1 /* packet-dcerpc-samr.c
2 * Routines for SMB \PIPE\samr packet disassembly
3 * Copyright 2001, Tim Potter <tpot@samba.org>
4 * 2002 Added all command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-samr.c,v 1.51 2002/07/16 22:50:45 guy Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #ifdef NEED_SNPRINTF_H
32 # include "snprintf.h"
36 #include <epan/packet.h>
38 #include "packet-dcerpc.h"
39 #include "packet-dcerpc-nt.h"
40 #include "packet-dcerpc-samr.h"
41 #include "packet-dcerpc-lsa.h"
42 #include "smb.h" /* for "NT_errors[]" */
43 #include "packet-smb-common.h"
45 static int proto_dcerpc_samr = -1;
47 static int hf_samr_opnum = -1;
48 static int hf_samr_hnd = -1;
49 static int hf_samr_group = -1;
50 static int hf_samr_rid = -1;
51 static int hf_samr_type = -1;
52 static int hf_samr_alias = -1;
53 static int hf_samr_rid_attrib = -1;
54 static int hf_samr_rc = -1;
55 static int hf_samr_index = -1;
56 static int hf_samr_count = -1;
58 static int hf_samr_level = -1;
59 static int hf_samr_start_idx = -1;
60 static int hf_samr_max_entries = -1;
61 static int hf_samr_entries = -1;
62 static int hf_samr_pref_maxsize = -1;
63 static int hf_samr_total_size = -1;
64 static int hf_samr_ret_size = -1;
65 static int hf_samr_alias_name = -1;
66 static int hf_samr_group_name = -1;
67 static int hf_samr_acct_name = -1;
68 static int hf_samr_full_name = -1;
69 static int hf_samr_acct_desc = -1;
70 static int hf_samr_home = -1;
71 static int hf_samr_home_drive = -1;
72 static int hf_samr_script = -1;
73 static int hf_samr_workstations = -1;
74 static int hf_samr_profile = -1;
75 static int hf_samr_server = -1;
76 static int hf_samr_domain = -1;
77 static int hf_samr_controller = -1;
78 static int hf_samr_access = -1;
79 static int hf_samr_mask = -1;
80 static int hf_samr_crypt_password = -1;
81 static int hf_samr_crypt_hash = -1;
82 static int hf_samr_lm_change = -1;
83 static int hf_samr_attrib = -1;
84 static int hf_samr_max_pwd_age = -1;
85 static int hf_samr_min_pwd_age = -1;
86 static int hf_samr_min_pwd_len = -1;
87 static int hf_samr_pwd_history_len = -1;
88 static int hf_samr_num_users = -1;
89 static int hf_samr_num_groups = -1;
90 static int hf_samr_num_aliases = -1;
91 static int hf_samr_resume_hnd = -1;
92 static int hf_samr_bad_pwd_count = -1;
93 static int hf_samr_logon_count = -1;
94 static int hf_samr_logon_time = -1;
95 static int hf_samr_logoff_time = -1;
96 static int hf_samr_kickoff_time = -1;
97 static int hf_samr_pwd_last_set_time = -1;
98 static int hf_samr_pwd_can_change_time = -1;
99 static int hf_samr_pwd_must_change_time = -1;
100 static int hf_samr_acct_expiry_time = -1;
101 static int hf_samr_country = -1;
102 static int hf_samr_codepage = -1;
103 static int hf_samr_comment = -1;
104 static int hf_samr_parameters = -1;
105 static int hf_samr_nt_pwd_set = -1;
106 static int hf_samr_lm_pwd_set = -1;
107 static int hf_samr_pwd_expired = -1;
108 static int hf_samr_revision = -1;
109 static int hf_samr_divisions = -1;
110 static int hf_samr_info_type = -1;
112 static int hf_samr_unknown_hyper = -1;
113 static int hf_samr_unknown_long = -1;
114 static int hf_samr_unknown_short = -1;
115 static int hf_samr_unknown_char = -1;
116 static int hf_samr_unknown_string = -1;
117 static int hf_samr_unknown_time = -1;
119 /* these are used by functions in packet-dcerpc-nt.c */
120 int hf_nt_str_len = -1;
121 int hf_nt_str_off = -1;
122 int hf_nt_str_max_len = -1;
123 int hf_nt_string_length = -1;
124 int hf_nt_string_size = -1;
125 static int hf_nt_acct_ctrl = -1;
126 static int hf_nt_acb_disabled = -1;
127 static int hf_nt_acb_homedirreq = -1;
128 static int hf_nt_acb_pwnotreq = -1;
129 static int hf_nt_acb_tempdup = -1;
130 static int hf_nt_acb_normal = -1;
131 static int hf_nt_acb_mns = -1;
132 static int hf_nt_acb_domtrust = -1;
133 static int hf_nt_acb_wstrust = -1;
134 static int hf_nt_acb_svrtrust = -1;
135 static int hf_nt_acb_pwnoexp = -1;
136 static int hf_nt_acb_autolock = -1;
138 static gint ett_dcerpc_samr = -1;
139 static gint ett_samr_user_dispinfo_1 = -1;
140 static gint ett_samr_user_dispinfo_1_array = -1;
141 static gint ett_samr_user_dispinfo_2 = -1;
142 static gint ett_samr_user_dispinfo_2_array = -1;
143 static gint ett_samr_group_dispinfo = -1;
144 static gint ett_samr_group_dispinfo_array = -1;
145 static gint ett_samr_ascii_dispinfo = -1;
146 static gint ett_samr_ascii_dispinfo_array = -1;
147 static gint ett_samr_display_info = -1;
148 static gint ett_samr_password_info = -1;
149 static gint ett_samr_server = -1;
150 static gint ett_samr_user_group = -1;
151 static gint ett_samr_user_group_array = -1;
152 static gint ett_samr_alias_info = -1;
153 static gint ett_samr_group_info = -1;
154 static gint ett_samr_domain_info_1 = -1;
155 static gint ett_samr_domain_info_2 = -1;
156 static gint ett_samr_domain_info_8 = -1;
157 static gint ett_samr_replication_status = -1;
158 static gint ett_samr_domain_info_11 = -1;
159 static gint ett_samr_domain_info_13 = -1;
160 static gint ett_samr_domain_info = -1;
161 static gint ett_samr_sid_pointer = -1;
162 static gint ett_samr_sid_array = -1;
163 static gint ett_samr_index_array = -1;
164 static gint ett_samr_idx_and_name = -1;
165 static gint ett_samr_idx_and_name_array = -1;
166 static gint ett_samr_logon_hours = -1;
167 static gint ett_samr_logon_hours_hours = -1;
168 static gint ett_samr_user_info_1 = -1;
169 static gint ett_samr_user_info_2 = -1;
170 static gint ett_samr_user_info_3 = -1;
171 static gint ett_samr_user_info_5 = -1;
172 static gint ett_samr_user_info_6 = -1;
173 static gint ett_samr_user_info_18 = -1;
174 static gint ett_samr_user_info_19 = -1;
175 static gint ett_samr_buffer_buffer = -1;
176 static gint ett_samr_buffer = -1;
177 static gint ett_samr_user_info_21 = -1;
178 static gint ett_samr_user_info_22 = -1;
179 static gint ett_samr_user_info_23 = -1;
180 static gint ett_samr_user_info_24 = -1;
181 static gint ett_samr_user_info = -1;
182 static gint ett_samr_member_array_types = -1;
183 static gint ett_samr_member_array_rids = -1;
184 static gint ett_samr_member_array = -1;
185 static gint ett_samr_names = -1;
186 static gint ett_samr_rids = -1;
187 static gint ett_nt_acct_ctrl = -1;
188 static gint ett_samr_sid_and_attributes_array = -1;
189 static gint ett_samr_sid_and_attributes = -1;
190 #ifdef SAMR_UNUSED_HANDLES
191 static gint ett_samr_hnd = -1;
194 static e_uuid_t uuid_dcerpc_samr = {
195 0x12345778, 0x1234, 0xabcd,
196 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xac}
199 static guint16 ver_dcerpc_samr = 1;
203 dissect_ndr_nt_SID(tvbuff_t *tvb, int offset,
204 packet_info *pinfo, proto_tree *tree,
209 di=pinfo->private_data;
210 if(di->conformant_run){
211 /* just a run to handle conformant arrays, no scalars to dissect */
215 /* the SID contains a conformant array, first we must eat
216 the 4-byte max_count before we can hand it off */
217 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
218 hf_samr_count, NULL);
220 offset = dissect_nt_sid(tvb, offset, tree, "Domain");
225 dissect_ndr_nt_SID_ptr(tvbuff_t *tvb, int offset,
226 packet_info *pinfo, proto_tree *tree,
229 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
230 dissect_ndr_nt_SID, NDR_POINTER_UNIQUE,
231 "SID pointer", -1, 1);
237 static const true_false_string tfs_nt_acb_disabled = {
238 "Account is DISABLED",
239 "Account is NOT disabled"
241 static const true_false_string tfs_nt_acb_homedirreq = {
242 "Homedir is REQUIRED",
243 "Homedir is NOT required"
245 static const true_false_string tfs_nt_acb_pwnotreq = {
246 "Password is NOT required",
247 "Password is REQUIRED"
249 static const true_false_string tfs_nt_acb_tempdup = {
250 "This is a TEMPORARY DUPLICATE account",
251 "This is NOT a temporary duplicate account"
253 static const true_false_string tfs_nt_acb_normal = {
254 "This is a NORMAL USER account",
255 "This is NOT a normal user account"
257 static const true_false_string tfs_nt_acb_mns = {
258 "This is a MNS account",
259 "This is NOT a mns account"
261 static const true_false_string tfs_nt_acb_domtrust = {
262 "This is a DOMAIN TRUST account",
263 "This is NOT a domain trust account"
265 static const true_false_string tfs_nt_acb_wstrust = {
266 "This is a WORKSTATION TRUST account",
267 "This is NOT a workstation trust account"
269 static const true_false_string tfs_nt_acb_svrtrust = {
270 "This is a SERVER TRUST account",
271 "This is NOT a server trust account"
273 static const true_false_string tfs_nt_acb_pwnoexp = {
274 "Passwords does NOT expire",
275 "Password will EXPIRE"
277 static const true_false_string tfs_nt_acb_autolock = {
278 "This account has been AUTO LOCKED",
279 "This account has NOT been auto locked"
282 dissect_ndr_nt_acct_ctrl(tvbuff_t *tvb, int offset, packet_info *pinfo,
283 proto_tree *parent_tree, char *drep)
286 proto_item *item = NULL;
287 proto_tree *tree = NULL;
289 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
290 hf_nt_acct_ctrl, &mask);
293 item = proto_tree_add_uint(parent_tree, hf_nt_acct_ctrl,
294 tvb, offset-4, 4, mask);
295 tree = proto_item_add_subtree(item, ett_nt_acct_ctrl);
298 proto_tree_add_boolean(tree, hf_nt_acb_autolock,
299 tvb, offset-4, 4, mask);
300 proto_tree_add_boolean(tree, hf_nt_acb_pwnoexp,
301 tvb, offset-4, 4, mask);
302 proto_tree_add_boolean(tree, hf_nt_acb_svrtrust,
303 tvb, offset-4, 4, mask);
304 proto_tree_add_boolean(tree, hf_nt_acb_wstrust,
305 tvb, offset-4, 4, mask);
306 proto_tree_add_boolean(tree, hf_nt_acb_domtrust,
307 tvb, offset-4, 4, mask);
308 proto_tree_add_boolean(tree, hf_nt_acb_mns,
309 tvb, offset-4, 4, mask);
310 proto_tree_add_boolean(tree, hf_nt_acb_normal,
311 tvb, offset-4, 4, mask);
312 proto_tree_add_boolean(tree, hf_nt_acb_tempdup,
313 tvb, offset-4, 4, mask);
314 proto_tree_add_boolean(tree, hf_nt_acb_pwnotreq,
315 tvb, offset-4, 4, mask);
316 proto_tree_add_boolean(tree, hf_nt_acb_homedirreq,
317 tvb, offset-4, 4, mask);
318 proto_tree_add_boolean(tree, hf_nt_acb_disabled,
319 tvb, offset-4, 4, mask);
325 /* above this line, just some general support routines which should be placed
326 in some more generic file common to all NT services dissectors
330 samr_dissect_open_user_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
331 proto_tree *tree, char *drep)
333 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
334 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
337 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
338 hf_samr_hnd, NULL, FALSE, FALSE);
340 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
341 hf_samr_access, NULL);
343 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
346 if (check_col(pinfo->cinfo, COL_INFO))
347 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
349 dcv->private_data = (void *)rid;
355 samr_dissect_open_user_reply(tvbuff_t *tvb, int offset,
356 packet_info *pinfo, proto_tree *tree,
359 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
360 hf_samr_hnd, NULL, TRUE, FALSE);
362 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
369 samr_dissect_pointer_long(tvbuff_t *tvb, int offset,
370 packet_info *pinfo, proto_tree *tree,
375 di=pinfo->private_data;
376 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
382 samr_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
383 packet_info *pinfo, proto_tree *tree,
388 di=pinfo->private_data;
389 if(di->conformant_run){
390 /*just a run to handle conformant arrays, nothing to dissect */
394 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
400 samr_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
401 packet_info *pinfo, proto_tree *tree,
406 di=pinfo->private_data;
407 if(di->conformant_run){
408 /*just a run to handle conformant arrays, nothing to dissect */
412 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
413 di->hf_index, di->levels);
418 samr_dissect_pointer_short(tvbuff_t *tvb, int offset,
419 packet_info *pinfo, proto_tree *tree,
424 di=pinfo->private_data;
425 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
432 samr_dissect_query_dispinfo_rqst(tvbuff_t *tvb, int offset,
433 packet_info *pinfo, proto_tree *tree,
436 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
437 hf_samr_hnd, NULL, FALSE, FALSE);
439 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
440 hf_samr_level, NULL);
441 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
442 hf_samr_start_idx, NULL);
443 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
444 hf_samr_max_entries, NULL);
445 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
446 hf_samr_pref_maxsize, NULL);
452 samr_dissect_USER_DISPINFO_1(tvbuff_t *tvb, int offset,
453 packet_info *pinfo, proto_tree *parent_tree,
456 proto_item *item=NULL;
457 proto_tree *tree=NULL;
458 int old_offset=offset;
461 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
463 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
466 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
467 hf_samr_index, NULL);
468 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
470 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
471 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
472 hf_samr_acct_name, 0);
473 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
474 hf_samr_full_name, 0);
475 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
476 hf_samr_acct_desc, 0);
478 proto_item_set_len(item, offset-old_offset);
483 samr_dissect_USER_DISPINFO_1_ARRAY_users(tvbuff_t *tvb, int offset,
484 packet_info *pinfo, proto_tree *tree,
487 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
488 samr_dissect_USER_DISPINFO_1);
494 samr_dissect_USER_DISPINFO_1_ARRAY (tvbuff_t *tvb, int offset,
495 packet_info *pinfo, proto_tree *parent_tree,
499 proto_item *item=NULL;
500 proto_tree *tree=NULL;
501 int old_offset=offset;
504 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
505 "User_DispInfo_1 Array");
506 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1_array);
510 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
511 hf_samr_count, &count);
512 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
513 samr_dissect_USER_DISPINFO_1_ARRAY_users, NDR_POINTER_PTR,
514 "USER_DISPINFO_1_ARRAY", -1, 0);
516 proto_item_set_len(item, offset-old_offset);
523 samr_dissect_USER_DISPINFO_2(tvbuff_t *tvb, int offset,
524 packet_info *pinfo, proto_tree *parent_tree,
527 proto_item *item=NULL;
528 proto_tree *tree=NULL;
529 int old_offset=offset;
532 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
534 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2);
537 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
538 hf_samr_index, NULL);
539 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
541 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
542 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
543 hf_samr_acct_name, 0);
544 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
545 hf_samr_acct_desc, 0);
547 proto_item_set_len(item, offset-old_offset);
552 samr_dissect_USER_DISPINFO_2_ARRAY_users (tvbuff_t *tvb, int offset,
553 packet_info *pinfo, proto_tree *tree,
556 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
557 samr_dissect_USER_DISPINFO_2);
563 samr_dissect_USER_DISPINFO_2_ARRAY (tvbuff_t *tvb, int offset,
564 packet_info *pinfo, proto_tree *parent_tree,
568 proto_item *item=NULL;
569 proto_tree *tree=NULL;
570 int old_offset=offset;
573 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
574 "User_DispInfo_2 Array");
575 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2_array);
579 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
580 hf_samr_count, &count);
581 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
582 samr_dissect_USER_DISPINFO_2_ARRAY_users, NDR_POINTER_PTR,
583 "USER_DISPINFO_2_ARRAY", -1, 0);
585 proto_item_set_len(item, offset-old_offset);
594 samr_dissect_GROUP_DISPINFO(tvbuff_t *tvb, int offset,
595 packet_info *pinfo, proto_tree *parent_tree,
598 proto_item *item=NULL;
599 proto_tree *tree=NULL;
600 int old_offset=offset;
603 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
605 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo);
609 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
610 hf_samr_index, NULL);
611 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
613 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
614 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
615 hf_samr_acct_name, 0);
616 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
617 hf_samr_acct_desc, 0);
619 proto_item_set_len(item, offset-old_offset);
624 samr_dissect_GROUP_DISPINFO_ARRAY_groups(tvbuff_t *tvb, int offset,
625 packet_info *pinfo, proto_tree *tree,
628 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
629 samr_dissect_GROUP_DISPINFO);
635 samr_dissect_GROUP_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
636 packet_info *pinfo, proto_tree *parent_tree,
640 proto_item *item=NULL;
641 proto_tree *tree=NULL;
642 int old_offset=offset;
645 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
646 "Group_DispInfo Array");
647 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo_array);
650 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
651 hf_samr_count, &count);
652 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
653 samr_dissect_GROUP_DISPINFO_ARRAY_groups, NDR_POINTER_PTR,
654 "GROUP_DISPINFO_ARRAY", -1, 0);
656 proto_item_set_len(item, offset-old_offset);
663 samr_dissect_ASCII_DISPINFO(tvbuff_t *tvb, int offset,
664 packet_info *pinfo, proto_tree *parent_tree,
667 proto_item *item=NULL;
668 proto_tree *tree=NULL;
669 int old_offset=offset;
672 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
674 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo);
678 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
679 hf_samr_index, NULL);
680 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
682 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
683 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
684 hf_samr_acct_name, 0);
685 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
686 hf_samr_acct_desc,0 );
688 proto_item_set_len(item, offset-old_offset);
693 samr_dissect_ASCII_DISPINFO_ARRAY_users(tvbuff_t *tvb, int offset,
694 packet_info *pinfo, proto_tree *tree,
697 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
698 samr_dissect_ASCII_DISPINFO);
704 samr_dissect_ASCII_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
705 packet_info *pinfo, proto_tree *parent_tree,
709 proto_item *item=NULL;
710 proto_tree *tree=NULL;
711 int old_offset=offset;
714 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
715 "Ascii_DispInfo Array");
716 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo_array);
719 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
720 hf_samr_count, &count);
721 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
722 samr_dissect_ASCII_DISPINFO_ARRAY_users, NDR_POINTER_PTR,
723 "ACSII_DISPINFO_ARRAY", -1, 0);
725 proto_item_set_len(item, offset-old_offset);
731 samr_dissect_DISPLAY_INFO (tvbuff_t *tvb, int offset,
732 packet_info *pinfo, proto_tree *parent_tree,
735 proto_item *item=NULL;
736 proto_tree *tree=NULL;
737 int old_offset=offset;
741 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
743 tree = proto_item_add_subtree(item, ett_samr_display_info);
746 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
747 hf_samr_level, &level);
750 offset = samr_dissect_USER_DISPINFO_1_ARRAY(
751 tvb, offset, pinfo, tree, drep);
754 offset = samr_dissect_USER_DISPINFO_2_ARRAY(
755 tvb, offset, pinfo, tree, drep);
758 offset = samr_dissect_GROUP_DISPINFO_ARRAY(
759 tvb, offset, pinfo, tree, drep);
762 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
763 tvb, offset, pinfo, tree, drep);
766 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
767 tvb, offset, pinfo, tree, drep);
771 proto_item_set_len(item, offset-old_offset);
776 samr_dissect_query_dispinfo_reply(tvbuff_t *tvb, int offset,
777 packet_info *pinfo, proto_tree *tree,
780 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
781 samr_dissect_pointer_long, NDR_POINTER_REF,
782 "Total Size", hf_samr_total_size, 0);
783 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
784 samr_dissect_pointer_long, NDR_POINTER_REF,
785 "Returned Size", hf_samr_ret_size, 0);
786 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
787 samr_dissect_DISPLAY_INFO, NDR_POINTER_REF,
788 "DISPLAY_INFO:", -1, 0);
789 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
796 samr_dissect_get_display_enumeration_index_rqst(tvbuff_t *tvb, int offset,
801 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
802 hf_samr_hnd, NULL, FALSE, FALSE);
804 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
805 hf_samr_level, NULL);
807 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
808 hf_samr_acct_name, 0);
814 samr_dissect_get_display_enumeration_index_reply(tvbuff_t *tvb, int offset,
815 packet_info *pinfo, proto_tree *tree,
818 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
819 samr_dissect_pointer_long, NDR_POINTER_REF,
820 "Index", hf_samr_index, 0);
822 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
832 samr_dissect_PASSWORD_INFO(tvbuff_t *tvb, int offset,
833 packet_info *pinfo, proto_tree *parent_tree,
836 proto_item *item=NULL;
837 proto_tree *tree=NULL;
838 int old_offset=offset;
840 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
843 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
845 tree = proto_item_add_subtree(item, ett_samr_password_info);
849 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
850 hf_samr_unknown_short, NULL);
851 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
852 hf_samr_unknown_long, NULL);
854 proto_item_set_len(item, offset-old_offset);
859 samr_dissect_get_usrdom_pwinfo_rqst(tvbuff_t *tvb, int offset,
860 packet_info *pinfo, proto_tree *tree,
863 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
864 hf_samr_hnd, NULL, FALSE, FALSE);
870 samr_dissect_get_usrdom_pwinfo_reply(tvbuff_t *tvb, int offset,
871 packet_info *pinfo, proto_tree *tree,
874 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
875 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
876 "PASSWORD_INFO:", -1, 0);
878 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
886 samr_dissect_connect2_server(tvbuff_t *tvb, int offset,
887 packet_info *pinfo, proto_tree *parent_tree,
890 proto_item *item=NULL;
891 proto_tree *tree=NULL;
892 int old_offset=offset;
895 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
897 tree = proto_item_add_subtree(item, ett_samr_server);
900 offset = dissect_ndr_nt_UNICODE_STRING_str(tvb, offset, pinfo,
903 proto_item_set_len(item, offset-old_offset);
908 samr_dissect_connect2_rqst(tvbuff_t *tvb, int offset,
909 packet_info *pinfo, proto_tree *tree,
912 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
913 samr_dissect_connect2_server, NDR_POINTER_UNIQUE,
914 "Server", hf_samr_server, 1);
916 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
917 hf_samr_access, NULL);
922 samr_dissect_connect2_reply(tvbuff_t *tvb, int offset,
923 packet_info *pinfo, proto_tree *tree,
926 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
927 hf_samr_hnd, NULL, TRUE, FALSE);
929 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
935 samr_dissect_connect_anon_rqst(tvbuff_t *tvb, int offset,
936 packet_info *pinfo, proto_tree *tree,
942 offset=dissect_ndr_uint16(tvb, offset, pinfo, NULL, drep,
943 hf_samr_server, &server);
946 proto_tree_add_string_format(tree, hf_samr_server, tvb, offset-2, 2,
947 str, "Server: %s", str);
953 samr_dissect_connect_anon_reply(tvbuff_t *tvb, int offset,
954 packet_info *pinfo, proto_tree *tree,
957 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
958 hf_samr_hnd, NULL, TRUE, FALSE);
960 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
967 samr_dissect_USER_GROUP(tvbuff_t *tvb, int offset,
968 packet_info *pinfo, proto_tree *parent_tree,
971 proto_item *item=NULL;
972 proto_tree *tree=NULL;
973 int old_offset=offset;
976 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
978 tree = proto_item_add_subtree(item, ett_samr_user_group);
981 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
983 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
984 hf_samr_rid_attrib, NULL);
986 proto_item_set_len(item, offset-old_offset);
991 samr_dissect_USER_GROUP_ARRAY_groups (tvbuff_t *tvb, int offset,
992 packet_info *pinfo, proto_tree *tree,
995 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
996 samr_dissect_USER_GROUP);
1002 samr_dissect_USER_GROUP_ARRAY(tvbuff_t *tvb, int offset,
1003 packet_info *pinfo, proto_tree *parent_tree,
1007 proto_item *item=NULL;
1008 proto_tree *tree=NULL;
1009 int old_offset=offset;
1012 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1013 "USER_GROUP_ARRAY");
1014 tree = proto_item_add_subtree(item, ett_samr_user_group_array);
1017 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1018 hf_samr_count, &count);
1019 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1020 samr_dissect_USER_GROUP_ARRAY_groups, NDR_POINTER_UNIQUE,
1021 "USER_GROUP_ARRAY", -1, 0);
1023 proto_item_set_len(item, offset-old_offset);
1028 samr_dissect_USER_GROUP_ARRAY_ptr(tvbuff_t *tvb, int offset,
1029 packet_info *pinfo, proto_tree *tree,
1032 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1033 samr_dissect_USER_GROUP_ARRAY, NDR_POINTER_UNIQUE,
1034 "USER_GROUP_ARRAY", -1, 0);
1039 samr_dissect_get_groups_for_user_rqst(tvbuff_t *tvb, int offset,
1040 packet_info *pinfo, proto_tree *tree,
1043 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1044 hf_samr_hnd, NULL, FALSE, FALSE);
1050 samr_dissect_get_groups_for_user_reply(tvbuff_t *tvb, int offset,
1051 packet_info *pinfo, proto_tree *tree,
1054 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1055 samr_dissect_USER_GROUP_ARRAY_ptr, NDR_POINTER_REF,
1056 "USER_GROUP_ARRAY:", -1, 0);
1058 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1066 samr_dissect_open_domain_rqst(tvbuff_t *tvb, int offset,
1067 packet_info *pinfo, proto_tree *tree,
1070 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1071 hf_samr_hnd, NULL, FALSE, FALSE);
1073 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1074 hf_samr_access, NULL);
1075 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1076 dissect_ndr_nt_SID, NDR_POINTER_REF,
1082 samr_dissect_open_domain_reply(tvbuff_t *tvb, int offset,
1083 packet_info *pinfo, proto_tree *tree,
1086 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1087 hf_samr_hnd, NULL, TRUE, FALSE);
1089 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1097 samr_dissect_context_handle_SID(tvbuff_t *tvb, int offset,
1098 packet_info *pinfo, proto_tree *tree,
1101 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1102 hf_samr_hnd, NULL, FALSE, FALSE);
1104 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1105 dissect_ndr_nt_SID, NDR_POINTER_REF,
1112 samr_dissect_add_member_to_group_rqst(tvbuff_t *tvb, int offset,
1113 packet_info *pinfo, proto_tree *tree,
1116 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1117 hf_samr_hnd, NULL, FALSE, FALSE);
1119 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1120 hf_samr_group, NULL);
1122 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1129 samr_dissect_add_member_to_group_reply(tvbuff_t *tvb, int offset,
1130 packet_info *pinfo, proto_tree *tree,
1133 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1140 samr_dissect_unknown_3c_rqst(tvbuff_t *tvb, int offset,
1141 packet_info *pinfo, proto_tree *tree,
1144 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1145 hf_samr_hnd, NULL, FALSE, FALSE);
1151 samr_dissect_unknown_3c_reply(tvbuff_t *tvb, int offset,
1152 packet_info *pinfo, proto_tree *tree,
1155 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1156 samr_dissect_pointer_short, NDR_POINTER_REF,
1157 "unknown short", hf_samr_unknown_short, 0);
1159 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1165 samr_dissect_create_alias_in_domain_rqst(tvbuff_t *tvb, int offset,
1166 packet_info *pinfo, proto_tree *tree,
1169 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1170 hf_samr_hnd, NULL, FALSE, FALSE);
1172 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1173 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1174 "Account Name", hf_samr_acct_name, 0);
1176 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1177 hf_samr_access, NULL);
1183 samr_dissect_create_alias_in_domain_reply(tvbuff_t *tvb, int offset,
1184 packet_info *pinfo, proto_tree *tree,
1187 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1188 hf_samr_hnd, NULL, TRUE, FALSE);
1190 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1193 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1200 samr_dissect_query_information_alias_rqst(tvbuff_t *tvb, int offset,
1202 proto_tree *tree, char *drep)
1204 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1205 hf_samr_hnd, NULL, FALSE, FALSE);
1207 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1208 hf_samr_level, NULL);
1214 samr_dissect_ALIAS_INFO_1 (tvbuff_t *tvb, int offset,
1215 packet_info *pinfo, proto_tree *tree,
1218 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1220 hf_samr_acct_name, 0);
1221 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1223 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1225 hf_samr_acct_desc, 0);
1230 samr_dissect_ALIAS_INFO(tvbuff_t *tvb, int offset,
1231 packet_info *pinfo, proto_tree *parent_tree,
1234 proto_item *item=NULL;
1235 proto_tree *tree=NULL;
1236 int old_offset=offset;
1240 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1242 tree = proto_item_add_subtree(item, ett_samr_alias_info);
1245 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1246 hf_samr_level, &level);
1249 offset = samr_dissect_ALIAS_INFO_1(
1250 tvb, offset, pinfo, tree, drep);
1253 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1255 hf_samr_acct_name, 0);
1258 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1260 hf_samr_acct_desc, 0);
1264 proto_item_set_len(item, offset-old_offset);
1269 samr_dissect_ALIAS_INFO_ptr(tvbuff_t *tvb, int offset,
1270 packet_info *pinfo, proto_tree *tree,
1273 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1274 samr_dissect_ALIAS_INFO, NDR_POINTER_UNIQUE,
1275 "ALIAS_INFO", -1, 0);
1280 samr_dissect_query_information_alias_reply(tvbuff_t *tvb, int offset,
1282 proto_tree *tree, char *drep)
1284 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1285 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1286 "ALIAS_INFO:", -1, 0);
1288 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1295 samr_dissect_set_information_alias_rqst(tvbuff_t *tvb, int offset,
1296 packet_info *pinfo, proto_tree *tree,
1299 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1300 hf_samr_hnd, NULL, FALSE, FALSE);
1302 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1303 hf_samr_level, NULL);
1304 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1305 samr_dissect_ALIAS_INFO, NDR_POINTER_REF,
1306 "ALIAS_INFO:", -1, 0);
1311 samr_dissect_set_information_alias_reply(tvbuff_t *tvb, int offset,
1312 packet_info *pinfo, proto_tree *tree,
1315 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1316 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1317 "ALIAS_INFO", -1, 0);
1319 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1325 samr_dissect_CRYPT_PASSWORD(tvbuff_t *tvb, int offset,
1326 packet_info *pinfo _U_, proto_tree *tree,
1329 proto_tree_add_item(tree, hf_samr_crypt_password, tvb, offset, 516,
1336 samr_dissect_CRYPT_HASH(tvbuff_t *tvb, int offset,
1337 packet_info *pinfo _U_, proto_tree *tree,
1340 proto_tree_add_item(tree, hf_samr_crypt_hash, tvb, offset, 16,
1348 samr_dissect_oem_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1350 proto_tree *tree, char *drep)
1352 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1353 hf_samr_hnd, NULL, FALSE, FALSE);
1355 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1356 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1357 "Server", hf_samr_server, 0);
1358 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1359 samr_dissect_pointer_STRING, NDR_POINTER_REF,
1360 "Account Name", hf_samr_acct_name, 0);
1361 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1362 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1364 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1365 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1371 samr_dissect_oem_change_password_user2_reply(tvbuff_t *tvb, int offset,
1373 proto_tree *tree, char *drep)
1375 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1382 samr_dissect_unicode_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1384 proto_tree *tree, char *drep)
1386 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1387 hf_samr_hnd, NULL, FALSE, FALSE);
1389 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1390 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1391 "Server", hf_samr_server, 0);
1392 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1393 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1394 "Account Name", hf_samr_acct_name, 0);
1395 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1396 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1398 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1399 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1401 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1402 hf_samr_lm_change, NULL);
1403 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1404 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1406 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1407 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1413 samr_dissect_unicode_change_password_user2_reply(tvbuff_t *tvb, int offset,
1415 proto_tree *tree, char *drep)
1417 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1424 samr_dissect_unknown_3b_rqst(tvbuff_t *tvb, int offset,
1425 packet_info *pinfo, proto_tree *tree,
1428 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1429 hf_samr_hnd, NULL, FALSE, FALSE);
1431 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1432 hf_samr_unknown_short, NULL);
1433 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1434 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1435 "Unknown", hf_samr_unknown_string, 0);
1436 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1437 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1438 "Unknown", hf_samr_unknown_string, 0);
1443 samr_dissect_unknown_3b_reply(tvbuff_t *tvb, int offset,
1444 packet_info *pinfo, proto_tree *tree,
1447 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1454 samr_dissect_create_user2_in_domain_rqst(tvbuff_t *tvb, int offset,
1455 packet_info *pinfo, proto_tree *tree,
1458 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1459 hf_samr_hnd, NULL, FALSE, FALSE);
1461 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1462 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1463 "Account Name", hf_samr_acct_name, 0);
1464 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
1465 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1466 hf_samr_access, NULL);
1472 samr_dissect_create_user2_in_domain_reply(tvbuff_t *tvb, int offset,
1473 packet_info *pinfo, proto_tree *tree,
1476 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1477 hf_samr_hnd, NULL, TRUE, FALSE);
1479 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1480 hf_samr_unknown_long, NULL);
1481 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1484 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1490 samr_dissect_get_display_enumeration_index2_rqst(tvbuff_t *tvb, int offset,
1492 proto_tree *tree, char *drep)
1494 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1495 hf_samr_hnd, NULL, FALSE, FALSE);
1497 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1498 hf_samr_level, NULL);
1499 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1500 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1501 "Account Name", hf_samr_acct_name, 0);
1506 samr_dissect_get_display_enumeration_index2_reply(tvbuff_t *tvb, int offset,
1507 packet_info *pinfo, proto_tree *tree,
1510 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1511 hf_samr_index, NULL);
1513 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1519 samr_dissect_change_password_user_rqst(tvbuff_t *tvb, int offset,
1520 packet_info *pinfo, proto_tree *tree,
1523 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1524 hf_samr_hnd, NULL, FALSE, FALSE);
1526 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1527 hf_samr_unknown_char, NULL);
1528 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1529 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1531 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1532 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1534 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1535 hf_samr_unknown_char, NULL);
1536 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1537 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1539 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1540 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1542 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1543 hf_samr_unknown_char, NULL);
1544 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1545 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1547 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1548 hf_samr_unknown_char, NULL);
1549 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1550 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1557 samr_dissect_change_password_user_reply(tvbuff_t *tvb, int offset,
1558 packet_info *pinfo, proto_tree *tree,
1561 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1568 samr_dissect_set_member_attributes_of_group_rqst(tvbuff_t *tvb, int offset,
1570 proto_tree *tree, char *drep)
1572 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1573 hf_samr_hnd, NULL, FALSE, FALSE);
1575 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1576 hf_samr_attrib, NULL);
1581 samr_dissect_set_member_attributes_of_group_reply(tvbuff_t *tvb, int offset,
1582 packet_info *pinfo, proto_tree *tree,
1585 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1592 samr_dissect_GROUP_INFO_1 (tvbuff_t *tvb, int offset,
1593 packet_info *pinfo, proto_tree *tree,
1596 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1598 hf_samr_acct_name, 0);
1599 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1601 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1602 hf_samr_attrib, NULL);
1603 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1605 hf_samr_acct_desc, 0);
1610 samr_dissect_GROUP_INFO(tvbuff_t *tvb, int offset,
1611 packet_info *pinfo, proto_tree *parent_tree,
1614 proto_item *item=NULL;
1615 proto_tree *tree=NULL;
1616 int old_offset=offset;
1620 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1622 tree = proto_item_add_subtree(item, ett_samr_group_info);
1625 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1626 hf_samr_level, &level);
1629 offset = samr_dissect_GROUP_INFO_1(
1630 tvb, offset, pinfo, tree, drep);
1633 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1635 hf_samr_acct_name, 0);
1638 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1639 hf_samr_attrib, NULL);
1642 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1644 hf_samr_acct_desc, 0);
1648 proto_item_set_len(item, offset-old_offset);
1653 samr_dissect_GROUP_INFO_ptr(tvbuff_t *tvb, int offset,
1654 packet_info *pinfo, proto_tree *tree,
1657 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1658 samr_dissect_GROUP_INFO, NDR_POINTER_UNIQUE,
1659 "GROUP_INFO", -1, 0);
1664 samr_dissect_query_information_group_rqst(tvbuff_t *tvb, int offset,
1666 proto_tree *tree, char *drep)
1668 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1669 hf_samr_hnd, NULL, FALSE, FALSE);
1671 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1672 hf_samr_level, NULL);
1678 samr_dissect_query_information_group_reply(tvbuff_t *tvb, int offset,
1679 packet_info *pinfo, proto_tree *tree,
1682 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1683 samr_dissect_GROUP_INFO_ptr, NDR_POINTER_REF,
1684 "GROUP_INFO", -1, 0);
1686 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1692 samr_dissect_set_information_group_rqst(tvbuff_t *tvb, int offset,
1693 packet_info *pinfo, proto_tree *tree,
1696 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1697 hf_samr_hnd, NULL, FALSE, FALSE);
1699 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1700 hf_samr_level, NULL);
1701 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1702 samr_dissect_GROUP_INFO, NDR_POINTER_REF,
1703 "GROUP_INFO", -1, 0);
1708 samr_dissect_set_information_group_reply(tvbuff_t *tvb, int offset,
1709 packet_info *pinfo, proto_tree *tree,
1712 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1720 samr_dissect_get_domain_password_information_rqst(tvbuff_t *tvb, int offset,
1725 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1726 hf_samr_hnd, NULL, FALSE, FALSE);
1728 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1729 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1730 "Domain", hf_samr_domain, 0);
1735 samr_dissect_get_domain_password_information_reply(tvbuff_t *tvb, int offset,
1741 * XXX - really? Not the same as
1742 * "samr_dissect_get_usrdom_pwinfo_reply()"?
1744 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1745 hf_samr_hnd, NULL, TRUE, FALSE);
1751 samr_dissect_DOMAIN_INFO_1(tvbuff_t *tvb, int offset,
1752 packet_info *pinfo, proto_tree *parent_tree,
1755 proto_item *item=NULL;
1756 proto_tree *tree=NULL;
1757 int old_offset=offset;
1759 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
1762 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1764 tree = proto_item_add_subtree(item, ett_samr_domain_info_1);
1767 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1768 hf_samr_min_pwd_len, NULL);
1769 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1770 hf_samr_pwd_history_len, NULL);
1771 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1772 hf_samr_unknown_long, NULL);
1773 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1774 hf_samr_max_pwd_age);
1775 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1776 hf_samr_min_pwd_age);
1777 proto_item_set_len(item, offset-old_offset);
1782 samr_dissect_DOMAIN_INFO_2(tvbuff_t *tvb, int offset,
1783 packet_info *pinfo, proto_tree *parent_tree,
1786 proto_item *item=NULL;
1787 proto_tree *tree=NULL;
1788 int old_offset=offset;
1791 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1793 tree = proto_item_add_subtree(item, ett_samr_domain_info_2);
1796 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1797 hf_samr_unknown_time);
1798 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1799 hf_samr_unknown_string, 0);
1800 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1802 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1803 hf_samr_controller, 0);
1804 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1805 hf_samr_unknown_time);
1806 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1807 hf_samr_unknown_long, NULL);
1808 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1809 hf_samr_unknown_long, NULL);
1810 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1811 hf_samr_unknown_char, NULL);
1812 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1813 hf_samr_num_users, NULL);
1814 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1815 hf_samr_num_groups, NULL);
1816 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1817 hf_samr_num_aliases, NULL);
1819 proto_item_set_len(item, offset-old_offset);
1824 samr_dissect_DOMAIN_INFO_8(tvbuff_t *tvb, int offset,
1825 packet_info *pinfo, proto_tree *parent_tree,
1828 proto_item *item=NULL;
1829 proto_tree *tree=NULL;
1830 int old_offset=offset;
1833 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1835 tree = proto_item_add_subtree(item, ett_samr_domain_info_8);
1838 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1839 hf_samr_max_pwd_age);
1840 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1841 hf_samr_min_pwd_age);
1843 proto_item_set_len(item, offset-old_offset);
1848 samr_dissect_REPLICATION_STATUS(tvbuff_t *tvb, int offset,
1849 packet_info *pinfo, proto_tree *parent_tree,
1852 proto_item *item=NULL;
1853 proto_tree *tree=NULL;
1854 int old_offset=offset;
1857 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1858 "REPLICATION_STATUS:");
1859 tree = proto_item_add_subtree(item, ett_samr_replication_status);
1862 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1863 hf_samr_unknown_hyper, NULL);
1864 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1865 hf_samr_unknown_hyper, NULL);
1866 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1867 hf_samr_unknown_short, NULL);
1869 proto_item_set_len(item, offset-old_offset);
1874 samr_dissect_DOMAIN_INFO_11(tvbuff_t *tvb, int offset,
1875 packet_info *pinfo, proto_tree *parent_tree,
1878 proto_item *item=NULL;
1879 proto_tree *tree=NULL;
1880 int old_offset=offset;
1883 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1885 tree = proto_item_add_subtree(item, ett_samr_domain_info_11);
1888 offset = samr_dissect_DOMAIN_INFO_2(
1889 tvb, offset, pinfo, tree, drep);
1890 offset = samr_dissect_REPLICATION_STATUS(
1891 tvb, offset, pinfo, tree, drep);
1893 proto_item_set_len(item, offset-old_offset);
1898 samr_dissect_DOMAIN_INFO_13(tvbuff_t *tvb, int offset,
1899 packet_info *pinfo, proto_tree *parent_tree,
1902 proto_item *item=NULL;
1903 proto_tree *tree=NULL;
1904 int old_offset=offset;
1907 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1909 tree = proto_item_add_subtree(item, ett_samr_domain_info_13);
1912 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1913 hf_samr_unknown_time);
1914 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1915 hf_samr_unknown_time);
1916 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1917 hf_samr_unknown_time);
1919 proto_item_set_len(item, offset-old_offset);
1925 samr_dissect_DOMAIN_INFO(tvbuff_t *tvb, int offset,
1926 packet_info *pinfo, proto_tree *parent_tree,
1929 proto_item *item=NULL;
1930 proto_tree *tree=NULL;
1931 int old_offset=offset;
1935 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1937 tree = proto_item_add_subtree(item, ett_samr_domain_info);
1940 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1941 hf_samr_level, &level);
1943 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
1946 offset = samr_dissect_DOMAIN_INFO_1(
1947 tvb, offset, pinfo, tree, drep);
1950 offset = samr_dissect_DOMAIN_INFO_2(
1951 tvb, offset, pinfo, tree, drep);
1955 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1956 hf_samr_unknown_time);
1959 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1960 tree, drep, hf_samr_unknown_string, 0);
1964 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1965 tree, drep, hf_samr_domain, 0);
1969 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1970 tree, drep, hf_samr_controller, 0);
1974 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1975 hf_samr_unknown_short, NULL);
1978 offset = samr_dissect_DOMAIN_INFO_8(
1979 tvb, offset, pinfo, tree, drep);
1982 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1983 hf_samr_unknown_short, NULL);
1986 offset = samr_dissect_DOMAIN_INFO_11(
1987 tvb, offset, pinfo, tree, drep);
1990 offset = samr_dissect_REPLICATION_STATUS(
1991 tvb, offset, pinfo, tree, drep);
1994 offset = samr_dissect_DOMAIN_INFO_13(
1995 tvb, offset, pinfo, tree, drep);
1999 proto_item_set_len(item, offset-old_offset);
2004 samr_dissect_set_information_domain_rqst(tvbuff_t *tvb, int offset,
2005 packet_info *pinfo, proto_tree *tree,
2008 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2009 hf_samr_hnd, NULL, FALSE, FALSE);
2011 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2012 hf_samr_level, NULL);
2013 offset = samr_dissect_DOMAIN_INFO(tvb, offset, pinfo, tree, drep);
2019 samr_dissect_set_information_domain_reply(tvbuff_t *tvb, int offset,
2021 proto_tree *tree, char *drep)
2023 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2030 samr_dissect_lookup_domain_rqst(tvbuff_t *tvb, int offset,
2031 packet_info *pinfo, proto_tree *tree,
2034 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2035 hf_samr_hnd, NULL, FALSE, FALSE);
2037 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2038 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
2039 "Domain:", hf_samr_domain, 0);
2045 samr_dissect_lookup_domain_reply(tvbuff_t *tvb, int offset,
2046 packet_info *pinfo, proto_tree *tree,
2049 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2050 dissect_ndr_nt_SID_ptr, NDR_POINTER_REF,
2053 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2059 dissect_ndr_nt_PSID(tvbuff_t *tvb, int offset,
2060 packet_info *pinfo, proto_tree *parent_tree,
2063 proto_item *item=NULL;
2064 proto_tree *tree=NULL;
2065 int old_offset=offset;
2068 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2070 tree = proto_item_add_subtree(item, ett_samr_sid_pointer);
2073 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2074 dissect_ndr_nt_SID, NDR_POINTER_UNIQUE,
2077 proto_item_set_len(item, offset-old_offset);
2083 dissect_ndr_nt_PSID_ARRAY_sids (tvbuff_t *tvb, int offset,
2084 packet_info *pinfo, proto_tree *tree,
2087 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2088 dissect_ndr_nt_PSID);
2095 dissect_ndr_nt_PSID_ARRAY(tvbuff_t *tvb, int offset,
2096 packet_info *pinfo, proto_tree *parent_tree,
2100 proto_item *item=NULL;
2101 proto_tree *tree=NULL;
2102 int old_offset=offset;
2105 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2107 tree = proto_item_add_subtree(item, ett_samr_sid_array);
2110 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2111 hf_samr_count, &count);
2112 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2113 dissect_ndr_nt_PSID_ARRAY_sids, NDR_POINTER_UNIQUE,
2114 "PSID_ARRAY", -1, 0);
2116 proto_item_set_len(item, offset-old_offset);
2120 /* called from NETLOGON but placed here since where are where the hf_fields are defined */
2122 dissect_ndr_nt_SID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
2123 packet_info *pinfo, proto_tree *parent_tree,
2126 proto_item *item=NULL;
2127 proto_tree *tree=NULL;
2130 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2131 "SID_AND_ATTRIBUTES:");
2132 tree = proto_item_add_subtree(item, ett_samr_sid_and_attributes);
2135 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
2137 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2138 hf_samr_attrib, NULL);
2144 dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2145 packet_info *pinfo, proto_tree *parent_tree,
2149 proto_item *item=NULL;
2150 proto_tree *tree=NULL;
2151 int old_offset=offset;
2154 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2155 "SID_AND_ATTRIBUTES array:");
2156 tree = proto_item_add_subtree(item, ett_samr_sid_and_attributes_array);
2159 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2160 hf_samr_count, &count);
2161 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2162 dissect_ndr_nt_SID_AND_ATTRIBUTES);
2164 proto_item_set_len(item, offset-old_offset);
2170 samr_dissect_index(tvbuff_t *tvb, int offset,
2171 packet_info *pinfo, proto_tree *tree,
2176 di=pinfo->private_data;
2178 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2179 di->hf_index, NULL);
2186 samr_dissect_INDEX_ARRAY_value (tvbuff_t *tvb, int offset,
2187 packet_info *pinfo, proto_tree *tree,
2190 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2191 samr_dissect_index);
2197 plural_ending(const char *string)
2201 string_len = strlen(string);
2202 if (string_len > 0 && string[string_len - 1] == 's') {
2203 /* String ends with "s" - pluralize by adding "es" */
2206 /* Field name doesn't end with "s" - pluralize by adding "s" */
2212 samr_dissect_INDEX_ARRAY(tvbuff_t *tvb, int offset,
2213 packet_info *pinfo, proto_tree *parent_tree,
2218 proto_item *item=NULL;
2219 proto_tree *tree=NULL;
2220 int old_offset=offset;
2224 di=pinfo->private_data;
2226 field_name = proto_registrar_get_name(di->hf_index);
2227 snprintf(str, 255, "INDEX_ARRAY: %s%s:", field_name,
2228 plural_ending(field_name));
2230 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2232 tree = proto_item_add_subtree(item, ett_samr_index_array);
2235 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2236 hf_samr_count, &count);
2237 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2238 samr_dissect_INDEX_ARRAY_value, NDR_POINTER_UNIQUE,
2239 str, di->hf_index, 0);
2241 proto_item_set_len(item, offset-old_offset);
2246 samr_dissect_get_alias_membership_rqst(tvbuff_t *tvb, int offset,
2247 packet_info *pinfo, proto_tree *tree,
2250 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2251 hf_samr_hnd, NULL, FALSE, FALSE);
2253 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2254 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2255 "PSID_ARRAY:", -1, 0);
2261 samr_dissect_get_alias_membership_reply(tvbuff_t *tvb, int offset,
2262 packet_info *pinfo, proto_tree *tree,
2265 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2266 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
2267 "INDEX_ARRAY:", hf_samr_alias, 0);
2269 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2276 samr_dissect_IDX_AND_NAME(tvbuff_t *tvb, int offset,
2277 packet_info *pinfo, proto_tree *parent_tree,
2280 proto_item *item=NULL;
2281 proto_tree *tree=NULL;
2282 int old_offset=offset;
2286 di=pinfo->private_data;
2288 snprintf(str, 255, "IDX_AND_NAME: %s:",proto_registrar_get_name(di->hf_index));
2290 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2292 tree = proto_item_add_subtree(item, ett_samr_idx_and_name);
2295 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2296 hf_samr_index, NULL);
2297 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
2298 tree, drep, di->hf_index, 4);
2300 proto_item_set_len(item, offset-old_offset);
2305 samr_dissect_IDX_AND_NAME_entry (tvbuff_t *tvb, int offset,
2306 packet_info *pinfo, proto_tree *tree,
2309 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2310 samr_dissect_IDX_AND_NAME);
2317 samr_dissect_IDX_AND_NAME_ARRAY(tvbuff_t *tvb, int offset,
2318 packet_info *pinfo, proto_tree *parent_tree,
2323 proto_item *item=NULL;
2324 proto_tree *tree=NULL;
2325 int old_offset=offset;
2329 di=pinfo->private_data;
2331 field_name = proto_registrar_get_name(di->hf_index);
2334 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2335 "IDX_AND_NAME_ARRAY: %s%s:", field_name,
2336 plural_ending(field_name));
2337 tree = proto_item_add_subtree(item, ett_samr_idx_and_name_array);
2341 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2342 hf_samr_count, &count);
2343 snprintf(str, 255, "IDX_AND_NAME pointer: %s%s:", field_name,
2344 plural_ending(field_name));
2345 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2346 samr_dissect_IDX_AND_NAME_entry, NDR_POINTER_UNIQUE,
2347 str, di->hf_index, 0);
2349 proto_item_set_len(item, offset-old_offset);
2354 samr_dissect_IDX_AND_NAME_ARRAY_ptr(tvbuff_t *tvb, int offset,
2355 packet_info *pinfo, proto_tree *tree,
2362 di=pinfo->private_data;
2364 field_name = proto_registrar_get_name(di->hf_index);
2365 snprintf(str, 255, "IDX_AND_NAME_ARRAY pointer: %s%s:", field_name,
2366 plural_ending(field_name));
2367 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2368 samr_dissect_IDX_AND_NAME_ARRAY, NDR_POINTER_UNIQUE,
2369 str, di->hf_index, 0);
2374 samr_dissect_enum_domains_rqst(tvbuff_t *tvb, int offset,
2375 packet_info *pinfo, proto_tree *tree,
2378 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2379 hf_samr_hnd, NULL, FALSE, FALSE);
2381 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2382 samr_dissect_pointer_long, NDR_POINTER_REF,
2383 "Resume Handle:", hf_samr_resume_hnd, 0);
2385 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2386 hf_samr_pref_maxsize, NULL);
2392 samr_dissect_enum_domains_reply(tvbuff_t *tvb, int offset,
2393 packet_info *pinfo, proto_tree *tree,
2396 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2397 samr_dissect_pointer_long, NDR_POINTER_REF,
2398 "Resume Handle:", hf_samr_resume_hnd, 0);
2399 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2400 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2401 "IDX_AND_NAME_ARRAY:", hf_samr_domain, 0);
2402 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2403 samr_dissect_pointer_long, NDR_POINTER_REF,
2404 "Entries:", hf_samr_entries, 0);
2406 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2413 samr_dissect_enum_dom_groups_rqst(tvbuff_t *tvb, int offset,
2414 packet_info *pinfo, proto_tree *tree,
2417 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2418 hf_samr_hnd, NULL, FALSE, FALSE);
2420 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2421 samr_dissect_pointer_long, NDR_POINTER_REF,
2422 "Resume Handle:", hf_samr_resume_hnd, 0);
2423 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2424 hf_samr_mask, NULL);
2425 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2426 hf_samr_pref_maxsize, NULL);
2432 samr_dissect_enum_dom_groups_reply(tvbuff_t *tvb, int offset,
2433 packet_info *pinfo, proto_tree *tree,
2436 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2437 samr_dissect_pointer_long, NDR_POINTER_REF,
2438 "Resume Handle:", hf_samr_resume_hnd, 0);
2439 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2440 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2441 "IDX_AND_NAME_ARRAY:", hf_samr_group_name, 0);
2442 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2443 samr_dissect_pointer_long, NDR_POINTER_REF,
2444 "Entries:", hf_samr_entries, 0);
2446 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2453 samr_dissect_enum_dom_aliases_rqst(tvbuff_t *tvb, int offset,
2454 packet_info *pinfo, proto_tree *tree,
2457 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2458 hf_samr_hnd, NULL, FALSE, FALSE);
2460 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2461 samr_dissect_pointer_long, NDR_POINTER_REF,
2462 "Resume Handle:", hf_samr_resume_hnd, 0);
2464 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2465 hf_samr_mask, NULL);
2467 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2468 hf_samr_pref_maxsize, NULL);
2474 samr_dissect_enum_dom_aliases_reply(tvbuff_t *tvb, int offset,
2475 packet_info *pinfo, proto_tree *tree,
2478 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2479 samr_dissect_pointer_long, NDR_POINTER_REF,
2480 "Resume Handle:", hf_samr_resume_hnd, 0);
2482 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2483 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2484 "IDX_AND_NAME_ARRAY:", hf_samr_alias_name, 0);
2486 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2487 samr_dissect_pointer_long, NDR_POINTER_REF,
2488 "Entries:", hf_samr_entries, 0);
2490 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2497 samr_dissect_get_members_in_alias_rqst(tvbuff_t *tvb, int offset,
2498 packet_info *pinfo, proto_tree *tree,
2501 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2502 hf_samr_hnd, NULL, FALSE, FALSE);
2508 samr_dissect_get_members_in_alias_reply(tvbuff_t *tvb, int offset,
2509 packet_info *pinfo, proto_tree *tree,
2512 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2513 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2514 "PSID_ARRAY:", -1, 0);
2516 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2523 samr_dissect_LOGON_HOURS_entry(tvbuff_t *tvb, int offset,
2524 packet_info *pinfo, proto_tree *tree,
2527 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2528 hf_samr_unknown_char, NULL);
2533 samr_dissect_LOGON_HOURS_hours(tvbuff_t *tvb, int offset,
2534 packet_info *pinfo, proto_tree *parent_tree,
2537 proto_item *item=NULL;
2538 proto_tree *tree=NULL;
2539 int old_offset=offset;
2542 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2544 tree = proto_item_add_subtree(item, ett_samr_logon_hours_hours);
2547 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
2548 samr_dissect_LOGON_HOURS_entry);
2550 proto_item_set_len(item, offset-old_offset);
2557 dissect_ndr_nt_LOGON_HOURS(tvbuff_t *tvb, int offset,
2558 packet_info *pinfo, proto_tree *parent_tree,
2561 proto_item *item=NULL;
2562 proto_tree *tree=NULL;
2563 int old_offset=offset;
2565 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
2568 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2570 tree = proto_item_add_subtree(item, ett_samr_logon_hours);
2573 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2574 hf_samr_divisions, NULL);
2575 /* XXX - is this a bitmask like the "logon hours" field in the
2576 Remote API call "NetUserGetInfo()" with an information level
2578 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2579 samr_dissect_LOGON_HOURS_hours, NDR_POINTER_UNIQUE,
2580 "LOGON_HOURS", -1, 0);
2582 proto_item_set_len(item, offset-old_offset);
2588 samr_dissect_USER_INFO_1(tvbuff_t *tvb, int offset,
2589 packet_info *pinfo, proto_tree *parent_tree,
2592 proto_item *item=NULL;
2593 proto_tree *tree=NULL;
2594 int old_offset=offset;
2597 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2599 tree = proto_item_add_subtree(item, ett_samr_user_info_1);
2602 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2603 hf_samr_acct_name, 0);
2604 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2605 hf_samr_full_name, 0);
2606 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2607 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2609 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2612 proto_item_set_len(item, offset-old_offset);
2617 samr_dissect_USER_INFO_2(tvbuff_t *tvb, int offset,
2618 packet_info *pinfo, proto_tree *parent_tree,
2621 proto_item *item=NULL;
2622 proto_tree *tree=NULL;
2623 int old_offset=offset;
2626 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2628 tree = proto_item_add_subtree(item, ett_samr_user_info_2);
2631 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2632 hf_samr_acct_name, 0);
2633 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2634 hf_samr_full_name, 0);
2635 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2636 hf_samr_bad_pwd_count, NULL);
2637 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2638 hf_samr_logon_count, NULL);
2640 proto_item_set_len(item, offset-old_offset);
2645 samr_dissect_USER_INFO_3(tvbuff_t *tvb, int offset,
2646 packet_info *pinfo, proto_tree *parent_tree,
2649 proto_item *item=NULL;
2650 proto_tree *tree=NULL;
2651 int old_offset=offset;
2654 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2656 tree = proto_item_add_subtree(item, ett_samr_user_info_3);
2659 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2660 hf_samr_acct_name, 0);
2661 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2662 hf_samr_full_name, 0);
2663 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2665 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2666 hf_samr_group, NULL);
2667 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2669 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2670 hf_samr_home_drive, 0);
2671 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2673 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2674 hf_samr_acct_desc, 0);
2675 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2676 hf_samr_workstations, 0);
2677 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2678 hf_samr_logon_time);
2679 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2680 hf_samr_logoff_time);
2681 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2682 hf_samr_pwd_last_set_time);
2683 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2684 hf_samr_pwd_can_change_time);
2685 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2686 hf_samr_pwd_must_change_time);
2687 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2688 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2689 hf_samr_logon_count, NULL);
2690 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2691 hf_samr_bad_pwd_count, NULL);
2692 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2694 proto_item_set_len(item, offset-old_offset);
2699 samr_dissect_USER_INFO_5(tvbuff_t *tvb, int offset,
2700 packet_info *pinfo, proto_tree *parent_tree,
2703 proto_item *item=NULL;
2704 proto_tree *tree=NULL;
2705 int old_offset=offset;
2708 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2710 tree = proto_item_add_subtree(item, ett_samr_user_info_5);
2713 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2714 hf_samr_acct_name, 0);
2715 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2716 hf_samr_full_name, 0);
2717 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2719 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2720 hf_samr_group, NULL);
2721 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2722 hf_samr_country, NULL);
2723 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2724 hf_samr_codepage, NULL);
2725 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2727 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2728 hf_samr_home_drive, 0);
2729 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2731 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2732 hf_samr_acct_desc, 0);
2733 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2734 hf_samr_workstations, 0);
2735 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2736 hf_samr_logon_time);
2737 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2738 hf_samr_logoff_time);
2739 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2740 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2741 hf_samr_bad_pwd_count, NULL);
2742 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2743 hf_samr_logon_count, NULL);
2744 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2745 hf_samr_pwd_last_set_time);
2746 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2747 hf_samr_acct_expiry_time);
2748 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2750 proto_item_set_len(item, offset-old_offset);
2755 samr_dissect_USER_INFO_6(tvbuff_t *tvb, int offset,
2756 packet_info *pinfo, proto_tree *parent_tree,
2759 proto_item *item=NULL;
2760 proto_tree *tree=NULL;
2761 int old_offset=offset;
2764 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2766 tree = proto_item_add_subtree(item, ett_samr_user_info_6);
2769 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2770 hf_samr_acct_name, 0);
2771 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2772 hf_samr_full_name, 0);
2774 proto_item_set_len(item, offset-old_offset);
2779 samr_dissect_USER_INFO_18(tvbuff_t *tvb, int offset,
2780 packet_info *pinfo, proto_tree *parent_tree,
2783 proto_item *item=NULL;
2784 proto_tree *tree=NULL;
2785 int old_offset=offset;
2788 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2790 tree = proto_item_add_subtree(item, ett_samr_user_info_18);
2793 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
2794 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
2795 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2796 hf_samr_unknown_char, NULL);
2797 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2798 hf_samr_unknown_char, NULL);
2799 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2800 hf_samr_unknown_char, NULL);
2802 proto_item_set_len(item, offset-old_offset);
2807 samr_dissect_USER_INFO_19(tvbuff_t *tvb, int offset,
2808 packet_info *pinfo, proto_tree *parent_tree,
2811 proto_item *item=NULL;
2812 proto_tree *tree=NULL;
2813 int old_offset=offset;
2816 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2818 tree = proto_item_add_subtree(item, ett_samr_user_info_19);
2821 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2822 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2823 hf_samr_logon_time);
2824 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2825 hf_samr_logoff_time);
2826 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2827 hf_samr_bad_pwd_count, NULL);
2828 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2829 hf_samr_logon_count, NULL);
2831 proto_item_set_len(item, offset-old_offset);
2836 samr_dissect_BUFFER_entry(tvbuff_t *tvb, int offset,
2837 packet_info *pinfo, proto_tree *tree,
2840 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2841 hf_samr_unknown_char, NULL);
2847 samr_dissect_BUFFER_buffer(tvbuff_t *tvb, int offset,
2848 packet_info *pinfo, proto_tree *parent_tree,
2851 proto_item *item=NULL;
2852 proto_tree *tree=NULL;
2853 int old_offset=offset;
2856 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2858 tree = proto_item_add_subtree(item, ett_samr_buffer_buffer);
2861 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2862 samr_dissect_BUFFER_entry);
2864 proto_item_set_len(item, offset-old_offset);
2871 samr_dissect_BUFFER(tvbuff_t *tvb, int offset,
2872 packet_info *pinfo, proto_tree *parent_tree,
2875 proto_item *item=NULL;
2876 proto_tree *tree=NULL;
2877 int old_offset=offset;
2880 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2882 tree = proto_item_add_subtree(item, ett_samr_buffer);
2884 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2885 hf_samr_count, NULL);
2886 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2887 samr_dissect_BUFFER_buffer, NDR_POINTER_UNIQUE,
2890 proto_item_set_len(item, offset-old_offset);
2895 samr_dissect_USER_INFO_21(tvbuff_t *tvb, int offset,
2896 packet_info *pinfo, proto_tree *parent_tree,
2899 proto_item *item=NULL;
2900 proto_tree *tree=NULL;
2901 int old_offset=offset;
2904 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2906 tree = proto_item_add_subtree(item, ett_samr_user_info_21);
2909 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2910 hf_samr_logon_time);
2911 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2912 hf_samr_logoff_time);
2913 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2914 hf_samr_kickoff_time);
2915 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2916 hf_samr_pwd_last_set_time);
2917 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2918 hf_samr_pwd_can_change_time);
2919 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2920 hf_samr_pwd_must_change_time);
2921 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2922 hf_samr_acct_name, 2);
2923 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2924 hf_samr_full_name, 0);
2925 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2927 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2928 hf_samr_home_drive, 0);
2929 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2931 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2932 hf_samr_profile, 0);
2933 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2934 hf_samr_acct_desc, 0);
2935 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2936 hf_samr_workstations, 0);
2937 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2938 hf_samr_comment, 0);
2939 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2940 hf_samr_parameters, 0);
2941 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2942 hf_samr_unknown_string, 0);
2943 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2944 hf_samr_unknown_string, 0);
2945 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2946 hf_samr_unknown_string, 0);
2947 offset = samr_dissect_BUFFER(tvb, offset, pinfo, tree, drep);
2948 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2950 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2951 hf_samr_group, NULL);
2952 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2953 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2954 hf_samr_unknown_long, NULL);
2955 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2956 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2957 hf_samr_bad_pwd_count, NULL);
2958 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2959 hf_samr_logon_count, NULL);
2960 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2961 hf_samr_country, NULL);
2962 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2963 hf_samr_codepage, NULL);
2964 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2965 hf_samr_nt_pwd_set, NULL);
2966 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2967 hf_samr_lm_pwd_set, NULL);
2968 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2969 hf_samr_pwd_expired, NULL);
2970 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2971 hf_samr_unknown_char, NULL);
2973 proto_item_set_len(item, offset-old_offset);
2978 samr_dissect_USER_INFO_22(tvbuff_t *tvb, int offset,
2979 packet_info *pinfo, proto_tree *parent_tree,
2982 proto_item *item=NULL;
2983 proto_tree *tree=NULL;
2984 int old_offset=offset;
2987 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2989 tree = proto_item_add_subtree(item, ett_samr_user_info_22);
2992 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
2993 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2994 hf_samr_revision, NULL);
2996 proto_item_set_len(item, offset-old_offset);
3001 samr_dissect_USER_INFO_23(tvbuff_t *tvb, int offset,
3002 packet_info *pinfo, proto_tree *parent_tree,
3005 proto_item *item=NULL;
3006 proto_tree *tree=NULL;
3007 int old_offset=offset;
3010 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3012 tree = proto_item_add_subtree(item, ett_samr_user_info_23);
3015 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3016 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3018 proto_item_set_len(item, offset-old_offset);
3023 samr_dissect_USER_INFO_24(tvbuff_t *tvb, int offset,
3024 packet_info *pinfo, proto_tree *parent_tree,
3027 proto_item *item=NULL;
3028 proto_tree *tree=NULL;
3029 int old_offset=offset;
3032 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3034 tree = proto_item_add_subtree(item, ett_samr_user_info_24);
3037 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3038 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3039 hf_samr_unknown_char, NULL);
3041 proto_item_set_len(item, offset-old_offset);
3046 samr_dissect_USER_INFO (tvbuff_t *tvb, int offset,
3047 packet_info *pinfo, proto_tree *parent_tree,
3050 proto_item *item=NULL;
3051 proto_tree *tree=NULL;
3052 int old_offset=offset;
3056 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3058 tree = proto_item_add_subtree(item, ett_samr_user_info);
3060 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3061 hf_samr_level, &level);
3065 offset = samr_dissect_USER_INFO_1(
3066 tvb, offset, pinfo, tree, drep);
3069 offset = samr_dissect_USER_INFO_2(
3070 tvb, offset, pinfo, tree, drep);
3073 offset = samr_dissect_USER_INFO_3(
3074 tvb, offset, pinfo, tree, drep);
3077 offset = dissect_ndr_nt_LOGON_HOURS(
3078 tvb, offset, pinfo, tree, drep);
3081 offset = samr_dissect_USER_INFO_5(
3082 tvb, offset, pinfo, tree, drep);
3085 offset = samr_dissect_USER_INFO_6(
3086 tvb, offset, pinfo, tree, drep);
3089 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3090 hf_samr_full_name, 0);
3093 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3094 hf_samr_acct_desc, 0);
3097 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3098 hf_samr_unknown_long, NULL);
3101 offset = samr_dissect_USER_INFO_6(
3102 tvb, offset, pinfo, tree, drep);
3105 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3109 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3110 hf_samr_home_drive, 0);
3113 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3117 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3118 hf_samr_workstations, 0);
3121 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree,
3125 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3126 hf_samr_unknown_time);
3129 offset = samr_dissect_USER_INFO_18(
3130 tvb, offset, pinfo, tree, drep);
3133 offset = samr_dissect_USER_INFO_19(
3134 tvb, offset, pinfo, tree, drep);
3137 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3138 hf_samr_profile, 0);
3141 offset = samr_dissect_USER_INFO_21(
3142 tvb, offset, pinfo, tree, drep);
3145 offset = samr_dissect_USER_INFO_22(
3146 tvb, offset, pinfo, tree, drep);
3149 offset = samr_dissect_USER_INFO_23(
3150 tvb, offset, pinfo, tree, drep);
3153 offset = samr_dissect_USER_INFO_24(
3154 tvb, offset, pinfo, tree, drep);
3158 proto_item_set_len(item, offset-old_offset);
3163 samr_dissect_USER_INFO_ptr(tvbuff_t *tvb, int offset,
3164 packet_info *pinfo, proto_tree *tree,
3167 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3168 samr_dissect_USER_INFO, NDR_POINTER_UNIQUE,
3169 "USER_INFO pointer", -1, 0);
3174 samr_dissect_set_information_user2_rqst(tvbuff_t *tvb, int offset,
3175 packet_info *pinfo, proto_tree *tree,
3178 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3179 hf_samr_hnd, NULL, FALSE, FALSE);
3181 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3182 hf_samr_level, NULL);
3184 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3185 samr_dissect_USER_INFO, NDR_POINTER_REF,
3186 "USER_INFO:", -1, 0);
3192 samr_dissect_set_information_user2_reply(tvbuff_t *tvb, int offset,
3193 packet_info *pinfo, proto_tree *tree,
3196 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3203 samr_dissect_unknown_2f_rqst(tvbuff_t *tvb, int offset,
3204 packet_info *pinfo, proto_tree *tree,
3207 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3208 hf_samr_hnd, NULL, FALSE, FALSE);
3210 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3211 hf_samr_level, NULL);
3217 samr_dissect_unknown_2f_reply(tvbuff_t *tvb, int offset,
3218 packet_info *pinfo, proto_tree *tree,
3221 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3222 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
3223 "USER_INFO:", -1, 0);
3225 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3232 samr_dissect_MEMBER_ARRAY_type(tvbuff_t *tvb, int offset,
3233 packet_info *pinfo, proto_tree *tree,
3236 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3237 hf_samr_type, NULL);
3244 samr_dissect_MEMBER_ARRAY_types(tvbuff_t *tvb, int offset,
3245 packet_info *pinfo, proto_tree *parent_tree,
3248 proto_item *item=NULL;
3249 proto_tree *tree=NULL;
3250 int old_offset=offset;
3253 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3254 "MEMBER_ARRAY_types:");
3255 tree = proto_item_add_subtree(item, ett_samr_member_array_types);
3258 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3259 samr_dissect_MEMBER_ARRAY_type);
3261 proto_item_set_len(item, offset-old_offset);
3268 samr_dissect_MEMBER_ARRAY_rid(tvbuff_t *tvb, int offset,
3269 packet_info *pinfo, proto_tree *tree,
3272 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3280 samr_dissect_MEMBER_ARRAY_rids(tvbuff_t *tvb, int offset,
3281 packet_info *pinfo, proto_tree *parent_tree,
3284 proto_item *item=NULL;
3285 proto_tree *tree=NULL;
3286 int old_offset=offset;
3289 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3290 "MEMBER_ARRAY_rids:");
3291 tree = proto_item_add_subtree(item, ett_samr_member_array_rids);
3294 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3295 samr_dissect_MEMBER_ARRAY_rid);
3297 proto_item_set_len(item, offset-old_offset);
3304 samr_dissect_MEMBER_ARRAY(tvbuff_t *tvb, int offset,
3305 packet_info *pinfo, proto_tree *parent_tree,
3309 proto_item *item=NULL;
3310 proto_tree *tree=NULL;
3311 int old_offset=offset;
3314 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3316 tree = proto_item_add_subtree(item, ett_samr_member_array);
3319 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3320 hf_samr_count, &count);
3321 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3322 samr_dissect_MEMBER_ARRAY_rids, NDR_POINTER_UNIQUE,
3324 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3325 samr_dissect_MEMBER_ARRAY_types, NDR_POINTER_UNIQUE,
3328 proto_item_set_len(item, offset-old_offset);
3333 samr_dissect_MEMBER_ARRAY_ptr(tvbuff_t *tvb, int offset,
3334 packet_info *pinfo, proto_tree *tree,
3337 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3338 samr_dissect_MEMBER_ARRAY, NDR_POINTER_UNIQUE,
3339 "MEMBER_ARRAY", -1, 0);
3344 samr_dissect_query_groupmem_rqst(tvbuff_t *tvb, int offset,
3345 packet_info *pinfo, proto_tree *tree,
3348 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3354 samr_dissect_query_groupmem_reply(tvbuff_t *tvb, int offset,
3355 packet_info *pinfo, proto_tree *tree,
3358 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3359 samr_dissect_MEMBER_ARRAY_ptr, NDR_POINTER_REF,
3360 "MEMBER_ARRAY:", -1, 0);
3362 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3369 samr_dissect_set_sec_object_rqst(tvbuff_t *tvb, int offset,
3370 packet_info *pinfo, proto_tree *tree,
3373 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3374 hf_samr_hnd, NULL, FALSE, FALSE);
3376 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3377 hf_samr_info_type, NULL);
3379 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3380 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3381 "LSA_SECURITY_DESCRIPTOR pointer: ", -1, 0);
3387 samr_dissect_set_sec_object_reply(tvbuff_t *tvb, int offset,
3388 packet_info *pinfo, proto_tree *tree,
3391 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3398 samr_dissect_query_sec_object_rqst(tvbuff_t *tvb, int offset,
3399 packet_info *pinfo, proto_tree *tree,
3402 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3403 hf_samr_hnd, NULL, FALSE, FALSE);
3405 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3406 hf_samr_info_type, NULL);
3412 samr_dissect_query_sec_object_reply(tvbuff_t *tvb, int offset,
3413 packet_info *pinfo, proto_tree *tree,
3416 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3417 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3418 "LSA_SECURITY_DESCRIPTOR pointer: ", -1, 0);
3420 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3427 samr_dissect_LOOKUP_NAMES_name(tvbuff_t *tvb, int offset,
3428 packet_info *pinfo, proto_tree *tree,
3431 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3432 hf_samr_acct_name, 1);
3437 samr_dissect_LOOKUP_NAMES(tvbuff_t *tvb, int offset,
3438 packet_info *pinfo, proto_tree *parent_tree,
3441 proto_item *item=NULL;
3442 proto_tree *tree=NULL;
3443 int old_offset=offset;
3446 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3448 tree = proto_item_add_subtree(item, ett_samr_names);
3451 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3452 samr_dissect_LOOKUP_NAMES_name);
3454 proto_item_set_len(item, offset-old_offset);
3460 samr_dissect_lookup_names_rqst(tvbuff_t *tvb, int offset,
3461 packet_info *pinfo, proto_tree *tree,
3464 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3465 hf_samr_hnd, NULL, FALSE, FALSE);
3467 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3468 hf_samr_count, NULL);
3470 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3471 samr_dissect_LOOKUP_NAMES, NDR_POINTER_REF,
3472 "LOOKUP_NAMES:", -1, 0);
3478 samr_dissect_lookup_names_reply(tvbuff_t *tvb, int offset,
3479 packet_info *pinfo, proto_tree *tree,
3482 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3483 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3484 "Rids:", hf_samr_rid, 0);
3485 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3486 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3487 "Types:", hf_samr_type, 0);
3489 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3496 samr_dissect_LOOKUP_RIDS_rid(tvbuff_t *tvb, int offset,
3497 packet_info *pinfo, proto_tree *tree,
3500 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3507 samr_dissect_LOOKUP_RIDS(tvbuff_t *tvb, int offset,
3508 packet_info *pinfo, proto_tree *parent_tree,
3511 proto_item *item=NULL;
3512 proto_tree *tree=NULL;
3513 int old_offset=offset;
3516 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3518 tree = proto_item_add_subtree(item, ett_samr_rids);
3521 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3522 samr_dissect_LOOKUP_RIDS_rid);
3524 proto_item_set_len(item, offset-old_offset);
3530 samr_dissect_lookup_rids_rqst(tvbuff_t *tvb, int offset,
3531 packet_info *pinfo, proto_tree *tree,
3534 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3535 hf_samr_hnd, NULL, FALSE, FALSE);
3537 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3538 hf_samr_count, NULL);
3540 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3541 samr_dissect_LOOKUP_RIDS, NDR_POINTER_REF,
3542 "LOOKUP_RIDS:", -1, 0);
3548 samr_dissect_UNICODE_STRING_ARRAY_name(tvbuff_t *tvb, int offset,
3549 packet_info *pinfo, proto_tree *tree,
3552 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3553 hf_samr_acct_name, 0);
3558 samr_dissect_UNICODE_STRING_ARRAY_names(tvbuff_t *tvb, int offset,
3559 packet_info *pinfo, proto_tree *tree,
3562 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3563 samr_dissect_UNICODE_STRING_ARRAY_name);
3568 samr_dissect_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
3569 packet_info *pinfo, proto_tree *parent_tree,
3572 proto_item *item=NULL;
3573 proto_tree *tree=NULL;
3574 int old_offset=offset;
3577 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3579 tree = proto_item_add_subtree(item, ett_samr_names);
3582 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3583 hf_samr_count, NULL);
3585 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3586 samr_dissect_UNICODE_STRING_ARRAY_names, NDR_POINTER_UNIQUE,
3589 proto_item_set_len(item, offset-old_offset);
3597 samr_dissect_lookup_rids_reply(tvbuff_t *tvb, int offset,
3598 packet_info *pinfo, proto_tree *tree,
3601 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3602 samr_dissect_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
3603 "RIDs:", hf_samr_rid, 0);
3604 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3605 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3606 "Types:", hf_samr_type, 0);
3608 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3615 samr_dissect_close_hnd_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
3616 proto_tree *tree, char *drep)
3618 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3619 hf_samr_hnd, NULL, FALSE, TRUE);
3625 samr_dissect_close_hnd_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
3626 proto_tree *tree, char *drep)
3628 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3629 hf_samr_hnd, NULL, FALSE, FALSE);
3631 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3638 samr_dissect_shutdown_sam_server_rqst(tvbuff_t *tvb, int offset,
3639 packet_info *pinfo, proto_tree *tree,
3642 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3649 samr_dissect_shutdown_sam_server_reply(tvbuff_t *tvb, int offset,
3650 packet_info *pinfo, proto_tree *tree,
3653 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3660 samr_dissect_delete_dom_group_rqst(tvbuff_t *tvb, int offset,
3661 packet_info *pinfo, proto_tree *tree,
3664 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3671 samr_dissect_delete_dom_group_reply(tvbuff_t *tvb, int offset,
3672 packet_info *pinfo, proto_tree *tree,
3675 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3682 samr_dissect_remove_member_from_group_rqst(tvbuff_t *tvb, int offset,
3684 proto_tree *tree, char *drep)
3686 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3687 hf_samr_hnd, NULL, FALSE, FALSE);
3689 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3690 hf_samr_group, NULL);
3692 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3699 samr_dissect_remove_member_from_group_reply(tvbuff_t *tvb, int offset,
3701 proto_tree *tree, char *drep)
3703 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3710 samr_dissect_delete_dom_alias_rqst(tvbuff_t *tvb, int offset,
3711 packet_info *pinfo, proto_tree *tree,
3714 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3721 samr_dissect_delete_dom_alias_reply(tvbuff_t *tvb, int offset,
3722 packet_info *pinfo, proto_tree *tree,
3725 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3732 samr_dissect_add_alias_member_rqst(tvbuff_t *tvb, int offset,
3733 packet_info *pinfo, proto_tree *tree,
3736 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3737 hf_samr_hnd, NULL, FALSE, FALSE);
3739 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3740 dissect_ndr_nt_SID, NDR_POINTER_REF,
3746 samr_dissect_add_alias_member_reply(tvbuff_t *tvb, int offset,
3747 packet_info *pinfo, proto_tree *tree,
3750 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3757 samr_dissect_remove_alias_member_rqst(tvbuff_t *tvb, int offset,
3758 packet_info *pinfo, proto_tree *tree,
3761 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3762 hf_samr_hnd, NULL, FALSE, FALSE);
3764 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3765 dissect_ndr_nt_SID, NDR_POINTER_REF,
3771 samr_dissect_remove_alias_member_reply(tvbuff_t *tvb, int offset,
3772 packet_info *pinfo, proto_tree *tree,
3775 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3782 samr_dissect_delete_dom_user_rqst(tvbuff_t *tvb, int offset,
3783 packet_info *pinfo, proto_tree *tree,
3786 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3787 hf_samr_hnd, NULL, FALSE, FALSE);
3793 samr_dissect_delete_dom_user_reply(tvbuff_t *tvb, int offset,
3794 packet_info *pinfo, proto_tree *tree,
3797 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3804 samr_dissect_test_private_fns_domain_rqst(tvbuff_t *tvb, int offset,
3805 packet_info *pinfo, proto_tree *tree,
3808 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3809 hf_samr_hnd, NULL, FALSE, FALSE);
3815 samr_dissect_test_private_fns_domain_reply(tvbuff_t *tvb, int offset,
3817 proto_tree *tree, char *drep)
3819 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3826 samr_dissect_test_private_fns_user_rqst(tvbuff_t *tvb, int offset,
3827 packet_info *pinfo, proto_tree *tree,
3830 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3831 hf_samr_hnd, NULL, FALSE, FALSE);
3837 samr_dissect_test_private_fns_user_reply(tvbuff_t *tvb, int offset,
3839 proto_tree *tree, char *drep)
3841 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3848 samr_dissect_remove_member_from_foreign_domain_rqst(tvbuff_t *tvb, int offset,
3853 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3854 hf_samr_hnd, NULL, FALSE, FALSE);
3856 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3857 dissect_ndr_nt_SID, NDR_POINTER_REF,
3863 samr_dissect_remove_member_from_foreign_domain_reply(tvbuff_t *tvb, int offset,
3868 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3875 samr_dissect_remove_multiple_members_from_alias_rqst(tvbuff_t *tvb,
3881 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3882 hf_samr_hnd, NULL, FALSE, FALSE);
3884 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3885 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3886 "PSID_ARRAY:", -1, 0);
3892 samr_dissect_remove_multiple_members_from_alias_reply(tvbuff_t *tvb,
3898 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3905 samr_dissect_open_group_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
3906 proto_tree *tree, char *drep)
3908 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
3909 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
3912 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3913 hf_samr_hnd, NULL, FALSE, FALSE);
3915 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3916 hf_samr_access, NULL);
3918 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3921 if (check_col(pinfo->cinfo, COL_INFO))
3922 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
3924 dcv->private_data = (void *)rid;
3930 samr_dissect_open_group_reply(tvbuff_t *tvb, int offset,
3931 packet_info *pinfo, proto_tree *tree,
3934 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3935 hf_samr_hnd, NULL, TRUE, FALSE);
3937 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3944 samr_dissect_open_alias_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
3945 proto_tree *tree, char *drep)
3947 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
3948 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
3951 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3952 hf_samr_hnd, NULL, FALSE, FALSE);
3954 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3955 hf_samr_access, NULL);
3957 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3960 if (check_col(pinfo->cinfo, COL_INFO))
3961 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
3963 dcv->private_data = (void *)rid;
3969 samr_dissect_open_alias_reply(tvbuff_t *tvb, int offset,
3970 packet_info *pinfo, proto_tree *tree,
3973 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3974 hf_samr_hnd, NULL, TRUE, FALSE);
3976 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3983 samr_dissect_add_multiple_members_to_alias_rqst(tvbuff_t *tvb, int offset,
3985 proto_tree *tree, char *drep)
3987 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3988 hf_samr_hnd, NULL, FALSE, FALSE);
3990 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3991 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3992 "PSID_ARRAY:", -1, 0);
3998 samr_dissect_add_multiple_members_to_alias_reply(tvbuff_t *tvb, int offset,
4000 proto_tree *tree, char *drep)
4002 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4009 samr_dissect_create_group_in_domain_rqst(tvbuff_t *tvb, int offset,
4010 packet_info *pinfo, proto_tree *tree,
4013 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4014 hf_samr_hnd, NULL, FALSE, FALSE);
4016 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4017 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
4018 "Account Name", hf_samr_acct_name, 0);
4020 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4021 hf_samr_access, NULL);
4027 samr_dissect_create_group_in_domain_reply(tvbuff_t *tvb, int offset,
4028 packet_info *pinfo, proto_tree *tree,
4031 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4032 hf_samr_hnd, NULL, TRUE, FALSE);
4034 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4037 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4044 samr_dissect_query_information_domain_rqst(tvbuff_t *tvb, int offset,
4046 proto_tree *tree, char *drep)
4048 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4049 hf_samr_hnd, NULL, FALSE, FALSE);
4051 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4052 hf_samr_level, NULL);
4058 samr_dissect_query_information_domain_reply(tvbuff_t *tvb, int offset,
4059 packet_info *pinfo, proto_tree *tree,
4063 * Yes, in at least one capture with replies from a W2K server,
4064 * this was, indeed, a UNIQUE pointer, not a REF pointer.
4066 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4067 samr_dissect_DOMAIN_INFO, NDR_POINTER_UNIQUE,
4068 "DOMAIN_INFO pointer", hf_samr_domain, 0);
4070 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4077 samr_dissect_query_information_user_rqst(tvbuff_t *tvb, int offset,
4079 proto_tree *tree, char *drep)
4081 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4082 hf_samr_hnd, NULL, FALSE, FALSE);
4084 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4085 hf_samr_level, NULL);
4091 samr_dissect_query_information_user_reply(tvbuff_t *tvb, int offset,
4093 proto_tree *tree, char *drep)
4095 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4096 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
4097 "USER_INFO:", -1, 0);
4099 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4105 static dcerpc_sub_dissector dcerpc_samr_dissectors[] = {
4106 { SAMR_CONNECT_ANON, "ConnectAnonymous",
4107 samr_dissect_connect_anon_rqst,
4108 samr_dissect_connect_anon_reply },
4109 { SAMR_CLOSE_HND, "Close",
4110 samr_dissect_close_hnd_rqst,
4111 samr_dissect_close_hnd_reply },
4112 { SAMR_SET_SEC_OBJECT, "SetSecObject",
4113 samr_dissect_set_sec_object_rqst,
4114 samr_dissect_set_sec_object_reply },
4115 { SAMR_QUERY_SEC_OBJECT, "QuerySecObject",
4116 samr_dissect_query_sec_object_rqst,
4117 samr_dissect_query_sec_object_reply },
4118 { SAMR_SHUTDOWN_SAM_SERVER, "ShutdownSamServer",
4119 samr_dissect_shutdown_sam_server_rqst,
4120 samr_dissect_shutdown_sam_server_reply },
4121 { SAMR_LOOKUP_DOMAIN, "LookupDomain",
4122 samr_dissect_lookup_domain_rqst,
4123 samr_dissect_lookup_domain_reply },
4124 { SAMR_ENUM_DOMAINS, "EnumDomains",
4125 samr_dissect_enum_domains_rqst,
4126 samr_dissect_enum_domains_reply },
4127 { SAMR_OPEN_DOMAIN, "OpenDomain",
4128 samr_dissect_open_domain_rqst,
4129 samr_dissect_open_domain_reply },
4130 { SAMR_QUERY_DOMAIN_INFO, "QueryDomainInfo",
4131 samr_dissect_query_information_alias_rqst,
4132 samr_dissect_query_information_domain_reply },
4133 { SAMR_SET_DOMAIN_INFO, "SetDomainInfo",
4134 samr_dissect_set_information_domain_rqst,
4135 samr_dissect_set_information_domain_reply },
4136 { SAMR_CREATE_DOM_GROUP, "CreateGroup",
4137 samr_dissect_create_alias_in_domain_rqst,
4138 samr_dissect_create_alias_in_domain_reply },
4139 { SAMR_ENUM_DOM_GROUPS, "EnumDomainGroups",
4140 samr_dissect_enum_dom_groups_rqst,
4141 samr_dissect_enum_dom_groups_reply },
4142 { SAMR_CREATE_USER_IN_DOMAIN, "CreateUser",
4143 samr_dissect_create_group_in_domain_rqst,
4144 samr_dissect_create_group_in_domain_reply },
4145 { SAMR_ENUM_DOM_USERS, "EnumDomainUsers",
4146 samr_dissect_enum_dom_groups_rqst,
4147 samr_dissect_enum_dom_groups_reply },
4148 { SAMR_CREATE_DOM_ALIAS, "CreateAlias",
4149 samr_dissect_create_alias_in_domain_rqst,
4150 samr_dissect_create_alias_in_domain_reply },
4151 { SAMR_ENUM_DOM_ALIASES, "EnumAlises",
4152 samr_dissect_enum_dom_aliases_rqst,
4153 samr_dissect_enum_dom_aliases_reply },
4154 { SAMR_GET_ALIAS_MEMBERSHIP, "GetAliasMem",
4155 samr_dissect_get_alias_membership_rqst,
4156 samr_dissect_get_alias_membership_reply },
4157 { SAMR_LOOKUP_NAMES, "LookupNames",
4158 samr_dissect_lookup_names_rqst,
4159 samr_dissect_lookup_names_reply },
4160 { SAMR_LOOKUP_RIDS, "LookupRIDs",
4161 samr_dissect_lookup_rids_rqst,
4162 samr_dissect_lookup_rids_reply },
4163 { SAMR_OPEN_GROUP, "OpenGroup",
4164 samr_dissect_open_group_rqst,
4165 samr_dissect_open_group_reply },
4166 { SAMR_QUERY_GROUPINFO, "QueryGroupInfo",
4167 samr_dissect_query_information_group_rqst,
4168 samr_dissect_query_information_group_reply },
4169 { SAMR_SET_GROUPINFO, "SetGroupInfo",
4170 samr_dissect_set_information_group_rqst,
4171 samr_dissect_set_information_group_reply },
4172 { SAMR_ADD_GROUPMEM, "AddGroupMem",
4173 samr_dissect_add_member_to_group_rqst,
4174 samr_dissect_add_member_to_group_reply },
4175 { SAMR_DELETE_DOM_GROUP, "DeleteDomainGroup",
4176 samr_dissect_delete_dom_group_rqst,
4177 samr_dissect_delete_dom_group_reply },
4178 { SAMR_DEL_GROUPMEM, "RemoveGroupMem",
4179 samr_dissect_remove_member_from_group_rqst,
4180 samr_dissect_remove_member_from_group_reply },
4181 { SAMR_QUERY_GROUPMEM, "QueryGroupMem",
4182 samr_dissect_query_groupmem_rqst,
4183 samr_dissect_query_groupmem_reply },
4184 { SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SetMemberAttrGroup",
4185 samr_dissect_set_member_attributes_of_group_rqst,
4186 samr_dissect_set_member_attributes_of_group_reply },
4187 { SAMR_OPEN_ALIAS, "OpenAlias",
4188 samr_dissect_open_alias_rqst,
4189 samr_dissect_open_alias_reply },
4190 { SAMR_QUERY_ALIASINFO, "QueryAliasInfo",
4191 samr_dissect_query_information_alias_rqst,
4192 samr_dissect_query_information_alias_reply },
4193 { SAMR_SET_ALIASINFO, "SetAliasInfo",
4194 samr_dissect_set_information_alias_rqst,
4195 samr_dissect_set_information_alias_reply },
4196 { SAMR_DELETE_DOM_ALIAS, "DeleteAlias",
4197 samr_dissect_delete_dom_alias_rqst,
4198 samr_dissect_delete_dom_alias_reply },
4199 { SAMR_ADD_ALIASMEM, "AddAliasMem",
4200 samr_dissect_add_alias_member_rqst,
4201 samr_dissect_add_alias_member_reply },
4202 { SAMR_DEL_ALIASMEM, "RemoveAliasMem",
4203 samr_dissect_remove_alias_member_rqst,
4204 samr_dissect_remove_alias_member_reply },
4205 { SAMR_GET_MEMBERS_IN_ALIAS, "GetAliasMem",
4206 samr_dissect_get_members_in_alias_rqst,
4207 samr_dissect_get_members_in_alias_reply },
4208 { SAMR_OPEN_USER, "OpenUser",
4209 samr_dissect_open_user_rqst,
4210 samr_dissect_open_user_reply },
4211 { SAMR_DELETE_DOM_USER, "DeleteUser",
4212 samr_dissect_delete_dom_user_rqst,
4213 samr_dissect_delete_dom_user_reply },
4214 { SAMR_QUERY_USERINFO, "QueryUserInfo",
4215 samr_dissect_query_information_user_rqst,
4216 samr_dissect_query_information_user_reply },
4217 { SAMR_SET_USERINFO2, "SetUserInfo2",
4218 samr_dissect_set_information_user2_rqst,
4219 samr_dissect_set_information_user2_reply },
4220 { SAMR_CHANGE_PASSWORD_USER, "ChangePassword",
4221 samr_dissect_change_password_user_rqst,
4222 samr_dissect_change_password_user_reply },
4223 { SAMR_GET_GROUPS_FOR_USER, "GetGroups",
4224 samr_dissect_get_groups_for_user_rqst,
4225 samr_dissect_get_groups_for_user_reply },
4226 { SAMR_QUERY_DISPINFO, "QueryDispinfo",
4227 samr_dissect_query_dispinfo_rqst,
4228 samr_dissect_query_dispinfo_reply },
4229 { SAMR_GET_DISPLAY_ENUMERATION_INDEX, "GetDispEnumNDX",
4230 samr_dissect_get_display_enumeration_index_rqst,
4231 samr_dissect_get_display_enumeration_index_reply },
4232 { SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "TestPrivateFnsDomain",
4233 samr_dissect_test_private_fns_domain_rqst,
4234 samr_dissect_test_private_fns_domain_reply },
4235 { SAMR_TEST_PRIVATE_FUNCTIONS_USER, "TestPrivateFnsUser",
4236 samr_dissect_test_private_fns_user_rqst,
4237 samr_dissect_test_private_fns_user_reply },
4238 { SAMR_GET_USRDOM_PWINFO, "GetUserDomPwInfo",
4239 samr_dissect_get_usrdom_pwinfo_rqst,
4240 samr_dissect_get_usrdom_pwinfo_reply },
4241 { SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "RemoveMemberForeignDomain",
4242 samr_dissect_remove_member_from_foreign_domain_rqst,
4243 samr_dissect_remove_member_from_foreign_domain_reply },
4244 { SAMR_QUERY_INFORMATION_DOMAIN2, "QueryDomInfo2",
4245 samr_dissect_query_information_domain_rqst,
4246 samr_dissect_query_information_domain_reply },
4247 { SAMR_UNKNOWN_2f, "Unknown 0x2f",
4248 samr_dissect_unknown_2f_rqst,
4249 samr_dissect_unknown_2f_reply },
4250 { SAMR_QUERY_DISPINFO2, "QueryDispinfo2",
4251 samr_dissect_query_dispinfo_rqst,
4252 samr_dissect_query_dispinfo_reply },
4253 { SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "GetDispEnumNDX2",
4254 samr_dissect_get_display_enumeration_index2_rqst,
4255 samr_dissect_get_display_enumeration_index2_reply },
4256 { SAMR_CREATE_USER2_IN_DOMAIN, "CreateUser2",
4257 samr_dissect_create_user2_in_domain_rqst,
4258 samr_dissect_create_user2_in_domain_reply },
4259 { SAMR_QUERY_DISPINFO3, "QueryDispinfo3",
4260 samr_dissect_query_dispinfo_rqst,
4261 samr_dissect_query_dispinfo_reply },
4262 { SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "AddAliasMemMultiple",
4263 samr_dissect_add_multiple_members_to_alias_rqst,
4264 samr_dissect_add_multiple_members_to_alias_reply },
4265 { SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "RemoveAliasMemMultiple",
4266 samr_dissect_remove_multiple_members_from_alias_rqst,
4267 samr_dissect_remove_multiple_members_from_alias_reply },
4268 { SAMR_OEM_CHANGE_PASSWORD_USER2, "OEMChangePassword2",
4269 samr_dissect_oem_change_password_user2_rqst,
4270 samr_dissect_oem_change_password_user2_reply },
4271 { SAMR_UNICODE_CHANGE_PASSWORD_USER2, "UnicodeChangePassword2",
4272 samr_dissect_unicode_change_password_user2_rqst,
4273 samr_dissect_unicode_change_password_user2_reply },
4274 { SAMR_GET_DOM_PWINFO, "GetDomainPasswordInfo",
4275 samr_dissect_get_domain_password_information_rqst,
4276 samr_dissect_get_domain_password_information_reply },
4277 { SAMR_CONNECT2, "Connect2",
4278 samr_dissect_connect2_rqst,
4279 samr_dissect_connect2_reply },
4280 { SAMR_SET_USERINFO, "SetUserInfo",
4281 samr_dissect_set_information_user2_rqst,
4282 samr_dissect_set_information_user2_reply },
4283 { SAMR_UNKNOWN_3B, "Unknown 0x3b",
4284 samr_dissect_unknown_3b_rqst,
4285 samr_dissect_unknown_3b_reply },
4286 { SAMR_UNKNOWN_3C, "Unknown 0x3c",
4287 samr_dissect_unknown_3c_rqst,
4288 samr_dissect_unknown_3c_reply },
4289 {0, NULL, NULL, NULL }
4292 static const value_string samr_opnum_vals[] = {
4293 { SAMR_CONNECT_ANON, "ConnectAnonymous" },
4294 { SAMR_CLOSE_HND, "Close" },
4295 { SAMR_SET_SEC_OBJECT, "SetSecObject" },
4296 { SAMR_QUERY_SEC_OBJECT, "QuerySecObject" },
4297 { SAMR_SHUTDOWN_SAM_SERVER, "ShutdownSamServer" },
4298 { SAMR_LOOKUP_DOMAIN, "LookupDomain" },
4299 { SAMR_ENUM_DOMAINS, "EnumDomains" },
4300 { SAMR_OPEN_DOMAIN, "OpenDomain" },
4301 { SAMR_QUERY_DOMAIN_INFO, "QueryDomainInfo" },
4302 { SAMR_SET_DOMAIN_INFO, "SetDomainInfo" },
4303 { SAMR_CREATE_DOM_GROUP, "CreateGroup" },
4304 { SAMR_ENUM_DOM_GROUPS, "EnumDomainGroups" },
4305 { SAMR_CREATE_USER_IN_DOMAIN, "CreateUser" },
4306 { SAMR_ENUM_DOM_USERS, "EnumDomainUsers" },
4307 { SAMR_CREATE_DOM_ALIAS, "CreateAlias" },
4308 { SAMR_ENUM_DOM_ALIASES, "EnumAlises" },
4309 { SAMR_GET_ALIAS_MEMBERSHIP, "GetAliasMem" },
4310 { SAMR_LOOKUP_NAMES, "LookupNames" },
4311 { SAMR_LOOKUP_RIDS, "LookupRIDs" },
4312 { SAMR_OPEN_GROUP, "OpenGroup" },
4313 { SAMR_QUERY_GROUPINFO, "QueryGroupInfo" },
4314 { SAMR_SET_GROUPINFO, "SetGroupInfo" },
4315 { SAMR_ADD_GROUPMEM, "AddGroupMem" },
4316 { SAMR_DELETE_DOM_GROUP, "DeleteDomainGroup" },
4317 { SAMR_DEL_GROUPMEM, "RemoveGroupMem" },
4318 { SAMR_QUERY_GROUPMEM, "QueryGroupMem" },
4319 { SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SetMemberAttrGroup" },
4320 { SAMR_OPEN_ALIAS, "OpenAlias" },
4321 { SAMR_QUERY_ALIASINFO, "QueryAliasInfo" },
4322 { SAMR_SET_ALIASINFO, "SetAliasInfo" },
4323 { SAMR_DELETE_DOM_ALIAS, "DeleteAlias" },
4324 { SAMR_ADD_ALIASMEM, "AddAliasMem" },
4325 { SAMR_DEL_ALIASMEM, "RemoveAliasMem" },
4326 { SAMR_GET_MEMBERS_IN_ALIAS, "GetAliasMem" },
4327 { SAMR_OPEN_USER, "OpenUser" },
4328 { SAMR_DELETE_DOM_USER, "DeleteUser" },
4329 { SAMR_QUERY_USERINFO, "QueryUserInfo" },
4330 { SAMR_SET_USERINFO2, "SetUserInfo2" },
4331 { SAMR_CHANGE_PASSWORD_USER, "ChangePassword" },
4332 { SAMR_GET_GROUPS_FOR_USER, "GetGroups" },
4333 { SAMR_QUERY_DISPINFO, "QueryDispinfo" },
4334 { SAMR_GET_DISPLAY_ENUMERATION_INDEX, "GetDispEnumNDX" },
4335 { SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "TestPrivateFnsDomain" },
4336 { SAMR_TEST_PRIVATE_FUNCTIONS_USER, "TestPrivateFnsUser" },
4337 { SAMR_GET_USRDOM_PWINFO, "GetUserDomPwInfo" },
4338 { SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "RemoveMemberForeignDomain" },
4339 { SAMR_QUERY_INFORMATION_DOMAIN2, "QueryDomInfo2" },
4340 { SAMR_UNKNOWN_2f, "Unknown 0x2f" },
4341 { SAMR_QUERY_DISPINFO2, "QueryDispinfo2" },
4342 { SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "GetDispEnumNDX2" },
4343 { SAMR_CREATE_USER2_IN_DOMAIN, "CreateUser2" },
4344 { SAMR_QUERY_DISPINFO3, "QueryDispinfo3" },
4345 { SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "AddAliasMemMultiple" },
4346 { SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "RemoveAliasMemMultiple" },
4347 { SAMR_OEM_CHANGE_PASSWORD_USER2, "OEMChangePassword2" },
4348 { SAMR_UNICODE_CHANGE_PASSWORD_USER2, "UnicodeChangePassword2" },
4349 { SAMR_GET_DOM_PWINFO, "GetDomainPasswordInfo" },
4350 { SAMR_CONNECT2, "Connect2" },
4351 { SAMR_SET_USERINFO, "SetUserInfo" },
4352 { SAMR_UNKNOWN_3B, "Unknown 0x3b" },
4353 { SAMR_UNKNOWN_3C, "Unknown 0x3c" },
4358 proto_register_dcerpc_samr(void)
4360 static hf_register_info hf[] = {
4363 { "Operation", "samr.opnum", FT_UINT16, BASE_DEC,
4364 VALS(samr_opnum_vals), 0x0, "Operation", HFILL }},
4367 { "Context Handle", "samr.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }},
4369 { "Group", "samr.group", FT_UINT32, BASE_DEC, NULL, 0x0, "Group", HFILL }},
4371 { "Rid", "samr.rid", FT_UINT32, BASE_DEC, NULL, 0x0, "RID", HFILL }},
4373 { "Type", "samr.type", FT_UINT32, BASE_HEX, NULL, 0x0, "Type", HFILL }},
4375 { "Alias", "samr.alias", FT_UINT32, BASE_HEX, NULL, 0x0, "Alias", HFILL }},
4376 { &hf_samr_rid_attrib,
4377 { "Rid Attrib", "samr.rid.attrib", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
4379 { "Attributes", "samr.attr", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
4381 { "Return code", "samr.rc", FT_UINT32, BASE_HEX, VALS (NT_errors), 0x0, "", HFILL }},
4384 { "Level", "samr.level", FT_UINT16, BASE_DEC,
4385 NULL, 0x0, "Level requested/returned for Information", HFILL }},
4386 { &hf_samr_start_idx,
4387 { "Start Idx", "samr.start_idx", FT_UINT32, BASE_DEC,
4388 NULL, 0x0, "Start Index for returned Information", HFILL }},
4391 { "Entries", "samr.entries", FT_UINT32, BASE_DEC,
4392 NULL, 0x0, "Number of entries to return", HFILL }},
4394 { &hf_samr_max_entries,
4395 { "Max Entries", "samr.max_entries", FT_UINT32, BASE_DEC,
4396 NULL, 0x0, "Maximum number of entries", HFILL }},
4398 { &hf_samr_pref_maxsize,
4399 { "Pref MaxSize", "samr.pref_maxsize", FT_UINT32, BASE_DEC,
4400 NULL, 0x0, "Maximum Size of data to return", HFILL }},
4402 { &hf_samr_total_size,
4403 { "Total Size", "samr.total_size", FT_UINT32, BASE_DEC,
4404 NULL, 0x0, "Total size of data", HFILL }},
4406 { &hf_samr_bad_pwd_count,
4407 { "Bad Pwd Count", "samr.bad_pwd_count", FT_UINT16, BASE_DEC,
4408 NULL, 0x0, "Number of bad pwd entries for this user", HFILL }},
4410 { &hf_samr_logon_count,
4411 { "Logon Count", "samr.logon_count", FT_UINT16, BASE_DEC,
4412 NULL, 0x0, "Number of logons for this user", HFILL }},
4414 { &hf_samr_ret_size,
4415 { "Returned Size", "samr.ret_size", FT_UINT32, BASE_DEC,
4416 NULL, 0x0, "Number of returned objects in this PDU", HFILL }},
4419 { "Index", "samr.index", FT_UINT32, BASE_DEC,
4420 NULL, 0x0, "Index", HFILL }},
4423 { "Count", "samr.count", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of elements in following array", HFILL }},
4425 { &hf_samr_alias_name,
4426 { "Alias Name", "samr.alias_name", FT_STRING, BASE_NONE,
4427 NULL, 0, "Name of Alias", HFILL }},
4429 { &hf_samr_group_name,
4430 { "Group Name", "samr.group_name", FT_STRING, BASE_NONE,
4431 NULL, 0, "Name of Group", HFILL }},
4433 { &hf_samr_acct_name,
4434 { "Account Name", "samr.acct_name", FT_STRING, BASE_NONE,
4435 NULL, 0, "Name of Account", HFILL }},
4438 { "Server", "samr.server", FT_STRING, BASE_NONE,
4439 NULL, 0, "Name of Server", HFILL }},
4442 { "Domain", "samr.domain", FT_STRING, BASE_NONE,
4443 NULL, 0, "Name of Domain", HFILL }},
4445 { &hf_samr_controller,
4446 { "DC", "samr.dc", FT_STRING, BASE_NONE,
4447 NULL, 0, "Name of Domain Controller", HFILL }},
4449 { &hf_samr_full_name,
4450 { "Full Name", "samr.full_name", FT_STRING, BASE_NONE,
4451 NULL, 0, "Full Name of Account", HFILL }},
4454 { "Home", "samr.home", FT_STRING, BASE_NONE,
4455 NULL, 0, "Home directory for this user", HFILL }},
4457 { &hf_samr_home_drive,
4458 { "Home Drive", "samr.home_drive", FT_STRING, BASE_NONE,
4459 NULL, 0, "Home drive for this user", HFILL }},
4462 { "Script", "samr.script", FT_STRING, BASE_NONE,
4463 NULL, 0, "Login script for this user", HFILL }},
4465 { &hf_samr_workstations,
4466 { "Workstations", "samr.workstations", FT_STRING, BASE_NONE,
4467 NULL, 0, "", HFILL }},
4470 { "Profile", "samr.profile", FT_STRING, BASE_NONE,
4471 NULL, 0, "Profile for this user", HFILL }},
4473 { &hf_samr_acct_desc,
4474 { "Account Desc", "samr.acct_desc", FT_STRING, BASE_NONE,
4475 NULL, 0, "Account Description", HFILL }},
4478 { "Comment", "samr.comment", FT_STRING, BASE_NONE,
4479 NULL, 0, "Comment", HFILL }},
4481 { &hf_samr_parameters,
4482 { "Parameters", "samr.parameters", FT_STRING, BASE_NONE,
4483 NULL, 0, "Parameters", HFILL }},
4485 { &hf_samr_unknown_string,
4486 { "Unknown string", "samr.unknown_string", FT_STRING, BASE_NONE,
4487 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
4489 { &hf_samr_unknown_hyper,
4490 { "Unknown hyper", "samr.unknown.hyper", FT_UINT64, BASE_HEX,
4491 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4492 { &hf_samr_unknown_long,
4493 { "Unknown long", "samr.unknown.long", FT_UINT32, BASE_HEX,
4494 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4496 { &hf_samr_unknown_short,
4497 { "Unknown short", "samr.unknown.short", FT_UINT16, BASE_HEX,
4498 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4500 { &hf_samr_unknown_char,
4501 { "Unknown char", "samr.unknown.char", FT_UINT8, BASE_HEX,
4502 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4504 { &hf_samr_revision,
4505 { "Revision", "samr.revision", FT_UINT64, BASE_HEX,
4506 NULL, 0x0, "Revision number for this structure", HFILL }},
4508 { &hf_samr_nt_pwd_set,
4509 { "NT Pwd Set", "samr.nt_pwd_set", FT_UINT8, BASE_HEX,
4510 NULL, 0x0, "Flag indicating whether the NT password has been set", HFILL }},
4512 { &hf_samr_lm_pwd_set,
4513 { "LM Pwd Set", "samr.lm_pwd_set", FT_UINT8, BASE_HEX,
4514 NULL, 0x0, "Flag indicating whether the LanManager password has been set", HFILL }},
4516 { &hf_samr_pwd_expired,
4517 { "Expired flag", "samr.pwd_Expired", FT_UINT8, BASE_HEX,
4518 NULL, 0x0, "Flag indicating if the password for this account has expired or not", HFILL }},
4520 /* XXX - is this a standard NT access mask? */
4522 { "Access Mask", "samr.access", FT_UINT32, BASE_HEX,
4523 NULL, 0x0, "Access", HFILL }},
4526 { "Mask", "samr.mask", FT_UINT32, BASE_HEX,
4527 NULL, 0x0, "Mask", HFILL }},
4529 { &hf_samr_crypt_password, {
4530 "Password", "samr.crypt_password", FT_BYTES, BASE_HEX,
4531 NULL, 0, "Encrypted Password", HFILL }},
4533 { &hf_samr_crypt_hash, {
4534 "Hash", "samr.crypt_hash", FT_BYTES, BASE_HEX,
4535 NULL, 0, "Encrypted Hash", HFILL }},
4537 { &hf_samr_lm_change, {
4538 "LM Change", "samr.lm_change", FT_UINT8, BASE_HEX,
4539 NULL, 0, "LM Change value", HFILL }},
4541 { &hf_samr_max_pwd_age,
4542 { "Max Pwd Age", "samr.max_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
4543 NULL, 0, "Maximum Password Age before it expires", HFILL }},
4545 { &hf_samr_min_pwd_age,
4546 { "Min Pwd Age", "samr.min_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
4547 NULL, 0, "Minimum Password Age before it can be changed", HFILL }},
4548 { &hf_samr_unknown_time,
4549 { "Unknown time", "samr.unknown_time", FT_ABSOLUTE_TIME, BASE_NONE,
4550 NULL, 0, "Unknown NT TIME, contact ethereal developers if you know what this is", HFILL }},
4551 { &hf_samr_logon_time,
4552 { "Logon Time", "samr.logon_time", FT_ABSOLUTE_TIME, BASE_NONE,
4553 NULL, 0, "Time for last time this user logged on", HFILL }},
4554 { &hf_samr_kickoff_time,
4555 { "Kickoff Time", "samr.kickoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
4556 NULL, 0, "Time when this user will be kicked off", HFILL }},
4557 { &hf_samr_logoff_time,
4558 { "Logoff Time", "samr.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
4559 NULL, 0, "Time for last time this user logged off", HFILL }},
4560 { &hf_samr_pwd_last_set_time,
4561 { "PWD Last Set", "samr.pwd_last_set_time", FT_ABSOLUTE_TIME, BASE_NONE,
4562 NULL, 0, "Last time this users password was changed", HFILL }},
4563 { &hf_samr_pwd_can_change_time,
4564 { "PWD Can Change", "samr.pwd_can_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
4565 NULL, 0, "When this users password may be changed", HFILL }},
4566 { &hf_samr_pwd_must_change_time,
4567 { "PWD Must Change", "samr.pwd_must_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
4568 NULL, 0, "When this users password must be changed", HFILL }},
4569 { &hf_samr_acct_expiry_time,
4570 { "Acct Expiry", "samr.acct_expiry_time", FT_ABSOLUTE_TIME, BASE_NONE,
4571 NULL, 0, "When this user account expires", HFILL }},
4573 { &hf_samr_min_pwd_len, {
4574 "Min Pwd Len", "samr.min_pwd_len", FT_UINT16, BASE_DEC,
4575 NULL, 0, "Minimum Password Length", HFILL }},
4576 { &hf_samr_pwd_history_len, {
4577 "Pwd History Len", "samr.pwd_history_len", FT_UINT16, BASE_DEC,
4578 NULL, 0, "Password History Length", HFILL }},
4579 { &hf_samr_num_users, {
4580 "Num Users", "samr.num_users", FT_UINT32, BASE_DEC,
4581 NULL, 0, "Number of users in this domain", HFILL }},
4582 { &hf_samr_num_groups, {
4583 "Num Groups", "samr.num_groups", FT_UINT32, BASE_DEC,
4584 NULL, 0, "Number of groups in this domain", HFILL }},
4585 { &hf_samr_num_aliases, {
4586 "Num Aliases", "samr.num_aliases", FT_UINT32, BASE_DEC,
4587 NULL, 0, "Number of aliases in this domain", HFILL }},
4588 { &hf_samr_info_type, {
4589 "Info Type", "samr.info_type", FT_UINT32, BASE_DEC,
4590 NULL, 0, "Information Type", HFILL }},
4591 { &hf_samr_resume_hnd, {
4592 "Resume Hnd", "samr.resume_hnd", FT_UINT32, BASE_DEC,
4593 NULL, 0, "Resume handle", HFILL }},
4594 { &hf_samr_country, {
4595 "Country", "samr.country", FT_UINT16, BASE_DEC,
4596 VALS(ms_country_codes), 0, "Country setting for this user", HFILL }},
4597 { &hf_samr_codepage, {
4598 "Codepage", "samr.codepage", FT_UINT16, BASE_DEC,
4599 NULL, 0, "Codepage setting for this user", HFILL }},
4600 { &hf_samr_divisions, {
4601 "Divisions", "samr.divisions", FT_UINT16, BASE_DEC,
4602 NULL, 0, "Number of divisions for LOGON_HOURS", HFILL }},
4604 /* these are used by packet-dcerpc-nt.c */
4605 { &hf_nt_string_length,
4606 { "Length", "nt.string.length", FT_UINT16, BASE_DEC,
4607 NULL, 0x0, "Length of string in bytes", HFILL }},
4609 { &hf_nt_string_size,
4610 { "Size", "nt.string.size", FT_UINT16, BASE_DEC,
4611 NULL, 0x0, "Size of string in bytes", HFILL }},
4614 { "Length", "nt.str.len", FT_UINT32, BASE_DEC,
4615 NULL, 0x0, "Length of string in short integers", HFILL }},
4618 { "Offset", "nt.str.offset", FT_UINT32, BASE_DEC,
4619 NULL, 0x0, "Offset into string in short integers", HFILL }},
4621 { &hf_nt_str_max_len,
4622 { "Max Length", "nt.str.max_len", FT_UINT32, BASE_DEC,
4623 NULL, 0x0, "Max Length of string in short integers", HFILL }},
4626 { "Acct Ctrl", "nt.acct_ctrl", FT_UINT32, BASE_HEX,
4627 NULL, 0x0, "Acct CTRL", HFILL }},
4629 { &hf_nt_acb_disabled, {
4630 "", "nt.acb.disabled", FT_BOOLEAN, 32,
4631 TFS(&tfs_nt_acb_disabled), 0x0001, "If this account is enabled or disabled", HFILL }},
4633 { &hf_nt_acb_homedirreq, {
4634 "", "nt.acb.homedirreq", FT_BOOLEAN, 32,
4635 TFS(&tfs_nt_acb_homedirreq), 0x0002, "Is hom,edirs required for this account?", HFILL }},
4637 { &hf_nt_acb_pwnotreq, {
4638 "", "nt.acb.pwnotreq", FT_BOOLEAN, 32,
4639 TFS(&tfs_nt_acb_pwnotreq), 0x0004, "If a password is required for this account?", HFILL }},
4641 { &hf_nt_acb_tempdup, {
4642 "", "nt.acb.tempdup", FT_BOOLEAN, 32,
4643 TFS(&tfs_nt_acb_tempdup), 0x0008, "If this is a temporary duplicate account", HFILL }},
4645 { &hf_nt_acb_normal, {
4646 "", "nt.acb.normal", FT_BOOLEAN, 32,
4647 TFS(&tfs_nt_acb_normal), 0x0010, "If this is a normal user account", HFILL }},
4650 "", "nt.acb.mns", FT_BOOLEAN, 32,
4651 TFS(&tfs_nt_acb_mns), 0x0020, "MNS logon user account", HFILL }},
4653 { &hf_nt_acb_domtrust, {
4654 "", "nt.acb.domtrust", FT_BOOLEAN, 32,
4655 TFS(&tfs_nt_acb_domtrust), 0x0040, "Interdomain trust account", HFILL }},
4657 { &hf_nt_acb_wstrust, {
4658 "", "nt.acb.wstrust", FT_BOOLEAN, 32,
4659 TFS(&tfs_nt_acb_wstrust), 0x0080, "Workstation trust account", HFILL }},
4661 { &hf_nt_acb_svrtrust, {
4662 "", "nt.acb.svrtrust", FT_BOOLEAN, 32,
4663 TFS(&tfs_nt_acb_svrtrust), 0x0100, "Server trust account", HFILL }},
4665 { &hf_nt_acb_pwnoexp, {
4666 "", "nt.acb.pwnoexp", FT_BOOLEAN, 32,
4667 TFS(&tfs_nt_acb_pwnoexp), 0x0200, "If this account expires or not", HFILL }},
4669 { &hf_nt_acb_autolock, {
4670 "", "nt.acb.autolock", FT_BOOLEAN, 32,
4671 TFS(&tfs_nt_acb_autolock), 0x0400, "If this account has been autolocked", HFILL }}
4673 static gint *ett[] = {
4675 &ett_samr_user_dispinfo_1,
4676 &ett_samr_user_dispinfo_1_array,
4677 &ett_samr_user_dispinfo_2,
4678 &ett_samr_user_dispinfo_2_array,
4679 &ett_samr_group_dispinfo,
4680 &ett_samr_group_dispinfo_array,
4681 &ett_samr_ascii_dispinfo,
4682 &ett_samr_ascii_dispinfo_array,
4683 &ett_samr_display_info,
4684 &ett_samr_password_info,
4686 &ett_samr_user_group,
4687 &ett_samr_user_group_array,
4688 &ett_samr_alias_info,
4689 &ett_samr_group_info,
4690 &ett_samr_domain_info_1,
4691 &ett_samr_domain_info_2,
4692 &ett_samr_domain_info_8,
4693 &ett_samr_replication_status,
4694 &ett_samr_domain_info_11,
4695 &ett_samr_domain_info_13,
4696 &ett_samr_domain_info,
4697 &ett_samr_sid_pointer,
4698 &ett_samr_sid_array,
4699 &ett_samr_index_array,
4700 &ett_samr_idx_and_name,
4701 &ett_samr_idx_and_name_array,
4702 &ett_samr_logon_hours,
4703 &ett_samr_logon_hours_hours,
4704 &ett_samr_user_info_1,
4705 &ett_samr_user_info_2,
4706 &ett_samr_user_info_3,
4707 &ett_samr_user_info_5,
4708 &ett_samr_user_info_6,
4709 &ett_samr_user_info_18,
4710 &ett_samr_user_info_19,
4711 &ett_samr_buffer_buffer,
4713 &ett_samr_user_info_21,
4714 &ett_samr_user_info_22,
4715 &ett_samr_user_info_23,
4716 &ett_samr_user_info_24,
4717 &ett_samr_user_info,
4718 &ett_samr_member_array_types,
4719 &ett_samr_member_array_rids,
4720 &ett_samr_member_array,
4723 &ett_samr_sid_and_attributes_array,
4724 &ett_samr_sid_and_attributes,
4728 proto_dcerpc_samr = proto_register_protocol(
4729 "Microsoft Security Account Manager", "SAMR", "samr");
4731 proto_register_field_array (proto_dcerpc_samr, hf, array_length (hf));
4732 proto_register_subtree_array(ett, array_length(ett));
4736 proto_reg_handoff_dcerpc_samr(void)
4738 /* Register protocol as dcerpc */
4740 dcerpc_init_uuid(proto_dcerpc_samr, ett_dcerpc_samr, &uuid_dcerpc_samr,
4741 ver_dcerpc_samr, dcerpc_samr_dissectors, hf_samr_opnum);