1 /* packet-dcerpc-samr.c
2 * Routines for SMB \PIPE\samr packet disassembly
3 * Copyright 2001, Tim Potter <tpot@samba.org>
4 * 2002 Added all command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-samr.c,v 1.58 2002/08/30 02:08:50 sharpe Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #include <epan/packet.h>
34 #include "packet-dcerpc.h"
35 #include "packet-dcerpc-nt.h"
36 #include "packet-dcerpc-samr.h"
37 #include "packet-dcerpc-lsa.h"
38 #include "smb.h" /* for "NT_errors[]" */
39 #include "packet-smb-common.h"
41 #ifdef NEED_SNPRINTF_H
42 # include "snprintf.h"
45 static int proto_dcerpc_samr = -1;
47 static int hf_samr_opnum = -1;
48 static int hf_samr_hnd = -1;
49 static int hf_samr_group = -1;
50 static int hf_samr_rid = -1;
51 static int hf_samr_type = -1;
52 static int hf_samr_alias = -1;
53 static int hf_samr_rid_attrib = -1;
54 static int hf_samr_rc = -1;
55 static int hf_samr_index = -1;
56 static int hf_samr_count = -1;
58 static int hf_samr_level = -1;
59 static int hf_samr_start_idx = -1;
60 static int hf_samr_max_entries = -1;
61 static int hf_samr_entries = -1;
62 static int hf_samr_pref_maxsize = -1;
63 static int hf_samr_total_size = -1;
64 static int hf_samr_ret_size = -1;
65 static int hf_samr_alias_name = -1;
66 static int hf_samr_group_name = -1;
67 static int hf_samr_acct_name = -1;
68 static int hf_samr_full_name = -1;
69 static int hf_samr_acct_desc = -1;
70 static int hf_samr_home = -1;
71 static int hf_samr_home_drive = -1;
72 static int hf_samr_script = -1;
73 static int hf_samr_workstations = -1;
74 static int hf_samr_profile = -1;
75 static int hf_samr_server = -1;
76 static int hf_samr_domain = -1;
77 static int hf_samr_controller = -1;
78 static int hf_samr_access = -1;
79 static int hf_samr_access_granted = -1;
80 static int hf_samr_mask = -1;
81 static int hf_samr_crypt_password = -1;
82 static int hf_samr_crypt_hash = -1;
83 static int hf_samr_lm_change = -1;
84 static int hf_samr_attrib = -1;
85 static int hf_samr_max_pwd_age = -1;
86 static int hf_samr_min_pwd_age = -1;
87 static int hf_samr_min_pwd_len = -1;
88 static int hf_samr_pwd_history_len = -1;
89 static int hf_samr_num_users = -1;
90 static int hf_samr_num_groups = -1;
91 static int hf_samr_num_aliases = -1;
92 static int hf_samr_resume_hnd = -1;
93 static int hf_samr_bad_pwd_count = -1;
94 static int hf_samr_logon_count = -1;
95 static int hf_samr_logon_time = -1;
96 static int hf_samr_logoff_time = -1;
97 static int hf_samr_kickoff_time = -1;
98 static int hf_samr_pwd_last_set_time = -1;
99 static int hf_samr_pwd_can_change_time = -1;
100 static int hf_samr_pwd_must_change_time = -1;
101 static int hf_samr_acct_expiry_time = -1;
102 static int hf_samr_country = -1;
103 static int hf_samr_codepage = -1;
104 static int hf_samr_comment = -1;
105 static int hf_samr_parameters = -1;
106 static int hf_samr_nt_pwd_set = -1;
107 static int hf_samr_lm_pwd_set = -1;
108 static int hf_samr_pwd_expired = -1;
109 static int hf_samr_revision = -1;
110 static int hf_samr_divisions = -1;
111 static int hf_samr_info_type = -1;
113 static int hf_samr_unknown_hyper = -1;
114 static int hf_samr_unknown_long = -1;
115 static int hf_samr_unknown_short = -1;
116 static int hf_samr_unknown_char = -1;
117 static int hf_samr_unknown_string = -1;
118 static int hf_samr_unknown_time = -1;
120 /* these are used by functions in packet-dcerpc-nt.c */
121 int hf_nt_str_len = -1;
122 int hf_nt_str_off = -1;
123 int hf_nt_str_max_len = -1;
124 int hf_nt_string_length = -1;
125 int hf_nt_string_size = -1;
126 static int hf_nt_acct_ctrl = -1;
127 static int hf_nt_acb_disabled = -1;
128 static int hf_nt_acb_homedirreq = -1;
129 static int hf_nt_acb_pwnotreq = -1;
130 static int hf_nt_acb_tempdup = -1;
131 static int hf_nt_acb_normal = -1;
132 static int hf_nt_acb_mns = -1;
133 static int hf_nt_acb_domtrust = -1;
134 static int hf_nt_acb_wstrust = -1;
135 static int hf_nt_acb_svrtrust = -1;
136 static int hf_nt_acb_pwnoexp = -1;
137 static int hf_nt_acb_autolock = -1;
139 static gint ett_dcerpc_samr = -1;
140 static gint ett_samr_user_dispinfo_1 = -1;
141 static gint ett_samr_user_dispinfo_1_array = -1;
142 static gint ett_samr_user_dispinfo_2 = -1;
143 static gint ett_samr_user_dispinfo_2_array = -1;
144 static gint ett_samr_group_dispinfo = -1;
145 static gint ett_samr_group_dispinfo_array = -1;
146 static gint ett_samr_ascii_dispinfo = -1;
147 static gint ett_samr_ascii_dispinfo_array = -1;
148 static gint ett_samr_display_info = -1;
149 static gint ett_samr_password_info = -1;
150 static gint ett_samr_server = -1;
151 static gint ett_samr_user_group = -1;
152 static gint ett_samr_user_group_array = -1;
153 static gint ett_samr_alias_info = -1;
154 static gint ett_samr_group_info = -1;
155 static gint ett_samr_domain_info_1 = -1;
156 static gint ett_samr_domain_info_2 = -1;
157 static gint ett_samr_domain_info_8 = -1;
158 static gint ett_samr_replication_status = -1;
159 static gint ett_samr_domain_info_11 = -1;
160 static gint ett_samr_domain_info_13 = -1;
161 static gint ett_samr_domain_info = -1;
162 static gint ett_samr_sid_pointer = -1;
163 static gint ett_samr_sid_array = -1;
164 static gint ett_samr_index_array = -1;
165 static gint ett_samr_idx_and_name = -1;
166 static gint ett_samr_idx_and_name_array = -1;
167 static gint ett_samr_logon_hours = -1;
168 static gint ett_samr_logon_hours_hours = -1;
169 static gint ett_samr_user_info_1 = -1;
170 static gint ett_samr_user_info_2 = -1;
171 static gint ett_samr_user_info_3 = -1;
172 static gint ett_samr_user_info_5 = -1;
173 static gint ett_samr_user_info_6 = -1;
174 static gint ett_samr_user_info_18 = -1;
175 static gint ett_samr_user_info_19 = -1;
176 static gint ett_samr_buffer_buffer = -1;
177 static gint ett_samr_buffer = -1;
178 static gint ett_samr_user_info_21 = -1;
179 static gint ett_samr_user_info_22 = -1;
180 static gint ett_samr_user_info_23 = -1;
181 static gint ett_samr_user_info_24 = -1;
182 static gint ett_samr_user_info = -1;
183 static gint ett_samr_member_array_types = -1;
184 static gint ett_samr_member_array_rids = -1;
185 static gint ett_samr_member_array = -1;
186 static gint ett_samr_names = -1;
187 static gint ett_samr_rids = -1;
188 static gint ett_nt_acct_ctrl = -1;
189 static gint ett_samr_sid_and_attributes_array = -1;
190 static gint ett_samr_sid_and_attributes = -1;
191 #ifdef SAMR_UNUSED_HANDLES
192 static gint ett_samr_hnd = -1;
195 static e_uuid_t uuid_dcerpc_samr = {
196 0x12345778, 0x1234, 0xabcd,
197 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xac}
200 static guint16 ver_dcerpc_samr = 1;
202 /* Dissect connect specific access rights */
204 static gint hf_access_connect_unknown_01 = -1;
205 static gint hf_access_connect_shutdown_server = -1;
206 static gint hf_access_connect_unknown_04 = -1;
207 static gint hf_access_connect_unknown_08 = -1;
208 static gint hf_access_connect_enum_domains = -1;
209 static gint hf_access_connect_open_domain = -1;
212 specific_rights_connect(tvbuff_t *tvb, gint offset, proto_tree *tree,
215 proto_tree_add_boolean(
216 tree, hf_access_connect_open_domain,
217 tvb, offset, 4, access);
219 proto_tree_add_boolean(
220 tree, hf_access_connect_enum_domains,
221 tvb, offset, 4, access);
223 proto_tree_add_boolean(
224 tree, hf_access_connect_unknown_08,
225 tvb, offset, 4, access);
227 proto_tree_add_boolean(
228 tree, hf_access_connect_unknown_04,
229 tvb, offset, 4, access);
231 proto_tree_add_boolean(
232 tree, hf_access_connect_shutdown_server,
233 tvb, offset, 4, access);
235 proto_tree_add_boolean(
236 tree, hf_access_connect_unknown_01,
237 tvb, offset, 4, access);
240 /* Dissect domain specific access rights */
242 static gint hf_access_domain_lookup_info1 = -1;
243 static gint hf_access_domain_set_info1 = -1;
244 static gint hf_access_domain_lookup_info2 = -1;
245 static gint hf_access_domain_set_info2 = -1;
246 static gint hf_access_domain_create_user = -1;
247 static gint hf_access_domain_create_group = -1;
248 static gint hf_access_domain_create_alias = -1;
249 static gint hf_access_domain_unknown_80 = -1;
250 static gint hf_access_domain_enum_accounts = -1;
251 static gint hf_access_domain_open_account = -1;
252 static gint hf_access_domain_set_info3 = -1;
255 specific_rights_domain(tvbuff_t *tvb, gint offset, proto_tree *tree,
258 proto_tree_add_boolean(
259 tree, hf_access_domain_set_info3,
260 tvb, offset, 4, access);
262 proto_tree_add_boolean(
263 tree, hf_access_domain_open_account,
264 tvb, offset, 4, access);
266 proto_tree_add_boolean(
267 tree, hf_access_domain_enum_accounts,
268 tvb, offset, 4, access);
270 proto_tree_add_boolean(
271 tree, hf_access_domain_unknown_80,
272 tvb, offset, 4, access);
274 proto_tree_add_boolean(
275 tree, hf_access_domain_create_alias,
276 tvb, offset, 4, access);
278 proto_tree_add_boolean(
279 tree, hf_access_domain_create_group,
280 tvb, offset, 4, access);
282 proto_tree_add_boolean(
283 tree, hf_access_domain_create_user,
284 tvb, offset, 4, access);
286 proto_tree_add_boolean(
287 tree, hf_access_domain_set_info2,
288 tvb, offset, 4, access);
290 proto_tree_add_boolean(
291 tree, hf_access_domain_lookup_info2,
292 tvb, offset, 4, access);
294 proto_tree_add_boolean(
295 tree, hf_access_domain_set_info1,
296 tvb, offset, 4, access);
298 proto_tree_add_boolean(
299 tree, hf_access_domain_lookup_info1,
300 tvb, offset, 4, access);
303 /* Dissect user specific access rights */
305 static gint hf_access_user_get_name_etc = -1;
306 static gint hf_access_user_get_locale = -1;
307 static gint hf_access_user_get_loc_com = -1;
308 static gint hf_access_user_get_logoninfo = -1;
309 static gint hf_access_user_unknown_10 = -1;
310 static gint hf_access_user_set_attributes = -1;
311 static gint hf_access_user_change_password = -1;
312 static gint hf_access_user_set_password = -1;
313 static gint hf_access_user_get_groups = -1;
314 static gint hf_access_user_unknown_200 = -1;
315 static gint hf_access_user_unknown_400 = -1;
318 specific_rights_user(tvbuff_t *tvb, gint offset, proto_tree *tree,
321 proto_tree_add_boolean(
322 tree, hf_access_user_unknown_400,
323 tvb, offset, 4, access);
325 proto_tree_add_boolean(
326 tree, hf_access_user_unknown_200,
327 tvb, offset, 4, access);
329 proto_tree_add_boolean(
330 tree, hf_access_user_get_groups,
331 tvb, offset, 4, access);
333 proto_tree_add_boolean(
334 tree, hf_access_user_set_password,
335 tvb, offset, 4, access);
337 proto_tree_add_boolean(
338 tree, hf_access_user_change_password,
339 tvb, offset, 4, access);
341 proto_tree_add_boolean(
342 tree, hf_access_user_set_attributes,
343 tvb, offset, 4, access);
345 proto_tree_add_boolean(
346 tree, hf_access_user_unknown_10,
347 tvb, offset, 4, access);
349 proto_tree_add_boolean(
350 tree, hf_access_user_get_logoninfo,
351 tvb, offset, 4, access);
353 proto_tree_add_boolean(
354 tree, hf_access_user_get_loc_com,
355 tvb, offset, 4, access);
357 proto_tree_add_boolean(
358 tree, hf_access_user_get_locale,
359 tvb, offset, 4, access);
361 proto_tree_add_boolean(
362 tree, hf_access_user_get_name_etc,
363 tvb, offset, 4, access);
366 /* Dissect alias specific access rights */
368 static gint hf_access_alias_add_member = -1;
369 static gint hf_access_alias_remove_member = -1;
370 static gint hf_access_alias_get_members = -1;
371 static gint hf_access_alias_lookup_info = -1;
372 static gint hf_access_alias_set_info = -1;
375 specific_rights_alias(tvbuff_t *tvb, gint offset, proto_tree *tree,
378 proto_tree_add_boolean(
379 tree, hf_access_alias_set_info,
380 tvb, offset, 4, access);
382 proto_tree_add_boolean(
383 tree, hf_access_alias_lookup_info,
384 tvb, offset, 4, access);
386 proto_tree_add_boolean(
387 tree, hf_access_alias_get_members,
388 tvb, offset, 4, access);
390 proto_tree_add_boolean(
391 tree, hf_access_alias_remove_member,
392 tvb, offset, 4, access);
394 proto_tree_add_boolean(
395 tree, hf_access_alias_add_member,
396 tvb, offset, 4, access);
399 /* Dissect group specific access rights */
401 static gint hf_access_group_lookup_info = -1;
402 static gint hf_access_group_set_info = -1;
403 static gint hf_access_group_add_member = -1;
404 static gint hf_access_group_remove_member = -1;
405 static gint hf_access_group_get_members = -1;
408 specific_rights_group(tvbuff_t *tvb, gint offset, proto_tree *tree,
411 proto_tree_add_boolean(
412 tree, hf_access_group_get_members,
413 tvb, offset, 4, access);
415 proto_tree_add_boolean(
416 tree, hf_access_group_remove_member,
417 tvb, offset, 4, access);
419 proto_tree_add_boolean(
420 tree, hf_access_group_add_member,
421 tvb, offset, 4, access);
423 proto_tree_add_boolean(
424 tree, hf_access_group_set_info,
425 tvb, offset, 4, access);
427 proto_tree_add_boolean(
428 tree, hf_access_group_lookup_info,
429 tvb, offset, 4, access);
433 dissect_ndr_nt_SID(tvbuff_t *tvb, int offset,
434 packet_info *pinfo, proto_tree *tree,
439 di=pinfo->private_data;
440 if(di->conformant_run){
441 /* just a run to handle conformant arrays, no scalars to dissect */
445 /* the SID contains a conformant array, first we must eat
446 the 4-byte max_count before we can hand it off */
447 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
448 hf_samr_count, NULL);
450 offset = dissect_nt_sid(tvb, offset, tree, "Domain");
455 dissect_ndr_nt_SID_ptr(tvbuff_t *tvb, int offset,
456 packet_info *pinfo, proto_tree *tree,
459 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
460 dissect_ndr_nt_SID, NDR_POINTER_UNIQUE,
461 "SID pointer", -1, 1);
467 static const true_false_string tfs_nt_acb_disabled = {
468 "Account is DISABLED",
469 "Account is NOT disabled"
471 static const true_false_string tfs_nt_acb_homedirreq = {
472 "Homedir is REQUIRED",
473 "Homedir is NOT required"
475 static const true_false_string tfs_nt_acb_pwnotreq = {
476 "Password is NOT required",
477 "Password is REQUIRED"
479 static const true_false_string tfs_nt_acb_tempdup = {
480 "This is a TEMPORARY DUPLICATE account",
481 "This is NOT a temporary duplicate account"
483 static const true_false_string tfs_nt_acb_normal = {
484 "This is a NORMAL USER account",
485 "This is NOT a normal user account"
487 static const true_false_string tfs_nt_acb_mns = {
488 "This is a MNS account",
489 "This is NOT a mns account"
491 static const true_false_string tfs_nt_acb_domtrust = {
492 "This is a DOMAIN TRUST account",
493 "This is NOT a domain trust account"
495 static const true_false_string tfs_nt_acb_wstrust = {
496 "This is a WORKSTATION TRUST account",
497 "This is NOT a workstation trust account"
499 static const true_false_string tfs_nt_acb_svrtrust = {
500 "This is a SERVER TRUST account",
501 "This is NOT a server trust account"
503 static const true_false_string tfs_nt_acb_pwnoexp = {
504 "Passwords does NOT expire",
505 "Password will EXPIRE"
507 static const true_false_string tfs_nt_acb_autolock = {
508 "This account has been AUTO LOCKED",
509 "This account has NOT been auto locked"
512 dissect_ndr_nt_acct_ctrl(tvbuff_t *tvb, int offset, packet_info *pinfo,
513 proto_tree *parent_tree, char *drep)
516 proto_item *item = NULL;
517 proto_tree *tree = NULL;
519 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
520 hf_nt_acct_ctrl, &mask);
523 item = proto_tree_add_uint(parent_tree, hf_nt_acct_ctrl,
524 tvb, offset-4, 4, mask);
525 tree = proto_item_add_subtree(item, ett_nt_acct_ctrl);
528 proto_tree_add_boolean(tree, hf_nt_acb_autolock,
529 tvb, offset-4, 4, mask);
530 proto_tree_add_boolean(tree, hf_nt_acb_pwnoexp,
531 tvb, offset-4, 4, mask);
532 proto_tree_add_boolean(tree, hf_nt_acb_svrtrust,
533 tvb, offset-4, 4, mask);
534 proto_tree_add_boolean(tree, hf_nt_acb_wstrust,
535 tvb, offset-4, 4, mask);
536 proto_tree_add_boolean(tree, hf_nt_acb_domtrust,
537 tvb, offset-4, 4, mask);
538 proto_tree_add_boolean(tree, hf_nt_acb_mns,
539 tvb, offset-4, 4, mask);
540 proto_tree_add_boolean(tree, hf_nt_acb_normal,
541 tvb, offset-4, 4, mask);
542 proto_tree_add_boolean(tree, hf_nt_acb_tempdup,
543 tvb, offset-4, 4, mask);
544 proto_tree_add_boolean(tree, hf_nt_acb_pwnotreq,
545 tvb, offset-4, 4, mask);
546 proto_tree_add_boolean(tree, hf_nt_acb_homedirreq,
547 tvb, offset-4, 4, mask);
548 proto_tree_add_boolean(tree, hf_nt_acb_disabled,
549 tvb, offset-4, 4, mask);
555 /* above this line, just some general support routines which should be placed
556 in some more generic file common to all NT services dissectors
560 samr_dissect_open_user_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
561 proto_tree *tree, char *drep)
563 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
564 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
567 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
568 hf_samr_hnd, NULL, FALSE, FALSE);
570 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
571 hf_samr_access, NULL);
573 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
576 if (check_col(pinfo->cinfo, COL_INFO))
577 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
579 dcv->private_data = (void *)rid;
585 samr_dissect_open_user_reply(tvbuff_t *tvb, int offset,
586 packet_info *pinfo, proto_tree *tree,
589 e_ctx_hnd policy_hnd;
591 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
592 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
594 dcerpc_smb_store_pol_name(&policy_hnd, "OpenUser handle");
596 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
603 samr_dissect_pointer_long(tvbuff_t *tvb, int offset,
604 packet_info *pinfo, proto_tree *tree,
609 di=pinfo->private_data;
610 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
616 samr_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
617 packet_info *pinfo, proto_tree *tree,
622 di=pinfo->private_data;
623 if(di->conformant_run){
624 /*just a run to handle conformant arrays, nothing to dissect */
628 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
634 samr_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
635 packet_info *pinfo, proto_tree *tree,
640 di=pinfo->private_data;
641 if(di->conformant_run){
642 /*just a run to handle conformant arrays, nothing to dissect */
646 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
647 di->hf_index, di->levels);
652 samr_dissect_pointer_short(tvbuff_t *tvb, int offset,
653 packet_info *pinfo, proto_tree *tree,
658 di=pinfo->private_data;
659 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
666 samr_dissect_query_dispinfo_rqst(tvbuff_t *tvb, int offset,
667 packet_info *pinfo, proto_tree *tree,
670 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
671 hf_samr_hnd, NULL, FALSE, FALSE);
673 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
674 hf_samr_level, NULL);
675 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
676 hf_samr_start_idx, NULL);
677 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
678 hf_samr_max_entries, NULL);
679 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
680 hf_samr_pref_maxsize, NULL);
686 samr_dissect_USER_DISPINFO_1(tvbuff_t *tvb, int offset,
687 packet_info *pinfo, proto_tree *parent_tree,
690 proto_item *item=NULL;
691 proto_tree *tree=NULL;
692 int old_offset=offset;
695 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
697 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
700 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
701 hf_samr_index, NULL);
702 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
704 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
705 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
706 hf_samr_acct_name, 0);
707 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
708 hf_samr_full_name, 0);
709 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
710 hf_samr_acct_desc, 0);
712 proto_item_set_len(item, offset-old_offset);
717 samr_dissect_USER_DISPINFO_1_ARRAY_users(tvbuff_t *tvb, int offset,
718 packet_info *pinfo, proto_tree *tree,
721 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
722 samr_dissect_USER_DISPINFO_1);
728 samr_dissect_USER_DISPINFO_1_ARRAY (tvbuff_t *tvb, int offset,
729 packet_info *pinfo, proto_tree *parent_tree,
733 proto_item *item=NULL;
734 proto_tree *tree=NULL;
735 int old_offset=offset;
738 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
739 "User_DispInfo_1 Array");
740 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1_array);
744 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
745 hf_samr_count, &count);
746 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
747 samr_dissect_USER_DISPINFO_1_ARRAY_users, NDR_POINTER_PTR,
748 "USER_DISPINFO_1_ARRAY", -1, 0);
750 proto_item_set_len(item, offset-old_offset);
757 samr_dissect_USER_DISPINFO_2(tvbuff_t *tvb, int offset,
758 packet_info *pinfo, proto_tree *parent_tree,
761 proto_item *item=NULL;
762 proto_tree *tree=NULL;
763 int old_offset=offset;
766 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
768 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2);
771 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
772 hf_samr_index, NULL);
773 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
775 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
776 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
777 hf_samr_acct_name, 0);
778 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
779 hf_samr_acct_desc, 0);
781 proto_item_set_len(item, offset-old_offset);
786 samr_dissect_USER_DISPINFO_2_ARRAY_users (tvbuff_t *tvb, int offset,
787 packet_info *pinfo, proto_tree *tree,
790 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
791 samr_dissect_USER_DISPINFO_2);
797 samr_dissect_USER_DISPINFO_2_ARRAY (tvbuff_t *tvb, int offset,
798 packet_info *pinfo, proto_tree *parent_tree,
802 proto_item *item=NULL;
803 proto_tree *tree=NULL;
804 int old_offset=offset;
807 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
808 "User_DispInfo_2 Array");
809 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2_array);
813 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
814 hf_samr_count, &count);
815 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
816 samr_dissect_USER_DISPINFO_2_ARRAY_users, NDR_POINTER_PTR,
817 "USER_DISPINFO_2_ARRAY", -1, 0);
819 proto_item_set_len(item, offset-old_offset);
828 samr_dissect_GROUP_DISPINFO(tvbuff_t *tvb, int offset,
829 packet_info *pinfo, proto_tree *parent_tree,
832 proto_item *item=NULL;
833 proto_tree *tree=NULL;
834 int old_offset=offset;
837 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
839 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo);
843 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
844 hf_samr_index, NULL);
845 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
847 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
848 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
849 hf_samr_acct_name, 0);
850 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
851 hf_samr_acct_desc, 0);
853 proto_item_set_len(item, offset-old_offset);
858 samr_dissect_GROUP_DISPINFO_ARRAY_groups(tvbuff_t *tvb, int offset,
859 packet_info *pinfo, proto_tree *tree,
862 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
863 samr_dissect_GROUP_DISPINFO);
869 samr_dissect_GROUP_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
870 packet_info *pinfo, proto_tree *parent_tree,
874 proto_item *item=NULL;
875 proto_tree *tree=NULL;
876 int old_offset=offset;
879 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
880 "Group_DispInfo Array");
881 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo_array);
884 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
885 hf_samr_count, &count);
886 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
887 samr_dissect_GROUP_DISPINFO_ARRAY_groups, NDR_POINTER_PTR,
888 "GROUP_DISPINFO_ARRAY", -1, 0);
890 proto_item_set_len(item, offset-old_offset);
897 samr_dissect_ASCII_DISPINFO(tvbuff_t *tvb, int offset,
898 packet_info *pinfo, proto_tree *parent_tree,
901 proto_item *item=NULL;
902 proto_tree *tree=NULL;
903 int old_offset=offset;
906 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
908 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo);
912 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
913 hf_samr_index, NULL);
914 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
916 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
917 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
918 hf_samr_acct_name, 0);
919 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
920 hf_samr_acct_desc,0 );
922 proto_item_set_len(item, offset-old_offset);
927 samr_dissect_ASCII_DISPINFO_ARRAY_users(tvbuff_t *tvb, int offset,
928 packet_info *pinfo, proto_tree *tree,
931 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
932 samr_dissect_ASCII_DISPINFO);
938 samr_dissect_ASCII_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
939 packet_info *pinfo, proto_tree *parent_tree,
943 proto_item *item=NULL;
944 proto_tree *tree=NULL;
945 int old_offset=offset;
948 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
949 "Ascii_DispInfo Array");
950 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo_array);
953 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
954 hf_samr_count, &count);
955 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
956 samr_dissect_ASCII_DISPINFO_ARRAY_users, NDR_POINTER_PTR,
957 "ACSII_DISPINFO_ARRAY", -1, 0);
959 proto_item_set_len(item, offset-old_offset);
965 samr_dissect_DISPLAY_INFO (tvbuff_t *tvb, int offset,
966 packet_info *pinfo, proto_tree *parent_tree,
969 proto_item *item=NULL;
970 proto_tree *tree=NULL;
971 int old_offset=offset;
975 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
977 tree = proto_item_add_subtree(item, ett_samr_display_info);
980 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
981 hf_samr_level, &level);
984 offset = samr_dissect_USER_DISPINFO_1_ARRAY(
985 tvb, offset, pinfo, tree, drep);
988 offset = samr_dissect_USER_DISPINFO_2_ARRAY(
989 tvb, offset, pinfo, tree, drep);
992 offset = samr_dissect_GROUP_DISPINFO_ARRAY(
993 tvb, offset, pinfo, tree, drep);
996 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
997 tvb, offset, pinfo, tree, drep);
1000 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
1001 tvb, offset, pinfo, tree, drep);
1005 proto_item_set_len(item, offset-old_offset);
1010 samr_dissect_query_dispinfo_reply(tvbuff_t *tvb, int offset,
1011 packet_info *pinfo, proto_tree *tree,
1014 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1015 samr_dissect_pointer_long, NDR_POINTER_REF,
1016 "Total Size", hf_samr_total_size, 0);
1017 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1018 samr_dissect_pointer_long, NDR_POINTER_REF,
1019 "Returned Size", hf_samr_ret_size, 0);
1020 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1021 samr_dissect_DISPLAY_INFO, NDR_POINTER_REF,
1022 "DISPLAY_INFO:", -1, 0);
1023 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1030 samr_dissect_get_display_enumeration_index_rqst(tvbuff_t *tvb, int offset,
1035 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1036 hf_samr_hnd, NULL, FALSE, FALSE);
1038 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1039 hf_samr_level, NULL);
1041 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
1042 hf_samr_acct_name, 0);
1048 samr_dissect_get_display_enumeration_index_reply(tvbuff_t *tvb, int offset,
1049 packet_info *pinfo, proto_tree *tree,
1052 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1053 samr_dissect_pointer_long, NDR_POINTER_REF,
1054 "Index", hf_samr_index, 0);
1056 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1066 samr_dissect_PASSWORD_INFO(tvbuff_t *tvb, int offset,
1067 packet_info *pinfo, proto_tree *parent_tree,
1070 proto_item *item=NULL;
1071 proto_tree *tree=NULL;
1072 int old_offset=offset;
1074 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
1077 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1079 tree = proto_item_add_subtree(item, ett_samr_password_info);
1083 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1084 hf_samr_unknown_short, NULL);
1085 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1086 hf_samr_unknown_long, NULL);
1088 proto_item_set_len(item, offset-old_offset);
1093 samr_dissect_get_usrdom_pwinfo_rqst(tvbuff_t *tvb, int offset,
1094 packet_info *pinfo, proto_tree *tree,
1097 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1098 hf_samr_hnd, NULL, FALSE, FALSE);
1104 samr_dissect_get_usrdom_pwinfo_reply(tvbuff_t *tvb, int offset,
1105 packet_info *pinfo, proto_tree *tree,
1108 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1109 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
1110 "PASSWORD_INFO:", -1, 0);
1112 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1120 samr_dissect_connect2_server(tvbuff_t *tvb, int offset,
1121 packet_info *pinfo, proto_tree *parent_tree,
1124 proto_item *item=NULL;
1125 proto_tree *tree=NULL;
1126 int old_offset=offset;
1129 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1131 tree = proto_item_add_subtree(item, ett_samr_server);
1134 offset = dissect_ndr_nt_UNICODE_STRING_str(tvb, offset, pinfo,
1137 proto_item_set_len(item, offset-old_offset);
1142 samr_dissect_connect2_rqst(tvbuff_t *tvb, int offset,
1143 packet_info *pinfo, proto_tree *tree,
1146 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1147 samr_dissect_connect2_server, NDR_POINTER_UNIQUE,
1148 "Server", hf_samr_server, 1);
1150 offset = dissect_nt_access_mask(
1151 tvb, offset, pinfo, tree, drep, hf_samr_access,
1152 specific_rights_connect);
1158 samr_dissect_connect4_rqst(tvbuff_t *tvb, int offset,
1159 packet_info *pinfo, proto_tree *tree,
1162 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1163 samr_dissect_connect2_server, NDR_POINTER_UNIQUE,
1164 "Server", hf_samr_server, 1);
1166 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1167 hf_samr_unknown_long, NULL);
1169 offset = dissect_nt_access_mask(
1170 tvb, offset, pinfo, tree, drep, hf_samr_access,
1171 specific_rights_connect);
1177 samr_dissect_connect2_reply(tvbuff_t *tvb, int offset,
1178 packet_info *pinfo, proto_tree *tree,
1181 e_ctx_hnd policy_hnd;
1183 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1184 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
1186 dcerpc_smb_store_pol_name(&policy_hnd, "Connect2 handle");
1188 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1194 samr_dissect_connect_anon_rqst(tvbuff_t *tvb, int offset,
1195 packet_info *pinfo, proto_tree *tree,
1201 offset=dissect_ndr_uint16(tvb, offset, pinfo, NULL, drep,
1202 hf_samr_server, &server);
1205 proto_tree_add_string_format(tree, hf_samr_server, tvb, offset-2, 2,
1206 str, "Server: %s", str);
1212 samr_dissect_connect_anon_reply(tvbuff_t *tvb, int offset,
1213 packet_info *pinfo, proto_tree *tree,
1216 e_ctx_hnd policy_hnd;
1218 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1219 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
1221 dcerpc_smb_store_pol_name(&policy_hnd, "ConnectAnon handle");
1223 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1230 samr_dissect_USER_GROUP(tvbuff_t *tvb, int offset,
1231 packet_info *pinfo, proto_tree *parent_tree,
1234 proto_item *item=NULL;
1235 proto_tree *tree=NULL;
1236 int old_offset=offset;
1239 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1241 tree = proto_item_add_subtree(item, ett_samr_user_group);
1244 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1246 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1247 hf_samr_rid_attrib, NULL);
1249 proto_item_set_len(item, offset-old_offset);
1254 samr_dissect_USER_GROUP_ARRAY_groups (tvbuff_t *tvb, int offset,
1255 packet_info *pinfo, proto_tree *tree,
1258 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1259 samr_dissect_USER_GROUP);
1265 samr_dissect_USER_GROUP_ARRAY(tvbuff_t *tvb, int offset,
1266 packet_info *pinfo, proto_tree *parent_tree,
1270 proto_item *item=NULL;
1271 proto_tree *tree=NULL;
1272 int old_offset=offset;
1275 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1276 "USER_GROUP_ARRAY");
1277 tree = proto_item_add_subtree(item, ett_samr_user_group_array);
1280 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1281 hf_samr_count, &count);
1282 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1283 samr_dissect_USER_GROUP_ARRAY_groups, NDR_POINTER_UNIQUE,
1284 "USER_GROUP_ARRAY", -1, 0);
1286 proto_item_set_len(item, offset-old_offset);
1291 samr_dissect_USER_GROUP_ARRAY_ptr(tvbuff_t *tvb, int offset,
1292 packet_info *pinfo, proto_tree *tree,
1295 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1296 samr_dissect_USER_GROUP_ARRAY, NDR_POINTER_UNIQUE,
1297 "USER_GROUP_ARRAY", -1, 0);
1302 samr_dissect_get_groups_for_user_rqst(tvbuff_t *tvb, int offset,
1303 packet_info *pinfo, proto_tree *tree,
1306 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1307 hf_samr_hnd, NULL, FALSE, FALSE);
1313 samr_dissect_get_groups_for_user_reply(tvbuff_t *tvb, int offset,
1314 packet_info *pinfo, proto_tree *tree,
1317 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1318 samr_dissect_USER_GROUP_ARRAY_ptr, NDR_POINTER_REF,
1319 "USER_GROUP_ARRAY:", -1, 0);
1321 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1329 samr_dissect_open_domain_rqst(tvbuff_t *tvb, int offset,
1330 packet_info *pinfo, proto_tree *tree,
1333 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1334 hf_samr_hnd, NULL, FALSE, FALSE);
1336 offset = dissect_nt_access_mask(
1337 tvb, offset, pinfo, tree, drep, hf_samr_access,
1338 specific_rights_domain);
1340 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1341 dissect_ndr_nt_SID, NDR_POINTER_REF,
1347 samr_dissect_open_domain_reply(tvbuff_t *tvb, int offset,
1348 packet_info *pinfo, proto_tree *tree,
1351 e_ctx_hnd policy_hnd;
1353 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1354 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
1356 dcerpc_smb_store_pol_name(&policy_hnd, "OpenDomain handle");
1358 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1366 samr_dissect_context_handle_SID(tvbuff_t *tvb, int offset,
1367 packet_info *pinfo, proto_tree *tree,
1370 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1371 hf_samr_hnd, NULL, FALSE, FALSE);
1373 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1374 dissect_ndr_nt_SID, NDR_POINTER_REF,
1381 samr_dissect_add_member_to_group_rqst(tvbuff_t *tvb, int offset,
1382 packet_info *pinfo, proto_tree *tree,
1385 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1386 hf_samr_hnd, NULL, FALSE, FALSE);
1388 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1389 hf_samr_group, NULL);
1391 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1398 samr_dissect_add_member_to_group_reply(tvbuff_t *tvb, int offset,
1399 packet_info *pinfo, proto_tree *tree,
1402 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1409 samr_dissect_unknown_3c_rqst(tvbuff_t *tvb, int offset,
1410 packet_info *pinfo, proto_tree *tree,
1413 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1414 hf_samr_hnd, NULL, FALSE, FALSE);
1420 samr_dissect_unknown_3c_reply(tvbuff_t *tvb, int offset,
1421 packet_info *pinfo, proto_tree *tree,
1424 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1425 samr_dissect_pointer_short, NDR_POINTER_REF,
1426 "unknown short", hf_samr_unknown_short, 0);
1428 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1434 samr_dissect_create_alias_in_domain_rqst(tvbuff_t *tvb, int offset,
1435 packet_info *pinfo, proto_tree *tree,
1438 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1439 hf_samr_hnd, NULL, FALSE, FALSE);
1441 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1442 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1443 "Account Name", hf_samr_acct_name, 0);
1445 offset = dissect_nt_access_mask(
1446 tvb, offset, pinfo, tree, drep, hf_samr_access,
1447 specific_rights_alias);
1453 samr_dissect_create_alias_in_domain_reply(tvbuff_t *tvb, int offset,
1454 packet_info *pinfo, proto_tree *tree,
1457 e_ctx_hnd policy_hnd;
1459 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1460 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
1462 dcerpc_smb_store_pol_name(&policy_hnd, "CreateAlias handle");
1464 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1467 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1474 samr_dissect_query_information_alias_rqst(tvbuff_t *tvb, int offset,
1476 proto_tree *tree, char *drep)
1478 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1479 hf_samr_hnd, NULL, FALSE, FALSE);
1481 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1482 hf_samr_level, NULL);
1488 samr_dissect_ALIAS_INFO_1 (tvbuff_t *tvb, int offset,
1489 packet_info *pinfo, proto_tree *tree,
1492 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1494 hf_samr_acct_name, 0);
1495 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1497 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1499 hf_samr_acct_desc, 0);
1504 samr_dissect_ALIAS_INFO(tvbuff_t *tvb, int offset,
1505 packet_info *pinfo, proto_tree *parent_tree,
1508 proto_item *item=NULL;
1509 proto_tree *tree=NULL;
1510 int old_offset=offset;
1514 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1516 tree = proto_item_add_subtree(item, ett_samr_alias_info);
1519 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1520 hf_samr_level, &level);
1523 offset = samr_dissect_ALIAS_INFO_1(
1524 tvb, offset, pinfo, tree, drep);
1527 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1529 hf_samr_acct_name, 0);
1532 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1534 hf_samr_acct_desc, 0);
1538 proto_item_set_len(item, offset-old_offset);
1543 samr_dissect_ALIAS_INFO_ptr(tvbuff_t *tvb, int offset,
1544 packet_info *pinfo, proto_tree *tree,
1547 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1548 samr_dissect_ALIAS_INFO, NDR_POINTER_UNIQUE,
1549 "ALIAS_INFO", -1, 0);
1554 samr_dissect_query_information_alias_reply(tvbuff_t *tvb, int offset,
1556 proto_tree *tree, char *drep)
1558 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1559 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1560 "ALIAS_INFO:", -1, 0);
1562 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1569 samr_dissect_set_information_alias_rqst(tvbuff_t *tvb, int offset,
1570 packet_info *pinfo, proto_tree *tree,
1573 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1574 hf_samr_hnd, NULL, FALSE, FALSE);
1576 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1577 hf_samr_level, NULL);
1578 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1579 samr_dissect_ALIAS_INFO, NDR_POINTER_REF,
1580 "ALIAS_INFO:", -1, 0);
1585 samr_dissect_set_information_alias_reply(tvbuff_t *tvb, int offset,
1586 packet_info *pinfo, proto_tree *tree,
1589 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1590 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1591 "ALIAS_INFO", -1, 0);
1593 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1599 samr_dissect_CRYPT_PASSWORD(tvbuff_t *tvb, int offset,
1600 packet_info *pinfo _U_, proto_tree *tree,
1603 proto_tree_add_item(tree, hf_samr_crypt_password, tvb, offset, 516,
1610 samr_dissect_CRYPT_HASH(tvbuff_t *tvb, int offset,
1611 packet_info *pinfo _U_, proto_tree *tree,
1614 proto_tree_add_item(tree, hf_samr_crypt_hash, tvb, offset, 16,
1622 samr_dissect_oem_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1624 proto_tree *tree, char *drep)
1626 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1627 hf_samr_hnd, NULL, FALSE, FALSE);
1629 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1630 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1631 "Server", hf_samr_server, 0);
1632 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1633 samr_dissect_pointer_STRING, NDR_POINTER_REF,
1634 "Account Name", hf_samr_acct_name, 0);
1635 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1636 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1638 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1639 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1645 samr_dissect_oem_change_password_user2_reply(tvbuff_t *tvb, int offset,
1647 proto_tree *tree, char *drep)
1649 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1656 samr_dissect_unicode_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1658 proto_tree *tree, char *drep)
1660 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1661 hf_samr_hnd, NULL, FALSE, FALSE);
1663 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1664 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1665 "Server", hf_samr_server, 0);
1666 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1667 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1668 "Account Name", hf_samr_acct_name, 0);
1669 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1670 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1672 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1673 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1675 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1676 hf_samr_lm_change, NULL);
1677 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1678 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1680 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1681 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1687 samr_dissect_unicode_change_password_user2_reply(tvbuff_t *tvb, int offset,
1689 proto_tree *tree, char *drep)
1691 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1698 samr_dissect_unknown_3b_rqst(tvbuff_t *tvb, int offset,
1699 packet_info *pinfo, proto_tree *tree,
1702 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1703 hf_samr_hnd, NULL, FALSE, FALSE);
1705 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1706 hf_samr_unknown_short, NULL);
1707 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1708 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1709 "Unknown", hf_samr_unknown_string, 0);
1710 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1711 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1712 "Unknown", hf_samr_unknown_string, 0);
1717 samr_dissect_unknown_3b_reply(tvbuff_t *tvb, int offset,
1718 packet_info *pinfo, proto_tree *tree,
1721 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1728 samr_dissect_create_user2_in_domain_rqst(tvbuff_t *tvb, int offset,
1729 packet_info *pinfo, proto_tree *tree,
1732 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1733 hf_samr_hnd, NULL, FALSE, FALSE);
1735 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1736 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1737 "Account Name", hf_samr_acct_name, 0);
1739 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
1741 offset = dissect_nt_access_mask(
1742 tvb, offset, pinfo, tree, drep, hf_samr_access,
1743 specific_rights_user);
1749 samr_dissect_create_user2_in_domain_reply(tvbuff_t *tvb, int offset,
1750 packet_info *pinfo, proto_tree *tree,
1753 e_ctx_hnd policy_hnd;
1755 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1756 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
1758 dcerpc_smb_store_pol_name(&policy_hnd, "CreateUser2 handle");
1760 offset = dissect_nt_access_mask(
1761 tvb, offset, pinfo, tree, drep, hf_samr_access_granted,
1762 specific_rights_user);
1764 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1767 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1773 samr_dissect_get_display_enumeration_index2_rqst(tvbuff_t *tvb, int offset,
1775 proto_tree *tree, char *drep)
1777 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1778 hf_samr_hnd, NULL, FALSE, FALSE);
1780 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1781 hf_samr_level, NULL);
1782 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1783 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1784 "Account Name", hf_samr_acct_name, 0);
1789 samr_dissect_get_display_enumeration_index2_reply(tvbuff_t *tvb, int offset,
1790 packet_info *pinfo, proto_tree *tree,
1793 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1794 hf_samr_index, NULL);
1796 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1802 samr_dissect_change_password_user_rqst(tvbuff_t *tvb, int offset,
1803 packet_info *pinfo, proto_tree *tree,
1806 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1807 hf_samr_hnd, NULL, FALSE, FALSE);
1809 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1810 hf_samr_unknown_char, NULL);
1811 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1812 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1814 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1815 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1817 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1818 hf_samr_unknown_char, NULL);
1819 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1820 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1822 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1823 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1825 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1826 hf_samr_unknown_char, NULL);
1827 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1828 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1830 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1831 hf_samr_unknown_char, NULL);
1832 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1833 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1840 samr_dissect_change_password_user_reply(tvbuff_t *tvb, int offset,
1841 packet_info *pinfo, proto_tree *tree,
1844 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1851 samr_dissect_set_member_attributes_of_group_rqst(tvbuff_t *tvb, int offset,
1853 proto_tree *tree, char *drep)
1855 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1856 hf_samr_hnd, NULL, FALSE, FALSE);
1858 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1859 hf_samr_attrib, NULL);
1864 samr_dissect_set_member_attributes_of_group_reply(tvbuff_t *tvb, int offset,
1865 packet_info *pinfo, proto_tree *tree,
1868 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1875 samr_dissect_GROUP_INFO_1 (tvbuff_t *tvb, int offset,
1876 packet_info *pinfo, proto_tree *tree,
1879 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1881 hf_samr_acct_name, 0);
1882 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1884 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1885 hf_samr_attrib, NULL);
1886 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1888 hf_samr_acct_desc, 0);
1893 samr_dissect_GROUP_INFO(tvbuff_t *tvb, int offset,
1894 packet_info *pinfo, proto_tree *parent_tree,
1897 proto_item *item=NULL;
1898 proto_tree *tree=NULL;
1899 int old_offset=offset;
1903 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1905 tree = proto_item_add_subtree(item, ett_samr_group_info);
1908 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1909 hf_samr_level, &level);
1912 offset = samr_dissect_GROUP_INFO_1(
1913 tvb, offset, pinfo, tree, drep);
1916 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1918 hf_samr_acct_name, 0);
1921 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1922 hf_samr_attrib, NULL);
1925 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1927 hf_samr_acct_desc, 0);
1931 proto_item_set_len(item, offset-old_offset);
1936 samr_dissect_GROUP_INFO_ptr(tvbuff_t *tvb, int offset,
1937 packet_info *pinfo, proto_tree *tree,
1940 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1941 samr_dissect_GROUP_INFO, NDR_POINTER_UNIQUE,
1942 "GROUP_INFO", -1, 0);
1947 samr_dissect_query_information_group_rqst(tvbuff_t *tvb, int offset,
1949 proto_tree *tree, char *drep)
1951 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1952 hf_samr_hnd, NULL, FALSE, FALSE);
1954 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1955 hf_samr_level, NULL);
1961 samr_dissect_query_information_group_reply(tvbuff_t *tvb, int offset,
1962 packet_info *pinfo, proto_tree *tree,
1965 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1966 samr_dissect_GROUP_INFO_ptr, NDR_POINTER_REF,
1967 "GROUP_INFO", -1, 0);
1969 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1975 samr_dissect_set_information_group_rqst(tvbuff_t *tvb, int offset,
1976 packet_info *pinfo, proto_tree *tree,
1979 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1980 hf_samr_hnd, NULL, FALSE, FALSE);
1982 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1983 hf_samr_level, NULL);
1984 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1985 samr_dissect_GROUP_INFO, NDR_POINTER_REF,
1986 "GROUP_INFO", -1, 0);
1991 samr_dissect_set_information_group_reply(tvbuff_t *tvb, int offset,
1992 packet_info *pinfo, proto_tree *tree,
1995 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2003 samr_dissect_get_domain_password_information_rqst(tvbuff_t *tvb, int offset,
2008 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2009 hf_samr_hnd, NULL, FALSE, FALSE);
2011 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2012 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
2013 "Domain", hf_samr_domain, 0);
2018 samr_dissect_get_domain_password_information_reply(tvbuff_t *tvb, int offset,
2024 * XXX - really? Not the same as
2025 * "samr_dissect_get_usrdom_pwinfo_reply()"?
2027 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2028 hf_samr_hnd, NULL, FALSE, FALSE);
2034 samr_dissect_DOMAIN_INFO_1(tvbuff_t *tvb, int offset,
2035 packet_info *pinfo, proto_tree *parent_tree,
2038 proto_item *item=NULL;
2039 proto_tree *tree=NULL;
2040 int old_offset=offset;
2042 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
2045 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2047 tree = proto_item_add_subtree(item, ett_samr_domain_info_1);
2050 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2051 hf_samr_min_pwd_len, NULL);
2052 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2053 hf_samr_pwd_history_len, NULL);
2054 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2055 hf_samr_unknown_long, NULL);
2056 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2057 hf_samr_max_pwd_age);
2058 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2059 hf_samr_min_pwd_age);
2060 proto_item_set_len(item, offset-old_offset);
2065 samr_dissect_DOMAIN_INFO_2(tvbuff_t *tvb, int offset,
2066 packet_info *pinfo, proto_tree *parent_tree,
2069 proto_item *item=NULL;
2070 proto_tree *tree=NULL;
2071 int old_offset=offset;
2074 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2076 tree = proto_item_add_subtree(item, ett_samr_domain_info_2);
2079 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2080 hf_samr_unknown_time);
2081 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2082 hf_samr_unknown_string, 0);
2083 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2085 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2086 hf_samr_controller, 0);
2087 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2088 hf_samr_unknown_time);
2089 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2090 hf_samr_unknown_long, NULL);
2091 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2092 hf_samr_unknown_long, NULL);
2093 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2094 hf_samr_unknown_char, NULL);
2095 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2096 hf_samr_num_users, NULL);
2097 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2098 hf_samr_num_groups, NULL);
2099 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2100 hf_samr_num_aliases, NULL);
2102 proto_item_set_len(item, offset-old_offset);
2107 samr_dissect_DOMAIN_INFO_8(tvbuff_t *tvb, int offset,
2108 packet_info *pinfo, proto_tree *parent_tree,
2111 proto_item *item=NULL;
2112 proto_tree *tree=NULL;
2113 int old_offset=offset;
2116 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2118 tree = proto_item_add_subtree(item, ett_samr_domain_info_8);
2121 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2122 hf_samr_max_pwd_age);
2123 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2124 hf_samr_min_pwd_age);
2126 proto_item_set_len(item, offset-old_offset);
2131 samr_dissect_REPLICATION_STATUS(tvbuff_t *tvb, int offset,
2132 packet_info *pinfo, proto_tree *parent_tree,
2135 proto_item *item=NULL;
2136 proto_tree *tree=NULL;
2137 int old_offset=offset;
2140 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2141 "REPLICATION_STATUS:");
2142 tree = proto_item_add_subtree(item, ett_samr_replication_status);
2145 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2146 hf_samr_unknown_hyper, NULL);
2147 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2148 hf_samr_unknown_hyper, NULL);
2149 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2150 hf_samr_unknown_short, NULL);
2152 proto_item_set_len(item, offset-old_offset);
2157 samr_dissect_DOMAIN_INFO_11(tvbuff_t *tvb, int offset,
2158 packet_info *pinfo, proto_tree *parent_tree,
2161 proto_item *item=NULL;
2162 proto_tree *tree=NULL;
2163 int old_offset=offset;
2166 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2168 tree = proto_item_add_subtree(item, ett_samr_domain_info_11);
2171 offset = samr_dissect_DOMAIN_INFO_2(
2172 tvb, offset, pinfo, tree, drep);
2173 offset = samr_dissect_REPLICATION_STATUS(
2174 tvb, offset, pinfo, tree, drep);
2176 proto_item_set_len(item, offset-old_offset);
2181 samr_dissect_DOMAIN_INFO_13(tvbuff_t *tvb, int offset,
2182 packet_info *pinfo, proto_tree *parent_tree,
2185 proto_item *item=NULL;
2186 proto_tree *tree=NULL;
2187 int old_offset=offset;
2190 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2192 tree = proto_item_add_subtree(item, ett_samr_domain_info_13);
2195 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2196 hf_samr_unknown_time);
2197 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2198 hf_samr_unknown_time);
2199 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2200 hf_samr_unknown_time);
2202 proto_item_set_len(item, offset-old_offset);
2208 samr_dissect_DOMAIN_INFO(tvbuff_t *tvb, int offset,
2209 packet_info *pinfo, proto_tree *parent_tree,
2212 proto_item *item=NULL;
2213 proto_tree *tree=NULL;
2214 int old_offset=offset;
2218 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2220 tree = proto_item_add_subtree(item, ett_samr_domain_info);
2223 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2224 hf_samr_level, &level);
2226 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2229 offset = samr_dissect_DOMAIN_INFO_1(
2230 tvb, offset, pinfo, tree, drep);
2233 offset = samr_dissect_DOMAIN_INFO_2(
2234 tvb, offset, pinfo, tree, drep);
2238 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2239 hf_samr_unknown_time);
2242 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
2243 tree, drep, hf_samr_unknown_string, 0);
2247 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
2248 tree, drep, hf_samr_domain, 0);
2252 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
2253 tree, drep, hf_samr_controller, 0);
2257 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2258 hf_samr_unknown_short, NULL);
2261 offset = samr_dissect_DOMAIN_INFO_8(
2262 tvb, offset, pinfo, tree, drep);
2265 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2266 hf_samr_unknown_short, NULL);
2269 offset = samr_dissect_DOMAIN_INFO_11(
2270 tvb, offset, pinfo, tree, drep);
2273 offset = samr_dissect_REPLICATION_STATUS(
2274 tvb, offset, pinfo, tree, drep);
2277 offset = samr_dissect_DOMAIN_INFO_13(
2278 tvb, offset, pinfo, tree, drep);
2282 proto_item_set_len(item, offset-old_offset);
2287 samr_dissect_set_information_domain_rqst(tvbuff_t *tvb, int offset,
2288 packet_info *pinfo, proto_tree *tree,
2291 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2292 hf_samr_hnd, NULL, FALSE, FALSE);
2294 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2295 hf_samr_level, NULL);
2296 offset = samr_dissect_DOMAIN_INFO(tvb, offset, pinfo, tree, drep);
2302 samr_dissect_set_information_domain_reply(tvbuff_t *tvb, int offset,
2304 proto_tree *tree, char *drep)
2306 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2313 samr_dissect_lookup_domain_rqst(tvbuff_t *tvb, int offset,
2314 packet_info *pinfo, proto_tree *tree,
2317 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2318 hf_samr_hnd, NULL, FALSE, FALSE);
2320 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2321 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
2322 "Domain:", hf_samr_domain, 0);
2328 samr_dissect_lookup_domain_reply(tvbuff_t *tvb, int offset,
2329 packet_info *pinfo, proto_tree *tree,
2332 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2333 dissect_ndr_nt_SID_ptr, NDR_POINTER_REF,
2336 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2342 dissect_ndr_nt_PSID(tvbuff_t *tvb, int offset,
2343 packet_info *pinfo, proto_tree *parent_tree,
2346 proto_item *item=NULL;
2347 proto_tree *tree=NULL;
2348 int old_offset=offset;
2351 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2353 tree = proto_item_add_subtree(item, ett_samr_sid_pointer);
2356 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2357 dissect_ndr_nt_SID, NDR_POINTER_UNIQUE,
2360 proto_item_set_len(item, offset-old_offset);
2366 dissect_ndr_nt_PSID_ARRAY_sids (tvbuff_t *tvb, int offset,
2367 packet_info *pinfo, proto_tree *tree,
2370 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2371 dissect_ndr_nt_PSID);
2378 dissect_ndr_nt_PSID_ARRAY(tvbuff_t *tvb, int offset,
2379 packet_info *pinfo, proto_tree *parent_tree,
2383 proto_item *item=NULL;
2384 proto_tree *tree=NULL;
2385 int old_offset=offset;
2388 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2390 tree = proto_item_add_subtree(item, ett_samr_sid_array);
2393 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2394 hf_samr_count, &count);
2395 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2396 dissect_ndr_nt_PSID_ARRAY_sids, NDR_POINTER_UNIQUE,
2397 "PSID_ARRAY", -1, 0);
2399 proto_item_set_len(item, offset-old_offset);
2403 /* called from NETLOGON but placed here since where are where the hf_fields are defined */
2405 dissect_ndr_nt_SID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
2406 packet_info *pinfo, proto_tree *parent_tree,
2409 proto_item *item=NULL;
2410 proto_tree *tree=NULL;
2413 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2414 "SID_AND_ATTRIBUTES:");
2415 tree = proto_item_add_subtree(item, ett_samr_sid_and_attributes);
2418 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
2420 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2421 hf_samr_attrib, NULL);
2427 dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2428 packet_info *pinfo, proto_tree *parent_tree,
2432 proto_item *item=NULL;
2433 proto_tree *tree=NULL;
2434 int old_offset=offset;
2437 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2438 "SID_AND_ATTRIBUTES array:");
2439 tree = proto_item_add_subtree(item, ett_samr_sid_and_attributes_array);
2442 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2443 hf_samr_count, &count);
2444 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2445 dissect_ndr_nt_SID_AND_ATTRIBUTES);
2447 proto_item_set_len(item, offset-old_offset);
2453 samr_dissect_index(tvbuff_t *tvb, int offset,
2454 packet_info *pinfo, proto_tree *tree,
2459 di=pinfo->private_data;
2461 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2462 di->hf_index, NULL);
2469 samr_dissect_INDEX_ARRAY_value (tvbuff_t *tvb, int offset,
2470 packet_info *pinfo, proto_tree *tree,
2473 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2474 samr_dissect_index);
2480 plural_ending(const char *string)
2484 string_len = strlen(string);
2485 if (string_len > 0 && string[string_len - 1] == 's') {
2486 /* String ends with "s" - pluralize by adding "es" */
2489 /* Field name doesn't end with "s" - pluralize by adding "s" */
2495 samr_dissect_INDEX_ARRAY(tvbuff_t *tvb, int offset,
2496 packet_info *pinfo, proto_tree *parent_tree,
2501 proto_item *item=NULL;
2502 proto_tree *tree=NULL;
2503 int old_offset=offset;
2507 di=pinfo->private_data;
2509 field_name = proto_registrar_get_name(di->hf_index);
2510 snprintf(str, 255, "INDEX_ARRAY: %s%s:", field_name,
2511 plural_ending(field_name));
2513 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2515 tree = proto_item_add_subtree(item, ett_samr_index_array);
2518 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2519 hf_samr_count, &count);
2520 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2521 samr_dissect_INDEX_ARRAY_value, NDR_POINTER_UNIQUE,
2522 str, di->hf_index, 0);
2524 proto_item_set_len(item, offset-old_offset);
2529 samr_dissect_get_alias_membership_rqst(tvbuff_t *tvb, int offset,
2530 packet_info *pinfo, proto_tree *tree,
2533 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2534 hf_samr_hnd, NULL, FALSE, FALSE);
2536 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2537 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2538 "PSID_ARRAY:", -1, 0);
2544 samr_dissect_get_alias_membership_reply(tvbuff_t *tvb, int offset,
2545 packet_info *pinfo, proto_tree *tree,
2548 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2549 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
2550 "INDEX_ARRAY:", hf_samr_alias, 0);
2552 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2559 samr_dissect_IDX_AND_NAME(tvbuff_t *tvb, int offset,
2560 packet_info *pinfo, proto_tree *parent_tree,
2563 proto_item *item=NULL;
2564 proto_tree *tree=NULL;
2565 int old_offset=offset;
2569 di=pinfo->private_data;
2571 snprintf(str, 255, "IDX_AND_NAME: %s:",proto_registrar_get_name(di->hf_index));
2573 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2575 tree = proto_item_add_subtree(item, ett_samr_idx_and_name);
2578 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2579 hf_samr_index, NULL);
2580 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
2581 tree, drep, di->hf_index, 4);
2583 proto_item_set_len(item, offset-old_offset);
2588 samr_dissect_IDX_AND_NAME_entry (tvbuff_t *tvb, int offset,
2589 packet_info *pinfo, proto_tree *tree,
2592 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2593 samr_dissect_IDX_AND_NAME);
2600 samr_dissect_IDX_AND_NAME_ARRAY(tvbuff_t *tvb, int offset,
2601 packet_info *pinfo, proto_tree *parent_tree,
2606 proto_item *item=NULL;
2607 proto_tree *tree=NULL;
2608 int old_offset=offset;
2612 di=pinfo->private_data;
2614 field_name = proto_registrar_get_name(di->hf_index);
2617 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2618 "IDX_AND_NAME_ARRAY: %s%s:", field_name,
2619 plural_ending(field_name));
2620 tree = proto_item_add_subtree(item, ett_samr_idx_and_name_array);
2624 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2625 hf_samr_count, &count);
2626 snprintf(str, 255, "IDX_AND_NAME pointer: %s%s:", field_name,
2627 plural_ending(field_name));
2628 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2629 samr_dissect_IDX_AND_NAME_entry, NDR_POINTER_UNIQUE,
2630 str, di->hf_index, 0);
2632 proto_item_set_len(item, offset-old_offset);
2637 samr_dissect_IDX_AND_NAME_ARRAY_ptr(tvbuff_t *tvb, int offset,
2638 packet_info *pinfo, proto_tree *tree,
2645 di=pinfo->private_data;
2647 field_name = proto_registrar_get_name(di->hf_index);
2648 snprintf(str, 255, "IDX_AND_NAME_ARRAY pointer: %s%s:", field_name,
2649 plural_ending(field_name));
2650 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2651 samr_dissect_IDX_AND_NAME_ARRAY, NDR_POINTER_UNIQUE,
2652 str, di->hf_index, 0);
2657 samr_dissect_enum_domains_rqst(tvbuff_t *tvb, int offset,
2658 packet_info *pinfo, proto_tree *tree,
2661 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2662 hf_samr_hnd, NULL, FALSE, FALSE);
2664 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2665 samr_dissect_pointer_long, NDR_POINTER_REF,
2666 "Resume Handle:", hf_samr_resume_hnd, 0);
2668 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2669 hf_samr_pref_maxsize, NULL);
2675 samr_dissect_enum_domains_reply(tvbuff_t *tvb, int offset,
2676 packet_info *pinfo, proto_tree *tree,
2679 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2680 samr_dissect_pointer_long, NDR_POINTER_REF,
2681 "Resume Handle:", hf_samr_resume_hnd, 0);
2682 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2683 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2684 "IDX_AND_NAME_ARRAY:", hf_samr_domain, 0);
2685 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2686 samr_dissect_pointer_long, NDR_POINTER_REF,
2687 "Entries:", hf_samr_entries, 0);
2689 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2696 samr_dissect_enum_dom_groups_rqst(tvbuff_t *tvb, int offset,
2697 packet_info *pinfo, proto_tree *tree,
2700 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2701 hf_samr_hnd, NULL, FALSE, FALSE);
2703 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2704 samr_dissect_pointer_long, NDR_POINTER_REF,
2705 "Resume Handle:", hf_samr_resume_hnd, 0);
2706 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2707 hf_samr_mask, NULL);
2708 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2709 hf_samr_pref_maxsize, NULL);
2715 samr_dissect_enum_dom_groups_reply(tvbuff_t *tvb, int offset,
2716 packet_info *pinfo, proto_tree *tree,
2719 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2720 samr_dissect_pointer_long, NDR_POINTER_REF,
2721 "Resume Handle:", hf_samr_resume_hnd, 0);
2722 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2723 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2724 "IDX_AND_NAME_ARRAY:", hf_samr_group_name, 0);
2725 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2726 samr_dissect_pointer_long, NDR_POINTER_REF,
2727 "Entries:", hf_samr_entries, 0);
2729 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2736 samr_dissect_enum_dom_aliases_rqst(tvbuff_t *tvb, int offset,
2737 packet_info *pinfo, proto_tree *tree,
2740 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2741 hf_samr_hnd, NULL, FALSE, FALSE);
2743 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2744 samr_dissect_pointer_long, NDR_POINTER_REF,
2745 "Resume Handle:", hf_samr_resume_hnd, 0);
2747 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2748 hf_samr_mask, NULL);
2750 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2751 hf_samr_pref_maxsize, NULL);
2757 samr_dissect_enum_dom_aliases_reply(tvbuff_t *tvb, int offset,
2758 packet_info *pinfo, proto_tree *tree,
2761 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2762 samr_dissect_pointer_long, NDR_POINTER_REF,
2763 "Resume Handle:", hf_samr_resume_hnd, 0);
2765 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2766 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2767 "IDX_AND_NAME_ARRAY:", hf_samr_alias_name, 0);
2769 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2770 samr_dissect_pointer_long, NDR_POINTER_REF,
2771 "Entries:", hf_samr_entries, 0);
2773 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2780 samr_dissect_get_members_in_alias_rqst(tvbuff_t *tvb, int offset,
2781 packet_info *pinfo, proto_tree *tree,
2784 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2785 hf_samr_hnd, NULL, FALSE, FALSE);
2791 samr_dissect_get_members_in_alias_reply(tvbuff_t *tvb, int offset,
2792 packet_info *pinfo, proto_tree *tree,
2795 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2796 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2797 "PSID_ARRAY:", -1, 0);
2799 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2806 samr_dissect_LOGON_HOURS_entry(tvbuff_t *tvb, int offset,
2807 packet_info *pinfo, proto_tree *tree,
2810 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2811 hf_samr_unknown_char, NULL);
2816 samr_dissect_LOGON_HOURS_hours(tvbuff_t *tvb, int offset,
2817 packet_info *pinfo, proto_tree *parent_tree,
2820 proto_item *item=NULL;
2821 proto_tree *tree=NULL;
2822 int old_offset=offset;
2825 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2827 tree = proto_item_add_subtree(item, ett_samr_logon_hours_hours);
2830 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
2831 samr_dissect_LOGON_HOURS_entry);
2833 proto_item_set_len(item, offset-old_offset);
2840 dissect_ndr_nt_LOGON_HOURS(tvbuff_t *tvb, int offset,
2841 packet_info *pinfo, proto_tree *parent_tree,
2844 proto_item *item=NULL;
2845 proto_tree *tree=NULL;
2846 int old_offset=offset;
2848 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
2851 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2853 tree = proto_item_add_subtree(item, ett_samr_logon_hours);
2856 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2857 hf_samr_divisions, NULL);
2858 /* XXX - is this a bitmask like the "logon hours" field in the
2859 Remote API call "NetUserGetInfo()" with an information level
2861 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2862 samr_dissect_LOGON_HOURS_hours, NDR_POINTER_UNIQUE,
2863 "LOGON_HOURS", -1, 0);
2865 proto_item_set_len(item, offset-old_offset);
2871 samr_dissect_USER_INFO_1(tvbuff_t *tvb, int offset,
2872 packet_info *pinfo, proto_tree *parent_tree,
2875 proto_item *item=NULL;
2876 proto_tree *tree=NULL;
2877 int old_offset=offset;
2880 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2882 tree = proto_item_add_subtree(item, ett_samr_user_info_1);
2885 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2886 hf_samr_acct_name, 0);
2887 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2888 hf_samr_full_name, 0);
2889 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2890 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2892 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2895 proto_item_set_len(item, offset-old_offset);
2900 samr_dissect_USER_INFO_2(tvbuff_t *tvb, int offset,
2901 packet_info *pinfo, proto_tree *parent_tree,
2904 proto_item *item=NULL;
2905 proto_tree *tree=NULL;
2906 int old_offset=offset;
2909 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2911 tree = proto_item_add_subtree(item, ett_samr_user_info_2);
2914 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2915 hf_samr_acct_name, 0);
2916 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2917 hf_samr_full_name, 0);
2918 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2919 hf_samr_bad_pwd_count, NULL);
2920 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2921 hf_samr_logon_count, NULL);
2923 proto_item_set_len(item, offset-old_offset);
2928 samr_dissect_USER_INFO_3(tvbuff_t *tvb, int offset,
2929 packet_info *pinfo, proto_tree *parent_tree,
2932 proto_item *item=NULL;
2933 proto_tree *tree=NULL;
2934 int old_offset=offset;
2937 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2939 tree = proto_item_add_subtree(item, ett_samr_user_info_3);
2942 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2943 hf_samr_acct_name, 0);
2944 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2945 hf_samr_full_name, 0);
2946 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2948 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2949 hf_samr_group, NULL);
2950 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2952 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2953 hf_samr_home_drive, 0);
2954 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2956 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2957 hf_samr_acct_desc, 0);
2958 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2959 hf_samr_workstations, 0);
2960 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2961 hf_samr_logon_time);
2962 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2963 hf_samr_logoff_time);
2964 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2965 hf_samr_pwd_last_set_time);
2966 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2967 hf_samr_pwd_can_change_time);
2968 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2969 hf_samr_pwd_must_change_time);
2970 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2971 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2972 hf_samr_logon_count, NULL);
2973 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2974 hf_samr_bad_pwd_count, NULL);
2975 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2977 proto_item_set_len(item, offset-old_offset);
2982 samr_dissect_USER_INFO_5(tvbuff_t *tvb, int offset,
2983 packet_info *pinfo, proto_tree *parent_tree,
2986 proto_item *item=NULL;
2987 proto_tree *tree=NULL;
2988 int old_offset=offset;
2991 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2993 tree = proto_item_add_subtree(item, ett_samr_user_info_5);
2996 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2997 hf_samr_acct_name, 0);
2998 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2999 hf_samr_full_name, 0);
3000 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3002 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3003 hf_samr_group, NULL);
3004 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3005 hf_samr_country, NULL);
3006 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3007 hf_samr_codepage, NULL);
3008 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3010 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3011 hf_samr_home_drive, 0);
3012 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3014 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3015 hf_samr_acct_desc, 0);
3016 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3017 hf_samr_workstations, 0);
3018 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3019 hf_samr_logon_time);
3020 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3021 hf_samr_logoff_time);
3022 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
3023 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3024 hf_samr_bad_pwd_count, NULL);
3025 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3026 hf_samr_logon_count, NULL);
3027 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3028 hf_samr_pwd_last_set_time);
3029 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3030 hf_samr_acct_expiry_time);
3031 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3033 proto_item_set_len(item, offset-old_offset);
3038 samr_dissect_USER_INFO_6(tvbuff_t *tvb, int offset,
3039 packet_info *pinfo, proto_tree *parent_tree,
3042 proto_item *item=NULL;
3043 proto_tree *tree=NULL;
3044 int old_offset=offset;
3047 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3049 tree = proto_item_add_subtree(item, ett_samr_user_info_6);
3052 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3053 hf_samr_acct_name, 0);
3054 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3055 hf_samr_full_name, 0);
3057 proto_item_set_len(item, offset-old_offset);
3062 samr_dissect_USER_INFO_18(tvbuff_t *tvb, int offset,
3063 packet_info *pinfo, proto_tree *parent_tree,
3066 proto_item *item=NULL;
3067 proto_tree *tree=NULL;
3068 int old_offset=offset;
3071 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3073 tree = proto_item_add_subtree(item, ett_samr_user_info_18);
3076 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
3077 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
3078 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3079 hf_samr_unknown_char, NULL);
3080 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3081 hf_samr_unknown_char, NULL);
3082 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3083 hf_samr_unknown_char, NULL);
3085 proto_item_set_len(item, offset-old_offset);
3090 samr_dissect_USER_INFO_19(tvbuff_t *tvb, int offset,
3091 packet_info *pinfo, proto_tree *parent_tree,
3094 proto_item *item=NULL;
3095 proto_tree *tree=NULL;
3096 int old_offset=offset;
3099 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3101 tree = proto_item_add_subtree(item, ett_samr_user_info_19);
3104 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3105 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3106 hf_samr_logon_time);
3107 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3108 hf_samr_logoff_time);
3109 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3110 hf_samr_bad_pwd_count, NULL);
3111 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3112 hf_samr_logon_count, NULL);
3114 proto_item_set_len(item, offset-old_offset);
3119 samr_dissect_BUFFER_entry(tvbuff_t *tvb, int offset,
3120 packet_info *pinfo, proto_tree *tree,
3123 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3124 hf_samr_unknown_char, NULL);
3130 samr_dissect_BUFFER_buffer(tvbuff_t *tvb, int offset,
3131 packet_info *pinfo, proto_tree *parent_tree,
3134 proto_item *item=NULL;
3135 proto_tree *tree=NULL;
3136 int old_offset=offset;
3139 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3141 tree = proto_item_add_subtree(item, ett_samr_buffer_buffer);
3144 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3145 samr_dissect_BUFFER_entry);
3147 proto_item_set_len(item, offset-old_offset);
3154 samr_dissect_BUFFER(tvbuff_t *tvb, int offset,
3155 packet_info *pinfo, proto_tree *parent_tree,
3158 proto_item *item=NULL;
3159 proto_tree *tree=NULL;
3160 int old_offset=offset;
3163 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3165 tree = proto_item_add_subtree(item, ett_samr_buffer);
3167 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3168 hf_samr_count, NULL);
3169 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3170 samr_dissect_BUFFER_buffer, NDR_POINTER_UNIQUE,
3173 proto_item_set_len(item, offset-old_offset);
3178 samr_dissect_USER_INFO_21(tvbuff_t *tvb, int offset,
3179 packet_info *pinfo, proto_tree *parent_tree,
3182 proto_item *item=NULL;
3183 proto_tree *tree=NULL;
3184 int old_offset=offset;
3187 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3189 tree = proto_item_add_subtree(item, ett_samr_user_info_21);
3192 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3193 hf_samr_logon_time);
3194 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3195 hf_samr_logoff_time);
3196 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3197 hf_samr_kickoff_time);
3198 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3199 hf_samr_pwd_last_set_time);
3200 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3201 hf_samr_pwd_can_change_time);
3202 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3203 hf_samr_pwd_must_change_time);
3204 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3205 hf_samr_acct_name, 2);
3206 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3207 hf_samr_full_name, 0);
3208 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3210 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3211 hf_samr_home_drive, 0);
3212 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3214 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3215 hf_samr_profile, 0);
3216 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3217 hf_samr_acct_desc, 0);
3218 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3219 hf_samr_workstations, 0);
3220 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3221 hf_samr_comment, 0);
3222 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3223 hf_samr_parameters, 0);
3224 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3225 hf_samr_unknown_string, 0);
3226 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3227 hf_samr_unknown_string, 0);
3228 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3229 hf_samr_unknown_string, 0);
3230 offset = samr_dissect_BUFFER(tvb, offset, pinfo, tree, drep);
3231 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3233 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3234 hf_samr_group, NULL);
3235 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3236 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3237 hf_samr_unknown_long, NULL);
3238 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
3239 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3240 hf_samr_bad_pwd_count, NULL);
3241 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3242 hf_samr_logon_count, NULL);
3243 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3244 hf_samr_country, NULL);
3245 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3246 hf_samr_codepage, NULL);
3247 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3248 hf_samr_nt_pwd_set, NULL);
3249 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3250 hf_samr_lm_pwd_set, NULL);
3251 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3252 hf_samr_pwd_expired, NULL);
3253 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3254 hf_samr_unknown_char, NULL);
3256 proto_item_set_len(item, offset-old_offset);
3261 samr_dissect_USER_INFO_22(tvbuff_t *tvb, int offset,
3262 packet_info *pinfo, proto_tree *parent_tree,
3265 proto_item *item=NULL;
3266 proto_tree *tree=NULL;
3267 int old_offset=offset;
3270 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3272 tree = proto_item_add_subtree(item, ett_samr_user_info_22);
3275 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3276 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
3277 hf_samr_revision, NULL);
3279 proto_item_set_len(item, offset-old_offset);
3284 samr_dissect_USER_INFO_23(tvbuff_t *tvb, int offset,
3285 packet_info *pinfo, proto_tree *parent_tree,
3288 proto_item *item=NULL;
3289 proto_tree *tree=NULL;
3290 int old_offset=offset;
3293 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3295 tree = proto_item_add_subtree(item, ett_samr_user_info_23);
3298 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3299 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3301 proto_item_set_len(item, offset-old_offset);
3306 samr_dissect_USER_INFO_24(tvbuff_t *tvb, int offset,
3307 packet_info *pinfo, proto_tree *parent_tree,
3310 proto_item *item=NULL;
3311 proto_tree *tree=NULL;
3312 int old_offset=offset;
3315 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3317 tree = proto_item_add_subtree(item, ett_samr_user_info_24);
3320 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3321 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3322 hf_samr_unknown_char, NULL);
3324 proto_item_set_len(item, offset-old_offset);
3329 samr_dissect_USER_INFO (tvbuff_t *tvb, int offset,
3330 packet_info *pinfo, proto_tree *parent_tree,
3333 proto_item *item=NULL;
3334 proto_tree *tree=NULL;
3335 int old_offset=offset;
3339 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3341 tree = proto_item_add_subtree(item, ett_samr_user_info);
3343 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3344 hf_samr_level, &level);
3348 offset = samr_dissect_USER_INFO_1(
3349 tvb, offset, pinfo, tree, drep);
3352 offset = samr_dissect_USER_INFO_2(
3353 tvb, offset, pinfo, tree, drep);
3356 offset = samr_dissect_USER_INFO_3(
3357 tvb, offset, pinfo, tree, drep);
3360 offset = dissect_ndr_nt_LOGON_HOURS(
3361 tvb, offset, pinfo, tree, drep);
3364 offset = samr_dissect_USER_INFO_5(
3365 tvb, offset, pinfo, tree, drep);
3368 offset = samr_dissect_USER_INFO_6(
3369 tvb, offset, pinfo, tree, drep);
3372 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3373 hf_samr_full_name, 0);
3376 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3377 hf_samr_acct_desc, 0);
3380 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3381 hf_samr_unknown_long, NULL);
3384 offset = samr_dissect_USER_INFO_6(
3385 tvb, offset, pinfo, tree, drep);
3388 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3392 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3393 hf_samr_home_drive, 0);
3396 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3400 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3401 hf_samr_workstations, 0);
3404 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree,
3408 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3409 hf_samr_unknown_time);
3412 offset = samr_dissect_USER_INFO_18(
3413 tvb, offset, pinfo, tree, drep);
3416 offset = samr_dissect_USER_INFO_19(
3417 tvb, offset, pinfo, tree, drep);
3420 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3421 hf_samr_profile, 0);
3424 offset = samr_dissect_USER_INFO_21(
3425 tvb, offset, pinfo, tree, drep);
3428 offset = samr_dissect_USER_INFO_22(
3429 tvb, offset, pinfo, tree, drep);
3432 offset = samr_dissect_USER_INFO_23(
3433 tvb, offset, pinfo, tree, drep);
3436 offset = samr_dissect_USER_INFO_24(
3437 tvb, offset, pinfo, tree, drep);
3441 proto_item_set_len(item, offset-old_offset);
3446 samr_dissect_USER_INFO_ptr(tvbuff_t *tvb, int offset,
3447 packet_info *pinfo, proto_tree *tree,
3450 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3451 samr_dissect_USER_INFO, NDR_POINTER_UNIQUE,
3452 "USER_INFO pointer", -1, 0);
3457 samr_dissect_set_information_user2_rqst(tvbuff_t *tvb, int offset,
3458 packet_info *pinfo, proto_tree *tree,
3461 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3462 hf_samr_hnd, NULL, FALSE, FALSE);
3464 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3465 hf_samr_level, NULL);
3467 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3468 samr_dissect_USER_INFO, NDR_POINTER_REF,
3469 "USER_INFO:", -1, 0);
3475 samr_dissect_set_information_user2_reply(tvbuff_t *tvb, int offset,
3476 packet_info *pinfo, proto_tree *tree,
3479 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3486 samr_dissect_unknown_2f_rqst(tvbuff_t *tvb, int offset,
3487 packet_info *pinfo, proto_tree *tree,
3490 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3491 hf_samr_hnd, NULL, FALSE, FALSE);
3493 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3494 hf_samr_level, NULL);
3500 samr_dissect_unknown_2f_reply(tvbuff_t *tvb, int offset,
3501 packet_info *pinfo, proto_tree *tree,
3504 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3505 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
3506 "USER_INFO:", -1, 0);
3508 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3515 samr_dissect_MEMBER_ARRAY_type(tvbuff_t *tvb, int offset,
3516 packet_info *pinfo, proto_tree *tree,
3519 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3520 hf_samr_type, NULL);
3527 samr_dissect_MEMBER_ARRAY_types(tvbuff_t *tvb, int offset,
3528 packet_info *pinfo, proto_tree *parent_tree,
3531 proto_item *item=NULL;
3532 proto_tree *tree=NULL;
3533 int old_offset=offset;
3536 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3537 "MEMBER_ARRAY_types:");
3538 tree = proto_item_add_subtree(item, ett_samr_member_array_types);
3541 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3542 samr_dissect_MEMBER_ARRAY_type);
3544 proto_item_set_len(item, offset-old_offset);
3551 samr_dissect_MEMBER_ARRAY_rid(tvbuff_t *tvb, int offset,
3552 packet_info *pinfo, proto_tree *tree,
3555 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3563 samr_dissect_MEMBER_ARRAY_rids(tvbuff_t *tvb, int offset,
3564 packet_info *pinfo, proto_tree *parent_tree,
3567 proto_item *item=NULL;
3568 proto_tree *tree=NULL;
3569 int old_offset=offset;
3572 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3573 "MEMBER_ARRAY_rids:");
3574 tree = proto_item_add_subtree(item, ett_samr_member_array_rids);
3577 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3578 samr_dissect_MEMBER_ARRAY_rid);
3580 proto_item_set_len(item, offset-old_offset);
3587 samr_dissect_MEMBER_ARRAY(tvbuff_t *tvb, int offset,
3588 packet_info *pinfo, proto_tree *parent_tree,
3592 proto_item *item=NULL;
3593 proto_tree *tree=NULL;
3594 int old_offset=offset;
3597 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3599 tree = proto_item_add_subtree(item, ett_samr_member_array);
3602 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3603 hf_samr_count, &count);
3604 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3605 samr_dissect_MEMBER_ARRAY_rids, NDR_POINTER_UNIQUE,
3607 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3608 samr_dissect_MEMBER_ARRAY_types, NDR_POINTER_UNIQUE,
3611 proto_item_set_len(item, offset-old_offset);
3616 samr_dissect_MEMBER_ARRAY_ptr(tvbuff_t *tvb, int offset,
3617 packet_info *pinfo, proto_tree *tree,
3620 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3621 samr_dissect_MEMBER_ARRAY, NDR_POINTER_UNIQUE,
3622 "MEMBER_ARRAY", -1, 0);
3627 samr_dissect_query_groupmem_rqst(tvbuff_t *tvb, int offset,
3628 packet_info *pinfo, proto_tree *tree,
3631 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3637 samr_dissect_query_groupmem_reply(tvbuff_t *tvb, int offset,
3638 packet_info *pinfo, proto_tree *tree,
3641 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3642 samr_dissect_MEMBER_ARRAY_ptr, NDR_POINTER_REF,
3643 "MEMBER_ARRAY:", -1, 0);
3645 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3652 samr_dissect_set_sec_object_rqst(tvbuff_t *tvb, int offset,
3653 packet_info *pinfo, proto_tree *tree,
3656 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3657 hf_samr_hnd, NULL, FALSE, FALSE);
3659 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3660 hf_samr_info_type, NULL);
3662 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3663 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3664 "LSA_SECURITY_DESCRIPTOR pointer: ", -1, 0);
3670 samr_dissect_set_sec_object_reply(tvbuff_t *tvb, int offset,
3671 packet_info *pinfo, proto_tree *tree,
3674 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3681 samr_dissect_query_sec_object_rqst(tvbuff_t *tvb, int offset,
3682 packet_info *pinfo, proto_tree *tree,
3685 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3686 hf_samr_hnd, NULL, FALSE, FALSE);
3688 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3689 hf_samr_info_type, NULL);
3695 samr_dissect_query_sec_object_reply(tvbuff_t *tvb, int offset,
3696 packet_info *pinfo, proto_tree *tree,
3699 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3700 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3701 "LSA_SECURITY_DESCRIPTOR pointer: ", -1, 0);
3703 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3710 samr_dissect_LOOKUP_NAMES_name(tvbuff_t *tvb, int offset,
3711 packet_info *pinfo, proto_tree *tree,
3714 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3715 hf_samr_acct_name, 1);
3720 samr_dissect_LOOKUP_NAMES(tvbuff_t *tvb, int offset,
3721 packet_info *pinfo, proto_tree *parent_tree,
3724 proto_item *item=NULL;
3725 proto_tree *tree=NULL;
3726 int old_offset=offset;
3729 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3731 tree = proto_item_add_subtree(item, ett_samr_names);
3734 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3735 samr_dissect_LOOKUP_NAMES_name);
3737 proto_item_set_len(item, offset-old_offset);
3743 samr_dissect_lookup_names_rqst(tvbuff_t *tvb, int offset,
3744 packet_info *pinfo, proto_tree *tree,
3747 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3748 hf_samr_hnd, NULL, FALSE, FALSE);
3750 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3751 hf_samr_count, NULL);
3753 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3754 samr_dissect_LOOKUP_NAMES, NDR_POINTER_REF,
3755 "LOOKUP_NAMES:", -1, 0);
3761 samr_dissect_lookup_names_reply(tvbuff_t *tvb, int offset,
3762 packet_info *pinfo, proto_tree *tree,
3765 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3766 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3767 "Rids:", hf_samr_rid, 0);
3768 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3769 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3770 "Types:", hf_samr_type, 0);
3772 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3779 samr_dissect_LOOKUP_RIDS_rid(tvbuff_t *tvb, int offset,
3780 packet_info *pinfo, proto_tree *tree,
3783 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3790 samr_dissect_LOOKUP_RIDS(tvbuff_t *tvb, int offset,
3791 packet_info *pinfo, proto_tree *parent_tree,
3794 proto_item *item=NULL;
3795 proto_tree *tree=NULL;
3796 int old_offset=offset;
3799 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3801 tree = proto_item_add_subtree(item, ett_samr_rids);
3804 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3805 samr_dissect_LOOKUP_RIDS_rid);
3807 proto_item_set_len(item, offset-old_offset);
3813 samr_dissect_lookup_rids_rqst(tvbuff_t *tvb, int offset,
3814 packet_info *pinfo, proto_tree *tree,
3817 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3818 hf_samr_hnd, NULL, FALSE, FALSE);
3820 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3821 hf_samr_count, NULL);
3823 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3824 samr_dissect_LOOKUP_RIDS, NDR_POINTER_REF,
3825 "LOOKUP_RIDS:", -1, 0);
3831 samr_dissect_UNICODE_STRING_ARRAY_name(tvbuff_t *tvb, int offset,
3832 packet_info *pinfo, proto_tree *tree,
3835 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3836 hf_samr_acct_name, 0);
3841 samr_dissect_UNICODE_STRING_ARRAY_names(tvbuff_t *tvb, int offset,
3842 packet_info *pinfo, proto_tree *tree,
3845 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3846 samr_dissect_UNICODE_STRING_ARRAY_name);
3851 samr_dissect_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
3852 packet_info *pinfo, proto_tree *parent_tree,
3855 proto_item *item=NULL;
3856 proto_tree *tree=NULL;
3857 int old_offset=offset;
3860 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3862 tree = proto_item_add_subtree(item, ett_samr_names);
3865 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3866 hf_samr_count, NULL);
3868 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3869 samr_dissect_UNICODE_STRING_ARRAY_names, NDR_POINTER_UNIQUE,
3872 proto_item_set_len(item, offset-old_offset);
3880 samr_dissect_lookup_rids_reply(tvbuff_t *tvb, int offset,
3881 packet_info *pinfo, proto_tree *tree,
3884 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3885 samr_dissect_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
3886 "RIDs:", hf_samr_rid, 0);
3887 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3888 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3889 "Types:", hf_samr_type, 0);
3891 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3898 samr_dissect_close_hnd_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
3899 proto_tree *tree, char *drep)
3901 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3902 hf_samr_hnd, NULL, FALSE, TRUE);
3908 samr_dissect_close_hnd_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
3909 proto_tree *tree, char *drep)
3911 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3912 hf_samr_hnd, NULL, FALSE, FALSE);
3914 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3921 samr_dissect_shutdown_sam_server_rqst(tvbuff_t *tvb, int offset,
3922 packet_info *pinfo, proto_tree *tree,
3925 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3932 samr_dissect_shutdown_sam_server_reply(tvbuff_t *tvb, int offset,
3933 packet_info *pinfo, proto_tree *tree,
3936 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3943 samr_dissect_delete_dom_group_rqst(tvbuff_t *tvb, int offset,
3944 packet_info *pinfo, proto_tree *tree,
3947 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3954 samr_dissect_delete_dom_group_reply(tvbuff_t *tvb, int offset,
3955 packet_info *pinfo, proto_tree *tree,
3958 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3965 samr_dissect_remove_member_from_group_rqst(tvbuff_t *tvb, int offset,
3967 proto_tree *tree, char *drep)
3969 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3970 hf_samr_hnd, NULL, FALSE, FALSE);
3972 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3973 hf_samr_group, NULL);
3975 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3982 samr_dissect_remove_member_from_group_reply(tvbuff_t *tvb, int offset,
3984 proto_tree *tree, char *drep)
3986 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3993 samr_dissect_delete_dom_alias_rqst(tvbuff_t *tvb, int offset,
3994 packet_info *pinfo, proto_tree *tree,
3997 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
4004 samr_dissect_delete_dom_alias_reply(tvbuff_t *tvb, int offset,
4005 packet_info *pinfo, proto_tree *tree,
4008 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4015 samr_dissect_add_alias_member_rqst(tvbuff_t *tvb, int offset,
4016 packet_info *pinfo, proto_tree *tree,
4019 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4020 hf_samr_hnd, NULL, FALSE, FALSE);
4022 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4023 dissect_ndr_nt_SID, NDR_POINTER_REF,
4029 samr_dissect_add_alias_member_reply(tvbuff_t *tvb, int offset,
4030 packet_info *pinfo, proto_tree *tree,
4033 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4040 samr_dissect_remove_alias_member_rqst(tvbuff_t *tvb, int offset,
4041 packet_info *pinfo, proto_tree *tree,
4044 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4045 hf_samr_hnd, NULL, FALSE, FALSE);
4047 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4048 dissect_ndr_nt_SID, NDR_POINTER_REF,
4054 samr_dissect_remove_alias_member_reply(tvbuff_t *tvb, int offset,
4055 packet_info *pinfo, proto_tree *tree,
4058 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4065 samr_dissect_delete_dom_user_rqst(tvbuff_t *tvb, int offset,
4066 packet_info *pinfo, proto_tree *tree,
4069 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4070 hf_samr_hnd, NULL, FALSE, FALSE);
4076 samr_dissect_delete_dom_user_reply(tvbuff_t *tvb, int offset,
4077 packet_info *pinfo, proto_tree *tree,
4080 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4087 samr_dissect_test_private_fns_domain_rqst(tvbuff_t *tvb, int offset,
4088 packet_info *pinfo, proto_tree *tree,
4091 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4092 hf_samr_hnd, NULL, FALSE, FALSE);
4098 samr_dissect_test_private_fns_domain_reply(tvbuff_t *tvb, int offset,
4100 proto_tree *tree, char *drep)
4102 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4109 samr_dissect_test_private_fns_user_rqst(tvbuff_t *tvb, int offset,
4110 packet_info *pinfo, proto_tree *tree,
4113 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4114 hf_samr_hnd, NULL, FALSE, FALSE);
4120 samr_dissect_test_private_fns_user_reply(tvbuff_t *tvb, int offset,
4122 proto_tree *tree, char *drep)
4124 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4131 samr_dissect_remove_member_from_foreign_domain_rqst(tvbuff_t *tvb, int offset,
4136 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4137 hf_samr_hnd, NULL, FALSE, FALSE);
4139 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4140 dissect_ndr_nt_SID, NDR_POINTER_REF,
4146 samr_dissect_remove_member_from_foreign_domain_reply(tvbuff_t *tvb, int offset,
4151 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4158 samr_dissect_remove_multiple_members_from_alias_rqst(tvbuff_t *tvb,
4164 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4165 hf_samr_hnd, NULL, FALSE, FALSE);
4167 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4168 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
4169 "PSID_ARRAY:", -1, 0);
4175 samr_dissect_remove_multiple_members_from_alias_reply(tvbuff_t *tvb,
4181 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4188 samr_dissect_open_group_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4189 proto_tree *tree, char *drep)
4191 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4192 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4195 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4196 hf_samr_hnd, NULL, FALSE, FALSE);
4198 offset = dissect_nt_access_mask(
4199 tvb, offset, pinfo, tree, drep, hf_samr_access,
4200 specific_rights_group);
4202 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4205 if (check_col(pinfo->cinfo, COL_INFO))
4206 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
4208 dcv->private_data = (void *)rid;
4214 samr_dissect_open_group_reply(tvbuff_t *tvb, int offset,
4215 packet_info *pinfo, proto_tree *tree,
4218 e_ctx_hnd policy_hnd;
4220 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4221 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
4223 dcerpc_smb_store_pol_name(&policy_hnd, "OpenGroup handle");
4225 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4232 samr_dissect_open_alias_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4233 proto_tree *tree, char *drep)
4235 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4236 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4239 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4240 hf_samr_hnd, NULL, FALSE, FALSE);
4242 offset = dissect_nt_access_mask(
4243 tvb, offset, pinfo, tree, drep, hf_samr_access,
4244 specific_rights_alias);
4246 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4249 if (check_col(pinfo->cinfo, COL_INFO))
4250 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
4252 dcv->private_data = (void *)rid;
4258 samr_dissect_open_alias_reply(tvbuff_t *tvb, int offset,
4259 packet_info *pinfo, proto_tree *tree,
4262 e_ctx_hnd policy_hnd;
4264 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4265 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
4267 dcerpc_smb_store_pol_name(&policy_hnd, "OpenAlias handle");
4269 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4276 samr_dissect_add_multiple_members_to_alias_rqst(tvbuff_t *tvb, int offset,
4278 proto_tree *tree, char *drep)
4280 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4281 hf_samr_hnd, NULL, FALSE, FALSE);
4283 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4284 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
4285 "PSID_ARRAY:", -1, 0);
4291 samr_dissect_add_multiple_members_to_alias_reply(tvbuff_t *tvb, int offset,
4293 proto_tree *tree, char *drep)
4295 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4302 samr_dissect_create_group_in_domain_rqst(tvbuff_t *tvb, int offset,
4303 packet_info *pinfo, proto_tree *tree,
4306 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4307 hf_samr_hnd, NULL, FALSE, FALSE);
4309 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4310 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
4311 "Account Name", hf_samr_acct_name, 0);
4313 offset = dissect_nt_access_mask(
4314 tvb, offset, pinfo, tree, drep, hf_samr_access,
4315 specific_rights_group);
4321 samr_dissect_create_group_in_domain_reply(tvbuff_t *tvb, int offset,
4322 packet_info *pinfo, proto_tree *tree,
4325 e_ctx_hnd policy_hnd;
4327 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4328 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
4330 dcerpc_smb_store_pol_name(&policy_hnd, "CreateGroup handle");
4332 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4335 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4342 samr_dissect_query_information_domain_rqst(tvbuff_t *tvb, int offset,
4344 proto_tree *tree, char *drep)
4346 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4347 hf_samr_hnd, NULL, FALSE, FALSE);
4349 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4350 hf_samr_level, NULL);
4356 samr_dissect_query_information_domain_reply(tvbuff_t *tvb, int offset,
4357 packet_info *pinfo, proto_tree *tree,
4361 * Yes, in at least one capture with replies from a W2K server,
4362 * this was, indeed, a UNIQUE pointer, not a REF pointer.
4364 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4365 samr_dissect_DOMAIN_INFO, NDR_POINTER_UNIQUE,
4366 "DOMAIN_INFO pointer", hf_samr_domain, 0);
4368 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4375 samr_dissect_query_information_user_rqst(tvbuff_t *tvb, int offset,
4377 proto_tree *tree, char *drep)
4379 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4380 hf_samr_hnd, NULL, FALSE, FALSE);
4382 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4383 hf_samr_level, NULL);
4389 samr_dissect_query_information_user_reply(tvbuff_t *tvb, int offset,
4391 proto_tree *tree, char *drep)
4393 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4394 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
4395 "USER_INFO:", -1, 0);
4397 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4403 static dcerpc_sub_dissector dcerpc_samr_dissectors[] = {
4404 { SAMR_CONNECT, "SamrConnect",
4405 samr_dissect_connect_anon_rqst,
4406 samr_dissect_connect_anon_reply },
4407 { SAMR_CLOSE_HND, "Close",
4408 samr_dissect_close_hnd_rqst,
4409 samr_dissect_close_hnd_reply },
4410 { SAMR_SET_SEC_OBJECT, "SetSecObject",
4411 samr_dissect_set_sec_object_rqst,
4412 samr_dissect_set_sec_object_reply },
4413 { SAMR_QUERY_SEC_OBJECT, "QuerySecObject",
4414 samr_dissect_query_sec_object_rqst,
4415 samr_dissect_query_sec_object_reply },
4416 { SAMR_SHUTDOWN_SAM_SERVER, "ShutdownSamServer",
4417 samr_dissect_shutdown_sam_server_rqst,
4418 samr_dissect_shutdown_sam_server_reply },
4419 { SAMR_LOOKUP_DOMAIN, "LookupDomain",
4420 samr_dissect_lookup_domain_rqst,
4421 samr_dissect_lookup_domain_reply },
4422 { SAMR_ENUM_DOMAINS, "EnumDomains",
4423 samr_dissect_enum_domains_rqst,
4424 samr_dissect_enum_domains_reply },
4425 { SAMR_OPEN_DOMAIN, "OpenDomain",
4426 samr_dissect_open_domain_rqst,
4427 samr_dissect_open_domain_reply },
4428 { SAMR_QUERY_DOMAIN_INFO, "QueryDomainInfo",
4429 samr_dissect_query_information_alias_rqst,
4430 samr_dissect_query_information_domain_reply },
4431 { SAMR_SET_DOMAIN_INFO, "SetDomainInfo",
4432 samr_dissect_set_information_domain_rqst,
4433 samr_dissect_set_information_domain_reply },
4434 { SAMR_CREATE_DOM_GROUP, "CreateGroup",
4435 samr_dissect_create_alias_in_domain_rqst,
4436 samr_dissect_create_alias_in_domain_reply },
4437 { SAMR_ENUM_DOM_GROUPS, "EnumDomainGroups",
4438 samr_dissect_enum_dom_groups_rqst,
4439 samr_dissect_enum_dom_groups_reply },
4440 { SAMR_CREATE_USER_IN_DOMAIN, "CreateUser",
4441 samr_dissect_create_group_in_domain_rqst,
4442 samr_dissect_create_group_in_domain_reply },
4443 { SAMR_ENUM_DOM_USERS, "EnumDomainUsers",
4444 samr_dissect_enum_dom_groups_rqst,
4445 samr_dissect_enum_dom_groups_reply },
4446 { SAMR_CREATE_DOM_ALIAS, "CreateAlias",
4447 samr_dissect_create_alias_in_domain_rqst,
4448 samr_dissect_create_alias_in_domain_reply },
4449 { SAMR_ENUM_DOM_ALIASES, "EnumAlises",
4450 samr_dissect_enum_dom_aliases_rqst,
4451 samr_dissect_enum_dom_aliases_reply },
4452 { SAMR_GET_ALIAS_MEMBERSHIP, "GetAliasMem",
4453 samr_dissect_get_alias_membership_rqst,
4454 samr_dissect_get_alias_membership_reply },
4455 { SAMR_LOOKUP_NAMES, "LookupNames",
4456 samr_dissect_lookup_names_rqst,
4457 samr_dissect_lookup_names_reply },
4458 { SAMR_LOOKUP_RIDS, "LookupRIDs",
4459 samr_dissect_lookup_rids_rqst,
4460 samr_dissect_lookup_rids_reply },
4461 { SAMR_OPEN_GROUP, "OpenGroup",
4462 samr_dissect_open_group_rqst,
4463 samr_dissect_open_group_reply },
4464 { SAMR_QUERY_GROUPINFO, "QueryGroupInfo",
4465 samr_dissect_query_information_group_rqst,
4466 samr_dissect_query_information_group_reply },
4467 { SAMR_SET_GROUPINFO, "SetGroupInfo",
4468 samr_dissect_set_information_group_rqst,
4469 samr_dissect_set_information_group_reply },
4470 { SAMR_ADD_GROUPMEM, "AddGroupMem",
4471 samr_dissect_add_member_to_group_rqst,
4472 samr_dissect_add_member_to_group_reply },
4473 { SAMR_DELETE_DOM_GROUP, "DeleteDomainGroup",
4474 samr_dissect_delete_dom_group_rqst,
4475 samr_dissect_delete_dom_group_reply },
4476 { SAMR_DEL_GROUPMEM, "RemoveGroupMem",
4477 samr_dissect_remove_member_from_group_rqst,
4478 samr_dissect_remove_member_from_group_reply },
4479 { SAMR_QUERY_GROUPMEM, "QueryGroupMem",
4480 samr_dissect_query_groupmem_rqst,
4481 samr_dissect_query_groupmem_reply },
4482 { SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SetMemberAttrGroup",
4483 samr_dissect_set_member_attributes_of_group_rqst,
4484 samr_dissect_set_member_attributes_of_group_reply },
4485 { SAMR_OPEN_ALIAS, "OpenAlias",
4486 samr_dissect_open_alias_rqst,
4487 samr_dissect_open_alias_reply },
4488 { SAMR_QUERY_ALIASINFO, "QueryAliasInfo",
4489 samr_dissect_query_information_alias_rqst,
4490 samr_dissect_query_information_alias_reply },
4491 { SAMR_SET_ALIASINFO, "SetAliasInfo",
4492 samr_dissect_set_information_alias_rqst,
4493 samr_dissect_set_information_alias_reply },
4494 { SAMR_DELETE_DOM_ALIAS, "DeleteAlias",
4495 samr_dissect_delete_dom_alias_rqst,
4496 samr_dissect_delete_dom_alias_reply },
4497 { SAMR_ADD_ALIASMEM, "AddAliasMem",
4498 samr_dissect_add_alias_member_rqst,
4499 samr_dissect_add_alias_member_reply },
4500 { SAMR_DEL_ALIASMEM, "RemoveAliasMem",
4501 samr_dissect_remove_alias_member_rqst,
4502 samr_dissect_remove_alias_member_reply },
4503 { SAMR_GET_MEMBERS_IN_ALIAS, "GetAliasMem",
4504 samr_dissect_get_members_in_alias_rqst,
4505 samr_dissect_get_members_in_alias_reply },
4506 { SAMR_OPEN_USER, "OpenUser",
4507 samr_dissect_open_user_rqst,
4508 samr_dissect_open_user_reply },
4509 { SAMR_DELETE_DOM_USER, "DeleteUser",
4510 samr_dissect_delete_dom_user_rqst,
4511 samr_dissect_delete_dom_user_reply },
4512 { SAMR_QUERY_USERINFO, "QueryUserInfo",
4513 samr_dissect_query_information_user_rqst,
4514 samr_dissect_query_information_user_reply },
4515 { SAMR_SET_USERINFO2, "SetUserInfo2",
4516 samr_dissect_set_information_user2_rqst,
4517 samr_dissect_set_information_user2_reply },
4518 { SAMR_CHANGE_PASSWORD_USER, "ChangePassword",
4519 samr_dissect_change_password_user_rqst,
4520 samr_dissect_change_password_user_reply },
4521 { SAMR_GET_GROUPS_FOR_USER, "GetGroups",
4522 samr_dissect_get_groups_for_user_rqst,
4523 samr_dissect_get_groups_for_user_reply },
4524 { SAMR_QUERY_DISPINFO, "QueryDispinfo",
4525 samr_dissect_query_dispinfo_rqst,
4526 samr_dissect_query_dispinfo_reply },
4527 { SAMR_GET_DISPLAY_ENUMERATION_INDEX, "GetDispEnumNDX",
4528 samr_dissect_get_display_enumeration_index_rqst,
4529 samr_dissect_get_display_enumeration_index_reply },
4530 { SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "TestPrivateFnsDomain",
4531 samr_dissect_test_private_fns_domain_rqst,
4532 samr_dissect_test_private_fns_domain_reply },
4533 { SAMR_TEST_PRIVATE_FUNCTIONS_USER, "TestPrivateFnsUser",
4534 samr_dissect_test_private_fns_user_rqst,
4535 samr_dissect_test_private_fns_user_reply },
4536 { SAMR_GET_USRDOM_PWINFO, "GetUserDomPwInfo",
4537 samr_dissect_get_usrdom_pwinfo_rqst,
4538 samr_dissect_get_usrdom_pwinfo_reply },
4539 { SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "RemoveMemberForeignDomain",
4540 samr_dissect_remove_member_from_foreign_domain_rqst,
4541 samr_dissect_remove_member_from_foreign_domain_reply },
4542 { SAMR_QUERY_INFORMATION_DOMAIN2, "QueryDomInfo2",
4543 samr_dissect_query_information_domain_rqst,
4544 samr_dissect_query_information_domain_reply },
4545 { SAMR_UNKNOWN_2f, "Unknown 0x2f",
4546 samr_dissect_unknown_2f_rqst,
4547 samr_dissect_unknown_2f_reply },
4548 { SAMR_QUERY_DISPINFO2, "QueryDispinfo2",
4549 samr_dissect_query_dispinfo_rqst,
4550 samr_dissect_query_dispinfo_reply },
4551 { SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "GetDispEnumNDX2",
4552 samr_dissect_get_display_enumeration_index2_rqst,
4553 samr_dissect_get_display_enumeration_index2_reply },
4554 { SAMR_CREATE_USER2_IN_DOMAIN, "CreateUser2",
4555 samr_dissect_create_user2_in_domain_rqst,
4556 samr_dissect_create_user2_in_domain_reply },
4557 { SAMR_QUERY_DISPINFO3, "QueryDispinfo3",
4558 samr_dissect_query_dispinfo_rqst,
4559 samr_dissect_query_dispinfo_reply },
4560 { SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "AddAliasMemMultiple",
4561 samr_dissect_add_multiple_members_to_alias_rqst,
4562 samr_dissect_add_multiple_members_to_alias_reply },
4563 { SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "RemoveAliasMemMultiple",
4564 samr_dissect_remove_multiple_members_from_alias_rqst,
4565 samr_dissect_remove_multiple_members_from_alias_reply },
4566 { SAMR_OEM_CHANGE_PASSWORD_USER2, "OEMChangePassword2",
4567 samr_dissect_oem_change_password_user2_rqst,
4568 samr_dissect_oem_change_password_user2_reply },
4569 { SAMR_UNICODE_CHANGE_PASSWORD_USER2, "UnicodeChangePassword2",
4570 samr_dissect_unicode_change_password_user2_rqst,
4571 samr_dissect_unicode_change_password_user2_reply },
4572 { SAMR_GET_DOM_PWINFO, "GetDomainPasswordInfo",
4573 samr_dissect_get_domain_password_information_rqst,
4574 samr_dissect_get_domain_password_information_reply },
4575 { SAMR_CONNECT2, "Connect2",
4576 samr_dissect_connect2_rqst,
4577 samr_dissect_connect2_reply },
4578 { SAMR_SET_USERINFO, "SetUserInfo",
4579 samr_dissect_set_information_user2_rqst,
4580 samr_dissect_set_information_user2_reply },
4581 { SAMR_UNKNOWN_3B, "Unknown 0x3b",
4582 samr_dissect_unknown_3b_rqst,
4583 samr_dissect_unknown_3b_reply },
4584 { SAMR_UNKNOWN_3C, "Unknown 0x3c",
4585 samr_dissect_unknown_3c_rqst,
4586 samr_dissect_unknown_3c_reply },
4587 { SAMR_CONNECT4, "Connect4",
4588 samr_dissect_connect4_rqst,
4589 samr_dissect_connect2_reply },
4590 {0, NULL, NULL, NULL }
4593 static const value_string samr_opnum_vals[] = {
4594 { SAMR_CONNECT, "SamrConnect" },
4595 { SAMR_CLOSE_HND, "Close" },
4596 { SAMR_SET_SEC_OBJECT, "SetSecObject" },
4597 { SAMR_QUERY_SEC_OBJECT, "QuerySecObject" },
4598 { SAMR_SHUTDOWN_SAM_SERVER, "ShutdownSamServer" },
4599 { SAMR_LOOKUP_DOMAIN, "LookupDomain" },
4600 { SAMR_ENUM_DOMAINS, "EnumDomains" },
4601 { SAMR_OPEN_DOMAIN, "OpenDomain" },
4602 { SAMR_QUERY_DOMAIN_INFO, "QueryDomainInfo" },
4603 { SAMR_SET_DOMAIN_INFO, "SetDomainInfo" },
4604 { SAMR_CREATE_DOM_GROUP, "CreateGroup" },
4605 { SAMR_ENUM_DOM_GROUPS, "EnumDomainGroups" },
4606 { SAMR_CREATE_USER_IN_DOMAIN, "CreateUser" },
4607 { SAMR_ENUM_DOM_USERS, "EnumDomainUsers" },
4608 { SAMR_CREATE_DOM_ALIAS, "CreateAlias" },
4609 { SAMR_ENUM_DOM_ALIASES, "EnumAlises" },
4610 { SAMR_GET_ALIAS_MEMBERSHIP, "GetAliasMem" },
4611 { SAMR_LOOKUP_NAMES, "LookupNames" },
4612 { SAMR_LOOKUP_RIDS, "LookupRIDs" },
4613 { SAMR_OPEN_GROUP, "OpenGroup" },
4614 { SAMR_QUERY_GROUPINFO, "QueryGroupInfo" },
4615 { SAMR_SET_GROUPINFO, "SetGroupInfo" },
4616 { SAMR_ADD_GROUPMEM, "AddGroupMem" },
4617 { SAMR_DELETE_DOM_GROUP, "DeleteDomainGroup" },
4618 { SAMR_DEL_GROUPMEM, "RemoveGroupMem" },
4619 { SAMR_QUERY_GROUPMEM, "QueryGroupMem" },
4620 { SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SetMemberAttrGroup" },
4621 { SAMR_OPEN_ALIAS, "OpenAlias" },
4622 { SAMR_QUERY_ALIASINFO, "QueryAliasInfo" },
4623 { SAMR_SET_ALIASINFO, "SetAliasInfo" },
4624 { SAMR_DELETE_DOM_ALIAS, "DeleteAlias" },
4625 { SAMR_ADD_ALIASMEM, "AddAliasMem" },
4626 { SAMR_DEL_ALIASMEM, "RemoveAliasMem" },
4627 { SAMR_GET_MEMBERS_IN_ALIAS, "GetAliasMem" },
4628 { SAMR_OPEN_USER, "OpenUser" },
4629 { SAMR_DELETE_DOM_USER, "DeleteUser" },
4630 { SAMR_QUERY_USERINFO, "QueryUserInfo" },
4631 { SAMR_SET_USERINFO2, "SetUserInfo2" },
4632 { SAMR_CHANGE_PASSWORD_USER, "ChangePassword" },
4633 { SAMR_GET_GROUPS_FOR_USER, "GetGroups" },
4634 { SAMR_QUERY_DISPINFO, "QueryDispinfo" },
4635 { SAMR_GET_DISPLAY_ENUMERATION_INDEX, "GetDispEnumNDX" },
4636 { SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "TestPrivateFnsDomain" },
4637 { SAMR_TEST_PRIVATE_FUNCTIONS_USER, "TestPrivateFnsUser" },
4638 { SAMR_GET_USRDOM_PWINFO, "GetUserDomPwInfo" },
4639 { SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "RemoveMemberForeignDomain" },
4640 { SAMR_QUERY_INFORMATION_DOMAIN2, "QueryDomInfo2" },
4641 { SAMR_UNKNOWN_2f, "Unknown 0x2f" },
4642 { SAMR_QUERY_DISPINFO2, "QueryDispinfo2" },
4643 { SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "GetDispEnumNDX2" },
4644 { SAMR_CREATE_USER2_IN_DOMAIN, "CreateUser2" },
4645 { SAMR_QUERY_DISPINFO3, "QueryDispinfo3" },
4646 { SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "AddAliasMemMultiple" },
4647 { SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "RemoveAliasMemMultiple" },
4648 { SAMR_OEM_CHANGE_PASSWORD_USER2, "OEMChangePassword2" },
4649 { SAMR_UNICODE_CHANGE_PASSWORD_USER2, "UnicodeChangePassword2" },
4650 { SAMR_GET_DOM_PWINFO, "GetDomainPasswordInfo" },
4651 { SAMR_CONNECT2, "Connect2" },
4652 { SAMR_SET_USERINFO, "SetUserInfo" },
4653 { SAMR_UNKNOWN_3B, "Unknown 0x3b" },
4654 { SAMR_UNKNOWN_3C, "Unknown 0x3c" },
4655 { SAMR_CONNECT3, "Connect3" },
4656 { SAMR_CONNECT4, "Connect4" },
4661 proto_register_dcerpc_samr(void)
4663 static hf_register_info hf[] = {
4666 { "Operation", "samr.opnum", FT_UINT16, BASE_DEC,
4667 VALS(samr_opnum_vals), 0x0, "Operation", HFILL }},
4670 { "Context Handle", "samr.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }},
4672 { "Group", "samr.group", FT_UINT32, BASE_DEC, NULL, 0x0, "Group", HFILL }},
4674 { "Rid", "samr.rid", FT_UINT32, BASE_DEC, NULL, 0x0, "RID", HFILL }},
4676 { "Type", "samr.type", FT_UINT32, BASE_HEX, NULL, 0x0, "Type", HFILL }},
4678 { "Alias", "samr.alias", FT_UINT32, BASE_HEX, NULL, 0x0, "Alias", HFILL }},
4679 { &hf_samr_rid_attrib,
4680 { "Rid Attrib", "samr.rid.attrib", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
4682 { "Attributes", "samr.attr", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
4684 { "Return code", "samr.rc", FT_UINT32, BASE_HEX, VALS (NT_errors), 0x0, "", HFILL }},
4687 { "Level", "samr.level", FT_UINT16, BASE_DEC,
4688 NULL, 0x0, "Level requested/returned for Information", HFILL }},
4689 { &hf_samr_start_idx,
4690 { "Start Idx", "samr.start_idx", FT_UINT32, BASE_DEC,
4691 NULL, 0x0, "Start Index for returned Information", HFILL }},
4694 { "Entries", "samr.entries", FT_UINT32, BASE_DEC,
4695 NULL, 0x0, "Number of entries to return", HFILL }},
4697 { &hf_samr_max_entries,
4698 { "Max Entries", "samr.max_entries", FT_UINT32, BASE_DEC,
4699 NULL, 0x0, "Maximum number of entries", HFILL }},
4701 { &hf_samr_pref_maxsize,
4702 { "Pref MaxSize", "samr.pref_maxsize", FT_UINT32, BASE_DEC,
4703 NULL, 0x0, "Maximum Size of data to return", HFILL }},
4705 { &hf_samr_total_size,
4706 { "Total Size", "samr.total_size", FT_UINT32, BASE_DEC,
4707 NULL, 0x0, "Total size of data", HFILL }},
4709 { &hf_samr_bad_pwd_count,
4710 { "Bad Pwd Count", "samr.bad_pwd_count", FT_UINT16, BASE_DEC,
4711 NULL, 0x0, "Number of bad pwd entries for this user", HFILL }},
4713 { &hf_samr_logon_count,
4714 { "Logon Count", "samr.logon_count", FT_UINT16, BASE_DEC,
4715 NULL, 0x0, "Number of logons for this user", HFILL }},
4717 { &hf_samr_ret_size,
4718 { "Returned Size", "samr.ret_size", FT_UINT32, BASE_DEC,
4719 NULL, 0x0, "Number of returned objects in this PDU", HFILL }},
4722 { "Index", "samr.index", FT_UINT32, BASE_DEC,
4723 NULL, 0x0, "Index", HFILL }},
4726 { "Count", "samr.count", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of elements in following array", HFILL }},
4728 { &hf_samr_alias_name,
4729 { "Alias Name", "samr.alias_name", FT_STRING, BASE_NONE,
4730 NULL, 0, "Name of Alias", HFILL }},
4732 { &hf_samr_group_name,
4733 { "Group Name", "samr.group_name", FT_STRING, BASE_NONE,
4734 NULL, 0, "Name of Group", HFILL }},
4736 { &hf_samr_acct_name,
4737 { "Account Name", "samr.acct_name", FT_STRING, BASE_NONE,
4738 NULL, 0, "Name of Account", HFILL }},
4741 { "Server", "samr.server", FT_STRING, BASE_NONE,
4742 NULL, 0, "Name of Server", HFILL }},
4745 { "Domain", "samr.domain", FT_STRING, BASE_NONE,
4746 NULL, 0, "Name of Domain", HFILL }},
4748 { &hf_samr_controller,
4749 { "DC", "samr.dc", FT_STRING, BASE_NONE,
4750 NULL, 0, "Name of Domain Controller", HFILL }},
4752 { &hf_samr_full_name,
4753 { "Full Name", "samr.full_name", FT_STRING, BASE_NONE,
4754 NULL, 0, "Full Name of Account", HFILL }},
4757 { "Home", "samr.home", FT_STRING, BASE_NONE,
4758 NULL, 0, "Home directory for this user", HFILL }},
4760 { &hf_samr_home_drive,
4761 { "Home Drive", "samr.home_drive", FT_STRING, BASE_NONE,
4762 NULL, 0, "Home drive for this user", HFILL }},
4765 { "Script", "samr.script", FT_STRING, BASE_NONE,
4766 NULL, 0, "Login script for this user", HFILL }},
4768 { &hf_samr_workstations,
4769 { "Workstations", "samr.workstations", FT_STRING, BASE_NONE,
4770 NULL, 0, "", HFILL }},
4773 { "Profile", "samr.profile", FT_STRING, BASE_NONE,
4774 NULL, 0, "Profile for this user", HFILL }},
4776 { &hf_samr_acct_desc,
4777 { "Account Desc", "samr.acct_desc", FT_STRING, BASE_NONE,
4778 NULL, 0, "Account Description", HFILL }},
4781 { "Comment", "samr.comment", FT_STRING, BASE_NONE,
4782 NULL, 0, "Comment", HFILL }},
4784 { &hf_samr_parameters,
4785 { "Parameters", "samr.parameters", FT_STRING, BASE_NONE,
4786 NULL, 0, "Parameters", HFILL }},
4788 { &hf_samr_unknown_string,
4789 { "Unknown string", "samr.unknown_string", FT_STRING, BASE_NONE,
4790 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
4792 { &hf_samr_unknown_hyper,
4793 { "Unknown hyper", "samr.unknown.hyper", FT_UINT64, BASE_HEX,
4794 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4795 { &hf_samr_unknown_long,
4796 { "Unknown long", "samr.unknown.long", FT_UINT32, BASE_HEX,
4797 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4799 { &hf_samr_unknown_short,
4800 { "Unknown short", "samr.unknown.short", FT_UINT16, BASE_HEX,
4801 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4803 { &hf_samr_unknown_char,
4804 { "Unknown char", "samr.unknown.char", FT_UINT8, BASE_HEX,
4805 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4807 { &hf_samr_revision,
4808 { "Revision", "samr.revision", FT_UINT64, BASE_HEX,
4809 NULL, 0x0, "Revision number for this structure", HFILL }},
4811 { &hf_samr_nt_pwd_set,
4812 { "NT Pwd Set", "samr.nt_pwd_set", FT_UINT8, BASE_HEX,
4813 NULL, 0x0, "Flag indicating whether the NT password has been set", HFILL }},
4815 { &hf_samr_lm_pwd_set,
4816 { "LM Pwd Set", "samr.lm_pwd_set", FT_UINT8, BASE_HEX,
4817 NULL, 0x0, "Flag indicating whether the LanManager password has been set", HFILL }},
4819 { &hf_samr_pwd_expired,
4820 { "Expired flag", "samr.pwd_Expired", FT_UINT8, BASE_HEX,
4821 NULL, 0x0, "Flag indicating if the password for this account has expired or not", HFILL }},
4824 { "Access Mask", "samr.access", FT_UINT32, BASE_HEX,
4825 NULL, 0x0, "Access", HFILL }},
4827 { &hf_samr_access_granted,
4828 { "Access Granted", "samr.access_granted", FT_UINT32, BASE_HEX,
4829 NULL, 0x0, "Access Granted", HFILL }},
4832 { "Mask", "samr.mask", FT_UINT32, BASE_HEX,
4833 NULL, 0x0, "Mask", HFILL }},
4835 { &hf_samr_crypt_password, {
4836 "Password", "samr.crypt_password", FT_BYTES, BASE_HEX,
4837 NULL, 0, "Encrypted Password", HFILL }},
4839 { &hf_samr_crypt_hash, {
4840 "Hash", "samr.crypt_hash", FT_BYTES, BASE_HEX,
4841 NULL, 0, "Encrypted Hash", HFILL }},
4843 { &hf_samr_lm_change, {
4844 "LM Change", "samr.lm_change", FT_UINT8, BASE_HEX,
4845 NULL, 0, "LM Change value", HFILL }},
4847 { &hf_samr_max_pwd_age,
4848 { "Max Pwd Age", "samr.max_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
4849 NULL, 0, "Maximum Password Age before it expires", HFILL }},
4851 { &hf_samr_min_pwd_age,
4852 { "Min Pwd Age", "samr.min_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
4853 NULL, 0, "Minimum Password Age before it can be changed", HFILL }},
4854 { &hf_samr_unknown_time,
4855 { "Unknown time", "samr.unknown_time", FT_ABSOLUTE_TIME, BASE_NONE,
4856 NULL, 0, "Unknown NT TIME, contact ethereal developers if you know what this is", HFILL }},
4857 { &hf_samr_logon_time,
4858 { "Logon Time", "samr.logon_time", FT_ABSOLUTE_TIME, BASE_NONE,
4859 NULL, 0, "Time for last time this user logged on", HFILL }},
4860 { &hf_samr_kickoff_time,
4861 { "Kickoff Time", "samr.kickoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
4862 NULL, 0, "Time when this user will be kicked off", HFILL }},
4863 { &hf_samr_logoff_time,
4864 { "Logoff Time", "samr.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
4865 NULL, 0, "Time for last time this user logged off", HFILL }},
4866 { &hf_samr_pwd_last_set_time,
4867 { "PWD Last Set", "samr.pwd_last_set_time", FT_ABSOLUTE_TIME, BASE_NONE,
4868 NULL, 0, "Last time this users password was changed", HFILL }},
4869 { &hf_samr_pwd_can_change_time,
4870 { "PWD Can Change", "samr.pwd_can_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
4871 NULL, 0, "When this users password may be changed", HFILL }},
4872 { &hf_samr_pwd_must_change_time,
4873 { "PWD Must Change", "samr.pwd_must_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
4874 NULL, 0, "When this users password must be changed", HFILL }},
4875 { &hf_samr_acct_expiry_time,
4876 { "Acct Expiry", "samr.acct_expiry_time", FT_ABSOLUTE_TIME, BASE_NONE,
4877 NULL, 0, "When this user account expires", HFILL }},
4879 { &hf_samr_min_pwd_len, {
4880 "Min Pwd Len", "samr.min_pwd_len", FT_UINT16, BASE_DEC,
4881 NULL, 0, "Minimum Password Length", HFILL }},
4882 { &hf_samr_pwd_history_len, {
4883 "Pwd History Len", "samr.pwd_history_len", FT_UINT16, BASE_DEC,
4884 NULL, 0, "Password History Length", HFILL }},
4885 { &hf_samr_num_users, {
4886 "Num Users", "samr.num_users", FT_UINT32, BASE_DEC,
4887 NULL, 0, "Number of users in this domain", HFILL }},
4888 { &hf_samr_num_groups, {
4889 "Num Groups", "samr.num_groups", FT_UINT32, BASE_DEC,
4890 NULL, 0, "Number of groups in this domain", HFILL }},
4891 { &hf_samr_num_aliases, {
4892 "Num Aliases", "samr.num_aliases", FT_UINT32, BASE_DEC,
4893 NULL, 0, "Number of aliases in this domain", HFILL }},
4894 { &hf_samr_info_type, {
4895 "Info Type", "samr.info_type", FT_UINT32, BASE_DEC,
4896 NULL, 0, "Information Type", HFILL }},
4897 { &hf_samr_resume_hnd, {
4898 "Resume Hnd", "samr.resume_hnd", FT_UINT32, BASE_DEC,
4899 NULL, 0, "Resume handle", HFILL }},
4900 { &hf_samr_country, {
4901 "Country", "samr.country", FT_UINT16, BASE_DEC,
4902 VALS(ms_country_codes), 0, "Country setting for this user", HFILL }},
4903 { &hf_samr_codepage, {
4904 "Codepage", "samr.codepage", FT_UINT16, BASE_DEC,
4905 NULL, 0, "Codepage setting for this user", HFILL }},
4906 { &hf_samr_divisions, {
4907 "Divisions", "samr.divisions", FT_UINT16, BASE_DEC,
4908 NULL, 0, "Number of divisions for LOGON_HOURS", HFILL }},
4910 /* these are used by packet-dcerpc-nt.c */
4911 { &hf_nt_string_length,
4912 { "Length", "nt.string.length", FT_UINT16, BASE_DEC,
4913 NULL, 0x0, "Length of string in bytes", HFILL }},
4915 { &hf_nt_string_size,
4916 { "Size", "nt.string.size", FT_UINT16, BASE_DEC,
4917 NULL, 0x0, "Size of string in bytes", HFILL }},
4920 { "Length", "nt.str.len", FT_UINT32, BASE_DEC,
4921 NULL, 0x0, "Length of string in short integers", HFILL }},
4924 { "Offset", "nt.str.offset", FT_UINT32, BASE_DEC,
4925 NULL, 0x0, "Offset into string in short integers", HFILL }},
4927 { &hf_nt_str_max_len,
4928 { "Max Length", "nt.str.max_len", FT_UINT32, BASE_DEC,
4929 NULL, 0x0, "Max Length of string in short integers", HFILL }},
4932 { "Acct Ctrl", "nt.acct_ctrl", FT_UINT32, BASE_HEX,
4933 NULL, 0x0, "Acct CTRL", HFILL }},
4935 { &hf_nt_acb_disabled, {
4936 "", "nt.acb.disabled", FT_BOOLEAN, 32,
4937 TFS(&tfs_nt_acb_disabled), 0x0001, "If this account is enabled or disabled", HFILL }},
4939 { &hf_nt_acb_homedirreq, {
4940 "", "nt.acb.homedirreq", FT_BOOLEAN, 32,
4941 TFS(&tfs_nt_acb_homedirreq), 0x0002, "Is hom,edirs required for this account?", HFILL }},
4943 { &hf_nt_acb_pwnotreq, {
4944 "", "nt.acb.pwnotreq", FT_BOOLEAN, 32,
4945 TFS(&tfs_nt_acb_pwnotreq), 0x0004, "If a password is required for this account?", HFILL }},
4947 { &hf_nt_acb_tempdup, {
4948 "", "nt.acb.tempdup", FT_BOOLEAN, 32,
4949 TFS(&tfs_nt_acb_tempdup), 0x0008, "If this is a temporary duplicate account", HFILL }},
4951 { &hf_nt_acb_normal, {
4952 "", "nt.acb.normal", FT_BOOLEAN, 32,
4953 TFS(&tfs_nt_acb_normal), 0x0010, "If this is a normal user account", HFILL }},
4956 "", "nt.acb.mns", FT_BOOLEAN, 32,
4957 TFS(&tfs_nt_acb_mns), 0x0020, "MNS logon user account", HFILL }},
4959 { &hf_nt_acb_domtrust, {
4960 "", "nt.acb.domtrust", FT_BOOLEAN, 32,
4961 TFS(&tfs_nt_acb_domtrust), 0x0040, "Interdomain trust account", HFILL }},
4963 { &hf_nt_acb_wstrust, {
4964 "", "nt.acb.wstrust", FT_BOOLEAN, 32,
4965 TFS(&tfs_nt_acb_wstrust), 0x0080, "Workstation trust account", HFILL }},
4967 { &hf_nt_acb_svrtrust, {
4968 "", "nt.acb.svrtrust", FT_BOOLEAN, 32,
4969 TFS(&tfs_nt_acb_svrtrust), 0x0100, "Server trust account", HFILL }},
4971 { &hf_nt_acb_pwnoexp, {
4972 "", "nt.acb.pwnoexp", FT_BOOLEAN, 32,
4973 TFS(&tfs_nt_acb_pwnoexp), 0x0200, "If this account expires or not", HFILL }},
4975 { &hf_nt_acb_autolock, {
4976 "", "nt.acb.autolock", FT_BOOLEAN, 32,
4977 TFS(&tfs_nt_acb_autolock), 0x0400, "If this account has been autolocked", HFILL }},
4979 /* Object specific access rights */
4981 { &hf_access_domain_lookup_info1,
4982 { "Lookup info1", "samr_access_mask.domain_lookup_info1",
4983 FT_BOOLEAN, 32, TFS(&flags_set_truth),
4984 DOMAIN_ACCESS_LOOKUP_INFO_1, "Lookup info1", HFILL }},
4986 { &hf_access_domain_set_info1,
4987 { "Set info1", "samr_access_mask.domain_set_info1",
4988 FT_BOOLEAN, 32, TFS(&flags_set_truth),
4989 DOMAIN_ACCESS_SET_INFO_1, "Set info1", HFILL }},
4991 { &hf_access_domain_lookup_info2,
4992 { "Lookup info2", "samr_access_mask.domain_lookup_info2",
4993 FT_BOOLEAN, 32, TFS(&flags_set_truth),
4994 DOMAIN_ACCESS_LOOKUP_INFO_2, "Lookup info2", HFILL }},
4996 { &hf_access_domain_set_info2,
4997 { "Set info2", "samr_access_mask.domain_set_info2",
4998 FT_BOOLEAN, 32, TFS(&flags_set_truth),
4999 DOMAIN_ACCESS_SET_INFO_2, "Set info2", HFILL }},
5001 { &hf_access_domain_create_user,
5002 { "Create user", "samr_access_mask.domain_create_user",
5003 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5004 DOMAIN_ACCESS_CREATE_USER, "Create user", HFILL }},
5006 { &hf_access_domain_create_group,
5007 { "Create group", "samr_access_mask.domain_create_group",
5008 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5009 DOMAIN_ACCESS_CREATE_GROUP, "Create group", HFILL }},
5011 { &hf_access_domain_create_alias,
5012 { "Create alias", "samr_access_mask.domain_create_alias",
5013 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5014 DOMAIN_ACCESS_CREATE_ALIAS, "Create alias", HFILL }},
5016 { &hf_access_domain_unknown_80,
5017 { "Unknown 0x80", "samr_access_mask.domain_unknown_80",
5018 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5019 DOMAIN_ACCESS_UNKNOWN_80, "Unknown 0x80", HFILL }},
5021 { &hf_access_domain_enum_accounts,
5022 { "Enum accounts", "samr_access_mask.domain_enum_accounts",
5023 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5024 DOMAIN_ACCESS_ENUM_ACCOUNTS, "Enum accounts", HFILL }},
5026 { &hf_access_domain_open_account,
5027 { "Open account", "samr_access_mask.domain_open_account",
5028 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5029 DOMAIN_ACCESS_OPEN_ACCOUNT, "Open account", HFILL }},
5031 { &hf_access_domain_set_info3,
5032 { "Set info3", "samr_access_mask.domain_set_info3",
5033 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5034 DOMAIN_ACCESS_SET_INFO_3, "Set info3", HFILL }},
5036 { &hf_access_user_get_name_etc,
5037 { "Get name, etc", "samr_access_mask.user_get_name_etc",
5038 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5039 USER_ACCESS_GET_NAME_ETC, "Get name, etc", HFILL }},
5041 { &hf_access_user_get_locale,
5042 { "Get locale", "samr_access_mask.user_get_locale",
5043 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5044 USER_ACCESS_GET_LOCALE, "Get locale", HFILL }},
5046 { &hf_access_user_get_loc_com,
5047 { "Set loc com", "samr_access_mask.user_set_loc_com",
5048 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5049 USER_ACCESS_SET_LOC_COM, "Set loc com", HFILL }},
5051 { &hf_access_user_get_logoninfo,
5052 { "Get logon info", "samr_access_mask.user_get_logoninfo",
5053 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5054 USER_ACCESS_GET_LOGONINFO, "Get logon info", HFILL }},
5056 { &hf_access_user_unknown_10,
5057 { "Unknown 0x10", "samr_access_mask.user_unknown_10",
5058 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5059 USER_ACCESS_UNKNOWN_10, "Unknown 0x10", HFILL }},
5061 { &hf_access_user_set_attributes,
5062 { "Set attributes", "samr_access_mask.user_set_attributes",
5063 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5064 USER_ACCESS_SET_ATTRIBUTES, "Set attributes", HFILL }},
5066 { &hf_access_user_change_password,
5067 { "Change password", "samr_access_mask.user_change_password",
5068 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5069 USER_ACCESS_CHANGE_PASSWORD, "Change password", HFILL }},
5071 { &hf_access_user_set_password,
5072 { "Set password", "samr_access_mask.user_set_password",
5073 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5074 USER_ACCESS_SET_PASSWORD, "Set password", HFILL }},
5076 { &hf_access_user_get_groups,
5077 { "Get groups", "samr_access_mask.user_get_groups",
5078 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5079 USER_ACCESS_GET_GROUPS, "Get groups", HFILL }},
5081 { &hf_access_user_unknown_200,
5082 { "Unknown 0x200", "samr_access_mask.user_unknown_200",
5083 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5084 USER_ACCESS_UNKNOWN_200, "Unknown 0x200", HFILL }},
5086 { &hf_access_user_unknown_400,
5087 { "Unknown 0x400", "samr_access_mask.user_unknown_400",
5088 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5089 USER_ACCESS_UNKNOWN_400, "Unknown 0x400", HFILL }},
5091 { &hf_access_group_lookup_info,
5092 { "Lookup info", "samr_access_mask.group_lookup_info",
5093 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5094 GROUP_ACCESS_LOOKUP_INFO, "Lookup info", HFILL }},
5096 { &hf_access_group_set_info,
5097 { "Get info", "samr_access_mask.group_set_info",
5098 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5099 GROUP_ACCESS_SET_INFO, "Get info", HFILL }},
5101 { &hf_access_group_add_member,
5102 { "Add member", "samr_access_mask.group_add_member",
5103 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5104 GROUP_ACCESS_ADD_MEMBER, "Add member", HFILL }},
5106 { &hf_access_group_remove_member,
5107 { "Remove member", "samr_access_mask.group_remove_member",
5108 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5109 GROUP_ACCESS_REMOVE_MEMBER, "Remove member", HFILL }},
5111 { &hf_access_group_get_members,
5112 { "Get members", "samr_access_mask.group_get_members",
5113 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5114 GROUP_ACCESS_GET_MEMBERS, "Get members", HFILL }},
5116 { &hf_access_alias_add_member,
5117 { "Add member", "samr_access_mask.alias_add_member",
5118 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5119 ALIAS_ACCESS_ADD_MEMBER, "Add member", HFILL }},
5121 { &hf_access_alias_remove_member,
5122 { "Remove member", "samr_access_mask.alias_remove_member",
5123 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5124 ALIAS_ACCESS_REMOVE_MEMBER, "Remove member", HFILL }},
5126 { &hf_access_alias_get_members,
5127 { "Get members", "samr_access_mask.alias_get_members",
5128 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5129 ALIAS_ACCESS_GET_MEMBERS, "Get members", HFILL }},
5131 { &hf_access_alias_lookup_info,
5132 { "Lookup info", "samr_access_mask.alias_lookup_info",
5133 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5134 ALIAS_ACCESS_LOOKUP_INFO, "Lookup info", HFILL }},
5136 { &hf_access_alias_set_info,
5137 { "Set info", "samr_access_mask.alias_set_info",
5138 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5139 ALIAS_ACCESS_SET_INFO, "Set info", HFILL }},
5141 { &hf_access_connect_unknown_01,
5142 { "Unknown 0x01", "samr_access_mask.connect_unknown_01",
5143 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5144 SAMR_ACCESS_UNKNOWN_1, "Unknown 0x01", HFILL }},
5146 { &hf_access_connect_shutdown_server,
5147 { "Shutdown server", "samr_access_mask.connect_shutdown_server",
5148 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5149 SAMR_ACCESS_SHUTDOWN_SERVER, "Shutdown server", HFILL }},
5151 { &hf_access_connect_unknown_04,
5152 { "Unknown 0x04", "samr_access_mask.connect_unknown_04",
5153 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5154 SAMR_ACCESS_UNKNOWN_4, "Unknown 0x04", HFILL }},
5156 { &hf_access_connect_unknown_08,
5157 { "Unknown 0x08", "samr_access_mask.connect_unknown_08",
5158 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5159 SAMR_ACCESS_UNKNOWN_8, "Unknown 0x08", HFILL }},
5161 { &hf_access_connect_enum_domains,
5162 { "Enum domains", "samr_access_mask.connect_enum_domains",
5163 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5164 SAMR_ACCESS_ENUM_DOMAINS, "Enum domains", HFILL }},
5166 { &hf_access_connect_open_domain,
5167 { "Open domain", "samr_access_mask.connect_open_domain",
5168 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5169 SAMR_ACCESS_OPEN_DOMAIN, "Open domain", HFILL }}
5173 static gint *ett[] = {
5175 &ett_samr_user_dispinfo_1,
5176 &ett_samr_user_dispinfo_1_array,
5177 &ett_samr_user_dispinfo_2,
5178 &ett_samr_user_dispinfo_2_array,
5179 &ett_samr_group_dispinfo,
5180 &ett_samr_group_dispinfo_array,
5181 &ett_samr_ascii_dispinfo,
5182 &ett_samr_ascii_dispinfo_array,
5183 &ett_samr_display_info,
5184 &ett_samr_password_info,
5186 &ett_samr_user_group,
5187 &ett_samr_user_group_array,
5188 &ett_samr_alias_info,
5189 &ett_samr_group_info,
5190 &ett_samr_domain_info_1,
5191 &ett_samr_domain_info_2,
5192 &ett_samr_domain_info_8,
5193 &ett_samr_replication_status,
5194 &ett_samr_domain_info_11,
5195 &ett_samr_domain_info_13,
5196 &ett_samr_domain_info,
5197 &ett_samr_sid_pointer,
5198 &ett_samr_sid_array,
5199 &ett_samr_index_array,
5200 &ett_samr_idx_and_name,
5201 &ett_samr_idx_and_name_array,
5202 &ett_samr_logon_hours,
5203 &ett_samr_logon_hours_hours,
5204 &ett_samr_user_info_1,
5205 &ett_samr_user_info_2,
5206 &ett_samr_user_info_3,
5207 &ett_samr_user_info_5,
5208 &ett_samr_user_info_6,
5209 &ett_samr_user_info_18,
5210 &ett_samr_user_info_19,
5211 &ett_samr_buffer_buffer,
5213 &ett_samr_user_info_21,
5214 &ett_samr_user_info_22,
5215 &ett_samr_user_info_23,
5216 &ett_samr_user_info_24,
5217 &ett_samr_user_info,
5218 &ett_samr_member_array_types,
5219 &ett_samr_member_array_rids,
5220 &ett_samr_member_array,
5223 &ett_samr_sid_and_attributes_array,
5224 &ett_samr_sid_and_attributes,
5228 proto_dcerpc_samr = proto_register_protocol(
5229 "Microsoft Security Account Manager", "SAMR", "samr");
5231 proto_register_field_array (proto_dcerpc_samr, hf, array_length (hf));
5232 proto_register_subtree_array(ett, array_length(ett));
5236 proto_reg_handoff_dcerpc_samr(void)
5238 /* Register protocol as dcerpc */
5240 dcerpc_init_uuid(proto_dcerpc_samr, ett_dcerpc_samr, &uuid_dcerpc_samr,
5241 ver_dcerpc_samr, dcerpc_samr_dissectors, hf_samr_opnum);