2 * Routines for SMB \PIPE\lsarpc packet disassembly
3 * Copyright 2001, Tim Potter <tpot@samba.org>
4 * 2002 Added LSA command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-lsa.c,v 1.30 2002/04/29 06:15:31 sahlberg Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
37 #include "packet-dcerpc-lsa.h"
38 #include "packet-smb-common.h"
41 static int proto_dcerpc_lsa = -1;
43 static int hf_lsa_rc = -1;
44 static int hf_lsa_hnd = -1;
45 static int hf_lsa_server = -1;
46 static int hf_lsa_controller = -1;
47 static int hf_lsa_obj_attr = -1;
48 static int hf_lsa_obj_attr_len = -1;
49 static int hf_lsa_obj_attr_name = -1;
50 static int hf_lsa_access_mask = -1;
51 static int hf_lsa_info_level = -1;
52 static int hf_lsa_trusted_info_level = -1;
53 static int hf_lsa_sd_size = -1;
54 static int hf_lsa_qos_len = -1;
55 static int hf_lsa_qos_impersonation_level = -1;
56 static int hf_lsa_qos_track_context = -1;
57 static int hf_lsa_qos_effective_only = -1;
58 static int hf_lsa_pali_percent_full = -1;
59 static int hf_lsa_pali_log_size = -1;
60 static int hf_lsa_pali_retention_period = -1;
61 static int hf_lsa_pali_time_to_shutdown = -1;
62 static int hf_lsa_pali_shutdown_in_progress = -1;
63 static int hf_lsa_pali_next_audit_record = -1;
64 static int hf_lsa_paei_enabled = -1;
65 static int hf_lsa_paei_settings = -1;
66 static int hf_lsa_count = -1;
67 static int hf_lsa_size = -1;
68 static int hf_lsa_max_count = -1;
69 static int hf_lsa_index = -1;
70 static int hf_lsa_domain = -1;
71 static int hf_lsa_acct = -1;
72 static int hf_lsa_server_role = -1;
73 static int hf_lsa_source = -1;
74 static int hf_lsa_quota_paged_pool = -1;
75 static int hf_lsa_quota_non_paged_pool = -1;
76 static int hf_lsa_quota_min_wss = -1;
77 static int hf_lsa_quota_max_wss = -1;
78 static int hf_lsa_quota_pagefile = -1;
79 static int hf_lsa_mod_seq_no = -1;
80 static int hf_lsa_mod_mtime = -1;
81 static int hf_lsa_cur_mtime = -1;
82 static int hf_lsa_old_mtime = -1;
83 static int hf_lsa_name = -1;
84 static int hf_lsa_flat_name = -1;
85 static int hf_lsa_forest = -1;
86 static int hf_lsa_info_type = -1;
87 static int hf_lsa_old_pwd = -1;
88 static int hf_lsa_new_pwd = -1;
89 static int hf_lsa_sid_type = -1;
90 static int hf_lsa_rid = -1;
91 static int hf_lsa_rid_offset = -1;
92 static int hf_lsa_num_mapped = -1;
93 static int hf_lsa_policy_information_class = -1;
94 static int hf_lsa_secret = -1;
95 static int hf_nt_luid_high = -1;
96 static int hf_nt_luid_low = -1;
97 static int hf_lsa_privilege_name = -1;
98 static int hf_lsa_attr = -1;
99 static int hf_lsa_resume_handle = -1;
100 static int hf_lsa_trust_direction = -1;
101 static int hf_lsa_trust_type = -1;
102 static int hf_lsa_trust_attr = -1;
103 static int hf_lsa_trust_attr_non_trans = -1;
104 static int hf_lsa_trust_attr_uplevel_only = -1;
105 static int hf_lsa_trust_attr_tree_parent = -1;
106 static int hf_lsa_trust_attr_tree_root = -1;
107 static int hf_lsa_auth_update = -1;
108 static int hf_lsa_auth_type = -1;
109 static int hf_lsa_auth_len = -1;
110 static int hf_lsa_auth_blob = -1;
111 static int hf_lsa_rights = -1;
113 static int hf_lsa_unknown_hyper = -1;
114 static int hf_lsa_unknown_long = -1;
115 static int hf_lsa_unknown_short = -1;
116 static int hf_lsa_unknown_char = -1;
117 static int hf_lsa_unknown_string = -1;
118 static int hf_lsa_unknown_time = -1;
121 static gint ett_dcerpc_lsa = -1;
122 static gint ett_lsa_OBJECT_ATTRIBUTES = -1;
123 static gint ett_LSA_SECURITY_DESCRIPTOR = -1;
124 static gint ett_lsa_policy_info = -1;
125 static gint ett_lsa_policy_audit_log_info = -1;
126 static gint ett_lsa_policy_audit_events_info = -1;
127 static gint ett_lsa_policy_primary_domain_info = -1;
128 static gint ett_lsa_policy_primary_account_info = -1;
129 static gint ett_lsa_policy_server_role_info = -1;
130 static gint ett_lsa_policy_replica_source_info = -1;
131 static gint ett_lsa_policy_default_quota_info = -1;
132 static gint ett_lsa_policy_modification_info = -1;
133 static gint ett_lsa_policy_audit_full_set_info = -1;
134 static gint ett_lsa_policy_audit_full_query_info = -1;
135 static gint ett_lsa_policy_dns_domain_info = -1;
136 static gint ett_lsa_translated_names = -1;
137 static gint ett_lsa_translated_name = -1;
138 static gint ett_lsa_referenced_domain_list = -1;
139 static gint ett_lsa_trust_information = -1;
140 static gint ett_lsa_trust_information_ex = -1;
141 static gint ett_LUID = -1;
142 static gint ett_LSA_PRIVILEGES = -1;
143 static gint ett_LSA_PRIVILEGE = -1;
144 static gint ett_LSA_LUID_AND_ATTRIBUTES_ARRAY = -1;
145 static gint ett_LSA_LUID_AND_ATTRIBUTES = -1;
146 static gint ett_LSA_TRUSTED_DOMAIN_LIST = -1;
147 static gint ett_LSA_TRUSTED_DOMAIN = -1;
148 static gint ett_LSA_TRANSLATED_SIDS = -1;
149 static gint ett_lsa_trusted_domain_info = -1;
150 static gint ett_lsa_trust_attr = -1;
151 static gint ett_lsa_trusted_domain_auth_information = -1;
152 static gint ett_lsa_auth_information = -1;
156 lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
157 packet_info *pinfo, proto_tree *tree,
162 di=pinfo->private_data;
163 if(di->conformant_run){
164 /*just a run to handle conformant arrays, nothing to dissect */
168 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
175 lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
176 packet_info *pinfo, proto_tree *tree,
181 di=pinfo->private_data;
182 if(di->conformant_run){
183 /*just a run to handle conformant arrays, nothing to dissect */
187 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
188 di->hf_index, di->levels);
193 lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
194 packet_info *pinfo, proto_tree *tree,
199 di=pinfo->private_data;
200 if(di->conformant_run){
201 /*just a run to handle conformant arrays, nothing to dissect */
205 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
206 di->hf_index, di->levels);
212 lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
213 packet_info *pinfo, proto_tree *tree,
219 di=pinfo->private_data;
220 if(di->conformant_run){
221 /*just a run to handle conformant arrays, nothing to dissect */
225 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
226 hf_lsa_sd_size, &len);
227 proto_tree_add_item(tree, hf_lsa_secret, tvb, offset, len, FALSE);
233 lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
234 packet_info *pinfo, proto_tree *parent_tree,
237 proto_item *item=NULL;
238 proto_tree *tree=NULL;
239 int old_offset=offset;
242 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
244 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
247 /* XXX need to figure this one out */
248 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
249 hf_lsa_sd_size, NULL);
250 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
251 lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
252 "LSA SECRET data:", -1, 0);
254 proto_item_set_len(item, offset-old_offset);
259 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
260 packet_info *pinfo, proto_tree *tree,
266 di=pinfo->private_data;
267 if(di->conformant_run){
268 /*just a run to handle conformant arrays, nothing to dissect */
272 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
273 hf_lsa_sd_size, &len);
275 dissect_nt_sec_desc(tvb, pinfo, offset, tree, len);
281 lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
282 packet_info *pinfo, proto_tree *parent_tree,
285 proto_item *item=NULL;
286 proto_tree *tree=NULL;
287 int old_offset=offset;
290 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
291 "LSA_SECURITY_DESCRIPTOR:");
292 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
295 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
296 hf_lsa_sd_size, NULL);
298 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
299 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
300 "LSA SECURITY DESCRIPTOR data:", -1, 0);
302 proto_item_set_len(item, offset-old_offset);
307 lsa_dissect_LPSTR(tvbuff_t *tvb, int offset,
308 packet_info *pinfo, proto_tree *tree, char *drep)
310 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
311 hf_lsa_unknown_char, NULL);
316 static const value_string lsa_impersonation_level_vals[] = {
318 {1, "Identification"},
319 {2, "Impersonation"},
326 lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset,
327 packet_info *pinfo, proto_tree *tree, char *drep)
330 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
331 hf_lsa_qos_len, NULL);
333 /* impersonation level */
334 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
335 hf_lsa_qos_impersonation_level, NULL);
337 /* context tracking mode */
338 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
339 hf_lsa_qos_track_context, NULL);
342 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
343 hf_lsa_qos_effective_only, NULL);
349 lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
350 packet_info *pinfo, proto_tree *tree, char *drep)
352 /* XXX is this some bitmask ?*/
353 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
354 hf_lsa_access_mask, NULL);
360 lsa_dissect_LSA_HANDLE(tvbuff_t *tvb, int offset,
361 packet_info *pinfo, proto_tree *tree, char *drep)
363 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
371 lsa_dissect_LSA_OBJECT_ATTRIBUTES(tvbuff_t *tvb, int offset,
372 packet_info *pinfo, proto_tree *parent_tree, char *drep)
374 int old_offset=offset;
375 proto_item *item = NULL;
376 proto_tree *tree = NULL;
379 item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Object Attributes");
380 tree = proto_item_add_subtree(item, ett_lsa_OBJECT_ATTRIBUTES);
384 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
385 hf_lsa_obj_attr_len, NULL);
388 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
389 lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
390 "LSPTR pointer: ", -1, 0);
393 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
394 lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
395 "NAME pointer: ", hf_lsa_obj_attr_name, 0);
398 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
399 hf_lsa_obj_attr, NULL);
401 /* security descriptor */
402 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
403 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
404 "LSA_SECURITY_DESCRIPTOR pointer: ", -1, 0);
406 /* security quality of service */
407 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
408 lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
409 "LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1, 0);
411 proto_item_set_len(item, offset-old_offset);
416 lsa_dissect_lsaclose_rqst(tvbuff_t *tvb, int offset,
417 packet_info *pinfo, proto_tree *tree, char *drep)
419 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
420 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
421 "LSA_HANDLE pointer: hnd", -1, 0);
427 lsa_dissect_lsaclose_reply(tvbuff_t *tvb, int offset,
428 packet_info *pinfo, proto_tree *tree, char *drep)
430 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
431 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
432 "LSA_HANDLE pointer: hnd", -1, 0);
433 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
439 /* A bug in the NT IDL for lsa openpolicy only stores the first (wide)
440 character of the server name which is always '\'. This is fixed in lsa
441 openpolicy2 but the function remains for backwards compatibility. */
443 static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
445 proto_tree *tree, char *drep)
447 return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
448 hf_lsa_server, NULL);
452 lsa_dissect_lsaopenpolicy_rqst(tvbuff_t *tvb, int offset,
453 packet_info *pinfo, proto_tree *tree, char *drep)
455 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
456 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
457 "Server:", hf_lsa_server, 0);
459 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
460 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
463 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
470 lsa_dissect_lsaopenpolicy_reply(tvbuff_t *tvb, int offset,
471 packet_info *pinfo, proto_tree *tree, char *drep)
473 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
474 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
475 "LSA_HANDLE pointer: hnd", -1, 0);
476 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
483 lsa_dissect_lsaopenpolicy2_rqst(tvbuff_t *tvb, int offset,
484 packet_info *pinfo, proto_tree *tree, char *drep)
486 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
487 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
488 "Server", hf_lsa_server, 0);
490 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
491 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
494 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
501 lsa_dissect_lsaopenpolicy2_reply(tvbuff_t *tvb, int offset,
502 packet_info *pinfo, proto_tree *tree, char *drep)
504 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
505 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
506 "LSA_HANDLE pointer: hnd", -1, 0);
507 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
513 static const value_string policy_information_class_vals[] = {
514 {1, "Audit Log Information"},
515 {2, "Audit Events Information"},
516 {3, "Primary Domain Information"},
517 {4, "Pd Account Information"},
518 {5, "Account Domain Information"},
519 {6, "Server Role Information"},
520 {7, "Replica Source Information"},
521 {8, "Default Quota Information"},
522 {9, "Modification Information"},
523 {10, "Audit Full Set Information"},
524 {11, "Audit Full Query Information"},
525 {12, "DNS Domain Information"},
530 lsa_dissect_lsaqueryinformationpolicy_rqst(tvbuff_t *tvb, int offset,
531 packet_info *pinfo, proto_tree *tree, char *drep)
533 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
534 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
535 "LSA_HANDLE pointer: hnd", -1, 0);
537 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
538 hf_lsa_policy_information_class, NULL);
544 lsa_dissect_POLICY_AUDIT_LOG_INFO(tvbuff_t *tvb, int offset,
545 packet_info *pinfo, proto_tree *parent_tree, char *drep)
547 proto_item *item=NULL;
548 proto_tree *tree=NULL;
549 int old_offset=offset;
552 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
553 "POLICY_AUDIT_LOG_INFO:");
554 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_log_info);
558 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
559 hf_lsa_pali_percent_full, NULL);
562 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
563 hf_lsa_pali_log_size, NULL);
565 /* retention period */
566 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
567 hf_lsa_pali_retention_period);
569 /* shutdown in progress */
570 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
571 hf_lsa_pali_shutdown_in_progress, NULL);
573 /* time to shutdown */
574 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
575 hf_lsa_pali_time_to_shutdown);
577 /* next audit record */
578 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
579 hf_lsa_pali_next_audit_record, NULL);
581 proto_item_set_len(item, offset-old_offset);
586 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings(tvbuff_t *tvb, int offset,
587 packet_info *pinfo, proto_tree *tree, char *drep)
589 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
590 hf_lsa_paei_settings, NULL);
595 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array(tvbuff_t *tvb, int offset,
596 packet_info *pinfo, proto_tree *tree, char *drep)
598 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
599 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings);
605 lsa_dissect_POLICY_AUDIT_EVENTS_INFO(tvbuff_t *tvb, int offset,
606 packet_info *pinfo, proto_tree *parent_tree, char *drep)
608 proto_item *item=NULL;
609 proto_tree *tree=NULL;
610 int old_offset=offset;
613 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
614 "POLICY_AUDIT_EVENTS_INFO:");
615 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_events_info);
619 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
620 hf_lsa_paei_enabled, NULL);
623 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
624 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array, NDR_POINTER_UNIQUE,
628 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
631 proto_item_set_len(item, offset-old_offset);
637 lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(tvbuff_t *tvb, int offset,
638 packet_info *pinfo, proto_tree *parent_tree, char *drep)
640 proto_item *item=NULL;
641 proto_tree *tree=NULL;
642 int old_offset=offset;
645 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
646 "POLICY_PRIMARY_DOMAIN_INFO:");
647 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_domain_info);
651 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
655 offset = dissect_ndr_nt_PSID(tvb, offset,
658 proto_item_set_len(item, offset-old_offset);
664 lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(tvbuff_t *tvb, int offset,
665 packet_info *pinfo, proto_tree *parent_tree, char *drep)
667 proto_item *item=NULL;
668 proto_tree *tree=NULL;
669 int old_offset=offset;
672 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
673 "POLICY_ACCOUNT_DOMAIN_INFO:");
674 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_account_info);
678 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
682 offset = dissect_ndr_nt_PSID(tvb, offset,
685 proto_item_set_len(item, offset-old_offset);
690 static const value_string server_role_vals[] = {
692 {1, "Domain Member"},
698 lsa_dissect_POLICY_SERVER_ROLE_INFO(tvbuff_t *tvb, int offset,
699 packet_info *pinfo, proto_tree *parent_tree, char *drep)
701 proto_item *item=NULL;
702 proto_tree *tree=NULL;
703 int old_offset=offset;
706 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
707 "POLICY_SERVER_ROLE_INFO:");
708 tree = proto_item_add_subtree(item, ett_lsa_policy_server_role_info);
712 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
713 hf_lsa_server_role, NULL);
715 proto_item_set_len(item, offset-old_offset);
720 lsa_dissect_POLICY_REPLICA_SOURCE_INFO(tvbuff_t *tvb, int offset,
721 packet_info *pinfo, proto_tree *parent_tree, char *drep)
723 proto_item *item=NULL;
724 proto_tree *tree=NULL;
725 int old_offset=offset;
728 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
729 "POLICY_REPLICA_SOURCE_INFO:");
730 tree = proto_item_add_subtree(item, ett_lsa_policy_replica_source_info);
734 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
738 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
741 proto_item_set_len(item, offset-old_offset);
747 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(tvbuff_t *tvb, int offset,
748 packet_info *pinfo, proto_tree *parent_tree, char *drep)
750 proto_item *item=NULL;
751 proto_tree *tree=NULL;
752 int old_offset=offset;
755 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
756 "POLICY_DEFAULT_QUOTA_INFO:");
757 tree = proto_item_add_subtree(item, ett_lsa_policy_default_quota_info);
761 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
762 hf_lsa_quota_paged_pool, NULL);
765 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
766 hf_lsa_quota_non_paged_pool, NULL);
769 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
770 hf_lsa_quota_min_wss, NULL);
773 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
774 hf_lsa_quota_max_wss, NULL);
777 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
778 hf_lsa_quota_pagefile, NULL);
781 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
782 hf_lsa_unknown_hyper, NULL);
784 proto_item_set_len(item, offset-old_offset);
790 lsa_dissect_POLICY_MODIFICATION_INFO(tvbuff_t *tvb, int offset,
791 packet_info *pinfo, proto_tree *parent_tree, char *drep)
793 proto_item *item=NULL;
794 proto_tree *tree=NULL;
795 int old_offset=offset;
798 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
799 "POLICY_MODIFICATION_INFO:");
800 tree = proto_item_add_subtree(item, ett_lsa_policy_modification_info);
804 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
805 hf_lsa_mod_seq_no, NULL);
808 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
811 proto_item_set_len(item, offset-old_offset);
817 lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(tvbuff_t *tvb, int offset,
818 packet_info *pinfo, proto_tree *parent_tree, char *drep)
820 proto_item *item=NULL;
821 proto_tree *tree=NULL;
822 int old_offset=offset;
825 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
826 "POLICY_AUDIT_FULL_SET_INFO:");
827 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_set_info);
831 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
832 hf_lsa_unknown_char, NULL);
834 proto_item_set_len(item, offset-old_offset);
840 lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(tvbuff_t *tvb, int offset,
841 packet_info *pinfo, proto_tree *parent_tree, char *drep)
843 proto_item *item=NULL;
844 proto_tree *tree=NULL;
845 int old_offset=offset;
848 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
849 "POLICY_AUDIT_FULL_QUERY_INFO:");
850 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_query_info);
854 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
855 hf_lsa_unknown_char, NULL);
858 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
859 hf_lsa_unknown_char, NULL);
861 proto_item_set_len(item, offset-old_offset);
867 lsa_dissect_POLICY_DNS_DOMAIN_INFO(tvbuff_t *tvb, int offset,
868 packet_info *pinfo, proto_tree *parent_tree, char *drep)
870 proto_item *item=NULL;
871 proto_tree *tree=NULL;
872 int old_offset=offset;
875 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
876 "POLICY_DNS_DOMAIN_INFO:");
877 tree = proto_item_add_subtree(item, ett_lsa_policy_dns_domain_info);
881 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
885 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
889 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
893 offset = dissect_nt_GUID(tvb, offset,
897 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
899 proto_item_set_len(item, offset-old_offset);
904 lsa_dissect_POLICY_INFORMATION(tvbuff_t *tvb, int offset,
905 packet_info *pinfo, proto_tree *parent_tree, char *drep)
907 proto_item *item=NULL;
908 proto_tree *tree=NULL;
909 int old_offset=offset;
913 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
915 tree = proto_item_add_subtree(item, ett_lsa_policy_info);
918 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
919 hf_lsa_info_level, &level);
921 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
924 offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
925 tvb, offset, pinfo, tree, drep);
928 offset = lsa_dissect_POLICY_AUDIT_EVENTS_INFO(
929 tvb, offset, pinfo, tree, drep);
932 offset = lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(
933 tvb, offset, pinfo, tree, drep);
936 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
940 offset = lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(
941 tvb, offset, pinfo, tree, drep);
944 offset = lsa_dissect_POLICY_SERVER_ROLE_INFO(
945 tvb, offset, pinfo, tree, drep);
948 offset = lsa_dissect_POLICY_REPLICA_SOURCE_INFO(
949 tvb, offset, pinfo, tree, drep);
952 offset = lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(
953 tvb, offset, pinfo, tree, drep);
956 offset = lsa_dissect_POLICY_MODIFICATION_INFO(
957 tvb, offset, pinfo, tree, drep);
960 offset = lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(
961 tvb, offset, pinfo, tree, drep);
964 offset = lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(
965 tvb, offset, pinfo, tree, drep);
968 offset = lsa_dissect_POLICY_DNS_DOMAIN_INFO(
969 tvb, offset, pinfo, tree, drep);
973 proto_item_set_len(item, offset-old_offset);
978 lsa_dissect_lsaqueryinformationpolicy_reply(tvbuff_t *tvb, int offset,
979 packet_info *pinfo, proto_tree *tree, char *drep)
981 /* This is really a pointer to a pointer though the first level is REF
982 so we just ignore that one */
983 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
984 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
985 "POLICY_INFORMATION pointer: info", -1, 0);
986 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
993 lsa_dissect_lsadelete_rqst(tvbuff_t *tvb, int offset,
994 packet_info *pinfo, proto_tree *tree, char *drep)
996 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
997 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
998 "LSA_HANDLE pointer: hnd", -1, 0);
1004 lsa_dissect_lsadelete_reply(tvbuff_t *tvb, int offset,
1005 packet_info *pinfo, proto_tree *tree, char *drep)
1007 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1015 lsa_dissect_lsaquerysecurityobject_rqst(tvbuff_t *tvb, int offset,
1016 packet_info *pinfo, proto_tree *tree, char *drep)
1018 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1021 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1022 hf_lsa_info_type, NULL);
1029 lsa_dissect_lsaquerysecurityobject_reply(tvbuff_t *tvb, int offset,
1030 packet_info *pinfo, proto_tree *tree, char *drep)
1032 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1033 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
1034 "LSA_SECURITY_DESCRIPTOR pointer: sec_info", -1, 0);
1036 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1044 lsa_dissect_lsasetsecurityobject_rqst(tvbuff_t *tvb, int offset,
1045 packet_info *pinfo, proto_tree *tree, char *drep)
1047 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1050 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1051 hf_lsa_info_type, NULL);
1053 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1054 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
1055 "LSA_SECURITY_DESCRIPTOR: sec_info", -1, 0);
1061 lsa_dissect_lsasetsecurityobject_reply(tvbuff_t *tvb, int offset,
1062 packet_info *pinfo, proto_tree *tree, char *drep)
1064 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1072 lsa_dissect_lsachangepassword_rqst(tvbuff_t *tvb, int offset,
1073 packet_info *pinfo, proto_tree *tree, char *drep)
1076 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1080 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1084 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1088 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1092 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1099 lsa_dissect_lsachangepassword_reply(tvbuff_t *tvb, int offset,
1100 packet_info *pinfo, proto_tree *tree, char *drep)
1102 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1108 static const value_string sid_type_vals[] = {
1113 {5, "Well Known Group"},
1114 {6, "Deleted Account"},
1121 lsa_dissect_LSA_TRANSLATED_NAME(tvbuff_t *tvb, int offset,
1122 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1124 proto_item *item=NULL;
1125 proto_tree *tree=NULL;
1126 int old_offset=offset;
1129 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1130 "LSA_TRANSLATED_NAME:");
1131 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
1135 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1136 hf_lsa_sid_type, NULL);
1139 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1143 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1144 hf_lsa_index, NULL);
1146 proto_item_set_len(item, offset-old_offset);
1151 lsa_dissect_LSA_TRANSLATED_NAME_array(tvbuff_t *tvb, int offset,
1152 packet_info *pinfo, proto_tree *tree, char *drep)
1154 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1155 lsa_dissect_LSA_TRANSLATED_NAME);
1161 lsa_dissect_LSA_TRANSLATED_NAMES(tvbuff_t *tvb, int offset,
1162 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1164 proto_item *item=NULL;
1165 proto_tree *tree=NULL;
1166 int old_offset=offset;
1169 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1170 "LSA_TRANSLATED_NAMES:");
1171 tree = proto_item_add_subtree(item, ett_lsa_translated_names);
1175 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1176 hf_lsa_count, NULL);
1179 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1180 lsa_dissect_LSA_TRANSLATED_NAME_array, NDR_POINTER_UNIQUE,
1181 "TRANSLATED_NAME_ARRAY", -1, 0);
1183 proto_item_set_len(item, offset-old_offset);
1189 lsa_dissect_lsalookupsids_rqst(tvbuff_t *tvb, int offset,
1190 packet_info *pinfo, proto_tree *tree, char *drep)
1192 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1195 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1196 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
1199 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1200 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1201 "LSA_TRANSLATED_NAMES pointer: names", -1, 0);
1203 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1204 hf_lsa_info_level, NULL);
1206 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1207 hf_lsa_num_mapped, NULL);
1213 lsa_dissect_LSA_TRUST_INFORMATION(tvbuff_t *tvb, int offset,
1214 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1216 proto_item *item=NULL;
1217 proto_tree *tree=NULL;
1218 int old_offset=offset;
1221 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1222 "TRUST INFORMATION:");
1223 tree = proto_item_add_subtree(item, ett_lsa_trust_information);
1227 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1231 offset = dissect_ndr_nt_PSID(tvb, offset,
1234 proto_item_set_len(item, offset-old_offset);
1238 static const value_string trusted_direction_vals[] = {
1239 {0, "Trust disabled"},
1240 {1, "Inbound trust"},
1241 {2, "Outbound trust"},
1245 static const value_string trusted_type_vals[] = {
1253 static const true_false_string tfs_trust_attr_non_trans = {
1254 "NON TRANSITIVE is set",
1255 "Non transitive is NOT set"
1257 static const true_false_string tfs_trust_attr_uplevel_only = {
1258 "UPLEVEL ONLY is set",
1259 "Uplevel only is NOT set"
1261 static const true_false_string tfs_trust_attr_tree_parent = {
1262 "TREE PARENT is set",
1263 "Tree parent is NOT set"
1265 static const true_false_string tfs_trust_attr_tree_root = {
1267 "Tree root is NOT set"
1270 lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
1271 proto_tree *parent_tree, char *drep)
1274 proto_item *item = NULL;
1275 proto_tree *tree = NULL;
1277 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
1278 hf_lsa_trust_attr, &mask);
1281 item = proto_tree_add_uint(parent_tree, hf_lsa_trust_attr,
1282 tvb, offset-4, 4, mask);
1283 tree = proto_item_add_subtree(item, ett_lsa_trust_attr);
1286 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_root,
1287 tvb, offset-4, 4, mask);
1288 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_parent,
1289 tvb, offset-4, 4, mask);
1290 proto_tree_add_boolean(tree, hf_lsa_trust_attr_uplevel_only,
1291 tvb, offset-4, 4, mask);
1292 proto_tree_add_boolean(tree, hf_lsa_trust_attr_non_trans,
1293 tvb, offset-4, 4, mask);
1299 lsa_dissect_LSA_TRUST_INFORMATION_EX(tvbuff_t *tvb, int offset,
1300 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1302 proto_item *item=NULL;
1303 proto_tree *tree=NULL;
1304 int old_offset=offset;
1307 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1308 "TRUST INFORMATION EX:");
1309 tree = proto_item_add_subtree(item, ett_lsa_trust_information_ex);
1313 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1317 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1318 hf_lsa_flat_name, 0);
1321 offset = dissect_ndr_nt_PSID(tvb, offset,
1325 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1326 hf_lsa_trust_direction, NULL);
1329 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1330 hf_lsa_trust_type, NULL);
1333 offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
1335 proto_item_set_len(item, offset-old_offset);
1340 lsa_dissect_auth_info_blob(tvbuff_t *tvb, int offset,
1341 packet_info *pinfo, proto_tree *tree, char *drep)
1346 di=pinfo->private_data;
1347 if(di->conformant_run){
1348 /*just a run to handle conformant arrays, nothing to dissect */
1353 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1354 hf_lsa_auth_len, &len);
1356 proto_tree_add_item(tree, hf_lsa_auth_blob, tvb, offset, len, FALSE);
1363 lsa_dissect_auth_info(tvbuff_t *tvb, int offset,
1364 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1366 proto_item *item=NULL;
1367 proto_tree *tree=NULL;
1368 int old_offset=offset;
1371 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1372 "AUTH INFORMATION:");
1373 tree = proto_item_add_subtree(item, ett_lsa_auth_information);
1377 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1378 hf_lsa_auth_update, NULL);
1381 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1382 hf_lsa_auth_type, NULL);
1385 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1386 hf_lsa_auth_len, NULL);
1388 /* auth info blob */
1389 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1390 lsa_dissect_auth_info_blob, NDR_POINTER_UNIQUE,
1391 "AUTH INFO blob:", -1, 0);
1393 proto_item_set_len(item, offset-old_offset);
1398 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvbuff_t *tvb, int offset,
1399 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1401 proto_item *item=NULL;
1402 proto_tree *tree=NULL;
1403 int old_offset=offset;
1406 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1407 "TRUSTED DOMAIN AUTH INFORMATION:");
1408 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_auth_information);
1412 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1413 hf_lsa_unknown_long, NULL);
1416 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1419 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1422 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1423 hf_lsa_unknown_long, NULL);
1426 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1429 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1431 proto_item_set_len(item, offset-old_offset);
1437 lsa_dissect_LSA_TRUST_INFORMATION_array(tvbuff_t *tvb, int offset,
1438 packet_info *pinfo, proto_tree *tree, char *drep)
1440 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1441 lsa_dissect_LSA_TRUST_INFORMATION);
1447 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
1448 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1450 proto_item *item=NULL;
1451 proto_tree *tree=NULL;
1452 int old_offset=offset;
1455 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1456 "LSA_REFERENCED_DOMAIN_LIST:");
1457 tree = proto_item_add_subtree(item, ett_lsa_referenced_domain_list);
1461 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1462 hf_lsa_count, NULL);
1464 /* trust information */
1465 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1466 lsa_dissect_LSA_TRUST_INFORMATION_array, NDR_POINTER_UNIQUE,
1467 "TRUST INFORMATION array:", -1, 0);
1470 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1471 hf_lsa_max_count, NULL);
1473 proto_item_set_len(item, offset-old_offset);
1478 lsa_dissect_lsalookupsids_reply(tvbuff_t *tvb, int offset,
1479 packet_info *pinfo, proto_tree *tree, char *drep)
1481 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1482 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
1483 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
1485 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1486 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1487 "LSA_TRANSLATED_NAMES pointer: names", -1, 0);
1489 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1490 hf_lsa_num_mapped, NULL);
1492 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1500 lsa_dissect_lsasetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1501 packet_info *pinfo, proto_tree *tree, char *drep)
1503 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1506 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1507 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1508 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1, 0);
1515 lsa_dissect_lsasetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1516 packet_info *pinfo, proto_tree *tree, char *drep)
1518 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1526 lsa_dissect_lsagetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1527 packet_info *pinfo, proto_tree *tree, char *drep)
1529 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1537 lsa_dissect_lsagetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1538 packet_info *pinfo, proto_tree *tree, char *drep)
1540 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1541 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1542 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1, 0);
1544 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1552 lsa_dissect_lsasetinformationpolicy_rqst(tvbuff_t *tvb, int offset,
1553 packet_info *pinfo, proto_tree *tree, char *drep)
1555 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1558 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1559 hf_lsa_policy_information_class, NULL);
1561 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1562 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
1563 "POLICY_INFORMATION pointer: info", -1, 0);
1570 lsa_dissect_lsasetinformationpolicy_reply(tvbuff_t *tvb, int offset,
1571 packet_info *pinfo, proto_tree *tree, char *drep)
1573 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1581 lsa_dissect_lsaclearauditlog_rqst(tvbuff_t *tvb, int offset,
1582 packet_info *pinfo, proto_tree *tree, char *drep)
1584 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1587 offset = dissect_ndr_nt_SID(tvb, offset,
1591 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1592 hf_lsa_unknown_long, NULL);
1599 lsa_dissect_lsaclearauditlog_reply(tvbuff_t *tvb, int offset,
1600 packet_info *pinfo, proto_tree *tree, char *drep)
1602 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1605 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1612 lsa_dissect_lsagetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1613 packet_info *pinfo, proto_tree *tree, char *drep)
1615 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1623 lsa_dissect_lsagetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1624 packet_info *pinfo, proto_tree *tree, char *drep)
1626 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1629 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1637 lsa_dissect_lsasetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1638 packet_info *pinfo, proto_tree *tree, char *drep)
1640 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1643 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1651 lsa_dissect_lsasetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1652 packet_info *pinfo, proto_tree *tree, char *drep)
1654 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1662 lsa_dissect_lsaopentrusteddomain_rqst(tvbuff_t *tvb, int offset,
1663 packet_info *pinfo, proto_tree *tree, char *drep)
1665 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1668 offset = dissect_ndr_nt_SID(tvb, offset,
1671 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
1679 lsa_dissect_lsaopentrusteddomain_reply(tvbuff_t *tvb, int offset,
1680 packet_info *pinfo, proto_tree *tree, char *drep)
1682 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1685 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1693 lsa_dissect_lsadeletetrusteddomain_rqst(tvbuff_t *tvb, int offset,
1694 packet_info *pinfo, proto_tree *tree, char *drep)
1696 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1699 offset = dissect_ndr_nt_SID(tvb, offset,
1707 lsa_dissect_lsadeletetrusteddomain_reply(tvbuff_t *tvb, int offset,
1708 packet_info *pinfo, proto_tree *tree, char *drep)
1710 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1717 dissect_nt_LUID(tvbuff_t *tvb, int offset,
1718 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1720 proto_item *item=NULL;
1721 proto_tree *tree=NULL;
1722 int old_offset=offset;
1725 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1727 tree = proto_item_add_subtree(item, ett_LUID);
1730 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1731 hf_nt_luid_low, NULL);
1733 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1734 hf_nt_luid_high, NULL);
1736 proto_item_set_len(item, offset-old_offset);
1741 lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset,
1742 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1744 proto_item *item=NULL;
1745 proto_tree *tree=NULL;
1746 int old_offset=offset;
1749 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1751 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
1754 /* privilege name */
1755 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1756 hf_lsa_privilege_name, 0);
1759 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1761 proto_item_set_len(item, offset-old_offset);
1766 lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset,
1767 packet_info *pinfo, proto_tree *tree, char *drep)
1769 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1770 lsa_dissect_LSA_PRIVILEGE);
1776 lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset,
1777 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1779 proto_item *item=NULL;
1780 proto_tree *tree=NULL;
1781 int old_offset=offset;
1784 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1786 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES);
1789 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1790 hf_lsa_count, NULL);
1793 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1794 lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE,
1795 "LSA_PRIVILEGE array:", -1, 0);
1797 proto_item_set_len(item, offset-old_offset);
1802 lsa_dissect_lsaenumerateprivileges_rqst(tvbuff_t *tvb, int offset,
1803 packet_info *pinfo, proto_tree *tree, char *drep)
1805 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1808 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1809 hf_lsa_count, NULL);
1811 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1818 lsa_dissect_lsaenumerateprivileges_reply(tvbuff_t *tvb, int offset,
1819 packet_info *pinfo, proto_tree *tree, char *drep)
1821 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1822 hf_lsa_count, NULL);
1824 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1825 lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF,
1826 "LSA_PRIVILEGES pointer: privs", -1, 0);
1828 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1835 lsa_dissect_lsalookupprivilegevalue_rqst(tvbuff_t *tvb, int offset,
1836 packet_info *pinfo, proto_tree *tree, char *drep)
1838 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1841 /* privilege name */
1842 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1843 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1844 "NAME pointer: ", hf_lsa_privilege_name, 0);
1851 lsa_dissect_lsalookupprivilegevalue_reply(tvbuff_t *tvb, int offset,
1852 packet_info *pinfo, proto_tree *tree, char *drep)
1856 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1858 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1866 lsa_dissect_lsalookupprivilegename_rqst(tvbuff_t *tvb, int offset,
1867 packet_info *pinfo, proto_tree *tree, char *drep)
1869 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1873 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1874 dissect_nt_LUID, NDR_POINTER_REF,
1875 "LUID pointer: value", -1, 0);
1882 lsa_dissect_lsalookupprivilegename_reply(tvbuff_t *tvb, int offset,
1883 packet_info *pinfo, proto_tree *tree, char *drep)
1885 /* [out, ref] LSA_UNICODE_STRING **name */
1886 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1887 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1888 "PRIVILEGE NAME pointer:", hf_lsa_privilege_name, 0);
1890 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1898 lsa_dissect_lsaenumerateprivilegesaccount_rqst(tvbuff_t *tvb, int offset,
1899 packet_info *pinfo, proto_tree *tree, char *drep)
1901 /* [in] LSA_HANDLE hnd */
1902 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1910 lsa_dissect_LUID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
1911 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1913 proto_item *item=NULL;
1914 proto_tree *tree=NULL;
1915 int old_offset=offset;
1918 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1919 "LUID_AND_ATTRIBUTES:");
1920 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES);
1924 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1927 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1930 proto_item_set_len(item, offset-old_offset);
1935 lsa_dissect_LUID_AND_ATTRIBUTES_array(tvbuff_t *tvb, int offset,
1936 packet_info *pinfo, proto_tree *tree, char *drep)
1938 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1939 lsa_dissect_LUID_AND_ATTRIBUTES);
1945 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
1946 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1948 proto_item *item=NULL;
1949 proto_tree *tree=NULL;
1950 int old_offset=offset;
1953 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1954 "LUID_AND_ATTRIBUTES_ARRAY:");
1955 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES_ARRAY);
1958 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1959 hf_lsa_count, NULL);
1961 /* luid and attributes */
1962 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1963 lsa_dissect_LUID_AND_ATTRIBUTES_array, NDR_POINTER_UNIQUE,
1964 "LUID_AND_ATTRIBUTES array:", -1, 0);
1966 proto_item_set_len(item, offset-old_offset);
1971 lsa_dissect_lsaenumerateprivilegesaccount_reply(tvbuff_t *tvb, int offset,
1972 packet_info *pinfo, proto_tree *tree, char *drep)
1974 /* [out, ref] LUID_AND_ATTRIBUTES_ARRAY * *privs */
1975 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1976 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
1977 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1, 0);
1979 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1986 lsa_dissect_lsaaddprivilegestoaccount_rqst(tvbuff_t *tvb, int offset,
1987 packet_info *pinfo, proto_tree *tree, char *drep)
1989 /* [in] LSA_HANDLE hnd */
1990 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1993 /* [in, ref] LUID_AND_ATTRIBUTES_ARRAY *privs */
1994 offset = lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvb, offset,
2002 lsa_dissect_lsaaddprivilegestoaccount_reply(tvbuff_t *tvb, int offset,
2003 packet_info *pinfo, proto_tree *tree, char *drep)
2005 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2012 lsa_dissect_lsaremoveprivilegesfromaccount_rqst(tvbuff_t *tvb, int offset,
2013 packet_info *pinfo, proto_tree *tree, char *drep)
2015 /* [in] LSA_HANDLE hnd */
2016 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2019 /* [in] char unknown */
2020 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2021 hf_lsa_unknown_char, NULL);
2023 /* [in, unique] LUID_AND_ATTRIBUTES_ARRAY *privs */
2024 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2025 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2026 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1, 0);
2033 lsa_dissect_lsaremoveprivilegesfromaccount_reply(tvbuff_t *tvb, int offset,
2034 packet_info *pinfo, proto_tree *tree, char *drep)
2036 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2043 lsa_dissect_lsaenumerateaccounts_rqst(tvbuff_t *tvb, int offset,
2044 packet_info *pinfo, proto_tree *tree, char *drep)
2046 /* [in] LSA_HANDLE hnd */
2047 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2050 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2051 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2052 hf_lsa_resume_handle, NULL);
2054 /* [in] ULONG pref_maxlen */
2055 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2056 hf_lsa_max_count, NULL);
2062 lsa_dissect_lsaenumerateaccounts_reply(tvbuff_t *tvb, int offset,
2063 packet_info *pinfo, proto_tree *tree, char *drep)
2065 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2066 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2067 hf_lsa_resume_handle, NULL);
2069 /* [out, ref] PSID_ARRAY **accounts */
2070 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2071 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2074 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2081 lsa_dissect_lsacreatetrusteddomain_rqst(tvbuff_t *tvb, int offset,
2082 packet_info *pinfo, proto_tree *tree, char *drep)
2084 /* [in] LSA_HANDLE hnd_pol */
2085 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2088 /* [in, ref] LSA_TRUST_INFORMATION *domain */
2089 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2090 lsa_dissect_LSA_TRUST_INFORMATION, NDR_POINTER_REF,
2091 "LSA_TRUST_INFORMATION pointer: domain", -1, 0);
2093 /* [in] ACCESS_MASK access */
2094 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2101 lsa_dissect_lsacreatetrusteddomain_reply(tvbuff_t *tvb, int offset,
2102 packet_info *pinfo, proto_tree *tree, char *drep)
2104 /* [out] LSA_HANDLE *hnd */
2105 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2108 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2115 lsa_dissect_lsaenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
2116 packet_info *pinfo, proto_tree *tree, char *drep)
2118 /* [in] LSA_HANDLE hnd */
2119 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2122 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2123 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2124 hf_lsa_resume_handle, NULL);
2126 /* [in] ULONG pref_maxlen */
2127 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2128 hf_lsa_max_count, NULL);
2134 lsa_dissect_LSA_TRUSTED_DOMAIN(tvbuff_t *tvb, int offset,
2135 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2137 proto_item *item=NULL;
2138 proto_tree *tree=NULL;
2139 int old_offset=offset;
2142 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2144 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN);
2148 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2152 offset = dissect_ndr_nt_PSID(tvb, offset,
2155 proto_item_set_len(item, offset-old_offset);
2160 lsa_dissect_LSA_TRUSTED_DOMAIN_array(tvbuff_t *tvb, int offset,
2161 packet_info *pinfo, proto_tree *tree, char *drep)
2163 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2164 lsa_dissect_LSA_TRUSTED_DOMAIN);
2170 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
2171 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2173 proto_item *item=NULL;
2174 proto_tree *tree=NULL;
2175 int old_offset=offset;
2178 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2179 "TRUSTED_DOMAIN_LIST:");
2180 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN_LIST);
2183 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2184 hf_lsa_count, NULL);
2187 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2188 lsa_dissect_LSA_TRUSTED_DOMAIN_array, NDR_POINTER_UNIQUE,
2189 "TRUSTED_DOMAIN array:", -1, 0);
2191 proto_item_set_len(item, offset-old_offset);
2196 lsa_dissect_lsaenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
2197 packet_info *pinfo, proto_tree *tree, char *drep)
2199 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2200 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2201 hf_lsa_resume_handle, NULL);
2203 /* [out, ref] LSA_REFERENCED_DOMAIN_LIST *domains */
2204 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2205 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST, NDR_POINTER_REF,
2206 "LSA_TRUSTED_DOMAIN_LIST pointer: domains", -1, 0);
2208 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2216 lsa_dissect_LSA_UNICODE_STRING_item(tvbuff_t *tvb, int offset,
2217 packet_info *pinfo, proto_tree *tree, char *drep)
2221 di=pinfo->private_data;
2222 if(di->conformant_run){
2223 /*just a run to handle conformant arrays, nothing to dissect */
2227 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2228 di->hf_index, di->levels);
2234 lsa_dissect_LSA_UNICODE_STRING_array(tvbuff_t *tvb, int offset,
2235 packet_info *pinfo, proto_tree *tree, char *drep)
2237 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2238 lsa_dissect_LSA_UNICODE_STRING_item);
2244 lsa_dissect_LSA_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
2245 packet_info *pinfo, proto_tree *tree, char *drep)
2249 di=pinfo->private_data;
2251 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2252 hf_lsa_count, NULL);
2253 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2254 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2255 "UNICODE_STRING pointer: ", di->hf_index, 0);
2261 lsa_dissect_LSA_TRANSLATED_SID(tvbuff_t *tvb, int offset,
2262 packet_info *pinfo, proto_tree *tree, char *drep)
2265 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2266 hf_lsa_sid_type, NULL);
2268 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2271 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2272 hf_lsa_index, NULL);
2278 lsa_dissect_LSA_TRANSLATED_SIDS_array(tvbuff_t *tvb, int offset,
2279 packet_info *pinfo, proto_tree *tree, char *drep)
2281 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2282 lsa_dissect_LSA_TRANSLATED_SID);
2288 lsa_dissect_LSA_TRANSLATED_SIDS(tvbuff_t *tvb, int offset,
2289 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2291 proto_item *item=NULL;
2292 proto_tree *tree=NULL;
2293 int old_offset=offset;
2296 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2297 "LSA_TRANSLATED_SIDS:");
2298 tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
2302 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2303 hf_lsa_count, NULL);
2306 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2307 lsa_dissect_LSA_TRANSLATED_SIDS_array, NDR_POINTER_UNIQUE,
2308 "Translated SIDS", -1, 0);
2310 proto_item_set_len(item, offset-old_offset);
2315 lsa_dissect_lsalookupnames_rqst(tvbuff_t *tvb, int offset,
2316 packet_info *pinfo, proto_tree *tree, char *drep)
2318 /* [in] LSA_HANDLE hnd */
2319 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2322 /* [in] ULONG count */
2323 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2324 hf_lsa_count, NULL);
2326 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
2327 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2328 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
2329 "Account pointer: names", hf_lsa_acct, 0);
2331 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2332 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2333 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2334 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
2336 /* [in] USHORT level */
2337 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2338 hf_lsa_info_level, NULL);
2340 /* [in, out, ref] ULONG *num_mapped */
2341 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2342 hf_lsa_num_mapped, NULL);
2349 lsa_dissect_lsalookupnames_reply(tvbuff_t *tvb, int offset,
2350 packet_info *pinfo, proto_tree *tree, char *drep)
2352 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
2353 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2354 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
2355 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
2357 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2358 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2359 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2360 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
2362 /* [in, out, ref] ULONG *num_mapped */
2363 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2364 hf_lsa_num_mapped, NULL);
2366 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2373 lsa_dissect_lsacreatesecret_rqst(tvbuff_t *tvb, int offset,
2374 packet_info *pinfo, proto_tree *tree, char *drep)
2376 /* [in] LSA_HANDLE hnd_pol */
2377 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2380 /* [in, ref] LSA_UNICODE_STRING *name */
2381 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2384 /* [in] ACCESS_MASK access */
2385 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2392 lsa_dissect_lsacreatesecret_reply(tvbuff_t *tvb, int offset,
2393 packet_info *pinfo, proto_tree *tree, char *drep)
2396 /* [out] LSA_HANDLE *hnd */
2397 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2400 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2407 lsa_dissect_lsaopenaccount_rqst(tvbuff_t *tvb, int offset,
2408 packet_info *pinfo, proto_tree *tree, char *drep)
2410 /* [in] LSA_HANDLE hnd_pol */
2411 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2414 /* [in, ref] SID *account */
2415 offset = dissect_ndr_nt_SID(tvb, offset,
2418 /* [in] ACCESS_MASK access */
2419 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2427 lsa_dissect_lsaopenaccount_reply(tvbuff_t *tvb, int offset,
2428 packet_info *pinfo, proto_tree *tree, char *drep)
2430 /* [out] LSA_HANDLE *hnd */
2431 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2434 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2440 static const value_string trusted_info_level_vals[] = {
2441 {1, "Domain Name Information"},
2442 {2, "Controllers Information"},
2443 {3, "Posix Offset Information"},
2444 {4, "Password Information"},
2445 {5, "Domain Information Basic"},
2446 {6, "Domain Information Ex"},
2447 {7, "Domain Auth Information"},
2448 {8, "Domain Full Information"},
2449 {9, "Domain Security Descriptor"},
2450 {10, "Domain Private Information"},
2455 lsa_dissect_TRUSTED_DOMAIN_INFORMATION(tvbuff_t *tvb, int offset,
2456 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2458 proto_item *item=NULL;
2459 proto_tree *tree=NULL;
2460 int old_offset=offset;
2464 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2465 "TRUSTED_DOMAIN_INFO:");
2466 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_info);
2469 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2470 hf_lsa_trusted_info_level, &level);
2472 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2475 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2479 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2480 hf_lsa_count, NULL);
2481 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2482 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2483 "Controllers pointer: ", hf_lsa_controller, 0);
2486 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2487 hf_lsa_rid_offset, NULL);
2490 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2491 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2494 offset = lsa_dissect_LSA_TRUST_INFORMATION(tvb, offset,
2498 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2502 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2505 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2507 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2508 hf_lsa_rid_offset, NULL);
2509 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2512 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2515 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2517 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2518 hf_lsa_rid_offset, NULL);
2519 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2523 proto_item_set_len(item, offset-old_offset);
2528 lsa_dissect_lsaqueryinfotrusteddomain_rqst(tvbuff_t *tvb, int offset,
2529 packet_info *pinfo, proto_tree *tree, char *drep)
2531 /* [in] LSA_HANDLE hnd */
2532 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2535 /* [in] TRUSTED_INFORMATION_CLASS level */
2536 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2537 hf_lsa_trusted_info_level, NULL);
2544 lsa_dissect_lsaqueryinfotrusteddomain_reply(tvbuff_t *tvb, int offset,
2545 packet_info *pinfo, proto_tree *tree, char *drep)
2547 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info */
2548 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2549 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2550 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
2552 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2559 lsa_dissect_lsasetinformationtrusteddomain_rqst(tvbuff_t *tvb, int offset,
2560 packet_info *pinfo, proto_tree *tree, char *drep)
2562 /* [in] LSA_HANDLE hnd */
2563 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2566 /* [in] TRUSTED_INFORMATION_CLASS level */
2567 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2568 hf_lsa_trusted_info_level, NULL);
2570 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info */
2571 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2572 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2573 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
2580 lsa_dissect_lsasetinformationtrusteddomain_reply(tvbuff_t *tvb, int offset,
2581 packet_info *pinfo, proto_tree *tree, char *drep)
2583 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2590 lsa_dissect_lsaopensecret_rqst(tvbuff_t *tvb, int offset,
2591 packet_info *pinfo, proto_tree *tree, char *drep)
2593 /* [in] LSA_HANDLE hnd_pol */
2594 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2597 /* [in, ref] LSA_UNICODE_STRING *name */
2598 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2601 /* [in] ACCESS_MASK access */
2602 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2610 lsa_dissect_lsaopensecret_reply(tvbuff_t *tvb, int offset,
2611 packet_info *pinfo, proto_tree *tree, char *drep)
2613 /* [out] LSA_HANDLE *hnd */
2614 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2617 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2624 lsa_dissect_lsasetsecret_rqst(tvbuff_t *tvb, int offset,
2625 packet_info *pinfo, proto_tree *tree, char *drep)
2627 /* [in] LSA_HANDLE hnd */
2628 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2631 /* [in, unique] LSA_SECRET *new_val */
2632 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2633 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2634 "LSA_SECRET pointer: new_val", -1, 0);
2636 /* [in, unique] LSA_SECRET *old_val */
2637 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2638 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2639 "LSA_SECRET pointer: old_val", -1, 0);
2646 lsa_dissect_lsasetsecret_reply(tvbuff_t *tvb, int offset,
2647 packet_info *pinfo, proto_tree *tree, char *drep)
2649 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2656 lsa_dissect_lsaquerysecret_rqst(tvbuff_t *tvb, int offset,
2657 packet_info *pinfo, proto_tree *tree, char *drep)
2659 /* [in] LSA_HANDLE hnd */
2660 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2663 /* [in, out, unique] LSA_SECRET **curr_val */
2664 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2665 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2666 "LSA_SECRET pointer: curr_val", -1, 0);
2668 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2669 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2670 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2671 "NTIME pointer: old_mtime", hf_lsa_cur_mtime, 0);
2673 /* [in, out, unique] LSA_SECRET **old_val */
2674 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2675 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2676 "LSA_SECRET pointer: old_val", -1, 0);
2678 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2679 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2680 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2681 "NTIME pointer: old_mtime", hf_lsa_old_mtime, 0);
2688 lsa_dissect_lsaquerysecret_reply(tvbuff_t *tvb, int offset,
2689 packet_info *pinfo, proto_tree *tree, char *drep)
2691 /* [in, out, unique] LSA_SECRET **curr_val */
2692 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2693 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2694 "LSA_SECRET pointer: curr_val", -1, 0);
2696 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2697 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2698 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2699 "NTIME pointer: old_mtime", hf_lsa_cur_mtime, 0);
2701 /* [in, out, unique] LSA_SECRET **old_val */
2702 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2703 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2704 "LSA_SECRET pointer: old_val", -1, 0);
2706 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2707 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2708 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2709 "NTIME pointer: old_mtime", hf_lsa_old_mtime, 0);
2715 lsa_dissect_lsadeleteobject_rqst(tvbuff_t *tvb, int offset,
2716 packet_info *pinfo, proto_tree *tree, char *drep)
2718 /* [in] LSA_HANDLE hnd */
2719 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2727 lsa_dissect_lsadeleteobject_reply(tvbuff_t *tvb, int offset,
2728 packet_info *pinfo, proto_tree *tree, char *drep)
2730 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2737 lsa_dissect_lsaenumerateaccountswithuserright_rqst(tvbuff_t *tvb, int offset,
2738 packet_info *pinfo, proto_tree *tree, char *drep)
2740 /* [in] LSA_HANDLE hnd */
2741 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2744 /* [in, unique] LSA_UNICODE_STRING *rights */
2745 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2746 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2747 "LSA_UNICODE_STRING pointer: rights", hf_lsa_rights, 0);
2753 lsa_dissect_lsaenumerateaccountswithuserright_reply(tvbuff_t *tvb, int offset,
2754 packet_info *pinfo, proto_tree *tree, char *drep)
2756 /* [out, ref] LSA_UNICODE_STRING_ARRAY *accounts */
2757 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2758 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2759 "Account pointer: names", hf_lsa_acct, 0);
2761 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2768 lsa_dissect_lsaenumerateaccountrights_rqst(tvbuff_t *tvb, int offset,
2769 packet_info *pinfo, proto_tree *tree, char *drep)
2771 /* [in] LSA_HANDLE hnd */
2772 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2775 /* [in, ref] SID *account */
2776 offset = dissect_ndr_nt_SID(tvb, offset,
2784 lsa_dissect_lsaenumerateaccountrights_reply(tvbuff_t *tvb, int offset,
2785 packet_info *pinfo, proto_tree *tree, char *drep)
2787 /* [out, ref] LSA_UNICODE_STRING_ARRAY *rights */
2788 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2789 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2790 "Account pointer: rights", hf_lsa_rights, 0);
2792 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2800 static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
2801 { LSA_LSACLOSE, "LSACLOSE",
2802 lsa_dissect_lsaclose_rqst,
2803 lsa_dissect_lsaclose_reply },
2804 { LSA_LSADELETE, "LSADELETE",
2805 lsa_dissect_lsadelete_rqst,
2806 lsa_dissect_lsadelete_reply },
2807 { LSA_LSAENUMERATEPRIVILEGES, "LSAENUMERATEPRIVILEGES",
2808 lsa_dissect_lsaenumerateprivileges_rqst,
2809 lsa_dissect_lsaenumerateprivileges_reply },
2810 { LSA_LSAQUERYSECURITYOBJECT, "LSAQUERYSECURITYOBJECT",
2811 lsa_dissect_lsaquerysecurityobject_rqst,
2812 lsa_dissect_lsaquerysecurityobject_reply },
2813 { LSA_LSASETSECURITYOBJECT, "LSASETSECURITYOBJECT",
2814 lsa_dissect_lsasetsecurityobject_rqst,
2815 lsa_dissect_lsasetsecurityobject_reply },
2816 { LSA_LSACHANGEPASSWORD, "LSACHANGEPASSWORD",
2817 lsa_dissect_lsachangepassword_rqst,
2818 lsa_dissect_lsachangepassword_reply },
2819 { LSA_LSAOPENPOLICY, "LSAOPENPOLICY",
2820 lsa_dissect_lsaopenpolicy_rqst,
2821 lsa_dissect_lsaopenpolicy_reply },
2822 { LSA_LSAQUERYINFORMATIONPOLICY, "LSAQUERYINFORMATIONPOLICY",
2823 lsa_dissect_lsaqueryinformationpolicy_rqst,
2824 lsa_dissect_lsaqueryinformationpolicy_reply },
2825 { LSA_LSASETINFORMATIONPOLICY, "LSASETINFORMATIONPOLICY",
2826 lsa_dissect_lsasetinformationpolicy_rqst,
2827 lsa_dissect_lsasetinformationpolicy_reply },
2828 { LSA_LSACLEARAUDITLOG, "LSACLEARAUDITLOG",
2829 lsa_dissect_lsaclearauditlog_rqst,
2830 lsa_dissect_lsaclearauditlog_reply },
2831 { LSA_LSACREATEACCOUNT, "LSACREATEACCOUNT",
2832 NULL, NULL }, /* 0x0a */
2834 lsa_dissect_lsacreateaccount_rqst,
2835 lsa_dissect_lsacreateaccount_reply },
2837 { LSA_LSAENUMERATEACCOUNTS, "LSAENUMERATEACCOUNTS",
2838 lsa_dissect_lsaenumerateaccounts_rqst,
2839 lsa_dissect_lsaenumerateaccounts_reply },
2840 { LSA_LSACREATETRUSTEDDOMAIN, "LSACREATETRUSTEDDOMAIN",
2841 lsa_dissect_lsacreatetrusteddomain_rqst,
2842 lsa_dissect_lsacreatetrusteddomain_reply },
2843 { LSA_LSAENUMERATETRUSTEDDOMAINS, "LSAENUMERATETRUSTEDDOMAINS",
2844 lsa_dissect_lsaenumeratetrusteddomains_rqst,
2845 lsa_dissect_lsaenumeratetrusteddomains_reply },
2846 { LSA_LSALOOKUPNAMES, "LSALOOKUPNAMES",
2847 lsa_dissect_lsalookupnames_rqst,
2848 lsa_dissect_lsalookupnames_reply },
2849 { LSA_LSALOOKUPSIDS, "LSALOOKUPSIDS",
2850 lsa_dissect_lsalookupsids_rqst,
2851 lsa_dissect_lsalookupsids_reply },
2852 { LSA_LSACREATESECRET, "LSACREATESECRET", /*0x10*/
2853 lsa_dissect_lsacreatesecret_rqst,
2854 lsa_dissect_lsacreatesecret_reply },
2855 { LSA_LSAOPENACCOUNT, "LSAOPENACCOUNT",
2856 lsa_dissect_lsaopenaccount_rqst,
2857 lsa_dissect_lsaopenaccount_reply },
2858 { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "LSAENUMERATEPRIVILEGESACCOUNT",
2859 lsa_dissect_lsaenumerateprivilegesaccount_rqst,
2860 lsa_dissect_lsaenumerateprivilegesaccount_reply },
2861 { LSA_LSAADDPRIVILEGESTOACCOUNT, "LSAADDPRIVILEGESTOACCOUNT",
2862 lsa_dissect_lsaaddprivilegestoaccount_rqst,
2863 lsa_dissect_lsaaddprivilegestoaccount_reply },
2864 { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "LSAREMOVEPRIVILEGESFROMACCOUNT",
2865 lsa_dissect_lsaremoveprivilegesfromaccount_rqst,
2866 lsa_dissect_lsaremoveprivilegesfromaccount_reply },
2867 { LSA_LSAGETQUOTASFORACCOUNT, "LSAGETQUOTASFORACCOUNT",
2868 lsa_dissect_lsagetquotasforaccount_rqst,
2869 lsa_dissect_lsagetquotasforaccount_reply },
2870 { LSA_LSASETQUOTASFORACCOUNT, "LSASETQUOTASFORACCOUNT",
2871 lsa_dissect_lsasetquotasforaccount_rqst,
2872 lsa_dissect_lsasetquotasforaccount_reply },
2873 { LSA_LSAGETSYSTEMACCESSACCOUNT, "LSAGETSYSTEMACCESSACCOUNT",
2874 lsa_dissect_lsagetsystemaccessaccount_rqst,
2875 lsa_dissect_lsagetsystemaccessaccount_reply },
2876 { LSA_LSASETSYSTEMACCESSACCOUNT, "LSASETSYSTEMACCESSACCOUNT",
2877 lsa_dissect_lsasetsystemaccessaccount_rqst,
2878 lsa_dissect_lsasetsystemaccessaccount_reply },
2879 { LSA_LSAOPENTRUSTEDDOMAIN, "LSAOPENTRUSTEDDOMAIN",
2880 lsa_dissect_lsaopentrusteddomain_rqst,
2881 lsa_dissect_lsaopentrusteddomain_reply },
2882 { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "LSAQUERYINFOTRUSTEDDOMAIN",
2883 lsa_dissect_lsaqueryinfotrusteddomain_rqst,
2884 lsa_dissect_lsaqueryinfotrusteddomain_reply },
2885 { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "LSASETINFORMATIONTRUSTEDDOMAIN",
2886 lsa_dissect_lsasetinformationtrusteddomain_rqst,
2887 lsa_dissect_lsasetinformationtrusteddomain_reply },
2888 { LSA_LSAOPENSECRET, "LSAOPENSECRET",
2889 lsa_dissect_lsaopensecret_rqst,
2890 lsa_dissect_lsaopensecret_reply },
2891 { LSA_LSASETSECRET, "LSASETSECRET",
2892 lsa_dissect_lsasetsecret_rqst,
2893 lsa_dissect_lsasetsecret_reply },
2894 { LSA_LSAQUERYSECRET, "LSAQUERYSECRET",
2895 lsa_dissect_lsaquerysecret_rqst,
2896 lsa_dissect_lsaquerysecret_reply },
2897 { LSA_LSALOOKUPPRIVILEGEVALUE, "LSALOOKUPPRIVILEGEVALUE",
2898 lsa_dissect_lsalookupprivilegevalue_rqst,
2899 lsa_dissect_lsalookupprivilegevalue_reply },
2900 { LSA_LSALOOKUPPRIVILEGENAME, "LSALOOKUPPRIVILEGENAME",
2901 lsa_dissect_lsalookupprivilegename_rqst,
2902 lsa_dissect_lsalookupprivilegename_reply },
2903 { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LSALOOKUPPRIVILEGEDISPLAYNAME",
2906 lsa_dissect_lsalookupprivilegedisplayname_rqst,
2907 lsa_dissect_lsalookupprivilegedisplayname_reply },
2909 { LSA_LSADELETEOBJECT, "LSADELETEOBJECT",
2910 lsa_dissect_lsadeleteobject_rqst,
2911 lsa_dissect_lsadeleteobject_reply },
2912 { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "LSAENUMERATEACCOUNTSWITHUSERRIGHT",
2913 lsa_dissect_lsaenumerateaccountswithuserright_rqst,
2914 lsa_dissect_lsaenumerateaccountswithuserright_reply },
2915 { LSA_LSAENUMERATEACCOUNTRIGHTS, "LSAENUMERATEACCOUNTRIGHTS",
2916 lsa_dissect_lsaenumerateaccountrights_rqst,
2917 lsa_dissect_lsaenumerateaccountrights_reply },
2918 { LSA_LSAADDACCOUNTRIGHTS, "LSAADDACCOUNTRIGHTS",
2921 lsa_dissect_lsaaddaccountrights_rqst,
2922 lsa_dissect_lsaaddaccountrights_reply },
2924 { LSA_LSAREMOVEACCOUNTRIGHTS, "LSAREMOVEACCOUNTRIGHTS",
2927 lsa_dissect_lsaremoveaccountrights_rqst,
2928 lsa_dissect_lsaremoveaccountrights_reply },
2930 { LSA_LSAQUERYTRUSTEDDOMAININFO, "LSAQUERYTRUSTEDDOMAININFO",
2933 lsa_dissect_lsaquerytrusteddomaininfo_rqst,
2934 lsa_dissect_lsaquerytrusteddomaininfo_reply },
2936 { LSA_LSASETTRUSTEDDOMAININFO, "LSASETTRUSTEDDOMAININFO",
2939 lsa_dissect_lsasettrusteddomaininfo_rqst,
2940 lsa_dissect_lsasettrusteddomaininfo_reply },
2942 { LSA_LSADELETETRUSTEDDOMAIN, "LSADELETETRUSTEDDOMAIN",
2943 lsa_dissect_lsadeletetrusteddomain_rqst,
2944 lsa_dissect_lsadeletetrusteddomain_reply },
2945 { LSA_LSASTOREPRIVATEDATA, "LSASTOREPRIVATEDATA",
2948 lsa_dissect_lsastoreprivatedata_rqst,
2949 lsa_dissect_lsastoreprivatedata_reply },
2951 { LSA_LSARETRIEVEPRIVATEDATA, "LSARETRIEVEPRIVATEDATA",
2954 lsa_dissect_lsaretrieveprivatedata_rqst,
2955 lsa_dissect_lsaretrieveprivatedata_reply },
2957 { LSA_LSAOPENPOLICY2, "LSAOPENPOLICY2",
2958 lsa_dissect_lsaopenpolicy2_rqst,
2959 lsa_dissect_lsaopenpolicy2_reply },
2960 { LSA_LSAGETUSERNAME, "LSAGETUSERNAME",
2963 lsa_dissect_lsagetusername_rqst,
2964 lsa_dissect_lsagetusername_reply },
2966 { LSA_LSAFUNCTION_2E, "LSAFUNCTION_2E",
2969 lsa_dissect_lsafunction_2e_rqst,
2970 lsa_dissect_lsafunction_2e_reply },
2972 { LSA_LSAFUNCTION_2F, "LSAFUNCTION_2F",
2975 lsa_dissect_lsafunction_2f_rqst,
2976 lsa_dissect_lsafunction_2f_reply },
2978 { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "LSAQUERYTRUSTEDDOMAININFOBYNAME",
2981 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst,
2982 lsa_dissect_lsaquerytrusteddomaininfobyname_reply },
2984 { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "LSASETTRUSTEDDOMAININFOBYNAME",
2987 lsa_dissect_lsasettrusteddomaininfobyname_rqst,
2988 lsa_dissect_lsasettrusteddomaininfobyname_reply },
2990 { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "LSAENUMERATETRUSTEDDOMAINSEX",
2993 lsa_dissect_lsaenumeratetrusteddomainsex_rqst,
2994 lsa_dissect_lsaenumeratetrusteddomainsex_reply },
2996 { LSA_LSACREATETRUSTEDDOMAINEX, "LSACREATETRUSTEDDOMAINEX",
2999 lsa_dissect_lsacreatetrusteddomainex_rqst,
3000 lsa_dissect_lsacreatetrusteddomainex_reply },
3002 { LSA_LSACLOSETRUSTEDDOMAINEX, "LSACLOSETRUSTEDDOMAINEX",
3005 lsa_dissect_lsaclosetrusteddomainex_rqst,
3006 lsa_dissect_lsaclosetrusteddomainex_reply },
3008 { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "LSAQUERYDOMAININFORMATIONPOLICY",
3011 lsa_dissect_lsaquerydomaininformationpolicy_rqst,
3012 lsa_dissect_lsaquerydomaininformationpolicy_reply },
3014 { LSA_LSASETDOMAININFORMATIONPOLICY, "LSASETDOMAININFORMATIONPOLICY",
3017 lsa_dissect_lsasetdomaininformationpolicy_rqst,
3018 lsa_dissect_lsasetdomaininformationpolicy_reply },
3020 { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "LSAOPENTRUSTEDDOMAINBYNAME",
3023 lsa_dissect_lsaopentrusteddomainbyname_rqst,
3024 lsa_dissect_lsaopentrusteddomainbyname_reply },
3026 { LSA_LSAFUNCTION_38, "LSAFUNCTION_38",
3029 lsa_dissect_lsafunction_38_rqst,
3030 lsa_dissect_lsafunction_38_reply },
3032 { LSA_LSALOOKUPSIDS2, "LSALOOKUPSIDS2",
3035 lsa_dissect_lsalookupsids2_rqst,
3036 lsa_dissect_lsalookupsids2_reply },
3038 { LSA_LSALOOKUPNAMES2, "LSALOOKUPNAMES2",
3041 lsa_dissect_lsalookupnames2_rqst,
3042 lsa_dissect_lsalookupnames2_reply },
3044 { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B",
3047 lsa_dissect_lsafunction_3b_rqst,
3048 lsa_dissect_lsafunction_3b_reply },
3050 {0, NULL, NULL, NULL},
3054 proto_register_dcerpc_lsa(void)
3056 static hf_register_info hf[] = {
3057 { &hf_lsa_unknown_string,
3058 { "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
3059 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
3062 { "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
3063 NULL, 0x0, "LSA policy handle", HFILL }},
3066 { "Server", "lsa.server", FT_STRING, BASE_NONE,
3067 NULL, 0, "Name of Server", HFILL }},
3069 { &hf_lsa_controller,
3070 { "Controller", "lsa.controller", FT_STRING, BASE_NONE,
3071 NULL, 0, "Name of Domain Controller", HFILL }},
3073 { &hf_lsa_unknown_hyper,
3074 { "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
3075 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
3077 { &hf_lsa_unknown_long,
3078 { "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
3079 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
3081 { &hf_lsa_unknown_short,
3082 { "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
3083 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
3085 { &hf_lsa_unknown_char,
3086 { "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
3087 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
3090 { "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
3091 VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
3094 { "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
3095 NULL, 0x0, "LSA Attributes", HFILL }},
3097 { &hf_lsa_obj_attr_len,
3098 { "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
3099 NULL, 0x0, "Length of object attribute structure", HFILL }},
3101 { &hf_lsa_obj_attr_name,
3102 { "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
3103 NULL, 0x0, "Name of object attribute", HFILL }},
3105 { &hf_lsa_access_mask,
3106 { "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
3107 NULL, 0x0, "LSA Access Mask", HFILL }},
3109 { &hf_lsa_info_level,
3110 { "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
3111 NULL, 0x0, "Information level of requested data", HFILL }},
3113 { &hf_lsa_trusted_info_level,
3114 { "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
3115 VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
3118 { "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
3119 NULL, 0x0, "Size of lsa security descriptor", HFILL }},
3122 { "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
3123 NULL, 0x0, "Length of quality of service structure", HFILL }},
3125 { &hf_lsa_qos_impersonation_level,
3126 { "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
3127 VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
3129 { &hf_lsa_qos_track_context,
3130 { "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
3131 NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
3133 { &hf_lsa_qos_effective_only,
3134 { "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
3135 NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
3137 { &hf_lsa_pali_percent_full,
3138 { "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
3139 NULL, 0x0, "How full audit log is in percentage", HFILL }},
3141 { &hf_lsa_pali_log_size,
3142 { "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
3143 NULL, 0x0, "Size of audit log", HFILL }},
3145 { &hf_lsa_pali_retention_period,
3146 { "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
3147 NULL, 0x0, "", HFILL }},
3149 { &hf_lsa_pali_time_to_shutdown,
3150 { "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
3151 NULL, 0x0, "Time to shutdown", HFILL }},
3153 { &hf_lsa_pali_shutdown_in_progress,
3154 { "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
3155 NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
3157 { &hf_lsa_pali_next_audit_record,
3158 { "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
3159 NULL, 0x0, "Next audit record", HFILL }},
3161 { &hf_lsa_paei_enabled,
3162 { "Enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
3163 NULL, 0x0, "If Audit Events Information is Enabled or not", HFILL }},
3165 { &hf_lsa_paei_settings,
3166 { "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
3167 NULL, 0x0, "Audit Events Information settings", HFILL }},
3170 { "Count", "lsa.count", FT_UINT32, BASE_DEC,
3171 NULL, 0x0, "Count of objects", HFILL }},
3173 { &hf_lsa_max_count,
3174 { "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
3175 NULL, 0x0, "", HFILL }},
3178 { "Domain", "lsa.domain", FT_STRING, BASE_NONE,
3179 NULL, 0x0, "Domain", HFILL }},
3182 { "Account", "lsa.acct", FT_STRING, BASE_NONE,
3183 NULL, 0x0, "Account", HFILL }},
3186 { "Source", "lsa.source", FT_STRING, BASE_NONE,
3187 NULL, 0x0, "Replica Source", HFILL }},
3189 { &hf_lsa_server_role,
3190 { "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
3191 VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
3193 { &hf_lsa_quota_paged_pool,
3194 { "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
3195 NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
3197 { &hf_lsa_quota_non_paged_pool,
3198 { "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
3199 NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
3201 { &hf_lsa_quota_min_wss,
3202 { "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
3203 NULL, 0x0, "Size of Quota Min WSS", HFILL }},
3205 { &hf_lsa_quota_max_wss,
3206 { "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
3207 NULL, 0x0, "Size of Quota Max WSS", HFILL }},
3209 { &hf_lsa_quota_pagefile,
3210 { "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
3211 NULL, 0x0, "Size of quota pagefile usage", HFILL }},
3213 { &hf_lsa_mod_seq_no,
3214 { "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
3215 NULL, 0x0, "Sequence number for this modification", HFILL }},
3217 { &hf_lsa_mod_mtime,
3218 { "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
3219 NULL, 0x0, "Time when this modification occured", HFILL }},
3221 { &hf_lsa_cur_mtime,
3222 { "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
3223 NULL, 0x0, "Current MTime to set", HFILL }},
3225 { &hf_lsa_old_mtime,
3226 { "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
3227 NULL, 0x0, "Old MTime for this object", HFILL }},
3230 { "Name", "lsa.name", FT_STRING, BASE_NONE,
3231 NULL, 0x0, "", HFILL }},
3233 { &hf_lsa_flat_name,
3234 { "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
3235 NULL, 0x0, "", HFILL }},
3238 { "Forest", "lsa.forest", FT_STRING, BASE_NONE,
3239 NULL, 0x0, "", HFILL }},
3241 { &hf_lsa_info_type,
3242 { "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
3243 NULL, 0x0, "", HFILL }},
3246 { "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
3247 NULL, 0x0, "New password", HFILL }},
3250 { "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
3251 NULL, 0x0, "Old password", HFILL }},
3254 { "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
3255 VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
3258 { "RID", "lsa.rid", FT_UINT32, BASE_HEX,
3259 NULL, 0x0, "RID", HFILL }},
3261 { &hf_lsa_rid_offset,
3262 { "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
3263 NULL, 0x0, "RID Offset", HFILL }},
3266 { "Index", "lsa.index", FT_UINT32, BASE_DEC,
3267 NULL, 0x0, "", HFILL }},
3269 { &hf_lsa_num_mapped,
3270 { "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
3271 NULL, 0x0, "", HFILL }},
3273 { &hf_lsa_policy_information_class,
3274 { "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
3275 VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
3278 { "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX,
3279 NULL, 0, "", HFILL }},
3281 { &hf_lsa_auth_blob,
3282 { "Auth blob", "lsa.auth.blob", FT_BYTES, BASE_HEX,
3283 NULL, 0, "", HFILL }},
3286 { "High", "nt.luid.high", FT_UINT32, BASE_HEX,
3287 NULL, 0x0, "LUID High component", HFILL }},
3290 { "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
3291 NULL, 0x0, "LUID Low component", HFILL }},
3294 { "Size", "lsa.size", FT_UINT32, BASE_DEC,
3295 NULL, 0x0, "", HFILL }},
3297 { &hf_lsa_privilege_name,
3298 { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
3299 NULL, 0x0, "LSA Privilege Name", HFILL }},
3302 { "Rights", "lsa.rights", FT_STRING, BASE_NONE,
3303 NULL, 0x0, "Account Rights", HFILL }},
3306 { "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
3307 NULL, 0x0, "LSA Attributes", HFILL }},
3309 { &hf_lsa_auth_update,
3310 { "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
3311 NULL, 0x0, "LSA Auth Info update", HFILL }},
3313 { &hf_lsa_resume_handle,
3314 { "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
3315 NULL, 0x0, "Resume Handle", HFILL }},
3317 { &hf_lsa_trust_direction,
3318 { "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
3319 VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
3321 { &hf_lsa_trust_type,
3322 { "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
3323 VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
3325 { &hf_lsa_trust_attr,
3326 { "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
3327 NULL, 0x0, "Trust attributes", HFILL }},
3329 { &hf_lsa_trust_attr_non_trans,
3330 { "Non Transitive", "lsa.trust.attr.non_trans", FT_BOOLEAN, 32,
3331 TFS(&tfs_trust_attr_non_trans), 0x00000001, "Non Transitive trust", HFILL }},
3333 { &hf_lsa_trust_attr_uplevel_only,
3334 { "Upleve only", "lsa.trust.attr.uplevel_only", FT_BOOLEAN, 32,
3335 TFS(&tfs_trust_attr_uplevel_only), 0x00000002, "Uplevel only trust", HFILL }},
3337 { &hf_lsa_trust_attr_tree_parent,
3338 { "Tree Parent", "lsa.trust.attr.tree_parent", FT_BOOLEAN, 32,
3339 TFS(&tfs_trust_attr_tree_parent), 0x00400000, "Tree Parent trust", HFILL }},
3341 { &hf_lsa_trust_attr_tree_root,
3342 { "Tree Root", "lsa.trust.attr.tree_root", FT_BOOLEAN, 32,
3343 TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
3345 { &hf_lsa_auth_type,
3346 { "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
3347 NULL, 0x0, "Auth Info type", HFILL }},
3350 { "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
3351 NULL, 0x0, "Auth Info len", HFILL }},
3356 static gint *ett[] = {
3358 &ett_lsa_OBJECT_ATTRIBUTES,
3359 &ett_LSA_SECURITY_DESCRIPTOR,
3360 &ett_lsa_policy_info,
3361 &ett_lsa_policy_audit_log_info,
3362 &ett_lsa_policy_audit_events_info,
3363 &ett_lsa_policy_primary_domain_info,
3364 &ett_lsa_policy_primary_account_info,
3365 &ett_lsa_policy_server_role_info,
3366 &ett_lsa_policy_replica_source_info,
3367 &ett_lsa_policy_default_quota_info,
3368 &ett_lsa_policy_modification_info,
3369 &ett_lsa_policy_audit_full_set_info,
3370 &ett_lsa_policy_audit_full_query_info,
3371 &ett_lsa_policy_dns_domain_info,
3372 &ett_lsa_translated_names,
3373 &ett_lsa_translated_name,
3374 &ett_lsa_referenced_domain_list,
3375 &ett_lsa_trust_information,
3376 &ett_lsa_trust_information_ex,
3378 &ett_LSA_PRIVILEGES,
3380 &ett_LSA_LUID_AND_ATTRIBUTES_ARRAY,
3381 &ett_LSA_LUID_AND_ATTRIBUTES,
3382 &ett_LSA_TRUSTED_DOMAIN_LIST,
3383 &ett_LSA_TRUSTED_DOMAIN,
3384 &ett_LSA_TRANSLATED_SIDS,
3385 &ett_lsa_trusted_domain_info,
3386 &ett_lsa_trust_attr,
3387 &ett_lsa_trusted_domain_auth_information,
3388 &ett_lsa_auth_information,
3391 proto_dcerpc_lsa = proto_register_protocol(
3392 "Microsoft Local Security Architecture", "LSA", "lsa");
3394 proto_register_field_array (proto_dcerpc_lsa, hf, array_length (hf));
3395 proto_register_subtree_array(ett, array_length(ett));
3398 /* Protocol handoff */
3400 static e_uuid_t uuid_dcerpc_lsa = {
3401 0x12345778, 0x1234, 0xabcd,
3402 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
3405 static guint16 ver_dcerpc_lsa = 0;
3408 proto_reg_handoff_dcerpc_lsa(void)
3410 /* Register protocol as dcerpc */
3412 dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
3413 ver_dcerpc_lsa, dcerpc_lsa_dissectors);