* Copyright 2001,2003 Tim Potter <tpot@samba.org>
* 2002 Added all command dissectors Ronnie Sahlberg
*
- * $Id: packet-dcerpc-samr.c,v 1.70 2003/01/31 04:18:08 tpot Exp $
+ * $Id: packet-dcerpc-samr.c,v 1.95 2003/06/05 04:22:03 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
static int hf_samr_controller = -1;
static int hf_samr_access = -1;
static int hf_samr_access_granted = -1;
-static int hf_samr_mask = -1;
static int hf_samr_crypt_password = -1;
static int hf_samr_crypt_hash = -1;
static int hf_samr_lm_change = -1;
static int hf_samr_unknown_string = -1;
static int hf_samr_unknown_time = -1;
-/* these are used by functions in packet-dcerpc-nt.c */
-int hf_nt_str_len = -1;
-int hf_nt_str_off = -1;
-int hf_nt_str_max_len = -1;
-int hf_nt_string_length = -1;
-int hf_nt_string_size = -1;
static int hf_nt_acct_ctrl = -1;
static int hf_nt_acb_disabled = -1;
static int hf_nt_acb_homedirreq = -1;
tvb, offset, 4, access);
}
+struct access_mask_info samr_connect_access_mask_info = {
+ "SAMR connect",
+ specific_rights_connect,
+ NULL, /* Generic rights mapping */
+ NULL /* Standard rights mapping */
+};
+
/* Dissect domain specific access rights */
static gint hf_access_domain_lookup_info1 = -1;
static gint hf_access_domain_create_user = -1;
static gint hf_access_domain_create_group = -1;
static gint hf_access_domain_create_alias = -1;
-static gint hf_access_domain_unknown_80 = -1;
+static gint hf_access_domain_lookup_alias_by_mem = -1;
static gint hf_access_domain_enum_accounts = -1;
static gint hf_access_domain_open_account = -1;
static gint hf_access_domain_set_info3 = -1;
tvb, offset, 4, access);
proto_tree_add_boolean(
- tree, hf_access_domain_unknown_80,
+ tree, hf_access_domain_lookup_alias_by_mem,
tvb, offset, 4, access);
proto_tree_add_boolean(
tvb, offset, 4, access);
}
+struct access_mask_info samr_domain_access_mask_info = {
+ "SAMR domain",
+ specific_rights_domain,
+ NULL, /* Generic mapping table */
+ NULL /* Standard mapping table */
+};
+
/* Dissect user specific access rights */
static gint hf_access_user_get_name_etc = -1;
tvb, offset, 4, access);
}
+struct access_mask_info samr_user_access_mask_info = {
+ "SAMR user",
+ specific_rights_user,
+ NULL, /* Generic mapping table */
+ NULL /* Standard mapping table */
+};
+
/* Dissect alias specific access rights */
static gint hf_access_alias_add_member = -1;
tvb, offset, 4, access);
}
+struct access_mask_info samr_alias_access_mask_info = {
+ "SAMR alias",
+ specific_rights_alias,
+ NULL, /* Generic mapping table */
+ NULL /* Standard mapping table */
+};
+
/* Dissect group specific access rights */
static gint hf_access_group_lookup_info = -1;
tvb, offset, 4, access);
}
+struct access_mask_info samr_group_access_mask_info = {
+ "SAMR group",
+ specific_rights_group,
+ NULL, /* Generic mapping table */
+ NULL /* Standard mapping table */
+};
+
int
dissect_ndr_nt_SID(tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *tree, char *drep)
+ proto_tree *tree, char *drep, int hf_sid)
{
dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
char *sid_str;
+ char *name;
+ if(di->hf_index!=-1){
+ name=proto_registrar_get_name(di->hf_index);
+ } else {
+ name="Domain";
+ }
if(di->conformant_run){
/* just a run to handle conformant arrays, no scalars to dissect */
return offset;
/* the SID contains a conformant array, first we must eat
the 4-byte max_count before we can hand it off */
+
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_count, NULL);
- offset = dissect_nt_sid(tvb, offset, tree, "Domain", &sid_str);
+ offset = dissect_nt_sid(tvb, offset, tree, name, &sid_str, hf_sid);
dcv->private_data = sid_str;
return offset;
}
-
static int
-dissect_ndr_nt_SID_ptr(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree,
- char *drep)
+dissect_ndr_nt_SID_no_hf(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *tree, char *drep)
{
- offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- dissect_ndr_nt_SID, NDR_POINTER_UNIQUE,
- "SID pointer", -1);
+ offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep, -1);
+ return offset;
+}
+static int
+dissect_ndr_nt_SID_hf_through_ptr(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *tree, char *drep)
+{
+ dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
+
+ offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep, di->hf_index);
return offset;
}
guint32 rid;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_access, NULL);
dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
e_ctx_hnd policy_hnd;
+ proto_item *hnd_item;
+ guint32 status;
guint32 rid = GPOINTER_TO_INT(dcv->private_data);
char *pol_name;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, &policy_hnd, TRUE, FALSE);
+ hf_samr_hnd, &policy_hnd, &hnd_item,
+ TRUE, FALSE);
+
+ offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
+ hf_samr_rc, &status);
- if (rid)
- pol_name = g_strdup_printf("OpenUser, rid 0x%x", rid);
- else
- pol_name = g_strdup("OpenUser handle");
+ if (status == 0) {
+ if (rid)
+ pol_name = g_strdup_printf("OpenUser(rid 0x%x)", rid);
+ else
+ pol_name = g_strdup("OpenUser handle");
- dcerpc_smb_store_pol_name(&policy_hnd, pol_name);
+ dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
- g_free(pol_name);
+ if (hnd_item != NULL)
+ proto_item_append_text(hnd_item, ": %s", pol_name);
- offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
- hf_samr_rc, NULL);
+ g_free(pol_name);
+ }
return offset;
}
return offset;
}
- offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
- di->hf_index);
- return offset;
-}
-
-static int
-samr_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree,
- char *drep)
-{
- dcerpc_info *di;
-
- di=pinfo->private_data;
- if(di->conformant_run){
- /*just a run to handle conformant arrays, nothing to dissect */
- return offset;
- }
-
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
di->hf_index, 0);
return offset;
}
guint32 start_idx;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, &level);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_name, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_full_name, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_desc, 0);
proto_item_set_len(item, offset-old_offset);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_name, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_desc, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
}
-
-
-
-
static int
samr_dissect_GROUP_DISPINFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_name, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_desc, 0);
proto_item_set_len(item, offset-old_offset);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
- offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
- offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_desc);
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_samr_acct_name, 0);
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_samr_acct_desc, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
guint16 level;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, &level);
if (check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
- offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_samr_acct_name, 0);
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
return offset;
}
{
offset = dissect_ndr_pointer_cb(
tvb, offset, pinfo, tree, drep,
- dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
- "Server", hf_samr_server, cb_str_postprocess,
+ dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
+ "Server", hf_samr_server, cb_wstr_postprocess,
GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, drep, hf_samr_access,
- specific_rights_connect);
+ &samr_connect_access_mask_info);
return offset;
}
{
offset = dissect_ndr_pointer_cb(
tvb, offset, pinfo, tree, drep,
- dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
- "Server", hf_samr_server, cb_str_postprocess,
+ dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
+ "Server", hf_samr_server, cb_wstr_postprocess,
GINT_TO_POINTER(CB_STR_COL_INFO | 1));
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, drep, hf_samr_access,
- specific_rights_connect);
+ &samr_connect_access_mask_info);
return offset;
}
dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
e_ctx_hnd policy_hnd;
+ proto_item *hnd_item;
+ guint32 status;
char *server = (char *)dcv->private_data, *pol_name;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, &policy_hnd, TRUE, FALSE);
+ hf_samr_hnd, &policy_hnd, &hnd_item,
+ TRUE, FALSE);
+
+ offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
+ hf_samr_rc, &status);
- if (server)
- pol_name = g_strdup_printf("Connect2, %s", server);
- else
- pol_name = g_strdup("Connect2 handle");
+ if (status == 0) {
+ if (server)
+ pol_name = g_strdup_printf("Connect2(%s)", server);
+ else
+ pol_name = g_strdup("Connect2 handle");
- dcerpc_smb_store_pol_name(&policy_hnd, pol_name);
+ dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
- g_free(pol_name);
+ if (hnd_item != NULL)
+ proto_item_append_text(hnd_item, ": %s", pol_name);
+
+ g_free(pol_name);
+ }
- offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
- hf_samr_rc, NULL);
return offset;
}
char *drep)
{
e_ctx_hnd policy_hnd;
+ proto_item *hnd_item;
+ guint32 status;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, &policy_hnd, TRUE, FALSE);
-
- dcerpc_smb_store_pol_name(&policy_hnd, "ConnectAnon handle");
+ hf_samr_hnd, &policy_hnd, &hnd_item,
+ TRUE, FALSE);
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
- hf_samr_rc, NULL);
+ hf_samr_rc, &status);
+
+ if (status == 0) {
+ dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
+ "ConnectAnon handle");
+
+ if (hnd_item != NULL)
+ proto_item_append_text(hnd_item, ": ConnectAnon handle");
+ }
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, drep, hf_samr_access,
- specific_rights_domain);
+ &samr_domain_access_mask_info);
offset = dissect_ndr_pointer_cb(
- tvb, offset, pinfo, tree, drep, dissect_ndr_nt_SID,
+ tvb, offset, pinfo, tree, drep, dissect_ndr_nt_SID_no_hf,
NDR_POINTER_REF, "SID:", -1, append_sid_col_info, NULL);
return offset;
dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
e_ctx_hnd policy_hnd;
+ proto_item *hnd_item;
+ guint32 status;
char *pol_name, *sid_str = (char *)dcv->private_data;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, &policy_hnd, TRUE, FALSE);
+ hf_samr_hnd, &policy_hnd, &hnd_item,
+ TRUE, FALSE);
- if (sid_str)
- pol_name = g_strdup_printf("OpenDomain, %s", sid_str);
- else
- pol_name = g_strdup("OpenDomain handle");
+ offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
+ hf_samr_rc, &status);
- dcerpc_smb_store_pol_name(&policy_hnd, pol_name);
+ if (status == 0) {
+ if (sid_str) {
+ pol_name = g_strdup_printf("OpenDomain(%s)", sid_str);
+ } else {
+ pol_name = g_strdup("OpenDomain handle");
+ }
- g_free(pol_name);
+ dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
- offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
- hf_samr_rc, NULL);
+ if (hnd_item != NULL)
+ proto_item_append_text(hnd_item, ": %s", pol_name);
+
+ g_free(pol_name);
+ }
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
+
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ dissect_ndr_nt_SID_no_hf, NDR_POINTER_REF,
+ "SID pointer", -1);
- offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- dissect_ndr_nt_SID, NDR_POINTER_REF,
- "SID", -1, 0);
return offset;
}
#endif
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_group, NULL);
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
+ dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
"Account Name", hf_samr_acct_name);
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, drep, hf_samr_access,
- specific_rights_alias);
+ &samr_alias_access_mask_info);
return offset;
}
char *drep)
{
e_ctx_hnd policy_hnd;
+ proto_item *hnd_item;
+ guint32 status;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, &policy_hnd, TRUE, FALSE);
-
- dcerpc_smb_store_pol_name(&policy_hnd, "CreateAlias handle");
+ hf_samr_hnd, &policy_hnd, &hnd_item,
+ TRUE, FALSE);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
- hf_samr_rc, NULL);
+ hf_samr_rc, &status);
+
+ if (status == 0) {
+ dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
+ "CreateAlias handle");
+ if (hnd_item != NULL)
+ proto_item_append_text(hnd_item, ": CreateAlias handle");
+ }
return offset;
}
guint16 level;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, &level);
packet_info *pinfo, proto_tree *tree,
char *drep)
{
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo,
tree, drep, hf_samr_acct_name, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo,
tree, drep, hf_samr_acct_desc, 0);
return offset;
}
tvb, offset, pinfo, tree, drep);
break;
case 2:
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo,
tree, drep, hf_samr_acct_name, 0);
break;
case 3:
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo,
tree, drep, hf_samr_acct_desc, 0);
break;
}
guint16 level;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, &level);
proto_tree_add_text(tree, tvb, offset, NT_BLOCK_SIZE,
"Encrypted NT Password Block");
- if (nt_password != NULL) {
+ if (nt_password[0] != '\0') {
/* We have an NT password, so we can decrypt the password
change block. */
proto_tree *tree, char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
NDR_POINTER_UNIQUE, "Server", hf_samr_server, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
- "Account Name:", hf_samr_acct_name);
+ dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
+ "Account Name", hf_samr_acct_name);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_NT_PASSCHANGE_BLOCK, NDR_POINTER_UNIQUE,
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_unknown_short, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
+ dissect_ndr_counted_string_ptr, NDR_POINTER_UNIQUE,
"Unknown", hf_samr_unknown_string);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
+ dissect_ndr_counted_string_ptr, NDR_POINTER_UNIQUE,
"Unknown", hf_samr_unknown_string);
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
+ dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
"Account Name", hf_samr_acct_name);
offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, drep, hf_samr_access,
- specific_rights_user);
+ &samr_user_access_mask_info);
return offset;
}
char *drep)
{
e_ctx_hnd policy_hnd;
+ proto_item *hnd_item;
+ guint32 status;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, &policy_hnd, TRUE, FALSE);
-
- dcerpc_smb_store_pol_name(&policy_hnd, "CreateUser2 handle");
+ hf_samr_hnd, &policy_hnd, &hnd_item,
+ TRUE, FALSE);
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, drep, hf_samr_access_granted,
- specific_rights_user);
+ &samr_user_access_mask_info);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
- hf_samr_rc, NULL);
+ hf_samr_rc, &status);
+
+ if (status == 0) {
+ dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
+ "CreateUser2 handle");
+
+ if (hnd_item != NULL)
+ proto_item_append_text(hnd_item, ": CreateUser2 handle");
+ }
+
return offset;
}
proto_tree *tree, char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
+ dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
"Account Name", hf_samr_acct_name);
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
hf_samr_unknown_char, NULL);
proto_tree *tree, char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_attrib, NULL);
packet_info *pinfo, proto_tree *tree,
char *drep)
{
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo,
tree, drep, hf_samr_acct_name, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_attrib, NULL);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo,
tree, drep, hf_samr_acct_desc, 0);
return offset;
}
tvb, offset, pinfo, tree, drep);
break;
case 2:
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo,
tree, drep, hf_samr_acct_name, 0);
break;
case 3:
hf_samr_attrib, NULL);
break;
case 4:
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo,
tree, drep, hf_samr_acct_desc, 0);
break;
}
proto_tree *tree, char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, NULL);
guint16 level;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, &level);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_unknown_time);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_unknown_string, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_domain, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_controller, 0);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_unknown_time);
hf_samr_unknown_time);
break;
case 4:
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo,
tree, drep, hf_samr_unknown_string, 0);
break;
case 5:
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo,
tree, drep, hf_samr_domain, 0);
break;
case 6:
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo,
tree, drep, hf_samr_controller, 0);
break;
guint16 level;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, &level);
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
- "Domain:", hf_samr_domain);
+ dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
+ "Domain", hf_samr_domain);
return offset;
}
packet_info *pinfo, proto_tree *tree,
char *drep)
{
- offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- dissect_ndr_nt_SID_ptr, NDR_POINTER_REF,
- "SID:", -1);
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ dissect_ndr_nt_SID_no_hf, NDR_POINTER_UNIQUE,
+ "SID pointer", -1);
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
int
dissect_ndr_nt_PSID(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ char *drep, int hf_sid)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
tree = proto_item_add_subtree(item, ett_samr_sid_pointer);
}
- offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- dissect_ndr_nt_SID, NDR_POINTER_UNIQUE,
- "SID", -1);
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ dissect_ndr_nt_SID_hf_through_ptr, NDR_POINTER_UNIQUE,
+ "SID pointer", hf_sid);
proto_item_set_len(item, offset-old_offset);
return offset;
}
-
+static int
+dissect_ndr_nt_PSID_no_hf(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *parent_tree,
+ char *drep)
+{
+ offset=dissect_ndr_nt_PSID(tvb, offset, pinfo, parent_tree, drep, -1);
+ return offset;
+}
static int
dissect_ndr_nt_PSID_ARRAY_sids (tvbuff_t *tvb, int offset,
char *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
- dissect_ndr_nt_PSID);
+ dissect_ndr_nt_PSID_no_hf);
return offset;
}
tree = proto_item_add_subtree(item, ett_samr_sid_and_attributes);
}
- offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep, -1);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_attrib, NULL);
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_index, NULL);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo,
tree, drep, di->hf_index, 4);
proto_item_set_len(item, offset-old_offset);
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
- "Resume Handle:", hf_samr_resume_hnd);
+ "Resume Handle", hf_samr_resume_hnd);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_pref_maxsize, NULL);
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
"Resume Handle:", hf_samr_resume_hnd);
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_samr_mask, NULL);
+ offset = dissect_ndr_nt_acct_ctrl(
+ tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_pref_maxsize, NULL);
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
"Resume Handle:", hf_samr_resume_hnd);
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_samr_mask, NULL);
+ offset = dissect_ndr_nt_acct_ctrl(
+ tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_pref_maxsize, NULL);
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
return offset;
}
tree = proto_item_add_subtree(item, ett_samr_user_info_1);
}
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name, 1);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_samr_acct_name, 0);
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_full_name, 0);
offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_home, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_script, 0);
proto_item_set_len(item, offset-old_offset);
tree = proto_item_add_subtree(item, ett_samr_user_info_2);
}
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_name, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_full_name, 0);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_bad_pwd_count, NULL);
tree = proto_item_add_subtree(item, ett_samr_user_info_3);
}
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_name, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_full_name, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_group, NULL);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_home, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_home_drive, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_script, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_desc, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_workstations, 0);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_logon_time);
tree = proto_item_add_subtree(item, ett_samr_user_info_5);
}
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_name, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_full_name, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
hf_samr_country, NULL);
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
hf_samr_codepage, NULL);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_home, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_home_drive, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_script, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_desc, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_workstations, 0);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_logon_time);
tree = proto_item_add_subtree(item, ett_samr_user_info_6);
}
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_name, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_full_name, 0);
proto_item_set_len(item, offset-old_offset);
hf_samr_pwd_can_change_time);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_pwd_must_change_time);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_name, 2);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_full_name, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_home, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_home_drive, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_script, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_profile, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_desc, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_workstations, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_comment, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_parameters, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_unknown_string, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_unknown_string, 0);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_unknown_string, 0);
offset = samr_dissect_BUFFER(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
tvb, offset, pinfo, tree, drep);
break;
case 7:
- offset = dissect_ndr_nt_UNICODE_STRING(
+ offset = dissect_ndr_counted_string(
tvb, offset, pinfo, tree, drep, hf_samr_full_name, 0);
break;
case 8:
- offset = dissect_ndr_nt_UNICODE_STRING(
+ offset = dissect_ndr_counted_string(
tvb, offset, pinfo, tree, drep, hf_samr_acct_desc, 0);
break;
case 9:
tvb, offset, pinfo, tree, drep);
break;
case 11:
- offset = dissect_ndr_nt_UNICODE_STRING(
+ offset = dissect_ndr_counted_string(
tvb, offset, pinfo, tree, drep, hf_samr_home, 0);
break;
case 12:
- offset = dissect_ndr_nt_UNICODE_STRING(
+ offset = dissect_ndr_counted_string(
tvb, offset, pinfo, tree, drep, hf_samr_home_drive, 0);
break;
case 13:
- offset = dissect_ndr_nt_UNICODE_STRING(
+ offset = dissect_ndr_counted_string(
tvb, offset, pinfo, tree, drep, hf_samr_script, 0);
break;
case 14:
- offset = dissect_ndr_nt_UNICODE_STRING(
+ offset = dissect_ndr_counted_string(
tvb, offset, pinfo, tree, drep, hf_samr_workstations, 0);
break;
case 16:
tvb, offset, pinfo, tree, drep);
break;
case 20:
- offset = dissect_ndr_nt_UNICODE_STRING(
+ offset = dissect_ndr_counted_string(
tvb, offset, pinfo, tree, drep, hf_samr_profile, 0);
break;
case 21:
guint16 level;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, &level);
guint16 level;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, &level);
packet_info *pinfo, proto_tree *tree,
char *drep)
{
- offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
return offset;
}
guint32 info_type;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_info_type, &info_type);
guint32 info_type;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_info_type, &info_type);
packet_info *pinfo, proto_tree *tree,
char *drep)
{
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_name, 1);
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_count, NULL);
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_count, NULL);
packet_info *pinfo, proto_tree *tree,
char *drep)
{
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_samr_acct_name, 0);
return offset;
}
samr_dissect_close_hnd_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, char *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, TRUE);
+ e_ctx_hnd policy_hnd;
+ char *name;
+
+ offset = dissect_nt_policy_hnd(
+ tvb, offset, pinfo, tree, drep, hf_samr_hnd, &policy_hnd,
+ NULL, FALSE, TRUE);
+
+ dcerpc_smb_fetch_pol(&policy_hnd, &name, NULL, NULL, pinfo->fd->num);
+
+ if (name != NULL && check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(
+ pinfo->cinfo, COL_INFO, ", %s", name);
return offset;
}
proto_tree *tree, char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
packet_info *pinfo, proto_tree *tree,
char *drep)
{
- offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
return offset;
}
packet_info *pinfo, proto_tree *tree,
char *drep)
{
- offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
return offset;
}
proto_tree *tree, char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_group, NULL);
packet_info *pinfo, proto_tree *tree,
char *drep)
{
- offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
- offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- dissect_ndr_nt_SID, NDR_POINTER_REF,
- "SID:", -1);
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ dissect_ndr_nt_SID_no_hf, NDR_POINTER_REF,
+ "SID pointer", -1);
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
+
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ dissect_ndr_nt_SID_no_hf, NDR_POINTER_REF,
+ "SID pointer", -1);
- offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- dissect_ndr_nt_SID, NDR_POINTER_REF,
- "SID:", -1);
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
+
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ dissect_ndr_nt_SID_no_hf, NDR_POINTER_REF,
+ "SID pointer", -1);
- offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- dissect_ndr_nt_SID, NDR_POINTER_REF,
- "SID:", -1);
return offset;
}
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
guint32 rid;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, drep, hf_samr_access,
- specific_rights_group);
+ &samr_group_access_mask_info);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, &rid);
dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
guint32 rid = GPOINTER_TO_INT(dcv->private_data);
e_ctx_hnd policy_hnd;
+ proto_item *hnd_item;
+ guint32 status;
char *pol_name;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, &policy_hnd, TRUE, FALSE);
+ hf_samr_hnd, &policy_hnd, &hnd_item,
+ TRUE, FALSE);
- if (rid)
- pol_name = g_strdup_printf("OpenGroup, rid 0x%x", rid);
- else
- pol_name = g_strdup("OpenGroup handle");
+ offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
+ hf_samr_rc, &status);
- dcerpc_smb_store_pol_name(&policy_hnd, pol_name);
+ if (status == 0) {
+ if (rid)
+ pol_name = g_strdup_printf("OpenGroup(rid 0x%x)", rid);
+ else
+ pol_name = g_strdup("OpenGroup handle");
- g_free(pol_name);
+ dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
- offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
- hf_samr_rc, NULL);
+ if (hnd_item != NULL)
+ proto_item_append_text(hnd_item, ": %s", pol_name);
+
+ g_free(pol_name);
+ }
return offset;
}
guint32 rid;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, drep, hf_samr_access,
- specific_rights_alias);
+ &samr_alias_access_mask_info);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, &rid);
dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
e_ctx_hnd policy_hnd;
char *pol_name;
+ proto_item *hnd_item;
+ guint32 status;
guint32 rid;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, &policy_hnd, TRUE, FALSE);
+ hf_samr_hnd, &policy_hnd, &hnd_item,
+ TRUE, FALSE);
- rid = GPOINTER_TO_INT(dcv->private_data);
+ offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
+ hf_samr_rc, &status);
- if (rid)
- pol_name = g_strdup_printf("OpenAlias, rid 0x%x", rid);
- else
- pol_name = g_strdup_printf("OpenAlias handle");
+ if (status == 0) {
+ rid = GPOINTER_TO_INT(dcv->private_data);
- dcerpc_smb_store_pol_name(&policy_hnd, pol_name);
+ if (rid)
+ pol_name = g_strdup_printf("OpenAlias(rid 0x%x)", rid);
+ else
+ pol_name = g_strdup_printf("OpenAlias handle");
- g_free(pol_name);
+ dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
- offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
- hf_samr_rc, NULL);
+ if (hnd_item != NULL)
+ proto_item_append_text(hnd_item, ": %s", pol_name);
+
+ g_free(pol_name);
+ }
return offset;
}
proto_tree *tree, char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
+ dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
"Account Name", hf_samr_acct_name);
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, drep, hf_samr_access,
- specific_rights_group);
+ &samr_group_access_mask_info);
return offset;
}
char *drep)
{
e_ctx_hnd policy_hnd;
+ proto_item *hnd_item;
guint32 rid;
+ guint32 status;
char *pol_name;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, &policy_hnd, TRUE, FALSE);
+ hf_samr_hnd, &policy_hnd, &hnd_item,
+ TRUE, FALSE);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, &rid);
- pol_name = g_strdup_printf("CreateGroup, rid 0x%x", rid);
+ offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
+ hf_samr_rc, &status);
- dcerpc_smb_store_pol_name(&policy_hnd, pol_name);
+ if (status == 0) {
+ pol_name = g_strdup_printf("CreateGroup(rid 0x%x)", rid);
- g_free(pol_name);
+ dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
- offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
- hf_samr_rc, NULL);
+ if (hnd_item != NULL)
+ proto_item_append_text(hnd_item, ": %s", pol_name);
+
+ g_free(pol_name);
+ }
return offset;
}
guint16 level;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, &level);
guint16 level;
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_samr_hnd, NULL, FALSE, FALSE);
+ hf_samr_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, &level);
{ SAMR_CREATE_DOM_ALIAS, "CreateAlias",
samr_dissect_create_alias_in_domain_rqst,
samr_dissect_create_alias_in_domain_reply },
- { SAMR_ENUM_DOM_ALIASES, "EnumAlises",
+ { SAMR_ENUM_DOM_ALIASES, "EnumAliases",
samr_dissect_enum_dom_aliases_rqst,
samr_dissect_enum_dom_aliases_reply },
{ SAMR_GET_ALIAS_MEMBERSHIP, "GetAliasMem",
{ SAMR_CREATE_USER_IN_DOMAIN, "CreateUser" },
{ SAMR_ENUM_DOM_USERS, "EnumDomainUsers" },
{ SAMR_CREATE_DOM_ALIAS, "CreateAlias" },
- { SAMR_ENUM_DOM_ALIASES, "EnumAlises" },
+ { SAMR_ENUM_DOM_ALIASES, "EnumAliases" },
{ SAMR_GET_ALIAS_MEMBERSHIP, "GetAliasMem" },
{ SAMR_LOOKUP_NAMES, "LookupNames" },
{ SAMR_LOOKUP_RIDS, "LookupRIDs" },
{ "Access Granted", "samr.access_granted", FT_UINT32, BASE_HEX,
NULL, 0x0, "Access Granted", HFILL }},
- { &hf_samr_mask,
- { "Mask", "samr.mask", FT_UINT32, BASE_HEX,
- NULL, 0x0, "Mask", HFILL }},
-
{ &hf_samr_crypt_password, {
"Password", "samr.crypt_password", FT_BYTES, BASE_HEX,
NULL, 0, "Encrypted Password", HFILL }},
"Divisions", "samr.divisions", FT_UINT16, BASE_DEC,
NULL, 0, "Number of divisions for LOGON_HOURS", HFILL }},
- /* these are used by packet-dcerpc-nt.c */
- { &hf_nt_string_length,
- { "Length", "nt.string.length", FT_UINT16, BASE_DEC,
- NULL, 0x0, "Length of string in bytes", HFILL }},
-
- { &hf_nt_string_size,
- { "Size", "nt.string.size", FT_UINT16, BASE_DEC,
- NULL, 0x0, "Size of string in bytes", HFILL }},
-
- { &hf_nt_str_len,
- { "Length", "nt.str.len", FT_UINT32, BASE_DEC,
- NULL, 0x0, "Length of string in short integers", HFILL }},
-
- { &hf_nt_str_off,
- { "Offset", "nt.str.offset", FT_UINT32, BASE_DEC,
- NULL, 0x0, "Offset into string in short integers", HFILL }},
-
- { &hf_nt_str_max_len,
- { "Max Length", "nt.str.max_len", FT_UINT32, BASE_DEC,
- NULL, 0x0, "Max Length of string in short integers", HFILL }},
-
{ &hf_nt_acct_ctrl,
{ "Acct Ctrl", "nt.acct_ctrl", FT_UINT32, BASE_HEX,
NULL, 0x0, "Acct CTRL", HFILL }},
FT_BOOLEAN, 32, TFS(&flags_set_truth),
DOMAIN_ACCESS_CREATE_ALIAS, "Create alias", HFILL }},
- { &hf_access_domain_unknown_80,
- { "Unknown 0x80", "samr_access_mask.domain_unknown_80",
+ { &hf_access_domain_lookup_alias_by_mem,
+ { "Lookup alias", "samr_access_mask.domain_lookup_alias_by_mem",
FT_BOOLEAN, 32, TFS(&flags_set_truth),
- DOMAIN_ACCESS_UNKNOWN_80, "Unknown 0x80", HFILL }},
+ DOMAIN_ACCESS_LOOKUP_ALIAS, "Lookup alias", HFILL }},
{ &hf_access_domain_enum_accounts,
{ "Enum accounts", "samr_access_mask.domain_enum_accounts",
&ett_samr_rids,
&ett_samr_sid_and_attributes_array,
&ett_samr_sid_and_attributes,
- &ett_nt_acct_ctrl
+ &ett_nt_acct_ctrl,
};
module_t *dcerpc_samr_module;