacket):
30    ALIGNMENT = (4, 4)
31    fields_desc = [
32        NDRIntField("Data1", 0),
33        NDRShortField("Data2", 0),
34        NDRShortField("Data3", 0),
35        StrFixedLenField("Data4", "", length=8),
36    ]
37
38
39class twr_p_t(NDRPacket):
40    ALIGNMENT = (4, 8)
41    DEPORTED_CONFORMANTS = ["tower_octet_string"]
42    fields_desc = [
43        NDRIntField("tower_length", None, size_of="tower_octet_string"),
44        NDRConfStrLenField(
45            "tower_octet_string",
46            "",
47            length_from=lambda pkt: pkt.tower_length,
48            conformant_in_struct=True,
49        ),
50    ]
51
52
53class ept_entry_t(NDRPacket):
54    ALIGNMENT = (4, 8)
55    fields_desc = [
56        NDRPacketField("object", UUID(), UUID),
57        NDRFullPointerField(NDRPacketField("tower", twr_p_t(), twr_p_t), deferred=True),
58        NDRVarStrLenField("annotation", ""),
59    ]
60
61
62class RPC_IF_ID(NDRPacket):
63    ALIGNMENT = (4, 4)
64    fields_desc = [
65        NDRPacketField("Uuid", UUID(), UUID),
66        NDRShortField("VersMajor", 0),
67        NDRShortField("VersMinor", 0),
68    ]
69
70
71class ept_lookup_Request(NDRPacket):
72    fields_desc = [
73        NDRIntField("inquiry_type", 0),
74        NDRFullPointerField(NDRPacketField("object", UUID(), UUID)),
75        NDRFullPointerField(NDRPacketField("Ifid", RPC_IF_ID(), RPC_IF_ID)),
76        NDRIntField("vers_option", 0),
77        NDRPacketField("entry_handle", NDRContextHandle(), NDRContextHandle),
78        NDRIntField("max_ents", 0),
79    ]
80
81
82class ept_lookup_Response(NDRPacket):
83    fields_desc = [
84        NDRPacketField("entry_handle", NDRContextHandle(), NDRContextHandle),
85        NDRIntField("num_ents", None, size_of="entries"),
86        NDRConfVarPacketListField(
87            "entries",
88            [],
89            ept_entry_t,
90            size_is=lambda pkt: pkt.max_ents,
91            length_is=lambda pkt: pkt.num_ents,
92        ),
93        NDRIntField("status", 0),
94    ]
95
96
97class ept_map_Request(NDRPacket):
98    fields_desc = [
99        NDRFullPointerField(NDRPacketField("obj", UUID(), UUID)),
100        NDRFullPointerField(NDRPacketField("map_tower", twr_p_t(), twr_p_t)),
101        NDRPacketField("entry_handle", NDRContextHandle(), NDRContextHandle),
102        NDRIntField("max_towers", 0),
103    ]
104
105
106class ept_map_Response(NDRPacket):
107    fields_desc = [
108        NDRPacketField("entry_handle", NDRContextHandle(), NDRContextHandle),
109        NDRIntField("num_towers", None, size_of="ITowers"),
110        NDRConfVarPacketListField(
111            "ITowers", [], twr_p_t, count_from=lambda pkt: pkt.num_towers, ptr_pack=True
112        ),
113        NDRIntField("status", 0),
114    ]
115
116
117EPT_OPNUMS = {
118    2: DceRpcOp(ept_lookup_Request, ept_lookup_Response),
119    3: DceRpcOp(ept_map_Request, ept_map_Response),
120}
121register_dcerpc_interface(
122    name="ept",
123    uuid=uuid.UUID("e1af8308-5d1f-11c9-91a4-08002b14a0fa"),
124    version="3.0",
125    opnums=EPT_OPNUMS,
126)
127