* Copyright 2001,2003 Tim Potter <tpot@samba.org>
* 2002 structure and command dissectors by Ronnie Sahlberg
*
- * $Id: packet-dcerpc-netlogon.c,v 1.99 2004/04/08 09:34:47 sahlberg Exp $
+ * $Id: packet-dcerpc-netlogon.c,v 1.106 2004/05/19 04:52:31 tpot Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
static int hf_netlogon_unknown_char = -1;
static int hf_netlogon_logon_time = -1;
static int hf_netlogon_logoff_time = -1;
+static int hf_netlogon_last_logoff_time = -1;
static int hf_netlogon_kickoff_time = -1;
+static int hf_netlogon_pwd_age = -1;
static int hf_netlogon_pwd_last_set_time = -1;
static int hf_netlogon_pwd_can_change_time = -1;
static int hf_netlogon_pwd_must_change_time = -1;
static int hf_netlogon_logon_srv = -1;
static int hf_netlogon_principal = -1;
static int hf_netlogon_logon_dom = -1;
-static int hf_netlogon_resourcegroupdomainsid = -1;
static int hf_netlogon_resourcegroupcount = -1;
static int hf_netlogon_downlevel_domain_name = -1;
static int hf_netlogon_dns_domain_name = -1;
static int hf_netlogon_trust_flags_primary = -1;
static int hf_netlogon_trust_flags_tree_root = -1;
static int hf_netlogon_trust_parent_index = -1;
+static int hf_netlogon_user_account_control = -1;
+static int hf_netlogon_user_account_control_dont_require_preauth = -1;
+static int hf_netlogon_user_account_control_use_des_key_only = -1;
+static int hf_netlogon_user_account_control_not_delegated = -1;
+static int hf_netlogon_user_account_control_trusted_for_delegation = -1;
+static int hf_netlogon_user_account_control_smartcard_required = -1;
+static int hf_netlogon_user_account_control_encrypted_text_password_allowed = -1;
+static int hf_netlogon_user_account_control_account_auto_locked = -1;
+static int hf_netlogon_user_account_control_dont_expire_password = -1;
+static int hf_netlogon_user_account_control_server_trust_account = -1;
+static int hf_netlogon_user_account_control_workstation_trust_account = -1;
+static int hf_netlogon_user_account_control_interdomain_trust_account = -1;
+static int hf_netlogon_user_account_control_mns_logon_account = -1;
+static int hf_netlogon_user_account_control_normal_account = -1;
+static int hf_netlogon_user_account_control_temp_duplicate_account = -1;
+static int hf_netlogon_user_account_control_password_not_required = -1;
+static int hf_netlogon_user_account_control_home_directory_required = -1;
+static int hf_netlogon_user_account_control_account_disabled = -1;
static int hf_netlogon_user_flags = -1;
static int hf_netlogon_user_flags_extra_sids = -1;
static int hf_netlogon_user_flags_resource_groups = -1;
static gint ett_dcerpc_netlogon = -1;
static gint ett_group_attrs = -1;
static gint ett_user_flags = -1;
+static gint ett_user_account_control = -1;
static gint ett_QUOTA_LIMITS = -1;
static gint ett_IDENTITY_INFO = -1;
static gint ett_DELTA_ENUM = -1;
static guint16 ver_dcerpc_netlogon = 1;
+static const true_false_string user_account_control_dont_require_preauth= {
+ "This account DONT_REQUIRE_PREAUTHENTICATION",
+ "This account REQUIRES preauthentication",
+};
+static const true_false_string user_account_control_use_des_key_only= {
+ "This account must USE_DES_KEY_ONLY for passwords",
+ "This account does NOT have to use_des_key_only",
+};
+static const true_false_string user_account_control_not_delegated= {
+ "This account is NOT_DELEGATED",
+ "This might have been delegated",
+};
+static const true_false_string user_account_control_trusted_for_delegation= {
+ "This account is TRUSTED_FOR_DELEGATION",
+ "This account is NOT trusted_for_delegation",
+};
+static const true_false_string user_account_control_smartcard_required= {
+ "This account REQUIRES_SMARTCARD to authenticate",
+ "This account does NOT require_smartcard to authenticate",
+};
+static const true_false_string user_account_control_encrypted_text_password_allowed= {
+ "This account allows ENCRYPTED_TEXT_PASSWORD",
+ "This account does NOT allow encrypted_text_password",
+};
+static const true_false_string user_account_control_account_auto_locked= {
