* Copyright 2001,2003 Tim Potter <tpot@samba.org>
* 2002 structure and command dissectors by Ronnie Sahlberg
*
- * $Id: packet-dcerpc-netlogon.c,v 1.80 2003/05/15 04:58:53 tpot Exp $
+ * $Id: packet-dcerpc-netlogon.c,v 1.97 2004/03/05 23:12:09 sahlberg Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
static int hf_netlogon_pwd_must_change_time = -1;
static int hf_netlogon_nt_chal_resp = -1;
static int hf_netlogon_lm_chal_resp = -1;
-static int hf_netlogon_credential_high = -1;
-static int hf_netlogon_credential_low = -1;
+static int hf_netlogon_credential = -1;
static int hf_netlogon_acct_name = -1;
static int hf_netlogon_acct_desc = -1;
static int hf_netlogon_group_desc = -1;
static int hf_netlogon_logon_srv = -1;
static int hf_netlogon_principal = -1;
static int hf_netlogon_logon_dom = -1;
+static int hf_netlogon_resourcegroupdomainsid = -1;
+static int hf_netlogon_resourcegroupcount = -1;
static int hf_netlogon_downlevel_domain_name = -1;
static int hf_netlogon_dns_domain_name = -1;
static int hf_netlogon_domain_name = -1;
static int
netlogon_dissect_LOGONSRV_HANDLE(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_UNIQUE, "Server Handle",
static int
netlogon_dissect_VALIDATION_UAS_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
dcerpc_info *di;
}
/*
- * IDL long NetLogonUasLogon(
+ * IDL long NetrLogonUasLogon(
* IDL [in][unique][string] wchar_t *ServerName,
* IDL [in][ref][string] wchar_t *UserName,
* IDL [in][ref][string] wchar_t *Workstation,
* IDL );
*/
static int
-netlogon_dissect_netlogonuaslogon_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonuaslogon_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_netlogonuaslogon_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonuaslogon_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_VALIDATION_UAS_INFO, NDR_POINTER_UNIQUE,
static int
netlogon_dissect_LOGOFF_UAS_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
dcerpc_info *di;
}
/*
- * IDL long NetLogonUasLogoff(
+ * IDL long NetrLogonUasLogoff(
* IDL [in][unique][string] wchar_t *ServerName,
* IDL [in][ref][string] wchar_t *UserName,
* IDL [in][ref][string] wchar_t *Workstation,
* IDL );
*/
static int
-netlogon_dissect_netlogonuaslogoff_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonuaslogoff_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_netlogonuaslogoff_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonuaslogoff_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_LOGOFF_UAS_INFO, NDR_POINTER_REF,
static int
netlogon_dissect_LOGON_IDENTITY_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
static int
netlogon_dissect_LM_OWF_PASSWORD(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep _U_)
+ guint8 *drep _U_)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
static int
netlogon_dissect_NT_OWF_PASSWORD(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep _U_)
+ guint8 *drep _U_)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
static int
netlogon_dissect_INTERACTIVE_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = netlogon_dissect_LOGON_IDENTITY_INFO(tvb, offset,
pinfo, tree, drep);
static int
netlogon_dissect_CHALLENGE(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep _U_)
+ guint8 *drep _U_)
{
dcerpc_info *di;
static int
netlogon_dissect_NETWORK_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = netlogon_dissect_LOGON_IDENTITY_INFO(tvb, offset,
pinfo, tree, drep);
static int
netlogon_dissect_SERVICE_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = netlogon_dissect_LOGON_IDENTITY_INFO(tvb, offset,
pinfo, tree, drep);
static int
netlogon_dissect_LEVEL(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
guint16 level;
static int
netlogon_dissect_CREDENTIAL(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep _U_)
+ guint8 *drep _U_)
{
dcerpc_info *di;
return offset;
}
- proto_tree_add_item(
- tree, hf_netlogon_credential_low, tvb, offset, 4, TRUE);
- offset += 4;
-
- proto_tree_add_item(
- tree, hf_netlogon_credential_high, tvb, offset, 4, TRUE);
- offset += 4;
+ proto_tree_add_item(tree, hf_netlogon_credential, tvb, offset, 8,
+ FALSE);
+ offset += 8;
return offset;
}
static int
netlogon_dissect_AUTHENTICATOR(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
dcerpc_info *di;
nstime_t ts;
static int
netlogon_dissect_GROUP_MEMBERSHIP(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
}
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
- hf_netlogon_user_rid, NULL);
+ hf_netlogon_group_rid, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_attrs, NULL);
static int
netlogon_dissect_GROUP_MEMBERSHIP_ARRAY(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_GROUP_MEMBERSHIP);
static int
netlogon_dissect_USER_SESSION_KEY(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep _U_)
+ guint8 *drep _U_)
{
dcerpc_info *di;
static int
netlogon_dissect_VALIDATION_SAM_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
int i;
hf_netlogon_logon_dom, 0);
offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep);
+ pinfo, tree, drep, -1);
for(i=0;i<10;i++){
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
static int
netlogon_dissect_VALIDATION_SAM_INFO2(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
int i;
hf_netlogon_logon_dom, 0);
offset = dissect_ndr_nt_PSID(tvb, offset,
+ pinfo, tree, drep, -1);
+
+ for(i=0;i<10;i++){
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_unknown_long, NULL);
+ }
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_num_other_groups, NULL);
+
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
+ "SID_AND_ATTRIBUTES_ARRAY:", -1);
+
+ return offset;
+}
+
+
+
+
+
+/*
+ * IDL typedef struct {
+ * IDL uint64 LogonTime;
+ * IDL uint64 LogoffTime;
+ * IDL uint64 KickOffTime;
+ * IDL uint64 PasswdLastSet;
+ * IDL uint64 PasswdCanChange;
+ * IDL uint64 PasswdMustChange;
+ * IDL unicodestring effectivename;
+ * IDL unicodestring fullname;
+ * IDL unicodestring logonscript;
+ * IDL unicodestring profilepath;
+ * IDL unicodestring homedirectory;
+ * IDL unicodestring homedirectorydrive;
+ * IDL short LogonCount;
+ * IDL short BadPasswdCount;
+ * IDL long userid;
+ * IDL long primarygroup;
+ * IDL long groupcount;
+ * IDL [unique] GROUP_MEMBERSHIP *groupids;
+ * IDL long userflags;
+ * IDL USER_SESSION_KEY key;
+ * IDL unicodestring logonserver;
+ * IDL unicodestring domainname;
+ * IDL [unique] SID logondomainid;
+ * IDL long expansionroom[10];
+ * IDL long sidcount;
+ * IDL [unique] SID_AND_ATTRIBS;
+ * IDL [unique] SID resourcegroupdomainsid;
+ * IDL long resourcegroupcount;
+qqq
+ * IDL } PAC_LOGON_INFO;
+ */
+int
+netlogon_dissect_PAC_LOGON_INFO(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
+ guint8 *drep)
+{
+ int i;
+ guint32 rgc;
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_logon_time);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_logoff_time);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_kickoff_time);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_pwd_last_set_time);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_pwd_can_change_time);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_pwd_must_change_time);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_acct_name, 0);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_full_name, 0);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_logon_script, 0);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_profile_path, 0);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_home_dir, 0);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_dir_drive, 0);
+
+ offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_logon_count16, NULL);
+
+ offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_bad_pw_count16, NULL);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_user_rid, NULL);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_group_rid, NULL);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_num_rids, NULL);
+
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ netlogon_dissect_GROUP_MEMBERSHIP_ARRAY, NDR_POINTER_UNIQUE,
+ "GROUP_MEMBERSHIP_ARRAY", -1);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_user_flags, NULL);
+
+ offset = netlogon_dissect_USER_SESSION_KEY(tvb, offset,
pinfo, tree, drep);
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_logon_srv, 0);
+
+ offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_logon_dom, 0);
+
+ offset = dissect_ndr_nt_PSID(tvb, offset,
+ pinfo, tree, drep, -1);
+
for(i=0;i<10;i++){
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_unknown_long, NULL);
dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
"SID_AND_ATTRIBUTES_ARRAY:", -1);
+ offset = dissect_ndr_nt_PSID(tvb, offset,
+ pinfo, tree, drep, hf_netlogon_resourcegroupdomainsid);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_resourcegroupcount, &rgc);
+
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ netlogon_dissect_GROUP_MEMBERSHIP_ARRAY, NDR_POINTER_UNIQUE,
+ "ResourceGroupIDs", -1);
+
return offset;
}
static int
netlogon_dissect_PAC(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep _U_)
+ guint8 *drep _U_)
{
dcerpc_info *di;
guint32 pac_size;
static int
netlogon_dissect_AUTH(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep _U_)
+ guint8 *drep _U_)
{
dcerpc_info *di;
guint32 auth_size;
static int
netlogon_dissect_VALIDATION_PAC_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
int i;
static int
netlogon_dissect_VALIDATION(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
guint16 level;
/*
- * IDL long NetLogonSamLogon(
+ * IDL long NetrLogonSamLogon(
* IDL [in][unique][string] wchar_t *ServerName,
* IDL [in][unique][string] wchar_t *Workstation,
* IDL [in][unique] AUTHENTICATOR *credential,
* IDL );
*/
static int
-netlogon_dissect_netlogonsamlogon_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonsamlogon_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
}
static int
-netlogon_dissect_netlogonsamlogon_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonsamlogon_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_AUTHENTICATOR, NDR_POINTER_UNIQUE,
/*
- * IDL long NetLogonSamLogoff(
+ * IDL long NetrLogonSamLogoff(
* IDL [in][unique][string] wchar_t *ServerName,
* IDL [in][unique][string] wchar_t *ComputerName,
* IDL [in][unique] AUTHENTICATOR credential,
* IDL );
*/
static int
-netlogon_dissect_netlogonsamlogoff_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonsamlogoff_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
return offset;
}
static int
-netlogon_dissect_netlogonsamlogoff_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonsamlogoff_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
/*
- * IDL long NetServerReqChallenge(
+ * IDL long NetrServerReqChallenge(
* IDL [in][unique][string] wchar_t *ServerName,
* IDL [in][ref][string] wchar_t *ComputerName,
* IDL [in][ref] CREDENTIAL client_credential,
* IDL );
*/
static int
-netlogon_dissect_netserverreqchallenge_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverreqchallenge_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
return offset;
}
static int
-netlogon_dissect_netserverreqchallenge_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverreqchallenge_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_CREDENTIAL, NDR_POINTER_REF,
static int
netlogon_dissect_NETLOGON_SECURE_CHANNEL_TYPE(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
hf_netlogon_secure_channel_type, NULL);
/*
- * IDL long NetServerAuthenticate(
+ * IDL long NetrServerAuthenticate(
* IDL [in][unique][string] wchar_t *ServerName,
* IDL [in][ref][string] wchar_t *UserName,
* IDL [in] short secure_challenge_type,
* IDL );
*/
static int
-netlogon_dissect_netserverauthenticate_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverauthenticate_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
return offset;
}
static int
-netlogon_dissect_netserverauthenticate_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverauthenticate_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_CREDENTIAL, NDR_POINTER_REF,
static int
netlogon_dissect_ENCRYPTED_LM_OWF_PASSWORD(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep _U_)
+ guint8 *drep _U_)
{
dcerpc_info *di;
}
/*
- * IDL long NetServerPasswordSet(
+ * IDL long NetrServerPasswordSet(
* IDL [in][unique][string] wchar_t *ServerName,
* IDL [in][ref][string] wchar_t *UserName,
* IDL [in] short secure_challenge_type,
* IDL );
*/
static int
-netlogon_dissect_netserverpasswordset_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverpasswordset_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
return offset;
}
static int
-netlogon_dissect_netserverpasswordset_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverpasswordset_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
static int
netlogon_dissect_DELTA_DELETE_USER(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_UNIQUE, "Account Name", hf_netlogon_acct_name, 0);
static int
netlogon_dissect_SENSITIVE_DATA(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
dcerpc_info *di;
guint32 data_len;
static int
netlogon_dissect_USER_PRIVATE_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
hf_netlogon_sensitive_data_flag, NULL);
static int
netlogon_dissect_DELTA_USER(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
- hf_netlogon_acct_name, 0);
+ hf_netlogon_acct_name, 3);
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_netlogon_full_name, 0);
static int
netlogon_dissect_DELTA_DOMAIN(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
- hf_netlogon_domain_name, 1);
+ hf_netlogon_domain_name, 3);
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_netlogon_oem_info, 0);
static int
netlogon_dissect_DELTA_GROUP(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
- hf_netlogon_group_name, 0);
+ hf_netlogon_group_name, 3);
offset = netlogon_dissect_GROUP_MEMBERSHIP(tvb, offset,
pinfo, tree, drep);
static int
netlogon_dissect_DELTA_RENAME(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
dcerpc_info *di;
static int
netlogon_dissect_RID(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_user_rid, NULL);
static int
netlogon_dissect_RID_array(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_RID);
static int
netlogon_dissect_ATTRIB(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_attrs, NULL);
static int
netlogon_dissect_ATTRIB_array(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_ATTRIB);
static int
netlogon_dissect_DELTA_GROUP_MEMBER(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_RID_array, NDR_POINTER_UNIQUE,
static int
netlogon_dissect_DELTA_ALIAS(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_netlogon_alias_name, 0);
static int
netlogon_dissect_DELTA_ALIAS_MEMBER(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_nt_PSID_ARRAY(tvb, offset, pinfo, tree, drep);
static int
netlogon_dissect_EVENT_AUDIT_OPTION(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_event_audit_option, NULL);
static int
netlogon_dissect_EVENT_AUDIT_OPTIONS_ARRAY(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_EVENT_AUDIT_OPTION);
static int
netlogon_dissect_QUOTA_LIMITS(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
static int
netlogon_dissect_DELTA_POLICY(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_max_log_size, NULL);
hf_netlogon_domain_name, 0);
offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep);
+ pinfo, tree, drep, -1);
offset = netlogon_dissect_QUOTA_LIMITS(tvb, offset,
pinfo, tree, drep);
static int
netlogon_dissect_CONTROLLER(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_netlogon_dc_name, 0);
static int
netlogon_dissect_CONTROLLER_ARRAY(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_CONTROLLER);
static int
netlogon_dissect_DELTA_TRUSTED_DOMAINS(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_netlogon_domain_name, 0);
static int
netlogon_dissect_PRIV_ATTR(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_attrs, NULL);
static int
netlogon_dissect_PRIV_ATTR_ARRAY(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_PRIV_ATTR);
static int
netlogon_dissect_PRIV_NAME(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_netlogon_privilege_name, 1);
static int
netlogon_dissect_PRIV_NAME_ARRAY(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_PRIV_NAME);
static int
netlogon_dissect_DELTA_ACCOUNTS(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_privilege_entries, NULL);
static int
netlogon_dissect_CIPHER_VALUE_DATA(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
dcerpc_info *di;
guint32 data_len;
static int
netlogon_dissect_CIPHER_VALUE(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep, char *name, int hf_index)
+ guint8 *drep, char *name, int hf_index)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
static int
netlogon_dissect_DELTA_SECRET(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = netlogon_dissect_CIPHER_VALUE(tvb, offset,
pinfo, tree, drep,
static int
netlogon_dissect_MODIFIED_COUNT(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint64(tvb, offset, pinfo, tree, drep,
hf_netlogon_modify_count, NULL);
static int
netlogon_dissect_DELTA_UNION(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
static int
netlogon_dissect_DELTA_ID_UNION(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
}
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
- hf_netlogon_level16, &level);
+ hf_netlogon_delta_type, &level);
ALIGN_TO_4_BYTES;
switch(level){
case 1:
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
- hf_netlogon_user_rid, NULL);
+ hf_netlogon_group_rid, NULL);
break;
case 2:
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
break;
case 13:
offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep);
+ pinfo, tree, drep, -1);
break;
case 14:
offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep);
+ pinfo, tree, drep, -1);
break;
case 15:
offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep);
+ pinfo, tree, drep, -1);
break;
case 16:
offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep);
+ pinfo, tree, drep, -1);
break;
case 17:
offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep);
+ pinfo, tree, drep, -1);
break;
case 18:
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo,
static int
netlogon_dissect_DELTA_ENUM(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
int old_offset=offset;
+ guint16 type;
if(parent_tree){
item = proto_tree_add_text(parent_tree, tvb, offset, 0,
}
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
- hf_netlogon_delta_type, NULL);
+ hf_netlogon_delta_type, &type);
+
+ proto_item_append_text(item, val_to_str(
+ type, delta_type_vals, "Unknown"));
offset = netlogon_dissect_DELTA_ID_UNION(tvb, offset,
pinfo, tree, drep);
static int
netlogon_dissect_DELTA_ENUM_array(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_DELTA_ENUM);
static int
netlogon_dissect_DELTA_ENUM_ARRAY(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_num_deltas, NULL);
/*
- * IDL long NetDatabaseDeltas(
+ * IDL long NetrDatabaseDeltas(
* IDL [in][string][ref] wchar_t *logonserver, # REF!!!
* IDL [in][string][ref] wchar_t *computername,
* IDL [in][ref] AUTHENTICATOR credential,
* IDL );
*/
static int
-netlogon_dissect_netsamdeltas_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrdatabasedeltas_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_REF, "Server Handle", hf_netlogon_logonsrv_handle, 0);
return offset;
}
static int
-netlogon_dissect_netsamdeltas_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrdatabasedeltas_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
/*
- * IDL long NetDatabaseSync(
+ * IDL long NetrDatabaseSync(
* IDL [in][string][ref] wchar_t *logonserver, # REF!!!
* IDL [in][string][ref] wchar_t *computername,
* IDL [in][ref] AUTHENTICATOR credential,
* IDL );
*/
static int
-netlogon_dissect_netlogondatabasesync_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrdatabasesync_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_REF, "Server Handle", hf_netlogon_logonsrv_handle, 0);
static int
-netlogon_dissect_netlogondatabasesync_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrdatabasesync_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
static int
netlogon_dissect_UAS_INFO_0(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
dcerpc_info *di;
static int
netlogon_dissect_BYTE_byte(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
hf_netlogon_unknown_char, NULL);
static int
netlogon_dissect_BYTE_array(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_BYTE_byte);
}
/*
- * IDL long NetAccountDelta(
+ * IDL long NetrAccountDeltas(
* IDL [in][string][unique] wchar_t *logonserver,
* IDL [in][string][ref] wchar_t *computername,
* IDL [in][ref] AUTHENTICATOR credential,
* IDL );
*/
static int
-netlogon_dissect_netlogonaccountdeltas_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netraccountdeltas_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
return offset;
}
static int
-netlogon_dissect_netlogonaccountdeltas_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netraccountdeltas_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
/*
- * IDL long NetAccountDelta(
+ * IDL long NetrAccountSync(
* IDL [in][string][unique] wchar_t *logonserver,
* IDL [in][string][ref] wchar_t *computername,
* IDL [in][ref] AUTHENTICATOR credential,
* IDL );
*/
static int
-netlogon_dissect_netlogonaccountsync_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netraccountsync_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
return offset;
}
static int
-netlogon_dissect_netlogonaccountsync_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netraccountsync_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
/*
- * IDL long NetGetDCName(
+ * IDL long NetrGetDcName(
* IDL [in][ref][string] wchar_t *logon_server,
* IDL [in][unique][string] wchar_t *domainname,
* IDL [out][unique][string] wchar_t *dcname,
* IDL };
*/
static int
-netlogon_dissect_netlogongetdcname_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrgetdcname_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_REF, "Server Handle", hf_netlogon_logonsrv_handle, 0);
return offset;
}
static int
-netlogon_dissect_netlogongetdcname_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrgetdcname_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_UNIQUE, "Domain", hf_netlogon_dc_name, 0);
static int
netlogon_dissect_NETLOGON_INFO_1(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_flags, NULL);
static int
netlogon_dissect_NETLOGON_INFO_2(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_flags, NULL);
static int
netlogon_dissect_NETLOGON_INFO_3(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_flags, NULL);
static int
netlogon_dissect_CONTROL_QUERY_INFORMATION(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
guint32 level;
/*
- * IDL long NetLogonControl(
+ * IDL long NetrLogonControl(
* IDL [in][string][unique] wchar_t *logonserver,
* IDL [in] long function_code,
* IDL [in] long level,
* IDL );
*/
static int
-netlogon_dissect_netlogoncontrol_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogoncontrol_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
return offset;
}
static int
-netlogon_dissect_netlogoncontrol_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogoncontrol_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_CONTROL_QUERY_INFORMATION, NDR_POINTER_REF,
/*
- * IDL long NetGetDCName(
+ * IDL long NetrGetAnyDCName(
* IDL [in][unique][string] wchar_t *logon_server,
* IDL [in][unique][string] wchar_t *domainname,
* IDL [out][unique][string] wchar_t *dcname,
* IDL };
*/
static int
-netlogon_dissect_netlogongetanydcname_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrgetanydcname_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_UNIQUE, "Server Handle",
return offset;
}
static int
-netlogon_dissect_netlogongetanydcname_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrgetanydcname_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_UNIQUE, "Domain", hf_netlogon_dc_name, 0);
static int
netlogon_dissect_CONTROL_DATA_INFORMATION(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
guint32 level;
/*
- * IDL long NetLogonControl2(
+ * IDL long NetrLogonControl2(
* IDL [in][string][unique] wchar_t *logonserver,
* IDL [in] long function_code,
* IDL [in] long level,
* IDL );
*/
static int
-netlogon_dissect_netlogoncontrol2_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogoncontrol2_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
}
static int
-netlogon_dissect_netlogoncontrol2_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogoncontrol2_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_CONTROL_QUERY_INFORMATION, NDR_POINTER_REF,
/*
- * IDL long NetServerAuthenticate2(
+ * IDL long NetrServerAuthenticate2(
* IDL [in][string][unique] wchar_t *logonserver,
* IDL [in][ref][string] wchar_t *username,
* IDL [in] short secure_channel_type,
* IDL );
*/
static int
-netlogon_dissect_netserverauthenticate2_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverauthenticate2_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
}
static int
-netlogon_dissect_netserverauthenticate2_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverauthenticate2_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_CREDENTIAL, NDR_POINTER_REF,
/*
- * IDL long NetDatabaseSync2(
+ * IDL long NetrDatabaseSync2(
* IDL [in][string][ref] wchar_t *logonserver, # REF!!!
* IDL [in][string][ref] wchar_t *computername,
* IDL [in][ref] AUTHENTICATOR credential,
* IDL );
*/
static int
-netlogon_dissect_netdatabasesync2_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrdatabasesync2_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_REF, "Server Handle", hf_netlogon_logonsrv_handle, 0);
}
static int
-netlogon_dissect_netdatabasesync2_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrdatabasesync2_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
/*
- * IDL long NetDatabaseRedo(
+ * IDL long NetrDatabaseRedo(
* IDL [in][string][ref] wchar_t *logonserver, # REF!!!
* IDL [in][string][ref] wchar_t *computername,
* IDL [in][ref] AUTHENTICATOR credential,
* IDL );
*/
static int
-netlogon_dissect_netlogondatabaseredo_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrdatabaseredo_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_REF, "Server Handle", hf_netlogon_logonsrv_handle, 0);
}
static int
-netlogon_dissect_netlogondatabaseredo_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrdatabaseredo_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
}
-/* XXX NetMon does not recognize this as a valid function. Muddle however
- * tells us what parameters it takes but not their names.
- * It looks similar to logoncontrol2. perhaps it is logoncontrol3?
- */
/*
- * IDL long NetFunction_12(
+ * IDL long NetrLogonControl2Ex(
* IDL [in][string][unique] wchar_t *logonserver,
* IDL [in] long function_code,
* IDL [in] long level,
* IDL );
*/
static int
-netlogon_dissect_function_12_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogoncontrol2ex_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
return offset;
}
static int
-netlogon_dissect_function_12_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogoncontrol2ex_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_CONTROL_QUERY_INFORMATION, NDR_POINTER_REF,
-/*qqq*/
-/* Updated above this line */
-
static const value_string trust_type_vals[] = {
{ 1, "DOWNLEVEL" },
{ 2, "UPLEVEL" },
};
static int
netlogon_dissect_DOMAIN_TRUST_FLAGS(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *parent_tree, char *drep)
+ packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
{
guint32 mask;
proto_item *item = NULL;
};
static int
netlogon_dissect_GET_DCNAME_REQUEST_FLAGS(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *parent_tree, char *drep)
+ packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
{
guint32 mask;
proto_item *item = NULL;
};
static int
netlogon_dissect_DC_FLAGS(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *parent_tree, char *drep)
+ packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
{
guint32 mask;
proto_item *item = NULL;
static int
netlogon_dissect_pointer_long(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
dcerpc_info *di;
static int
netlogon_dissect_pointer_char(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
dcerpc_info *di;
return offset;
}
-static int
-netlogon_dissect_UNICODE_STRING(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *parent_tree,
- char *drep, int type, int hf_index, dcerpc_callback_fnct_t *callback)
-{
- proto_item *item=NULL;
- proto_tree *tree=NULL;
- int old_offset=offset;
- dcerpc_info *di;
- char *name;
-
- di=pinfo->private_data;
- if(di->conformant_run){
- /*just a run to handle conformant arrays, nothing to dissect */
- return offset;
- }
-
- name = proto_registrar_get_name(hf_index);
- if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, -1,
- "%s", name);
- tree = proto_item_add_subtree(item, ett_nt_unicode_string);
- }
-
- offset = dissect_ndr_pointer_cb(tvb, offset, pinfo, tree, drep,
- dissect_ndr_wchar_cvstring, type,
- name, hf_index, callback, NULL);
-
- proto_item_set_len(item, offset-old_offset);
- return offset;
-}
-
-
static int
netlogon_dissect_UNICODE_MULTI_byte(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
hf_netlogon_unknown_char, NULL);
static int
netlogon_dissect_UNICODE_MULTI_array(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_UNICODE_MULTI_byte);
static int
netlogon_dissect_UNICODE_MULTI(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
int
dissect_nt_GUID(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset=dissect_ndr_uuid_t(tvb, offset, pinfo, tree, drep, hf_netlogon_guid, NULL);
static int
netlogon_dissect_DOMAIN_CONTROLLER_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
static int
netlogon_dissect_BLOB_array(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
guint32 len;
dcerpc_info *di;
static int
netlogon_dissect_BLOB(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
static int
netlogon_dissect_DOMAIN_TRUST_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
static int
netlogon_dissect_DOMAIN_TRUST_INFO_ARRAY(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_DOMAIN_TRUST_INFO);
static int
netlogon_dissect_DOMAIN_QUERY_1(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = netlogon_dissect_BLOB(tvb, offset,
pinfo, tree, drep);
static int
netlogon_dissect_DOMAIN_INFO_1(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = netlogon_dissect_DOMAIN_TRUST_INFO(tvb, offset, pinfo, tree, drep);
static int
netlogon_dissect_DOMAIN_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
guint32 level;
static int
netlogon_dissect_UNICODE_STRING_512(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
static int
netlogon_dissect_element_844_byte(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
hf_netlogon_unknown_char, NULL);
static int
netlogon_dissect_element_844_array(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_element_844_byte);
static int
netlogon_dissect_TYPE_50(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
static int
netlogon_dissect_TYPE_50_ptr(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_TYPE_50, NDR_POINTER_UNIQUE,
static int
netlogon_dissect_DS_DOMAIN_TRUSTS(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *parent_tree, char *drep)
+ packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
{
guint32 tmp;
proto_item *item=NULL;
hf_netlogon_trust_attribs, &tmp);
/* SID pointer */
- offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep, -1);
/* GUID */
offset = dissect_nt_GUID(tvb, offset, pinfo, tree, drep);
static int
netlogon_dissect_DS_DOMAIN_TRUSTS_ARRAY(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_DS_DOMAIN_TRUSTS);
static int
netlogon_dissect_element_865_byte(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
hf_netlogon_unknown_char, NULL);
static int
netlogon_dissect_element_865_array(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_element_865_byte);
static int
netlogon_dissect_element_866_byte(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
hf_netlogon_unknown_char, NULL);
static int
netlogon_dissect_element_866_array(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
netlogon_dissect_element_866_byte);
static int
netlogon_dissect_TYPE_52(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
static int
netlogon_dissect_TYPE_52_ptr(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_TYPE_52, NDR_POINTER_UNIQUE,
static int
netlogon_dissect_TYPE_44(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
+ guint8 *drep)
{
proto_item *item=NULL;
proto_tree *tree=NULL;
static int
netlogon_dissect_DOMAIN_QUERY(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
- char *drep)
+ guint8 *drep)
{
guint32 level;
}
static int
-netlogon_dissect_nettrusteddomainlist_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_nettrusteddomainlist_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_UNICODE_MULTI, NDR_POINTER_REF,
}
static int
-netlogon_dissect_dsrgetdcname2_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_dsrgetdcname_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_dsrgetdcname2_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_dsrgetdcname_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_DOMAIN_CONTROLLER_INFO, NDR_POINTER_UNIQUE,
}
static int
-netlogon_dissect_function_15_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogondummyroutine1_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_function_15_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogondummyroutine1_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_AUTHENTICATOR, NDR_POINTER_UNIQUE,
}
static int
-netlogon_dissect_function_16_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonsetservicebits_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_function_16_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonsetservicebits_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
hf_netlogon_rc, NULL);
return offset;
}
+
static int
-netlogon_dissect_function_17_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogongettrustrid_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_function_17_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogongettrustrid_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_pointer_long, NDR_POINTER_UNIQUE,
return offset;
}
+
static int
-netlogon_dissect_function_18_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogoncomputeserverdigest_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
netlogon_dissect_BYTE_16_array(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
int i;
}
static int
-netlogon_dissect_function_18_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogoncomputeserverdigest_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_BYTE_16_array, NDR_POINTER_UNIQUE,
}
static int
-netlogon_dissect_function_19_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogoncomputeclientdigest_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_function_19_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogoncomputeclientdigest_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_BYTE_16_array, NDR_POINTER_UNIQUE,
}
static int
-netlogon_dissect_netserverauthenticate3_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverauthenticate3_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_netserverauthenticate3_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverauthenticate3_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_CREDENTIAL, NDR_POINTER_REF,
}
static int
-netlogon_dissect_dsrgetdcname_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_dsrgetdcnameex_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_dsrgetdcname_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_dsrgetdcnameex_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_DOMAIN_CONTROLLER_INFO, NDR_POINTER_UNIQUE,
static int
netlogon_dissect_dsrgetsitename_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
netlogon_dissect_dsrgetsitename_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- NDR_POINTER_REF, hf_netlogon_site_name, 0);
+ /* XXX hmmm this does not really look like a UNIQUE pointer but
+ will do for now. I think it is really a 32bit integer followed by
+ a REF pointer to a unicode string */
+ offset = dissect_ndr_pointer_cb(tvb, offset, pinfo, tree, drep,
+ dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Site Name",
+ hf_netlogon_site_name, cb_wstr_postprocess,
+ GINT_TO_POINTER(CB_STR_COL_INFO | 1));
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
hf_netlogon_rc, NULL);
static int
netlogon_dissect_netrlogongetdomaininfo_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
/* Unlike the other NETLOGON RPCs, this is not a unique pointer. */
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
static int
netlogon_dissect_netrlogongetdomaininfo_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
}
static int
-netlogon_dissect_function_1e_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverpasswordset2_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_function_1e_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverpasswordset2_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_AUTHENTICATOR, NDR_POINTER_UNIQUE,
}
static int
-netlogon_dissect_netserverpasswordset2_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverpasswordget_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_netserverpasswordset2_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrserverpasswordget_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
}
static int
-netlogon_dissect_function_20_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonsendtosam_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_function_20_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonsendtosam_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_AUTHENTICATOR, NDR_POINTER_UNIQUE,
}
static int
-netlogon_dissect_function_21_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_dsraddresstositenamesw_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_function_21_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_dsraddresstositenamesw_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_TYPE_50_ptr, NDR_POINTER_UNIQUE,
}
static int
-netlogon_dissect_function_22_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_dsrgetdcnameex2_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_function_22_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_dsrgetdcnameex2_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_DOMAIN_CONTROLLER_INFO, NDR_POINTER_UNIQUE,
}
static int
-netlogon_dissect_function_23_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogongettimeserviceparentdomain_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_function_23_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogongettimeserviceparentdomain_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_UNIQUE, "unknown string",
}
static int
-netlogon_dissect_function_24_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrenumeratetrusteddomainsex_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
}
static int
-netlogon_dissect_function_24_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrenumeratetrusteddomainsex_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_entries, NULL);
}
static int
-netlogon_dissect_function_25_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_dsraddresstositenamesexw_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_function_25_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_dsraddresstositenamesexw_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_TYPE_52_ptr, NDR_POINTER_UNIQUE,
static int
-netlogon_dissect_function_26_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_site_name_item(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
- NDR_POINTER_UNIQUE, "unknown string",
- hf_netlogon_unknown_string, 0);
+ offset = dissect_ndr_counted_string_cb(
+ tvb, offset, pinfo, tree, drep, hf_netlogon_site_name,
+ cb_wstr_postprocess,
+ GINT_TO_POINTER(CB_STR_COL_INFO | 1));
return offset;
}
+static int
+netlogon_dissect_site_name_array(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
+ netlogon_dissect_site_name_item);
+ return offset;
+}
static int
-netlogon_dissect_function_26_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_site_names(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- netlogon_dissect_TYPE_50_ptr, NDR_POINTER_UNIQUE,
- "TYPE_50** pointer: unknown_TYPE_50", -1);
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_count, NULL);
+
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ netlogon_dissect_site_name_array, NDR_POINTER_UNIQUE,
+ "Site name array", -1);
+
+ return offset;
+}
+
+static int
+netlogon_dissect_dsrgetdcsitecoveragew_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
+ pinfo, tree, drep);
+
+ return offset;
+}
+
+
+static int
+netlogon_dissect_dsrgetdcsitecoveragew_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ netlogon_dissect_site_names, NDR_POINTER_UNIQUE,
+ "Site names", -1);
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
hf_netlogon_rc, NULL);
}
static int
-netlogon_dissect_logonsamlogonex_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonsamlogonex_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_UNIQUE, "unknown string",
static int
-netlogon_dissect_logonsamlogonex_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_netrlogonsamlogonex_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_VALIDATION, NDR_POINTER_UNIQUE,
static int
-netlogon_dissect_dsenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_dsrenumeratedomaintrusts_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
static int
-netlogon_dissect_dsenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+netlogon_dissect_dsrenumeratedomaintrusts_reply(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_entries, NULL);
static int
netlogon_dissect_dsrderegisterdnshostrecords_rqst(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
pinfo, tree, drep);
"GUID pointer: dsa_guid", -1);
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
- NDR_POINTER_UNIQUE, "dns_host", hf_netlogon_dns_host, 0);
+ NDR_POINTER_REF, "dns_host", hf_netlogon_dns_host, 0);
return offset;
}
static int
netlogon_dissect_dsrderegisterdnshostrecords_reply(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree, char *drep)
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
hf_netlogon_rc, NULL);
static int hf_netlogon_secchan_bind_ack_unknown2 = -1;
static int hf_netlogon_secchan_bind_ack_unknown3 = -1;
-static gint ett_secchan = -1;
+static gint ett_secchan_verf = -1;
static gint ett_secchan_bind_creds = -1;
static gint ett_secchan_bind_ack_creds = -1;
-int netlogon_dissect_secchan_bind_creds(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree,
- char *drep)
+static int dissect_secchan_bind_creds(tvbuff_t *tvb, int offset,
+ packet_info *pinfo,
+ proto_tree *tree, guint8 *drep)
{
- int start_offset = offset;
proto_item *item = NULL;
proto_tree *subtree = NULL;
int len;
if (tree) {
item = proto_tree_add_text(
- tree, tvb, offset, 0,
+ tree, tvb, offset, -1,
"Secure Channel Bind Credentials");
subtree = proto_item_add_subtree(
item, ett_secchan_bind_creds);
offset += len;
- proto_item_set_len(item, offset - start_offset);
-
return offset;
}
-int netlogon_dissect_secchan_bind_ack_creds(tvbuff_t *tvb, int offset,
- packet_info *pinfo,
- proto_tree *tree, char *drep)
+static int dissect_secchan_bind_ack_creds(tvbuff_t *tvb, int offset,
+ packet_info *pinfo,
+ proto_tree *tree, guint8 *drep)
{
proto_item *item = NULL;
proto_tree *subtree = NULL;
if (tree) {
item = proto_tree_add_text(
- tree, tvb, offset, 0,
+ tree, tvb, offset, -1,
"Secure Channel Bind ACK Credentials");
subtree = proto_item_add_subtree(
item, ett_secchan_bind_ack_creds);
return offset;
}
-static int hf_netlogon_secchan = -1;
-static int hf_netlogon_secchan_sig = -1;
-static int hf_netlogon_secchan_unk = -1;
-static int hf_netlogon_secchan_seq = -1;
-static int hf_netlogon_secchan_nonce = -1;
-
-int netlogon_dissect_secchan_verf(tvbuff_t *tvb, int offset,
- packet_info *pinfo _U_, proto_tree *tree,
- char *drep _U_)
-{
- proto_item *vf;
- proto_tree *sec_chan_tree;
- /*
- * Create a new tree, and split into 4 components ...
- */
- vf = proto_tree_add_item(tree, hf_netlogon_secchan, tvb,
- offset, -1, FALSE);
- sec_chan_tree = proto_item_add_subtree(vf, ett_secchan);
-
- proto_tree_add_item(sec_chan_tree, hf_netlogon_secchan_sig, tvb,
- offset, 8, FALSE);
-
- proto_tree_add_item(sec_chan_tree, hf_netlogon_secchan_unk, tvb,
- offset + 8, 8, FALSE);
-
- proto_tree_add_item(sec_chan_tree, hf_netlogon_secchan_seq, tvb,
- offset + 16, 8, FALSE);
-
- proto_tree_add_item(sec_chan_tree, hf_netlogon_secchan_nonce, tvb,
- offset + 24, 8, FALSE);
-
- return offset;
-}
-
/* Subdissectors */
static dcerpc_sub_dissector dcerpc_netlogon_dissectors[] = {
- { NETLOGON_UASLOGON, "UasLogon",
- netlogon_dissect_netlogonuaslogon_rqst,
- netlogon_dissect_netlogonuaslogon_reply },
- { NETLOGON_UASLOGOFF, "UasLogoff",
- netlogon_dissect_netlogonuaslogoff_rqst,
- netlogon_dissect_netlogonuaslogoff_reply },
- { NETLOGON_NETLOGONSAMLOGON, "SamLogon",
- netlogon_dissect_netlogonsamlogon_rqst,
- netlogon_dissect_netlogonsamlogon_reply },
- { NETLOGON_NETLOGONSAMLOGOFF, "SamLogoff",
- netlogon_dissect_netlogonsamlogoff_rqst,
- netlogon_dissect_netlogonsamlogoff_reply },
- { NETLOGON_NETSERVERREQCHALLENGE, "ServerReqChallenge",
- netlogon_dissect_netserverreqchallenge_rqst,
- netlogon_dissect_netserverreqchallenge_reply },
- { NETLOGON_NETSERVERAUTHENTICATE, "ServerAuthenticate",
- netlogon_dissect_netserverauthenticate_rqst,
- netlogon_dissect_netserverauthenticate_reply },
- { NETLOGON_NETSERVERPASSWORDSET, "ServerPasswdSet",
- netlogon_dissect_netserverpasswordset_rqst,
- netlogon_dissect_netserverpasswordset_reply },
- { NETLOGON_NETSAMDELTAS, "DatabaseDeltas",
- netlogon_dissect_netsamdeltas_rqst,
- netlogon_dissect_netsamdeltas_reply },
- { NETLOGON_DATABASESYNC, "DatabaseSync",
- netlogon_dissect_netlogondatabasesync_rqst,
- netlogon_dissect_netlogondatabasesync_reply },
- { NETLOGON_ACCOUNTDELTAS, "AccountDeltas",
- netlogon_dissect_netlogonaccountdeltas_rqst,
- netlogon_dissect_netlogonaccountdeltas_reply },
- { NETLOGON_ACCOUNTSYNC, "AccountSync",
- netlogon_dissect_netlogonaccountsync_rqst,
- netlogon_dissect_netlogonaccountsync_reply },
- { NETLOGON_GETDCNAME, "GetDCName",
- netlogon_dissect_netlogongetdcname_rqst,
- netlogon_dissect_netlogongetdcname_reply },
- { NETLOGON_NETLOGONCONTROL, "LogonControl",
- netlogon_dissect_netlogoncontrol_rqst,
- netlogon_dissect_netlogoncontrol_reply },
- { NETLOGON_GETANYDCNAME, "GetAnyDCName",
- netlogon_dissect_netlogongetanydcname_rqst,
- netlogon_dissect_netlogongetanydcname_reply },
- { NETLOGON_NETLOGONCONTROL2, "LogonControl2",
- netlogon_dissect_netlogoncontrol2_rqst,
- netlogon_dissect_netlogoncontrol2_reply },
- { NETLOGON_NETSERVERAUTHENTICATE2, "ServerAuthenticate2",
- netlogon_dissect_netserverauthenticate2_rqst,
- netlogon_dissect_netserverauthenticate2_reply },
- { NETLOGON_NETDATABASESYNC2, "DatabaseSync2",
- netlogon_dissect_netdatabasesync2_rqst,
- netlogon_dissect_netdatabasesync2_reply },
- { NETLOGON_DATABASEREDO, "DatabaseRedo",
- netlogon_dissect_netlogondatabaseredo_rqst,
- netlogon_dissect_netlogondatabaseredo_reply },
- { NETLOGON_FUNCTION_12, "Function_0x12",
- netlogon_dissect_function_12_rqst,
- netlogon_dissect_function_12_reply },
- { NETLOGON_NETTRUSTEDDOMAINLIST, "TrustedDomainList",
- netlogon_dissect_nettrusteddomainlist_rqst,
- netlogon_dissect_nettrusteddomainlist_reply },
- { NETLOGON_DSRGETDCNAME2, "DsrGetDCName2",
- netlogon_dissect_dsrgetdcname2_rqst,
- netlogon_dissect_dsrgetdcname2_reply },
- { NETLOGON_FUNCTION_15, "Function 0x15",
- netlogon_dissect_function_15_rqst,
- netlogon_dissect_function_15_reply },
- { NETLOGON_FUNCTION_16, "Function 0x16",
- netlogon_dissect_function_16_rqst,
- netlogon_dissect_function_16_reply },
- { NETLOGON_FUNCTION_17, "Function 0x17",
- netlogon_dissect_function_17_rqst,
- netlogon_dissect_function_17_reply },
- { NETLOGON_FUNCTION_18, "Function 0x18",
- netlogon_dissect_function_18_rqst,
- netlogon_dissect_function_18_reply },
- { NETLOGON_FUNCTION_19, "Function 0x19",
- netlogon_dissect_function_19_rqst,
- netlogon_dissect_function_19_reply },
- { NETLOGON_NETSERVERAUTHENTICATE3, "ServerAuthenticate3",
- netlogon_dissect_netserverauthenticate3_rqst,
- netlogon_dissect_netserverauthenticate3_reply },
- { NETLOGON_DSRGETDCNAME, "DsrGetDCName",
+ { NETLOGON_NETRLOGONUASLOGON, "NetrLogonUasLogon",
+ netlogon_dissect_netrlogonuaslogon_rqst,
+ netlogon_dissect_netrlogonuaslogon_reply },
+ { NETLOGON_NETRLOGONUASLOGOFF, "NetrLogonUasLogoff",
+ netlogon_dissect_netrlogonuaslogoff_rqst,
+ netlogon_dissect_netrlogonuaslogoff_reply },
+ { NETLOGON_NETRLOGONSAMLOGON, "NetrLogonSamLogon",
+ netlogon_dissect_netrlogonsamlogon_rqst,
+ netlogon_dissect_netrlogonsamlogon_reply },
+ { NETLOGON_NETRLOGONSAMLOGOFF, "NetrLogonSamLogoff",
+ netlogon_dissect_netrlogonsamlogoff_rqst,
+ netlogon_dissect_netrlogonsamlogoff_reply },
+ { NETLOGON_NETRSERVERREQCHALLENGE, "NetrServerReqChallenge",
+ netlogon_dissect_netrserverreqchallenge_rqst,
+ netlogon_dissect_netrserverreqchallenge_reply },
+ { NETLOGON_NETRSERVERAUTHENTICATE, "NetrServerAuthenticate",
+ netlogon_dissect_netrserverauthenticate_rqst,
+ netlogon_dissect_netrserverauthenticate_reply },
+ { NETLOGON_NETRSERVERPASSWORDSET, "NetrServerPasswordSet",
+ netlogon_dissect_netrserverpasswordset_rqst,
+ netlogon_dissect_netrserverpasswordset_reply },
+ { NETLOGON_NETRDATABASEDELTAS, "NetrDatabaseDeltas",
+ netlogon_dissect_netrdatabasedeltas_rqst,
+ netlogon_dissect_netrdatabasedeltas_reply },
+ { NETLOGON_NETRDATABASESYNC, "NetrDatabaseSync",
+ netlogon_dissect_netrdatabasesync_rqst,
+ netlogon_dissect_netrdatabasesync_reply },
+ { NETLOGON_NETRACCOUNTDELTAS, "NetrAccountDeltas",
+ netlogon_dissect_netraccountdeltas_rqst,
+ netlogon_dissect_netraccountdeltas_reply },
+ { NETLOGON_NETRACCOUNTSYNC, "NetrAccountSync",
+ netlogon_dissect_netraccountsync_rqst,
+ netlogon_dissect_netraccountsync_reply },
+ { NETLOGON_NETRGETDCNAME, "NetrGetDCName",
+ netlogon_dissect_netrgetdcname_rqst,
+ netlogon_dissect_netrgetdcname_reply },
+ { NETLOGON_NETRLOGONCONTROL, "NetrLogonControl",
+ netlogon_dissect_netrlogoncontrol_rqst,
+ netlogon_dissect_netrlogoncontrol_reply },
+ { NETLOGON_NETRGETANYDCNAME, "NetrGetAnyDCName",
+ netlogon_dissect_netrgetanydcname_rqst,
+ netlogon_dissect_netrgetanydcname_reply },
+ { NETLOGON_NETRLOGONCONTROL2, "NetrLogonControl2",
+ netlogon_dissect_netrlogoncontrol2_rqst,
+ netlogon_dissect_netrlogoncontrol2_reply },
+ { NETLOGON_NETRSERVERAUTHENTICATE2, "NetrServerAuthenticate2",
+ netlogon_dissect_netrserverauthenticate2_rqst,
+ netlogon_dissect_netrserverauthenticate2_reply },
+ { NETLOGON_NETRDATABASESYNC2, "NetrDatabaseSync2",
+ netlogon_dissect_netrdatabasesync2_rqst,
+ netlogon_dissect_netrdatabasesync2_reply },
+ { NETLOGON_NETRDATABASEREDO, "NetrDatabaseRedo",
+ netlogon_dissect_netrdatabaseredo_rqst,
+ netlogon_dissect_netrdatabaseredo_reply },
+ { NETLOGON_NETRLOGONCONTROL2EX, "NetrLogonControl2Ex",
+ netlogon_dissect_netrlogoncontrol2ex_rqst,
+ netlogon_dissect_netrlogoncontrol2ex_reply },
+ { NETLOGON_NETRENUMERATETRUSTEDDOMAINS, "NetrEnumerateTrustedDomains",
+ netlogon_dissect_netrenumeratetrusteddomains_rqst,
+ netlogon_dissect_netrenumeratetrusteddomains_reply },
+ { NETLOGON_DSRGETDCNAME, "DsrGetDcName",
netlogon_dissect_dsrgetdcname_rqst,
netlogon_dissect_dsrgetdcname_reply },
+ { NETLOGON_NETRLOGONDUMMYROUTINE1, "NetrLogonDummyRoutine1",
+ netlogon_dissect_netrlogondummyroutine1_rqst,
+ netlogon_dissect_netrlogondummyroutine1_reply },
+ { NETLOGON_NETRLOGONSETSERVICEBITS, "NetrLogonSetServiceBits",
+ netlogon_dissect_netrlogonsetservicebits_rqst,
+ netlogon_dissect_netrlogonsetservicebits_reply },
+ { NETLOGON_NETRLOGONGETTRUSTRID, "NetrLogonGetTrustRid",
+ netlogon_dissect_netrlogongettrustrid_rqst,
+ netlogon_dissect_netrlogongettrustrid_reply },
+ { NETLOGON_NETRLOGONCOMPUTESERVERDIGEST, "NetrLogonComputeServerDigest",
+ netlogon_dissect_netrlogoncomputeserverdigest_rqst,
+ netlogon_dissect_netrlogoncomputeserverdigest_reply },
+ { NETLOGON_NETRLOGONCOMPUTECLIENTDIGEST, "NetrLogonComputeClientDigest",
+ netlogon_dissect_netrlogoncomputeclientdigest_rqst,
+ netlogon_dissect_netrlogoncomputeclientdigest_reply },
+ { NETLOGON_NETRSERVERAUTHENTICATE3, "NetrServerAuthenticate3",
+ netlogon_dissect_netrserverauthenticate3_rqst,
+ netlogon_dissect_netrserverauthenticate3_reply },
+ { NETLOGON_DSRGETDCNAMEX, "DsrGetDcNameEx",
+ netlogon_dissect_dsrgetdcnameex_rqst,
+ netlogon_dissect_dsrgetdcnameex_reply },
{ NETLOGON_DSRGETSITENAME, "DsrGetSiteName",
netlogon_dissect_dsrgetsitename_rqst,
netlogon_dissect_dsrgetsitename_reply },
{ NETLOGON_NETRLOGONGETDOMAININFO, "NetrLogonGetDomainInfo",
netlogon_dissect_netrlogongetdomaininfo_rqst,
netlogon_dissect_netrlogongetdomaininfo_reply },
- { NETLOGON_FUNCTION_1E, "Function_0x1E",
- netlogon_dissect_function_1e_rqst,
- netlogon_dissect_function_1e_reply },
- { NETLOGON_NETSERVERPASSWORDSET2, "ServerPasswordSet2",
- netlogon_dissect_netserverpasswordset2_rqst,
- netlogon_dissect_netserverpasswordset2_reply },
- { NETLOGON_FUNCTION_20, "Function_0x20",
- netlogon_dissect_function_20_rqst,
- netlogon_dissect_function_20_reply },
- { NETLOGON_FUNCTION_21, "Function_0x21",
- netlogon_dissect_function_21_rqst,
- netlogon_dissect_function_21_reply },
- { NETLOGON_FUNCTION_22, "Function_0x22",
- netlogon_dissect_function_22_rqst,
- netlogon_dissect_function_22_reply },
- { NETLOGON_FUNCTION_23, "Function_0x23",
- netlogon_dissect_function_23_rqst,
- netlogon_dissect_function_23_reply },
- { NETLOGON_FUNCTION_24, "Function_0x24",
- netlogon_dissect_function_24_rqst,
- netlogon_dissect_function_24_reply },
- { NETLOGON_FUNCTION_25, "Function_0x25",
- netlogon_dissect_function_25_rqst,
- netlogon_dissect_function_25_reply },
- { NETLOGON_FUNCTION_26, "Function_0x26",
- netlogon_dissect_function_26_rqst,
- netlogon_dissect_function_26_reply },
- { NETLOGON_LOGONSAMLOGONEX, "LogonSamLogonEx",
- netlogon_dissect_logonsamlogonex_rqst,
- netlogon_dissect_logonsamlogonex_reply },
- { NETLOGON_DSENUMERATETRUSTEDDOMAINS, "DSEnumerateTrustedDomains",
- netlogon_dissect_dsenumeratetrusteddomains_rqst,
- netlogon_dissect_dsenumeratetrusteddomains_reply },
- { NETLOGON_DSRDEREGISTERDNSHOSTRECORDS, "DsrDeregisterDNSHostRecords",
+ { NETLOGON_NETRSERVERPASSWORDSET2, "NetrServerPasswordSet2",
+ netlogon_dissect_netrserverpasswordset2_rqst,
+ netlogon_dissect_netrserverpasswordset2_reply },
+ { NETLOGON_NETRSERVERPASSWORDGET, "NetrServerPasswordGet",
+ netlogon_dissect_netrserverpasswordget_rqst,
+ netlogon_dissect_netrserverpasswordget_reply },
+ { NETLOGON_NETRLOGONSENDTOSAM, "NetrLogonSendToSam",
+ netlogon_dissect_netrlogonsendtosam_rqst,
+ netlogon_dissect_netrlogonsendtosam_reply },
+ { NETLOGON_DSRADDRESSTOSITENAMESW, "DsrAddressToSiteNamesW",
+ netlogon_dissect_dsraddresstositenamesw_rqst,
+ netlogon_dissect_dsraddresstositenamesw_reply },
+ { NETLOGON_DSRGETDCNAMEEX2, "DsrGetDcNameEx2",
+ netlogon_dissect_dsrgetdcnameex2_rqst,
+ netlogon_dissect_dsrgetdcnameex2_reply },
+ { NETLOGON_NETRLOGONGETTIMESERVICEPARENTDOMAIN,
+ "NetrLogonGetTimeServiceParentDomain",
+ netlogon_dissect_netrlogongettimeserviceparentdomain_rqst,
+ netlogon_dissect_netrlogongettimeserviceparentdomain_reply },
+ { NETLOGON_NETRENUMERATETRUSTEDDOMAINSEX, "NetrEnumerateTrustedDomainsEx",
+ netlogon_dissect_netrenumeratetrusteddomainsex_rqst,
+ netlogon_dissect_netrenumeratetrusteddomainsex_reply },
+ { NETLOGON_DSRADDRESSTOSITENAMESEXW, "DsrAddressToSiteNamesExW",
+ netlogon_dissect_dsraddresstositenamesexw_rqst,
+ netlogon_dissect_dsraddresstositenamesexw_reply },
+ { NETLOGON_DSRGETDCSITECOVERAGEW, "DsrGetDcSiteCoverageW",
+ netlogon_dissect_dsrgetdcsitecoveragew_rqst,
+ netlogon_dissect_dsrgetdcsitecoveragew_reply },
+ { NETLOGON_NETRLOGONSAMLOGONEX, "NetrLogonSamLogonEx",
+ netlogon_dissect_netrlogonsamlogonex_rqst,
+ netlogon_dissect_netrlogonsamlogonex_reply },
+ { NETLOGON_DSRENUMERATEDOMAINTRUSTS, "DsrEnumerateDomainTrusts",
+ netlogon_dissect_dsrenumeratedomaintrusts_rqst,
+ netlogon_dissect_dsrenumeratedomaintrusts_reply },
+ { NETLOGON_DSRDEREGISTERDNSHOSTRECORDS, "DsrDeregisterDnsHostRecords",
netlogon_dissect_dsrderegisterdnshostrecords_rqst,
netlogon_dissect_dsrderegisterdnshostrecords_reply },
+ { NETLOGON_NETRSERVERTRUSTPASSWORDSGET, "NetrServerTrustPasswordsGet",
+ NULL, NULL },
+ { NETLOGON_DSRGETFORESTTRUSTINFORMATION, "DsrGetForestTrustInformation",
+ NULL, NULL },
+ { NETLOGON_NETRGETFORESTTRUSTINFORMATION, "NetrGetForestTrustInformation",
+ NULL, NULL },
+ { NETLOGON_NETRLOGONSAMLOGONWITHFLAGS, "NetrLogonSamLogonWithFlags",
+ NULL, NULL },
+ { NETLOGON_NETRSERVERGETTRUSTINFO, "NetrServerGetTrustInfo",
+ NULL, NULL },
{0, NULL, NULL, NULL }
};
-static const value_string netlogon_opnum_vals[] = {
- { NETLOGON_UASLOGON, "UasLogon" },
- { NETLOGON_UASLOGOFF, "UasLogoff" },
- { NETLOGON_NETLOGONSAMLOGON, "SamLogon" },
- { NETLOGON_NETLOGONSAMLOGOFF, "SamLogoff" },
- { NETLOGON_NETSERVERREQCHALLENGE, "ServerReqChallenge" },
- { NETLOGON_NETSERVERAUTHENTICATE, "ServerAuthenticate" },
- { NETLOGON_NETSERVERPASSWORDSET, "ServerPasswdSet" },
- { NETLOGON_NETSAMDELTAS, "DatabaseDeltas" },
- { NETLOGON_DATABASESYNC, "DatabaseSync" },
- { NETLOGON_ACCOUNTDELTAS, "AccountDeltas" },
- { NETLOGON_ACCOUNTSYNC, "AccountSync" },
- { NETLOGON_GETDCNAME, "GetDCName" },
- { NETLOGON_NETLOGONCONTROL, "LogonControl" },
- { NETLOGON_GETANYDCNAME, "GetAnyDCName" },
- { NETLOGON_NETLOGONCONTROL2, "LogonControl2" },
- { NETLOGON_NETSERVERAUTHENTICATE2, "ServerAuthenticate2" },
- { NETLOGON_NETDATABASESYNC2, "DatabaseSync2" },
- { NETLOGON_DATABASEREDO, "DatabaseRedo" },
- { NETLOGON_FUNCTION_12, "Function_0x12" },
- { NETLOGON_NETTRUSTEDDOMAINLIST, "TrustedDomainList" },
- { NETLOGON_DSRGETDCNAME2, "DsrGetDCName2" },
- { NETLOGON_FUNCTION_15, "Function_0x15" },
- { NETLOGON_FUNCTION_16, "Function_0x16" },
- { NETLOGON_FUNCTION_17, "Function_0x17" },
- { NETLOGON_FUNCTION_18, "Function_0x18" },
- { NETLOGON_FUNCTION_19, "Function_0x19" },
- { NETLOGON_NETSERVERAUTHENTICATE3, "ServerAuthenticate3" },
- { NETLOGON_DSRGETDCNAME, "DsrGetDCName" },
- { NETLOGON_DSRGETSITENAME, "DsrGetSiteName" },
- { NETLOGON_NETRLOGONGETDOMAININFO, "NetrLogonGetDomainInfo" },
- { NETLOGON_FUNCTION_1E, "Function_0x1E" },
- { NETLOGON_NETSERVERPASSWORDSET2, "ServerPasswordSet2" },
- { NETLOGON_FUNCTION_20, "Function_0x20" },
- { NETLOGON_FUNCTION_21, "Function_0x21" },
- { NETLOGON_FUNCTION_22, "Function_0x22" },
- { NETLOGON_FUNCTION_23, "Function_0x23" },
- { NETLOGON_FUNCTION_24, "Function_0x24" },
- { NETLOGON_FUNCTION_25, "Function_0x25" },
- { NETLOGON_FUNCTION_26, "Function_0x26" },
- { NETLOGON_LOGONSAMLOGONEX, "LogonSamLogonEx" },
- { NETLOGON_DSENUMERATETRUSTEDDOMAINS, "DSEnumerateTrustedDomains" },
- { NETLOGON_DSRDEREGISTERDNSHOSTRECORDS, "DsrDeregisterDNSHostRecords" },
- { 0, NULL }
-};
+static int hf_netlogon_secchan_verf = -1;
+static int hf_netlogon_secchan_verf_sig = -1;
+static int hf_netlogon_secchan_verf_unk = -1;
+static int hf_netlogon_secchan_verf_seq = -1;
+static int hf_netlogon_secchan_verf_nonce = -1;
+
+static int
+dissect_secchan_verf(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
+ proto_tree *tree, guint8 *drep _U_)
+{
+ proto_item *vf = NULL;
+ proto_tree *subtree = NULL;
+
+ /*
+ * Create a new tree, and split into 4 components ...
+ */
+ vf = proto_tree_add_item(tree, hf_netlogon_secchan_verf, tvb,
+ offset, -1, FALSE);
+ subtree = proto_item_add_subtree(vf, ett_secchan_verf);
+
+ proto_tree_add_item(subtree, hf_netlogon_secchan_verf_sig, tvb,
+ offset, 8, FALSE);
+ offset += 8;
+
+ proto_tree_add_item(subtree, hf_netlogon_secchan_verf_unk, tvb,
+ offset, 8, FALSE);
+ offset += 8;
+
+ proto_tree_add_item(subtree, hf_netlogon_secchan_verf_seq, tvb,
+ offset, 8, FALSE);
+ offset += 8;
+
+ /* In some cases the nonce isn't present although it isn't clear
+ why this is so. */
+
+ if (tvb_bytes_exist(tvb, offset, 8)) {
+ proto_tree_add_item(subtree, hf_netlogon_secchan_verf_nonce,
+ tvb, offset, 8, FALSE);
+ offset += 8;
+ }
+
+ return offset;
+}
/* Secure channel types */
static hf_register_info hf[] = {
{ &hf_netlogon_opnum,
{ "Operation", "netlogon.opnum", FT_UINT16, BASE_DEC,
- VALS(netlogon_opnum_vals), 0x0, "Operation", HFILL }},
+ NULL, 0x0, "Operation", HFILL }},
{ &hf_netlogon_rc, {
"Return code", "netlogon.rc", FT_UINT32, BASE_HEX,
"Entries", "netlogon.entries", FT_UINT32, BASE_DEC,
NULL, 0x0, "", HFILL }},
- { &hf_netlogon_credential_low, {
- "Credential low", "netlogon.credential.low", FT_UINT32,
- BASE_HEX, NULL, 0x0, "Netlogon credential (low)", HFILL }},
-
- { &hf_netlogon_credential_high, {
- "Credential high", "netlogon.credential.high", FT_UINT32,
- BASE_HEX, NULL, 0x0, "Netlogon credential (high)", HFILL }},
+ { &hf_netlogon_credential, {
+ "Credential", "netlogon.credential", FT_BYTES, BASE_HEX,
+ NULL, 0x0, "Netlogon Credential", HFILL }},
{ &hf_netlogon_challenge, {
"Challenge", "netlogon.challenge", FT_BYTES, BASE_HEX,
{ "Domain", "netlogon.domain", FT_STRING, BASE_NONE,
NULL, 0, "Domain", HFILL }},
+ { &hf_netlogon_resourcegroupdomainsid,
+ { "ResourceGroupDomainSID", "netlogon.resourcegroupdomainsid", FT_STRING, BASE_NONE,
+ NULL, 0, "Resource Group Domain SID", HFILL }},
+
+ { &hf_netlogon_resourcegroupcount,
+ { "ResourceGroup count", "netlogon.resourcegroupcount", FT_UINT32, BASE_DEC,
+ NULL, 0, "Number of Resource Groups", HFILL }},
+
{ &hf_netlogon_computer_name,
{ "Computer Name", "netlogon.computer_name", FT_STRING, BASE_NONE,
NULL, 0, "Computer Name", HFILL }},
{ "Unknown3", "netlogon.secchan.bind_ack.unknown3", FT_UINT32,
BASE_HEX, NULL, 0x0, "", HFILL }},
- { &hf_netlogon_secchan,
- { "Verifier", "netlogon.secchan.verifier", FT_NONE, BASE_NONE,
+ { &hf_netlogon_secchan_verf,
+ { "Secure Channel Verifier", "netlogon.secchan.verifier", FT_NONE, BASE_NONE,
NULL, 0x0, "Verifier", HFILL }},
- { &hf_netlogon_secchan_sig,
+ { &hf_netlogon_secchan_verf_sig,
{ "Signature", "netlogon.secchan.sig", FT_BYTES, BASE_HEX, NULL,
0x0, "Signature", HFILL }},
- { &hf_netlogon_secchan_unk,
+ { &hf_netlogon_secchan_verf_unk,
{ "Unknown", "netlogon.secchan.unk", FT_BYTES, BASE_HEX, NULL,
0x0, "Unknown", HFILL }},
- { &hf_netlogon_secchan_seq,
+ { &hf_netlogon_secchan_verf_seq,
{ "Sequence No", "netlogon.secchan.seq", FT_BYTES, BASE_HEX, NULL,
0x0, "Sequence No", HFILL }},
- { &hf_netlogon_secchan_nonce,
+ { &hf_netlogon_secchan_verf_nonce,
{ "Nonce", "netlogon.secchan.nonce", FT_BYTES, BASE_HEX, NULL,
0x0, "Nonce", HFILL }},
-
};
static gint *ett[] = {
&ett_dc_flags,
&ett_secchan_bind_creds,
&ett_secchan_bind_ack_creds,
- &ett_secchan,
+ &ett_secchan_verf
};
proto_dcerpc_netlogon = proto_register_protocol(
proto_register_subtree_array(ett, array_length(ett));
}
+static dcerpc_auth_subdissector_fns secchan_auth_fns = {
+ dissect_secchan_bind_creds, /* Bind */
+ dissect_secchan_bind_ack_creds, /* Bind ACK */
+ NULL, /* AUTH3 */
+ dissect_secchan_verf, /* Request verifier */
+ dissect_secchan_verf, /* Response verifier */
+ NULL, /* Request data */
+ NULL /* Response data */
+};
+
void
proto_reg_handoff_dcerpc_netlogon(void)
{
dcerpc_init_uuid(proto_dcerpc_netlogon, ett_dcerpc_netlogon,
&uuid_dcerpc_netlogon, ver_dcerpc_netlogon,
dcerpc_netlogon_dissectors, hf_netlogon_opnum);
+
+ register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_INTEGRITY,
+ DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN,
+ &secchan_auth_fns);
+ register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
+ DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN,
+ &secchan_auth_fns);
}