2 * Routines for SMB \PIPE\lsarpc packet disassembly
3 * Copyright 2001,2003 Tim Potter <tpot@samba.org>
4 * 2002 Added LSA command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-lsa.c,v 1.76 2003/04/28 04:44:53 tpot Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
37 #include "packet-dcerpc-lsa.h"
38 #include "packet-smb-common.h"
41 static int proto_dcerpc_lsa = -1;
43 static int hf_lsa_opnum = -1;
44 static int hf_lsa_rc = -1;
45 static int hf_lsa_hnd = -1;
46 static int hf_lsa_server = -1;
47 static int hf_lsa_controller = -1;
48 static int hf_lsa_obj_attr = -1;
49 static int hf_lsa_obj_attr_len = -1;
50 static int hf_lsa_obj_attr_name = -1;
51 static int hf_lsa_access_mask = -1;
52 static int hf_lsa_info_level = -1;
53 static int hf_lsa_trusted_info_level = -1;
54 static int hf_lsa_sd_size = -1;
55 static int hf_lsa_qos_len = -1;
56 static int hf_lsa_qos_impersonation_level = -1;
57 static int hf_lsa_qos_track_context = -1;
58 static int hf_lsa_qos_effective_only = -1;
59 static int hf_lsa_pali_percent_full = -1;
60 static int hf_lsa_pali_log_size = -1;
61 static int hf_lsa_pali_retention_period = -1;
62 static int hf_lsa_pali_time_to_shutdown = -1;
63 static int hf_lsa_pali_shutdown_in_progress = -1;
64 static int hf_lsa_pali_next_audit_record = -1;
65 static int hf_lsa_paei_enabled = -1;
66 static int hf_lsa_paei_settings = -1;
67 static int hf_lsa_count = -1;
68 static int hf_lsa_size = -1;
69 static int hf_lsa_size16 = -1;
70 static int hf_lsa_size_needed = -1;
71 static int hf_lsa_max_count = -1;
72 static int hf_lsa_index = -1;
73 static int hf_lsa_domain = -1;
74 static int hf_lsa_acct = -1;
75 static int hf_lsa_server_role = -1;
76 static int hf_lsa_source = -1;
77 static int hf_lsa_quota_paged_pool = -1;
78 static int hf_lsa_quota_non_paged_pool = -1;
79 static int hf_lsa_quota_min_wss = -1;
80 static int hf_lsa_quota_max_wss = -1;
81 static int hf_lsa_quota_pagefile = -1;
82 static int hf_lsa_mod_seq_no = -1;
83 static int hf_lsa_mod_mtime = -1;
84 static int hf_lsa_cur_mtime = -1;
85 static int hf_lsa_old_mtime = -1;
86 static int hf_lsa_name = -1;
87 static int hf_lsa_key = -1;
88 static int hf_lsa_flat_name = -1;
89 static int hf_lsa_forest = -1;
90 static int hf_lsa_info_type = -1;
91 static int hf_lsa_old_pwd = -1;
92 static int hf_lsa_new_pwd = -1;
93 static int hf_lsa_sid_type = -1;
94 static int hf_lsa_rid = -1;
95 static int hf_lsa_rid_offset = -1;
96 static int hf_lsa_num_mapped = -1;
97 static int hf_lsa_policy_information_class = -1;
98 static int hf_lsa_secret = -1;
99 static int hf_nt_luid_high = -1;
100 static int hf_nt_luid_low = -1;
101 static int hf_lsa_privilege_name = -1;
102 static int hf_lsa_attr = -1;
103 static int hf_lsa_resume_handle = -1;
104 static int hf_lsa_trust_direction = -1;
105 static int hf_lsa_trust_type = -1;
106 static int hf_lsa_trust_attr = -1;
107 static int hf_lsa_trust_attr_non_trans = -1;
108 static int hf_lsa_trust_attr_uplevel_only = -1;
109 static int hf_lsa_trust_attr_tree_parent = -1;
110 static int hf_lsa_trust_attr_tree_root = -1;
111 static int hf_lsa_auth_update = -1;
112 static int hf_lsa_auth_type = -1;
113 static int hf_lsa_auth_len = -1;
114 static int hf_lsa_auth_blob = -1;
115 static int hf_lsa_rights = -1;
116 static int hf_lsa_remove_all = -1;
118 static int hf_lsa_unknown_hyper = -1;
119 static int hf_lsa_unknown_long = -1;
120 static int hf_lsa_unknown_short = -1;
121 static int hf_lsa_unknown_char = -1;
122 static int hf_lsa_unknown_string = -1;
123 #ifdef LSA_UNUSED_HANDLES
124 static int hf_lsa_unknown_time = -1;
128 static gint ett_dcerpc_lsa = -1;
129 static gint ett_lsa_OBJECT_ATTRIBUTES = -1;
130 static gint ett_LSA_SECURITY_DESCRIPTOR = -1;
131 static gint ett_lsa_policy_info = -1;
132 static gint ett_lsa_policy_audit_log_info = -1;
133 static gint ett_lsa_policy_audit_events_info = -1;
134 static gint ett_lsa_policy_primary_domain_info = -1;
135 static gint ett_lsa_policy_primary_account_info = -1;
136 static gint ett_lsa_policy_server_role_info = -1;
137 static gint ett_lsa_policy_replica_source_info = -1;
138 static gint ett_lsa_policy_default_quota_info = -1;
139 static gint ett_lsa_policy_modification_info = -1;
140 static gint ett_lsa_policy_audit_full_set_info = -1;
141 static gint ett_lsa_policy_audit_full_query_info = -1;
142 static gint ett_lsa_policy_dns_domain_info = -1;
143 static gint ett_lsa_translated_names = -1;
144 static gint ett_lsa_translated_name = -1;
145 static gint ett_lsa_referenced_domain_list = -1;
146 static gint ett_lsa_trust_information = -1;
147 static gint ett_lsa_trust_information_ex = -1;
148 static gint ett_LUID = -1;
149 static gint ett_LSA_PRIVILEGES = -1;
150 static gint ett_LSA_PRIVILEGE = -1;
151 static gint ett_LSA_LUID_AND_ATTRIBUTES_ARRAY = -1;
152 static gint ett_LSA_LUID_AND_ATTRIBUTES = -1;
153 static gint ett_LSA_TRUSTED_DOMAIN_LIST = -1;
154 static gint ett_LSA_TRUSTED_DOMAIN = -1;
155 static gint ett_LSA_TRANSLATED_SIDS = -1;
156 static gint ett_lsa_trusted_domain_info = -1;
157 static gint ett_lsa_trust_attr = -1;
158 static gint ett_lsa_trusted_domain_auth_information = -1;
159 static gint ett_lsa_auth_information = -1;
163 lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
164 packet_info *pinfo, proto_tree *tree,
169 di=pinfo->private_data;
170 if(di->conformant_run){
171 /*just a run to handle conformant arrays, nothing to dissect */
175 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
182 lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
183 packet_info *pinfo, proto_tree *tree,
188 di=pinfo->private_data;
189 if(di->conformant_run){
190 /*just a run to handle conformant arrays, nothing to dissect */
194 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
200 lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
201 packet_info *pinfo, proto_tree *tree,
206 di=pinfo->private_data;
207 if(di->conformant_run){
208 /*just a run to handle conformant arrays, nothing to dissect */
212 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
213 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
214 "DOMAIN pointer: ", di->hf_index);
220 lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
221 packet_info *pinfo, proto_tree *tree,
226 di=pinfo->private_data;
227 if(di->conformant_run){
228 /*just a run to handle conformant arrays, nothing to dissect */
232 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
239 lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
240 packet_info *pinfo, proto_tree *tree,
246 di=pinfo->private_data;
247 if(di->conformant_run){
248 /*just a run to handle conformant arrays, nothing to dissect */
252 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
253 hf_lsa_sd_size, &len);
254 proto_tree_add_item(tree, hf_lsa_secret, tvb, offset, len, FALSE);
260 lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
261 packet_info *pinfo, proto_tree *parent_tree,
264 proto_item *item=NULL;
265 proto_tree *tree=NULL;
266 int old_offset=offset;
269 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
271 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
274 /* XXX need to figure this one out */
275 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
276 hf_lsa_sd_size, NULL);
277 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
278 lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
279 "LSA SECRET data:", -1);
281 proto_item_set_len(item, offset-old_offset);
286 lsa_dissect_LSA_SECRET_pointer(tvbuff_t *tvb, int offset,
287 packet_info *pinfo, proto_tree *tree,
290 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
291 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
292 "LSA_SECRET pointer: data", -1);
297 /* Dissect LSA specific access rights */
299 static gint hf_view_local_info = -1;
300 static gint hf_view_audit_info = -1;
301 static gint hf_get_private_info = -1;
302 static gint hf_trust_admin = -1;
303 static gint hf_create_account = -1;
304 static gint hf_create_secret = -1;
305 static gint hf_create_priv = -1;
306 static gint hf_set_default_quota_limits = -1;
307 static gint hf_set_audit_requirements = -1;
308 static gint hf_server_admin = -1;
309 static gint hf_lookup_names = -1;
312 lsa_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree,
315 proto_tree_add_boolean(
316 tree, hf_lookup_names, tvb, offset, 4, access);
318 proto_tree_add_boolean(
319 tree, hf_server_admin, tvb, offset, 4, access);
321 proto_tree_add_boolean(
322 tree, hf_set_audit_requirements, tvb, offset, 4, access);
324 proto_tree_add_boolean(
325 tree, hf_set_default_quota_limits, tvb, offset, 4, access);
327 proto_tree_add_boolean(
328 tree, hf_create_priv, tvb, offset, 4, access);
330 proto_tree_add_boolean(
331 tree, hf_create_secret, tvb, offset, 4, access);
333 proto_tree_add_boolean(
334 tree, hf_create_account, tvb, offset, 4, access);
336 proto_tree_add_boolean(
337 tree, hf_trust_admin, tvb, offset, 4, access);
339 proto_tree_add_boolean(
340 tree, hf_get_private_info, tvb, offset, 4, access);
342 proto_tree_add_boolean(
343 tree, hf_view_audit_info, tvb, offset, 4, access);
345 proto_tree_add_boolean(
346 tree, hf_view_local_info, tvb, offset, 4, access);
349 struct access_mask_info lsa_access_mask_info = {
350 "LSA", /* Name of specific rights */
351 lsa_specific_rights /* Dissection function */
355 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
356 packet_info *pinfo, proto_tree *tree,
362 di=pinfo->private_data;
363 if(di->conformant_run){
364 /*just a run to handle conformant arrays, nothing to dissect */
368 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
369 hf_lsa_sd_size, &len);
372 tvb, offset, pinfo, tree, drep, len, &lsa_access_mask_info);
379 lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
380 packet_info *pinfo, proto_tree *parent_tree,
383 proto_item *item=NULL;
384 proto_tree *tree=NULL;
385 int old_offset=offset;
388 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
389 "LSA_SECURITY_DESCRIPTOR:");
390 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
393 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
394 hf_lsa_sd_size, NULL);
396 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
397 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
398 "LSA SECURITY DESCRIPTOR data:", -1);
400 proto_item_set_len(item, offset-old_offset);
405 lsa_dissect_LPSTR(tvbuff_t *tvb, int offset,
406 packet_info *pinfo, proto_tree *tree, char *drep)
408 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
409 hf_lsa_unknown_char, NULL);
414 static const value_string lsa_impersonation_level_vals[] = {
416 {1, "Identification"},
417 {2, "Impersonation"},
424 lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset,
425 packet_info *pinfo, proto_tree *tree, char *drep)
428 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
429 hf_lsa_qos_len, NULL);
431 /* impersonation level */
432 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
433 hf_lsa_qos_impersonation_level, NULL);
435 /* context tracking mode */
436 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
437 hf_lsa_qos_track_context, NULL);
440 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
441 hf_lsa_qos_effective_only, NULL);
447 lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
448 packet_info *pinfo, proto_tree *tree, char *drep)
450 offset = dissect_nt_access_mask(
451 tvb, offset, pinfo, tree, drep, hf_lsa_access_mask,
452 &lsa_access_mask_info);
458 lsa_dissect_LSA_HANDLE(tvbuff_t *tvb, int offset,
459 packet_info *pinfo, proto_tree *tree, char *drep)
461 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
462 hf_lsa_hnd, NULL, FALSE, FALSE);
468 lsa_dissect_LSA_HANDLE_open(tvbuff_t *tvb, int offset,
469 packet_info *pinfo, proto_tree *tree, char *drep)
471 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
472 hf_lsa_hnd, NULL, TRUE, FALSE);
478 lsa_dissect_LSA_HANDLE_close(tvbuff_t *tvb, int offset,
479 packet_info *pinfo, proto_tree *tree, char *drep)
481 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
482 hf_lsa_hnd, NULL, FALSE, TRUE);
489 lsa_dissect_LSA_OBJECT_ATTRIBUTES(tvbuff_t *tvb, int offset,
490 packet_info *pinfo, proto_tree *parent_tree, char *drep)
492 int old_offset=offset;
493 proto_item *item = NULL;
494 proto_tree *tree = NULL;
497 item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Object Attributes");
498 tree = proto_item_add_subtree(item, ett_lsa_OBJECT_ATTRIBUTES);
502 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
503 hf_lsa_obj_attr_len, NULL);
506 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
507 lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
508 "LSPTR pointer: ", -1);
511 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
512 lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
513 "NAME pointer: ", hf_lsa_obj_attr_name);
516 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
517 hf_lsa_obj_attr, NULL);
519 /* security descriptor */
520 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
521 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
522 "LSA_SECURITY_DESCRIPTOR pointer: ", -1);
524 /* security quality of service */
525 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
526 lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
527 "LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1);
529 proto_item_set_len(item, offset-old_offset);
534 lsa_dissect_lsaclose_rqst(tvbuff_t *tvb, int offset,
535 packet_info *pinfo, proto_tree *tree, char *drep)
537 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
538 lsa_dissect_LSA_HANDLE_close, NDR_POINTER_REF,
545 lsa_dissect_lsaclose_reply(tvbuff_t *tvb, int offset,
546 packet_info *pinfo, proto_tree *tree, char *drep)
548 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
549 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
552 offset = dissect_ntstatus(
553 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
558 /* A bug in the NT IDL for lsa openpolicy only stores the first (wide)
559 character of the server name which is always '\'. This is fixed in lsa
560 openpolicy2 but the function remains for backwards compatibility. */
562 static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
564 proto_tree *tree, char *drep)
566 return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
567 hf_lsa_server, NULL);
571 lsa_dissect_lsaopenpolicy_rqst(tvbuff_t *tvb, int offset,
572 packet_info *pinfo, proto_tree *tree, char *drep)
574 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
575 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
576 "Server:", hf_lsa_server);
578 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
579 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
580 "OBJECT_ATTRIBUTES", -1);
582 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
588 lsa_dissect_lsaopenpolicy_reply(tvbuff_t *tvb, int offset,
589 packet_info *pinfo, proto_tree *tree, char *drep)
591 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
592 lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
595 offset = dissect_ntstatus(
596 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
602 lsa_dissect_lsaopenpolicy2_rqst(tvbuff_t *tvb, int offset,
603 packet_info *pinfo, proto_tree *tree, char *drep)
605 offset = dissect_ndr_pointer_cb(tvb, offset, pinfo, tree, drep,
606 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Server",
607 hf_lsa_server, cb_wstr_postprocess,
608 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
610 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
611 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
612 "OBJECT_ATTRIBUTES", -1);
614 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
621 lsa_dissect_lsaopenpolicy2_reply(tvbuff_t *tvb, int offset,
622 packet_info *pinfo, proto_tree *tree, char *drep)
624 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
625 lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
628 offset = dissect_ntstatus(
629 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
634 static const value_string policy_information_class_vals[] = {
635 {1, "Audit Log Information"},
636 {2, "Audit Events Information"},
637 {3, "Primary Domain Information"},
638 {4, "Pd Account Information"},
639 {5, "Account Domain Information"},
640 {6, "Server Role Information"},
641 {7, "Replica Source Information"},
642 {8, "Default Quota Information"},
643 {9, "Modification Information"},
644 {10, "Audit Full Set Information"},
645 {11, "Audit Full Query Information"},
646 {12, "DNS Domain Information"},
651 lsa_dissect_lsaqueryinformationpolicy_rqst(tvbuff_t *tvb, int offset,
652 packet_info *pinfo, proto_tree *tree, char *drep)
656 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
657 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
660 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
661 hf_lsa_policy_information_class, &level);
663 if (check_col(pinfo->cinfo, COL_INFO))
665 pinfo->cinfo, COL_INFO, ", %s",
666 val_to_str(level, policy_information_class_vals,
673 lsa_dissect_POLICY_AUDIT_LOG_INFO(tvbuff_t *tvb, int offset,
674 packet_info *pinfo, proto_tree *parent_tree, char *drep)
676 proto_item *item=NULL;
677 proto_tree *tree=NULL;
678 int old_offset=offset;
681 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
682 "POLICY_AUDIT_LOG_INFO:");
683 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_log_info);
687 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
688 hf_lsa_pali_percent_full, NULL);
691 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
692 hf_lsa_pali_log_size, NULL);
694 /* retention period */
695 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
696 hf_lsa_pali_retention_period);
698 /* shutdown in progress */
699 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
700 hf_lsa_pali_shutdown_in_progress, NULL);
702 /* time to shutdown */
703 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
704 hf_lsa_pali_time_to_shutdown);
706 /* next audit record */
707 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
708 hf_lsa_pali_next_audit_record, NULL);
710 proto_item_set_len(item, offset-old_offset);
715 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings(tvbuff_t *tvb, int offset,
716 packet_info *pinfo, proto_tree *tree, char *drep)
718 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
719 hf_lsa_paei_settings, NULL);
724 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array(tvbuff_t *tvb, int offset,
725 packet_info *pinfo, proto_tree *tree, char *drep)
727 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
728 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings);
734 lsa_dissect_POLICY_AUDIT_EVENTS_INFO(tvbuff_t *tvb, int offset,
735 packet_info *pinfo, proto_tree *parent_tree, char *drep)
737 proto_item *item=NULL;
738 proto_tree *tree=NULL;
739 int old_offset=offset;
742 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
743 "POLICY_AUDIT_EVENTS_INFO:");
744 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_events_info);
748 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
749 hf_lsa_paei_enabled, NULL);
752 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
753 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array, NDR_POINTER_UNIQUE,
757 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
760 proto_item_set_len(item, offset-old_offset);
766 lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(tvbuff_t *tvb, int offset,
767 packet_info *pinfo, proto_tree *parent_tree, char *drep)
769 proto_item *item=NULL;
770 proto_tree *tree=NULL;
771 int old_offset=offset;
774 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
775 "POLICY_PRIMARY_DOMAIN_INFO:");
776 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_domain_info);
780 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
784 offset = dissect_ndr_nt_PSID(tvb, offset,
787 proto_item_set_len(item, offset-old_offset);
793 lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(tvbuff_t *tvb, int offset,
794 packet_info *pinfo, proto_tree *parent_tree, char *drep)
796 proto_item *item=NULL;
797 proto_tree *tree=NULL;
798 int old_offset=offset;
801 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
802 "POLICY_ACCOUNT_DOMAIN_INFO:");
803 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_account_info);
807 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
811 offset = dissect_ndr_nt_PSID(tvb, offset,
814 proto_item_set_len(item, offset-old_offset);
819 static const value_string server_role_vals[] = {
821 {1, "Domain Member"},
827 lsa_dissect_POLICY_SERVER_ROLE_INFO(tvbuff_t *tvb, int offset,
828 packet_info *pinfo, proto_tree *parent_tree, char *drep)
830 proto_item *item=NULL;
831 proto_tree *tree=NULL;
832 int old_offset=offset;
835 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
836 "POLICY_SERVER_ROLE_INFO:");
837 tree = proto_item_add_subtree(item, ett_lsa_policy_server_role_info);
841 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
842 hf_lsa_server_role, NULL);
844 proto_item_set_len(item, offset-old_offset);
849 lsa_dissect_POLICY_REPLICA_SOURCE_INFO(tvbuff_t *tvb, int offset,
850 packet_info *pinfo, proto_tree *parent_tree, char *drep)
852 proto_item *item=NULL;
853 proto_tree *tree=NULL;
854 int old_offset=offset;
857 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
858 "POLICY_REPLICA_SOURCE_INFO:");
859 tree = proto_item_add_subtree(item, ett_lsa_policy_replica_source_info);
863 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
867 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
870 proto_item_set_len(item, offset-old_offset);
876 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(tvbuff_t *tvb, int offset,
877 packet_info *pinfo, proto_tree *parent_tree, char *drep)
879 proto_item *item=NULL;
880 proto_tree *tree=NULL;
881 int old_offset=offset;
884 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
885 "POLICY_DEFAULT_QUOTA_INFO:");
886 tree = proto_item_add_subtree(item, ett_lsa_policy_default_quota_info);
890 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
891 hf_lsa_quota_paged_pool, NULL);
894 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
895 hf_lsa_quota_non_paged_pool, NULL);
898 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
899 hf_lsa_quota_min_wss, NULL);
902 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
903 hf_lsa_quota_max_wss, NULL);
906 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
907 hf_lsa_quota_pagefile, NULL);
910 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
911 hf_lsa_unknown_hyper, NULL);
913 proto_item_set_len(item, offset-old_offset);
919 lsa_dissect_POLICY_MODIFICATION_INFO(tvbuff_t *tvb, int offset,
920 packet_info *pinfo, proto_tree *parent_tree, char *drep)
922 proto_item *item=NULL;
923 proto_tree *tree=NULL;
924 int old_offset=offset;
927 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
928 "POLICY_MODIFICATION_INFO:");
929 tree = proto_item_add_subtree(item, ett_lsa_policy_modification_info);
933 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
934 hf_lsa_mod_seq_no, NULL);
937 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
940 proto_item_set_len(item, offset-old_offset);
946 lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(tvbuff_t *tvb, int offset,
947 packet_info *pinfo, proto_tree *parent_tree, char *drep)
949 proto_item *item=NULL;
950 proto_tree *tree=NULL;
951 int old_offset=offset;
954 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
955 "POLICY_AUDIT_FULL_SET_INFO:");
956 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_set_info);
960 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
961 hf_lsa_unknown_char, NULL);
963 proto_item_set_len(item, offset-old_offset);
969 lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(tvbuff_t *tvb, int offset,
970 packet_info *pinfo, proto_tree *parent_tree, char *drep)
972 proto_item *item=NULL;
973 proto_tree *tree=NULL;
974 int old_offset=offset;
977 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
978 "POLICY_AUDIT_FULL_QUERY_INFO:");
979 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_query_info);
983 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
984 hf_lsa_unknown_char, NULL);
987 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
988 hf_lsa_unknown_char, NULL);
990 proto_item_set_len(item, offset-old_offset);
996 lsa_dissect_POLICY_DNS_DOMAIN_INFO(tvbuff_t *tvb, int offset,
997 packet_info *pinfo, proto_tree *parent_tree, char *drep)
999 proto_item *item=NULL;
1000 proto_tree *tree=NULL;
1001 int old_offset=offset;
1004 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1005 "POLICY_DNS_DOMAIN_INFO:");
1006 tree = proto_item_add_subtree(item, ett_lsa_policy_dns_domain_info);
1010 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1014 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1018 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1022 offset = dissect_nt_GUID(tvb, offset,
1026 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
1028 proto_item_set_len(item, offset-old_offset);
1033 lsa_dissect_POLICY_INFORMATION(tvbuff_t *tvb, int offset,
1034 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1036 proto_item *item=NULL;
1037 proto_tree *tree=NULL;
1038 int old_offset=offset;
1042 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1044 tree = proto_item_add_subtree(item, ett_lsa_policy_info);
1047 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1048 hf_lsa_info_level, &level);
1050 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
1053 offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
1054 tvb, offset, pinfo, tree, drep);
1057 offset = lsa_dissect_POLICY_AUDIT_EVENTS_INFO(
1058 tvb, offset, pinfo, tree, drep);
1061 offset = lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(
1062 tvb, offset, pinfo, tree, drep);
1065 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1066 tree, drep, hf_lsa_acct, 0);
1069 offset = lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(
1070 tvb, offset, pinfo, tree, drep);
1073 offset = lsa_dissect_POLICY_SERVER_ROLE_INFO(
1074 tvb, offset, pinfo, tree, drep);
1077 offset = lsa_dissect_POLICY_REPLICA_SOURCE_INFO(
1078 tvb, offset, pinfo, tree, drep);
1081 offset = lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(
1082 tvb, offset, pinfo, tree, drep);
1085 offset = lsa_dissect_POLICY_MODIFICATION_INFO(
1086 tvb, offset, pinfo, tree, drep);
1089 offset = lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(
1090 tvb, offset, pinfo, tree, drep);
1093 offset = lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(
1094 tvb, offset, pinfo, tree, drep);
1097 offset = lsa_dissect_POLICY_DNS_DOMAIN_INFO(
1098 tvb, offset, pinfo, tree, drep);
1102 proto_item_set_len(item, offset-old_offset);
1107 lsa_dissect_lsaqueryinformationpolicy_reply(tvbuff_t *tvb, int offset,
1108 packet_info *pinfo, proto_tree *tree, char *drep)
1110 /* This is really a pointer to a pointer though the first level is REF
1111 so we just ignore that one */
1112 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1113 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
1114 "POLICY_INFORMATION pointer: info", -1);
1116 offset = dissect_ntstatus(
1117 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1123 lsa_dissect_lsadelete_rqst(tvbuff_t *tvb, int offset,
1124 packet_info *pinfo, proto_tree *tree, char *drep)
1126 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1127 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
1134 lsa_dissect_lsadelete_reply(tvbuff_t *tvb, int offset,
1135 packet_info *pinfo, proto_tree *tree, char *drep)
1137 offset = dissect_ntstatus(
1138 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1145 lsa_dissect_lsaquerysecurityobject_rqst(tvbuff_t *tvb, int offset,
1146 packet_info *pinfo, proto_tree *tree, char *drep)
1148 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1151 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1152 hf_lsa_info_type, NULL);
1159 lsa_dissect_lsaquerysecurityobject_reply(tvbuff_t *tvb, int offset,
1160 packet_info *pinfo, proto_tree *tree, char *drep)
1162 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1163 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
1164 "LSA_SECURITY_DESCRIPTOR pointer: sec_info", -1);
1166 offset = dissect_ntstatus(
1167 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1174 lsa_dissect_lsasetsecurityobject_rqst(tvbuff_t *tvb, int offset,
1175 packet_info *pinfo, proto_tree *tree, char *drep)
1177 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1180 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1181 hf_lsa_info_type, NULL);
1183 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1184 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
1185 "LSA_SECURITY_DESCRIPTOR: sec_info", -1);
1191 lsa_dissect_lsasetsecurityobject_reply(tvbuff_t *tvb, int offset,
1192 packet_info *pinfo, proto_tree *tree, char *drep)
1194 offset = dissect_ntstatus(
1195 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1202 lsa_dissect_lsachangepassword_rqst(tvbuff_t *tvb, int offset,
1203 packet_info *pinfo, proto_tree *tree, char *drep)
1206 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1210 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1214 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1218 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1222 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1229 lsa_dissect_lsachangepassword_reply(tvbuff_t *tvb, int offset,
1230 packet_info *pinfo, proto_tree *tree, char *drep)
1232 offset = dissect_ntstatus(
1233 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1238 static const value_string sid_type_vals[] = {
1243 {5, "Well Known Group"},
1244 {6, "Deleted Account"},
1251 lsa_dissect_LSA_TRANSLATED_NAME(tvbuff_t *tvb, int offset,
1252 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1254 proto_item *item=NULL;
1255 proto_tree *tree=NULL;
1256 int old_offset=offset;
1259 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1260 "LSA_TRANSLATED_NAME:");
1261 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
1265 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1266 hf_lsa_sid_type, NULL);
1269 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1273 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1274 hf_lsa_index, NULL);
1276 proto_item_set_len(item, offset-old_offset);
1281 lsa_dissect_LSA_TRANSLATED_NAME_array(tvbuff_t *tvb, int offset,
1282 packet_info *pinfo, proto_tree *tree, char *drep)
1284 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1285 lsa_dissect_LSA_TRANSLATED_NAME);
1291 lsa_dissect_LSA_TRANSLATED_NAMES(tvbuff_t *tvb, int offset,
1292 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1294 proto_item *item=NULL;
1295 proto_tree *tree=NULL;
1296 int old_offset=offset;
1299 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1300 "LSA_TRANSLATED_NAMES:");
1301 tree = proto_item_add_subtree(item, ett_lsa_translated_names);
1305 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1306 hf_lsa_count, NULL);
1309 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1310 lsa_dissect_LSA_TRANSLATED_NAME_array, NDR_POINTER_UNIQUE,
1311 "TRANSLATED_NAME_ARRAY", -1);
1313 proto_item_set_len(item, offset-old_offset);
1319 lsa_dissect_lsalookupsids_rqst(tvbuff_t *tvb, int offset,
1320 packet_info *pinfo, proto_tree *tree, char *drep)
1322 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1325 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1326 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
1329 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1330 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1331 "LSA_TRANSLATED_NAMES pointer: names", -1);
1333 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1334 hf_lsa_info_level, NULL);
1336 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1337 hf_lsa_num_mapped, NULL);
1343 lsa_dissect_LSA_TRUST_INFORMATION(tvbuff_t *tvb, int offset,
1344 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1346 proto_item *item=NULL;
1347 proto_tree *tree=NULL;
1348 int old_offset=offset;
1351 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1352 "TRUST INFORMATION:");
1353 tree = proto_item_add_subtree(item, ett_lsa_trust_information);
1357 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1361 offset = dissect_ndr_nt_PSID(tvb, offset,
1364 proto_item_set_len(item, offset-old_offset);
1368 static const value_string trusted_direction_vals[] = {
1369 {0, "Trust disabled"},
1370 {1, "Inbound trust"},
1371 {2, "Outbound trust"},
1375 static const value_string trusted_type_vals[] = {
1383 static const true_false_string tfs_trust_attr_non_trans = {
1384 "NON TRANSITIVE is set",
1385 "Non transitive is NOT set"
1387 static const true_false_string tfs_trust_attr_uplevel_only = {
1388 "UPLEVEL ONLY is set",
1389 "Uplevel only is NOT set"
1391 static const true_false_string tfs_trust_attr_tree_parent = {
1392 "TREE PARENT is set",
1393 "Tree parent is NOT set"
1395 static const true_false_string tfs_trust_attr_tree_root = {
1397 "Tree root is NOT set"
1400 lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
1401 proto_tree *parent_tree, char *drep)
1404 proto_item *item = NULL;
1405 proto_tree *tree = NULL;
1407 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
1408 hf_lsa_trust_attr, &mask);
1411 item = proto_tree_add_uint(parent_tree, hf_lsa_trust_attr,
1412 tvb, offset-4, 4, mask);
1413 tree = proto_item_add_subtree(item, ett_lsa_trust_attr);
1416 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_root,
1417 tvb, offset-4, 4, mask);
1418 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_parent,
1419 tvb, offset-4, 4, mask);
1420 proto_tree_add_boolean(tree, hf_lsa_trust_attr_uplevel_only,
1421 tvb, offset-4, 4, mask);
1422 proto_tree_add_boolean(tree, hf_lsa_trust_attr_non_trans,
1423 tvb, offset-4, 4, mask);
1429 lsa_dissect_LSA_TRUST_INFORMATION_EX(tvbuff_t *tvb, int offset,
1430 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1432 proto_item *item=NULL;
1433 proto_tree *tree=NULL;
1434 int old_offset=offset;
1437 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1438 "TRUST INFORMATION EX:");
1439 tree = proto_item_add_subtree(item, ett_lsa_trust_information_ex);
1443 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1447 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1448 hf_lsa_flat_name, 0);
1451 offset = dissect_ndr_nt_PSID(tvb, offset,
1455 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1456 hf_lsa_trust_direction, NULL);
1459 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1460 hf_lsa_trust_type, NULL);
1463 offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
1465 proto_item_set_len(item, offset-old_offset);
1470 lsa_dissect_auth_info_blob(tvbuff_t *tvb, int offset,
1471 packet_info *pinfo, proto_tree *tree, char *drep)
1476 di=pinfo->private_data;
1477 if(di->conformant_run){
1478 /*just a run to handle conformant arrays, nothing to dissect */
1483 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1484 hf_lsa_auth_len, &len);
1486 proto_tree_add_item(tree, hf_lsa_auth_blob, tvb, offset, len, FALSE);
1493 lsa_dissect_auth_info(tvbuff_t *tvb, int offset,
1494 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1496 proto_item *item=NULL;
1497 proto_tree *tree=NULL;
1498 int old_offset=offset;
1501 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1502 "AUTH INFORMATION:");
1503 tree = proto_item_add_subtree(item, ett_lsa_auth_information);
1507 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1508 hf_lsa_auth_update, NULL);
1511 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1512 hf_lsa_auth_type, NULL);
1515 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1516 hf_lsa_auth_len, NULL);
1518 /* auth info blob */
1519 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1520 lsa_dissect_auth_info_blob, NDR_POINTER_UNIQUE,
1521 "AUTH INFO blob:", -1);
1523 proto_item_set_len(item, offset-old_offset);
1528 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvbuff_t *tvb, int offset,
1529 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1531 proto_item *item=NULL;
1532 proto_tree *tree=NULL;
1533 int old_offset=offset;
1536 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1537 "TRUSTED DOMAIN AUTH INFORMATION:");
1538 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_auth_information);
1542 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1543 hf_lsa_unknown_long, NULL);
1546 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1549 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1552 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1553 hf_lsa_unknown_long, NULL);
1556 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1559 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1561 proto_item_set_len(item, offset-old_offset);
1567 lsa_dissect_LSA_TRUST_INFORMATION_array(tvbuff_t *tvb, int offset,
1568 packet_info *pinfo, proto_tree *tree, char *drep)
1570 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1571 lsa_dissect_LSA_TRUST_INFORMATION);
1577 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
1578 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1580 proto_item *item=NULL;
1581 proto_tree *tree=NULL;
1582 int old_offset=offset;
1585 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1586 "LSA_REFERENCED_DOMAIN_LIST:");
1587 tree = proto_item_add_subtree(item, ett_lsa_referenced_domain_list);
1591 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1592 hf_lsa_count, NULL);
1594 /* trust information */
1595 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1596 lsa_dissect_LSA_TRUST_INFORMATION_array, NDR_POINTER_UNIQUE,
1597 "TRUST INFORMATION array:", -1);
1600 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1601 hf_lsa_max_count, NULL);
1603 proto_item_set_len(item, offset-old_offset);
1608 lsa_dissect_lsalookupsids_reply(tvbuff_t *tvb, int offset,
1609 packet_info *pinfo, proto_tree *tree, char *drep)
1611 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1612 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
1613 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
1615 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1616 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1617 "LSA_TRANSLATED_NAMES pointer: names", -1);
1619 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1620 hf_lsa_num_mapped, NULL);
1622 offset = dissect_ntstatus(
1623 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1630 lsa_dissect_lsasetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1631 packet_info *pinfo, proto_tree *tree, char *drep)
1633 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1636 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1637 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1638 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1645 lsa_dissect_lsasetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1646 packet_info *pinfo, proto_tree *tree, char *drep)
1648 offset = dissect_ntstatus(
1649 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1656 lsa_dissect_lsagetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1657 packet_info *pinfo, proto_tree *tree, char *drep)
1659 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1667 lsa_dissect_lsagetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1668 packet_info *pinfo, proto_tree *tree, char *drep)
1670 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1671 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1672 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1674 offset = dissect_ntstatus(
1675 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1682 lsa_dissect_lsasetinformationpolicy_rqst(tvbuff_t *tvb, int offset,
1683 packet_info *pinfo, proto_tree *tree, char *drep)
1685 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1688 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1689 hf_lsa_policy_information_class, NULL);
1691 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1692 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
1693 "POLICY_INFORMATION pointer: info", -1);
1700 lsa_dissect_lsasetinformationpolicy_reply(tvbuff_t *tvb, int offset,
1701 packet_info *pinfo, proto_tree *tree, char *drep)
1703 offset = dissect_ntstatus(
1704 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1711 lsa_dissect_lsaclearauditlog_rqst(tvbuff_t *tvb, int offset,
1712 packet_info *pinfo, proto_tree *tree, char *drep)
1714 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1717 offset = dissect_ndr_nt_SID(tvb, offset,
1721 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1722 hf_lsa_unknown_long, NULL);
1729 lsa_dissect_lsaclearauditlog_reply(tvbuff_t *tvb, int offset,
1730 packet_info *pinfo, proto_tree *tree, char *drep)
1732 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1735 offset = dissect_ntstatus(
1736 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1742 lsa_dissect_lsagetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1743 packet_info *pinfo, proto_tree *tree, char *drep)
1745 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1753 lsa_dissect_lsagetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1754 packet_info *pinfo, proto_tree *tree, char *drep)
1756 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1759 offset = dissect_ntstatus(
1760 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1767 lsa_dissect_lsasetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1768 packet_info *pinfo, proto_tree *tree, char *drep)
1770 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1773 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1781 lsa_dissect_lsasetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1782 packet_info *pinfo, proto_tree *tree, char *drep)
1784 offset = dissect_ntstatus(
1785 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1792 lsa_dissect_lsaopentrusteddomain_rqst(tvbuff_t *tvb, int offset,
1793 packet_info *pinfo, proto_tree *tree, char *drep)
1795 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1798 offset = dissect_ndr_nt_SID(tvb, offset,
1801 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
1809 lsa_dissect_lsaopentrusteddomain_reply(tvbuff_t *tvb, int offset,
1810 packet_info *pinfo, proto_tree *tree, char *drep)
1812 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1815 offset = dissect_ntstatus(
1816 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1823 lsa_dissect_lsadeletetrusteddomain_rqst(tvbuff_t *tvb, int offset,
1824 packet_info *pinfo, proto_tree *tree, char *drep)
1826 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1829 offset = dissect_ndr_nt_SID(tvb, offset,
1837 lsa_dissect_lsadeletetrusteddomain_reply(tvbuff_t *tvb, int offset,
1838 packet_info *pinfo, proto_tree *tree, char *drep)
1840 offset = dissect_ntstatus(
1841 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1847 dissect_nt_LUID(tvbuff_t *tvb, int offset,
1848 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1850 proto_item *item=NULL;
1851 proto_tree *tree=NULL;
1852 int old_offset=offset;
1855 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1857 tree = proto_item_add_subtree(item, ett_LUID);
1860 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1861 hf_nt_luid_low, NULL);
1863 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1864 hf_nt_luid_high, NULL);
1866 proto_item_set_len(item, offset-old_offset);
1871 lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset,
1872 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1874 proto_item *item=NULL;
1875 proto_tree *tree=NULL;
1876 int old_offset=offset;
1879 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1881 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
1884 /* privilege name */
1885 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1886 hf_lsa_privilege_name, 0);
1889 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1891 proto_item_set_len(item, offset-old_offset);
1896 lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset,
1897 packet_info *pinfo, proto_tree *tree, char *drep)
1899 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1900 lsa_dissect_LSA_PRIVILEGE);
1906 lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset,
1907 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1909 proto_item *item=NULL;
1910 proto_tree *tree=NULL;
1911 int old_offset=offset;
1914 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1916 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES);
1919 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1920 hf_lsa_count, NULL);
1923 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1924 lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE,
1925 "LSA_PRIVILEGE array:", -1);
1927 proto_item_set_len(item, offset-old_offset);
1932 lsa_dissect_lsaenumerateprivileges_rqst(tvbuff_t *tvb, int offset,
1933 packet_info *pinfo, proto_tree *tree, char *drep)
1935 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1938 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1939 hf_lsa_count, NULL);
1941 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1948 lsa_dissect_lsaenumerateprivileges_reply(tvbuff_t *tvb, int offset,
1949 packet_info *pinfo, proto_tree *tree, char *drep)
1951 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1952 hf_lsa_count, NULL);
1954 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1955 lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF,
1956 "LSA_PRIVILEGES pointer: privs", -1);
1958 offset = dissect_ntstatus(
1959 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1965 lsa_dissect_lsalookupprivilegevalue_rqst(tvbuff_t *tvb, int offset,
1966 packet_info *pinfo, proto_tree *tree, char *drep)
1968 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1971 /* privilege name */
1972 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1973 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1974 "NAME pointer: ", hf_lsa_privilege_name);
1981 lsa_dissect_lsalookupprivilegevalue_reply(tvbuff_t *tvb, int offset,
1982 packet_info *pinfo, proto_tree *tree, char *drep)
1986 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1988 offset = dissect_ntstatus(
1989 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1996 lsa_dissect_lsalookupprivilegename_rqst(tvbuff_t *tvb, int offset,
1997 packet_info *pinfo, proto_tree *tree, char *drep)
1999 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2003 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2004 dissect_nt_LUID, NDR_POINTER_REF,
2005 "LUID pointer: value", -1);
2012 lsa_dissect_lsalookupprivilegename_reply(tvbuff_t *tvb, int offset,
2013 packet_info *pinfo, proto_tree *tree, char *drep)
2015 /* [out, ref] LSA_UNICODE_STRING **name */
2016 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2017 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2018 "PRIVILEGE NAME pointer:", hf_lsa_privilege_name);
2020 offset = dissect_ntstatus(
2021 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2028 lsa_dissect_lsaenumerateprivilegesaccount_rqst(tvbuff_t *tvb, int offset,
2029 packet_info *pinfo, proto_tree *tree, char *drep)
2031 /* [in] LSA_HANDLE hnd */
2032 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2040 lsa_dissect_LUID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
2041 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2043 proto_item *item=NULL;
2044 proto_tree *tree=NULL;
2045 int old_offset=offset;
2048 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2049 "LUID_AND_ATTRIBUTES:");
2050 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES);
2054 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
2057 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2060 proto_item_set_len(item, offset-old_offset);
2065 lsa_dissect_LUID_AND_ATTRIBUTES_array(tvbuff_t *tvb, int offset,
2066 packet_info *pinfo, proto_tree *tree, char *drep)
2068 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2069 lsa_dissect_LUID_AND_ATTRIBUTES);
2075 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2076 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2078 proto_item *item=NULL;
2079 proto_tree *tree=NULL;
2080 int old_offset=offset;
2083 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2084 "LUID_AND_ATTRIBUTES_ARRAY:");
2085 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES_ARRAY);
2088 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2089 hf_lsa_count, NULL);
2091 /* luid and attributes */
2092 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2093 lsa_dissect_LUID_AND_ATTRIBUTES_array, NDR_POINTER_UNIQUE,
2094 "LUID_AND_ATTRIBUTES array:", -1);
2096 proto_item_set_len(item, offset-old_offset);
2101 lsa_dissect_lsaenumerateprivilegesaccount_reply(tvbuff_t *tvb, int offset,
2102 packet_info *pinfo, proto_tree *tree, char *drep)
2104 /* [out, ref] LUID_AND_ATTRIBUTES_ARRAY * *privs */
2105 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2106 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2107 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2109 offset = dissect_ntstatus(
2110 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2116 lsa_dissect_lsaaddprivilegestoaccount_rqst(tvbuff_t *tvb, int offset,
2117 packet_info *pinfo, proto_tree *tree, char *drep)
2119 /* [in] LSA_HANDLE hnd */
2120 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2123 /* [in, ref] LUID_AND_ATTRIBUTES_ARRAY *privs */
2124 offset = lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvb, offset,
2132 lsa_dissect_lsaaddprivilegestoaccount_reply(tvbuff_t *tvb, int offset,
2133 packet_info *pinfo, proto_tree *tree, char *drep)
2135 offset = dissect_ntstatus(
2136 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2142 lsa_dissect_lsaremoveprivilegesfromaccount_rqst(tvbuff_t *tvb, int offset,
2143 packet_info *pinfo, proto_tree *tree, char *drep)
2145 /* [in] LSA_HANDLE hnd */
2146 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2149 /* [in] char unknown */
2150 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2151 hf_lsa_unknown_char, NULL);
2153 /* [in, unique] LUID_AND_ATTRIBUTES_ARRAY *privs */
2154 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2155 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2156 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2163 lsa_dissect_lsaremoveprivilegesfromaccount_reply(tvbuff_t *tvb, int offset,
2164 packet_info *pinfo, proto_tree *tree, char *drep)
2166 offset = dissect_ntstatus(
2167 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2173 lsa_dissect_lsaenumerateaccounts_rqst(tvbuff_t *tvb, int offset,
2174 packet_info *pinfo, proto_tree *tree, char *drep)
2176 /* [in] LSA_HANDLE hnd */
2177 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2180 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2181 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2182 hf_lsa_resume_handle, NULL);
2184 /* [in] ULONG pref_maxlen */
2185 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2186 hf_lsa_max_count, NULL);
2192 lsa_dissect_lsaenumerateaccounts_reply(tvbuff_t *tvb, int offset,
2193 packet_info *pinfo, proto_tree *tree, char *drep)
2195 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2196 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2197 hf_lsa_resume_handle, NULL);
2199 /* [out, ref] PSID_ARRAY **accounts */
2200 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2201 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2204 offset = dissect_ntstatus(
2205 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2211 lsa_dissect_lsacreatetrusteddomain_rqst(tvbuff_t *tvb, int offset,
2212 packet_info *pinfo, proto_tree *tree, char *drep)
2214 /* [in] LSA_HANDLE hnd_pol */
2215 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2218 /* [in, ref] LSA_TRUST_INFORMATION *domain */
2219 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2220 lsa_dissect_LSA_TRUST_INFORMATION, NDR_POINTER_REF,
2221 "LSA_TRUST_INFORMATION pointer: domain", -1);
2223 /* [in] ACCESS_MASK access */
2224 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2231 lsa_dissect_lsacreatetrusteddomain_reply(tvbuff_t *tvb, int offset,
2232 packet_info *pinfo, proto_tree *tree, char *drep)
2234 /* [out] LSA_HANDLE *hnd */
2235 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2238 offset = dissect_ntstatus(
2239 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2245 lsa_dissect_lsaenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
2246 packet_info *pinfo, proto_tree *tree, char *drep)
2248 /* [in] LSA_HANDLE hnd */
2249 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2252 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2253 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2254 hf_lsa_resume_handle, NULL);
2256 /* [in] ULONG pref_maxlen */
2257 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2258 hf_lsa_max_count, NULL);
2264 lsa_dissect_LSA_TRUSTED_DOMAIN(tvbuff_t *tvb, int offset,
2265 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2267 proto_item *item=NULL;
2268 proto_tree *tree=NULL;
2269 int old_offset=offset;
2272 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2274 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN);
2278 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2282 offset = dissect_ndr_nt_PSID(tvb, offset,
2285 proto_item_set_len(item, offset-old_offset);
2290 lsa_dissect_LSA_TRUSTED_DOMAIN_array(tvbuff_t *tvb, int offset,
2291 packet_info *pinfo, proto_tree *tree, char *drep)
2293 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2294 lsa_dissect_LSA_TRUSTED_DOMAIN);
2300 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
2301 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2303 proto_item *item=NULL;
2304 proto_tree *tree=NULL;
2305 int old_offset=offset;
2308 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2309 "TRUSTED_DOMAIN_LIST:");
2310 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN_LIST);
2313 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2314 hf_lsa_count, NULL);
2317 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2318 lsa_dissect_LSA_TRUSTED_DOMAIN_array, NDR_POINTER_UNIQUE,
2319 "TRUSTED_DOMAIN array:", -1);
2321 proto_item_set_len(item, offset-old_offset);
2326 lsa_dissect_lsaenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
2327 packet_info *pinfo, proto_tree *tree, char *drep)
2329 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2330 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2331 hf_lsa_resume_handle, NULL);
2333 /* [out, ref] LSA_REFERENCED_DOMAIN_LIST *domains */
2334 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2335 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST, NDR_POINTER_REF,
2336 "LSA_TRUSTED_DOMAIN_LIST pointer: domains", -1);
2338 offset = dissect_ntstatus(
2339 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2346 lsa_dissect_LSA_UNICODE_STRING_item(tvbuff_t *tvb, int offset,
2347 packet_info *pinfo, proto_tree *tree, char *drep)
2351 di=pinfo->private_data;
2352 if(di->conformant_run){
2353 /*just a run to handle conformant arrays, nothing to dissect */
2357 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2364 lsa_dissect_LSA_UNICODE_STRING_array(tvbuff_t *tvb, int offset,
2365 packet_info *pinfo, proto_tree *tree, char *drep)
2367 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2368 lsa_dissect_LSA_UNICODE_STRING_item);
2374 lsa_dissect_LSA_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
2375 packet_info *pinfo, proto_tree *tree, char *drep)
2379 di=pinfo->private_data;
2381 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2382 hf_lsa_count, NULL);
2383 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2384 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2385 "UNICODE_STRING pointer: ", di->hf_index);
2391 lsa_dissect_LSA_TRANSLATED_SID(tvbuff_t *tvb, int offset,
2392 packet_info *pinfo, proto_tree *tree, char *drep)
2395 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2396 hf_lsa_sid_type, NULL);
2398 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2401 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2402 hf_lsa_index, NULL);
2408 lsa_dissect_LSA_TRANSLATED_SIDS_array(tvbuff_t *tvb, int offset,
2409 packet_info *pinfo, proto_tree *tree, char *drep)
2411 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2412 lsa_dissect_LSA_TRANSLATED_SID);
2418 lsa_dissect_LSA_TRANSLATED_SIDS(tvbuff_t *tvb, int offset,
2419 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2421 proto_item *item=NULL;
2422 proto_tree *tree=NULL;
2423 int old_offset=offset;
2426 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2427 "LSA_TRANSLATED_SIDS:");
2428 tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
2432 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2433 hf_lsa_count, NULL);
2436 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2437 lsa_dissect_LSA_TRANSLATED_SIDS_array, NDR_POINTER_UNIQUE,
2438 "Translated SIDS", -1);
2440 proto_item_set_len(item, offset-old_offset);
2445 lsa_dissect_lsalookupnames_rqst(tvbuff_t *tvb, int offset,
2446 packet_info *pinfo, proto_tree *tree, char *drep)
2448 /* [in] LSA_HANDLE hnd */
2449 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2452 /* [in] ULONG count */
2453 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2454 hf_lsa_count, NULL);
2456 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
2457 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2458 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
2459 "Account pointer: names", hf_lsa_acct);
2461 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2462 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2463 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2464 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2466 /* [in] USHORT level */
2467 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2468 hf_lsa_info_level, NULL);
2470 /* [in, out, ref] ULONG *num_mapped */
2471 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2472 hf_lsa_num_mapped, NULL);
2479 lsa_dissect_lsalookupnames_reply(tvbuff_t *tvb, int offset,
2480 packet_info *pinfo, proto_tree *tree, char *drep)
2482 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
2483 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2484 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
2485 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
2487 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2488 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2489 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2490 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2492 /* [in, out, ref] ULONG *num_mapped */
2493 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2494 hf_lsa_num_mapped, NULL);
2496 offset = dissect_ntstatus(
2497 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2503 lsa_dissect_lsacreatesecret_rqst(tvbuff_t *tvb, int offset,
2504 packet_info *pinfo, proto_tree *tree, char *drep)
2506 /* [in] LSA_HANDLE hnd_pol */
2507 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2510 /* [in, ref] LSA_UNICODE_STRING *name */
2511 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2514 /* [in] ACCESS_MASK access */
2515 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2522 lsa_dissect_lsacreatesecret_reply(tvbuff_t *tvb, int offset,
2523 packet_info *pinfo, proto_tree *tree, char *drep)
2526 /* [out] LSA_HANDLE *hnd */
2527 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2530 offset = dissect_ntstatus(
2531 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2537 lsa_dissect_lsaopenaccount_rqst(tvbuff_t *tvb, int offset,
2538 packet_info *pinfo, proto_tree *tree, char *drep)
2540 /* [in] LSA_HANDLE hnd_pol */
2541 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2544 /* [in, ref] SID *account */
2545 offset = dissect_ndr_nt_SID(tvb, offset,
2548 /* [in] ACCESS_MASK access */
2549 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2557 lsa_dissect_lsaopenaccount_reply(tvbuff_t *tvb, int offset,
2558 packet_info *pinfo, proto_tree *tree, char *drep)
2560 /* [out] LSA_HANDLE *hnd */
2561 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2564 offset = dissect_ntstatus(
2565 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2570 static const value_string trusted_info_level_vals[] = {
2571 {1, "Domain Name Information"},
2572 {2, "Controllers Information"},
2573 {3, "Posix Offset Information"},
2574 {4, "Password Information"},
2575 {5, "Domain Information Basic"},
2576 {6, "Domain Information Ex"},
2577 {7, "Domain Auth Information"},
2578 {8, "Domain Full Information"},
2579 {9, "Domain Security Descriptor"},
2580 {10, "Domain Private Information"},
2585 lsa_dissect_TRUSTED_DOMAIN_INFORMATION(tvbuff_t *tvb, int offset,
2586 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2588 proto_item *item=NULL;
2589 proto_tree *tree=NULL;
2590 int old_offset=offset;
2594 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2595 "TRUSTED_DOMAIN_INFO:");
2596 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_info);
2599 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2600 hf_lsa_trusted_info_level, &level);
2602 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2605 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2609 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2610 hf_lsa_count, NULL);
2611 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2612 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2613 "Controllers pointer: ", hf_lsa_controller);
2616 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2617 hf_lsa_rid_offset, NULL);
2620 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2621 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2624 offset = lsa_dissect_LSA_TRUST_INFORMATION(tvb, offset,
2628 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2632 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2635 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2637 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2638 hf_lsa_rid_offset, NULL);
2639 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2642 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2645 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2647 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2648 hf_lsa_rid_offset, NULL);
2649 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2653 proto_item_set_len(item, offset-old_offset);
2658 lsa_dissect_lsaqueryinfotrusteddomain_rqst(tvbuff_t *tvb, int offset,
2659 packet_info *pinfo, proto_tree *tree, char *drep)
2661 /* [in] LSA_HANDLE hnd */
2662 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2665 /* [in] TRUSTED_INFORMATION_CLASS level */
2666 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2667 hf_lsa_trusted_info_level, NULL);
2674 lsa_dissect_lsaqueryinfotrusteddomain_reply(tvbuff_t *tvb, int offset,
2675 packet_info *pinfo, proto_tree *tree, char *drep)
2677 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info */
2678 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2679 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2680 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2682 offset = dissect_ntstatus(
2683 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2689 lsa_dissect_lsasetinformationtrusteddomain_rqst(tvbuff_t *tvb, int offset,
2690 packet_info *pinfo, proto_tree *tree, char *drep)
2692 /* [in] LSA_HANDLE hnd */
2693 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2696 /* [in] TRUSTED_INFORMATION_CLASS level */
2697 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2698 hf_lsa_trusted_info_level, NULL);
2700 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info */
2701 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2702 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2703 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2710 lsa_dissect_lsasetinformationtrusteddomain_reply(tvbuff_t *tvb, int offset,
2711 packet_info *pinfo, proto_tree *tree, char *drep)
2713 offset = dissect_ntstatus(
2714 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2720 lsa_dissect_lsaopensecret_rqst(tvbuff_t *tvb, int offset,
2721 packet_info *pinfo, proto_tree *tree, char *drep)
2723 /* [in] LSA_HANDLE hnd_pol */
2724 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2727 /* [in, ref] LSA_UNICODE_STRING *name */
2728 offset = dissect_ndr_counted_string_cb(
2729 tvb, offset, pinfo, tree, drep, hf_lsa_name,
2730 cb_wstr_postprocess,
2731 GINT_TO_POINTER(CB_STR_COL_INFO | 1));
2733 /* [in] ACCESS_MASK access */
2734 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2742 lsa_dissect_lsaopensecret_reply(tvbuff_t *tvb, int offset,
2743 packet_info *pinfo, proto_tree *tree, char *drep)
2745 /* [out] LSA_HANDLE *hnd */
2746 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2749 offset = dissect_ntstatus(
2750 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2756 lsa_dissect_lsasetsecret_rqst(tvbuff_t *tvb, int offset,
2757 packet_info *pinfo, proto_tree *tree, char *drep)
2759 /* [in] LSA_HANDLE hnd */
2760 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2763 /* [in, unique] LSA_SECRET *new_val */
2764 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2765 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2766 "LSA_SECRET pointer: new_val", -1);
2768 /* [in, unique] LSA_SECRET *old_val */
2769 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2770 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2771 "LSA_SECRET pointer: old_val", -1);
2778 lsa_dissect_lsasetsecret_reply(tvbuff_t *tvb, int offset,
2779 packet_info *pinfo, proto_tree *tree, char *drep)
2781 offset = dissect_ntstatus(
2782 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2788 lsa_dissect_lsaquerysecret_rqst(tvbuff_t *tvb, int offset,
2789 packet_info *pinfo, proto_tree *tree, char *drep)
2791 /* [in] LSA_HANDLE hnd */
2792 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2795 /* [in, out, unique] LSA_SECRET **curr_val */
2796 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2797 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2798 "LSA_SECRET pointer: curr_val", -1);
2800 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2801 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2802 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2803 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2805 /* [in, out, unique] LSA_SECRET **old_val */
2806 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2807 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2808 "LSA_SECRET pointer: old_val", -1);
2810 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2811 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2812 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2813 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2820 lsa_dissect_lsaquerysecret_reply(tvbuff_t *tvb, int offset,
2821 packet_info *pinfo, proto_tree *tree, char *drep)
2823 /* [in, out, unique] LSA_SECRET **curr_val */
2824 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2825 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2826 "LSA_SECRET pointer: curr_val", -1);
2828 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2829 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2830 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2831 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2833 /* [in, out, unique] LSA_SECRET **old_val */
2834 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2835 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2836 "LSA_SECRET pointer: old_val", -1);
2838 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2839 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2840 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2841 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2847 lsa_dissect_lsadeleteobject_rqst(tvbuff_t *tvb, int offset,
2848 packet_info *pinfo, proto_tree *tree, char *drep)
2850 /* [in] LSA_HANDLE hnd */
2851 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2859 lsa_dissect_lsadeleteobject_reply(tvbuff_t *tvb, int offset,
2860 packet_info *pinfo, proto_tree *tree, char *drep)
2862 offset = dissect_ntstatus(
2863 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2869 lsa_dissect_lsaenumerateaccountswithuserright_rqst(tvbuff_t *tvb, int offset,
2870 packet_info *pinfo, proto_tree *tree, char *drep)
2872 /* [in] LSA_HANDLE hnd */
2873 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2876 /* [in, unique] LSA_UNICODE_STRING *rights */
2877 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2878 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2879 "LSA_UNICODE_STRING pointer: rights", hf_lsa_rights);
2885 lsa_dissect_lsaenumerateaccountswithuserright_reply(tvbuff_t *tvb, int offset,
2886 packet_info *pinfo, proto_tree *tree, char *drep)
2888 /* [out, ref] LSA_UNICODE_STRING_ARRAY *accounts */
2889 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2890 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2891 "Account pointer: names", hf_lsa_acct);
2893 offset = dissect_ntstatus(
2894 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2900 lsa_dissect_lsaenumerateaccountrights_rqst(tvbuff_t *tvb, int offset,
2901 packet_info *pinfo, proto_tree *tree, char *drep)
2903 /* [in] LSA_HANDLE hnd */
2904 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2907 /* [in, ref] SID *account */
2908 offset = dissect_ndr_nt_SID(tvb, offset,
2916 lsa_dissect_lsaenumerateaccountrights_reply(tvbuff_t *tvb, int offset,
2917 packet_info *pinfo, proto_tree *tree, char *drep)
2919 /* [out, ref] LSA_UNICODE_STRING_ARRAY *rights */
2920 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2921 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2922 "Account pointer: rights", hf_lsa_rights);
2924 offset = dissect_ntstatus(
2925 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2931 lsa_dissect_lsaaddaccountrights_rqst(tvbuff_t *tvb, int offset,
2932 packet_info *pinfo, proto_tree *tree, char *drep)
2934 /* [in] LSA_HANDLE hnd */
2935 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2938 /* [in, ref] SID *account */
2939 offset = dissect_ndr_nt_SID(tvb, offset,
2942 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2943 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2944 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2945 "Account pointer: rights", hf_lsa_rights);
2952 lsa_dissect_lsaaddaccountrights_reply(tvbuff_t *tvb, int offset,
2953 packet_info *pinfo, proto_tree *tree, char *drep)
2955 offset = dissect_ntstatus(
2956 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2962 lsa_dissect_lsaremoveaccountrights_rqst(tvbuff_t *tvb, int offset,
2963 packet_info *pinfo, proto_tree *tree, char *drep)
2965 /* [in] LSA_HANDLE hnd */
2966 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2969 /* [in, ref] SID *account */
2970 offset = dissect_ndr_nt_SID(tvb, offset,
2974 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2975 hf_lsa_remove_all, NULL);
2977 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2978 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2979 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2980 "Account pointer: rights", hf_lsa_rights);
2987 lsa_dissect_lsaremoveaccountrights_reply(tvbuff_t *tvb, int offset,
2988 packet_info *pinfo, proto_tree *tree, char *drep)
2990 offset = dissect_ntstatus(
2991 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2998 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
2999 packet_info *pinfo, proto_tree *tree, char *drep)
3001 /* [in] LSA_HANDLE handle */
3002 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3005 /* [in, ref] LSA_UNICODE_STRING *name */
3007 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3010 /* [in] TRUSTED_INFORMATION_CLASS level */
3011 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3012 hf_lsa_trusted_info_level, NULL);
3019 lsa_dissect_lsaquerytrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3020 packet_info *pinfo, proto_tree *tree, char *drep)
3022 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3023 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3024 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3025 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3027 offset = dissect_ntstatus(
3028 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3035 lsa_dissect_lsasettrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3036 packet_info *pinfo, proto_tree *tree, char *drep)
3038 /* [in] LSA_HANDLE handle */
3039 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3042 /* [in, ref] LSA_UNICODE_STRING *name */
3044 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3047 /* [in] TRUSTED_INFORMATION_CLASS level */
3048 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3049 hf_lsa_trusted_info_level, NULL);
3051 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3052 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3053 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3054 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3061 lsa_dissect_lsasettrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3062 packet_info *pinfo, proto_tree *tree, char *drep)
3064 offset = dissect_ntstatus(
3065 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3071 lsa_dissect_lsaquerytrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3072 packet_info *pinfo, proto_tree *tree, char *drep)
3074 /* [in] LSA_HANDLE handle */
3075 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3078 /* [in, ref] SID *sid */
3079 offset = dissect_ndr_nt_SID(tvb, offset,
3082 /* [in] TRUSTED_INFORMATION_CLASS level */
3083 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3084 hf_lsa_trusted_info_level, NULL);
3090 lsa_dissect_lsaopentrusteddomainbyname_rqst(tvbuff_t *tvb, int offset,
3091 packet_info *pinfo, proto_tree *tree, char *drep)
3093 /* [in] LSA_HANDLE handle */
3094 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3097 /* [in, ref] LSA_UNICODE_STRING *name */
3099 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3102 /* [in] ACCESS_MASK access */
3103 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3111 lsa_dissect_lsaopentrusteddomainbyname_reply(tvbuff_t *tvb, int offset,
3112 packet_info *pinfo, proto_tree *tree, char *drep)
3114 /* [out] LSA_HANDLE handle */
3115 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3118 offset = dissect_ntstatus(
3119 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3127 lsa_dissect_lsaquerytrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3128 packet_info *pinfo, proto_tree *tree, char *drep)
3130 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3131 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3132 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3133 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3135 offset = dissect_ntstatus(
3136 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3142 lsa_dissect_lsasettrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3143 packet_info *pinfo, proto_tree *tree, char *drep)
3145 /* [in] LSA_HANDLE handle */
3146 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3149 /* [in, ref] SID *sid */
3150 offset = dissect_ndr_nt_SID(tvb, offset,
3153 /* [in] TRUSTED_INFORMATION_CLASS level */
3154 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3155 hf_lsa_trusted_info_level, NULL);
3157 /* [ref, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3158 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3159 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3160 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3167 lsa_dissect_lsasettrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3168 packet_info *pinfo, proto_tree *tree, char *drep)
3170 offset = dissect_ntstatus(
3171 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3177 lsa_dissect_lsaqueryinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3178 packet_info *pinfo, proto_tree *tree, char *drep)
3180 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3181 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3184 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3185 hf_lsa_policy_information_class, NULL);
3191 lsa_dissect_lsaqueryinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3192 packet_info *pinfo, proto_tree *tree, char *drep)
3194 /* This is really a pointer to a pointer though the first level is REF
3195 so we just ignore that one */
3196 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3197 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
3198 "POLICY_INFORMATION pointer: info", -1);
3200 offset = dissect_ntstatus(
3201 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3207 lsa_dissect_lsasetinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3208 packet_info *pinfo, proto_tree *tree, char *drep)
3210 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3211 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3214 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3215 hf_lsa_policy_information_class, NULL);
3217 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3218 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3219 "POLICY_INFORMATION pointer: info", -1);
3225 lsa_dissect_lsasetinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3226 packet_info *pinfo, proto_tree *tree, char *drep)
3228 offset = dissect_ntstatus(
3229 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3235 lsa_dissect_lsaquerydomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3236 packet_info *pinfo, proto_tree *tree, char *drep)
3238 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3239 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3242 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3243 hf_lsa_policy_information_class, NULL);
3249 lsa_dissect_lsaquerydomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3250 packet_info *pinfo, proto_tree *tree, char *drep)
3252 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3253 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3254 "POLICY_INFORMATION pointer: info", -1);
3256 offset = dissect_ntstatus(
3257 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3263 lsa_dissect_lsasetdomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3264 packet_info *pinfo, proto_tree *tree, char *drep)
3266 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3267 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3270 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3271 hf_lsa_policy_information_class, NULL);
3273 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3274 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3275 "POLICY_INFORMATION pointer: info", -1);
3281 lsa_dissect_lsasetdomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3282 packet_info *pinfo, proto_tree *tree, char *drep)
3284 offset = dissect_ntstatus(
3285 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3291 lsa_dissect_lsalookupnames2_rqst(tvbuff_t *tvb, int offset,
3292 packet_info *pinfo, proto_tree *tree, char *drep)
3294 /* [in] LSA_HANDLE hnd */
3295 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3298 /* [in] ULONG count */
3299 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3300 hf_lsa_count, NULL);
3302 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
3303 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3304 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
3305 "Account pointer: names", hf_lsa_acct);
3307 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3308 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3309 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3310 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3312 /* [in] USHORT level */
3313 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3314 hf_lsa_info_level, NULL);
3316 /* [in, out, ref] ULONG *num_mapped */
3317 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3318 hf_lsa_num_mapped, NULL);
3321 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3322 hf_lsa_unknown_long, NULL);
3325 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3326 hf_lsa_unknown_long, NULL);
3333 lsa_dissect_lsalookupnames2_reply(tvbuff_t *tvb, int offset,
3334 packet_info *pinfo, proto_tree *tree, char *drep)
3336 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
3337 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3338 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3339 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3341 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3342 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3343 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3344 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3346 /* [in, out, ref] ULONG *num_mapped */
3347 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3348 hf_lsa_num_mapped, NULL);
3350 offset = dissect_ntstatus(
3351 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3358 lsa_dissect_lsacreateaccount_rqst(tvbuff_t *tvb, int offset,
3359 packet_info *pinfo, proto_tree *tree, char *drep)
3361 /* [in] LSA_HANDLE hnd */
3362 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3365 offset = dissect_ndr_nt_SID(tvb, offset,
3368 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3375 lsa_dissect_lsacreateaccount_reply(tvbuff_t *tvb, int offset,
3376 packet_info *pinfo, proto_tree *tree, char *drep)
3378 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3381 offset = dissect_ntstatus(
3382 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3388 lsa_dissect_lsalookupprivilegedisplayname_rqst(tvbuff_t *tvb, int offset,
3389 packet_info *pinfo, proto_tree *tree, char *drep)
3391 /* [in] LSA_HANDLE hnd */
3392 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3395 /* [in, ref] LSA_UNICODE_STRING *name */
3396 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3399 /* [in] USHORT unknown */
3400 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3401 hf_lsa_unknown_short, NULL);
3403 /* [in] USHORT size */
3404 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3405 hf_lsa_size16, NULL);
3412 lsa_dissect_lsalookupprivilegedisplayname_reply(tvbuff_t *tvb, int offset,
3413 packet_info *pinfo, proto_tree *tree, char *drep)
3415 /* [out, ref] LSA_UNICODE_STRING **disp_name */
3416 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3417 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3418 "NAME pointer: ", hf_lsa_privilege_name);
3420 /* [out, ref] USHORT *size_needed */
3421 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3422 hf_lsa_size_needed, NULL);
3424 offset = dissect_ntstatus(
3425 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3431 lsa_dissect_lsastoreprivatedata_rqst(tvbuff_t *tvb, int offset,
3432 packet_info *pinfo, proto_tree *tree, char *drep)
3434 /* [in] LSA_HANDLE hnd */
3435 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3438 /* [in, ref] LSA_UNICODE_STRING *key */
3439 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3442 /* [in, unique] LSA_SECRET **data */
3443 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3444 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
3445 "LSA_SECRET* pointer: data", -1);
3452 lsa_dissect_lsastoreprivatedata_reply(tvbuff_t *tvb, int offset,
3453 packet_info *pinfo, proto_tree *tree, char *drep)
3455 offset = dissect_ntstatus(
3456 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3462 lsa_dissect_lsaretrieveprivatedata_rqst(tvbuff_t *tvb, int offset,
3463 packet_info *pinfo, proto_tree *tree, char *drep)
3465 /* [in] LSA_HANDLE hnd */
3466 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3469 /* [in, ref] LSA_UNICODE_STRING *key */
3470 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3473 /* [in, out, ref] LSA_SECRET **data */
3474 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3475 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3476 "LSA_SECRET* pointer: data", -1);
3483 lsa_dissect_lsaretrieveprivatedata_reply(tvbuff_t *tvb, int offset,
3484 packet_info *pinfo, proto_tree *tree, char *drep)
3486 /* [in, out, ref] LSA_SECRET **data */
3487 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3488 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3489 "LSA_SECRET* pointer: data", -1);
3491 offset = dissect_ntstatus(
3492 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3498 lsa_dissect_lsaclosetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3499 packet_info *pinfo, proto_tree *tree, char *drep)
3502 /* [in, out] LSA_HANDLE *tdHnd */
3503 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3504 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3512 lsa_dissect_lsaclosetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3513 packet_info *pinfo, proto_tree *tree, char *drep)
3516 /* [in, out] LSA_HANDLE *tdHnd */
3517 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3518 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3521 offset = dissect_ntstatus(
3522 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3528 lsa_dissect_LSA_TRANSLATED_NAME_EX(tvbuff_t *tvb, int offset,
3529 packet_info *pinfo, proto_tree *parent_tree, char *drep)
3531 proto_item *item=NULL;
3532 proto_tree *tree=NULL;
3533 int old_offset=offset;
3536 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3537 "LSA_TRANSLATED_NAME:");
3538 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
3542 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3543 hf_lsa_sid_type, NULL);
3546 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3550 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3551 hf_lsa_index, NULL);
3554 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3555 hf_lsa_unknown_long, NULL);
3557 proto_item_set_len(item, offset-old_offset);
3562 lsa_dissect_LSA_TRANSLATED_NAME_EX_array(tvbuff_t *tvb, int offset,
3563 packet_info *pinfo, proto_tree *tree, char *drep)
3565 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3566 lsa_dissect_LSA_TRANSLATED_NAME_EX);
3571 lsa_dissect_LSA_TRANSLATED_NAMES_EX(tvbuff_t *tvb, int offset,
3572 packet_info *pinfo, proto_tree *tree, char *drep)
3575 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3576 hf_lsa_count, NULL);
3578 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3579 lsa_dissect_LSA_TRANSLATED_NAME_EX_array, NDR_POINTER_UNIQUE,
3580 "LSA_TRANSLATED_NAME_EX: pointer", -1);
3587 lsa_dissect_lsalookupsids2_rqst(tvbuff_t *tvb, int offset,
3588 packet_info *pinfo, proto_tree *tree, char *drep)
3590 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3593 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3594 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3597 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3598 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3599 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3601 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3602 hf_lsa_info_level, NULL);
3604 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3605 hf_lsa_num_mapped, NULL);
3608 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3609 hf_lsa_unknown_long, NULL);
3612 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3613 hf_lsa_unknown_long, NULL);
3619 lsa_dissect_lsalookupsids2_reply(tvbuff_t *tvb, int offset,
3620 packet_info *pinfo, proto_tree *tree, char *drep)
3622 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3623 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3624 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3626 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3627 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3628 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3630 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3631 hf_lsa_num_mapped, NULL);
3633 offset = dissect_ntstatus(
3634 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3640 lsa_dissect_lsagetusername_rqst(tvbuff_t *tvb, int offset,
3641 packet_info *pinfo, proto_tree *tree, char *drep)
3644 /* [in, unique, string] WCHAR *server */
3645 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3646 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
3647 "Server:", hf_lsa_server);
3649 /* [in, out, ref] LSA_UNICODE_STRING **user */
3650 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3651 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3652 "ACCOUNT pointer: ", hf_lsa_acct);
3654 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3655 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3656 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3657 "DOMAIN pointer: ", hf_lsa_domain);
3664 lsa_dissect_lsagetusername_reply(tvbuff_t *tvb, int offset,
3665 packet_info *pinfo, proto_tree *tree, char *drep)
3667 /* [in, out, ref] LSA_UNICODE_STRING **user */
3668 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3669 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3670 "ACCOUNT pointer: ", hf_lsa_acct);
3672 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3673 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3674 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3675 "DOMAIN pointer: ", hf_lsa_domain);
3677 offset = dissect_ntstatus(
3678 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3684 lsa_dissect_lsacreatetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3685 packet_info *pinfo, proto_tree *tree, char *drep)
3687 /* [in] LSA_HANDLE hnd */
3688 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3691 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3692 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3693 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3694 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3696 /* [in, ref] TRUSTED_DOMAIN_AUTH_INFORMATION *auth */
3697 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3698 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION, NDR_POINTER_REF,
3699 "TRUSTED_DOMAIN_AUTH_INFORMATION pointer: auth", -1);
3701 /* [in] ACCESS_MASK mask */
3702 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3710 lsa_dissect_lsacreatetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3711 packet_info *pinfo, proto_tree *tree, char *drep)
3713 /* [out] LSA_HANDLE *tdHnd) */
3714 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3717 offset = dissect_ntstatus(
3718 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3724 lsa_dissect_lsaenumeratetrusteddomainsex_rqst(tvbuff_t *tvb, int offset,
3725 packet_info *pinfo, proto_tree *tree, char *drep)
3727 /* [in] LSA_HANDLE hnd */
3728 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3731 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3732 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3733 hf_lsa_resume_handle, NULL);
3735 /* [in] ULONG pref_maxlen */
3736 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3737 hf_lsa_max_count, NULL);
3744 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array(tvbuff_t *tvb, int offset,
3745 packet_info *pinfo, proto_tree *tree, char *drep)
3747 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3748 lsa_dissect_LSA_TRUST_INFORMATION_EX);
3754 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX(tvbuff_t *tvb, int offset,
3755 packet_info *pinfo, proto_tree *tree, char *drep)
3758 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3759 hf_lsa_count, NULL);
3761 /* trust information */
3762 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3763 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array, NDR_POINTER_UNIQUE,
3764 "TRUST INFORMATION array:", -1);
3767 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3768 hf_lsa_max_count, NULL);
3775 lsa_dissect_lsaenumeratetrusteddomainsex_reply(tvbuff_t *tvb, int offset,
3776 packet_info *pinfo, proto_tree *tree, char *drep)
3778 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3779 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3780 hf_lsa_resume_handle, NULL);
3782 /* [out, ref] TRUSTED_DOMAIN_INFORMATION_LIST_EX *domains */
3783 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3784 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX, NDR_POINTER_REF,
3785 "TRUSTED_DOMAIN_INFORMATION_LIST_EX pointer: domains", -1);
3787 offset = dissect_ntstatus(
3788 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3794 lsa_dissect_lsafunction_38_rqst(tvbuff_t *tvb, int offset,
3795 packet_info *pinfo, proto_tree *tree, char *drep)
3797 /* [in] LSA_HANDLE handle */
3798 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3801 /* [in] USHORT flag */
3802 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3803 hf_lsa_unknown_short, NULL);
3805 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3806 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3807 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3808 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3815 lsa_dissect_lsafunction_38_reply(tvbuff_t *tvb, int offset,
3816 packet_info *pinfo, proto_tree *tree, char *drep)
3818 /* [out, ref] LSA_SECURITY_DESCRIPTOR **psd) */
3819 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3820 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3821 "LSA_SECURITY_DESCRIPTOR pointer: psd)", -1);
3827 lsa_dissect_lsafunction_3b_rqst(tvbuff_t *tvb, int offset,
3828 packet_info *pinfo, proto_tree *tree, char *drep)
3830 /* [in] LSA_HANDLE hnd */
3831 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3834 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3835 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3836 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3837 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3839 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3840 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3841 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3842 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3844 /* [in] ULONG unknown */
3845 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3846 hf_lsa_unknown_long, NULL);
3853 lsa_dissect_lsafunction_3b_reply(tvbuff_t *tvb, int offset,
3854 packet_info *pinfo, proto_tree *tree, char *drep)
3856 /* [out] LSA_HANDLE *h2) */
3857 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3860 offset = dissect_ntstatus(
3861 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3867 static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
3868 { LSA_LSACLOSE, "Close",
3869 lsa_dissect_lsaclose_rqst,
3870 lsa_dissect_lsaclose_reply },
3871 { LSA_LSADELETE, "Delete",
3872 lsa_dissect_lsadelete_rqst,
3873 lsa_dissect_lsadelete_reply },
3874 { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs",
3875 lsa_dissect_lsaenumerateprivileges_rqst,
3876 lsa_dissect_lsaenumerateprivileges_reply },
3877 { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject",
3878 lsa_dissect_lsaquerysecurityobject_rqst,
3879 lsa_dissect_lsaquerysecurityobject_reply },
3880 { LSA_LSASETSECURITYOBJECT, "SetSecObject",
3881 lsa_dissect_lsasetsecurityobject_rqst,
3882 lsa_dissect_lsasetsecurityobject_reply },
3883 { LSA_LSACHANGEPASSWORD, "ChangePassword",
3884 lsa_dissect_lsachangepassword_rqst,
3885 lsa_dissect_lsachangepassword_reply },
3886 { LSA_LSAOPENPOLICY, "OpenPolicy",
3887 lsa_dissect_lsaopenpolicy_rqst,
3888 lsa_dissect_lsaopenpolicy_reply },
3889 { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy",
3890 lsa_dissect_lsaqueryinformationpolicy_rqst,
3891 lsa_dissect_lsaqueryinformationpolicy_reply },
3892 { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy",
3893 lsa_dissect_lsasetinformationpolicy_rqst,
3894 lsa_dissect_lsasetinformationpolicy_reply },
3895 { LSA_LSACLEARAUDITLOG, "ClearAuditLog",
3896 lsa_dissect_lsaclearauditlog_rqst,
3897 lsa_dissect_lsaclearauditlog_reply },
3898 { LSA_LSACREATEACCOUNT, "CreateAccount",
3899 lsa_dissect_lsacreateaccount_rqst,
3900 lsa_dissect_lsacreateaccount_reply },
3901 { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts",
3902 lsa_dissect_lsaenumerateaccounts_rqst,
3903 lsa_dissect_lsaenumerateaccounts_reply },
3904 { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain",
3905 lsa_dissect_lsacreatetrusteddomain_rqst,
3906 lsa_dissect_lsacreatetrusteddomain_reply },
3907 { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains",
3908 lsa_dissect_lsaenumeratetrusteddomains_rqst,
3909 lsa_dissect_lsaenumeratetrusteddomains_reply },
3910 { LSA_LSALOOKUPNAMES, "LookupNames",
3911 lsa_dissect_lsalookupnames_rqst,
3912 lsa_dissect_lsalookupnames_reply },
3913 { LSA_LSALOOKUPSIDS, "LookupSIDs",
3914 lsa_dissect_lsalookupsids_rqst,
3915 lsa_dissect_lsalookupsids_reply },
3916 { LSA_LSACREATESECRET, "CreateSecret",
3917 lsa_dissect_lsacreatesecret_rqst,
3918 lsa_dissect_lsacreatesecret_reply },
3919 { LSA_LSAOPENACCOUNT, "OpenAccount",
3920 lsa_dissect_lsaopenaccount_rqst,
3921 lsa_dissect_lsaopenaccount_reply },
3922 { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount",
3923 lsa_dissect_lsaenumerateprivilegesaccount_rqst,
3924 lsa_dissect_lsaenumerateprivilegesaccount_reply },
3925 { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount",
3926 lsa_dissect_lsaaddprivilegestoaccount_rqst,
3927 lsa_dissect_lsaaddprivilegestoaccount_reply },
3928 { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount",
3929 lsa_dissect_lsaremoveprivilegesfromaccount_rqst,
3930 lsa_dissect_lsaremoveprivilegesfromaccount_reply },
3931 { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount",
3932 lsa_dissect_lsagetquotasforaccount_rqst,
3933 lsa_dissect_lsagetquotasforaccount_reply },
3934 { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount",
3935 lsa_dissect_lsasetquotasforaccount_rqst,
3936 lsa_dissect_lsasetquotasforaccount_reply },
3937 { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount",
3938 lsa_dissect_lsagetsystemaccessaccount_rqst,
3939 lsa_dissect_lsagetsystemaccessaccount_reply },
3940 { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount",
3941 lsa_dissect_lsasetsystemaccessaccount_rqst,
3942 lsa_dissect_lsasetsystemaccessaccount_reply },
3943 { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain",
3944 lsa_dissect_lsaopentrusteddomain_rqst,
3945 lsa_dissect_lsaopentrusteddomain_reply },
3946 { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain",
3947 lsa_dissect_lsaqueryinfotrusteddomain_rqst,
3948 lsa_dissect_lsaqueryinfotrusteddomain_reply },
3949 { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain",
3950 lsa_dissect_lsasetinformationtrusteddomain_rqst,
3951 lsa_dissect_lsasetinformationtrusteddomain_reply },
3952 { LSA_LSAOPENSECRET, "OpenSecret",
3953 lsa_dissect_lsaopensecret_rqst,
3954 lsa_dissect_lsaopensecret_reply },
3955 { LSA_LSASETSECRET, "SetSecret",
3956 lsa_dissect_lsasetsecret_rqst,
3957 lsa_dissect_lsasetsecret_reply },
3958 { LSA_LSAQUERYSECRET, "QuerySecret",
3959 lsa_dissect_lsaquerysecret_rqst,
3960 lsa_dissect_lsaquerysecret_reply },
3961 { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue",
3962 lsa_dissect_lsalookupprivilegevalue_rqst,
3963 lsa_dissect_lsalookupprivilegevalue_reply },
3964 { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName",
3965 lsa_dissect_lsalookupprivilegename_rqst,
3966 lsa_dissect_lsalookupprivilegename_reply },
3967 { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName",
3968 lsa_dissect_lsalookupprivilegedisplayname_rqst,
3969 lsa_dissect_lsalookupprivilegedisplayname_reply },
3970 { LSA_LSADELETEOBJECT, "DeleteObject",
3971 lsa_dissect_lsadeleteobject_rqst,
3972 lsa_dissect_lsadeleteobject_reply },
3973 { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight",
3974 lsa_dissect_lsaenumerateaccountswithuserright_rqst,
3975 lsa_dissect_lsaenumerateaccountswithuserright_reply },
3976 { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights",
3977 lsa_dissect_lsaenumerateaccountrights_rqst,
3978 lsa_dissect_lsaenumerateaccountrights_reply },
3979 { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights",
3980 lsa_dissect_lsaaddaccountrights_rqst,
3981 lsa_dissect_lsaaddaccountrights_reply },
3982 { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights",
3983 lsa_dissect_lsaremoveaccountrights_rqst,
3984 lsa_dissect_lsaremoveaccountrights_reply },
3985 { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo",
3986 lsa_dissect_lsaquerytrusteddomaininfo_rqst,
3987 lsa_dissect_lsaquerytrusteddomaininfo_reply },
3988 { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo",
3989 lsa_dissect_lsasettrusteddomaininfo_rqst,
3990 lsa_dissect_lsasettrusteddomaininfo_reply },
3991 { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain",
3992 lsa_dissect_lsadeletetrusteddomain_rqst,
3993 lsa_dissect_lsadeletetrusteddomain_reply },
3994 { LSA_LSASTOREPRIVATEDATA, "StorePrivateData",
3995 lsa_dissect_lsastoreprivatedata_rqst,
3996 lsa_dissect_lsastoreprivatedata_reply },
3997 { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData",
3998 lsa_dissect_lsaretrieveprivatedata_rqst,
3999 lsa_dissect_lsaretrieveprivatedata_reply },
4000 { LSA_LSAOPENPOLICY2, "OpenPolicy2",
4001 lsa_dissect_lsaopenpolicy2_rqst,
4002 lsa_dissect_lsaopenpolicy2_reply },
4003 { LSA_LSAGETUSERNAME, "GetUsername",
4004 lsa_dissect_lsagetusername_rqst,
4005 lsa_dissect_lsagetusername_reply },
4006 { LSA_LSAQUERYINFORMATIONPOLICY2, "QueryInformationPolicy2",
4007 lsa_dissect_lsaqueryinformationpolicy2_rqst,
4008 lsa_dissect_lsaqueryinformationpolicy2_reply },
4009 { LSA_LSASETINFORMATIONPOLICY2, "SetInformationPolicy2",
4010 lsa_dissect_lsasetinformationpolicy2_rqst,
4011 lsa_dissect_lsasetinformationpolicy2_reply },
4012 { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName",
4013 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst,
4014 lsa_dissect_lsaquerytrusteddomaininfobyname_reply },
4015 { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName",
4016 lsa_dissect_lsasettrusteddomaininfobyname_rqst,
4017 lsa_dissect_lsasettrusteddomaininfobyname_reply },
4018 { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx",
4019 lsa_dissect_lsaenumeratetrusteddomainsex_rqst,
4020 lsa_dissect_lsaenumeratetrusteddomainsex_reply },
4021 { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx",
4022 lsa_dissect_lsacreatetrusteddomainex_rqst,
4023 lsa_dissect_lsacreatetrusteddomainex_reply },
4024 { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx",
4025 lsa_dissect_lsaclosetrusteddomainex_rqst,
4026 lsa_dissect_lsaclosetrusteddomainex_reply },
4027 { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy",
4028 lsa_dissect_lsaquerydomaininformationpolicy_rqst,
4029 lsa_dissect_lsaquerydomaininformationpolicy_reply },
4030 { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy",
4031 lsa_dissect_lsasetdomaininformationpolicy_rqst,
4032 lsa_dissect_lsasetdomaininformationpolicy_reply },
4033 { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName",
4034 lsa_dissect_lsaopentrusteddomainbyname_rqst,
4035 lsa_dissect_lsaopentrusteddomainbyname_reply },
4036 { LSA_LSAFUNCTION_38, "LSAFUNCTION_38",
4037 lsa_dissect_lsafunction_38_rqst,
4038 lsa_dissect_lsafunction_38_reply },
4039 { LSA_LSALOOKUPSIDS2, "LookupSIDs2",
4040 lsa_dissect_lsalookupsids2_rqst,
4041 lsa_dissect_lsalookupsids2_reply },
4042 { LSA_LSALOOKUPNAMES2, "LookupNames2",
4043 lsa_dissect_lsalookupnames2_rqst,
4044 lsa_dissect_lsalookupnames2_reply },
4045 { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B",
4046 lsa_dissect_lsafunction_3b_rqst,
4047 lsa_dissect_lsafunction_3b_reply },
4048 {0, NULL, NULL, NULL}
4051 static const value_string lsa_opnum_vals[] = {
4052 { LSA_LSACLOSE, "Close" },
4053 { LSA_LSADELETE, "Delete" },
4054 { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs" },
4055 { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject" },
4056 { LSA_LSASETSECURITYOBJECT, "SetSecObject" },
4057 { LSA_LSACHANGEPASSWORD, "ChangePassword" },
4058 { LSA_LSAOPENPOLICY, "OpenPolicy" },
4059 { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy" },
4060 { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy" },
4061 { LSA_LSACLEARAUDITLOG, "ClearAuditLog" },
4062 { LSA_LSACREATEACCOUNT, "CreateAccount" },
4063 { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts" },
4064 { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain" },
4065 { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains" },
4066 { LSA_LSALOOKUPNAMES, "LookupNames" },
4067 { LSA_LSALOOKUPSIDS, "LookupSIDs" },
4068 { LSA_LSACREATESECRET, "CreateSecret" },
4069 { LSA_LSAOPENACCOUNT, "OpenAccount" },
4070 { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount" },
4071 { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount" },
4072 { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount" },
4073 { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount" },
4074 { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount" },
4075 { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount" },
4076 { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount" },
4077 { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain" },
4078 { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain" },
4079 { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain" },
4080 { LSA_LSAOPENSECRET, "OpenSecret" },
4081 { LSA_LSASETSECRET, "SetSecret" },
4082 { LSA_LSAQUERYSECRET, "QuerySecret" },
4083 { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue" },
4084 { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName" },
4085 { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName" },
4086 { LSA_LSADELETEOBJECT, "DeleteObject" },
4087 { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight" },
4088 { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights" },
4089 { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights" },
4090 { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights" },
4091 { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo" },
4092 { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo" },
4093 { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain" },
4094 { LSA_LSASTOREPRIVATEDATA, "StorePrivateData" },
4095 { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData" },
4096 { LSA_LSAOPENPOLICY2, "OpenPolicy2" },
4097 { LSA_LSAGETUSERNAME, "GetUsername" },
4098 { LSA_LSAQUERYINFORMATIONPOLICY2, "QueryInformationPolicy2" },
4099 { LSA_LSASETINFORMATIONPOLICY2, "SetInformationPolicy2" },
4100 { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName" },
4101 { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName" },
4102 { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx" },
4103 { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx" },
4104 { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx" },
4105 { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy" },
4106 { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy" },
4107 { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName" },
4108 { LSA_LSAFUNCTION_38, "LSAFUNCTION_38" },
4109 { LSA_LSALOOKUPSIDS2, "LookupSIDs2" },
4110 { LSA_LSALOOKUPNAMES2, "LookupNames2" },
4111 { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B" },
4116 proto_register_dcerpc_lsa(void)
4118 static hf_register_info hf[] = {
4121 { "Operation", "lsa.opnum", FT_UINT16, BASE_DEC,
4122 VALS(lsa_opnum_vals), 0x0, "Operation", HFILL }},
4124 { &hf_lsa_unknown_string,
4125 { "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
4126 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
4129 { "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
4130 NULL, 0x0, "LSA policy handle", HFILL }},
4133 { "Server", "lsa.server", FT_STRING, BASE_NONE,
4134 NULL, 0, "Name of Server", HFILL }},
4136 { &hf_lsa_controller,
4137 { "Controller", "lsa.controller", FT_STRING, BASE_NONE,
4138 NULL, 0, "Name of Domain Controller", HFILL }},
4140 { &hf_lsa_unknown_hyper,
4141 { "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
4142 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4144 { &hf_lsa_unknown_long,
4145 { "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
4146 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4148 { &hf_lsa_unknown_short,
4149 { "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
4150 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4152 { &hf_lsa_unknown_char,
4153 { "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
4154 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4157 { "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
4158 VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
4161 { "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
4162 NULL, 0x0, "LSA Attributes", HFILL }},
4164 { &hf_lsa_obj_attr_len,
4165 { "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
4166 NULL, 0x0, "Length of object attribute structure", HFILL }},
4168 { &hf_lsa_obj_attr_name,
4169 { "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
4170 NULL, 0x0, "Name of object attribute", HFILL }},
4172 { &hf_lsa_access_mask,
4173 { "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
4174 NULL, 0x0, "LSA Access Mask", HFILL }},
4176 { &hf_lsa_info_level,
4177 { "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
4178 NULL, 0x0, "Information level of requested data", HFILL }},
4180 { &hf_lsa_trusted_info_level,
4181 { "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
4182 VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
4185 { "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
4186 NULL, 0x0, "Size of lsa security descriptor", HFILL }},
4189 { "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
4190 NULL, 0x0, "Length of quality of service structure", HFILL }},
4192 { &hf_lsa_qos_impersonation_level,
4193 { "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
4194 VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
4196 { &hf_lsa_qos_track_context,
4197 { "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
4198 NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
4200 { &hf_lsa_qos_effective_only,
4201 { "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
4202 NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
4204 { &hf_lsa_pali_percent_full,
4205 { "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
4206 NULL, 0x0, "How full audit log is in percentage", HFILL }},
4208 { &hf_lsa_pali_log_size,
4209 { "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
4210 NULL, 0x0, "Size of audit log", HFILL }},
4212 { &hf_lsa_pali_retention_period,
4213 { "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
4214 NULL, 0x0, "", HFILL }},
4216 { &hf_lsa_pali_time_to_shutdown,
4217 { "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
4218 NULL, 0x0, "Time to shutdown", HFILL }},
4220 { &hf_lsa_pali_shutdown_in_progress,
4221 { "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
4222 NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
4224 { &hf_lsa_pali_next_audit_record,
4225 { "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
4226 NULL, 0x0, "Next audit record", HFILL }},
4228 { &hf_lsa_paei_enabled,
4229 { "Enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
4230 NULL, 0x0, "If Audit Events Information is Enabled or not", HFILL }},
4232 { &hf_lsa_paei_settings,
4233 { "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
4234 NULL, 0x0, "Audit Events Information settings", HFILL }},
4237 { "Count", "lsa.count", FT_UINT32, BASE_DEC,
4238 NULL, 0x0, "Count of objects", HFILL }},
4240 { &hf_lsa_max_count,
4241 { "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
4242 NULL, 0x0, "", HFILL }},
4245 { "Domain", "lsa.domain", FT_STRING, BASE_NONE,
4246 NULL, 0x0, "Domain", HFILL }},
4249 { "Account", "lsa.acct", FT_STRING, BASE_NONE,
4250 NULL, 0x0, "Account", HFILL }},
4253 { "Source", "lsa.source", FT_STRING, BASE_NONE,
4254 NULL, 0x0, "Replica Source", HFILL }},
4256 { &hf_lsa_server_role,
4257 { "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
4258 VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
4260 { &hf_lsa_quota_paged_pool,
4261 { "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
4262 NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
4264 { &hf_lsa_quota_non_paged_pool,
4265 { "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
4266 NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
4268 { &hf_lsa_quota_min_wss,
4269 { "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
4270 NULL, 0x0, "Size of Quota Min WSS", HFILL }},
4272 { &hf_lsa_quota_max_wss,
4273 { "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
4274 NULL, 0x0, "Size of Quota Max WSS", HFILL }},
4276 { &hf_lsa_quota_pagefile,
4277 { "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
4278 NULL, 0x0, "Size of quota pagefile usage", HFILL }},
4280 { &hf_lsa_mod_seq_no,
4281 { "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
4282 NULL, 0x0, "Sequence number for this modification", HFILL }},
4284 { &hf_lsa_mod_mtime,
4285 { "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4286 NULL, 0x0, "Time when this modification occured", HFILL }},
4288 { &hf_lsa_cur_mtime,
4289 { "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4290 NULL, 0x0, "Current MTime to set", HFILL }},
4292 { &hf_lsa_old_mtime,
4293 { "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4294 NULL, 0x0, "Old MTime for this object", HFILL }},
4297 { "Name", "lsa.name", FT_STRING, BASE_NONE,
4298 NULL, 0x0, "", HFILL }},
4301 { "Key", "lsa.key", FT_STRING, BASE_NONE,
4302 NULL, 0x0, "", HFILL }},
4304 { &hf_lsa_flat_name,
4305 { "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
4306 NULL, 0x0, "", HFILL }},
4309 { "Forest", "lsa.forest", FT_STRING, BASE_NONE,
4310 NULL, 0x0, "", HFILL }},
4312 { &hf_lsa_info_type,
4313 { "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
4314 NULL, 0x0, "", HFILL }},
4317 { "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
4318 NULL, 0x0, "New password", HFILL }},
4321 { "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
4322 NULL, 0x0, "Old password", HFILL }},
4325 { "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
4326 VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
4329 { "RID", "lsa.rid", FT_UINT32, BASE_HEX,
4330 NULL, 0x0, "RID", HFILL }},
4332 { &hf_lsa_rid_offset,
4333 { "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
4334 NULL, 0x0, "RID Offset", HFILL }},
4337 { "Index", "lsa.index", FT_UINT32, BASE_DEC,
4338 NULL, 0x0, "", HFILL }},
4340 { &hf_lsa_num_mapped,
4341 { "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
4342 NULL, 0x0, "", HFILL }},
4344 { &hf_lsa_policy_information_class,
4345 { "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
4346 VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
4349 { "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX,
4350 NULL, 0, "", HFILL }},
4352 { &hf_lsa_auth_blob,
4353 { "Auth blob", "lsa.auth.blob", FT_BYTES, BASE_HEX,
4354 NULL, 0, "", HFILL }},
4357 { "High", "nt.luid.high", FT_UINT32, BASE_HEX,
4358 NULL, 0x0, "LUID High component", HFILL }},
4361 { "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
4362 NULL, 0x0, "LUID Low component", HFILL }},
4365 { "Size", "lsa.size", FT_UINT32, BASE_DEC,
4366 NULL, 0x0, "", HFILL }},
4369 { "Size", "lsa.size", FT_UINT16, BASE_DEC,
4370 NULL, 0x0, "", HFILL }},
4372 { &hf_lsa_size_needed,
4373 { "Size Needed", "lsa.size_needed", FT_UINT16, BASE_DEC,
4374 NULL, 0x0, "", HFILL }},
4376 { &hf_lsa_privilege_name,
4377 { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
4378 NULL, 0x0, "LSA Privilege Name", HFILL }},
4381 { "Rights", "lsa.rights", FT_STRING, BASE_NONE,
4382 NULL, 0x0, "Account Rights", HFILL }},
4385 { "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
4386 NULL, 0x0, "LSA Attributes", HFILL }},
4388 { &hf_lsa_auth_update,
4389 { "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
4390 NULL, 0x0, "LSA Auth Info update", HFILL }},
4392 { &hf_lsa_resume_handle,
4393 { "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
4394 NULL, 0x0, "Resume Handle", HFILL }},
4396 { &hf_lsa_trust_direction,
4397 { "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
4398 VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
4400 { &hf_lsa_trust_type,
4401 { "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
4402 VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
4404 { &hf_lsa_trust_attr,
4405 { "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
4406 NULL, 0x0, "Trust attributes", HFILL }},
4408 { &hf_lsa_trust_attr_non_trans,
4409 { "Non Transitive", "lsa.trust.attr.non_trans", FT_BOOLEAN, 32,
4410 TFS(&tfs_trust_attr_non_trans), 0x00000001, "Non Transitive trust", HFILL }},
4412 { &hf_lsa_trust_attr_uplevel_only,
4413 { "Upleve only", "lsa.trust.attr.uplevel_only", FT_BOOLEAN, 32,
4414 TFS(&tfs_trust_attr_uplevel_only), 0x00000002, "Uplevel only trust", HFILL }},
4416 { &hf_lsa_trust_attr_tree_parent,
4417 { "Tree Parent", "lsa.trust.attr.tree_parent", FT_BOOLEAN, 32,
4418 TFS(&tfs_trust_attr_tree_parent), 0x00400000, "Tree Parent trust", HFILL }},
4420 { &hf_lsa_trust_attr_tree_root,
4421 { "Tree Root", "lsa.trust.attr.tree_root", FT_BOOLEAN, 32,
4422 TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
4424 { &hf_lsa_auth_type,
4425 { "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
4426 NULL, 0x0, "Auth Info type", HFILL }},
4429 { "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
4430 NULL, 0x0, "Auth Info len", HFILL }},
4432 { &hf_lsa_remove_all,
4433 { "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
4434 NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }},
4436 { &hf_view_local_info,
4437 { "View local info", "lsa.access_mask.view_local_info",
4438 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_LOCAL_INFORMATION,
4439 "View local info", HFILL }},
4441 { &hf_view_audit_info,
4442 { "View audit info", "lsa.access_mask.view_audit_info",
4443 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_AUDIT_INFORMATION,
4444 "View audit info", HFILL }},
4446 { &hf_get_private_info,
4447 { "Get private info", "lsa.access_mask.get_privateinfo",
4448 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_GET_PRIVATE_INFORMATION,
4449 "Get private info", HFILL }},
4452 { "Trust admin", "lsa.access_mask.trust_admin",
4453 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_TRUST_ADMIN,
4454 "Trust admin", HFILL }},
4456 { &hf_create_account,
4457 { "Create account", "lsa.access_mask.create_account",
4458 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_ACCOUNT,
4459 "Create account", HFILL }},
4461 { &hf_create_secret,
4462 { "Create secret", "lsa.access_mask.create_secret",
4463 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_SECRET,
4464 "Create secret", HFILL }},
4467 { "Create privilege", "lsa.access_mask.create_priv",
4468 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_PRIVILEGE,
4469 "Create privilege", HFILL }},
4471 { &hf_set_default_quota_limits,
4472 { "Set default quota limits", "lsa.access_mask.set_default_quota_limits",
4473 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_DEFAULT_QUOTA_LIMITS,
4474 "Set default quota limits", HFILL }},
4476 { &hf_set_audit_requirements,
4477 { "Set audit requirements", "lsa.access_mask.set_audit_requirements",
4478 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_AUDIT_REQUIREMENTS,
4479 "Set audit requirements", HFILL }},
4482 { "Server admin", "lsa.access_mask.server_admin",
4483 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SERVER_ADMIN,
4484 "Server admin", HFILL }},
4487 { "Lookup names", "lsa.access_mask.lookup_names",
4488 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_LOOKUP_NAMES,
4489 "Lookup names", HFILL }}
4492 static gint *ett[] = {
4494 &ett_lsa_OBJECT_ATTRIBUTES,
4495 &ett_LSA_SECURITY_DESCRIPTOR,
4496 &ett_lsa_policy_info,
4497 &ett_lsa_policy_audit_log_info,
4498 &ett_lsa_policy_audit_events_info,
4499 &ett_lsa_policy_primary_domain_info,
4500 &ett_lsa_policy_primary_account_info,
4501 &ett_lsa_policy_server_role_info,
4502 &ett_lsa_policy_replica_source_info,
4503 &ett_lsa_policy_default_quota_info,
4504 &ett_lsa_policy_modification_info,
4505 &ett_lsa_policy_audit_full_set_info,
4506 &ett_lsa_policy_audit_full_query_info,
4507 &ett_lsa_policy_dns_domain_info,
4508 &ett_lsa_translated_names,
4509 &ett_lsa_translated_name,
4510 &ett_lsa_referenced_domain_list,
4511 &ett_lsa_trust_information,
4512 &ett_lsa_trust_information_ex,
4514 &ett_LSA_PRIVILEGES,
4516 &ett_LSA_LUID_AND_ATTRIBUTES_ARRAY,
4517 &ett_LSA_LUID_AND_ATTRIBUTES,
4518 &ett_LSA_TRUSTED_DOMAIN_LIST,
4519 &ett_LSA_TRUSTED_DOMAIN,
4520 &ett_LSA_TRANSLATED_SIDS,
4521 &ett_lsa_trusted_domain_info,
4522 &ett_lsa_trust_attr,
4523 &ett_lsa_trusted_domain_auth_information,
4524 &ett_lsa_auth_information
4527 proto_dcerpc_lsa = proto_register_protocol(
4528 "Microsoft Local Security Architecture", "LSA", "lsa");
4530 proto_register_field_array (proto_dcerpc_lsa, hf, array_length (hf));
4531 proto_register_subtree_array(ett, array_length(ett));
4534 /* Protocol handoff */
4536 static e_uuid_t uuid_dcerpc_lsa = {
4537 0x12345778, 0x1234, 0xabcd,
4538 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
4541 static guint16 ver_dcerpc_lsa = 0;
4544 proto_reg_handoff_dcerpc_lsa(void)
4546 /* Register protocol as dcerpc */
4548 dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
4549 ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum);