1 /* packet-dcerpc-samr.c
2 * Routines for SMB \PIPE\samr packet disassembly
3 * Copyright 2001,2003 Tim Potter <tpot@samba.org>
4 * 2002 Added all command dissectors Ronnie Sahlberg
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #include <epan/packet.h>
34 #include <epan/prefs.h>
35 #include <epan/crypt-md4.h>
36 #include <epan/crypt-rc4.h>
37 #include "packet-dcerpc.h"
38 #include "packet-dcerpc-nt.h"
39 #include "packet-dcerpc-samr.h"
40 #include "packet-windows-common.h"
41 #include "packet-smb-common.h"
43 static int proto_dcerpc_samr = -1;
45 static int hf_samr_opnum = -1;
46 static int hf_samr_hnd = -1;
47 static int hf_samr_group = -1;
48 static int hf_samr_rid = -1;
49 static int hf_samr_type = -1;
50 static int hf_samr_alias = -1;
51 static int hf_samr_rid_attrib = -1;
52 static int hf_samr_rc = -1;
53 static int hf_samr_index = -1;
54 static int hf_samr_count = -1;
55 static int hf_samr_sd_size = -1;
57 static int hf_samr_level = -1;
58 static int hf_samr_start_idx = -1;
59 static int hf_samr_max_entries = -1;
60 static int hf_samr_entries = -1;
61 static int hf_samr_pref_maxsize = -1;
62 static int hf_samr_total_size = -1;
63 static int hf_samr_ret_size = -1;
64 static int hf_samr_alias_name = -1;
65 static int hf_samr_group_name = -1;
66 static int hf_samr_acct_name = -1;
67 static int hf_samr_full_name = -1;
68 static int hf_samr_acct_desc = -1;
69 static int hf_samr_home = -1;
70 static int hf_samr_home_drive = -1;
71 static int hf_samr_script = -1;
72 static int hf_samr_workstations = -1;
73 static int hf_samr_profile = -1;
74 static int hf_samr_callback = -1;
75 static int hf_samr_server = -1;
76 static int hf_samr_domain = -1;
77 static int hf_samr_controller = -1;
78 static int hf_samr_access = -1;
79 static int hf_samr_access_granted = -1;
80 static int hf_samr_crypt_password = -1;
81 static int hf_samr_crypt_hash = -1;
82 static int hf_samr_lm_change = -1;
83 static int hf_samr_lm_passchange_block = -1;
84 static int hf_samr_nt_passchange_block = -1;
85 static int hf_samr_nt_passchange_block_decrypted = -1;
86 static int hf_samr_nt_passchange_block_newpass = -1;
87 static int hf_samr_nt_passchange_block_newpass_len = -1;
88 static int hf_samr_nt_passchange_block_pseudorandom = -1;
89 static int hf_samr_lm_verifier = -1;
90 static int hf_samr_nt_verifier = -1;
91 static int hf_samr_attrib = -1;
92 static int hf_samr_force_logoff_time = -1;
93 static int hf_samr_lockout_duration_time = -1;
94 static int hf_samr_lockout_reset_time = -1;
95 static int hf_samr_lockout_threshold_short = -1;
96 static int hf_samr_max_pwd_age = -1;
97 static int hf_samr_min_pwd_age = -1;
98 static int hf_samr_min_pwd_len = -1;
99 static int hf_samr_pwd_history_len = -1;
100 static int hf_samr_num_users = -1;
101 static int hf_samr_num_groups = -1;
102 static int hf_samr_num_aliases = -1;
103 static int hf_samr_resume_hnd = -1;
104 static int hf_samr_bad_pwd_count = -1;
105 static int hf_samr_logon_count = -1;
106 static int hf_samr_logon_time = -1;
107 static int hf_samr_logoff_time = -1;
108 static int hf_samr_kickoff_time = -1;
109 static int hf_samr_pwd_last_set_time = -1;
110 static int hf_samr_pwd_can_change_time = -1;
111 static int hf_samr_pwd_must_change_time = -1;
112 static int hf_samr_acct_expiry_time = -1;
113 static int hf_samr_country = -1;
114 static int hf_samr_codepage = -1;
115 static int hf_samr_comment = -1;
116 static int hf_samr_nt_pwd_set = -1;
117 static int hf_samr_lm_pwd_set = -1;
118 static int hf_samr_pwd_expired = -1;
119 static int hf_samr_revision = -1;
120 static int hf_samr_info_type = -1;
121 static int hf_samr_primary_group_rid = -1;
122 static int hf_samr_group_num_of_members = -1;
123 static int hf_samr_group_desc = -1;
124 static int hf_samr_alias_num_of_members = -1;
125 static int hf_samr_alias_desc = -1;
127 static int hf_samr_unknown_hyper = -1;
128 static int hf_samr_unknown_long = -1;
129 static int hf_samr_unknown_short = -1;
130 static int hf_samr_unknown_char = -1;
131 static int hf_samr_unknown_string = -1;
132 static int hf_samr_unknown_time = -1;
134 static gint ett_dcerpc_samr = -1;
135 static gint ett_SAM_SECURITY_DESCRIPTOR = -1;
136 static gint ett_samr_user_dispinfo_1 = -1;
137 static gint ett_samr_user_dispinfo_1_array = -1;
138 static gint ett_samr_user_dispinfo_2 = -1;
139 static gint ett_samr_user_dispinfo_2_array = -1;
140 static gint ett_samr_group_dispinfo = -1;
141 static gint ett_samr_group_dispinfo_array = -1;
142 static gint ett_samr_ascii_dispinfo = -1;
143 static gint ett_samr_ascii_dispinfo_array = -1;
144 static gint ett_samr_display_info = -1;
145 static gint ett_samr_password_info = -1;
146 static gint ett_samr_server = -1;
147 static gint ett_samr_user_group = -1;
148 static gint ett_samr_user_group_array = -1;
149 static gint ett_samr_alias_info = -1;
150 static gint ett_samr_group_info = -1;
151 static gint ett_samr_domain_info_1 = -1;
152 static gint ett_samr_domain_info_2 = -1;
153 static gint ett_samr_domain_info_8 = -1;
154 static gint ett_samr_replication_status = -1;
155 static gint ett_samr_domain_info_11 = -1;
156 static gint ett_samr_domain_info_13 = -1;
157 static gint ett_samr_domain_info = -1;
158 static gint ett_samr_index_array = -1;
159 static gint ett_samr_idx_and_name = -1;
160 static gint ett_samr_idx_and_name_array = -1;
161 static gint ett_samr_user_info_1 = -1;
162 static gint ett_samr_user_info_2 = -1;
163 static gint ett_samr_user_info_3 = -1;
164 static gint ett_samr_user_info_5 = -1;
165 static gint ett_samr_user_info_6 = -1;
166 static gint ett_samr_user_info_10 = -1;
167 static gint ett_samr_user_info_18 = -1;
168 static gint ett_samr_user_info_19 = -1;
169 static gint ett_samr_buffer_buffer = -1;
170 static gint ett_samr_buffer = -1;
171 static gint ett_samr_user_info_21 = -1;
172 static gint ett_samr_user_info_22 = -1;
173 static gint ett_samr_user_info_23 = -1;
174 static gint ett_samr_user_info_24 = -1;
175 static gint ett_samr_user_info_25 = -1;
176 static gint ett_samr_user_info = -1;
177 static gint ett_samr_member_array_types = -1;
178 static gint ett_samr_member_array_rids = -1;
179 static gint ett_samr_member_array = -1;
180 static gint ett_samr_names = -1;
181 static gint ett_samr_rids = -1;
182 #ifdef SAMR_UNUSED_HANDLES
183 static gint ett_samr_hnd = -1;
186 static e_uuid_t uuid_dcerpc_samr = {
187 0x12345778, 0x1234, 0xabcd,
188 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xac}
191 static guint16 ver_dcerpc_samr = 1;
193 /* Configuration variables */
194 static const char *nt_password = NULL;
196 /* Dissect connect specific access rights */
198 static gint hf_access_connect_connect_to_server = -1;
199 static gint hf_access_connect_shutdown_server = -1;
200 static gint hf_access_connect_initialize_server = -1;
201 static gint hf_access_connect_create_domain = -1;
202 static gint hf_access_connect_enum_domains = -1;
203 static gint hf_access_connect_open_domain = -1;
206 specific_rights_connect(tvbuff_t *tvb, gint offset, proto_tree *tree,
209 proto_tree_add_boolean(
210 tree, hf_access_connect_open_domain,
211 tvb, offset, 4, access);
213 proto_tree_add_boolean(
214 tree, hf_access_connect_enum_domains,
215 tvb, offset, 4, access);
217 proto_tree_add_boolean(
218 tree, hf_access_connect_create_domain,
219 tvb, offset, 4, access);
221 proto_tree_add_boolean(
222 tree, hf_access_connect_initialize_server,
223 tvb, offset, 4, access);
225 proto_tree_add_boolean(
226 tree, hf_access_connect_shutdown_server,
227 tvb, offset, 4, access);
229 proto_tree_add_boolean(
230 tree, hf_access_connect_connect_to_server,
231 tvb, offset, 4, access);
234 struct access_mask_info samr_connect_access_mask_info = {
236 specific_rights_connect,
237 NULL, /* Generic rights mapping */
238 NULL /* Standard rights mapping */
243 sam_dissect_SAM_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
244 packet_info *pinfo, proto_tree *tree,
249 int old_offset = offset;
251 di=pinfo->private_data;
252 if(di->conformant_run){
253 /*just a run to handle conformant arrays, nothing to dissect */
257 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
258 hf_samr_sd_size, &len);
261 tvb, offset, pinfo, tree, drep, len, &samr_connect_access_mask_info);
264 if (offset < old_offset)
265 THROW(ReportedBoundsError);
271 sam_dissect_SAM_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
272 packet_info *pinfo, proto_tree *parent_tree,
275 proto_item *item=NULL;
276 proto_tree *tree=NULL;
277 int old_offset=offset;
280 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
281 "SAM_SECURITY_DESCRIPTOR:");
282 tree = proto_item_add_subtree(item, ett_SAM_SECURITY_DESCRIPTOR);
285 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
286 hf_samr_sd_size, NULL);
288 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
289 sam_dissect_SAM_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
290 "SAM SECURITY DESCRIPTOR data:", -1);
292 proto_item_set_len(item, offset-old_offset);
297 /* Dissect domain specific access rights */
299 static gint hf_access_domain_lookup_info1 = -1;
300 static gint hf_access_domain_set_info1 = -1;
301 static gint hf_access_domain_lookup_info2 = -1;
302 static gint hf_access_domain_set_info2 = -1;
303 static gint hf_access_domain_create_user = -1;
304 static gint hf_access_domain_create_group = -1;
305 static gint hf_access_domain_create_alias = -1;
306 static gint hf_access_domain_lookup_alias_by_mem = -1;
307 static gint hf_access_domain_enum_accounts = -1;
308 static gint hf_access_domain_open_account = -1;
309 static gint hf_access_domain_set_info3 = -1;
312 specific_rights_domain(tvbuff_t *tvb, gint offset, proto_tree *tree,
315 proto_tree_add_boolean(
316 tree, hf_access_domain_set_info3,
317 tvb, offset, 4, access);
319 proto_tree_add_boolean(
320 tree, hf_access_domain_open_account,
321 tvb, offset, 4, access);
323 proto_tree_add_boolean(
324 tree, hf_access_domain_enum_accounts,
325 tvb, offset, 4, access);
327 proto_tree_add_boolean(
328 tree, hf_access_domain_lookup_alias_by_mem,
329 tvb, offset, 4, access);
331 proto_tree_add_boolean(
332 tree, hf_access_domain_create_alias,
333 tvb, offset, 4, access);
335 proto_tree_add_boolean(
336 tree, hf_access_domain_create_group,
337 tvb, offset, 4, access);
339 proto_tree_add_boolean(
340 tree, hf_access_domain_create_user,
341 tvb, offset, 4, access);
343 proto_tree_add_boolean(
344 tree, hf_access_domain_set_info2,
345 tvb, offset, 4, access);
347 proto_tree_add_boolean(
348 tree, hf_access_domain_lookup_info2,
349 tvb, offset, 4, access);
351 proto_tree_add_boolean(
352 tree, hf_access_domain_set_info1,
353 tvb, offset, 4, access);
355 proto_tree_add_boolean(
356 tree, hf_access_domain_lookup_info1,
357 tvb, offset, 4, access);
360 struct access_mask_info samr_domain_access_mask_info = {
362 specific_rights_domain,
363 NULL, /* Generic mapping table */
364 NULL /* Standard mapping table */
367 /* Dissect user specific access rights */
369 static gint hf_access_user_get_name_etc = -1;
370 static gint hf_access_user_get_locale = -1;
371 static gint hf_access_user_get_loc_com = -1;
372 static gint hf_access_user_get_logoninfo = -1;
373 static gint hf_access_user_get_attributes = -1;
374 static gint hf_access_user_set_attributes = -1;
375 static gint hf_access_user_change_password = -1;
376 static gint hf_access_user_set_password = -1;
377 static gint hf_access_user_get_groups = -1;
378 static gint hf_access_user_get_group_membership = -1;
379 static gint hf_access_user_change_group_membership = -1;
382 specific_rights_user(tvbuff_t *tvb, gint offset, proto_tree *tree,
385 proto_tree_add_boolean(
386 tree, hf_access_user_change_group_membership,
387 tvb, offset, 4, access);
389 proto_tree_add_boolean(
390 tree, hf_access_user_get_group_membership,
391 tvb, offset, 4, access);
393 proto_tree_add_boolean(
394 tree, hf_access_user_get_groups,
395 tvb, offset, 4, access);
397 proto_tree_add_boolean(
398 tree, hf_access_user_set_password,
399 tvb, offset, 4, access);
401 proto_tree_add_boolean(
402 tree, hf_access_user_change_password,
403 tvb, offset, 4, access);
405 proto_tree_add_boolean(
406 tree, hf_access_user_set_attributes,
407 tvb, offset, 4, access);
409 proto_tree_add_boolean(
410 tree, hf_access_user_get_attributes,
411 tvb, offset, 4, access);
413 proto_tree_add_boolean(
414 tree, hf_access_user_get_logoninfo,
415 tvb, offset, 4, access);
417 proto_tree_add_boolean(
418 tree, hf_access_user_get_loc_com,
419 tvb, offset, 4, access);
421 proto_tree_add_boolean(
422 tree, hf_access_user_get_locale,
423 tvb, offset, 4, access);
425 proto_tree_add_boolean(
426 tree, hf_access_user_get_name_etc,
427 tvb, offset, 4, access);
430 struct access_mask_info samr_user_access_mask_info = {
432 specific_rights_user,
433 NULL, /* Generic mapping table */
434 NULL /* Standard mapping table */
437 /* Dissect alias specific access rights */
439 static gint hf_access_alias_add_member = -1;
440 static gint hf_access_alias_remove_member = -1;
441 static gint hf_access_alias_get_members = -1;
442 static gint hf_access_alias_lookup_info = -1;
443 static gint hf_access_alias_set_info = -1;
446 specific_rights_alias(tvbuff_t *tvb, gint offset, proto_tree *tree,
449 proto_tree_add_boolean(
450 tree, hf_access_alias_set_info,
451 tvb, offset, 4, access);
453 proto_tree_add_boolean(
454 tree, hf_access_alias_lookup_info,
455 tvb, offset, 4, access);
457 proto_tree_add_boolean(
458 tree, hf_access_alias_get_members,
459 tvb, offset, 4, access);
461 proto_tree_add_boolean(
462 tree, hf_access_alias_remove_member,
463 tvb, offset, 4, access);
465 proto_tree_add_boolean(
466 tree, hf_access_alias_add_member,
467 tvb, offset, 4, access);
470 struct access_mask_info samr_alias_access_mask_info = {
472 specific_rights_alias,
473 NULL, /* Generic mapping table */
474 NULL /* Standard mapping table */
477 /* Dissect group specific access rights */
479 static gint hf_access_group_lookup_info = -1;
480 static gint hf_access_group_set_info = -1;
481 static gint hf_access_group_add_member = -1;
482 static gint hf_access_group_remove_member = -1;
483 static gint hf_access_group_get_members = -1;
486 specific_rights_group(tvbuff_t *tvb, gint offset, proto_tree *tree,
489 proto_tree_add_boolean(
490 tree, hf_access_group_get_members,
491 tvb, offset, 4, access);
493 proto_tree_add_boolean(
494 tree, hf_access_group_remove_member,
495 tvb, offset, 4, access);
497 proto_tree_add_boolean(
498 tree, hf_access_group_add_member,
499 tvb, offset, 4, access);
501 proto_tree_add_boolean(
502 tree, hf_access_group_set_info,
503 tvb, offset, 4, access);
505 proto_tree_add_boolean(
506 tree, hf_access_group_lookup_info,
507 tvb, offset, 4, access);
510 struct access_mask_info samr_group_access_mask_info = {
512 specific_rights_group,
513 NULL, /* Generic mapping table */
514 NULL /* Standard mapping table */
518 dissect_ndr_nt_SID_no_hf(tvbuff_t *tvb, int offset, packet_info *pinfo,
519 proto_tree *tree, guint8 *drep)
521 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
525 /* above this line, just some general support routines which should be placed
526 in some more generic file common to all NT services dissectors
530 samr_dissect_open_user_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
531 proto_tree *tree, guint8 *drep)
533 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
534 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
537 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
538 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
540 offset = dissect_nt_access_mask(
541 tvb, offset, pinfo, tree, drep, hf_samr_access,
542 &samr_user_access_mask_info, NULL);
544 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
547 if (check_col(pinfo->cinfo, COL_INFO))
548 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
550 dcv->private_data = GINT_TO_POINTER(rid);
556 samr_dissect_open_user_reply(tvbuff_t *tvb, int offset,
557 packet_info *pinfo, proto_tree *tree,
560 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
561 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
562 e_ctx_hnd policy_hnd;
563 proto_item *hnd_item;
565 guint32 rid = GPOINTER_TO_INT(dcv->private_data);
568 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
569 hf_samr_hnd, &policy_hnd, &hnd_item,
572 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
573 hf_samr_rc, &status);
577 pol_name = g_strdup_printf("OpenUser(rid 0x%x)", rid);
579 pol_name = g_strdup("OpenUser handle");
581 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
583 if (hnd_item != NULL)
584 proto_item_append_text(hnd_item, ": %s", pol_name);
593 samr_dissect_pointer_long(tvbuff_t *tvb, int offset,
594 packet_info *pinfo, proto_tree *tree,
599 di=pinfo->private_data;
600 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
606 samr_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
607 packet_info *pinfo, proto_tree *tree,
612 di=pinfo->private_data;
613 if(di->conformant_run){
614 /*just a run to handle conformant arrays, nothing to dissect */
618 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
624 samr_dissect_pointer_short(tvbuff_t *tvb, int offset,
625 packet_info *pinfo, proto_tree *tree,
630 di=pinfo->private_data;
631 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
638 samr_dissect_query_dispinfo_rqst(tvbuff_t *tvb, int offset,
639 packet_info *pinfo, proto_tree *tree,
645 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
646 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
648 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
649 hf_samr_level, &level);
650 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
651 hf_samr_start_idx, &start_idx);
652 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
653 hf_samr_max_entries, NULL);
654 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
655 hf_samr_pref_maxsize, NULL);
657 if (check_col(pinfo->cinfo, COL_INFO))
659 pinfo->cinfo, COL_INFO, ", level %d, start_idx %d",
666 samr_dissect_USER_DISPINFO_1(tvbuff_t *tvb, int offset,
667 packet_info *pinfo, proto_tree *parent_tree,
670 proto_item *item=NULL;
671 proto_tree *tree=NULL;
672 int old_offset=offset;
675 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
677 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
680 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
681 hf_samr_index, NULL);
682 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
684 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
685 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
686 hf_samr_acct_name, 0);
687 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
688 hf_samr_full_name, 0);
689 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
690 hf_samr_acct_desc, 0);
692 proto_item_set_len(item, offset-old_offset);
697 samr_dissect_USER_DISPINFO_1_ARRAY_users(tvbuff_t *tvb, int offset,
698 packet_info *pinfo, proto_tree *tree,
701 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
702 samr_dissect_USER_DISPINFO_1);
708 samr_dissect_USER_DISPINFO_1_ARRAY (tvbuff_t *tvb, int offset,
709 packet_info *pinfo, proto_tree *parent_tree,
713 proto_item *item=NULL;
714 proto_tree *tree=NULL;
715 int old_offset=offset;
718 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
719 "User_DispInfo_1 Array");
720 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1_array);
724 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
725 hf_samr_count, &count);
726 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
727 samr_dissect_USER_DISPINFO_1_ARRAY_users, NDR_POINTER_PTR,
728 "USER_DISPINFO_1_ARRAY", -1);
730 proto_item_set_len(item, offset-old_offset);
737 samr_dissect_USER_DISPINFO_2(tvbuff_t *tvb, int offset,
738 packet_info *pinfo, proto_tree *parent_tree,
741 proto_item *item=NULL;
742 proto_tree *tree=NULL;
743 int old_offset=offset;
746 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
748 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2);
751 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
752 hf_samr_index, NULL);
753 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
755 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
756 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
757 hf_samr_acct_name, 0);
758 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
759 hf_samr_acct_desc, 0);
761 proto_item_set_len(item, offset-old_offset);
766 samr_dissect_USER_DISPINFO_2_ARRAY_users (tvbuff_t *tvb, int offset,
767 packet_info *pinfo, proto_tree *tree,
770 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
771 samr_dissect_USER_DISPINFO_2);
777 samr_dissect_USER_DISPINFO_2_ARRAY (tvbuff_t *tvb, int offset,
778 packet_info *pinfo, proto_tree *parent_tree,
782 proto_item *item=NULL;
783 proto_tree *tree=NULL;
784 int old_offset=offset;
787 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
788 "User_DispInfo_2 Array");
789 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2_array);
793 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
794 hf_samr_count, &count);
795 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
796 samr_dissect_USER_DISPINFO_2_ARRAY_users, NDR_POINTER_PTR,
797 "USER_DISPINFO_2_ARRAY", -1);
799 proto_item_set_len(item, offset-old_offset);
804 samr_dissect_GROUP_DISPINFO(tvbuff_t *tvb, int offset,
805 packet_info *pinfo, proto_tree *parent_tree,
808 proto_item *item=NULL;
809 proto_tree *tree=NULL;
810 int old_offset=offset;
813 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
815 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo);
819 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
820 hf_samr_index, NULL);
821 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
823 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
824 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
825 hf_samr_acct_name, 0);
826 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
827 hf_samr_acct_desc, 0);
829 proto_item_set_len(item, offset-old_offset);
834 samr_dissect_GROUP_DISPINFO_ARRAY_groups(tvbuff_t *tvb, int offset,
835 packet_info *pinfo, proto_tree *tree,
838 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
839 samr_dissect_GROUP_DISPINFO);
845 samr_dissect_GROUP_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
846 packet_info *pinfo, proto_tree *parent_tree,
850 proto_item *item=NULL;
851 proto_tree *tree=NULL;
852 int old_offset=offset;
855 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
856 "Group_DispInfo Array");
857 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo_array);
860 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
861 hf_samr_count, &count);
862 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
863 samr_dissect_GROUP_DISPINFO_ARRAY_groups, NDR_POINTER_PTR,
864 "GROUP_DISPINFO_ARRAY", -1);
866 proto_item_set_len(item, offset-old_offset);
873 samr_dissect_ASCII_DISPINFO(tvbuff_t *tvb, int offset,
874 packet_info *pinfo, proto_tree *parent_tree,
877 proto_item *item=NULL;
878 proto_tree *tree=NULL;
879 int old_offset=offset;
882 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
884 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo);
888 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
889 hf_samr_index, NULL);
890 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
892 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
893 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
894 hf_samr_acct_name, 0);
895 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
896 hf_samr_acct_desc, 0);
898 proto_item_set_len(item, offset-old_offset);
903 samr_dissect_ASCII_DISPINFO_ARRAY_users(tvbuff_t *tvb, int offset,
904 packet_info *pinfo, proto_tree *tree,
907 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
908 samr_dissect_ASCII_DISPINFO);
914 samr_dissect_ASCII_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
915 packet_info *pinfo, proto_tree *parent_tree,
919 proto_item *item=NULL;
920 proto_tree *tree=NULL;
921 int old_offset=offset;
924 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
925 "Ascii_DispInfo Array");
926 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo_array);
929 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
930 hf_samr_count, &count);
931 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
932 samr_dissect_ASCII_DISPINFO_ARRAY_users, NDR_POINTER_PTR,
933 "ACSII_DISPINFO_ARRAY", -1);
935 proto_item_set_len(item, offset-old_offset);
941 samr_dissect_DISPLAY_INFO (tvbuff_t *tvb, int offset,
942 packet_info *pinfo, proto_tree *parent_tree,
945 proto_item *item=NULL;
946 proto_tree *tree=NULL;
947 int old_offset=offset;
951 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
953 tree = proto_item_add_subtree(item, ett_samr_display_info);
956 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
957 hf_samr_level, &level);
960 offset = samr_dissect_USER_DISPINFO_1_ARRAY(
961 tvb, offset, pinfo, tree, drep);
964 offset = samr_dissect_USER_DISPINFO_2_ARRAY(
965 tvb, offset, pinfo, tree, drep);
968 offset = samr_dissect_GROUP_DISPINFO_ARRAY(
969 tvb, offset, pinfo, tree, drep);
972 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
973 tvb, offset, pinfo, tree, drep);
976 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
977 tvb, offset, pinfo, tree, drep);
981 proto_item_set_len(item, offset-old_offset);
986 samr_dissect_query_dispinfo_reply(tvbuff_t *tvb, int offset,
987 packet_info *pinfo, proto_tree *tree,
990 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
991 samr_dissect_pointer_long, NDR_POINTER_REF,
992 "Total Size", hf_samr_total_size);
993 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
994 samr_dissect_pointer_long, NDR_POINTER_REF,
995 "Returned Size", hf_samr_ret_size);
996 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
997 samr_dissect_DISPLAY_INFO, NDR_POINTER_REF,
998 "DISPLAY_INFO:", -1);
999 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1006 samr_dissect_get_display_enumeration_index_rqst(tvbuff_t *tvb, int offset,
1013 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1014 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1016 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1017 hf_samr_level, &level);
1019 if (check_col(pinfo->cinfo, COL_INFO))
1020 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
1022 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1023 hf_samr_acct_name, 0);
1029 samr_dissect_get_display_enumeration_index_reply(tvbuff_t *tvb, int offset,
1030 packet_info *pinfo, proto_tree *tree,
1033 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1034 samr_dissect_pointer_long, NDR_POINTER_REF,
1035 "Index", hf_samr_index);
1037 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1047 samr_dissect_PASSWORD_INFO(tvbuff_t *tvb, int offset,
1048 packet_info *pinfo, proto_tree *parent_tree,
1051 proto_item *item=NULL;
1052 proto_tree *tree=NULL;
1053 int old_offset=offset;
1055 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
1058 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1060 tree = proto_item_add_subtree(item, ett_samr_password_info);
1064 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1065 hf_samr_unknown_short, NULL);
1066 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1067 hf_samr_unknown_long, NULL);
1069 proto_item_set_len(item, offset-old_offset);
1074 samr_dissect_get_usrdom_pwinfo_rqst(tvbuff_t *tvb, int offset,
1075 packet_info *pinfo, proto_tree *tree,
1078 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1079 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1085 samr_dissect_get_usrdom_pwinfo_reply(tvbuff_t *tvb, int offset,
1086 packet_info *pinfo, proto_tree *tree,
1089 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1090 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
1091 "PASSWORD_INFO:", -1);
1093 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1099 samr_dissect_connect2_rqst(tvbuff_t *tvb, int offset,
1100 packet_info *pinfo, proto_tree *tree,
1103 offset = dissect_ndr_pointer_cb(
1104 tvb, offset, pinfo, tree, drep,
1105 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
1106 "Server", hf_samr_server, cb_wstr_postprocess,
1107 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
1109 offset = dissect_nt_access_mask(
1110 tvb, offset, pinfo, tree, drep, hf_samr_access,
1111 &samr_connect_access_mask_info, NULL);
1117 samr_dissect_connect3_4_rqst(tvbuff_t *tvb, int offset,
1118 packet_info *pinfo, proto_tree *tree,
1121 offset = dissect_ndr_pointer_cb(
1122 tvb, offset, pinfo, tree, drep,
1123 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
1124 "Server", hf_samr_server, cb_wstr_postprocess,
1125 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
1127 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1128 hf_samr_unknown_long, NULL);
1130 offset = dissect_nt_access_mask(
1131 tvb, offset, pinfo, tree, drep, hf_samr_access,
1132 &samr_connect_access_mask_info, NULL);
1138 samr_dissect_connect2_3_4_reply(tvbuff_t *tvb, int offset,
1139 packet_info *pinfo, proto_tree *tree,
1142 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
1143 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
1144 e_ctx_hnd policy_hnd;
1145 proto_item *hnd_item;
1147 char *server = (char *)dcv->private_data, *pol_name = NULL;
1149 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1150 hf_samr_hnd, &policy_hnd, &hnd_item,
1153 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1154 hf_samr_rc, &status);
1158 if (dcv->opnum == SAMR_CONNECT2)
1159 pol_name = g_strdup_printf("Connect2(%s)", server);
1160 else if (dcv->opnum == SAMR_CONNECT3)
1161 pol_name = g_strdup_printf("Connect3(%s)", server);
1162 else if (dcv->opnum == SAMR_CONNECT4)
1163 pol_name = g_strdup_printf("Connect4(%s)", server);
1166 if (dcv->opnum == SAMR_CONNECT2)
1167 pol_name = g_strdup("Connect2 handle");
1168 else if (dcv->opnum == SAMR_CONNECT3)
1169 pol_name = g_strdup("Connect3 handle");
1170 else if (dcv->opnum == SAMR_CONNECT4)
1171 pol_name = g_strdup("Connect4 handle");
1174 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
1176 if (hnd_item != NULL)
1177 proto_item_append_text(hnd_item, ": %s", pol_name);
1186 samr_dissect_connect_anon_rqst(tvbuff_t *tvb, int offset,
1187 packet_info *pinfo, proto_tree *tree,
1193 offset=dissect_ndr_uint16(tvb, offset, pinfo, NULL, drep,
1194 hf_samr_server, &server);
1197 proto_tree_add_string_format(tree, hf_samr_server, tvb, offset-2, 2,
1198 str, "Server: %s", str);
1204 samr_dissect_connect_anon_reply(tvbuff_t *tvb, int offset,
1205 packet_info *pinfo, proto_tree *tree,
1208 e_ctx_hnd policy_hnd;
1209 proto_item *hnd_item;
1212 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1213 hf_samr_hnd, &policy_hnd, &hnd_item,
1216 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1217 hf_samr_rc, &status);
1220 dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
1221 "ConnectAnon handle");
1223 if (hnd_item != NULL)
1224 proto_item_append_text(hnd_item, ": ConnectAnon handle");
1231 samr_dissect_USER_GROUP(tvbuff_t *tvb, int offset,
1232 packet_info *pinfo, proto_tree *parent_tree,
1235 proto_item *item=NULL;
1236 proto_tree *tree=NULL;
1237 int old_offset=offset;
1240 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1242 tree = proto_item_add_subtree(item, ett_samr_user_group);
1245 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1247 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1248 hf_samr_rid_attrib, NULL);
1250 proto_item_set_len(item, offset-old_offset);
1255 samr_dissect_USER_GROUP_ARRAY_groups (tvbuff_t *tvb, int offset,
1256 packet_info *pinfo, proto_tree *tree,
1259 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1260 samr_dissect_USER_GROUP);
1266 samr_dissect_USER_GROUP_ARRAY(tvbuff_t *tvb, int offset,
1267 packet_info *pinfo, proto_tree *parent_tree,
1271 proto_item *item=NULL;
1272 proto_tree *tree=NULL;
1273 int old_offset=offset;
1276 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1277 "USER_GROUP_ARRAY");
1278 tree = proto_item_add_subtree(item, ett_samr_user_group_array);
1281 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1282 hf_samr_count, &count);
1283 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1284 samr_dissect_USER_GROUP_ARRAY_groups, NDR_POINTER_UNIQUE,
1285 "USER_GROUP_ARRAY", -1);
1287 proto_item_set_len(item, offset-old_offset);
1292 samr_dissect_USER_GROUP_ARRAY_ptr(tvbuff_t *tvb, int offset,
1293 packet_info *pinfo, proto_tree *tree,
1296 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1297 samr_dissect_USER_GROUP_ARRAY, NDR_POINTER_UNIQUE,
1298 "USER_GROUP_ARRAY", -1);
1303 samr_dissect_get_groups_for_user_rqst(tvbuff_t *tvb, int offset,
1304 packet_info *pinfo, proto_tree *tree,
1307 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1308 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1314 samr_dissect_get_groups_for_user_reply(tvbuff_t *tvb, int offset,
1315 packet_info *pinfo, proto_tree *tree,
1318 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1319 samr_dissect_USER_GROUP_ARRAY_ptr, NDR_POINTER_REF,
1320 "USER_GROUP_ARRAY:", -1);
1322 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1328 static void append_sid_col_info(packet_info *pinfo, proto_tree *tree _U_,
1329 proto_item *item _U_, tvbuff_t *tvb _U_,
1330 int start_offset _U_, int end_offset _U_,
1331 void *callback_args _U_)
1333 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
1334 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
1335 char *sid_str = dcv->private_data;
1337 if (sid_str && check_col(pinfo->cinfo, COL_INFO))
1338 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", sid_str);
1342 samr_dissect_open_domain_rqst(tvbuff_t *tvb, int offset,
1343 packet_info *pinfo, proto_tree *tree,
1346 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1347 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1349 offset = dissect_nt_access_mask(
1350 tvb, offset, pinfo, tree, drep, hf_samr_access,
1351 &samr_domain_access_mask_info, NULL);
1353 offset = dissect_ndr_pointer_cb(
1354 tvb, offset, pinfo, tree, drep, dissect_ndr_nt_SID_no_hf,
1355 NDR_POINTER_REF, "SID:", -1, append_sid_col_info, NULL);
1361 samr_dissect_open_domain_reply(tvbuff_t *tvb, int offset,
1362 packet_info *pinfo, proto_tree *tree,
1365 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
1366 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
1367 e_ctx_hnd policy_hnd;
1368 proto_item *hnd_item;
1370 char *pol_name, *sid_str = (char *)dcv->private_data;
1372 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1373 hf_samr_hnd, &policy_hnd, &hnd_item,
1376 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1377 hf_samr_rc, &status);
1381 pol_name = g_strdup_printf("OpenDomain(%s)", sid_str);
1383 pol_name = g_strdup("OpenDomain handle");
1386 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
1388 if (hnd_item != NULL)
1389 proto_item_append_text(hnd_item, ": %s", pol_name);
1399 samr_dissect_context_handle_SID(tvbuff_t *tvb, int offset,
1400 packet_info *pinfo, proto_tree *tree,
1403 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1404 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1406 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1407 dissect_ndr_nt_SID_no_hf, NDR_POINTER_REF,
1415 samr_dissect_add_member_to_group_rqst(tvbuff_t *tvb, int offset,
1416 packet_info *pinfo, proto_tree *tree,
1419 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1420 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1422 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1423 hf_samr_group, NULL);
1425 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1432 samr_dissect_add_member_to_group_reply(tvbuff_t *tvb, int offset,
1433 packet_info *pinfo, proto_tree *tree,
1436 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1443 samr_dissect_get_boot_key_information_rqst(tvbuff_t *tvb, int offset,
1444 packet_info *pinfo, proto_tree *tree,
1447 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1448 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1454 samr_dissect_get_boot_key_information_reply(tvbuff_t *tvb, int offset,
1455 packet_info *pinfo, proto_tree *tree,
1458 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1459 samr_dissect_pointer_short, NDR_POINTER_REF,
1460 "unknown short", hf_samr_unknown_short);
1462 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1468 samr_dissect_create_alias_in_domain_rqst(tvbuff_t *tvb, int offset,
1469 packet_info *pinfo, proto_tree *tree,
1472 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1473 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1475 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1476 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
1477 "Alias Name", hf_samr_alias_name);
1479 offset = dissect_nt_access_mask(
1480 tvb, offset, pinfo, tree, drep, hf_samr_access,
1481 &samr_alias_access_mask_info, NULL);
1487 samr_dissect_create_alias_in_domain_reply(tvbuff_t *tvb, int offset,
1488 packet_info *pinfo, proto_tree *tree,
1491 e_ctx_hnd policy_hnd;
1492 proto_item *hnd_item;
1495 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1496 hf_samr_hnd, &policy_hnd, &hnd_item,
1499 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1502 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1503 hf_samr_rc, &status);
1506 dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
1507 "CreateAlias handle");
1509 if (hnd_item != NULL)
1510 proto_item_append_text(hnd_item, ": CreateAlias handle");
1516 samr_dissect_query_information_alias_rqst(tvbuff_t *tvb, int offset,
1518 proto_tree *tree, guint8 *drep)
1522 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1523 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1525 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1526 hf_samr_level, &level);
1528 if (check_col(pinfo->cinfo, COL_INFO))
1529 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
1535 samr_dissect_ALIAS_INFO_1 (tvbuff_t *tvb, int offset,
1536 packet_info *pinfo, proto_tree *tree,
1539 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1540 tree, drep, hf_samr_alias_name, 0);
1541 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1542 hf_samr_alias_num_of_members, NULL);
1543 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1544 tree, drep, hf_samr_alias_desc, 0);
1549 samr_dissect_ALIAS_INFO(tvbuff_t *tvb, int offset,
1550 packet_info *pinfo, proto_tree *parent_tree,
1553 proto_item *item=NULL;
1554 proto_tree *tree=NULL;
1555 int old_offset=offset;
1559 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1561 tree = proto_item_add_subtree(item, ett_samr_alias_info);
1564 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1565 hf_samr_level, &level);
1568 offset = samr_dissect_ALIAS_INFO_1(
1569 tvb, offset, pinfo, tree, drep);
1572 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1573 tree, drep, hf_samr_alias_name, 0);
1576 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1577 tree, drep, hf_samr_alias_desc, 0);
1581 proto_item_set_len(item, offset-old_offset);
1586 samr_dissect_ALIAS_INFO_ptr(tvbuff_t *tvb, int offset,
1587 packet_info *pinfo, proto_tree *tree,
1590 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1591 samr_dissect_ALIAS_INFO, NDR_POINTER_UNIQUE,
1597 samr_dissect_query_information_alias_reply(tvbuff_t *tvb, int offset,
1599 proto_tree *tree, guint8 *drep)
1601 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1602 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1605 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1612 samr_dissect_set_information_alias_rqst(tvbuff_t *tvb, int offset,
1613 packet_info *pinfo, proto_tree *tree,
1618 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1619 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1621 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1622 hf_samr_level, &level);
1624 if (check_col(pinfo->cinfo, COL_INFO))
1625 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
1627 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1628 samr_dissect_ALIAS_INFO, NDR_POINTER_REF,
1634 samr_dissect_set_information_alias_reply(tvbuff_t *tvb, int offset,
1635 packet_info *pinfo, proto_tree *tree,
1638 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1644 samr_dissect_CRYPT_PASSWORD(tvbuff_t *tvb, int offset,
1645 packet_info *pinfo _U_, proto_tree *tree,
1650 di=pinfo->private_data;
1651 if(di->conformant_run){
1652 /* just a run to handle conformant arrays, no scalars to dissect */
1656 proto_tree_add_item(tree, hf_samr_crypt_password, tvb, offset, 516,
1663 samr_dissect_CRYPT_HASH(tvbuff_t *tvb, int offset,
1664 packet_info *pinfo _U_, proto_tree *tree,
1669 di=pinfo->private_data;
1670 if(di->conformant_run){
1671 /* just a run to handle conformant arrays, no scalars to dissect */
1675 proto_tree_add_item(tree, hf_samr_crypt_hash, tvb, offset, 16,
1681 #define NT_BLOCK_SIZE 516
1684 samr_dissect_decrypted_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset,
1685 packet_info *pinfo _U_, proto_tree *tree,
1688 guint32 new_password_len = 0;
1689 guint32 pseudorandom_len = 0;
1690 const char *printable_password;
1694 /* The length of the new password is represented in the last four
1695 octets of the decrypted buffer. Since the password length cannot
1696 exceed 512, we can check the contents of those bytes to determine
1697 if decryption was successful. If the decrypted contents of those
1698 four bytes is less than 512, then there is a 99% chance that
1699 we decrypted the buffer successfully. Of course, this isn't good
1700 enough for a security application, (NT uses the "verifier" field
1701 to come to the same conclusion), but it should be good enough for
1704 new_password_len = tvb_get_letohl(tvb, 512);
1706 if (new_password_len <= 512)
1708 /* Decryption successful */
1709 proto_tree_add_text (tree, tvb, offset, -1,
1710 "Decryption of NT Password Encrypted block successful");
1712 /* Whatever is before the password is pseudorandom data. We calculate
1713 the length by examining the password length (at the end), and working
1715 pseudorandom_len = NT_BLOCK_SIZE - new_password_len - 4;
1717 /* Pseudorandom data padding up to password */
1718 proto_tree_add_item(tree, hf_samr_nt_passchange_block_pseudorandom,
1719 tvb, offset, pseudorandom_len, TRUE);
1720 offset += pseudorandom_len;
1722 /* The new password itself */
1723 bc = new_password_len;
1724 printable_password = get_unicode_or_ascii_string(tvb, &offset,
1728 proto_tree_add_string(tree, hf_samr_nt_passchange_block_newpass,
1729 tvb, offset, result_length,
1730 printable_password);
1731 offset += new_password_len;
1733 /* Length of password */
1734 proto_tree_add_item(tree, hf_samr_nt_passchange_block_newpass_len,
1735 tvb, offset, 4, TRUE);
1739 /* Decryption failure. Just show the encrypted block */
1740 proto_tree_add_text (tree, tvb, offset, -1,
1741 "Decryption of NT Passchange block failed");
1743 proto_tree_add_item(tree, hf_samr_nt_passchange_block_decrypted, tvb,
1744 offset, NT_BLOCK_SIZE, TRUE);
1749 decrypt_tvb_using_nt_password(packet_info *pinfo, tvbuff_t *tvb, int offset, int len)
1751 rc4_state_struct rc4_state;
1753 size_t password_len;
1754 unsigned char *password_unicode;
1755 size_t password_len_unicode;
1756 unsigned char password_md4_hash[16];
1758 tvbuff_t *decr_tvb; /* Used to store decrypted buffer */
1760 if (nt_password[0] == '\0') {
1761 /* We dont have an NT password, so we cant decrypt the
1766 /* This implements the the algorithm discussed in lkcl -"DCE/RPC
1767 over SMB" page 257. Note that this code does not properly support
1770 /* Convert the password provided in the Ethereal GUI to Unicode
1771 (UCS-2). Since the input is always ASCII, we can just fake
1772 it and pad every other byte with a NUL. If we ever support
1773 UTF-8 in the GUI, we would have to perform a real UTF-8 to
1775 password_len = strlen(nt_password);
1776 password_len_unicode = password_len*2;
1777 password_unicode = g_malloc(password_len_unicode);
1778 for (i = 0; i < password_len; i++) {
1779 password_unicode[i*2] = nt_password[i];
1780 password_unicode[i*2+1] = 0;
1783 /* Run MD4 against the resulting Unicode password. This will
1784 be used to perform RC4 decryption on the blob.
1785 Then free the Unicode password, as we're done
1787 crypt_md4(password_md4_hash, password_unicode,
1788 password_len_unicode);
1789 g_free(password_unicode);
1791 /* Copy the block into a temporary buffer so we can decrypt
1793 block = g_malloc(len);
1794 memset(block, 0, len);
1795 tvb_memcpy(tvb, block, offset, len);
1797 /* RC4 decrypt the block with the old NT password hash */
1798 crypt_rc4_init(&rc4_state, password_md4_hash, 16);
1799 crypt_rc4(&rc4_state, block, len);
1801 /* Show the decrypted buffer in a new window */
1802 decr_tvb = tvb_new_real_data(block, len, len);
1803 tvb_set_free_cb(decr_tvb, g_free);
1804 tvb_set_child_real_data_tvbuff(tvb, decr_tvb);
1805 add_new_data_source(pinfo, decr_tvb,
1806 "Decrypted NT Blob");
1812 samr_dissect_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset,
1813 packet_info *pinfo, proto_tree *tree,
1817 tvbuff_t *decr_tvb; /* Used to store decrypted buffer */
1819 di=pinfo->private_data;
1820 if(di->conformant_run){
1821 /* just a run to handle conformant arrays, no scalars to dissect */
1825 /* Put in a protocol tree entry for the encrypted block. */
1826 proto_tree_add_text(tree, tvb, offset, NT_BLOCK_SIZE,
1827 "Encrypted NT Password Block");
1829 decr_tvb=decrypt_tvb_using_nt_password(pinfo, tvb, offset, NT_BLOCK_SIZE);
1832 /* Dissect the decrypted block */
1833 samr_dissect_decrypted_NT_PASSCHANGE_BLOCK(decr_tvb, 0, pinfo,
1837 offset += NT_BLOCK_SIZE;
1842 samr_dissect_LM_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset,
1843 packet_info *pinfo _U_, proto_tree *tree,
1848 /* Right now, this just dumps the output. In the long term, we can use
1849 the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to
1850 actually decrypt the block */
1852 di=pinfo->private_data;
1853 if(di->conformant_run){
1854 /* just a run to handle conformant arrays, no scalars to dissect */
1858 proto_tree_add_item(tree, hf_samr_lm_passchange_block, tvb, offset,
1865 samr_dissect_LM_VERIFIER(tvbuff_t *tvb, int offset,
1866 packet_info *pinfo _U_, proto_tree *tree,
1871 /* Right now, this just dumps the output. In the long term, we can use
1872 the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to
1873 actually validate the verifier */
1875 di=pinfo->private_data;
1876 if(di->conformant_run){
1877 /* just a run to handle conformant arrays, no scalars to dissect */
1881 proto_tree_add_item(tree, hf_samr_lm_verifier, tvb, offset, 16,
1889 samr_dissect_NT_VERIFIER(tvbuff_t *tvb, int offset,
1890 packet_info *pinfo _U_, proto_tree *tree,
1895 /* Right now, this just dumps the output. In the long term, we can use
1896 the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to
1897 actually validate the verifier */
1899 di=pinfo->private_data;
1900 if(di->conformant_run){
1901 /* just a run to handle conformant arrays, no scalars to dissect */
1905 proto_tree_add_item(tree, hf_samr_nt_verifier, tvb, offset, 16,
1913 samr_dissect_oem_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1915 proto_tree *tree, guint8 *drep)
1917 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1918 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1920 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1921 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1922 "Server", hf_samr_server);
1924 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1925 samr_dissect_pointer_STRING, NDR_POINTER_REF,
1926 "Account Name", hf_samr_acct_name);
1928 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1929 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1932 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1933 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1939 samr_dissect_oem_change_password_user2_reply(tvbuff_t *tvb, int offset,
1941 proto_tree *tree, guint8 *drep)
1943 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1950 samr_dissect_unicode_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1952 proto_tree *tree, guint8 *drep)
1954 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1955 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
1956 "PASSWORD_INFO:", -1);
1958 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
1959 NDR_POINTER_UNIQUE, "Server", hf_samr_server, 0);
1961 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1962 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
1963 "Account Name", hf_samr_acct_name);
1965 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1966 samr_dissect_NT_PASSCHANGE_BLOCK, NDR_POINTER_UNIQUE,
1967 "New NT Password Encrypted Block", -1);
1968 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1969 samr_dissect_NT_VERIFIER, NDR_POINTER_UNIQUE,
1970 "NT Password Verifier", -1);
1971 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1972 hf_samr_lm_change, NULL);
1973 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1974 samr_dissect_LM_PASSCHANGE_BLOCK, NDR_POINTER_UNIQUE,
1975 "New Lan Manager Password Encrypted Block", -1);
1976 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1977 samr_dissect_LM_VERIFIER, NDR_POINTER_UNIQUE,
1978 "Lan Manager Password Verifier", -1);
1983 samr_dissect_unicode_change_password_user2_reply(tvbuff_t *tvb, int offset,
1985 proto_tree *tree, guint8 *drep)
1987 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1994 samr_dissect_set_boot_key_information_rqst(tvbuff_t *tvb, int offset,
1995 packet_info *pinfo, proto_tree *tree,
1998 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1999 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2001 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2002 hf_samr_unknown_short, NULL);
2003 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2004 dissect_ndr_counted_string_ptr, NDR_POINTER_UNIQUE,
2005 "Unknown", hf_samr_unknown_string);
2006 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2007 dissect_ndr_counted_string_ptr, NDR_POINTER_UNIQUE,
2008 "Unknown", hf_samr_unknown_string);
2013 samr_dissect_set_boot_key_information_reply(tvbuff_t *tvb, int offset,
2014 packet_info *pinfo, proto_tree *tree,
2017 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2024 samr_dissect_create_user2_in_domain_rqst(tvbuff_t *tvb, int offset,
2025 packet_info *pinfo, proto_tree *tree,
2028 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2029 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2031 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2032 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
2033 "Account Name", hf_samr_acct_name);
2035 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2037 offset = dissect_nt_access_mask(
2038 tvb, offset, pinfo, tree, drep, hf_samr_access,
2039 &samr_user_access_mask_info, NULL);
2045 samr_dissect_create_user2_in_domain_reply(tvbuff_t *tvb, int offset,
2046 packet_info *pinfo, proto_tree *tree,
2049 e_ctx_hnd policy_hnd;
2050 proto_item *hnd_item;
2053 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2054 hf_samr_hnd, &policy_hnd, &hnd_item,
2057 offset = dissect_nt_access_mask(
2058 tvb, offset, pinfo, tree, drep, hf_samr_access_granted,
2059 &samr_user_access_mask_info, NULL);
2061 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2064 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2065 hf_samr_rc, &status);
2068 dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
2069 "CreateUser2 handle");
2071 if (hnd_item != NULL)
2072 proto_item_append_text(hnd_item, ": CreateUser2 handle");
2079 samr_dissect_get_display_enumeration_index2_rqst(tvbuff_t *tvb, int offset,
2081 proto_tree *tree, guint8 *drep)
2083 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2084 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2086 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2087 hf_samr_level, NULL);
2088 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2089 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
2090 "Account Name", hf_samr_acct_name);
2095 samr_dissect_get_display_enumeration_index2_reply(tvbuff_t *tvb, int offset,
2096 packet_info *pinfo, proto_tree *tree,
2099 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2100 hf_samr_index, NULL);
2102 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2108 samr_dissect_change_password_user_rqst(tvbuff_t *tvb, int offset,
2109 packet_info *pinfo, proto_tree *tree,
2112 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2113 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2115 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2116 hf_samr_unknown_char, NULL);
2117 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2118 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2120 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2121 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2123 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2124 hf_samr_unknown_char, NULL);
2125 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2126 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2128 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2129 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2131 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2132 hf_samr_unknown_char, NULL);
2133 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2134 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2136 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2137 hf_samr_unknown_char, NULL);
2138 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2139 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2146 samr_dissect_change_password_user_reply(tvbuff_t *tvb, int offset,
2147 packet_info *pinfo, proto_tree *tree,
2150 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2157 samr_dissect_set_member_attributes_of_group_rqst(tvbuff_t *tvb, int offset,
2159 proto_tree *tree, guint8 *drep)
2161 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2162 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2164 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2165 hf_samr_attrib, NULL);
2170 samr_dissect_set_member_attributes_of_group_reply(tvbuff_t *tvb, int offset,
2171 packet_info *pinfo, proto_tree *tree,
2174 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2181 samr_dissect_GROUP_INFO_1 (tvbuff_t *tvb, int offset,
2182 packet_info *pinfo, proto_tree *tree,
2185 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2186 tree, drep, hf_samr_group_name, 0);
2187 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2188 hf_samr_unknown_long, NULL);
2189 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2190 hf_samr_group_num_of_members, NULL);
2191 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2192 tree, drep, hf_samr_group_desc, 0);
2197 samr_dissect_GROUP_INFO(tvbuff_t *tvb, int offset,
2198 packet_info *pinfo, proto_tree *parent_tree,
2201 proto_item *item=NULL;
2202 proto_tree *tree=NULL;
2203 int old_offset=offset;
2207 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2209 tree = proto_item_add_subtree(item, ett_samr_group_info);
2212 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2213 hf_samr_level, &level);
2216 offset = samr_dissect_GROUP_INFO_1(
2217 tvb, offset, pinfo, tree, drep);
2220 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2221 tree, drep, hf_samr_group_name, 0);
2224 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2225 hf_samr_attrib, NULL);
2228 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2229 tree, drep, hf_samr_group_desc, 0);
2233 proto_item_set_len(item, offset-old_offset);
2238 samr_dissect_GROUP_INFO_ptr(tvbuff_t *tvb, int offset,
2239 packet_info *pinfo, proto_tree *tree,
2242 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2243 samr_dissect_GROUP_INFO, NDR_POINTER_UNIQUE,
2249 samr_dissect_query_information_group_rqst(tvbuff_t *tvb, int offset,
2251 proto_tree *tree, guint8 *drep)
2253 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2254 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2256 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2257 hf_samr_level, NULL);
2263 samr_dissect_query_information_group_reply(tvbuff_t *tvb, int offset,
2264 packet_info *pinfo, proto_tree *tree,
2267 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2268 samr_dissect_GROUP_INFO_ptr, NDR_POINTER_REF,
2271 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2277 samr_dissect_set_information_group_rqst(tvbuff_t *tvb, int offset,
2278 packet_info *pinfo, proto_tree *tree,
2283 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2284 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2286 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2287 hf_samr_level, &level);
2289 if (check_col(pinfo->cinfo, COL_INFO))
2290 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
2292 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2293 samr_dissect_GROUP_INFO, NDR_POINTER_REF,
2299 samr_dissect_set_information_group_reply(tvbuff_t *tvb, int offset,
2300 packet_info *pinfo, proto_tree *tree,
2303 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2310 samr_dissect_get_domain_password_information_rqst(tvbuff_t *tvb, int offset,
2315 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2316 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
2317 "PASSWORD_INFO:", -1);
2319 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
2320 NDR_POINTER_UNIQUE, "Domain", hf_samr_domain, 0);
2326 samr_dissect_get_domain_password_information_reply(tvbuff_t *tvb, int offset,
2331 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2332 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
2333 "PASSWORD_INFO:", -1);
2335 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2342 samr_dissect_DOMAIN_INFO_1(tvbuff_t *tvb, int offset,
2343 packet_info *pinfo, proto_tree *parent_tree,
2346 proto_item *item=NULL;
2347 proto_tree *tree=NULL;
2348 int old_offset=offset;
2350 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
2353 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2355 tree = proto_item_add_subtree(item, ett_samr_domain_info_1);
2358 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2359 hf_samr_min_pwd_len, NULL);
2360 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2361 hf_samr_pwd_history_len, NULL);
2362 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2363 hf_samr_unknown_long, NULL);
2364 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2365 hf_samr_max_pwd_age);
2366 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2367 hf_samr_min_pwd_age);
2368 proto_item_set_len(item, offset-old_offset);
2373 samr_dissect_DOMAIN_INFO_2(tvbuff_t *tvb, int offset,
2374 packet_info *pinfo, proto_tree *parent_tree,
2377 proto_item *item=NULL;
2378 proto_tree *tree=NULL;
2379 int old_offset=offset;
2382 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2384 tree = proto_item_add_subtree(item, ett_samr_domain_info_2);
2387 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2388 hf_samr_unknown_time);
2389 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2390 hf_samr_unknown_string, 0);
2391 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2393 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2394 hf_samr_controller, 0);
2395 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2396 hf_samr_unknown_time);
2397 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2398 hf_samr_unknown_long, NULL);
2399 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2400 hf_samr_unknown_long, NULL);
2401 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2402 hf_samr_unknown_char, NULL);
2403 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2404 hf_samr_num_users, NULL);
2405 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2406 hf_samr_num_groups, NULL);
2407 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2408 hf_samr_num_aliases, NULL);
2410 proto_item_set_len(item, offset-old_offset);
2415 samr_dissect_DOMAIN_INFO_8(tvbuff_t *tvb, int offset,
2416 packet_info *pinfo, proto_tree *parent_tree,
2419 proto_item *item=NULL;
2420 proto_tree *tree=NULL;
2421 int old_offset=offset;
2424 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2426 tree = proto_item_add_subtree(item, ett_samr_domain_info_8);
2429 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2430 hf_samr_max_pwd_age);
2431 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2432 hf_samr_min_pwd_age);
2434 proto_item_set_len(item, offset-old_offset);
2439 samr_dissect_REPLICATION_STATUS(tvbuff_t *tvb, int offset,
2440 packet_info *pinfo, proto_tree *parent_tree,
2443 proto_item *item=NULL;
2444 proto_tree *tree=NULL;
2445 int old_offset=offset;
2448 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2449 "REPLICATION_STATUS:");
2450 tree = proto_item_add_subtree(item, ett_samr_replication_status);
2453 offset = dissect_ndr_duint32 (tvb, offset, pinfo, tree, drep,
2454 hf_samr_unknown_hyper, NULL);
2455 offset = dissect_ndr_duint32 (tvb, offset, pinfo, tree, drep,
2456 hf_samr_unknown_hyper, NULL);
2457 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2458 hf_samr_unknown_short, NULL);
2460 proto_item_set_len(item, offset-old_offset);
2465 samr_dissect_DOMAIN_INFO_11(tvbuff_t *tvb, int offset,
2466 packet_info *pinfo, proto_tree *parent_tree,
2469 proto_item *item=NULL;
2470 proto_tree *tree=NULL;
2471 int old_offset=offset;
2474 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2476 tree = proto_item_add_subtree(item, ett_samr_domain_info_11);
2479 offset = samr_dissect_DOMAIN_INFO_2(
2480 tvb, offset, pinfo, tree, drep);
2481 offset = samr_dissect_REPLICATION_STATUS(
2482 tvb, offset, pinfo, tree, drep);
2484 proto_item_set_len(item, offset-old_offset);
2489 samr_dissect_DOMAIN_INFO_12(tvbuff_t *tvb, int offset,
2490 packet_info *pinfo, proto_tree *parent_tree,
2493 proto_item *item=NULL;
2494 proto_tree *tree=NULL;
2495 int old_offset=offset;
2498 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2500 tree = proto_item_add_subtree(item, ett_samr_replication_status);
2503 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2504 hf_samr_lockout_duration_time);
2505 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2506 hf_samr_lockout_reset_time);
2507 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2508 hf_samr_lockout_threshold_short, NULL);
2510 proto_item_set_len(item, offset-old_offset);
2515 samr_dissect_DOMAIN_INFO_13(tvbuff_t *tvb, int offset,
2516 packet_info *pinfo, proto_tree *parent_tree,
2519 proto_item *item=NULL;
2520 proto_tree *tree=NULL;
2521 int old_offset=offset;
2524 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2526 tree = proto_item_add_subtree(item, ett_samr_domain_info_13);
2529 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2530 hf_samr_unknown_time);
2531 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2532 hf_samr_unknown_time);
2533 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2534 hf_samr_unknown_time);
2536 proto_item_set_len(item, offset-old_offset);
2542 samr_dissect_DOMAIN_INFO(tvbuff_t *tvb, int offset,
2543 packet_info *pinfo, proto_tree *parent_tree,
2546 proto_item *item=NULL;
2547 proto_tree *tree=NULL;
2548 int old_offset=offset;
2552 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2554 tree = proto_item_add_subtree(item, ett_samr_domain_info);
2557 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2558 hf_samr_level, &level);
2560 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2563 offset = samr_dissect_DOMAIN_INFO_1(
2564 tvb, offset, pinfo, tree, drep);
2567 offset = samr_dissect_DOMAIN_INFO_2(
2568 tvb, offset, pinfo, tree, drep);
2572 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2573 hf_samr_force_logoff_time);
2576 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2577 tree, drep, hf_samr_unknown_string, 0);
2581 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2582 tree, drep, hf_samr_domain, 0);
2586 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2587 tree, drep, hf_samr_controller, 0);
2591 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2592 hf_samr_unknown_short, NULL);
2595 offset = samr_dissect_DOMAIN_INFO_8(
2596 tvb, offset, pinfo, tree, drep);
2599 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2600 hf_samr_unknown_short, NULL);
2603 offset = samr_dissect_DOMAIN_INFO_11(
2604 tvb, offset, pinfo, tree, drep);
2607 offset = samr_dissect_DOMAIN_INFO_12(
2608 tvb, offset, pinfo, tree, drep);
2611 offset = samr_dissect_DOMAIN_INFO_13(
2612 tvb, offset, pinfo, tree, drep);
2616 proto_item_set_len(item, offset-old_offset);
2621 samr_dissect_set_information_domain_rqst(tvbuff_t *tvb, int offset,
2622 packet_info *pinfo, proto_tree *tree,
2627 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2628 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2630 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2631 hf_samr_level, &level);
2633 if (check_col(pinfo->cinfo, COL_INFO))
2634 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
2636 offset = samr_dissect_DOMAIN_INFO(tvb, offset, pinfo, tree, drep);
2642 samr_dissect_set_information_domain_reply(tvbuff_t *tvb, int offset,
2644 proto_tree *tree, guint8 *drep)
2646 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2653 samr_dissect_create_group_in_domain_rqst(tvbuff_t *tvb, int offset,
2654 packet_info *pinfo, proto_tree *tree,
2657 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2658 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2660 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2661 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
2662 "Group Name", hf_samr_group_name);
2664 offset = dissect_nt_access_mask(
2665 tvb, offset, pinfo, tree, drep, hf_samr_access,
2666 &samr_group_access_mask_info, NULL);
2674 samr_dissect_create_group_in_domain_reply(tvbuff_t *tvb, int offset,
2675 packet_info *pinfo, proto_tree *tree,
2678 e_ctx_hnd policy_hnd;
2679 proto_item *hnd_item;
2682 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2683 hf_samr_hnd, &policy_hnd, &hnd_item,
2686 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2689 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2690 hf_samr_rc, &status);
2693 dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
2694 "CreateGroup handle");
2696 if (hnd_item != NULL)
2697 proto_item_append_text(hnd_item, ": CreateGroup handle");
2706 samr_dissect_lookup_domain_rqst(tvbuff_t *tvb, int offset,
2707 packet_info *pinfo, proto_tree *tree,
2710 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2711 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2713 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2714 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
2715 "Domain", hf_samr_domain);
2721 samr_dissect_lookup_domain_reply(tvbuff_t *tvb, int offset,
2722 packet_info *pinfo, proto_tree *tree,
2725 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2726 dissect_ndr_nt_SID_no_hf, NDR_POINTER_UNIQUE,
2729 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2735 samr_dissect_index(tvbuff_t *tvb, int offset,
2736 packet_info *pinfo, proto_tree *tree,
2741 di=pinfo->private_data;
2743 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2744 di->hf_index, NULL);
2751 samr_dissect_INDEX_ARRAY_value (tvbuff_t *tvb, int offset,
2752 packet_info *pinfo, proto_tree *tree,
2755 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2756 samr_dissect_index);
2762 plural_ending(const char *string)
2766 string_len = strlen(string);
2767 if (string_len > 0 && string[string_len - 1] == 's') {
2768 /* String ends with "s" - pluralize by adding "es" */
2771 /* Field name doesn't end with "s" - pluralize by adding "s" */
2777 samr_dissect_INDEX_ARRAY(tvbuff_t *tvb, int offset,
2778 packet_info *pinfo, proto_tree *parent_tree,
2781 const char *field_name;
2783 proto_item *item=NULL;
2784 proto_tree *tree=NULL;
2785 int old_offset=offset;
2789 di=pinfo->private_data;
2791 field_name = proto_registrar_get_name(di->hf_index);
2792 g_snprintf(str, 255, "INDEX_ARRAY: %s%s:", field_name,
2793 plural_ending(field_name));
2795 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2797 tree = proto_item_add_subtree(item, ett_samr_index_array);
2800 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2801 hf_samr_count, &count);
2802 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2803 samr_dissect_INDEX_ARRAY_value, NDR_POINTER_UNIQUE,
2806 proto_item_set_len(item, offset-old_offset);
2811 samr_dissect_get_alias_membership_rqst(tvbuff_t *tvb, int offset,
2812 packet_info *pinfo, proto_tree *tree,
2815 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2816 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2818 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2819 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2826 samr_dissect_get_alias_membership_reply(tvbuff_t *tvb, int offset,
2827 packet_info *pinfo, proto_tree *tree,
2830 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2831 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
2832 "INDEX_ARRAY:", hf_samr_alias);
2834 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2841 samr_dissect_IDX_AND_NAME(tvbuff_t *tvb, int offset,
2842 packet_info *pinfo, proto_tree *parent_tree,
2845 proto_item *item=NULL;
2846 proto_tree *tree=NULL;
2847 int old_offset=offset;
2851 di=pinfo->private_data;
2853 g_snprintf(str, 255, "IDX_AND_NAME: %s:",proto_registrar_get_name(di->hf_index));
2855 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2857 tree = proto_item_add_subtree(item, ett_samr_idx_and_name);
2860 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2861 hf_samr_index, NULL);
2862 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2863 tree, drep, di->hf_index, 4);
2865 proto_item_set_len(item, offset-old_offset);
2870 samr_dissect_IDX_AND_NAME_entry (tvbuff_t *tvb, int offset,
2871 packet_info *pinfo, proto_tree *tree,
2874 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2875 samr_dissect_IDX_AND_NAME);
2882 samr_dissect_IDX_AND_NAME_ARRAY(tvbuff_t *tvb, int offset,
2883 packet_info *pinfo, proto_tree *parent_tree,
2886 const char *field_name;
2888 proto_item *item=NULL;
2889 proto_tree *tree=NULL;
2890 int old_offset=offset;
2894 di=pinfo->private_data;
2896 field_name = proto_registrar_get_name(di->hf_index);
2899 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2900 "IDX_AND_NAME_ARRAY: %s%s:", field_name,
2901 plural_ending(field_name));
2902 tree = proto_item_add_subtree(item, ett_samr_idx_and_name_array);
2906 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2907 hf_samr_count, &count);
2908 g_snprintf(str, 255, "IDX_AND_NAME pointer: %s%s:", field_name,
2909 plural_ending(field_name));
2910 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2911 samr_dissect_IDX_AND_NAME_entry, NDR_POINTER_UNIQUE,
2914 proto_item_set_len(item, offset-old_offset);
2919 samr_dissect_IDX_AND_NAME_ARRAY_ptr(tvbuff_t *tvb, int offset,
2920 packet_info *pinfo, proto_tree *tree,
2923 const char *field_name;
2927 di=pinfo->private_data;
2929 field_name = proto_registrar_get_name(di->hf_index);
2930 g_snprintf(str, 255, "IDX_AND_NAME_ARRAY pointer: %s%s:", field_name,
2931 plural_ending(field_name));
2932 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2933 samr_dissect_IDX_AND_NAME_ARRAY, NDR_POINTER_UNIQUE,
2939 samr_dissect_enum_domains_rqst(tvbuff_t *tvb, int offset,
2940 packet_info *pinfo, proto_tree *tree,
2943 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2944 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2946 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2947 samr_dissect_pointer_long, NDR_POINTER_REF,
2948 "Resume Handle", hf_samr_resume_hnd);
2950 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2951 hf_samr_pref_maxsize, NULL);
2957 samr_dissect_enum_domains_reply(tvbuff_t *tvb, int offset,
2958 packet_info *pinfo, proto_tree *tree,
2961 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2962 samr_dissect_pointer_long, NDR_POINTER_REF,
2963 "Resume Handle:", hf_samr_resume_hnd);
2965 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2966 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2967 "IDX_AND_NAME_ARRAY:", hf_samr_domain);
2969 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2970 samr_dissect_pointer_long, NDR_POINTER_REF,
2971 "Entries:", hf_samr_entries);
2973 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2980 samr_dissect_enum_dom_groups_rqst(tvbuff_t *tvb, int offset,
2981 packet_info *pinfo, proto_tree *tree,
2984 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2985 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2987 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2988 samr_dissect_pointer_long, NDR_POINTER_REF,
2989 "Resume Handle:", hf_samr_resume_hnd);
2991 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2992 hf_samr_pref_maxsize, NULL);
2998 samr_dissect_enum_dom_groups_reply(tvbuff_t *tvb, int offset,
2999 packet_info *pinfo, proto_tree *tree,
3002 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3003 samr_dissect_pointer_long, NDR_POINTER_REF,
3004 "Resume Handle:", hf_samr_resume_hnd);
3006 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3007 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
3008 "IDX_AND_NAME_ARRAY:", hf_samr_group_name);
3010 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3011 samr_dissect_pointer_long, NDR_POINTER_REF,
3012 "Entries:", hf_samr_entries);
3014 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3021 samr_dissect_enum_dom_aliases_rqst(tvbuff_t *tvb, int offset,
3022 packet_info *pinfo, proto_tree *tree,
3025 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3026 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
3028 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3029 samr_dissect_pointer_long, NDR_POINTER_REF,
3030 "Resume Handle:", hf_samr_resume_hnd);
3032 offset = dissect_ndr_nt_acct_ctrl(
3033 tvb, offset, pinfo, tree, drep);
3039 samr_dissect_enum_dom_aliases_reply(tvbuff_t *tvb, int offset,
3040 packet_info *pinfo, proto_tree *tree,
3043 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3044 samr_dissect_pointer_long, NDR_POINTER_REF,
3045 "Resume Handle:", hf_samr_resume_hnd);
3047 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3048 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
3049 "IDX_AND_NAME_ARRAY:", hf_samr_alias_name);
3051 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3052 samr_dissect_pointer_long, NDR_POINTER_REF,
3053 "Entries:", hf_samr_entries);
3055 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3062 samr_dissect_get_members_in_alias_rqst(tvbuff_t *tvb, int offset,
3063 packet_info *pinfo, proto_tree *tree,
3066 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3067 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
3073 samr_dissect_get_members_in_alias_reply(tvbuff_t *tvb, int offset,
3074 packet_info *pinfo, proto_tree *tree,
3077 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3078 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3081 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3088 samr_dissect_USER_INFO_1(tvbuff_t *tvb, int offset,
3089 packet_info *pinfo, proto_tree *parent_tree,
3092 proto_item *item=NULL;
3093 proto_tree *tree=NULL;
3094 int old_offset=offset;
3097 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3099 tree = proto_item_add_subtree(item, ett_samr_user_info_1);
3102 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3103 hf_samr_acct_name, 0);
3105 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3106 hf_samr_full_name, 0);
3108 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3109 hf_samr_primary_group_rid, 0);
3111 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3112 hf_samr_acct_desc, 0);
3114 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3115 hf_samr_comment, 0);
3117 proto_item_set_len(item, offset-old_offset);
3122 samr_dissect_USER_INFO_2(tvbuff_t *tvb, int offset,
3123 packet_info *pinfo, proto_tree *parent_tree,
3126 proto_item *item=NULL;
3127 proto_tree *tree=NULL;
3128 int old_offset=offset;
3131 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3133 tree = proto_item_add_subtree(item, ett_samr_user_info_2);
3136 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3137 hf_samr_comment, 0);
3138 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3139 hf_samr_unknown_string, 0);
3140 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3141 hf_samr_country, NULL);
3142 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3143 hf_samr_codepage, NULL);
3145 proto_item_set_len(item, offset-old_offset);
3150 samr_dissect_USER_INFO_3(tvbuff_t *tvb, int offset,
3151 packet_info *pinfo, proto_tree *parent_tree,
3154 proto_item *item=NULL;
3155 proto_tree *tree=NULL;
3156 int old_offset=offset;
3159 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3161 tree = proto_item_add_subtree(item, ett_samr_user_info_3);
3164 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3165 hf_samr_acct_name, 0);
3166 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3167 hf_samr_full_name, 0);
3168 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3170 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3171 hf_samr_primary_group_rid, NULL);
3172 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3174 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3175 hf_samr_home_drive, 0);
3176 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3178 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3179 hf_samr_profile, 0);
3180 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3181 hf_samr_workstations, 0);
3182 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3183 hf_samr_logon_time);
3184 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3185 hf_samr_logoff_time);
3186 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3187 hf_samr_pwd_last_set_time);
3188 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3189 hf_samr_pwd_can_change_time);
3190 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3191 hf_samr_pwd_must_change_time);
3192 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
3193 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3194 hf_samr_bad_pwd_count, NULL);
3195 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3196 hf_samr_logon_count, NULL);
3197 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3199 proto_item_set_len(item, offset-old_offset);
3204 samr_dissect_USER_INFO_5(tvbuff_t *tvb, int offset,
3205 packet_info *pinfo, proto_tree *parent_tree,
3208 proto_item *item=NULL;
3209 proto_tree *tree=NULL;
3210 int old_offset=offset;
3213 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3215 tree = proto_item_add_subtree(item, ett_samr_user_info_5);
3218 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3219 hf_samr_acct_name, 0);
3220 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3221 hf_samr_full_name, 0);
3222 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3224 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3225 hf_samr_primary_group_rid, NULL);
3226 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3228 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3229 hf_samr_home_drive, 0);
3230 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3232 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3233 hf_samr_acct_desc, 0);
3234 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3235 hf_samr_workstations, 0);
3236 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3237 hf_samr_logon_time);
3238 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3239 hf_samr_logoff_time);
3240 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
3241 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3242 hf_samr_bad_pwd_count, NULL);
3243 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3244 hf_samr_logon_count, NULL);
3245 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3246 hf_samr_pwd_last_set_time);
3247 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3248 hf_samr_acct_expiry_time);
3249 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3251 proto_item_set_len(item, offset-old_offset);
3256 samr_dissect_USER_INFO_6(tvbuff_t *tvb, int offset,
3257 packet_info *pinfo, proto_tree *parent_tree,
3260 proto_item *item=NULL;
3261 proto_tree *tree=NULL;
3262 int old_offset=offset;
3265 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3267 tree = proto_item_add_subtree(item, ett_samr_user_info_6);
3270 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3271 hf_samr_acct_name, 0);
3272 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3273 hf_samr_full_name, 0);
3275 proto_item_set_len(item, offset-old_offset);
3280 samr_dissect_USER_INFO_10(tvbuff_t *tvb, int offset,
3281 packet_info *pinfo, proto_tree *parent_tree,
3284 proto_item *item=NULL;
3285 proto_tree *tree=NULL;
3286 int old_offset=offset;
3289 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3291 tree = proto_item_add_subtree(item, ett_samr_user_info_10);
3294 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3296 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3297 hf_samr_home_drive, 0);
3299 proto_item_set_len(item, offset-old_offset);
3305 samr_dissect_USER_INFO_18(tvbuff_t *tvb, int offset,
3306 packet_info *pinfo, proto_tree *parent_tree,
3309 proto_item *item=NULL;
3310 proto_tree *tree=NULL;
3311 int old_offset=offset;
3314 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3316 tree = proto_item_add_subtree(item, ett_samr_user_info_18);
3319 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
3320 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
3321 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3322 hf_samr_unknown_char, NULL);
3323 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3324 hf_samr_unknown_char, NULL);
3325 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3326 hf_samr_unknown_char, NULL);
3328 proto_item_set_len(item, offset-old_offset);
3333 samr_dissect_USER_INFO_19(tvbuff_t *tvb, int offset,
3334 packet_info *pinfo, proto_tree *parent_tree,
3337 proto_item *item=NULL;
3338 proto_tree *tree=NULL;
3339 int old_offset=offset;
3342 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3344 tree = proto_item_add_subtree(item, ett_samr_user_info_19);
3347 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3348 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3349 hf_samr_logon_time);
3350 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3351 hf_samr_logoff_time);
3352 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3353 hf_samr_bad_pwd_count, NULL);
3354 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3355 hf_samr_logon_count, NULL);
3357 proto_item_set_len(item, offset-old_offset);
3362 samr_dissect_BUFFER_entry(tvbuff_t *tvb, int offset,
3363 packet_info *pinfo, proto_tree *tree,
3366 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3367 hf_samr_unknown_char, NULL);
3373 samr_dissect_BUFFER_buffer(tvbuff_t *tvb, int offset,
3374 packet_info *pinfo, proto_tree *parent_tree,
3377 proto_item *item=NULL;
3378 proto_tree *tree=NULL;
3379 int old_offset=offset;
3382 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3384 tree = proto_item_add_subtree(item, ett_samr_buffer_buffer);
3387 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3388 samr_dissect_BUFFER_entry);
3390 proto_item_set_len(item, offset-old_offset);
3397 samr_dissect_BUFFER(tvbuff_t *tvb, int offset,
3398 packet_info *pinfo, proto_tree *parent_tree,
3401 proto_item *item=NULL;
3402 proto_tree *tree=NULL;
3403 int old_offset=offset;
3406 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3408 tree = proto_item_add_subtree(item, ett_samr_buffer);
3410 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3411 hf_samr_count, NULL);
3412 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3413 samr_dissect_BUFFER_buffer, NDR_POINTER_UNIQUE,
3416 proto_item_set_len(item, offset-old_offset);
3421 samr_dissect_USER_INFO_21(tvbuff_t *tvb, int offset,
3422 packet_info *pinfo, proto_tree *parent_tree,
3425 proto_item *item=NULL;
3426 proto_tree *tree=NULL;
3427 int old_offset=offset;
3430 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3432 tree = proto_item_add_subtree(item, ett_samr_user_info_21);
3435 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3436 hf_samr_logon_time);
3437 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3438 hf_samr_logoff_time);
3439 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3440 hf_samr_pwd_last_set_time);
3441 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3442 hf_samr_acct_expiry_time);
3443 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3444 hf_samr_pwd_can_change_time);
3445 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3446 hf_samr_pwd_must_change_time);
3447 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3448 hf_samr_acct_name, 2);
3449 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3450 hf_samr_full_name, 0);
3451 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3453 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3454 hf_samr_home_drive, 0);
3455 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3457 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3458 hf_samr_profile, 0);
3459 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3460 hf_samr_acct_desc, 0);
3461 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3462 hf_samr_workstations, 0);
3463 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3464 hf_samr_comment, 0);
3465 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3466 hf_samr_callback, 0);
3467 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3468 hf_samr_unknown_string, 0);
3469 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3470 hf_samr_unknown_string, 0);
3471 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3472 hf_samr_unknown_string, 0);
3473 offset = samr_dissect_BUFFER(tvb, offset, pinfo, tree, drep);
3474 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3476 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3477 hf_samr_primary_group_rid, NULL);
3478 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3479 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3480 hf_samr_unknown_long, NULL);
3481 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
3482 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3483 hf_samr_bad_pwd_count, NULL);
3484 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3485 hf_samr_logon_count, NULL);
3486 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3487 hf_samr_country, NULL);
3488 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3489 hf_samr_codepage, NULL);
3490 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3491 hf_samr_nt_pwd_set, NULL);
3492 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3493 hf_samr_lm_pwd_set, NULL);
3494 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3495 hf_samr_pwd_expired, NULL);
3496 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3497 hf_samr_unknown_char, NULL);
3499 proto_item_set_len(item, offset-old_offset);
3504 samr_dissect_USER_INFO_22(tvbuff_t *tvb, int offset,
3505 packet_info *pinfo, proto_tree *parent_tree,
3508 proto_item *item=NULL;
3509 proto_tree *tree=NULL;
3510 int old_offset=offset;
3513 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3515 tree = proto_item_add_subtree(item, ett_samr_user_info_22);
3518 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3519 offset = dissect_ndr_duint32 (tvb, offset, pinfo, tree, drep,
3520 hf_samr_revision, NULL);
3522 proto_item_set_len(item, offset-old_offset);
3527 samr_dissect_USER_INFO_23(tvbuff_t *tvb, int offset,
3528 packet_info *pinfo, proto_tree *parent_tree,
3531 proto_item *item=NULL;
3532 proto_tree *tree=NULL;
3533 int old_offset=offset;
3536 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3538 tree = proto_item_add_subtree(item, ett_samr_user_info_23);
3541 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3542 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3544 proto_item_set_len(item, offset-old_offset);
3549 samr_dissect_USER_INFO_24(tvbuff_t *tvb, int offset,
3550 packet_info *pinfo, proto_tree *parent_tree,
3553 proto_item *item=NULL;
3554 proto_tree *tree=NULL;
3555 int old_offset=offset;
3558 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3560 tree = proto_item_add_subtree(item, ett_samr_user_info_24);
3563 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3564 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3565 hf_samr_unknown_char, NULL);
3567 proto_item_set_len(item, offset-old_offset);
3573 samr_dissect_USER_INFO_25(tvbuff_t *tvb, int offset,
3574 packet_info *pinfo, proto_tree *parent_tree,
3577 proto_item *item = NULL;
3578 proto_tree *tree = NULL;
3579 int old_offset = offset;
3582 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3584 tree = proto_item_add_subtree(item, ett_samr_user_info_25);
3587 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3589 proto_tree_add_item(tree, hf_samr_crypt_password, tvb, offset, 532,
3593 proto_item_set_len(item, offset - old_offset);
3600 samr_dissect_USER_INFO (tvbuff_t *tvb, int offset,
3601 packet_info *pinfo, proto_tree *parent_tree,
3604 proto_item *item=NULL;
3605 proto_tree *tree=NULL;
3606 int old_offset=offset;
3610 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3612 tree = proto_item_add_subtree(item, ett_samr_user_info);
3614 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3615 hf_samr_level, &level);
3619 offset = samr_dissect_USER_INFO_1(
3620 tvb, offset, pinfo, tree, drep);
3623 offset = samr_dissect_USER_INFO_2(
3624 tvb, offset, pinfo, tree, drep);
3627 offset = samr_dissect_USER_INFO_3(
3628 tvb, offset, pinfo, tree, drep);
3631 offset = dissect_ndr_nt_LOGON_HOURS(
3632 tvb, offset, pinfo, tree, drep);
3635 offset = samr_dissect_USER_INFO_5(
3636 tvb, offset, pinfo, tree, drep);
3639 offset = samr_dissect_USER_INFO_6(
3640 tvb, offset, pinfo, tree, drep);
3643 offset = dissect_ndr_counted_string(
3644 tvb, offset, pinfo, tree, drep, hf_samr_acct_name, 0);
3647 offset = dissect_ndr_counted_string(
3648 tvb, offset, pinfo, tree, drep, hf_samr_full_name, 0);
3651 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3652 hf_samr_primary_group_rid, NULL);
3655 offset = samr_dissect_USER_INFO_10(
3656 tvb, offset, pinfo, tree, drep);
3659 offset = dissect_ndr_counted_string(
3660 tvb, offset, pinfo, tree, drep, hf_samr_script, 0);
3663 offset = dissect_ndr_counted_string(
3664 tvb, offset, pinfo, tree, drep, hf_samr_profile, 0);
3667 offset = dissect_ndr_counted_string(
3668 tvb, offset, pinfo, tree, drep, hf_samr_acct_desc, 0);
3671 offset = dissect_ndr_counted_string(
3672 tvb, offset, pinfo, tree, drep, hf_samr_workstations, 0);
3675 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree,
3679 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3680 hf_samr_acct_expiry_time);
3683 offset = samr_dissect_USER_INFO_18(
3684 tvb, offset, pinfo, tree, drep);
3687 offset = samr_dissect_USER_INFO_19(
3688 tvb, offset, pinfo, tree, drep);
3691 offset = dissect_ndr_counted_string(
3692 tvb, offset, pinfo, tree, drep, hf_samr_callback, 0);
3695 offset = samr_dissect_USER_INFO_21(
3696 tvb, offset, pinfo, tree, drep);
3699 offset = samr_dissect_USER_INFO_22(
3700 tvb, offset, pinfo, tree, drep);
3703 offset = samr_dissect_USER_INFO_23(
3704 tvb, offset, pinfo, tree, drep);
3707 offset = samr_dissect_USER_INFO_24(
3708 tvb, offset, pinfo, tree, drep);
3710 offset = samr_dissect_USER_INFO_25(
3711 tvb, offset, pinfo, tree, drep);
3715 proto_item_set_len(item, offset-old_offset);
3720 samr_dissect_USER_INFO_ptr(tvbuff_t *tvb, int offset,
3721 packet_info *pinfo, proto_tree *tree,
3724 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3725 samr_dissect_USER_INFO, NDR_POINTER_UNIQUE,
3726 "USER_INFO pointer", -1);
3731 samr_dissect_set_information_user2_rqst(tvbuff_t *tvb, int offset,
3732 packet_info *pinfo, proto_tree *tree,
3737 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3738 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
3740 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3741 hf_samr_level, &level);
3743 if (check_col(pinfo->cinfo, COL_INFO))
3744 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
3746 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3747 samr_dissect_USER_INFO, NDR_POINTER_REF,
3754 samr_dissect_set_information_user2_reply(tvbuff_t *tvb, int offset,
3755 packet_info *pinfo, proto_tree *tree,
3758 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3765 samr_dissect_query_information_user2_rqst(tvbuff_t *tvb, int offset,
3766 packet_info *pinfo, proto_tree *tree,
3771 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3772 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
3774 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3775 hf_samr_level, &level);
3777 if (check_col(pinfo->cinfo, COL_INFO))
3778 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
3784 samr_dissect_query_information_user2_reply(tvbuff_t *tvb, int offset,
3785 packet_info *pinfo, proto_tree *tree,
3788 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3789 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
3792 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3799 samr_dissect_MEMBER_ARRAY_type(tvbuff_t *tvb, int offset,
3800 packet_info *pinfo, proto_tree *tree,
3803 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3804 hf_samr_type, NULL);
3811 samr_dissect_MEMBER_ARRAY_types(tvbuff_t *tvb, int offset,
3812 packet_info *pinfo, proto_tree *parent_tree,
3815 proto_item *item=NULL;
3816 proto_tree *tree=NULL;
3817 int old_offset=offset;
3820 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3821 "MEMBER_ARRAY_types:");
3822 tree = proto_item_add_subtree(item, ett_samr_member_array_types);
3825 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3826 samr_dissect_MEMBER_ARRAY_type);
3828 proto_item_set_len(item, offset-old_offset);
3835 samr_dissect_MEMBER_ARRAY_rid(tvbuff_t *tvb, int offset,
3836 packet_info *pinfo, proto_tree *tree,
3839 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3847 samr_dissect_MEMBER_ARRAY_rids(tvbuff_t *tvb, int offset,
3848 packet_info *pinfo, proto_tree *parent_tree,
3851 proto_item *item=NULL;
3852 proto_tree *tree=NULL;
3853 int old_offset=offset;
3856 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3857 "MEMBER_ARRAY_rids:");
3858 tree = proto_item_add_subtree(item, ett_samr_member_array_rids);
3861 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3862 samr_dissect_MEMBER_ARRAY_rid);
3864 proto_item_set_len(item, offset-old_offset);
3871 samr_dissect_MEMBER_ARRAY(tvbuff_t *tvb, int offset,
3872 packet_info *pinfo, proto_tree *parent_tree,
3876 proto_item *item=NULL;
3877 proto_tree *tree=NULL;
3878 int old_offset=offset;
3881 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3883 tree = proto_item_add_subtree(item, ett_samr_member_array);
3886 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3887 hf_samr_count, &count);
3888 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3889 samr_dissect_MEMBER_ARRAY_rids, NDR_POINTER_UNIQUE,
3891 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3892 samr_dissect_MEMBER_ARRAY_types, NDR_POINTER_UNIQUE,
3895 proto_item_set_len(item, offset-old_offset);
3900 samr_dissect_MEMBER_ARRAY_ptr(tvbuff_t *tvb, int offset,
3901 packet_info *pinfo, proto_tree *tree,
3904 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3905 samr_dissect_MEMBER_ARRAY, NDR_POINTER_UNIQUE,
3906 "MEMBER_ARRAY", -1);
3911 samr_dissect_query_groupmem_rqst(tvbuff_t *tvb, int offset,
3912 packet_info *pinfo, proto_tree *tree,
3915 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3916 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
3922 samr_dissect_query_groupmem_reply(tvbuff_t *tvb, int offset,
3923 packet_info *pinfo, proto_tree *tree,
3926 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3927 samr_dissect_MEMBER_ARRAY_ptr, NDR_POINTER_REF,
3928 "MEMBER_ARRAY:", -1);
3930 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3937 samr_dissect_set_sec_object_rqst(tvbuff_t *tvb, int offset,
3938 packet_info *pinfo, proto_tree *tree,
3943 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3944 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
3946 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3947 hf_samr_info_type, &info_type);
3949 if (check_col(pinfo->cinfo, COL_INFO))
3951 pinfo->cinfo, COL_INFO, ", info type %d", info_type);
3953 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3954 sam_dissect_SAM_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3955 "SAM_SECURITY_DESCRIPTOR pointer: ", -1);
3961 samr_dissect_set_sec_object_reply(tvbuff_t *tvb, int offset,
3962 packet_info *pinfo, proto_tree *tree,
3965 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3972 samr_dissect_query_sec_object_rqst(tvbuff_t *tvb, int offset,
3973 packet_info *pinfo, proto_tree *tree,
3978 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3979 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
3981 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3982 hf_samr_info_type, &info_type);
3984 if (check_col(pinfo->cinfo, COL_INFO))
3986 pinfo->cinfo, COL_INFO, ", info_type %d", info_type);
3992 samr_dissect_query_sec_object_reply(tvbuff_t *tvb, int offset,
3993 packet_info *pinfo, proto_tree *tree,
3996 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3997 sam_dissect_SAM_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3998 "SAM_SECURITY_DESCRIPTOR pointer: ", -1);
4000 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4007 samr_dissect_LOOKUP_NAMES_name(tvbuff_t *tvb, int offset,
4008 packet_info *pinfo, proto_tree *tree,
4011 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
4012 hf_samr_acct_name, 1);
4017 samr_dissect_LOOKUP_NAMES(tvbuff_t *tvb, int offset,
4018 packet_info *pinfo, proto_tree *parent_tree,
4021 proto_item *item=NULL;
4022 proto_tree *tree=NULL;
4023 int old_offset=offset;
4026 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
4028 tree = proto_item_add_subtree(item, ett_samr_names);
4031 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
4032 samr_dissect_LOOKUP_NAMES_name);
4034 proto_item_set_len(item, offset-old_offset);
4040 samr_dissect_lookup_names_rqst(tvbuff_t *tvb, int offset,
4041 packet_info *pinfo, proto_tree *tree,
4044 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4045 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4047 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4048 hf_samr_count, NULL);
4050 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4051 samr_dissect_LOOKUP_NAMES, NDR_POINTER_REF,
4052 "LOOKUP_NAMES:", -1);
4058 samr_dissect_lookup_names_reply(tvbuff_t *tvb, int offset,
4059 packet_info *pinfo, proto_tree *tree,
4062 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4063 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
4064 "Rids:", hf_samr_rid);
4066 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4067 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
4068 "Types:", hf_samr_type);
4070 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4077 samr_dissect_LOOKUP_RIDS_rid(tvbuff_t *tvb, int offset,
4078 packet_info *pinfo, proto_tree *tree,
4081 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4088 samr_dissect_LOOKUP_RIDS(tvbuff_t *tvb, int offset,
4089 packet_info *pinfo, proto_tree *parent_tree,
4092 proto_item *item=NULL;
4093 proto_tree *tree=NULL;
4094 int old_offset=offset;
4097 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
4099 tree = proto_item_add_subtree(item, ett_samr_rids);
4102 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
4103 samr_dissect_LOOKUP_RIDS_rid);
4105 proto_item_set_len(item, offset-old_offset);
4111 samr_dissect_lookup_rids_rqst(tvbuff_t *tvb, int offset,
4112 packet_info *pinfo, proto_tree *tree,
4115 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4116 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4118 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4119 hf_samr_count, NULL);
4121 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4122 samr_dissect_LOOKUP_RIDS, NDR_POINTER_REF,
4123 "LOOKUP_RIDS:", -1);
4129 samr_dissect_UNICODE_STRING_ARRAY_name(tvbuff_t *tvb, int offset,
4130 packet_info *pinfo, proto_tree *tree,
4133 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
4134 hf_samr_acct_name, 0);
4139 samr_dissect_UNICODE_STRING_ARRAY_names(tvbuff_t *tvb, int offset,
4140 packet_info *pinfo, proto_tree *tree,
4143 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
4144 samr_dissect_UNICODE_STRING_ARRAY_name);
4149 samr_dissect_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
4150 packet_info *pinfo, proto_tree *parent_tree,
4153 proto_item *item=NULL;
4154 proto_tree *tree=NULL;
4155 int old_offset=offset;
4158 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
4160 tree = proto_item_add_subtree(item, ett_samr_names);
4163 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4164 hf_samr_count, NULL);
4166 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4167 samr_dissect_UNICODE_STRING_ARRAY_names, NDR_POINTER_UNIQUE,
4170 proto_item_set_len(item, offset-old_offset);
4178 samr_dissect_lookup_rids_reply(tvbuff_t *tvb, int offset,
4179 packet_info *pinfo, proto_tree *tree,
4182 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4183 samr_dissect_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
4184 "RIDs:", hf_samr_rid);
4186 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4187 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
4188 "Types:", hf_samr_type);
4190 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4197 samr_dissect_close_hnd_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4198 proto_tree *tree, guint8 *drep)
4200 e_ctx_hnd policy_hnd;
4203 offset = dissect_nt_policy_hnd(
4204 tvb, offset, pinfo, tree, drep, hf_samr_hnd, &policy_hnd,
4207 dcerpc_smb_fetch_pol(&policy_hnd, &name, NULL, NULL, pinfo->fd->num);
4209 if (name != NULL && check_col(pinfo->cinfo, COL_INFO))
4211 pinfo->cinfo, COL_INFO, ", %s", name);
4217 samr_dissect_close_hnd_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
4218 proto_tree *tree, guint8 *drep)
4220 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4221 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4223 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4230 samr_dissect_shutdown_sam_server_rqst(tvbuff_t *tvb, int offset,
4231 packet_info *pinfo, proto_tree *tree,
4234 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4235 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4241 samr_dissect_shutdown_sam_server_reply(tvbuff_t *tvb, int offset,
4242 packet_info *pinfo, proto_tree *tree,
4245 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4252 samr_dissect_delete_dom_group_rqst(tvbuff_t *tvb, int offset,
4253 packet_info *pinfo, proto_tree *tree,
4256 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4257 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4263 samr_dissect_delete_dom_group_reply(tvbuff_t *tvb, int offset,
4264 packet_info *pinfo, proto_tree *tree,
4267 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4274 samr_dissect_remove_member_from_group_rqst(tvbuff_t *tvb, int offset,
4276 proto_tree *tree, guint8 *drep)
4278 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4279 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4281 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4282 hf_samr_group, NULL);
4284 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4291 samr_dissect_remove_member_from_group_reply(tvbuff_t *tvb, int offset,
4293 proto_tree *tree, guint8 *drep)
4295 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4302 samr_dissect_delete_dom_alias_rqst(tvbuff_t *tvb, int offset,
4303 packet_info *pinfo, proto_tree *tree,
4306 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4307 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4313 samr_dissect_delete_dom_alias_reply(tvbuff_t *tvb, int offset,
4314 packet_info *pinfo, proto_tree *tree,
4317 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4318 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4320 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4327 samr_dissect_add_alias_member_rqst(tvbuff_t *tvb, int offset,
4328 packet_info *pinfo, proto_tree *tree,
4331 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4332 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4334 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4335 dissect_ndr_nt_SID_no_hf, NDR_POINTER_REF,
4342 samr_dissect_add_alias_member_reply(tvbuff_t *tvb, int offset,
4343 packet_info *pinfo, proto_tree *tree,
4346 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4353 samr_dissect_remove_alias_member_rqst(tvbuff_t *tvb, int offset,
4354 packet_info *pinfo, proto_tree *tree,
4357 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4358 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4360 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4361 dissect_ndr_nt_SID_no_hf, NDR_POINTER_REF,
4368 samr_dissect_remove_alias_member_reply(tvbuff_t *tvb, int offset,
4369 packet_info *pinfo, proto_tree *tree,
4372 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4379 samr_dissect_delete_dom_user_rqst(tvbuff_t *tvb, int offset,
4380 packet_info *pinfo, proto_tree *tree,
4383 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4384 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4390 samr_dissect_delete_dom_user_reply(tvbuff_t *tvb, int offset,
4391 packet_info *pinfo, proto_tree *tree,
4394 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4395 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4397 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4404 samr_dissect_test_private_fns_domain_rqst(tvbuff_t *tvb, int offset,
4405 packet_info *pinfo, proto_tree *tree,
4408 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4409 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4415 samr_dissect_test_private_fns_domain_reply(tvbuff_t *tvb, int offset,
4417 proto_tree *tree, guint8 *drep)
4419 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4426 samr_dissect_test_private_fns_user_rqst(tvbuff_t *tvb, int offset,
4427 packet_info *pinfo, proto_tree *tree,
4430 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4431 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4437 samr_dissect_test_private_fns_user_reply(tvbuff_t *tvb, int offset,
4439 proto_tree *tree, guint8 *drep)
4441 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4448 samr_dissect_remove_member_from_foreign_domain_rqst(tvbuff_t *tvb, int offset,
4453 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4454 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4456 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4457 dissect_ndr_nt_SID_no_hf, NDR_POINTER_REF,
4464 samr_dissect_remove_member_from_foreign_domain_reply(tvbuff_t *tvb, int offset,
4469 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4476 samr_dissect_remove_multiple_members_from_alias_rqst(tvbuff_t *tvb,
4482 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4483 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4485 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4486 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
4493 samr_dissect_remove_multiple_members_from_alias_reply(tvbuff_t *tvb,
4499 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4506 samr_dissect_open_group_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4507 proto_tree *tree, guint8 *drep)
4509 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4510 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4513 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4514 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4516 offset = dissect_nt_access_mask(
4517 tvb, offset, pinfo, tree, drep, hf_samr_access,
4518 &samr_group_access_mask_info, NULL);
4520 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4523 if (check_col(pinfo->cinfo, COL_INFO))
4524 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
4526 dcv->private_data = GINT_TO_POINTER(rid);
4532 samr_dissect_open_group_reply(tvbuff_t *tvb, int offset,
4533 packet_info *pinfo, proto_tree *tree,
4536 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4537 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4538 guint32 rid = GPOINTER_TO_INT(dcv->private_data);
4539 e_ctx_hnd policy_hnd;
4540 proto_item *hnd_item;
4544 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4545 hf_samr_hnd, &policy_hnd, &hnd_item,
4548 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4549 hf_samr_rc, &status);
4553 pol_name = g_strdup_printf("OpenGroup(rid 0x%x)", rid);
4555 pol_name = g_strdup("OpenGroup handle");
4557 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
4559 if (hnd_item != NULL)
4560 proto_item_append_text(hnd_item, ": %s", pol_name);
4569 samr_dissect_open_alias_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4570 proto_tree *tree, guint8 *drep)
4572 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4573 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4576 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4577 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4579 offset = dissect_nt_access_mask(
4580 tvb, offset, pinfo, tree, drep, hf_samr_access,
4581 &samr_alias_access_mask_info, NULL);
4583 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4586 if (check_col(pinfo->cinfo, COL_INFO))
4587 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
4589 dcv->private_data = GINT_TO_POINTER(rid);
4595 samr_dissect_open_alias_reply(tvbuff_t *tvb, int offset,
4596 packet_info *pinfo, proto_tree *tree,
4599 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4600 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4601 e_ctx_hnd policy_hnd;
4603 proto_item *hnd_item;
4607 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4608 hf_samr_hnd, &policy_hnd, &hnd_item,
4611 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4612 hf_samr_rc, &status);
4615 rid = GPOINTER_TO_INT(dcv->private_data);
4618 pol_name = g_strdup_printf("OpenAlias(rid 0x%x)", rid);
4620 pol_name = g_strdup_printf("OpenAlias handle");
4622 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
4624 if (hnd_item != NULL)
4625 proto_item_append_text(hnd_item, ": %s", pol_name);
4634 samr_dissect_add_multiple_members_to_alias_rqst(tvbuff_t *tvb, int offset,
4636 proto_tree *tree, guint8 *drep)
4638 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4639 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4641 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4642 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
4649 samr_dissect_add_multiple_members_to_alias_reply(tvbuff_t *tvb, int offset,
4651 proto_tree *tree, guint8 *drep)
4653 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4660 samr_dissect_create_user_in_domain_rqst(tvbuff_t *tvb, int offset,
4661 packet_info *pinfo, proto_tree *tree,
4664 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4665 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4667 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4668 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
4669 "Account Name", hf_samr_acct_name);
4671 offset = dissect_nt_access_mask(
4672 tvb, offset, pinfo, tree, drep, hf_samr_access,
4673 &samr_user_access_mask_info, NULL);
4679 samr_dissect_create_user_in_domain_reply(tvbuff_t *tvb, int offset,
4680 packet_info *pinfo, proto_tree *tree,
4683 e_ctx_hnd policy_hnd;
4684 proto_item *hnd_item;
4689 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4690 hf_samr_hnd, &policy_hnd, &hnd_item,
4693 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4696 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4697 hf_samr_rc, &status);
4700 pol_name = g_strdup_printf("CreateUser(rid 0x%x)", rid);
4702 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
4704 if (hnd_item != NULL)
4705 proto_item_append_text(hnd_item, ": %s", pol_name);
4715 samr_dissect_enum_users_in_domain_rqst(tvbuff_t *tvb, int offset,
4717 proto_tree *tree, guint8 *drep)
4719 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4720 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4722 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4723 samr_dissect_pointer_long, NDR_POINTER_REF,
4724 "Resume Handle", hf_samr_resume_hnd);
4726 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
4728 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4729 hf_samr_pref_maxsize, NULL);
4736 samr_dissect_enum_users_in_domain_reply(tvbuff_t *tvb, int offset,
4738 proto_tree *tree, guint8 *drep)
4740 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4741 samr_dissect_pointer_long, NDR_POINTER_REF,
4742 "Resume Handle:", hf_samr_resume_hnd);
4744 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4745 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
4746 "IDX_AND_NAME_ARRAY:", hf_samr_acct_name);
4748 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4749 samr_dissect_pointer_long, NDR_POINTER_REF,
4750 "Entries:", hf_samr_entries);
4752 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4761 samr_dissect_query_information_domain_rqst(tvbuff_t *tvb, int offset,
4763 proto_tree *tree, guint8 *drep)
4767 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4768 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4770 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4771 hf_samr_level, &level);
4773 if (check_col(pinfo->cinfo, COL_INFO))
4774 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
4780 samr_dissect_query_information_domain_reply(tvbuff_t *tvb, int offset,
4781 packet_info *pinfo, proto_tree *tree,
4785 * Yes, in at least one capture with replies from a W2K server,
4786 * this was, indeed, a UNIQUE pointer, not a REF pointer.
4788 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4789 samr_dissect_DOMAIN_INFO, NDR_POINTER_UNIQUE,
4790 "DOMAIN_INFO pointer", hf_samr_domain);
4792 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4799 samr_dissect_query_information_user_rqst(tvbuff_t *tvb, int offset,
4801 proto_tree *tree, guint8 *drep)
4805 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4806 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4808 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4809 hf_samr_level, &level);
4811 if (check_col(pinfo->cinfo, COL_INFO))
4812 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
4818 samr_dissect_query_information_user_reply(tvbuff_t *tvb, int offset,
4820 proto_tree *tree, guint8 *drep)
4822 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4823 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
4826 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4834 samr_dissect_connect5_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4835 proto_tree *tree, guint8 *drep)
4837 offset = dissect_ndr_pointer_cb(
4838 tvb, offset, pinfo, tree, drep,
4839 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
4840 "Server", hf_samr_server, cb_wstr_postprocess,
4841 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
4843 offset = dissect_nt_access_mask(
4844 tvb, offset, pinfo, tree, drep, hf_samr_access,
4845 &samr_connect_access_mask_info, NULL);
4848 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4849 hf_samr_unknown_long, NULL);
4851 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4852 hf_samr_unknown_long, NULL);
4854 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4855 hf_samr_unknown_long, NULL);
4857 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4858 hf_samr_unknown_long, NULL);
4866 samr_dissect_connect5_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
4867 proto_tree *tree, guint8 *drep)
4869 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4870 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4871 e_ctx_hnd policy_hnd;
4872 proto_item *hnd_item;
4874 char *server = (char *)dcv->private_data, *pol_name;
4877 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4878 hf_samr_unknown_long, NULL);
4880 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4881 hf_samr_unknown_long, NULL);
4883 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4884 hf_samr_unknown_long, NULL);
4886 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4887 hf_samr_unknown_long, NULL);
4889 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4890 hf_samr_hnd, &policy_hnd,
4891 &hnd_item, TRUE, FALSE);
4893 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4894 hf_samr_rc, &status);
4898 pol_name = g_strdup_printf("Connect5(%s)", server);
4900 pol_name = g_strdup("Connect5 handle");
4902 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
4904 if (hnd_item != NULL)
4905 proto_item_append_text(hnd_item, ": %s", pol_name);
4915 static dcerpc_sub_dissector dcerpc_samr_dissectors[] = {
4916 { SAMR_CONNECT, "SamrConnect",
4917 samr_dissect_connect_anon_rqst,
4918 samr_dissect_connect_anon_reply },
4919 { SAMR_CLOSE_HND, "SamrCloseHandle",
4920 samr_dissect_close_hnd_rqst,
4921 samr_dissect_close_hnd_reply },
4922 { SAMR_SET_SEC_OBJECT, "SamrSetSecurityObject",
4923 samr_dissect_set_sec_object_rqst,
4924 samr_dissect_set_sec_object_reply },
4925 { SAMR_QUERY_SEC_OBJECT, "SamrQuerySecurityObject",
4926 samr_dissect_query_sec_object_rqst,
4927 samr_dissect_query_sec_object_reply },
4928 { SAMR_SHUTDOWN_SAM_SERVER, "SamrShutdownSamServer",
4929 samr_dissect_shutdown_sam_server_rqst,
4930 samr_dissect_shutdown_sam_server_reply },
4931 { SAMR_LOOKUP_DOMAIN, "SamrLookupDomainInSamServer",
4932 samr_dissect_lookup_domain_rqst,
4933 samr_dissect_lookup_domain_reply },
4934 { SAMR_ENUM_DOMAINS, "SamrEnumerateDomainsInSamServer",
4935 samr_dissect_enum_domains_rqst,
4936 samr_dissect_enum_domains_reply },
4937 { SAMR_OPEN_DOMAIN, "SamrOpenDomain",
4938 samr_dissect_open_domain_rqst,
4939 samr_dissect_open_domain_reply },
4940 { SAMR_QUERY_DOMAIN_INFO, "SamrQueryInformationDomain",
4941 samr_dissect_query_information_alias_rqst,
4942 samr_dissect_query_information_domain_reply },
4943 { SAMR_SET_DOMAIN_INFO, "SamrSetInformationDomain",
4944 samr_dissect_set_information_domain_rqst,
4945 samr_dissect_set_information_domain_reply },
4946 { SAMR_CREATE_DOM_GROUP, "SamrCreateGroupInDomain",
4947 samr_dissect_create_group_in_domain_rqst,
4948 samr_dissect_create_group_in_domain_reply },
4949 { SAMR_ENUM_DOM_GROUPS, "SamrEnumerateGroupsInDomain",
4950 samr_dissect_enum_dom_groups_rqst,
4951 samr_dissect_enum_dom_groups_reply },
4952 { SAMR_CREATE_USER_IN_DOMAIN, "SamrCreateUserInDomain",
4953 samr_dissect_create_user_in_domain_rqst,
4954 samr_dissect_create_user_in_domain_reply },
4955 { SAMR_ENUM_DOM_USERS, "SamrEnumerateUsersInDomain",
4956 samr_dissect_enum_users_in_domain_rqst,
4957 samr_dissect_enum_users_in_domain_reply },
4958 { SAMR_CREATE_DOM_ALIAS, "SamrCreateAliasInDomain",
4959 samr_dissect_create_alias_in_domain_rqst,
4960 samr_dissect_create_alias_in_domain_reply },
4961 { SAMR_ENUM_DOM_ALIASES, "SamrEnumerateAliasesInDomain",
4962 samr_dissect_enum_dom_aliases_rqst,
4963 samr_dissect_enum_dom_aliases_reply },
4964 { SAMR_GET_ALIAS_MEMBERSHIP, "SamrGetAliasMembership",
4965 samr_dissect_get_alias_membership_rqst,
4966 samr_dissect_get_alias_membership_reply },
4967 { SAMR_LOOKUP_NAMES, "SamrLookupNamesInDomain",
4968 samr_dissect_lookup_names_rqst,
4969 samr_dissect_lookup_names_reply },
4970 { SAMR_LOOKUP_RIDS, "SamrLookupIdsInDomain",
4971 samr_dissect_lookup_rids_rqst,
4972 samr_dissect_lookup_rids_reply },
4973 { SAMR_OPEN_GROUP, "SamrOpenGroup",
4974 samr_dissect_open_group_rqst,
4975 samr_dissect_open_group_reply },
4976 { SAMR_QUERY_GROUPINFO, "SamrQueryInformationGroup",
4977 samr_dissect_query_information_group_rqst,
4978 samr_dissect_query_information_group_reply },
4979 { SAMR_SET_GROUPINFO, "SamrSetInformationGroup",
4980 samr_dissect_set_information_group_rqst,
4981 samr_dissect_set_information_group_reply },
4982 { SAMR_ADD_GROUPMEM, "SamrAddMemberToGroup",
4983 samr_dissect_add_member_to_group_rqst,
4984 samr_dissect_add_member_to_group_reply },
4985 { SAMR_DELETE_DOM_GROUP, "SamrDeleteGroup",
4986 samr_dissect_delete_dom_group_rqst,
4987 samr_dissect_delete_dom_group_reply },
4988 { SAMR_DEL_GROUPMEM, "SamrRemoveMemberFromGroup",
4989 samr_dissect_remove_member_from_group_rqst,
4990 samr_dissect_remove_member_from_group_reply },
4991 { SAMR_QUERY_GROUPMEM, "SamrGetMembersInGroup",
4992 samr_dissect_query_groupmem_rqst,
4993 samr_dissect_query_groupmem_reply },
4994 { SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SamrSetMemberAttributesOfGroup",
4995 samr_dissect_set_member_attributes_of_group_rqst,
4996 samr_dissect_set_member_attributes_of_group_reply },
4997 { SAMR_OPEN_ALIAS, "SamrOpenAlias",
4998 samr_dissect_open_alias_rqst,
4999 samr_dissect_open_alias_reply },
5000 { SAMR_QUERY_ALIASINFO, "SamrQueryInformationAlias",
5001 samr_dissect_query_information_alias_rqst,
5002 samr_dissect_query_information_alias_reply },
5003 { SAMR_SET_ALIASINFO, "SamrSetInformationAlias",
5004 samr_dissect_set_information_alias_rqst,
5005 samr_dissect_set_information_alias_reply },
5006 { SAMR_DELETE_DOM_ALIAS, "SamrDeleteAlias",
5007 samr_dissect_delete_dom_alias_rqst,
5008 samr_dissect_delete_dom_alias_reply },
5009 { SAMR_ADD_ALIASMEM, "SamrAddMemberToAlias",
5010 samr_dissect_add_alias_member_rqst,
5011 samr_dissect_add_alias_member_reply },
5012 { SAMR_DEL_ALIASMEM, "SamrRemoveMemberFromAlias",
5013 samr_dissect_remove_alias_member_rqst,
5014 samr_dissect_remove_alias_member_reply },
5015 { SAMR_GET_MEMBERS_IN_ALIAS, "SamrGetMembersInAlias",
5016 samr_dissect_get_members_in_alias_rqst,
5017 samr_dissect_get_members_in_alias_reply },
5018 { SAMR_OPEN_USER, "SamrOpenUser",
5019 samr_dissect_open_user_rqst,
5020 samr_dissect_open_user_reply },
5021 { SAMR_DELETE_DOM_USER, "SamrDeleteUser",
5022 samr_dissect_delete_dom_user_rqst,
5023 samr_dissect_delete_dom_user_reply },
5024 { SAMR_QUERY_USERINFO, "SamrQueryInformationUser",
5025 samr_dissect_query_information_user_rqst,
5026 samr_dissect_query_information_user_reply },
5027 { SAMR_SET_USERINFO, "SamrSetInformationUser",
5028 samr_dissect_set_information_user2_rqst,
5029 samr_dissect_set_information_user2_reply },
5030 { SAMR_CHANGE_PASSWORD_USER, "SamrChangePasswordUser",
5031 samr_dissect_change_password_user_rqst,
5032 samr_dissect_change_password_user_reply },
5033 { SAMR_GET_GROUPS_FOR_USER, "SamrGetGroupsForUser",
5034 samr_dissect_get_groups_for_user_rqst,
5035 samr_dissect_get_groups_for_user_reply },
5036 { SAMR_QUERY_DISPINFO, "SamrQueryDisplayInformation",
5037 samr_dissect_query_dispinfo_rqst,
5038 samr_dissect_query_dispinfo_reply },
5039 { SAMR_GET_DISPLAY_ENUMERATION_INDEX, "SamrGetDisplayEnumerationIndex",
5040 samr_dissect_get_display_enumeration_index_rqst,
5041 samr_dissect_get_display_enumeration_index_reply },
5042 { SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "SamrTestPrivateFunctionsDomain",
5043 samr_dissect_test_private_fns_domain_rqst,
5044 samr_dissect_test_private_fns_domain_reply },
5045 { SAMR_TEST_PRIVATE_FUNCTIONS_USER, "SamrTestPrivateFunctionsUser",
5046 samr_dissect_test_private_fns_user_rqst,
5047 samr_dissect_test_private_fns_user_reply },
5048 { SAMR_GET_USRDOM_PWINFO, "SamrGetUserDomainPasswordInformation",
5049 samr_dissect_get_usrdom_pwinfo_rqst,
5050 samr_dissect_get_usrdom_pwinfo_reply },
5051 { SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "SamrRemoveMemberFromForeignDomain",
5052 samr_dissect_remove_member_from_foreign_domain_rqst,
5053 samr_dissect_remove_member_from_foreign_domain_reply },
5054 { SAMR_QUERY_INFORMATION_DOMAIN2, "SamrQueryInformationDomain2",
5055 samr_dissect_query_information_domain_rqst,
5056 samr_dissect_query_information_domain_reply },
5057 { SAMR_QUERY_INFORMATION_USER2, "SamrQueryInformationUser2",
5058 samr_dissect_query_information_user2_rqst,
5059 samr_dissect_query_information_user2_reply },
5060 { SAMR_QUERY_DISPINFO2, "SamrQueryDisplayInformation2",
5061 samr_dissect_query_dispinfo_rqst,
5062 samr_dissect_query_dispinfo_reply },
5063 { SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "SamrGetDisplayEnumerationIndex2",
5064 samr_dissect_get_display_enumeration_index2_rqst,
5065 samr_dissect_get_display_enumeration_index2_reply },
5066 { SAMR_CREATE_USER2_IN_DOMAIN, "SamrCreateUser2InDomain",
5067 samr_dissect_create_user2_in_domain_rqst,
5068 samr_dissect_create_user2_in_domain_reply },
5069 { SAMR_QUERY_DISPINFO3, "SamrQueryDisplayInformation3",
5070 samr_dissect_query_dispinfo_rqst,
5071 samr_dissect_query_dispinfo_reply },
5072 { SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "SamrAddMultipleMembersToAlias",
5073 samr_dissect_add_multiple_members_to_alias_rqst,
5074 samr_dissect_add_multiple_members_to_alias_reply },
5075 { SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "SamrRemoveMultipleMembersFromAlias",
5076 samr_dissect_remove_multiple_members_from_alias_rqst,
5077 samr_dissect_remove_multiple_members_from_alias_reply },
5078 { SAMR_OEM_CHANGE_PASSWORD_USER2, "SamrOemChangePasswordUser2",
5079 samr_dissect_oem_change_password_user2_rqst,
5080 samr_dissect_oem_change_password_user2_reply },
5081 { SAMR_UNICODE_CHANGE_PASSWORD_USER2, "SamrUnicodeChangePasswordUser2",
5082 samr_dissect_unicode_change_password_user2_rqst,
5083 samr_dissect_unicode_change_password_user2_reply },
5084 { SAMR_GET_DOM_PWINFO, "SamrGetDomainPasswordInformation",
5085 samr_dissect_get_domain_password_information_rqst,
5086 samr_dissect_get_domain_password_information_reply },
5087 { SAMR_CONNECT2, "SamrConnect2",
5088 samr_dissect_connect2_rqst,
5089 samr_dissect_connect2_3_4_reply },
5090 { SAMR_SET_USERINFO2, "SamrSetInformationUser2",
5091 samr_dissect_set_information_user2_rqst,
5092 samr_dissect_set_information_user2_reply },
5093 { SAMR_SET_BOOT_KEY_INFORMATION, "SamrSetBootKeyInformation",
5094 samr_dissect_set_boot_key_information_rqst,
5095 samr_dissect_set_boot_key_information_reply },
5096 { SAMR_GET_BOOT_KEY_INFORMATION, "SamrGetBootKeyInformation",
5097 samr_dissect_get_boot_key_information_rqst,
5098 samr_dissect_get_boot_key_information_reply },
5099 { SAMR_CONNECT3, "SamrConnect3",
5100 samr_dissect_connect3_4_rqst,
5101 samr_dissect_connect2_3_4_reply },
5102 { SAMR_CONNECT4, "SamrConnect4",
5103 samr_dissect_connect3_4_rqst,
5104 samr_dissect_connect2_3_4_reply },
5105 { SAMR_UNICODE_CHANGE_PASSWORD_USER3, "SamrUnicodeChangePasswordUser3",
5107 { SAMR_CONNECT5, "SamrConnect5",
5108 samr_dissect_connect5_rqst,
5109 samr_dissect_connect5_reply },
5110 { SAMR_RID_TO_SID, "SamrRidToSid", NULL, NULL },
5111 { SAMR_SET_DSRM_PASSWORD, "SamrSetDSRMPassword", NULL, NULL },
5112 { SAMR_VALIDATE_PASSWORD, "SamrValidatePassword", NULL, NULL },
5113 {0, NULL, NULL, NULL }
5117 proto_register_dcerpc_samr(void)
5119 static hf_register_info hf[] = {
5121 { "Operation", "samr.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "Operation", HFILL }},
5123 { "Context Handle", "samr.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }},
5125 { "Group", "samr.group", FT_UINT32, BASE_DEC, NULL, 0x0, "Group", HFILL }},
5127 { "Rid", "samr.rid", FT_UINT32, BASE_DEC, NULL, 0x0, "RID", HFILL }},
5129 { "Type", "samr.type", FT_UINT32, BASE_HEX, NULL, 0x0, "Type", HFILL }},
5131 { "Alias", "samr.alias", FT_UINT32, BASE_HEX, NULL, 0x0, "Alias", HFILL }},
5132 { &hf_samr_rid_attrib,
5133 { "Rid Attrib", "samr.rid.attrib", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
5135 { "Attributes", "samr.attr", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
5137 { "Return code", "samr.rc", FT_UINT32, BASE_HEX, VALS (NT_errors), 0x0, "", HFILL }},
5140 { "Level", "samr.level", FT_UINT16, BASE_DEC,
5141 NULL, 0x0, "Level requested/returned for Information", HFILL }},
5142 { &hf_samr_start_idx,
5143 { "Start Idx", "samr.start_idx", FT_UINT32, BASE_DEC,
5144 NULL, 0x0, "Start Index for returned Information", HFILL }},
5147 { "Entries", "samr.entries", FT_UINT32, BASE_DEC,
5148 NULL, 0x0, "Number of entries to return", HFILL }},
5150 { &hf_samr_max_entries,
5151 { "Max Entries", "samr.max_entries", FT_UINT32, BASE_DEC,
5152 NULL, 0x0, "Maximum number of entries", HFILL }},
5154 { &hf_samr_pref_maxsize,
5155 { "Pref MaxSize", "samr.pref_maxsize", FT_UINT32, BASE_DEC,
5156 NULL, 0x0, "Maximum Size of data to return", HFILL }},
5158 { &hf_samr_total_size,
5159 { "Total Size", "samr.total_size", FT_UINT32, BASE_DEC,
5160 NULL, 0x0, "Total size of data", HFILL }},
5162 { &hf_samr_bad_pwd_count,
5163 { "Bad Pwd Count", "samr.bad_pwd_count", FT_UINT16, BASE_DEC,
5164 NULL, 0x0, "Number of bad pwd entries for this user", HFILL }},
5166 { &hf_samr_logon_count,
5167 { "Logon Count", "samr.logon_count", FT_UINT16, BASE_DEC,
5168 NULL, 0x0, "Number of logons for this user", HFILL }},
5170 { &hf_samr_ret_size,
5171 { "Returned Size", "samr.ret_size", FT_UINT32, BASE_DEC,
5172 NULL, 0x0, "Number of returned objects in this PDU", HFILL }},
5175 { "Index", "samr.index", FT_UINT32, BASE_DEC,
5176 NULL, 0x0, "Index", HFILL }},
5179 { "Count", "samr.count", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of elements in following array", HFILL }},
5181 { &hf_samr_alias_name,
5182 { "Alias Name", "samr.alias_name", FT_STRING, BASE_NONE,
5183 NULL, 0, "Name of Alias (Local Group)", HFILL }},
5185 { &hf_samr_group_name,
5186 { "Group Name", "samr.group_name", FT_STRING, BASE_NONE,
5187 NULL, 0, "Name of Group", HFILL }},
5189 { &hf_samr_acct_name,
5190 { "Account Name", "samr.acct_name", FT_STRING, BASE_NONE,
5191 NULL, 0, "Name of Account", HFILL }},
5194 { "Server", "samr.server", FT_STRING, BASE_NONE,
5195 NULL, 0, "Name of Server", HFILL }},
5198 { "Domain", "samr.domain", FT_STRING, BASE_NONE,
5199 NULL, 0, "Name of Domain", HFILL }},
5201 { &hf_samr_controller,
5202 { "DC", "samr.dc", FT_STRING, BASE_NONE,
5203 NULL, 0, "Name of Domain Controller", HFILL }},
5205 { &hf_samr_full_name,
5206 { "Full Name", "samr.full_name", FT_STRING, BASE_NONE,
5207 NULL, 0, "Full Name of Account", HFILL }},
5210 { "Home", "samr.home", FT_STRING, BASE_NONE,
5211 NULL, 0, "Home directory for this user", HFILL }},
5213 { &hf_samr_home_drive,
5214 { "Home Drive", "samr.home_drive", FT_STRING, BASE_NONE,
5215 NULL, 0, "Home drive for this user", HFILL }},
5218 { "Script", "samr.script", FT_STRING, BASE_NONE,
5219 NULL, 0, "Login script for this user", HFILL }},
5221 { &hf_samr_workstations,
5222 { "Workstations", "samr.workstations", FT_STRING, BASE_NONE,
5223 NULL, 0, "", HFILL }},
5226 { "Profile", "samr.profile", FT_STRING, BASE_NONE,
5227 NULL, 0, "Profile for this user", HFILL }},
5229 { &hf_samr_acct_desc,
5230 { "Account Desc", "samr.acct_desc", FT_STRING, BASE_NONE,
5231 NULL, 0, "Account Description", HFILL }},
5234 { "Account Comment", "samr.comment", FT_STRING, BASE_NONE,
5235 NULL, 0, "Account Comment", HFILL }},
5237 { &hf_samr_unknown_string,
5238 { "Unknown string", "samr.unknown_string", FT_STRING, BASE_NONE,
5239 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
5241 { &hf_samr_unknown_hyper,
5242 { "Unknown hyper", "samr.unknown.hyper", FT_UINT64, BASE_HEX,
5243 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
5244 { &hf_samr_unknown_long,
5245 { "Unknown long", "samr.unknown.long", FT_UINT32, BASE_HEX,
5246 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
5248 { &hf_samr_unknown_short,
5249 { "Unknown short", "samr.unknown.short", FT_UINT16, BASE_HEX,
5250 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
5252 { &hf_samr_unknown_char,
5253 { "Unknown char", "samr.unknown.char", FT_UINT8, BASE_HEX,
5254 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
5256 { &hf_samr_revision,
5257 { "Revision", "samr.revision", FT_UINT64, BASE_HEX,
5258 NULL, 0x0, "Revision number for this structure", HFILL }},
5260 { &hf_samr_nt_pwd_set,
5261 { "NT Pwd Set", "samr.nt_pwd_set", FT_UINT8, BASE_HEX,
5262 NULL, 0x0, "Flag indicating whether the NT password has been set", HFILL }},
5264 { &hf_samr_lm_pwd_set,
5265 { "LM Pwd Set", "samr.lm_pwd_set", FT_UINT8, BASE_HEX,
5266 NULL, 0x0, "Flag indicating whether the LanManager password has been set", HFILL }},
5268 { &hf_samr_pwd_expired,
5269 { "Expired flag", "samr.pwd_Expired", FT_UINT8, BASE_HEX,
5270 NULL, 0x0, "Flag indicating if the password for this account has expired or not", HFILL }},
5273 { "Access Mask", "samr.access", FT_UINT32, BASE_HEX,
5274 NULL, 0x0, "Access", HFILL }},
5276 { &hf_samr_access_granted,
5277 { "Access Granted", "samr.access_granted", FT_UINT32, BASE_HEX,
5278 NULL, 0x0, "Access Granted", HFILL }},
5280 { &hf_samr_crypt_password, {
5281 "Password", "samr.crypt_password", FT_BYTES, BASE_HEX,
5282 NULL, 0, "Encrypted Password", HFILL }},
5284 { &hf_samr_crypt_hash, {
5285 "Hash", "samr.crypt_hash", FT_BYTES, BASE_HEX,
5286 NULL, 0, "Encrypted Hash", HFILL }},
5288 { &hf_samr_lm_verifier, {
5289 "Verifier", "samr.lm_password_verifier", FT_BYTES, BASE_HEX,
5290 NULL, 0, "Lan Manager Password Verifier", HFILL }},
5292 { &hf_samr_nt_verifier, {
5293 "Verifier", "samr.nt_password_verifier", FT_BYTES, BASE_HEX,
5294 NULL, 0, "NT Password Verifier", HFILL }},
5296 { &hf_samr_lm_passchange_block, {
5297 "Encrypted Block", "samr.lm_passchange_block", FT_BYTES,
5298 BASE_HEX, NULL, 0, "Lan Manager Password Change Block",
5301 { &hf_samr_nt_passchange_block, {
5302 "Encrypted Block", "samr.nt_passchange_block", FT_BYTES,
5303 BASE_HEX, NULL, 0, "NT Password Change Block", HFILL }},
5305 { &hf_samr_nt_passchange_block_decrypted, {
5306 "Decrypted Block", "samr.nt_passchange_block_decrypted",
5307 FT_BYTES, BASE_HEX, NULL, 0,
5308 "NT Password Change Decrypted Block", HFILL }},
5310 { &hf_samr_nt_passchange_block_newpass, {
5311 "New NT Password", "samr.nt_passchange_block_new_ntpassword",
5312 FT_STRING, BASE_NONE, NULL, 0, "New NT Password", HFILL }},
5314 { &hf_samr_nt_passchange_block_newpass_len, {
5315 "New NT Unicode Password length",
5316 "samr.nt_passchange_block_new_ntpassword_len", FT_UINT32,
5317 BASE_DEC, NULL, 0, "New NT Password Unicode Length", HFILL }},
5319 { &hf_samr_nt_passchange_block_pseudorandom, {
5320 "Pseudorandom data", "samr.nt_passchange_block_pseudorandom",
5321 FT_BYTES, BASE_HEX, NULL, 0, "Pseudorandom data", HFILL }},
5323 { &hf_samr_lm_change, {
5324 "LM Change", "samr.lm_change", FT_UINT8, BASE_HEX,
5325 NULL, 0, "LM Change value", HFILL }},
5327 { &hf_samr_force_logoff_time,
5328 { "Forced Logoff Time After Time Expires", "samr.force_logoff_time", FT_RELATIVE_TIME, BASE_NONE,
5329 NULL, 0, "Forced logoff time after expires:", HFILL }},
5331 { &hf_samr_lockout_duration_time,
5332 { "Lockout Duration Time", "samr.lockout_duration_time", FT_RELATIVE_TIME, BASE_NONE,
5333 NULL, 0, "Lockout duration time:", HFILL }},
5334 { &hf_samr_lockout_reset_time,
5335 { "Lockout Reset Time", "samr.lockout_reset_time", FT_RELATIVE_TIME, BASE_NONE,
5336 NULL, 0, "Lockout Reset Time:", HFILL }},
5337 { &hf_samr_lockout_threshold_short,
5338 { "Lockout Threshold", "samr.lockout_threshold", FT_UINT16, BASE_DEC,
5339 NULL, 0, "Lockout Threshold:", HFILL }},
5341 { &hf_samr_max_pwd_age,
5342 { "Max Pwd Age", "samr.max_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
5343 NULL, 0, "Maximum Password Age before it expires", HFILL }},
5345 { &hf_samr_min_pwd_age,
5346 { "Min Pwd Age", "samr.min_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
5347 NULL, 0, "Minimum Password Age before it can be changed", HFILL }},
5348 { &hf_samr_unknown_time,
5349 { "Unknown time", "samr.unknown_time", FT_ABSOLUTE_TIME, BASE_NONE,
5350 NULL, 0, "Unknown NT TIME, contact ethereal developers if you know what this is", HFILL }},
5351 { &hf_samr_logon_time,
5352 { "Last Logon Time", "samr.logon_time", FT_ABSOLUTE_TIME, BASE_NONE,
5353 NULL, 0, "Time for last time this user logged on", HFILL }},
5354 { &hf_samr_kickoff_time,
5355 { "Kickoff Time", "samr.kickoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
5356 NULL, 0, "Time when this user will be kicked off", HFILL }},
5357 { &hf_samr_logoff_time,
5358 { "Last Logoff Time", "samr.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
5359 NULL, 0, "Time for last time this user logged off", HFILL }},
5360 { &hf_samr_pwd_last_set_time,
5361 { "PWD Last Set", "samr.pwd_last_set_time", FT_ABSOLUTE_TIME, BASE_NONE,
5362 NULL, 0, "Last time this users password was changed", HFILL }},
5363 { &hf_samr_pwd_can_change_time,
5364 { "PWD Can Change", "samr.pwd_can_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
5365 NULL, 0, "When this users password may be changed", HFILL }},
5366 { &hf_samr_pwd_must_change_time,
5367 { "PWD Must Change", "samr.pwd_must_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
5368 NULL, 0, "When this users password must be changed", HFILL }},
5369 { &hf_samr_acct_expiry_time,
5370 { "Acct Expiry", "samr.acct_expiry_time", FT_ABSOLUTE_TIME, BASE_NONE,
5371 NULL, 0, "When this user account expires", HFILL }},
5373 { &hf_samr_min_pwd_len, {
5374 "Min Pwd Len", "samr.min_pwd_len", FT_UINT16, BASE_DEC,
5375 NULL, 0, "Minimum Password Length", HFILL }},
5376 { &hf_samr_pwd_history_len, {
5377 "Pwd History Len", "samr.pwd_history_len", FT_UINT16, BASE_DEC,
5378 NULL, 0, "Password History Length", HFILL }},
5379 { &hf_samr_num_users, {
5380 "Num Users", "samr.num_users", FT_UINT32, BASE_DEC,
5381 NULL, 0, "Number of users in this domain", HFILL }},
5382 { &hf_samr_num_groups, {
5383 "Num Groups", "samr.num_groups", FT_UINT32, BASE_DEC,
5384 NULL, 0, "Number of groups in this domain", HFILL }},
5385 { &hf_samr_num_aliases, {
5386 "Num Aliases", "samr.num_aliases", FT_UINT32, BASE_DEC,
5387 NULL, 0, "Number of aliases in this domain", HFILL }},
5388 { &hf_samr_info_type, {
5389 "Info Type", "samr.info_type", FT_UINT32, BASE_DEC,
5390 NULL, 0, "Information Type", HFILL }},
5391 { &hf_samr_resume_hnd, {
5392 "Resume Hnd", "samr.resume_hnd", FT_UINT32, BASE_DEC,
5393 NULL, 0, "Resume handle", HFILL }},
5394 { &hf_samr_country, {
5395 "Country", "samr.country", FT_UINT16, BASE_DEC,
5396 VALS(ms_country_codes), 0, "Country setting for this user", HFILL }},
5397 { &hf_samr_codepage, {
5398 "Codepage", "samr.codepage", FT_UINT16, BASE_DEC,
5399 NULL, 0, "Codepage setting for this user", HFILL }},
5400 { &hf_samr_primary_group_rid,
5401 { "Primary group RID", "samr.primary_group_rid", FT_UINT32,
5402 BASE_DEC, NULL, 0x0, "RID of the user primary group", HFILL }},
5403 { &hf_samr_callback,
5404 { "Callback", "samr.callback", FT_STRING, BASE_NONE,
5405 NULL, 0, "Callback for this user", HFILL }},
5406 { &hf_samr_alias_desc,
5407 { "Alias Desc", "samr.alias.desc", FT_STRING, BASE_NONE,
5408 NULL, 0, "Alias (Local Group) Description", HFILL }},
5409 { &hf_samr_alias_num_of_members,
5410 { "Num of Members in Alias", "samr.alias.num_of_members",
5411 FT_UINT32, BASE_DEC, NULL, 0,
5412 "Number of members in Alias (Local Group)", HFILL }},
5413 { &hf_samr_group_desc,
5414 { "Group Desc", "samr.group.desc", FT_STRING, BASE_NONE,
5415 NULL, 0, "Group Description", HFILL }},
5416 { &hf_samr_group_num_of_members,
5417 { "Num of Members in Group", "samr.group.num_of_members",
5418 FT_UINT32, BASE_DEC, NULL, 0,
5419 "Number of members in Group", HFILL }},
5421 /* Object specific access rights */
5423 { &hf_access_domain_lookup_info1,
5424 { "Lookup info1", "samr_access_mask.domain_lookup_info1",
5425 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5426 DOMAIN_ACCESS_LOOKUP_INFO_1, "Lookup info1", HFILL }},
5428 { &hf_access_domain_set_info1,
5429 { "Set info1", "samr_access_mask.domain_set_info1",
5430 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5431 DOMAIN_ACCESS_SET_INFO_1, "Set info1", HFILL }},
5433 { &hf_access_domain_lookup_info2,
5434 { "Lookup info2", "samr_access_mask.domain_lookup_info2",
5435 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5436 DOMAIN_ACCESS_LOOKUP_INFO_2, "Lookup info2", HFILL }},
5438 { &hf_access_domain_set_info2,
5439 { "Set info2", "samr_access_mask.domain_set_info2",
5440 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5441 DOMAIN_ACCESS_SET_INFO_2, "Set info2", HFILL }},
5443 { &hf_access_domain_create_user,
5444 { "Create user", "samr_access_mask.domain_create_user",
5445 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5446 DOMAIN_ACCESS_CREATE_USER, "Create user", HFILL }},
5448 { &hf_access_domain_create_group,
5449 { "Create group", "samr_access_mask.domain_create_group",
5450 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5451 DOMAIN_ACCESS_CREATE_GROUP, "Create group", HFILL }},
5453 { &hf_access_domain_create_alias,
5454 { "Create alias", "samr_access_mask.domain_create_alias",
5455 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5456 DOMAIN_ACCESS_CREATE_ALIAS, "Create alias", HFILL }},
5458 { &hf_access_domain_lookup_alias_by_mem,
5459 { "Lookup alias", "samr_access_mask.domain_lookup_alias_by_mem",
5460 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5461 DOMAIN_ACCESS_LOOKUP_ALIAS, "Lookup alias", HFILL }},
5463 { &hf_access_domain_enum_accounts,
5464 { "Enum accounts", "samr_access_mask.domain_enum_accounts",
5465 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5466 DOMAIN_ACCESS_ENUM_ACCOUNTS, "Enum accounts", HFILL }},
5468 { &hf_access_domain_open_account,
5469 { "Open account", "samr_access_mask.domain_open_account",
5470 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5471 DOMAIN_ACCESS_OPEN_ACCOUNT, "Open account", HFILL }},
5473 { &hf_access_domain_set_info3,
5474 { "Set info3", "samr_access_mask.domain_set_info3",
5475 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5476 DOMAIN_ACCESS_SET_INFO_3, "Set info3", HFILL }},
5478 { &hf_access_user_get_name_etc,
5479 { "Get name, etc", "samr_access_mask.user_get_name_etc",
5480 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5481 USER_ACCESS_GET_NAME_ETC, "Get name, etc", HFILL }},
5483 { &hf_access_user_get_locale,
5484 { "Get locale", "samr_access_mask.user_get_locale",
5485 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5486 USER_ACCESS_GET_LOCALE, "Get locale", HFILL }},
5488 { &hf_access_user_get_loc_com,
5489 { "Set loc com", "samr_access_mask.user_set_loc_com",
5490 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5491 USER_ACCESS_SET_LOC_COM, "Set loc com", HFILL }},
5493 { &hf_access_user_get_logoninfo,
5494 { "Get logon info", "samr_access_mask.user_get_logoninfo",
5495 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5496 USER_ACCESS_GET_LOGONINFO, "Get logon info", HFILL }},
5498 { &hf_access_user_get_attributes,
5499 { "Get attributes", "samr_access_mask.user_get_attributes",
5500 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5501 USER_ACCESS_GET_ATTRIBUTES, "Get attributes", HFILL }},
5503 { &hf_access_user_set_attributes,
5504 { "Set attributes", "samr_access_mask.user_set_attributes",
5505 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5506 USER_ACCESS_SET_ATTRIBUTES, "Set attributes", HFILL }},
5508 { &hf_access_user_change_password,
5509 { "Change password", "samr_access_mask.user_change_password",
5510 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5511 USER_ACCESS_CHANGE_PASSWORD, "Change password", HFILL }},
5513 { &hf_access_user_set_password,
5514 { "Set password", "samr_access_mask.user_set_password",
5515 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5516 USER_ACCESS_SET_PASSWORD, "Set password", HFILL }},
5518 { &hf_access_user_get_groups,
5519 { "Get groups", "samr_access_mask.user_get_groups",
5520 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5521 USER_ACCESS_GET_GROUPS, "Get groups", HFILL }},
5523 { &hf_access_user_get_group_membership,
5524 { "Get group membership", "samr_access_mask.user_get_group_membership",
5525 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5526 USER_ACCESS_GET_GROUP_MEMBERSHIP, "Get group membership", HFILL }},
5528 { &hf_access_user_change_group_membership,
5529 { "Change group membership", "samr_access_mask.user_change_group_membership",
5530 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5531 USER_ACCESS_CHANGE_GROUP_MEMBERSHIP, "Change group membership", HFILL }},
5533 { &hf_access_group_lookup_info,
5534 { "Lookup info", "samr_access_mask.group_lookup_info",
5535 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5536 GROUP_ACCESS_LOOKUP_INFO, "Lookup info", HFILL }},
5538 { &hf_access_group_set_info,
5539 { "Get info", "samr_access_mask.group_set_info",
5540 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5541 GROUP_ACCESS_SET_INFO, "Get info", HFILL }},
5543 { &hf_access_group_add_member,
5544 { "Add member", "samr_access_mask.group_add_member",
5545 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5546 GROUP_ACCESS_ADD_MEMBER, "Add member", HFILL }},
5548 { &hf_access_group_remove_member,
5549 { "Remove member", "samr_access_mask.group_remove_member",
5550 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5551 GROUP_ACCESS_REMOVE_MEMBER, "Remove member", HFILL }},
5553 { &hf_access_group_get_members,
5554 { "Get members", "samr_access_mask.group_get_members",
5555 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5556 GROUP_ACCESS_GET_MEMBERS, "Get members", HFILL }},
5558 { &hf_access_alias_add_member,
5559 { "Add member", "samr_access_mask.alias_add_member",
5560 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5561 ALIAS_ACCESS_ADD_MEMBER, "Add member", HFILL }},
5563 { &hf_access_alias_remove_member,
5564 { "Remove member", "samr_access_mask.alias_remove_member",
5565 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5566 ALIAS_ACCESS_REMOVE_MEMBER, "Remove member", HFILL }},
5568 { &hf_access_alias_get_members,
5569 { "Get members", "samr_access_mask.alias_get_members",
5570 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5571 ALIAS_ACCESS_GET_MEMBERS, "Get members", HFILL }},
5573 { &hf_access_alias_lookup_info,
5574 { "Lookup info", "samr_access_mask.alias_lookup_info",
5575 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5576 ALIAS_ACCESS_LOOKUP_INFO, "Lookup info", HFILL }},
5578 { &hf_access_alias_set_info,
5579 { "Set info", "samr_access_mask.alias_set_info",
5580 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5581 ALIAS_ACCESS_SET_INFO, "Set info", HFILL }},
5583 { &hf_access_connect_connect_to_server,
5584 { "Connect to server", "samr_access_mask.connect_connect_to_server",
5585 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5586 SAMR_ACCESS_CONNECT_TO_SERVER, "Connect to server", HFILL }},
5588 { &hf_access_connect_shutdown_server,
5589 { "Shutdown server", "samr_access_mask.connect_shutdown_server",
5590 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5591 SAMR_ACCESS_SHUTDOWN_SERVER, "Shutdown server", HFILL }},
5593 { &hf_access_connect_initialize_server,
5594 { "Initialize server", "samr_access_mask.connect_initialize_server",
5595 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5596 SAMR_ACCESS_INITIALIZE_SERVER, "Initialize server", HFILL }},
5598 { &hf_access_connect_create_domain,
5599 { "Create domain", "samr_access_mask.connect_create_domain",
5600 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5601 SAMR_ACCESS_CREATE_DOMAIN, "Create domain", HFILL }},
5603 { &hf_access_connect_enum_domains,
5604 { "Enum domains", "samr_access_mask.connect_enum_domains",
5605 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5606 SAMR_ACCESS_ENUM_DOMAINS, "Enum domains", HFILL }},
5608 { &hf_access_connect_open_domain,
5609 { "Open domain", "samr_access_mask.connect_open_domain",
5610 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5611 SAMR_ACCESS_OPEN_DOMAIN, "Open domain", HFILL }},
5614 { "Size", "sam.sd_size", FT_UINT32, BASE_DEC,
5615 NULL, 0x0, "Size of SAM security descriptor", HFILL }},
5619 static gint *ett[] = {
5621 &ett_SAM_SECURITY_DESCRIPTOR,
5622 &ett_samr_user_dispinfo_1,
5623 &ett_samr_user_dispinfo_1_array,
5624 &ett_samr_user_dispinfo_2,
5625 &ett_samr_user_dispinfo_2_array,
5626 &ett_samr_group_dispinfo,
5627 &ett_samr_group_dispinfo_array,
5628 &ett_samr_ascii_dispinfo,
5629 &ett_samr_ascii_dispinfo_array,
5630 &ett_samr_display_info,
5631 &ett_samr_password_info,
5633 &ett_samr_user_group,
5634 &ett_samr_user_group_array,
5635 &ett_samr_alias_info,
5636 &ett_samr_group_info,
5637 &ett_samr_domain_info_1,
5638 &ett_samr_domain_info_2,
5639 &ett_samr_domain_info_8,
5640 &ett_samr_replication_status,
5641 &ett_samr_domain_info_11,
5642 &ett_samr_domain_info_13,
5643 &ett_samr_domain_info,
5644 &ett_samr_index_array,
5645 &ett_samr_idx_and_name,
5646 &ett_samr_idx_and_name_array,
5647 &ett_samr_user_info_1,
5648 &ett_samr_user_info_2,
5649 &ett_samr_user_info_3,
5650 &ett_samr_user_info_5,
5651 &ett_samr_user_info_6,
5652 &ett_samr_user_info_10,
5653 &ett_samr_user_info_18,
5654 &ett_samr_user_info_19,
5655 &ett_samr_buffer_buffer,
5657 &ett_samr_user_info_21,
5658 &ett_samr_user_info_22,
5659 &ett_samr_user_info_23,
5660 &ett_samr_user_info_24,
5661 &ett_samr_user_info_25,
5662 &ett_samr_user_info,
5663 &ett_samr_member_array_types,
5664 &ett_samr_member_array_rids,
5665 &ett_samr_member_array,
5669 module_t *dcerpc_samr_module;
5671 proto_dcerpc_samr = proto_register_protocol(
5672 "Microsoft Security Account Manager", "SAMR", "samr");
5674 proto_register_field_array (proto_dcerpc_samr, hf, array_length (hf));
5675 proto_register_subtree_array(ett, array_length(ett));
5677 dcerpc_samr_module = prefs_register_protocol(proto_dcerpc_samr, NULL);
5679 prefs_register_string_preference(dcerpc_samr_module, "nt_password",
5681 "NT Password (used to verify password changes)",
5686 proto_reg_handoff_dcerpc_samr(void)
5688 /* Register protocol as dcerpc */
5690 dcerpc_init_uuid(proto_dcerpc_samr, ett_dcerpc_samr, &uuid_dcerpc_samr,
5691 ver_dcerpc_samr, dcerpc_samr_dissectors, hf_samr_opnum);