+ "This account is AUTO_LOCKED",
+ "This account is NOT auto_locked",
+};
+static const true_false_string user_account_control_dont_expire_password= {
+ "This account DONT_EXPIRE_PASSWORDs",
+ "This account might expire_passwords",
+};
+static const true_false_string user_account_control_server_trust_account= {
+ "This account is a SERVER_TRUST_ACCOUNT",
+ "This account is NOT a server_trust_account",
+};
+static const true_false_string user_account_control_workstation_trust_account= {
+ "This account is a WORKSTATION_TRUST_ACCOUNT",
+ "This account is NOT a workstation_trust_account",
+};
+static const true_false_string user_account_control_interdomain_trust_account= {
+ "This account is an INTERDOMAIN_TRUST_ACCOUNT",
+ "This account is NOT an interdomain_trust_account",
+};
+static const true_false_string user_account_control_mns_logon_account= {
+ "This account is a MNS_LOGON_ACCOUNT",
+ "This account is NOT a mns_logon_account",
+};
+static const true_false_string user_account_control_normal_account= {
+ "This account is a NORMAL_ACCOUNT",
+ "This account is NOT a normal_account",
+};
+static const true_false_string user_account_control_temp_duplicate_account= {
+ "This account is a TEMP_DUPLICATE_ACCOUNT",
+ "This account is NOT a temp_duplicate_account",
+};
+static const true_false_string user_account_control_password_not_required= {
+ "This account REQUIRES_NO_PASSWORD",
+ "This account REQUIRES a password",
+};
+static const true_false_string user_account_control_home_directory_required= {
+ "This account REQUIRES_HOME_DIRECTORY",
+ "This account does NOT require_home_directory",
+};
+static const true_false_string user_account_control_account_disabled= {
+ "This account is DISABLED",
+ "This account is NOT disabled",
+};
+static int
+netlogon_dissect_USER_ACCOUNT_CONTROL(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+ guint32 mask;
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ dcerpc_info *di;
+
+ di=pinfo->private_data;
+ if(di->conformant_run){
+ /*just a run to handle conformant arrays, nothing to dissect */
+ return offset;
+ }
+
+ offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
+ hf_netlogon_user_account_control, &mask);
+
+ if(parent_tree){
+ item = proto_tree_add_uint(parent_tree, hf_netlogon_user_account_control,
+ tvb, offset-4, 4, mask);
+ tree = proto_item_add_subtree(item, ett_user_account_control);
+ }
+
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_dont_require_preauth,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_use_des_key_only,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_not_delegated,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_trusted_for_delegation,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_smartcard_required,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_encrypted_text_password_allowed,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_account_auto_locked,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_dont_expire_password,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_server_trust_account,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_workstation_trust_account,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_interdomain_trust_account,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_mns_logon_account,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_normal_account,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_temp_duplicate_account,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_password_not_required,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_home_directory_required,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_netlogon_user_account_control_account_disabled,
+ tvb, offset-4, 4, mask);
+ return offset;
+}
+
static int
netlogon_dissect_LOGONSRV_HANDLE(tvbuff_t *tvb, int offset,
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_bad_pw_count, NULL);
- /* XXX - are these all UNIX "time_t"s, like the time stamps in
- credentials?
- Or are they, as per some RAP-based operations, UTIMEs? */
- proto_tree_add_text(tree, tvb, offset, 4, "Last Logon: unknown time format");
- offset+= 4;
+ offset = dissect_ndr_time_t(tvb, offset, pinfo, tree, drep, hf_netlogon_logon_time, NULL);
- proto_tree_add_text(tree, tvb, offset, 4, "Last Logoff: unknown time format");
- offset+= 4;
+ offset = dissect_ndr_time_t(tvb, offset, pinfo, tree, drep, hf_netlogon_last_logoff_time, NULL);
- proto_tree_add_text(tree, tvb, offset, 4, "Logoff Time: unknown time format");
- offset+= 4;
+ offset = dissect_ndr_time_t(tvb, offset, pinfo, tree, drep, hf_netlogon_logoff_time, NULL);
- proto_tree_add_text(tree, tvb, offset, 4, "Kickoff Time: unknown time format");
- offset+= 4;
+ offset = dissect_ndr_time_t(tvb, offset, pinfo, tree, drep, hf_netlogon_kickoff_time, NULL);
- proto_tree_add_text(tree, tvb, offset, 4, "Password Age: unknown time format");
- offset+= 4;
+ offset = dissect_ndr_time_t(tvb, offset, pinfo, tree, drep, hf_netlogon_pwd_age, NULL);
- proto_tree_add_text(tree, tvb, offset, 4, "PW Can Change: unknown time format");
- offset+= 4;
+ offset = dissect_ndr_time_t(tvb, offset, pinfo, tree, drep, hf_netlogon_pwd_can_change_time, NULL);
- proto_tree_add_text(tree, tvb, offset, 4, "PW Must Change: unknown time format");
- offset+= 4;
+ offset = dissect_ndr_time_t(tvb, offset, pinfo, tree, drep, hf_netlogon_pwd_must_change_time, NULL);
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_UNIQUE, "Computer", hf_netlogon_computer_name, 0);
pinfo, tree, drep);
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
- NDR_POINTER_REF, "Account", hf_netlogon_acct_name, 0);
+ NDR_POINTER_REF, "Account", hf_netlogon_acct_name, CB_STR_COL_INFO);
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_REF, "Workstation", hf_netlogon_workstation, 0);
pinfo, tree, drep);
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
- NDR_POINTER_REF, "Account", hf_netlogon_acct_name, 0);
+ NDR_POINTER_REF, "Account", hf_netlogon_acct_name, CB_STR_COL_INFO);
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
NDR_POINTER_REF, "Workstation", hf_netlogon_workstation, 0);
hf_netlogon_logon_id, NULL);
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
- hf_netlogon_acct_name, 0);
+ hf_netlogon_acct_name, CB_STR_COL_INFO|3);
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_netlogon_workstation, 0);
* IDL unicodestring logonserver;
* IDL unicodestring domainname;
* IDL [unique] SID logondomainid;
- * IDL long expansionroom[10];
+ * IDL long expansionroom[2];
+ * IDL long useraccountcontrol;
+ * IDL long expansionroom[7];
* IDL } VALIDATION_SAM_INFO;
*/
static int
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_netlogon_logon_dom, 0);
- offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep, -1);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
- for(i=0;i<10;i++){
+ for(i=0;i<2;i++){
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
- hf_netlogon_reserved, NULL);
+ hf_netlogon_unknown_long, NULL);
+ }
+ offset = netlogon_dissect_USER_ACCOUNT_CONTROL(tvb, offset,
+ pinfo, tree, drep);
+
+ for(i=0;i<7;i++){
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_unknown_long, NULL);
}
return offset;
* IDL unicodestring logonserver;
* IDL unicodestring domainname;
* IDL [unique] SID logondomainid;
- * IDL long expansionroom[10];
+ * IDL long expansionroom[2];
+ * IDL long useraccountcontrol;
+ * IDL long expansionroom[7];
* IDL long sidcount;
* IDL [unique] SID_AND_ATTRIBS;
* IDL } VALIDATION_SAM_INFO2;
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_netlogon_logon_dom, 0);
- offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep, -1);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
- for(i=0;i<10;i++){
+ for(i=0;i<2;i++){
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_unknown_long, NULL);
+ }
+ offset = netlogon_dissect_USER_ACCOUNT_CONTROL(tvb, offset,
+ pinfo, tree, drep);
+
+ for(i=0;i<7;i++){
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_unknown_long, NULL);
}
* IDL unicodestring logonserver;
* IDL unicodestring domainname;
* IDL [unique] SID logondomainid;
- * IDL long expansionroom[10];
+ * IDL long expansionroom[2];
+ * IDL long useraccountcontrol;
+ * IDL long expansionroom[7];
* IDL long sidcount;
* IDL [unique] SID_AND_ATTRIBS;
* IDL [unique] SID resourcegroupdomainsid;
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_netlogon_logon_dom, 0);
- offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep, -1);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
+
+ for(i=0;i<2;i++){
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_unknown_long, NULL);
+ }
+ offset = netlogon_dissect_USER_ACCOUNT_CONTROL(tvb, offset,
+ pinfo, tree, drep);
- for(i=0;i<10;i++){
+ for(i=0;i<7;i++){
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_unknown_long, NULL);
}
dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
"SID_AND_ATTRIBUTES_ARRAY:", -1);
- offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep, hf_netlogon_resourcegroupdomainsid);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_resourcegroupcount, &rgc);
* IDL long auth_size;
* IDL [unique][size_is(auth_size)] char *auth;
* IDL USER_SESSION_KEY user_session_key;
- * IDL long expansionroom[10];
+ * IDL long expansionroom[2];
+ * IDL long useraccountcontrol;
+ * IDL long expansionroom[7];
* IDL UNICODESTRING dummy1;
* IDL UNICODESTRING dummy2;
* IDL UNICODESTRING dummy3;
offset = netlogon_dissect_USER_SESSION_KEY(tvb, offset,
pinfo, tree, drep);
- for(i=0;i<10;i++){
+ for(i=0;i<2;i++){
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_unknown_long, NULL);
+ }
+ offset = netlogon_dissect_USER_ACCOUNT_CONTROL(tvb, offset,
+ pinfo, tree, drep);
+
+ for(i=0;i<7;i++){
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_unknown_long, NULL);
}
pinfo, tree, drep);
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
- NDR_POINTER_REF, "User Name", hf_netlogon_acct_name, 0);
+ NDR_POINTER_REF, "User Name", hf_netlogon_acct_name, CB_STR_COL_INFO);
offset = netlogon_dissect_NETLOGON_SECURE_CHANNEL_TYPE(tvb, offset,
pinfo, tree, drep);
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
- NDR_POINTER_REF, "Computer Name", hf_netlogon_computer_name, 0);
+ NDR_POINTER_REF, "Computer Name", hf_netlogon_computer_name, CB_STR_COL_INFO);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
netlogon_dissect_CREDENTIAL, NDR_POINTER_REF,
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
hf_netlogon_domain_name, 0);
- offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep, -1);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
offset = netlogon_dissect_QUOTA_LIMITS(tvb, offset,
pinfo, tree, drep);
#define DT_DELTA_DOMAIN 1
#define DT_DELTA_GROUP 2
+#define DT_DELTA_DELETE_GROUP 3
#define DT_DELTA_RENAME_GROUP 4
#define DT_DELTA_USER 5
+#define DT_DELTA_DELETE_USER 6
#define DT_DELTA_RENAME_USER 7
#define DT_DELTA_GROUP_MEMBER 8
#define DT_DELTA_ALIAS 9
+#define DT_DELTA_DELETE_ALIAS 10
#define DT_DELTA_RENAME_ALIAS 11
#define DT_DELTA_ALIAS_MEMBER 12
#define DT_DELTA_POLICY 13
#define DT_DELTA_TRUSTED_DOMAINS 14
+#define DT_DELTA_DELETE_TRUST 15
#define DT_DELTA_ACCOUNTS 16
+#define DT_DELTA_DELETE_ACCOUNT 17
#define DT_DELTA_SECRET 18
-#define DT_DELTA_DELETE_GROUP 20
-#define DT_DELTA_DELETE_USER 21
+#define DT_DELTA_DELETE_SECRET 19
+#define DT_DELTA_DELETE_GROUP2 20
+#define DT_DELTA_DELETE_USER2 21
#define DT_MODIFIED_COUNT 22
static const value_string delta_type_vals[] = {
{ DT_DELTA_DOMAIN, "Domain" },
{ DT_DELTA_GROUP, "Group" },
+ { DT_DELTA_DELETE_GROUP, "Delete Group" },
{ DT_DELTA_RENAME_GROUP, "Rename Group" },
{ DT_DELTA_USER, "User" },
+ { DT_DELTA_DELETE_USER, "Delete User" },
{ DT_DELTA_RENAME_USER, "Rename User" },
{ DT_DELTA_GROUP_MEMBER, "Group Member" },
{ DT_DELTA_ALIAS, "Alias" },
+ { DT_DELTA_DELETE_ALIAS, "Delete Alias" },
{ DT_DELTA_RENAME_ALIAS, "Rename Alias" },
{ DT_DELTA_ALIAS_MEMBER, "Alias Member" },
{ DT_DELTA_POLICY, "Policy" },
{ DT_DELTA_TRUSTED_DOMAINS, "Trusted Domains" },
+ { DT_DELTA_DELETE_TRUST, "Delete Trust" },
{ DT_DELTA_ACCOUNTS, "Accounts" },
+ { DT_DELTA_DELETE_ACCOUNT, "Delete Account" },
{ DT_DELTA_SECRET, "Secret" },
- { DT_DELTA_DELETE_GROUP, "Delete Group" },
- { DT_DELTA_DELETE_USER, "Delete User" },
+ { DT_DELTA_DELETE_SECRET, "Delete Secret" },
+ { DT_DELTA_DELETE_GROUP2, "Delete Group2" },
+ { DT_DELTA_DELETE_USER2, "Delete User2" },
{ DT_MODIFIED_COUNT, "Modified Count" },
{ 0, NULL }
};
* IDL typedef [switch_type(short)] union {
* IDL [case(1)][unique] DELTA_DOMAIN *domain;
* IDL [case(2)][unique] DELTA_GROUP *group;
+ * IDL [case(3)][unique] rid only ;
* IDL [case(4)][unique] DELTA_RENAME_GROUP *rename_group;
* IDL [case(5)][unique] DELTA_USER *user;
+ * IDL [case(6)][unique] rid only ;
* IDL [case(7)][unique] DELTA_RENAME_USER *rename_user;
* IDL [case(8)][unique] DELTA_GROUP_MEMBER *group_member;
* IDL [case(9)][unique] DELTA_ALIAS *alias;
- * IDL [case(11)][unique] DELTA_RENAME_ALIAS *rename_alias;
+ * IDL [case(10)][unique] rid only ;
+ * IDL [case(11)][unique] DELTA_RENAME_ALIAS *alias;
* IDL [case(12)][unique] DELTA_ALIAS_MEMBER *alias_member;
* IDL [case(13)][unique] DELTA_POLICY *policy;
* IDL [case(14)][unique] DELTA_TRUSTED_DOMAINS *trusted_domains;
+ * IDL [case(15)][unique] PSID ;
* IDL [case(16)][unique] DELTA_ACCOUNTS *accounts;
+ * IDL [case(17)][unique] PSID ;
* IDL [case(18)][unique] DELTA_SECRET *secret;
- * IDL [case(20)][unique] DELTA_DELETE_USER *delete_group;
- * IDL [case(21)][unique] DELTA_DELETE_USER *delete_user;
+ * IDL [case(19)][unique] string;
+ * IDL [case(20)][unique] DELTA_DELETE_GROUP2 *delete_group;
+ * IDL [case(21)][unique] DELTA_DELETE_USER2 *delete_user;
* IDL [case(22)][unique] MODIFIED_COUNT *modified_count;
* IDL } DELTA_UNION;
*/
hf_netlogon_user_rid, NULL);
break;
case 13:
- offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep, -1);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
break;
case 14:
- offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep, -1);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
break;
case 15:
- offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep, -1);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
break;
case 16:
- offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep, -1);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
break;
case 17:
- offset = dissect_ndr_nt_PSID(tvb, offset,
- pinfo, tree, drep, -1);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
break;
case 18:
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo,
hf_netlogon_trust_attribs, &tmp);
/* SID pointer */
- offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep, -1);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
/* GUID */
offset = dissect_nt_GUID(tvb, offset, pinfo, tree, drep);
pinfo, tree, drep);
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
- NDR_POINTER_UNIQUE, "unknown string",
- hf_netlogon_unknown_string, 0);
+ NDR_POINTER_UNIQUE, "Client Account",
+ hf_netlogon_acct_name, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_unknown_long, NULL);
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
- NDR_POINTER_UNIQUE, "unknown string",
- hf_netlogon_unknown_string, 0);
+ NDR_POINTER_UNIQUE, "Client Account",
+ hf_netlogon_logon_dom, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_nt_GUID, NDR_POINTER_UNIQUE,
- "GUID pointer: unknown_GUID", -1);
+ "Domain GUID:", -1);
offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
- NDR_POINTER_UNIQUE, "unknown string",
- hf_netlogon_unknown_string, 0);
+ NDR_POINTER_UNIQUE, "Client Site",
+ hf_netlogon_site_name, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_netlogon_unknown_long, NULL);
{ "Domain", "netlogon.domain", FT_STRING, BASE_NONE,
NULL, 0, "Domain", HFILL }},
- { &hf_netlogon_resourcegroupdomainsid,
- { "ResourceGroupDomainSID", "netlogon.resourcegroupdomainsid", FT_STRING, BASE_NONE,
- NULL, 0, "Resource Group Domain SID", HFILL }},
-
{ &hf_netlogon_resourcegroupcount,
{ "ResourceGroup count", "netlogon.resourcegroupcount", FT_UINT32, BASE_DEC,
NULL, 0, "Number of Resource Groups", HFILL }},
{ "Flags", "netlogon.flags", FT_UINT32, BASE_HEX,
NULL, 0x0, "", HFILL }},
+ { &hf_netlogon_user_account_control,
+ { "User Account Control", "netlogon.user_account_control", FT_UINT32, BASE_HEX,
+ NULL, 0x0, "User Account control", HFILL }},
+
{ &hf_netlogon_user_flags,
{ "User Flags", "netlogon.user_flags", FT_UINT32, BASE_HEX,
NULL, 0x0, "User flags", HFILL }},
{ "Logoff Time", "netlogon.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
NULL, 0, "Time for last time this user logged off", HFILL }},
+ { &hf_netlogon_last_logoff_time,
+ { "Last Logoff Time", "netlogon.last_logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
+ NULL, 0, "Time for last time this user logged off", HFILL }},
+
{ &hf_netlogon_pwd_last_set_time,
{ "PWD Last Set", "netlogon.pwd_last_set_time", FT_ABSOLUTE_TIME, BASE_NONE,
NULL, 0, "Last time this users password was changed", HFILL }},
+ { &hf_netlogon_pwd_age,
+ { "PWD Age", "netlogon.pwd_age", FT_RELATIVE_TIME, BASE_NONE,
+ NULL, 0, "Time since this users password was changed", HFILL }},
+
{ &hf_netlogon_pwd_can_change_time,
{ "PWD Can Change", "netlogon.pwd_can_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
NULL, 0, "When this users password may be changed", HFILL }},
FT_BOOLEAN, 32, TFS(&user_flags_resource_groups), 0x00000200,
"The user flags RESOURCE_GROUPS", HFILL }},
+ { &hf_netlogon_user_account_control_dont_require_preauth,
+ { "Dont Require PreAuth", "netlogon.user.account_control.dont_require_preauth",
+ FT_BOOLEAN, 32, TFS(&user_account_control_dont_require_preauth), 0x00010000,
+ "The user account control DONT_REQUIRE_PREAUTH flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_use_des_key_only,
+ { "Use DES Key Only", "netlogon.user.account_control.use_des_key_only",
+ FT_BOOLEAN, 32, TFS(&user_account_control_use_des_key_only), 0x00008000,
+ "The user account control use_des_key_only flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_not_delegated,
+ { "Not Delegated", "netlogon.user.account_control.not_delegated",
+ FT_BOOLEAN, 32, TFS(&user_account_control_not_delegated), 0x00004000,
+ "The user account control not_delegated flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_trusted_for_delegation,
+ { "Trusted For Delegation", "netlogon.user.account_control.trusted_for_delegation",
+ FT_BOOLEAN, 32, TFS(&user_account_control_trusted_for_delegation), 0x00002000,
+ "The user account control trusted_for_delegation flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_smartcard_required,
+ { "SmartCard Required", "netlogon.user.account_control.smartcard_required",
+ FT_BOOLEAN, 32, TFS(&user_account_control_smartcard_required), 0x00001000,
+ "The user account control smartcard_required flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_encrypted_text_password_allowed,
+ { "Encrypted Text Password Allowed", "netlogon.user.account_control.encrypted_text_password_allowed",
+ FT_BOOLEAN, 32, TFS(&user_account_control_encrypted_text_password_allowed), 0x00000800,
+ "The user account control encrypted_text_password_allowed flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_account_auto_locked,
+ { "Account Auto Locked", "netlogon.user.account_control.account_auto_locked",
+ FT_BOOLEAN, 32, TFS(&user_account_control_account_auto_locked), 0x00000400,
+ "The user account control account_auto_locked flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_dont_expire_password,
+ { "Dont Expire Password", "netlogon.user.account_control.dont_expire_password",
+ FT_BOOLEAN, 32, TFS(&user_account_control_dont_expire_password), 0x00000200,
+ "The user account control dont_expire_password flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_server_trust_account,
+ { "Server Trust Account", "netlogon.user.account_control.server_trust_account",
+ FT_BOOLEAN, 32, TFS(&user_account_control_server_trust_account), 0x00000100,
+ "The user account control server_trust_account flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_workstation_trust_account,
+ { "Workstation Trust Account", "netlogon.user.account_control.workstation_trust_account",
+ FT_BOOLEAN, 32, TFS(&user_account_control_workstation_trust_account), 0x00000080,
+ "The user account control workstation_trust_account flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_interdomain_trust_account,
+ { "Interdomain trust Account", "netlogon.user.account_control.interdomain_trust_account",
+ FT_BOOLEAN, 32, TFS(&user_account_control_interdomain_trust_account), 0x00000040,
+ "The user account control interdomain_trust_account flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_mns_logon_account,
+ { "MNS Logon Account", "netlogon.user.account_control.mns_logon_account",
+ FT_BOOLEAN, 32, TFS(&user_account_control_mns_logon_account), 0x00000020,
+ "The user account control mns_logon_account flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_normal_account,
+ { "Normal Account", "netlogon.user.account_control.normal_account",
+ FT_BOOLEAN, 32, TFS(&user_account_control_normal_account), 0x00000010,
+ "The user account control normal_account flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_temp_duplicate_account,
+ { "Temp Duplicate Account", "netlogon.user.account_control.temp_duplicate_account",
+ FT_BOOLEAN, 32, TFS(&user_account_control_temp_duplicate_account), 0x00000008,
+ "The user account control temp_duplicate_account flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_password_not_required,
+ { "Password Not Required", "netlogon.user.account_control.password_not_required",
+ FT_BOOLEAN, 32, TFS(&user_account_control_password_not_required), 0x00000004,
+ "The user account control password_not_required flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_home_directory_required,
+ { "Home Directory Required", "netlogon.user.account_control.home_directory_required",
+ FT_BOOLEAN, 32, TFS(&user_account_control_home_directory_required), 0x00000002,
+ "The user account control home_directory_required flag ", HFILL }},
+
+ { &hf_netlogon_user_account_control_account_disabled,
+ { "Account Disabled", "netlogon.user.account_control.account_disabled",
+ FT_BOOLEAN, 32, TFS(&user_account_control_account_disabled), 0x00000001,
+ "The user account control account_disabled flag ", HFILL }},
+
};
static gint *ett[] = {
&ett_secchan_bind_ack_creds,
&ett_secchan_verf,
&ett_group_attrs,
- &ett_user_flags
+ &ett_user_flags,
+ &ett_user_account_control
};
proto_dcerpc_netlogon = proto_register_protocol(