2 * Routines for SMB \PIPE\lsarpc packet disassembly
3 * Copyright 2001,2003 Tim Potter <tpot@samba.org>
4 * 2002 Added LSA command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-lsa.c,v 1.80 2003/05/21 10:39:19 sahlberg Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
37 #include "packet-dcerpc-lsa.h"
38 #include "packet-smb-common.h"
41 static int proto_dcerpc_lsa = -1;
43 static int hf_lsa_opnum = -1;
44 static int hf_lsa_rc = -1;
45 static int hf_lsa_hnd = -1;
46 static int hf_lsa_server = -1;
47 static int hf_lsa_controller = -1;
48 static int hf_lsa_obj_attr = -1;
49 static int hf_lsa_obj_attr_len = -1;
50 static int hf_lsa_obj_attr_name = -1;
51 static int hf_lsa_access_mask = -1;
52 static int hf_lsa_info_level = -1;
53 static int hf_lsa_trusted_info_level = -1;
54 static int hf_lsa_sd_size = -1;
55 static int hf_lsa_qos_len = -1;
56 static int hf_lsa_qos_impersonation_level = -1;
57 static int hf_lsa_qos_track_context = -1;
58 static int hf_lsa_qos_effective_only = -1;
59 static int hf_lsa_pali_percent_full = -1;
60 static int hf_lsa_pali_log_size = -1;
61 static int hf_lsa_pali_retention_period = -1;
62 static int hf_lsa_pali_time_to_shutdown = -1;
63 static int hf_lsa_pali_shutdown_in_progress = -1;
64 static int hf_lsa_pali_next_audit_record = -1;
65 static int hf_lsa_paei_enabled = -1;
66 static int hf_lsa_paei_settings = -1;
67 static int hf_lsa_count = -1;
68 static int hf_lsa_size = -1;
69 static int hf_lsa_size16 = -1;
70 static int hf_lsa_size_needed = -1;
71 static int hf_lsa_max_count = -1;
72 static int hf_lsa_index = -1;
73 static int hf_lsa_domain = -1;
74 static int hf_lsa_domain_sid = -1;
75 static int hf_lsa_acct = -1;
76 static int hf_lsa_server_role = -1;
77 static int hf_lsa_source = -1;
78 static int hf_lsa_quota_paged_pool = -1;
79 static int hf_lsa_quota_non_paged_pool = -1;
80 static int hf_lsa_quota_min_wss = -1;
81 static int hf_lsa_quota_max_wss = -1;
82 static int hf_lsa_quota_pagefile = -1;
83 static int hf_lsa_mod_seq_no = -1;
84 static int hf_lsa_mod_mtime = -1;
85 static int hf_lsa_cur_mtime = -1;
86 static int hf_lsa_old_mtime = -1;
87 static int hf_lsa_name = -1;
88 static int hf_lsa_key = -1;
89 static int hf_lsa_flat_name = -1;
90 static int hf_lsa_forest = -1;
91 static int hf_lsa_info_type = -1;
92 static int hf_lsa_old_pwd = -1;
93 static int hf_lsa_new_pwd = -1;
94 static int hf_lsa_sid_type = -1;
95 static int hf_lsa_rid = -1;
96 static int hf_lsa_rid_offset = -1;
97 static int hf_lsa_num_mapped = -1;
98 static int hf_lsa_policy_information_class = -1;
99 static int hf_lsa_secret = -1;
100 static int hf_nt_luid_high = -1;
101 static int hf_nt_luid_low = -1;
102 static int hf_lsa_privilege_name = -1;
103 static int hf_lsa_attr = -1;
104 static int hf_lsa_resume_handle = -1;
105 static int hf_lsa_trust_direction = -1;
106 static int hf_lsa_trust_type = -1;
107 static int hf_lsa_trust_attr = -1;
108 static int hf_lsa_trust_attr_non_trans = -1;
109 static int hf_lsa_trust_attr_uplevel_only = -1;
110 static int hf_lsa_trust_attr_tree_parent = -1;
111 static int hf_lsa_trust_attr_tree_root = -1;
112 static int hf_lsa_auth_update = -1;
113 static int hf_lsa_auth_type = -1;
114 static int hf_lsa_auth_len = -1;
115 static int hf_lsa_auth_blob = -1;
116 static int hf_lsa_rights = -1;
117 static int hf_lsa_remove_all = -1;
119 static int hf_lsa_unknown_hyper = -1;
120 static int hf_lsa_unknown_long = -1;
121 static int hf_lsa_unknown_short = -1;
122 static int hf_lsa_unknown_char = -1;
123 static int hf_lsa_unknown_string = -1;
124 #ifdef LSA_UNUSED_HANDLES
125 static int hf_lsa_unknown_time = -1;
129 static gint ett_dcerpc_lsa = -1;
130 static gint ett_lsa_OBJECT_ATTRIBUTES = -1;
131 static gint ett_LSA_SECURITY_DESCRIPTOR = -1;
132 static gint ett_lsa_policy_info = -1;
133 static gint ett_lsa_policy_audit_log_info = -1;
134 static gint ett_lsa_policy_audit_events_info = -1;
135 static gint ett_lsa_policy_primary_domain_info = -1;
136 static gint ett_lsa_policy_primary_account_info = -1;
137 static gint ett_lsa_policy_server_role_info = -1;
138 static gint ett_lsa_policy_replica_source_info = -1;
139 static gint ett_lsa_policy_default_quota_info = -1;
140 static gint ett_lsa_policy_modification_info = -1;
141 static gint ett_lsa_policy_audit_full_set_info = -1;
142 static gint ett_lsa_policy_audit_full_query_info = -1;
143 static gint ett_lsa_policy_dns_domain_info = -1;
144 static gint ett_lsa_translated_names = -1;
145 static gint ett_lsa_translated_name = -1;
146 static gint ett_lsa_referenced_domain_list = -1;
147 static gint ett_lsa_trust_information = -1;
148 static gint ett_lsa_trust_information_ex = -1;
149 static gint ett_LUID = -1;
150 static gint ett_LSA_PRIVILEGES = -1;
151 static gint ett_LSA_PRIVILEGE = -1;
152 static gint ett_LSA_LUID_AND_ATTRIBUTES_ARRAY = -1;
153 static gint ett_LSA_LUID_AND_ATTRIBUTES = -1;
154 static gint ett_LSA_TRUSTED_DOMAIN_LIST = -1;
155 static gint ett_LSA_TRUSTED_DOMAIN = -1;
156 static gint ett_LSA_TRANSLATED_SIDS = -1;
157 static gint ett_lsa_trusted_domain_info = -1;
158 static gint ett_lsa_trust_attr = -1;
159 static gint ett_lsa_trusted_domain_auth_information = -1;
160 static gint ett_lsa_auth_information = -1;
164 lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
165 packet_info *pinfo, proto_tree *tree,
170 di=pinfo->private_data;
171 if(di->conformant_run){
172 /*just a run to handle conformant arrays, nothing to dissect */
176 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
183 lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
184 packet_info *pinfo, proto_tree *tree,
189 di=pinfo->private_data;
190 if(di->conformant_run){
191 /*just a run to handle conformant arrays, nothing to dissect */
195 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
201 lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
202 packet_info *pinfo, proto_tree *tree,
207 di=pinfo->private_data;
208 if(di->conformant_run){
209 /*just a run to handle conformant arrays, nothing to dissect */
213 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
214 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
215 "DOMAIN pointer: ", di->hf_index);
221 lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
222 packet_info *pinfo, proto_tree *tree,
227 di=pinfo->private_data;
228 if(di->conformant_run){
229 /*just a run to handle conformant arrays, nothing to dissect */
233 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
240 lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
241 packet_info *pinfo, proto_tree *tree,
247 di=pinfo->private_data;
248 if(di->conformant_run){
249 /*just a run to handle conformant arrays, nothing to dissect */
253 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
254 hf_lsa_sd_size, &len);
255 proto_tree_add_item(tree, hf_lsa_secret, tvb, offset, len, FALSE);
261 lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
262 packet_info *pinfo, proto_tree *parent_tree,
265 proto_item *item=NULL;
266 proto_tree *tree=NULL;
267 int old_offset=offset;
270 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
272 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
275 /* XXX need to figure this one out */
276 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
277 hf_lsa_sd_size, NULL);
278 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
279 lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
280 "LSA SECRET data:", -1);
282 proto_item_set_len(item, offset-old_offset);
287 lsa_dissect_LSA_SECRET_pointer(tvbuff_t *tvb, int offset,
288 packet_info *pinfo, proto_tree *tree,
291 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
292 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
293 "LSA_SECRET pointer: data", -1);
298 /* Dissect LSA specific access rights */
300 static gint hf_view_local_info = -1;
301 static gint hf_view_audit_info = -1;
302 static gint hf_get_private_info = -1;
303 static gint hf_trust_admin = -1;
304 static gint hf_create_account = -1;
305 static gint hf_create_secret = -1;
306 static gint hf_create_priv = -1;
307 static gint hf_set_default_quota_limits = -1;
308 static gint hf_set_audit_requirements = -1;
309 static gint hf_server_admin = -1;
310 static gint hf_lookup_names = -1;
313 lsa_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree,
316 proto_tree_add_boolean(
317 tree, hf_lookup_names, tvb, offset, 4, access);
319 proto_tree_add_boolean(
320 tree, hf_server_admin, tvb, offset, 4, access);
322 proto_tree_add_boolean(
323 tree, hf_set_audit_requirements, tvb, offset, 4, access);
325 proto_tree_add_boolean(
326 tree, hf_set_default_quota_limits, tvb, offset, 4, access);
328 proto_tree_add_boolean(
329 tree, hf_create_priv, tvb, offset, 4, access);
331 proto_tree_add_boolean(
332 tree, hf_create_secret, tvb, offset, 4, access);
334 proto_tree_add_boolean(
335 tree, hf_create_account, tvb, offset, 4, access);
337 proto_tree_add_boolean(
338 tree, hf_trust_admin, tvb, offset, 4, access);
340 proto_tree_add_boolean(
341 tree, hf_get_private_info, tvb, offset, 4, access);
343 proto_tree_add_boolean(
344 tree, hf_view_audit_info, tvb, offset, 4, access);
346 proto_tree_add_boolean(
347 tree, hf_view_local_info, tvb, offset, 4, access);
350 struct access_mask_info lsa_access_mask_info = {
351 "LSA", /* Name of specific rights */
352 lsa_specific_rights, /* Dissection function */
353 NULL, /* Generic mapping table */
354 NULL /* Standard mapping table */
358 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
359 packet_info *pinfo, proto_tree *tree,
365 di=pinfo->private_data;
366 if(di->conformant_run){
367 /*just a run to handle conformant arrays, nothing to dissect */
371 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
372 hf_lsa_sd_size, &len);
375 tvb, offset, pinfo, tree, drep, len, &lsa_access_mask_info);
382 lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
383 packet_info *pinfo, proto_tree *parent_tree,
386 proto_item *item=NULL;
387 proto_tree *tree=NULL;
388 int old_offset=offset;
391 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
392 "LSA_SECURITY_DESCRIPTOR:");
393 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
396 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
397 hf_lsa_sd_size, NULL);
399 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
400 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
401 "LSA SECURITY DESCRIPTOR data:", -1);
403 proto_item_set_len(item, offset-old_offset);
408 lsa_dissect_LPSTR(tvbuff_t *tvb, int offset,
409 packet_info *pinfo, proto_tree *tree, char *drep)
411 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
412 hf_lsa_unknown_char, NULL);
417 static const value_string lsa_impersonation_level_vals[] = {
419 {1, "Identification"},
420 {2, "Impersonation"},
427 lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset,
428 packet_info *pinfo, proto_tree *tree, char *drep)
431 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
432 hf_lsa_qos_len, NULL);
434 /* impersonation level */
435 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
436 hf_lsa_qos_impersonation_level, NULL);
438 /* context tracking mode */
439 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
440 hf_lsa_qos_track_context, NULL);
443 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
444 hf_lsa_qos_effective_only, NULL);
450 lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
451 packet_info *pinfo, proto_tree *tree, char *drep)
453 offset = dissect_nt_access_mask(
454 tvb, offset, pinfo, tree, drep, hf_lsa_access_mask,
455 &lsa_access_mask_info);
461 lsa_dissect_LSA_HANDLE(tvbuff_t *tvb, int offset,
462 packet_info *pinfo, proto_tree *tree, char *drep)
464 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
465 hf_lsa_hnd, NULL, FALSE, FALSE);
471 lsa_dissect_LSA_HANDLE_open(tvbuff_t *tvb, int offset,
472 packet_info *pinfo, proto_tree *tree, char *drep)
474 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
475 hf_lsa_hnd, NULL, TRUE, FALSE);
481 lsa_dissect_LSA_HANDLE_close(tvbuff_t *tvb, int offset,
482 packet_info *pinfo, proto_tree *tree, char *drep)
484 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
485 hf_lsa_hnd, NULL, FALSE, TRUE);
492 lsa_dissect_LSA_OBJECT_ATTRIBUTES(tvbuff_t *tvb, int offset,
493 packet_info *pinfo, proto_tree *parent_tree, char *drep)
495 int old_offset=offset;
496 proto_item *item = NULL;
497 proto_tree *tree = NULL;
500 item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Object Attributes");
501 tree = proto_item_add_subtree(item, ett_lsa_OBJECT_ATTRIBUTES);
505 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
506 hf_lsa_obj_attr_len, NULL);
509 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
510 lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
511 "LSPTR pointer: ", -1);
514 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
515 lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
516 "NAME pointer: ", hf_lsa_obj_attr_name);
519 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
520 hf_lsa_obj_attr, NULL);
522 /* security descriptor */
523 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
524 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
525 "LSA_SECURITY_DESCRIPTOR pointer: ", -1);
527 /* security quality of service */
528 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
529 lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
530 "LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1);
532 proto_item_set_len(item, offset-old_offset);
537 lsa_dissect_lsaclose_rqst(tvbuff_t *tvb, int offset,
538 packet_info *pinfo, proto_tree *tree, char *drep)
540 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
541 lsa_dissect_LSA_HANDLE_close, NDR_POINTER_REF,
548 lsa_dissect_lsaclose_reply(tvbuff_t *tvb, int offset,
549 packet_info *pinfo, proto_tree *tree, char *drep)
551 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
552 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
555 offset = dissect_ntstatus(
556 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
561 /* A bug in the NT IDL for lsa openpolicy only stores the first (wide)
562 character of the server name which is always '\'. This is fixed in lsa
563 openpolicy2 but the function remains for backwards compatibility. */
565 static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
567 proto_tree *tree, char *drep)
569 return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
570 hf_lsa_server, NULL);
574 lsa_dissect_lsaopenpolicy_rqst(tvbuff_t *tvb, int offset,
575 packet_info *pinfo, proto_tree *tree, char *drep)
577 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
578 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
579 "Server:", hf_lsa_server);
581 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
582 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
583 "OBJECT_ATTRIBUTES", -1);
585 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
591 lsa_dissect_lsaopenpolicy_reply(tvbuff_t *tvb, int offset,
592 packet_info *pinfo, proto_tree *tree, char *drep)
594 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
595 lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
598 offset = dissect_ntstatus(
599 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
605 lsa_dissect_lsaopenpolicy2_rqst(tvbuff_t *tvb, int offset,
606 packet_info *pinfo, proto_tree *tree, char *drep)
608 offset = dissect_ndr_pointer_cb(tvb, offset, pinfo, tree, drep,
609 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Server",
610 hf_lsa_server, cb_wstr_postprocess,
611 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
613 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
614 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
615 "OBJECT_ATTRIBUTES", -1);
617 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
624 lsa_dissect_lsaopenpolicy2_reply(tvbuff_t *tvb, int offset,
625 packet_info *pinfo, proto_tree *tree, char *drep)
627 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
628 lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
631 offset = dissect_ntstatus(
632 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
637 static const value_string policy_information_class_vals[] = {
638 {1, "Audit Log Information"},
639 {2, "Audit Events Information"},
640 {3, "Primary Domain Information"},
641 {4, "Pd Account Information"},
642 {5, "Account Domain Information"},
643 {6, "Server Role Information"},
644 {7, "Replica Source Information"},
645 {8, "Default Quota Information"},
646 {9, "Modification Information"},
647 {10, "Audit Full Set Information"},
648 {11, "Audit Full Query Information"},
649 {12, "DNS Domain Information"},
654 lsa_dissect_lsaqueryinformationpolicy_rqst(tvbuff_t *tvb, int offset,
655 packet_info *pinfo, proto_tree *tree, char *drep)
659 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
660 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
663 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
664 hf_lsa_policy_information_class, &level);
666 if (check_col(pinfo->cinfo, COL_INFO))
668 pinfo->cinfo, COL_INFO, ", %s",
669 val_to_str(level, policy_information_class_vals,
676 lsa_dissect_POLICY_AUDIT_LOG_INFO(tvbuff_t *tvb, int offset,
677 packet_info *pinfo, proto_tree *parent_tree, char *drep)
679 proto_item *item=NULL;
680 proto_tree *tree=NULL;
681 int old_offset=offset;
684 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
685 "POLICY_AUDIT_LOG_INFO:");
686 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_log_info);
690 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
691 hf_lsa_pali_percent_full, NULL);
694 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
695 hf_lsa_pali_log_size, NULL);
697 /* retention period */
698 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
699 hf_lsa_pali_retention_period);
701 /* shutdown in progress */
702 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
703 hf_lsa_pali_shutdown_in_progress, NULL);
705 /* time to shutdown */
706 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
707 hf_lsa_pali_time_to_shutdown);
709 /* next audit record */
710 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
711 hf_lsa_pali_next_audit_record, NULL);
713 proto_item_set_len(item, offset-old_offset);
718 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings(tvbuff_t *tvb, int offset,
719 packet_info *pinfo, proto_tree *tree, char *drep)
721 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
722 hf_lsa_paei_settings, NULL);
727 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array(tvbuff_t *tvb, int offset,
728 packet_info *pinfo, proto_tree *tree, char *drep)
730 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
731 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings);
737 lsa_dissect_POLICY_AUDIT_EVENTS_INFO(tvbuff_t *tvb, int offset,
738 packet_info *pinfo, proto_tree *parent_tree, char *drep)
740 proto_item *item=NULL;
741 proto_tree *tree=NULL;
742 int old_offset=offset;
745 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
746 "POLICY_AUDIT_EVENTS_INFO:");
747 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_events_info);
751 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
752 hf_lsa_paei_enabled, NULL);
755 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
756 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array, NDR_POINTER_UNIQUE,
760 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
763 proto_item_set_len(item, offset-old_offset);
769 lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(tvbuff_t *tvb, int offset,
770 packet_info *pinfo, proto_tree *parent_tree, char *drep)
772 proto_item *item=NULL;
773 proto_tree *tree=NULL;
774 int old_offset=offset;
777 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
778 "POLICY_PRIMARY_DOMAIN_INFO:");
779 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_domain_info);
783 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
787 offset = dissect_ndr_nt_PSID(tvb, offset,
788 pinfo, tree, drep, hf_lsa_domain_sid);
790 proto_item_set_len(item, offset-old_offset);
796 lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(tvbuff_t *tvb, int offset,
797 packet_info *pinfo, proto_tree *parent_tree, char *drep)
799 proto_item *item=NULL;
800 proto_tree *tree=NULL;
801 int old_offset=offset;
804 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
805 "POLICY_ACCOUNT_DOMAIN_INFO:");
806 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_account_info);
810 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
814 offset = dissect_ndr_nt_PSID(tvb, offset,
815 pinfo, tree, drep, -1);
817 proto_item_set_len(item, offset-old_offset);
822 static const value_string server_role_vals[] = {
824 {1, "Domain Member"},
830 lsa_dissect_POLICY_SERVER_ROLE_INFO(tvbuff_t *tvb, int offset,
831 packet_info *pinfo, proto_tree *parent_tree, char *drep)
833 proto_item *item=NULL;
834 proto_tree *tree=NULL;
835 int old_offset=offset;
838 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
839 "POLICY_SERVER_ROLE_INFO:");
840 tree = proto_item_add_subtree(item, ett_lsa_policy_server_role_info);
844 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
845 hf_lsa_server_role, NULL);
847 proto_item_set_len(item, offset-old_offset);
852 lsa_dissect_POLICY_REPLICA_SOURCE_INFO(tvbuff_t *tvb, int offset,
853 packet_info *pinfo, proto_tree *parent_tree, char *drep)
855 proto_item *item=NULL;
856 proto_tree *tree=NULL;
857 int old_offset=offset;
860 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
861 "POLICY_REPLICA_SOURCE_INFO:");
862 tree = proto_item_add_subtree(item, ett_lsa_policy_replica_source_info);
866 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
870 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
873 proto_item_set_len(item, offset-old_offset);
879 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(tvbuff_t *tvb, int offset,
880 packet_info *pinfo, proto_tree *parent_tree, char *drep)
882 proto_item *item=NULL;
883 proto_tree *tree=NULL;
884 int old_offset=offset;
887 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
888 "POLICY_DEFAULT_QUOTA_INFO:");
889 tree = proto_item_add_subtree(item, ett_lsa_policy_default_quota_info);
893 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
894 hf_lsa_quota_paged_pool, NULL);
897 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
898 hf_lsa_quota_non_paged_pool, NULL);
901 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
902 hf_lsa_quota_min_wss, NULL);
905 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
906 hf_lsa_quota_max_wss, NULL);
909 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
910 hf_lsa_quota_pagefile, NULL);
913 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
914 hf_lsa_unknown_hyper, NULL);
916 proto_item_set_len(item, offset-old_offset);
922 lsa_dissect_POLICY_MODIFICATION_INFO(tvbuff_t *tvb, int offset,
923 packet_info *pinfo, proto_tree *parent_tree, char *drep)
925 proto_item *item=NULL;
926 proto_tree *tree=NULL;
927 int old_offset=offset;
930 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
931 "POLICY_MODIFICATION_INFO:");
932 tree = proto_item_add_subtree(item, ett_lsa_policy_modification_info);
936 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
937 hf_lsa_mod_seq_no, NULL);
940 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
943 proto_item_set_len(item, offset-old_offset);
949 lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(tvbuff_t *tvb, int offset,
950 packet_info *pinfo, proto_tree *parent_tree, char *drep)
952 proto_item *item=NULL;
953 proto_tree *tree=NULL;
954 int old_offset=offset;
957 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
958 "POLICY_AUDIT_FULL_SET_INFO:");
959 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_set_info);
963 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
964 hf_lsa_unknown_char, NULL);
966 proto_item_set_len(item, offset-old_offset);
972 lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(tvbuff_t *tvb, int offset,
973 packet_info *pinfo, proto_tree *parent_tree, char *drep)
975 proto_item *item=NULL;
976 proto_tree *tree=NULL;
977 int old_offset=offset;
980 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
981 "POLICY_AUDIT_FULL_QUERY_INFO:");
982 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_query_info);
986 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
987 hf_lsa_unknown_char, NULL);
990 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
991 hf_lsa_unknown_char, NULL);
993 proto_item_set_len(item, offset-old_offset);
999 lsa_dissect_POLICY_DNS_DOMAIN_INFO(tvbuff_t *tvb, int offset,
1000 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1002 proto_item *item=NULL;
1003 proto_tree *tree=NULL;
1004 int old_offset=offset;
1007 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1008 "POLICY_DNS_DOMAIN_INFO:");
1009 tree = proto_item_add_subtree(item, ett_lsa_policy_dns_domain_info);
1013 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1017 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1021 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1025 offset = dissect_nt_GUID(tvb, offset,
1029 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep, -1);
1031 proto_item_set_len(item, offset-old_offset);
1036 lsa_dissect_POLICY_INFORMATION(tvbuff_t *tvb, int offset,
1037 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1039 proto_item *item=NULL;
1040 proto_tree *tree=NULL;
1041 int old_offset=offset;
1045 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1047 tree = proto_item_add_subtree(item, ett_lsa_policy_info);
1050 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1051 hf_lsa_info_level, &level);
1053 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
1056 offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
1057 tvb, offset, pinfo, tree, drep);
1060 offset = lsa_dissect_POLICY_AUDIT_EVENTS_INFO(
1061 tvb, offset, pinfo, tree, drep);
1064 offset = lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(
1065 tvb, offset, pinfo, tree, drep);
1068 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1069 tree, drep, hf_lsa_acct, 0);
1072 offset = lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(
1073 tvb, offset, pinfo, tree, drep);
1076 offset = lsa_dissect_POLICY_SERVER_ROLE_INFO(
1077 tvb, offset, pinfo, tree, drep);
1080 offset = lsa_dissect_POLICY_REPLICA_SOURCE_INFO(
1081 tvb, offset, pinfo, tree, drep);
1084 offset = lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(
1085 tvb, offset, pinfo, tree, drep);
1088 offset = lsa_dissect_POLICY_MODIFICATION_INFO(
1089 tvb, offset, pinfo, tree, drep);
1092 offset = lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(
1093 tvb, offset, pinfo, tree, drep);
1096 offset = lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(
1097 tvb, offset, pinfo, tree, drep);
1100 offset = lsa_dissect_POLICY_DNS_DOMAIN_INFO(
1101 tvb, offset, pinfo, tree, drep);
1105 proto_item_set_len(item, offset-old_offset);
1110 lsa_dissect_lsaqueryinformationpolicy_reply(tvbuff_t *tvb, int offset,
1111 packet_info *pinfo, proto_tree *tree, char *drep)
1113 /* This is really a pointer to a pointer though the first level is REF
1114 so we just ignore that one */
1115 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1116 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
1117 "POLICY_INFORMATION pointer: info", -1);
1119 offset = dissect_ntstatus(
1120 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1126 lsa_dissect_lsadelete_rqst(tvbuff_t *tvb, int offset,
1127 packet_info *pinfo, proto_tree *tree, char *drep)
1129 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1130 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
1137 lsa_dissect_lsadelete_reply(tvbuff_t *tvb, int offset,
1138 packet_info *pinfo, proto_tree *tree, char *drep)
1140 offset = dissect_ntstatus(
1141 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1148 lsa_dissect_lsaquerysecurityobject_rqst(tvbuff_t *tvb, int offset,
1149 packet_info *pinfo, proto_tree *tree, char *drep)
1151 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1154 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1155 hf_lsa_info_type, NULL);
1162 lsa_dissect_lsaquerysecurityobject_reply(tvbuff_t *tvb, int offset,
1163 packet_info *pinfo, proto_tree *tree, char *drep)
1165 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1166 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
1167 "LSA_SECURITY_DESCRIPTOR pointer: sec_info", -1);
1169 offset = dissect_ntstatus(
1170 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1177 lsa_dissect_lsasetsecurityobject_rqst(tvbuff_t *tvb, int offset,
1178 packet_info *pinfo, proto_tree *tree, char *drep)
1180 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1183 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1184 hf_lsa_info_type, NULL);
1186 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1187 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
1188 "LSA_SECURITY_DESCRIPTOR: sec_info", -1);
1194 lsa_dissect_lsasetsecurityobject_reply(tvbuff_t *tvb, int offset,
1195 packet_info *pinfo, proto_tree *tree, char *drep)
1197 offset = dissect_ntstatus(
1198 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1205 lsa_dissect_lsachangepassword_rqst(tvbuff_t *tvb, int offset,
1206 packet_info *pinfo, proto_tree *tree, char *drep)
1209 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1213 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1217 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1221 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1225 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1232 lsa_dissect_lsachangepassword_reply(tvbuff_t *tvb, int offset,
1233 packet_info *pinfo, proto_tree *tree, char *drep)
1235 offset = dissect_ntstatus(
1236 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1241 static const value_string sid_type_vals[] = {
1246 {5, "Well Known Group"},
1247 {6, "Deleted Account"},
1254 lsa_dissect_LSA_TRANSLATED_NAME(tvbuff_t *tvb, int offset,
1255 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1257 proto_item *item=NULL;
1258 proto_tree *tree=NULL;
1259 int old_offset=offset;
1262 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1263 "LSA_TRANSLATED_NAME:");
1264 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
1268 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1269 hf_lsa_sid_type, NULL);
1272 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1276 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1277 hf_lsa_index, NULL);
1279 proto_item_set_len(item, offset-old_offset);
1284 lsa_dissect_LSA_TRANSLATED_NAME_array(tvbuff_t *tvb, int offset,
1285 packet_info *pinfo, proto_tree *tree, char *drep)
1287 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1288 lsa_dissect_LSA_TRANSLATED_NAME);
1294 lsa_dissect_LSA_TRANSLATED_NAMES(tvbuff_t *tvb, int offset,
1295 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1297 proto_item *item=NULL;
1298 proto_tree *tree=NULL;
1299 int old_offset=offset;
1302 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1303 "LSA_TRANSLATED_NAMES:");
1304 tree = proto_item_add_subtree(item, ett_lsa_translated_names);
1308 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1309 hf_lsa_count, NULL);
1312 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1313 lsa_dissect_LSA_TRANSLATED_NAME_array, NDR_POINTER_UNIQUE,
1314 "TRANSLATED_NAME_ARRAY", -1);
1316 proto_item_set_len(item, offset-old_offset);
1322 lsa_dissect_lsalookupsids_rqst(tvbuff_t *tvb, int offset,
1323 packet_info *pinfo, proto_tree *tree, char *drep)
1325 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1328 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1329 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
1332 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1333 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1334 "LSA_TRANSLATED_NAMES pointer: names", -1);
1336 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1337 hf_lsa_info_level, NULL);
1339 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1340 hf_lsa_num_mapped, NULL);
1346 lsa_dissect_LSA_TRUST_INFORMATION(tvbuff_t *tvb, int offset,
1347 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1349 proto_item *item=NULL;
1350 proto_tree *tree=NULL;
1351 int old_offset=offset;
1354 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1355 "TRUST INFORMATION:");
1356 tree = proto_item_add_subtree(item, ett_lsa_trust_information);
1360 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1364 offset = dissect_ndr_nt_PSID(tvb, offset,
1365 pinfo, tree, drep, -1);
1367 proto_item_set_len(item, offset-old_offset);
1371 static const value_string trusted_direction_vals[] = {
1372 {0, "Trust disabled"},
1373 {1, "Inbound trust"},
1374 {2, "Outbound trust"},
1378 static const value_string trusted_type_vals[] = {
1386 static const true_false_string tfs_trust_attr_non_trans = {
1387 "NON TRANSITIVE is set",
1388 "Non transitive is NOT set"
1390 static const true_false_string tfs_trust_attr_uplevel_only = {
1391 "UPLEVEL ONLY is set",
1392 "Uplevel only is NOT set"
1394 static const true_false_string tfs_trust_attr_tree_parent = {
1395 "TREE PARENT is set",
1396 "Tree parent is NOT set"
1398 static const true_false_string tfs_trust_attr_tree_root = {
1400 "Tree root is NOT set"
1403 lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
1404 proto_tree *parent_tree, char *drep)
1407 proto_item *item = NULL;
1408 proto_tree *tree = NULL;
1410 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
1411 hf_lsa_trust_attr, &mask);
1414 item = proto_tree_add_uint(parent_tree, hf_lsa_trust_attr,
1415 tvb, offset-4, 4, mask);
1416 tree = proto_item_add_subtree(item, ett_lsa_trust_attr);
1419 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_root,
1420 tvb, offset-4, 4, mask);
1421 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_parent,
1422 tvb, offset-4, 4, mask);
1423 proto_tree_add_boolean(tree, hf_lsa_trust_attr_uplevel_only,
1424 tvb, offset-4, 4, mask);
1425 proto_tree_add_boolean(tree, hf_lsa_trust_attr_non_trans,
1426 tvb, offset-4, 4, mask);
1432 lsa_dissect_LSA_TRUST_INFORMATION_EX(tvbuff_t *tvb, int offset,
1433 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1435 proto_item *item=NULL;
1436 proto_tree *tree=NULL;
1437 int old_offset=offset;
1440 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1441 "TRUST INFORMATION EX:");
1442 tree = proto_item_add_subtree(item, ett_lsa_trust_information_ex);
1446 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1450 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1451 hf_lsa_flat_name, 0);
1454 offset = dissect_ndr_nt_PSID(tvb, offset,
1455 pinfo, tree, drep, -1);
1458 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1459 hf_lsa_trust_direction, NULL);
1462 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1463 hf_lsa_trust_type, NULL);
1466 offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
1468 proto_item_set_len(item, offset-old_offset);
1473 lsa_dissect_auth_info_blob(tvbuff_t *tvb, int offset,
1474 packet_info *pinfo, proto_tree *tree, char *drep)
1479 di=pinfo->private_data;
1480 if(di->conformant_run){
1481 /*just a run to handle conformant arrays, nothing to dissect */
1486 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1487 hf_lsa_auth_len, &len);
1489 proto_tree_add_item(tree, hf_lsa_auth_blob, tvb, offset, len, FALSE);
1496 lsa_dissect_auth_info(tvbuff_t *tvb, int offset,
1497 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1499 proto_item *item=NULL;
1500 proto_tree *tree=NULL;
1501 int old_offset=offset;
1504 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1505 "AUTH INFORMATION:");
1506 tree = proto_item_add_subtree(item, ett_lsa_auth_information);
1510 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1511 hf_lsa_auth_update, NULL);
1514 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1515 hf_lsa_auth_type, NULL);
1518 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1519 hf_lsa_auth_len, NULL);
1521 /* auth info blob */
1522 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1523 lsa_dissect_auth_info_blob, NDR_POINTER_UNIQUE,
1524 "AUTH INFO blob:", -1);
1526 proto_item_set_len(item, offset-old_offset);
1531 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvbuff_t *tvb, int offset,
1532 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1534 proto_item *item=NULL;
1535 proto_tree *tree=NULL;
1536 int old_offset=offset;
1539 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1540 "TRUSTED DOMAIN AUTH INFORMATION:");
1541 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_auth_information);
1545 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1546 hf_lsa_unknown_long, NULL);
1549 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1552 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1555 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1556 hf_lsa_unknown_long, NULL);
1559 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1562 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1564 proto_item_set_len(item, offset-old_offset);
1570 lsa_dissect_LSA_TRUST_INFORMATION_array(tvbuff_t *tvb, int offset,
1571 packet_info *pinfo, proto_tree *tree, char *drep)
1573 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1574 lsa_dissect_LSA_TRUST_INFORMATION);
1580 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
1581 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1583 proto_item *item=NULL;
1584 proto_tree *tree=NULL;
1585 int old_offset=offset;
1588 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1589 "LSA_REFERENCED_DOMAIN_LIST:");
1590 tree = proto_item_add_subtree(item, ett_lsa_referenced_domain_list);
1594 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1595 hf_lsa_count, NULL);
1597 /* trust information */
1598 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1599 lsa_dissect_LSA_TRUST_INFORMATION_array, NDR_POINTER_UNIQUE,
1600 "TRUST INFORMATION array:", -1);
1603 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1604 hf_lsa_max_count, NULL);
1606 proto_item_set_len(item, offset-old_offset);
1611 lsa_dissect_lsalookupsids_reply(tvbuff_t *tvb, int offset,
1612 packet_info *pinfo, proto_tree *tree, char *drep)
1614 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1615 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
1616 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
1618 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1619 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1620 "LSA_TRANSLATED_NAMES pointer: names", -1);
1622 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1623 hf_lsa_num_mapped, NULL);
1625 offset = dissect_ntstatus(
1626 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1633 lsa_dissect_lsasetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1634 packet_info *pinfo, proto_tree *tree, char *drep)
1636 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1639 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1640 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1641 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1648 lsa_dissect_lsasetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1649 packet_info *pinfo, proto_tree *tree, char *drep)
1651 offset = dissect_ntstatus(
1652 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1659 lsa_dissect_lsagetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1660 packet_info *pinfo, proto_tree *tree, char *drep)
1662 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1670 lsa_dissect_lsagetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1671 packet_info *pinfo, proto_tree *tree, char *drep)
1673 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1674 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1675 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1677 offset = dissect_ntstatus(
1678 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1685 lsa_dissect_lsasetinformationpolicy_rqst(tvbuff_t *tvb, int offset,
1686 packet_info *pinfo, proto_tree *tree, char *drep)
1688 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1691 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1692 hf_lsa_policy_information_class, NULL);
1694 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1695 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
1696 "POLICY_INFORMATION pointer: info", -1);
1703 lsa_dissect_lsasetinformationpolicy_reply(tvbuff_t *tvb, int offset,
1704 packet_info *pinfo, proto_tree *tree, char *drep)
1706 offset = dissect_ntstatus(
1707 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1714 lsa_dissect_lsaclearauditlog_rqst(tvbuff_t *tvb, int offset,
1715 packet_info *pinfo, proto_tree *tree, char *drep)
1717 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1720 offset = dissect_ndr_nt_SID(tvb, offset,
1721 pinfo, tree, drep, -1);
1724 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1725 hf_lsa_unknown_long, NULL);
1732 lsa_dissect_lsaclearauditlog_reply(tvbuff_t *tvb, int offset,
1733 packet_info *pinfo, proto_tree *tree, char *drep)
1735 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1738 offset = dissect_ntstatus(
1739 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1745 lsa_dissect_lsagetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1746 packet_info *pinfo, proto_tree *tree, char *drep)
1748 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1756 lsa_dissect_lsagetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1757 packet_info *pinfo, proto_tree *tree, char *drep)
1759 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1762 offset = dissect_ntstatus(
1763 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1770 lsa_dissect_lsasetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1771 packet_info *pinfo, proto_tree *tree, char *drep)
1773 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1776 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1784 lsa_dissect_lsasetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1785 packet_info *pinfo, proto_tree *tree, char *drep)
1787 offset = dissect_ntstatus(
1788 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1795 lsa_dissect_lsaopentrusteddomain_rqst(tvbuff_t *tvb, int offset,
1796 packet_info *pinfo, proto_tree *tree, char *drep)
1798 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1801 offset = dissect_ndr_nt_SID(tvb, offset,
1802 pinfo, tree, drep, -1);
1804 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
1812 lsa_dissect_lsaopentrusteddomain_reply(tvbuff_t *tvb, int offset,
1813 packet_info *pinfo, proto_tree *tree, char *drep)
1815 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1818 offset = dissect_ntstatus(
1819 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1826 lsa_dissect_lsadeletetrusteddomain_rqst(tvbuff_t *tvb, int offset,
1827 packet_info *pinfo, proto_tree *tree, char *drep)
1829 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1832 offset = dissect_ndr_nt_SID(tvb, offset,
1833 pinfo, tree, drep, -1);
1840 lsa_dissect_lsadeletetrusteddomain_reply(tvbuff_t *tvb, int offset,
1841 packet_info *pinfo, proto_tree *tree, char *drep)
1843 offset = dissect_ntstatus(
1844 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1850 dissect_nt_LUID(tvbuff_t *tvb, int offset,
1851 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1853 proto_item *item=NULL;
1854 proto_tree *tree=NULL;
1855 int old_offset=offset;
1858 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1860 tree = proto_item_add_subtree(item, ett_LUID);
1863 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1864 hf_nt_luid_low, NULL);
1866 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1867 hf_nt_luid_high, NULL);
1869 proto_item_set_len(item, offset-old_offset);
1874 lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset,
1875 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1877 proto_item *item=NULL;
1878 proto_tree *tree=NULL;
1879 int old_offset=offset;
1882 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1884 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
1887 /* privilege name */
1888 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1889 hf_lsa_privilege_name, 0);
1892 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1894 proto_item_set_len(item, offset-old_offset);
1899 lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset,
1900 packet_info *pinfo, proto_tree *tree, char *drep)
1902 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1903 lsa_dissect_LSA_PRIVILEGE);
1909 lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset,
1910 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1912 proto_item *item=NULL;
1913 proto_tree *tree=NULL;
1914 int old_offset=offset;
1917 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1919 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES);
1922 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1923 hf_lsa_count, NULL);
1926 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1927 lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE,
1928 "LSA_PRIVILEGE array:", -1);
1930 proto_item_set_len(item, offset-old_offset);
1935 lsa_dissect_lsaenumerateprivileges_rqst(tvbuff_t *tvb, int offset,
1936 packet_info *pinfo, proto_tree *tree, char *drep)
1938 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1941 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1942 hf_lsa_count, NULL);
1944 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1951 lsa_dissect_lsaenumerateprivileges_reply(tvbuff_t *tvb, int offset,
1952 packet_info *pinfo, proto_tree *tree, char *drep)
1954 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1955 hf_lsa_count, NULL);
1957 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1958 lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF,
1959 "LSA_PRIVILEGES pointer: privs", -1);
1961 offset = dissect_ntstatus(
1962 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1968 lsa_dissect_lsalookupprivilegevalue_rqst(tvbuff_t *tvb, int offset,
1969 packet_info *pinfo, proto_tree *tree, char *drep)
1971 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1974 /* privilege name */
1975 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1976 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1977 "NAME pointer: ", hf_lsa_privilege_name);
1984 lsa_dissect_lsalookupprivilegevalue_reply(tvbuff_t *tvb, int offset,
1985 packet_info *pinfo, proto_tree *tree, char *drep)
1989 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1991 offset = dissect_ntstatus(
1992 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1999 lsa_dissect_lsalookupprivilegename_rqst(tvbuff_t *tvb, int offset,
2000 packet_info *pinfo, proto_tree *tree, char *drep)
2002 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2006 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2007 dissect_nt_LUID, NDR_POINTER_REF,
2008 "LUID pointer: value", -1);
2015 lsa_dissect_lsalookupprivilegename_reply(tvbuff_t *tvb, int offset,
2016 packet_info *pinfo, proto_tree *tree, char *drep)
2018 /* [out, ref] LSA_UNICODE_STRING **name */
2019 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2020 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2021 "PRIVILEGE NAME pointer:", hf_lsa_privilege_name);
2023 offset = dissect_ntstatus(
2024 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2031 lsa_dissect_lsaenumerateprivilegesaccount_rqst(tvbuff_t *tvb, int offset,
2032 packet_info *pinfo, proto_tree *tree, char *drep)
2034 /* [in] LSA_HANDLE hnd */
2035 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2043 lsa_dissect_LUID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
2044 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2046 proto_item *item=NULL;
2047 proto_tree *tree=NULL;
2048 int old_offset=offset;
2051 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2052 "LUID_AND_ATTRIBUTES:");
2053 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES);
2057 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
2060 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2063 proto_item_set_len(item, offset-old_offset);
2068 lsa_dissect_LUID_AND_ATTRIBUTES_array(tvbuff_t *tvb, int offset,
2069 packet_info *pinfo, proto_tree *tree, char *drep)
2071 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2072 lsa_dissect_LUID_AND_ATTRIBUTES);
2078 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2079 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2081 proto_item *item=NULL;
2082 proto_tree *tree=NULL;
2083 int old_offset=offset;
2086 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2087 "LUID_AND_ATTRIBUTES_ARRAY:");
2088 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES_ARRAY);
2091 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2092 hf_lsa_count, NULL);
2094 /* luid and attributes */
2095 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2096 lsa_dissect_LUID_AND_ATTRIBUTES_array, NDR_POINTER_UNIQUE,
2097 "LUID_AND_ATTRIBUTES array:", -1);
2099 proto_item_set_len(item, offset-old_offset);
2104 lsa_dissect_lsaenumerateprivilegesaccount_reply(tvbuff_t *tvb, int offset,
2105 packet_info *pinfo, proto_tree *tree, char *drep)
2107 /* [out, ref] LUID_AND_ATTRIBUTES_ARRAY * *privs */
2108 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2109 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2110 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2112 offset = dissect_ntstatus(
2113 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2119 lsa_dissect_lsaaddprivilegestoaccount_rqst(tvbuff_t *tvb, int offset,
2120 packet_info *pinfo, proto_tree *tree, char *drep)
2122 /* [in] LSA_HANDLE hnd */
2123 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2126 /* [in, ref] LUID_AND_ATTRIBUTES_ARRAY *privs */
2127 offset = lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvb, offset,
2135 lsa_dissect_lsaaddprivilegestoaccount_reply(tvbuff_t *tvb, int offset,
2136 packet_info *pinfo, proto_tree *tree, char *drep)
2138 offset = dissect_ntstatus(
2139 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2145 lsa_dissect_lsaremoveprivilegesfromaccount_rqst(tvbuff_t *tvb, int offset,
2146 packet_info *pinfo, proto_tree *tree, char *drep)
2148 /* [in] LSA_HANDLE hnd */
2149 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2152 /* [in] char unknown */
2153 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2154 hf_lsa_unknown_char, NULL);
2156 /* [in, unique] LUID_AND_ATTRIBUTES_ARRAY *privs */
2157 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2158 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2159 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2166 lsa_dissect_lsaremoveprivilegesfromaccount_reply(tvbuff_t *tvb, int offset,
2167 packet_info *pinfo, proto_tree *tree, char *drep)
2169 offset = dissect_ntstatus(
2170 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2176 lsa_dissect_lsaenumerateaccounts_rqst(tvbuff_t *tvb, int offset,
2177 packet_info *pinfo, proto_tree *tree, char *drep)
2179 /* [in] LSA_HANDLE hnd */
2180 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2183 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2184 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2185 hf_lsa_resume_handle, NULL);
2187 /* [in] ULONG pref_maxlen */
2188 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2189 hf_lsa_max_count, NULL);
2195 lsa_dissect_lsaenumerateaccounts_reply(tvbuff_t *tvb, int offset,
2196 packet_info *pinfo, proto_tree *tree, char *drep)
2198 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2199 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2200 hf_lsa_resume_handle, NULL);
2202 /* [out, ref] PSID_ARRAY **accounts */
2203 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2204 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2207 offset = dissect_ntstatus(
2208 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2214 lsa_dissect_lsacreatetrusteddomain_rqst(tvbuff_t *tvb, int offset,
2215 packet_info *pinfo, proto_tree *tree, char *drep)
2217 /* [in] LSA_HANDLE hnd_pol */
2218 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2221 /* [in, ref] LSA_TRUST_INFORMATION *domain */
2222 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2223 lsa_dissect_LSA_TRUST_INFORMATION, NDR_POINTER_REF,
2224 "LSA_TRUST_INFORMATION pointer: domain", -1);
2226 /* [in] ACCESS_MASK access */
2227 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2234 lsa_dissect_lsacreatetrusteddomain_reply(tvbuff_t *tvb, int offset,
2235 packet_info *pinfo, proto_tree *tree, char *drep)
2237 /* [out] LSA_HANDLE *hnd */
2238 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2241 offset = dissect_ntstatus(
2242 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2248 lsa_dissect_lsaenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
2249 packet_info *pinfo, proto_tree *tree, char *drep)
2251 /* [in] LSA_HANDLE hnd */
2252 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2255 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2256 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2257 hf_lsa_resume_handle, NULL);
2259 /* [in] ULONG pref_maxlen */
2260 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2261 hf_lsa_max_count, NULL);
2267 lsa_dissect_LSA_TRUSTED_DOMAIN(tvbuff_t *tvb, int offset,
2268 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2270 proto_item *item=NULL;
2271 proto_tree *tree=NULL;
2272 int old_offset=offset;
2275 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2277 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN);
2281 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2285 offset = dissect_ndr_nt_PSID(tvb, offset,
2286 pinfo, tree, drep, -1);
2288 proto_item_set_len(item, offset-old_offset);
2293 lsa_dissect_LSA_TRUSTED_DOMAIN_array(tvbuff_t *tvb, int offset,
2294 packet_info *pinfo, proto_tree *tree, char *drep)
2296 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2297 lsa_dissect_LSA_TRUSTED_DOMAIN);
2303 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
2304 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2306 proto_item *item=NULL;
2307 proto_tree *tree=NULL;
2308 int old_offset=offset;
2311 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2312 "TRUSTED_DOMAIN_LIST:");
2313 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN_LIST);
2316 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2317 hf_lsa_count, NULL);
2320 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2321 lsa_dissect_LSA_TRUSTED_DOMAIN_array, NDR_POINTER_UNIQUE,
2322 "TRUSTED_DOMAIN array:", -1);
2324 proto_item_set_len(item, offset-old_offset);
2329 lsa_dissect_lsaenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
2330 packet_info *pinfo, proto_tree *tree, char *drep)
2332 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2333 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2334 hf_lsa_resume_handle, NULL);
2336 /* [out, ref] LSA_REFERENCED_DOMAIN_LIST *domains */
2337 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2338 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST, NDR_POINTER_REF,
2339 "LSA_TRUSTED_DOMAIN_LIST pointer: domains", -1);
2341 offset = dissect_ntstatus(
2342 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2349 lsa_dissect_LSA_UNICODE_STRING_item(tvbuff_t *tvb, int offset,
2350 packet_info *pinfo, proto_tree *tree, char *drep)
2354 di=pinfo->private_data;
2355 if(di->conformant_run){
2356 /*just a run to handle conformant arrays, nothing to dissect */
2360 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2367 lsa_dissect_LSA_UNICODE_STRING_array(tvbuff_t *tvb, int offset,
2368 packet_info *pinfo, proto_tree *tree, char *drep)
2370 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2371 lsa_dissect_LSA_UNICODE_STRING_item);
2377 lsa_dissect_LSA_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
2378 packet_info *pinfo, proto_tree *tree, char *drep)
2382 di=pinfo->private_data;
2384 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2385 hf_lsa_count, NULL);
2386 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2387 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2388 "UNICODE_STRING pointer: ", di->hf_index);
2394 lsa_dissect_LSA_TRANSLATED_SID(tvbuff_t *tvb, int offset,
2395 packet_info *pinfo, proto_tree *tree, char *drep)
2398 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2399 hf_lsa_sid_type, NULL);
2401 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2404 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2405 hf_lsa_index, NULL);
2411 lsa_dissect_LSA_TRANSLATED_SIDS_array(tvbuff_t *tvb, int offset,
2412 packet_info *pinfo, proto_tree *tree, char *drep)
2414 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2415 lsa_dissect_LSA_TRANSLATED_SID);
2421 lsa_dissect_LSA_TRANSLATED_SIDS(tvbuff_t *tvb, int offset,
2422 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2424 proto_item *item=NULL;
2425 proto_tree *tree=NULL;
2426 int old_offset=offset;
2429 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2430 "LSA_TRANSLATED_SIDS:");
2431 tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
2435 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2436 hf_lsa_count, NULL);
2439 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2440 lsa_dissect_LSA_TRANSLATED_SIDS_array, NDR_POINTER_UNIQUE,
2441 "Translated SIDS", -1);
2443 proto_item_set_len(item, offset-old_offset);
2448 lsa_dissect_lsalookupnames_rqst(tvbuff_t *tvb, int offset,
2449 packet_info *pinfo, proto_tree *tree, char *drep)
2451 /* [in] LSA_HANDLE hnd */
2452 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2455 /* [in] ULONG count */
2456 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2457 hf_lsa_count, NULL);
2459 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
2460 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2461 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
2462 "Account pointer: names", hf_lsa_acct);
2464 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2465 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2466 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2467 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2469 /* [in] USHORT level */
2470 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2471 hf_lsa_info_level, NULL);
2473 /* [in, out, ref] ULONG *num_mapped */
2474 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2475 hf_lsa_num_mapped, NULL);
2482 lsa_dissect_lsalookupnames_reply(tvbuff_t *tvb, int offset,
2483 packet_info *pinfo, proto_tree *tree, char *drep)
2485 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
2486 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2487 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
2488 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
2490 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2491 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2492 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2493 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2495 /* [in, out, ref] ULONG *num_mapped */
2496 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2497 hf_lsa_num_mapped, NULL);
2499 offset = dissect_ntstatus(
2500 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2506 lsa_dissect_lsacreatesecret_rqst(tvbuff_t *tvb, int offset,
2507 packet_info *pinfo, proto_tree *tree, char *drep)
2509 /* [in] LSA_HANDLE hnd_pol */
2510 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2513 /* [in, ref] LSA_UNICODE_STRING *name */
2514 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2517 /* [in] ACCESS_MASK access */
2518 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2525 lsa_dissect_lsacreatesecret_reply(tvbuff_t *tvb, int offset,
2526 packet_info *pinfo, proto_tree *tree, char *drep)
2529 /* [out] LSA_HANDLE *hnd */
2530 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2533 offset = dissect_ntstatus(
2534 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2540 lsa_dissect_lsaopenaccount_rqst(tvbuff_t *tvb, int offset,
2541 packet_info *pinfo, proto_tree *tree, char *drep)
2543 /* [in] LSA_HANDLE hnd_pol */
2544 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2547 /* [in, ref] SID *account */
2548 offset = dissect_ndr_nt_SID(tvb, offset,
2549 pinfo, tree, drep, -1);
2551 /* [in] ACCESS_MASK access */
2552 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2560 lsa_dissect_lsaopenaccount_reply(tvbuff_t *tvb, int offset,
2561 packet_info *pinfo, proto_tree *tree, char *drep)
2563 /* [out] LSA_HANDLE *hnd */
2564 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2567 offset = dissect_ntstatus(
2568 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2573 static const value_string trusted_info_level_vals[] = {
2574 {1, "Domain Name Information"},
2575 {2, "Controllers Information"},
2576 {3, "Posix Offset Information"},
2577 {4, "Password Information"},
2578 {5, "Domain Information Basic"},
2579 {6, "Domain Information Ex"},
2580 {7, "Domain Auth Information"},
2581 {8, "Domain Full Information"},
2582 {9, "Domain Security Descriptor"},
2583 {10, "Domain Private Information"},
2588 lsa_dissect_TRUSTED_DOMAIN_INFORMATION(tvbuff_t *tvb, int offset,
2589 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2591 proto_item *item=NULL;
2592 proto_tree *tree=NULL;
2593 int old_offset=offset;
2597 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2598 "TRUSTED_DOMAIN_INFO:");
2599 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_info);
2602 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2603 hf_lsa_trusted_info_level, &level);
2605 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2608 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2612 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2613 hf_lsa_count, NULL);
2614 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2615 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2616 "Controllers pointer: ", hf_lsa_controller);
2619 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2620 hf_lsa_rid_offset, NULL);
2623 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2624 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2627 offset = lsa_dissect_LSA_TRUST_INFORMATION(tvb, offset,
2631 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2635 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2638 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2640 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2641 hf_lsa_rid_offset, NULL);
2642 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2645 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2648 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2650 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2651 hf_lsa_rid_offset, NULL);
2652 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2656 proto_item_set_len(item, offset-old_offset);
2661 lsa_dissect_lsaqueryinfotrusteddomain_rqst(tvbuff_t *tvb, int offset,
2662 packet_info *pinfo, proto_tree *tree, char *drep)
2664 /* [in] LSA_HANDLE hnd */
2665 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2668 /* [in] TRUSTED_INFORMATION_CLASS level */
2669 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2670 hf_lsa_trusted_info_level, NULL);
2677 lsa_dissect_lsaqueryinfotrusteddomain_reply(tvbuff_t *tvb, int offset,
2678 packet_info *pinfo, proto_tree *tree, char *drep)
2680 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info */
2681 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2682 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2683 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2685 offset = dissect_ntstatus(
2686 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2692 lsa_dissect_lsasetinformationtrusteddomain_rqst(tvbuff_t *tvb, int offset,
2693 packet_info *pinfo, proto_tree *tree, char *drep)
2695 /* [in] LSA_HANDLE hnd */
2696 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2699 /* [in] TRUSTED_INFORMATION_CLASS level */
2700 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2701 hf_lsa_trusted_info_level, NULL);
2703 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info */
2704 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2705 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2706 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2713 lsa_dissect_lsasetinformationtrusteddomain_reply(tvbuff_t *tvb, int offset,
2714 packet_info *pinfo, proto_tree *tree, char *drep)
2716 offset = dissect_ntstatus(
2717 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2723 lsa_dissect_lsaopensecret_rqst(tvbuff_t *tvb, int offset,
2724 packet_info *pinfo, proto_tree *tree, char *drep)
2726 /* [in] LSA_HANDLE hnd_pol */
2727 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2730 /* [in, ref] LSA_UNICODE_STRING *name */
2731 offset = dissect_ndr_counted_string_cb(
2732 tvb, offset, pinfo, tree, drep, hf_lsa_name,
2733 cb_wstr_postprocess,
2734 GINT_TO_POINTER(CB_STR_COL_INFO | 1));
2736 /* [in] ACCESS_MASK access */
2737 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2745 lsa_dissect_lsaopensecret_reply(tvbuff_t *tvb, int offset,
2746 packet_info *pinfo, proto_tree *tree, char *drep)
2748 /* [out] LSA_HANDLE *hnd */
2749 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2752 offset = dissect_ntstatus(
2753 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2759 lsa_dissect_lsasetsecret_rqst(tvbuff_t *tvb, int offset,
2760 packet_info *pinfo, proto_tree *tree, char *drep)
2762 /* [in] LSA_HANDLE hnd */
2763 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2766 /* [in, unique] LSA_SECRET *new_val */
2767 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2768 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2769 "LSA_SECRET pointer: new_val", -1);
2771 /* [in, unique] LSA_SECRET *old_val */
2772 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2773 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2774 "LSA_SECRET pointer: old_val", -1);
2781 lsa_dissect_lsasetsecret_reply(tvbuff_t *tvb, int offset,
2782 packet_info *pinfo, proto_tree *tree, char *drep)
2784 offset = dissect_ntstatus(
2785 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2791 lsa_dissect_lsaquerysecret_rqst(tvbuff_t *tvb, int offset,
2792 packet_info *pinfo, proto_tree *tree, char *drep)
2794 /* [in] LSA_HANDLE hnd */
2795 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2798 /* [in, out, unique] LSA_SECRET **curr_val */
2799 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2800 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2801 "LSA_SECRET pointer: curr_val", -1);
2803 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2804 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2805 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2806 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2808 /* [in, out, unique] LSA_SECRET **old_val */
2809 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2810 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2811 "LSA_SECRET pointer: old_val", -1);
2813 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2814 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2815 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2816 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2823 lsa_dissect_lsaquerysecret_reply(tvbuff_t *tvb, int offset,
2824 packet_info *pinfo, proto_tree *tree, char *drep)
2826 /* [in, out, unique] LSA_SECRET **curr_val */
2827 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2828 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2829 "LSA_SECRET pointer: curr_val", -1);
2831 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2832 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2833 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2834 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2836 /* [in, out, unique] LSA_SECRET **old_val */
2837 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2838 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2839 "LSA_SECRET pointer: old_val", -1);
2841 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2842 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2843 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2844 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2850 lsa_dissect_lsadeleteobject_rqst(tvbuff_t *tvb, int offset,
2851 packet_info *pinfo, proto_tree *tree, char *drep)
2853 /* [in] LSA_HANDLE hnd */
2854 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2862 lsa_dissect_lsadeleteobject_reply(tvbuff_t *tvb, int offset,
2863 packet_info *pinfo, proto_tree *tree, char *drep)
2865 offset = dissect_ntstatus(
2866 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2872 lsa_dissect_lsaenumerateaccountswithuserright_rqst(tvbuff_t *tvb, int offset,
2873 packet_info *pinfo, proto_tree *tree, char *drep)
2875 /* [in] LSA_HANDLE hnd */
2876 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2879 /* [in, unique] LSA_UNICODE_STRING *rights */
2880 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2881 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2882 "LSA_UNICODE_STRING pointer: rights", hf_lsa_rights);
2888 lsa_dissect_lsaenumerateaccountswithuserright_reply(tvbuff_t *tvb, int offset,
2889 packet_info *pinfo, proto_tree *tree, char *drep)
2891 /* [out, ref] LSA_UNICODE_STRING_ARRAY *accounts */
2892 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2893 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2894 "Account pointer: names", hf_lsa_acct);
2896 offset = dissect_ntstatus(
2897 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2903 lsa_dissect_lsaenumerateaccountrights_rqst(tvbuff_t *tvb, int offset,
2904 packet_info *pinfo, proto_tree *tree, char *drep)
2906 /* [in] LSA_HANDLE hnd */
2907 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2910 /* [in, ref] SID *account */
2911 offset = dissect_ndr_nt_SID(tvb, offset,
2912 pinfo, tree, drep, -1);
2919 lsa_dissect_lsaenumerateaccountrights_reply(tvbuff_t *tvb, int offset,
2920 packet_info *pinfo, proto_tree *tree, char *drep)
2922 /* [out, ref] LSA_UNICODE_STRING_ARRAY *rights */
2923 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2924 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2925 "Account pointer: rights", hf_lsa_rights);
2927 offset = dissect_ntstatus(
2928 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2934 lsa_dissect_lsaaddaccountrights_rqst(tvbuff_t *tvb, int offset,
2935 packet_info *pinfo, proto_tree *tree, char *drep)
2937 /* [in] LSA_HANDLE hnd */
2938 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2941 /* [in, ref] SID *account */
2942 offset = dissect_ndr_nt_SID(tvb, offset,
2943 pinfo, tree, drep, -1);
2945 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2946 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2947 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2948 "Account pointer: rights", hf_lsa_rights);
2955 lsa_dissect_lsaaddaccountrights_reply(tvbuff_t *tvb, int offset,
2956 packet_info *pinfo, proto_tree *tree, char *drep)
2958 offset = dissect_ntstatus(
2959 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2965 lsa_dissect_lsaremoveaccountrights_rqst(tvbuff_t *tvb, int offset,
2966 packet_info *pinfo, proto_tree *tree, char *drep)
2968 /* [in] LSA_HANDLE hnd */
2969 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2972 /* [in, ref] SID *account */
2973 offset = dissect_ndr_nt_SID(tvb, offset,
2974 pinfo, tree, drep, -1);
2977 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2978 hf_lsa_remove_all, NULL);
2980 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2981 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2982 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2983 "Account pointer: rights", hf_lsa_rights);
2990 lsa_dissect_lsaremoveaccountrights_reply(tvbuff_t *tvb, int offset,
2991 packet_info *pinfo, proto_tree *tree, char *drep)
2993 offset = dissect_ntstatus(
2994 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3001 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3002 packet_info *pinfo, proto_tree *tree, char *drep)
3004 /* [in] LSA_HANDLE handle */
3005 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3008 /* [in, ref] LSA_UNICODE_STRING *name */
3010 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3013 /* [in] TRUSTED_INFORMATION_CLASS level */
3014 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3015 hf_lsa_trusted_info_level, NULL);
3022 lsa_dissect_lsaquerytrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3023 packet_info *pinfo, proto_tree *tree, char *drep)
3025 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3026 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3027 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3028 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3030 offset = dissect_ntstatus(
3031 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3038 lsa_dissect_lsasettrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3039 packet_info *pinfo, proto_tree *tree, char *drep)
3041 /* [in] LSA_HANDLE handle */
3042 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3045 /* [in, ref] LSA_UNICODE_STRING *name */
3047 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3050 /* [in] TRUSTED_INFORMATION_CLASS level */
3051 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3052 hf_lsa_trusted_info_level, NULL);
3054 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3055 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3056 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3057 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3064 lsa_dissect_lsasettrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3065 packet_info *pinfo, proto_tree *tree, char *drep)
3067 offset = dissect_ntstatus(
3068 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3074 lsa_dissect_lsaquerytrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3075 packet_info *pinfo, proto_tree *tree, char *drep)
3077 /* [in] LSA_HANDLE handle */
3078 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3081 /* [in, ref] SID *sid */
3082 offset = dissect_ndr_nt_SID(tvb, offset,
3083 pinfo, tree, drep, -1);
3085 /* [in] TRUSTED_INFORMATION_CLASS level */
3086 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3087 hf_lsa_trusted_info_level, NULL);
3093 lsa_dissect_lsaopentrusteddomainbyname_rqst(tvbuff_t *tvb, int offset,
3094 packet_info *pinfo, proto_tree *tree, char *drep)
3096 /* [in] LSA_HANDLE handle */
3097 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3100 /* [in, ref] LSA_UNICODE_STRING *name */
3102 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3105 /* [in] ACCESS_MASK access */
3106 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3114 lsa_dissect_lsaopentrusteddomainbyname_reply(tvbuff_t *tvb, int offset,
3115 packet_info *pinfo, proto_tree *tree, char *drep)
3117 /* [out] LSA_HANDLE handle */
3118 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3121 offset = dissect_ntstatus(
3122 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3130 lsa_dissect_lsaquerytrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3131 packet_info *pinfo, proto_tree *tree, char *drep)
3133 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3134 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3135 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3136 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3138 offset = dissect_ntstatus(
3139 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3145 lsa_dissect_lsasettrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3146 packet_info *pinfo, proto_tree *tree, char *drep)
3148 /* [in] LSA_HANDLE handle */
3149 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3152 /* [in, ref] SID *sid */
3153 offset = dissect_ndr_nt_SID(tvb, offset,
3154 pinfo, tree, drep, -1);
3156 /* [in] TRUSTED_INFORMATION_CLASS level */
3157 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3158 hf_lsa_trusted_info_level, NULL);
3160 /* [ref, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3161 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3162 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3163 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3170 lsa_dissect_lsasettrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3171 packet_info *pinfo, proto_tree *tree, char *drep)
3173 offset = dissect_ntstatus(
3174 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3180 lsa_dissect_lsaqueryinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3181 packet_info *pinfo, proto_tree *tree, char *drep)
3183 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3184 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3187 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3188 hf_lsa_policy_information_class, NULL);
3194 lsa_dissect_lsaqueryinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3195 packet_info *pinfo, proto_tree *tree, char *drep)
3197 /* This is really a pointer to a pointer though the first level is REF
3198 so we just ignore that one */
3199 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3200 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
3201 "POLICY_INFORMATION pointer: info", -1);
3203 offset = dissect_ntstatus(
3204 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3210 lsa_dissect_lsasetinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3211 packet_info *pinfo, proto_tree *tree, char *drep)
3213 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3214 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3217 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3218 hf_lsa_policy_information_class, NULL);
3220 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3221 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3222 "POLICY_INFORMATION pointer: info", -1);
3228 lsa_dissect_lsasetinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3229 packet_info *pinfo, proto_tree *tree, char *drep)
3231 offset = dissect_ntstatus(
3232 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3238 lsa_dissect_lsaquerydomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3239 packet_info *pinfo, proto_tree *tree, char *drep)
3241 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3242 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3245 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3246 hf_lsa_policy_information_class, NULL);
3252 lsa_dissect_lsaquerydomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3253 packet_info *pinfo, proto_tree *tree, char *drep)
3255 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3256 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3257 "POLICY_INFORMATION pointer: info", -1);
3259 offset = dissect_ntstatus(
3260 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3266 lsa_dissect_lsasetdomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3267 packet_info *pinfo, proto_tree *tree, char *drep)
3269 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3270 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3273 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3274 hf_lsa_policy_information_class, NULL);
3276 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3277 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3278 "POLICY_INFORMATION pointer: info", -1);
3284 lsa_dissect_lsasetdomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3285 packet_info *pinfo, proto_tree *tree, char *drep)
3287 offset = dissect_ntstatus(
3288 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3294 lsa_dissect_lsalookupnames2_rqst(tvbuff_t *tvb, int offset,
3295 packet_info *pinfo, proto_tree *tree, char *drep)
3297 /* [in] LSA_HANDLE hnd */
3298 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3301 /* [in] ULONG count */
3302 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3303 hf_lsa_count, NULL);
3305 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
3306 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3307 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
3308 "Account pointer: names", hf_lsa_acct);
3310 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3311 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3312 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3313 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3315 /* [in] USHORT level */
3316 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3317 hf_lsa_info_level, NULL);
3319 /* [in, out, ref] ULONG *num_mapped */
3320 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3321 hf_lsa_num_mapped, NULL);
3324 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3325 hf_lsa_unknown_long, NULL);
3328 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3329 hf_lsa_unknown_long, NULL);
3336 lsa_dissect_lsalookupnames2_reply(tvbuff_t *tvb, int offset,
3337 packet_info *pinfo, proto_tree *tree, char *drep)
3339 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
3340 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3341 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3342 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3344 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3345 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3346 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3347 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3349 /* [in, out, ref] ULONG *num_mapped */
3350 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3351 hf_lsa_num_mapped, NULL);
3353 offset = dissect_ntstatus(
3354 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3361 lsa_dissect_lsacreateaccount_rqst(tvbuff_t *tvb, int offset,
3362 packet_info *pinfo, proto_tree *tree, char *drep)
3364 /* [in] LSA_HANDLE hnd */
3365 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3368 offset = dissect_ndr_nt_SID(tvb, offset,
3369 pinfo, tree, drep, -1);
3371 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3378 lsa_dissect_lsacreateaccount_reply(tvbuff_t *tvb, int offset,
3379 packet_info *pinfo, proto_tree *tree, char *drep)
3381 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3384 offset = dissect_ntstatus(
3385 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3391 lsa_dissect_lsalookupprivilegedisplayname_rqst(tvbuff_t *tvb, int offset,
3392 packet_info *pinfo, proto_tree *tree, char *drep)
3394 /* [in] LSA_HANDLE hnd */
3395 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3398 /* [in, ref] LSA_UNICODE_STRING *name */
3399 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3402 /* [in] USHORT unknown */
3403 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3404 hf_lsa_unknown_short, NULL);
3406 /* [in] USHORT size */
3407 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3408 hf_lsa_size16, NULL);
3415 lsa_dissect_lsalookupprivilegedisplayname_reply(tvbuff_t *tvb, int offset,
3416 packet_info *pinfo, proto_tree *tree, char *drep)
3418 /* [out, ref] LSA_UNICODE_STRING **disp_name */
3419 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3420 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3421 "NAME pointer: ", hf_lsa_privilege_name);
3423 /* [out, ref] USHORT *size_needed */
3424 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3425 hf_lsa_size_needed, NULL);
3427 offset = dissect_ntstatus(
3428 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3434 lsa_dissect_lsastoreprivatedata_rqst(tvbuff_t *tvb, int offset,
3435 packet_info *pinfo, proto_tree *tree, char *drep)
3437 /* [in] LSA_HANDLE hnd */
3438 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3441 /* [in, ref] LSA_UNICODE_STRING *key */
3442 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3445 /* [in, unique] LSA_SECRET **data */
3446 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3447 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
3448 "LSA_SECRET* pointer: data", -1);
3455 lsa_dissect_lsastoreprivatedata_reply(tvbuff_t *tvb, int offset,
3456 packet_info *pinfo, proto_tree *tree, char *drep)
3458 offset = dissect_ntstatus(
3459 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3465 lsa_dissect_lsaretrieveprivatedata_rqst(tvbuff_t *tvb, int offset,
3466 packet_info *pinfo, proto_tree *tree, char *drep)
3468 /* [in] LSA_HANDLE hnd */
3469 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3472 /* [in, ref] LSA_UNICODE_STRING *key */
3473 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3476 /* [in, out, ref] LSA_SECRET **data */
3477 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3478 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3479 "LSA_SECRET* pointer: data", -1);
3486 lsa_dissect_lsaretrieveprivatedata_reply(tvbuff_t *tvb, int offset,
3487 packet_info *pinfo, proto_tree *tree, char *drep)
3489 /* [in, out, ref] LSA_SECRET **data */
3490 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3491 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3492 "LSA_SECRET* pointer: data", -1);
3494 offset = dissect_ntstatus(
3495 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3501 lsa_dissect_lsaclosetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3502 packet_info *pinfo, proto_tree *tree, char *drep)
3505 /* [in, out] LSA_HANDLE *tdHnd */
3506 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3507 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3515 lsa_dissect_lsaclosetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3516 packet_info *pinfo, proto_tree *tree, char *drep)
3519 /* [in, out] LSA_HANDLE *tdHnd */
3520 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3521 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3524 offset = dissect_ntstatus(
3525 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3531 lsa_dissect_LSA_TRANSLATED_NAME_EX(tvbuff_t *tvb, int offset,
3532 packet_info *pinfo, proto_tree *parent_tree, char *drep)
3534 proto_item *item=NULL;
3535 proto_tree *tree=NULL;
3536 int old_offset=offset;
3539 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3540 "LSA_TRANSLATED_NAME:");
3541 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
3545 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3546 hf_lsa_sid_type, NULL);
3549 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3553 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3554 hf_lsa_index, NULL);
3557 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3558 hf_lsa_unknown_long, NULL);
3560 proto_item_set_len(item, offset-old_offset);
3565 lsa_dissect_LSA_TRANSLATED_NAME_EX_array(tvbuff_t *tvb, int offset,
3566 packet_info *pinfo, proto_tree *tree, char *drep)
3568 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3569 lsa_dissect_LSA_TRANSLATED_NAME_EX);
3574 lsa_dissect_LSA_TRANSLATED_NAMES_EX(tvbuff_t *tvb, int offset,
3575 packet_info *pinfo, proto_tree *tree, char *drep)
3578 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3579 hf_lsa_count, NULL);
3581 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3582 lsa_dissect_LSA_TRANSLATED_NAME_EX_array, NDR_POINTER_UNIQUE,
3583 "LSA_TRANSLATED_NAME_EX: pointer", -1);
3590 lsa_dissect_lsalookupsids2_rqst(tvbuff_t *tvb, int offset,
3591 packet_info *pinfo, proto_tree *tree, char *drep)
3593 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3596 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3597 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3600 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3601 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3602 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3604 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3605 hf_lsa_info_level, NULL);
3607 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3608 hf_lsa_num_mapped, NULL);
3611 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3612 hf_lsa_unknown_long, NULL);
3615 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3616 hf_lsa_unknown_long, NULL);
3622 lsa_dissect_lsalookupsids2_reply(tvbuff_t *tvb, int offset,
3623 packet_info *pinfo, proto_tree *tree, char *drep)
3625 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3626 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3627 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3629 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3630 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3631 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3633 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3634 hf_lsa_num_mapped, NULL);
3636 offset = dissect_ntstatus(
3637 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3643 lsa_dissect_lsagetusername_rqst(tvbuff_t *tvb, int offset,
3644 packet_info *pinfo, proto_tree *tree, char *drep)
3647 /* [in, unique, string] WCHAR *server */
3648 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3649 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
3650 "Server:", hf_lsa_server);
3652 /* [in, out, ref] LSA_UNICODE_STRING **user */
3653 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3654 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3655 "ACCOUNT pointer: ", hf_lsa_acct);
3657 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3658 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3659 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3660 "DOMAIN pointer: ", hf_lsa_domain);
3667 lsa_dissect_lsagetusername_reply(tvbuff_t *tvb, int offset,
3668 packet_info *pinfo, proto_tree *tree, char *drep)
3670 /* [in, out, ref] LSA_UNICODE_STRING **user */
3671 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3672 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3673 "ACCOUNT pointer: ", hf_lsa_acct);
3675 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3676 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3677 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3678 "DOMAIN pointer: ", hf_lsa_domain);
3680 offset = dissect_ntstatus(
3681 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3687 lsa_dissect_lsacreatetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3688 packet_info *pinfo, proto_tree *tree, char *drep)
3690 /* [in] LSA_HANDLE hnd */
3691 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3694 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3695 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3696 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3697 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3699 /* [in, ref] TRUSTED_DOMAIN_AUTH_INFORMATION *auth */
3700 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3701 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION, NDR_POINTER_REF,
3702 "TRUSTED_DOMAIN_AUTH_INFORMATION pointer: auth", -1);
3704 /* [in] ACCESS_MASK mask */
3705 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3713 lsa_dissect_lsacreatetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3714 packet_info *pinfo, proto_tree *tree, char *drep)
3716 /* [out] LSA_HANDLE *tdHnd) */
3717 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3720 offset = dissect_ntstatus(
3721 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3727 lsa_dissect_lsaenumeratetrusteddomainsex_rqst(tvbuff_t *tvb, int offset,
3728 packet_info *pinfo, proto_tree *tree, char *drep)
3730 /* [in] LSA_HANDLE hnd */
3731 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3734 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3735 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3736 hf_lsa_resume_handle, NULL);
3738 /* [in] ULONG pref_maxlen */
3739 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3740 hf_lsa_max_count, NULL);
3747 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array(tvbuff_t *tvb, int offset,
3748 packet_info *pinfo, proto_tree *tree, char *drep)
3750 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3751 lsa_dissect_LSA_TRUST_INFORMATION_EX);
3757 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX(tvbuff_t *tvb, int offset,
3758 packet_info *pinfo, proto_tree *tree, char *drep)
3761 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3762 hf_lsa_count, NULL);
3764 /* trust information */
3765 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3766 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array, NDR_POINTER_UNIQUE,
3767 "TRUST INFORMATION array:", -1);
3770 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3771 hf_lsa_max_count, NULL);
3778 lsa_dissect_lsaenumeratetrusteddomainsex_reply(tvbuff_t *tvb, int offset,
3779 packet_info *pinfo, proto_tree *tree, char *drep)
3781 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3782 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3783 hf_lsa_resume_handle, NULL);
3785 /* [out, ref] TRUSTED_DOMAIN_INFORMATION_LIST_EX *domains */
3786 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3787 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX, NDR_POINTER_REF,
3788 "TRUSTED_DOMAIN_INFORMATION_LIST_EX pointer: domains", -1);
3790 offset = dissect_ntstatus(
3791 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3797 lsa_dissect_lsafunction_38_rqst(tvbuff_t *tvb, int offset,
3798 packet_info *pinfo, proto_tree *tree, char *drep)
3800 /* [in] LSA_HANDLE handle */
3801 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3804 /* [in] USHORT flag */
3805 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3806 hf_lsa_unknown_short, NULL);
3808 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3809 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3810 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3811 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3818 lsa_dissect_lsafunction_38_reply(tvbuff_t *tvb, int offset,
3819 packet_info *pinfo, proto_tree *tree, char *drep)
3821 /* [out, ref] LSA_SECURITY_DESCRIPTOR **psd) */
3822 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3823 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3824 "LSA_SECURITY_DESCRIPTOR pointer: psd)", -1);
3830 lsa_dissect_lsafunction_3b_rqst(tvbuff_t *tvb, int offset,
3831 packet_info *pinfo, proto_tree *tree, char *drep)
3833 /* [in] LSA_HANDLE hnd */
3834 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3837 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3838 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3839 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3840 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3842 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3843 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3844 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3845 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3847 /* [in] ULONG unknown */
3848 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3849 hf_lsa_unknown_long, NULL);
3856 lsa_dissect_lsafunction_3b_reply(tvbuff_t *tvb, int offset,
3857 packet_info *pinfo, proto_tree *tree, char *drep)
3859 /* [out] LSA_HANDLE *h2) */
3860 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3863 offset = dissect_ntstatus(
3864 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3870 static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
3871 { LSA_LSACLOSE, "Close",
3872 lsa_dissect_lsaclose_rqst,
3873 lsa_dissect_lsaclose_reply },
3874 { LSA_LSADELETE, "Delete",
3875 lsa_dissect_lsadelete_rqst,
3876 lsa_dissect_lsadelete_reply },
3877 { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs",
3878 lsa_dissect_lsaenumerateprivileges_rqst,
3879 lsa_dissect_lsaenumerateprivileges_reply },
3880 { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject",
3881 lsa_dissect_lsaquerysecurityobject_rqst,
3882 lsa_dissect_lsaquerysecurityobject_reply },
3883 { LSA_LSASETSECURITYOBJECT, "SetSecObject",
3884 lsa_dissect_lsasetsecurityobject_rqst,
3885 lsa_dissect_lsasetsecurityobject_reply },
3886 { LSA_LSACHANGEPASSWORD, "ChangePassword",
3887 lsa_dissect_lsachangepassword_rqst,
3888 lsa_dissect_lsachangepassword_reply },
3889 { LSA_LSAOPENPOLICY, "OpenPolicy",
3890 lsa_dissect_lsaopenpolicy_rqst,
3891 lsa_dissect_lsaopenpolicy_reply },
3892 { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy",
3893 lsa_dissect_lsaqueryinformationpolicy_rqst,
3894 lsa_dissect_lsaqueryinformationpolicy_reply },
3895 { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy",
3896 lsa_dissect_lsasetinformationpolicy_rqst,
3897 lsa_dissect_lsasetinformationpolicy_reply },
3898 { LSA_LSACLEARAUDITLOG, "ClearAuditLog",
3899 lsa_dissect_lsaclearauditlog_rqst,
3900 lsa_dissect_lsaclearauditlog_reply },
3901 { LSA_LSACREATEACCOUNT, "CreateAccount",
3902 lsa_dissect_lsacreateaccount_rqst,
3903 lsa_dissect_lsacreateaccount_reply },
3904 { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts",
3905 lsa_dissect_lsaenumerateaccounts_rqst,
3906 lsa_dissect_lsaenumerateaccounts_reply },
3907 { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain",
3908 lsa_dissect_lsacreatetrusteddomain_rqst,
3909 lsa_dissect_lsacreatetrusteddomain_reply },
3910 { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains",
3911 lsa_dissect_lsaenumeratetrusteddomains_rqst,
3912 lsa_dissect_lsaenumeratetrusteddomains_reply },
3913 { LSA_LSALOOKUPNAMES, "LookupNames",
3914 lsa_dissect_lsalookupnames_rqst,
3915 lsa_dissect_lsalookupnames_reply },
3916 { LSA_LSALOOKUPSIDS, "LookupSIDs",
3917 lsa_dissect_lsalookupsids_rqst,
3918 lsa_dissect_lsalookupsids_reply },
3919 { LSA_LSACREATESECRET, "CreateSecret",
3920 lsa_dissect_lsacreatesecret_rqst,
3921 lsa_dissect_lsacreatesecret_reply },
3922 { LSA_LSAOPENACCOUNT, "OpenAccount",
3923 lsa_dissect_lsaopenaccount_rqst,
3924 lsa_dissect_lsaopenaccount_reply },
3925 { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount",
3926 lsa_dissect_lsaenumerateprivilegesaccount_rqst,
3927 lsa_dissect_lsaenumerateprivilegesaccount_reply },
3928 { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount",
3929 lsa_dissect_lsaaddprivilegestoaccount_rqst,
3930 lsa_dissect_lsaaddprivilegestoaccount_reply },
3931 { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount",
3932 lsa_dissect_lsaremoveprivilegesfromaccount_rqst,
3933 lsa_dissect_lsaremoveprivilegesfromaccount_reply },
3934 { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount",
3935 lsa_dissect_lsagetquotasforaccount_rqst,
3936 lsa_dissect_lsagetquotasforaccount_reply },
3937 { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount",
3938 lsa_dissect_lsasetquotasforaccount_rqst,
3939 lsa_dissect_lsasetquotasforaccount_reply },
3940 { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount",
3941 lsa_dissect_lsagetsystemaccessaccount_rqst,
3942 lsa_dissect_lsagetsystemaccessaccount_reply },
3943 { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount",
3944 lsa_dissect_lsasetsystemaccessaccount_rqst,
3945 lsa_dissect_lsasetsystemaccessaccount_reply },
3946 { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain",
3947 lsa_dissect_lsaopentrusteddomain_rqst,
3948 lsa_dissect_lsaopentrusteddomain_reply },
3949 { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain",
3950 lsa_dissect_lsaqueryinfotrusteddomain_rqst,
3951 lsa_dissect_lsaqueryinfotrusteddomain_reply },
3952 { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain",
3953 lsa_dissect_lsasetinformationtrusteddomain_rqst,
3954 lsa_dissect_lsasetinformationtrusteddomain_reply },
3955 { LSA_LSAOPENSECRET, "OpenSecret",
3956 lsa_dissect_lsaopensecret_rqst,
3957 lsa_dissect_lsaopensecret_reply },
3958 { LSA_LSASETSECRET, "SetSecret",
3959 lsa_dissect_lsasetsecret_rqst,
3960 lsa_dissect_lsasetsecret_reply },
3961 { LSA_LSAQUERYSECRET, "QuerySecret",
3962 lsa_dissect_lsaquerysecret_rqst,
3963 lsa_dissect_lsaquerysecret_reply },
3964 { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue",
3965 lsa_dissect_lsalookupprivilegevalue_rqst,
3966 lsa_dissect_lsalookupprivilegevalue_reply },
3967 { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName",
3968 lsa_dissect_lsalookupprivilegename_rqst,
3969 lsa_dissect_lsalookupprivilegename_reply },
3970 { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName",
3971 lsa_dissect_lsalookupprivilegedisplayname_rqst,
3972 lsa_dissect_lsalookupprivilegedisplayname_reply },
3973 { LSA_LSADELETEOBJECT, "DeleteObject",
3974 lsa_dissect_lsadeleteobject_rqst,
3975 lsa_dissect_lsadeleteobject_reply },
3976 { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight",
3977 lsa_dissect_lsaenumerateaccountswithuserright_rqst,
3978 lsa_dissect_lsaenumerateaccountswithuserright_reply },
3979 { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights",
3980 lsa_dissect_lsaenumerateaccountrights_rqst,
3981 lsa_dissect_lsaenumerateaccountrights_reply },
3982 { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights",
3983 lsa_dissect_lsaaddaccountrights_rqst,
3984 lsa_dissect_lsaaddaccountrights_reply },
3985 { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights",
3986 lsa_dissect_lsaremoveaccountrights_rqst,
3987 lsa_dissect_lsaremoveaccountrights_reply },
3988 { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo",
3989 lsa_dissect_lsaquerytrusteddomaininfo_rqst,
3990 lsa_dissect_lsaquerytrusteddomaininfo_reply },
3991 { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo",
3992 lsa_dissect_lsasettrusteddomaininfo_rqst,
3993 lsa_dissect_lsasettrusteddomaininfo_reply },
3994 { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain",
3995 lsa_dissect_lsadeletetrusteddomain_rqst,
3996 lsa_dissect_lsadeletetrusteddomain_reply },
3997 { LSA_LSASTOREPRIVATEDATA, "StorePrivateData",
3998 lsa_dissect_lsastoreprivatedata_rqst,
3999 lsa_dissect_lsastoreprivatedata_reply },
4000 { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData",
4001 lsa_dissect_lsaretrieveprivatedata_rqst,
4002 lsa_dissect_lsaretrieveprivatedata_reply },
4003 { LSA_LSAOPENPOLICY2, "OpenPolicy2",
4004 lsa_dissect_lsaopenpolicy2_rqst,
4005 lsa_dissect_lsaopenpolicy2_reply },
4006 { LSA_LSAGETUSERNAME, "GetUsername",
4007 lsa_dissect_lsagetusername_rqst,
4008 lsa_dissect_lsagetusername_reply },
4009 { LSA_LSAQUERYINFORMATIONPOLICY2, "QueryInformationPolicy2",
4010 lsa_dissect_lsaqueryinformationpolicy2_rqst,
4011 lsa_dissect_lsaqueryinformationpolicy2_reply },
4012 { LSA_LSASETINFORMATIONPOLICY2, "SetInformationPolicy2",
4013 lsa_dissect_lsasetinformationpolicy2_rqst,
4014 lsa_dissect_lsasetinformationpolicy2_reply },
4015 { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName",
4016 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst,
4017 lsa_dissect_lsaquerytrusteddomaininfobyname_reply },
4018 { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName",
4019 lsa_dissect_lsasettrusteddomaininfobyname_rqst,
4020 lsa_dissect_lsasettrusteddomaininfobyname_reply },
4021 { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx",
4022 lsa_dissect_lsaenumeratetrusteddomainsex_rqst,
4023 lsa_dissect_lsaenumeratetrusteddomainsex_reply },
4024 { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx",
4025 lsa_dissect_lsacreatetrusteddomainex_rqst,
4026 lsa_dissect_lsacreatetrusteddomainex_reply },
4027 { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx",
4028 lsa_dissect_lsaclosetrusteddomainex_rqst,
4029 lsa_dissect_lsaclosetrusteddomainex_reply },
4030 { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy",
4031 lsa_dissect_lsaquerydomaininformationpolicy_rqst,
4032 lsa_dissect_lsaquerydomaininformationpolicy_reply },
4033 { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy",
4034 lsa_dissect_lsasetdomaininformationpolicy_rqst,
4035 lsa_dissect_lsasetdomaininformationpolicy_reply },
4036 { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName",
4037 lsa_dissect_lsaopentrusteddomainbyname_rqst,
4038 lsa_dissect_lsaopentrusteddomainbyname_reply },
4039 { LSA_LSAFUNCTION_38, "LSAFUNCTION_38",
4040 lsa_dissect_lsafunction_38_rqst,
4041 lsa_dissect_lsafunction_38_reply },
4042 { LSA_LSALOOKUPSIDS2, "LookupSIDs2",
4043 lsa_dissect_lsalookupsids2_rqst,
4044 lsa_dissect_lsalookupsids2_reply },
4045 { LSA_LSALOOKUPNAMES2, "LookupNames2",
4046 lsa_dissect_lsalookupnames2_rqst,
4047 lsa_dissect_lsalookupnames2_reply },
4048 { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B",
4049 lsa_dissect_lsafunction_3b_rqst,
4050 lsa_dissect_lsafunction_3b_reply },
4051 {0, NULL, NULL, NULL}
4054 static const value_string lsa_opnum_vals[] = {
4055 { LSA_LSACLOSE, "Close" },
4056 { LSA_LSADELETE, "Delete" },
4057 { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs" },
4058 { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject" },
4059 { LSA_LSASETSECURITYOBJECT, "SetSecObject" },
4060 { LSA_LSACHANGEPASSWORD, "ChangePassword" },
4061 { LSA_LSAOPENPOLICY, "OpenPolicy" },
4062 { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy" },
4063 { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy" },
4064 { LSA_LSACLEARAUDITLOG, "ClearAuditLog" },
4065 { LSA_LSACREATEACCOUNT, "CreateAccount" },
4066 { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts" },
4067 { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain" },
4068 { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains" },
4069 { LSA_LSALOOKUPNAMES, "LookupNames" },
4070 { LSA_LSALOOKUPSIDS, "LookupSIDs" },
4071 { LSA_LSACREATESECRET, "CreateSecret" },
4072 { LSA_LSAOPENACCOUNT, "OpenAccount" },
4073 { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount" },
4074 { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount" },
4075 { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount" },
4076 { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount" },
4077 { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount" },
4078 { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount" },
4079 { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount" },
4080 { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain" },
4081 { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain" },
4082 { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain" },
4083 { LSA_LSAOPENSECRET, "OpenSecret" },
4084 { LSA_LSASETSECRET, "SetSecret" },
4085 { LSA_LSAQUERYSECRET, "QuerySecret" },
4086 { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue" },
4087 { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName" },
4088 { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName" },
4089 { LSA_LSADELETEOBJECT, "DeleteObject" },
4090 { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight" },
4091 { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights" },
4092 { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights" },
4093 { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights" },
4094 { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo" },
4095 { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo" },
4096 { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain" },
4097 { LSA_LSASTOREPRIVATEDATA, "StorePrivateData" },
4098 { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData" },
4099 { LSA_LSAOPENPOLICY2, "OpenPolicy2" },
4100 { LSA_LSAGETUSERNAME, "GetUsername" },
4101 { LSA_LSAQUERYINFORMATIONPOLICY2, "QueryInformationPolicy2" },
4102 { LSA_LSASETINFORMATIONPOLICY2, "SetInformationPolicy2" },
4103 { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName" },
4104 { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName" },
4105 { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx" },
4106 { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx" },
4107 { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx" },
4108 { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy" },
4109 { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy" },
4110 { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName" },
4111 { LSA_LSAFUNCTION_38, "LSAFUNCTION_38" },
4112 { LSA_LSALOOKUPSIDS2, "LookupSIDs2" },
4113 { LSA_LSALOOKUPNAMES2, "LookupNames2" },
4114 { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B" },
4119 proto_register_dcerpc_lsa(void)
4121 static hf_register_info hf[] = {
4124 { "Operation", "lsa.opnum", FT_UINT16, BASE_DEC,
4125 VALS(lsa_opnum_vals), 0x0, "Operation", HFILL }},
4127 { &hf_lsa_unknown_string,
4128 { "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
4129 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
4132 { "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
4133 NULL, 0x0, "LSA policy handle", HFILL }},
4136 { "Server", "lsa.server", FT_STRING, BASE_NONE,
4137 NULL, 0, "Name of Server", HFILL }},
4139 { &hf_lsa_controller,
4140 { "Controller", "lsa.controller", FT_STRING, BASE_NONE,
4141 NULL, 0, "Name of Domain Controller", HFILL }},
4143 { &hf_lsa_unknown_hyper,
4144 { "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
4145 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4147 { &hf_lsa_unknown_long,
4148 { "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
4149 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4151 { &hf_lsa_unknown_short,
4152 { "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
4153 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4155 { &hf_lsa_unknown_char,
4156 { "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
4157 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4160 { "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
4161 VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
4164 { "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
4165 NULL, 0x0, "LSA Attributes", HFILL }},
4167 { &hf_lsa_obj_attr_len,
4168 { "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
4169 NULL, 0x0, "Length of object attribute structure", HFILL }},
4171 { &hf_lsa_obj_attr_name,
4172 { "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
4173 NULL, 0x0, "Name of object attribute", HFILL }},
4175 { &hf_lsa_access_mask,
4176 { "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
4177 NULL, 0x0, "LSA Access Mask", HFILL }},
4179 { &hf_lsa_info_level,
4180 { "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
4181 NULL, 0x0, "Information level of requested data", HFILL }},
4183 { &hf_lsa_trusted_info_level,
4184 { "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
4185 VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
4188 { "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
4189 NULL, 0x0, "Size of lsa security descriptor", HFILL }},
4192 { "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
4193 NULL, 0x0, "Length of quality of service structure", HFILL }},
4195 { &hf_lsa_qos_impersonation_level,
4196 { "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
4197 VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
4199 { &hf_lsa_qos_track_context,
4200 { "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
4201 NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
4203 { &hf_lsa_qos_effective_only,
4204 { "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
4205 NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
4207 { &hf_lsa_pali_percent_full,
4208 { "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
4209 NULL, 0x0, "How full audit log is in percentage", HFILL }},
4211 { &hf_lsa_pali_log_size,
4212 { "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
4213 NULL, 0x0, "Size of audit log", HFILL }},
4215 { &hf_lsa_pali_retention_period,
4216 { "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
4217 NULL, 0x0, "", HFILL }},
4219 { &hf_lsa_pali_time_to_shutdown,
4220 { "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
4221 NULL, 0x0, "Time to shutdown", HFILL }},
4223 { &hf_lsa_pali_shutdown_in_progress,
4224 { "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
4225 NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
4227 { &hf_lsa_pali_next_audit_record,
4228 { "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
4229 NULL, 0x0, "Next audit record", HFILL }},
4231 { &hf_lsa_paei_enabled,
4232 { "Enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
4233 NULL, 0x0, "If Audit Events Information is Enabled or not", HFILL }},
4235 { &hf_lsa_paei_settings,
4236 { "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
4237 NULL, 0x0, "Audit Events Information settings", HFILL }},
4240 { "Count", "lsa.count", FT_UINT32, BASE_DEC,
4241 NULL, 0x0, "Count of objects", HFILL }},
4243 { &hf_lsa_max_count,
4244 { "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
4245 NULL, 0x0, "", HFILL }},
4248 { "Domain", "lsa.domain", FT_STRING, BASE_NONE,
4249 NULL, 0x0, "Domain", HFILL }},
4251 { &hf_lsa_domain_sid,
4252 { "Domain SID", "lsa.domain_sid", FT_STRING, BASE_NONE,
4253 NULL, 0x0, "The Domain SID", HFILL }},
4256 { "Account", "lsa.acct", FT_STRING, BASE_NONE,
4257 NULL, 0x0, "Account", HFILL }},
4260 { "Source", "lsa.source", FT_STRING, BASE_NONE,
4261 NULL, 0x0, "Replica Source", HFILL }},
4263 { &hf_lsa_server_role,
4264 { "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
4265 VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
4267 { &hf_lsa_quota_paged_pool,
4268 { "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
4269 NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
4271 { &hf_lsa_quota_non_paged_pool,
4272 { "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
4273 NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
4275 { &hf_lsa_quota_min_wss,
4276 { "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
4277 NULL, 0x0, "Size of Quota Min WSS", HFILL }},
4279 { &hf_lsa_quota_max_wss,
4280 { "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
4281 NULL, 0x0, "Size of Quota Max WSS", HFILL }},
4283 { &hf_lsa_quota_pagefile,
4284 { "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
4285 NULL, 0x0, "Size of quota pagefile usage", HFILL }},
4287 { &hf_lsa_mod_seq_no,
4288 { "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
4289 NULL, 0x0, "Sequence number for this modification", HFILL }},
4291 { &hf_lsa_mod_mtime,
4292 { "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4293 NULL, 0x0, "Time when this modification occured", HFILL }},
4295 { &hf_lsa_cur_mtime,
4296 { "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4297 NULL, 0x0, "Current MTime to set", HFILL }},
4299 { &hf_lsa_old_mtime,
4300 { "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4301 NULL, 0x0, "Old MTime for this object", HFILL }},
4304 { "Name", "lsa.name", FT_STRING, BASE_NONE,
4305 NULL, 0x0, "", HFILL }},
4308 { "Key", "lsa.key", FT_STRING, BASE_NONE,
4309 NULL, 0x0, "", HFILL }},
4311 { &hf_lsa_flat_name,
4312 { "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
4313 NULL, 0x0, "", HFILL }},
4316 { "Forest", "lsa.forest", FT_STRING, BASE_NONE,
4317 NULL, 0x0, "", HFILL }},
4319 { &hf_lsa_info_type,
4320 { "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
4321 NULL, 0x0, "", HFILL }},
4324 { "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
4325 NULL, 0x0, "New password", HFILL }},
4328 { "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
4329 NULL, 0x0, "Old password", HFILL }},
4332 { "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
4333 VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
4336 { "RID", "lsa.rid", FT_UINT32, BASE_HEX,
4337 NULL, 0x0, "RID", HFILL }},
4339 { &hf_lsa_rid_offset,
4340 { "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
4341 NULL, 0x0, "RID Offset", HFILL }},
4344 { "Index", "lsa.index", FT_UINT32, BASE_DEC,
4345 NULL, 0x0, "", HFILL }},
4347 { &hf_lsa_num_mapped,
4348 { "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
4349 NULL, 0x0, "", HFILL }},
4351 { &hf_lsa_policy_information_class,
4352 { "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
4353 VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
4356 { "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX,
4357 NULL, 0, "", HFILL }},
4359 { &hf_lsa_auth_blob,
4360 { "Auth blob", "lsa.auth.blob", FT_BYTES, BASE_HEX,
4361 NULL, 0, "", HFILL }},
4364 { "High", "nt.luid.high", FT_UINT32, BASE_HEX,
4365 NULL, 0x0, "LUID High component", HFILL }},
4368 { "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
4369 NULL, 0x0, "LUID Low component", HFILL }},
4372 { "Size", "lsa.size", FT_UINT32, BASE_DEC,
4373 NULL, 0x0, "", HFILL }},
4376 { "Size", "lsa.size", FT_UINT16, BASE_DEC,
4377 NULL, 0x0, "", HFILL }},
4379 { &hf_lsa_size_needed,
4380 { "Size Needed", "lsa.size_needed", FT_UINT16, BASE_DEC,
4381 NULL, 0x0, "", HFILL }},
4383 { &hf_lsa_privilege_name,
4384 { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
4385 NULL, 0x0, "LSA Privilege Name", HFILL }},
4388 { "Rights", "lsa.rights", FT_STRING, BASE_NONE,
4389 NULL, 0x0, "Account Rights", HFILL }},
4392 { "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
4393 NULL, 0x0, "LSA Attributes", HFILL }},
4395 { &hf_lsa_auth_update,
4396 { "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
4397 NULL, 0x0, "LSA Auth Info update", HFILL }},
4399 { &hf_lsa_resume_handle,
4400 { "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
4401 NULL, 0x0, "Resume Handle", HFILL }},
4403 { &hf_lsa_trust_direction,
4404 { "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
4405 VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
4407 { &hf_lsa_trust_type,
4408 { "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
4409 VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
4411 { &hf_lsa_trust_attr,
4412 { "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
4413 NULL, 0x0, "Trust attributes", HFILL }},
4415 { &hf_lsa_trust_attr_non_trans,
4416 { "Non Transitive", "lsa.trust.attr.non_trans", FT_BOOLEAN, 32,
4417 TFS(&tfs_trust_attr_non_trans), 0x00000001, "Non Transitive trust", HFILL }},
4419 { &hf_lsa_trust_attr_uplevel_only,
4420 { "Upleve only", "lsa.trust.attr.uplevel_only", FT_BOOLEAN, 32,
4421 TFS(&tfs_trust_attr_uplevel_only), 0x00000002, "Uplevel only trust", HFILL }},
4423 { &hf_lsa_trust_attr_tree_parent,
4424 { "Tree Parent", "lsa.trust.attr.tree_parent", FT_BOOLEAN, 32,
4425 TFS(&tfs_trust_attr_tree_parent), 0x00400000, "Tree Parent trust", HFILL }},
4427 { &hf_lsa_trust_attr_tree_root,
4428 { "Tree Root", "lsa.trust.attr.tree_root", FT_BOOLEAN, 32,
4429 TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
4431 { &hf_lsa_auth_type,
4432 { "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
4433 NULL, 0x0, "Auth Info type", HFILL }},
4436 { "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
4437 NULL, 0x0, "Auth Info len", HFILL }},
4439 { &hf_lsa_remove_all,
4440 { "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
4441 NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }},
4443 { &hf_view_local_info,
4444 { "View local info", "lsa.access_mask.view_local_info",
4445 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_LOCAL_INFORMATION,
4446 "View local info", HFILL }},
4448 { &hf_view_audit_info,
4449 { "View audit info", "lsa.access_mask.view_audit_info",
4450 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_AUDIT_INFORMATION,
4451 "View audit info", HFILL }},
4453 { &hf_get_private_info,
4454 { "Get private info", "lsa.access_mask.get_privateinfo",
4455 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_GET_PRIVATE_INFORMATION,
4456 "Get private info", HFILL }},
4459 { "Trust admin", "lsa.access_mask.trust_admin",
4460 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_TRUST_ADMIN,
4461 "Trust admin", HFILL }},
4463 { &hf_create_account,
4464 { "Create account", "lsa.access_mask.create_account",
4465 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_ACCOUNT,
4466 "Create account", HFILL }},
4468 { &hf_create_secret,
4469 { "Create secret", "lsa.access_mask.create_secret",
4470 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_SECRET,
4471 "Create secret", HFILL }},
4474 { "Create privilege", "lsa.access_mask.create_priv",
4475 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_PRIVILEGE,
4476 "Create privilege", HFILL }},
4478 { &hf_set_default_quota_limits,
4479 { "Set default quota limits", "lsa.access_mask.set_default_quota_limits",
4480 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_DEFAULT_QUOTA_LIMITS,
4481 "Set default quota limits", HFILL }},
4483 { &hf_set_audit_requirements,
4484 { "Set audit requirements", "lsa.access_mask.set_audit_requirements",
4485 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_AUDIT_REQUIREMENTS,
4486 "Set audit requirements", HFILL }},
4489 { "Server admin", "lsa.access_mask.server_admin",
4490 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SERVER_ADMIN,
4491 "Server admin", HFILL }},
4494 { "Lookup names", "lsa.access_mask.lookup_names",
4495 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_LOOKUP_NAMES,
4496 "Lookup names", HFILL }}
4499 static gint *ett[] = {
4501 &ett_lsa_OBJECT_ATTRIBUTES,
4502 &ett_LSA_SECURITY_DESCRIPTOR,
4503 &ett_lsa_policy_info,
4504 &ett_lsa_policy_audit_log_info,
4505 &ett_lsa_policy_audit_events_info,
4506 &ett_lsa_policy_primary_domain_info,
4507 &ett_lsa_policy_primary_account_info,
4508 &ett_lsa_policy_server_role_info,
4509 &ett_lsa_policy_replica_source_info,
4510 &ett_lsa_policy_default_quota_info,
4511 &ett_lsa_policy_modification_info,
4512 &ett_lsa_policy_audit_full_set_info,
4513 &ett_lsa_policy_audit_full_query_info,
4514 &ett_lsa_policy_dns_domain_info,
4515 &ett_lsa_translated_names,
4516 &ett_lsa_translated_name,
4517 &ett_lsa_referenced_domain_list,
4518 &ett_lsa_trust_information,
4519 &ett_lsa_trust_information_ex,
4521 &ett_LSA_PRIVILEGES,
4523 &ett_LSA_LUID_AND_ATTRIBUTES_ARRAY,
4524 &ett_LSA_LUID_AND_ATTRIBUTES,
4525 &ett_LSA_TRUSTED_DOMAIN_LIST,
4526 &ett_LSA_TRUSTED_DOMAIN,
4527 &ett_LSA_TRANSLATED_SIDS,
4528 &ett_lsa_trusted_domain_info,
4529 &ett_lsa_trust_attr,
4530 &ett_lsa_trusted_domain_auth_information,
4531 &ett_lsa_auth_information
4534 proto_dcerpc_lsa = proto_register_protocol(
4535 "Microsoft Local Security Architecture", "LSA", "lsa");
4537 proto_register_field_array (proto_dcerpc_lsa, hf, array_length (hf));
4538 proto_register_subtree_array(ett, array_length(ett));
4541 /* Protocol handoff */
4543 static e_uuid_t uuid_dcerpc_lsa = {
4544 0x12345778, 0x1234, 0xabcd,
4545 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
4548 static guint16 ver_dcerpc_lsa = 0;
4551 proto_reg_handoff_dcerpc_lsa(void)
4553 /* Register protocol as dcerpc */
4555 dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
4556 ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum);