1 /* packet-dcerpc-samr.c
2 * Routines for SMB \PIPE\samr packet disassembly
3 * Copyright 2001, Tim Potter <tpot@samba.org>
4 * 2002 Added all command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-samr.c,v 1.36 2002/04/29 10:30:18 guy Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #include <epan/packet.h>
34 #include "packet-dcerpc.h"
35 #include "packet-dcerpc-nt.h"
36 #include "packet-dcerpc-samr.h"
37 #include "smb.h" /* for "NT_errors[]" */
39 int dissect_nt_sid(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, char *name);
41 static int proto_dcerpc_samr = -1;
43 static int hf_samr_hnd = -1;
44 static int hf_samr_group = -1;
45 static int hf_samr_rid = -1;
46 static int hf_samr_type = -1;
47 static int hf_samr_alias = -1;
48 static int hf_samr_rid_attrib = -1;
49 static int hf_samr_rc = -1;
50 static int hf_samr_index = -1;
51 static int hf_samr_count = -1;
53 static int hf_samr_level = -1;
54 static int hf_samr_start_idx = -1;
55 static int hf_samr_max_entries = -1;
56 static int hf_samr_entries = -1;
57 static int hf_samr_pref_maxsize = -1;
58 static int hf_samr_total_size = -1;
59 static int hf_samr_ret_size = -1;
60 static int hf_samr_alias_name = -1;
61 static int hf_samr_group_name = -1;
62 static int hf_samr_acct_name = -1;
63 static int hf_samr_full_name = -1;
64 static int hf_samr_acct_desc = -1;
65 static int hf_samr_home = -1;
66 static int hf_samr_home_drive = -1;
67 static int hf_samr_script = -1;
68 static int hf_samr_workstations = -1;
69 static int hf_samr_profile = -1;
70 static int hf_samr_server = -1;
71 static int hf_samr_domain = -1;
72 static int hf_samr_controller = -1;
73 static int hf_samr_access = -1;
74 static int hf_samr_mask = -1;
75 static int hf_samr_crypt_password = -1;
76 static int hf_samr_crypt_hash = -1;
77 static int hf_samr_lm_change = -1;
78 static int hf_samr_attrib = -1;
79 static int hf_samr_max_pwd_age = -1;
80 static int hf_samr_min_pwd_age = -1;
81 static int hf_samr_min_pwd_len = -1;
82 static int hf_samr_pwd_history_len = -1;
83 static int hf_samr_num_users = -1;
84 static int hf_samr_num_groups = -1;
85 static int hf_samr_num_aliases = -1;
86 static int hf_samr_resume_hnd = -1;
87 static int hf_samr_bad_pwd_count = -1;
88 static int hf_samr_logon_count = -1;
89 static int hf_samr_logon_time = -1;
90 static int hf_samr_logoff_time = -1;
91 static int hf_samr_kickoff_time = -1;
92 static int hf_samr_pwd_last_set_time = -1;
93 static int hf_samr_pwd_can_change_time = -1;
94 static int hf_samr_pwd_must_change_time = -1;
95 static int hf_samr_acct_expiry_time = -1;
96 static int hf_samr_country = -1;
97 static int hf_samr_codepage = -1;
98 static int hf_samr_comment = -1;
99 static int hf_samr_parameters = -1;
100 static int hf_samr_nt_pwd_set = -1;
101 static int hf_samr_lm_pwd_set = -1;
102 static int hf_samr_pwd_expired = -1;
103 static int hf_samr_revision = -1;
104 static int hf_samr_divisions = -1;
105 static int hf_samr_info_type = -1;
107 static int hf_samr_unknown_hyper = -1;
108 static int hf_samr_unknown_long = -1;
109 static int hf_samr_unknown_short = -1;
110 static int hf_samr_unknown_char = -1;
111 static int hf_samr_unknown_string = -1;
112 static int hf_samr_unknown_time = -1;
114 /* these are used by functions in packet-dcerpc-nt.c */
115 int hf_nt_str_len = -1;
116 int hf_nt_str_off = -1;
117 int hf_nt_str_max_len = -1;
118 int hf_nt_string_length = -1;
119 int hf_nt_string_size = -1;
120 static int hf_nt_acct_ctrl = -1;
121 static int hf_nt_acb_disabled = -1;
122 static int hf_nt_acb_homedirreq = -1;
123 static int hf_nt_acb_pwnotreq = -1;
124 static int hf_nt_acb_tempdup = -1;
125 static int hf_nt_acb_normal = -1;
126 static int hf_nt_acb_mns = -1;
127 static int hf_nt_acb_domtrust = -1;
128 static int hf_nt_acb_wstrust = -1;
129 static int hf_nt_acb_svrtrust = -1;
130 static int hf_nt_acb_pwnoexp = -1;
131 static int hf_nt_acb_autolock = -1;
133 static gint ett_dcerpc_samr = -1;
134 static gint ett_samr_user_dispinfo_1 = -1;
135 static gint ett_samr_user_dispinfo_1_array = -1;
136 static gint ett_samr_user_dispinfo_2 = -1;
137 static gint ett_samr_user_dispinfo_2_array = -1;
138 static gint ett_samr_group_dispinfo = -1;
139 static gint ett_samr_group_dispinfo_array = -1;
140 static gint ett_samr_ascii_dispinfo = -1;
141 static gint ett_samr_ascii_dispinfo_array = -1;
142 static gint ett_samr_display_info = -1;
143 static gint ett_samr_password_info = -1;
144 static gint ett_samr_server = -1;
145 static gint ett_samr_user_group = -1;
146 static gint ett_samr_user_group_array = -1;
147 static gint ett_samr_alias_info = -1;
148 static gint ett_samr_group_info = -1;
149 static gint ett_samr_domain_info_1 = -1;
150 static gint ett_samr_domain_info_2 = -1;
151 static gint ett_samr_domain_info_8 = -1;
152 static gint ett_samr_replication_status = -1;
153 static gint ett_samr_domain_info_11 = -1;
154 static gint ett_samr_domain_info_13 = -1;
155 static gint ett_samr_domain_info = -1;
156 static gint ett_samr_sid_pointer = -1;
157 static gint ett_samr_sid_array = -1;
158 static gint ett_samr_index_array = -1;
159 static gint ett_samr_idx_and_name = -1;
160 static gint ett_samr_idx_and_name_array = -1;
161 static gint ett_samr_logon_hours = -1;
162 static gint ett_samr_logon_hours_hours = -1;
163 static gint ett_samr_user_info_1 = -1;
164 static gint ett_samr_user_info_2 = -1;
165 static gint ett_samr_user_info_3 = -1;
166 static gint ett_samr_user_info_5 = -1;
167 static gint ett_samr_user_info_6 = -1;
168 static gint ett_samr_user_info_18 = -1;
169 static gint ett_samr_user_info_19 = -1;
170 static gint ett_samr_buffer_buffer = -1;
171 static gint ett_samr_buffer = -1;
172 static gint ett_samr_user_info_21 = -1;
173 static gint ett_samr_user_info_22 = -1;
174 static gint ett_samr_user_info_23 = -1;
175 static gint ett_samr_user_info_24 = -1;
176 static gint ett_samr_user_info = -1;
177 static gint ett_samr_member_array_types = -1;
178 static gint ett_samr_member_array_rids = -1;
179 static gint ett_samr_member_array = -1;
180 static gint ett_samr_names = -1;
181 static gint ett_samr_rids = -1;
182 static gint ett_nt_acct_ctrl = -1;
183 static gint ett_samr_sid_and_attributes_array = -1;
184 static gint ett_samr_sid_and_attributes = -1;
185 #ifdef SAMR_UNUSED_HANDLES
186 static gint ett_samr_hnd = -1;
189 static e_uuid_t uuid_dcerpc_samr = {
190 0x12345778, 0x1234, 0xabcd,
191 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xac}
194 static guint16 ver_dcerpc_samr = 1;
198 dissect_ndr_nt_SID(tvbuff_t *tvb, int offset,
199 packet_info *pinfo, proto_tree *tree,
204 di=pinfo->private_data;
205 if(di->conformant_run){
206 /* just a run to handle conformant arrays, no scalars to dissect */
210 /* the SID contains a conformant array, first we must eat
211 the 4-byte max_count before we can hand it off */
212 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
213 hf_samr_count, NULL);
215 offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Domain");
220 dissect_ndr_nt_SID_ptr(tvbuff_t *tvb, int offset,
221 packet_info *pinfo, proto_tree *tree,
224 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
225 dissect_ndr_nt_SID, NDR_POINTER_UNIQUE,
226 "SID pointer", -1, 1);
232 static const true_false_string tfs_nt_acb_disabled = {
233 "Account is DISABLED",
234 "Account is NOT disabled"
236 static const true_false_string tfs_nt_acb_homedirreq = {
237 "Homedir is REQUIRED",
238 "Homedir is NOT required"
240 static const true_false_string tfs_nt_acb_pwnotreq = {
241 "Password is NOT required",
242 "Password is REQUIRED"
244 static const true_false_string tfs_nt_acb_tempdup = {
245 "This is a TEMPORARY DUPLICATE account",
246 "This is NOT a temporary duplicate account"
248 static const true_false_string tfs_nt_acb_normal = {
249 "This is a NORMAL USER account",
250 "This is NOT a normal user account"
252 static const true_false_string tfs_nt_acb_mns = {
253 "This is a MNS account",
254 "This is NOT a mns account"
256 static const true_false_string tfs_nt_acb_domtrust = {
257 "This is a DOMAIN TRUST account",
258 "This is NOT a domain trust account"
260 static const true_false_string tfs_nt_acb_wstrust = {
261 "This is a WORKSTATION TRUST account",
262 "This is NOT a workstation trust account"
264 static const true_false_string tfs_nt_acb_svrtrust = {
265 "This is a SERVER TRUST account",
266 "This is NOT a server trust account"
268 static const true_false_string tfs_nt_acb_pwnoexp = {
269 "Passwords does NOT expire",
270 "Password will EXPIRE"
272 static const true_false_string tfs_nt_acb_autolock = {
273 "This account has been AUTO LOCKED",
274 "This account has NOT been auto locked"
277 dissect_ndr_nt_acct_ctrl(tvbuff_t *tvb, int offset, packet_info *pinfo,
278 proto_tree *parent_tree, char *drep)
281 proto_item *item = NULL;
282 proto_tree *tree = NULL;
284 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
285 hf_nt_acct_ctrl, &mask);
288 item = proto_tree_add_uint(parent_tree, hf_nt_acct_ctrl,
289 tvb, offset-4, 4, mask);
290 tree = proto_item_add_subtree(item, ett_nt_acct_ctrl);
293 proto_tree_add_boolean(tree, hf_nt_acb_autolock,
294 tvb, offset-4, 4, mask);
295 proto_tree_add_boolean(tree, hf_nt_acb_pwnoexp,
296 tvb, offset-4, 4, mask);
297 proto_tree_add_boolean(tree, hf_nt_acb_svrtrust,
298 tvb, offset-4, 4, mask);
299 proto_tree_add_boolean(tree, hf_nt_acb_wstrust,
300 tvb, offset-4, 4, mask);
301 proto_tree_add_boolean(tree, hf_nt_acb_domtrust,
302 tvb, offset-4, 4, mask);
303 proto_tree_add_boolean(tree, hf_nt_acb_mns,
304 tvb, offset-4, 4, mask);
305 proto_tree_add_boolean(tree, hf_nt_acb_normal,
306 tvb, offset-4, 4, mask);
307 proto_tree_add_boolean(tree, hf_nt_acb_tempdup,
308 tvb, offset-4, 4, mask);
309 proto_tree_add_boolean(tree, hf_nt_acb_pwnotreq,
310 tvb, offset-4, 4, mask);
311 proto_tree_add_boolean(tree, hf_nt_acb_homedirreq,
312 tvb, offset-4, 4, mask);
313 proto_tree_add_boolean(tree, hf_nt_acb_disabled,
314 tvb, offset-4, 4, mask);
320 /* above this line, just some general support routines which should be placed
321 in some more generic file common to all NT services dissectors
325 samr_dissect_open_user_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
326 proto_tree *tree, char *drep)
328 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
329 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
332 if (check_col(pinfo->cinfo, COL_INFO))
333 col_set_str(pinfo->cinfo, COL_INFO, "OpenUser request");
335 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
338 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
339 hf_samr_access, NULL);
341 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
344 if (check_col(pinfo->cinfo, COL_INFO))
345 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
347 dcv->private_data = (void *)rid;
353 samr_dissect_open_user_reply(tvbuff_t *tvb, int offset,
354 packet_info *pinfo, proto_tree *tree,
357 if (check_col(pinfo->cinfo, COL_INFO))
358 col_set_str(pinfo->cinfo, COL_INFO, "OpenUser response");
360 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
363 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
370 samr_dissect_pointer_long(tvbuff_t *tvb, int offset,
371 packet_info *pinfo, proto_tree *tree,
376 di=pinfo->private_data;
377 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
383 samr_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
384 packet_info *pinfo, proto_tree *tree,
389 di=pinfo->private_data;
390 if(di->conformant_run){
391 /*just a run to handle conformant arrays, nothing to dissect */
395 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
401 samr_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
402 packet_info *pinfo, proto_tree *tree,
407 di=pinfo->private_data;
408 if(di->conformant_run){
409 /*just a run to handle conformant arrays, nothing to dissect */
413 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
414 di->hf_index, di->levels);
419 samr_dissect_pointer_short(tvbuff_t *tvb, int offset,
420 packet_info *pinfo, proto_tree *tree,
425 di=pinfo->private_data;
426 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
433 samr_dissect_query_dispinfo_rqst(tvbuff_t *tvb, int offset,
434 packet_info *pinfo, proto_tree *tree,
437 if (check_col(pinfo->cinfo, COL_INFO))
438 col_set_str(pinfo->cinfo, COL_INFO, "QueryDispInfo request");
440 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
443 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
444 hf_samr_level, NULL);
445 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
446 hf_samr_start_idx, NULL);
447 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
448 hf_samr_max_entries, NULL);
449 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
450 hf_samr_pref_maxsize, NULL);
456 samr_dissect_USER_DISPINFO_1(tvbuff_t *tvb, int offset,
457 packet_info *pinfo, proto_tree *parent_tree,
460 proto_item *item=NULL;
461 proto_tree *tree=NULL;
462 int old_offset=offset;
465 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
467 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
470 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
471 hf_samr_index, NULL);
472 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
474 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
475 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
476 hf_samr_acct_name, 0);
477 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
478 hf_samr_full_name, 0);
479 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
480 hf_samr_acct_desc, 0);
482 proto_item_set_len(item, offset-old_offset);
487 samr_dissect_USER_DISPINFO_1_ARRAY_users(tvbuff_t *tvb, int offset,
488 packet_info *pinfo, proto_tree *tree,
491 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
492 samr_dissect_USER_DISPINFO_1);
498 samr_dissect_USER_DISPINFO_1_ARRAY (tvbuff_t *tvb, int offset,
499 packet_info *pinfo, proto_tree *parent_tree,
503 proto_item *item=NULL;
504 proto_tree *tree=NULL;
505 int old_offset=offset;
508 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
509 "User_DispInfo_1 Array");
510 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1_array);
514 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
515 hf_samr_count, &count);
516 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
517 samr_dissect_USER_DISPINFO_1_ARRAY_users, NDR_POINTER_PTR,
518 "USER_DISPINFO_1_ARRAY", -1, 0);
520 proto_item_set_len(item, offset-old_offset);
527 samr_dissect_USER_DISPINFO_2(tvbuff_t *tvb, int offset,
528 packet_info *pinfo, proto_tree *parent_tree,
531 proto_item *item=NULL;
532 proto_tree *tree=NULL;
533 int old_offset=offset;
536 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
538 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2);
541 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
542 hf_samr_index, NULL);
543 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
545 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
546 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
547 hf_samr_acct_name, 0);
548 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
549 hf_samr_acct_desc, 0);
551 proto_item_set_len(item, offset-old_offset);
556 samr_dissect_USER_DISPINFO_2_ARRAY_users (tvbuff_t *tvb, int offset,
557 packet_info *pinfo, proto_tree *tree,
560 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
561 samr_dissect_USER_DISPINFO_2);
567 samr_dissect_USER_DISPINFO_2_ARRAY (tvbuff_t *tvb, int offset,
568 packet_info *pinfo, proto_tree *parent_tree,
572 proto_item *item=NULL;
573 proto_tree *tree=NULL;
574 int old_offset=offset;
577 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
578 "User_DispInfo_2 Array");
579 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2_array);
583 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
584 hf_samr_count, &count);
585 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
586 samr_dissect_USER_DISPINFO_2_ARRAY_users, NDR_POINTER_PTR,
587 "USER_DISPINFO_2_ARRAY", -1, 0);
589 proto_item_set_len(item, offset-old_offset);
598 samr_dissect_GROUP_DISPINFO(tvbuff_t *tvb, int offset,
599 packet_info *pinfo, proto_tree *parent_tree,
602 proto_item *item=NULL;
603 proto_tree *tree=NULL;
604 int old_offset=offset;
607 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
609 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo);
613 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
614 hf_samr_index, NULL);
615 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
617 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
618 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
619 hf_samr_acct_name, 0);
620 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
621 hf_samr_acct_desc, 0);
623 proto_item_set_len(item, offset-old_offset);
628 samr_dissect_GROUP_DISPINFO_ARRAY_groups(tvbuff_t *tvb, int offset,
629 packet_info *pinfo, proto_tree *tree,
632 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
633 samr_dissect_GROUP_DISPINFO);
639 samr_dissect_GROUP_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
640 packet_info *pinfo, proto_tree *parent_tree,
644 proto_item *item=NULL;
645 proto_tree *tree=NULL;
646 int old_offset=offset;
649 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
650 "Group_DispInfo Array");
651 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo_array);
654 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
655 hf_samr_count, &count);
656 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
657 samr_dissect_GROUP_DISPINFO_ARRAY_groups, NDR_POINTER_PTR,
658 "GROUP_DISPINFO_ARRAY", -1, 0);
660 proto_item_set_len(item, offset-old_offset);
667 samr_dissect_ASCII_DISPINFO(tvbuff_t *tvb, int offset,
668 packet_info *pinfo, proto_tree *parent_tree,
671 proto_item *item=NULL;
672 proto_tree *tree=NULL;
673 int old_offset=offset;
676 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
678 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo);
682 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
683 hf_samr_index, NULL);
684 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
686 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
687 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
688 hf_samr_acct_name, 0);
689 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
690 hf_samr_acct_desc,0 );
692 proto_item_set_len(item, offset-old_offset);
697 samr_dissect_ASCII_DISPINFO_ARRAY_users(tvbuff_t *tvb, int offset,
698 packet_info *pinfo, proto_tree *tree,
701 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
702 samr_dissect_ASCII_DISPINFO);
708 samr_dissect_ASCII_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
709 packet_info *pinfo, proto_tree *parent_tree,
713 proto_item *item=NULL;
714 proto_tree *tree=NULL;
715 int old_offset=offset;
718 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
719 "Ascii_DispInfo Array");
720 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo_array);
723 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
724 hf_samr_count, &count);
725 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
726 samr_dissect_ASCII_DISPINFO_ARRAY_users, NDR_POINTER_PTR,
727 "ACSII_DISPINFO_ARRAY", -1, 0);
729 proto_item_set_len(item, offset-old_offset);
735 samr_dissect_DISPLAY_INFO (tvbuff_t *tvb, int offset,
736 packet_info *pinfo, proto_tree *parent_tree,
739 proto_item *item=NULL;
740 proto_tree *tree=NULL;
741 int old_offset=offset;
745 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
747 tree = proto_item_add_subtree(item, ett_samr_display_info);
750 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
751 hf_samr_level, &level);
754 offset = samr_dissect_USER_DISPINFO_1_ARRAY(
755 tvb, offset, pinfo, tree, drep);
758 offset = samr_dissect_USER_DISPINFO_2_ARRAY(
759 tvb, offset, pinfo, tree, drep);
762 offset = samr_dissect_GROUP_DISPINFO_ARRAY(
763 tvb, offset, pinfo, tree, drep);
766 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
767 tvb, offset, pinfo, tree, drep);
770 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
771 tvb, offset, pinfo, tree, drep);
775 proto_item_set_len(item, offset-old_offset);
780 samr_dissect_query_dispinfo_reply(tvbuff_t *tvb, int offset,
781 packet_info *pinfo, proto_tree *tree,
784 if (check_col(pinfo->cinfo, COL_INFO))
785 col_set_str(pinfo->cinfo, COL_INFO, "QueryDispInfo response");
787 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
788 samr_dissect_pointer_long, NDR_POINTER_REF,
789 "", hf_samr_total_size, 0);
790 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
791 samr_dissect_pointer_long, NDR_POINTER_REF,
792 "", hf_samr_ret_size, 0);
793 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
794 samr_dissect_DISPLAY_INFO, NDR_POINTER_REF,
796 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
803 samr_dissect_get_display_enumeration_index_rqst(tvbuff_t *tvb, int offset,
808 if (check_col(pinfo->cinfo, COL_INFO))
809 col_set_str(pinfo->cinfo, COL_INFO,
810 "GetDispEnumIndex request");
812 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
815 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
816 hf_samr_level, NULL);
818 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
819 hf_samr_acct_name, 0);
825 samr_dissect_get_display_enumeration_index_reply(tvbuff_t *tvb, int offset,
826 packet_info *pinfo, proto_tree *tree,
829 if (check_col(pinfo->cinfo, COL_INFO))
830 col_set_str(pinfo->cinfo, COL_INFO,
831 "GetDispEnumIndex response");
833 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
834 samr_dissect_pointer_long, NDR_POINTER_REF,
835 "", hf_samr_index, 0);
837 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
847 samr_dissect_PASSWORD_INFO(tvbuff_t *tvb, int offset,
848 packet_info *pinfo, proto_tree *parent_tree,
851 proto_item *item=NULL;
852 proto_tree *tree=NULL;
853 int old_offset=offset;
855 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
858 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
860 tree = proto_item_add_subtree(item, ett_samr_password_info);
864 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
865 hf_samr_unknown_short, NULL);
866 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
867 hf_samr_unknown_long, NULL);
869 proto_item_set_len(item, offset-old_offset);
874 samr_dissect_get_usrdom_pwinfo_rqst(tvbuff_t *tvb, int offset,
875 packet_info *pinfo, proto_tree *tree,
878 if (check_col(pinfo->cinfo, COL_INFO))
879 col_set_str(pinfo->cinfo, COL_INFO, "GetPwInfo request");
881 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
888 samr_dissect_get_usrdom_pwinfo_reply(tvbuff_t *tvb, int offset,
889 packet_info *pinfo, proto_tree *tree,
892 if (check_col(pinfo->cinfo, COL_INFO))
893 col_set_str(pinfo->cinfo, COL_INFO, "GetPwInfo response");
895 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
896 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
899 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
907 samr_dissect_connect2_server(tvbuff_t *tvb, int offset,
908 packet_info *pinfo, proto_tree *parent_tree,
911 proto_item *item=NULL;
912 proto_tree *tree=NULL;
913 int old_offset=offset;
916 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
918 tree = proto_item_add_subtree(item, ett_samr_server);
921 offset = dissect_ndr_nt_UNICODE_STRING_str(tvb, offset, pinfo,
924 proto_item_set_len(item, offset-old_offset);
929 samr_dissect_connect2_rqst(tvbuff_t *tvb, int offset,
930 packet_info *pinfo, proto_tree *tree,
933 if (check_col(pinfo->cinfo, COL_INFO))
934 col_set_str(pinfo->cinfo, COL_INFO, "Connect2 request");
936 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
937 samr_dissect_connect2_server, NDR_POINTER_UNIQUE,
938 "Server", hf_samr_server, 1);
940 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
941 hf_samr_access, NULL);
946 samr_dissect_connect2_reply(tvbuff_t *tvb, int offset,
947 packet_info *pinfo, proto_tree *tree,
950 if (check_col(pinfo->cinfo, COL_INFO))
951 col_set_str(pinfo->cinfo, COL_INFO, "Connect2 response");
953 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
956 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
962 samr_dissect_connect_anon_rqst(tvbuff_t *tvb, int offset,
963 packet_info *pinfo, proto_tree *tree,
966 if (check_col(pinfo->cinfo, COL_INFO))
967 col_set_str(pinfo->cinfo, COL_INFO, "ConnectAnon request");
969 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
970 samr_dissect_connect2_server, NDR_POINTER_UNIQUE,
971 "Server", hf_samr_server, 1);
973 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
974 hf_samr_access, NULL);
980 samr_dissect_connect_anon_reply(tvbuff_t *tvb, int offset,
981 packet_info *pinfo, proto_tree *tree,
984 if (check_col(pinfo->cinfo, COL_INFO))
985 col_set_str(pinfo->cinfo, COL_INFO, "ConnectAnon response");
987 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
990 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
997 samr_dissect_USER_GROUP(tvbuff_t *tvb, int offset,
998 packet_info *pinfo, proto_tree *parent_tree,
1001 proto_item *item=NULL;
1002 proto_tree *tree=NULL;
1003 int old_offset=offset;
1006 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1008 tree = proto_item_add_subtree(item, ett_samr_user_group);
1011 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1013 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1014 hf_samr_rid_attrib, NULL);
1016 proto_item_set_len(item, offset-old_offset);
1021 samr_dissect_USER_GROUP_ARRAY_groups (tvbuff_t *tvb, int offset,
1022 packet_info *pinfo, proto_tree *tree,
1025 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1026 samr_dissect_USER_GROUP);
1032 samr_dissect_USER_GROUP_ARRAY(tvbuff_t *tvb, int offset,
1033 packet_info *pinfo, proto_tree *parent_tree,
1037 proto_item *item=NULL;
1038 proto_tree *tree=NULL;
1039 int old_offset=offset;
1042 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1043 "USER_GROUP_ARRAY");
1044 tree = proto_item_add_subtree(item, ett_samr_user_group_array);
1047 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1048 hf_samr_count, &count);
1049 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1050 samr_dissect_USER_GROUP_ARRAY_groups, NDR_POINTER_UNIQUE,
1051 "USER_GROUP_ARRAY", -1, 0);
1053 proto_item_set_len(item, offset-old_offset);
1058 samr_dissect_USER_GROUP_ARRAY_ptr(tvbuff_t *tvb, int offset,
1059 packet_info *pinfo, proto_tree *tree,
1062 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1063 samr_dissect_USER_GROUP_ARRAY, NDR_POINTER_UNIQUE,
1064 "USER_GROUP_ARRAY", -1, 0);
1069 samr_dissect_get_groups_for_user_rqst(tvbuff_t *tvb, int offset,
1070 packet_info *pinfo, proto_tree *tree,
1073 if (check_col(pinfo->cinfo, COL_INFO))
1074 col_set_str(pinfo->cinfo, COL_INFO, "GetUserGroups request");
1076 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1083 samr_dissect_get_groups_for_user_reply(tvbuff_t *tvb, int offset,
1084 packet_info *pinfo, proto_tree *tree,
1087 if (check_col(pinfo->cinfo, COL_INFO))
1088 col_set_str(pinfo->cinfo, COL_INFO, "GetUserGroups response");
1090 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1091 samr_dissect_USER_GROUP_ARRAY_ptr, NDR_POINTER_REF,
1094 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1102 samr_dissect_open_domain_rqst(tvbuff_t *tvb, int offset,
1103 packet_info *pinfo, proto_tree *tree,
1106 if (check_col(pinfo->cinfo, COL_INFO))
1107 col_set_str(pinfo->cinfo, COL_INFO, "OpenDomain request");
1109 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1112 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1113 hf_samr_access, NULL);
1114 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1115 dissect_ndr_nt_SID, NDR_POINTER_REF,
1121 samr_dissect_open_domain_reply(tvbuff_t *tvb, int offset,
1122 packet_info *pinfo, proto_tree *tree,
1125 if (check_col(pinfo->cinfo, COL_INFO))
1126 col_set_str(pinfo->cinfo, COL_INFO, "OpenDomain response");
1128 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1131 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1138 samr_dissect_context_handle_SID(tvbuff_t *tvb, int offset,
1139 packet_info *pinfo, proto_tree *tree,
1142 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1145 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1146 dissect_ndr_nt_SID, NDR_POINTER_REF,
1152 samr_dissect_add_member_to_group_rqst(tvbuff_t *tvb, int offset,
1153 packet_info *pinfo, proto_tree *tree,
1156 if (check_col(pinfo->cinfo, COL_INFO))
1157 col_set_str(pinfo->cinfo, COL_INFO, "AddGroupMem request");
1159 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1162 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1163 hf_samr_group, NULL);
1165 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1172 samr_dissect_add_member_to_group_reply(tvbuff_t *tvb, int offset,
1173 packet_info *pinfo, proto_tree *tree,
1176 if (check_col(pinfo->cinfo, COL_INFO))
1177 col_set_str(pinfo->cinfo, COL_INFO, "AddGroupMem response");
1179 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1186 samr_dissect_unknown_3c_rqst(tvbuff_t *tvb, int offset,
1187 packet_info *pinfo, proto_tree *tree,
1190 if (check_col(pinfo->cinfo, COL_INFO))
1191 col_set_str(pinfo->cinfo, COL_INFO, "Unknown 0x3c request");
1193 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1200 samr_dissect_unknown_3c_reply(tvbuff_t *tvb, int offset,
1201 packet_info *pinfo, proto_tree *tree,
1204 if (check_col(pinfo->cinfo, COL_INFO))
1205 col_set_str(pinfo->cinfo, COL_INFO, "Unknown 0x3c response");
1207 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1208 samr_dissect_pointer_short, NDR_POINTER_REF,
1209 "", hf_samr_unknown_short, 0);
1211 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1217 samr_dissect_create_alias_in_domain_rqst(tvbuff_t *tvb, int offset,
1218 packet_info *pinfo, proto_tree *tree,
1221 if (check_col(pinfo->cinfo, COL_INFO))
1222 col_set_str(pinfo->cinfo, COL_INFO, "CreateAlias request");
1224 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1227 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1228 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1229 "Account Name", hf_samr_acct_name, 0);
1231 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1232 hf_samr_access, NULL);
1238 samr_dissect_create_alias_in_domain_reply(tvbuff_t *tvb, int offset,
1239 packet_info *pinfo, proto_tree *tree,
1242 if (check_col(pinfo->cinfo, COL_INFO))
1243 col_set_str(pinfo->cinfo, COL_INFO, "CreateAlias response");
1245 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1248 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1251 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1258 samr_dissect_query_information_alias_rqst(tvbuff_t *tvb, int offset,
1260 proto_tree *tree, char *drep)
1262 if (check_col(pinfo->cinfo, COL_INFO))
1263 col_set_str(pinfo->cinfo, COL_INFO, "QueryAliasInfo request");
1265 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1268 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1269 hf_samr_level, NULL);
1275 samr_dissect_ALIAS_INFO_1 (tvbuff_t *tvb, int offset,
1276 packet_info *pinfo, proto_tree *tree,
1279 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1281 hf_samr_acct_name, 0);
1282 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1284 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1286 hf_samr_acct_desc, 0);
1291 samr_dissect_ALIAS_INFO(tvbuff_t *tvb, int offset,
1292 packet_info *pinfo, proto_tree *parent_tree,
1295 proto_item *item=NULL;
1296 proto_tree *tree=NULL;
1297 int old_offset=offset;
1301 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1303 tree = proto_item_add_subtree(item, ett_samr_alias_info);
1306 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1307 hf_samr_level, &level);
1310 offset = samr_dissect_ALIAS_INFO_1(
1311 tvb, offset, pinfo, tree, drep);
1314 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1316 hf_samr_acct_name, 0);
1319 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1321 hf_samr_acct_desc, 0);
1325 proto_item_set_len(item, offset-old_offset);
1330 samr_dissect_ALIAS_INFO_ptr(tvbuff_t *tvb, int offset,
1331 packet_info *pinfo, proto_tree *tree,
1334 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1335 samr_dissect_ALIAS_INFO, NDR_POINTER_UNIQUE,
1336 "ALIAS_INFO", -1, 0);
1341 samr_dissect_query_information_alias_reply(tvbuff_t *tvb, int offset,
1343 proto_tree *tree, char *drep)
1345 if (check_col(pinfo->cinfo, COL_INFO))
1346 col_set_str(pinfo->cinfo, COL_INFO, "QueryAliasInfo response");
1348 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1349 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1352 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1359 samr_dissect_set_information_alias_rqst(tvbuff_t *tvb, int offset,
1360 packet_info *pinfo, proto_tree *tree,
1363 if (check_col(pinfo->cinfo, COL_INFO))
1364 col_set_str(pinfo->cinfo, COL_INFO, "SetAliasInfo request");
1366 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1369 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1370 hf_samr_level, NULL);
1371 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1372 samr_dissect_ALIAS_INFO, NDR_POINTER_REF,
1378 samr_dissect_set_information_alias_reply(tvbuff_t *tvb, int offset,
1379 packet_info *pinfo, proto_tree *tree,
1382 if (check_col(pinfo->cinfo, COL_INFO))
1383 col_set_str(pinfo->cinfo, COL_INFO, "SetAliasInfo response");
1385 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1386 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1389 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1395 samr_dissect_CRYPT_PASSWORD(tvbuff_t *tvb, int offset,
1396 packet_info *pinfo, proto_tree *tree,
1399 proto_tree_add_item(tree, hf_samr_crypt_password, tvb, offset, 516,
1406 samr_dissect_CRYPT_HASH(tvbuff_t *tvb, int offset,
1407 packet_info *pinfo, proto_tree *tree,
1410 proto_tree_add_item(tree, hf_samr_crypt_hash, tvb, offset, 16,
1418 samr_dissect_oem_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1420 proto_tree *tree, char *drep)
1422 if (check_col(pinfo->cinfo, COL_INFO))
1423 col_set_str(pinfo->cinfo, COL_INFO,
1424 "OEMChangePassword request");
1426 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1429 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1430 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1431 "Server", hf_samr_server, 0);
1432 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1433 samr_dissect_pointer_STRING, NDR_POINTER_REF,
1434 "Account Name", hf_samr_acct_name, 0);
1435 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1436 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1438 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1439 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1445 samr_dissect_oem_change_password_user2_reply(tvbuff_t *tvb, int offset,
1447 proto_tree *tree, char *drep)
1449 if (check_col(pinfo->cinfo, COL_INFO))
1450 col_set_str(pinfo->cinfo, COL_INFO,
1451 "OEMChangePassword response");
1453 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1460 samr_dissect_unicode_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1462 proto_tree *tree, char *drep)
1464 if (check_col(pinfo->cinfo, COL_INFO))
1465 col_set_str(pinfo->cinfo, COL_INFO,
1466 "UnicodeChangePassword request");
1468 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1471 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1472 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1473 "Server", hf_samr_server, 0);
1474 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1475 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1476 "Account Name", hf_samr_acct_name, 0);
1477 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1478 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1480 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1481 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1483 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1484 hf_samr_lm_change, NULL);
1485 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1486 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1488 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1489 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1495 samr_dissect_unicode_change_password_user2_reply(tvbuff_t *tvb, int offset,
1497 proto_tree *tree, char *drep)
1499 if (check_col(pinfo->cinfo, COL_INFO))
1500 col_set_str(pinfo->cinfo, COL_INFO,
1501 "UnicodeChangePassword response");
1503 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1510 samr_dissect_unknown_3b_rqst(tvbuff_t *tvb, int offset,
1511 packet_info *pinfo, proto_tree *tree,
1514 if (check_col(pinfo->cinfo, COL_INFO))
1515 col_set_str(pinfo->cinfo, COL_INFO, "Unknown 0x3b request");
1517 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1520 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1521 hf_samr_unknown_short, NULL);
1522 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1523 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1524 "Unknown", hf_samr_unknown_string, 0);
1525 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1526 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1527 "Unknown", hf_samr_unknown_string, 0);
1532 samr_dissect_unknown_3b_reply(tvbuff_t *tvb, int offset,
1533 packet_info *pinfo, proto_tree *tree,
1536 if (check_col(pinfo->cinfo, COL_INFO))
1537 col_set_str(pinfo->cinfo, COL_INFO, "Unknown 0x3b response");
1539 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1546 samr_dissect_create_user2_in_domain_rqst(tvbuff_t *tvb, int offset,
1547 packet_info *pinfo, proto_tree *tree,
1550 if (check_col(pinfo->cinfo, COL_INFO))
1551 col_set_str(pinfo->cinfo, COL_INFO, "CreateDomUser request");
1553 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1556 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1557 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1558 "Account Name", hf_samr_acct_name, 0);
1559 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
1560 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1561 hf_samr_access, NULL);
1567 samr_dissect_create_user2_in_domain_reply(tvbuff_t *tvb, int offset,
1568 packet_info *pinfo, proto_tree *tree,
1571 if (check_col(pinfo->cinfo, COL_INFO))
1572 col_set_str(pinfo->cinfo, COL_INFO, "CreateDomUser response");
1574 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1577 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1578 hf_samr_unknown_long, NULL);
1579 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1582 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1588 samr_dissect_get_display_enumeration_index2_rqst(tvbuff_t *tvb, int offset,
1590 proto_tree *tree, char *drep)
1592 if (check_col(pinfo->cinfo, COL_INFO))
1593 col_set_str(pinfo->cinfo, COL_INFO,
1594 "GetDispEnumIndex2 request");
1596 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1599 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1600 hf_samr_level, NULL);
1601 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1602 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1603 "Account Name", hf_samr_acct_name, 0);
1608 samr_dissect_get_display_enumeration_index2_reply(tvbuff_t *tvb, int offset,
1609 packet_info *pinfo, proto_tree *tree,
1612 if (check_col(pinfo->cinfo, COL_INFO))
1613 col_set_str(pinfo->cinfo, COL_INFO,
1614 "GetDispEnumIndex2 response");
1616 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1617 hf_samr_index, NULL);
1619 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1625 samr_dissect_change_password_user_rqst(tvbuff_t *tvb, int offset,
1626 packet_info *pinfo, proto_tree *tree,
1629 if (check_col(pinfo->cinfo, COL_INFO))
1630 col_set_str(pinfo->cinfo, COL_INFO, "ChangePassword request");
1632 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1635 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1636 hf_samr_unknown_char, NULL);
1637 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1638 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1640 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1641 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1643 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1644 hf_samr_unknown_char, NULL);
1645 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1646 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1648 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1649 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1651 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1652 hf_samr_unknown_char, NULL);
1653 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1654 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1656 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1657 hf_samr_unknown_char, NULL);
1658 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1659 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1666 samr_dissect_change_password_user_reply(tvbuff_t *tvb, int offset,
1667 packet_info *pinfo, proto_tree *tree,
1670 if (check_col(pinfo->cinfo, COL_INFO))
1671 col_set_str(pinfo->cinfo, COL_INFO, "ChangePassword response");
1673 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1680 samr_dissect_set_member_attributes_of_group_rqst(tvbuff_t *tvb, int offset,
1682 proto_tree *tree, char *drep)
1684 if (check_col(pinfo->cinfo, COL_INFO))
1685 col_set_str(pinfo->cinfo, COL_INFO, "SetGroupAttr request");
1687 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1690 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1691 hf_samr_attrib, NULL);
1696 samr_dissect_set_member_attributes_of_group_reply(tvbuff_t *tvb, int offset,
1697 packet_info *pinfo, proto_tree *tree,
1700 if (check_col(pinfo->cinfo, COL_INFO))
1701 col_set_str(pinfo->cinfo, COL_INFO, "SetGroupAttr response");
1703 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1710 samr_dissect_GROUP_INFO_1 (tvbuff_t *tvb, int offset,
1711 packet_info *pinfo, proto_tree *tree,
1714 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1716 hf_samr_acct_name, 0);
1717 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1719 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1720 hf_samr_attrib, NULL);
1721 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1723 hf_samr_acct_desc, 0);
1728 samr_dissect_GROUP_INFO(tvbuff_t *tvb, int offset,
1729 packet_info *pinfo, proto_tree *parent_tree,
1732 proto_item *item=NULL;
1733 proto_tree *tree=NULL;
1734 int old_offset=offset;
1738 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1740 tree = proto_item_add_subtree(item, ett_samr_group_info);
1743 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1744 hf_samr_level, &level);
1747 offset = samr_dissect_GROUP_INFO_1(
1748 tvb, offset, pinfo, tree, drep);
1751 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1753 hf_samr_acct_name, 0);
1756 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1757 hf_samr_attrib, NULL);
1760 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1762 hf_samr_acct_desc, 0);
1766 proto_item_set_len(item, offset-old_offset);
1771 samr_dissect_GROUP_INFO_ptr(tvbuff_t *tvb, int offset,
1772 packet_info *pinfo, proto_tree *tree,
1775 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1776 samr_dissect_GROUP_INFO, NDR_POINTER_UNIQUE,
1777 "GROUP_INFO", -1, 0);
1782 samr_dissect_query_information_group_rqst(tvbuff_t *tvb, int offset,
1784 proto_tree *tree, char *drep)
1786 if (check_col(pinfo->cinfo, COL_INFO))
1787 col_set_str(pinfo->cinfo, COL_INFO, "QueryGroupInfo request");
1789 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1792 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1793 hf_samr_level, NULL);
1799 samr_dissect_query_information_group_reply(tvbuff_t *tvb, int offset,
1800 packet_info *pinfo, proto_tree *tree,
1803 if (check_col(pinfo->cinfo, COL_INFO))
1804 col_set_str(pinfo->cinfo, COL_INFO, "QueryGroupInfo response");
1806 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1807 samr_dissect_GROUP_INFO_ptr, NDR_POINTER_REF,
1810 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1816 samr_dissect_set_information_group_rqst(tvbuff_t *tvb, int offset,
1817 packet_info *pinfo, proto_tree *tree,
1820 if (check_col(pinfo->cinfo, COL_INFO))
1821 col_set_str(pinfo->cinfo, COL_INFO, "SetGroupInfo request");
1823 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1826 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1827 hf_samr_level, NULL);
1828 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1829 samr_dissect_GROUP_INFO, NDR_POINTER_REF,
1835 samr_dissect_set_information_group_reply(tvbuff_t *tvb, int offset,
1836 packet_info *pinfo, proto_tree *tree,
1839 if (check_col(pinfo->cinfo, COL_INFO))
1840 col_set_str(pinfo->cinfo, COL_INFO, "SetGroupInfo response");
1842 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1850 samr_dissect_get_domain_password_information_rqst(tvbuff_t *tvb, int offset,
1855 if (check_col(pinfo->cinfo, COL_INFO))
1856 col_set_str(pinfo->cinfo, COL_INFO,
1857 "GetPasswordInfo request");
1859 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1862 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1863 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1864 "Domain", hf_samr_domain, 0);
1869 samr_dissect_get_domain_password_information_reply(tvbuff_t *tvb, int offset,
1874 if (check_col(pinfo->cinfo, COL_INFO))
1875 col_set_str(pinfo->cinfo, COL_INFO,
1876 "GetPasswordInfo response");
1879 * XXX - really? Not the same as
1880 * "samr_dissect_get_usrdom_pwinfo_reply()"?
1882 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1889 samr_dissect_DOMAIN_INFO_1(tvbuff_t *tvb, int offset,
1890 packet_info *pinfo, proto_tree *parent_tree,
1893 proto_item *item=NULL;
1894 proto_tree *tree=NULL;
1895 int old_offset=offset;
1897 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
1900 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1902 tree = proto_item_add_subtree(item, ett_samr_domain_info_1);
1905 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1906 hf_samr_min_pwd_len, NULL);
1907 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1908 hf_samr_pwd_history_len, NULL);
1909 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1910 hf_samr_unknown_long, NULL);
1911 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1912 hf_samr_max_pwd_age);
1913 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1914 hf_samr_min_pwd_age);
1915 proto_item_set_len(item, offset-old_offset);
1920 samr_dissect_DOMAIN_INFO_2(tvbuff_t *tvb, int offset,
1921 packet_info *pinfo, proto_tree *parent_tree,
1924 proto_item *item=NULL;
1925 proto_tree *tree=NULL;
1926 int old_offset=offset;
1929 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1931 tree = proto_item_add_subtree(item, ett_samr_domain_info_2);
1934 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1935 hf_samr_unknown_time);
1936 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1937 hf_samr_unknown_string, 0);
1938 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1940 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1941 hf_samr_controller, 0);
1942 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1943 hf_samr_unknown_time);
1944 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1945 hf_samr_unknown_long, NULL);
1946 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1947 hf_samr_unknown_long, NULL);
1948 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1949 hf_samr_unknown_char, NULL);
1950 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1951 hf_samr_num_users, NULL);
1952 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1953 hf_samr_num_groups, NULL);
1954 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1955 hf_samr_num_aliases, NULL);
1957 proto_item_set_len(item, offset-old_offset);
1962 samr_dissect_DOMAIN_INFO_8(tvbuff_t *tvb, int offset,
1963 packet_info *pinfo, proto_tree *parent_tree,
1966 proto_item *item=NULL;
1967 proto_tree *tree=NULL;
1968 int old_offset=offset;
1971 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1973 tree = proto_item_add_subtree(item, ett_samr_domain_info_8);
1976 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1977 hf_samr_max_pwd_age);
1978 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1979 hf_samr_min_pwd_age);
1981 proto_item_set_len(item, offset-old_offset);
1986 samr_dissect_REPLICATION_STATUS(tvbuff_t *tvb, int offset,
1987 packet_info *pinfo, proto_tree *parent_tree,
1990 proto_item *item=NULL;
1991 proto_tree *tree=NULL;
1992 int old_offset=offset;
1995 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1996 "REPLICATION_STATUS:");
1997 tree = proto_item_add_subtree(item, ett_samr_replication_status);
2000 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2001 hf_samr_unknown_hyper, NULL);
2002 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2003 hf_samr_unknown_hyper, NULL);
2004 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2005 hf_samr_unknown_short, NULL);
2007 proto_item_set_len(item, offset-old_offset);
2012 samr_dissect_DOMAIN_INFO_11(tvbuff_t *tvb, int offset,
2013 packet_info *pinfo, proto_tree *parent_tree,
2016 proto_item *item=NULL;
2017 proto_tree *tree=NULL;
2018 int old_offset=offset;
2021 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2023 tree = proto_item_add_subtree(item, ett_samr_domain_info_11);
2026 offset = samr_dissect_DOMAIN_INFO_2(
2027 tvb, offset, pinfo, tree, drep);
2028 offset = samr_dissect_REPLICATION_STATUS(
2029 tvb, offset, pinfo, tree, drep);
2031 proto_item_set_len(item, offset-old_offset);
2036 samr_dissect_DOMAIN_INFO_13(tvbuff_t *tvb, int offset,
2037 packet_info *pinfo, proto_tree *parent_tree,
2040 proto_item *item=NULL;
2041 proto_tree *tree=NULL;
2042 int old_offset=offset;
2045 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2047 tree = proto_item_add_subtree(item, ett_samr_domain_info_13);
2050 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2051 hf_samr_unknown_time);
2052 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2053 hf_samr_unknown_time);
2054 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2055 hf_samr_unknown_time);
2057 proto_item_set_len(item, offset-old_offset);
2063 samr_dissect_DOMAIN_INFO(tvbuff_t *tvb, int offset,
2064 packet_info *pinfo, proto_tree *parent_tree,
2067 proto_item *item=NULL;
2068 proto_tree *tree=NULL;
2069 int old_offset=offset;
2073 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2075 tree = proto_item_add_subtree(item, ett_samr_domain_info);
2078 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2079 hf_samr_level, &level);
2081 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2084 offset = samr_dissect_DOMAIN_INFO_1(
2085 tvb, offset, pinfo, tree, drep);
2088 offset = samr_dissect_DOMAIN_INFO_2(
2089 tvb, offset, pinfo, tree, drep);
2093 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2094 hf_samr_unknown_time);
2097 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
2098 tree, drep, hf_samr_unknown_string, 0);
2102 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
2103 tree, drep, hf_samr_domain, 0);
2107 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
2108 tree, drep, hf_samr_controller, 0);
2112 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2113 hf_samr_unknown_short, NULL);
2116 offset = samr_dissect_DOMAIN_INFO_8(
2117 tvb, offset, pinfo, tree, drep);
2120 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2121 hf_samr_unknown_short, NULL);
2124 offset = samr_dissect_DOMAIN_INFO_11(
2125 tvb, offset, pinfo, tree, drep);
2128 offset = samr_dissect_REPLICATION_STATUS(
2129 tvb, offset, pinfo, tree, drep);
2132 offset = samr_dissect_DOMAIN_INFO_13(
2133 tvb, offset, pinfo, tree, drep);
2137 proto_item_set_len(item, offset-old_offset);
2142 samr_dissect_DOMAIN_INFO_ptr(tvbuff_t *tvb, int offset,
2143 packet_info *pinfo, proto_tree *tree,
2146 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2147 samr_dissect_DOMAIN_INFO, NDR_POINTER_UNIQUE,
2148 "DOMAIN_INFO pointer", hf_samr_domain, 0);
2153 samr_dissect_set_information_domain_rqst(tvbuff_t *tvb, int offset,
2154 packet_info *pinfo, proto_tree *tree,
2157 if (check_col(pinfo->cinfo, COL_INFO))
2158 col_set_str(pinfo->cinfo, COL_INFO, "SetDomainInfo request");
2160 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2163 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2164 hf_samr_level, NULL);
2165 offset = samr_dissect_DOMAIN_INFO(tvb, offset, pinfo, tree, drep);
2171 samr_dissect_set_information_domain_reply(tvbuff_t *tvb, int offset,
2173 proto_tree *tree, char *drep)
2175 if (check_col(pinfo->cinfo, COL_INFO))
2176 col_set_str(pinfo->cinfo, COL_INFO, "SetDomainInfo response");
2178 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2185 samr_dissect_lookup_domain_rqst(tvbuff_t *tvb, int offset,
2186 packet_info *pinfo, proto_tree *tree,
2189 if (check_col(pinfo->cinfo, COL_INFO))
2190 col_set_str(pinfo->cinfo, COL_INFO, "QueryDomainInfo request");
2192 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2195 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2196 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
2197 "", hf_samr_domain, 0);
2203 samr_dissect_lookup_domain_reply(tvbuff_t *tvb, int offset,
2204 packet_info *pinfo, proto_tree *tree,
2207 if (check_col(pinfo->cinfo, COL_INFO))
2208 col_set_str(pinfo->cinfo, COL_INFO, "QueryDomainInfo reponse");
2210 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2211 dissect_ndr_nt_SID_ptr, NDR_POINTER_REF,
2214 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2220 dissect_ndr_nt_PSID(tvbuff_t *tvb, int offset,
2221 packet_info *pinfo, proto_tree *parent_tree,
2224 proto_item *item=NULL;
2225 proto_tree *tree=NULL;
2226 int old_offset=offset;
2229 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2231 tree = proto_item_add_subtree(item, ett_samr_sid_pointer);
2234 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2235 dissect_ndr_nt_SID, NDR_POINTER_UNIQUE,
2238 proto_item_set_len(item, offset-old_offset);
2244 dissect_ndr_nt_PSID_ARRAY_sids (tvbuff_t *tvb, int offset,
2245 packet_info *pinfo, proto_tree *tree,
2248 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2249 dissect_ndr_nt_PSID);
2256 dissect_ndr_nt_PSID_ARRAY(tvbuff_t *tvb, int offset,
2257 packet_info *pinfo, proto_tree *parent_tree,
2261 proto_item *item=NULL;
2262 proto_tree *tree=NULL;
2263 int old_offset=offset;
2266 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2268 tree = proto_item_add_subtree(item, ett_samr_sid_array);
2271 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2272 hf_samr_count, &count);
2273 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2274 dissect_ndr_nt_PSID_ARRAY_sids, NDR_POINTER_UNIQUE,
2275 "PSID_ARRAY", -1, 0);
2277 proto_item_set_len(item, offset-old_offset);
2281 /* called from NETLOGON but placed here since where are where the hf_fields are defined */
2283 dissect_ndr_nt_SID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
2284 packet_info *pinfo, proto_tree *parent_tree,
2287 proto_item *item=NULL;
2288 proto_tree *tree=NULL;
2291 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2292 "SID_AND_ATTRIBUTES:");
2293 tree = proto_item_add_subtree(item, ett_samr_sid_and_attributes);
2296 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
2298 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2299 hf_samr_attrib, NULL);
2305 dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2306 packet_info *pinfo, proto_tree *parent_tree,
2310 proto_item *item=NULL;
2311 proto_tree *tree=NULL;
2312 int old_offset=offset;
2315 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2316 "SID_AND_ATTRIBUTES array:");
2317 tree = proto_item_add_subtree(item, ett_samr_sid_and_attributes_array);
2320 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2321 hf_samr_count, &count);
2322 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2323 dissect_ndr_nt_SID_AND_ATTRIBUTES);
2325 proto_item_set_len(item, offset-old_offset);
2331 samr_dissect_index(tvbuff_t *tvb, int offset,
2332 packet_info *pinfo, proto_tree *tree,
2337 di=pinfo->private_data;
2339 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2340 di->hf_index, NULL);
2347 samr_dissect_INDEX_ARRAY_value (tvbuff_t *tvb, int offset,
2348 packet_info *pinfo, proto_tree *tree,
2351 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2352 samr_dissect_index);
2358 plural_ending(const char *string)
2362 string_len = strlen(string);
2363 if (string_len > 0 && string[string_len - 1] == 's') {
2364 /* String ends with "s" - pluralize by adding "es" */
2367 /* Field name doesn't end with "s" - pluralize by adding "s" */
2373 samr_dissect_INDEX_ARRAY(tvbuff_t *tvb, int offset,
2374 packet_info *pinfo, proto_tree *parent_tree,
2379 proto_item *item=NULL;
2380 proto_tree *tree=NULL;
2381 int old_offset=offset;
2385 di=pinfo->private_data;
2387 field_name = proto_registrar_get_name(di->hf_index);
2388 snprintf(str, 255, "INDEX_ARRAY: %s%s:", field_name,
2389 plural_ending(field_name));
2391 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2393 tree = proto_item_add_subtree(item, ett_samr_index_array);
2396 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2397 hf_samr_count, &count);
2398 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2399 samr_dissect_INDEX_ARRAY_value, NDR_POINTER_UNIQUE,
2400 str, di->hf_index, 0);
2402 proto_item_set_len(item, offset-old_offset);
2407 samr_dissect_get_alias_membership_rqst(tvbuff_t *tvb, int offset,
2408 packet_info *pinfo, proto_tree *tree,
2411 if (check_col(pinfo->cinfo, COL_INFO))
2412 col_set_str(pinfo->cinfo, COL_INFO, "GetAliasMem request");
2414 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2417 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2418 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2425 samr_dissect_get_alias_membership_response(tvbuff_t *tvb, int offset,
2427 proto_tree *tree, char *drep)
2429 if (check_col(pinfo->cinfo, COL_INFO))
2430 col_set_str(pinfo->cinfo, COL_INFO, "GetAliasMem response");
2432 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2439 samr_dissect_get_alias_membership_reply(tvbuff_t *tvb, int offset,
2440 packet_info *pinfo, proto_tree *tree,
2443 if (check_col(pinfo->cinfo, COL_INFO))
2444 col_set_str(pinfo->cinfo, COL_INFO, "GetAliasMem response");
2446 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2447 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
2448 "", hf_samr_alias, 0);
2450 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2457 samr_dissect_IDX_AND_NAME(tvbuff_t *tvb, int offset,
2458 packet_info *pinfo, proto_tree *parent_tree,
2461 proto_item *item=NULL;
2462 proto_tree *tree=NULL;
2463 int old_offset=offset;
2467 di=pinfo->private_data;
2469 snprintf(str, 255, "IDX_AND_NAME: %s:",proto_registrar_get_name(di->hf_index));
2471 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2473 tree = proto_item_add_subtree(item, ett_samr_idx_and_name);
2476 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2477 hf_samr_index, NULL);
2478 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
2479 tree, drep, di->hf_index, 4);
2481 proto_item_set_len(item, offset-old_offset);
2486 samr_dissect_IDX_AND_NAME_entry (tvbuff_t *tvb, int offset,
2487 packet_info *pinfo, proto_tree *tree,
2490 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2491 samr_dissect_IDX_AND_NAME);
2498 samr_dissect_IDX_AND_NAME_ARRAY(tvbuff_t *tvb, int offset,
2499 packet_info *pinfo, proto_tree *parent_tree,
2504 proto_item *item=NULL;
2505 proto_tree *tree=NULL;
2506 int old_offset=offset;
2510 di=pinfo->private_data;
2512 field_name = proto_registrar_get_name(di->hf_index);
2515 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2516 "IDX_AND_NAME_ARRAY: %s%s:", field_name,
2517 plural_ending(field_name));
2518 tree = proto_item_add_subtree(item, ett_samr_idx_and_name_array);
2522 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2523 hf_samr_count, &count);
2524 snprintf(str, 255, "IDX_AND_NAME pointer: %s%s:", field_name,
2525 plural_ending(field_name));
2526 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2527 samr_dissect_IDX_AND_NAME_entry, NDR_POINTER_UNIQUE,
2528 str, di->hf_index, 0);
2530 proto_item_set_len(item, offset-old_offset);
2535 samr_dissect_IDX_AND_NAME_ARRAY_ptr(tvbuff_t *tvb, int offset,
2536 packet_info *pinfo, proto_tree *tree,
2543 di=pinfo->private_data;
2545 field_name = proto_registrar_get_name(di->hf_index);
2546 snprintf(str, 255, "IDX_AND_NAME_ARRAY pointer: %s%s:", field_name,
2547 plural_ending(field_name));
2548 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2549 samr_dissect_IDX_AND_NAME_ARRAY, NDR_POINTER_UNIQUE,
2550 str, di->hf_index, 0);
2555 samr_dissect_enum_domains_rqst(tvbuff_t *tvb, int offset,
2556 packet_info *pinfo, proto_tree *tree,
2559 if (check_col(pinfo->cinfo, COL_INFO))
2560 col_set_str(pinfo->cinfo, COL_INFO, "EnumDomains request");
2562 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2565 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2566 samr_dissect_pointer_long, NDR_POINTER_REF,
2567 "", hf_samr_resume_hnd, 0);
2569 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2570 hf_samr_pref_maxsize, NULL);
2576 samr_dissect_enum_domains_reply(tvbuff_t *tvb, int offset,
2577 packet_info *pinfo, proto_tree *tree,
2580 if (check_col(pinfo->cinfo, COL_INFO))
2581 col_set_str(pinfo->cinfo, COL_INFO, "EnumDomains response");
2583 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2584 samr_dissect_pointer_long, NDR_POINTER_REF,
2585 "", hf_samr_resume_hnd, 0);
2586 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2587 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2588 "", hf_samr_domain, 0);
2589 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2590 samr_dissect_pointer_long, NDR_POINTER_REF,
2591 "", hf_samr_entries, 0);
2593 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2600 samr_dissect_enum_dom_groups_rqst(tvbuff_t *tvb, int offset,
2601 packet_info *pinfo, proto_tree *tree,
2604 if (check_col(pinfo->cinfo, COL_INFO))
2605 col_set_str(pinfo->cinfo, COL_INFO, "EnumDomGroups request");
2607 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2610 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2611 samr_dissect_pointer_long, NDR_POINTER_REF,
2612 "", hf_samr_resume_hnd, 0);
2613 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2614 hf_samr_mask, NULL);
2615 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2616 hf_samr_pref_maxsize, NULL);
2622 samr_dissect_enum_dom_groups_reply(tvbuff_t *tvb, int offset,
2623 packet_info *pinfo, proto_tree *tree,
2626 if (check_col(pinfo->cinfo, COL_INFO))
2627 col_set_str(pinfo->cinfo, COL_INFO, "EnumDomGroups response");
2629 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2630 samr_dissect_pointer_long, NDR_POINTER_REF,
2631 "", hf_samr_resume_hnd, 0);
2632 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2633 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2634 "", hf_samr_group_name, 0);
2635 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2636 samr_dissect_pointer_long, NDR_POINTER_REF,
2637 "", hf_samr_entries, 0);
2639 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2646 samr_dissect_enum_dom_aliases_rqst(tvbuff_t *tvb, int offset,
2647 packet_info *pinfo, proto_tree *tree,
2650 if (check_col(pinfo->cinfo, COL_INFO))
2651 col_set_str(pinfo->cinfo, COL_INFO, "EnumDomAliases request");
2653 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2656 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2657 samr_dissect_pointer_long, NDR_POINTER_REF,
2658 "", hf_samr_resume_hnd, 0);
2660 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2661 hf_samr_mask, NULL);
2663 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2664 hf_samr_pref_maxsize, NULL);
2670 samr_dissect_enum_dom_aliases_reply(tvbuff_t *tvb, int offset,
2671 packet_info *pinfo, proto_tree *tree,
2674 if (check_col(pinfo->cinfo, COL_INFO))
2675 col_set_str(pinfo->cinfo, COL_INFO, "EnumDomAliases response");
2677 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2678 samr_dissect_pointer_long, NDR_POINTER_REF,
2679 "", hf_samr_resume_hnd, 0);
2681 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2682 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2683 "", hf_samr_alias_name, 0);
2685 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2686 samr_dissect_pointer_long, NDR_POINTER_REF,
2687 "", hf_samr_entries, 0);
2689 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2696 samr_dissect_get_members_in_alias_rqst(tvbuff_t *tvb, int offset,
2697 packet_info *pinfo, proto_tree *tree,
2700 if (check_col(pinfo->cinfo, COL_INFO))
2701 col_set_str(pinfo->cinfo, COL_INFO, "GetAliasMem request");
2703 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2710 samr_dissect_get_members_in_alias_reply(tvbuff_t *tvb, int offset,
2711 packet_info *pinfo, proto_tree *tree,
2714 if (check_col(pinfo->cinfo, COL_INFO))
2715 col_set_str(pinfo->cinfo, COL_INFO, "GetAliasMem response");
2717 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2718 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2721 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2728 samr_dissect_LOGON_HOURS_entry(tvbuff_t *tvb, int offset,
2729 packet_info *pinfo, proto_tree *tree,
2732 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2733 hf_samr_unknown_char, NULL);
2738 samr_dissect_LOGON_HOURS_hours(tvbuff_t *tvb, int offset,
2739 packet_info *pinfo, proto_tree *parent_tree,
2742 proto_item *item=NULL;
2743 proto_tree *tree=NULL;
2744 int old_offset=offset;
2747 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2749 tree = proto_item_add_subtree(item, ett_samr_logon_hours_hours);
2752 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
2753 samr_dissect_LOGON_HOURS_entry);
2755 proto_item_set_len(item, offset-old_offset);
2762 dissect_ndr_nt_LOGON_HOURS(tvbuff_t *tvb, int offset,
2763 packet_info *pinfo, proto_tree *parent_tree,
2766 proto_item *item=NULL;
2767 proto_tree *tree=NULL;
2768 int old_offset=offset;
2770 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
2773 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2775 tree = proto_item_add_subtree(item, ett_samr_logon_hours);
2778 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2779 hf_samr_divisions, NULL);
2780 /* XXX - is this a bitmask like the "logon hours" field in the
2781 Remote API call "NetUserGetInfo()" with an information level
2783 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2784 samr_dissect_LOGON_HOURS_hours, NDR_POINTER_UNIQUE,
2785 "LOGON_HOURS", -1, 0);
2787 proto_item_set_len(item, offset-old_offset);
2793 samr_dissect_USER_INFO_1(tvbuff_t *tvb, int offset,
2794 packet_info *pinfo, proto_tree *parent_tree,
2797 proto_item *item=NULL;
2798 proto_tree *tree=NULL;
2799 int old_offset=offset;
2802 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2804 tree = proto_item_add_subtree(item, ett_samr_user_info_1);
2807 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2808 hf_samr_acct_name, 0);
2809 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2810 hf_samr_full_name, 0);
2811 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2812 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2814 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2817 proto_item_set_len(item, offset-old_offset);
2822 samr_dissect_USER_INFO_2(tvbuff_t *tvb, int offset,
2823 packet_info *pinfo, proto_tree *parent_tree,
2826 proto_item *item=NULL;
2827 proto_tree *tree=NULL;
2828 int old_offset=offset;
2831 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2833 tree = proto_item_add_subtree(item, ett_samr_user_info_2);
2836 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2837 hf_samr_acct_name, 0);
2838 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2839 hf_samr_full_name, 0);
2840 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2841 hf_samr_bad_pwd_count, NULL);
2842 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2843 hf_samr_logon_count, NULL);
2845 proto_item_set_len(item, offset-old_offset);
2850 samr_dissect_USER_INFO_3(tvbuff_t *tvb, int offset,
2851 packet_info *pinfo, proto_tree *parent_tree,
2854 proto_item *item=NULL;
2855 proto_tree *tree=NULL;
2856 int old_offset=offset;
2859 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2861 tree = proto_item_add_subtree(item, ett_samr_user_info_3);
2864 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2865 hf_samr_acct_name, 0);
2866 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2867 hf_samr_full_name, 0);
2868 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2870 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2871 hf_samr_group, NULL);
2872 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2874 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2875 hf_samr_home_drive, 0);
2876 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2878 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2879 hf_samr_acct_desc, 0);
2880 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2881 hf_samr_workstations, 0);
2882 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2883 hf_samr_logon_time);
2884 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2885 hf_samr_logoff_time);
2886 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2887 hf_samr_pwd_last_set_time);
2888 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2889 hf_samr_pwd_can_change_time);
2890 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2891 hf_samr_pwd_must_change_time);
2892 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2893 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2894 hf_samr_logon_count, NULL);
2895 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2896 hf_samr_bad_pwd_count, NULL);
2897 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2899 proto_item_set_len(item, offset-old_offset);
2904 samr_dissect_USER_INFO_5(tvbuff_t *tvb, int offset,
2905 packet_info *pinfo, proto_tree *parent_tree,
2908 proto_item *item=NULL;
2909 proto_tree *tree=NULL;
2910 int old_offset=offset;
2913 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2915 tree = proto_item_add_subtree(item, ett_samr_user_info_5);
2918 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2919 hf_samr_acct_name, 0);
2920 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2921 hf_samr_full_name, 0);
2922 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2924 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2925 hf_samr_group, NULL);
2926 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2927 hf_samr_country, NULL);
2928 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2929 hf_samr_codepage, NULL);
2930 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2932 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2933 hf_samr_home_drive, 0);
2934 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2936 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2937 hf_samr_acct_desc, 0);
2938 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2939 hf_samr_workstations, 0);
2940 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2941 hf_samr_logon_time);
2942 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2943 hf_samr_logoff_time);
2944 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2945 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2946 hf_samr_bad_pwd_count, NULL);
2947 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2948 hf_samr_logon_count, NULL);
2949 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2950 hf_samr_pwd_last_set_time);
2951 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2952 hf_samr_acct_expiry_time);
2953 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2955 proto_item_set_len(item, offset-old_offset);
2960 samr_dissect_USER_INFO_6(tvbuff_t *tvb, int offset,
2961 packet_info *pinfo, proto_tree *parent_tree,
2964 proto_item *item=NULL;
2965 proto_tree *tree=NULL;
2966 int old_offset=offset;
2969 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2971 tree = proto_item_add_subtree(item, ett_samr_user_info_6);
2974 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2975 hf_samr_acct_name, 0);
2976 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2977 hf_samr_full_name, 0);
2979 proto_item_set_len(item, offset-old_offset);
2984 samr_dissect_USER_INFO_18(tvbuff_t *tvb, int offset,
2985 packet_info *pinfo, proto_tree *parent_tree,
2988 proto_item *item=NULL;
2989 proto_tree *tree=NULL;
2990 int old_offset=offset;
2993 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2995 tree = proto_item_add_subtree(item, ett_samr_user_info_18);
2998 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
2999 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
3000 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3001 hf_samr_unknown_char, NULL);
3002 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3003 hf_samr_unknown_char, NULL);
3004 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3005 hf_samr_unknown_char, NULL);
3007 proto_item_set_len(item, offset-old_offset);
3012 samr_dissect_USER_INFO_19(tvbuff_t *tvb, int offset,
3013 packet_info *pinfo, proto_tree *parent_tree,
3016 proto_item *item=NULL;
3017 proto_tree *tree=NULL;
3018 int old_offset=offset;
3021 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3023 tree = proto_item_add_subtree(item, ett_samr_user_info_19);
3026 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3027 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3028 hf_samr_logon_time);
3029 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3030 hf_samr_logoff_time);
3031 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3032 hf_samr_bad_pwd_count, NULL);
3033 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3034 hf_samr_logon_count, NULL);
3036 proto_item_set_len(item, offset-old_offset);
3041 samr_dissect_BUFFER_entry(tvbuff_t *tvb, int offset,
3042 packet_info *pinfo, proto_tree *tree,
3045 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3046 hf_samr_unknown_char, NULL);
3052 samr_dissect_BUFFER_buffer(tvbuff_t *tvb, int offset,
3053 packet_info *pinfo, proto_tree *parent_tree,
3056 proto_item *item=NULL;
3057 proto_tree *tree=NULL;
3058 int old_offset=offset;
3061 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3063 tree = proto_item_add_subtree(item, ett_samr_buffer_buffer);
3066 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3067 samr_dissect_BUFFER_entry);
3069 proto_item_set_len(item, offset-old_offset);
3076 samr_dissect_BUFFER(tvbuff_t *tvb, int offset,
3077 packet_info *pinfo, proto_tree *parent_tree,
3080 proto_item *item=NULL;
3081 proto_tree *tree=NULL;
3082 int old_offset=offset;
3085 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3087 tree = proto_item_add_subtree(item, ett_samr_buffer);
3089 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3090 hf_samr_count, NULL);
3091 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3092 samr_dissect_BUFFER_buffer, NDR_POINTER_UNIQUE,
3095 proto_item_set_len(item, offset-old_offset);
3100 samr_dissect_BUFFER_ptr(tvbuff_t *tvb, int offset,
3101 packet_info *pinfo, proto_tree *tree,
3104 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3105 samr_dissect_BUFFER, NDR_POINTER_UNIQUE,
3111 samr_dissect_USER_INFO_21(tvbuff_t *tvb, int offset,
3112 packet_info *pinfo, proto_tree *parent_tree,
3115 proto_item *item=NULL;
3116 proto_tree *tree=NULL;
3117 int old_offset=offset;
3120 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3122 tree = proto_item_add_subtree(item, ett_samr_user_info_21);
3125 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3126 hf_samr_logon_time);
3127 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3128 hf_samr_logoff_time);
3129 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3130 hf_samr_kickoff_time);
3131 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3132 hf_samr_pwd_last_set_time);
3133 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3134 hf_samr_pwd_can_change_time);
3135 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3136 hf_samr_pwd_must_change_time);
3137 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3138 hf_samr_acct_name, 2);
3139 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3140 hf_samr_full_name, 0);
3141 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3143 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3144 hf_samr_home_drive, 0);
3145 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3147 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3148 hf_samr_profile, 0);
3149 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3150 hf_samr_acct_desc, 0);
3151 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3152 hf_samr_workstations, 0);
3153 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3154 hf_samr_comment, 0);
3155 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3156 hf_samr_parameters, 0);
3157 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3158 hf_samr_unknown_string, 0);
3159 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3160 hf_samr_unknown_string, 0);
3161 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3162 hf_samr_unknown_string, 0);
3163 offset = samr_dissect_BUFFER(tvb, offset, pinfo, tree, drep);
3164 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3166 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3167 hf_samr_group, NULL);
3168 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3169 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3170 hf_samr_unknown_long, NULL);
3171 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
3172 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3173 hf_samr_bad_pwd_count, NULL);
3174 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3175 hf_samr_logon_count, NULL);
3176 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3177 hf_samr_country, NULL);
3178 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3179 hf_samr_codepage, NULL);
3180 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3181 hf_samr_nt_pwd_set, NULL);
3182 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3183 hf_samr_lm_pwd_set, NULL);
3184 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3185 hf_samr_pwd_expired, NULL);
3186 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3187 hf_samr_unknown_char, NULL);
3189 proto_item_set_len(item, offset-old_offset);
3194 samr_dissect_USER_INFO_22(tvbuff_t *tvb, int offset,
3195 packet_info *pinfo, proto_tree *parent_tree,
3198 proto_item *item=NULL;
3199 proto_tree *tree=NULL;
3200 int old_offset=offset;
3203 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3205 tree = proto_item_add_subtree(item, ett_samr_user_info_22);
3208 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3209 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
3210 hf_samr_revision, NULL);
3212 proto_item_set_len(item, offset-old_offset);
3217 samr_dissect_USER_INFO_23(tvbuff_t *tvb, int offset,
3218 packet_info *pinfo, proto_tree *parent_tree,
3221 proto_item *item=NULL;
3222 proto_tree *tree=NULL;
3223 int old_offset=offset;
3226 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3228 tree = proto_item_add_subtree(item, ett_samr_user_info_23);
3231 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3232 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3234 proto_item_set_len(item, offset-old_offset);
3239 samr_dissect_USER_INFO_24(tvbuff_t *tvb, int offset,
3240 packet_info *pinfo, proto_tree *parent_tree,
3243 proto_item *item=NULL;
3244 proto_tree *tree=NULL;
3245 int old_offset=offset;
3248 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3250 tree = proto_item_add_subtree(item, ett_samr_user_info_24);
3253 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3254 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3255 hf_samr_unknown_char, NULL);
3257 proto_item_set_len(item, offset-old_offset);
3262 samr_dissect_USER_INFO (tvbuff_t *tvb, int offset,
3263 packet_info *pinfo, proto_tree *parent_tree,
3266 proto_item *item=NULL;
3267 proto_tree *tree=NULL;
3268 int old_offset=offset;
3272 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3274 tree = proto_item_add_subtree(item, ett_samr_user_info);
3276 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3277 hf_samr_level, &level);
3281 offset = samr_dissect_USER_INFO_1(
3282 tvb, offset, pinfo, tree, drep);
3285 offset = samr_dissect_USER_INFO_2(
3286 tvb, offset, pinfo, tree, drep);
3289 offset = samr_dissect_USER_INFO_3(
3290 tvb, offset, pinfo, tree, drep);
3293 offset = dissect_ndr_nt_LOGON_HOURS(
3294 tvb, offset, pinfo, tree, drep);
3297 offset = samr_dissect_USER_INFO_5(
3298 tvb, offset, pinfo, tree, drep);
3301 offset = samr_dissect_USER_INFO_6(
3302 tvb, offset, pinfo, tree, drep);
3305 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3306 hf_samr_full_name, 0);
3309 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3310 hf_samr_acct_desc, 0);
3313 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3314 hf_samr_unknown_long, NULL);
3317 offset = samr_dissect_USER_INFO_6(
3318 tvb, offset, pinfo, tree, drep);
3321 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3325 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3326 hf_samr_home_drive, 0);
3329 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3333 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3334 hf_samr_workstations, 0);
3337 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3338 hf_samr_unknown_long, NULL);
3341 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3342 hf_samr_unknown_time);
3345 offset = samr_dissect_USER_INFO_18(
3346 tvb, offset, pinfo, tree, drep);
3349 offset = samr_dissect_USER_INFO_19(
3350 tvb, offset, pinfo, tree, drep);
3353 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3354 hf_samr_profile, 0);
3357 offset = samr_dissect_USER_INFO_21(
3358 tvb, offset, pinfo, tree, drep);
3361 offset = samr_dissect_USER_INFO_22(
3362 tvb, offset, pinfo, tree, drep);
3365 offset = samr_dissect_USER_INFO_23(
3366 tvb, offset, pinfo, tree, drep);
3369 offset = samr_dissect_USER_INFO_24(
3370 tvb, offset, pinfo, tree, drep);
3374 proto_item_set_len(item, offset-old_offset);
3379 samr_dissect_USER_INFO_ptr(tvbuff_t *tvb, int offset,
3380 packet_info *pinfo, proto_tree *tree,
3383 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3384 samr_dissect_USER_INFO, NDR_POINTER_UNIQUE,
3385 "USER_INFO pointer", -1, 0);
3390 samr_dissect_set_information_user2_rqst(tvbuff_t *tvb, int offset,
3391 packet_info *pinfo, proto_tree *tree,
3394 if (check_col(pinfo->cinfo, COL_INFO))
3395 col_set_str(pinfo->cinfo, COL_INFO, "SetUserInfo request");
3397 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3400 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3401 hf_samr_level, NULL);
3403 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3404 samr_dissect_USER_INFO, NDR_POINTER_REF,
3411 samr_dissect_set_information_user2_reply(tvbuff_t *tvb, int offset,
3412 packet_info *pinfo, proto_tree *tree,
3415 if (check_col(pinfo->cinfo, COL_INFO))
3416 col_set_str(pinfo->cinfo, COL_INFO, "SetUserInfo response");
3418 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3425 samr_dissect_unknown_2f_rqst(tvbuff_t *tvb, int offset,
3426 packet_info *pinfo, proto_tree *tree,
3429 if (check_col(pinfo->cinfo, COL_INFO))
3430 col_set_str(pinfo->cinfo, COL_INFO, "Unknown 0x2f request");
3432 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3435 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3436 hf_samr_level, NULL);
3442 samr_dissect_unknown_2f_reply(tvbuff_t *tvb, int offset,
3443 packet_info *pinfo, proto_tree *tree,
3446 if (check_col(pinfo->cinfo, COL_INFO))
3447 col_set_str(pinfo->cinfo, COL_INFO, "Unknown 0x2f response");
3449 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3450 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
3453 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3460 samr_dissect_MEMBER_ARRAY_type(tvbuff_t *tvb, int offset,
3461 packet_info *pinfo, proto_tree *tree,
3464 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3465 hf_samr_type, NULL);
3472 samr_dissect_MEMBER_ARRAY_types(tvbuff_t *tvb, int offset,
3473 packet_info *pinfo, proto_tree *parent_tree,
3476 proto_item *item=NULL;
3477 proto_tree *tree=NULL;
3478 int old_offset=offset;
3481 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3482 "MEMBER_ARRAY_types:");
3483 tree = proto_item_add_subtree(item, ett_samr_member_array_types);
3486 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3487 samr_dissect_MEMBER_ARRAY_type);
3489 proto_item_set_len(item, offset-old_offset);
3496 samr_dissect_MEMBER_ARRAY_rid(tvbuff_t *tvb, int offset,
3497 packet_info *pinfo, proto_tree *tree,
3500 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3508 samr_dissect_MEMBER_ARRAY_rids(tvbuff_t *tvb, int offset,
3509 packet_info *pinfo, proto_tree *parent_tree,
3512 proto_item *item=NULL;
3513 proto_tree *tree=NULL;
3514 int old_offset=offset;
3517 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3518 "MEMBER_ARRAY_rids:");
3519 tree = proto_item_add_subtree(item, ett_samr_member_array_rids);
3522 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3523 samr_dissect_MEMBER_ARRAY_rid);
3525 proto_item_set_len(item, offset-old_offset);
3532 samr_dissect_MEMBER_ARRAY(tvbuff_t *tvb, int offset,
3533 packet_info *pinfo, proto_tree *parent_tree,
3537 proto_item *item=NULL;
3538 proto_tree *tree=NULL;
3539 int old_offset=offset;
3542 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3544 tree = proto_item_add_subtree(item, ett_samr_member_array);
3547 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3548 hf_samr_count, &count);
3549 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3550 samr_dissect_MEMBER_ARRAY_rids, NDR_POINTER_UNIQUE,
3552 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3553 samr_dissect_MEMBER_ARRAY_types, NDR_POINTER_UNIQUE,
3556 proto_item_set_len(item, offset-old_offset);
3561 samr_dissect_MEMBER_ARRAY_ptr(tvbuff_t *tvb, int offset,
3562 packet_info *pinfo, proto_tree *tree,
3565 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3566 samr_dissect_MEMBER_ARRAY, NDR_POINTER_UNIQUE,
3567 "MEMBER_ARRAY", -1, 0);
3572 samr_dissect_query_groupmem_rqst(tvbuff_t *tvb, int offset,
3573 packet_info *pinfo, proto_tree *tree,
3576 if (check_col(pinfo->cinfo, COL_INFO))
3577 col_set_str(pinfo->cinfo, COL_INFO, "QueryGroupMem request");
3579 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3585 samr_dissect_query_groupmem_reply(tvbuff_t *tvb, int offset,
3586 packet_info *pinfo, proto_tree *tree,
3589 if (check_col(pinfo->cinfo, COL_INFO))
3590 col_set_str(pinfo->cinfo, COL_INFO, "QueryGroupMem response");
3592 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3593 samr_dissect_MEMBER_ARRAY_ptr, NDR_POINTER_REF,
3596 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3603 samr_dissect_set_sec_object_rqst(tvbuff_t *tvb, int offset,
3604 packet_info *pinfo, proto_tree *tree,
3607 if (check_col(pinfo->cinfo, COL_INFO))
3608 col_set_str(pinfo->cinfo, COL_INFO, "SetSecObject request");
3610 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3613 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3614 hf_samr_info_type, NULL);
3616 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3617 samr_dissect_BUFFER, NDR_POINTER_REF,
3624 samr_dissect_set_sec_object_reply(tvbuff_t *tvb, int offset,
3625 packet_info *pinfo, proto_tree *tree,
3628 if (check_col(pinfo->cinfo, COL_INFO))
3629 col_set_str(pinfo->cinfo, COL_INFO, "SetSecObject response");
3631 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3638 samr_dissect_query_sec_object_rqst(tvbuff_t *tvb, int offset,
3639 packet_info *pinfo, proto_tree *tree,
3642 if (check_col(pinfo->cinfo, COL_INFO))
3643 col_set_str(pinfo->cinfo, COL_INFO, "QuerySecObject request");
3645 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3648 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3649 hf_samr_info_type, NULL);
3655 samr_dissect_query_sec_object_reply(tvbuff_t *tvb, int offset,
3656 packet_info *pinfo, proto_tree *tree,
3659 if (check_col(pinfo->cinfo, COL_INFO))
3660 col_set_str(pinfo->cinfo, COL_INFO, "QuerySecObject response");
3662 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3663 samr_dissect_BUFFER_ptr, NDR_POINTER_REF,
3666 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3673 samr_dissect_LOOKUP_NAMES_name(tvbuff_t *tvb, int offset,
3674 packet_info *pinfo, proto_tree *tree,
3677 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3678 hf_samr_acct_name, 1);
3683 samr_dissect_LOOKUP_NAMES(tvbuff_t *tvb, int offset,
3684 packet_info *pinfo, proto_tree *parent_tree,
3687 proto_item *item=NULL;
3688 proto_tree *tree=NULL;
3689 int old_offset=offset;
3692 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3694 tree = proto_item_add_subtree(item, ett_samr_names);
3697 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3698 samr_dissect_LOOKUP_NAMES_name);
3700 proto_item_set_len(item, offset-old_offset);
3706 samr_dissect_lookup_names_rqst(tvbuff_t *tvb, int offset,
3707 packet_info *pinfo, proto_tree *tree,
3710 if (check_col(pinfo->cinfo, COL_INFO))
3711 col_set_str(pinfo->cinfo, COL_INFO, "LookupNames request");
3713 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3716 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3717 hf_samr_count, NULL);
3719 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3720 samr_dissect_LOOKUP_NAMES, NDR_POINTER_REF,
3727 samr_dissect_lookup_names_reply(tvbuff_t *tvb, int offset,
3728 packet_info *pinfo, proto_tree *tree,
3731 if (check_col(pinfo->cinfo, COL_INFO))
3732 col_set_str(pinfo->cinfo, COL_INFO, "LookupNames response");
3734 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3735 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3736 "", hf_samr_rid, 0);
3737 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3738 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3739 "", hf_samr_type, 0);
3741 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3748 samr_dissect_LOOKUP_RIDS_rid(tvbuff_t *tvb, int offset,
3749 packet_info *pinfo, proto_tree *tree,
3752 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3759 samr_dissect_LOOKUP_RIDS(tvbuff_t *tvb, int offset,
3760 packet_info *pinfo, proto_tree *parent_tree,
3763 proto_item *item=NULL;
3764 proto_tree *tree=NULL;
3765 int old_offset=offset;
3768 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3770 tree = proto_item_add_subtree(item, ett_samr_rids);
3773 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3774 samr_dissect_LOOKUP_RIDS_rid);
3776 proto_item_set_len(item, offset-old_offset);
3782 samr_dissect_lookup_rids_rqst(tvbuff_t *tvb, int offset,
3783 packet_info *pinfo, proto_tree *tree,
3786 if (check_col(pinfo->cinfo, COL_INFO))
3787 col_set_str(pinfo->cinfo, COL_INFO, "LookupRids request");
3789 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3792 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3793 hf_samr_count, NULL);
3795 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3796 samr_dissect_LOOKUP_RIDS, NDR_POINTER_REF,
3803 samr_dissect_UNICODE_STRING_ARRAY_name(tvbuff_t *tvb, int offset,
3804 packet_info *pinfo, proto_tree *tree,
3807 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3808 hf_samr_acct_name, 0);
3813 samr_dissect_UNICODE_STRING_ARRAY_names(tvbuff_t *tvb, int offset,
3814 packet_info *pinfo, proto_tree *tree,
3817 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3818 samr_dissect_UNICODE_STRING_ARRAY_name);
3823 samr_dissect_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
3824 packet_info *pinfo, proto_tree *parent_tree,
3827 proto_item *item=NULL;
3828 proto_tree *tree=NULL;
3829 int old_offset=offset;
3832 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3834 tree = proto_item_add_subtree(item, ett_samr_names);
3837 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3838 hf_samr_count, NULL);
3840 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3841 samr_dissect_UNICODE_STRING_ARRAY_names, NDR_POINTER_UNIQUE,
3844 proto_item_set_len(item, offset-old_offset);
3852 samr_dissect_lookup_rids_reply(tvbuff_t *tvb, int offset,
3853 packet_info *pinfo, proto_tree *tree,
3856 if (check_col(pinfo->cinfo, COL_INFO))
3857 col_set_str(pinfo->cinfo, COL_INFO, "LookupRids response");
3859 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3860 samr_dissect_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
3861 "", hf_samr_rid, 0);
3862 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3863 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3864 "", hf_samr_type, 0);
3866 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3873 samr_dissect_close_hnd_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
3874 proto_tree *tree, char *drep)
3876 if (check_col(pinfo->cinfo, COL_INFO))
3877 col_set_str(pinfo->cinfo, COL_INFO, "Close request");
3879 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3886 samr_dissect_close_hnd_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
3887 proto_tree *tree, char *drep)
3889 if (check_col(pinfo->cinfo, COL_INFO))
3890 col_set_str(pinfo->cinfo, COL_INFO, "Close response");
3892 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3895 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3902 samr_dissect_shutdown_sam_server_rqst(tvbuff_t *tvb, int offset,
3903 packet_info *pinfo, proto_tree *tree,
3906 if (check_col(pinfo->cinfo, COL_INFO))
3907 col_set_str(pinfo->cinfo, COL_INFO, "SamShutdown request");
3909 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3916 samr_dissect_shutdown_sam_server_reply(tvbuff_t *tvb, int offset,
3917 packet_info *pinfo, proto_tree *tree,
3920 if (check_col(pinfo->cinfo, COL_INFO))
3921 col_set_str(pinfo->cinfo, COL_INFO, "SamShutdown response");
3923 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3930 samr_dissect_delete_dom_group_rqst(tvbuff_t *tvb, int offset,
3931 packet_info *pinfo, proto_tree *tree,
3934 if (check_col(pinfo->cinfo, COL_INFO))
3935 col_set_str(pinfo->cinfo, COL_INFO, "DeleteGroup request");
3937 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3944 samr_dissect_delete_dom_group_reply(tvbuff_t *tvb, int offset,
3945 packet_info *pinfo, proto_tree *tree,
3948 if (check_col(pinfo->cinfo, COL_INFO))
3949 col_set_str(pinfo->cinfo, COL_INFO, "DeleteGroup response");
3951 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3958 samr_dissect_remove_member_from_group_rqst(tvbuff_t *tvb, int offset,
3960 proto_tree *tree, char *drep)
3962 if (check_col(pinfo->cinfo, COL_INFO))
3963 col_set_str(pinfo->cinfo, COL_INFO, "DeleteGroupMem request");
3965 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3968 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3969 hf_samr_group, NULL);
3971 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3978 samr_dissect_remove_member_from_group_reply(tvbuff_t *tvb, int offset,
3980 proto_tree *tree, char *drep)
3982 if (check_col(pinfo->cinfo, COL_INFO))
3983 col_set_str(pinfo->cinfo, COL_INFO, "DeleteGroupMem response");
3985 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3992 samr_dissect_delete_dom_alias_rqst(tvbuff_t *tvb, int offset,
3993 packet_info *pinfo, proto_tree *tree,
3996 if (check_col(pinfo->cinfo, COL_INFO))
3997 col_set_str(pinfo->cinfo, COL_INFO, "DeleteAlias request");
3999 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
4006 samr_dissect_delete_dom_alias_reply(tvbuff_t *tvb, int offset,
4007 packet_info *pinfo, proto_tree *tree,
4010 if (check_col(pinfo->cinfo, COL_INFO))
4011 col_set_str(pinfo->cinfo, COL_INFO, "DeleteAlias response");
4013 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4020 samr_dissect_add_alias_member_rqst(tvbuff_t *tvb, int offset,
4021 packet_info *pinfo, proto_tree *tree,
4024 if (check_col(pinfo->cinfo, COL_INFO))
4025 col_set_str(pinfo->cinfo, COL_INFO, "AddAliasMem request");
4027 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4030 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4031 dissect_ndr_nt_SID, NDR_POINTER_REF,
4037 samr_dissect_add_alias_member_reply(tvbuff_t *tvb, int offset,
4038 packet_info *pinfo, proto_tree *tree,
4041 if (check_col(pinfo->cinfo, COL_INFO))
4042 col_set_str(pinfo->cinfo, COL_INFO, "AddAliasMem response");
4044 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4051 samr_dissect_remove_alias_member_rqst(tvbuff_t *tvb, int offset,
4052 packet_info *pinfo, proto_tree *tree,
4055 if (check_col(pinfo->cinfo, COL_INFO))
4056 col_set_str(pinfo->cinfo, COL_INFO, "RemoveAliasMem request");
4058 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4061 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4062 dissect_ndr_nt_SID, NDR_POINTER_REF,
4068 samr_dissect_remove_alias_member_reply(tvbuff_t *tvb, int offset,
4069 packet_info *pinfo, proto_tree *tree,
4072 if (check_col(pinfo->cinfo, COL_INFO))
4073 col_set_str(pinfo->cinfo, COL_INFO, "RemoveAliasMem response");
4075 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4082 samr_dissect_delete_dom_user_rqst(tvbuff_t *tvb, int offset,
4083 packet_info *pinfo, proto_tree *tree,
4086 if (check_col(pinfo->cinfo, COL_INFO))
4087 col_set_str(pinfo->cinfo, COL_INFO, "DeleteDomUser request");
4089 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4096 samr_dissect_delete_dom_user_reply(tvbuff_t *tvb, int offset,
4097 packet_info *pinfo, proto_tree *tree,
4100 if (check_col(pinfo->cinfo, COL_INFO))
4101 col_set_str(pinfo->cinfo, COL_INFO, "DeleteDomUser response");
4103 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4110 samr_dissect_test_private_fns_domain_rqst(tvbuff_t *tvb, int offset,
4111 packet_info *pinfo, proto_tree *tree,
4114 if (check_col(pinfo->cinfo, COL_INFO))
4115 col_set_str(pinfo->cinfo, COL_INFO,
4116 "TestPrivateFnsDomain request");
4118 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4125 samr_dissect_test_private_fns_domain_reply(tvbuff_t *tvb, int offset,
4127 proto_tree *tree, char *drep)
4129 if (check_col(pinfo->cinfo, COL_INFO))
4130 col_set_str(pinfo->cinfo, COL_INFO,
4131 "TestPrivateFnsDomain response");
4133 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4140 samr_dissect_test_private_fns_user_rqst(tvbuff_t *tvb, int offset,
4141 packet_info *pinfo, proto_tree *tree,
4144 if (check_col(pinfo->cinfo, COL_INFO))
4145 col_set_str(pinfo->cinfo, COL_INFO,
4146 "TestPrivateFnsUser request");
4148 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4155 samr_dissect_test_private_fns_user_reply(tvbuff_t *tvb, int offset,
4157 proto_tree *tree, char *drep)
4159 if (check_col(pinfo->cinfo, COL_INFO))
4160 col_set_str(pinfo->cinfo, COL_INFO,
4161 "TestPrivateFnsUser response");
4163 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4170 samr_dissect_remove_member_from_foreign_domain_rqst(tvbuff_t *tvb, int offset,
4175 if (check_col(pinfo->cinfo, COL_INFO))
4176 col_set_str(pinfo->cinfo, COL_INFO,
4177 "RemoveForeignMember request");
4179 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4182 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4183 dissect_ndr_nt_SID, NDR_POINTER_REF,
4189 samr_dissect_remove_member_from_foreign_domain_reply(tvbuff_t *tvb, int offset,
4194 if (check_col(pinfo->cinfo, COL_INFO))
4195 col_set_str(pinfo->cinfo, COL_INFO,
4196 "RemoveForeignMember response");
4198 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4205 samr_dissect_remove_multiple_members_from_alias_rqst(tvbuff_t *tvb,
4211 if (check_col(pinfo->cinfo, COL_INFO))
4212 col_set_str(pinfo->cinfo, COL_INFO,
4213 "RemoveMultipleMembersFromAlias request");
4215 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4218 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4219 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
4226 samr_dissect_remove_multiple_members_from_alias_reply(tvbuff_t *tvb,
4232 if (check_col(pinfo->cinfo, COL_INFO))
4233 col_set_str(pinfo->cinfo, COL_INFO,
4234 "RemoveMultipleMembersFromAlias response");
4236 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4243 samr_dissect_open_group_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4244 proto_tree *tree, char *drep)
4246 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4247 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4250 if (check_col(pinfo->cinfo, COL_INFO))
4251 col_set_str(pinfo->cinfo, COL_INFO, "OpenGroup request");
4253 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4256 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4257 hf_samr_access, NULL);
4259 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4262 if (check_col(pinfo->cinfo, COL_INFO))
4263 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
4265 dcv->private_data = (void *)rid;
4271 samr_dissect_open_group_reply(tvbuff_t *tvb, int offset,
4272 packet_info *pinfo, proto_tree *tree,
4275 if (check_col(pinfo->cinfo, COL_INFO))
4276 col_set_str(pinfo->cinfo, COL_INFO, "OpenGroup response");
4278 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4281 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4288 samr_dissect_open_alias_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4289 proto_tree *tree, char *drep)
4291 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4292 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4295 if (check_col(pinfo->cinfo, COL_INFO))
4296 col_set_str(pinfo->cinfo, COL_INFO, "OpenAlias request");
4298 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4301 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4302 hf_samr_access, NULL);
4304 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4307 if (check_col(pinfo->cinfo, COL_INFO))
4308 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
4310 dcv->private_data = (void *)rid;
4316 samr_dissect_open_alias_reply(tvbuff_t *tvb, int offset,
4317 packet_info *pinfo, proto_tree *tree,
4320 if (check_col(pinfo->cinfo, COL_INFO))
4321 col_set_str(pinfo->cinfo, COL_INFO, "OpenAlias response");
4323 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4326 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4333 samr_dissect_add_multiple_members_to_alias_rqst(tvbuff_t *tvb, int offset,
4335 proto_tree *tree, char *drep)
4337 if (check_col(pinfo->cinfo, COL_INFO))
4338 col_set_str(pinfo->cinfo, COL_INFO,
4339 "AddMultipleMembersToAlias request");
4341 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4344 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4345 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
4352 samr_dissect_add_multiple_members_to_alias_reply(tvbuff_t *tvb, int offset,
4354 proto_tree *tree, char *drep)
4356 if (check_col(pinfo->cinfo, COL_INFO))
4357 col_set_str(pinfo->cinfo, COL_INFO,
4358 "AddMultipleMembersToAlias response");
4360 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4367 samr_dissect_create_group_in_domain_rqst(tvbuff_t *tvb, int offset,
4368 packet_info *pinfo, proto_tree *tree,
4371 if (check_col(pinfo->cinfo, COL_INFO))
4372 col_set_str(pinfo->cinfo, COL_INFO, "CreateGroup request");
4374 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4377 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4378 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
4379 "Account Name", hf_samr_acct_name, 0);
4381 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4382 hf_samr_access, NULL);
4388 samr_dissect_create_group_in_domain_reply(tvbuff_t *tvb, int offset,
4389 packet_info *pinfo, proto_tree *tree,
4392 if (check_col(pinfo->cinfo, COL_INFO))
4393 col_set_str(pinfo->cinfo, COL_INFO, "CreateGroup response");
4395 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4398 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4401 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4408 samr_dissect_query_information_domain_rqst(tvbuff_t *tvb, int offset,
4410 proto_tree *tree, char *drep)
4412 if (check_col(pinfo->cinfo, COL_INFO))
4413 col_set_str(pinfo->cinfo, COL_INFO, "QueryDomInfo request");
4415 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4418 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4419 hf_samr_level, NULL);
4425 samr_dissect_query_information_domain_reply(tvbuff_t *tvb, int offset,
4426 packet_info *pinfo, proto_tree *tree,
4429 if (check_col(pinfo->cinfo, COL_INFO))
4430 col_set_str(pinfo->cinfo, COL_INFO, "QueryDomInfo response");
4432 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4433 samr_dissect_DOMAIN_INFO_ptr, NDR_POINTER_REF,
4434 "", hf_samr_domain, 0);
4436 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4443 samr_dissect_query_information_user_rqst(tvbuff_t *tvb, int offset,
4445 proto_tree *tree, char *drep)
4447 if (check_col(pinfo->cinfo, COL_INFO))
4448 col_set_str(pinfo->cinfo, COL_INFO, "QueryUserInfo request");
4450 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4453 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4454 hf_samr_level, NULL);
4460 samr_dissect_query_information_user_reply(tvbuff_t *tvb, int offset,
4462 proto_tree *tree, char *drep)
4464 if (check_col(pinfo->cinfo, COL_INFO))
4465 col_set_str(pinfo->cinfo, COL_INFO, "QueryUserInfo response");
4467 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4468 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
4471 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4477 static dcerpc_sub_dissector dcerpc_samr_dissectors[] = {
4478 { SAMR_CONNECT_ANON, "CONNECT_ANON",
4479 samr_dissect_connect_anon_rqst,
4480 samr_dissect_connect_anon_reply },
4481 { SAMR_CLOSE_HND, "CLOSE_HND",
4482 samr_dissect_close_hnd_rqst,
4483 samr_dissect_close_hnd_reply },
4484 { SAMR_SET_SEC_OBJECT, "SET_SEC_OBJECT",
4485 samr_dissect_set_sec_object_rqst,
4486 samr_dissect_set_sec_object_reply },
4487 { SAMR_QUERY_SEC_OBJECT, "QUERY_SEC_OBJECT",
4488 samr_dissect_query_sec_object_rqst,
4489 samr_dissect_query_sec_object_reply },
4490 { SAMR_SHUTDOWN_SAM_SERVER, "SHUTDOWN_SAM_SERVER",
4491 samr_dissect_shutdown_sam_server_rqst,
4492 samr_dissect_shutdown_sam_server_reply },
4493 { SAMR_LOOKUP_DOMAIN, "LOOKUP_DOMAIN",
4494 samr_dissect_lookup_domain_rqst,
4495 samr_dissect_lookup_domain_reply },
4496 { SAMR_ENUM_DOMAINS, "ENUM_DOMAINS",
4497 samr_dissect_enum_domains_rqst,
4498 samr_dissect_enum_domains_reply },
4499 { SAMR_OPEN_DOMAIN, "OPEN_DOMAIN",
4500 samr_dissect_open_domain_rqst,
4501 samr_dissect_open_domain_reply },
4502 { SAMR_QUERY_DOMAIN_INFO, "QUERY_INFORMATION_DOMAIN",
4503 samr_dissect_query_information_alias_rqst,
4504 samr_dissect_query_information_domain_reply },
4505 { SAMR_SET_DOMAIN_INFO, "SET_INFORMATION_DOMAIN",
4506 samr_dissect_set_information_domain_rqst,
4507 samr_dissect_set_information_domain_reply },
4508 { SAMR_CREATE_DOM_GROUP, "CREATE_GROUP_IN_DOMAIN",
4509 samr_dissect_create_alias_in_domain_rqst,
4510 samr_dissect_create_alias_in_domain_reply },
4511 { SAMR_ENUM_DOM_GROUPS, "ENUM_DOM_GROUPS",
4512 samr_dissect_enum_dom_groups_rqst,
4513 samr_dissect_enum_dom_groups_reply },
4514 { SAMR_CREATE_USER_IN_DOMAIN, "CREATE_USER_IN_DOMAIN",
4515 samr_dissect_create_group_in_domain_rqst,
4516 samr_dissect_create_group_in_domain_reply },
4517 { SAMR_ENUM_DOM_USERS, "ENUM_DOM_USERS",
4518 samr_dissect_enum_dom_groups_rqst,
4519 samr_dissect_enum_dom_groups_reply },
4520 { SAMR_CREATE_DOM_ALIAS, "CREATE_ALIAS_IN_DOMAIN",
4521 samr_dissect_create_alias_in_domain_rqst,
4522 samr_dissect_create_alias_in_domain_reply },
4523 { SAMR_ENUM_DOM_ALIASES, "ENUM_DOM_ALIASES",
4524 samr_dissect_enum_dom_aliases_rqst,
4525 samr_dissect_enum_dom_aliases_reply },
4526 { SAMR_GET_ALIAS_MEMBERSHIP, "GET_ALIAS_MEMBERSHIP",
4527 samr_dissect_get_alias_membership_rqst,
4528 samr_dissect_get_alias_membership_reply },
4529 { SAMR_LOOKUP_NAMES, "LOOKUP_NAMES",
4530 samr_dissect_lookup_names_rqst,
4531 samr_dissect_lookup_names_reply },
4532 { SAMR_LOOKUP_RIDS, "LOOKUP_RIDS",
4533 samr_dissect_lookup_rids_rqst,
4534 samr_dissect_lookup_rids_reply },
4535 { SAMR_OPEN_GROUP, "OPEN_GROUP",
4536 samr_dissect_open_group_rqst,
4537 samr_dissect_open_group_reply },
4538 { SAMR_QUERY_GROUPINFO, "QUERY_INFORMATION_GROUP",
4539 samr_dissect_query_information_group_rqst,
4540 samr_dissect_query_information_group_reply },
4541 { SAMR_SET_GROUPINFO, "SET_INFORMATION_GROUP",
4542 samr_dissect_set_information_group_rqst,
4543 samr_dissect_set_information_group_reply },
4544 { SAMR_ADD_GROUPMEM, "ADD_MEMBER_TO_GROUP",
4545 samr_dissect_add_member_to_group_rqst,
4546 samr_dissect_add_member_to_group_reply },
4547 { SAMR_DELETE_DOM_GROUP, "DELETE_DOM_GROUP",
4548 samr_dissect_delete_dom_group_rqst,
4549 samr_dissect_delete_dom_group_reply },
4550 { SAMR_DEL_GROUPMEM, "REMOVE_MEMBER_FROM_GROUP",
4551 samr_dissect_remove_member_from_group_rqst,
4552 samr_dissect_remove_member_from_group_reply },
4553 { SAMR_QUERY_GROUPMEM, "QUERY_GROUPMEM",
4554 samr_dissect_query_groupmem_rqst,
4555 samr_dissect_query_groupmem_reply },
4556 { SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SET_MEMBER_ATTRIBUTES_OF_GROUP",
4557 samr_dissect_set_member_attributes_of_group_rqst,
4558 samr_dissect_set_member_attributes_of_group_reply },
4559 { SAMR_OPEN_ALIAS, "OPEN_ALIAS",
4560 samr_dissect_open_alias_rqst,
4561 samr_dissect_open_alias_reply },
4562 { SAMR_QUERY_ALIASINFO, "QUERY_INFORMATION_ALIAS",
4563 samr_dissect_query_information_alias_rqst,
4564 samr_dissect_query_information_alias_reply },
4565 { SAMR_SET_ALIASINFO, "SET_INFORMATION_ALIAS",
4566 samr_dissect_set_information_alias_rqst,
4567 samr_dissect_set_information_alias_reply },
4568 { SAMR_DELETE_DOM_ALIAS, "DELETE_DOM_ALIAS",
4569 samr_dissect_delete_dom_alias_rqst,
4570 samr_dissect_delete_dom_alias_reply },
4571 { SAMR_ADD_ALIASMEM, "ADD_MEMBER_TO_ALIAS",
4572 samr_dissect_add_alias_member_rqst,
4573 samr_dissect_add_alias_member_reply },
4574 { SAMR_DEL_ALIASMEM, "REMOVE_MEMBER_FROM_ALIAS",
4575 samr_dissect_remove_alias_member_rqst,
4576 samr_dissect_remove_alias_member_reply },
4577 { SAMR_GET_MEMBERS_IN_ALIAS, "GET_MEMBERS_IN_ALIAS",
4578 samr_dissect_get_members_in_alias_rqst,
4579 samr_dissect_get_members_in_alias_reply },
4580 { SAMR_OPEN_USER, "OPEN_USER",
4581 samr_dissect_open_user_rqst,
4582 samr_dissect_open_user_reply },
4583 { SAMR_DELETE_DOM_USER, "DELETE_DOM_USER",
4584 samr_dissect_delete_dom_user_rqst,
4585 samr_dissect_delete_dom_user_reply },
4586 { SAMR_QUERY_USERINFO, "QUERY_USERINFO",
4587 samr_dissect_query_information_user_rqst,
4588 samr_dissect_query_information_user_reply },
4589 { SAMR_SET_USERINFO2, "SET_USERINFO2",
4590 samr_dissect_set_information_user2_rqst,
4591 samr_dissect_set_information_user2_reply },
4592 { SAMR_CHANGE_PASSWORD_USER, "CHANGE_PASSWORD_USER",
4593 samr_dissect_change_password_user_rqst,
4594 samr_dissect_change_password_user_reply },
4595 { SAMR_GET_GROUPS_FOR_USER, "GET_GROUPS_FOR_USER",
4596 samr_dissect_get_groups_for_user_rqst,
4597 samr_dissect_get_groups_for_user_reply },
4598 { SAMR_QUERY_DISPINFO, "QUERY_DISPINFO",
4599 samr_dissect_query_dispinfo_rqst,
4600 samr_dissect_query_dispinfo_reply },
4601 { SAMR_GET_DISPLAY_ENUMERATION_INDEX, "GET_DISPLAY_ENUMERATION_INDEX",
4602 samr_dissect_get_display_enumeration_index_rqst,
4603 samr_dissect_get_display_enumeration_index_reply },
4604 { SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "TEST_PRIVATE_FUNCTIONS_DOMAIN",
4605 samr_dissect_test_private_fns_domain_rqst,
4606 samr_dissect_test_private_fns_domain_reply },
4607 { SAMR_TEST_PRIVATE_FUNCTIONS_USER, "TEST_PRIVATE_FUNCTIONS_USER",
4608 samr_dissect_test_private_fns_user_rqst,
4609 samr_dissect_test_private_fns_user_reply },
4610 { SAMR_GET_USRDOM_PWINFO, "GET_USRDOM_PWINFO",
4611 samr_dissect_get_usrdom_pwinfo_rqst,
4612 samr_dissect_get_usrdom_pwinfo_reply },
4613 { SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "REMOVE_MEMBER_FROM_FOREIGN_DOMAIN",
4614 samr_dissect_remove_member_from_foreign_domain_rqst,
4615 samr_dissect_remove_member_from_foreign_domain_reply },
4616 { SAMR_QUERY_INFORMATION_DOMAIN2, "QUERY_INFORMATION_DOMAIN2",
4617 samr_dissect_query_information_domain_rqst,
4618 samr_dissect_query_information_domain_reply },
4619 { SAMR_UNKNOWN_2f, "UNKNOWN_2f",
4620 samr_dissect_unknown_2f_rqst,
4621 samr_dissect_unknown_2f_reply },
4622 { SAMR_QUERY_DISPINFO2, "QUERY_INFORMATION_DISPLAY2",
4623 samr_dissect_query_dispinfo_rqst,
4624 samr_dissect_query_dispinfo_reply },
4625 { SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "GET_DISPLAY_ENUMERATION_INDEX2",
4626 samr_dissect_get_display_enumeration_index2_rqst,
4627 samr_dissect_get_display_enumeration_index2_reply },
4628 { SAMR_CREATE_USER2_IN_DOMAIN, "CREATE_USER2_IN_DOMAIN",
4629 samr_dissect_create_user2_in_domain_rqst,
4630 samr_dissect_create_user2_in_domain_reply },
4631 { SAMR_QUERY_DISPINFO3, "QUERY_INFORMATION_DISPLAY3",
4632 samr_dissect_query_dispinfo_rqst,
4633 samr_dissect_query_dispinfo_reply },
4634 { SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "ADD_MULTIPLE_MEMBERS_TO_ALIAS",
4635 samr_dissect_add_multiple_members_to_alias_rqst,
4636 samr_dissect_add_multiple_members_to_alias_reply },
4637 { SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS",
4638 samr_dissect_remove_multiple_members_from_alias_rqst,
4639 samr_dissect_remove_multiple_members_from_alias_reply },
4640 { SAMR_OEM_CHANGE_PASSWORD_USER2, "OEM_CHANGE_PASSWORD_USER2",
4641 samr_dissect_oem_change_password_user2_rqst,
4642 samr_dissect_oem_change_password_user2_reply },
4643 { SAMR_UNICODE_CHANGE_PASSWORD_USER2, "UNICODE_CHANGE_PASSWORD_USER2",
4644 samr_dissect_unicode_change_password_user2_rqst,
4645 samr_dissect_unicode_change_password_user2_reply },
4646 { SAMR_GET_DOM_PWINFO, "GET_DOMAIN_PASSWORD_INFORMATION",
4647 samr_dissect_get_domain_password_information_rqst,
4648 samr_dissect_get_domain_password_information_reply },
4649 { SAMR_CONNECT2, "CONNECT2",
4650 samr_dissect_connect2_rqst,
4651 samr_dissect_connect2_reply },
4652 { SAMR_SET_USERINFO, "SET_USERINFO",
4653 samr_dissect_set_information_user2_rqst,
4654 samr_dissect_set_information_user2_reply },
4655 { SAMR_UNKNOWN_3B, "UNKNOWN_3B",
4656 samr_dissect_unknown_3b_rqst,
4657 samr_dissect_unknown_3b_reply },
4658 { SAMR_UNKNOWN_3C, "UNKNOWN_3C",
4659 samr_dissect_unknown_3c_rqst,
4660 samr_dissect_unknown_3c_reply },
4661 {0, NULL, NULL, NULL },
4665 proto_register_dcerpc_samr(void)
4667 static hf_register_info hf[] = {
4669 { "Context Handle", "samr.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }},
4671 { "Group", "samr.group", FT_UINT32, BASE_DEC, NULL, 0x0, "Group", HFILL }},
4673 { "Rid", "samr.rid", FT_UINT32, BASE_DEC, NULL, 0x0, "RID", HFILL }},
4675 { "Type", "samr.type", FT_UINT32, BASE_HEX, NULL, 0x0, "Type", HFILL }},
4677 { "Alias", "samr.alias", FT_UINT32, BASE_HEX, NULL, 0x0, "Alias", HFILL }},
4678 { &hf_samr_rid_attrib,
4679 { "Rid Attrib", "samr.rid.attrib", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
4681 { "Attributes", "samr.attr", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
4683 { "Return code", "samr.rc", FT_UINT32, BASE_HEX, VALS (NT_errors), 0x0, "", HFILL }},
4686 { "Level", "samr.level", FT_UINT16, BASE_DEC,
4687 NULL, 0x0, "Level requested/returned for Information", HFILL }},
4688 { &hf_samr_start_idx,
4689 { "Start Idx", "samr.start_idx", FT_UINT32, BASE_DEC,
4690 NULL, 0x0, "Start Index for returned Information", HFILL }},
4693 { "Entries", "samr.entries", FT_UINT32, BASE_DEC,
4694 NULL, 0x0, "Number of entries to return", HFILL }},
4696 { &hf_samr_max_entries,
4697 { "Max Entries", "samr.max_entries", FT_UINT32, BASE_DEC,
4698 NULL, 0x0, "Maximum number of entries", HFILL }},
4700 { &hf_samr_pref_maxsize,
4701 { "Pref MaxSize", "samr.pref_maxsize", FT_UINT32, BASE_DEC,
4702 NULL, 0x0, "Maximum Size of data to return", HFILL }},
4704 { &hf_samr_total_size,
4705 { "Total Size", "samr.total_size", FT_UINT32, BASE_DEC,
4706 NULL, 0x0, "Total size of data", HFILL }},
4708 { &hf_samr_bad_pwd_count,
4709 { "Bad Pwd Count", "samr.bad_pwd_count", FT_UINT16, BASE_DEC,
4710 NULL, 0x0, "Number of bad pwd entries for this user", HFILL }},
4712 { &hf_samr_logon_count,
4713 { "Logon Count", "samr.logon_count", FT_UINT16, BASE_DEC,
4714 NULL, 0x0, "Number of logons for this user", HFILL }},
4716 { &hf_samr_ret_size,
4717 { "Returned Size", "samr.ret_size", FT_UINT32, BASE_DEC,
4718 NULL, 0x0, "Number of returned objects in this PDU", HFILL }},
4721 { "Index", "samr.index", FT_UINT32, BASE_DEC,
4722 NULL, 0x0, "Index", HFILL }},
4725 { "Count", "samr.count", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of elements in following array", HFILL }},
4727 { &hf_samr_alias_name,
4728 { "Alias Name", "samr.alias_name", FT_STRING, BASE_NONE,
4729 NULL, 0, "Name of Alias", HFILL }},
4731 { &hf_samr_group_name,
4732 { "Group Name", "samr.group_name", FT_STRING, BASE_NONE,
4733 NULL, 0, "Name of Group", HFILL }},
4735 { &hf_samr_acct_name,
4736 { "Account Name", "samr.acct_name", FT_STRING, BASE_NONE,
4737 NULL, 0, "Name of Account", HFILL }},
4740 { "Server", "samr.server", FT_STRING, BASE_NONE,
4741 NULL, 0, "Name of Server", HFILL }},
4744 { "Domain", "samr.domain", FT_STRING, BASE_NONE,
4745 NULL, 0, "Name of Domain", HFILL }},
4747 { &hf_samr_controller,
4748 { "DC", "samr.dc", FT_STRING, BASE_NONE,
4749 NULL, 0, "Name of Domain Controller", HFILL }},
4751 { &hf_samr_full_name,
4752 { "Full Name", "samr.full_name", FT_STRING, BASE_NONE,
4753 NULL, 0, "Full Name of Account", HFILL }},
4756 { "Home", "samr.home", FT_STRING, BASE_NONE,
4757 NULL, 0, "Home directory for this user", HFILL }},
4759 { &hf_samr_home_drive,
4760 { "Home Drive", "samr.home_drive", FT_STRING, BASE_NONE,
4761 NULL, 0, "Home drive for this user", HFILL }},
4764 { "Script", "samr.script", FT_STRING, BASE_NONE,
4765 NULL, 0, "Login script for this user", HFILL }},
4767 { &hf_samr_workstations,
4768 { "Workstations", "samr.workstations", FT_STRING, BASE_NONE,
4769 NULL, 0, "", HFILL }},
4772 { "Profile", "samr.profile", FT_STRING, BASE_NONE,
4773 NULL, 0, "Profile for this user", HFILL }},
4775 { &hf_samr_acct_desc,
4776 { "Account Desc", "samr.acct_desc", FT_STRING, BASE_NONE,
4777 NULL, 0, "Account Description", HFILL }},
4780 { "Comment", "samr.comment", FT_STRING, BASE_NONE,
4781 NULL, 0, "Comment", HFILL }},
4783 { &hf_samr_parameters,
4784 { "Parameters", "samr.parameters", FT_STRING, BASE_NONE,
4785 NULL, 0, "Parameters", HFILL }},
4787 { &hf_samr_unknown_string,
4788 { "Unknown string", "samr.unknown_string", FT_STRING, BASE_NONE,
4789 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
4791 { &hf_samr_unknown_hyper,
4792 { "Unknown hyper", "samr.unknown.hyper", FT_UINT64, BASE_HEX,
4793 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4794 { &hf_samr_unknown_long,
4795 { "Unknown long", "samr.unknown.long", FT_UINT32, BASE_HEX,
4796 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4798 { &hf_samr_unknown_short,
4799 { "Unknown short", "samr.unknown.short", FT_UINT16, BASE_HEX,
4800 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4802 { &hf_samr_unknown_char,
4803 { "Unknown char", "samr.unknown.char", FT_UINT8, BASE_HEX,
4804 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4806 { &hf_samr_revision,
4807 { "Revision", "samr.revision", FT_UINT64, BASE_HEX,
4808 NULL, 0x0, "Revision number for this structure", HFILL }},
4810 { &hf_samr_nt_pwd_set,
4811 { "NT Pwd Set", "samr.nt_pwd_set", FT_UINT8, BASE_HEX,
4812 NULL, 0x0, "Flag indicating whether the NT password has been set", HFILL }},
4814 { &hf_samr_lm_pwd_set,
4815 { "LM Pwd Set", "samr.lm_pwd_set", FT_UINT8, BASE_HEX,
4816 NULL, 0x0, "Flag indicating whether the LanManager password has been set", HFILL }},
4818 { &hf_samr_pwd_expired,
4819 { "Expired flag", "samr.pwd_Expired", FT_UINT8, BASE_HEX,
4820 NULL, 0x0, "Flag indicating if the password for this account has expired or not", HFILL }},
4822 /* XXX - is this a standard NT access mask? */
4824 { "Access Mask", "samr.access", FT_UINT32, BASE_HEX,
4825 NULL, 0x0, "Access", HFILL }},
4828 { "Mask", "samr.mask", FT_UINT32, BASE_HEX,
4829 NULL, 0x0, "Mask", HFILL }},
4831 { &hf_samr_crypt_password, {
4832 "Password", "samr.crypt_password", FT_BYTES, BASE_HEX,
4833 NULL, 0, "Encrypted Password", HFILL }},
4835 { &hf_samr_crypt_hash, {
4836 "Hash", "samr.crypt_hash", FT_BYTES, BASE_HEX,
4837 NULL, 0, "Encrypted Hash", HFILL }},
4839 { &hf_samr_lm_change, {
4840 "LM Change", "samr.lm_change", FT_UINT8, BASE_HEX,
4841 NULL, 0, "LM Change value", HFILL }},
4843 { &hf_samr_max_pwd_age,
4844 { "Max Pwd Age", "samr.max_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
4845 NULL, 0, "Maximum Password Age before it expires", HFILL }},
4847 { &hf_samr_min_pwd_age,
4848 { "Min Pwd Age", "samr.min_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
4849 NULL, 0, "Minimum Password Age before it can be changed", HFILL }},
4850 { &hf_samr_unknown_time,
4851 { "Unknown time", "samr.unknown_time", FT_ABSOLUTE_TIME, BASE_NONE,
4852 NULL, 0, "Unknown NT TIME, contact ethereal developers if you know what this is", HFILL }},
4853 { &hf_samr_logon_time,
4854 { "Logon Time", "samr.logon_time", FT_ABSOLUTE_TIME, BASE_NONE,
4855 NULL, 0, "Time for last time this user logged on", HFILL }},
4856 { &hf_samr_kickoff_time,
4857 { "Kickoff Time", "samr.kickoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
4858 NULL, 0, "Time when this user will be kicked off", HFILL }},
4859 { &hf_samr_logoff_time,
4860 { "Logoff Time", "samr.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
4861 NULL, 0, "Time for last time this user logged off", HFILL }},
4862 { &hf_samr_pwd_last_set_time,
4863 { "PWD Last Set", "samr.pwd_last_set_time", FT_ABSOLUTE_TIME, BASE_NONE,
4864 NULL, 0, "Last time this users password was changed", HFILL }},
4865 { &hf_samr_pwd_can_change_time,
4866 { "PWD Can Change", "samr.pwd_can_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
4867 NULL, 0, "When this users password may be changed", HFILL }},
4868 { &hf_samr_pwd_must_change_time,
4869 { "PWD Must Change", "samr.pwd_must_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
4870 NULL, 0, "When this users password must be changed", HFILL }},
4871 { &hf_samr_acct_expiry_time,
4872 { "Acct Expiry", "samr.acct_expiry_time", FT_ABSOLUTE_TIME, BASE_NONE,
4873 NULL, 0, "When this user account expires", HFILL }},
4875 { &hf_samr_min_pwd_len, {
4876 "Min Pwd Len", "samr.min_pwd_len", FT_UINT16, BASE_DEC,
4877 NULL, 0, "Minimum Password Length", HFILL }},
4878 { &hf_samr_pwd_history_len, {
4879 "Pwd History Len", "samr.pwd_history_len", FT_UINT16, BASE_DEC,
4880 NULL, 0, "Password History Length", HFILL }},
4881 { &hf_samr_num_users, {
4882 "Num Users", "samr.num_users", FT_UINT32, BASE_DEC,
4883 NULL, 0, "Number of users in this domain", HFILL }},
4884 { &hf_samr_num_groups, {
4885 "Num Groups", "samr.num_groups", FT_UINT32, BASE_DEC,
4886 NULL, 0, "Number of groups in this domain", HFILL }},
4887 { &hf_samr_num_aliases, {
4888 "Num Aliases", "samr.num_aliases", FT_UINT32, BASE_DEC,
4889 NULL, 0, "Number of aliases in this domain", HFILL }},
4890 { &hf_samr_info_type, {
4891 "Info Type", "samr.info_type", FT_UINT32, BASE_DEC,
4892 NULL, 0, "Information Type", HFILL }},
4893 { &hf_samr_resume_hnd, {
4894 "Resume Hnd", "samr.resume_hnd", FT_UINT32, BASE_DEC,
4895 NULL, 0, "Resume handle", HFILL }},
4896 { &hf_samr_country, {
4897 "Country", "samr.country", FT_UINT16, BASE_DEC,
4898 VALS(ms_country_codes), 0, "Country setting for this user", HFILL }},
4899 { &hf_samr_codepage, {
4900 "Codepage", "samr.codepage", FT_UINT16, BASE_DEC,
4901 NULL, 0, "Codepage setting for this user", HFILL }},
4902 { &hf_samr_divisions, {
4903 "Divisions", "samr.divisions", FT_UINT16, BASE_DEC,
4904 NULL, 0, "Number of divisions for LOGON_HOURS", HFILL }},
4906 /* these are used by packet-dcerpc-nt.c */
4907 { &hf_nt_string_length,
4908 { "Length", "nt.string.length", FT_UINT16, BASE_DEC,
4909 NULL, 0x0, "Length of string in bytes", HFILL }},
4911 { &hf_nt_string_size,
4912 { "Size", "nt.string.size", FT_UINT16, BASE_DEC,
4913 NULL, 0x0, "Size of string in bytes", HFILL }},
4916 { "Length", "nt.str.len", FT_UINT32, BASE_DEC,
4917 NULL, 0x0, "Length of string in short integers", HFILL }},
4920 { "Offset", "nt.str.offset", FT_UINT32, BASE_DEC,
4921 NULL, 0x0, "Offset into string in short integers", HFILL }},
4923 { &hf_nt_str_max_len,
4924 { "Max Length", "nt.str.max_len", FT_UINT32, BASE_DEC,
4925 NULL, 0x0, "Max Length of string in short integers", HFILL }},
4928 { "Acct Ctrl", "nt.acct_ctrl", FT_UINT32, BASE_HEX,
4929 NULL, 0x0, "Acct CTRL", HFILL }},
4931 { &hf_nt_acb_disabled, {
4932 "", "nt.acb.disabled", FT_BOOLEAN, 32,
4933 TFS(&tfs_nt_acb_disabled), 0x0001, "If this account is enabled or disabled", HFILL }},
4935 { &hf_nt_acb_homedirreq, {
4936 "", "nt.acb.homedirreq", FT_BOOLEAN, 32,
4937 TFS(&tfs_nt_acb_homedirreq), 0x0002, "Is hom,edirs required for this account?", HFILL }},
4939 { &hf_nt_acb_pwnotreq, {
4940 "", "nt.acb.pwnotreq", FT_BOOLEAN, 32,
4941 TFS(&tfs_nt_acb_pwnotreq), 0x0004, "If a password is required for this account?", HFILL }},
4943 { &hf_nt_acb_tempdup, {
4944 "", "nt.acb.tempdup", FT_BOOLEAN, 32,
4945 TFS(&tfs_nt_acb_tempdup), 0x0008, "If this is a temporary duplicate account", HFILL }},
4947 { &hf_nt_acb_normal, {
4948 "", "nt.acb.normal", FT_BOOLEAN, 32,
4949 TFS(&tfs_nt_acb_normal), 0x0010, "If this is a normal user account", HFILL }},
4952 "", "nt.acb.mns", FT_BOOLEAN, 32,
4953 TFS(&tfs_nt_acb_mns), 0x0020, "MNS logon user account", HFILL }},
4955 { &hf_nt_acb_domtrust, {
4956 "", "nt.acb.domtrust", FT_BOOLEAN, 32,
4957 TFS(&tfs_nt_acb_domtrust), 0x0040, "Interdomain trust account", HFILL }},
4959 { &hf_nt_acb_wstrust, {
4960 "", "nt.acb.wstrust", FT_BOOLEAN, 32,
4961 TFS(&tfs_nt_acb_wstrust), 0x0080, "Workstation trust account", HFILL }},
4963 { &hf_nt_acb_svrtrust, {
4964 "", "nt.acb.svrtrust", FT_BOOLEAN, 32,
4965 TFS(&tfs_nt_acb_svrtrust), 0x0100, "Server trust account", HFILL }},
4967 { &hf_nt_acb_pwnoexp, {
4968 "", "nt.acb.pwnoexp", FT_BOOLEAN, 32,
4969 TFS(&tfs_nt_acb_pwnoexp), 0x0200, "If this account expires or not", HFILL }},
4971 { &hf_nt_acb_autolock, {
4972 "", "nt.acb.autolock", FT_BOOLEAN, 32,
4973 TFS(&tfs_nt_acb_autolock), 0x0400, "If this account has been autolocked", HFILL }},
4975 static gint *ett[] = {
4977 &ett_samr_user_dispinfo_1,
4978 &ett_samr_user_dispinfo_1_array,
4979 &ett_samr_user_dispinfo_2,
4980 &ett_samr_user_dispinfo_2_array,
4981 &ett_samr_group_dispinfo,
4982 &ett_samr_group_dispinfo_array,
4983 &ett_samr_ascii_dispinfo,
4984 &ett_samr_ascii_dispinfo_array,
4985 &ett_samr_display_info,
4986 &ett_samr_password_info,
4988 &ett_samr_user_group,
4989 &ett_samr_user_group_array,
4990 &ett_samr_alias_info,
4991 &ett_samr_group_info,
4992 &ett_samr_domain_info_1,
4993 &ett_samr_domain_info_2,
4994 &ett_samr_domain_info_8,
4995 &ett_samr_replication_status,
4996 &ett_samr_domain_info_11,
4997 &ett_samr_domain_info_13,
4998 &ett_samr_domain_info,
4999 &ett_samr_sid_pointer,
5000 &ett_samr_sid_array,
5001 &ett_samr_index_array,
5002 &ett_samr_idx_and_name,
5003 &ett_samr_idx_and_name_array,
5004 &ett_samr_logon_hours,
5005 &ett_samr_logon_hours_hours,
5006 &ett_samr_user_info_1,
5007 &ett_samr_user_info_2,
5008 &ett_samr_user_info_3,
5009 &ett_samr_user_info_5,
5010 &ett_samr_user_info_6,
5011 &ett_samr_user_info_18,
5012 &ett_samr_user_info_19,
5013 &ett_samr_buffer_buffer,
5015 &ett_samr_user_info_21,
5016 &ett_samr_user_info_22,
5017 &ett_samr_user_info_23,
5018 &ett_samr_user_info_24,
5019 &ett_samr_user_info,
5020 &ett_samr_member_array_types,
5021 &ett_samr_member_array_rids,
5022 &ett_samr_member_array,
5025 &ett_samr_sid_and_attributes_array,
5026 &ett_samr_sid_and_attributes,
5030 proto_dcerpc_samr = proto_register_protocol(
5031 "Microsoft Security Account Manager", "SAMR", "samr");
5033 proto_register_field_array (proto_dcerpc_samr, hf, array_length (hf));
5034 proto_register_subtree_array(ett, array_length(ett));
5038 proto_reg_handoff_dcerpc_samr(void)
5040 /* Register protocol as dcerpc */
5042 dcerpc_init_uuid(proto_dcerpc_samr, ett_dcerpc_samr, &uuid_dcerpc_samr,
5043 ver_dcerpc_samr, dcerpc_samr_dissectors);