2 * Routines for SMB \PIPE\lsarpc packet disassembly
3 * Copyright 2001, Tim Potter <tpot@samba.org>
4 * 2002 Added LSA command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-lsa.c,v 1.54 2002/08/09 09:27:33 sahlberg Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
37 #include "packet-dcerpc-lsa.h"
38 #include "packet-smb-common.h"
41 static int proto_dcerpc_lsa = -1;
43 static int hf_lsa_opnum = -1;
44 static int hf_lsa_rc = -1;
45 static int hf_lsa_hnd = -1;
46 static int hf_lsa_server = -1;
47 static int hf_lsa_controller = -1;
48 static int hf_lsa_obj_attr = -1;
49 static int hf_lsa_obj_attr_len = -1;
50 static int hf_lsa_obj_attr_name = -1;
51 static int hf_lsa_access_mask = -1;
52 static int hf_lsa_info_level = -1;
53 static int hf_lsa_trusted_info_level = -1;
54 static int hf_lsa_sd_size = -1;
55 static int hf_lsa_qos_len = -1;
56 static int hf_lsa_qos_impersonation_level = -1;
57 static int hf_lsa_qos_track_context = -1;
58 static int hf_lsa_qos_effective_only = -1;
59 static int hf_lsa_pali_percent_full = -1;
60 static int hf_lsa_pali_log_size = -1;
61 static int hf_lsa_pali_retention_period = -1;
62 static int hf_lsa_pali_time_to_shutdown = -1;
63 static int hf_lsa_pali_shutdown_in_progress = -1;
64 static int hf_lsa_pali_next_audit_record = -1;
65 static int hf_lsa_paei_enabled = -1;
66 static int hf_lsa_paei_settings = -1;
67 static int hf_lsa_count = -1;
68 static int hf_lsa_size = -1;
69 static int hf_lsa_size16 = -1;
70 static int hf_lsa_size_needed = -1;
71 static int hf_lsa_max_count = -1;
72 static int hf_lsa_index = -1;
73 static int hf_lsa_domain = -1;
74 static int hf_lsa_acct = -1;
75 static int hf_lsa_server_role = -1;
76 static int hf_lsa_source = -1;
77 static int hf_lsa_quota_paged_pool = -1;
78 static int hf_lsa_quota_non_paged_pool = -1;
79 static int hf_lsa_quota_min_wss = -1;
80 static int hf_lsa_quota_max_wss = -1;
81 static int hf_lsa_quota_pagefile = -1;
82 static int hf_lsa_mod_seq_no = -1;
83 static int hf_lsa_mod_mtime = -1;
84 static int hf_lsa_cur_mtime = -1;
85 static int hf_lsa_old_mtime = -1;
86 static int hf_lsa_name = -1;
87 static int hf_lsa_key = -1;
88 static int hf_lsa_flat_name = -1;
89 static int hf_lsa_forest = -1;
90 static int hf_lsa_info_type = -1;
91 static int hf_lsa_old_pwd = -1;
92 static int hf_lsa_new_pwd = -1;
93 static int hf_lsa_sid_type = -1;
94 static int hf_lsa_rid = -1;
95 static int hf_lsa_rid_offset = -1;
96 static int hf_lsa_num_mapped = -1;
97 static int hf_lsa_policy_information_class = -1;
98 static int hf_lsa_secret = -1;
99 static int hf_nt_luid_high = -1;
100 static int hf_nt_luid_low = -1;
101 static int hf_lsa_privilege_name = -1;
102 static int hf_lsa_attr = -1;
103 static int hf_lsa_resume_handle = -1;
104 static int hf_lsa_trust_direction = -1;
105 static int hf_lsa_trust_type = -1;
106 static int hf_lsa_trust_attr = -1;
107 static int hf_lsa_trust_attr_non_trans = -1;
108 static int hf_lsa_trust_attr_uplevel_only = -1;
109 static int hf_lsa_trust_attr_tree_parent = -1;
110 static int hf_lsa_trust_attr_tree_root = -1;
111 static int hf_lsa_auth_update = -1;
112 static int hf_lsa_auth_type = -1;
113 static int hf_lsa_auth_len = -1;
114 static int hf_lsa_auth_blob = -1;
115 static int hf_lsa_rights = -1;
116 static int hf_lsa_remove_all = -1;
118 static int hf_lsa_unknown_hyper = -1;
119 static int hf_lsa_unknown_long = -1;
120 static int hf_lsa_unknown_short = -1;
121 static int hf_lsa_unknown_char = -1;
122 static int hf_lsa_unknown_string = -1;
123 #ifdef LSA_UNUSED_HANDLES
124 static int hf_lsa_unknown_time = -1;
128 static gint ett_dcerpc_lsa = -1;
129 static gint ett_lsa_OBJECT_ATTRIBUTES = -1;
130 static gint ett_LSA_SECURITY_DESCRIPTOR = -1;
131 static gint ett_lsa_policy_info = -1;
132 static gint ett_lsa_policy_audit_log_info = -1;
133 static gint ett_lsa_policy_audit_events_info = -1;
134 static gint ett_lsa_policy_primary_domain_info = -1;
135 static gint ett_lsa_policy_primary_account_info = -1;
136 static gint ett_lsa_policy_server_role_info = -1;
137 static gint ett_lsa_policy_replica_source_info = -1;
138 static gint ett_lsa_policy_default_quota_info = -1;
139 static gint ett_lsa_policy_modification_info = -1;
140 static gint ett_lsa_policy_audit_full_set_info = -1;
141 static gint ett_lsa_policy_audit_full_query_info = -1;
142 static gint ett_lsa_policy_dns_domain_info = -1;
143 static gint ett_lsa_translated_names = -1;
144 static gint ett_lsa_translated_name = -1;
145 static gint ett_lsa_referenced_domain_list = -1;
146 static gint ett_lsa_trust_information = -1;
147 static gint ett_lsa_trust_information_ex = -1;
148 static gint ett_LUID = -1;
149 static gint ett_LSA_PRIVILEGES = -1;
150 static gint ett_LSA_PRIVILEGE = -1;
151 static gint ett_LSA_LUID_AND_ATTRIBUTES_ARRAY = -1;
152 static gint ett_LSA_LUID_AND_ATTRIBUTES = -1;
153 static gint ett_LSA_TRUSTED_DOMAIN_LIST = -1;
154 static gint ett_LSA_TRUSTED_DOMAIN = -1;
155 static gint ett_LSA_TRANSLATED_SIDS = -1;
156 static gint ett_lsa_trusted_domain_info = -1;
157 static gint ett_lsa_trust_attr = -1;
158 static gint ett_lsa_trusted_domain_auth_information = -1;
159 static gint ett_lsa_auth_information = -1;
163 lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
164 packet_info *pinfo, proto_tree *tree,
169 di=pinfo->private_data;
170 if(di->conformant_run){
171 /*just a run to handle conformant arrays, nothing to dissect */
175 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
182 lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
183 packet_info *pinfo, proto_tree *tree,
188 di=pinfo->private_data;
189 if(di->conformant_run){
190 /*just a run to handle conformant arrays, nothing to dissect */
194 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
195 di->hf_index, di->levels);
200 lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
201 packet_info *pinfo, proto_tree *tree,
206 di=pinfo->private_data;
207 if(di->conformant_run){
208 /*just a run to handle conformant arrays, nothing to dissect */
212 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
213 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
214 "DOMAIN pointer: ", di->hf_index, 0);
220 lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
221 packet_info *pinfo, proto_tree *tree,
226 di=pinfo->private_data;
227 if(di->conformant_run){
228 /*just a run to handle conformant arrays, nothing to dissect */
232 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
233 di->hf_index, di->levels);
239 lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
240 packet_info *pinfo, proto_tree *tree,
246 di=pinfo->private_data;
247 if(di->conformant_run){
248 /*just a run to handle conformant arrays, nothing to dissect */
252 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
253 hf_lsa_sd_size, &len);
254 proto_tree_add_item(tree, hf_lsa_secret, tvb, offset, len, FALSE);
260 lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
261 packet_info *pinfo, proto_tree *parent_tree,
264 proto_item *item=NULL;
265 proto_tree *tree=NULL;
266 int old_offset=offset;
269 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
271 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
274 /* XXX need to figure this one out */
275 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
276 hf_lsa_sd_size, NULL);
277 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
278 lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
279 "LSA SECRET data:", -1, 0);
281 proto_item_set_len(item, offset-old_offset);
286 lsa_dissect_LSA_SECRET_pointer(tvbuff_t *tvb, int offset,
287 packet_info *pinfo, proto_tree *tree,
290 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
291 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
292 "LSA_SECRET pointer: data", -1, 0);
298 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
299 packet_info *pinfo, proto_tree *tree,
305 di=pinfo->private_data;
306 if(di->conformant_run){
307 /*just a run to handle conformant arrays, nothing to dissect */
311 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
312 hf_lsa_sd_size, &len);
314 dissect_nt_sec_desc(tvb, offset, tree, len);
320 lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
321 packet_info *pinfo, proto_tree *parent_tree,
324 proto_item *item=NULL;
325 proto_tree *tree=NULL;
326 int old_offset=offset;
329 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
330 "LSA_SECURITY_DESCRIPTOR:");
331 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
334 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
335 hf_lsa_sd_size, NULL);
337 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
338 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
339 "LSA SECURITY DESCRIPTOR data:", -1, 0);
341 proto_item_set_len(item, offset-old_offset);
346 lsa_dissect_LPSTR(tvbuff_t *tvb, int offset,
347 packet_info *pinfo, proto_tree *tree, char *drep)
349 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
350 hf_lsa_unknown_char, NULL);
355 static const value_string lsa_impersonation_level_vals[] = {
357 {1, "Identification"},
358 {2, "Impersonation"},
365 lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset,
366 packet_info *pinfo, proto_tree *tree, char *drep)
369 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
370 hf_lsa_qos_len, NULL);
372 /* impersonation level */
373 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
374 hf_lsa_qos_impersonation_level, NULL);
376 /* context tracking mode */
377 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
378 hf_lsa_qos_track_context, NULL);
381 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
382 hf_lsa_qos_effective_only, NULL);
388 lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
389 packet_info *pinfo, proto_tree *tree, char *drep)
391 /* XXX is this some bitmask ?*/
392 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
393 hf_lsa_access_mask, NULL);
399 * XXX - it'd be nice if we could arrange that this be passed
400 * some out-of-band indication of whether the handle is being opened,
401 * closed, or just used.
404 lsa_dissect_LSA_HANDLE(tvbuff_t *tvb, int offset,
405 packet_info *pinfo, proto_tree *tree, char *drep)
407 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
408 hf_lsa_hnd, NULL, FALSE, FALSE);
414 lsa_dissect_LSA_HANDLE_open(tvbuff_t *tvb, int offset,
415 packet_info *pinfo, proto_tree *tree, char *drep)
417 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
418 hf_lsa_hnd, NULL, TRUE, FALSE);
424 lsa_dissect_LSA_HANDLE_close(tvbuff_t *tvb, int offset,
425 packet_info *pinfo, proto_tree *tree, char *drep)
427 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
428 hf_lsa_hnd, NULL, FALSE, TRUE);
435 lsa_dissect_LSA_OBJECT_ATTRIBUTES(tvbuff_t *tvb, int offset,
436 packet_info *pinfo, proto_tree *parent_tree, char *drep)
438 int old_offset=offset;
439 proto_item *item = NULL;
440 proto_tree *tree = NULL;
443 item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Object Attributes");
444 tree = proto_item_add_subtree(item, ett_lsa_OBJECT_ATTRIBUTES);
448 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
449 hf_lsa_obj_attr_len, NULL);
452 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
453 lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
454 "LSPTR pointer: ", -1, 0);
457 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
458 lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
459 "NAME pointer: ", hf_lsa_obj_attr_name, 0);
462 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
463 hf_lsa_obj_attr, NULL);
465 /* security descriptor */
466 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
467 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
468 "LSA_SECURITY_DESCRIPTOR pointer: ", -1, 0);
470 /* security quality of service */
471 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
472 lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
473 "LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1, 0);
475 proto_item_set_len(item, offset-old_offset);
480 lsa_dissect_lsaclose_rqst(tvbuff_t *tvb, int offset,
481 packet_info *pinfo, proto_tree *tree, char *drep)
483 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
484 lsa_dissect_LSA_HANDLE_close, NDR_POINTER_REF,
485 "LSA_HANDLE", -1, 0);
491 lsa_dissect_lsaclose_reply(tvbuff_t *tvb, int offset,
492 packet_info *pinfo, proto_tree *tree, char *drep)
494 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
495 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
496 "LSA_HANDLE", -1, 0);
497 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
503 /* A bug in the NT IDL for lsa openpolicy only stores the first (wide)
504 character of the server name which is always '\'. This is fixed in lsa
505 openpolicy2 but the function remains for backwards compatibility. */
507 static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
509 proto_tree *tree, char *drep)
511 return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
512 hf_lsa_server, NULL);
516 lsa_dissect_lsaopenpolicy_rqst(tvbuff_t *tvb, int offset,
517 packet_info *pinfo, proto_tree *tree, char *drep)
519 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
520 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
521 "Server:", hf_lsa_server, 0);
523 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
524 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
525 "OBJECT_ATTRIBUTES", -1, 0);
527 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
534 lsa_dissect_lsaopenpolicy_reply(tvbuff_t *tvb, int offset,
535 packet_info *pinfo, proto_tree *tree, char *drep)
537 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
538 lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
539 "LSA_HANDLE", -1, 0);
540 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
547 lsa_dissect_lsaopenpolicy2_rqst(tvbuff_t *tvb, int offset,
548 packet_info *pinfo, proto_tree *tree, char *drep)
550 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
551 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
552 "Server", hf_lsa_server, 0);
554 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
555 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
556 "OBJECT_ATTRIBUTES", -1, 0);
558 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
565 lsa_dissect_lsaopenpolicy2_reply(tvbuff_t *tvb, int offset,
566 packet_info *pinfo, proto_tree *tree, char *drep)
568 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
569 lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
570 "LSA_HANDLE", -1, 0);
571 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
577 static const value_string policy_information_class_vals[] = {
578 {1, "Audit Log Information"},
579 {2, "Audit Events Information"},
580 {3, "Primary Domain Information"},
581 {4, "Pd Account Information"},
582 {5, "Account Domain Information"},
583 {6, "Server Role Information"},
584 {7, "Replica Source Information"},
585 {8, "Default Quota Information"},
586 {9, "Modification Information"},
587 {10, "Audit Full Set Information"},
588 {11, "Audit Full Query Information"},
589 {12, "DNS Domain Information"},
594 lsa_dissect_lsaqueryinformationpolicy_rqst(tvbuff_t *tvb, int offset,
595 packet_info *pinfo, proto_tree *tree, char *drep)
597 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
598 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
599 "LSA_HANDLE", -1, 0);
601 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
602 hf_lsa_policy_information_class, NULL);
608 lsa_dissect_POLICY_AUDIT_LOG_INFO(tvbuff_t *tvb, int offset,
609 packet_info *pinfo, proto_tree *parent_tree, char *drep)
611 proto_item *item=NULL;
612 proto_tree *tree=NULL;
613 int old_offset=offset;
616 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
617 "POLICY_AUDIT_LOG_INFO:");
618 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_log_info);
622 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
623 hf_lsa_pali_percent_full, NULL);
626 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
627 hf_lsa_pali_log_size, NULL);
629 /* retention period */
630 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
631 hf_lsa_pali_retention_period);
633 /* shutdown in progress */
634 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
635 hf_lsa_pali_shutdown_in_progress, NULL);
637 /* time to shutdown */
638 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
639 hf_lsa_pali_time_to_shutdown);
641 /* next audit record */
642 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
643 hf_lsa_pali_next_audit_record, NULL);
645 proto_item_set_len(item, offset-old_offset);
650 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings(tvbuff_t *tvb, int offset,
651 packet_info *pinfo, proto_tree *tree, char *drep)
653 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
654 hf_lsa_paei_settings, NULL);
659 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array(tvbuff_t *tvb, int offset,
660 packet_info *pinfo, proto_tree *tree, char *drep)
662 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
663 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings);
669 lsa_dissect_POLICY_AUDIT_EVENTS_INFO(tvbuff_t *tvb, int offset,
670 packet_info *pinfo, proto_tree *parent_tree, char *drep)
672 proto_item *item=NULL;
673 proto_tree *tree=NULL;
674 int old_offset=offset;
677 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
678 "POLICY_AUDIT_EVENTS_INFO:");
679 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_events_info);
683 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
684 hf_lsa_paei_enabled, NULL);
687 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
688 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array, NDR_POINTER_UNIQUE,
692 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
695 proto_item_set_len(item, offset-old_offset);
701 lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(tvbuff_t *tvb, int offset,
702 packet_info *pinfo, proto_tree *parent_tree, char *drep)
704 proto_item *item=NULL;
705 proto_tree *tree=NULL;
706 int old_offset=offset;
709 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
710 "POLICY_PRIMARY_DOMAIN_INFO:");
711 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_domain_info);
715 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
719 offset = dissect_ndr_nt_PSID(tvb, offset,
722 proto_item_set_len(item, offset-old_offset);
728 lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(tvbuff_t *tvb, int offset,
729 packet_info *pinfo, proto_tree *parent_tree, char *drep)
731 proto_item *item=NULL;
732 proto_tree *tree=NULL;
733 int old_offset=offset;
736 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
737 "POLICY_ACCOUNT_DOMAIN_INFO:");
738 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_account_info);
742 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
746 offset = dissect_ndr_nt_PSID(tvb, offset,
749 proto_item_set_len(item, offset-old_offset);
754 static const value_string server_role_vals[] = {
756 {1, "Domain Member"},
762 lsa_dissect_POLICY_SERVER_ROLE_INFO(tvbuff_t *tvb, int offset,
763 packet_info *pinfo, proto_tree *parent_tree, char *drep)
765 proto_item *item=NULL;
766 proto_tree *tree=NULL;
767 int old_offset=offset;
770 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
771 "POLICY_SERVER_ROLE_INFO:");
772 tree = proto_item_add_subtree(item, ett_lsa_policy_server_role_info);
776 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
777 hf_lsa_server_role, NULL);
779 proto_item_set_len(item, offset-old_offset);
784 lsa_dissect_POLICY_REPLICA_SOURCE_INFO(tvbuff_t *tvb, int offset,
785 packet_info *pinfo, proto_tree *parent_tree, char *drep)
787 proto_item *item=NULL;
788 proto_tree *tree=NULL;
789 int old_offset=offset;
792 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
793 "POLICY_REPLICA_SOURCE_INFO:");
794 tree = proto_item_add_subtree(item, ett_lsa_policy_replica_source_info);
798 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
802 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
805 proto_item_set_len(item, offset-old_offset);
811 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(tvbuff_t *tvb, int offset,
812 packet_info *pinfo, proto_tree *parent_tree, char *drep)
814 proto_item *item=NULL;
815 proto_tree *tree=NULL;
816 int old_offset=offset;
819 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
820 "POLICY_DEFAULT_QUOTA_INFO:");
821 tree = proto_item_add_subtree(item, ett_lsa_policy_default_quota_info);
825 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
826 hf_lsa_quota_paged_pool, NULL);
829 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
830 hf_lsa_quota_non_paged_pool, NULL);
833 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
834 hf_lsa_quota_min_wss, NULL);
837 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
838 hf_lsa_quota_max_wss, NULL);
841 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
842 hf_lsa_quota_pagefile, NULL);
845 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
846 hf_lsa_unknown_hyper, NULL);
848 proto_item_set_len(item, offset-old_offset);
854 lsa_dissect_POLICY_MODIFICATION_INFO(tvbuff_t *tvb, int offset,
855 packet_info *pinfo, proto_tree *parent_tree, char *drep)
857 proto_item *item=NULL;
858 proto_tree *tree=NULL;
859 int old_offset=offset;
862 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
863 "POLICY_MODIFICATION_INFO:");
864 tree = proto_item_add_subtree(item, ett_lsa_policy_modification_info);
868 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
869 hf_lsa_mod_seq_no, NULL);
872 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
875 proto_item_set_len(item, offset-old_offset);
881 lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(tvbuff_t *tvb, int offset,
882 packet_info *pinfo, proto_tree *parent_tree, char *drep)
884 proto_item *item=NULL;
885 proto_tree *tree=NULL;
886 int old_offset=offset;
889 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
890 "POLICY_AUDIT_FULL_SET_INFO:");
891 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_set_info);
895 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
896 hf_lsa_unknown_char, NULL);
898 proto_item_set_len(item, offset-old_offset);
904 lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(tvbuff_t *tvb, int offset,
905 packet_info *pinfo, proto_tree *parent_tree, char *drep)
907 proto_item *item=NULL;
908 proto_tree *tree=NULL;
909 int old_offset=offset;
912 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
913 "POLICY_AUDIT_FULL_QUERY_INFO:");
914 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_query_info);
918 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
919 hf_lsa_unknown_char, NULL);
922 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
923 hf_lsa_unknown_char, NULL);
925 proto_item_set_len(item, offset-old_offset);
931 lsa_dissect_POLICY_DNS_DOMAIN_INFO(tvbuff_t *tvb, int offset,
932 packet_info *pinfo, proto_tree *parent_tree, char *drep)
934 proto_item *item=NULL;
935 proto_tree *tree=NULL;
936 int old_offset=offset;
939 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
940 "POLICY_DNS_DOMAIN_INFO:");
941 tree = proto_item_add_subtree(item, ett_lsa_policy_dns_domain_info);
945 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
949 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
953 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
957 offset = dissect_nt_GUID(tvb, offset,
961 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
963 proto_item_set_len(item, offset-old_offset);
968 lsa_dissect_POLICY_INFORMATION(tvbuff_t *tvb, int offset,
969 packet_info *pinfo, proto_tree *parent_tree, char *drep)
971 proto_item *item=NULL;
972 proto_tree *tree=NULL;
973 int old_offset=offset;
977 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
979 tree = proto_item_add_subtree(item, ett_lsa_policy_info);
982 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
983 hf_lsa_info_level, &level);
985 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
988 offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
989 tvb, offset, pinfo, tree, drep);
992 offset = lsa_dissect_POLICY_AUDIT_EVENTS_INFO(
993 tvb, offset, pinfo, tree, drep);
996 offset = lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(
997 tvb, offset, pinfo, tree, drep);
1000 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1004 offset = lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(
1005 tvb, offset, pinfo, tree, drep);
1008 offset = lsa_dissect_POLICY_SERVER_ROLE_INFO(
1009 tvb, offset, pinfo, tree, drep);
1012 offset = lsa_dissect_POLICY_REPLICA_SOURCE_INFO(
1013 tvb, offset, pinfo, tree, drep);
1016 offset = lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(
1017 tvb, offset, pinfo, tree, drep);
1020 offset = lsa_dissect_POLICY_MODIFICATION_INFO(
1021 tvb, offset, pinfo, tree, drep);
1024 offset = lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(
1025 tvb, offset, pinfo, tree, drep);
1028 offset = lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(
1029 tvb, offset, pinfo, tree, drep);
1032 offset = lsa_dissect_POLICY_DNS_DOMAIN_INFO(
1033 tvb, offset, pinfo, tree, drep);
1037 proto_item_set_len(item, offset-old_offset);
1042 lsa_dissect_lsaqueryinformationpolicy_reply(tvbuff_t *tvb, int offset,
1043 packet_info *pinfo, proto_tree *tree, char *drep)
1045 /* This is really a pointer to a pointer though the first level is REF
1046 so we just ignore that one */
1047 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1048 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
1049 "POLICY_INFORMATION pointer: info", -1, 0);
1050 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1057 lsa_dissect_lsadelete_rqst(tvbuff_t *tvb, int offset,
1058 packet_info *pinfo, proto_tree *tree, char *drep)
1060 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1061 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
1062 "LSA_HANDLE", -1, 0);
1068 lsa_dissect_lsadelete_reply(tvbuff_t *tvb, int offset,
1069 packet_info *pinfo, proto_tree *tree, char *drep)
1071 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1079 lsa_dissect_lsaquerysecurityobject_rqst(tvbuff_t *tvb, int offset,
1080 packet_info *pinfo, proto_tree *tree, char *drep)
1082 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1085 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1086 hf_lsa_info_type, NULL);
1093 lsa_dissect_lsaquerysecurityobject_reply(tvbuff_t *tvb, int offset,
1094 packet_info *pinfo, proto_tree *tree, char *drep)
1096 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1097 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
1098 "LSA_SECURITY_DESCRIPTOR pointer: sec_info", -1, 0);
1100 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1108 lsa_dissect_lsasetsecurityobject_rqst(tvbuff_t *tvb, int offset,
1109 packet_info *pinfo, proto_tree *tree, char *drep)
1111 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1114 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1115 hf_lsa_info_type, NULL);
1117 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1118 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
1119 "LSA_SECURITY_DESCRIPTOR: sec_info", -1, 0);
1125 lsa_dissect_lsasetsecurityobject_reply(tvbuff_t *tvb, int offset,
1126 packet_info *pinfo, proto_tree *tree, char *drep)
1128 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1136 lsa_dissect_lsachangepassword_rqst(tvbuff_t *tvb, int offset,
1137 packet_info *pinfo, proto_tree *tree, char *drep)
1140 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1144 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1148 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1152 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1156 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1163 lsa_dissect_lsachangepassword_reply(tvbuff_t *tvb, int offset,
1164 packet_info *pinfo, proto_tree *tree, char *drep)
1166 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1172 static const value_string sid_type_vals[] = {
1177 {5, "Well Known Group"},
1178 {6, "Deleted Account"},
1185 lsa_dissect_LSA_TRANSLATED_NAME(tvbuff_t *tvb, int offset,
1186 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1188 proto_item *item=NULL;
1189 proto_tree *tree=NULL;
1190 int old_offset=offset;
1193 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1194 "LSA_TRANSLATED_NAME:");
1195 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
1199 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1200 hf_lsa_sid_type, NULL);
1203 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1207 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1208 hf_lsa_index, NULL);
1210 proto_item_set_len(item, offset-old_offset);
1215 lsa_dissect_LSA_TRANSLATED_NAME_array(tvbuff_t *tvb, int offset,
1216 packet_info *pinfo, proto_tree *tree, char *drep)
1218 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1219 lsa_dissect_LSA_TRANSLATED_NAME);
1225 lsa_dissect_LSA_TRANSLATED_NAMES(tvbuff_t *tvb, int offset,
1226 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1228 proto_item *item=NULL;
1229 proto_tree *tree=NULL;
1230 int old_offset=offset;
1233 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1234 "LSA_TRANSLATED_NAMES:");
1235 tree = proto_item_add_subtree(item, ett_lsa_translated_names);
1239 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1240 hf_lsa_count, NULL);
1243 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1244 lsa_dissect_LSA_TRANSLATED_NAME_array, NDR_POINTER_UNIQUE,
1245 "TRANSLATED_NAME_ARRAY", -1, 0);
1247 proto_item_set_len(item, offset-old_offset);
1253 lsa_dissect_lsalookupsids_rqst(tvbuff_t *tvb, int offset,
1254 packet_info *pinfo, proto_tree *tree, char *drep)
1256 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1259 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1260 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
1261 "PSID_ARRAY", -1, 0);
1263 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1264 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1265 "LSA_TRANSLATED_NAMES pointer: names", -1, 0);
1267 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1268 hf_lsa_info_level, NULL);
1270 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1271 hf_lsa_num_mapped, NULL);
1277 lsa_dissect_LSA_TRUST_INFORMATION(tvbuff_t *tvb, int offset,
1278 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1280 proto_item *item=NULL;
1281 proto_tree *tree=NULL;
1282 int old_offset=offset;
1285 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1286 "TRUST INFORMATION:");
1287 tree = proto_item_add_subtree(item, ett_lsa_trust_information);
1291 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1295 offset = dissect_ndr_nt_PSID(tvb, offset,
1298 proto_item_set_len(item, offset-old_offset);
1302 static const value_string trusted_direction_vals[] = {
1303 {0, "Trust disabled"},
1304 {1, "Inbound trust"},
1305 {2, "Outbound trust"},
1309 static const value_string trusted_type_vals[] = {
1317 static const true_false_string tfs_trust_attr_non_trans = {
1318 "NON TRANSITIVE is set",
1319 "Non transitive is NOT set"
1321 static const true_false_string tfs_trust_attr_uplevel_only = {
1322 "UPLEVEL ONLY is set",
1323 "Uplevel only is NOT set"
1325 static const true_false_string tfs_trust_attr_tree_parent = {
1326 "TREE PARENT is set",
1327 "Tree parent is NOT set"
1329 static const true_false_string tfs_trust_attr_tree_root = {
1331 "Tree root is NOT set"
1334 lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
1335 proto_tree *parent_tree, char *drep)
1338 proto_item *item = NULL;
1339 proto_tree *tree = NULL;
1341 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
1342 hf_lsa_trust_attr, &mask);
1345 item = proto_tree_add_uint(parent_tree, hf_lsa_trust_attr,
1346 tvb, offset-4, 4, mask);
1347 tree = proto_item_add_subtree(item, ett_lsa_trust_attr);
1350 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_root,
1351 tvb, offset-4, 4, mask);
1352 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_parent,
1353 tvb, offset-4, 4, mask);
1354 proto_tree_add_boolean(tree, hf_lsa_trust_attr_uplevel_only,
1355 tvb, offset-4, 4, mask);
1356 proto_tree_add_boolean(tree, hf_lsa_trust_attr_non_trans,
1357 tvb, offset-4, 4, mask);
1363 lsa_dissect_LSA_TRUST_INFORMATION_EX(tvbuff_t *tvb, int offset,
1364 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1366 proto_item *item=NULL;
1367 proto_tree *tree=NULL;
1368 int old_offset=offset;
1371 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1372 "TRUST INFORMATION EX:");
1373 tree = proto_item_add_subtree(item, ett_lsa_trust_information_ex);
1377 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1381 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1382 hf_lsa_flat_name, 0);
1385 offset = dissect_ndr_nt_PSID(tvb, offset,
1389 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1390 hf_lsa_trust_direction, NULL);
1393 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1394 hf_lsa_trust_type, NULL);
1397 offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
1399 proto_item_set_len(item, offset-old_offset);
1404 lsa_dissect_auth_info_blob(tvbuff_t *tvb, int offset,
1405 packet_info *pinfo, proto_tree *tree, char *drep)
1410 di=pinfo->private_data;
1411 if(di->conformant_run){
1412 /*just a run to handle conformant arrays, nothing to dissect */
1417 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1418 hf_lsa_auth_len, &len);
1420 proto_tree_add_item(tree, hf_lsa_auth_blob, tvb, offset, len, FALSE);
1427 lsa_dissect_auth_info(tvbuff_t *tvb, int offset,
1428 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1430 proto_item *item=NULL;
1431 proto_tree *tree=NULL;
1432 int old_offset=offset;
1435 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1436 "AUTH INFORMATION:");
1437 tree = proto_item_add_subtree(item, ett_lsa_auth_information);
1441 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1442 hf_lsa_auth_update, NULL);
1445 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1446 hf_lsa_auth_type, NULL);
1449 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1450 hf_lsa_auth_len, NULL);
1452 /* auth info blob */
1453 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1454 lsa_dissect_auth_info_blob, NDR_POINTER_UNIQUE,
1455 "AUTH INFO blob:", -1, 0);
1457 proto_item_set_len(item, offset-old_offset);
1462 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvbuff_t *tvb, int offset,
1463 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1465 proto_item *item=NULL;
1466 proto_tree *tree=NULL;
1467 int old_offset=offset;
1470 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1471 "TRUSTED DOMAIN AUTH INFORMATION:");
1472 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_auth_information);
1476 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1477 hf_lsa_unknown_long, NULL);
1480 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1483 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1486 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1487 hf_lsa_unknown_long, NULL);
1490 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1493 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1495 proto_item_set_len(item, offset-old_offset);
1501 lsa_dissect_LSA_TRUST_INFORMATION_array(tvbuff_t *tvb, int offset,
1502 packet_info *pinfo, proto_tree *tree, char *drep)
1504 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1505 lsa_dissect_LSA_TRUST_INFORMATION);
1511 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
1512 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1514 proto_item *item=NULL;
1515 proto_tree *tree=NULL;
1516 int old_offset=offset;
1519 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1520 "LSA_REFERENCED_DOMAIN_LIST:");
1521 tree = proto_item_add_subtree(item, ett_lsa_referenced_domain_list);
1525 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1526 hf_lsa_count, NULL);
1528 /* trust information */
1529 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1530 lsa_dissect_LSA_TRUST_INFORMATION_array, NDR_POINTER_UNIQUE,
1531 "TRUST INFORMATION array:", -1, 0);
1534 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1535 hf_lsa_max_count, NULL);
1537 proto_item_set_len(item, offset-old_offset);
1542 lsa_dissect_lsalookupsids_reply(tvbuff_t *tvb, int offset,
1543 packet_info *pinfo, proto_tree *tree, char *drep)
1545 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1546 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
1547 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
1549 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1550 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1551 "LSA_TRANSLATED_NAMES pointer: names", -1, 0);
1553 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1554 hf_lsa_num_mapped, NULL);
1556 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1564 lsa_dissect_lsasetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1565 packet_info *pinfo, proto_tree *tree, char *drep)
1567 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1570 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1571 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1572 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1, 0);
1579 lsa_dissect_lsasetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1580 packet_info *pinfo, proto_tree *tree, char *drep)
1582 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1590 lsa_dissect_lsagetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1591 packet_info *pinfo, proto_tree *tree, char *drep)
1593 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1601 lsa_dissect_lsagetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1602 packet_info *pinfo, proto_tree *tree, char *drep)
1604 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1605 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1606 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1, 0);
1608 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1616 lsa_dissect_lsasetinformationpolicy_rqst(tvbuff_t *tvb, int offset,
1617 packet_info *pinfo, proto_tree *tree, char *drep)
1619 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1622 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1623 hf_lsa_policy_information_class, NULL);
1625 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1626 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
1627 "POLICY_INFORMATION pointer: info", -1, 0);
1634 lsa_dissect_lsasetinformationpolicy_reply(tvbuff_t *tvb, int offset,
1635 packet_info *pinfo, proto_tree *tree, char *drep)
1637 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1645 lsa_dissect_lsaclearauditlog_rqst(tvbuff_t *tvb, int offset,
1646 packet_info *pinfo, proto_tree *tree, char *drep)
1648 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1651 offset = dissect_ndr_nt_SID(tvb, offset,
1655 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1656 hf_lsa_unknown_long, NULL);
1663 lsa_dissect_lsaclearauditlog_reply(tvbuff_t *tvb, int offset,
1664 packet_info *pinfo, proto_tree *tree, char *drep)
1666 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1669 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1676 lsa_dissect_lsagetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1677 packet_info *pinfo, proto_tree *tree, char *drep)
1679 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1687 lsa_dissect_lsagetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1688 packet_info *pinfo, proto_tree *tree, char *drep)
1690 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1693 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1701 lsa_dissect_lsasetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1702 packet_info *pinfo, proto_tree *tree, char *drep)
1704 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1707 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1715 lsa_dissect_lsasetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1716 packet_info *pinfo, proto_tree *tree, char *drep)
1718 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1726 lsa_dissect_lsaopentrusteddomain_rqst(tvbuff_t *tvb, int offset,
1727 packet_info *pinfo, proto_tree *tree, char *drep)
1729 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1732 offset = dissect_ndr_nt_SID(tvb, offset,
1735 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
1743 lsa_dissect_lsaopentrusteddomain_reply(tvbuff_t *tvb, int offset,
1744 packet_info *pinfo, proto_tree *tree, char *drep)
1746 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1749 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1757 lsa_dissect_lsadeletetrusteddomain_rqst(tvbuff_t *tvb, int offset,
1758 packet_info *pinfo, proto_tree *tree, char *drep)
1760 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1763 offset = dissect_ndr_nt_SID(tvb, offset,
1771 lsa_dissect_lsadeletetrusteddomain_reply(tvbuff_t *tvb, int offset,
1772 packet_info *pinfo, proto_tree *tree, char *drep)
1774 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1781 dissect_nt_LUID(tvbuff_t *tvb, int offset,
1782 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1784 proto_item *item=NULL;
1785 proto_tree *tree=NULL;
1786 int old_offset=offset;
1789 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1791 tree = proto_item_add_subtree(item, ett_LUID);
1794 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1795 hf_nt_luid_low, NULL);
1797 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1798 hf_nt_luid_high, NULL);
1800 proto_item_set_len(item, offset-old_offset);
1805 lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset,
1806 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1808 proto_item *item=NULL;
1809 proto_tree *tree=NULL;
1810 int old_offset=offset;
1813 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1815 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
1818 /* privilege name */
1819 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1820 hf_lsa_privilege_name, 0);
1823 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1825 proto_item_set_len(item, offset-old_offset);
1830 lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset,
1831 packet_info *pinfo, proto_tree *tree, char *drep)
1833 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1834 lsa_dissect_LSA_PRIVILEGE);
1840 lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset,
1841 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1843 proto_item *item=NULL;
1844 proto_tree *tree=NULL;
1845 int old_offset=offset;
1848 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1850 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES);
1853 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1854 hf_lsa_count, NULL);
1857 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1858 lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE,
1859 "LSA_PRIVILEGE array:", -1, 0);
1861 proto_item_set_len(item, offset-old_offset);
1866 lsa_dissect_lsaenumerateprivileges_rqst(tvbuff_t *tvb, int offset,
1867 packet_info *pinfo, proto_tree *tree, char *drep)
1869 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1872 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1873 hf_lsa_count, NULL);
1875 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1882 lsa_dissect_lsaenumerateprivileges_reply(tvbuff_t *tvb, int offset,
1883 packet_info *pinfo, proto_tree *tree, char *drep)
1885 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1886 hf_lsa_count, NULL);
1888 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1889 lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF,
1890 "LSA_PRIVILEGES pointer: privs", -1, 0);
1892 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1899 lsa_dissect_lsalookupprivilegevalue_rqst(tvbuff_t *tvb, int offset,
1900 packet_info *pinfo, proto_tree *tree, char *drep)
1902 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1905 /* privilege name */
1906 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1907 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1908 "NAME pointer: ", hf_lsa_privilege_name, 0);
1915 lsa_dissect_lsalookupprivilegevalue_reply(tvbuff_t *tvb, int offset,
1916 packet_info *pinfo, proto_tree *tree, char *drep)
1920 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1922 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1930 lsa_dissect_lsalookupprivilegename_rqst(tvbuff_t *tvb, int offset,
1931 packet_info *pinfo, proto_tree *tree, char *drep)
1933 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1937 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1938 dissect_nt_LUID, NDR_POINTER_REF,
1939 "LUID pointer: value", -1, 0);
1946 lsa_dissect_lsalookupprivilegename_reply(tvbuff_t *tvb, int offset,
1947 packet_info *pinfo, proto_tree *tree, char *drep)
1949 /* [out, ref] LSA_UNICODE_STRING **name */
1950 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1951 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1952 "PRIVILEGE NAME pointer:", hf_lsa_privilege_name, 0);
1954 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1962 lsa_dissect_lsaenumerateprivilegesaccount_rqst(tvbuff_t *tvb, int offset,
1963 packet_info *pinfo, proto_tree *tree, char *drep)
1965 /* [in] LSA_HANDLE hnd */
1966 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1974 lsa_dissect_LUID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
1975 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1977 proto_item *item=NULL;
1978 proto_tree *tree=NULL;
1979 int old_offset=offset;
1982 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1983 "LUID_AND_ATTRIBUTES:");
1984 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES);
1988 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1991 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1994 proto_item_set_len(item, offset-old_offset);
1999 lsa_dissect_LUID_AND_ATTRIBUTES_array(tvbuff_t *tvb, int offset,
2000 packet_info *pinfo, proto_tree *tree, char *drep)
2002 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2003 lsa_dissect_LUID_AND_ATTRIBUTES);
2009 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2010 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2012 proto_item *item=NULL;
2013 proto_tree *tree=NULL;
2014 int old_offset=offset;
2017 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2018 "LUID_AND_ATTRIBUTES_ARRAY:");
2019 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES_ARRAY);
2022 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2023 hf_lsa_count, NULL);
2025 /* luid and attributes */
2026 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2027 lsa_dissect_LUID_AND_ATTRIBUTES_array, NDR_POINTER_UNIQUE,
2028 "LUID_AND_ATTRIBUTES array:", -1, 0);
2030 proto_item_set_len(item, offset-old_offset);
2035 lsa_dissect_lsaenumerateprivilegesaccount_reply(tvbuff_t *tvb, int offset,
2036 packet_info *pinfo, proto_tree *tree, char *drep)
2038 /* [out, ref] LUID_AND_ATTRIBUTES_ARRAY * *privs */
2039 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2040 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2041 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1, 0);
2043 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2050 lsa_dissect_lsaaddprivilegestoaccount_rqst(tvbuff_t *tvb, int offset,
2051 packet_info *pinfo, proto_tree *tree, char *drep)
2053 /* [in] LSA_HANDLE hnd */
2054 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2057 /* [in, ref] LUID_AND_ATTRIBUTES_ARRAY *privs */
2058 offset = lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvb, offset,
2066 lsa_dissect_lsaaddprivilegestoaccount_reply(tvbuff_t *tvb, int offset,
2067 packet_info *pinfo, proto_tree *tree, char *drep)
2069 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2076 lsa_dissect_lsaremoveprivilegesfromaccount_rqst(tvbuff_t *tvb, int offset,
2077 packet_info *pinfo, proto_tree *tree, char *drep)
2079 /* [in] LSA_HANDLE hnd */
2080 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2083 /* [in] char unknown */
2084 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2085 hf_lsa_unknown_char, NULL);
2087 /* [in, unique] LUID_AND_ATTRIBUTES_ARRAY *privs */
2088 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2089 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2090 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1, 0);
2097 lsa_dissect_lsaremoveprivilegesfromaccount_reply(tvbuff_t *tvb, int offset,
2098 packet_info *pinfo, proto_tree *tree, char *drep)
2100 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2107 lsa_dissect_lsaenumerateaccounts_rqst(tvbuff_t *tvb, int offset,
2108 packet_info *pinfo, proto_tree *tree, char *drep)
2110 /* [in] LSA_HANDLE hnd */
2111 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2114 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2115 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2116 hf_lsa_resume_handle, NULL);
2118 /* [in] ULONG pref_maxlen */
2119 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2120 hf_lsa_max_count, NULL);
2126 lsa_dissect_lsaenumerateaccounts_reply(tvbuff_t *tvb, int offset,
2127 packet_info *pinfo, proto_tree *tree, char *drep)
2129 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2130 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2131 hf_lsa_resume_handle, NULL);
2133 /* [out, ref] PSID_ARRAY **accounts */
2134 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2135 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2136 "PSID_ARRAY", -1, 0);
2138 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2145 lsa_dissect_lsacreatetrusteddomain_rqst(tvbuff_t *tvb, int offset,
2146 packet_info *pinfo, proto_tree *tree, char *drep)
2148 /* [in] LSA_HANDLE hnd_pol */
2149 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2152 /* [in, ref] LSA_TRUST_INFORMATION *domain */
2153 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2154 lsa_dissect_LSA_TRUST_INFORMATION, NDR_POINTER_REF,
2155 "LSA_TRUST_INFORMATION pointer: domain", -1, 0);
2157 /* [in] ACCESS_MASK access */
2158 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2165 lsa_dissect_lsacreatetrusteddomain_reply(tvbuff_t *tvb, int offset,
2166 packet_info *pinfo, proto_tree *tree, char *drep)
2168 /* [out] LSA_HANDLE *hnd */
2169 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2172 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2179 lsa_dissect_lsaenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
2180 packet_info *pinfo, proto_tree *tree, char *drep)
2182 /* [in] LSA_HANDLE hnd */
2183 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2186 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2187 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2188 hf_lsa_resume_handle, NULL);
2190 /* [in] ULONG pref_maxlen */
2191 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2192 hf_lsa_max_count, NULL);
2198 lsa_dissect_LSA_TRUSTED_DOMAIN(tvbuff_t *tvb, int offset,
2199 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2201 proto_item *item=NULL;
2202 proto_tree *tree=NULL;
2203 int old_offset=offset;
2206 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2208 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN);
2212 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2216 offset = dissect_ndr_nt_PSID(tvb, offset,
2219 proto_item_set_len(item, offset-old_offset);
2224 lsa_dissect_LSA_TRUSTED_DOMAIN_array(tvbuff_t *tvb, int offset,
2225 packet_info *pinfo, proto_tree *tree, char *drep)
2227 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2228 lsa_dissect_LSA_TRUSTED_DOMAIN);
2234 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
2235 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2237 proto_item *item=NULL;
2238 proto_tree *tree=NULL;
2239 int old_offset=offset;
2242 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2243 "TRUSTED_DOMAIN_LIST:");
2244 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN_LIST);
2247 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2248 hf_lsa_count, NULL);
2251 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2252 lsa_dissect_LSA_TRUSTED_DOMAIN_array, NDR_POINTER_UNIQUE,
2253 "TRUSTED_DOMAIN array:", -1, 0);
2255 proto_item_set_len(item, offset-old_offset);
2260 lsa_dissect_lsaenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
2261 packet_info *pinfo, proto_tree *tree, char *drep)
2263 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2264 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2265 hf_lsa_resume_handle, NULL);
2267 /* [out, ref] LSA_REFERENCED_DOMAIN_LIST *domains */
2268 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2269 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST, NDR_POINTER_REF,
2270 "LSA_TRUSTED_DOMAIN_LIST pointer: domains", -1, 0);
2272 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2280 lsa_dissect_LSA_UNICODE_STRING_item(tvbuff_t *tvb, int offset,
2281 packet_info *pinfo, proto_tree *tree, char *drep)
2285 di=pinfo->private_data;
2286 if(di->conformant_run){
2287 /*just a run to handle conformant arrays, nothing to dissect */
2291 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2292 di->hf_index, di->levels);
2298 lsa_dissect_LSA_UNICODE_STRING_array(tvbuff_t *tvb, int offset,
2299 packet_info *pinfo, proto_tree *tree, char *drep)
2301 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2302 lsa_dissect_LSA_UNICODE_STRING_item);
2308 lsa_dissect_LSA_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
2309 packet_info *pinfo, proto_tree *tree, char *drep)
2313 di=pinfo->private_data;
2315 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2316 hf_lsa_count, NULL);
2317 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2318 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2319 "UNICODE_STRING pointer: ", di->hf_index, 0);
2325 lsa_dissect_LSA_TRANSLATED_SID(tvbuff_t *tvb, int offset,
2326 packet_info *pinfo, proto_tree *tree, char *drep)
2329 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2330 hf_lsa_sid_type, NULL);
2332 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2335 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2336 hf_lsa_index, NULL);
2342 lsa_dissect_LSA_TRANSLATED_SIDS_array(tvbuff_t *tvb, int offset,
2343 packet_info *pinfo, proto_tree *tree, char *drep)
2345 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2346 lsa_dissect_LSA_TRANSLATED_SID);
2352 lsa_dissect_LSA_TRANSLATED_SIDS(tvbuff_t *tvb, int offset,
2353 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2355 proto_item *item=NULL;
2356 proto_tree *tree=NULL;
2357 int old_offset=offset;
2360 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2361 "LSA_TRANSLATED_SIDS:");
2362 tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
2366 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2367 hf_lsa_count, NULL);
2370 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2371 lsa_dissect_LSA_TRANSLATED_SIDS_array, NDR_POINTER_UNIQUE,
2372 "Translated SIDS", -1, 0);
2374 proto_item_set_len(item, offset-old_offset);
2379 lsa_dissect_lsalookupnames_rqst(tvbuff_t *tvb, int offset,
2380 packet_info *pinfo, proto_tree *tree, char *drep)
2382 /* [in] LSA_HANDLE hnd */
2383 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2386 /* [in] ULONG count */
2387 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2388 hf_lsa_count, NULL);
2390 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
2391 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2392 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
2393 "Account pointer: names", hf_lsa_acct, 0);
2395 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2396 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2397 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2398 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
2400 /* [in] USHORT level */
2401 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2402 hf_lsa_info_level, NULL);
2404 /* [in, out, ref] ULONG *num_mapped */
2405 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2406 hf_lsa_num_mapped, NULL);
2413 lsa_dissect_lsalookupnames_reply(tvbuff_t *tvb, int offset,
2414 packet_info *pinfo, proto_tree *tree, char *drep)
2416 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
2417 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2418 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
2419 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
2421 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2422 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2423 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2424 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
2426 /* [in, out, ref] ULONG *num_mapped */
2427 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2428 hf_lsa_num_mapped, NULL);
2430 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2437 lsa_dissect_lsacreatesecret_rqst(tvbuff_t *tvb, int offset,
2438 packet_info *pinfo, proto_tree *tree, char *drep)
2440 /* [in] LSA_HANDLE hnd_pol */
2441 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2444 /* [in, ref] LSA_UNICODE_STRING *name */
2445 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2448 /* [in] ACCESS_MASK access */
2449 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2456 lsa_dissect_lsacreatesecret_reply(tvbuff_t *tvb, int offset,
2457 packet_info *pinfo, proto_tree *tree, char *drep)
2460 /* [out] LSA_HANDLE *hnd */
2461 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2464 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2471 lsa_dissect_lsaopenaccount_rqst(tvbuff_t *tvb, int offset,
2472 packet_info *pinfo, proto_tree *tree, char *drep)
2474 /* [in] LSA_HANDLE hnd_pol */
2475 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2478 /* [in, ref] SID *account */
2479 offset = dissect_ndr_nt_SID(tvb, offset,
2482 /* [in] ACCESS_MASK access */
2483 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2491 lsa_dissect_lsaopenaccount_reply(tvbuff_t *tvb, int offset,
2492 packet_info *pinfo, proto_tree *tree, char *drep)
2494 /* [out] LSA_HANDLE *hnd */
2495 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2498 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2504 static const value_string trusted_info_level_vals[] = {
2505 {1, "Domain Name Information"},
2506 {2, "Controllers Information"},
2507 {3, "Posix Offset Information"},
2508 {4, "Password Information"},
2509 {5, "Domain Information Basic"},
2510 {6, "Domain Information Ex"},
2511 {7, "Domain Auth Information"},
2512 {8, "Domain Full Information"},
2513 {9, "Domain Security Descriptor"},
2514 {10, "Domain Private Information"},
2519 lsa_dissect_TRUSTED_DOMAIN_INFORMATION(tvbuff_t *tvb, int offset,
2520 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2522 proto_item *item=NULL;
2523 proto_tree *tree=NULL;
2524 int old_offset=offset;
2528 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2529 "TRUSTED_DOMAIN_INFO:");
2530 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_info);
2533 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2534 hf_lsa_trusted_info_level, &level);
2536 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2539 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2543 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2544 hf_lsa_count, NULL);
2545 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2546 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2547 "Controllers pointer: ", hf_lsa_controller, 0);
2550 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2551 hf_lsa_rid_offset, NULL);
2554 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2555 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2558 offset = lsa_dissect_LSA_TRUST_INFORMATION(tvb, offset,
2562 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2566 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2569 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2571 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2572 hf_lsa_rid_offset, NULL);
2573 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2576 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2579 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2581 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2582 hf_lsa_rid_offset, NULL);
2583 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2587 proto_item_set_len(item, offset-old_offset);
2592 lsa_dissect_lsaqueryinfotrusteddomain_rqst(tvbuff_t *tvb, int offset,
2593 packet_info *pinfo, proto_tree *tree, char *drep)
2595 /* [in] LSA_HANDLE hnd */
2596 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2599 /* [in] TRUSTED_INFORMATION_CLASS level */
2600 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2601 hf_lsa_trusted_info_level, NULL);
2608 lsa_dissect_lsaqueryinfotrusteddomain_reply(tvbuff_t *tvb, int offset,
2609 packet_info *pinfo, proto_tree *tree, char *drep)
2611 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info */
2612 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2613 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2614 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
2616 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2623 lsa_dissect_lsasetinformationtrusteddomain_rqst(tvbuff_t *tvb, int offset,
2624 packet_info *pinfo, proto_tree *tree, char *drep)
2626 /* [in] LSA_HANDLE hnd */
2627 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2630 /* [in] TRUSTED_INFORMATION_CLASS level */
2631 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2632 hf_lsa_trusted_info_level, NULL);
2634 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info */
2635 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2636 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2637 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
2644 lsa_dissect_lsasetinformationtrusteddomain_reply(tvbuff_t *tvb, int offset,
2645 packet_info *pinfo, proto_tree *tree, char *drep)
2647 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2654 lsa_dissect_lsaopensecret_rqst(tvbuff_t *tvb, int offset,
2655 packet_info *pinfo, proto_tree *tree, char *drep)
2657 /* [in] LSA_HANDLE hnd_pol */
2658 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2661 /* [in, ref] LSA_UNICODE_STRING *name */
2662 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2665 /* [in] ACCESS_MASK access */
2666 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2674 lsa_dissect_lsaopensecret_reply(tvbuff_t *tvb, int offset,
2675 packet_info *pinfo, proto_tree *tree, char *drep)
2677 /* [out] LSA_HANDLE *hnd */
2678 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2681 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2688 lsa_dissect_lsasetsecret_rqst(tvbuff_t *tvb, int offset,
2689 packet_info *pinfo, proto_tree *tree, char *drep)
2691 /* [in] LSA_HANDLE hnd */
2692 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2695 /* [in, unique] LSA_SECRET *new_val */
2696 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2697 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2698 "LSA_SECRET pointer: new_val", -1, 0);
2700 /* [in, unique] LSA_SECRET *old_val */
2701 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2702 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2703 "LSA_SECRET pointer: old_val", -1, 0);
2710 lsa_dissect_lsasetsecret_reply(tvbuff_t *tvb, int offset,
2711 packet_info *pinfo, proto_tree *tree, char *drep)
2713 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2720 lsa_dissect_lsaquerysecret_rqst(tvbuff_t *tvb, int offset,
2721 packet_info *pinfo, proto_tree *tree, char *drep)
2723 /* [in] LSA_HANDLE hnd */
2724 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2727 /* [in, out, unique] LSA_SECRET **curr_val */
2728 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2729 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2730 "LSA_SECRET pointer: curr_val", -1, 0);
2732 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2733 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2734 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2735 "NTIME pointer: old_mtime", hf_lsa_cur_mtime, 0);
2737 /* [in, out, unique] LSA_SECRET **old_val */
2738 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2739 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2740 "LSA_SECRET pointer: old_val", -1, 0);
2742 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2743 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2744 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2745 "NTIME pointer: old_mtime", hf_lsa_old_mtime, 0);
2752 lsa_dissect_lsaquerysecret_reply(tvbuff_t *tvb, int offset,
2753 packet_info *pinfo, proto_tree *tree, char *drep)
2755 /* [in, out, unique] LSA_SECRET **curr_val */
2756 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2757 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2758 "LSA_SECRET pointer: curr_val", -1, 0);
2760 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2761 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2762 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2763 "NTIME pointer: old_mtime", hf_lsa_cur_mtime, 0);
2765 /* [in, out, unique] LSA_SECRET **old_val */
2766 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2767 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2768 "LSA_SECRET pointer: old_val", -1, 0);
2770 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2771 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2772 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2773 "NTIME pointer: old_mtime", hf_lsa_old_mtime, 0);
2779 lsa_dissect_lsadeleteobject_rqst(tvbuff_t *tvb, int offset,
2780 packet_info *pinfo, proto_tree *tree, char *drep)
2782 /* [in] LSA_HANDLE hnd */
2783 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2791 lsa_dissect_lsadeleteobject_reply(tvbuff_t *tvb, int offset,
2792 packet_info *pinfo, proto_tree *tree, char *drep)
2794 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2801 lsa_dissect_lsaenumerateaccountswithuserright_rqst(tvbuff_t *tvb, int offset,
2802 packet_info *pinfo, proto_tree *tree, char *drep)
2804 /* [in] LSA_HANDLE hnd */
2805 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2808 /* [in, unique] LSA_UNICODE_STRING *rights */
2809 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2810 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2811 "LSA_UNICODE_STRING pointer: rights", hf_lsa_rights, 0);
2817 lsa_dissect_lsaenumerateaccountswithuserright_reply(tvbuff_t *tvb, int offset,
2818 packet_info *pinfo, proto_tree *tree, char *drep)
2820 /* [out, ref] LSA_UNICODE_STRING_ARRAY *accounts */
2821 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2822 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2823 "Account pointer: names", hf_lsa_acct, 0);
2825 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2832 lsa_dissect_lsaenumerateaccountrights_rqst(tvbuff_t *tvb, int offset,
2833 packet_info *pinfo, proto_tree *tree, char *drep)
2835 /* [in] LSA_HANDLE hnd */
2836 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2839 /* [in, ref] SID *account */
2840 offset = dissect_ndr_nt_SID(tvb, offset,
2848 lsa_dissect_lsaenumerateaccountrights_reply(tvbuff_t *tvb, int offset,
2849 packet_info *pinfo, proto_tree *tree, char *drep)
2851 /* [out, ref] LSA_UNICODE_STRING_ARRAY *rights */
2852 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2853 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2854 "Account pointer: rights", hf_lsa_rights, 0);
2856 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2863 lsa_dissect_lsaaddaccountrights_rqst(tvbuff_t *tvb, int offset,
2864 packet_info *pinfo, proto_tree *tree, char *drep)
2866 /* [in] LSA_HANDLE hnd */
2867 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2870 /* [in, ref] SID *account */
2871 offset = dissect_ndr_nt_SID(tvb, offset,
2874 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2875 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2876 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2877 "Account pointer: rights", hf_lsa_rights, 0);
2884 lsa_dissect_lsaaddaccountrights_reply(tvbuff_t *tvb, int offset,
2885 packet_info *pinfo, proto_tree *tree, char *drep)
2887 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2894 lsa_dissect_lsaremoveaccountrights_rqst(tvbuff_t *tvb, int offset,
2895 packet_info *pinfo, proto_tree *tree, char *drep)
2897 /* [in] LSA_HANDLE hnd */
2898 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2901 /* [in, ref] SID *account */
2902 offset = dissect_ndr_nt_SID(tvb, offset,
2906 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2907 hf_lsa_remove_all, NULL);
2909 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2910 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2911 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2912 "Account pointer: rights", hf_lsa_rights, 0);
2919 lsa_dissect_lsaremoveaccountrights_reply(tvbuff_t *tvb, int offset,
2920 packet_info *pinfo, proto_tree *tree, char *drep)
2922 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2930 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
2931 packet_info *pinfo, proto_tree *tree, char *drep)
2933 /* [in] LSA_HANDLE handle */
2934 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2937 /* [in, ref] LSA_UNICODE_STRING *name */
2939 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2942 /* [in] TRUSTED_INFORMATION_CLASS level */
2943 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2944 hf_lsa_trusted_info_level, NULL);
2951 lsa_dissect_lsaquerytrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
2952 packet_info *pinfo, proto_tree *tree, char *drep)
2954 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
2955 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2956 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2957 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
2959 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2967 lsa_dissect_lsasettrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
2968 packet_info *pinfo, proto_tree *tree, char *drep)
2970 /* [in] LSA_HANDLE handle */
2971 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2974 /* [in, ref] LSA_UNICODE_STRING *name */
2976 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2979 /* [in] TRUSTED_INFORMATION_CLASS level */
2980 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2981 hf_lsa_trusted_info_level, NULL);
2983 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info) */
2984 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2985 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2986 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
2993 lsa_dissect_lsasettrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
2994 packet_info *pinfo, proto_tree *tree, char *drep)
2996 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3003 lsa_dissect_lsaquerytrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3004 packet_info *pinfo, proto_tree *tree, char *drep)
3006 /* [in] LSA_HANDLE handle */
3007 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3010 /* [in, ref] SID *sid */
3011 offset = dissect_ndr_nt_SID(tvb, offset,
3014 /* [in] TRUSTED_INFORMATION_CLASS level */
3015 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3016 hf_lsa_trusted_info_level, NULL);
3022 lsa_dissect_lsaopentrusteddomainbyname_rqst(tvbuff_t *tvb, int offset,
3023 packet_info *pinfo, proto_tree *tree, char *drep)
3025 /* [in] LSA_HANDLE handle */
3026 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3029 /* [in, ref] LSA_UNICODE_STRING *name */
3031 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3034 /* [in] ACCESS_MASK access */
3035 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3043 lsa_dissect_lsaopentrusteddomainbyname_reply(tvbuff_t *tvb, int offset,
3044 packet_info *pinfo, proto_tree *tree, char *drep)
3046 /* [out] LSA_HANDLE handle */
3047 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3050 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3059 lsa_dissect_lsaquerytrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3060 packet_info *pinfo, proto_tree *tree, char *drep)
3062 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3063 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3064 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3065 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
3067 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3074 lsa_dissect_lsasettrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3075 packet_info *pinfo, proto_tree *tree, char *drep)
3077 /* [in] LSA_HANDLE handle */
3078 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3081 /* [in, ref] SID *sid */
3082 offset = dissect_ndr_nt_SID(tvb, offset,
3085 /* [in] TRUSTED_INFORMATION_CLASS level */
3086 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3087 hf_lsa_trusted_info_level, NULL);
3089 /* [ref, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3090 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3091 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3092 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
3099 lsa_dissect_lsasettrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3100 packet_info *pinfo, proto_tree *tree, char *drep)
3102 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3109 lsa_dissect_lsaqueryinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3110 packet_info *pinfo, proto_tree *tree, char *drep)
3112 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3113 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3114 "LSA_HANDLE", -1, 0);
3116 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3117 hf_lsa_policy_information_class, NULL);
3123 lsa_dissect_lsaqueryinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3124 packet_info *pinfo, proto_tree *tree, char *drep)
3126 /* This is really a pointer to a pointer though the first level is REF
3127 so we just ignore that one */
3128 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3129 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
3130 "POLICY_INFORMATION pointer: info", -1, 0);
3132 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3139 lsa_dissect_lsasetinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3140 packet_info *pinfo, proto_tree *tree, char *drep)
3142 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3143 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3144 "LSA_HANDLE", -1, 0);
3146 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3147 hf_lsa_policy_information_class, NULL);
3149 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3150 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3151 "POLICY_INFORMATION pointer: info", -1, 0);
3157 lsa_dissect_lsasetinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3158 packet_info *pinfo, proto_tree *tree, char *drep)
3160 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3167 lsa_dissect_lsaquerydomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3168 packet_info *pinfo, proto_tree *tree, char *drep)
3170 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3171 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3172 "LSA_HANDLE", -1, 0);
3174 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3175 hf_lsa_policy_information_class, NULL);
3181 lsa_dissect_lsaquerydomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3182 packet_info *pinfo, proto_tree *tree, char *drep)
3184 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3185 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3186 "POLICY_INFORMATION pointer: info", -1, 0);
3188 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3195 lsa_dissect_lsasetdomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3196 packet_info *pinfo, proto_tree *tree, char *drep)
3198 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3199 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3200 "LSA_HANDLE", -1, 0);
3202 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3203 hf_lsa_policy_information_class, NULL);
3205 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3206 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3207 "POLICY_INFORMATION pointer: info", -1, 0);
3213 lsa_dissect_lsasetdomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3214 packet_info *pinfo, proto_tree *tree, char *drep)
3216 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3223 lsa_dissect_lsalookupnames2_rqst(tvbuff_t *tvb, int offset,
3224 packet_info *pinfo, proto_tree *tree, char *drep)
3226 /* [in] LSA_HANDLE hnd */
3227 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3230 /* [in] ULONG count */
3231 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3232 hf_lsa_count, NULL);
3234 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
3235 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3236 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
3237 "Account pointer: names", hf_lsa_acct, 0);
3239 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3240 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3241 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3242 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
3244 /* [in] USHORT level */
3245 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3246 hf_lsa_info_level, NULL);
3248 /* [in, out, ref] ULONG *num_mapped */
3249 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3250 hf_lsa_num_mapped, NULL);
3253 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3254 hf_lsa_unknown_long, NULL);
3257 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3258 hf_lsa_unknown_long, NULL);
3265 lsa_dissect_lsalookupnames2_reply(tvbuff_t *tvb, int offset,
3266 packet_info *pinfo, proto_tree *tree, char *drep)
3268 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
3269 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3270 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3271 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
3273 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3274 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3275 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3276 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
3278 /* [in, out, ref] ULONG *num_mapped */
3279 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3280 hf_lsa_num_mapped, NULL);
3282 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3290 lsa_dissect_lsacreateaccount_rqst(tvbuff_t *tvb, int offset,
3291 packet_info *pinfo, proto_tree *tree, char *drep)
3293 /* [in] LSA_HANDLE hnd */
3294 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3297 offset = dissect_ndr_nt_SID(tvb, offset,
3300 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3307 lsa_dissect_lsacreateaccount_reply(tvbuff_t *tvb, int offset,
3308 packet_info *pinfo, proto_tree *tree, char *drep)
3310 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3313 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3320 lsa_dissect_lsalookupprivilegedisplayname_rqst(tvbuff_t *tvb, int offset,
3321 packet_info *pinfo, proto_tree *tree, char *drep)
3323 /* [in] LSA_HANDLE hnd */
3324 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3327 /* [in, ref] LSA_UNICODE_STRING *name */
3328 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3331 /* [in] USHORT unknown */
3332 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3333 hf_lsa_unknown_short, NULL);
3335 /* [in] USHORT size */
3336 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3337 hf_lsa_size16, NULL);
3344 lsa_dissect_lsalookupprivilegedisplayname_reply(tvbuff_t *tvb, int offset,
3345 packet_info *pinfo, proto_tree *tree, char *drep)
3347 /* [out, ref] LSA_UNICODE_STRING **disp_name */
3348 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3349 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3350 "NAME pointer: ", hf_lsa_privilege_name, 0);
3352 /* [out, ref] USHORT *size_needed */
3353 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3354 hf_lsa_size_needed, NULL);
3356 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3363 lsa_dissect_lsastoreprivatedata_rqst(tvbuff_t *tvb, int offset,
3364 packet_info *pinfo, proto_tree *tree, char *drep)
3366 /* [in] LSA_HANDLE hnd */
3367 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3370 /* [in, ref] LSA_UNICODE_STRING *key */
3371 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3374 /* [in, unique] LSA_SECRET **data */
3375 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3376 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
3377 "LSA_SECRET* pointer: data", -1, 0);
3384 lsa_dissect_lsastoreprivatedata_reply(tvbuff_t *tvb, int offset,
3385 packet_info *pinfo, proto_tree *tree, char *drep)
3387 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3394 lsa_dissect_lsaretrieveprivatedata_rqst(tvbuff_t *tvb, int offset,
3395 packet_info *pinfo, proto_tree *tree, char *drep)
3397 /* [in] LSA_HANDLE hnd */
3398 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3401 /* [in, ref] LSA_UNICODE_STRING *key */
3402 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3405 /* [in, out, ref] LSA_SECRET **data */
3406 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3407 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3408 "LSA_SECRET* pointer: data", -1, 0);
3415 lsa_dissect_lsaretrieveprivatedata_reply(tvbuff_t *tvb, int offset,
3416 packet_info *pinfo, proto_tree *tree, char *drep)
3418 /* [in, out, ref] LSA_SECRET **data */
3419 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3420 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3421 "LSA_SECRET* pointer: data", -1, 0);
3423 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3430 lsa_dissect_lsaclosetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3431 packet_info *pinfo, proto_tree *tree, char *drep)
3434 /* [in, out] LSA_HANDLE *tdHnd */
3435 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3436 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3437 "LSA_HANDLE", -1, 0);
3444 lsa_dissect_lsaclosetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3445 packet_info *pinfo, proto_tree *tree, char *drep)
3448 /* [in, out] LSA_HANDLE *tdHnd */
3449 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3450 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3451 "LSA_HANDLE", -1, 0);
3453 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3460 lsa_dissect_LSA_TRANSLATED_NAME_EX(tvbuff_t *tvb, int offset,
3461 packet_info *pinfo, proto_tree *parent_tree, char *drep)
3463 proto_item *item=NULL;
3464 proto_tree *tree=NULL;
3465 int old_offset=offset;
3468 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3469 "LSA_TRANSLATED_NAME:");
3470 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
3474 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3475 hf_lsa_sid_type, NULL);
3478 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3482 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3483 hf_lsa_index, NULL);
3486 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3487 hf_lsa_unknown_long, NULL);
3489 proto_item_set_len(item, offset-old_offset);
3494 lsa_dissect_LSA_TRANSLATED_NAME_EX_array(tvbuff_t *tvb, int offset,
3495 packet_info *pinfo, proto_tree *tree, char *drep)
3497 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3498 lsa_dissect_LSA_TRANSLATED_NAME_EX);
3503 lsa_dissect_LSA_TRANSLATED_NAMES_EX(tvbuff_t *tvb, int offset,
3504 packet_info *pinfo, proto_tree *tree, char *drep)
3507 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3508 hf_lsa_count, NULL);
3510 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3511 lsa_dissect_LSA_TRANSLATED_NAME_EX_array, NDR_POINTER_UNIQUE,
3512 "LSA_TRANSLATED_NAME_EX: pointer", -1, 0);
3519 lsa_dissect_lsalookupsids2_rqst(tvbuff_t *tvb, int offset,
3520 packet_info *pinfo, proto_tree *tree, char *drep)
3522 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3525 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3526 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3527 "PSID_ARRAY", -1, 0);
3529 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3530 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3531 "LSA_TRANSLATED_NAMES_EX pointer: names", -1, 0);
3533 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3534 hf_lsa_info_level, NULL);
3536 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3537 hf_lsa_num_mapped, NULL);
3540 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3541 hf_lsa_unknown_long, NULL);
3544 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3545 hf_lsa_unknown_long, NULL);
3551 lsa_dissect_lsalookupsids2_reply(tvbuff_t *tvb, int offset,
3552 packet_info *pinfo, proto_tree *tree, char *drep)
3554 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3555 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_REF,
3556 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
3558 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3559 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3560 "LSA_TRANSLATED_NAMES_EX pointer: names", -1, 0);
3562 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3563 hf_lsa_num_mapped, NULL);
3565 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3572 lsa_dissect_lsagetusername_rqst(tvbuff_t *tvb, int offset,
3573 packet_info *pinfo, proto_tree *tree, char *drep)
3576 /* [in, unique, string] WCHAR *server */
3577 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3578 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
3579 "Server:", hf_lsa_server, 0);
3581 /* [in, out, ref] LSA_UNICODE_STRING **user */
3582 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3583 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3584 "ACCOUNT pointer: ", hf_lsa_acct, 0);
3586 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3587 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3588 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3589 "DOMAIN pointer: ", hf_lsa_domain, 0);
3596 lsa_dissect_lsagetusername_reply(tvbuff_t *tvb, int offset,
3597 packet_info *pinfo, proto_tree *tree, char *drep)
3599 /* [in, out, ref] LSA_UNICODE_STRING **user */
3600 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3601 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3602 "ACCOUNT pointer: ", hf_lsa_acct, 0);
3604 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3605 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3606 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3607 "DOMAIN pointer: ", hf_lsa_domain, 0);
3609 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3616 lsa_dissect_lsacreatetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3617 packet_info *pinfo, proto_tree *tree, char *drep)
3619 /* [in] LSA_HANDLE hnd */
3620 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3623 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3624 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3625 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3626 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1, 0);
3628 /* [in, ref] TRUSTED_DOMAIN_AUTH_INFORMATION *auth */
3629 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3630 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION, NDR_POINTER_REF,
3631 "TRUSTED_DOMAIN_AUTH_INFORMATION pointer: auth", -1, 0);
3633 /* [in] ACCESS_MASK mask */
3634 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3642 lsa_dissect_lsacreatetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3643 packet_info *pinfo, proto_tree *tree, char *drep)
3645 /* [out] LSA_HANDLE *tdHnd) */
3646 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3649 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3656 lsa_dissect_lsaenumeratetrusteddomainsex_rqst(tvbuff_t *tvb, int offset,
3657 packet_info *pinfo, proto_tree *tree, char *drep)
3659 /* [in] LSA_HANDLE hnd */
3660 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3663 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3664 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3665 hf_lsa_resume_handle, NULL);
3667 /* [in] ULONG pref_maxlen */
3668 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3669 hf_lsa_max_count, NULL);
3676 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array(tvbuff_t *tvb, int offset,
3677 packet_info *pinfo, proto_tree *tree, char *drep)
3679 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3680 lsa_dissect_LSA_TRUST_INFORMATION_EX);
3686 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX(tvbuff_t *tvb, int offset,
3687 packet_info *pinfo, proto_tree *tree, char *drep)
3690 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3691 hf_lsa_count, NULL);
3693 /* trust information */
3694 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3695 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array, NDR_POINTER_UNIQUE,
3696 "TRUST INFORMATION array:", -1, 0);
3699 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3700 hf_lsa_max_count, NULL);
3707 lsa_dissect_lsaenumeratetrusteddomainsex_reply(tvbuff_t *tvb, int offset,
3708 packet_info *pinfo, proto_tree *tree, char *drep)
3710 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3711 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3712 hf_lsa_resume_handle, NULL);
3714 /* [out, ref] TRUSTED_DOMAIN_INFORMATION_LIST_EX *domains */
3715 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3716 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX, NDR_POINTER_REF,
3717 "TRUSTED_DOMAIN_INFORMATION_LIST_EX pointer: domains", -1, 0);
3719 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3726 lsa_dissect_lsafunction_38_rqst(tvbuff_t *tvb, int offset,
3727 packet_info *pinfo, proto_tree *tree, char *drep)
3729 /* [in] LSA_HANDLE handle */
3730 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3733 /* [in] USHORT flag */
3734 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3735 hf_lsa_unknown_short, NULL);
3737 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3738 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3739 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3740 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1, 0);
3747 lsa_dissect_lsafunction_38_reply(tvbuff_t *tvb, int offset,
3748 packet_info *pinfo, proto_tree *tree, char *drep)
3750 /* [out, ref] LSA_SECURITY_DESCRIPTOR **psd) */
3751 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3752 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3753 "LSA_SECURITY_DESCRIPTOR pointer: psd)", -1, 0);
3759 lsa_dissect_lsafunction_3b_rqst(tvbuff_t *tvb, int offset,
3760 packet_info *pinfo, proto_tree *tree, char *drep)
3762 /* [in] LSA_HANDLE hnd */
3763 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3766 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3767 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3768 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3769 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1, 0);
3771 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3772 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3773 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3774 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1, 0);
3776 /* [in] ULONG unknown */
3777 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3778 hf_lsa_unknown_long, NULL);
3785 lsa_dissect_lsafunction_3b_reply(tvbuff_t *tvb, int offset,
3786 packet_info *pinfo, proto_tree *tree, char *drep)
3788 /* [out] LSA_HANDLE *h2) */
3789 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3792 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3799 static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
3800 { LSA_LSACLOSE, "Close",
3801 lsa_dissect_lsaclose_rqst,
3802 lsa_dissect_lsaclose_reply },
3803 { LSA_LSADELETE, "Delete",
3804 lsa_dissect_lsadelete_rqst,
3805 lsa_dissect_lsadelete_reply },
3806 { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs",
3807 lsa_dissect_lsaenumerateprivileges_rqst,
3808 lsa_dissect_lsaenumerateprivileges_reply },
3809 { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject",
3810 lsa_dissect_lsaquerysecurityobject_rqst,
3811 lsa_dissect_lsaquerysecurityobject_reply },
3812 { LSA_LSASETSECURITYOBJECT, "SetSecObject",
3813 lsa_dissect_lsasetsecurityobject_rqst,
3814 lsa_dissect_lsasetsecurityobject_reply },
3815 { LSA_LSACHANGEPASSWORD, "ChangePassword",
3816 lsa_dissect_lsachangepassword_rqst,
3817 lsa_dissect_lsachangepassword_reply },
3818 { LSA_LSAOPENPOLICY, "OpenPolicy",
3819 lsa_dissect_lsaopenpolicy_rqst,
3820 lsa_dissect_lsaopenpolicy_reply },
3821 { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy",
3822 lsa_dissect_lsaqueryinformationpolicy_rqst,
3823 lsa_dissect_lsaqueryinformationpolicy_reply },
3824 { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy",
3825 lsa_dissect_lsasetinformationpolicy_rqst,
3826 lsa_dissect_lsasetinformationpolicy_reply },
3827 { LSA_LSACLEARAUDITLOG, "ClearAuditLog",
3828 lsa_dissect_lsaclearauditlog_rqst,
3829 lsa_dissect_lsaclearauditlog_reply },
3830 { LSA_LSACREATEACCOUNT, "CreateAccount",
3831 lsa_dissect_lsacreateaccount_rqst,
3832 lsa_dissect_lsacreateaccount_reply },
3833 { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts",
3834 lsa_dissect_lsaenumerateaccounts_rqst,
3835 lsa_dissect_lsaenumerateaccounts_reply },
3836 { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain",
3837 lsa_dissect_lsacreatetrusteddomain_rqst,
3838 lsa_dissect_lsacreatetrusteddomain_reply },
3839 { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains",
3840 lsa_dissect_lsaenumeratetrusteddomains_rqst,
3841 lsa_dissect_lsaenumeratetrusteddomains_reply },
3842 { LSA_LSALOOKUPNAMES, "LookupNames",
3843 lsa_dissect_lsalookupnames_rqst,
3844 lsa_dissect_lsalookupnames_reply },
3845 { LSA_LSALOOKUPSIDS, "LookupSIDs",
3846 lsa_dissect_lsalookupsids_rqst,
3847 lsa_dissect_lsalookupsids_reply },
3848 { LSA_LSACREATESECRET, "CreateSecret",
3849 lsa_dissect_lsacreatesecret_rqst,
3850 lsa_dissect_lsacreatesecret_reply },
3851 { LSA_LSAOPENACCOUNT, "OpenAccount",
3852 lsa_dissect_lsaopenaccount_rqst,
3853 lsa_dissect_lsaopenaccount_reply },
3854 { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount",
3855 lsa_dissect_lsaenumerateprivilegesaccount_rqst,
3856 lsa_dissect_lsaenumerateprivilegesaccount_reply },
3857 { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount",
3858 lsa_dissect_lsaaddprivilegestoaccount_rqst,
3859 lsa_dissect_lsaaddprivilegestoaccount_reply },
3860 { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount",
3861 lsa_dissect_lsaremoveprivilegesfromaccount_rqst,
3862 lsa_dissect_lsaremoveprivilegesfromaccount_reply },
3863 { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount",
3864 lsa_dissect_lsagetquotasforaccount_rqst,
3865 lsa_dissect_lsagetquotasforaccount_reply },
3866 { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount",
3867 lsa_dissect_lsasetquotasforaccount_rqst,
3868 lsa_dissect_lsasetquotasforaccount_reply },
3869 { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount",
3870 lsa_dissect_lsagetsystemaccessaccount_rqst,
3871 lsa_dissect_lsagetsystemaccessaccount_reply },
3872 { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount",
3873 lsa_dissect_lsasetsystemaccessaccount_rqst,
3874 lsa_dissect_lsasetsystemaccessaccount_reply },
3875 { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain",
3876 lsa_dissect_lsaopentrusteddomain_rqst,
3877 lsa_dissect_lsaopentrusteddomain_reply },
3878 { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain",
3879 lsa_dissect_lsaqueryinfotrusteddomain_rqst,
3880 lsa_dissect_lsaqueryinfotrusteddomain_reply },
3881 { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain",
3882 lsa_dissect_lsasetinformationtrusteddomain_rqst,
3883 lsa_dissect_lsasetinformationtrusteddomain_reply },
3884 { LSA_LSAOPENSECRET, "OpenSecret",
3885 lsa_dissect_lsaopensecret_rqst,
3886 lsa_dissect_lsaopensecret_reply },
3887 { LSA_LSASETSECRET, "SetSecret",
3888 lsa_dissect_lsasetsecret_rqst,
3889 lsa_dissect_lsasetsecret_reply },
3890 { LSA_LSAQUERYSECRET, "QuerySecret",
3891 lsa_dissect_lsaquerysecret_rqst,
3892 lsa_dissect_lsaquerysecret_reply },
3893 { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue",
3894 lsa_dissect_lsalookupprivilegevalue_rqst,
3895 lsa_dissect_lsalookupprivilegevalue_reply },
3896 { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName",
3897 lsa_dissect_lsalookupprivilegename_rqst,
3898 lsa_dissect_lsalookupprivilegename_reply },
3899 { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName",
3900 lsa_dissect_lsalookupprivilegedisplayname_rqst,
3901 lsa_dissect_lsalookupprivilegedisplayname_reply },
3902 { LSA_LSADELETEOBJECT, "DeleteObject",
3903 lsa_dissect_lsadeleteobject_rqst,
3904 lsa_dissect_lsadeleteobject_reply },
3905 { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight",
3906 lsa_dissect_lsaenumerateaccountswithuserright_rqst,
3907 lsa_dissect_lsaenumerateaccountswithuserright_reply },
3908 { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights",
3909 lsa_dissect_lsaenumerateaccountrights_rqst,
3910 lsa_dissect_lsaenumerateaccountrights_reply },
3911 { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights",
3912 lsa_dissect_lsaaddaccountrights_rqst,
3913 lsa_dissect_lsaaddaccountrights_reply },
3914 { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights",
3915 lsa_dissect_lsaremoveaccountrights_rqst,
3916 lsa_dissect_lsaremoveaccountrights_reply },
3917 { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo",
3918 lsa_dissect_lsaquerytrusteddomaininfo_rqst,
3919 lsa_dissect_lsaquerytrusteddomaininfo_reply },
3920 { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo",
3921 lsa_dissect_lsasettrusteddomaininfo_rqst,
3922 lsa_dissect_lsasettrusteddomaininfo_reply },
3923 { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain",
3924 lsa_dissect_lsadeletetrusteddomain_rqst,
3925 lsa_dissect_lsadeletetrusteddomain_reply },
3926 { LSA_LSASTOREPRIVATEDATA, "StorePrivateData",
3927 lsa_dissect_lsastoreprivatedata_rqst,
3928 lsa_dissect_lsastoreprivatedata_reply },
3929 { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData",
3930 lsa_dissect_lsaretrieveprivatedata_rqst,
3931 lsa_dissect_lsaretrieveprivatedata_reply },
3932 { LSA_LSAOPENPOLICY2, "OpenPolicy2",
3933 lsa_dissect_lsaopenpolicy2_rqst,
3934 lsa_dissect_lsaopenpolicy2_reply },
3935 { LSA_LSAGETUSERNAME, "GetUsername",
3936 lsa_dissect_lsagetusername_rqst,
3937 lsa_dissect_lsagetusername_reply },
3938 { LSA_LSAQUERYINFORMATIONPOLICY2, "QueryInformationPolicy2",
3939 lsa_dissect_lsaqueryinformationpolicy2_rqst,
3940 lsa_dissect_lsaqueryinformationpolicy2_reply },
3941 { LSA_LSASETINFORMATIONPOLICY2, "SetInformationPolicy2",
3942 lsa_dissect_lsasetinformationpolicy2_rqst,
3943 lsa_dissect_lsasetinformationpolicy2_reply },
3944 { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName",
3945 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst,
3946 lsa_dissect_lsaquerytrusteddomaininfobyname_reply },
3947 { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName",
3948 lsa_dissect_lsasettrusteddomaininfobyname_rqst,
3949 lsa_dissect_lsasettrusteddomaininfobyname_reply },
3950 { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx",
3951 lsa_dissect_lsaenumeratetrusteddomainsex_rqst,
3952 lsa_dissect_lsaenumeratetrusteddomainsex_reply },
3953 { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx",
3954 lsa_dissect_lsacreatetrusteddomainex_rqst,
3955 lsa_dissect_lsacreatetrusteddomainex_reply },
3956 { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx",
3957 lsa_dissect_lsaclosetrusteddomainex_rqst,
3958 lsa_dissect_lsaclosetrusteddomainex_reply },
3959 { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy",
3960 lsa_dissect_lsaquerydomaininformationpolicy_rqst,
3961 lsa_dissect_lsaquerydomaininformationpolicy_reply },
3962 { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy",
3963 lsa_dissect_lsasetdomaininformationpolicy_rqst,
3964 lsa_dissect_lsasetdomaininformationpolicy_reply },
3965 { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName",
3966 lsa_dissect_lsaopentrusteddomainbyname_rqst,
3967 lsa_dissect_lsaopentrusteddomainbyname_reply },
3968 { LSA_LSAFUNCTION_38, "LSAFUNCTION_38",
3969 lsa_dissect_lsafunction_38_rqst,
3970 lsa_dissect_lsafunction_38_reply },
3971 { LSA_LSALOOKUPSIDS2, "LookupSIDs2",
3972 lsa_dissect_lsalookupsids2_rqst,
3973 lsa_dissect_lsalookupsids2_reply },
3974 { LSA_LSALOOKUPNAMES2, "LookupNames2",
3975 lsa_dissect_lsalookupnames2_rqst,
3976 lsa_dissect_lsalookupnames2_reply },
3977 { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B",
3978 lsa_dissect_lsafunction_3b_rqst,
3979 lsa_dissect_lsafunction_3b_reply },
3980 {0, NULL, NULL, NULL}
3983 static const value_string lsa_opnum_vals[] = {
3984 { LSA_LSACLOSE, "Close" },
3985 { LSA_LSADELETE, "Delete" },
3986 { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs" },
3987 { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject" },
3988 { LSA_LSASETSECURITYOBJECT, "SetSecObject" },
3989 { LSA_LSACHANGEPASSWORD, "ChangePassword" },
3990 { LSA_LSAOPENPOLICY, "OpenPolicy" },
3991 { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy" },
3992 { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy" },
3993 { LSA_LSACLEARAUDITLOG, "ClearAuditLog" },
3994 { LSA_LSACREATEACCOUNT, "CreateAccount" },
3995 { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts" },
3996 { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain" },
3997 { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains" },
3998 { LSA_LSALOOKUPNAMES, "LookupNames" },
3999 { LSA_LSALOOKUPSIDS, "LookupSIDs" },
4000 { LSA_LSACREATESECRET, "CreateSecret" },
4001 { LSA_LSAOPENACCOUNT, "OpenAccount" },
4002 { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount" },
4003 { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount" },
4004 { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount" },
4005 { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount" },
4006 { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount" },
4007 { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount" },
4008 { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount" },
4009 { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain" },
4010 { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain" },
4011 { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain" },
4012 { LSA_LSAOPENSECRET, "OpenSecret" },
4013 { LSA_LSASETSECRET, "SetSecret" },
4014 { LSA_LSAQUERYSECRET, "QuerySecret" },
4015 { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue" },
4016 { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName" },
4017 { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName" },
4018 { LSA_LSADELETEOBJECT, "DeleteObject" },
4019 { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight" },
4020 { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights" },
4021 { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights" },
4022 { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights" },
4023 { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo" },
4024 { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo" },
4025 { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain" },
4026 { LSA_LSASTOREPRIVATEDATA, "StorePrivateData" },
4027 { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData" },
4028 { LSA_LSAOPENPOLICY2, "OpenPolicy2" },
4029 { LSA_LSAGETUSERNAME, "GetUsername" },
4030 { LSA_LSAQUERYINFORMATIONPOLICY2, "QueryInformationPolicy2" },
4031 { LSA_LSASETINFORMATIONPOLICY2, "SetInformationPolicy2" },
4032 { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName" },
4033 { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName" },
4034 { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx" },
4035 { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx" },
4036 { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx" },
4037 { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy" },
4038 { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy" },
4039 { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName" },
4040 { LSA_LSAFUNCTION_38, "LSAFUNCTION_38" },
4041 { LSA_LSALOOKUPSIDS2, "LookupSIDs2" },
4042 { LSA_LSALOOKUPNAMES2, "LookupNames2" },
4043 { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B" },
4048 proto_register_dcerpc_lsa(void)
4050 static hf_register_info hf[] = {
4053 { "Operation", "lsa.opnum", FT_UINT16, BASE_DEC,
4054 VALS(lsa_opnum_vals), 0x0, "Operation", HFILL }},
4056 { &hf_lsa_unknown_string,
4057 { "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
4058 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
4061 { "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
4062 NULL, 0x0, "LSA policy handle", HFILL }},
4065 { "Server", "lsa.server", FT_STRING, BASE_NONE,
4066 NULL, 0, "Name of Server", HFILL }},
4068 { &hf_lsa_controller,
4069 { "Controller", "lsa.controller", FT_STRING, BASE_NONE,
4070 NULL, 0, "Name of Domain Controller", HFILL }},
4072 { &hf_lsa_unknown_hyper,
4073 { "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
4074 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4076 { &hf_lsa_unknown_long,
4077 { "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
4078 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4080 { &hf_lsa_unknown_short,
4081 { "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
4082 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4084 { &hf_lsa_unknown_char,
4085 { "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
4086 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4089 { "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
4090 VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
4093 { "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
4094 NULL, 0x0, "LSA Attributes", HFILL }},
4096 { &hf_lsa_obj_attr_len,
4097 { "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
4098 NULL, 0x0, "Length of object attribute structure", HFILL }},
4100 { &hf_lsa_obj_attr_name,
4101 { "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
4102 NULL, 0x0, "Name of object attribute", HFILL }},
4104 { &hf_lsa_access_mask,
4105 { "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
4106 NULL, 0x0, "LSA Access Mask", HFILL }},
4108 { &hf_lsa_info_level,
4109 { "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
4110 NULL, 0x0, "Information level of requested data", HFILL }},
4112 { &hf_lsa_trusted_info_level,
4113 { "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
4114 VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
4117 { "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
4118 NULL, 0x0, "Size of lsa security descriptor", HFILL }},
4121 { "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
4122 NULL, 0x0, "Length of quality of service structure", HFILL }},
4124 { &hf_lsa_qos_impersonation_level,
4125 { "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
4126 VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
4128 { &hf_lsa_qos_track_context,
4129 { "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
4130 NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
4132 { &hf_lsa_qos_effective_only,
4133 { "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
4134 NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
4136 { &hf_lsa_pali_percent_full,
4137 { "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
4138 NULL, 0x0, "How full audit log is in percentage", HFILL }},
4140 { &hf_lsa_pali_log_size,
4141 { "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
4142 NULL, 0x0, "Size of audit log", HFILL }},
4144 { &hf_lsa_pali_retention_period,
4145 { "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
4146 NULL, 0x0, "", HFILL }},
4148 { &hf_lsa_pali_time_to_shutdown,
4149 { "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
4150 NULL, 0x0, "Time to shutdown", HFILL }},
4152 { &hf_lsa_pali_shutdown_in_progress,
4153 { "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
4154 NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
4156 { &hf_lsa_pali_next_audit_record,
4157 { "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
4158 NULL, 0x0, "Next audit record", HFILL }},
4160 { &hf_lsa_paei_enabled,
4161 { "Enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
4162 NULL, 0x0, "If Audit Events Information is Enabled or not", HFILL }},
4164 { &hf_lsa_paei_settings,
4165 { "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
4166 NULL, 0x0, "Audit Events Information settings", HFILL }},
4169 { "Count", "lsa.count", FT_UINT32, BASE_DEC,
4170 NULL, 0x0, "Count of objects", HFILL }},
4172 { &hf_lsa_max_count,
4173 { "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
4174 NULL, 0x0, "", HFILL }},
4177 { "Domain", "lsa.domain", FT_STRING, BASE_NONE,
4178 NULL, 0x0, "Domain", HFILL }},
4181 { "Account", "lsa.acct", FT_STRING, BASE_NONE,
4182 NULL, 0x0, "Account", HFILL }},
4185 { "Source", "lsa.source", FT_STRING, BASE_NONE,
4186 NULL, 0x0, "Replica Source", HFILL }},
4188 { &hf_lsa_server_role,
4189 { "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
4190 VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
4192 { &hf_lsa_quota_paged_pool,
4193 { "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
4194 NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
4196 { &hf_lsa_quota_non_paged_pool,
4197 { "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
4198 NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
4200 { &hf_lsa_quota_min_wss,
4201 { "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
4202 NULL, 0x0, "Size of Quota Min WSS", HFILL }},
4204 { &hf_lsa_quota_max_wss,
4205 { "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
4206 NULL, 0x0, "Size of Quota Max WSS", HFILL }},
4208 { &hf_lsa_quota_pagefile,
4209 { "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
4210 NULL, 0x0, "Size of quota pagefile usage", HFILL }},
4212 { &hf_lsa_mod_seq_no,
4213 { "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
4214 NULL, 0x0, "Sequence number for this modification", HFILL }},
4216 { &hf_lsa_mod_mtime,
4217 { "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4218 NULL, 0x0, "Time when this modification occured", HFILL }},
4220 { &hf_lsa_cur_mtime,
4221 { "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4222 NULL, 0x0, "Current MTime to set", HFILL }},
4224 { &hf_lsa_old_mtime,
4225 { "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4226 NULL, 0x0, "Old MTime for this object", HFILL }},
4229 { "Name", "lsa.name", FT_STRING, BASE_NONE,
4230 NULL, 0x0, "", HFILL }},
4233 { "Key", "lsa.key", FT_BYTES, BASE_NONE,
4234 NULL, 0x0, "", HFILL }},
4236 { &hf_lsa_flat_name,
4237 { "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
4238 NULL, 0x0, "", HFILL }},
4241 { "Forest", "lsa.forest", FT_STRING, BASE_NONE,
4242 NULL, 0x0, "", HFILL }},
4244 { &hf_lsa_info_type,
4245 { "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
4246 NULL, 0x0, "", HFILL }},
4249 { "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
4250 NULL, 0x0, "New password", HFILL }},
4253 { "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
4254 NULL, 0x0, "Old password", HFILL }},
4257 { "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
4258 VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
4261 { "RID", "lsa.rid", FT_UINT32, BASE_HEX,
4262 NULL, 0x0, "RID", HFILL }},
4264 { &hf_lsa_rid_offset,
4265 { "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
4266 NULL, 0x0, "RID Offset", HFILL }},
4269 { "Index", "lsa.index", FT_UINT32, BASE_DEC,
4270 NULL, 0x0, "", HFILL }},
4272 { &hf_lsa_num_mapped,
4273 { "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
4274 NULL, 0x0, "", HFILL }},
4276 { &hf_lsa_policy_information_class,
4277 { "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
4278 VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
4281 { "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX,
4282 NULL, 0, "", HFILL }},
4284 { &hf_lsa_auth_blob,
4285 { "Auth blob", "lsa.auth.blob", FT_BYTES, BASE_HEX,
4286 NULL, 0, "", HFILL }},
4289 { "High", "nt.luid.high", FT_UINT32, BASE_HEX,
4290 NULL, 0x0, "LUID High component", HFILL }},
4293 { "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
4294 NULL, 0x0, "LUID Low component", HFILL }},
4297 { "Size", "lsa.size", FT_UINT32, BASE_DEC,
4298 NULL, 0x0, "", HFILL }},
4301 { "Size", "lsa.size", FT_UINT16, BASE_DEC,
4302 NULL, 0x0, "", HFILL }},
4304 { &hf_lsa_size_needed,
4305 { "Size Needed", "lsa.size_needed", FT_UINT16, BASE_DEC,
4306 NULL, 0x0, "", HFILL }},
4308 { &hf_lsa_privilege_name,
4309 { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
4310 NULL, 0x0, "LSA Privilege Name", HFILL }},
4313 { "Rights", "lsa.rights", FT_STRING, BASE_NONE,
4314 NULL, 0x0, "Account Rights", HFILL }},
4317 { "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
4318 NULL, 0x0, "LSA Attributes", HFILL }},
4320 { &hf_lsa_auth_update,
4321 { "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
4322 NULL, 0x0, "LSA Auth Info update", HFILL }},
4324 { &hf_lsa_resume_handle,
4325 { "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
4326 NULL, 0x0, "Resume Handle", HFILL }},
4328 { &hf_lsa_trust_direction,
4329 { "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
4330 VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
4332 { &hf_lsa_trust_type,
4333 { "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
4334 VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
4336 { &hf_lsa_trust_attr,
4337 { "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
4338 NULL, 0x0, "Trust attributes", HFILL }},
4340 { &hf_lsa_trust_attr_non_trans,
4341 { "Non Transitive", "lsa.trust.attr.non_trans", FT_BOOLEAN, 32,
4342 TFS(&tfs_trust_attr_non_trans), 0x00000001, "Non Transitive trust", HFILL }},
4344 { &hf_lsa_trust_attr_uplevel_only,
4345 { "Upleve only", "lsa.trust.attr.uplevel_only", FT_BOOLEAN, 32,
4346 TFS(&tfs_trust_attr_uplevel_only), 0x00000002, "Uplevel only trust", HFILL }},
4348 { &hf_lsa_trust_attr_tree_parent,
4349 { "Tree Parent", "lsa.trust.attr.tree_parent", FT_BOOLEAN, 32,
4350 TFS(&tfs_trust_attr_tree_parent), 0x00400000, "Tree Parent trust", HFILL }},
4352 { &hf_lsa_trust_attr_tree_root,
4353 { "Tree Root", "lsa.trust.attr.tree_root", FT_BOOLEAN, 32,
4354 TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
4356 { &hf_lsa_auth_type,
4357 { "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
4358 NULL, 0x0, "Auth Info type", HFILL }},
4361 { "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
4362 NULL, 0x0, "Auth Info len", HFILL }},
4364 { &hf_lsa_remove_all,
4365 { "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
4366 NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }}
4369 static gint *ett[] = {
4371 &ett_lsa_OBJECT_ATTRIBUTES,
4372 &ett_LSA_SECURITY_DESCRIPTOR,
4373 &ett_lsa_policy_info,
4374 &ett_lsa_policy_audit_log_info,
4375 &ett_lsa_policy_audit_events_info,
4376 &ett_lsa_policy_primary_domain_info,
4377 &ett_lsa_policy_primary_account_info,
4378 &ett_lsa_policy_server_role_info,
4379 &ett_lsa_policy_replica_source_info,
4380 &ett_lsa_policy_default_quota_info,
4381 &ett_lsa_policy_modification_info,
4382 &ett_lsa_policy_audit_full_set_info,
4383 &ett_lsa_policy_audit_full_query_info,
4384 &ett_lsa_policy_dns_domain_info,
4385 &ett_lsa_translated_names,
4386 &ett_lsa_translated_name,
4387 &ett_lsa_referenced_domain_list,
4388 &ett_lsa_trust_information,
4389 &ett_lsa_trust_information_ex,
4391 &ett_LSA_PRIVILEGES,
4393 &ett_LSA_LUID_AND_ATTRIBUTES_ARRAY,
4394 &ett_LSA_LUID_AND_ATTRIBUTES,
4395 &ett_LSA_TRUSTED_DOMAIN_LIST,
4396 &ett_LSA_TRUSTED_DOMAIN,
4397 &ett_LSA_TRANSLATED_SIDS,
4398 &ett_lsa_trusted_domain_info,
4399 &ett_lsa_trust_attr,
4400 &ett_lsa_trusted_domain_auth_information,
4401 &ett_lsa_auth_information
4404 proto_dcerpc_lsa = proto_register_protocol(
4405 "Microsoft Local Security Architecture", "LSA", "lsa");
4407 proto_register_field_array (proto_dcerpc_lsa, hf, array_length (hf));
4408 proto_register_subtree_array(ett, array_length(ett));
4411 /* Protocol handoff */
4413 static e_uuid_t uuid_dcerpc_lsa = {
4414 0x12345778, 0x1234, 0xabcd,
4415 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
4418 static guint16 ver_dcerpc_lsa = 0;
4421 proto_reg_handoff_dcerpc_lsa(void)
4423 /* Register protocol as dcerpc */
4425 dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
4426 ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum);