2 * Routines for SMB \PIPE\lsarpc packet disassembly
3 * Copyright 2001,2003 Tim Potter <tpot@samba.org>
4 * 2002 Added LSA command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-lsa.c,v 1.79 2003/05/21 10:06:29 sahlberg Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
37 #include "packet-dcerpc-lsa.h"
38 #include "packet-smb-common.h"
41 static int proto_dcerpc_lsa = -1;
43 static int hf_lsa_opnum = -1;
44 static int hf_lsa_rc = -1;
45 static int hf_lsa_hnd = -1;
46 static int hf_lsa_server = -1;
47 static int hf_lsa_controller = -1;
48 static int hf_lsa_obj_attr = -1;
49 static int hf_lsa_obj_attr_len = -1;
50 static int hf_lsa_obj_attr_name = -1;
51 static int hf_lsa_access_mask = -1;
52 static int hf_lsa_info_level = -1;
53 static int hf_lsa_trusted_info_level = -1;
54 static int hf_lsa_sd_size = -1;
55 static int hf_lsa_qos_len = -1;
56 static int hf_lsa_qos_impersonation_level = -1;
57 static int hf_lsa_qos_track_context = -1;
58 static int hf_lsa_qos_effective_only = -1;
59 static int hf_lsa_pali_percent_full = -1;
60 static int hf_lsa_pali_log_size = -1;
61 static int hf_lsa_pali_retention_period = -1;
62 static int hf_lsa_pali_time_to_shutdown = -1;
63 static int hf_lsa_pali_shutdown_in_progress = -1;
64 static int hf_lsa_pali_next_audit_record = -1;
65 static int hf_lsa_paei_enabled = -1;
66 static int hf_lsa_paei_settings = -1;
67 static int hf_lsa_count = -1;
68 static int hf_lsa_size = -1;
69 static int hf_lsa_size16 = -1;
70 static int hf_lsa_size_needed = -1;
71 static int hf_lsa_max_count = -1;
72 static int hf_lsa_index = -1;
73 static int hf_lsa_domain = -1;
74 static int hf_lsa_acct = -1;
75 static int hf_lsa_server_role = -1;
76 static int hf_lsa_source = -1;
77 static int hf_lsa_quota_paged_pool = -1;
78 static int hf_lsa_quota_non_paged_pool = -1;
79 static int hf_lsa_quota_min_wss = -1;
80 static int hf_lsa_quota_max_wss = -1;
81 static int hf_lsa_quota_pagefile = -1;
82 static int hf_lsa_mod_seq_no = -1;
83 static int hf_lsa_mod_mtime = -1;
84 static int hf_lsa_cur_mtime = -1;
85 static int hf_lsa_old_mtime = -1;
86 static int hf_lsa_name = -1;
87 static int hf_lsa_key = -1;
88 static int hf_lsa_flat_name = -1;
89 static int hf_lsa_forest = -1;
90 static int hf_lsa_info_type = -1;
91 static int hf_lsa_old_pwd = -1;
92 static int hf_lsa_new_pwd = -1;
93 static int hf_lsa_sid_type = -1;
94 static int hf_lsa_rid = -1;
95 static int hf_lsa_rid_offset = -1;
96 static int hf_lsa_num_mapped = -1;
97 static int hf_lsa_policy_information_class = -1;
98 static int hf_lsa_secret = -1;
99 static int hf_nt_luid_high = -1;
100 static int hf_nt_luid_low = -1;
101 static int hf_lsa_privilege_name = -1;
102 static int hf_lsa_attr = -1;
103 static int hf_lsa_resume_handle = -1;
104 static int hf_lsa_trust_direction = -1;
105 static int hf_lsa_trust_type = -1;
106 static int hf_lsa_trust_attr = -1;
107 static int hf_lsa_trust_attr_non_trans = -1;
108 static int hf_lsa_trust_attr_uplevel_only = -1;
109 static int hf_lsa_trust_attr_tree_parent = -1;
110 static int hf_lsa_trust_attr_tree_root = -1;
111 static int hf_lsa_auth_update = -1;
112 static int hf_lsa_auth_type = -1;
113 static int hf_lsa_auth_len = -1;
114 static int hf_lsa_auth_blob = -1;
115 static int hf_lsa_rights = -1;
116 static int hf_lsa_remove_all = -1;
118 static int hf_lsa_unknown_hyper = -1;
119 static int hf_lsa_unknown_long = -1;
120 static int hf_lsa_unknown_short = -1;
121 static int hf_lsa_unknown_char = -1;
122 static int hf_lsa_unknown_string = -1;
123 #ifdef LSA_UNUSED_HANDLES
124 static int hf_lsa_unknown_time = -1;
128 static gint ett_dcerpc_lsa = -1;
129 static gint ett_lsa_OBJECT_ATTRIBUTES = -1;
130 static gint ett_LSA_SECURITY_DESCRIPTOR = -1;
131 static gint ett_lsa_policy_info = -1;
132 static gint ett_lsa_policy_audit_log_info = -1;
133 static gint ett_lsa_policy_audit_events_info = -1;
134 static gint ett_lsa_policy_primary_domain_info = -1;
135 static gint ett_lsa_policy_primary_account_info = -1;
136 static gint ett_lsa_policy_server_role_info = -1;
137 static gint ett_lsa_policy_replica_source_info = -1;
138 static gint ett_lsa_policy_default_quota_info = -1;
139 static gint ett_lsa_policy_modification_info = -1;
140 static gint ett_lsa_policy_audit_full_set_info = -1;
141 static gint ett_lsa_policy_audit_full_query_info = -1;
142 static gint ett_lsa_policy_dns_domain_info = -1;
143 static gint ett_lsa_translated_names = -1;
144 static gint ett_lsa_translated_name = -1;
145 static gint ett_lsa_referenced_domain_list = -1;
146 static gint ett_lsa_trust_information = -1;
147 static gint ett_lsa_trust_information_ex = -1;
148 static gint ett_LUID = -1;
149 static gint ett_LSA_PRIVILEGES = -1;
150 static gint ett_LSA_PRIVILEGE = -1;
151 static gint ett_LSA_LUID_AND_ATTRIBUTES_ARRAY = -1;
152 static gint ett_LSA_LUID_AND_ATTRIBUTES = -1;
153 static gint ett_LSA_TRUSTED_DOMAIN_LIST = -1;
154 static gint ett_LSA_TRUSTED_DOMAIN = -1;
155 static gint ett_LSA_TRANSLATED_SIDS = -1;
156 static gint ett_lsa_trusted_domain_info = -1;
157 static gint ett_lsa_trust_attr = -1;
158 static gint ett_lsa_trusted_domain_auth_information = -1;
159 static gint ett_lsa_auth_information = -1;
163 lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
164 packet_info *pinfo, proto_tree *tree,
169 di=pinfo->private_data;
170 if(di->conformant_run){
171 /*just a run to handle conformant arrays, nothing to dissect */
175 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
182 lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
183 packet_info *pinfo, proto_tree *tree,
188 di=pinfo->private_data;
189 if(di->conformant_run){
190 /*just a run to handle conformant arrays, nothing to dissect */
194 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
200 lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
201 packet_info *pinfo, proto_tree *tree,
206 di=pinfo->private_data;
207 if(di->conformant_run){
208 /*just a run to handle conformant arrays, nothing to dissect */
212 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
213 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
214 "DOMAIN pointer: ", di->hf_index);
220 lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
221 packet_info *pinfo, proto_tree *tree,
226 di=pinfo->private_data;
227 if(di->conformant_run){
228 /*just a run to handle conformant arrays, nothing to dissect */
232 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
239 lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
240 packet_info *pinfo, proto_tree *tree,
246 di=pinfo->private_data;
247 if(di->conformant_run){
248 /*just a run to handle conformant arrays, nothing to dissect */
252 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
253 hf_lsa_sd_size, &len);
254 proto_tree_add_item(tree, hf_lsa_secret, tvb, offset, len, FALSE);
260 lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
261 packet_info *pinfo, proto_tree *parent_tree,
264 proto_item *item=NULL;
265 proto_tree *tree=NULL;
266 int old_offset=offset;
269 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
271 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
274 /* XXX need to figure this one out */
275 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
276 hf_lsa_sd_size, NULL);
277 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
278 lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
279 "LSA SECRET data:", -1);
281 proto_item_set_len(item, offset-old_offset);
286 lsa_dissect_LSA_SECRET_pointer(tvbuff_t *tvb, int offset,
287 packet_info *pinfo, proto_tree *tree,
290 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
291 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
292 "LSA_SECRET pointer: data", -1);
297 /* Dissect LSA specific access rights */
299 static gint hf_view_local_info = -1;
300 static gint hf_view_audit_info = -1;
301 static gint hf_get_private_info = -1;
302 static gint hf_trust_admin = -1;
303 static gint hf_create_account = -1;
304 static gint hf_create_secret = -1;
305 static gint hf_create_priv = -1;
306 static gint hf_set_default_quota_limits = -1;
307 static gint hf_set_audit_requirements = -1;
308 static gint hf_server_admin = -1;
309 static gint hf_lookup_names = -1;
312 lsa_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree,
315 proto_tree_add_boolean(
316 tree, hf_lookup_names, tvb, offset, 4, access);
318 proto_tree_add_boolean(
319 tree, hf_server_admin, tvb, offset, 4, access);
321 proto_tree_add_boolean(
322 tree, hf_set_audit_requirements, tvb, offset, 4, access);
324 proto_tree_add_boolean(
325 tree, hf_set_default_quota_limits, tvb, offset, 4, access);
327 proto_tree_add_boolean(
328 tree, hf_create_priv, tvb, offset, 4, access);
330 proto_tree_add_boolean(
331 tree, hf_create_secret, tvb, offset, 4, access);
333 proto_tree_add_boolean(
334 tree, hf_create_account, tvb, offset, 4, access);
336 proto_tree_add_boolean(
337 tree, hf_trust_admin, tvb, offset, 4, access);
339 proto_tree_add_boolean(
340 tree, hf_get_private_info, tvb, offset, 4, access);
342 proto_tree_add_boolean(
343 tree, hf_view_audit_info, tvb, offset, 4, access);
345 proto_tree_add_boolean(
346 tree, hf_view_local_info, tvb, offset, 4, access);
349 struct access_mask_info lsa_access_mask_info = {
350 "LSA", /* Name of specific rights */
351 lsa_specific_rights, /* Dissection function */
352 NULL, /* Generic mapping table */
353 NULL /* Standard mapping table */
357 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
358 packet_info *pinfo, proto_tree *tree,
364 di=pinfo->private_data;
365 if(di->conformant_run){
366 /*just a run to handle conformant arrays, nothing to dissect */
370 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
371 hf_lsa_sd_size, &len);
374 tvb, offset, pinfo, tree, drep, len, &lsa_access_mask_info);
381 lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
382 packet_info *pinfo, proto_tree *parent_tree,
385 proto_item *item=NULL;
386 proto_tree *tree=NULL;
387 int old_offset=offset;
390 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
391 "LSA_SECURITY_DESCRIPTOR:");
392 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
395 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
396 hf_lsa_sd_size, NULL);
398 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
399 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
400 "LSA SECURITY DESCRIPTOR data:", -1);
402 proto_item_set_len(item, offset-old_offset);
407 lsa_dissect_LPSTR(tvbuff_t *tvb, int offset,
408 packet_info *pinfo, proto_tree *tree, char *drep)
410 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
411 hf_lsa_unknown_char, NULL);
416 static const value_string lsa_impersonation_level_vals[] = {
418 {1, "Identification"},
419 {2, "Impersonation"},
426 lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset,
427 packet_info *pinfo, proto_tree *tree, char *drep)
430 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
431 hf_lsa_qos_len, NULL);
433 /* impersonation level */
434 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
435 hf_lsa_qos_impersonation_level, NULL);
437 /* context tracking mode */
438 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
439 hf_lsa_qos_track_context, NULL);
442 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
443 hf_lsa_qos_effective_only, NULL);
449 lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
450 packet_info *pinfo, proto_tree *tree, char *drep)
452 offset = dissect_nt_access_mask(
453 tvb, offset, pinfo, tree, drep, hf_lsa_access_mask,
454 &lsa_access_mask_info);
460 lsa_dissect_LSA_HANDLE(tvbuff_t *tvb, int offset,
461 packet_info *pinfo, proto_tree *tree, char *drep)
463 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
464 hf_lsa_hnd, NULL, FALSE, FALSE);
470 lsa_dissect_LSA_HANDLE_open(tvbuff_t *tvb, int offset,
471 packet_info *pinfo, proto_tree *tree, char *drep)
473 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
474 hf_lsa_hnd, NULL, TRUE, FALSE);
480 lsa_dissect_LSA_HANDLE_close(tvbuff_t *tvb, int offset,
481 packet_info *pinfo, proto_tree *tree, char *drep)
483 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
484 hf_lsa_hnd, NULL, FALSE, TRUE);
491 lsa_dissect_LSA_OBJECT_ATTRIBUTES(tvbuff_t *tvb, int offset,
492 packet_info *pinfo, proto_tree *parent_tree, char *drep)
494 int old_offset=offset;
495 proto_item *item = NULL;
496 proto_tree *tree = NULL;
499 item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Object Attributes");
500 tree = proto_item_add_subtree(item, ett_lsa_OBJECT_ATTRIBUTES);
504 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
505 hf_lsa_obj_attr_len, NULL);
508 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
509 lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
510 "LSPTR pointer: ", -1);
513 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
514 lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
515 "NAME pointer: ", hf_lsa_obj_attr_name);
518 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
519 hf_lsa_obj_attr, NULL);
521 /* security descriptor */
522 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
523 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
524 "LSA_SECURITY_DESCRIPTOR pointer: ", -1);
526 /* security quality of service */
527 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
528 lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
529 "LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1);
531 proto_item_set_len(item, offset-old_offset);
536 lsa_dissect_lsaclose_rqst(tvbuff_t *tvb, int offset,
537 packet_info *pinfo, proto_tree *tree, char *drep)
539 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
540 lsa_dissect_LSA_HANDLE_close, NDR_POINTER_REF,
547 lsa_dissect_lsaclose_reply(tvbuff_t *tvb, int offset,
548 packet_info *pinfo, proto_tree *tree, char *drep)
550 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
551 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
554 offset = dissect_ntstatus(
555 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
560 /* A bug in the NT IDL for lsa openpolicy only stores the first (wide)
561 character of the server name which is always '\'. This is fixed in lsa
562 openpolicy2 but the function remains for backwards compatibility. */
564 static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
566 proto_tree *tree, char *drep)
568 return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
569 hf_lsa_server, NULL);
573 lsa_dissect_lsaopenpolicy_rqst(tvbuff_t *tvb, int offset,
574 packet_info *pinfo, proto_tree *tree, char *drep)
576 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
577 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
578 "Server:", hf_lsa_server);
580 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
581 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
582 "OBJECT_ATTRIBUTES", -1);
584 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
590 lsa_dissect_lsaopenpolicy_reply(tvbuff_t *tvb, int offset,
591 packet_info *pinfo, proto_tree *tree, char *drep)
593 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
594 lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
597 offset = dissect_ntstatus(
598 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
604 lsa_dissect_lsaopenpolicy2_rqst(tvbuff_t *tvb, int offset,
605 packet_info *pinfo, proto_tree *tree, char *drep)
607 offset = dissect_ndr_pointer_cb(tvb, offset, pinfo, tree, drep,
608 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Server",
609 hf_lsa_server, cb_wstr_postprocess,
610 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
612 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
613 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
614 "OBJECT_ATTRIBUTES", -1);
616 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
623 lsa_dissect_lsaopenpolicy2_reply(tvbuff_t *tvb, int offset,
624 packet_info *pinfo, proto_tree *tree, char *drep)
626 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
627 lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
630 offset = dissect_ntstatus(
631 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
636 static const value_string policy_information_class_vals[] = {
637 {1, "Audit Log Information"},
638 {2, "Audit Events Information"},
639 {3, "Primary Domain Information"},
640 {4, "Pd Account Information"},
641 {5, "Account Domain Information"},
642 {6, "Server Role Information"},
643 {7, "Replica Source Information"},
644 {8, "Default Quota Information"},
645 {9, "Modification Information"},
646 {10, "Audit Full Set Information"},
647 {11, "Audit Full Query Information"},
648 {12, "DNS Domain Information"},
653 lsa_dissect_lsaqueryinformationpolicy_rqst(tvbuff_t *tvb, int offset,
654 packet_info *pinfo, proto_tree *tree, char *drep)
658 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
659 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
662 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
663 hf_lsa_policy_information_class, &level);
665 if (check_col(pinfo->cinfo, COL_INFO))
667 pinfo->cinfo, COL_INFO, ", %s",
668 val_to_str(level, policy_information_class_vals,
675 lsa_dissect_POLICY_AUDIT_LOG_INFO(tvbuff_t *tvb, int offset,
676 packet_info *pinfo, proto_tree *parent_tree, char *drep)
678 proto_item *item=NULL;
679 proto_tree *tree=NULL;
680 int old_offset=offset;
683 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
684 "POLICY_AUDIT_LOG_INFO:");
685 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_log_info);
689 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
690 hf_lsa_pali_percent_full, NULL);
693 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
694 hf_lsa_pali_log_size, NULL);
696 /* retention period */
697 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
698 hf_lsa_pali_retention_period);
700 /* shutdown in progress */
701 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
702 hf_lsa_pali_shutdown_in_progress, NULL);
704 /* time to shutdown */
705 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
706 hf_lsa_pali_time_to_shutdown);
708 /* next audit record */
709 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
710 hf_lsa_pali_next_audit_record, NULL);
712 proto_item_set_len(item, offset-old_offset);
717 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings(tvbuff_t *tvb, int offset,
718 packet_info *pinfo, proto_tree *tree, char *drep)
720 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
721 hf_lsa_paei_settings, NULL);
726 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array(tvbuff_t *tvb, int offset,
727 packet_info *pinfo, proto_tree *tree, char *drep)
729 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
730 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings);
736 lsa_dissect_POLICY_AUDIT_EVENTS_INFO(tvbuff_t *tvb, int offset,
737 packet_info *pinfo, proto_tree *parent_tree, char *drep)
739 proto_item *item=NULL;
740 proto_tree *tree=NULL;
741 int old_offset=offset;
744 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
745 "POLICY_AUDIT_EVENTS_INFO:");
746 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_events_info);
750 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
751 hf_lsa_paei_enabled, NULL);
754 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
755 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array, NDR_POINTER_UNIQUE,
759 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
762 proto_item_set_len(item, offset-old_offset);
768 lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(tvbuff_t *tvb, int offset,
769 packet_info *pinfo, proto_tree *parent_tree, char *drep)
771 proto_item *item=NULL;
772 proto_tree *tree=NULL;
773 int old_offset=offset;
776 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
777 "POLICY_PRIMARY_DOMAIN_INFO:");
778 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_domain_info);
782 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
786 offset = dissect_ndr_nt_PSID(tvb, offset,
787 pinfo, tree, drep, -1);
789 proto_item_set_len(item, offset-old_offset);
795 lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(tvbuff_t *tvb, int offset,
796 packet_info *pinfo, proto_tree *parent_tree, char *drep)
798 proto_item *item=NULL;
799 proto_tree *tree=NULL;
800 int old_offset=offset;
803 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
804 "POLICY_ACCOUNT_DOMAIN_INFO:");
805 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_account_info);
809 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
813 offset = dissect_ndr_nt_PSID(tvb, offset,
814 pinfo, tree, drep, -1);
816 proto_item_set_len(item, offset-old_offset);
821 static const value_string server_role_vals[] = {
823 {1, "Domain Member"},
829 lsa_dissect_POLICY_SERVER_ROLE_INFO(tvbuff_t *tvb, int offset,
830 packet_info *pinfo, proto_tree *parent_tree, char *drep)
832 proto_item *item=NULL;
833 proto_tree *tree=NULL;
834 int old_offset=offset;
837 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
838 "POLICY_SERVER_ROLE_INFO:");
839 tree = proto_item_add_subtree(item, ett_lsa_policy_server_role_info);
843 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
844 hf_lsa_server_role, NULL);
846 proto_item_set_len(item, offset-old_offset);
851 lsa_dissect_POLICY_REPLICA_SOURCE_INFO(tvbuff_t *tvb, int offset,
852 packet_info *pinfo, proto_tree *parent_tree, char *drep)
854 proto_item *item=NULL;
855 proto_tree *tree=NULL;
856 int old_offset=offset;
859 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
860 "POLICY_REPLICA_SOURCE_INFO:");
861 tree = proto_item_add_subtree(item, ett_lsa_policy_replica_source_info);
865 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
869 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
872 proto_item_set_len(item, offset-old_offset);
878 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(tvbuff_t *tvb, int offset,
879 packet_info *pinfo, proto_tree *parent_tree, char *drep)
881 proto_item *item=NULL;
882 proto_tree *tree=NULL;
883 int old_offset=offset;
886 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
887 "POLICY_DEFAULT_QUOTA_INFO:");
888 tree = proto_item_add_subtree(item, ett_lsa_policy_default_quota_info);
892 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
893 hf_lsa_quota_paged_pool, NULL);
896 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
897 hf_lsa_quota_non_paged_pool, NULL);
900 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
901 hf_lsa_quota_min_wss, NULL);
904 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
905 hf_lsa_quota_max_wss, NULL);
908 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
909 hf_lsa_quota_pagefile, NULL);
912 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
913 hf_lsa_unknown_hyper, NULL);
915 proto_item_set_len(item, offset-old_offset);
921 lsa_dissect_POLICY_MODIFICATION_INFO(tvbuff_t *tvb, int offset,
922 packet_info *pinfo, proto_tree *parent_tree, char *drep)
924 proto_item *item=NULL;
925 proto_tree *tree=NULL;
926 int old_offset=offset;
929 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
930 "POLICY_MODIFICATION_INFO:");
931 tree = proto_item_add_subtree(item, ett_lsa_policy_modification_info);
935 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
936 hf_lsa_mod_seq_no, NULL);
939 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
942 proto_item_set_len(item, offset-old_offset);
948 lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(tvbuff_t *tvb, int offset,
949 packet_info *pinfo, proto_tree *parent_tree, char *drep)
951 proto_item *item=NULL;
952 proto_tree *tree=NULL;
953 int old_offset=offset;
956 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
957 "POLICY_AUDIT_FULL_SET_INFO:");
958 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_set_info);
962 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
963 hf_lsa_unknown_char, NULL);
965 proto_item_set_len(item, offset-old_offset);
971 lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(tvbuff_t *tvb, int offset,
972 packet_info *pinfo, proto_tree *parent_tree, char *drep)
974 proto_item *item=NULL;
975 proto_tree *tree=NULL;
976 int old_offset=offset;
979 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
980 "POLICY_AUDIT_FULL_QUERY_INFO:");
981 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_query_info);
985 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
986 hf_lsa_unknown_char, NULL);
989 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
990 hf_lsa_unknown_char, NULL);
992 proto_item_set_len(item, offset-old_offset);
998 lsa_dissect_POLICY_DNS_DOMAIN_INFO(tvbuff_t *tvb, int offset,
999 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1001 proto_item *item=NULL;
1002 proto_tree *tree=NULL;
1003 int old_offset=offset;
1006 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1007 "POLICY_DNS_DOMAIN_INFO:");
1008 tree = proto_item_add_subtree(item, ett_lsa_policy_dns_domain_info);
1012 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1016 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1020 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1024 offset = dissect_nt_GUID(tvb, offset,
1028 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep, -1);
1030 proto_item_set_len(item, offset-old_offset);
1035 lsa_dissect_POLICY_INFORMATION(tvbuff_t *tvb, int offset,
1036 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1038 proto_item *item=NULL;
1039 proto_tree *tree=NULL;
1040 int old_offset=offset;
1044 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1046 tree = proto_item_add_subtree(item, ett_lsa_policy_info);
1049 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1050 hf_lsa_info_level, &level);
1052 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
1055 offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
1056 tvb, offset, pinfo, tree, drep);
1059 offset = lsa_dissect_POLICY_AUDIT_EVENTS_INFO(
1060 tvb, offset, pinfo, tree, drep);
1063 offset = lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(
1064 tvb, offset, pinfo, tree, drep);
1067 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1068 tree, drep, hf_lsa_acct, 0);
1071 offset = lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(
1072 tvb, offset, pinfo, tree, drep);
1075 offset = lsa_dissect_POLICY_SERVER_ROLE_INFO(
1076 tvb, offset, pinfo, tree, drep);
1079 offset = lsa_dissect_POLICY_REPLICA_SOURCE_INFO(
1080 tvb, offset, pinfo, tree, drep);
1083 offset = lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(
1084 tvb, offset, pinfo, tree, drep);
1087 offset = lsa_dissect_POLICY_MODIFICATION_INFO(
1088 tvb, offset, pinfo, tree, drep);
1091 offset = lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(
1092 tvb, offset, pinfo, tree, drep);
1095 offset = lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(
1096 tvb, offset, pinfo, tree, drep);
1099 offset = lsa_dissect_POLICY_DNS_DOMAIN_INFO(
1100 tvb, offset, pinfo, tree, drep);
1104 proto_item_set_len(item, offset-old_offset);
1109 lsa_dissect_lsaqueryinformationpolicy_reply(tvbuff_t *tvb, int offset,
1110 packet_info *pinfo, proto_tree *tree, char *drep)
1112 /* This is really a pointer to a pointer though the first level is REF
1113 so we just ignore that one */
1114 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1115 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
1116 "POLICY_INFORMATION pointer: info", -1);
1118 offset = dissect_ntstatus(
1119 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1125 lsa_dissect_lsadelete_rqst(tvbuff_t *tvb, int offset,
1126 packet_info *pinfo, proto_tree *tree, char *drep)
1128 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1129 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
1136 lsa_dissect_lsadelete_reply(tvbuff_t *tvb, int offset,
1137 packet_info *pinfo, proto_tree *tree, char *drep)
1139 offset = dissect_ntstatus(
1140 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1147 lsa_dissect_lsaquerysecurityobject_rqst(tvbuff_t *tvb, int offset,
1148 packet_info *pinfo, proto_tree *tree, char *drep)
1150 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1153 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1154 hf_lsa_info_type, NULL);
1161 lsa_dissect_lsaquerysecurityobject_reply(tvbuff_t *tvb, int offset,
1162 packet_info *pinfo, proto_tree *tree, char *drep)
1164 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1165 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
1166 "LSA_SECURITY_DESCRIPTOR pointer: sec_info", -1);
1168 offset = dissect_ntstatus(
1169 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1176 lsa_dissect_lsasetsecurityobject_rqst(tvbuff_t *tvb, int offset,
1177 packet_info *pinfo, proto_tree *tree, char *drep)
1179 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1182 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1183 hf_lsa_info_type, NULL);
1185 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1186 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
1187 "LSA_SECURITY_DESCRIPTOR: sec_info", -1);
1193 lsa_dissect_lsasetsecurityobject_reply(tvbuff_t *tvb, int offset,
1194 packet_info *pinfo, proto_tree *tree, char *drep)
1196 offset = dissect_ntstatus(
1197 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1204 lsa_dissect_lsachangepassword_rqst(tvbuff_t *tvb, int offset,
1205 packet_info *pinfo, proto_tree *tree, char *drep)
1208 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1212 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1216 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1220 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1224 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1231 lsa_dissect_lsachangepassword_reply(tvbuff_t *tvb, int offset,
1232 packet_info *pinfo, proto_tree *tree, char *drep)
1234 offset = dissect_ntstatus(
1235 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1240 static const value_string sid_type_vals[] = {
1245 {5, "Well Known Group"},
1246 {6, "Deleted Account"},
1253 lsa_dissect_LSA_TRANSLATED_NAME(tvbuff_t *tvb, int offset,
1254 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1256 proto_item *item=NULL;
1257 proto_tree *tree=NULL;
1258 int old_offset=offset;
1261 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1262 "LSA_TRANSLATED_NAME:");
1263 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
1267 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1268 hf_lsa_sid_type, NULL);
1271 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1275 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1276 hf_lsa_index, NULL);
1278 proto_item_set_len(item, offset-old_offset);
1283 lsa_dissect_LSA_TRANSLATED_NAME_array(tvbuff_t *tvb, int offset,
1284 packet_info *pinfo, proto_tree *tree, char *drep)
1286 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1287 lsa_dissect_LSA_TRANSLATED_NAME);
1293 lsa_dissect_LSA_TRANSLATED_NAMES(tvbuff_t *tvb, int offset,
1294 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1296 proto_item *item=NULL;
1297 proto_tree *tree=NULL;
1298 int old_offset=offset;
1301 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1302 "LSA_TRANSLATED_NAMES:");
1303 tree = proto_item_add_subtree(item, ett_lsa_translated_names);
1307 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1308 hf_lsa_count, NULL);
1311 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1312 lsa_dissect_LSA_TRANSLATED_NAME_array, NDR_POINTER_UNIQUE,
1313 "TRANSLATED_NAME_ARRAY", -1);
1315 proto_item_set_len(item, offset-old_offset);
1321 lsa_dissect_lsalookupsids_rqst(tvbuff_t *tvb, int offset,
1322 packet_info *pinfo, proto_tree *tree, char *drep)
1324 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1327 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1328 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
1331 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1332 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1333 "LSA_TRANSLATED_NAMES pointer: names", -1);
1335 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1336 hf_lsa_info_level, NULL);
1338 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1339 hf_lsa_num_mapped, NULL);
1345 lsa_dissect_LSA_TRUST_INFORMATION(tvbuff_t *tvb, int offset,
1346 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1348 proto_item *item=NULL;
1349 proto_tree *tree=NULL;
1350 int old_offset=offset;
1353 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1354 "TRUST INFORMATION:");
1355 tree = proto_item_add_subtree(item, ett_lsa_trust_information);
1359 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1363 offset = dissect_ndr_nt_PSID(tvb, offset,
1364 pinfo, tree, drep, -1);
1366 proto_item_set_len(item, offset-old_offset);
1370 static const value_string trusted_direction_vals[] = {
1371 {0, "Trust disabled"},
1372 {1, "Inbound trust"},
1373 {2, "Outbound trust"},
1377 static const value_string trusted_type_vals[] = {
1385 static const true_false_string tfs_trust_attr_non_trans = {
1386 "NON TRANSITIVE is set",
1387 "Non transitive is NOT set"
1389 static const true_false_string tfs_trust_attr_uplevel_only = {
1390 "UPLEVEL ONLY is set",
1391 "Uplevel only is NOT set"
1393 static const true_false_string tfs_trust_attr_tree_parent = {
1394 "TREE PARENT is set",
1395 "Tree parent is NOT set"
1397 static const true_false_string tfs_trust_attr_tree_root = {
1399 "Tree root is NOT set"
1402 lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
1403 proto_tree *parent_tree, char *drep)
1406 proto_item *item = NULL;
1407 proto_tree *tree = NULL;
1409 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
1410 hf_lsa_trust_attr, &mask);
1413 item = proto_tree_add_uint(parent_tree, hf_lsa_trust_attr,
1414 tvb, offset-4, 4, mask);
1415 tree = proto_item_add_subtree(item, ett_lsa_trust_attr);
1418 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_root,
1419 tvb, offset-4, 4, mask);
1420 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_parent,
1421 tvb, offset-4, 4, mask);
1422 proto_tree_add_boolean(tree, hf_lsa_trust_attr_uplevel_only,
1423 tvb, offset-4, 4, mask);
1424 proto_tree_add_boolean(tree, hf_lsa_trust_attr_non_trans,
1425 tvb, offset-4, 4, mask);
1431 lsa_dissect_LSA_TRUST_INFORMATION_EX(tvbuff_t *tvb, int offset,
1432 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1434 proto_item *item=NULL;
1435 proto_tree *tree=NULL;
1436 int old_offset=offset;
1439 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1440 "TRUST INFORMATION EX:");
1441 tree = proto_item_add_subtree(item, ett_lsa_trust_information_ex);
1445 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1449 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1450 hf_lsa_flat_name, 0);
1453 offset = dissect_ndr_nt_PSID(tvb, offset,
1454 pinfo, tree, drep, -1);
1457 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1458 hf_lsa_trust_direction, NULL);
1461 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1462 hf_lsa_trust_type, NULL);
1465 offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
1467 proto_item_set_len(item, offset-old_offset);
1472 lsa_dissect_auth_info_blob(tvbuff_t *tvb, int offset,
1473 packet_info *pinfo, proto_tree *tree, char *drep)
1478 di=pinfo->private_data;
1479 if(di->conformant_run){
1480 /*just a run to handle conformant arrays, nothing to dissect */
1485 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1486 hf_lsa_auth_len, &len);
1488 proto_tree_add_item(tree, hf_lsa_auth_blob, tvb, offset, len, FALSE);
1495 lsa_dissect_auth_info(tvbuff_t *tvb, int offset,
1496 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1498 proto_item *item=NULL;
1499 proto_tree *tree=NULL;
1500 int old_offset=offset;
1503 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1504 "AUTH INFORMATION:");
1505 tree = proto_item_add_subtree(item, ett_lsa_auth_information);
1509 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1510 hf_lsa_auth_update, NULL);
1513 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1514 hf_lsa_auth_type, NULL);
1517 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1518 hf_lsa_auth_len, NULL);
1520 /* auth info blob */
1521 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1522 lsa_dissect_auth_info_blob, NDR_POINTER_UNIQUE,
1523 "AUTH INFO blob:", -1);
1525 proto_item_set_len(item, offset-old_offset);
1530 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvbuff_t *tvb, int offset,
1531 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1533 proto_item *item=NULL;
1534 proto_tree *tree=NULL;
1535 int old_offset=offset;
1538 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1539 "TRUSTED DOMAIN AUTH INFORMATION:");
1540 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_auth_information);
1544 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1545 hf_lsa_unknown_long, NULL);
1548 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1551 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1554 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1555 hf_lsa_unknown_long, NULL);
1558 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1561 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1563 proto_item_set_len(item, offset-old_offset);
1569 lsa_dissect_LSA_TRUST_INFORMATION_array(tvbuff_t *tvb, int offset,
1570 packet_info *pinfo, proto_tree *tree, char *drep)
1572 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1573 lsa_dissect_LSA_TRUST_INFORMATION);
1579 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
1580 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1582 proto_item *item=NULL;
1583 proto_tree *tree=NULL;
1584 int old_offset=offset;
1587 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1588 "LSA_REFERENCED_DOMAIN_LIST:");
1589 tree = proto_item_add_subtree(item, ett_lsa_referenced_domain_list);
1593 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1594 hf_lsa_count, NULL);
1596 /* trust information */
1597 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1598 lsa_dissect_LSA_TRUST_INFORMATION_array, NDR_POINTER_UNIQUE,
1599 "TRUST INFORMATION array:", -1);
1602 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1603 hf_lsa_max_count, NULL);
1605 proto_item_set_len(item, offset-old_offset);
1610 lsa_dissect_lsalookupsids_reply(tvbuff_t *tvb, int offset,
1611 packet_info *pinfo, proto_tree *tree, char *drep)
1613 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1614 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
1615 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
1617 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1618 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1619 "LSA_TRANSLATED_NAMES pointer: names", -1);
1621 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1622 hf_lsa_num_mapped, NULL);
1624 offset = dissect_ntstatus(
1625 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1632 lsa_dissect_lsasetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1633 packet_info *pinfo, proto_tree *tree, char *drep)
1635 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1638 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1639 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1640 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1647 lsa_dissect_lsasetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1648 packet_info *pinfo, proto_tree *tree, char *drep)
1650 offset = dissect_ntstatus(
1651 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1658 lsa_dissect_lsagetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1659 packet_info *pinfo, proto_tree *tree, char *drep)
1661 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1669 lsa_dissect_lsagetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1670 packet_info *pinfo, proto_tree *tree, char *drep)
1672 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1673 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1674 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1676 offset = dissect_ntstatus(
1677 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1684 lsa_dissect_lsasetinformationpolicy_rqst(tvbuff_t *tvb, int offset,
1685 packet_info *pinfo, proto_tree *tree, char *drep)
1687 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1690 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1691 hf_lsa_policy_information_class, NULL);
1693 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1694 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
1695 "POLICY_INFORMATION pointer: info", -1);
1702 lsa_dissect_lsasetinformationpolicy_reply(tvbuff_t *tvb, int offset,
1703 packet_info *pinfo, proto_tree *tree, char *drep)
1705 offset = dissect_ntstatus(
1706 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1713 lsa_dissect_lsaclearauditlog_rqst(tvbuff_t *tvb, int offset,
1714 packet_info *pinfo, proto_tree *tree, char *drep)
1716 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1719 offset = dissect_ndr_nt_SID(tvb, offset,
1720 pinfo, tree, drep, -1);
1723 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1724 hf_lsa_unknown_long, NULL);
1731 lsa_dissect_lsaclearauditlog_reply(tvbuff_t *tvb, int offset,
1732 packet_info *pinfo, proto_tree *tree, char *drep)
1734 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1737 offset = dissect_ntstatus(
1738 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1744 lsa_dissect_lsagetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1745 packet_info *pinfo, proto_tree *tree, char *drep)
1747 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1755 lsa_dissect_lsagetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1756 packet_info *pinfo, proto_tree *tree, char *drep)
1758 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1761 offset = dissect_ntstatus(
1762 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1769 lsa_dissect_lsasetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1770 packet_info *pinfo, proto_tree *tree, char *drep)
1772 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1775 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1783 lsa_dissect_lsasetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1784 packet_info *pinfo, proto_tree *tree, char *drep)
1786 offset = dissect_ntstatus(
1787 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1794 lsa_dissect_lsaopentrusteddomain_rqst(tvbuff_t *tvb, int offset,
1795 packet_info *pinfo, proto_tree *tree, char *drep)
1797 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1800 offset = dissect_ndr_nt_SID(tvb, offset,
1801 pinfo, tree, drep, -1);
1803 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
1811 lsa_dissect_lsaopentrusteddomain_reply(tvbuff_t *tvb, int offset,
1812 packet_info *pinfo, proto_tree *tree, char *drep)
1814 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1817 offset = dissect_ntstatus(
1818 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1825 lsa_dissect_lsadeletetrusteddomain_rqst(tvbuff_t *tvb, int offset,
1826 packet_info *pinfo, proto_tree *tree, char *drep)
1828 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1831 offset = dissect_ndr_nt_SID(tvb, offset,
1832 pinfo, tree, drep, -1);
1839 lsa_dissect_lsadeletetrusteddomain_reply(tvbuff_t *tvb, int offset,
1840 packet_info *pinfo, proto_tree *tree, char *drep)
1842 offset = dissect_ntstatus(
1843 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1849 dissect_nt_LUID(tvbuff_t *tvb, int offset,
1850 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1852 proto_item *item=NULL;
1853 proto_tree *tree=NULL;
1854 int old_offset=offset;
1857 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1859 tree = proto_item_add_subtree(item, ett_LUID);
1862 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1863 hf_nt_luid_low, NULL);
1865 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1866 hf_nt_luid_high, NULL);
1868 proto_item_set_len(item, offset-old_offset);
1873 lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset,
1874 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1876 proto_item *item=NULL;
1877 proto_tree *tree=NULL;
1878 int old_offset=offset;
1881 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1883 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
1886 /* privilege name */
1887 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1888 hf_lsa_privilege_name, 0);
1891 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1893 proto_item_set_len(item, offset-old_offset);
1898 lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset,
1899 packet_info *pinfo, proto_tree *tree, char *drep)
1901 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1902 lsa_dissect_LSA_PRIVILEGE);
1908 lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset,
1909 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1911 proto_item *item=NULL;
1912 proto_tree *tree=NULL;
1913 int old_offset=offset;
1916 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1918 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES);
1921 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1922 hf_lsa_count, NULL);
1925 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1926 lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE,
1927 "LSA_PRIVILEGE array:", -1);
1929 proto_item_set_len(item, offset-old_offset);
1934 lsa_dissect_lsaenumerateprivileges_rqst(tvbuff_t *tvb, int offset,
1935 packet_info *pinfo, proto_tree *tree, char *drep)
1937 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1940 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1941 hf_lsa_count, NULL);
1943 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1950 lsa_dissect_lsaenumerateprivileges_reply(tvbuff_t *tvb, int offset,
1951 packet_info *pinfo, proto_tree *tree, char *drep)
1953 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1954 hf_lsa_count, NULL);
1956 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1957 lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF,
1958 "LSA_PRIVILEGES pointer: privs", -1);
1960 offset = dissect_ntstatus(
1961 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1967 lsa_dissect_lsalookupprivilegevalue_rqst(tvbuff_t *tvb, int offset,
1968 packet_info *pinfo, proto_tree *tree, char *drep)
1970 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1973 /* privilege name */
1974 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1975 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1976 "NAME pointer: ", hf_lsa_privilege_name);
1983 lsa_dissect_lsalookupprivilegevalue_reply(tvbuff_t *tvb, int offset,
1984 packet_info *pinfo, proto_tree *tree, char *drep)
1988 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1990 offset = dissect_ntstatus(
1991 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1998 lsa_dissect_lsalookupprivilegename_rqst(tvbuff_t *tvb, int offset,
1999 packet_info *pinfo, proto_tree *tree, char *drep)
2001 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2005 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2006 dissect_nt_LUID, NDR_POINTER_REF,
2007 "LUID pointer: value", -1);
2014 lsa_dissect_lsalookupprivilegename_reply(tvbuff_t *tvb, int offset,
2015 packet_info *pinfo, proto_tree *tree, char *drep)
2017 /* [out, ref] LSA_UNICODE_STRING **name */
2018 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2019 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2020 "PRIVILEGE NAME pointer:", hf_lsa_privilege_name);
2022 offset = dissect_ntstatus(
2023 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2030 lsa_dissect_lsaenumerateprivilegesaccount_rqst(tvbuff_t *tvb, int offset,
2031 packet_info *pinfo, proto_tree *tree, char *drep)
2033 /* [in] LSA_HANDLE hnd */
2034 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2042 lsa_dissect_LUID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
2043 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2045 proto_item *item=NULL;
2046 proto_tree *tree=NULL;
2047 int old_offset=offset;
2050 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2051 "LUID_AND_ATTRIBUTES:");
2052 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES);
2056 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
2059 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2062 proto_item_set_len(item, offset-old_offset);
2067 lsa_dissect_LUID_AND_ATTRIBUTES_array(tvbuff_t *tvb, int offset,
2068 packet_info *pinfo, proto_tree *tree, char *drep)
2070 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2071 lsa_dissect_LUID_AND_ATTRIBUTES);
2077 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2078 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2080 proto_item *item=NULL;
2081 proto_tree *tree=NULL;
2082 int old_offset=offset;
2085 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2086 "LUID_AND_ATTRIBUTES_ARRAY:");
2087 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES_ARRAY);
2090 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2091 hf_lsa_count, NULL);
2093 /* luid and attributes */
2094 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2095 lsa_dissect_LUID_AND_ATTRIBUTES_array, NDR_POINTER_UNIQUE,
2096 "LUID_AND_ATTRIBUTES array:", -1);
2098 proto_item_set_len(item, offset-old_offset);
2103 lsa_dissect_lsaenumerateprivilegesaccount_reply(tvbuff_t *tvb, int offset,
2104 packet_info *pinfo, proto_tree *tree, char *drep)
2106 /* [out, ref] LUID_AND_ATTRIBUTES_ARRAY * *privs */
2107 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2108 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2109 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2111 offset = dissect_ntstatus(
2112 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2118 lsa_dissect_lsaaddprivilegestoaccount_rqst(tvbuff_t *tvb, int offset,
2119 packet_info *pinfo, proto_tree *tree, char *drep)
2121 /* [in] LSA_HANDLE hnd */
2122 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2125 /* [in, ref] LUID_AND_ATTRIBUTES_ARRAY *privs */
2126 offset = lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvb, offset,
2134 lsa_dissect_lsaaddprivilegestoaccount_reply(tvbuff_t *tvb, int offset,
2135 packet_info *pinfo, proto_tree *tree, char *drep)
2137 offset = dissect_ntstatus(
2138 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2144 lsa_dissect_lsaremoveprivilegesfromaccount_rqst(tvbuff_t *tvb, int offset,
2145 packet_info *pinfo, proto_tree *tree, char *drep)
2147 /* [in] LSA_HANDLE hnd */
2148 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2151 /* [in] char unknown */
2152 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2153 hf_lsa_unknown_char, NULL);
2155 /* [in, unique] LUID_AND_ATTRIBUTES_ARRAY *privs */
2156 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2157 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2158 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2165 lsa_dissect_lsaremoveprivilegesfromaccount_reply(tvbuff_t *tvb, int offset,
2166 packet_info *pinfo, proto_tree *tree, char *drep)
2168 offset = dissect_ntstatus(
2169 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2175 lsa_dissect_lsaenumerateaccounts_rqst(tvbuff_t *tvb, int offset,
2176 packet_info *pinfo, proto_tree *tree, char *drep)
2178 /* [in] LSA_HANDLE hnd */
2179 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2182 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2183 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2184 hf_lsa_resume_handle, NULL);
2186 /* [in] ULONG pref_maxlen */
2187 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2188 hf_lsa_max_count, NULL);
2194 lsa_dissect_lsaenumerateaccounts_reply(tvbuff_t *tvb, int offset,
2195 packet_info *pinfo, proto_tree *tree, char *drep)
2197 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2198 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2199 hf_lsa_resume_handle, NULL);
2201 /* [out, ref] PSID_ARRAY **accounts */
2202 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2203 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2206 offset = dissect_ntstatus(
2207 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2213 lsa_dissect_lsacreatetrusteddomain_rqst(tvbuff_t *tvb, int offset,
2214 packet_info *pinfo, proto_tree *tree, char *drep)
2216 /* [in] LSA_HANDLE hnd_pol */
2217 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2220 /* [in, ref] LSA_TRUST_INFORMATION *domain */
2221 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2222 lsa_dissect_LSA_TRUST_INFORMATION, NDR_POINTER_REF,
2223 "LSA_TRUST_INFORMATION pointer: domain", -1);
2225 /* [in] ACCESS_MASK access */
2226 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2233 lsa_dissect_lsacreatetrusteddomain_reply(tvbuff_t *tvb, int offset,
2234 packet_info *pinfo, proto_tree *tree, char *drep)
2236 /* [out] LSA_HANDLE *hnd */
2237 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2240 offset = dissect_ntstatus(
2241 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2247 lsa_dissect_lsaenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
2248 packet_info *pinfo, proto_tree *tree, char *drep)
2250 /* [in] LSA_HANDLE hnd */
2251 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2254 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2255 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2256 hf_lsa_resume_handle, NULL);
2258 /* [in] ULONG pref_maxlen */
2259 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2260 hf_lsa_max_count, NULL);
2266 lsa_dissect_LSA_TRUSTED_DOMAIN(tvbuff_t *tvb, int offset,
2267 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2269 proto_item *item=NULL;
2270 proto_tree *tree=NULL;
2271 int old_offset=offset;
2274 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2276 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN);
2280 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2284 offset = dissect_ndr_nt_PSID(tvb, offset,
2285 pinfo, tree, drep, -1);
2287 proto_item_set_len(item, offset-old_offset);
2292 lsa_dissect_LSA_TRUSTED_DOMAIN_array(tvbuff_t *tvb, int offset,
2293 packet_info *pinfo, proto_tree *tree, char *drep)
2295 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2296 lsa_dissect_LSA_TRUSTED_DOMAIN);
2302 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
2303 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2305 proto_item *item=NULL;
2306 proto_tree *tree=NULL;
2307 int old_offset=offset;
2310 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2311 "TRUSTED_DOMAIN_LIST:");
2312 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN_LIST);
2315 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2316 hf_lsa_count, NULL);
2319 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2320 lsa_dissect_LSA_TRUSTED_DOMAIN_array, NDR_POINTER_UNIQUE,
2321 "TRUSTED_DOMAIN array:", -1);
2323 proto_item_set_len(item, offset-old_offset);
2328 lsa_dissect_lsaenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
2329 packet_info *pinfo, proto_tree *tree, char *drep)
2331 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2332 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2333 hf_lsa_resume_handle, NULL);
2335 /* [out, ref] LSA_REFERENCED_DOMAIN_LIST *domains */
2336 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2337 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST, NDR_POINTER_REF,
2338 "LSA_TRUSTED_DOMAIN_LIST pointer: domains", -1);
2340 offset = dissect_ntstatus(
2341 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2348 lsa_dissect_LSA_UNICODE_STRING_item(tvbuff_t *tvb, int offset,
2349 packet_info *pinfo, proto_tree *tree, char *drep)
2353 di=pinfo->private_data;
2354 if(di->conformant_run){
2355 /*just a run to handle conformant arrays, nothing to dissect */
2359 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2366 lsa_dissect_LSA_UNICODE_STRING_array(tvbuff_t *tvb, int offset,
2367 packet_info *pinfo, proto_tree *tree, char *drep)
2369 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2370 lsa_dissect_LSA_UNICODE_STRING_item);
2376 lsa_dissect_LSA_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
2377 packet_info *pinfo, proto_tree *tree, char *drep)
2381 di=pinfo->private_data;
2383 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2384 hf_lsa_count, NULL);
2385 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2386 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2387 "UNICODE_STRING pointer: ", di->hf_index);
2393 lsa_dissect_LSA_TRANSLATED_SID(tvbuff_t *tvb, int offset,
2394 packet_info *pinfo, proto_tree *tree, char *drep)
2397 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2398 hf_lsa_sid_type, NULL);
2400 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2403 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2404 hf_lsa_index, NULL);
2410 lsa_dissect_LSA_TRANSLATED_SIDS_array(tvbuff_t *tvb, int offset,
2411 packet_info *pinfo, proto_tree *tree, char *drep)
2413 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2414 lsa_dissect_LSA_TRANSLATED_SID);
2420 lsa_dissect_LSA_TRANSLATED_SIDS(tvbuff_t *tvb, int offset,
2421 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2423 proto_item *item=NULL;
2424 proto_tree *tree=NULL;
2425 int old_offset=offset;
2428 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2429 "LSA_TRANSLATED_SIDS:");
2430 tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
2434 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2435 hf_lsa_count, NULL);
2438 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2439 lsa_dissect_LSA_TRANSLATED_SIDS_array, NDR_POINTER_UNIQUE,
2440 "Translated SIDS", -1);
2442 proto_item_set_len(item, offset-old_offset);
2447 lsa_dissect_lsalookupnames_rqst(tvbuff_t *tvb, int offset,
2448 packet_info *pinfo, proto_tree *tree, char *drep)
2450 /* [in] LSA_HANDLE hnd */
2451 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2454 /* [in] ULONG count */
2455 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2456 hf_lsa_count, NULL);
2458 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
2459 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2460 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
2461 "Account pointer: names", hf_lsa_acct);
2463 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2464 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2465 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2466 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2468 /* [in] USHORT level */
2469 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2470 hf_lsa_info_level, NULL);
2472 /* [in, out, ref] ULONG *num_mapped */
2473 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2474 hf_lsa_num_mapped, NULL);
2481 lsa_dissect_lsalookupnames_reply(tvbuff_t *tvb, int offset,
2482 packet_info *pinfo, proto_tree *tree, char *drep)
2484 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
2485 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2486 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
2487 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
2489 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2490 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2491 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2492 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2494 /* [in, out, ref] ULONG *num_mapped */
2495 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2496 hf_lsa_num_mapped, NULL);
2498 offset = dissect_ntstatus(
2499 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2505 lsa_dissect_lsacreatesecret_rqst(tvbuff_t *tvb, int offset,
2506 packet_info *pinfo, proto_tree *tree, char *drep)
2508 /* [in] LSA_HANDLE hnd_pol */
2509 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2512 /* [in, ref] LSA_UNICODE_STRING *name */
2513 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2516 /* [in] ACCESS_MASK access */
2517 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2524 lsa_dissect_lsacreatesecret_reply(tvbuff_t *tvb, int offset,
2525 packet_info *pinfo, proto_tree *tree, char *drep)
2528 /* [out] LSA_HANDLE *hnd */
2529 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2532 offset = dissect_ntstatus(
2533 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2539 lsa_dissect_lsaopenaccount_rqst(tvbuff_t *tvb, int offset,
2540 packet_info *pinfo, proto_tree *tree, char *drep)
2542 /* [in] LSA_HANDLE hnd_pol */
2543 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2546 /* [in, ref] SID *account */
2547 offset = dissect_ndr_nt_SID(tvb, offset,
2548 pinfo, tree, drep, -1);
2550 /* [in] ACCESS_MASK access */
2551 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2559 lsa_dissect_lsaopenaccount_reply(tvbuff_t *tvb, int offset,
2560 packet_info *pinfo, proto_tree *tree, char *drep)
2562 /* [out] LSA_HANDLE *hnd */
2563 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2566 offset = dissect_ntstatus(
2567 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2572 static const value_string trusted_info_level_vals[] = {
2573 {1, "Domain Name Information"},
2574 {2, "Controllers Information"},
2575 {3, "Posix Offset Information"},
2576 {4, "Password Information"},
2577 {5, "Domain Information Basic"},
2578 {6, "Domain Information Ex"},
2579 {7, "Domain Auth Information"},
2580 {8, "Domain Full Information"},
2581 {9, "Domain Security Descriptor"},
2582 {10, "Domain Private Information"},
2587 lsa_dissect_TRUSTED_DOMAIN_INFORMATION(tvbuff_t *tvb, int offset,
2588 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2590 proto_item *item=NULL;
2591 proto_tree *tree=NULL;
2592 int old_offset=offset;
2596 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2597 "TRUSTED_DOMAIN_INFO:");
2598 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_info);
2601 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2602 hf_lsa_trusted_info_level, &level);
2604 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2607 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2611 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2612 hf_lsa_count, NULL);
2613 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2614 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2615 "Controllers pointer: ", hf_lsa_controller);
2618 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2619 hf_lsa_rid_offset, NULL);
2622 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2623 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2626 offset = lsa_dissect_LSA_TRUST_INFORMATION(tvb, offset,
2630 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2634 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2637 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2639 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2640 hf_lsa_rid_offset, NULL);
2641 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2644 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2647 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2649 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2650 hf_lsa_rid_offset, NULL);
2651 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2655 proto_item_set_len(item, offset-old_offset);
2660 lsa_dissect_lsaqueryinfotrusteddomain_rqst(tvbuff_t *tvb, int offset,
2661 packet_info *pinfo, proto_tree *tree, char *drep)
2663 /* [in] LSA_HANDLE hnd */
2664 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2667 /* [in] TRUSTED_INFORMATION_CLASS level */
2668 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2669 hf_lsa_trusted_info_level, NULL);
2676 lsa_dissect_lsaqueryinfotrusteddomain_reply(tvbuff_t *tvb, int offset,
2677 packet_info *pinfo, proto_tree *tree, char *drep)
2679 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info */
2680 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2681 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2682 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2684 offset = dissect_ntstatus(
2685 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2691 lsa_dissect_lsasetinformationtrusteddomain_rqst(tvbuff_t *tvb, int offset,
2692 packet_info *pinfo, proto_tree *tree, char *drep)
2694 /* [in] LSA_HANDLE hnd */
2695 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2698 /* [in] TRUSTED_INFORMATION_CLASS level */
2699 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2700 hf_lsa_trusted_info_level, NULL);
2702 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info */
2703 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2704 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2705 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2712 lsa_dissect_lsasetinformationtrusteddomain_reply(tvbuff_t *tvb, int offset,
2713 packet_info *pinfo, proto_tree *tree, char *drep)
2715 offset = dissect_ntstatus(
2716 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2722 lsa_dissect_lsaopensecret_rqst(tvbuff_t *tvb, int offset,
2723 packet_info *pinfo, proto_tree *tree, char *drep)
2725 /* [in] LSA_HANDLE hnd_pol */
2726 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2729 /* [in, ref] LSA_UNICODE_STRING *name */
2730 offset = dissect_ndr_counted_string_cb(
2731 tvb, offset, pinfo, tree, drep, hf_lsa_name,
2732 cb_wstr_postprocess,
2733 GINT_TO_POINTER(CB_STR_COL_INFO | 1));
2735 /* [in] ACCESS_MASK access */
2736 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2744 lsa_dissect_lsaopensecret_reply(tvbuff_t *tvb, int offset,
2745 packet_info *pinfo, proto_tree *tree, char *drep)
2747 /* [out] LSA_HANDLE *hnd */
2748 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2751 offset = dissect_ntstatus(
2752 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2758 lsa_dissect_lsasetsecret_rqst(tvbuff_t *tvb, int offset,
2759 packet_info *pinfo, proto_tree *tree, char *drep)
2761 /* [in] LSA_HANDLE hnd */
2762 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2765 /* [in, unique] LSA_SECRET *new_val */
2766 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2767 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2768 "LSA_SECRET pointer: new_val", -1);
2770 /* [in, unique] LSA_SECRET *old_val */
2771 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2772 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2773 "LSA_SECRET pointer: old_val", -1);
2780 lsa_dissect_lsasetsecret_reply(tvbuff_t *tvb, int offset,
2781 packet_info *pinfo, proto_tree *tree, char *drep)
2783 offset = dissect_ntstatus(
2784 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2790 lsa_dissect_lsaquerysecret_rqst(tvbuff_t *tvb, int offset,
2791 packet_info *pinfo, proto_tree *tree, char *drep)
2793 /* [in] LSA_HANDLE hnd */
2794 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2797 /* [in, out, unique] LSA_SECRET **curr_val */
2798 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2799 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2800 "LSA_SECRET pointer: curr_val", -1);
2802 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2803 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2804 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2805 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2807 /* [in, out, unique] LSA_SECRET **old_val */
2808 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2809 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2810 "LSA_SECRET pointer: old_val", -1);
2812 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2813 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2814 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2815 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2822 lsa_dissect_lsaquerysecret_reply(tvbuff_t *tvb, int offset,
2823 packet_info *pinfo, proto_tree *tree, char *drep)
2825 /* [in, out, unique] LSA_SECRET **curr_val */
2826 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2827 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2828 "LSA_SECRET pointer: curr_val", -1);
2830 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2831 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2832 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2833 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2835 /* [in, out, unique] LSA_SECRET **old_val */
2836 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2837 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2838 "LSA_SECRET pointer: old_val", -1);
2840 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2841 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2842 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2843 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2849 lsa_dissect_lsadeleteobject_rqst(tvbuff_t *tvb, int offset,
2850 packet_info *pinfo, proto_tree *tree, char *drep)
2852 /* [in] LSA_HANDLE hnd */
2853 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2861 lsa_dissect_lsadeleteobject_reply(tvbuff_t *tvb, int offset,
2862 packet_info *pinfo, proto_tree *tree, char *drep)
2864 offset = dissect_ntstatus(
2865 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2871 lsa_dissect_lsaenumerateaccountswithuserright_rqst(tvbuff_t *tvb, int offset,
2872 packet_info *pinfo, proto_tree *tree, char *drep)
2874 /* [in] LSA_HANDLE hnd */
2875 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2878 /* [in, unique] LSA_UNICODE_STRING *rights */
2879 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2880 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2881 "LSA_UNICODE_STRING pointer: rights", hf_lsa_rights);
2887 lsa_dissect_lsaenumerateaccountswithuserright_reply(tvbuff_t *tvb, int offset,
2888 packet_info *pinfo, proto_tree *tree, char *drep)
2890 /* [out, ref] LSA_UNICODE_STRING_ARRAY *accounts */
2891 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2892 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2893 "Account pointer: names", hf_lsa_acct);
2895 offset = dissect_ntstatus(
2896 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2902 lsa_dissect_lsaenumerateaccountrights_rqst(tvbuff_t *tvb, int offset,
2903 packet_info *pinfo, proto_tree *tree, char *drep)
2905 /* [in] LSA_HANDLE hnd */
2906 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2909 /* [in, ref] SID *account */
2910 offset = dissect_ndr_nt_SID(tvb, offset,
2911 pinfo, tree, drep, -1);
2918 lsa_dissect_lsaenumerateaccountrights_reply(tvbuff_t *tvb, int offset,
2919 packet_info *pinfo, proto_tree *tree, char *drep)
2921 /* [out, ref] LSA_UNICODE_STRING_ARRAY *rights */
2922 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2923 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2924 "Account pointer: rights", hf_lsa_rights);
2926 offset = dissect_ntstatus(
2927 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2933 lsa_dissect_lsaaddaccountrights_rqst(tvbuff_t *tvb, int offset,
2934 packet_info *pinfo, proto_tree *tree, char *drep)
2936 /* [in] LSA_HANDLE hnd */
2937 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2940 /* [in, ref] SID *account */
2941 offset = dissect_ndr_nt_SID(tvb, offset,
2942 pinfo, tree, drep, -1);
2944 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2945 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2946 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2947 "Account pointer: rights", hf_lsa_rights);
2954 lsa_dissect_lsaaddaccountrights_reply(tvbuff_t *tvb, int offset,
2955 packet_info *pinfo, proto_tree *tree, char *drep)
2957 offset = dissect_ntstatus(
2958 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2964 lsa_dissect_lsaremoveaccountrights_rqst(tvbuff_t *tvb, int offset,
2965 packet_info *pinfo, proto_tree *tree, char *drep)
2967 /* [in] LSA_HANDLE hnd */
2968 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2971 /* [in, ref] SID *account */
2972 offset = dissect_ndr_nt_SID(tvb, offset,
2973 pinfo, tree, drep, -1);
2976 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2977 hf_lsa_remove_all, NULL);
2979 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2980 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2981 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2982 "Account pointer: rights", hf_lsa_rights);
2989 lsa_dissect_lsaremoveaccountrights_reply(tvbuff_t *tvb, int offset,
2990 packet_info *pinfo, proto_tree *tree, char *drep)
2992 offset = dissect_ntstatus(
2993 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3000 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3001 packet_info *pinfo, proto_tree *tree, char *drep)
3003 /* [in] LSA_HANDLE handle */
3004 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3007 /* [in, ref] LSA_UNICODE_STRING *name */
3009 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3012 /* [in] TRUSTED_INFORMATION_CLASS level */
3013 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3014 hf_lsa_trusted_info_level, NULL);
3021 lsa_dissect_lsaquerytrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3022 packet_info *pinfo, proto_tree *tree, char *drep)
3024 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3025 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3026 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3027 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3029 offset = dissect_ntstatus(
3030 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3037 lsa_dissect_lsasettrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3038 packet_info *pinfo, proto_tree *tree, char *drep)
3040 /* [in] LSA_HANDLE handle */
3041 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3044 /* [in, ref] LSA_UNICODE_STRING *name */
3046 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3049 /* [in] TRUSTED_INFORMATION_CLASS level */
3050 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3051 hf_lsa_trusted_info_level, NULL);
3053 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3054 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3055 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3056 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3063 lsa_dissect_lsasettrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3064 packet_info *pinfo, proto_tree *tree, char *drep)
3066 offset = dissect_ntstatus(
3067 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3073 lsa_dissect_lsaquerytrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3074 packet_info *pinfo, proto_tree *tree, char *drep)
3076 /* [in] LSA_HANDLE handle */
3077 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3080 /* [in, ref] SID *sid */
3081 offset = dissect_ndr_nt_SID(tvb, offset,
3082 pinfo, tree, drep, -1);
3084 /* [in] TRUSTED_INFORMATION_CLASS level */
3085 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3086 hf_lsa_trusted_info_level, NULL);
3092 lsa_dissect_lsaopentrusteddomainbyname_rqst(tvbuff_t *tvb, int offset,
3093 packet_info *pinfo, proto_tree *tree, char *drep)
3095 /* [in] LSA_HANDLE handle */
3096 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3099 /* [in, ref] LSA_UNICODE_STRING *name */
3101 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3104 /* [in] ACCESS_MASK access */
3105 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3113 lsa_dissect_lsaopentrusteddomainbyname_reply(tvbuff_t *tvb, int offset,
3114 packet_info *pinfo, proto_tree *tree, char *drep)
3116 /* [out] LSA_HANDLE handle */
3117 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3120 offset = dissect_ntstatus(
3121 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3129 lsa_dissect_lsaquerytrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3130 packet_info *pinfo, proto_tree *tree, char *drep)
3132 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3133 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3134 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3135 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3137 offset = dissect_ntstatus(
3138 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3144 lsa_dissect_lsasettrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3145 packet_info *pinfo, proto_tree *tree, char *drep)
3147 /* [in] LSA_HANDLE handle */
3148 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3151 /* [in, ref] SID *sid */
3152 offset = dissect_ndr_nt_SID(tvb, offset,
3153 pinfo, tree, drep, -1);
3155 /* [in] TRUSTED_INFORMATION_CLASS level */
3156 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3157 hf_lsa_trusted_info_level, NULL);
3159 /* [ref, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3160 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3161 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3162 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3169 lsa_dissect_lsasettrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3170 packet_info *pinfo, proto_tree *tree, char *drep)
3172 offset = dissect_ntstatus(
3173 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3179 lsa_dissect_lsaqueryinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3180 packet_info *pinfo, proto_tree *tree, char *drep)
3182 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3183 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3186 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3187 hf_lsa_policy_information_class, NULL);
3193 lsa_dissect_lsaqueryinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3194 packet_info *pinfo, proto_tree *tree, char *drep)
3196 /* This is really a pointer to a pointer though the first level is REF
3197 so we just ignore that one */
3198 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3199 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
3200 "POLICY_INFORMATION pointer: info", -1);
3202 offset = dissect_ntstatus(
3203 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3209 lsa_dissect_lsasetinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3210 packet_info *pinfo, proto_tree *tree, char *drep)
3212 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3213 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3216 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3217 hf_lsa_policy_information_class, NULL);
3219 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3220 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3221 "POLICY_INFORMATION pointer: info", -1);
3227 lsa_dissect_lsasetinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3228 packet_info *pinfo, proto_tree *tree, char *drep)
3230 offset = dissect_ntstatus(
3231 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3237 lsa_dissect_lsaquerydomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3238 packet_info *pinfo, proto_tree *tree, char *drep)
3240 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3241 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3244 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3245 hf_lsa_policy_information_class, NULL);
3251 lsa_dissect_lsaquerydomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3252 packet_info *pinfo, proto_tree *tree, char *drep)
3254 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3255 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3256 "POLICY_INFORMATION pointer: info", -1);
3258 offset = dissect_ntstatus(
3259 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3265 lsa_dissect_lsasetdomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3266 packet_info *pinfo, proto_tree *tree, char *drep)
3268 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3269 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3272 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3273 hf_lsa_policy_information_class, NULL);
3275 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3276 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3277 "POLICY_INFORMATION pointer: info", -1);
3283 lsa_dissect_lsasetdomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3284 packet_info *pinfo, proto_tree *tree, char *drep)
3286 offset = dissect_ntstatus(
3287 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3293 lsa_dissect_lsalookupnames2_rqst(tvbuff_t *tvb, int offset,
3294 packet_info *pinfo, proto_tree *tree, char *drep)
3296 /* [in] LSA_HANDLE hnd */
3297 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3300 /* [in] ULONG count */
3301 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3302 hf_lsa_count, NULL);
3304 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
3305 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3306 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
3307 "Account pointer: names", hf_lsa_acct);
3309 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3310 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3311 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3312 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3314 /* [in] USHORT level */
3315 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3316 hf_lsa_info_level, NULL);
3318 /* [in, out, ref] ULONG *num_mapped */
3319 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3320 hf_lsa_num_mapped, NULL);
3323 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3324 hf_lsa_unknown_long, NULL);
3327 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3328 hf_lsa_unknown_long, NULL);
3335 lsa_dissect_lsalookupnames2_reply(tvbuff_t *tvb, int offset,
3336 packet_info *pinfo, proto_tree *tree, char *drep)
3338 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
3339 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3340 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3341 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3343 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3344 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3345 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3346 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3348 /* [in, out, ref] ULONG *num_mapped */
3349 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3350 hf_lsa_num_mapped, NULL);
3352 offset = dissect_ntstatus(
3353 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3360 lsa_dissect_lsacreateaccount_rqst(tvbuff_t *tvb, int offset,
3361 packet_info *pinfo, proto_tree *tree, char *drep)
3363 /* [in] LSA_HANDLE hnd */
3364 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3367 offset = dissect_ndr_nt_SID(tvb, offset,
3368 pinfo, tree, drep, -1);
3370 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3377 lsa_dissect_lsacreateaccount_reply(tvbuff_t *tvb, int offset,
3378 packet_info *pinfo, proto_tree *tree, char *drep)
3380 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3383 offset = dissect_ntstatus(
3384 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3390 lsa_dissect_lsalookupprivilegedisplayname_rqst(tvbuff_t *tvb, int offset,
3391 packet_info *pinfo, proto_tree *tree, char *drep)
3393 /* [in] LSA_HANDLE hnd */
3394 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3397 /* [in, ref] LSA_UNICODE_STRING *name */
3398 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3401 /* [in] USHORT unknown */
3402 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3403 hf_lsa_unknown_short, NULL);
3405 /* [in] USHORT size */
3406 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3407 hf_lsa_size16, NULL);
3414 lsa_dissect_lsalookupprivilegedisplayname_reply(tvbuff_t *tvb, int offset,
3415 packet_info *pinfo, proto_tree *tree, char *drep)
3417 /* [out, ref] LSA_UNICODE_STRING **disp_name */
3418 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3419 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3420 "NAME pointer: ", hf_lsa_privilege_name);
3422 /* [out, ref] USHORT *size_needed */
3423 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3424 hf_lsa_size_needed, NULL);
3426 offset = dissect_ntstatus(
3427 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3433 lsa_dissect_lsastoreprivatedata_rqst(tvbuff_t *tvb, int offset,
3434 packet_info *pinfo, proto_tree *tree, char *drep)
3436 /* [in] LSA_HANDLE hnd */
3437 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3440 /* [in, ref] LSA_UNICODE_STRING *key */
3441 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3444 /* [in, unique] LSA_SECRET **data */
3445 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3446 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
3447 "LSA_SECRET* pointer: data", -1);
3454 lsa_dissect_lsastoreprivatedata_reply(tvbuff_t *tvb, int offset,
3455 packet_info *pinfo, proto_tree *tree, char *drep)
3457 offset = dissect_ntstatus(
3458 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3464 lsa_dissect_lsaretrieveprivatedata_rqst(tvbuff_t *tvb, int offset,
3465 packet_info *pinfo, proto_tree *tree, char *drep)
3467 /* [in] LSA_HANDLE hnd */
3468 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3471 /* [in, ref] LSA_UNICODE_STRING *key */
3472 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3475 /* [in, out, ref] LSA_SECRET **data */
3476 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3477 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3478 "LSA_SECRET* pointer: data", -1);
3485 lsa_dissect_lsaretrieveprivatedata_reply(tvbuff_t *tvb, int offset,
3486 packet_info *pinfo, proto_tree *tree, char *drep)
3488 /* [in, out, ref] LSA_SECRET **data */
3489 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3490 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3491 "LSA_SECRET* pointer: data", -1);
3493 offset = dissect_ntstatus(
3494 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3500 lsa_dissect_lsaclosetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3501 packet_info *pinfo, proto_tree *tree, char *drep)
3504 /* [in, out] LSA_HANDLE *tdHnd */
3505 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3506 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3514 lsa_dissect_lsaclosetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3515 packet_info *pinfo, proto_tree *tree, char *drep)
3518 /* [in, out] LSA_HANDLE *tdHnd */
3519 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3520 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3523 offset = dissect_ntstatus(
3524 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3530 lsa_dissect_LSA_TRANSLATED_NAME_EX(tvbuff_t *tvb, int offset,
3531 packet_info *pinfo, proto_tree *parent_tree, char *drep)
3533 proto_item *item=NULL;
3534 proto_tree *tree=NULL;
3535 int old_offset=offset;
3538 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3539 "LSA_TRANSLATED_NAME:");
3540 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
3544 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3545 hf_lsa_sid_type, NULL);
3548 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3552 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3553 hf_lsa_index, NULL);
3556 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3557 hf_lsa_unknown_long, NULL);
3559 proto_item_set_len(item, offset-old_offset);
3564 lsa_dissect_LSA_TRANSLATED_NAME_EX_array(tvbuff_t *tvb, int offset,
3565 packet_info *pinfo, proto_tree *tree, char *drep)
3567 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3568 lsa_dissect_LSA_TRANSLATED_NAME_EX);
3573 lsa_dissect_LSA_TRANSLATED_NAMES_EX(tvbuff_t *tvb, int offset,
3574 packet_info *pinfo, proto_tree *tree, char *drep)
3577 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3578 hf_lsa_count, NULL);
3580 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3581 lsa_dissect_LSA_TRANSLATED_NAME_EX_array, NDR_POINTER_UNIQUE,
3582 "LSA_TRANSLATED_NAME_EX: pointer", -1);
3589 lsa_dissect_lsalookupsids2_rqst(tvbuff_t *tvb, int offset,
3590 packet_info *pinfo, proto_tree *tree, char *drep)
3592 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3595 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3596 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3599 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3600 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3601 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3603 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3604 hf_lsa_info_level, NULL);
3606 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3607 hf_lsa_num_mapped, NULL);
3610 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3611 hf_lsa_unknown_long, NULL);
3614 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3615 hf_lsa_unknown_long, NULL);
3621 lsa_dissect_lsalookupsids2_reply(tvbuff_t *tvb, int offset,
3622 packet_info *pinfo, proto_tree *tree, char *drep)
3624 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3625 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3626 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3628 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3629 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3630 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3632 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3633 hf_lsa_num_mapped, NULL);
3635 offset = dissect_ntstatus(
3636 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3642 lsa_dissect_lsagetusername_rqst(tvbuff_t *tvb, int offset,
3643 packet_info *pinfo, proto_tree *tree, char *drep)
3646 /* [in, unique, string] WCHAR *server */
3647 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3648 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
3649 "Server:", hf_lsa_server);
3651 /* [in, out, ref] LSA_UNICODE_STRING **user */
3652 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3653 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3654 "ACCOUNT pointer: ", hf_lsa_acct);
3656 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3657 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3658 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3659 "DOMAIN pointer: ", hf_lsa_domain);
3666 lsa_dissect_lsagetusername_reply(tvbuff_t *tvb, int offset,
3667 packet_info *pinfo, proto_tree *tree, char *drep)
3669 /* [in, out, ref] LSA_UNICODE_STRING **user */
3670 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3671 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3672 "ACCOUNT pointer: ", hf_lsa_acct);
3674 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3675 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3676 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3677 "DOMAIN pointer: ", hf_lsa_domain);
3679 offset = dissect_ntstatus(
3680 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3686 lsa_dissect_lsacreatetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3687 packet_info *pinfo, proto_tree *tree, char *drep)
3689 /* [in] LSA_HANDLE hnd */
3690 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3693 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3694 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3695 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3696 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3698 /* [in, ref] TRUSTED_DOMAIN_AUTH_INFORMATION *auth */
3699 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3700 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION, NDR_POINTER_REF,
3701 "TRUSTED_DOMAIN_AUTH_INFORMATION pointer: auth", -1);
3703 /* [in] ACCESS_MASK mask */
3704 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3712 lsa_dissect_lsacreatetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3713 packet_info *pinfo, proto_tree *tree, char *drep)
3715 /* [out] LSA_HANDLE *tdHnd) */
3716 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3719 offset = dissect_ntstatus(
3720 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3726 lsa_dissect_lsaenumeratetrusteddomainsex_rqst(tvbuff_t *tvb, int offset,
3727 packet_info *pinfo, proto_tree *tree, char *drep)
3729 /* [in] LSA_HANDLE hnd */
3730 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3733 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3734 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3735 hf_lsa_resume_handle, NULL);
3737 /* [in] ULONG pref_maxlen */
3738 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3739 hf_lsa_max_count, NULL);
3746 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array(tvbuff_t *tvb, int offset,
3747 packet_info *pinfo, proto_tree *tree, char *drep)
3749 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3750 lsa_dissect_LSA_TRUST_INFORMATION_EX);
3756 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX(tvbuff_t *tvb, int offset,
3757 packet_info *pinfo, proto_tree *tree, char *drep)
3760 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3761 hf_lsa_count, NULL);
3763 /* trust information */
3764 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3765 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array, NDR_POINTER_UNIQUE,
3766 "TRUST INFORMATION array:", -1);
3769 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3770 hf_lsa_max_count, NULL);
3777 lsa_dissect_lsaenumeratetrusteddomainsex_reply(tvbuff_t *tvb, int offset,
3778 packet_info *pinfo, proto_tree *tree, char *drep)
3780 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3781 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3782 hf_lsa_resume_handle, NULL);
3784 /* [out, ref] TRUSTED_DOMAIN_INFORMATION_LIST_EX *domains */
3785 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3786 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX, NDR_POINTER_REF,
3787 "TRUSTED_DOMAIN_INFORMATION_LIST_EX pointer: domains", -1);
3789 offset = dissect_ntstatus(
3790 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3796 lsa_dissect_lsafunction_38_rqst(tvbuff_t *tvb, int offset,
3797 packet_info *pinfo, proto_tree *tree, char *drep)
3799 /* [in] LSA_HANDLE handle */
3800 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3803 /* [in] USHORT flag */
3804 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3805 hf_lsa_unknown_short, NULL);
3807 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3808 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3809 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3810 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3817 lsa_dissect_lsafunction_38_reply(tvbuff_t *tvb, int offset,
3818 packet_info *pinfo, proto_tree *tree, char *drep)
3820 /* [out, ref] LSA_SECURITY_DESCRIPTOR **psd) */
3821 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3822 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3823 "LSA_SECURITY_DESCRIPTOR pointer: psd)", -1);
3829 lsa_dissect_lsafunction_3b_rqst(tvbuff_t *tvb, int offset,
3830 packet_info *pinfo, proto_tree *tree, char *drep)
3832 /* [in] LSA_HANDLE hnd */
3833 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3836 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3837 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3838 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3839 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3841 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3842 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3843 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3844 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3846 /* [in] ULONG unknown */
3847 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3848 hf_lsa_unknown_long, NULL);
3855 lsa_dissect_lsafunction_3b_reply(tvbuff_t *tvb, int offset,
3856 packet_info *pinfo, proto_tree *tree, char *drep)
3858 /* [out] LSA_HANDLE *h2) */
3859 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3862 offset = dissect_ntstatus(
3863 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3869 static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
3870 { LSA_LSACLOSE, "Close",
3871 lsa_dissect_lsaclose_rqst,
3872 lsa_dissect_lsaclose_reply },
3873 { LSA_LSADELETE, "Delete",
3874 lsa_dissect_lsadelete_rqst,
3875 lsa_dissect_lsadelete_reply },
3876 { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs",
3877 lsa_dissect_lsaenumerateprivileges_rqst,
3878 lsa_dissect_lsaenumerateprivileges_reply },
3879 { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject",
3880 lsa_dissect_lsaquerysecurityobject_rqst,
3881 lsa_dissect_lsaquerysecurityobject_reply },
3882 { LSA_LSASETSECURITYOBJECT, "SetSecObject",
3883 lsa_dissect_lsasetsecurityobject_rqst,
3884 lsa_dissect_lsasetsecurityobject_reply },
3885 { LSA_LSACHANGEPASSWORD, "ChangePassword",
3886 lsa_dissect_lsachangepassword_rqst,
3887 lsa_dissect_lsachangepassword_reply },
3888 { LSA_LSAOPENPOLICY, "OpenPolicy",
3889 lsa_dissect_lsaopenpolicy_rqst,
3890 lsa_dissect_lsaopenpolicy_reply },
3891 { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy",
3892 lsa_dissect_lsaqueryinformationpolicy_rqst,
3893 lsa_dissect_lsaqueryinformationpolicy_reply },
3894 { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy",
3895 lsa_dissect_lsasetinformationpolicy_rqst,
3896 lsa_dissect_lsasetinformationpolicy_reply },
3897 { LSA_LSACLEARAUDITLOG, "ClearAuditLog",
3898 lsa_dissect_lsaclearauditlog_rqst,
3899 lsa_dissect_lsaclearauditlog_reply },
3900 { LSA_LSACREATEACCOUNT, "CreateAccount",
3901 lsa_dissect_lsacreateaccount_rqst,
3902 lsa_dissect_lsacreateaccount_reply },
3903 { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts",
3904 lsa_dissect_lsaenumerateaccounts_rqst,
3905 lsa_dissect_lsaenumerateaccounts_reply },
3906 { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain",
3907 lsa_dissect_lsacreatetrusteddomain_rqst,
3908 lsa_dissect_lsacreatetrusteddomain_reply },
3909 { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains",
3910 lsa_dissect_lsaenumeratetrusteddomains_rqst,
3911 lsa_dissect_lsaenumeratetrusteddomains_reply },
3912 { LSA_LSALOOKUPNAMES, "LookupNames",
3913 lsa_dissect_lsalookupnames_rqst,
3914 lsa_dissect_lsalookupnames_reply },
3915 { LSA_LSALOOKUPSIDS, "LookupSIDs",
3916 lsa_dissect_lsalookupsids_rqst,
3917 lsa_dissect_lsalookupsids_reply },
3918 { LSA_LSACREATESECRET, "CreateSecret",
3919 lsa_dissect_lsacreatesecret_rqst,
3920 lsa_dissect_lsacreatesecret_reply },
3921 { LSA_LSAOPENACCOUNT, "OpenAccount",
3922 lsa_dissect_lsaopenaccount_rqst,
3923 lsa_dissect_lsaopenaccount_reply },
3924 { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount",
3925 lsa_dissect_lsaenumerateprivilegesaccount_rqst,
3926 lsa_dissect_lsaenumerateprivilegesaccount_reply },
3927 { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount",
3928 lsa_dissect_lsaaddprivilegestoaccount_rqst,
3929 lsa_dissect_lsaaddprivilegestoaccount_reply },
3930 { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount",
3931 lsa_dissect_lsaremoveprivilegesfromaccount_rqst,
3932 lsa_dissect_lsaremoveprivilegesfromaccount_reply },
3933 { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount",
3934 lsa_dissect_lsagetquotasforaccount_rqst,
3935 lsa_dissect_lsagetquotasforaccount_reply },
3936 { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount",
3937 lsa_dissect_lsasetquotasforaccount_rqst,
3938 lsa_dissect_lsasetquotasforaccount_reply },
3939 { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount",
3940 lsa_dissect_lsagetsystemaccessaccount_rqst,
3941 lsa_dissect_lsagetsystemaccessaccount_reply },
3942 { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount",
3943 lsa_dissect_lsasetsystemaccessaccount_rqst,
3944 lsa_dissect_lsasetsystemaccessaccount_reply },
3945 { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain",
3946 lsa_dissect_lsaopentrusteddomain_rqst,
3947 lsa_dissect_lsaopentrusteddomain_reply },
3948 { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain",
3949 lsa_dissect_lsaqueryinfotrusteddomain_rqst,
3950 lsa_dissect_lsaqueryinfotrusteddomain_reply },
3951 { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain",
3952 lsa_dissect_lsasetinformationtrusteddomain_rqst,
3953 lsa_dissect_lsasetinformationtrusteddomain_reply },
3954 { LSA_LSAOPENSECRET, "OpenSecret",
3955 lsa_dissect_lsaopensecret_rqst,
3956 lsa_dissect_lsaopensecret_reply },
3957 { LSA_LSASETSECRET, "SetSecret",
3958 lsa_dissect_lsasetsecret_rqst,
3959 lsa_dissect_lsasetsecret_reply },
3960 { LSA_LSAQUERYSECRET, "QuerySecret",
3961 lsa_dissect_lsaquerysecret_rqst,
3962 lsa_dissect_lsaquerysecret_reply },
3963 { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue",
3964 lsa_dissect_lsalookupprivilegevalue_rqst,
3965 lsa_dissect_lsalookupprivilegevalue_reply },
3966 { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName",
3967 lsa_dissect_lsalookupprivilegename_rqst,
3968 lsa_dissect_lsalookupprivilegename_reply },
3969 { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName",
3970 lsa_dissect_lsalookupprivilegedisplayname_rqst,
3971 lsa_dissect_lsalookupprivilegedisplayname_reply },
3972 { LSA_LSADELETEOBJECT, "DeleteObject",
3973 lsa_dissect_lsadeleteobject_rqst,
3974 lsa_dissect_lsadeleteobject_reply },
3975 { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight",
3976 lsa_dissect_lsaenumerateaccountswithuserright_rqst,
3977 lsa_dissect_lsaenumerateaccountswithuserright_reply },
3978 { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights",
3979 lsa_dissect_lsaenumerateaccountrights_rqst,
3980 lsa_dissect_lsaenumerateaccountrights_reply },
3981 { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights",
3982 lsa_dissect_lsaaddaccountrights_rqst,
3983 lsa_dissect_lsaaddaccountrights_reply },
3984 { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights",
3985 lsa_dissect_lsaremoveaccountrights_rqst,
3986 lsa_dissect_lsaremoveaccountrights_reply },
3987 { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo",
3988 lsa_dissect_lsaquerytrusteddomaininfo_rqst,
3989 lsa_dissect_lsaquerytrusteddomaininfo_reply },
3990 { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo",
3991 lsa_dissect_lsasettrusteddomaininfo_rqst,
3992 lsa_dissect_lsasettrusteddomaininfo_reply },
3993 { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain",
3994 lsa_dissect_lsadeletetrusteddomain_rqst,
3995 lsa_dissect_lsadeletetrusteddomain_reply },
3996 { LSA_LSASTOREPRIVATEDATA, "StorePrivateData",
3997 lsa_dissect_lsastoreprivatedata_rqst,
3998 lsa_dissect_lsastoreprivatedata_reply },
3999 { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData",
4000 lsa_dissect_lsaretrieveprivatedata_rqst,
4001 lsa_dissect_lsaretrieveprivatedata_reply },
4002 { LSA_LSAOPENPOLICY2, "OpenPolicy2",
4003 lsa_dissect_lsaopenpolicy2_rqst,
4004 lsa_dissect_lsaopenpolicy2_reply },
4005 { LSA_LSAGETUSERNAME, "GetUsername",
4006 lsa_dissect_lsagetusername_rqst,
4007 lsa_dissect_lsagetusername_reply },
4008 { LSA_LSAQUERYINFORMATIONPOLICY2, "QueryInformationPolicy2",
4009 lsa_dissect_lsaqueryinformationpolicy2_rqst,
4010 lsa_dissect_lsaqueryinformationpolicy2_reply },
4011 { LSA_LSASETINFORMATIONPOLICY2, "SetInformationPolicy2",
4012 lsa_dissect_lsasetinformationpolicy2_rqst,
4013 lsa_dissect_lsasetinformationpolicy2_reply },
4014 { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName",
4015 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst,
4016 lsa_dissect_lsaquerytrusteddomaininfobyname_reply },
4017 { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName",
4018 lsa_dissect_lsasettrusteddomaininfobyname_rqst,
4019 lsa_dissect_lsasettrusteddomaininfobyname_reply },
4020 { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx",
4021 lsa_dissect_lsaenumeratetrusteddomainsex_rqst,
4022 lsa_dissect_lsaenumeratetrusteddomainsex_reply },
4023 { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx",
4024 lsa_dissect_lsacreatetrusteddomainex_rqst,
4025 lsa_dissect_lsacreatetrusteddomainex_reply },
4026 { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx",
4027 lsa_dissect_lsaclosetrusteddomainex_rqst,
4028 lsa_dissect_lsaclosetrusteddomainex_reply },
4029 { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy",
4030 lsa_dissect_lsaquerydomaininformationpolicy_rqst,
4031 lsa_dissect_lsaquerydomaininformationpolicy_reply },
4032 { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy",
4033 lsa_dissect_lsasetdomaininformationpolicy_rqst,
4034 lsa_dissect_lsasetdomaininformationpolicy_reply },
4035 { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName",
4036 lsa_dissect_lsaopentrusteddomainbyname_rqst,
4037 lsa_dissect_lsaopentrusteddomainbyname_reply },
4038 { LSA_LSAFUNCTION_38, "LSAFUNCTION_38",
4039 lsa_dissect_lsafunction_38_rqst,
4040 lsa_dissect_lsafunction_38_reply },
4041 { LSA_LSALOOKUPSIDS2, "LookupSIDs2",
4042 lsa_dissect_lsalookupsids2_rqst,
4043 lsa_dissect_lsalookupsids2_reply },
4044 { LSA_LSALOOKUPNAMES2, "LookupNames2",
4045 lsa_dissect_lsalookupnames2_rqst,
4046 lsa_dissect_lsalookupnames2_reply },
4047 { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B",
4048 lsa_dissect_lsafunction_3b_rqst,
4049 lsa_dissect_lsafunction_3b_reply },
4050 {0, NULL, NULL, NULL}
4053 static const value_string lsa_opnum_vals[] = {
4054 { LSA_LSACLOSE, "Close" },
4055 { LSA_LSADELETE, "Delete" },
4056 { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs" },
4057 { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject" },
4058 { LSA_LSASETSECURITYOBJECT, "SetSecObject" },
4059 { LSA_LSACHANGEPASSWORD, "ChangePassword" },
4060 { LSA_LSAOPENPOLICY, "OpenPolicy" },
4061 { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy" },
4062 { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy" },
4063 { LSA_LSACLEARAUDITLOG, "ClearAuditLog" },
4064 { LSA_LSACREATEACCOUNT, "CreateAccount" },
4065 { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts" },
4066 { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain" },
4067 { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains" },
4068 { LSA_LSALOOKUPNAMES, "LookupNames" },
4069 { LSA_LSALOOKUPSIDS, "LookupSIDs" },
4070 { LSA_LSACREATESECRET, "CreateSecret" },
4071 { LSA_LSAOPENACCOUNT, "OpenAccount" },
4072 { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount" },
4073 { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount" },
4074 { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount" },
4075 { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount" },
4076 { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount" },
4077 { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount" },
4078 { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount" },
4079 { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain" },
4080 { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain" },
4081 { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain" },
4082 { LSA_LSAOPENSECRET, "OpenSecret" },
4083 { LSA_LSASETSECRET, "SetSecret" },
4084 { LSA_LSAQUERYSECRET, "QuerySecret" },
4085 { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue" },
4086 { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName" },
4087 { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName" },
4088 { LSA_LSADELETEOBJECT, "DeleteObject" },
4089 { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight" },
4090 { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights" },
4091 { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights" },
4092 { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights" },
4093 { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo" },
4094 { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo" },
4095 { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain" },
4096 { LSA_LSASTOREPRIVATEDATA, "StorePrivateData" },
4097 { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData" },
4098 { LSA_LSAOPENPOLICY2, "OpenPolicy2" },
4099 { LSA_LSAGETUSERNAME, "GetUsername" },
4100 { LSA_LSAQUERYINFORMATIONPOLICY2, "QueryInformationPolicy2" },
4101 { LSA_LSASETINFORMATIONPOLICY2, "SetInformationPolicy2" },
4102 { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName" },
4103 { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName" },
4104 { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx" },
4105 { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx" },
4106 { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx" },
4107 { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy" },
4108 { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy" },
4109 { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName" },
4110 { LSA_LSAFUNCTION_38, "LSAFUNCTION_38" },
4111 { LSA_LSALOOKUPSIDS2, "LookupSIDs2" },
4112 { LSA_LSALOOKUPNAMES2, "LookupNames2" },
4113 { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B" },
4118 proto_register_dcerpc_lsa(void)
4120 static hf_register_info hf[] = {
4123 { "Operation", "lsa.opnum", FT_UINT16, BASE_DEC,
4124 VALS(lsa_opnum_vals), 0x0, "Operation", HFILL }},
4126 { &hf_lsa_unknown_string,
4127 { "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
4128 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
4131 { "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
4132 NULL, 0x0, "LSA policy handle", HFILL }},
4135 { "Server", "lsa.server", FT_STRING, BASE_NONE,
4136 NULL, 0, "Name of Server", HFILL }},
4138 { &hf_lsa_controller,
4139 { "Controller", "lsa.controller", FT_STRING, BASE_NONE,
4140 NULL, 0, "Name of Domain Controller", HFILL }},
4142 { &hf_lsa_unknown_hyper,
4143 { "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
4144 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4146 { &hf_lsa_unknown_long,
4147 { "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
4148 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4150 { &hf_lsa_unknown_short,
4151 { "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
4152 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4154 { &hf_lsa_unknown_char,
4155 { "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
4156 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4159 { "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
4160 VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
4163 { "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
4164 NULL, 0x0, "LSA Attributes", HFILL }},
4166 { &hf_lsa_obj_attr_len,
4167 { "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
4168 NULL, 0x0, "Length of object attribute structure", HFILL }},
4170 { &hf_lsa_obj_attr_name,
4171 { "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
4172 NULL, 0x0, "Name of object attribute", HFILL }},
4174 { &hf_lsa_access_mask,
4175 { "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
4176 NULL, 0x0, "LSA Access Mask", HFILL }},
4178 { &hf_lsa_info_level,
4179 { "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
4180 NULL, 0x0, "Information level of requested data", HFILL }},
4182 { &hf_lsa_trusted_info_level,
4183 { "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
4184 VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
4187 { "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
4188 NULL, 0x0, "Size of lsa security descriptor", HFILL }},
4191 { "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
4192 NULL, 0x0, "Length of quality of service structure", HFILL }},
4194 { &hf_lsa_qos_impersonation_level,
4195 { "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
4196 VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
4198 { &hf_lsa_qos_track_context,
4199 { "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
4200 NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
4202 { &hf_lsa_qos_effective_only,
4203 { "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
4204 NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
4206 { &hf_lsa_pali_percent_full,
4207 { "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
4208 NULL, 0x0, "How full audit log is in percentage", HFILL }},
4210 { &hf_lsa_pali_log_size,
4211 { "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
4212 NULL, 0x0, "Size of audit log", HFILL }},
4214 { &hf_lsa_pali_retention_period,
4215 { "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
4216 NULL, 0x0, "", HFILL }},
4218 { &hf_lsa_pali_time_to_shutdown,
4219 { "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
4220 NULL, 0x0, "Time to shutdown", HFILL }},
4222 { &hf_lsa_pali_shutdown_in_progress,
4223 { "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
4224 NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
4226 { &hf_lsa_pali_next_audit_record,
4227 { "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
4228 NULL, 0x0, "Next audit record", HFILL }},
4230 { &hf_lsa_paei_enabled,
4231 { "Enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
4232 NULL, 0x0, "If Audit Events Information is Enabled or not", HFILL }},
4234 { &hf_lsa_paei_settings,
4235 { "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
4236 NULL, 0x0, "Audit Events Information settings", HFILL }},
4239 { "Count", "lsa.count", FT_UINT32, BASE_DEC,
4240 NULL, 0x0, "Count of objects", HFILL }},
4242 { &hf_lsa_max_count,
4243 { "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
4244 NULL, 0x0, "", HFILL }},
4247 { "Domain", "lsa.domain", FT_STRING, BASE_NONE,
4248 NULL, 0x0, "Domain", HFILL }},
4251 { "Account", "lsa.acct", FT_STRING, BASE_NONE,
4252 NULL, 0x0, "Account", HFILL }},
4255 { "Source", "lsa.source", FT_STRING, BASE_NONE,
4256 NULL, 0x0, "Replica Source", HFILL }},
4258 { &hf_lsa_server_role,
4259 { "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
4260 VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
4262 { &hf_lsa_quota_paged_pool,
4263 { "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
4264 NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
4266 { &hf_lsa_quota_non_paged_pool,
4267 { "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
4268 NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
4270 { &hf_lsa_quota_min_wss,
4271 { "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
4272 NULL, 0x0, "Size of Quota Min WSS", HFILL }},
4274 { &hf_lsa_quota_max_wss,
4275 { "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
4276 NULL, 0x0, "Size of Quota Max WSS", HFILL }},
4278 { &hf_lsa_quota_pagefile,
4279 { "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
4280 NULL, 0x0, "Size of quota pagefile usage", HFILL }},
4282 { &hf_lsa_mod_seq_no,
4283 { "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
4284 NULL, 0x0, "Sequence number for this modification", HFILL }},
4286 { &hf_lsa_mod_mtime,
4287 { "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4288 NULL, 0x0, "Time when this modification occured", HFILL }},
4290 { &hf_lsa_cur_mtime,
4291 { "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4292 NULL, 0x0, "Current MTime to set", HFILL }},
4294 { &hf_lsa_old_mtime,
4295 { "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4296 NULL, 0x0, "Old MTime for this object", HFILL }},
4299 { "Name", "lsa.name", FT_STRING, BASE_NONE,
4300 NULL, 0x0, "", HFILL }},
4303 { "Key", "lsa.key", FT_STRING, BASE_NONE,
4304 NULL, 0x0, "", HFILL }},
4306 { &hf_lsa_flat_name,
4307 { "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
4308 NULL, 0x0, "", HFILL }},
4311 { "Forest", "lsa.forest", FT_STRING, BASE_NONE,
4312 NULL, 0x0, "", HFILL }},
4314 { &hf_lsa_info_type,
4315 { "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
4316 NULL, 0x0, "", HFILL }},
4319 { "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
4320 NULL, 0x0, "New password", HFILL }},
4323 { "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
4324 NULL, 0x0, "Old password", HFILL }},
4327 { "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
4328 VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
4331 { "RID", "lsa.rid", FT_UINT32, BASE_HEX,
4332 NULL, 0x0, "RID", HFILL }},
4334 { &hf_lsa_rid_offset,
4335 { "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
4336 NULL, 0x0, "RID Offset", HFILL }},
4339 { "Index", "lsa.index", FT_UINT32, BASE_DEC,
4340 NULL, 0x0, "", HFILL }},
4342 { &hf_lsa_num_mapped,
4343 { "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
4344 NULL, 0x0, "", HFILL }},
4346 { &hf_lsa_policy_information_class,
4347 { "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
4348 VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
4351 { "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX,
4352 NULL, 0, "", HFILL }},
4354 { &hf_lsa_auth_blob,
4355 { "Auth blob", "lsa.auth.blob", FT_BYTES, BASE_HEX,
4356 NULL, 0, "", HFILL }},
4359 { "High", "nt.luid.high", FT_UINT32, BASE_HEX,
4360 NULL, 0x0, "LUID High component", HFILL }},
4363 { "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
4364 NULL, 0x0, "LUID Low component", HFILL }},
4367 { "Size", "lsa.size", FT_UINT32, BASE_DEC,
4368 NULL, 0x0, "", HFILL }},
4371 { "Size", "lsa.size", FT_UINT16, BASE_DEC,
4372 NULL, 0x0, "", HFILL }},
4374 { &hf_lsa_size_needed,
4375 { "Size Needed", "lsa.size_needed", FT_UINT16, BASE_DEC,
4376 NULL, 0x0, "", HFILL }},
4378 { &hf_lsa_privilege_name,
4379 { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
4380 NULL, 0x0, "LSA Privilege Name", HFILL }},
4383 { "Rights", "lsa.rights", FT_STRING, BASE_NONE,
4384 NULL, 0x0, "Account Rights", HFILL }},
4387 { "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
4388 NULL, 0x0, "LSA Attributes", HFILL }},
4390 { &hf_lsa_auth_update,
4391 { "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
4392 NULL, 0x0, "LSA Auth Info update", HFILL }},
4394 { &hf_lsa_resume_handle,
4395 { "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
4396 NULL, 0x0, "Resume Handle", HFILL }},
4398 { &hf_lsa_trust_direction,
4399 { "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
4400 VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
4402 { &hf_lsa_trust_type,
4403 { "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
4404 VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
4406 { &hf_lsa_trust_attr,
4407 { "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
4408 NULL, 0x0, "Trust attributes", HFILL }},
4410 { &hf_lsa_trust_attr_non_trans,
4411 { "Non Transitive", "lsa.trust.attr.non_trans", FT_BOOLEAN, 32,
4412 TFS(&tfs_trust_attr_non_trans), 0x00000001, "Non Transitive trust", HFILL }},
4414 { &hf_lsa_trust_attr_uplevel_only,
4415 { "Upleve only", "lsa.trust.attr.uplevel_only", FT_BOOLEAN, 32,
4416 TFS(&tfs_trust_attr_uplevel_only), 0x00000002, "Uplevel only trust", HFILL }},
4418 { &hf_lsa_trust_attr_tree_parent,
4419 { "Tree Parent", "lsa.trust.attr.tree_parent", FT_BOOLEAN, 32,
4420 TFS(&tfs_trust_attr_tree_parent), 0x00400000, "Tree Parent trust", HFILL }},
4422 { &hf_lsa_trust_attr_tree_root,
4423 { "Tree Root", "lsa.trust.attr.tree_root", FT_BOOLEAN, 32,
4424 TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
4426 { &hf_lsa_auth_type,
4427 { "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
4428 NULL, 0x0, "Auth Info type", HFILL }},
4431 { "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
4432 NULL, 0x0, "Auth Info len", HFILL }},
4434 { &hf_lsa_remove_all,
4435 { "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
4436 NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }},
4438 { &hf_view_local_info,
4439 { "View local info", "lsa.access_mask.view_local_info",
4440 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_LOCAL_INFORMATION,
4441 "View local info", HFILL }},
4443 { &hf_view_audit_info,
4444 { "View audit info", "lsa.access_mask.view_audit_info",
4445 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_AUDIT_INFORMATION,
4446 "View audit info", HFILL }},
4448 { &hf_get_private_info,
4449 { "Get private info", "lsa.access_mask.get_privateinfo",
4450 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_GET_PRIVATE_INFORMATION,
4451 "Get private info", HFILL }},
4454 { "Trust admin", "lsa.access_mask.trust_admin",
4455 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_TRUST_ADMIN,
4456 "Trust admin", HFILL }},
4458 { &hf_create_account,
4459 { "Create account", "lsa.access_mask.create_account",
4460 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_ACCOUNT,
4461 "Create account", HFILL }},
4463 { &hf_create_secret,
4464 { "Create secret", "lsa.access_mask.create_secret",
4465 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_SECRET,
4466 "Create secret", HFILL }},
4469 { "Create privilege", "lsa.access_mask.create_priv",
4470 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_PRIVILEGE,
4471 "Create privilege", HFILL }},
4473 { &hf_set_default_quota_limits,
4474 { "Set default quota limits", "lsa.access_mask.set_default_quota_limits",
4475 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_DEFAULT_QUOTA_LIMITS,
4476 "Set default quota limits", HFILL }},
4478 { &hf_set_audit_requirements,
4479 { "Set audit requirements", "lsa.access_mask.set_audit_requirements",
4480 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_AUDIT_REQUIREMENTS,
4481 "Set audit requirements", HFILL }},
4484 { "Server admin", "lsa.access_mask.server_admin",
4485 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SERVER_ADMIN,
4486 "Server admin", HFILL }},
4489 { "Lookup names", "lsa.access_mask.lookup_names",
4490 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_LOOKUP_NAMES,
4491 "Lookup names", HFILL }}
4494 static gint *ett[] = {
4496 &ett_lsa_OBJECT_ATTRIBUTES,
4497 &ett_LSA_SECURITY_DESCRIPTOR,
4498 &ett_lsa_policy_info,
4499 &ett_lsa_policy_audit_log_info,
4500 &ett_lsa_policy_audit_events_info,
4501 &ett_lsa_policy_primary_domain_info,
4502 &ett_lsa_policy_primary_account_info,
4503 &ett_lsa_policy_server_role_info,
4504 &ett_lsa_policy_replica_source_info,
4505 &ett_lsa_policy_default_quota_info,
4506 &ett_lsa_policy_modification_info,
4507 &ett_lsa_policy_audit_full_set_info,
4508 &ett_lsa_policy_audit_full_query_info,
4509 &ett_lsa_policy_dns_domain_info,
4510 &ett_lsa_translated_names,
4511 &ett_lsa_translated_name,
4512 &ett_lsa_referenced_domain_list,
4513 &ett_lsa_trust_information,
4514 &ett_lsa_trust_information_ex,
4516 &ett_LSA_PRIVILEGES,
4518 &ett_LSA_LUID_AND_ATTRIBUTES_ARRAY,
4519 &ett_LSA_LUID_AND_ATTRIBUTES,
4520 &ett_LSA_TRUSTED_DOMAIN_LIST,
4521 &ett_LSA_TRUSTED_DOMAIN,
4522 &ett_LSA_TRANSLATED_SIDS,
4523 &ett_lsa_trusted_domain_info,
4524 &ett_lsa_trust_attr,
4525 &ett_lsa_trusted_domain_auth_information,
4526 &ett_lsa_auth_information
4529 proto_dcerpc_lsa = proto_register_protocol(
4530 "Microsoft Local Security Architecture", "LSA", "lsa");
4532 proto_register_field_array (proto_dcerpc_lsa, hf, array_length (hf));
4533 proto_register_subtree_array(ett, array_length(ett));
4536 /* Protocol handoff */
4538 static e_uuid_t uuid_dcerpc_lsa = {
4539 0x12345778, 0x1234, 0xabcd,
4540 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
4543 static guint16 ver_dcerpc_lsa = 0;
4546 proto_reg_handoff_dcerpc_lsa(void)
4548 /* Register protocol as dcerpc */
4550 dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
4551 ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum);