1 /* packet-dcerpc-samr.c
2 * Routines for SMB \\PIPE\\samr packet disassembly
3 * Copyright 2001, Tim Potter <tpot@samba.org>
5 * $Id: packet-dcerpc-samr.c,v 1.8 2002/02/08 11:02:03 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include <epan/packet.h>
32 #include "packet-dcerpc.h"
33 #include "packet-dcerpc-nt.h"
34 #include "packet-dcerpc-samr.h"
35 #include "smb.h" /* for "NT_errors[]" */
37 int dissect_nt_sid(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, char *name);
39 static int proto_dcerpc_samr = -1;
41 static int hf_samr_hnd = -1;
42 static int hf_samr_group = -1;
43 static int hf_samr_rid = -1;
44 static int hf_samr_type = -1;
45 static int hf_samr_alias = -1;
46 static int hf_samr_rid_attrib = -1;
47 static int hf_samr_rc = -1;
48 static int hf_samr_index = -1;
49 static int hf_samr_acct_ctrl = -1;
50 static int hf_samr_count = -1;
52 static int hf_samr_level = -1;
53 static int hf_samr_start_idx = -1;
54 static int hf_samr_max_entries = -1;
55 static int hf_samr_entries = -1;
56 static int hf_samr_pref_maxsize = -1;
57 static int hf_samr_total_size = -1;
58 static int hf_samr_ret_size = -1;
59 static int hf_samr_acct_name = -1;
60 static int hf_samr_full_name = -1;
61 static int hf_samr_acct_desc = -1;
62 static int hf_samr_home = -1;
63 static int hf_samr_home_drive = -1;
64 static int hf_samr_script = -1;
65 static int hf_samr_workstations = -1;
66 static int hf_samr_profile = -1;
67 static int hf_samr_server = -1;
68 static int hf_samr_domain = -1;
69 static int hf_samr_controller = -1;
70 static int hf_samr_access = -1;
71 static int hf_samr_mask = -1;
72 static int hf_samr_crypt_password = -1;
73 static int hf_samr_crypt_hash = -1;
74 static int hf_samr_lm_change = -1;
75 static int hf_samr_attrib = -1;
76 static int hf_samr_max_pwd_age = -1;
77 static int hf_samr_min_pwd_age = -1;
78 static int hf_samr_min_pwd_len = -1;
79 static int hf_samr_pwd_history_len = -1;
80 static int hf_samr_num_users = -1;
81 static int hf_samr_num_groups = -1;
82 static int hf_samr_num_aliases = -1;
83 static int hf_samr_resume_hnd = -1;
84 static int hf_samr_bad_pwd_count = -1;
85 static int hf_samr_logon_count = -1;
86 static int hf_samr_logon_time = -1;
87 static int hf_samr_logoff_time = -1;
88 static int hf_samr_kickoff_time = -1;
89 static int hf_samr_pwd_last_set_time = -1;
90 static int hf_samr_pwd_can_change_time = -1;
91 static int hf_samr_pwd_must_change_time = -1;
92 static int hf_samr_acct_expiry_time = -1;
93 static int hf_samr_country = -1;
94 static int hf_samr_codepage = -1;
95 static int hf_samr_comment = -1;
96 static int hf_samr_parameters = -1;
97 static int hf_samr_nt_pwd_set = -1;
98 static int hf_samr_lm_pwd_set = -1;
99 static int hf_samr_pwd_expired = -1;
100 static int hf_samr_revision = -1;
101 static int hf_samr_divisions = -1;
102 static int hf_samr_info_type = -1;
104 static int hf_samr_unknown_hyper = -1;
105 static int hf_samr_unknown_long = -1;
106 static int hf_samr_unknown_short = -1;
107 static int hf_samr_unknown_char = -1;
108 static int hf_samr_unknown_string = -1;
109 static int hf_samr_unknown_time = -1;
111 /* these are used by functions in packet-dcerpc-nt.c */
112 int hf_nt_str_len = -1;
113 int hf_nt_str_off = -1;
114 int hf_nt_str_max_len = -1;
115 int hf_nt_string_length = -1;
116 int hf_nt_string_size = -1;
119 static gint ett_dcerpc_samr = -1;
120 gint ett_nt_unicode_string = -1; /* used by packet-dcerpc-nt.c*/
121 static gint ett_samr_user_dispinfo_1 = -1;
123 static e_uuid_t uuid_dcerpc_samr = {
124 0x12345778, 0x1234, 0xabcd,
125 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xac}
128 static guint16 ver_dcerpc_samr = 1;
131 /* functions to dissect a UNICODE_STRING structure, common to many
136 [size_is(size/2), length_is(len/2), ptr] unsigned short *string;
139 these variables can be found in packet-dcerpc-samr.c
141 extern int hf_nt_str_len;
142 extern int hf_nt_str_off;
143 extern int hf_nt_str_max_len;
144 extern int hf_nt_string_length;
145 extern int hf_nt_string_size;
146 extern gint ett_nt_unicode_string;
149 dissect_ndr_nt_UNICODE_STRING_string (tvbuff_t *tvb, int offset,
150 packet_info *pinfo, proto_tree *tree,
153 guint32 len, off, max_len;
157 header_field_info *hfi;
160 di=pinfo->private_data;
161 if(di->conformant_run){
162 /*just a run to handle conformant arrays, nothing to dissect */
166 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
167 hf_nt_str_len, &len);
168 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
169 hf_nt_str_off, &off);
170 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
171 hf_nt_str_max_len, &max_len);
174 offset = prs_uint16s(tvb, offset, pinfo, tree, max_len, &data16, NULL);
175 text = fake_unicode(data16, max_len);
177 hfi = proto_registrar_get_nth(di->hf_index);
178 proto_tree_add_string_format(tree, di->hf_index,
179 tvb, old_offset, offset-old_offset,
180 text, "%s: %s", hfi->name, text);
183 proto_item_set_text(tree, "%s: %s", hfi->name, text);
184 proto_item_set_text(tree->parent, "%s: %s", hfi->name, text);
190 dissect_ndr_nt_UNICODE_STRING (tvbuff_t *tvb, int offset,
191 packet_info *pinfo, proto_tree *parent_tree,
192 char *drep, int hf_index)
194 proto_item *item=NULL;
195 proto_tree *tree=NULL;
196 int old_offset=offset;
199 di=pinfo->private_data;
200 if(di->conformant_run){
201 /*just a run to handle conformant arrays, nothing to dissect */
206 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
208 tree = proto_item_add_subtree(item, ett_nt_unicode_string);
211 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
212 hf_nt_string_length, NULL);
213 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
214 hf_nt_string_size, NULL);
215 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
216 dissect_ndr_nt_UNICODE_STRING_string, NDR_POINTER_PTR,
219 proto_item_set_len(item, offset-old_offset);
223 /* functions to dissect a STRING structure, common to many
228 [size_is(size), length_is(len), ptr] char *string;
233 dissect_ndr_nt_STRING_string (tvbuff_t *tvb, int offset,
234 packet_info *pinfo, proto_tree *tree,
237 guint32 len, off, max_len;
240 header_field_info *hfi;
243 di=pinfo->private_data;
244 if(di->conformant_run){
245 /*just a run to handle conformant arrays, nothing to dissect */
249 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
250 hf_nt_str_len, &len);
251 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
252 hf_nt_str_off, &off);
253 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
254 hf_nt_str_max_len, &max_len);
257 offset = prs_uint8s(tvb, offset, pinfo, tree, max_len, &text, NULL);
259 hfi = proto_registrar_get_nth(di->hf_index);
260 proto_tree_add_string_format(tree, di->hf_index,
261 tvb, old_offset, offset-old_offset,
262 text, "%s: %s", hfi->name, text);
265 proto_item_set_text(tree, "%s: %s", hfi->name, text);
266 proto_item_set_text(tree->parent, "%s: %s", hfi->name, text);
272 dissect_ndr_nt_STRING (tvbuff_t *tvb, int offset,
273 packet_info *pinfo, proto_tree *parent_tree,
274 char *drep, int hf_index)
276 proto_item *item=NULL;
277 proto_tree *tree=NULL;
278 int old_offset=offset;
281 di=pinfo->private_data;
282 if(di->conformant_run){
283 /*just a run to handle conformant arrays, nothing to dissect */
288 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
290 tree = proto_item_add_subtree(item, ett_nt_unicode_string);
293 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
294 hf_nt_string_length, NULL);
295 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
296 hf_nt_string_size, NULL);
297 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
298 dissect_ndr_nt_STRING_string, NDR_POINTER_PTR,
301 proto_item_set_len(item, offset-old_offset);
305 /* This should get fixed both here and in dissect_smb_64bit_time so
306 one can handle both BIG and LITTLE endian encodings
308 int dissect_smb_64bit_time(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, int hf_date);
310 dissect_ndr_nt_NTTIME (tvbuff_t *tvb, int offset,
311 packet_info *pinfo, proto_tree *tree,
312 char *drep, int hf_index)
316 di=pinfo->private_data;
317 if(di->conformant_run){
318 /*just a run to handle conformant arrays, nothing to dissect */
322 /* align to 4 byte boundary */
324 offset = (offset&0xfffffffc)+4;
327 offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
333 samr_dissect_SID(tvbuff_t *tvb, int offset,
334 packet_info *pinfo, proto_tree *tree,
339 di=pinfo->private_data;
340 if(di->conformant_run){
341 /* just a run to handle conformant arrays, no scalars to dissect */
345 /* the SID contains a conformant array, first we must eat
346 the 4-byte max_count before we can hand it off */
347 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
348 hf_samr_count, NULL);
350 offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Domain");
355 samr_dissect_SID_ptr(tvbuff_t *tvb, int offset,
356 packet_info *pinfo, proto_tree *tree,
359 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
360 samr_dissect_SID, NDR_POINTER_UNIQUE,
367 /* above this line, just some general support routines which should be placed
368 in some more generic file common to all NT services dissectors
377 samr_dissect_context_handle_reply(tvbuff_t *tvb, int offset,
378 packet_info *pinfo, proto_tree *tree,
381 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
383 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
391 samr_dissect_open_user_rqst(tvbuff_t *tvb, int offset,
392 packet_info *pinfo, proto_tree *tree,
395 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
397 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
398 hf_samr_access, NULL);
399 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
406 samr_dissect_pointer_long(tvbuff_t *tvb, int offset,
407 packet_info *pinfo, proto_tree *tree,
412 di=pinfo->private_data;
413 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
419 samr_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
420 packet_info *pinfo, proto_tree *tree,
425 di=pinfo->private_data;
426 if(di->conformant_run){
427 /*just a run to handle conformant arrays, nothing to dissect */
431 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
437 samr_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
438 packet_info *pinfo, proto_tree *tree,
443 di=pinfo->private_data;
444 if(di->conformant_run){
445 /*just a run to handle conformant arrays, nothing to dissect */
449 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
455 samr_dissect_pointer_short(tvbuff_t *tvb, int offset,
456 packet_info *pinfo, proto_tree *tree,
461 di=pinfo->private_data;
462 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
469 samr_dissect_query_dispinfo_rqst (tvbuff_t *tvb, int offset,
470 packet_info *pinfo, proto_tree *tree,
473 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
475 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
476 hf_samr_level, NULL);
477 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
478 hf_samr_start_idx, NULL);
479 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
480 hf_samr_max_entries, NULL);
481 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
482 hf_samr_pref_maxsize, NULL);
487 samr_dissect_USER_DISPINFO_1(tvbuff_t *tvb, int offset,
488 packet_info *pinfo, proto_tree *parent_tree,
491 proto_item *item=NULL;
492 proto_tree *tree=NULL;
493 int old_offset=offset;
496 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
498 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
501 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
502 hf_samr_index, NULL);
503 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
505 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
506 hf_samr_acct_ctrl, NULL);
507 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
509 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
511 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
514 proto_item_set_len(item, offset-old_offset);
519 samr_dissect_USER_DISPINFO_1_ARRAY_users(tvbuff_t *tvb, int offset,
520 packet_info *pinfo, proto_tree *tree,
523 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
524 samr_dissect_USER_DISPINFO_1);
530 samr_dissect_USER_DISPINFO_1_ARRAY (tvbuff_t *tvb, int offset,
531 packet_info *pinfo, proto_tree *parent_tree,
535 proto_item *item=NULL;
536 proto_tree *tree=NULL;
537 int old_offset=offset;
540 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
541 "User_DispInfo_1 Array");
542 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
546 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
547 hf_samr_count, &count);
548 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
549 samr_dissect_USER_DISPINFO_1_ARRAY_users, NDR_POINTER_PTR,
552 proto_item_set_len(item, offset-old_offset);
559 samr_dissect_USER_DISPINFO_2(tvbuff_t *tvb, int offset,
560 packet_info *pinfo, proto_tree *parent_tree,
563 proto_item *item=NULL;
564 proto_tree *tree=NULL;
565 int old_offset=offset;
568 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
570 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
573 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
574 hf_samr_index, NULL);
575 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
577 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
578 hf_samr_acct_ctrl, NULL);
579 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
581 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
584 proto_item_set_len(item, offset-old_offset);
589 samr_dissect_USER_DISPINFO_2_ARRAY_users (tvbuff_t *tvb, int offset,
590 packet_info *pinfo, proto_tree *tree,
593 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
594 samr_dissect_USER_DISPINFO_2);
600 samr_dissect_USER_DISPINFO_2_ARRAY (tvbuff_t *tvb, int offset,
601 packet_info *pinfo, proto_tree *parent_tree,
605 proto_item *item=NULL;
606 proto_tree *tree=NULL;
607 int old_offset=offset;
610 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
611 "User_DispInfo_2 Array");
612 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
616 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
617 hf_samr_count, &count);
618 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
619 samr_dissect_USER_DISPINFO_2_ARRAY_users, NDR_POINTER_PTR,
622 proto_item_set_len(item, offset-old_offset);
631 samr_dissect_GROUP_DISPINFO(tvbuff_t *tvb, int offset,
632 packet_info *pinfo, proto_tree *parent_tree,
635 proto_item *item=NULL;
636 proto_tree *tree=NULL;
637 int old_offset=offset;
640 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
642 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
646 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
647 hf_samr_index, NULL);
648 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
650 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
651 hf_samr_acct_ctrl, NULL);
652 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
654 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
657 proto_item_set_len(item, offset-old_offset);
662 samr_dissect_GROUP_DISPINFO_ARRAY_groups(tvbuff_t *tvb, int offset,
663 packet_info *pinfo, proto_tree *tree,
666 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
667 samr_dissect_GROUP_DISPINFO);
673 samr_dissect_GROUP_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
674 packet_info *pinfo, proto_tree *parent_tree,
678 proto_item *item=NULL;
679 proto_tree *tree=NULL;
680 int old_offset=offset;
683 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
684 "Group_DispInfo Array");
685 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
688 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
689 hf_samr_count, &count);
690 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
691 samr_dissect_GROUP_DISPINFO_ARRAY_groups, NDR_POINTER_PTR,
694 proto_item_set_len(item, offset-old_offset);
701 samr_dissect_ASCII_DISPINFO(tvbuff_t *tvb, int offset,
702 packet_info *pinfo, proto_tree *parent_tree,
705 proto_item *item=NULL;
706 proto_tree *tree=NULL;
707 int old_offset=offset;
710 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
712 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
716 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
717 hf_samr_index, NULL);
718 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
720 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
721 hf_samr_acct_ctrl, NULL);
722 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
724 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
727 proto_item_set_len(item, offset-old_offset);
732 samr_dissect_ASCII_DISPINFO_ARRAY_users(tvbuff_t *tvb, int offset,
733 packet_info *pinfo, proto_tree *tree,
736 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
737 samr_dissect_ASCII_DISPINFO);
743 samr_dissect_ASCII_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
744 packet_info *pinfo, proto_tree *parent_tree,
748 proto_item *item=NULL;
749 proto_tree *tree=NULL;
750 int old_offset=offset;
753 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
754 "Ascii_DispInfo Array");
755 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
758 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
759 hf_samr_count, &count);
760 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
761 samr_dissect_ASCII_DISPINFO_ARRAY_users, NDR_POINTER_PTR,
764 proto_item_set_len(item, offset-old_offset);
770 samr_dissect_DISPLAY_INFO (tvbuff_t *tvb, int offset,
771 packet_info *pinfo, proto_tree *parent_tree,
774 proto_item *item=NULL;
775 proto_tree *tree=NULL;
776 int old_offset=offset;
780 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
782 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
785 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
786 hf_samr_level, &level);
789 offset = samr_dissect_USER_DISPINFO_1_ARRAY(
790 tvb, offset, pinfo, tree, drep);
793 offset = samr_dissect_USER_DISPINFO_2_ARRAY(
794 tvb, offset, pinfo, tree, drep);
797 offset = samr_dissect_GROUP_DISPINFO_ARRAY(
798 tvb, offset, pinfo, tree, drep);
801 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
802 tvb, offset, pinfo, tree, drep);
805 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
806 tvb, offset, pinfo, tree, drep);
810 proto_item_set_len(item, offset-old_offset);
815 samr_dissect_query_dispinfo_reply (tvbuff_t *tvb, int offset,
816 packet_info *pinfo, proto_tree *tree,
819 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
820 samr_dissect_pointer_long, NDR_POINTER_REF,
822 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
823 samr_dissect_pointer_long, NDR_POINTER_REF,
825 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
826 samr_dissect_DISPLAY_INFO, NDR_POINTER_REF,
828 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
836 samr_dissect_get_display_enumeration_index_rqst(tvbuff_t *tvb, int offset,
837 packet_info *pinfo, proto_tree *tree,
840 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
842 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
843 hf_samr_level, NULL);
844 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
851 samr_dissect_get_display_enumeration_index_reply(tvbuff_t *tvb, int offset,
852 packet_info *pinfo, proto_tree *tree,
855 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
856 samr_dissect_pointer_long, NDR_POINTER_REF,
858 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
868 samr_dissect_PASSWORD_INFO(tvbuff_t *tvb, int offset,
869 packet_info *pinfo, proto_tree *parent_tree,
873 proto_item *item=NULL;
874 proto_tree *tree=NULL;
875 int old_offset=offset;
878 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
880 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
884 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
885 hf_samr_unknown_short, NULL);
886 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
887 hf_samr_unknown_long, NULL);
889 proto_item_set_len(item, offset-old_offset);
894 samr_dissect_get_usrdom_pwinfo_reply(tvbuff_t *tvb, int offset,
895 packet_info *pinfo, proto_tree *tree,
898 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
899 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
901 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
909 samr_dissect_connect2_server(tvbuff_t *tvb, int offset,
910 packet_info *pinfo, proto_tree *parent_tree,
913 proto_item *item=NULL;
914 proto_tree *tree=NULL;
915 int old_offset=offset;
918 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
920 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
923 offset = dissect_ndr_nt_UNICODE_STRING_string(tvb, offset, pinfo,
926 proto_item_set_len(item, offset-old_offset);
931 samr_dissect_connect2_rqst(tvbuff_t *tvb, int offset,
932 packet_info *pinfo, proto_tree *tree,
935 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
936 samr_dissect_connect2_server, NDR_POINTER_UNIQUE,
939 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
940 hf_samr_access, NULL);
945 samr_dissect_connect2_reply(tvbuff_t *tvb, int offset,
946 packet_info *pinfo, proto_tree *tree,
949 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
951 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
960 samr_dissect_USER_GROUP(tvbuff_t *tvb, int offset,
961 packet_info *pinfo, proto_tree *parent_tree,
964 proto_item *item=NULL;
965 proto_tree *tree=NULL;
966 int old_offset=offset;
969 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
971 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
974 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
976 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
977 hf_samr_rid_attrib, NULL);
979 proto_item_set_len(item, offset-old_offset);
984 samr_dissect_USER_GROUP_ARRAY_groups (tvbuff_t *tvb, int offset,
985 packet_info *pinfo, proto_tree *tree,
988 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
989 samr_dissect_USER_GROUP);
995 samr_dissect_USER_GROUP_ARRAY(tvbuff_t *tvb, int offset,
996 packet_info *pinfo, proto_tree *parent_tree,
1000 proto_item *item=NULL;
1001 proto_tree *tree=NULL;
1002 int old_offset=offset;
1005 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1006 "User_Group Array");
1007 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
1010 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1011 hf_samr_count, &count);
1012 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1013 samr_dissect_USER_GROUP_ARRAY_groups, NDR_POINTER_UNIQUE,
1016 proto_item_set_len(item, offset-old_offset);
1021 samr_dissect_USER_GROUP_ARRAY_ptr(tvbuff_t *tvb, int offset,
1022 packet_info *pinfo, proto_tree *tree,
1025 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1026 samr_dissect_USER_GROUP_ARRAY, NDR_POINTER_UNIQUE,
1032 samr_dissect_get_groups_for_user_reply(tvbuff_t *tvb, int offset,
1033 packet_info *pinfo, proto_tree *tree,
1036 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1037 samr_dissect_USER_GROUP_ARRAY_ptr, NDR_POINTER_REF,
1039 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1047 samr_dissect_open_domain_rqst(tvbuff_t *tvb, int offset,
1048 packet_info *pinfo, proto_tree *tree,
1051 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1053 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1054 hf_samr_access, NULL);
1055 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1056 samr_dissect_SID, NDR_POINTER_REF,
1062 samr_dissect_open_domain_reply(tvbuff_t *tvb, int offset,
1063 packet_info *pinfo, proto_tree *tree,
1066 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1068 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1076 samr_dissect_context_handle_SID(tvbuff_t *tvb, int offset,
1077 packet_info *pinfo, proto_tree *tree,
1080 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1082 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1083 samr_dissect_SID, NDR_POINTER_REF,
1089 samr_dissect_context_handle(tvbuff_t *tvb, int offset,
1090 packet_info *pinfo, proto_tree *tree,
1093 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1100 samr_dissect_rc(tvbuff_t *tvb, int offset,
1101 packet_info *pinfo, proto_tree *tree,
1104 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1110 samr_dissect_add_member_to_group_rqst(tvbuff_t *tvb, int offset,
1111 packet_info *pinfo, proto_tree *tree,
1114 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1116 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1117 hf_samr_group, NULL);
1118 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1124 samr_dissect_unknown_3c_reply(tvbuff_t *tvb, int offset,
1125 packet_info *pinfo, proto_tree *tree,
1128 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1129 samr_dissect_pointer_short, NDR_POINTER_REF,
1130 hf_samr_unknown_short);
1131 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1139 samr_dissect_create_alias_in_domain_rqst(tvbuff_t *tvb, int offset,
1140 packet_info *pinfo, proto_tree *tree,
1143 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1145 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1147 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1148 hf_samr_access, NULL);
1153 samr_dissect_create_alias_in_domain_reply(tvbuff_t *tvb, int offset,
1154 packet_info *pinfo, proto_tree *tree,
1157 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1159 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1161 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1169 samr_dissect_query_information_alias_rqst(tvbuff_t *tvb, int offset,
1170 packet_info *pinfo, proto_tree *tree,
1173 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1175 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1176 hf_samr_level, NULL);
1183 samr_dissect_ALIAS_INFO_1 (tvbuff_t *tvb, int offset,
1184 packet_info *pinfo, proto_tree *tree,
1187 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1190 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1192 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1199 samr_dissect_ALIAS_INFO(tvbuff_t *tvb, int offset,
1200 packet_info *pinfo, proto_tree *parent_tree,
1203 proto_item *item=NULL;
1204 proto_tree *tree=NULL;
1205 int old_offset=offset;
1209 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1211 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
1214 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1215 hf_samr_level, &level);
1218 offset = samr_dissect_ALIAS_INFO_1(
1219 tvb, offset, pinfo, tree, drep);
1222 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1227 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1233 proto_item_set_len(item, offset-old_offset);
1238 samr_dissect_ALIAS_INFO_ptr(tvbuff_t *tvb, int offset,
1239 packet_info *pinfo, proto_tree *tree,
1242 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1243 samr_dissect_ALIAS_INFO, NDR_POINTER_UNIQUE,
1249 samr_dissect_query_information_alias_reply(tvbuff_t *tvb, int offset,
1250 packet_info *pinfo, proto_tree *tree,
1253 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1254 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1256 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1262 samr_dissect_set_information_alias_rqst(tvbuff_t *tvb, int offset,
1263 packet_info *pinfo, proto_tree *tree,
1266 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1268 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1269 hf_samr_level, NULL);
1270 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1271 samr_dissect_ALIAS_INFO, NDR_POINTER_REF,
1278 samr_dissect_CRYPT_PASSWORD(tvbuff_t *tvb, int offset,
1279 packet_info *pinfo, proto_tree *tree,
1282 proto_tree_add_item(tree, hf_samr_crypt_password, tvb, offset, 516,
1289 samr_dissect_CRYPT_HASH(tvbuff_t *tvb, int offset,
1290 packet_info *pinfo, proto_tree *tree,
1293 proto_tree_add_item(tree, hf_samr_crypt_hash, tvb, offset, 16,
1301 samr_dissect_oem_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1302 packet_info *pinfo, proto_tree *tree,
1305 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1307 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1308 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1310 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1311 samr_dissect_pointer_STRING, NDR_POINTER_REF,
1313 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1314 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1316 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1317 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1323 samr_dissect_unicode_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1324 packet_info *pinfo, proto_tree *tree,
1327 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1329 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1330 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1332 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1333 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1335 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1336 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1338 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1339 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1341 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1342 hf_samr_lm_change, NULL);
1343 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1344 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1346 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1347 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1353 samr_dissect_unknown_3b_rqst(tvbuff_t *tvb, int offset,
1354 packet_info *pinfo, proto_tree *tree,
1357 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1359 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1360 hf_samr_unknown_short, NULL);
1361 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1362 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1363 hf_samr_unknown_string);
1364 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1365 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1366 hf_samr_unknown_string);
1372 samr_dissect_create_user2_in_domain_rqst(tvbuff_t *tvb, int offset,
1373 packet_info *pinfo, proto_tree *tree,
1377 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1379 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1381 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1382 hf_samr_acct_ctrl, NULL);
1383 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1384 hf_samr_access, NULL);
1390 samr_dissect_create_user2_in_domain_reply(tvbuff_t *tvb, int offset,
1391 packet_info *pinfo, proto_tree *tree,
1394 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1396 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1397 hf_samr_unknown_long, NULL);
1398 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1400 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1406 samr_dissect_get_display_enumeration_index2_rqst(tvbuff_t *tvb, int offset,
1407 packet_info *pinfo, proto_tree *tree,
1410 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1412 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1413 hf_samr_level, NULL);
1414 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1420 samr_dissect_get_display_enumeration_index2_reply(tvbuff_t *tvb, int offset,
1421 packet_info *pinfo, proto_tree *tree,
1424 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1425 hf_samr_index, NULL);
1426 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1432 samr_dissect_change_password_user_rqst(tvbuff_t *tvb, int offset,
1433 packet_info *pinfo, proto_tree *tree,
1436 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1438 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1439 hf_samr_unknown_char, NULL);
1440 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1441 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1443 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1444 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1446 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1447 hf_samr_unknown_char, NULL);
1448 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1449 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1451 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1452 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1454 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1455 hf_samr_unknown_char, NULL);
1456 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1457 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1459 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1460 hf_samr_unknown_char, NULL);
1461 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1462 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1469 samr_dissect_set_member_attributes_of_group_rqst(tvbuff_t *tvb, int offset,
1470 packet_info *pinfo, proto_tree *tree,
1473 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1475 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1476 hf_samr_attrib, NULL);
1482 samr_dissect_GROUP_INFO_1 (tvbuff_t *tvb, int offset,
1483 packet_info *pinfo, proto_tree *tree,
1486 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1489 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1491 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1492 hf_samr_attrib, NULL);
1493 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1500 samr_dissect_GROUP_INFO(tvbuff_t *tvb, int offset,
1501 packet_info *pinfo, proto_tree *parent_tree,
1504 proto_item *item=NULL;
1505 proto_tree *tree=NULL;
1506 int old_offset=offset;
1510 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1512 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
1515 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1516 hf_samr_level, &level);
1519 offset = samr_dissect_GROUP_INFO_1(
1520 tvb, offset, pinfo, tree, drep);
1523 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1528 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1529 hf_samr_attrib, NULL);
1532 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1538 proto_item_set_len(item, offset-old_offset);
1543 samr_dissect_GROUP_INFO_ptr(tvbuff_t *tvb, int offset,
1544 packet_info *pinfo, proto_tree *tree,
1547 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1548 samr_dissect_GROUP_INFO, NDR_POINTER_UNIQUE,
1554 samr_dissect_query_information_group_rqst (tvbuff_t *tvb, int offset,
1555 packet_info *pinfo, proto_tree *tree,
1558 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1560 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1561 hf_samr_level, NULL);
1566 samr_dissect_query_information_group_reply(tvbuff_t *tvb, int offset,
1567 packet_info *pinfo, proto_tree *tree,
1570 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1571 samr_dissect_GROUP_INFO_ptr, NDR_POINTER_REF,
1573 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1579 samr_dissect_set_information_group_rqst (tvbuff_t *tvb, int offset,
1580 packet_info *pinfo, proto_tree *tree,
1583 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1585 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1586 hf_samr_level, NULL);
1587 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1588 samr_dissect_GROUP_INFO, NDR_POINTER_REF,
1596 samr_dissect_get_domain_password_information_rqst (tvbuff_t *tvb, int offset,
1597 packet_info *pinfo, proto_tree *tree,
1600 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1603 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1604 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1611 samr_dissect_DOMAIN_INFO_1(tvbuff_t *tvb, int offset,
1612 packet_info *pinfo, proto_tree *parent_tree,
1615 proto_item *item=NULL;
1616 proto_tree *tree=NULL;
1617 int old_offset=offset;
1620 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1622 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
1625 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1626 hf_samr_min_pwd_len, NULL);
1627 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1628 hf_samr_pwd_history_len, NULL);
1629 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1630 hf_samr_unknown_long, NULL);
1631 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1632 hf_samr_max_pwd_age);
1633 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1634 hf_samr_min_pwd_age);
1635 proto_item_set_len(item, offset-old_offset);
1640 samr_dissect_DOMAIN_INFO_2(tvbuff_t *tvb, int offset,
1641 packet_info *pinfo, proto_tree *parent_tree,
1644 proto_item *item=NULL;
1645 proto_tree *tree=NULL;
1646 int old_offset=offset;
1649 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1651 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
1654 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1655 hf_samr_unknown_time);
1656 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1657 hf_samr_unknown_string);
1658 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1660 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1661 hf_samr_controller);
1662 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1663 hf_samr_unknown_time);
1664 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1665 hf_samr_unknown_long, NULL);
1666 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1667 hf_samr_unknown_long, NULL);
1668 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1669 hf_samr_unknown_char, NULL);
1670 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1671 hf_samr_num_users, NULL);
1672 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1673 hf_samr_num_groups, NULL);
1674 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1675 hf_samr_num_aliases, NULL);
1677 proto_item_set_len(item, offset-old_offset);
1682 samr_dissect_DOMAIN_INFO_8(tvbuff_t *tvb, int offset,
1683 packet_info *pinfo, proto_tree *parent_tree,
1686 proto_item *item=NULL;
1687 proto_tree *tree=NULL;
1688 int old_offset=offset;
1691 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1693 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
1696 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1697 hf_samr_max_pwd_age);
1698 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1699 hf_samr_min_pwd_age);
1701 proto_item_set_len(item, offset-old_offset);
1706 samr_dissect_REPLICATION_STATUS(tvbuff_t *tvb, int offset,
1707 packet_info *pinfo, proto_tree *parent_tree,
1710 proto_item *item=NULL;
1711 proto_tree *tree=NULL;
1712 int old_offset=offset;
1715 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1716 "Replication Status");
1717 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
1720 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1721 hf_samr_unknown_hyper, NULL);
1722 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1723 hf_samr_unknown_hyper, NULL);
1724 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1725 hf_samr_unknown_short, NULL);
1727 proto_item_set_len(item, offset-old_offset);
1732 samr_dissect_DOMAIN_INFO_11(tvbuff_t *tvb, int offset,
1733 packet_info *pinfo, proto_tree *parent_tree,
1736 proto_item *item=NULL;
1737 proto_tree *tree=NULL;
1738 int old_offset=offset;
1741 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1743 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
1746 offset = samr_dissect_DOMAIN_INFO_2(
1747 tvb, offset, pinfo, tree, drep);
1748 offset = samr_dissect_REPLICATION_STATUS(
1749 tvb, offset, pinfo, tree, drep);
1751 proto_item_set_len(item, offset-old_offset);
1756 samr_dissect_DOMAIN_INFO_13(tvbuff_t *tvb, int offset,
1757 packet_info *pinfo, proto_tree *parent_tree,
1760 proto_item *item=NULL;
1761 proto_tree *tree=NULL;
1762 int old_offset=offset;
1765 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1767 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
1770 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1771 hf_samr_unknown_time);
1772 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1773 hf_samr_unknown_time);
1774 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1775 hf_samr_unknown_time);
1777 proto_item_set_len(item, offset-old_offset);
1783 samr_dissect_DOMAIN_INFO(tvbuff_t *tvb, int offset,
1784 packet_info *pinfo, proto_tree *parent_tree,
1787 proto_item *item=NULL;
1788 proto_tree *tree=NULL;
1789 int old_offset=offset;
1793 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1795 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
1798 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1799 hf_samr_level, &level);
1802 offset = samr_dissect_DOMAIN_INFO_1(
1803 tvb, offset, pinfo, tree, drep);
1806 offset = samr_dissect_DOMAIN_INFO_2(
1807 tvb, offset, pinfo, tree, drep);
1811 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1812 hf_samr_unknown_time);
1815 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1816 tree, drep, hf_samr_unknown_string);
1820 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1821 tree, drep, hf_samr_domain);
1825 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1826 tree, drep, hf_samr_controller);
1830 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1831 hf_samr_unknown_short, NULL);
1834 offset = samr_dissect_DOMAIN_INFO_8(
1835 tvb, offset, pinfo, tree, drep);
1838 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1839 hf_samr_unknown_short, NULL);
1842 offset = samr_dissect_DOMAIN_INFO_11(
1843 tvb, offset, pinfo, tree, drep);
1846 offset = samr_dissect_REPLICATION_STATUS(
1847 tvb, offset, pinfo, tree, drep);
1850 offset = samr_dissect_DOMAIN_INFO_13(
1851 tvb, offset, pinfo, tree, drep);
1855 proto_item_set_len(item, offset-old_offset);
1860 samr_dissect_DOMAIN_INFO_ptr(tvbuff_t *tvb, int offset,
1861 packet_info *pinfo, proto_tree *tree,
1864 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1865 samr_dissect_DOMAIN_INFO, NDR_POINTER_UNIQUE,
1871 samr_dissect_query_information_domain_reply(tvbuff_t *tvb, int offset,
1872 packet_info *pinfo, proto_tree *tree,
1875 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1876 samr_dissect_DOMAIN_INFO_ptr, NDR_POINTER_REF,
1878 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1885 samr_dissect_set_information_domain_rqst(tvbuff_t *tvb, int offset,
1886 packet_info *pinfo, proto_tree *tree,
1889 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1891 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1892 hf_samr_level, NULL);
1893 offset = samr_dissect_DOMAIN_INFO(tvb, offset, pinfo, tree, drep);
1900 samr_dissect_lookup_domain_reply(tvbuff_t *tvb, int offset,
1901 packet_info *pinfo, proto_tree *tree,
1904 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1905 samr_dissect_SID_ptr, NDR_POINTER_REF,
1907 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1913 samr_dissect_PSID(tvbuff_t *tvb, int offset,
1914 packet_info *pinfo, proto_tree *parent_tree,
1917 proto_item *item=NULL;
1918 proto_tree *tree=NULL;
1919 int old_offset=offset;
1922 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1924 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
1927 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1928 samr_dissect_SID, NDR_POINTER_UNIQUE,
1931 proto_item_set_len(item, offset-old_offset);
1937 samr_dissect_PSID_ARRAY_sids (tvbuff_t *tvb, int offset,
1938 packet_info *pinfo, proto_tree *tree,
1941 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1949 samr_dissect_PSID_ARRAY(tvbuff_t *tvb, int offset,
1950 packet_info *pinfo, proto_tree *parent_tree,
1954 proto_item *item=NULL;
1955 proto_tree *tree=NULL;
1956 int old_offset=offset;
1959 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1961 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
1964 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1965 hf_samr_count, &count);
1966 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1967 samr_dissect_PSID_ARRAY_sids, NDR_POINTER_UNIQUE,
1970 proto_item_set_len(item, offset-old_offset);
1975 samr_dissect_pindex(tvbuff_t *tvb, int offset,
1976 packet_info *pinfo, proto_tree *parent_tree,
1979 proto_item *item=NULL;
1980 proto_tree *tree=NULL;
1981 int old_offset=offset;
1984 di=pinfo->private_data;
1987 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1989 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
1992 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1993 samr_dissect_pointer_long, NDR_POINTER_UNIQUE,
1996 proto_item_set_len(item, offset-old_offset);
2002 samr_dissect_INDEX_ARRAY_value (tvbuff_t *tvb, int offset,
2003 packet_info *pinfo, proto_tree *tree,
2006 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2007 samr_dissect_pindex);
2014 samr_dissect_INDEX_ARRAY(tvbuff_t *tvb, int offset,
2015 packet_info *pinfo, proto_tree *parent_tree,
2019 proto_item *item=NULL;
2020 proto_tree *tree=NULL;
2021 int old_offset=offset;
2024 di=pinfo->private_data;
2027 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2029 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2032 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2033 hf_samr_count, &count);
2034 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2035 samr_dissect_INDEX_ARRAY_value, NDR_POINTER_UNIQUE,
2038 proto_item_set_len(item, offset-old_offset);
2044 samr_dissect_get_alias_membership_rqst(tvbuff_t *tvb, int offset,
2045 packet_info *pinfo, proto_tree *tree,
2048 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
2050 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2051 samr_dissect_PSID_ARRAY, NDR_POINTER_REF,
2057 samr_dissect_get_alias_membership_reply(tvbuff_t *tvb, int offset,
2058 packet_info *pinfo, proto_tree *tree,
2061 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2062 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
2064 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2071 samr_dissect_IDX_AND_NAME(tvbuff_t *tvb, int offset,
2072 packet_info *pinfo, proto_tree *parent_tree,
2075 proto_item *item=NULL;
2076 proto_tree *tree=NULL;
2077 int old_offset=offset;
2080 di=pinfo->private_data;
2083 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2085 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2088 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2089 hf_samr_index, NULL);
2090 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
2091 tree, drep, di->hf_index);
2093 proto_item_set_len(item, offset-old_offset);
2098 samr_dissect_IDX_AND_NAME_entry (tvbuff_t *tvb, int offset,
2099 packet_info *pinfo, proto_tree *tree,
2102 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2103 samr_dissect_IDX_AND_NAME);
2110 samr_dissect_IDX_AND_NAME_ARRAY(tvbuff_t *tvb, int offset,
2111 packet_info *pinfo, proto_tree *parent_tree,
2115 proto_item *item=NULL;
2116 proto_tree *tree=NULL;
2117 int old_offset=offset;
2120 di=pinfo->private_data;
2123 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2124 "IDX_AND_NAME Array");
2125 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2129 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2130 hf_samr_count, &count);
2131 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2132 samr_dissect_IDX_AND_NAME_entry, NDR_POINTER_UNIQUE,
2135 proto_item_set_len(item, offset-old_offset);
2140 samr_dissect_IDX_AND_NAME_ARRAY_ptr(tvbuff_t *tvb, int offset,
2141 packet_info *pinfo, proto_tree *tree,
2144 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2145 samr_dissect_IDX_AND_NAME_ARRAY, NDR_POINTER_UNIQUE,
2151 samr_dissect_enum_domains_rqst(tvbuff_t *tvb, int offset,
2152 packet_info *pinfo, proto_tree *tree,
2155 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
2157 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2158 samr_dissect_pointer_long, NDR_POINTER_REF,
2159 hf_samr_resume_hnd);
2160 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2161 hf_samr_pref_maxsize, NULL);
2166 samr_dissect_enum_domains_reply(tvbuff_t *tvb, int offset,
2167 packet_info *pinfo, proto_tree *tree,
2170 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2171 samr_dissect_pointer_long, NDR_POINTER_REF,
2172 hf_samr_resume_hnd);
2173 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2174 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2176 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2177 samr_dissect_pointer_long, NDR_POINTER_REF,
2179 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2185 samr_dissect_enum_dom_groups_rqst(tvbuff_t *tvb, int offset,
2186 packet_info *pinfo, proto_tree *tree,
2189 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
2191 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2192 samr_dissect_pointer_long, NDR_POINTER_REF,
2193 hf_samr_resume_hnd);
2194 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2195 hf_samr_mask, NULL);
2196 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2197 hf_samr_pref_maxsize, NULL);
2202 samr_dissect_enum_dom_groups_reply(tvbuff_t *tvb, int offset,
2203 packet_info *pinfo, proto_tree *tree,
2206 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2207 samr_dissect_pointer_long, NDR_POINTER_REF,
2208 hf_samr_resume_hnd);
2209 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2210 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2212 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2213 samr_dissect_pointer_long, NDR_POINTER_REF,
2215 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2221 samr_dissect_enum_dom_alias_reply(tvbuff_t *tvb, int offset,
2222 packet_info *pinfo, proto_tree *tree,
2225 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2226 samr_dissect_pointer_long, NDR_POINTER_REF,
2227 hf_samr_resume_hnd);
2228 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2229 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2231 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2232 samr_dissect_pointer_long, NDR_POINTER_REF,
2234 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2240 samr_dissect_get_members_in_alias_reply(tvbuff_t *tvb, int offset,
2241 packet_info *pinfo, proto_tree *tree,
2244 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2245 samr_dissect_PSID_ARRAY, NDR_POINTER_REF,
2247 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2254 samr_dissect_LOGON_HOURS_entry(tvbuff_t *tvb, int offset,
2255 packet_info *pinfo, proto_tree *tree,
2258 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2259 hf_samr_unknown_char, NULL);
2264 samr_dissect_LOGON_HOURS_hours(tvbuff_t *tvb, int offset,
2265 packet_info *pinfo, proto_tree *parent_tree,
2268 proto_item *item=NULL;
2269 proto_tree *tree=NULL;
2270 int old_offset=offset;
2273 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2275 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2278 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
2279 samr_dissect_LOGON_HOURS_entry);
2281 proto_item_set_len(item, offset-old_offset);
2288 samr_dissect_LOGON_HOURS(tvbuff_t *tvb, int offset,
2289 packet_info *pinfo, proto_tree *parent_tree,
2292 proto_item *item=NULL;
2293 proto_tree *tree=NULL;
2294 int old_offset=offset;
2297 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2299 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2302 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2303 hf_samr_divisions, NULL);
2304 /* XXX - is this a bitmask like the "logon hours" field in the
2305 Remote API call "NetUserGetInfo()" with an information level
2307 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2308 samr_dissect_LOGON_HOURS_hours, NDR_POINTER_UNIQUE,
2311 proto_item_set_len(item, offset-old_offset);
2317 samr_dissect_USER_INFO_1(tvbuff_t *tvb, int offset,
2318 packet_info *pinfo, proto_tree *parent_tree,
2321 proto_item *item=NULL;
2322 proto_tree *tree=NULL;
2323 int old_offset=offset;
2326 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2328 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2331 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2333 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2335 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2336 hf_samr_acct_ctrl, NULL);
2337 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2339 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2342 proto_item_set_len(item, offset-old_offset);
2347 samr_dissect_USER_INFO_2(tvbuff_t *tvb, int offset,
2348 packet_info *pinfo, proto_tree *parent_tree,
2351 proto_item *item=NULL;
2352 proto_tree *tree=NULL;
2353 int old_offset=offset;
2356 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2358 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2361 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2363 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2365 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2366 hf_samr_bad_pwd_count, NULL);
2367 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2368 hf_samr_logon_count, NULL);
2370 proto_item_set_len(item, offset-old_offset);
2375 samr_dissect_USER_INFO_3(tvbuff_t *tvb, int offset,
2376 packet_info *pinfo, proto_tree *parent_tree,
2379 proto_item *item=NULL;
2380 proto_tree *tree=NULL;
2381 int old_offset=offset;
2384 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2386 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2389 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2391 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2393 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2395 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2396 hf_samr_group, NULL);
2397 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2399 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2400 hf_samr_home_drive);
2401 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2403 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2405 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2406 hf_samr_workstations);
2407 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2408 hf_samr_logon_time);
2409 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2410 hf_samr_logoff_time);
2411 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2412 hf_samr_pwd_last_set_time);
2413 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2414 hf_samr_pwd_can_change_time);
2415 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2416 hf_samr_pwd_must_change_time);
2417 offset = samr_dissect_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2418 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2419 hf_samr_logon_count, NULL);
2420 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2421 hf_samr_bad_pwd_count, NULL);
2422 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2423 hf_samr_acct_ctrl, NULL);
2425 proto_item_set_len(item, offset-old_offset);
2430 samr_dissect_USER_INFO_5(tvbuff_t *tvb, int offset,
2431 packet_info *pinfo, proto_tree *parent_tree,
2434 proto_item *item=NULL;
2435 proto_tree *tree=NULL;
2436 int old_offset=offset;
2439 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2441 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2444 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2446 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2448 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2450 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2451 hf_samr_group, NULL);
2452 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2453 hf_samr_country, NULL);
2454 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2455 hf_samr_codepage, NULL);
2456 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2458 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2459 hf_samr_home_drive);
2460 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2462 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2464 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2465 hf_samr_workstations);
2466 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2467 hf_samr_logon_time);
2468 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2469 hf_samr_logoff_time);
2470 offset = samr_dissect_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2471 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2472 hf_samr_bad_pwd_count, NULL);
2473 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2474 hf_samr_logon_count, NULL);
2475 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2476 hf_samr_pwd_last_set_time);
2477 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2478 hf_samr_acct_expiry_time);
2479 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2480 hf_samr_acct_ctrl, NULL);
2482 proto_item_set_len(item, offset-old_offset);
2487 samr_dissect_USER_INFO_6(tvbuff_t *tvb, int offset,
2488 packet_info *pinfo, proto_tree *parent_tree,
2491 proto_item *item=NULL;
2492 proto_tree *tree=NULL;
2493 int old_offset=offset;
2496 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2498 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2501 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2503 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2506 proto_item_set_len(item, offset-old_offset);
2511 samr_dissect_USER_INFO_18(tvbuff_t *tvb, int offset,
2512 packet_info *pinfo, proto_tree *parent_tree,
2515 proto_item *item=NULL;
2516 proto_tree *tree=NULL;
2517 int old_offset=offset;
2520 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2522 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2525 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
2526 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
2527 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2528 hf_samr_unknown_char, NULL);
2529 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2530 hf_samr_unknown_char, NULL);
2531 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2532 hf_samr_unknown_char, NULL);
2534 proto_item_set_len(item, offset-old_offset);
2539 samr_dissect_USER_INFO_19(tvbuff_t *tvb, int offset,
2540 packet_info *pinfo, proto_tree *parent_tree,
2543 proto_item *item=NULL;
2544 proto_tree *tree=NULL;
2545 int old_offset=offset;
2548 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2550 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2553 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2554 hf_samr_acct_ctrl, NULL);
2555 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2556 hf_samr_logon_time);
2557 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2558 hf_samr_logoff_time);
2559 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2560 hf_samr_bad_pwd_count, NULL);
2561 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2562 hf_samr_logon_count, NULL);
2564 proto_item_set_len(item, offset-old_offset);
2569 samr_dissect_BUFFER_entry(tvbuff_t *tvb, int offset,
2570 packet_info *pinfo, proto_tree *tree,
2573 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2574 hf_samr_unknown_char, NULL);
2580 samr_dissect_BUFFER_buffer(tvbuff_t *tvb, int offset,
2581 packet_info *pinfo, proto_tree *parent_tree,
2584 proto_item *item=NULL;
2585 proto_tree *tree=NULL;
2586 int old_offset=offset;
2589 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2591 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2594 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2595 samr_dissect_BUFFER_entry);
2597 proto_item_set_len(item, offset-old_offset);
2604 samr_dissect_BUFFER(tvbuff_t *tvb, int offset,
2605 packet_info *pinfo, proto_tree *parent_tree,
2608 proto_item *item=NULL;
2609 proto_tree *tree=NULL;
2610 int old_offset=offset;
2613 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2615 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2617 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2618 hf_samr_count, NULL);
2619 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2620 samr_dissect_BUFFER_buffer, NDR_POINTER_UNIQUE,
2623 proto_item_set_len(item, offset-old_offset);
2628 samr_dissect_BUFFER_ptr(tvbuff_t *tvb, int offset,
2629 packet_info *pinfo, proto_tree *tree,
2632 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2633 samr_dissect_BUFFER, NDR_POINTER_UNIQUE,
2639 samr_dissect_USER_INFO_21(tvbuff_t *tvb, int offset,
2640 packet_info *pinfo, proto_tree *parent_tree,
2643 proto_item *item=NULL;
2644 proto_tree *tree=NULL;
2645 int old_offset=offset;
2648 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2650 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2653 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2654 hf_samr_logon_time);
2655 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2656 hf_samr_logoff_time);
2657 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2658 hf_samr_kickoff_time);
2659 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2660 hf_samr_pwd_last_set_time);
2661 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2662 hf_samr_pwd_can_change_time);
2663 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2664 hf_samr_pwd_must_change_time);
2665 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2667 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2669 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2671 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2672 hf_samr_home_drive);
2673 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2675 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2677 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2679 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2680 hf_samr_workstations);
2681 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2683 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2684 hf_samr_parameters);
2685 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2686 hf_samr_unknown_string);
2687 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2688 hf_samr_unknown_string);
2689 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2690 hf_samr_unknown_string);
2691 offset = samr_dissect_BUFFER(tvb, offset, pinfo, tree, drep);
2692 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2694 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2695 hf_samr_group, NULL);
2696 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2697 hf_samr_acct_ctrl, NULL);
2698 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2699 hf_samr_unknown_long, NULL);
2700 offset = samr_dissect_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2701 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2702 hf_samr_bad_pwd_count, NULL);
2703 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2704 hf_samr_logon_count, NULL);
2705 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2706 hf_samr_country, NULL);
2707 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2708 hf_samr_codepage, NULL);
2709 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2710 hf_samr_nt_pwd_set, NULL);
2711 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2712 hf_samr_lm_pwd_set, NULL);
2713 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2714 hf_samr_pwd_expired, NULL);
2715 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2716 hf_samr_unknown_char, NULL);
2718 proto_item_set_len(item, offset-old_offset);
2723 samr_dissect_USER_INFO_22(tvbuff_t *tvb, int offset,
2724 packet_info *pinfo, proto_tree *parent_tree,
2727 proto_item *item=NULL;
2728 proto_tree *tree=NULL;
2729 int old_offset=offset;
2732 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2734 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2737 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
2738 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2739 hf_samr_revision, NULL);
2741 proto_item_set_len(item, offset-old_offset);
2746 samr_dissect_USER_INFO_23(tvbuff_t *tvb, int offset,
2747 packet_info *pinfo, proto_tree *parent_tree,
2750 proto_item *item=NULL;
2751 proto_tree *tree=NULL;
2752 int old_offset=offset;
2755 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2757 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2760 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
2761 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
2763 proto_item_set_len(item, offset-old_offset);
2768 samr_dissect_USER_INFO_24(tvbuff_t *tvb, int offset,
2769 packet_info *pinfo, proto_tree *parent_tree,
2772 proto_item *item=NULL;
2773 proto_tree *tree=NULL;
2774 int old_offset=offset;
2777 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2779 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2782 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
2783 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2784 hf_samr_unknown_char, NULL);
2786 proto_item_set_len(item, offset-old_offset);
2791 samr_dissect_USER_INFO (tvbuff_t *tvb, int offset,
2792 packet_info *pinfo, proto_tree *parent_tree,
2795 proto_item *item=NULL;
2796 proto_tree *tree=NULL;
2797 int old_offset=offset;
2801 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2803 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2805 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2806 hf_samr_level, &level);
2810 offset = samr_dissect_USER_INFO_1(
2811 tvb, offset, pinfo, tree, drep);
2814 offset = samr_dissect_USER_INFO_2(
2815 tvb, offset, pinfo, tree, drep);
2818 offset = samr_dissect_USER_INFO_3(
2819 tvb, offset, pinfo, tree, drep);
2822 offset = samr_dissect_LOGON_HOURS(
2823 tvb, offset, pinfo, tree, drep);
2826 offset = samr_dissect_USER_INFO_5(
2827 tvb, offset, pinfo, tree, drep);
2830 offset = samr_dissect_USER_INFO_6(
2831 tvb, offset, pinfo, tree, drep);
2834 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2838 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2842 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2843 hf_samr_unknown_long, NULL);
2846 offset = samr_dissect_USER_INFO_6(
2847 tvb, offset, pinfo, tree, drep);
2850 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2854 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2855 hf_samr_home_drive);
2858 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2862 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2863 hf_samr_workstations);
2866 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2867 hf_samr_unknown_long, NULL);
2870 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2871 hf_samr_unknown_time);
2874 offset = samr_dissect_USER_INFO_18(
2875 tvb, offset, pinfo, tree, drep);
2878 offset = samr_dissect_USER_INFO_19(
2879 tvb, offset, pinfo, tree, drep);
2882 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2886 offset = samr_dissect_USER_INFO_21(
2887 tvb, offset, pinfo, tree, drep);
2890 offset = samr_dissect_USER_INFO_22(
2891 tvb, offset, pinfo, tree, drep);
2894 offset = samr_dissect_USER_INFO_23(
2895 tvb, offset, pinfo, tree, drep);
2898 offset = samr_dissect_USER_INFO_24(
2899 tvb, offset, pinfo, tree, drep);
2903 proto_item_set_len(item, offset-old_offset);
2908 samr_dissect_USER_INFO_ptr(tvbuff_t *tvb, int offset,
2909 packet_info *pinfo, proto_tree *tree,
2912 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2913 samr_dissect_USER_INFO, NDR_POINTER_UNIQUE,
2919 samr_dissect_set_information_user2_rqst(tvbuff_t *tvb, int offset,
2920 packet_info *pinfo, proto_tree *tree,
2923 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
2925 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2926 hf_samr_level, NULL);
2927 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2928 samr_dissect_USER_INFO, NDR_POINTER_REF,
2935 samr_dissect_query_userinfo_reply(tvbuff_t *tvb, int offset,
2936 packet_info *pinfo, proto_tree *tree,
2939 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2940 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
2942 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2949 samr_dissect_MEMBER_ARRAY_type(tvbuff_t *tvb, int offset,
2950 packet_info *pinfo, proto_tree *tree,
2953 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2954 hf_samr_type, NULL);
2961 samr_dissect_MEMBER_ARRAY_types(tvbuff_t *tvb, int offset,
2962 packet_info *pinfo, proto_tree *parent_tree,
2965 proto_item *item=NULL;
2966 proto_tree *tree=NULL;
2967 int old_offset=offset;
2970 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2972 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
2975 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2976 samr_dissect_MEMBER_ARRAY_type);
2978 proto_item_set_len(item, offset-old_offset);
2985 samr_dissect_MEMBER_ARRAY_rid(tvbuff_t *tvb, int offset,
2986 packet_info *pinfo, proto_tree *tree,
2989 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2997 samr_dissect_MEMBER_ARRAY_rids(tvbuff_t *tvb, int offset,
2998 packet_info *pinfo, proto_tree *parent_tree,
3001 proto_item *item=NULL;
3002 proto_tree *tree=NULL;
3003 int old_offset=offset;
3006 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
3008 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
3011 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3012 samr_dissect_MEMBER_ARRAY_rid);
3014 proto_item_set_len(item, offset-old_offset);
3021 samr_dissect_MEMBER_ARRAY(tvbuff_t *tvb, int offset,
3022 packet_info *pinfo, proto_tree *parent_tree,
3026 proto_item *item=NULL;
3027 proto_tree *tree=NULL;
3028 int old_offset=offset;
3031 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
3033 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
3036 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3037 hf_samr_count, &count);
3038 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3039 samr_dissect_MEMBER_ARRAY_rids, NDR_POINTER_UNIQUE,
3041 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3042 samr_dissect_MEMBER_ARRAY_types, NDR_POINTER_UNIQUE,
3045 proto_item_set_len(item, offset-old_offset);
3050 samr_dissect_MEMBER_ARRAY_ptr(tvbuff_t *tvb, int offset,
3051 packet_info *pinfo, proto_tree *tree,
3054 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3055 samr_dissect_MEMBER_ARRAY, NDR_POINTER_UNIQUE,
3061 samr_dissect_query_groupmem_reply(tvbuff_t *tvb, int offset,
3062 packet_info *pinfo, proto_tree *tree,
3065 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3066 samr_dissect_MEMBER_ARRAY_ptr, NDR_POINTER_REF,
3068 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3075 samr_dissect_set_sec_object_rqst(tvbuff_t *tvb, int offset,
3076 packet_info *pinfo, proto_tree *tree,
3079 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3081 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3082 hf_samr_info_type, NULL);
3083 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3084 samr_dissect_BUFFER, NDR_POINTER_REF,
3091 samr_dissect_query_sec_object_rqst(tvbuff_t *tvb, int offset,
3092 packet_info *pinfo, proto_tree *tree,
3095 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3097 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3098 hf_samr_info_type, NULL);
3104 samr_dissect_query_sec_object_reply(tvbuff_t *tvb, int offset,
3105 packet_info *pinfo, proto_tree *tree,
3108 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3109 samr_dissect_BUFFER_ptr, NDR_POINTER_REF,
3111 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3119 samr_dissect_LOOKUP_NAMES_name(tvbuff_t *tvb, int offset,
3120 packet_info *pinfo, proto_tree *tree,
3123 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3129 samr_dissect_LOOKUP_NAMES(tvbuff_t *tvb, int offset,
3130 packet_info *pinfo, proto_tree *parent_tree,
3133 proto_item *item=NULL;
3134 proto_tree *tree=NULL;
3135 int old_offset=offset;
3138 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
3140 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
3143 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3144 samr_dissect_LOOKUP_NAMES_name);
3146 proto_item_set_len(item, offset-old_offset);
3152 samr_dissect_lookup_names_rqst(tvbuff_t *tvb, int offset,
3153 packet_info *pinfo, proto_tree *tree,
3156 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3158 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3159 hf_samr_count, NULL);
3160 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3161 samr_dissect_LOOKUP_NAMES, NDR_POINTER_REF,
3168 samr_dissect_lookup_names_reply(tvbuff_t *tvb, int offset,
3169 packet_info *pinfo, proto_tree *tree,
3172 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3173 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3175 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3176 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3178 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3185 samr_dissect_LOOKUP_RIDS_rid(tvbuff_t *tvb, int offset,
3186 packet_info *pinfo, proto_tree *tree,
3189 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3196 samr_dissect_LOOKUP_RIDS(tvbuff_t *tvb, int offset,
3197 packet_info *pinfo, proto_tree *parent_tree,
3200 proto_item *item=NULL;
3201 proto_tree *tree=NULL;
3202 int old_offset=offset;
3205 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
3207 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
3210 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3211 samr_dissect_LOOKUP_RIDS_rid);
3213 proto_item_set_len(item, offset-old_offset);
3219 samr_dissect_lookup_rids_rqst(tvbuff_t *tvb, int offset,
3220 packet_info *pinfo, proto_tree *tree,
3223 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3225 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3226 hf_samr_count, NULL);
3227 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3228 samr_dissect_LOOKUP_RIDS, NDR_POINTER_REF,
3235 samr_dissect_UNICODE_STRING_ARRAY_name(tvbuff_t *tvb, int offset,
3236 packet_info *pinfo, proto_tree *tree,
3239 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3245 samr_dissect_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
3246 packet_info *pinfo, proto_tree *parent_tree,
3249 proto_item *item=NULL;
3250 proto_tree *tree=NULL;
3251 int old_offset=offset;
3254 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
3256 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
3259 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3260 hf_samr_count, NULL);
3262 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3263 samr_dissect_UNICODE_STRING_ARRAY_name);
3265 proto_item_set_len(item, offset-old_offset);
3273 samr_dissect_lookup_rids_reply(tvbuff_t *tvb, int offset,
3274 packet_info *pinfo, proto_tree *tree,
3277 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3278 samr_dissect_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
3280 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3281 samr_dissect_MEMBER_ARRAY_types, NDR_POINTER_REF,
3283 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3291 static dcerpc_sub_dissector dcerpc_samr_dissectors[] = {
3292 { SAMR_CONNECT_ANON, "CONNECT_ANON",
3293 samr_dissect_connect2_rqst,
3294 samr_dissect_context_handle_reply },
3295 { SAMR_CLOSE_HND, "CLOSE_HND",
3296 samr_dissect_context_handle,
3297 samr_dissect_context_handle_reply },
3298 { SAMR_SET_SEC_OBJECT, "SET_SEC_OBJECT",
3299 samr_dissect_set_sec_object_rqst,
3301 { SAMR_QUERY_SEC_OBJECT, "QUERY_SEC_OBJECT",
3302 samr_dissect_query_sec_object_rqst,
3303 samr_dissect_query_sec_object_reply },
3304 { SAMR_SHUTDOWN_SAM_SERVER, "SHUTDOWN_SAM_SERVER",
3305 samr_dissect_context_handle,
3307 { SAMR_LOOKUP_DOMAIN, "LOOKUP_DOMAIN",
3308 samr_dissect_get_domain_password_information_rqst,
3309 samr_dissect_lookup_domain_reply },
3310 { SAMR_ENUM_DOMAINS, "ENUM_DOMAINS",
3311 samr_dissect_enum_domains_rqst,
3312 samr_dissect_enum_domains_reply },
3313 { SAMR_OPEN_DOMAIN, "OPEN_DOMAIN",
3314 samr_dissect_open_domain_rqst,
3315 samr_dissect_open_domain_reply },
3316 { SAMR_QUERY_DOMAIN_INFO, "QUERY_INFORMATION_DOMAIN",
3317 samr_dissect_query_information_alias_rqst,
3318 samr_dissect_query_information_domain_reply },
3319 { SAMR_SET_DOMAIN_INFO, "SET_INFORMATION_DOMAIN",
3320 samr_dissect_set_information_domain_rqst,
3322 { SAMR_CREATE_DOM_GROUP, "CREATE_GROUP_IN_DOMAIN",
3323 samr_dissect_create_alias_in_domain_rqst,
3324 samr_dissect_create_alias_in_domain_reply },
3325 { SAMR_ENUM_DOM_GROUPS, "ENUM_DOM_GROUPS",
3326 samr_dissect_enum_dom_groups_rqst,
3327 samr_dissect_enum_dom_groups_reply },
3328 { SAMR_CREATE_USER_IN_DOMAIN, "CREATE_USER_IN_DOMAIN",
3329 samr_dissect_create_alias_in_domain_rqst,
3330 samr_dissect_create_alias_in_domain_reply },
3331 { SAMR_ENUM_DOM_USERS, "ENUM_DOM_USERS",
3332 samr_dissect_enum_dom_groups_rqst,
3333 samr_dissect_enum_dom_groups_reply },
3334 { SAMR_CREATE_DOM_ALIAS, "CREATE_ALIAS_IN_DOMAIN",
3335 samr_dissect_create_alias_in_domain_rqst,
3336 samr_dissect_create_alias_in_domain_reply },
3337 { SAMR_ENUM_DOM_ALIASES, "ENUM_DOM_ALIASES",
3338 samr_dissect_enum_dom_groups_rqst,
3339 samr_dissect_enum_dom_alias_reply },
3340 { SAMR_GET_ALIAS_MEMBERSHIP, "GET_ALIAS_MEMBERSHIP",
3341 samr_dissect_get_alias_membership_rqst,
3342 samr_dissect_get_alias_membership_reply },
3343 { SAMR_LOOKUP_NAMES, "LOOKUP_NAMES",
3344 samr_dissect_lookup_names_rqst,
3345 samr_dissect_lookup_names_reply },
3346 { SAMR_LOOKUP_RIDS, "LOOKUP_RIDS",
3347 samr_dissect_lookup_rids_rqst,
3348 samr_dissect_lookup_rids_reply },
3349 { SAMR_OPEN_GROUP, "OPEN_GROUP",
3350 samr_dissect_open_user_rqst,
3351 samr_dissect_context_handle_reply },
3352 { SAMR_QUERY_GROUPINFO, "QUERY_INFORMATION_GROUP",
3353 samr_dissect_query_information_group_rqst,
3354 samr_dissect_query_information_group_reply },
3355 { SAMR_SET_GROUPINFO, "SET_INFORMATION_GROUP",
3356 samr_dissect_set_information_group_rqst,
3358 { SAMR_ADD_GROUPMEM, "ADD_MEMBER_TO_GROUP",
3359 samr_dissect_add_member_to_group_rqst,
3361 { SAMR_DELETE_DOM_GROUP, "DELETE_DOM_GROUP",
3362 samr_dissect_context_handle,
3364 { SAMR_DEL_GROUPMEM, "REMOVE_MEMBER_FROM_GROUP",
3365 samr_dissect_add_member_to_group_rqst,
3367 { SAMR_QUERY_GROUPMEM, "QUERY_GROUPMEM",
3368 samr_dissect_context_handle,
3369 samr_dissect_query_groupmem_reply },
3370 { SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SET_MEMBER_ATTRIBUTES_OF_GROUP",
3371 samr_dissect_set_member_attributes_of_group_rqst,
3373 { SAMR_OPEN_ALIAS, "OPEN_ALIAS",
3374 samr_dissect_open_user_rqst,
3375 samr_dissect_context_handle_reply },
3376 { SAMR_QUERY_ALIASINFO, "QUERY_INFORMATION_ALIAS",
3377 samr_dissect_query_information_alias_rqst,
3378 samr_dissect_query_information_alias_reply },
3379 { SAMR_SET_ALIASINFO, "SET_INFORMATION_ALIAS",
3380 samr_dissect_set_information_alias_rqst,
3382 { SAMR_DELETE_DOM_ALIAS, "DELETE_DOM_ALIAS",
3383 samr_dissect_context_handle,
3385 { SAMR_ADD_ALIASMEM, "ADD_MEMBER_TO_ALIAS",
3386 samr_dissect_context_handle_SID,
3388 { SAMR_DEL_ALIASMEM, "REMOVE_MEMBER_FROM_ALIAS",
3389 samr_dissect_context_handle_SID,
3391 { SAMR_GET_MEMBERS_IN_ALIAS, "GET_MEMBERS_IN_ALIAS",
3392 samr_dissect_context_handle,
3393 samr_dissect_get_members_in_alias_reply },
3394 { SAMR_OPEN_USER, "OPEN_USER",
3395 samr_dissect_open_user_rqst,
3396 samr_dissect_context_handle_reply },
3397 { SAMR_DELETE_DOM_USER, "DELETE_DOM_USER",
3398 samr_dissect_context_handle,
3400 { SAMR_QUERY_USERINFO, "QUERY_USERINFO",
3401 samr_dissect_query_information_alias_rqst,
3402 samr_dissect_query_userinfo_reply },
3403 { SAMR_SET_USERINFO2, "SET_USERINFO2",
3404 samr_dissect_set_information_user2_rqst,
3406 { SAMR_CHANGE_PASSWORD_USER, "CHANGE_PASSWORD_USER",
3407 samr_dissect_change_password_user_rqst,
3409 { SAMR_GET_GROUPS_FOR_USER, "GET_GROUPS_FOR_USER",
3410 samr_dissect_context_handle,
3411 samr_dissect_get_groups_for_user_reply },
3412 { SAMR_QUERY_DISPINFO, "QUERY_DISPINFO",
3413 samr_dissect_query_dispinfo_rqst,
3414 samr_dissect_query_dispinfo_reply },
3415 { SAMR_GET_DISPLAY_ENUMERATION_INDEX, "GET_DISPLAY_ENUMERATION_INDEX",
3416 samr_dissect_get_display_enumeration_index_rqst,
3417 samr_dissect_get_display_enumeration_index_reply },
3418 { SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "TEST_PRIVATE_FUNCTIONS_DOMAIN",
3419 samr_dissect_context_handle,
3421 { SAMR_TEST_PRIVATE_FUNCTIONS_USER, "TEST_PRIVATE_FUNCTIONS_USER",
3422 samr_dissect_context_handle,
3424 { SAMR_GET_USRDOM_PWINFO, "GET_USRDOM_PWINFO",
3425 samr_dissect_context_handle,
3426 samr_dissect_get_usrdom_pwinfo_reply },
3427 { SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "REMOVE_MEMBER_FROM_FOREIGN_DOMAIN",
3428 samr_dissect_context_handle_SID,
3430 { SAMR_QUERY_INFORMATION_DOMAIN2, "QUERY_INFORMATION_DOMAIN2",
3431 samr_dissect_query_information_alias_rqst,
3432 samr_dissect_query_information_domain_reply },
3433 { SAMR_UNKNOWN_2f, "UNKNOWN_2f",
3434 samr_dissect_query_information_alias_rqst,
3435 samr_dissect_query_userinfo_reply },
3436 { SAMR_QUERY_DISPINFO2, "QUERY_INFORMATION_DISPLAY2",
3437 samr_dissect_query_dispinfo_rqst,
3438 samr_dissect_query_dispinfo_reply },
3439 { SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "GET_DISPLAY_ENUMERATION_INDEX2",
3440 samr_dissect_get_display_enumeration_index2_rqst,
3441 samr_dissect_get_display_enumeration_index2_reply },
3442 { SAMR_CREATE_USER2_IN_DOMAIN, "CREATE_USER2_IN_DOMAIN",
3443 samr_dissect_create_user2_in_domain_rqst,
3444 samr_dissect_create_user2_in_domain_reply },
3445 { SAMR_QUERY_DISPINFO3, "QUERY_INFORMATION_DISPLAY3",
3446 samr_dissect_query_dispinfo_rqst,
3447 samr_dissect_query_dispinfo_reply },
3448 { SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "ADD_MULTIPLE_MEMBERS_TO_ALIAS",
3449 samr_dissect_get_alias_membership_rqst,
3451 { SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS",
3452 samr_dissect_get_alias_membership_rqst,
3454 { SAMR_OEM_CHANGE_PASSWORD_USER2, "OEM_CHANGE_PASSWORD_USER2",
3455 samr_dissect_oem_change_password_user2_rqst,
3457 { SAMR_UNICODE_CHANGE_PASSWORD_USER2, "UNICODE_CHANGE_PASSWORD_USER2",
3458 samr_dissect_unicode_change_password_user2_rqst,
3460 { SAMR_GET_DOM_PWINFO, "GET_DOMAIN_PASSWORD_INFORMATION",
3461 samr_dissect_get_domain_password_information_rqst,
3462 samr_dissect_get_usrdom_pwinfo_reply },
3463 { SAMR_CONNECT2, "CONNECT2",
3464 samr_dissect_connect2_rqst,
3465 samr_dissect_connect2_reply },
3466 { SAMR_SET_USERINFO, "SET_USERINFO",
3467 samr_dissect_set_information_user2_rqst,
3469 { SAMR_UNKNOWN_3B, "UNKNOWN_3B",
3470 samr_dissect_unknown_3b_rqst,
3472 { SAMR_UNKNOWN_3C, "SAMR_UNKNOWN_3C",
3473 samr_dissect_context_handle,
3474 samr_dissect_unknown_3c_reply },
3475 {0, NULL, NULL, NULL },
3479 proto_register_dcerpc_samr(void)
3481 static hf_register_info hf[] = {
3483 { "Context Handle", "samr.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }},
3485 { "Group", "samr.group", FT_UINT32, BASE_DEC, NULL, 0x0, "Group", HFILL }},
3487 { "Rid", "samr.rid", FT_UINT32, BASE_DEC, NULL, 0x0, "RID", HFILL }},
3489 { "Type", "samr.type", FT_UINT32, BASE_HEX, NULL, 0x0, "Type", HFILL }},
3491 { "Alias", "samr.alias", FT_UINT32, BASE_HEX, NULL, 0x0, "Alias", HFILL }},
3492 { &hf_samr_rid_attrib,
3493 { "Rid Attrib", "samr.rid.attrib", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
3495 { "Attributes", "samr.attr", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
3497 { "Return code", "samr.rc", FT_UINT32, BASE_HEX, VALS (NT_errors), 0x0, "", HFILL }},
3500 { "Level", "samr.level", FT_UINT16, BASE_DEC,
3501 NULL, 0x0, "Level requested/returned for Information", HFILL }},
3502 { &hf_samr_start_idx,
3503 { "Start Idx", "samr.start_idx", FT_UINT32, BASE_DEC,
3504 NULL, 0x0, "Start Index for returned Information", HFILL }},
3507 { "Entries", "samr.entries", FT_UINT32, BASE_DEC,
3508 NULL, 0x0, "Number of entries to return", HFILL }},
3510 { &hf_samr_max_entries,
3511 { "Max Entries", "samr.max_entries", FT_UINT32, BASE_DEC,
3512 NULL, 0x0, "Maximum number of entries", HFILL }},
3514 { &hf_samr_pref_maxsize,
3515 { "Pref MaxSize", "samr.pref_maxsize", FT_UINT32, BASE_DEC,
3516 NULL, 0x0, "Maximum Size of data to return", HFILL }},
3518 { &hf_samr_total_size,
3519 { "Total Size", "samr.total_size", FT_UINT32, BASE_DEC,
3520 NULL, 0x0, "Total size of data", HFILL }},
3522 { &hf_samr_bad_pwd_count,
3523 { "Bad Pwd Count", "samr.bad_pwd_count", FT_UINT16, BASE_DEC,
3524 NULL, 0x0, "Number of bad pwd entries for this user", HFILL }},
3526 { &hf_samr_logon_count,
3527 { "Logon Count", "samr.logon_count", FT_UINT16, BASE_DEC,
3528 NULL, 0x0, "Number of logons for this user", HFILL }},
3530 { &hf_samr_ret_size,
3531 { "Returned Size", "samr.ret_size", FT_UINT32, BASE_DEC,
3532 NULL, 0x0, "Number of returned objects in this PDU", HFILL }},
3535 { "Index", "samr.index", FT_UINT32, BASE_DEC,
3536 NULL, 0x0, "Index", HFILL }},
3538 { &hf_samr_acct_ctrl,
3539 { "Acct Ctrl", "samr.acct_ctrl", FT_UINT32, BASE_DEC,
3540 NULL, 0x0, "Acct CTRL", HFILL }},
3543 { "Count", "samr.count", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of elements in following array", HFILL }},
3545 { &hf_samr_acct_name,
3546 { "Account Name", "samr.acct_name", FT_STRING, BASE_NONE,
3547 NULL, 0, "Name of Account", HFILL }},
3550 { "Server", "samr.server", FT_STRING, BASE_NONE,
3551 NULL, 0, "Name of Server", HFILL }},
3554 { "Domain", "samr.domain", FT_STRING, BASE_NONE,
3555 NULL, 0, "Name of Domain", HFILL }},
3557 { &hf_samr_controller,
3558 { "DC", "samr.dc", FT_STRING, BASE_NONE,
3559 NULL, 0, "Name of Domain Controller", HFILL }},
3561 { &hf_samr_full_name,
3562 { "Full Name", "samr.full_name", FT_STRING, BASE_NONE,
3563 NULL, 0, "Full Name of Account", HFILL }},
3566 { "Home", "samr.home", FT_STRING, BASE_NONE,
3567 NULL, 0, "Home directory for this user", HFILL }},
3569 { &hf_samr_home_drive,
3570 { "Home Drive", "samr.home_drive", FT_STRING, BASE_NONE,
3571 NULL, 0, "Home drive for this user", HFILL }},
3574 { "Script", "samr.script", FT_STRING, BASE_NONE,
3575 NULL, 0, "Login script for this user", HFILL }},
3577 { &hf_samr_workstations,
3578 { "Workstations", "samr.workstations", FT_STRING, BASE_NONE,
3579 NULL, 0, "", HFILL }},
3582 { "Profile", "samr.profile", FT_STRING, BASE_NONE,
3583 NULL, 0, "Profile for this user", HFILL }},
3585 { &hf_samr_acct_desc,
3586 { "Account Desc", "samr.acct_desc", FT_STRING, BASE_NONE,
3587 NULL, 0, "Account Description", HFILL }},
3590 { "Comment", "samr.comment", FT_STRING, BASE_NONE,
3591 NULL, 0, "Comment", HFILL }},
3593 { &hf_samr_parameters,
3594 { "Parameters", "samr.parameters", FT_STRING, BASE_NONE,
3595 NULL, 0, "Parameters", HFILL }},
3597 { &hf_samr_unknown_string,
3598 { "Unknwon string", "samr.unknown_string", FT_STRING, BASE_NONE,
3599 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
3601 { &hf_samr_unknown_hyper,
3602 { "Unknown hyper", "samr.unknown.hyper", FT_UINT64, BASE_HEX,
3603 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
3604 { &hf_samr_unknown_long,
3605 { "Unknown long", "samr.unknown.long", FT_UINT32, BASE_HEX,
3606 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
3608 { &hf_samr_unknown_short,
3609 { "Unknown short", "samr.unknown.short", FT_UINT16, BASE_HEX,
3610 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
3612 { &hf_samr_unknown_char,
3613 { "Unknown char", "samr.unknown.char", FT_UINT8, BASE_HEX,
3614 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
3616 { &hf_samr_revision,
3617 { "Revision", "samr.revision", FT_UINT64, BASE_HEX,
3618 NULL, 0x0, "Revision number for this structure", HFILL }},
3620 { &hf_samr_nt_pwd_set,
3621 { "NT Pwd Set", "samr.nt_pwd_set", FT_UINT8, BASE_HEX,
3622 NULL, 0x0, "Flag indicating whether the NT password has been set", HFILL }},
3624 { &hf_samr_lm_pwd_set,
3625 { "LM Pwd Set", "samr.lm_pwd_set", FT_UINT8, BASE_HEX,
3626 NULL, 0x0, "Flag indicating whether the LanManager password has been set", HFILL }},
3628 { &hf_samr_pwd_expired,
3629 { "Expired flag", "samr.pwd_Expired", FT_UINT8, BASE_HEX,
3630 NULL, 0x0, "Flag indicating if the password for this account has expired or not", HFILL }},
3632 /* XXX - is this a standard NT access mask? */
3634 { "Access Mask", "samr.access", FT_UINT32, BASE_HEX,
3635 NULL, 0x0, "Access", HFILL }},
3638 { "Mask", "samr.mask", FT_UINT32, BASE_HEX,
3639 NULL, 0x0, "Mask", HFILL }},
3641 { &hf_samr_crypt_password, {
3642 "Password", "samr.crypt_password", FT_BYTES, BASE_HEX,
3643 NULL, 0, "Encrypted Password", HFILL }},
3645 { &hf_samr_crypt_hash, {
3646 "Hash", "samr.crypt_hash", FT_BYTES, BASE_HEX,
3647 NULL, 0, "Encrypted Hash", HFILL }},
3649 { &hf_samr_lm_change, {
3650 "LM Change", "samr.lm_change", FT_UINT8, BASE_HEX,
3651 NULL, 0, "LM Change value", HFILL }},
3653 { &hf_samr_max_pwd_age,
3654 { "Max Pwd Age", "samr.max_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
3655 NULL, 0, "Maximum Password Age before it expires", HFILL }},
3657 { &hf_samr_min_pwd_age,
3658 { "Min Pwd Age", "samr.min_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
3659 NULL, 0, "Minimum Password Age before it can be changed", HFILL }},
3660 { &hf_samr_unknown_time,
3661 { "Unknown time", "samr.unknown_time", FT_ABSOLUTE_TIME, BASE_NONE,
3662 NULL, 0, "Unknown NT TIME, contact ethereal developers if you know what this is", HFILL }},
3663 { &hf_samr_logon_time,
3664 { "Logon Time", "samr.logon_time", FT_ABSOLUTE_TIME, BASE_NONE,
3665 NULL, 0, "Time for last time this user logged on", HFILL }},
3666 { &hf_samr_kickoff_time,
3667 { "Kickoff Time", "samr.kickoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
3668 NULL, 0, "Time when this user will be kicked off", HFILL }},
3669 { &hf_samr_logoff_time,
3670 { "Logoff Time", "samr.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
3671 NULL, 0, "Time for last time this user logged off", HFILL }},
3672 { &hf_samr_pwd_last_set_time,
3673 { "PWD Last Set", "samr.pwd_last_set_time", FT_ABSOLUTE_TIME, BASE_NONE,
3674 NULL, 0, "Last time this users password was changed", HFILL }},
3675 { &hf_samr_pwd_can_change_time,
3676 { "PWD Can Change", "samr.pwd_can_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
3677 NULL, 0, "When this users password may be changed", HFILL }},
3678 { &hf_samr_pwd_must_change_time,
3679 { "PWD Must Change", "samr.pwd_must_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
3680 NULL, 0, "When this users password must be changed", HFILL }},
3681 { &hf_samr_acct_expiry_time,
3682 { "Acct Expiry", "samr.acct_expiry_time", FT_ABSOLUTE_TIME, BASE_NONE,
3683 NULL, 0, "When this user account expires", HFILL }},
3685 { &hf_samr_min_pwd_len, {
3686 "Min Pwd Len", "samr.min_pwd_len", FT_UINT16, BASE_DEC,
3687 NULL, 0, "Minimum Password Length", HFILL }},
3688 { &hf_samr_pwd_history_len, {
3689 "Pwd History Len", "samr.pwd_history_len", FT_UINT16, BASE_DEC,
3690 NULL, 0, "Password History Length", HFILL }},
3691 { &hf_samr_num_users, {
3692 "Num Users", "samr.num_users", FT_UINT32, BASE_DEC,
3693 NULL, 0, "Number of users in this domain", HFILL }},
3694 { &hf_samr_num_groups, {
3695 "Num Groups", "samr.num_groups", FT_UINT32, BASE_DEC,
3696 NULL, 0, "Number of groups in this domain", HFILL }},
3697 { &hf_samr_num_aliases, {
3698 "Num Aliases", "samr.num_aliases", FT_UINT32, BASE_DEC,
3699 NULL, 0, "Number of aliases in this domain", HFILL }},
3700 { &hf_samr_info_type, {
3701 "Info Type", "samr.info_type", FT_UINT32, BASE_DEC,
3702 NULL, 0, "Information Type", HFILL }},
3703 { &hf_samr_resume_hnd, {
3704 "Resume Hnd", "samr.resume_hnd", FT_UINT32, BASE_DEC,
3705 NULL, 0, "Resume handle", HFILL }},
3706 { &hf_samr_country, {
3707 "Country", "samr.country", FT_UINT16, BASE_DEC,
3708 NULL, 0, "Country setting for this user", HFILL }},
3709 { &hf_samr_codepage, {
3710 "Codepage", "samr.codepage", FT_UINT16, BASE_DEC,
3711 NULL, 0, "Codepage setting for this user", HFILL }},
3712 { &hf_samr_divisions, {
3713 "Divisions", "samr.divisions", FT_UINT16, BASE_DEC,
3714 NULL, 0, "Number of divisions for LOGON_HOURS", HFILL }},
3717 /* these are used by packet-dcerpc-nt.c */
3718 { &hf_nt_string_length,
3719 { "Length", "nt.string.length", FT_UINT16, BASE_DEC,
3720 NULL, 0x0, "Length of string in bytes", HFILL }},
3722 { &hf_nt_string_size,
3723 { "Size", "nt.string.size", FT_UINT16, BASE_DEC,
3724 NULL, 0x0, "Size of string in bytes", HFILL }},
3727 { "Length", "nt.str.len", FT_UINT32, BASE_DEC,
3728 NULL, 0x0, "Length of string in short integers", HFILL }},
3731 { "Offset", "nt.str.offset", FT_UINT32, BASE_DEC,
3732 NULL, 0x0, "Offset into string in short integers", HFILL }},
3734 { &hf_nt_str_max_len,
3735 { "Max Length", "nt.str.max_len", FT_UINT32, BASE_DEC,
3736 NULL, 0x0, "Max Length of string in short integers", HFILL }},
3738 static gint *ett[] = {
3740 &ett_nt_unicode_string,
3741 &ett_samr_user_dispinfo_1,
3744 proto_dcerpc_samr = proto_register_protocol(
3745 "Microsoft Security Account Manager", "SAMR", "samr");
3747 proto_register_field_array (proto_dcerpc_samr, hf, array_length (hf));
3748 proto_register_subtree_array(ett, array_length(ett));
3752 proto_reg_handoff_dcerpc_samr(void)
3754 /* Register protocol as dcerpc */
3756 dcerpc_init_uuid(proto_dcerpc_samr, ett_dcerpc_samr, &uuid_dcerpc_samr,
3757 ver_dcerpc_samr, dcerpc_samr_dissectors);