2 * Routines for SMB \PIPE\lsarpc packet disassembly
3 * Copyright 2001,2003 Tim Potter <tpot@samba.org>
4 * 2002 Added LSA command dissectors Ronnie Sahlberg
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
37 #include "packet-dcerpc-lsa.h"
38 #include "packet-windows-common.h"
40 static int proto_dcerpc_lsa = -1;
42 static int hf_lsa_opnum = -1;
43 static int hf_lsa_rc = -1;
44 static int hf_lsa_hnd = -1;
45 static int hf_lsa_policy_information = -1;
46 static int hf_lsa_server = -1;
47 static int hf_lsa_controller = -1;
48 static int hf_lsa_obj_attr = -1;
49 static int hf_lsa_obj_attr_len = -1;
50 static int hf_lsa_obj_attr_name = -1;
51 static int hf_lsa_access_mask = -1;
52 static int hf_lsa_info_level = -1;
53 static int hf_lsa_trusted_info_level = -1;
54 static int hf_lsa_sd_size = -1;
55 static int hf_lsa_qos_len = -1;
56 static int hf_lsa_qos_impersonation_level = -1;
57 static int hf_lsa_qos_track_context = -1;
58 static int hf_lsa_qos_effective_only = -1;
59 static int hf_lsa_pali_percent_full = -1;
60 static int hf_lsa_pali_log_size = -1;
61 static int hf_lsa_pali_retention_period = -1;
62 static int hf_lsa_pali_time_to_shutdown = -1;
63 static int hf_lsa_pali_shutdown_in_progress = -1;
64 static int hf_lsa_pali_next_audit_record = -1;
65 static int hf_lsa_paei_enabled = -1;
66 static int hf_lsa_paei_settings = -1;
67 static int hf_lsa_count = -1;
68 static int hf_lsa_size = -1;
69 static int hf_lsa_size16 = -1;
70 static int hf_lsa_privilege_display_name_size = -1;
71 static int hf_lsa_max_count = -1;
72 static int hf_lsa_index = -1;
73 static int hf_lsa_fqdomain = -1;
74 static int hf_lsa_domain = -1;
75 static int hf_lsa_acct = -1;
76 static int hf_lsa_server_role = -1;
77 static int hf_lsa_source = -1;
78 static int hf_lsa_quota_paged_pool = -1;
79 static int hf_lsa_quota_non_paged_pool = -1;
80 static int hf_lsa_quota_min_wss = -1;
81 static int hf_lsa_quota_max_wss = -1;
82 static int hf_lsa_quota_pagefile = -1;
83 static int hf_lsa_mod_seq_no = -1;
84 static int hf_lsa_mod_mtime = -1;
85 static int hf_lsa_cur_mtime = -1;
86 static int hf_lsa_old_mtime = -1;
87 static int hf_lsa_name = -1;
88 static int hf_lsa_key = -1;
89 static int hf_lsa_flat_name = -1;
90 static int hf_lsa_forest = -1;
91 static int hf_lsa_info_type = -1;
92 static int hf_lsa_old_pwd = -1;
93 static int hf_lsa_new_pwd = -1;
94 static int hf_lsa_sid_type = -1;
95 static int hf_lsa_rid = -1;
96 static int hf_lsa_rid_offset = -1;
97 static int hf_lsa_num_mapped = -1;
98 static int hf_lsa_policy_information_class = -1;
99 static int hf_lsa_secret = -1;
100 static int hf_nt_luid_high = -1;
101 static int hf_nt_luid_low = -1;
102 static int hf_lsa_privilege_name = -1;
103 static int hf_lsa_privilege_display_name = -1;
104 static int hf_lsa_attr = -1;
105 static int hf_lsa_resume_handle = -1;
106 static int hf_lsa_trust_direction = -1;
107 static int hf_lsa_trust_type = -1;
108 static int hf_lsa_trust_attr = -1;
109 static int hf_lsa_trust_attr_non_trans = -1;
110 static int hf_lsa_trust_attr_uplevel_only = -1;
111 static int hf_lsa_trust_attr_tree_parent = -1;
112 static int hf_lsa_trust_attr_tree_root = -1;
113 static int hf_lsa_auth_update = -1;
114 static int hf_lsa_auth_type = -1;
115 static int hf_lsa_auth_len = -1;
116 static int hf_lsa_auth_blob = -1;
117 static int hf_lsa_rights = -1;
118 static int hf_lsa_remove_all = -1;
120 static int hf_lsa_unknown_hyper = -1;
121 static int hf_lsa_unknown_long = -1;
122 static int hf_lsa_unknown_short = -1;
123 static int hf_lsa_unknown_char = -1;
124 static int hf_lsa_unknown_string = -1;
125 #ifdef LSA_UNUSED_HANDLES
126 static int hf_lsa_unknown_time = -1;
130 static gint ett_dcerpc_lsa = -1;
131 static gint ett_lsa_OBJECT_ATTRIBUTES = -1;
132 static gint ett_LSA_SECURITY_DESCRIPTOR = -1;
133 static gint ett_lsa_policy_info = -1;
134 static gint ett_lsa_policy_audit_log_info = -1;
135 static gint ett_lsa_policy_audit_events_info = -1;
136 static gint ett_lsa_policy_primary_domain_info = -1;
137 static gint ett_lsa_policy_primary_account_info = -1;
138 static gint ett_lsa_policy_server_role_info = -1;
139 static gint ett_lsa_policy_replica_source_info = -1;
140 static gint ett_lsa_policy_default_quota_info = -1;
141 static gint ett_lsa_policy_modification_info = -1;
142 static gint ett_lsa_policy_audit_full_set_info = -1;
143 static gint ett_lsa_policy_audit_full_query_info = -1;
144 static gint ett_lsa_policy_dns_domain_info = -1;
145 static gint ett_lsa_translated_names = -1;
146 static gint ett_lsa_translated_name = -1;
147 static gint ett_lsa_referenced_domain_list = -1;
148 static gint ett_lsa_trust_information = -1;
149 static gint ett_lsa_trust_information_ex = -1;
150 static gint ett_LUID = -1;
151 static gint ett_LSA_PRIVILEGES = -1;
152 static gint ett_LSA_PRIVILEGE = -1;
153 static gint ett_LSA_LUID_AND_ATTRIBUTES_ARRAY = -1;
154 static gint ett_LSA_LUID_AND_ATTRIBUTES = -1;
155 static gint ett_LSA_TRUSTED_DOMAIN_LIST = -1;
156 static gint ett_LSA_TRUSTED_DOMAIN = -1;
157 static gint ett_LSA_TRANSLATED_SIDS = -1;
158 static gint ett_lsa_trusted_domain_info = -1;
159 static gint ett_lsa_trust_attr = -1;
160 static gint ett_lsa_trusted_domain_auth_information = -1;
161 static gint ett_lsa_auth_information = -1;
165 lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
166 packet_info *pinfo, proto_tree *tree,
171 di=pinfo->private_data;
172 if(di->conformant_run){
173 /*just a run to handle conformant arrays, nothing to dissect */
177 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
184 lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
185 packet_info *pinfo, proto_tree *tree,
190 di=pinfo->private_data;
191 if(di->conformant_run){
192 /*just a run to handle conformant arrays, nothing to dissect */
196 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
202 lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
203 packet_info *pinfo, proto_tree *tree,
208 di=pinfo->private_data;
209 if(di->conformant_run){
210 /*just a run to handle conformant arrays, nothing to dissect */
214 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
215 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
216 "DOMAIN pointer: ", di->hf_index);
222 lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
223 packet_info *pinfo, proto_tree *tree,
228 di=pinfo->private_data;
229 if(di->conformant_run){
230 /*just a run to handle conformant arrays, nothing to dissect */
234 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
241 lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
242 packet_info *pinfo, proto_tree *tree,
248 di=pinfo->private_data;
249 if(di->conformant_run){
250 /*just a run to handle conformant arrays, nothing to dissect */
254 /* this is probably a varying and conformant array */
255 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
256 hf_lsa_sd_size, &len);
258 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
259 hf_lsa_sd_size, &len);
260 proto_tree_add_item(tree, hf_lsa_secret, tvb, offset, len, FALSE);
267 lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
268 packet_info *pinfo, proto_tree *parent_tree,
271 proto_item *item=NULL;
272 proto_tree *tree=NULL;
273 int old_offset=offset;
276 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
278 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
281 /* XXX need to figure this one out */
282 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
283 hf_lsa_sd_size, NULL);
284 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
285 hf_lsa_sd_size, NULL);
286 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
287 lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
288 "LSA_SECRET data: pointer", -1);
290 proto_item_set_len(item, offset-old_offset);
295 lsa_dissect_LSA_SECRET_pointer(tvbuff_t *tvb, int offset,
296 packet_info *pinfo, proto_tree *tree,
299 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
300 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
301 "LSA_SECRET pointer: data", -1);
306 /* Dissect LSA specific access rights */
308 static gint hf_view_local_info = -1;
309 static gint hf_view_audit_info = -1;
310 static gint hf_get_private_info = -1;
311 static gint hf_trust_admin = -1;
312 static gint hf_create_account = -1;
313 static gint hf_create_secret = -1;
314 static gint hf_create_priv = -1;
315 static gint hf_set_default_quota_limits = -1;
316 static gint hf_set_audit_requirements = -1;
317 static gint hf_audit_log_admin = -1;
318 static gint hf_server_admin = -1;
319 static gint hf_lookup_names = -1;
322 lsa_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree,
325 proto_tree_add_boolean(
326 tree, hf_lookup_names, tvb, offset, 4, access);
328 proto_tree_add_boolean(
329 tree, hf_server_admin, tvb, offset, 4, access);
331 proto_tree_add_boolean(
332 tree, hf_audit_log_admin, tvb, offset, 4, access);
334 proto_tree_add_boolean(
335 tree, hf_set_audit_requirements, tvb, offset, 4, access);
337 proto_tree_add_boolean(
338 tree, hf_set_default_quota_limits, tvb, offset, 4, access);
340 proto_tree_add_boolean(
341 tree, hf_create_priv, tvb, offset, 4, access);
343 proto_tree_add_boolean(
344 tree, hf_create_secret, tvb, offset, 4, access);
346 proto_tree_add_boolean(
347 tree, hf_create_account, tvb, offset, 4, access);
349 proto_tree_add_boolean(
350 tree, hf_trust_admin, tvb, offset, 4, access);
352 proto_tree_add_boolean(
353 tree, hf_get_private_info, tvb, offset, 4, access);
355 proto_tree_add_boolean(
356 tree, hf_view_audit_info, tvb, offset, 4, access);
358 proto_tree_add_boolean(
359 tree, hf_view_local_info, tvb, offset, 4, access);
362 struct access_mask_info lsa_access_mask_info = {
363 "LSA", /* Name of specific rights */
364 lsa_specific_rights, /* Dissection function */
365 NULL, /* Generic mapping table */
366 NULL /* Standard mapping table */
370 lsa_dissect_sec_desc_buf_data(tvbuff_t *tvb, int offset,
371 packet_info *pinfo, proto_tree *tree,
377 di=pinfo->private_data;
378 if(di->conformant_run){
379 /*just a run to handle conformant arrays, nothing to dissect */
383 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
384 hf_lsa_sd_size, &len);
387 tvb, offset, pinfo, tree, drep, len, &lsa_access_mask_info);
394 /* call a sec_desc_buf through a pointer.
395 this is just temporary function until all
396 interfaces are autogenerated */
398 pointer_lsa_dissect_sec_desc_buf(tvbuff_t *tvb, int offset,
399 packet_info *pinfo, proto_tree *parent_tree,
402 offset=lsa_dissect_sec_desc_buf(tvb, offset,
411 /* dummy1,2 to make signature compatible with autogenerated dissector */
413 lsa_dissect_sec_desc_buf(tvbuff_t *tvb, int offset,
414 packet_info *pinfo, proto_tree *parent_tree,
415 guint8 *drep, int dummy1 _U_, guint32 dummy2 _U_)
417 proto_item *item=NULL;
418 proto_tree *tree=NULL;
419 int old_offset=offset;
422 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
423 "LSA_SECURITY_DESCRIPTOR:");
424 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
427 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
428 hf_lsa_sd_size, NULL);
430 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
431 lsa_dissect_sec_desc_buf_data, NDR_POINTER_UNIQUE,
432 "LSA SECURITY DESCRIPTOR data:", -1);
434 proto_item_set_len(item, offset-old_offset);
439 lsa_dissect_LPSTR(tvbuff_t *tvb, int offset,
440 packet_info *pinfo, proto_tree *tree, guint8 *drep)
442 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
443 hf_lsa_unknown_char, NULL);
448 static const value_string lsa_impersonation_level_vals[] = {
450 {1, "Identification"},
451 {2, "Impersonation"},
458 lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset,
459 packet_info *pinfo, proto_tree *tree, guint8 *drep)
462 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
463 hf_lsa_qos_len, NULL);
465 /* impersonation level */
466 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
467 hf_lsa_qos_impersonation_level, NULL);
469 /* context tracking mode */
470 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
471 hf_lsa_qos_track_context, NULL);
474 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
475 hf_lsa_qos_effective_only, NULL);
481 lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
482 packet_info *pinfo, proto_tree *tree, guint8 *drep)
484 offset = dissect_nt_access_mask(
485 tvb, offset, pinfo, tree, drep, hf_lsa_access_mask,
486 &lsa_access_mask_info, NULL);
492 lsa_dissect_LSA_OBJECT_ATTRIBUTES(tvbuff_t *tvb, int offset,
493 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
495 int old_offset=offset;
496 proto_item *item = NULL;
497 proto_tree *tree = NULL;
500 item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Object Attributes");
501 tree = proto_item_add_subtree(item, ett_lsa_OBJECT_ATTRIBUTES);
505 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
506 hf_lsa_obj_attr_len, NULL);
509 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
510 lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
511 "LSPTR pointer: ", -1);
514 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
515 lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
516 "NAME pointer: ", hf_lsa_obj_attr_name);
519 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
520 hf_lsa_obj_attr, NULL);
522 /* security descriptor */
523 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
524 pointer_lsa_dissect_sec_desc_buf, NDR_POINTER_UNIQUE,
525 "LSA_SECURITY_DESCRIPTOR pointer: ", -1);
527 /* security quality of service */
528 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
529 lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
530 "LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1);
532 proto_item_set_len(item, offset-old_offset);
537 lsa_dissect_lsarclose_rqst(tvbuff_t *tvb, int offset,
538 packet_info *pinfo, proto_tree *tree, guint8 *drep)
540 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
541 hf_lsa_hnd, NULL, NULL, FALSE, TRUE);
547 lsa_dissect_lsarclose_reply(tvbuff_t *tvb, int offset,
548 packet_info *pinfo, proto_tree *tree, guint8 *drep)
550 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
551 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
553 offset = dissect_ntstatus(
554 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
559 /* A bug in the NT IDL for lsa openpolicy only stores the first (wide)
560 character of the server name which is always '\'. This is fixed in lsa
561 openpolicy2 but the function remains for backwards compatibility. */
563 static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
565 proto_tree *tree, guint8 *drep)
567 return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
568 hf_lsa_server, NULL);
572 lsa_dissect_lsaropenpolicy_rqst(tvbuff_t *tvb, int offset,
573 packet_info *pinfo, proto_tree *tree, guint8 *drep)
575 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
576 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
577 "Server", hf_lsa_server);
579 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
580 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
581 "OBJECT_ATTRIBUTES", -1);
583 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
590 lsa_dissect_lsaropenpolicy_reply(tvbuff_t *tvb, int offset,
591 packet_info *pinfo, proto_tree *tree, guint8 *drep)
593 e_ctx_hnd policy_hnd;
594 proto_item *hnd_item;
597 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
598 hf_lsa_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
600 offset = dissect_ntstatus(
601 tvb, offset, pinfo, tree, drep, hf_lsa_rc, &status);
604 dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
605 "OpenPolicy handle");
607 if (hnd_item != NULL)
608 proto_item_append_text(hnd_item, ": OpenPolicy handle");
615 lsa_dissect_lsaropenpolicy2_rqst(tvbuff_t *tvb, int offset,
616 packet_info *pinfo, proto_tree *tree, guint8 *drep)
618 offset = dissect_ndr_pointer_cb(tvb, offset, pinfo, tree, drep,
619 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Server",
620 hf_lsa_server, cb_wstr_postprocess,
621 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
623 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
624 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
625 "OBJECT_ATTRIBUTES", -1);
627 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
635 lsa_dissect_lsaropenpolicy2_reply(tvbuff_t *tvb, int offset,
636 packet_info *pinfo, proto_tree *tree, guint8 *drep)
638 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
639 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
640 e_ctx_hnd policy_hnd;
641 proto_item *hnd_item;
645 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
646 hf_lsa_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
648 offset = dissect_ntstatus(
649 tvb, offset, pinfo, tree, drep, hf_lsa_rc, &status);
652 if (dcv->private_data)
653 pol_name = g_strdup_printf(
654 "OpenPolicy2(%s)", (char *)dcv->private_data);
656 pol_name = g_strdup("OpenPolicy2 handle");
658 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
660 if (hnd_item != NULL)
661 proto_item_append_text(hnd_item, ": %s", pol_name);
669 static const value_string policy_information_class_vals[] = {
670 {1, "Audit Log Information"},
671 {2, "Audit Events Information"},
672 {3, "Primary Domain Information"},
673 {4, "Pd Account Information"},
674 {5, "Account Domain Information"},
675 {6, "Server Role Information"},
676 {7, "Replica Source Information"},
677 {8, "Default Quota Information"},
678 {9, "Modification Information"},
679 {10, "Audit Full Set Information"},
680 {11, "Audit Full Query Information"},
681 {12, "DNS Domain Information"},
686 lsa_dissect_lsarqueryinformationpolicy_rqst(tvbuff_t *tvb, int offset,
687 packet_info *pinfo, proto_tree *tree, guint8 *drep)
691 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
692 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
694 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
695 hf_lsa_policy_information_class, &level);
697 if (check_col(pinfo->cinfo, COL_INFO))
699 pinfo->cinfo, COL_INFO, ", %s",
700 val_to_str(level, policy_information_class_vals,
707 lsa_dissect_POLICY_AUDIT_LOG_INFO(tvbuff_t *tvb, int offset,
708 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
710 proto_item *item=NULL;
711 proto_tree *tree=NULL;
712 int old_offset=offset;
715 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
716 "POLICY_AUDIT_LOG_INFO:");
717 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_log_info);
721 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
722 hf_lsa_pali_percent_full, NULL);
725 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
726 hf_lsa_pali_log_size, NULL);
728 /* retention period */
729 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
730 hf_lsa_pali_retention_period);
732 /* shutdown in progress */
733 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
734 hf_lsa_pali_shutdown_in_progress, NULL);
736 /* time to shutdown */
737 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
738 hf_lsa_pali_time_to_shutdown);
740 /* next audit record */
741 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
742 hf_lsa_pali_next_audit_record, NULL);
746 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
747 hf_lsa_unknown_long, NULL);
749 proto_item_set_len(item, offset-old_offset);
754 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings(tvbuff_t *tvb, int offset,
755 packet_info *pinfo, proto_tree *tree, guint8 *drep)
757 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
758 hf_lsa_paei_settings, NULL);
763 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array(tvbuff_t *tvb, int offset,
764 packet_info *pinfo, proto_tree *tree, guint8 *drep)
766 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
767 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings);
773 lsa_dissect_POLICY_AUDIT_EVENTS_INFO(tvbuff_t *tvb, int offset,
774 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
776 proto_item *item=NULL;
777 proto_tree *tree=NULL;
778 int old_offset=offset;
781 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
782 "POLICY_AUDIT_EVENTS_INFO:");
783 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_events_info);
787 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
788 hf_lsa_paei_enabled, NULL);
791 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
792 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array, NDR_POINTER_UNIQUE,
796 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
799 proto_item_set_len(item, offset-old_offset);
805 lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(tvbuff_t *tvb, int offset,
806 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
808 proto_item *item=NULL;
809 proto_tree *tree=NULL;
810 int old_offset=offset;
813 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
814 "POLICY_PRIMARY_DOMAIN_INFO:");
815 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_domain_info);
819 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
823 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
825 proto_item_set_len(item, offset-old_offset);
831 lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(tvbuff_t *tvb, int offset,
832 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
834 proto_item *item=NULL;
835 proto_tree *tree=NULL;
836 int old_offset=offset;
839 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
840 "POLICY_ACCOUNT_DOMAIN_INFO:");
841 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_account_info);
845 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
849 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
851 proto_item_set_len(item, offset-old_offset);
856 static const value_string server_role_vals[] = {
858 {1, "Domain Member"},
864 lsa_dissect_POLICY_SERVER_ROLE_INFO(tvbuff_t *tvb, int offset,
865 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
867 proto_item *item=NULL;
868 proto_tree *tree=NULL;
869 int old_offset=offset;
872 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
873 "POLICY_SERVER_ROLE_INFO:");
874 tree = proto_item_add_subtree(item, ett_lsa_policy_server_role_info);
878 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
879 hf_lsa_server_role, NULL);
881 proto_item_set_len(item, offset-old_offset);
886 lsa_dissect_POLICY_REPLICA_SOURCE_INFO(tvbuff_t *tvb, int offset,
887 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
889 proto_item *item=NULL;
890 proto_tree *tree=NULL;
891 int old_offset=offset;
894 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
895 "POLICY_REPLICA_SOURCE_INFO:");
896 tree = proto_item_add_subtree(item, ett_lsa_policy_replica_source_info);
900 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
904 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
907 proto_item_set_len(item, offset-old_offset);
913 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(tvbuff_t *tvb, int offset,
914 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
916 proto_item *item=NULL;
917 proto_tree *tree=NULL;
918 int old_offset=offset;
921 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
922 "POLICY_DEFAULT_QUOTA_INFO:");
923 tree = proto_item_add_subtree(item, ett_lsa_policy_default_quota_info);
927 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
928 hf_lsa_quota_paged_pool, NULL);
931 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
932 hf_lsa_quota_non_paged_pool, NULL);
935 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
936 hf_lsa_quota_min_wss, NULL);
939 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
940 hf_lsa_quota_max_wss, NULL);
943 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
944 hf_lsa_quota_pagefile, NULL);
947 offset = dissect_ndr_duint32 (tvb, offset, pinfo, tree, drep,
948 hf_lsa_unknown_hyper, NULL);
950 proto_item_set_len(item, offset-old_offset);
956 lsa_dissect_POLICY_MODIFICATION_INFO(tvbuff_t *tvb, int offset,
957 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
959 proto_item *item=NULL;
960 proto_tree *tree=NULL;
961 int old_offset=offset;
964 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
965 "POLICY_MODIFICATION_INFO:");
966 tree = proto_item_add_subtree(item, ett_lsa_policy_modification_info);
970 offset = dissect_ndr_duint32 (tvb, offset, pinfo, tree, drep,
971 hf_lsa_mod_seq_no, NULL);
974 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
977 proto_item_set_len(item, offset-old_offset);
983 lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(tvbuff_t *tvb, int offset,
984 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
986 proto_item *item=NULL;
987 proto_tree *tree=NULL;
988 int old_offset=offset;
991 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
992 "POLICY_AUDIT_FULL_SET_INFO:");
993 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_set_info);
997 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
998 hf_lsa_unknown_char, NULL);
1000 proto_item_set_len(item, offset-old_offset);
1006 lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(tvbuff_t *tvb, int offset,
1007 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1009 proto_item *item=NULL;
1010 proto_tree *tree=NULL;
1011 int old_offset=offset;
1014 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1015 "POLICY_AUDIT_FULL_QUERY_INFO:");
1016 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_query_info);
1020 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1021 hf_lsa_unknown_char, NULL);
1024 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1025 hf_lsa_unknown_char, NULL);
1027 proto_item_set_len(item, offset-old_offset);
1032 /*2005JAN dummy1 and dummy2 to make the signature compatible with soon to follow changes to LSA */
1034 lsa_dissect_DnsDomainInfo(tvbuff_t *tvb, int offset,
1035 packet_info *pinfo, proto_tree *parent_tree,
1036 guint8 *drep, int dummy1 _U_, guint32 dummy2 _U_)
1038 proto_item *item=NULL;
1039 proto_tree *tree=NULL;
1040 int old_offset=offset;
1043 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1044 "POLICY_DNS_DOMAIN_INFO:");
1045 tree = proto_item_add_subtree(item, ett_lsa_policy_dns_domain_info);
1049 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1053 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1054 hf_lsa_fqdomain, 0);
1057 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1061 offset = dissect_nt_GUID(tvb, offset,
1065 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
1067 proto_item_set_len(item, offset-old_offset);
1072 lsa_dissect_POLICY_INFORMATION(tvbuff_t *tvb, int offset,
1073 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1075 proto_item *item=NULL;
1076 proto_tree *tree=NULL;
1077 int old_offset=offset;
1081 item = proto_tree_add_item(parent_tree, hf_lsa_policy_information, tvb, offset, 0, FALSE);
1083 tree = proto_item_add_subtree(item, ett_lsa_policy_info);
1086 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1087 hf_lsa_info_level, &level);
1089 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
1092 offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
1093 tvb, offset, pinfo, tree, drep);
1096 offset = lsa_dissect_POLICY_AUDIT_EVENTS_INFO(
1097 tvb, offset, pinfo, tree, drep);
1100 offset = lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(
1101 tvb, offset, pinfo, tree, drep);
1104 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1105 tree, drep, hf_lsa_acct, 0);
1108 offset = lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(
1109 tvb, offset, pinfo, tree, drep);
1112 offset = lsa_dissect_POLICY_SERVER_ROLE_INFO(
1113 tvb, offset, pinfo, tree, drep);
1116 offset = lsa_dissect_POLICY_REPLICA_SOURCE_INFO(
1117 tvb, offset, pinfo, tree, drep);
1120 offset = lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(
1121 tvb, offset, pinfo, tree, drep);
1124 offset = lsa_dissect_POLICY_MODIFICATION_INFO(
1125 tvb, offset, pinfo, tree, drep);
1128 offset = lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(
1129 tvb, offset, pinfo, tree, drep);
1132 offset = lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(
1133 tvb, offset, pinfo, tree, drep);
1136 offset = lsa_dissect_DnsDomainInfo(
1137 tvb, offset, pinfo, tree, drep, 0, 0);
1141 proto_item_set_len(item, offset-old_offset);
1146 lsa_dissect_lsarqueryinformationpolicy_reply(tvbuff_t *tvb, int offset,
1147 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1149 /* This is really a pointer to a pointer though the first level is REF
1150 so we just ignore that one */
1151 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1152 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
1153 "POLICY_INFORMATION pointer: info", -1);
1155 offset = dissect_ntstatus(
1156 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1162 lsa_dissect_lsardelete_rqst(tvbuff_t *tvb, int offset,
1163 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1165 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1166 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1172 lsa_dissect_lsardelete_reply(tvbuff_t *tvb, int offset,
1173 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1175 offset = dissect_ntstatus(
1176 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1183 lsa_dissect_lsarquerysecurityobject_rqst(tvbuff_t *tvb, int offset,
1184 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1186 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1187 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1189 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1190 hf_lsa_info_type, NULL);
1197 lsa_dissect_lsarquerysecurityobject_reply(tvbuff_t *tvb, int offset,
1198 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1200 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1201 pointer_lsa_dissect_sec_desc_buf, NDR_POINTER_UNIQUE,
1202 "LSA_SECURITY_DESCRIPTOR pointer: sec_info", -1);
1204 offset = dissect_ntstatus(
1205 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1212 lsa_dissect_lsarsetsecurityobject_rqst(tvbuff_t *tvb, int offset,
1213 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1215 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1216 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1218 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1219 hf_lsa_info_type, NULL);
1221 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1222 pointer_lsa_dissect_sec_desc_buf, NDR_POINTER_REF,
1223 "LSA_SECURITY_DESCRIPTOR: sec_info", -1);
1229 lsa_dissect_lsarsetsecurityobject_reply(tvbuff_t *tvb, int offset,
1230 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1232 offset = dissect_ntstatus(
1233 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1240 lsa_dissect_lsarchangepassword_rqst(tvbuff_t *tvb, int offset,
1241 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1244 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1248 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1252 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1256 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1260 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1267 lsa_dissect_lsarchangepassword_reply(tvbuff_t *tvb, int offset,
1268 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1270 offset = dissect_ntstatus(
1271 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1276 static const value_string sid_type_vals[] = {
1281 {5, "Well Known Group"},
1282 {6, "Deleted Account"},
1289 lsa_dissect_LSA_TRANSLATED_NAME(tvbuff_t *tvb, int offset,
1290 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1292 proto_item *item=NULL;
1293 proto_tree *tree=NULL;
1294 int old_offset=offset;
1297 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1298 "LSA_TRANSLATED_NAME:");
1299 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
1303 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1304 hf_lsa_sid_type, NULL);
1307 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1311 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1312 hf_lsa_index, NULL);
1314 proto_item_set_len(item, offset-old_offset);
1319 lsa_dissect_LSA_TRANSLATED_NAME_array(tvbuff_t *tvb, int offset,
1320 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1322 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1323 lsa_dissect_LSA_TRANSLATED_NAME);
1329 lsa_dissect_LSA_TRANSLATED_NAMES(tvbuff_t *tvb, int offset,
1330 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1332 proto_item *item=NULL;
1333 proto_tree *tree=NULL;
1334 int old_offset=offset;
1337 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1338 "LSA_TRANSLATED_NAMES:");
1339 tree = proto_item_add_subtree(item, ett_lsa_translated_names);
1343 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1344 hf_lsa_count, NULL);
1347 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1348 lsa_dissect_LSA_TRANSLATED_NAME_array, NDR_POINTER_UNIQUE,
1349 "TRANSLATED_NAME_ARRAY", -1);
1351 proto_item_set_len(item, offset-old_offset);
1357 lsa_dissect_lsarlookupsids_rqst(tvbuff_t *tvb, int offset,
1358 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1360 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1361 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1363 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1364 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
1367 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1368 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1369 "LSA_TRANSLATED_NAMES pointer: names", -1);
1371 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1372 hf_lsa_info_level, NULL);
1374 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1375 hf_lsa_num_mapped, NULL);
1381 lsa_dissect_LSA_TRUST_INFORMATION(tvbuff_t *tvb, int offset,
1382 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1384 proto_item *item=NULL;
1385 proto_tree *tree=NULL;
1386 int old_offset=offset;
1389 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1390 "TRUST INFORMATION:");
1391 tree = proto_item_add_subtree(item, ett_lsa_trust_information);
1395 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1399 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
1401 proto_item_set_len(item, offset-old_offset);
1405 static const value_string trusted_direction_vals[] = {
1406 {0, "Trust disabled"},
1407 {1, "Inbound trust"},
1408 {2, "Outbound trust"},
1412 static const value_string trusted_type_vals[] = {
1420 static const true_false_string tfs_trust_attr_non_trans = {
1421 "NON TRANSITIVE is set",
1422 "Non transitive is NOT set"
1424 static const true_false_string tfs_trust_attr_uplevel_only = {
1425 "UPLEVEL ONLY is set",
1426 "Uplevel only is NOT set"
1428 static const true_false_string tfs_trust_attr_tree_parent = {
1429 "TREE PARENT is set",
1430 "Tree parent is NOT set"
1432 static const true_false_string tfs_trust_attr_tree_root = {
1434 "Tree root is NOT set"
1437 lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
1438 proto_tree *parent_tree, guint8 *drep)
1441 proto_item *item = NULL;
1442 proto_tree *tree = NULL;
1444 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
1445 hf_lsa_trust_attr, &mask);
1448 item = proto_tree_add_uint(parent_tree, hf_lsa_trust_attr,
1449 tvb, offset-4, 4, mask);
1450 tree = proto_item_add_subtree(item, ett_lsa_trust_attr);
1453 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_root,
1454 tvb, offset-4, 4, mask);
1455 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_parent,
1456 tvb, offset-4, 4, mask);
1457 proto_tree_add_boolean(tree, hf_lsa_trust_attr_uplevel_only,
1458 tvb, offset-4, 4, mask);
1459 proto_tree_add_boolean(tree, hf_lsa_trust_attr_non_trans,
1460 tvb, offset-4, 4, mask);
1466 lsa_dissect_LSA_TRUST_INFORMATION_EX(tvbuff_t *tvb, int offset,
1467 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1469 proto_item *item=NULL;
1470 proto_tree *tree=NULL;
1471 int old_offset=offset;
1474 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1475 "TRUST INFORMATION EX:");
1476 tree = proto_item_add_subtree(item, ett_lsa_trust_information_ex);
1480 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1484 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1485 hf_lsa_flat_name, 0);
1488 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
1491 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1492 hf_lsa_trust_direction, NULL);
1495 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1496 hf_lsa_trust_type, NULL);
1499 offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
1501 proto_item_set_len(item, offset-old_offset);
1506 lsa_dissect_auth_info_blob(tvbuff_t *tvb, int offset,
1507 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1512 di=pinfo->private_data;
1513 if(di->conformant_run){
1514 /*just a run to handle conformant arrays, nothing to dissect */
1519 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1520 hf_lsa_auth_len, &len);
1522 proto_tree_add_item(tree, hf_lsa_auth_blob, tvb, offset, len, FALSE);
1529 lsa_dissect_auth_info(tvbuff_t *tvb, int offset,
1530 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1532 proto_item *item=NULL;
1533 proto_tree *tree=NULL;
1534 int old_offset=offset;
1537 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1538 "AUTH INFORMATION:");
1539 tree = proto_item_add_subtree(item, ett_lsa_auth_information);
1543 offset = dissect_ndr_duint32 (tvb, offset, pinfo, tree, drep,
1544 hf_lsa_auth_update, NULL);
1547 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1548 hf_lsa_auth_type, NULL);
1551 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1552 hf_lsa_auth_len, NULL);
1554 /* auth info blob */
1555 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1556 lsa_dissect_auth_info_blob, NDR_POINTER_UNIQUE,
1557 "AUTH INFO blob:", -1);
1559 proto_item_set_len(item, offset-old_offset);
1564 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvbuff_t *tvb, int offset,
1565 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1567 proto_item *item=NULL;
1568 proto_tree *tree=NULL;
1569 int old_offset=offset;
1572 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1573 "TRUSTED DOMAIN AUTH INFORMATION:");
1574 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_auth_information);
1578 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1579 hf_lsa_unknown_long, NULL);
1582 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1585 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1588 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1589 hf_lsa_unknown_long, NULL);
1592 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1595 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1597 proto_item_set_len(item, offset-old_offset);
1603 lsa_dissect_LSA_TRUST_INFORMATION_array(tvbuff_t *tvb, int offset,
1604 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1606 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1607 lsa_dissect_LSA_TRUST_INFORMATION);
1613 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
1614 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1616 proto_item *item=NULL;
1617 proto_tree *tree=NULL;
1618 int old_offset=offset;
1621 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1622 "LSA_REFERENCED_DOMAIN_LIST:");
1623 tree = proto_item_add_subtree(item, ett_lsa_referenced_domain_list);
1627 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1628 hf_lsa_count, NULL);
1630 /* trust information */
1631 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1632 lsa_dissect_LSA_TRUST_INFORMATION_array, NDR_POINTER_UNIQUE,
1633 "TRUST INFORMATION array:", -1);
1636 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1637 hf_lsa_max_count, NULL);
1639 proto_item_set_len(item, offset-old_offset);
1644 lsa_dissect_lsarlookupsids_reply(tvbuff_t *tvb, int offset,
1645 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1647 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1648 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
1649 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
1651 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1652 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1653 "LSA_TRANSLATED_NAMES pointer: names", -1);
1655 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1656 hf_lsa_num_mapped, NULL);
1658 offset = dissect_ntstatus(
1659 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1666 lsa_dissect_lsarsetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1667 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1669 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1670 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1672 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1673 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1674 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1681 lsa_dissect_lsarsetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1682 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1684 offset = dissect_ntstatus(
1685 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1692 lsa_dissect_lsargetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1693 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1695 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1696 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1703 lsa_dissect_lsargetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1704 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1706 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1707 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1708 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1710 offset = dissect_ntstatus(
1711 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1718 lsa_dissect_lsarsetinformationpolicy_rqst(tvbuff_t *tvb, int offset,
1719 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1721 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1722 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1724 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1725 hf_lsa_policy_information_class, NULL);
1727 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1728 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
1729 "POLICY_INFORMATION pointer: info", -1);
1736 lsa_dissect_lsarsetinformationpolicy_reply(tvbuff_t *tvb, int offset,
1737 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1739 offset = dissect_ntstatus(
1740 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1747 lsa_dissect_lsarclearauditlog_rqst(tvbuff_t *tvb, int offset,
1748 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1750 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1751 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1753 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
1756 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1757 hf_lsa_unknown_long, NULL);
1764 lsa_dissect_lsarclearauditlog_reply(tvbuff_t *tvb, int offset,
1765 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1767 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1768 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1770 offset = dissect_ntstatus(
1771 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1777 lsa_dissect_lsargetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1778 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1780 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1781 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1788 lsa_dissect_lsargetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1789 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1791 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1794 offset = dissect_ntstatus(
1795 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1802 lsa_dissect_lsarsetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1803 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1805 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1806 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1808 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1816 lsa_dissect_lsarsetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1817 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1819 offset = dissect_ntstatus(
1820 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1827 lsa_dissect_lsaropentrusteddomain_rqst(tvbuff_t *tvb, int offset,
1828 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1830 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1831 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1833 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
1835 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
1843 lsa_dissect_lsaropentrusteddomain_reply(tvbuff_t *tvb, int offset,
1844 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1846 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1847 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1849 offset = dissect_ntstatus(
1850 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1857 lsa_dissect_lsardeletetrusteddomain_rqst(tvbuff_t *tvb, int offset,
1858 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1860 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1861 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1863 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
1870 lsa_dissect_lsardeletetrusteddomain_reply(tvbuff_t *tvb, int offset,
1871 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1873 offset = dissect_ntstatus(
1874 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1880 dissect_nt_LUID(tvbuff_t *tvb, int offset,
1881 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1883 proto_item *item=NULL;
1884 proto_tree *tree=NULL;
1885 int old_offset=offset;
1888 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1890 tree = proto_item_add_subtree(item, ett_LUID);
1893 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1894 hf_nt_luid_low, NULL);
1896 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1897 hf_nt_luid_high, NULL);
1899 proto_item_set_len(item, offset-old_offset);
1904 lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset,
1905 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1907 proto_item *item=NULL;
1908 proto_tree *tree=NULL;
1909 int old_offset=offset;
1912 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1914 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
1917 /* privilege name */
1918 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1919 hf_lsa_privilege_name, 0);
1922 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1924 proto_item_set_len(item, offset-old_offset);
1929 lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset,
1930 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1932 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1933 lsa_dissect_LSA_PRIVILEGE);
1939 lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset,
1940 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1942 proto_item *item=NULL;
1943 proto_tree *tree=NULL;
1944 int old_offset=offset;
1947 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1949 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES);
1952 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1953 hf_lsa_count, NULL);
1956 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1957 lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE,
1958 "LSA_PRIVILEGE array:", -1);
1960 proto_item_set_len(item, offset-old_offset);
1965 lsa_dissect_lsarenumerateprivileges_rqst(tvbuff_t *tvb, int offset,
1966 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1968 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1969 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1971 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1972 hf_lsa_count, NULL);
1974 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1981 lsa_dissect_lsarenumerateprivileges_reply(tvbuff_t *tvb, int offset,
1982 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1984 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1985 hf_lsa_count, NULL);
1987 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1988 lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF,
1989 "LSA_PRIVILEGES pointer: privs", -1);
1991 offset = dissect_ntstatus(
1992 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1998 lsa_dissect_lsarlookupprivilegevalue_rqst(tvbuff_t *tvb, int offset,
1999 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2001 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2002 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2004 /* privilege name */
2005 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2006 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2007 "NAME pointer: ", hf_lsa_privilege_name);
2014 lsa_dissect_lsarlookupprivilegevalue_reply(tvbuff_t *tvb, int offset,
2015 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2019 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
2021 offset = dissect_ntstatus(
2022 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2029 lsa_dissect_lsarlookupprivilegename_rqst(tvbuff_t *tvb, int offset,
2030 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2032 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2033 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2036 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2037 dissect_nt_LUID, NDR_POINTER_REF,
2038 "LUID pointer: value", -1);
2045 lsa_dissect_lsarlookupprivilegename_reply(tvbuff_t *tvb, int offset,
2046 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2048 /* [out, ref] LSA_UNICODE_STRING **name */
2049 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2050 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2051 "PRIVILEGE NAME pointer:", hf_lsa_privilege_name);
2053 offset = dissect_ntstatus(
2054 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2061 lsa_dissect_lsarenumerateprivilegesaccount_rqst(tvbuff_t *tvb, int offset,
2062 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2064 /* [in] LSA_HANDLE hnd */
2065 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2066 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2073 lsa_dissect_LUID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
2074 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
2076 proto_item *item=NULL;
2077 proto_tree *tree=NULL;
2078 int old_offset=offset;
2081 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2082 "LUID_AND_ATTRIBUTES:");
2083 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES);
2087 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
2090 offset = dissect_ndr_duint32 (tvb, offset, pinfo, tree, drep,
2093 proto_item_set_len(item, offset-old_offset);
2098 lsa_dissect_LUID_AND_ATTRIBUTES_array(tvbuff_t *tvb, int offset,
2099 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2101 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2102 lsa_dissect_LUID_AND_ATTRIBUTES);
2108 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2109 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
2111 proto_item *item=NULL;
2112 proto_tree *tree=NULL;
2113 int old_offset=offset;
2116 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2117 "LUID_AND_ATTRIBUTES_ARRAY:");
2118 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES_ARRAY);
2121 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2122 hf_lsa_count, NULL);
2124 /* luid and attributes */
2125 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2126 lsa_dissect_LUID_AND_ATTRIBUTES_array, NDR_POINTER_UNIQUE,
2127 "LUID_AND_ATTRIBUTES array:", -1);
2129 proto_item_set_len(item, offset-old_offset);
2134 lsa_dissect_lsarenumerateprivilegesaccount_reply(tvbuff_t *tvb, int offset,
2135 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2137 /* [out, ref] LUID_AND_ATTRIBUTES_ARRAY * *privs */
2138 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2139 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2140 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2142 offset = dissect_ntstatus(
2143 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2149 lsa_dissect_lsaraddprivilegestoaccount_rqst(tvbuff_t *tvb, int offset,
2150 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2152 /* [in] LSA_HANDLE hnd */
2153 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2154 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2156 /* [in, ref] LUID_AND_ATTRIBUTES_ARRAY *privs */
2157 offset = lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvb, offset,
2165 lsa_dissect_lsaraddprivilegestoaccount_reply(tvbuff_t *tvb, int offset,
2166 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2168 offset = dissect_ntstatus(
2169 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2175 lsa_dissect_lsarremoveprivilegesfromaccount_rqst(tvbuff_t *tvb, int offset,
2176 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2178 /* [in] LSA_HANDLE hnd */
2179 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2180 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2182 /* [in] char unknown */
2183 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2184 hf_lsa_unknown_char, NULL);
2186 /* [in, unique] LUID_AND_ATTRIBUTES_ARRAY *privs */
2187 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2188 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2189 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2196 lsa_dissect_lsarremoveprivilegesfromaccount_reply(tvbuff_t *tvb, int offset,
2197 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2199 offset = dissect_ntstatus(
2200 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2206 lsa_dissect_lsarenumerateaccounts_rqst(tvbuff_t *tvb, int offset,
2207 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2209 /* [in] LSA_HANDLE hnd */
2210 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2211 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2213 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2214 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2215 hf_lsa_resume_handle, NULL);
2217 /* [in] ULONG pref_maxlen */
2218 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2219 hf_lsa_max_count, NULL);
2225 lsa_dissect_lsarenumerateaccounts_reply(tvbuff_t *tvb, int offset,
2226 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2228 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2229 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2230 hf_lsa_resume_handle, NULL);
2232 /* [out, ref] PSID_ARRAY **accounts */
2233 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2234 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2237 offset = dissect_ntstatus(
2238 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2244 lsa_dissect_lsarcreatetrusteddomain_rqst(tvbuff_t *tvb, int offset,
2245 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2247 /* [in] LSA_HANDLE hnd_pol */
2248 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2249 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2251 /* [in, ref] LSA_TRUST_INFORMATION *domain */
2252 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2253 lsa_dissect_LSA_TRUST_INFORMATION, NDR_POINTER_REF,
2254 "LSA_TRUST_INFORMATION pointer: domain", -1);
2256 /* [in] ACCESS_MASK access */
2257 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2264 lsa_dissect_lsarcreatetrusteddomain_reply(tvbuff_t *tvb, int offset,
2265 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2267 /* [out] LSA_HANDLE *hnd */
2268 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2269 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2271 offset = dissect_ntstatus(
2272 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2278 lsa_dissect_lsarenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
2279 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2281 /* [in] LSA_HANDLE hnd */
2282 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2283 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2285 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2286 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2287 hf_lsa_resume_handle, NULL);
2289 /* [in] ULONG pref_maxlen */
2290 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2291 hf_lsa_max_count, NULL);
2297 lsa_dissect_LSA_TRUSTED_DOMAIN(tvbuff_t *tvb, int offset,
2298 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
2300 proto_item *item=NULL;
2301 proto_tree *tree=NULL;
2302 int old_offset=offset;
2305 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2307 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN);
2311 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2315 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
2317 proto_item_set_len(item, offset-old_offset);
2322 lsa_dissect_LSA_TRUSTED_DOMAIN_array(tvbuff_t *tvb, int offset,
2323 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2325 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2326 lsa_dissect_LSA_TRUSTED_DOMAIN);
2332 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
2333 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
2335 proto_item *item=NULL;
2336 proto_tree *tree=NULL;
2337 int old_offset=offset;
2340 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2341 "TRUSTED_DOMAIN_LIST:");
2342 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN_LIST);
2345 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2346 hf_lsa_count, NULL);
2349 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2350 lsa_dissect_LSA_TRUSTED_DOMAIN_array, NDR_POINTER_UNIQUE,
2351 "TRUSTED_DOMAIN array:", -1);
2353 proto_item_set_len(item, offset-old_offset);
2358 lsa_dissect_lsarenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
2359 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2361 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2362 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2363 hf_lsa_resume_handle, NULL);
2365 /* [out, ref] LSA_REFERENCED_DOMAIN_LIST *domains */
2366 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2367 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST, NDR_POINTER_REF,
2368 "LSA_TRUSTED_DOMAIN_LIST pointer: domains", -1);
2370 offset = dissect_ntstatus(
2371 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2378 lsa_dissect_LSA_UNICODE_STRING_item(tvbuff_t *tvb, int offset,
2379 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2383 di=pinfo->private_data;
2384 if(di->conformant_run){
2385 /*just a run to handle conformant arrays, nothing to dissect */
2389 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2396 lsa_dissect_LSA_UNICODE_STRING_array(tvbuff_t *tvb, int offset,
2397 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2399 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2400 lsa_dissect_LSA_UNICODE_STRING_item);
2406 lsa_dissect_LSA_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
2407 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2411 di=pinfo->private_data;
2413 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2414 hf_lsa_count, NULL);
2415 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2416 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2417 "UNICODE_STRING pointer: ", di->hf_index);
2423 lsa_dissect_LSA_TRANSLATED_SID(tvbuff_t *tvb, int offset,
2424 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2427 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2428 hf_lsa_sid_type, NULL);
2430 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2433 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2434 hf_lsa_index, NULL);
2440 lsa_dissect_LSA_TRANSLATED_SIDS_array(tvbuff_t *tvb, int offset,
2441 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2443 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2444 lsa_dissect_LSA_TRANSLATED_SID);
2450 lsa_dissect_LSA_TRANSLATED_SIDS(tvbuff_t *tvb, int offset,
2451 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
2453 proto_item *item=NULL;
2454 proto_tree *tree=NULL;
2455 int old_offset=offset;
2458 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2459 "LSA_TRANSLATED_SIDS:");
2460 tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
2464 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2465 hf_lsa_count, NULL);
2468 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2469 lsa_dissect_LSA_TRANSLATED_SIDS_array, NDR_POINTER_UNIQUE,
2470 "Translated SIDS", -1);
2472 proto_item_set_len(item, offset-old_offset);
2477 lsa_dissect_lsarlookupnames_rqst(tvbuff_t *tvb, int offset,
2478 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2480 /* [in] LSA_HANDLE hnd */
2481 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2482 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2484 /* [in] ULONG count */
2485 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2486 hf_lsa_count, NULL);
2488 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
2489 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2490 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
2491 "Account pointer: names", hf_lsa_acct);
2493 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2494 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2495 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2496 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2498 /* [in] USHORT level */
2499 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2500 hf_lsa_info_level, NULL);
2502 /* [in, out, ref] ULONG *num_mapped */
2503 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2504 hf_lsa_num_mapped, NULL);
2511 lsa_dissect_lsarlookupnames_reply(tvbuff_t *tvb, int offset,
2512 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2514 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
2515 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2516 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
2517 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
2519 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2520 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2521 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2522 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2524 /* [in, out, ref] ULONG *num_mapped */
2525 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2526 hf_lsa_num_mapped, NULL);
2528 offset = dissect_ntstatus(
2529 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2535 lsa_dissect_lsarcreatesecret_rqst(tvbuff_t *tvb, int offset,
2536 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2538 /* [in] LSA_HANDLE hnd_pol */
2539 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2540 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2542 /* [in, ref] LSA_UNICODE_STRING *name */
2543 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2546 /* [in] ACCESS_MASK access */
2547 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2554 lsa_dissect_lsarcreatesecret_reply(tvbuff_t *tvb, int offset,
2555 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2558 /* [out] LSA_HANDLE *hnd */
2559 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2560 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2562 offset = dissect_ntstatus(
2563 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2569 lsa_dissect_lsaropenaccount_rqst(tvbuff_t *tvb, int offset,
2570 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2572 /* [in] LSA_HANDLE hnd_pol */
2573 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2574 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2576 /* [in, ref] SID *account */
2577 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
2579 /* [in] ACCESS_MASK access */
2580 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2588 lsa_dissect_lsaropenaccount_reply(tvbuff_t *tvb, int offset,
2589 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2591 /* [out] LSA_HANDLE *hnd */
2592 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2593 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2595 offset = dissect_ntstatus(
2596 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2601 static const value_string trusted_info_level_vals[] = {
2602 {1, "Domain Name Information"},
2603 {2, "Controllers Information"},
2604 {3, "Posix Offset Information"},
2605 {4, "Password Information"},
2606 {5, "Domain Information Basic"},
2607 {6, "Domain Information Ex"},
2608 {7, "Domain Auth Information"},
2609 {8, "Domain Full Information"},
2610 {9, "Domain Security Descriptor"},
2611 {10, "Domain Private Information"},
2616 lsa_dissect_TRUSTED_DOMAIN_INFORMATION(tvbuff_t *tvb, int offset,
2617 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
2619 proto_item *item=NULL;
2620 proto_tree *tree=NULL;
2621 int old_offset=offset;
2625 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2626 "TRUSTED_DOMAIN_INFO:");
2627 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_info);
2630 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2631 hf_lsa_trusted_info_level, &level);
2633 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2636 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2640 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2641 hf_lsa_count, NULL);
2642 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2643 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2644 "Controllers pointer: ", hf_lsa_controller);
2647 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2648 hf_lsa_rid_offset, NULL);
2651 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2652 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2655 offset = lsa_dissect_LSA_TRUST_INFORMATION(tvb, offset,
2659 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2663 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2666 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2668 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2669 hf_lsa_rid_offset, NULL);
2670 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2673 offset = lsa_dissect_sec_desc_buf(tvb, offset, pinfo, tree, drep, 0, 0);
2676 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2678 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2679 hf_lsa_rid_offset, NULL);
2680 offset = lsa_dissect_sec_desc_buf(tvb, offset, pinfo, tree, drep, 0, 0);
2684 proto_item_set_len(item, offset-old_offset);
2689 lsa_dissect_lsarqueryinfotrusteddomain_rqst(tvbuff_t *tvb, int offset,
2690 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2692 /* [in] LSA_HANDLE hnd */
2693 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2694 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2696 /* [in] TRUSTED_INFORMATION_CLASS level */
2697 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2698 hf_lsa_trusted_info_level, NULL);
2705 lsa_dissect_lsarqueryinfotrusteddomain_reply(tvbuff_t *tvb, int offset,
2706 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2708 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info */
2709 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2710 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2711 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2713 offset = dissect_ntstatus(
2714 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2720 lsa_dissect_lsarsetinformationtrusteddomain_rqst(tvbuff_t *tvb, int offset,
2721 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2723 /* [in] LSA_HANDLE hnd */
2724 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2725 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2727 /* [in] TRUSTED_INFORMATION_CLASS level */
2728 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2729 hf_lsa_trusted_info_level, NULL);
2731 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info */
2732 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2733 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2734 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2741 lsa_dissect_lsarsetinformationtrusteddomain_reply(tvbuff_t *tvb, int offset,
2742 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2744 offset = dissect_ntstatus(
2745 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2751 lsa_dissect_lsaropensecret_rqst(tvbuff_t *tvb, int offset,
2752 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2754 /* [in] LSA_HANDLE hnd_pol */
2755 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2756 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2758 /* [in, ref] LSA_UNICODE_STRING *name */
2759 offset = dissect_ndr_counted_string_cb(
2760 tvb, offset, pinfo, tree, drep, hf_lsa_name,
2761 cb_wstr_postprocess,
2762 GINT_TO_POINTER(CB_STR_COL_INFO | 1));
2764 /* [in] ACCESS_MASK access */
2765 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2773 lsa_dissect_lsaropensecret_reply(tvbuff_t *tvb, int offset,
2774 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2776 /* [out] LSA_HANDLE *hnd */
2777 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2778 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2780 offset = dissect_ntstatus(
2781 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2787 lsa_dissect_lsarsetsecret_rqst(tvbuff_t *tvb, int offset,
2788 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2790 /* [in] LSA_HANDLE hnd */
2791 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2792 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2794 /* [in, unique] LSA_SECRET *new_val */
2795 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2796 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2797 "LSA_SECRET pointer: new_val", -1);
2799 /* [in, unique] LSA_SECRET *old_val */
2800 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2801 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2802 "LSA_SECRET pointer: old_val", -1);
2809 lsa_dissect_lsarsetsecret_reply(tvbuff_t *tvb, int offset,
2810 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2812 offset = dissect_ntstatus(
2813 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2819 lsa_dissect_lsarquerysecret_rqst(tvbuff_t *tvb, int offset,
2820 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2822 /* [in] LSA_HANDLE hnd */
2823 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2824 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2826 /* [in, out, unique] LSA_SECRET **curr_val */
2827 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2828 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2829 "LSA_SECRET pointer: curr_val", -1);
2831 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2832 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2833 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2834 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2836 /* [in, out, unique] LSA_SECRET **old_val */
2837 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2838 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2839 "LSA_SECRET pointer: old_val", -1);
2841 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2842 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2843 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2844 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2851 lsa_dissect_lsarquerysecret_reply(tvbuff_t *tvb, int offset,
2852 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2854 /* [in, out, unique] LSA_SECRET **curr_val */
2855 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2856 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2857 "LSA_SECRET pointer: curr_val", -1);
2859 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2860 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2861 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2862 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2864 /* [in, out, unique] LSA_SECRET **old_val */
2865 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2866 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2867 "LSA_SECRET pointer: old_val", -1);
2869 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2870 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2871 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2872 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2874 offset = dissect_ntstatus(
2875 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2881 lsa_dissect_lsardeleteobject_rqst(tvbuff_t *tvb, int offset,
2882 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2884 /* [in] LSA_HANDLE hnd */
2885 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2886 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2893 lsa_dissect_lsardeleteobject_reply(tvbuff_t *tvb, int offset,
2894 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2896 offset = dissect_ntstatus(
2897 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2903 lsa_dissect_lsarenumerateaccountswithuserright_rqst(tvbuff_t *tvb, int offset,
2904 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2906 /* [in] LSA_HANDLE hnd */
2907 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2908 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2910 /* [in, unique] LSA_UNICODE_STRING *rights */
2911 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2912 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2913 "LSA_UNICODE_STRING pointer: rights", hf_lsa_rights);
2919 lsa_dissect_lsarenumerateaccountswithuserright_reply(tvbuff_t *tvb, int offset,
2920 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2922 /* [out, ref] LSA_UNICODE_STRING_ARRAY *accounts */
2923 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2924 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2925 "Account pointer: names", hf_lsa_acct);
2927 offset = dissect_ntstatus(
2928 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2934 lsa_dissect_lsarenumerateaccountrights_rqst(tvbuff_t *tvb, int offset,
2935 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2937 /* [in] LSA_HANDLE hnd */
2938 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2939 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2941 /* [in, ref] SID *account */
2942 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
2949 lsa_dissect_lsarenumerateaccountrights_reply(tvbuff_t *tvb, int offset,
2950 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2952 /* [out, ref] LSA_UNICODE_STRING_ARRAY *rights */
2953 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2954 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2955 "Account pointer: rights", hf_lsa_rights);
2957 offset = dissect_ntstatus(
2958 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2964 lsa_dissect_lsaraddaccountrights_rqst(tvbuff_t *tvb, int offset,
2965 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2967 /* [in] LSA_HANDLE hnd */
2968 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2969 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2971 /* [in, ref] SID *account */
2972 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
2974 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2975 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2976 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2977 "Account pointer: rights", hf_lsa_rights);
2984 lsa_dissect_lsaraddaccountrights_reply(tvbuff_t *tvb, int offset,
2985 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2987 offset = dissect_ntstatus(
2988 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2994 lsa_dissect_lsarremoveaccountrights_rqst(tvbuff_t *tvb, int offset,
2995 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2997 /* [in] LSA_HANDLE hnd */
2998 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2999 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3001 /* [in, ref] SID *account */
3002 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
3005 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3006 hf_lsa_remove_all, NULL);
3008 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
3009 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3010 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
3011 "Account pointer: rights", hf_lsa_rights);
3018 lsa_dissect_lsarremoveaccountrights_reply(tvbuff_t *tvb, int offset,
3019 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3021 offset = dissect_ntstatus(
3022 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3029 lsa_dissect_lsarquerytrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3030 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3032 /* [in] LSA_HANDLE handle */
3033 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3034 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3036 /* [in, ref] LSA_UNICODE_STRING *name */
3038 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3041 /* [in] TRUSTED_INFORMATION_CLASS level */
3042 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3043 hf_lsa_trusted_info_level, NULL);
3050 lsa_dissect_lsarquerytrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3051 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3053 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3054 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3055 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3056 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3058 offset = dissect_ntstatus(
3059 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3066 lsa_dissect_lsarsettrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3067 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3069 /* [in] LSA_HANDLE handle */
3070 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3071 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3073 /* [in, ref] LSA_UNICODE_STRING *name */
3075 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3078 /* [in] TRUSTED_INFORMATION_CLASS level */
3079 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3080 hf_lsa_trusted_info_level, NULL);
3082 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3083 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3084 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3085 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3092 lsa_dissect_lsarsettrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3093 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3095 offset = dissect_ntstatus(
3096 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3102 lsa_dissect_lsarquerytrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3103 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3105 /* [in] LSA_HANDLE handle */
3106 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3107 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3109 /* [in, ref] SID *sid */
3110 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
3112 /* [in] TRUSTED_INFORMATION_CLASS level */
3113 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3114 hf_lsa_trusted_info_level, NULL);
3120 lsa_dissect_lsaropentrusteddomainbyname_rqst(tvbuff_t *tvb, int offset,
3121 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3123 /* [in] LSA_HANDLE handle */
3124 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3125 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3127 /* [in, ref] LSA_UNICODE_STRING *name */
3129 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3132 /* [in] ACCESS_MASK access */
3133 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3141 lsa_dissect_lsaropentrusteddomainbyname_reply(tvbuff_t *tvb, int offset,
3142 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3144 /* [out] LSA_HANDLE handle */
3145 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3146 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3148 offset = dissect_ntstatus(
3149 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3157 lsa_dissect_lsarquerytrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3158 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3160 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3161 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3162 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3163 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3165 offset = dissect_ntstatus(
3166 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3172 lsa_dissect_lsarsettrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3173 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3175 /* [in] LSA_HANDLE handle */
3176 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3177 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3179 /* [in, ref] SID *sid */
3180 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
3182 /* [in] TRUSTED_INFORMATION_CLASS level */
3183 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3184 hf_lsa_trusted_info_level, NULL);
3186 /* [ref, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3187 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3188 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3189 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3196 lsa_dissect_lsarsettrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3197 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3199 offset = dissect_ntstatus(
3200 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3206 lsa_dissect_lsarqueryinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3207 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3211 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3212 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3214 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3215 hf_lsa_policy_information_class, &level);
3217 if (check_col(pinfo->cinfo, COL_INFO))
3219 pinfo->cinfo, COL_INFO, ", %s",
3220 val_to_str(level, policy_information_class_vals,
3227 lsa_dissect_lsarqueryinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3228 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3230 /* This is really a pointer to a pointer though the first level is REF
3231 so we just ignore that one */
3232 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3233 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
3234 "POLICY_INFORMATION pointer: info", -1);
3236 offset = dissect_ntstatus(
3237 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3243 lsa_dissect_lsarsetinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3244 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3246 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3247 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3249 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3250 hf_lsa_policy_information_class, NULL);
3252 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3253 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3254 "POLICY_INFORMATION pointer: info", -1);
3260 lsa_dissect_lsarsetinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3261 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3263 offset = dissect_ntstatus(
3264 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3270 lsa_dissect_lsarquerydomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3271 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3273 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3274 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3276 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3277 hf_lsa_policy_information_class, NULL);
3283 lsa_dissect_lsarquerydomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3284 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3286 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3287 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3288 "POLICY_INFORMATION pointer: info", -1);
3290 offset = dissect_ntstatus(
3291 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3297 lsa_dissect_lsarsetdomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3298 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3300 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3301 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3303 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3304 hf_lsa_policy_information_class, NULL);
3306 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3307 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3308 "POLICY_INFORMATION pointer: info", -1);
3314 lsa_dissect_lsarsetdomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3315 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3317 offset = dissect_ntstatus(
3318 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3324 lsa_dissect_lsarlookupnames2_rqst(tvbuff_t *tvb, int offset,
3325 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3327 /* [in] LSA_HANDLE hnd */
3328 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3329 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3331 /* [in] ULONG count */
3332 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3333 hf_lsa_count, NULL);
3335 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
3336 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3337 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
3338 "Account pointer: names", hf_lsa_acct);
3340 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3341 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3342 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3343 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3345 /* [in] USHORT level */
3346 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3347 hf_lsa_info_level, NULL);
3349 /* [in, out, ref] ULONG *num_mapped */
3350 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3351 hf_lsa_num_mapped, NULL);
3354 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3355 hf_lsa_unknown_long, NULL);
3358 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3359 hf_lsa_unknown_long, NULL);
3366 lsa_dissect_lsarlookupnames2_reply(tvbuff_t *tvb, int offset,
3367 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3369 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
3370 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3371 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3372 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3374 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3375 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3376 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3377 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3379 /* [in, out, ref] ULONG *num_mapped */
3380 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3381 hf_lsa_num_mapped, NULL);
3383 offset = dissect_ntstatus(
3384 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3391 lsa_dissect_lsarcreateaccount_rqst(tvbuff_t *tvb, int offset,
3392 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3394 /* [in] LSA_HANDLE hnd */
3395 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3396 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3398 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
3400 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3407 lsa_dissect_lsarcreateaccount_reply(tvbuff_t *tvb, int offset,
3408 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3410 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3411 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3413 offset = dissect_ntstatus(
3414 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3420 lsa_dissect_lsarlookupprivilegedisplayname_rqst(tvbuff_t *tvb, int offset,
3421 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3423 /* [in] LSA_HANDLE hnd */
3424 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3425 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3427 /* [in, ref] LSA_UNICODE_STRING *name */
3428 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3429 hf_lsa_privilege_name, 0);
3431 /* [in, ref] long *size */
3432 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3433 hf_lsa_privilege_display_name_size, NULL);
3440 lsa_dissect_lsarlookupprivilegedisplayname_reply(tvbuff_t *tvb, int offset,
3441 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3443 /* [out, ref] LSA_UNICODE_STRING **disp_name */
3444 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3445 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3446 "NAME pointer: ", hf_lsa_privilege_display_name);
3448 /* [out, ref] long *size */
3449 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3450 hf_lsa_privilege_display_name_size, NULL);
3452 offset = dissect_ntstatus(
3453 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3459 lsa_dissect_lsarstoreprivatedata_rqst(tvbuff_t *tvb, int offset,
3460 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3462 /* [in] LSA_HANDLE hnd */
3463 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3464 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3466 /* [in, ref] LSA_UNICODE_STRING *key */
3467 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3470 /* [in, unique] LSA_SECRET **data */
3471 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3472 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
3473 "LSA_SECRET* pointer: data", -1);
3480 lsa_dissect_lsarstoreprivatedata_reply(tvbuff_t *tvb, int offset,
3481 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3483 offset = dissect_ntstatus(
3484 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3490 lsa_dissect_lsarretrieveprivatedata_rqst(tvbuff_t *tvb, int offset,
3491 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3493 /* [in] LSA_HANDLE hnd */
3494 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3495 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3497 /* [in, ref] LSA_UNICODE_STRING *key */
3498 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3501 /* [in, out, ref] LSA_SECRET **data */
3502 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3503 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3504 "LSA_SECRET* pointer: data", -1);
3511 lsa_dissect_lsarretrieveprivatedata_reply(tvbuff_t *tvb, int offset,
3512 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3514 /* [in, out, ref] LSA_SECRET **data */
3515 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3516 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3517 "LSA_SECRET* pointer: data", -1);
3519 offset = dissect_ntstatus(
3520 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3526 lsa_dissect_lsarclosetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3527 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3530 /* [in, out] LSA_HANDLE *tdHnd */
3531 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3532 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3539 lsa_dissect_lsarclosetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3540 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3543 /* [in, out] LSA_HANDLE *tdHnd */
3544 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3545 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3547 offset = dissect_ntstatus(
3548 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3554 lsa_dissect_LSA_TRANSLATED_NAME_EX(tvbuff_t *tvb, int offset,
3555 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
3557 proto_item *item=NULL;
3558 proto_tree *tree=NULL;
3559 int old_offset=offset;
3562 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3563 "LSA_TRANSLATED_NAME:");
3564 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
3568 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3569 hf_lsa_sid_type, NULL);
3572 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3576 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3577 hf_lsa_index, NULL);
3580 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3581 hf_lsa_unknown_long, NULL);
3583 proto_item_set_len(item, offset-old_offset);
3588 lsa_dissect_LSA_TRANSLATED_NAME_EX_array(tvbuff_t *tvb, int offset,
3589 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3591 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3592 lsa_dissect_LSA_TRANSLATED_NAME_EX);
3597 lsa_dissect_LSA_TRANSLATED_NAMES_EX(tvbuff_t *tvb, int offset,
3598 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3601 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3602 hf_lsa_count, NULL);
3604 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3605 lsa_dissect_LSA_TRANSLATED_NAME_EX_array, NDR_POINTER_UNIQUE,
3606 "LSA_TRANSLATED_NAME_EX: pointer", -1);
3613 lsa_dissect_lsarlookupsids2_rqst(tvbuff_t *tvb, int offset,
3614 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3616 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3617 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3619 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3620 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3623 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3624 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3625 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3627 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3628 hf_lsa_info_level, NULL);
3630 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3631 hf_lsa_num_mapped, NULL);
3634 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3635 hf_lsa_unknown_long, NULL);
3638 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3639 hf_lsa_unknown_long, NULL);
3645 lsa_dissect_lsarlookupsids2_reply(tvbuff_t *tvb, int offset,
3646 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3648 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3649 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3650 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3652 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3653 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3654 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3656 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3657 hf_lsa_num_mapped, NULL);
3659 offset = dissect_ntstatus(
3660 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3666 lsa_dissect_lsargetusername_rqst(tvbuff_t *tvb, int offset,
3667 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3670 /* [in, unique, string] WCHAR *server */
3671 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3672 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
3673 "Server:", hf_lsa_server);
3675 /* [in, out, ref] LSA_UNICODE_STRING **user */
3676 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3677 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3678 "ACCOUNT pointer: ", hf_lsa_acct);
3680 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3681 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3682 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3683 "DOMAIN pointer: ", hf_lsa_domain);
3690 lsa_dissect_lsargetusername_reply(tvbuff_t *tvb, int offset,
3691 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3693 /* [in, out, ref] LSA_UNICODE_STRING **user */
3694 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3695 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3696 "ACCOUNT pointer: ", hf_lsa_acct);
3698 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3699 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3700 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3701 "DOMAIN pointer: ", hf_lsa_domain);
3703 offset = dissect_ntstatus(
3704 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3710 lsa_dissect_lsarcreatetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3711 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3713 /* [in] LSA_HANDLE hnd */
3714 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3715 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3717 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3718 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3719 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3720 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3722 /* [in, ref] TRUSTED_DOMAIN_AUTH_INFORMATION *auth */
3723 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3724 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION, NDR_POINTER_REF,
3725 "TRUSTED_DOMAIN_AUTH_INFORMATION pointer: auth", -1);
3727 /* [in] ACCESS_MASK mask */
3728 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3736 lsa_dissect_lsarcreatetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3737 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3739 /* [out] LSA_HANDLE *tdHnd) */
3740 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3741 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3743 offset = dissect_ntstatus(
3744 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3750 lsa_dissect_lsarenumeratetrusteddomainsex_rqst(tvbuff_t *tvb, int offset,
3751 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3753 /* [in] LSA_HANDLE hnd */
3754 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3755 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3757 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3758 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3759 hf_lsa_resume_handle, NULL);
3761 /* [in] ULONG pref_maxlen */
3762 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3763 hf_lsa_max_count, NULL);
3770 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array(tvbuff_t *tvb, int offset,
3771 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3773 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3774 lsa_dissect_LSA_TRUST_INFORMATION_EX);
3780 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX(tvbuff_t *tvb, int offset,
3781 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3784 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3785 hf_lsa_count, NULL);
3787 /* trust information */
3788 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3789 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array, NDR_POINTER_UNIQUE,
3790 "TRUST INFORMATION array:", -1);
3793 /* The original code here was wrong. It now handles these correctly */
3794 /*offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3795 hf_lsa_max_count, NULL);
3802 lsa_dissect_lsarenumeratetrusteddomainsex_reply(tvbuff_t *tvb, int offset,
3803 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3805 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3806 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3807 hf_lsa_resume_handle, NULL);
3809 /* [out, ref] TRUSTED_DOMAIN_INFORMATION_LIST_EX *domains */
3810 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3811 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX, NDR_POINTER_REF,
3812 "TRUSTED_DOMAIN_INFORMATION_LIST_EX pointer: domains", -1);
3814 offset = dissect_ntstatus(
3815 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3821 lsa_dissect_lsartestcall_rqst(tvbuff_t *tvb, int offset,
3822 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3824 /* [in] LSA_HANDLE handle */
3825 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3826 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3828 /* [in] USHORT flag */
3829 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3830 hf_lsa_unknown_short, NULL);
3832 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3833 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3834 pointer_lsa_dissect_sec_desc_buf, NDR_POINTER_REF,
3835 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3842 lsa_dissect_lsartestcall_reply(tvbuff_t *tvb, int offset,
3843 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3845 /* [out, ref] LSA_SECURITY_DESCRIPTOR **psd) */
3846 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3847 pointer_lsa_dissect_sec_desc_buf, NDR_POINTER_UNIQUE,
3848 "LSA_SECURITY_DESCRIPTOR pointer: psd)", -1);
3850 offset = dissect_ntstatus(
3851 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3857 lsa_dissect_lsarcreatetrusteddomainex2_rqst(tvbuff_t *tvb, int offset,
3858 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3860 /* [in] LSA_HANDLE hnd */
3861 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3862 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3864 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3865 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3866 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3867 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3869 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3870 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3871 pointer_lsa_dissect_sec_desc_buf, NDR_POINTER_REF,
3872 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3874 /* [in] ULONG unknown */
3875 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3876 hf_lsa_unknown_long, NULL);
3883 lsa_dissect_lsarcreatetrusteddomainex2_reply(tvbuff_t *tvb, int offset,
3884 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3886 /* [out] LSA_HANDLE *h2) */
3887 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3888 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3890 offset = dissect_ntstatus(
3891 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3897 static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
3898 { LSA_LSARCLOSE, "LsarClose",
3899 lsa_dissect_lsarclose_rqst,
3900 lsa_dissect_lsarclose_reply },
3901 { LSA_LSARDELETE, "LsarDelete",
3902 lsa_dissect_lsardelete_rqst,
3903 lsa_dissect_lsardelete_reply },
3904 { LSA_LSARENUMERATEPRIVILEGES, "LsarEnumeratePrivileges",
3905 lsa_dissect_lsarenumerateprivileges_rqst,
3906 lsa_dissect_lsarenumerateprivileges_reply },
3907 { LSA_LSARQUERYSECURITYOBJECT, "LsarQuerySecurityObject",
3908 lsa_dissect_lsarquerysecurityobject_rqst,
3909 lsa_dissect_lsarquerysecurityobject_reply },
3910 { LSA_LSARSETSECURITYOBJECT, "LsarSetSecurityObject",
3911 lsa_dissect_lsarsetsecurityobject_rqst,
3912 lsa_dissect_lsarsetsecurityobject_reply },
3913 { LSA_LSARCHANGEPASSWORD, "LsarChangePassword",
3914 lsa_dissect_lsarchangepassword_rqst,
3915 lsa_dissect_lsarchangepassword_reply },
3916 { LSA_LSAROPENPOLICY, "LsarOpenPolicy",
3917 lsa_dissect_lsaropenpolicy_rqst,
3918 lsa_dissect_lsaropenpolicy_reply },
3919 { LSA_LSARQUERYINFORMATIONPOLICY, "LsarQueryInformationPolicy",
3920 lsa_dissect_lsarqueryinformationpolicy_rqst,
3921 lsa_dissect_lsarqueryinformationpolicy_reply },
3922 { LSA_LSARSETINFORMATIONPOLICY, "LsarSetInformationPolicy",
3923 lsa_dissect_lsarsetinformationpolicy_rqst,
3924 lsa_dissect_lsarsetinformationpolicy_reply },
3925 { LSA_LSARCLEARAUDITLOG, "LsarClearAuditLog",
3926 lsa_dissect_lsarclearauditlog_rqst,
3927 lsa_dissect_lsarclearauditlog_reply },
3928 { LSA_LSARCREATEACCOUNT, "LsarCreateAccount",
3929 lsa_dissect_lsarcreateaccount_rqst,
3930 lsa_dissect_lsarcreateaccount_reply },
3931 { LSA_LSARENUMERATEACCOUNTS, "LsarEnumerateAccounts",
3932 lsa_dissect_lsarenumerateaccounts_rqst,
3933 lsa_dissect_lsarenumerateaccounts_reply },
3934 { LSA_LSARCREATETRUSTEDDOMAIN, "LsarCreateTrustedDomain",
3935 lsa_dissect_lsarcreatetrusteddomain_rqst,
3936 lsa_dissect_lsarcreatetrusteddomain_reply },
3937 { LSA_LSARENUMERATETRUSTEDDOMAINS, "LsarEnumerateTrustedDomains",
3938 lsa_dissect_lsarenumeratetrusteddomains_rqst,
3939 lsa_dissect_lsarenumeratetrusteddomains_reply },
3940 { LSA_LSARLOOKUPNAMES, "LsarLookupNames",
3941 lsa_dissect_lsarlookupnames_rqst,
3942 lsa_dissect_lsarlookupnames_reply },
3943 { LSA_LSARLOOKUPSIDS, "LsarLookupSids",
3944 lsa_dissect_lsarlookupsids_rqst,
3945 lsa_dissect_lsarlookupsids_reply },
3946 { LSA_LSARCREATESECRET, "LsarCreateSecret",
3947 lsa_dissect_lsarcreatesecret_rqst,
3948 lsa_dissect_lsarcreatesecret_reply },
3949 { LSA_LSAROPENACCOUNT, "LsarOpenAccount",
3950 lsa_dissect_lsaropenaccount_rqst,
3951 lsa_dissect_lsaropenaccount_reply },
3952 { LSA_LSARENUMERATEPRIVILEGESACCOUNT, "LsarEnumeratePrivilegesAccount",
3953 lsa_dissect_lsarenumerateprivilegesaccount_rqst,
3954 lsa_dissect_lsarenumerateprivilegesaccount_reply },
3955 { LSA_LSARADDPRIVILEGESTOACCOUNT, "LsarAddPrivilegesToAccount",
3956 lsa_dissect_lsaraddprivilegestoaccount_rqst,
3957 lsa_dissect_lsaraddprivilegestoaccount_reply },
3958 { LSA_LSARREMOVEPRIVILEGESFROMACCOUNT, "LsarRemovePrivilegesFromAccount",
3959 lsa_dissect_lsarremoveprivilegesfromaccount_rqst,
3960 lsa_dissect_lsarremoveprivilegesfromaccount_reply },
3961 { LSA_LSARGETQUOTASFORACCOUNT, "LsarGetQuotasForAccount",
3962 lsa_dissect_lsargetquotasforaccount_rqst,
3963 lsa_dissect_lsargetquotasforaccount_reply },
3964 { LSA_LSARSETQUOTASFORACCOUNT, "LsarSetQuotasForAccount",
3965 lsa_dissect_lsarsetquotasforaccount_rqst,
3966 lsa_dissect_lsarsetquotasforaccount_reply },
3967 { LSA_LSARGETSYSTEMACCESSACCOUNT, "LsarGetSystemAccessAccount",
3968 lsa_dissect_lsargetsystemaccessaccount_rqst,
3969 lsa_dissect_lsargetsystemaccessaccount_reply },
3970 { LSA_LSARSETSYSTEMACCESSACCOUNT, "LsarSetSystemAccessAccount",
3971 lsa_dissect_lsarsetsystemaccessaccount_rqst,
3972 lsa_dissect_lsarsetsystemaccessaccount_reply },
3973 { LSA_LSAROPENTRUSTEDDOMAIN, "LsarOpenTrustedDomain",
3974 lsa_dissect_lsaropentrusteddomain_rqst,
3975 lsa_dissect_lsaropentrusteddomain_reply },
3976 { LSA_LSARQUERYINFOTRUSTEDDOMAIN, "LsarQueryInfoTrustedDomain",
3977 lsa_dissect_lsarqueryinfotrusteddomain_rqst,
3978 lsa_dissect_lsarqueryinfotrusteddomain_reply },
3979 { LSA_LSARSETINFORMATIONTRUSTEDDOMAIN, "LsarSetInformationTrustedDomain",
3980 lsa_dissect_lsarsetinformationtrusteddomain_rqst,
3981 lsa_dissect_lsarsetinformationtrusteddomain_reply },
3982 { LSA_LSAROPENSECRET, "LsarOpenSecret",
3983 lsa_dissect_lsaropensecret_rqst,
3984 lsa_dissect_lsaropensecret_reply },
3985 { LSA_LSARSETSECRET, "LsarSetSecret",
3986 lsa_dissect_lsarsetsecret_rqst,
3987 lsa_dissect_lsarsetsecret_reply },
3988 { LSA_LSARQUERYSECRET, "LsarQuerySecret",
3989 lsa_dissect_lsarquerysecret_rqst,
3990 lsa_dissect_lsarquerysecret_reply },
3991 { LSA_LSARLOOKUPPRIVILEGEVALUE, "LsarLookupPrivilegeValue",
3992 lsa_dissect_lsarlookupprivilegevalue_rqst,
3993 lsa_dissect_lsarlookupprivilegevalue_reply },
3994 { LSA_LSARLOOKUPPRIVILEGENAME, "LsarLookupPrivilegeName",
3995 lsa_dissect_lsarlookupprivilegename_rqst,
3996 lsa_dissect_lsarlookupprivilegename_reply },
3997 { LSA_LSARLOOKUPPRIVILEGEDISPLAYNAME, "LsarLookupPrivilegeDisplayName",
3998 lsa_dissect_lsarlookupprivilegedisplayname_rqst,
3999 lsa_dissect_lsarlookupprivilegedisplayname_reply },
4000 { LSA_LSARDELETEOBJECT, "LsarDeleteObject",
4001 lsa_dissect_lsardeleteobject_rqst,
4002 lsa_dissect_lsardeleteobject_reply },
4003 { LSA_LSARENUMERATEACCOUNTSWITHUSERRIGHT, "LsarEnumerateAccountsWithUserRight",
4004 lsa_dissect_lsarenumerateaccountswithuserright_rqst,
4005 lsa_dissect_lsarenumerateaccountswithuserright_reply },
4006 { LSA_LSARENUMERATEACCOUNTRIGHTS, "LsarEnumerateAccountRights",
4007 lsa_dissect_lsarenumerateaccountrights_rqst,
4008 lsa_dissect_lsarenumerateaccountrights_reply },
4009 { LSA_LSARADDACCOUNTRIGHTS, "LsarAddAccountRights",
4010 lsa_dissect_lsaraddaccountrights_rqst,
4011 lsa_dissect_lsaraddaccountrights_reply },
4012 { LSA_LSARREMOVEACCOUNTRIGHTS, "LsarRemoveAccountRights",
4013 lsa_dissect_lsarremoveaccountrights_rqst,
4014 lsa_dissect_lsarremoveaccountrights_reply },
4015 { LSA_LSARQUERYTRUSTEDDOMAININFO, "LsarQueryTrustedDomainInfo",
4016 lsa_dissect_lsarquerytrusteddomaininfo_rqst,
4017 lsa_dissect_lsarquerytrusteddomaininfo_reply },
4018 { LSA_LSARSETTRUSTEDDOMAININFO, "LsarSetTrustedDomainInfo",
4019 lsa_dissect_lsarsettrusteddomaininfo_rqst,
4020 lsa_dissect_lsarsettrusteddomaininfo_reply },
4021 { LSA_LSARDELETETRUSTEDDOMAIN, "LsarDeleteTrustedDomain",
4022 lsa_dissect_lsardeletetrusteddomain_rqst,
4023 lsa_dissect_lsardeletetrusteddomain_reply },
4024 { LSA_LSARSTOREPRIVATEDATA, "LsarStorePrivateData",
4025 lsa_dissect_lsarstoreprivatedata_rqst,
4026 lsa_dissect_lsarstoreprivatedata_reply },
4027 { LSA_LSARRETRIEVEPRIVATEDATA, "LsarRetrievePrivateData",
4028 lsa_dissect_lsarretrieveprivatedata_rqst,
4029 lsa_dissect_lsarretrieveprivatedata_reply },
4030 { LSA_LSAROPENPOLICY2, "LsarOpenPolicy2",
4031 lsa_dissect_lsaropenpolicy2_rqst,
4032 lsa_dissect_lsaropenpolicy2_reply },
4033 { LSA_LSARGETUSERNAME, "LsarGetUserName",
4034 lsa_dissect_lsargetusername_rqst,
4035 lsa_dissect_lsargetusername_reply },
4036 { LSA_LSARQUERYINFORMATIONPOLICY2, "LsarQueryInformationPolicy2",
4037 lsa_dissect_lsarqueryinformationpolicy2_rqst,
4038 lsa_dissect_lsarqueryinformationpolicy2_reply },
4039 { LSA_LSARSETINFORMATIONPOLICY2, "LsarSetInformationPolicy2",
4040 lsa_dissect_lsarsetinformationpolicy2_rqst,
4041 lsa_dissect_lsarsetinformationpolicy2_reply },
4042 { LSA_LSARQUERYTRUSTEDDOMAININFOBYNAME, "LsarQueryTrustedDomainInfoByName",
4043 lsa_dissect_lsarquerytrusteddomaininfobyname_rqst,
4044 lsa_dissect_lsarquerytrusteddomaininfobyname_reply },
4045 { LSA_LSARSETTRUSTEDDOMAININFOBYNAME, "LsarSetTrustedDomainInfoByName",
4046 lsa_dissect_lsarsettrusteddomaininfobyname_rqst,
4047 lsa_dissect_lsarsettrusteddomaininfobyname_reply },
4048 { LSA_LSARENUMERATETRUSTEDDOMAINSEX, "LsarEnumerateTrustedDomainsEx",
4049 lsa_dissect_lsarenumeratetrusteddomainsex_rqst,
4050 lsa_dissect_lsarenumeratetrusteddomainsex_reply },
4051 { LSA_LSARCREATETRUSTEDDOMAINEX, "LsarCreateTrustedDomainEx",
4052 lsa_dissect_lsarcreatetrusteddomainex_rqst,
4053 lsa_dissect_lsarcreatetrusteddomainex_reply },
4054 { LSA_LSARCLOSETRUSTEDDOMAINEX, "LsarCloseTrustedDomainEx",
4055 lsa_dissect_lsarclosetrusteddomainex_rqst,
4056 lsa_dissect_lsarclosetrusteddomainex_reply },
4057 { LSA_LSARQUERYDOMAININFORMATIONPOLICY, "LsarQueryDomainInformationPolicy",
4058 lsa_dissect_lsarquerydomaininformationpolicy_rqst,
4059 lsa_dissect_lsarquerydomaininformationpolicy_reply },
4060 { LSA_LSARSETDOMAININFORMATIONPOLICY, "LsarSetDomainInformationPolicy",
4061 lsa_dissect_lsarsetdomaininformationpolicy_rqst,
4062 lsa_dissect_lsarsetdomaininformationpolicy_reply },
4063 { LSA_LSAROPENTRUSTEDDOMAINBYNAME, "LsarOpenTrustedDomainByName",
4064 lsa_dissect_lsaropentrusteddomainbyname_rqst,
4065 lsa_dissect_lsaropentrusteddomainbyname_reply },
4066 { LSA_LSARTESTCALL, "LsarTestCall",
4067 lsa_dissect_lsartestcall_rqst,
4068 lsa_dissect_lsartestcall_reply },
4069 { LSA_LSARLOOKUPSIDS2, "LsarLookupSids2",
4070 lsa_dissect_lsarlookupsids2_rqst,
4071 lsa_dissect_lsarlookupsids2_reply },
4072 { LSA_LSARLOOKUPNAMES2, "LsarLookupNames2",
4073 lsa_dissect_lsarlookupnames2_rqst,
4074 lsa_dissect_lsarlookupnames2_reply },
4075 { LSA_LSARCREATETRUSTEDDOMAINEX2, "LsarCreateTrustedDomainEx2",
4076 lsa_dissect_lsarcreatetrusteddomainex2_rqst,
4077 lsa_dissect_lsarcreatetrusteddomainex2_reply },
4078 { LSA_CREDRWRITE, "CredrWrite", NULL, NULL },
4079 { LSA_CREDRREAD, "CredrRead", NULL, NULL },
4080 { LSA_CREDRENUMERATE, "CredrEnumerate", NULL, NULL },
4081 { LSA_CREDRWRITEDOMAINCREDENTIALS, "CredrWriteDomainCredentials",
4083 { LSA_CREDRREADDOMAINCREDENTIALS, "CredrReadDomainCredentials",
4085 { LSA_CREDRDELETE, "CredrDelete", NULL, NULL },
4086 { LSA_CREDRGETTARGETINFO, "CredrGetTargetInfo", NULL, NULL },
4087 { LSA_CREDRPROFILELOADED, "CredrProfileLoaded", NULL, NULL },
4088 { LSA_LSARLOOKUPNAMES3, "LsarLookupNames3", NULL, NULL },
4089 { LSA_CREDRGETSESSIONTYPES, "CredrGetSessionTypes", NULL, NULL },
4090 { LSA_LSARREGISTERAUDITEVENT, "LsarRegisterAuditEvent", NULL, NULL },
4091 { LSA_LSARGENAUDITEVENT, "LsarGenAuditEvent", NULL, NULL },
4092 { LSA_LSARUNREGISTERAUDITEVENT, "LsarUnregisterAuditEvent", NULL, NULL},
4093 { LSA_LSARQUERYFORESTTRUSTINFORMATION,
4094 "LsarQueryForestTrustInformation", NULL, NULL },
4095 { LSA_LSARSETFORESTTRUSTINFORMATION, "LsarSetForestTrustInformation",
4097 { LSA_CREDRRENAME, "CredrRename", NULL, NULL },
4098 { LSA_LSARLOOKUPSIDS3, "LsarLookupSids3", NULL, NULL },
4099 { LSA_LSARLOOKUPNAMES4, "LsarLookupNames4", NULL, NULL },
4100 { LSA_LSAROPENPOLICYSCE, "LsarOpenPolicySce", NULL, NULL },
4101 { LSA_LSARADTREGISTERSECURITYEVENTSOURCE,
4102 "LsarAdtRegisterSecurityEventSource", NULL, NULL },
4103 { LSA_LSARADTUNREGISTERSECURITYEVENTSOURCE,
4104 "LsarAdtUnregisterSecurityEventSource", NULL, NULL },
4105 { LSA_LSARADTREPORTSECURITYEVENT, "LsarAdtReportSecurityEvent",
4107 {0, NULL, NULL, NULL}
4111 proto_register_dcerpc_lsa(void)
4113 static hf_register_info hf[] = {
4116 { "Operation", "lsa.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "Operation", HFILL }},
4118 { &hf_lsa_unknown_string,
4119 { "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
4120 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
4123 { "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
4124 NULL, 0x0, "LSA policy handle", HFILL }},
4127 { "Server", "lsa.server", FT_STRING, BASE_NONE,
4128 NULL, 0, "Name of Server", HFILL }},
4130 { &hf_lsa_controller,
4131 { "Controller", "lsa.controller", FT_STRING, BASE_NONE,
4132 NULL, 0, "Name of Domain Controller", HFILL }},
4134 { &hf_lsa_unknown_hyper,
4135 { "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
4136 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4138 { &hf_lsa_unknown_long,
4139 { "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
4140 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4142 { &hf_lsa_unknown_short,
4143 { "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
4144 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4146 { &hf_lsa_unknown_char,
4147 { "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
4148 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4151 { "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
4152 VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
4155 { "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
4156 NULL, 0x0, "LSA Attributes", HFILL }},
4158 { &hf_lsa_obj_attr_len,
4159 { "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
4160 NULL, 0x0, "Length of object attribute structure", HFILL }},
4162 { &hf_lsa_obj_attr_name,
4163 { "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
4164 NULL, 0x0, "Name of object attribute", HFILL }},
4166 { &hf_lsa_access_mask,
4167 { "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
4168 NULL, 0x0, "LSA Access Mask", HFILL }},
4170 { &hf_lsa_info_level,
4171 { "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
4172 NULL, 0x0, "Information level of requested data", HFILL }},
4174 { &hf_lsa_trusted_info_level,
4175 { "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
4176 VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
4179 { "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
4180 NULL, 0x0, "Size of lsa security descriptor", HFILL }},
4183 { "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
4184 NULL, 0x0, "Length of quality of service structure", HFILL }},
4186 { &hf_lsa_qos_impersonation_level,
4187 { "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
4188 VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
4190 { &hf_lsa_qos_track_context,
4191 { "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
4192 NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
4194 { &hf_lsa_qos_effective_only,
4195 { "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
4196 NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
4198 { &hf_lsa_pali_percent_full,
4199 { "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
4200 NULL, 0x0, "How full audit log is in percentage", HFILL }},
4202 { &hf_lsa_pali_log_size,
4203 { "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
4204 NULL, 0x0, "Size of audit log", HFILL }},
4206 { &hf_lsa_pali_retention_period,
4207 { "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
4208 NULL, 0x0, "", HFILL }},
4210 { &hf_lsa_pali_time_to_shutdown,
4211 { "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
4212 NULL, 0x0, "Time to shutdown", HFILL }},
4214 { &hf_lsa_pali_shutdown_in_progress,
4215 { "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
4216 NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
4218 { &hf_lsa_pali_next_audit_record,
4219 { "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
4220 NULL, 0x0, "Next audit record", HFILL }},
4222 { &hf_lsa_paei_enabled,
4223 { "Auditing enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
4224 NULL, 0x0, "If Security auditing is enabled or not", HFILL }},
4226 { &hf_lsa_paei_settings,
4227 { "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
4228 NULL, 0x0, "Audit Events Information settings", HFILL }},
4231 { "Count", "lsa.count", FT_UINT32, BASE_DEC,
4232 NULL, 0x0, "Count of objects", HFILL }},
4234 { &hf_lsa_max_count,
4235 { "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
4236 NULL, 0x0, "", HFILL }},
4239 { "FQDN", "lsa.fqdn_domain", FT_STRING, BASE_NONE,
4240 NULL, 0x0, "Fully Qualified Domain Name", HFILL }},
4243 { "Domain", "lsa.domain", FT_STRING, BASE_NONE,
4244 NULL, 0x0, "Domain", HFILL }},
4247 { "Account", "lsa.acct", FT_STRING, BASE_NONE,
4248 NULL, 0x0, "Account", HFILL }},
4251 { "Source", "lsa.source", FT_STRING, BASE_NONE,
4252 NULL, 0x0, "Replica Source", HFILL }},
4254 { &hf_lsa_server_role,
4255 { "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
4256 VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
4258 { &hf_lsa_quota_paged_pool,
4259 { "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
4260 NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
4262 { &hf_lsa_quota_non_paged_pool,
4263 { "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
4264 NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
4266 { &hf_lsa_quota_min_wss,
4267 { "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
4268 NULL, 0x0, "Size of Quota Min WSS", HFILL }},
4270 { &hf_lsa_quota_max_wss,
4271 { "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
4272 NULL, 0x0, "Size of Quota Max WSS", HFILL }},
4274 { &hf_lsa_quota_pagefile,
4275 { "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
4276 NULL, 0x0, "Size of quota pagefile usage", HFILL }},
4278 { &hf_lsa_mod_seq_no,
4279 { "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
4280 NULL, 0x0, "Sequence number for this modification", HFILL }},
4282 { &hf_lsa_mod_mtime,
4283 { "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4284 NULL, 0x0, "Time when this modification occured", HFILL }},
4286 { &hf_lsa_cur_mtime,
4287 { "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4288 NULL, 0x0, "Current MTime to set", HFILL }},
4290 { &hf_lsa_old_mtime,
4291 { "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4292 NULL, 0x0, "Old MTime for this object", HFILL }},
4295 { "Name", "lsa.name", FT_STRING, BASE_NONE,
4296 NULL, 0x0, "", HFILL }},
4299 { "Key", "lsa.key", FT_STRING, BASE_NONE,
4300 NULL, 0x0, "", HFILL }},
4302 { &hf_lsa_flat_name,
4303 { "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
4304 NULL, 0x0, "", HFILL }},
4307 { "Forest", "lsa.forest", FT_STRING, BASE_NONE,
4308 NULL, 0x0, "", HFILL }},
4310 { &hf_lsa_info_type,
4311 { "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
4312 NULL, 0x0, "", HFILL }},
4315 { "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
4316 NULL, 0x0, "New password", HFILL }},
4319 { "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
4320 NULL, 0x0, "Old password", HFILL }},
4323 { "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
4324 VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
4327 { "RID", "lsa.rid", FT_UINT32, BASE_HEX,
4328 NULL, 0x0, "RID", HFILL }},
4330 { &hf_lsa_rid_offset,
4331 { "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
4332 NULL, 0x0, "RID Offset", HFILL }},
4335 { "Index", "lsa.index", FT_UINT32, BASE_DEC,
4336 NULL, 0x0, "", HFILL }},
4338 { &hf_lsa_num_mapped,
4339 { "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
4340 NULL, 0x0, "", HFILL }},
4342 { &hf_lsa_policy_information_class,
4343 { "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
4344 VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
4347 { "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX,
4348 NULL, 0, "", HFILL }},
4350 { &hf_lsa_auth_blob,
4351 { "Auth blob", "lsa.auth.blob", FT_BYTES, BASE_HEX,
4352 NULL, 0, "", HFILL }},
4355 { "High", "nt.luid.high", FT_UINT32, BASE_HEX,
4356 NULL, 0x0, "LUID High component", HFILL }},
4359 { "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
4360 NULL, 0x0, "LUID Low component", HFILL }},
4363 { "Size", "lsa.size", FT_UINT32, BASE_DEC,
4364 NULL, 0x0, "", HFILL }},
4367 { "Size", "lsa.size", FT_UINT16, BASE_DEC,
4368 NULL, 0x0, "", HFILL }},
4370 { &hf_lsa_privilege_display_name_size,
4371 { "Size Needed", "lsa.privilege.display__name.size", FT_UINT32, BASE_DEC,
4372 NULL, 0x0, "Number of characters in the privilege display name", HFILL }},
4374 { &hf_lsa_privilege_name,
4375 { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
4376 NULL, 0x0, "LSA Privilege Name", HFILL }},
4378 { &hf_lsa_privilege_display_name,
4379 { "Display Name", "lsa.privilege.display_name", FT_STRING, BASE_NONE,
4380 NULL, 0x0, "LSA Privilege Display Name", HFILL }},
4383 { "Rights", "lsa.rights", FT_STRING, BASE_NONE,
4384 NULL, 0x0, "Account Rights", HFILL }},
4386 { &hf_lsa_policy_information,
4387 { "POLICY INFO", "lsa.policy_information", FT_NONE, BASE_NONE,
4388 NULL, 0x0, "Policy Information union", HFILL }},
4391 { "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
4392 NULL, 0x0, "LSA Attributes", HFILL }},
4394 { &hf_lsa_auth_update,
4395 { "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
4396 NULL, 0x0, "LSA Auth Info update", HFILL }},
4398 { &hf_lsa_resume_handle,
4399 { "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
4400 NULL, 0x0, "Resume Handle", HFILL }},
4402 { &hf_lsa_trust_direction,
4403 { "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
4404 VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
4406 { &hf_lsa_trust_type,
4407 { "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
4408 VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
4410 { &hf_lsa_trust_attr,
4411 { "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
4412 NULL, 0x0, "Trust attributes", HFILL }},
4414 { &hf_lsa_trust_attr_non_trans,
4415 { "Non Transitive", "lsa.trust.attr.non_trans", FT_BOOLEAN, 32,
4416 TFS(&tfs_trust_attr_non_trans), 0x00000001, "Non Transitive trust", HFILL }},
4418 { &hf_lsa_trust_attr_uplevel_only,
4419 { "Upleve only", "lsa.trust.attr.uplevel_only", FT_BOOLEAN, 32,
4420 TFS(&tfs_trust_attr_uplevel_only), 0x00000002, "Uplevel only trust", HFILL }},
4422 { &hf_lsa_trust_attr_tree_parent,
4423 { "Tree Parent", "lsa.trust.attr.tree_parent", FT_BOOLEAN, 32,
4424 TFS(&tfs_trust_attr_tree_parent), 0x00400000, "Tree Parent trust", HFILL }},
4426 { &hf_lsa_trust_attr_tree_root,
4427 { "Tree Root", "lsa.trust.attr.tree_root", FT_BOOLEAN, 32,
4428 TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
4430 { &hf_lsa_auth_type,
4431 { "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
4432 NULL, 0x0, "Auth Info type", HFILL }},
4435 { "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
4436 NULL, 0x0, "Auth Info len", HFILL }},
4438 { &hf_lsa_remove_all,
4439 { "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
4440 NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }},
4442 { &hf_view_local_info,
4443 { "View non-sensitive policy information", "lsa.access_mask.view_local_info",
4444 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_LOCAL_INFORMATION,
4445 "View non-sensitive policy information", HFILL }},
4447 { &hf_view_audit_info,
4448 { "View system audit requirements", "lsa.access_mask.view_audit_info",
4449 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_AUDIT_INFORMATION,
4450 "View system audit requirements", HFILL }},
4452 { &hf_get_private_info,
4453 { "Get sensitive policy information", "lsa.access_mask.get_privateinfo",
4454 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_GET_PRIVATE_INFORMATION,
4455 "Get sensitive policy information", HFILL }},
4458 { "Modify domain trust relationships", "lsa.access_mask.trust_admin",
4459 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_TRUST_ADMIN,
4460 "Modify domain trust relationships", HFILL }},
4462 { &hf_create_account,
4463 { "Create special accounts (for assignment of user rights)", "lsa.access_mask.create_account",
4464 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_ACCOUNT,
4465 "Create special accounts (for assignment of user rights)", HFILL }},
4467 { &hf_create_secret,
4468 { "Create a secret object", "lsa.access_mask.create_secret",
4469 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_SECRET,
4470 "Create a secret object", HFILL }},
4473 { "Create a privilege", "lsa.access_mask.create_priv",
4474 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_PRIVILEGE,
4475 "Create a privilege", HFILL }},
4477 { &hf_set_default_quota_limits,
4478 { "Set default quota limits", "lsa.access_mask.set_default_quota_limits",
4479 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_DEFAULT_QUOTA_LIMITS,
4480 "Set default quota limits", HFILL }},
4482 { &hf_set_audit_requirements,
4483 { "Change system audit requirements", "lsa.access_mask.set_audit_requirements",
4484 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_AUDIT_REQUIREMENTS,
4485 "Change system audit requirements", HFILL }},
4487 { &hf_audit_log_admin,
4488 { "Administer audit log attributes", "lsa.access_mask.audit_log_admin",
4489 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_AUDIT_LOG_ADMIN,
4490 "Administer audit log attributes", HFILL }},
4493 { "Enable/Disable LSA", "lsa.access_mask.server_admin",
4494 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SERVER_ADMIN,
4495 "Enable/Disable LSA", HFILL }},
4498 { "Lookup Names/SIDs", "lsa.access_mask.lookup_names",
4499 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_LOOKUP_NAMES,
4500 "Lookup Names/SIDs", HFILL }}
4503 static gint *ett[] = {
4505 &ett_lsa_OBJECT_ATTRIBUTES,
4506 &ett_LSA_SECURITY_DESCRIPTOR,
4507 &ett_lsa_policy_info,
4508 &ett_lsa_policy_audit_log_info,
4509 &ett_lsa_policy_audit_events_info,
4510 &ett_lsa_policy_primary_domain_info,
4511 &ett_lsa_policy_primary_account_info,
4512 &ett_lsa_policy_server_role_info,
4513 &ett_lsa_policy_replica_source_info,
4514 &ett_lsa_policy_default_quota_info,
4515 &ett_lsa_policy_modification_info,
4516 &ett_lsa_policy_audit_full_set_info,
4517 &ett_lsa_policy_audit_full_query_info,
4518 &ett_lsa_policy_dns_domain_info,
4519 &ett_lsa_translated_names,
4520 &ett_lsa_translated_name,
4521 &ett_lsa_referenced_domain_list,
4522 &ett_lsa_trust_information,
4523 &ett_lsa_trust_information_ex,
4525 &ett_LSA_PRIVILEGES,
4527 &ett_LSA_LUID_AND_ATTRIBUTES_ARRAY,
4528 &ett_LSA_LUID_AND_ATTRIBUTES,
4529 &ett_LSA_TRUSTED_DOMAIN_LIST,
4530 &ett_LSA_TRUSTED_DOMAIN,
4531 &ett_LSA_TRANSLATED_SIDS,
4532 &ett_lsa_trusted_domain_info,
4533 &ett_lsa_trust_attr,
4534 &ett_lsa_trusted_domain_auth_information,
4535 &ett_lsa_auth_information
4538 proto_dcerpc_lsa = proto_register_protocol(
4539 "Microsoft Local Security Architecture", "LSA", "lsa");
4541 proto_register_field_array (proto_dcerpc_lsa, hf, array_length (hf));
4542 proto_register_subtree_array(ett, array_length(ett));
4545 /* Protocol handoff */
4547 static e_uuid_t uuid_dcerpc_lsa = {
4548 0x12345778, 0x1234, 0xabcd,
4549 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
4552 static guint16 ver_dcerpc_lsa = 0;
4555 proto_reg_handoff_dcerpc_lsa(void)
4557 /* Register protocol as dcerpc */
4559 dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
4560 ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum);