2 * Routines for SMB \PIPE\lsarpc packet disassembly
3 * Copyright 2001,2003 Tim Potter <tpot@samba.org>
4 * 2002 Added LSA command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-lsa.c,v 1.88 2003/08/20 00:09:36 sharpe Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
37 #include "packet-dcerpc-lsa.h"
38 #include "packet-smb-common.h"
41 static int proto_dcerpc_lsa = -1;
43 static int hf_lsa_opnum = -1;
44 static int hf_lsa_rc = -1;
45 static int hf_lsa_hnd = -1;
46 static int hf_lsa_policy_information = -1;
47 static int hf_lsa_server = -1;
48 static int hf_lsa_controller = -1;
49 static int hf_lsa_obj_attr = -1;
50 static int hf_lsa_obj_attr_len = -1;
51 static int hf_lsa_obj_attr_name = -1;
52 static int hf_lsa_access_mask = -1;
53 static int hf_lsa_info_level = -1;
54 static int hf_lsa_trusted_info_level = -1;
55 static int hf_lsa_sd_size = -1;
56 static int hf_lsa_qos_len = -1;
57 static int hf_lsa_qos_impersonation_level = -1;
58 static int hf_lsa_qos_track_context = -1;
59 static int hf_lsa_qos_effective_only = -1;
60 static int hf_lsa_pali_percent_full = -1;
61 static int hf_lsa_pali_log_size = -1;
62 static int hf_lsa_pali_retention_period = -1;
63 static int hf_lsa_pali_time_to_shutdown = -1;
64 static int hf_lsa_pali_shutdown_in_progress = -1;
65 static int hf_lsa_pali_next_audit_record = -1;
66 static int hf_lsa_paei_enabled = -1;
67 static int hf_lsa_paei_settings = -1;
68 static int hf_lsa_count = -1;
69 static int hf_lsa_size = -1;
70 static int hf_lsa_size16 = -1;
71 static int hf_lsa_size_needed = -1;
72 static int hf_lsa_max_count = -1;
73 static int hf_lsa_index = -1;
74 static int hf_lsa_fqdomain = -1;
75 static int hf_lsa_domain = -1;
76 static int hf_lsa_domain_sid = -1;
77 static int hf_lsa_acct = -1;
78 static int hf_lsa_server_role = -1;
79 static int hf_lsa_source = -1;
80 static int hf_lsa_quota_paged_pool = -1;
81 static int hf_lsa_quota_non_paged_pool = -1;
82 static int hf_lsa_quota_min_wss = -1;
83 static int hf_lsa_quota_max_wss = -1;
84 static int hf_lsa_quota_pagefile = -1;
85 static int hf_lsa_mod_seq_no = -1;
86 static int hf_lsa_mod_mtime = -1;
87 static int hf_lsa_cur_mtime = -1;
88 static int hf_lsa_old_mtime = -1;
89 static int hf_lsa_name = -1;
90 static int hf_lsa_key = -1;
91 static int hf_lsa_flat_name = -1;
92 static int hf_lsa_forest = -1;
93 static int hf_lsa_info_type = -1;
94 static int hf_lsa_old_pwd = -1;
95 static int hf_lsa_new_pwd = -1;
96 static int hf_lsa_sid_type = -1;
97 static int hf_lsa_rid = -1;
98 static int hf_lsa_rid_offset = -1;
99 static int hf_lsa_num_mapped = -1;
100 static int hf_lsa_policy_information_class = -1;
101 static int hf_lsa_secret = -1;
102 static int hf_nt_luid_high = -1;
103 static int hf_nt_luid_low = -1;
104 static int hf_lsa_privilege_name = -1;
105 static int hf_lsa_attr = -1;
106 static int hf_lsa_resume_handle = -1;
107 static int hf_lsa_trust_direction = -1;
108 static int hf_lsa_trust_type = -1;
109 static int hf_lsa_trust_attr = -1;
110 static int hf_lsa_trust_attr_non_trans = -1;
111 static int hf_lsa_trust_attr_uplevel_only = -1;
112 static int hf_lsa_trust_attr_tree_parent = -1;
113 static int hf_lsa_trust_attr_tree_root = -1;
114 static int hf_lsa_auth_update = -1;
115 static int hf_lsa_auth_type = -1;
116 static int hf_lsa_auth_len = -1;
117 static int hf_lsa_auth_blob = -1;
118 static int hf_lsa_rights = -1;
119 static int hf_lsa_remove_all = -1;
121 static int hf_lsa_unknown_hyper = -1;
122 static int hf_lsa_unknown_long = -1;
123 static int hf_lsa_unknown_short = -1;
124 static int hf_lsa_unknown_char = -1;
125 static int hf_lsa_unknown_string = -1;
126 #ifdef LSA_UNUSED_HANDLES
127 static int hf_lsa_unknown_time = -1;
131 static gint ett_dcerpc_lsa = -1;
132 static gint ett_lsa_OBJECT_ATTRIBUTES = -1;
133 static gint ett_LSA_SECURITY_DESCRIPTOR = -1;
134 static gint ett_lsa_policy_info = -1;
135 static gint ett_lsa_policy_audit_log_info = -1;
136 static gint ett_lsa_policy_audit_events_info = -1;
137 static gint ett_lsa_policy_primary_domain_info = -1;
138 static gint ett_lsa_policy_primary_account_info = -1;
139 static gint ett_lsa_policy_server_role_info = -1;
140 static gint ett_lsa_policy_replica_source_info = -1;
141 static gint ett_lsa_policy_default_quota_info = -1;
142 static gint ett_lsa_policy_modification_info = -1;
143 static gint ett_lsa_policy_audit_full_set_info = -1;
144 static gint ett_lsa_policy_audit_full_query_info = -1;
145 static gint ett_lsa_policy_dns_domain_info = -1;
146 static gint ett_lsa_translated_names = -1;
147 static gint ett_lsa_translated_name = -1;
148 static gint ett_lsa_referenced_domain_list = -1;
149 static gint ett_lsa_trust_information = -1;
150 static gint ett_lsa_trust_information_ex = -1;
151 static gint ett_LUID = -1;
152 static gint ett_LSA_PRIVILEGES = -1;
153 static gint ett_LSA_PRIVILEGE = -1;
154 static gint ett_LSA_LUID_AND_ATTRIBUTES_ARRAY = -1;
155 static gint ett_LSA_LUID_AND_ATTRIBUTES = -1;
156 static gint ett_LSA_TRUSTED_DOMAIN_LIST = -1;
157 static gint ett_LSA_TRUSTED_DOMAIN = -1;
158 static gint ett_LSA_TRANSLATED_SIDS = -1;
159 static gint ett_lsa_trusted_domain_info = -1;
160 static gint ett_lsa_trust_attr = -1;
161 static gint ett_lsa_trusted_domain_auth_information = -1;
162 static gint ett_lsa_auth_information = -1;
166 lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
167 packet_info *pinfo, proto_tree *tree,
172 di=pinfo->private_data;
173 if(di->conformant_run){
174 /*just a run to handle conformant arrays, nothing to dissect */
178 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
185 lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
186 packet_info *pinfo, proto_tree *tree,
191 di=pinfo->private_data;
192 if(di->conformant_run){
193 /*just a run to handle conformant arrays, nothing to dissect */
197 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
203 lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
204 packet_info *pinfo, proto_tree *tree,
209 di=pinfo->private_data;
210 if(di->conformant_run){
211 /*just a run to handle conformant arrays, nothing to dissect */
215 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
216 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
217 "DOMAIN pointer: ", di->hf_index);
223 lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
224 packet_info *pinfo, proto_tree *tree,
229 di=pinfo->private_data;
230 if(di->conformant_run){
231 /*just a run to handle conformant arrays, nothing to dissect */
235 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
242 lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
243 packet_info *pinfo, proto_tree *tree,
249 di=pinfo->private_data;
250 if(di->conformant_run){
251 /*just a run to handle conformant arrays, nothing to dissect */
255 /* this is probably a varying and conformant array */
256 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
257 hf_lsa_sd_size, &len);
259 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
260 hf_lsa_sd_size, &len);
261 proto_tree_add_item(tree, hf_lsa_secret, tvb, offset, len, FALSE);
268 lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
269 packet_info *pinfo, proto_tree *parent_tree,
272 proto_item *item=NULL;
273 proto_tree *tree=NULL;
274 int old_offset=offset;
277 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
279 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
282 /* XXX need to figure this one out */
283 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
284 hf_lsa_sd_size, NULL);
285 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
286 hf_lsa_sd_size, NULL);
287 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
288 lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
289 "LSA_SECRET data: pointer", -1);
291 proto_item_set_len(item, offset-old_offset);
296 lsa_dissect_LSA_SECRET_pointer(tvbuff_t *tvb, int offset,
297 packet_info *pinfo, proto_tree *tree,
300 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
301 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
302 "LSA_SECRET pointer: data", -1);
307 /* Dissect LSA specific access rights */
309 static gint hf_view_local_info = -1;
310 static gint hf_view_audit_info = -1;
311 static gint hf_get_private_info = -1;
312 static gint hf_trust_admin = -1;
313 static gint hf_create_account = -1;
314 static gint hf_create_secret = -1;
315 static gint hf_create_priv = -1;
316 static gint hf_set_default_quota_limits = -1;
317 static gint hf_set_audit_requirements = -1;
318 static gint hf_server_admin = -1;
319 static gint hf_lookup_names = -1;
322 lsa_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree,
325 proto_tree_add_boolean(
326 tree, hf_lookup_names, tvb, offset, 4, access);
328 proto_tree_add_boolean(
329 tree, hf_server_admin, tvb, offset, 4, access);
331 proto_tree_add_boolean(
332 tree, hf_set_audit_requirements, tvb, offset, 4, access);
334 proto_tree_add_boolean(
335 tree, hf_set_default_quota_limits, tvb, offset, 4, access);
337 proto_tree_add_boolean(
338 tree, hf_create_priv, tvb, offset, 4, access);
340 proto_tree_add_boolean(
341 tree, hf_create_secret, tvb, offset, 4, access);
343 proto_tree_add_boolean(
344 tree, hf_create_account, tvb, offset, 4, access);
346 proto_tree_add_boolean(
347 tree, hf_trust_admin, tvb, offset, 4, access);
349 proto_tree_add_boolean(
350 tree, hf_get_private_info, tvb, offset, 4, access);
352 proto_tree_add_boolean(
353 tree, hf_view_audit_info, tvb, offset, 4, access);
355 proto_tree_add_boolean(
356 tree, hf_view_local_info, tvb, offset, 4, access);
359 struct access_mask_info lsa_access_mask_info = {
360 "LSA", /* Name of specific rights */
361 lsa_specific_rights, /* Dissection function */
362 NULL, /* Generic mapping table */
363 NULL /* Standard mapping table */
367 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
368 packet_info *pinfo, proto_tree *tree,
374 di=pinfo->private_data;
375 if(di->conformant_run){
376 /*just a run to handle conformant arrays, nothing to dissect */
380 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
381 hf_lsa_sd_size, &len);
384 tvb, offset, pinfo, tree, drep, len, &lsa_access_mask_info);
391 lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
392 packet_info *pinfo, proto_tree *parent_tree,
395 proto_item *item=NULL;
396 proto_tree *tree=NULL;
397 int old_offset=offset;
400 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
401 "LSA_SECURITY_DESCRIPTOR:");
402 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
405 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
406 hf_lsa_sd_size, NULL);
408 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
409 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
410 "LSA SECURITY DESCRIPTOR data:", -1);
412 proto_item_set_len(item, offset-old_offset);
417 lsa_dissect_LPSTR(tvbuff_t *tvb, int offset,
418 packet_info *pinfo, proto_tree *tree, char *drep)
420 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
421 hf_lsa_unknown_char, NULL);
426 static const value_string lsa_impersonation_level_vals[] = {
428 {1, "Identification"},
429 {2, "Impersonation"},
436 lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset,
437 packet_info *pinfo, proto_tree *tree, char *drep)
440 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
441 hf_lsa_qos_len, NULL);
443 /* impersonation level */
444 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
445 hf_lsa_qos_impersonation_level, NULL);
447 /* context tracking mode */
448 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
449 hf_lsa_qos_track_context, NULL);
452 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
453 hf_lsa_qos_effective_only, NULL);
459 lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
460 packet_info *pinfo, proto_tree *tree, char *drep)
462 offset = dissect_nt_access_mask(
463 tvb, offset, pinfo, tree, drep, hf_lsa_access_mask,
464 &lsa_access_mask_info);
470 lsa_dissect_LSA_OBJECT_ATTRIBUTES(tvbuff_t *tvb, int offset,
471 packet_info *pinfo, proto_tree *parent_tree, char *drep)
473 int old_offset=offset;
474 proto_item *item = NULL;
475 proto_tree *tree = NULL;
478 item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Object Attributes");
479 tree = proto_item_add_subtree(item, ett_lsa_OBJECT_ATTRIBUTES);
483 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
484 hf_lsa_obj_attr_len, NULL);
487 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
488 lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
489 "LSPTR pointer: ", -1);
492 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
493 lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
494 "NAME pointer: ", hf_lsa_obj_attr_name);
497 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
498 hf_lsa_obj_attr, NULL);
500 /* security descriptor */
501 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
502 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
503 "LSA_SECURITY_DESCRIPTOR pointer: ", -1);
505 /* security quality of service */
506 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
507 lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
508 "LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1);
510 proto_item_set_len(item, offset-old_offset);
515 lsa_dissect_lsaclose_rqst(tvbuff_t *tvb, int offset,
516 packet_info *pinfo, proto_tree *tree, char *drep)
518 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
519 hf_lsa_hnd, NULL, NULL, FALSE, TRUE);
525 lsa_dissect_lsaclose_reply(tvbuff_t *tvb, int offset,
526 packet_info *pinfo, proto_tree *tree, char *drep)
528 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
529 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
531 offset = dissect_ntstatus(
532 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
537 /* A bug in the NT IDL for lsa openpolicy only stores the first (wide)
538 character of the server name which is always '\'. This is fixed in lsa
539 openpolicy2 but the function remains for backwards compatibility. */
541 static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
543 proto_tree *tree, char *drep)
545 return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
546 hf_lsa_server, NULL);
550 lsa_dissect_lsaopenpolicy_rqst(tvbuff_t *tvb, int offset,
551 packet_info *pinfo, proto_tree *tree, char *drep)
553 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
554 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
555 "Server", hf_lsa_server);
557 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
558 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
559 "OBJECT_ATTRIBUTES", -1);
561 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
568 lsa_dissect_lsaopenpolicy_reply(tvbuff_t *tvb, int offset,
569 packet_info *pinfo, proto_tree *tree, char *drep)
571 e_ctx_hnd policy_hnd;
572 proto_item *hnd_item;
575 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
576 hf_lsa_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
578 offset = dissect_ntstatus(
579 tvb, offset, pinfo, tree, drep, hf_lsa_rc, &status);
582 dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
583 "OpenPolicy handle");
585 if (hnd_item != NULL)
586 proto_item_append_text(hnd_item, ": OpenPolicy handle");
593 lsa_dissect_lsaopenpolicy2_rqst(tvbuff_t *tvb, int offset,
594 packet_info *pinfo, proto_tree *tree, char *drep)
596 offset = dissect_ndr_pointer_cb(tvb, offset, pinfo, tree, drep,
597 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Server",
598 hf_lsa_server, cb_wstr_postprocess,
599 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
601 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
602 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
603 "OBJECT_ATTRIBUTES", -1);
605 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
613 lsa_dissect_lsaopenpolicy2_reply(tvbuff_t *tvb, int offset,
614 packet_info *pinfo, proto_tree *tree, char *drep)
616 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
617 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
618 e_ctx_hnd policy_hnd;
619 proto_item *hnd_item;
623 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
624 hf_lsa_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
626 offset = dissect_ntstatus(
627 tvb, offset, pinfo, tree, drep, hf_lsa_rc, &status);
630 if (dcv->private_data)
631 pol_name = g_strdup_printf(
632 "OpenPolicy2(%s)", (char *)dcv->private_data);
634 pol_name = g_strdup("OpenPolicy2 handle");
636 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
638 if (hnd_item != NULL)
639 proto_item_append_text(hnd_item, ": %s", pol_name);
647 static const value_string policy_information_class_vals[] = {
648 {1, "Audit Log Information"},
649 {2, "Audit Events Information"},
650 {3, "Primary Domain Information"},
651 {4, "Pd Account Information"},
652 {5, "Account Domain Information"},
653 {6, "Server Role Information"},
654 {7, "Replica Source Information"},
655 {8, "Default Quota Information"},
656 {9, "Modification Information"},
657 {10, "Audit Full Set Information"},
658 {11, "Audit Full Query Information"},
659 {12, "DNS Domain Information"},
664 lsa_dissect_lsaqueryinformationpolicy_rqst(tvbuff_t *tvb, int offset,
665 packet_info *pinfo, proto_tree *tree, char *drep)
669 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
670 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
672 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
673 hf_lsa_policy_information_class, &level);
675 if (check_col(pinfo->cinfo, COL_INFO))
677 pinfo->cinfo, COL_INFO, ", %s",
678 val_to_str(level, policy_information_class_vals,
685 lsa_dissect_POLICY_AUDIT_LOG_INFO(tvbuff_t *tvb, int offset,
686 packet_info *pinfo, proto_tree *parent_tree, char *drep)
688 proto_item *item=NULL;
689 proto_tree *tree=NULL;
690 int old_offset=offset;
693 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
694 "POLICY_AUDIT_LOG_INFO:");
695 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_log_info);
699 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
700 hf_lsa_pali_percent_full, NULL);
703 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
704 hf_lsa_pali_log_size, NULL);
706 /* retention period */
707 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
708 hf_lsa_pali_retention_period);
710 /* shutdown in progress */
711 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
712 hf_lsa_pali_shutdown_in_progress, NULL);
714 /* time to shutdown */
715 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
716 hf_lsa_pali_time_to_shutdown);
718 /* next audit record */
719 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
720 hf_lsa_pali_next_audit_record, NULL);
722 proto_item_set_len(item, offset-old_offset);
727 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings(tvbuff_t *tvb, int offset,
728 packet_info *pinfo, proto_tree *tree, char *drep)
730 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
731 hf_lsa_paei_settings, NULL);
736 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array(tvbuff_t *tvb, int offset,
737 packet_info *pinfo, proto_tree *tree, char *drep)
739 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
740 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings);
746 lsa_dissect_POLICY_AUDIT_EVENTS_INFO(tvbuff_t *tvb, int offset,
747 packet_info *pinfo, proto_tree *parent_tree, char *drep)
749 proto_item *item=NULL;
750 proto_tree *tree=NULL;
751 int old_offset=offset;
754 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
755 "POLICY_AUDIT_EVENTS_INFO:");
756 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_events_info);
760 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
761 hf_lsa_paei_enabled, NULL);
764 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
765 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array, NDR_POINTER_UNIQUE,
769 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
772 proto_item_set_len(item, offset-old_offset);
778 lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(tvbuff_t *tvb, int offset,
779 packet_info *pinfo, proto_tree *parent_tree, char *drep)
781 proto_item *item=NULL;
782 proto_tree *tree=NULL;
783 int old_offset=offset;
786 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
787 "POLICY_PRIMARY_DOMAIN_INFO:");
788 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_domain_info);
792 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
796 offset = dissect_ndr_nt_PSID(tvb, offset,
797 pinfo, tree, drep, hf_lsa_domain_sid);
799 proto_item_set_len(item, offset-old_offset);
805 lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(tvbuff_t *tvb, int offset,
806 packet_info *pinfo, proto_tree *parent_tree, char *drep)
808 proto_item *item=NULL;
809 proto_tree *tree=NULL;
810 int old_offset=offset;
813 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
814 "POLICY_ACCOUNT_DOMAIN_INFO:");
815 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_account_info);
819 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
823 offset = dissect_ndr_nt_PSID(tvb, offset,
824 pinfo, tree, drep, hf_lsa_domain_sid);
826 proto_item_set_len(item, offset-old_offset);
831 static const value_string server_role_vals[] = {
833 {1, "Domain Member"},
839 lsa_dissect_POLICY_SERVER_ROLE_INFO(tvbuff_t *tvb, int offset,
840 packet_info *pinfo, proto_tree *parent_tree, char *drep)
842 proto_item *item=NULL;
843 proto_tree *tree=NULL;
844 int old_offset=offset;
847 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
848 "POLICY_SERVER_ROLE_INFO:");
849 tree = proto_item_add_subtree(item, ett_lsa_policy_server_role_info);
853 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
854 hf_lsa_server_role, NULL);
856 proto_item_set_len(item, offset-old_offset);
861 lsa_dissect_POLICY_REPLICA_SOURCE_INFO(tvbuff_t *tvb, int offset,
862 packet_info *pinfo, proto_tree *parent_tree, char *drep)
864 proto_item *item=NULL;
865 proto_tree *tree=NULL;
866 int old_offset=offset;
869 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
870 "POLICY_REPLICA_SOURCE_INFO:");
871 tree = proto_item_add_subtree(item, ett_lsa_policy_replica_source_info);
875 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
879 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
882 proto_item_set_len(item, offset-old_offset);
888 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(tvbuff_t *tvb, int offset,
889 packet_info *pinfo, proto_tree *parent_tree, char *drep)
891 proto_item *item=NULL;
892 proto_tree *tree=NULL;
893 int old_offset=offset;
896 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
897 "POLICY_DEFAULT_QUOTA_INFO:");
898 tree = proto_item_add_subtree(item, ett_lsa_policy_default_quota_info);
902 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
903 hf_lsa_quota_paged_pool, NULL);
906 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
907 hf_lsa_quota_non_paged_pool, NULL);
910 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
911 hf_lsa_quota_min_wss, NULL);
914 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
915 hf_lsa_quota_max_wss, NULL);
918 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
919 hf_lsa_quota_pagefile, NULL);
922 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
923 hf_lsa_unknown_hyper, NULL);
925 proto_item_set_len(item, offset-old_offset);
931 lsa_dissect_POLICY_MODIFICATION_INFO(tvbuff_t *tvb, int offset,
932 packet_info *pinfo, proto_tree *parent_tree, char *drep)
934 proto_item *item=NULL;
935 proto_tree *tree=NULL;
936 int old_offset=offset;
939 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
940 "POLICY_MODIFICATION_INFO:");
941 tree = proto_item_add_subtree(item, ett_lsa_policy_modification_info);
945 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
946 hf_lsa_mod_seq_no, NULL);
949 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
952 proto_item_set_len(item, offset-old_offset);
958 lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(tvbuff_t *tvb, int offset,
959 packet_info *pinfo, proto_tree *parent_tree, char *drep)
961 proto_item *item=NULL;
962 proto_tree *tree=NULL;
963 int old_offset=offset;
966 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
967 "POLICY_AUDIT_FULL_SET_INFO:");
968 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_set_info);
972 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
973 hf_lsa_unknown_char, NULL);
975 proto_item_set_len(item, offset-old_offset);
981 lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(tvbuff_t *tvb, int offset,
982 packet_info *pinfo, proto_tree *parent_tree, char *drep)
984 proto_item *item=NULL;
985 proto_tree *tree=NULL;
986 int old_offset=offset;
989 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
990 "POLICY_AUDIT_FULL_QUERY_INFO:");
991 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_query_info);
995 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
996 hf_lsa_unknown_char, NULL);
999 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1000 hf_lsa_unknown_char, NULL);
1002 proto_item_set_len(item, offset-old_offset);
1008 lsa_dissect_POLICY_DNS_DOMAIN_INFO(tvbuff_t *tvb, int offset,
1009 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1011 proto_item *item=NULL;
1012 proto_tree *tree=NULL;
1013 int old_offset=offset;
1016 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1017 "POLICY_DNS_DOMAIN_INFO:");
1018 tree = proto_item_add_subtree(item, ett_lsa_policy_dns_domain_info);
1022 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1026 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1027 hf_lsa_fqdomain, 0);
1030 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1034 offset = dissect_nt_GUID(tvb, offset,
1038 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep, hf_lsa_domain_sid);
1040 proto_item_set_len(item, offset-old_offset);
1045 lsa_dissect_POLICY_INFORMATION(tvbuff_t *tvb, int offset,
1046 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1048 proto_item *item=NULL;
1049 proto_tree *tree=NULL;
1050 int old_offset=offset;
1054 item = proto_tree_add_item(parent_tree, hf_lsa_policy_information, tvb, offset, 0, FALSE);
1056 tree = proto_item_add_subtree(item, ett_lsa_policy_info);
1059 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1060 hf_lsa_info_level, &level);
1062 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
1065 offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
1066 tvb, offset, pinfo, tree, drep);
1069 offset = lsa_dissect_POLICY_AUDIT_EVENTS_INFO(
1070 tvb, offset, pinfo, tree, drep);
1073 offset = lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(
1074 tvb, offset, pinfo, tree, drep);
1077 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1078 tree, drep, hf_lsa_acct, 0);
1081 offset = lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(
1082 tvb, offset, pinfo, tree, drep);
1085 offset = lsa_dissect_POLICY_SERVER_ROLE_INFO(
1086 tvb, offset, pinfo, tree, drep);
1089 offset = lsa_dissect_POLICY_REPLICA_SOURCE_INFO(
1090 tvb, offset, pinfo, tree, drep);
1093 offset = lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(
1094 tvb, offset, pinfo, tree, drep);
1097 offset = lsa_dissect_POLICY_MODIFICATION_INFO(
1098 tvb, offset, pinfo, tree, drep);
1101 offset = lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(
1102 tvb, offset, pinfo, tree, drep);
1105 offset = lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(
1106 tvb, offset, pinfo, tree, drep);
1109 offset = lsa_dissect_POLICY_DNS_DOMAIN_INFO(
1110 tvb, offset, pinfo, tree, drep);
1114 proto_item_set_len(item, offset-old_offset);
1119 lsa_dissect_lsaqueryinformationpolicy_reply(tvbuff_t *tvb, int offset,
1120 packet_info *pinfo, proto_tree *tree, char *drep)
1122 /* This is really a pointer to a pointer though the first level is REF
1123 so we just ignore that one */
1124 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1125 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
1126 "POLICY_INFORMATION pointer: info", -1);
1128 offset = dissect_ntstatus(
1129 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1135 lsa_dissect_lsadelete_rqst(tvbuff_t *tvb, int offset,
1136 packet_info *pinfo, proto_tree *tree, char *drep)
1138 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1139 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1145 lsa_dissect_lsadelete_reply(tvbuff_t *tvb, int offset,
1146 packet_info *pinfo, proto_tree *tree, char *drep)
1148 offset = dissect_ntstatus(
1149 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1156 lsa_dissect_lsaquerysecurityobject_rqst(tvbuff_t *tvb, int offset,
1157 packet_info *pinfo, proto_tree *tree, char *drep)
1159 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1160 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1162 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1163 hf_lsa_info_type, NULL);
1170 lsa_dissect_lsaquerysecurityobject_reply(tvbuff_t *tvb, int offset,
1171 packet_info *pinfo, proto_tree *tree, char *drep)
1173 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1174 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
1175 "LSA_SECURITY_DESCRIPTOR pointer: sec_info", -1);
1177 offset = dissect_ntstatus(
1178 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1185 lsa_dissect_lsasetsecurityobject_rqst(tvbuff_t *tvb, int offset,
1186 packet_info *pinfo, proto_tree *tree, char *drep)
1188 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1189 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1191 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1192 hf_lsa_info_type, NULL);
1194 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1195 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
1196 "LSA_SECURITY_DESCRIPTOR: sec_info", -1);
1202 lsa_dissect_lsasetsecurityobject_reply(tvbuff_t *tvb, int offset,
1203 packet_info *pinfo, proto_tree *tree, char *drep)
1205 offset = dissect_ntstatus(
1206 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1213 lsa_dissect_lsachangepassword_rqst(tvbuff_t *tvb, int offset,
1214 packet_info *pinfo, proto_tree *tree, char *drep)
1217 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1221 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1225 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1229 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1233 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1240 lsa_dissect_lsachangepassword_reply(tvbuff_t *tvb, int offset,
1241 packet_info *pinfo, proto_tree *tree, char *drep)
1243 offset = dissect_ntstatus(
1244 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1249 static const value_string sid_type_vals[] = {
1254 {5, "Well Known Group"},
1255 {6, "Deleted Account"},
1262 lsa_dissect_LSA_TRANSLATED_NAME(tvbuff_t *tvb, int offset,
1263 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1265 proto_item *item=NULL;
1266 proto_tree *tree=NULL;
1267 int old_offset=offset;
1270 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1271 "LSA_TRANSLATED_NAME:");
1272 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
1276 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1277 hf_lsa_sid_type, NULL);
1280 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1284 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1285 hf_lsa_index, NULL);
1287 proto_item_set_len(item, offset-old_offset);
1292 lsa_dissect_LSA_TRANSLATED_NAME_array(tvbuff_t *tvb, int offset,
1293 packet_info *pinfo, proto_tree *tree, char *drep)
1295 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1296 lsa_dissect_LSA_TRANSLATED_NAME);
1302 lsa_dissect_LSA_TRANSLATED_NAMES(tvbuff_t *tvb, int offset,
1303 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1305 proto_item *item=NULL;
1306 proto_tree *tree=NULL;
1307 int old_offset=offset;
1310 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1311 "LSA_TRANSLATED_NAMES:");
1312 tree = proto_item_add_subtree(item, ett_lsa_translated_names);
1316 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1317 hf_lsa_count, NULL);
1320 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1321 lsa_dissect_LSA_TRANSLATED_NAME_array, NDR_POINTER_UNIQUE,
1322 "TRANSLATED_NAME_ARRAY", -1);
1324 proto_item_set_len(item, offset-old_offset);
1330 lsa_dissect_lsalookupsids_rqst(tvbuff_t *tvb, int offset,
1331 packet_info *pinfo, proto_tree *tree, char *drep)
1333 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1334 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1336 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1337 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
1340 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1341 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1342 "LSA_TRANSLATED_NAMES pointer: names", -1);
1344 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1345 hf_lsa_info_level, NULL);
1347 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1348 hf_lsa_num_mapped, NULL);
1354 lsa_dissect_LSA_TRUST_INFORMATION(tvbuff_t *tvb, int offset,
1355 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1357 proto_item *item=NULL;
1358 proto_tree *tree=NULL;
1359 int old_offset=offset;
1362 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1363 "TRUST INFORMATION:");
1364 tree = proto_item_add_subtree(item, ett_lsa_trust_information);
1368 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1372 offset = dissect_ndr_nt_PSID(tvb, offset,
1373 pinfo, tree, drep, -1);
1375 proto_item_set_len(item, offset-old_offset);
1379 static const value_string trusted_direction_vals[] = {
1380 {0, "Trust disabled"},
1381 {1, "Inbound trust"},
1382 {2, "Outbound trust"},
1386 static const value_string trusted_type_vals[] = {
1394 static const true_false_string tfs_trust_attr_non_trans = {
1395 "NON TRANSITIVE is set",
1396 "Non transitive is NOT set"
1398 static const true_false_string tfs_trust_attr_uplevel_only = {
1399 "UPLEVEL ONLY is set",
1400 "Uplevel only is NOT set"
1402 static const true_false_string tfs_trust_attr_tree_parent = {
1403 "TREE PARENT is set",
1404 "Tree parent is NOT set"
1406 static const true_false_string tfs_trust_attr_tree_root = {
1408 "Tree root is NOT set"
1411 lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
1412 proto_tree *parent_tree, char *drep)
1415 proto_item *item = NULL;
1416 proto_tree *tree = NULL;
1418 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
1419 hf_lsa_trust_attr, &mask);
1422 item = proto_tree_add_uint(parent_tree, hf_lsa_trust_attr,
1423 tvb, offset-4, 4, mask);
1424 tree = proto_item_add_subtree(item, ett_lsa_trust_attr);
1427 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_root,
1428 tvb, offset-4, 4, mask);
1429 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_parent,
1430 tvb, offset-4, 4, mask);
1431 proto_tree_add_boolean(tree, hf_lsa_trust_attr_uplevel_only,
1432 tvb, offset-4, 4, mask);
1433 proto_tree_add_boolean(tree, hf_lsa_trust_attr_non_trans,
1434 tvb, offset-4, 4, mask);
1440 lsa_dissect_LSA_TRUST_INFORMATION_EX(tvbuff_t *tvb, int offset,
1441 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1443 proto_item *item=NULL;
1444 proto_tree *tree=NULL;
1445 int old_offset=offset;
1448 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1449 "TRUST INFORMATION EX:");
1450 tree = proto_item_add_subtree(item, ett_lsa_trust_information_ex);
1454 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1458 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1459 hf_lsa_flat_name, 0);
1462 offset = dissect_ndr_nt_PSID(tvb, offset,
1463 pinfo, tree, drep, -1);
1466 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1467 hf_lsa_trust_direction, NULL);
1470 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1471 hf_lsa_trust_type, NULL);
1474 offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
1476 proto_item_set_len(item, offset-old_offset);
1481 lsa_dissect_auth_info_blob(tvbuff_t *tvb, int offset,
1482 packet_info *pinfo, proto_tree *tree, char *drep)
1487 di=pinfo->private_data;
1488 if(di->conformant_run){
1489 /*just a run to handle conformant arrays, nothing to dissect */
1494 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1495 hf_lsa_auth_len, &len);
1497 proto_tree_add_item(tree, hf_lsa_auth_blob, tvb, offset, len, FALSE);
1504 lsa_dissect_auth_info(tvbuff_t *tvb, int offset,
1505 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1507 proto_item *item=NULL;
1508 proto_tree *tree=NULL;
1509 int old_offset=offset;
1512 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1513 "AUTH INFORMATION:");
1514 tree = proto_item_add_subtree(item, ett_lsa_auth_information);
1518 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1519 hf_lsa_auth_update, NULL);
1522 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1523 hf_lsa_auth_type, NULL);
1526 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1527 hf_lsa_auth_len, NULL);
1529 /* auth info blob */
1530 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1531 lsa_dissect_auth_info_blob, NDR_POINTER_UNIQUE,
1532 "AUTH INFO blob:", -1);
1534 proto_item_set_len(item, offset-old_offset);
1539 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvbuff_t *tvb, int offset,
1540 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1542 proto_item *item=NULL;
1543 proto_tree *tree=NULL;
1544 int old_offset=offset;
1547 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1548 "TRUSTED DOMAIN AUTH INFORMATION:");
1549 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_auth_information);
1553 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1554 hf_lsa_unknown_long, NULL);
1557 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1560 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1563 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1564 hf_lsa_unknown_long, NULL);
1567 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1570 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1572 proto_item_set_len(item, offset-old_offset);
1578 lsa_dissect_LSA_TRUST_INFORMATION_array(tvbuff_t *tvb, int offset,
1579 packet_info *pinfo, proto_tree *tree, char *drep)
1581 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1582 lsa_dissect_LSA_TRUST_INFORMATION);
1588 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
1589 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1591 proto_item *item=NULL;
1592 proto_tree *tree=NULL;
1593 int old_offset=offset;
1596 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1597 "LSA_REFERENCED_DOMAIN_LIST:");
1598 tree = proto_item_add_subtree(item, ett_lsa_referenced_domain_list);
1602 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1603 hf_lsa_count, NULL);
1605 /* trust information */
1606 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1607 lsa_dissect_LSA_TRUST_INFORMATION_array, NDR_POINTER_UNIQUE,
1608 "TRUST INFORMATION array:", -1);
1611 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1612 hf_lsa_max_count, NULL);
1614 proto_item_set_len(item, offset-old_offset);
1619 lsa_dissect_lsalookupsids_reply(tvbuff_t *tvb, int offset,
1620 packet_info *pinfo, proto_tree *tree, char *drep)
1622 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1623 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
1624 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
1626 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1627 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1628 "LSA_TRANSLATED_NAMES pointer: names", -1);
1630 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1631 hf_lsa_num_mapped, NULL);
1633 offset = dissect_ntstatus(
1634 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1641 lsa_dissect_lsasetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1642 packet_info *pinfo, proto_tree *tree, char *drep)
1644 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1645 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1647 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1648 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1649 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1656 lsa_dissect_lsasetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1657 packet_info *pinfo, proto_tree *tree, char *drep)
1659 offset = dissect_ntstatus(
1660 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1667 lsa_dissect_lsagetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1668 packet_info *pinfo, proto_tree *tree, char *drep)
1670 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1671 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1678 lsa_dissect_lsagetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1679 packet_info *pinfo, proto_tree *tree, char *drep)
1681 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1682 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1683 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1685 offset = dissect_ntstatus(
1686 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1693 lsa_dissect_lsasetinformationpolicy_rqst(tvbuff_t *tvb, int offset,
1694 packet_info *pinfo, proto_tree *tree, char *drep)
1696 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1697 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1699 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1700 hf_lsa_policy_information_class, NULL);
1702 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1703 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
1704 "POLICY_INFORMATION pointer: info", -1);
1711 lsa_dissect_lsasetinformationpolicy_reply(tvbuff_t *tvb, int offset,
1712 packet_info *pinfo, proto_tree *tree, char *drep)
1714 offset = dissect_ntstatus(
1715 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1722 lsa_dissect_lsaclearauditlog_rqst(tvbuff_t *tvb, int offset,
1723 packet_info *pinfo, proto_tree *tree, char *drep)
1725 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1726 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1728 offset = dissect_ndr_nt_SID(tvb, offset,
1729 pinfo, tree, drep, -1);
1732 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1733 hf_lsa_unknown_long, NULL);
1740 lsa_dissect_lsaclearauditlog_reply(tvbuff_t *tvb, int offset,
1741 packet_info *pinfo, proto_tree *tree, char *drep)
1743 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1744 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1746 offset = dissect_ntstatus(
1747 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1753 lsa_dissect_lsagetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1754 packet_info *pinfo, proto_tree *tree, char *drep)
1756 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1757 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1764 lsa_dissect_lsagetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1765 packet_info *pinfo, proto_tree *tree, char *drep)
1767 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1770 offset = dissect_ntstatus(
1771 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1778 lsa_dissect_lsasetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1779 packet_info *pinfo, proto_tree *tree, char *drep)
1781 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1782 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1784 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1792 lsa_dissect_lsasetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1793 packet_info *pinfo, proto_tree *tree, char *drep)
1795 offset = dissect_ntstatus(
1796 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1803 lsa_dissect_lsaopentrusteddomain_rqst(tvbuff_t *tvb, int offset,
1804 packet_info *pinfo, proto_tree *tree, char *drep)
1806 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1807 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1809 offset = dissect_ndr_nt_SID(tvb, offset,
1810 pinfo, tree, drep, -1);
1812 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
1820 lsa_dissect_lsaopentrusteddomain_reply(tvbuff_t *tvb, int offset,
1821 packet_info *pinfo, proto_tree *tree, char *drep)
1823 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1824 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1826 offset = dissect_ntstatus(
1827 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1834 lsa_dissect_lsadeletetrusteddomain_rqst(tvbuff_t *tvb, int offset,
1835 packet_info *pinfo, proto_tree *tree, char *drep)
1837 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1838 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1840 offset = dissect_ndr_nt_SID(tvb, offset,
1841 pinfo, tree, drep, -1);
1848 lsa_dissect_lsadeletetrusteddomain_reply(tvbuff_t *tvb, int offset,
1849 packet_info *pinfo, proto_tree *tree, char *drep)
1851 offset = dissect_ntstatus(
1852 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1858 dissect_nt_LUID(tvbuff_t *tvb, int offset,
1859 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1861 proto_item *item=NULL;
1862 proto_tree *tree=NULL;
1863 int old_offset=offset;
1866 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1868 tree = proto_item_add_subtree(item, ett_LUID);
1871 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1872 hf_nt_luid_low, NULL);
1874 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1875 hf_nt_luid_high, NULL);
1877 proto_item_set_len(item, offset-old_offset);
1882 lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset,
1883 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1885 proto_item *item=NULL;
1886 proto_tree *tree=NULL;
1887 int old_offset=offset;
1890 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1892 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
1895 /* privilege name */
1896 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1897 hf_lsa_privilege_name, 0);
1900 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1902 proto_item_set_len(item, offset-old_offset);
1907 lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset,
1908 packet_info *pinfo, proto_tree *tree, char *drep)
1910 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1911 lsa_dissect_LSA_PRIVILEGE);
1917 lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset,
1918 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1920 proto_item *item=NULL;
1921 proto_tree *tree=NULL;
1922 int old_offset=offset;
1925 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1927 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES);
1930 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1931 hf_lsa_count, NULL);
1934 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1935 lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE,
1936 "LSA_PRIVILEGE array:", -1);
1938 proto_item_set_len(item, offset-old_offset);
1943 lsa_dissect_lsaenumerateprivileges_rqst(tvbuff_t *tvb, int offset,
1944 packet_info *pinfo, proto_tree *tree, char *drep)
1946 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1947 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1949 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1950 hf_lsa_count, NULL);
1952 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1959 lsa_dissect_lsaenumerateprivileges_reply(tvbuff_t *tvb, int offset,
1960 packet_info *pinfo, proto_tree *tree, char *drep)
1962 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1963 hf_lsa_count, NULL);
1965 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1966 lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF,
1967 "LSA_PRIVILEGES pointer: privs", -1);
1969 offset = dissect_ntstatus(
1970 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1976 lsa_dissect_lsalookupprivilegevalue_rqst(tvbuff_t *tvb, int offset,
1977 packet_info *pinfo, proto_tree *tree, char *drep)
1979 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1980 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1982 /* privilege name */
1983 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1984 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1985 "NAME pointer: ", hf_lsa_privilege_name);
1992 lsa_dissect_lsalookupprivilegevalue_reply(tvbuff_t *tvb, int offset,
1993 packet_info *pinfo, proto_tree *tree, char *drep)
1997 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1999 offset = dissect_ntstatus(
2000 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2007 lsa_dissect_lsalookupprivilegename_rqst(tvbuff_t *tvb, int offset,
2008 packet_info *pinfo, proto_tree *tree, char *drep)
2010 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2011 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2014 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2015 dissect_nt_LUID, NDR_POINTER_REF,
2016 "LUID pointer: value", -1);
2023 lsa_dissect_lsalookupprivilegename_reply(tvbuff_t *tvb, int offset,
2024 packet_info *pinfo, proto_tree *tree, char *drep)
2026 /* [out, ref] LSA_UNICODE_STRING **name */
2027 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2028 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2029 "PRIVILEGE NAME pointer:", hf_lsa_privilege_name);
2031 offset = dissect_ntstatus(
2032 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2039 lsa_dissect_lsaenumerateprivilegesaccount_rqst(tvbuff_t *tvb, int offset,
2040 packet_info *pinfo, proto_tree *tree, char *drep)
2042 /* [in] LSA_HANDLE hnd */
2043 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2044 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2051 lsa_dissect_LUID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
2052 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2054 proto_item *item=NULL;
2055 proto_tree *tree=NULL;
2056 int old_offset=offset;
2059 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2060 "LUID_AND_ATTRIBUTES:");
2061 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES);
2065 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
2068 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2071 proto_item_set_len(item, offset-old_offset);
2076 lsa_dissect_LUID_AND_ATTRIBUTES_array(tvbuff_t *tvb, int offset,
2077 packet_info *pinfo, proto_tree *tree, char *drep)
2079 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2080 lsa_dissect_LUID_AND_ATTRIBUTES);
2086 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2087 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2089 proto_item *item=NULL;
2090 proto_tree *tree=NULL;
2091 int old_offset=offset;
2094 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2095 "LUID_AND_ATTRIBUTES_ARRAY:");
2096 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES_ARRAY);
2099 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2100 hf_lsa_count, NULL);
2102 /* luid and attributes */
2103 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2104 lsa_dissect_LUID_AND_ATTRIBUTES_array, NDR_POINTER_UNIQUE,
2105 "LUID_AND_ATTRIBUTES array:", -1);
2107 proto_item_set_len(item, offset-old_offset);
2112 lsa_dissect_lsaenumerateprivilegesaccount_reply(tvbuff_t *tvb, int offset,
2113 packet_info *pinfo, proto_tree *tree, char *drep)
2115 /* [out, ref] LUID_AND_ATTRIBUTES_ARRAY * *privs */
2116 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2117 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2118 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2120 offset = dissect_ntstatus(
2121 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2127 lsa_dissect_lsaaddprivilegestoaccount_rqst(tvbuff_t *tvb, int offset,
2128 packet_info *pinfo, proto_tree *tree, char *drep)
2130 /* [in] LSA_HANDLE hnd */
2131 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2132 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2134 /* [in, ref] LUID_AND_ATTRIBUTES_ARRAY *privs */
2135 offset = lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvb, offset,
2143 lsa_dissect_lsaaddprivilegestoaccount_reply(tvbuff_t *tvb, int offset,
2144 packet_info *pinfo, proto_tree *tree, char *drep)
2146 offset = dissect_ntstatus(
2147 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2153 lsa_dissect_lsaremoveprivilegesfromaccount_rqst(tvbuff_t *tvb, int offset,
2154 packet_info *pinfo, proto_tree *tree, char *drep)
2156 /* [in] LSA_HANDLE hnd */
2157 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2158 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2160 /* [in] char unknown */
2161 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2162 hf_lsa_unknown_char, NULL);
2164 /* [in, unique] LUID_AND_ATTRIBUTES_ARRAY *privs */
2165 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2166 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2167 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2174 lsa_dissect_lsaremoveprivilegesfromaccount_reply(tvbuff_t *tvb, int offset,
2175 packet_info *pinfo, proto_tree *tree, char *drep)
2177 offset = dissect_ntstatus(
2178 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2184 lsa_dissect_lsaenumerateaccounts_rqst(tvbuff_t *tvb, int offset,
2185 packet_info *pinfo, proto_tree *tree, char *drep)
2187 /* [in] LSA_HANDLE hnd */
2188 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2189 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2191 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2192 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2193 hf_lsa_resume_handle, NULL);
2195 /* [in] ULONG pref_maxlen */
2196 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2197 hf_lsa_max_count, NULL);
2203 lsa_dissect_lsaenumerateaccounts_reply(tvbuff_t *tvb, int offset,
2204 packet_info *pinfo, proto_tree *tree, char *drep)
2206 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2207 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2208 hf_lsa_resume_handle, NULL);
2210 /* [out, ref] PSID_ARRAY **accounts */
2211 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2212 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2215 offset = dissect_ntstatus(
2216 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2222 lsa_dissect_lsacreatetrusteddomain_rqst(tvbuff_t *tvb, int offset,
2223 packet_info *pinfo, proto_tree *tree, char *drep)
2225 /* [in] LSA_HANDLE hnd_pol */
2226 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2227 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2229 /* [in, ref] LSA_TRUST_INFORMATION *domain */
2230 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2231 lsa_dissect_LSA_TRUST_INFORMATION, NDR_POINTER_REF,
2232 "LSA_TRUST_INFORMATION pointer: domain", -1);
2234 /* [in] ACCESS_MASK access */
2235 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2242 lsa_dissect_lsacreatetrusteddomain_reply(tvbuff_t *tvb, int offset,
2243 packet_info *pinfo, proto_tree *tree, char *drep)
2245 /* [out] LSA_HANDLE *hnd */
2246 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2247 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2249 offset = dissect_ntstatus(
2250 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2256 lsa_dissect_lsaenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
2257 packet_info *pinfo, proto_tree *tree, char *drep)
2259 /* [in] LSA_HANDLE hnd */
2260 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2261 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2263 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2264 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2265 hf_lsa_resume_handle, NULL);
2267 /* [in] ULONG pref_maxlen */
2268 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2269 hf_lsa_max_count, NULL);
2275 lsa_dissect_LSA_TRUSTED_DOMAIN(tvbuff_t *tvb, int offset,
2276 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2278 proto_item *item=NULL;
2279 proto_tree *tree=NULL;
2280 int old_offset=offset;
2283 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2285 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN);
2289 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2293 offset = dissect_ndr_nt_PSID(tvb, offset,
2294 pinfo, tree, drep, -1);
2296 proto_item_set_len(item, offset-old_offset);
2301 lsa_dissect_LSA_TRUSTED_DOMAIN_array(tvbuff_t *tvb, int offset,
2302 packet_info *pinfo, proto_tree *tree, char *drep)
2304 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2305 lsa_dissect_LSA_TRUSTED_DOMAIN);
2311 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
2312 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2314 proto_item *item=NULL;
2315 proto_tree *tree=NULL;
2316 int old_offset=offset;
2319 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2320 "TRUSTED_DOMAIN_LIST:");
2321 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN_LIST);
2324 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2325 hf_lsa_count, NULL);
2328 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2329 lsa_dissect_LSA_TRUSTED_DOMAIN_array, NDR_POINTER_UNIQUE,
2330 "TRUSTED_DOMAIN array:", -1);
2332 proto_item_set_len(item, offset-old_offset);
2337 lsa_dissect_lsaenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
2338 packet_info *pinfo, proto_tree *tree, char *drep)
2340 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2341 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2342 hf_lsa_resume_handle, NULL);
2344 /* [out, ref] LSA_REFERENCED_DOMAIN_LIST *domains */
2345 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2346 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST, NDR_POINTER_REF,
2347 "LSA_TRUSTED_DOMAIN_LIST pointer: domains", -1);
2349 offset = dissect_ntstatus(
2350 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2357 lsa_dissect_LSA_UNICODE_STRING_item(tvbuff_t *tvb, int offset,
2358 packet_info *pinfo, proto_tree *tree, char *drep)
2362 di=pinfo->private_data;
2363 if(di->conformant_run){
2364 /*just a run to handle conformant arrays, nothing to dissect */
2368 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2375 lsa_dissect_LSA_UNICODE_STRING_array(tvbuff_t *tvb, int offset,
2376 packet_info *pinfo, proto_tree *tree, char *drep)
2378 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2379 lsa_dissect_LSA_UNICODE_STRING_item);
2385 lsa_dissect_LSA_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
2386 packet_info *pinfo, proto_tree *tree, char *drep)
2390 di=pinfo->private_data;
2392 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2393 hf_lsa_count, NULL);
2394 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2395 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2396 "UNICODE_STRING pointer: ", di->hf_index);
2402 lsa_dissect_LSA_TRANSLATED_SID(tvbuff_t *tvb, int offset,
2403 packet_info *pinfo, proto_tree *tree, char *drep)
2406 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2407 hf_lsa_sid_type, NULL);
2409 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2412 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2413 hf_lsa_index, NULL);
2419 lsa_dissect_LSA_TRANSLATED_SIDS_array(tvbuff_t *tvb, int offset,
2420 packet_info *pinfo, proto_tree *tree, char *drep)
2422 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2423 lsa_dissect_LSA_TRANSLATED_SID);
2429 lsa_dissect_LSA_TRANSLATED_SIDS(tvbuff_t *tvb, int offset,
2430 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2432 proto_item *item=NULL;
2433 proto_tree *tree=NULL;
2434 int old_offset=offset;
2437 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2438 "LSA_TRANSLATED_SIDS:");
2439 tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
2443 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2444 hf_lsa_count, NULL);
2447 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2448 lsa_dissect_LSA_TRANSLATED_SIDS_array, NDR_POINTER_UNIQUE,
2449 "Translated SIDS", -1);
2451 proto_item_set_len(item, offset-old_offset);
2456 lsa_dissect_lsalookupnames_rqst(tvbuff_t *tvb, int offset,
2457 packet_info *pinfo, proto_tree *tree, char *drep)
2459 /* [in] LSA_HANDLE hnd */
2460 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2461 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2463 /* [in] ULONG count */
2464 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2465 hf_lsa_count, NULL);
2467 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
2468 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2469 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
2470 "Account pointer: names", hf_lsa_acct);
2472 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2473 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2474 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2475 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2477 /* [in] USHORT level */
2478 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2479 hf_lsa_info_level, NULL);
2481 /* [in, out, ref] ULONG *num_mapped */
2482 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2483 hf_lsa_num_mapped, NULL);
2490 lsa_dissect_lsalookupnames_reply(tvbuff_t *tvb, int offset,
2491 packet_info *pinfo, proto_tree *tree, char *drep)
2493 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
2494 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2495 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
2496 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
2498 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2499 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2500 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2501 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2503 /* [in, out, ref] ULONG *num_mapped */
2504 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2505 hf_lsa_num_mapped, NULL);
2507 offset = dissect_ntstatus(
2508 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2514 lsa_dissect_lsacreatesecret_rqst(tvbuff_t *tvb, int offset,
2515 packet_info *pinfo, proto_tree *tree, char *drep)
2517 /* [in] LSA_HANDLE hnd_pol */
2518 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2519 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2521 /* [in, ref] LSA_UNICODE_STRING *name */
2522 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2525 /* [in] ACCESS_MASK access */
2526 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2533 lsa_dissect_lsacreatesecret_reply(tvbuff_t *tvb, int offset,
2534 packet_info *pinfo, proto_tree *tree, char *drep)
2537 /* [out] LSA_HANDLE *hnd */
2538 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2539 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2541 offset = dissect_ntstatus(
2542 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2548 lsa_dissect_lsaopenaccount_rqst(tvbuff_t *tvb, int offset,
2549 packet_info *pinfo, proto_tree *tree, char *drep)
2551 /* [in] LSA_HANDLE hnd_pol */
2552 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2553 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2555 /* [in, ref] SID *account */
2556 offset = dissect_ndr_nt_SID(tvb, offset,
2557 pinfo, tree, drep, -1);
2559 /* [in] ACCESS_MASK access */
2560 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2568 lsa_dissect_lsaopenaccount_reply(tvbuff_t *tvb, int offset,
2569 packet_info *pinfo, proto_tree *tree, char *drep)
2571 /* [out] LSA_HANDLE *hnd */
2572 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2573 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2575 offset = dissect_ntstatus(
2576 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2581 static const value_string trusted_info_level_vals[] = {
2582 {1, "Domain Name Information"},
2583 {2, "Controllers Information"},
2584 {3, "Posix Offset Information"},
2585 {4, "Password Information"},
2586 {5, "Domain Information Basic"},
2587 {6, "Domain Information Ex"},
2588 {7, "Domain Auth Information"},
2589 {8, "Domain Full Information"},
2590 {9, "Domain Security Descriptor"},
2591 {10, "Domain Private Information"},
2596 lsa_dissect_TRUSTED_DOMAIN_INFORMATION(tvbuff_t *tvb, int offset,
2597 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2599 proto_item *item=NULL;
2600 proto_tree *tree=NULL;
2601 int old_offset=offset;
2605 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2606 "TRUSTED_DOMAIN_INFO:");
2607 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_info);
2610 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2611 hf_lsa_trusted_info_level, &level);
2613 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2616 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2620 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2621 hf_lsa_count, NULL);
2622 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2623 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2624 "Controllers pointer: ", hf_lsa_controller);
2627 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2628 hf_lsa_rid_offset, NULL);
2631 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2632 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2635 offset = lsa_dissect_LSA_TRUST_INFORMATION(tvb, offset,
2639 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2643 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2646 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2648 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2649 hf_lsa_rid_offset, NULL);
2650 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2653 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2656 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2658 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2659 hf_lsa_rid_offset, NULL);
2660 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2664 proto_item_set_len(item, offset-old_offset);
2669 lsa_dissect_lsaqueryinfotrusteddomain_rqst(tvbuff_t *tvb, int offset,
2670 packet_info *pinfo, proto_tree *tree, char *drep)
2672 /* [in] LSA_HANDLE hnd */
2673 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2674 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2676 /* [in] TRUSTED_INFORMATION_CLASS level */
2677 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2678 hf_lsa_trusted_info_level, NULL);
2685 lsa_dissect_lsaqueryinfotrusteddomain_reply(tvbuff_t *tvb, int offset,
2686 packet_info *pinfo, proto_tree *tree, char *drep)
2688 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info */
2689 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2690 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2691 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2693 offset = dissect_ntstatus(
2694 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2700 lsa_dissect_lsasetinformationtrusteddomain_rqst(tvbuff_t *tvb, int offset,
2701 packet_info *pinfo, proto_tree *tree, char *drep)
2703 /* [in] LSA_HANDLE hnd */
2704 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2705 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2707 /* [in] TRUSTED_INFORMATION_CLASS level */
2708 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2709 hf_lsa_trusted_info_level, NULL);
2711 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info */
2712 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2713 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2714 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2721 lsa_dissect_lsasetinformationtrusteddomain_reply(tvbuff_t *tvb, int offset,
2722 packet_info *pinfo, proto_tree *tree, char *drep)
2724 offset = dissect_ntstatus(
2725 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2731 lsa_dissect_lsaopensecret_rqst(tvbuff_t *tvb, int offset,
2732 packet_info *pinfo, proto_tree *tree, char *drep)
2734 /* [in] LSA_HANDLE hnd_pol */
2735 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2736 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2738 /* [in, ref] LSA_UNICODE_STRING *name */
2739 offset = dissect_ndr_counted_string_cb(
2740 tvb, offset, pinfo, tree, drep, hf_lsa_name,
2741 cb_wstr_postprocess,
2742 GINT_TO_POINTER(CB_STR_COL_INFO | 1));
2744 /* [in] ACCESS_MASK access */
2745 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2753 lsa_dissect_lsaopensecret_reply(tvbuff_t *tvb, int offset,
2754 packet_info *pinfo, proto_tree *tree, char *drep)
2756 /* [out] LSA_HANDLE *hnd */
2757 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2758 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2760 offset = dissect_ntstatus(
2761 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2767 lsa_dissect_lsasetsecret_rqst(tvbuff_t *tvb, int offset,
2768 packet_info *pinfo, proto_tree *tree, char *drep)
2770 /* [in] LSA_HANDLE hnd */
2771 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2772 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2774 /* [in, unique] LSA_SECRET *new_val */
2775 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2776 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2777 "LSA_SECRET pointer: new_val", -1);
2779 /* [in, unique] LSA_SECRET *old_val */
2780 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2781 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2782 "LSA_SECRET pointer: old_val", -1);
2789 lsa_dissect_lsasetsecret_reply(tvbuff_t *tvb, int offset,
2790 packet_info *pinfo, proto_tree *tree, char *drep)
2792 offset = dissect_ntstatus(
2793 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2799 lsa_dissect_lsaquerysecret_rqst(tvbuff_t *tvb, int offset,
2800 packet_info *pinfo, proto_tree *tree, char *drep)
2802 /* [in] LSA_HANDLE hnd */
2803 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2804 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2806 /* [in, out, unique] LSA_SECRET **curr_val */
2807 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2808 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2809 "LSA_SECRET pointer: curr_val", -1);
2811 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2812 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2813 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2814 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2816 /* [in, out, unique] LSA_SECRET **old_val */
2817 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2818 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2819 "LSA_SECRET pointer: old_val", -1);
2821 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2822 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2823 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2824 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2831 lsa_dissect_lsaquerysecret_reply(tvbuff_t *tvb, int offset,
2832 packet_info *pinfo, proto_tree *tree, char *drep)
2834 /* [in, out, unique] LSA_SECRET **curr_val */
2835 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2836 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2837 "LSA_SECRET pointer: curr_val", -1);
2839 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2840 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2841 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2842 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2844 /* [in, out, unique] LSA_SECRET **old_val */
2845 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2846 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2847 "LSA_SECRET pointer: old_val", -1);
2849 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2850 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2851 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2852 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2854 offset = dissect_ntstatus(
2855 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2861 lsa_dissect_lsadeleteobject_rqst(tvbuff_t *tvb, int offset,
2862 packet_info *pinfo, proto_tree *tree, char *drep)
2864 /* [in] LSA_HANDLE hnd */
2865 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2866 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2873 lsa_dissect_lsadeleteobject_reply(tvbuff_t *tvb, int offset,
2874 packet_info *pinfo, proto_tree *tree, char *drep)
2876 offset = dissect_ntstatus(
2877 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2883 lsa_dissect_lsaenumerateaccountswithuserright_rqst(tvbuff_t *tvb, int offset,
2884 packet_info *pinfo, proto_tree *tree, char *drep)
2886 /* [in] LSA_HANDLE hnd */
2887 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2888 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2890 /* [in, unique] LSA_UNICODE_STRING *rights */
2891 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2892 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2893 "LSA_UNICODE_STRING pointer: rights", hf_lsa_rights);
2899 lsa_dissect_lsaenumerateaccountswithuserright_reply(tvbuff_t *tvb, int offset,
2900 packet_info *pinfo, proto_tree *tree, char *drep)
2902 /* [out, ref] LSA_UNICODE_STRING_ARRAY *accounts */
2903 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2904 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2905 "Account pointer: names", hf_lsa_acct);
2907 offset = dissect_ntstatus(
2908 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2914 lsa_dissect_lsaenumerateaccountrights_rqst(tvbuff_t *tvb, int offset,
2915 packet_info *pinfo, proto_tree *tree, char *drep)
2917 /* [in] LSA_HANDLE hnd */
2918 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2919 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2921 /* [in, ref] SID *account */
2922 offset = dissect_ndr_nt_SID(tvb, offset,
2923 pinfo, tree, drep, -1);
2930 lsa_dissect_lsaenumerateaccountrights_reply(tvbuff_t *tvb, int offset,
2931 packet_info *pinfo, proto_tree *tree, char *drep)
2933 /* [out, ref] LSA_UNICODE_STRING_ARRAY *rights */
2934 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2935 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2936 "Account pointer: rights", hf_lsa_rights);
2938 offset = dissect_ntstatus(
2939 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2945 lsa_dissect_lsaaddaccountrights_rqst(tvbuff_t *tvb, int offset,
2946 packet_info *pinfo, proto_tree *tree, char *drep)
2948 /* [in] LSA_HANDLE hnd */
2949 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2950 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2952 /* [in, ref] SID *account */
2953 offset = dissect_ndr_nt_SID(tvb, offset,
2954 pinfo, tree, drep, -1);
2956 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2957 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2958 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2959 "Account pointer: rights", hf_lsa_rights);
2966 lsa_dissect_lsaaddaccountrights_reply(tvbuff_t *tvb, int offset,
2967 packet_info *pinfo, proto_tree *tree, char *drep)
2969 offset = dissect_ntstatus(
2970 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2976 lsa_dissect_lsaremoveaccountrights_rqst(tvbuff_t *tvb, int offset,
2977 packet_info *pinfo, proto_tree *tree, char *drep)
2979 /* [in] LSA_HANDLE hnd */
2980 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2981 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2983 /* [in, ref] SID *account */
2984 offset = dissect_ndr_nt_SID(tvb, offset,
2985 pinfo, tree, drep, -1);
2988 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2989 hf_lsa_remove_all, NULL);
2991 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2992 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2993 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2994 "Account pointer: rights", hf_lsa_rights);
3001 lsa_dissect_lsaremoveaccountrights_reply(tvbuff_t *tvb, int offset,
3002 packet_info *pinfo, proto_tree *tree, char *drep)
3004 offset = dissect_ntstatus(
3005 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3012 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3013 packet_info *pinfo, proto_tree *tree, char *drep)
3015 /* [in] LSA_HANDLE handle */
3016 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3017 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3019 /* [in, ref] LSA_UNICODE_STRING *name */
3021 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3024 /* [in] TRUSTED_INFORMATION_CLASS level */
3025 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3026 hf_lsa_trusted_info_level, NULL);
3033 lsa_dissect_lsaquerytrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3034 packet_info *pinfo, proto_tree *tree, char *drep)
3036 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3037 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3038 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3039 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3041 offset = dissect_ntstatus(
3042 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3049 lsa_dissect_lsasettrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3050 packet_info *pinfo, proto_tree *tree, char *drep)
3052 /* [in] LSA_HANDLE handle */
3053 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3054 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3056 /* [in, ref] LSA_UNICODE_STRING *name */
3058 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3061 /* [in] TRUSTED_INFORMATION_CLASS level */
3062 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3063 hf_lsa_trusted_info_level, NULL);
3065 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3066 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3067 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3068 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3075 lsa_dissect_lsasettrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3076 packet_info *pinfo, proto_tree *tree, char *drep)
3078 offset = dissect_ntstatus(
3079 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3085 lsa_dissect_lsaquerytrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3086 packet_info *pinfo, proto_tree *tree, char *drep)
3088 /* [in] LSA_HANDLE handle */
3089 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3090 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3092 /* [in, ref] SID *sid */
3093 offset = dissect_ndr_nt_SID(tvb, offset,
3094 pinfo, tree, drep, -1);
3096 /* [in] TRUSTED_INFORMATION_CLASS level */
3097 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3098 hf_lsa_trusted_info_level, NULL);
3104 lsa_dissect_lsaopentrusteddomainbyname_rqst(tvbuff_t *tvb, int offset,
3105 packet_info *pinfo, proto_tree *tree, char *drep)
3107 /* [in] LSA_HANDLE handle */
3108 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3109 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3111 /* [in, ref] LSA_UNICODE_STRING *name */
3113 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3116 /* [in] ACCESS_MASK access */
3117 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3125 lsa_dissect_lsaopentrusteddomainbyname_reply(tvbuff_t *tvb, int offset,
3126 packet_info *pinfo, proto_tree *tree, char *drep)
3128 /* [out] LSA_HANDLE handle */
3129 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3130 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3132 offset = dissect_ntstatus(
3133 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3141 lsa_dissect_lsaquerytrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3142 packet_info *pinfo, proto_tree *tree, char *drep)
3144 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3145 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3146 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3147 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3149 offset = dissect_ntstatus(
3150 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3156 lsa_dissect_lsasettrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3157 packet_info *pinfo, proto_tree *tree, char *drep)
3159 /* [in] LSA_HANDLE handle */
3160 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3161 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3163 /* [in, ref] SID *sid */
3164 offset = dissect_ndr_nt_SID(tvb, offset,
3165 pinfo, tree, drep, -1);
3167 /* [in] TRUSTED_INFORMATION_CLASS level */
3168 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3169 hf_lsa_trusted_info_level, NULL);
3171 /* [ref, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3172 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3173 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3174 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3181 lsa_dissect_lsasettrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3182 packet_info *pinfo, proto_tree *tree, char *drep)
3184 offset = dissect_ntstatus(
3185 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3191 lsa_dissect_lsaqueryinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3192 packet_info *pinfo, proto_tree *tree, char *drep)
3194 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3195 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3197 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3198 hf_lsa_policy_information_class, NULL);
3204 lsa_dissect_lsaqueryinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3205 packet_info *pinfo, proto_tree *tree, char *drep)
3207 /* This is really a pointer to a pointer though the first level is REF
3208 so we just ignore that one */
3209 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3210 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
3211 "POLICY_INFORMATION pointer: info", -1);
3213 offset = dissect_ntstatus(
3214 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3220 lsa_dissect_lsasetinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3221 packet_info *pinfo, proto_tree *tree, char *drep)
3223 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3224 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3226 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3227 hf_lsa_policy_information_class, NULL);
3229 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3230 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3231 "POLICY_INFORMATION pointer: info", -1);
3237 lsa_dissect_lsasetinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3238 packet_info *pinfo, proto_tree *tree, char *drep)
3240 offset = dissect_ntstatus(
3241 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3247 lsa_dissect_lsaquerydomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3248 packet_info *pinfo, proto_tree *tree, char *drep)
3250 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3251 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3253 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3254 hf_lsa_policy_information_class, NULL);
3260 lsa_dissect_lsaquerydomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3261 packet_info *pinfo, proto_tree *tree, char *drep)
3263 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3264 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3265 "POLICY_INFORMATION pointer: info", -1);
3267 offset = dissect_ntstatus(
3268 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3274 lsa_dissect_lsasetdomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3275 packet_info *pinfo, proto_tree *tree, char *drep)
3277 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3278 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3280 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3281 hf_lsa_policy_information_class, NULL);
3283 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3284 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3285 "POLICY_INFORMATION pointer: info", -1);
3291 lsa_dissect_lsasetdomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3292 packet_info *pinfo, proto_tree *tree, char *drep)
3294 offset = dissect_ntstatus(
3295 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3301 lsa_dissect_lsalookupnames2_rqst(tvbuff_t *tvb, int offset,
3302 packet_info *pinfo, proto_tree *tree, char *drep)
3304 /* [in] LSA_HANDLE hnd */
3305 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3306 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3308 /* [in] ULONG count */
3309 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3310 hf_lsa_count, NULL);
3312 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
3313 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3314 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
3315 "Account pointer: names", hf_lsa_acct);
3317 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3318 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3319 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3320 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3322 /* [in] USHORT level */
3323 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3324 hf_lsa_info_level, NULL);
3326 /* [in, out, ref] ULONG *num_mapped */
3327 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3328 hf_lsa_num_mapped, NULL);
3331 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3332 hf_lsa_unknown_long, NULL);
3335 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3336 hf_lsa_unknown_long, NULL);
3343 lsa_dissect_lsalookupnames2_reply(tvbuff_t *tvb, int offset,
3344 packet_info *pinfo, proto_tree *tree, char *drep)
3346 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
3347 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3348 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3349 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3351 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3352 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3353 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3354 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3356 /* [in, out, ref] ULONG *num_mapped */
3357 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3358 hf_lsa_num_mapped, NULL);
3360 offset = dissect_ntstatus(
3361 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3368 lsa_dissect_lsacreateaccount_rqst(tvbuff_t *tvb, int offset,
3369 packet_info *pinfo, proto_tree *tree, char *drep)
3371 /* [in] LSA_HANDLE hnd */
3372 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3373 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3375 offset = dissect_ndr_nt_SID(tvb, offset,
3376 pinfo, tree, drep, -1);
3378 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3385 lsa_dissect_lsacreateaccount_reply(tvbuff_t *tvb, int offset,
3386 packet_info *pinfo, proto_tree *tree, char *drep)
3388 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3389 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3391 offset = dissect_ntstatus(
3392 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3398 lsa_dissect_lsalookupprivilegedisplayname_rqst(tvbuff_t *tvb, int offset,
3399 packet_info *pinfo, proto_tree *tree, char *drep)
3401 /* [in] LSA_HANDLE hnd */
3402 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3403 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3405 /* [in, ref] LSA_UNICODE_STRING *name */
3406 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3409 /* [in] USHORT unknown */
3410 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3411 hf_lsa_unknown_short, NULL);
3413 /* [in] USHORT size */
3414 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3415 hf_lsa_size16, NULL);
3422 lsa_dissect_lsalookupprivilegedisplayname_reply(tvbuff_t *tvb, int offset,
3423 packet_info *pinfo, proto_tree *tree, char *drep)
3425 /* [out, ref] LSA_UNICODE_STRING **disp_name */
3426 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3427 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3428 "NAME pointer: ", hf_lsa_privilege_name);
3430 /* [out, ref] USHORT *size_needed */
3431 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3432 hf_lsa_size_needed, NULL);
3434 offset = dissect_ntstatus(
3435 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3441 lsa_dissect_lsastoreprivatedata_rqst(tvbuff_t *tvb, int offset,
3442 packet_info *pinfo, proto_tree *tree, char *drep)
3444 /* [in] LSA_HANDLE hnd */
3445 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3446 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3448 /* [in, ref] LSA_UNICODE_STRING *key */
3449 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3452 /* [in, unique] LSA_SECRET **data */
3453 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3454 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
3455 "LSA_SECRET* pointer: data", -1);
3462 lsa_dissect_lsastoreprivatedata_reply(tvbuff_t *tvb, int offset,
3463 packet_info *pinfo, proto_tree *tree, char *drep)
3465 offset = dissect_ntstatus(
3466 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3472 lsa_dissect_lsaretrieveprivatedata_rqst(tvbuff_t *tvb, int offset,
3473 packet_info *pinfo, proto_tree *tree, char *drep)
3475 /* [in] LSA_HANDLE hnd */
3476 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3477 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3479 /* [in, ref] LSA_UNICODE_STRING *key */
3480 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3483 /* [in, out, ref] LSA_SECRET **data */
3484 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3485 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3486 "LSA_SECRET* pointer: data", -1);
3493 lsa_dissect_lsaretrieveprivatedata_reply(tvbuff_t *tvb, int offset,
3494 packet_info *pinfo, proto_tree *tree, char *drep)
3496 /* [in, out, ref] LSA_SECRET **data */
3497 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3498 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3499 "LSA_SECRET* pointer: data", -1);
3501 offset = dissect_ntstatus(
3502 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3508 lsa_dissect_lsaclosetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3509 packet_info *pinfo, proto_tree *tree, char *drep)
3512 /* [in, out] LSA_HANDLE *tdHnd */
3513 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3514 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3521 lsa_dissect_lsaclosetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3522 packet_info *pinfo, proto_tree *tree, char *drep)
3525 /* [in, out] LSA_HANDLE *tdHnd */
3526 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3527 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3529 offset = dissect_ntstatus(
3530 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3536 lsa_dissect_LSA_TRANSLATED_NAME_EX(tvbuff_t *tvb, int offset,
3537 packet_info *pinfo, proto_tree *parent_tree, char *drep)
3539 proto_item *item=NULL;
3540 proto_tree *tree=NULL;
3541 int old_offset=offset;
3544 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3545 "LSA_TRANSLATED_NAME:");
3546 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
3550 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3551 hf_lsa_sid_type, NULL);
3554 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3558 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3559 hf_lsa_index, NULL);
3562 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3563 hf_lsa_unknown_long, NULL);
3565 proto_item_set_len(item, offset-old_offset);
3570 lsa_dissect_LSA_TRANSLATED_NAME_EX_array(tvbuff_t *tvb, int offset,
3571 packet_info *pinfo, proto_tree *tree, char *drep)
3573 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3574 lsa_dissect_LSA_TRANSLATED_NAME_EX);
3579 lsa_dissect_LSA_TRANSLATED_NAMES_EX(tvbuff_t *tvb, int offset,
3580 packet_info *pinfo, proto_tree *tree, char *drep)
3583 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3584 hf_lsa_count, NULL);
3586 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3587 lsa_dissect_LSA_TRANSLATED_NAME_EX_array, NDR_POINTER_UNIQUE,
3588 "LSA_TRANSLATED_NAME_EX: pointer", -1);
3595 lsa_dissect_lsalookupsids2_rqst(tvbuff_t *tvb, int offset,
3596 packet_info *pinfo, proto_tree *tree, char *drep)
3598 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3599 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3601 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3602 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3605 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3606 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3607 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3609 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3610 hf_lsa_info_level, NULL);
3612 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3613 hf_lsa_num_mapped, NULL);
3616 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3617 hf_lsa_unknown_long, NULL);
3620 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3621 hf_lsa_unknown_long, NULL);
3627 lsa_dissect_lsalookupsids2_reply(tvbuff_t *tvb, int offset,
3628 packet_info *pinfo, proto_tree *tree, char *drep)
3630 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3631 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3632 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3634 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3635 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3636 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3638 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3639 hf_lsa_num_mapped, NULL);
3641 offset = dissect_ntstatus(
3642 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3648 lsa_dissect_lsagetusername_rqst(tvbuff_t *tvb, int offset,
3649 packet_info *pinfo, proto_tree *tree, char *drep)
3652 /* [in, unique, string] WCHAR *server */
3653 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3654 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
3655 "Server:", hf_lsa_server);
3657 /* [in, out, ref] LSA_UNICODE_STRING **user */
3658 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3659 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3660 "ACCOUNT pointer: ", hf_lsa_acct);
3662 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3663 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3664 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3665 "DOMAIN pointer: ", hf_lsa_domain);
3672 lsa_dissect_lsagetusername_reply(tvbuff_t *tvb, int offset,
3673 packet_info *pinfo, proto_tree *tree, char *drep)
3675 /* [in, out, ref] LSA_UNICODE_STRING **user */
3676 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3677 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3678 "ACCOUNT pointer: ", hf_lsa_acct);
3680 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3681 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3682 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3683 "DOMAIN pointer: ", hf_lsa_domain);
3685 offset = dissect_ntstatus(
3686 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3692 lsa_dissect_lsacreatetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3693 packet_info *pinfo, proto_tree *tree, char *drep)
3695 /* [in] LSA_HANDLE hnd */
3696 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3697 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3699 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3700 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3701 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3702 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3704 /* [in, ref] TRUSTED_DOMAIN_AUTH_INFORMATION *auth */
3705 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3706 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION, NDR_POINTER_REF,
3707 "TRUSTED_DOMAIN_AUTH_INFORMATION pointer: auth", -1);
3709 /* [in] ACCESS_MASK mask */
3710 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3718 lsa_dissect_lsacreatetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3719 packet_info *pinfo, proto_tree *tree, char *drep)
3721 /* [out] LSA_HANDLE *tdHnd) */
3722 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3723 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3725 offset = dissect_ntstatus(
3726 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3732 lsa_dissect_lsaenumeratetrusteddomainsex_rqst(tvbuff_t *tvb, int offset,
3733 packet_info *pinfo, proto_tree *tree, char *drep)
3735 /* [in] LSA_HANDLE hnd */
3736 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3737 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3739 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3740 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3741 hf_lsa_resume_handle, NULL);
3743 /* [in] ULONG pref_maxlen */
3744 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3745 hf_lsa_max_count, NULL);
3752 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array(tvbuff_t *tvb, int offset,
3753 packet_info *pinfo, proto_tree *tree, char *drep)
3755 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3756 lsa_dissect_LSA_TRUST_INFORMATION_EX);
3762 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX(tvbuff_t *tvb, int offset,
3763 packet_info *pinfo, proto_tree *tree, char *drep)
3766 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3767 hf_lsa_count, NULL);
3769 /* trust information */
3770 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3771 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array, NDR_POINTER_UNIQUE,
3772 "TRUST INFORMATION array:", -1);
3775 /* The original code here was wrong. It now handles these correctly */
3776 /*offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3777 hf_lsa_max_count, NULL);
3784 lsa_dissect_lsaenumeratetrusteddomainsex_reply(tvbuff_t *tvb, int offset,
3785 packet_info *pinfo, proto_tree *tree, char *drep)
3787 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3788 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3789 hf_lsa_resume_handle, NULL);
3791 /* [out, ref] TRUSTED_DOMAIN_INFORMATION_LIST_EX *domains */
3792 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3793 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX, NDR_POINTER_REF,
3794 "TRUSTED_DOMAIN_INFORMATION_LIST_EX pointer: domains", -1);
3796 offset = dissect_ntstatus(
3797 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3803 lsa_dissect_lsafunction_38_rqst(tvbuff_t *tvb, int offset,
3804 packet_info *pinfo, proto_tree *tree, char *drep)
3806 /* [in] LSA_HANDLE handle */
3807 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3808 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3810 /* [in] USHORT flag */
3811 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3812 hf_lsa_unknown_short, NULL);
3814 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3815 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3816 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3817 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3824 lsa_dissect_lsafunction_38_reply(tvbuff_t *tvb, int offset,
3825 packet_info *pinfo, proto_tree *tree, char *drep)
3827 /* [out, ref] LSA_SECURITY_DESCRIPTOR **psd) */
3828 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3829 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3830 "LSA_SECURITY_DESCRIPTOR pointer: psd)", -1);
3832 offset = dissect_ntstatus(
3833 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3839 lsa_dissect_lsafunction_3b_rqst(tvbuff_t *tvb, int offset,
3840 packet_info *pinfo, proto_tree *tree, char *drep)
3842 /* [in] LSA_HANDLE hnd */
3843 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3844 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3846 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3847 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3848 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3849 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3851 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3852 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3853 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3854 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3856 /* [in] ULONG unknown */
3857 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3858 hf_lsa_unknown_long, NULL);
3865 lsa_dissect_lsafunction_3b_reply(tvbuff_t *tvb, int offset,
3866 packet_info *pinfo, proto_tree *tree, char *drep)
3868 /* [out] LSA_HANDLE *h2) */
3869 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3870 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3872 offset = dissect_ntstatus(
3873 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3879 static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
3880 { LSA_LSACLOSE, "Close",
3881 lsa_dissect_lsaclose_rqst,
3882 lsa_dissect_lsaclose_reply },
3883 { LSA_LSADELETE, "Delete",
3884 lsa_dissect_lsadelete_rqst,
3885 lsa_dissect_lsadelete_reply },
3886 { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs",
3887 lsa_dissect_lsaenumerateprivileges_rqst,
3888 lsa_dissect_lsaenumerateprivileges_reply },
3889 { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject",
3890 lsa_dissect_lsaquerysecurityobject_rqst,
3891 lsa_dissect_lsaquerysecurityobject_reply },
3892 { LSA_LSASETSECURITYOBJECT, "SetSecObject",
3893 lsa_dissect_lsasetsecurityobject_rqst,
3894 lsa_dissect_lsasetsecurityobject_reply },
3895 { LSA_LSACHANGEPASSWORD, "ChangePassword",
3896 lsa_dissect_lsachangepassword_rqst,
3897 lsa_dissect_lsachangepassword_reply },
3898 { LSA_LSAOPENPOLICY, "OpenPolicy",
3899 lsa_dissect_lsaopenpolicy_rqst,
3900 lsa_dissect_lsaopenpolicy_reply },
3901 { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy",
3902 lsa_dissect_lsaqueryinformationpolicy_rqst,
3903 lsa_dissect_lsaqueryinformationpolicy_reply },
3904 { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy",
3905 lsa_dissect_lsasetinformationpolicy_rqst,
3906 lsa_dissect_lsasetinformationpolicy_reply },
3907 { LSA_LSACLEARAUDITLOG, "ClearAuditLog",
3908 lsa_dissect_lsaclearauditlog_rqst,
3909 lsa_dissect_lsaclearauditlog_reply },
3910 { LSA_LSACREATEACCOUNT, "CreateAccount",
3911 lsa_dissect_lsacreateaccount_rqst,
3912 lsa_dissect_lsacreateaccount_reply },
3913 { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts",
3914 lsa_dissect_lsaenumerateaccounts_rqst,
3915 lsa_dissect_lsaenumerateaccounts_reply },
3916 { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain",
3917 lsa_dissect_lsacreatetrusteddomain_rqst,
3918 lsa_dissect_lsacreatetrusteddomain_reply },
3919 { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains",
3920 lsa_dissect_lsaenumeratetrusteddomains_rqst,
3921 lsa_dissect_lsaenumeratetrusteddomains_reply },
3922 { LSA_LSALOOKUPNAMES, "LookupNames",
3923 lsa_dissect_lsalookupnames_rqst,
3924 lsa_dissect_lsalookupnames_reply },
3925 { LSA_LSALOOKUPSIDS, "LookupSIDs",
3926 lsa_dissect_lsalookupsids_rqst,
3927 lsa_dissect_lsalookupsids_reply },
3928 { LSA_LSACREATESECRET, "CreateSecret",
3929 lsa_dissect_lsacreatesecret_rqst,
3930 lsa_dissect_lsacreatesecret_reply },
3931 { LSA_LSAOPENACCOUNT, "OpenAccount",
3932 lsa_dissect_lsaopenaccount_rqst,
3933 lsa_dissect_lsaopenaccount_reply },
3934 { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount",
3935 lsa_dissect_lsaenumerateprivilegesaccount_rqst,
3936 lsa_dissect_lsaenumerateprivilegesaccount_reply },
3937 { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount",
3938 lsa_dissect_lsaaddprivilegestoaccount_rqst,
3939 lsa_dissect_lsaaddprivilegestoaccount_reply },
3940 { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount",
3941 lsa_dissect_lsaremoveprivilegesfromaccount_rqst,
3942 lsa_dissect_lsaremoveprivilegesfromaccount_reply },
3943 { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount",
3944 lsa_dissect_lsagetquotasforaccount_rqst,
3945 lsa_dissect_lsagetquotasforaccount_reply },
3946 { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount",
3947 lsa_dissect_lsasetquotasforaccount_rqst,
3948 lsa_dissect_lsasetquotasforaccount_reply },
3949 { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount",
3950 lsa_dissect_lsagetsystemaccessaccount_rqst,
3951 lsa_dissect_lsagetsystemaccessaccount_reply },
3952 { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount",
3953 lsa_dissect_lsasetsystemaccessaccount_rqst,
3954 lsa_dissect_lsasetsystemaccessaccount_reply },
3955 { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain",
3956 lsa_dissect_lsaopentrusteddomain_rqst,
3957 lsa_dissect_lsaopentrusteddomain_reply },
3958 { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain",
3959 lsa_dissect_lsaqueryinfotrusteddomain_rqst,
3960 lsa_dissect_lsaqueryinfotrusteddomain_reply },
3961 { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain",
3962 lsa_dissect_lsasetinformationtrusteddomain_rqst,
3963 lsa_dissect_lsasetinformationtrusteddomain_reply },
3964 { LSA_LSAOPENSECRET, "OpenSecret",
3965 lsa_dissect_lsaopensecret_rqst,
3966 lsa_dissect_lsaopensecret_reply },
3967 { LSA_LSASETSECRET, "SetSecret",
3968 lsa_dissect_lsasetsecret_rqst,
3969 lsa_dissect_lsasetsecret_reply },
3970 { LSA_LSAQUERYSECRET, "QuerySecret",
3971 lsa_dissect_lsaquerysecret_rqst,
3972 lsa_dissect_lsaquerysecret_reply },
3973 { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue",
3974 lsa_dissect_lsalookupprivilegevalue_rqst,
3975 lsa_dissect_lsalookupprivilegevalue_reply },
3976 { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName",
3977 lsa_dissect_lsalookupprivilegename_rqst,
3978 lsa_dissect_lsalookupprivilegename_reply },
3979 { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName",
3980 lsa_dissect_lsalookupprivilegedisplayname_rqst,
3981 lsa_dissect_lsalookupprivilegedisplayname_reply },
3982 { LSA_LSADELETEOBJECT, "DeleteObject",
3983 lsa_dissect_lsadeleteobject_rqst,
3984 lsa_dissect_lsadeleteobject_reply },
3985 { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight",
3986 lsa_dissect_lsaenumerateaccountswithuserright_rqst,
3987 lsa_dissect_lsaenumerateaccountswithuserright_reply },
3988 { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights",
3989 lsa_dissect_lsaenumerateaccountrights_rqst,
3990 lsa_dissect_lsaenumerateaccountrights_reply },
3991 { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights",
3992 lsa_dissect_lsaaddaccountrights_rqst,
3993 lsa_dissect_lsaaddaccountrights_reply },
3994 { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights",
3995 lsa_dissect_lsaremoveaccountrights_rqst,
3996 lsa_dissect_lsaremoveaccountrights_reply },
3997 { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo",
3998 lsa_dissect_lsaquerytrusteddomaininfo_rqst,
3999 lsa_dissect_lsaquerytrusteddomaininfo_reply },
4000 { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo",
4001 lsa_dissect_lsasettrusteddomaininfo_rqst,
4002 lsa_dissect_lsasettrusteddomaininfo_reply },
4003 { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain",
4004 lsa_dissect_lsadeletetrusteddomain_rqst,
4005 lsa_dissect_lsadeletetrusteddomain_reply },
4006 { LSA_LSASTOREPRIVATEDATA, "StorePrivateData",
4007 lsa_dissect_lsastoreprivatedata_rqst,
4008 lsa_dissect_lsastoreprivatedata_reply },
4009 { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData",
4010 lsa_dissect_lsaretrieveprivatedata_rqst,
4011 lsa_dissect_lsaretrieveprivatedata_reply },
4012 { LSA_LSAOPENPOLICY2, "OpenPolicy2",
4013 lsa_dissect_lsaopenpolicy2_rqst,
4014 lsa_dissect_lsaopenpolicy2_reply },
4015 { LSA_LSAGETUSERNAME, "GetUsername",
4016 lsa_dissect_lsagetusername_rqst,
4017 lsa_dissect_lsagetusername_reply },
4018 { LSA_LSAQUERYINFORMATIONPOLICY2, "QueryInformationPolicy2",
4019 lsa_dissect_lsaqueryinformationpolicy2_rqst,
4020 lsa_dissect_lsaqueryinformationpolicy2_reply },
4021 { LSA_LSASETINFORMATIONPOLICY2, "SetInformationPolicy2",
4022 lsa_dissect_lsasetinformationpolicy2_rqst,
4023 lsa_dissect_lsasetinformationpolicy2_reply },
4024 { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName",
4025 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst,
4026 lsa_dissect_lsaquerytrusteddomaininfobyname_reply },
4027 { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName",
4028 lsa_dissect_lsasettrusteddomaininfobyname_rqst,
4029 lsa_dissect_lsasettrusteddomaininfobyname_reply },
4030 { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx",
4031 lsa_dissect_lsaenumeratetrusteddomainsex_rqst,
4032 lsa_dissect_lsaenumeratetrusteddomainsex_reply },
4033 { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx",
4034 lsa_dissect_lsacreatetrusteddomainex_rqst,
4035 lsa_dissect_lsacreatetrusteddomainex_reply },
4036 { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx",
4037 lsa_dissect_lsaclosetrusteddomainex_rqst,
4038 lsa_dissect_lsaclosetrusteddomainex_reply },
4039 { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy",
4040 lsa_dissect_lsaquerydomaininformationpolicy_rqst,
4041 lsa_dissect_lsaquerydomaininformationpolicy_reply },
4042 { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy",
4043 lsa_dissect_lsasetdomaininformationpolicy_rqst,
4044 lsa_dissect_lsasetdomaininformationpolicy_reply },
4045 { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName",
4046 lsa_dissect_lsaopentrusteddomainbyname_rqst,
4047 lsa_dissect_lsaopentrusteddomainbyname_reply },
4048 { LSA_LSAFUNCTION_38, "LSAFUNCTION_38",
4049 lsa_dissect_lsafunction_38_rqst,
4050 lsa_dissect_lsafunction_38_reply },
4051 { LSA_LSALOOKUPSIDS2, "LookupSIDs2",
4052 lsa_dissect_lsalookupsids2_rqst,
4053 lsa_dissect_lsalookupsids2_reply },
4054 { LSA_LSALOOKUPNAMES2, "LookupNames2",
4055 lsa_dissect_lsalookupnames2_rqst,
4056 lsa_dissect_lsalookupnames2_reply },
4057 { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B",
4058 lsa_dissect_lsafunction_3b_rqst,
4059 lsa_dissect_lsafunction_3b_reply },
4060 {0, NULL, NULL, NULL}
4064 proto_register_dcerpc_lsa(void)
4066 static hf_register_info hf[] = {
4069 { "Operation", "lsa.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "Operation", HFILL }},
4071 { &hf_lsa_unknown_string,
4072 { "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
4073 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
4076 { "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
4077 NULL, 0x0, "LSA policy handle", HFILL }},
4080 { "Server", "lsa.server", FT_STRING, BASE_NONE,
4081 NULL, 0, "Name of Server", HFILL }},
4083 { &hf_lsa_controller,
4084 { "Controller", "lsa.controller", FT_STRING, BASE_NONE,
4085 NULL, 0, "Name of Domain Controller", HFILL }},
4087 { &hf_lsa_unknown_hyper,
4088 { "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
4089 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4091 { &hf_lsa_unknown_long,
4092 { "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
4093 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4095 { &hf_lsa_unknown_short,
4096 { "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
4097 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4099 { &hf_lsa_unknown_char,
4100 { "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
4101 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4104 { "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
4105 VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
4108 { "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
4109 NULL, 0x0, "LSA Attributes", HFILL }},
4111 { &hf_lsa_obj_attr_len,
4112 { "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
4113 NULL, 0x0, "Length of object attribute structure", HFILL }},
4115 { &hf_lsa_obj_attr_name,
4116 { "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
4117 NULL, 0x0, "Name of object attribute", HFILL }},
4119 { &hf_lsa_access_mask,
4120 { "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
4121 NULL, 0x0, "LSA Access Mask", HFILL }},
4123 { &hf_lsa_info_level,
4124 { "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
4125 NULL, 0x0, "Information level of requested data", HFILL }},
4127 { &hf_lsa_trusted_info_level,
4128 { "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
4129 VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
4132 { "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
4133 NULL, 0x0, "Size of lsa security descriptor", HFILL }},
4136 { "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
4137 NULL, 0x0, "Length of quality of service structure", HFILL }},
4139 { &hf_lsa_qos_impersonation_level,
4140 { "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
4141 VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
4143 { &hf_lsa_qos_track_context,
4144 { "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
4145 NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
4147 { &hf_lsa_qos_effective_only,
4148 { "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
4149 NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
4151 { &hf_lsa_pali_percent_full,
4152 { "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
4153 NULL, 0x0, "How full audit log is in percentage", HFILL }},
4155 { &hf_lsa_pali_log_size,
4156 { "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
4157 NULL, 0x0, "Size of audit log", HFILL }},
4159 { &hf_lsa_pali_retention_period,
4160 { "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
4161 NULL, 0x0, "", HFILL }},
4163 { &hf_lsa_pali_time_to_shutdown,
4164 { "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
4165 NULL, 0x0, "Time to shutdown", HFILL }},
4167 { &hf_lsa_pali_shutdown_in_progress,
4168 { "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
4169 NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
4171 { &hf_lsa_pali_next_audit_record,
4172 { "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
4173 NULL, 0x0, "Next audit record", HFILL }},
4175 { &hf_lsa_paei_enabled,
4176 { "Enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
4177 NULL, 0x0, "If Audit Events Information is Enabled or not", HFILL }},
4179 { &hf_lsa_paei_settings,
4180 { "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
4181 NULL, 0x0, "Audit Events Information settings", HFILL }},
4184 { "Count", "lsa.count", FT_UINT32, BASE_DEC,
4185 NULL, 0x0, "Count of objects", HFILL }},
4187 { &hf_lsa_max_count,
4188 { "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
4189 NULL, 0x0, "", HFILL }},
4192 { "FQDN", "lsa.fqdn_domain", FT_STRING, BASE_NONE,
4193 NULL, 0x0, "Fully Qualified Domain Name", HFILL }},
4196 { "Domain", "lsa.domain", FT_STRING, BASE_NONE,
4197 NULL, 0x0, "Domain", HFILL }},
4199 { &hf_lsa_domain_sid,
4200 { "Domain SID", "lsa.domain_sid", FT_STRING, BASE_NONE,
4201 NULL, 0x0, "The Domain SID", HFILL }},
4204 { "Account", "lsa.acct", FT_STRING, BASE_NONE,
4205 NULL, 0x0, "Account", HFILL }},
4208 { "Source", "lsa.source", FT_STRING, BASE_NONE,
4209 NULL, 0x0, "Replica Source", HFILL }},
4211 { &hf_lsa_server_role,
4212 { "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
4213 VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
4215 { &hf_lsa_quota_paged_pool,
4216 { "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
4217 NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
4219 { &hf_lsa_quota_non_paged_pool,
4220 { "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
4221 NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
4223 { &hf_lsa_quota_min_wss,
4224 { "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
4225 NULL, 0x0, "Size of Quota Min WSS", HFILL }},
4227 { &hf_lsa_quota_max_wss,
4228 { "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
4229 NULL, 0x0, "Size of Quota Max WSS", HFILL }},
4231 { &hf_lsa_quota_pagefile,
4232 { "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
4233 NULL, 0x0, "Size of quota pagefile usage", HFILL }},
4235 { &hf_lsa_mod_seq_no,
4236 { "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
4237 NULL, 0x0, "Sequence number for this modification", HFILL }},
4239 { &hf_lsa_mod_mtime,
4240 { "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4241 NULL, 0x0, "Time when this modification occured", HFILL }},
4243 { &hf_lsa_cur_mtime,
4244 { "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4245 NULL, 0x0, "Current MTime to set", HFILL }},
4247 { &hf_lsa_old_mtime,
4248 { "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4249 NULL, 0x0, "Old MTime for this object", HFILL }},
4252 { "Name", "lsa.name", FT_STRING, BASE_NONE,
4253 NULL, 0x0, "", HFILL }},
4256 { "Key", "lsa.key", FT_STRING, BASE_NONE,
4257 NULL, 0x0, "", HFILL }},
4259 { &hf_lsa_flat_name,
4260 { "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
4261 NULL, 0x0, "", HFILL }},
4264 { "Forest", "lsa.forest", FT_STRING, BASE_NONE,
4265 NULL, 0x0, "", HFILL }},
4267 { &hf_lsa_info_type,
4268 { "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
4269 NULL, 0x0, "", HFILL }},
4272 { "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
4273 NULL, 0x0, "New password", HFILL }},
4276 { "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
4277 NULL, 0x0, "Old password", HFILL }},
4280 { "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
4281 VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
4284 { "RID", "lsa.rid", FT_UINT32, BASE_HEX,
4285 NULL, 0x0, "RID", HFILL }},
4287 { &hf_lsa_rid_offset,
4288 { "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
4289 NULL, 0x0, "RID Offset", HFILL }},
4292 { "Index", "lsa.index", FT_UINT32, BASE_DEC,
4293 NULL, 0x0, "", HFILL }},
4295 { &hf_lsa_num_mapped,
4296 { "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
4297 NULL, 0x0, "", HFILL }},
4299 { &hf_lsa_policy_information_class,
4300 { "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
4301 VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
4304 { "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX,
4305 NULL, 0, "", HFILL }},
4307 { &hf_lsa_auth_blob,
4308 { "Auth blob", "lsa.auth.blob", FT_BYTES, BASE_HEX,
4309 NULL, 0, "", HFILL }},
4312 { "High", "nt.luid.high", FT_UINT32, BASE_HEX,
4313 NULL, 0x0, "LUID High component", HFILL }},
4316 { "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
4317 NULL, 0x0, "LUID Low component", HFILL }},
4320 { "Size", "lsa.size", FT_UINT32, BASE_DEC,
4321 NULL, 0x0, "", HFILL }},
4324 { "Size", "lsa.size", FT_UINT16, BASE_DEC,
4325 NULL, 0x0, "", HFILL }},
4327 { &hf_lsa_size_needed,
4328 { "Size Needed", "lsa.size_needed", FT_UINT16, BASE_DEC,
4329 NULL, 0x0, "", HFILL }},
4331 { &hf_lsa_privilege_name,
4332 { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
4333 NULL, 0x0, "LSA Privilege Name", HFILL }},
4336 { "Rights", "lsa.rights", FT_STRING, BASE_NONE,
4337 NULL, 0x0, "Account Rights", HFILL }},
4339 { &hf_lsa_policy_information,
4340 { "POLICY INFO", "lsa.policy_information", FT_NONE, BASE_NONE,
4341 NULL, 0x0, "Policy Information union", HFILL }},
4344 { "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
4345 NULL, 0x0, "LSA Attributes", HFILL }},
4347 { &hf_lsa_auth_update,
4348 { "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
4349 NULL, 0x0, "LSA Auth Info update", HFILL }},
4351 { &hf_lsa_resume_handle,
4352 { "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
4353 NULL, 0x0, "Resume Handle", HFILL }},
4355 { &hf_lsa_trust_direction,
4356 { "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
4357 VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
4359 { &hf_lsa_trust_type,
4360 { "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
4361 VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
4363 { &hf_lsa_trust_attr,
4364 { "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
4365 NULL, 0x0, "Trust attributes", HFILL }},
4367 { &hf_lsa_trust_attr_non_trans,
4368 { "Non Transitive", "lsa.trust.attr.non_trans", FT_BOOLEAN, 32,
4369 TFS(&tfs_trust_attr_non_trans), 0x00000001, "Non Transitive trust", HFILL }},
4371 { &hf_lsa_trust_attr_uplevel_only,
4372 { "Upleve only", "lsa.trust.attr.uplevel_only", FT_BOOLEAN, 32,
4373 TFS(&tfs_trust_attr_uplevel_only), 0x00000002, "Uplevel only trust", HFILL }},
4375 { &hf_lsa_trust_attr_tree_parent,
4376 { "Tree Parent", "lsa.trust.attr.tree_parent", FT_BOOLEAN, 32,
4377 TFS(&tfs_trust_attr_tree_parent), 0x00400000, "Tree Parent trust", HFILL }},
4379 { &hf_lsa_trust_attr_tree_root,
4380 { "Tree Root", "lsa.trust.attr.tree_root", FT_BOOLEAN, 32,
4381 TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
4383 { &hf_lsa_auth_type,
4384 { "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
4385 NULL, 0x0, "Auth Info type", HFILL }},
4388 { "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
4389 NULL, 0x0, "Auth Info len", HFILL }},
4391 { &hf_lsa_remove_all,
4392 { "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
4393 NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }},
4395 { &hf_view_local_info,
4396 { "View local info", "lsa.access_mask.view_local_info",
4397 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_LOCAL_INFORMATION,
4398 "View local info", HFILL }},
4400 { &hf_view_audit_info,
4401 { "View audit info", "lsa.access_mask.view_audit_info",
4402 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_AUDIT_INFORMATION,
4403 "View audit info", HFILL }},
4405 { &hf_get_private_info,
4406 { "Get private info", "lsa.access_mask.get_privateinfo",
4407 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_GET_PRIVATE_INFORMATION,
4408 "Get private info", HFILL }},
4411 { "Trust admin", "lsa.access_mask.trust_admin",
4412 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_TRUST_ADMIN,
4413 "Trust admin", HFILL }},
4415 { &hf_create_account,
4416 { "Create account", "lsa.access_mask.create_account",
4417 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_ACCOUNT,
4418 "Create account", HFILL }},
4420 { &hf_create_secret,
4421 { "Create secret", "lsa.access_mask.create_secret",
4422 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_SECRET,
4423 "Create secret", HFILL }},
4426 { "Create privilege", "lsa.access_mask.create_priv",
4427 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_PRIVILEGE,
4428 "Create privilege", HFILL }},
4430 { &hf_set_default_quota_limits,
4431 { "Set default quota limits", "lsa.access_mask.set_default_quota_limits",
4432 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_DEFAULT_QUOTA_LIMITS,
4433 "Set default quota limits", HFILL }},
4435 { &hf_set_audit_requirements,
4436 { "Set audit requirements", "lsa.access_mask.set_audit_requirements",
4437 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_AUDIT_REQUIREMENTS,
4438 "Set audit requirements", HFILL }},
4441 { "Server admin", "lsa.access_mask.server_admin",
4442 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SERVER_ADMIN,
4443 "Server admin", HFILL }},
4446 { "Lookup names", "lsa.access_mask.lookup_names",
4447 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_LOOKUP_NAMES,
4448 "Lookup names", HFILL }}
4451 static gint *ett[] = {
4453 &ett_lsa_OBJECT_ATTRIBUTES,
4454 &ett_LSA_SECURITY_DESCRIPTOR,
4455 &ett_lsa_policy_info,
4456 &ett_lsa_policy_audit_log_info,
4457 &ett_lsa_policy_audit_events_info,
4458 &ett_lsa_policy_primary_domain_info,
4459 &ett_lsa_policy_primary_account_info,
4460 &ett_lsa_policy_server_role_info,
4461 &ett_lsa_policy_replica_source_info,
4462 &ett_lsa_policy_default_quota_info,
4463 &ett_lsa_policy_modification_info,
4464 &ett_lsa_policy_audit_full_set_info,
4465 &ett_lsa_policy_audit_full_query_info,
4466 &ett_lsa_policy_dns_domain_info,
4467 &ett_lsa_translated_names,
4468 &ett_lsa_translated_name,
4469 &ett_lsa_referenced_domain_list,
4470 &ett_lsa_trust_information,
4471 &ett_lsa_trust_information_ex,
4473 &ett_LSA_PRIVILEGES,
4475 &ett_LSA_LUID_AND_ATTRIBUTES_ARRAY,
4476 &ett_LSA_LUID_AND_ATTRIBUTES,
4477 &ett_LSA_TRUSTED_DOMAIN_LIST,
4478 &ett_LSA_TRUSTED_DOMAIN,
4479 &ett_LSA_TRANSLATED_SIDS,
4480 &ett_lsa_trusted_domain_info,
4481 &ett_lsa_trust_attr,
4482 &ett_lsa_trusted_domain_auth_information,
4483 &ett_lsa_auth_information
4486 proto_dcerpc_lsa = proto_register_protocol(
4487 "Microsoft Local Security Architecture", "LSA", "lsa");
4489 proto_register_field_array (proto_dcerpc_lsa, hf, array_length (hf));
4490 proto_register_subtree_array(ett, array_length(ett));
4493 /* Protocol handoff */
4495 static e_uuid_t uuid_dcerpc_lsa = {
4496 0x12345778, 0x1234, 0xabcd,
4497 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
4500 static guint16 ver_dcerpc_lsa = 0;
4503 proto_reg_handoff_dcerpc_lsa(void)
4505 /* Register protocol as dcerpc */
4507 dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
4508 ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum);