1 /* packet-dcerpc-samr.c
2 * Routines for SMB \PIPE\samr packet disassembly
3 * Copyright 2001,2003 Tim Potter <tpot@samba.org>
4 * 2002 Added all command dissectors Ronnie Sahlberg
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
37 #include "packet-dcerpc-samr.h"
38 #include "smb.h" /* for "NT_errors[]" */
39 #include "packet-smb-common.h"
40 #include "crypt-md4.h"
41 #include "crypt-rc4.h"
43 #ifdef NEED_SNPRINTF_H
44 # include "snprintf.h"
47 static int proto_dcerpc_samr = -1;
49 static int hf_samr_opnum = -1;
50 static int hf_samr_hnd = -1;
51 static int hf_samr_group = -1;
52 static int hf_samr_rid = -1;
53 static int hf_samr_type = -1;
54 static int hf_samr_alias = -1;
55 static int hf_samr_rid_attrib = -1;
56 static int hf_samr_rc = -1;
57 static int hf_samr_index = -1;
58 static int hf_samr_count = -1;
59 static int hf_samr_sd_size = -1;
61 static int hf_samr_level = -1;
62 static int hf_samr_start_idx = -1;
63 static int hf_samr_max_entries = -1;
64 static int hf_samr_entries = -1;
65 static int hf_samr_pref_maxsize = -1;
66 static int hf_samr_total_size = -1;
67 static int hf_samr_ret_size = -1;
68 static int hf_samr_alias_name = -1;
69 static int hf_samr_group_name = -1;
70 static int hf_samr_acct_name = -1;
71 static int hf_samr_full_name = -1;
72 static int hf_samr_acct_desc = -1;
73 static int hf_samr_home = -1;
74 static int hf_samr_home_drive = -1;
75 static int hf_samr_script = -1;
76 static int hf_samr_workstations = -1;
77 static int hf_samr_profile = -1;
78 static int hf_samr_callback = -1;
79 static int hf_samr_server = -1;
80 static int hf_samr_domain = -1;
81 static int hf_samr_controller = -1;
82 static int hf_samr_access = -1;
83 static int hf_samr_access_granted = -1;
84 static int hf_samr_crypt_password = -1;
85 static int hf_samr_crypt_hash = -1;
86 static int hf_samr_lm_change = -1;
87 static int hf_samr_lm_passchange_block = -1;
88 static int hf_samr_nt_passchange_block = -1;
89 static int hf_samr_nt_passchange_block_decrypted = -1;
90 static int hf_samr_nt_passchange_block_newpass = -1;
91 static int hf_samr_nt_passchange_block_newpass_len = -1;
92 static int hf_samr_nt_passchange_block_pseudorandom = -1;
93 static int hf_samr_lm_verifier = -1;
94 static int hf_samr_nt_verifier = -1;
95 static int hf_samr_attrib = -1;
96 static int hf_samr_max_pwd_age = -1;
97 static int hf_samr_min_pwd_age = -1;
98 static int hf_samr_min_pwd_len = -1;
99 static int hf_samr_pwd_history_len = -1;
100 static int hf_samr_num_users = -1;
101 static int hf_samr_num_groups = -1;
102 static int hf_samr_num_aliases = -1;
103 static int hf_samr_resume_hnd = -1;
104 static int hf_samr_bad_pwd_count = -1;
105 static int hf_samr_logon_count = -1;
106 static int hf_samr_logon_time = -1;
107 static int hf_samr_logoff_time = -1;
108 static int hf_samr_kickoff_time = -1;
109 static int hf_samr_pwd_last_set_time = -1;
110 static int hf_samr_pwd_can_change_time = -1;
111 static int hf_samr_pwd_must_change_time = -1;
112 static int hf_samr_acct_expiry_time = -1;
113 static int hf_samr_country = -1;
114 static int hf_samr_codepage = -1;
115 static int hf_samr_comment = -1;
116 static int hf_samr_nt_pwd_set = -1;
117 static int hf_samr_lm_pwd_set = -1;
118 static int hf_samr_pwd_expired = -1;
119 static int hf_samr_revision = -1;
120 static int hf_samr_info_type = -1;
121 static int hf_samr_primary_group_rid = -1;
122 static int hf_samr_group_num_of_members = -1;
123 static int hf_samr_group_desc = -1;
124 static int hf_samr_alias_num_of_members = -1;
125 static int hf_samr_alias_desc = -1;
127 static int hf_samr_unknown_hyper = -1;
128 static int hf_samr_unknown_long = -1;
129 static int hf_samr_unknown_short = -1;
130 static int hf_samr_unknown_char = -1;
131 static int hf_samr_unknown_string = -1;
132 static int hf_samr_unknown_time = -1;
134 static gint ett_dcerpc_samr = -1;
135 static gint ett_SAM_SECURITY_DESCRIPTOR = -1;
136 static gint ett_samr_user_dispinfo_1 = -1;
137 static gint ett_samr_user_dispinfo_1_array = -1;
138 static gint ett_samr_user_dispinfo_2 = -1;
139 static gint ett_samr_user_dispinfo_2_array = -1;
140 static gint ett_samr_group_dispinfo = -1;
141 static gint ett_samr_group_dispinfo_array = -1;
142 static gint ett_samr_ascii_dispinfo = -1;
143 static gint ett_samr_ascii_dispinfo_array = -1;
144 static gint ett_samr_display_info = -1;
145 static gint ett_samr_password_info = -1;
146 static gint ett_samr_server = -1;
147 static gint ett_samr_user_group = -1;
148 static gint ett_samr_user_group_array = -1;
149 static gint ett_samr_alias_info = -1;
150 static gint ett_samr_group_info = -1;
151 static gint ett_samr_domain_info_1 = -1;
152 static gint ett_samr_domain_info_2 = -1;
153 static gint ett_samr_domain_info_8 = -1;
154 static gint ett_samr_replication_status = -1;
155 static gint ett_samr_domain_info_11 = -1;
156 static gint ett_samr_domain_info_13 = -1;
157 static gint ett_samr_domain_info = -1;
158 static gint ett_samr_index_array = -1;
159 static gint ett_samr_idx_and_name = -1;
160 static gint ett_samr_idx_and_name_array = -1;
161 static gint ett_samr_user_info_1 = -1;
162 static gint ett_samr_user_info_2 = -1;
163 static gint ett_samr_user_info_3 = -1;
164 static gint ett_samr_user_info_5 = -1;
165 static gint ett_samr_user_info_6 = -1;
166 static gint ett_samr_user_info_10 = -1;
167 static gint ett_samr_user_info_18 = -1;
168 static gint ett_samr_user_info_19 = -1;
169 static gint ett_samr_buffer_buffer = -1;
170 static gint ett_samr_buffer = -1;
171 static gint ett_samr_user_info_21 = -1;
172 static gint ett_samr_user_info_22 = -1;
173 static gint ett_samr_user_info_23 = -1;
174 static gint ett_samr_user_info_24 = -1;
175 static gint ett_samr_user_info_25 = -1;
176 static gint ett_samr_user_info = -1;
177 static gint ett_samr_member_array_types = -1;
178 static gint ett_samr_member_array_rids = -1;
179 static gint ett_samr_member_array = -1;
180 static gint ett_samr_names = -1;
181 static gint ett_samr_rids = -1;
182 #ifdef SAMR_UNUSED_HANDLES
183 static gint ett_samr_hnd = -1;
186 static e_uuid_t uuid_dcerpc_samr = {
187 0x12345778, 0x1234, 0xabcd,
188 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xac}
191 static guint16 ver_dcerpc_samr = 1;
193 /* Configuration variables */
194 static char *nt_password = NULL;
196 /* Dissect connect specific access rights */
198 static gint hf_access_connect_connect_to_server = -1;
199 static gint hf_access_connect_shutdown_server = -1;
200 static gint hf_access_connect_initialize_server = -1;
201 static gint hf_access_connect_create_domain = -1;
202 static gint hf_access_connect_enum_domains = -1;
203 static gint hf_access_connect_open_domain = -1;
206 specific_rights_connect(tvbuff_t *tvb, gint offset, proto_tree *tree,
209 proto_tree_add_boolean(
210 tree, hf_access_connect_open_domain,
211 tvb, offset, 4, access);
213 proto_tree_add_boolean(
214 tree, hf_access_connect_enum_domains,
215 tvb, offset, 4, access);
217 proto_tree_add_boolean(
218 tree, hf_access_connect_create_domain,
219 tvb, offset, 4, access);
221 proto_tree_add_boolean(
222 tree, hf_access_connect_initialize_server,
223 tvb, offset, 4, access);
225 proto_tree_add_boolean(
226 tree, hf_access_connect_shutdown_server,
227 tvb, offset, 4, access);
229 proto_tree_add_boolean(
230 tree, hf_access_connect_connect_to_server,
231 tvb, offset, 4, access);
234 struct access_mask_info samr_connect_access_mask_info = {
236 specific_rights_connect,
237 NULL, /* Generic rights mapping */
238 NULL /* Standard rights mapping */
243 sam_dissect_SAM_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
244 packet_info *pinfo, proto_tree *tree,
250 di=pinfo->private_data;
251 if(di->conformant_run){
252 /*just a run to handle conformant arrays, nothing to dissect */
256 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
257 hf_samr_sd_size, &len);
260 tvb, offset, pinfo, tree, drep, len, &samr_connect_access_mask_info);
268 sam_dissect_SAM_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
269 packet_info *pinfo, proto_tree *parent_tree,
272 proto_item *item=NULL;
273 proto_tree *tree=NULL;
274 int old_offset=offset;
277 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
278 "SAM_SECURITY_DESCRIPTOR:");
279 tree = proto_item_add_subtree(item, ett_SAM_SECURITY_DESCRIPTOR);
282 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
283 hf_samr_sd_size, NULL);
285 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
286 sam_dissect_SAM_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
287 "SAM SECURITY DESCRIPTOR data:", -1);
289 proto_item_set_len(item, offset-old_offset);
294 /* Dissect domain specific access rights */
296 static gint hf_access_domain_lookup_info1 = -1;
297 static gint hf_access_domain_set_info1 = -1;
298 static gint hf_access_domain_lookup_info2 = -1;
299 static gint hf_access_domain_set_info2 = -1;
300 static gint hf_access_domain_create_user = -1;
301 static gint hf_access_domain_create_group = -1;
302 static gint hf_access_domain_create_alias = -1;
303 static gint hf_access_domain_lookup_alias_by_mem = -1;
304 static gint hf_access_domain_enum_accounts = -1;
305 static gint hf_access_domain_open_account = -1;
306 static gint hf_access_domain_set_info3 = -1;
309 specific_rights_domain(tvbuff_t *tvb, gint offset, proto_tree *tree,
312 proto_tree_add_boolean(
313 tree, hf_access_domain_set_info3,
314 tvb, offset, 4, access);
316 proto_tree_add_boolean(
317 tree, hf_access_domain_open_account,
318 tvb, offset, 4, access);
320 proto_tree_add_boolean(
321 tree, hf_access_domain_enum_accounts,
322 tvb, offset, 4, access);
324 proto_tree_add_boolean(
325 tree, hf_access_domain_lookup_alias_by_mem,
326 tvb, offset, 4, access);
328 proto_tree_add_boolean(
329 tree, hf_access_domain_create_alias,
330 tvb, offset, 4, access);
332 proto_tree_add_boolean(
333 tree, hf_access_domain_create_group,
334 tvb, offset, 4, access);
336 proto_tree_add_boolean(
337 tree, hf_access_domain_create_user,
338 tvb, offset, 4, access);
340 proto_tree_add_boolean(
341 tree, hf_access_domain_set_info2,
342 tvb, offset, 4, access);
344 proto_tree_add_boolean(
345 tree, hf_access_domain_lookup_info2,
346 tvb, offset, 4, access);
348 proto_tree_add_boolean(
349 tree, hf_access_domain_set_info1,
350 tvb, offset, 4, access);
352 proto_tree_add_boolean(
353 tree, hf_access_domain_lookup_info1,
354 tvb, offset, 4, access);
357 struct access_mask_info samr_domain_access_mask_info = {
359 specific_rights_domain,
360 NULL, /* Generic mapping table */
361 NULL /* Standard mapping table */
364 /* Dissect user specific access rights */
366 static gint hf_access_user_get_name_etc = -1;
367 static gint hf_access_user_get_locale = -1;
368 static gint hf_access_user_get_loc_com = -1;
369 static gint hf_access_user_get_logoninfo = -1;
370 static gint hf_access_user_get_attributes = -1;
371 static gint hf_access_user_set_attributes = -1;
372 static gint hf_access_user_change_password = -1;
373 static gint hf_access_user_set_password = -1;
374 static gint hf_access_user_get_groups = -1;
375 static gint hf_access_user_get_group_membership = -1;
376 static gint hf_access_user_change_group_membership = -1;
379 specific_rights_user(tvbuff_t *tvb, gint offset, proto_tree *tree,
382 proto_tree_add_boolean(
383 tree, hf_access_user_change_group_membership,
384 tvb, offset, 4, access);
386 proto_tree_add_boolean(
387 tree, hf_access_user_get_group_membership,
388 tvb, offset, 4, access);
390 proto_tree_add_boolean(
391 tree, hf_access_user_get_groups,
392 tvb, offset, 4, access);
394 proto_tree_add_boolean(
395 tree, hf_access_user_set_password,
396 tvb, offset, 4, access);
398 proto_tree_add_boolean(
399 tree, hf_access_user_change_password,
400 tvb, offset, 4, access);
402 proto_tree_add_boolean(
403 tree, hf_access_user_set_attributes,
404 tvb, offset, 4, access);
406 proto_tree_add_boolean(
407 tree, hf_access_user_get_attributes,
408 tvb, offset, 4, access);
410 proto_tree_add_boolean(
411 tree, hf_access_user_get_logoninfo,
412 tvb, offset, 4, access);
414 proto_tree_add_boolean(
415 tree, hf_access_user_get_loc_com,
416 tvb, offset, 4, access);
418 proto_tree_add_boolean(
419 tree, hf_access_user_get_locale,
420 tvb, offset, 4, access);
422 proto_tree_add_boolean(
423 tree, hf_access_user_get_name_etc,
424 tvb, offset, 4, access);
427 struct access_mask_info samr_user_access_mask_info = {
429 specific_rights_user,
430 NULL, /* Generic mapping table */
431 NULL /* Standard mapping table */
434 /* Dissect alias specific access rights */
436 static gint hf_access_alias_add_member = -1;
437 static gint hf_access_alias_remove_member = -1;
438 static gint hf_access_alias_get_members = -1;
439 static gint hf_access_alias_lookup_info = -1;
440 static gint hf_access_alias_set_info = -1;
443 specific_rights_alias(tvbuff_t *tvb, gint offset, proto_tree *tree,
446 proto_tree_add_boolean(
447 tree, hf_access_alias_set_info,
448 tvb, offset, 4, access);
450 proto_tree_add_boolean(
451 tree, hf_access_alias_lookup_info,
452 tvb, offset, 4, access);
454 proto_tree_add_boolean(
455 tree, hf_access_alias_get_members,
456 tvb, offset, 4, access);
458 proto_tree_add_boolean(
459 tree, hf_access_alias_remove_member,
460 tvb, offset, 4, access);
462 proto_tree_add_boolean(
463 tree, hf_access_alias_add_member,
464 tvb, offset, 4, access);
467 struct access_mask_info samr_alias_access_mask_info = {
469 specific_rights_alias,
470 NULL, /* Generic mapping table */
471 NULL /* Standard mapping table */
474 /* Dissect group specific access rights */
476 static gint hf_access_group_lookup_info = -1;
477 static gint hf_access_group_set_info = -1;
478 static gint hf_access_group_add_member = -1;
479 static gint hf_access_group_remove_member = -1;
480 static gint hf_access_group_get_members = -1;
483 specific_rights_group(tvbuff_t *tvb, gint offset, proto_tree *tree,
486 proto_tree_add_boolean(
487 tree, hf_access_group_get_members,
488 tvb, offset, 4, access);
490 proto_tree_add_boolean(
491 tree, hf_access_group_remove_member,
492 tvb, offset, 4, access);
494 proto_tree_add_boolean(
495 tree, hf_access_group_add_member,
496 tvb, offset, 4, access);
498 proto_tree_add_boolean(
499 tree, hf_access_group_set_info,
500 tvb, offset, 4, access);
502 proto_tree_add_boolean(
503 tree, hf_access_group_lookup_info,
504 tvb, offset, 4, access);
507 struct access_mask_info samr_group_access_mask_info = {
509 specific_rights_group,
510 NULL, /* Generic mapping table */
511 NULL /* Standard mapping table */
515 dissect_ndr_nt_SID_no_hf(tvbuff_t *tvb, int offset, packet_info *pinfo,
516 proto_tree *tree, guint8 *drep)
518 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
522 /* above this line, just some general support routines which should be placed
523 in some more generic file common to all NT services dissectors
527 samr_dissect_open_user_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
528 proto_tree *tree, guint8 *drep)
530 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
531 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
534 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
535 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
537 offset = dissect_nt_access_mask(
538 tvb, offset, pinfo, tree, drep, hf_samr_access,
539 &samr_user_access_mask_info, NULL);
541 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
544 if (check_col(pinfo->cinfo, COL_INFO))
545 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
547 dcv->private_data = GINT_TO_POINTER(rid);
553 samr_dissect_open_user_reply(tvbuff_t *tvb, int offset,
554 packet_info *pinfo, proto_tree *tree,
557 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
558 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
559 e_ctx_hnd policy_hnd;
560 proto_item *hnd_item;
562 guint32 rid = GPOINTER_TO_INT(dcv->private_data);
565 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
566 hf_samr_hnd, &policy_hnd, &hnd_item,
569 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
570 hf_samr_rc, &status);
574 pol_name = g_strdup_printf("OpenUser(rid 0x%x)", rid);
576 pol_name = g_strdup("OpenUser handle");
578 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
580 if (hnd_item != NULL)
581 proto_item_append_text(hnd_item, ": %s", pol_name);
590 samr_dissect_pointer_long(tvbuff_t *tvb, int offset,
591 packet_info *pinfo, proto_tree *tree,
596 di=pinfo->private_data;
597 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
603 samr_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
604 packet_info *pinfo, proto_tree *tree,
609 di=pinfo->private_data;
610 if(di->conformant_run){
611 /*just a run to handle conformant arrays, nothing to dissect */
615 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
621 samr_dissect_pointer_short(tvbuff_t *tvb, int offset,
622 packet_info *pinfo, proto_tree *tree,
627 di=pinfo->private_data;
628 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
635 samr_dissect_query_dispinfo_rqst(tvbuff_t *tvb, int offset,
636 packet_info *pinfo, proto_tree *tree,
642 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
643 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
645 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
646 hf_samr_level, &level);
647 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
648 hf_samr_start_idx, &start_idx);
649 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
650 hf_samr_max_entries, NULL);
651 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
652 hf_samr_pref_maxsize, NULL);
654 if (check_col(pinfo->cinfo, COL_INFO))
656 pinfo->cinfo, COL_INFO, ", level %d, start_idx %d",
663 samr_dissect_USER_DISPINFO_1(tvbuff_t *tvb, int offset,
664 packet_info *pinfo, proto_tree *parent_tree,
667 proto_item *item=NULL;
668 proto_tree *tree=NULL;
669 int old_offset=offset;
672 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
674 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
677 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
678 hf_samr_index, NULL);
679 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
681 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
682 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
683 hf_samr_acct_name, 0);
684 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
685 hf_samr_full_name, 0);
686 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
687 hf_samr_acct_desc, 0);
689 proto_item_set_len(item, offset-old_offset);
694 samr_dissect_USER_DISPINFO_1_ARRAY_users(tvbuff_t *tvb, int offset,
695 packet_info *pinfo, proto_tree *tree,
698 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
699 samr_dissect_USER_DISPINFO_1);
705 samr_dissect_USER_DISPINFO_1_ARRAY (tvbuff_t *tvb, int offset,
706 packet_info *pinfo, proto_tree *parent_tree,
710 proto_item *item=NULL;
711 proto_tree *tree=NULL;
712 int old_offset=offset;
715 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
716 "User_DispInfo_1 Array");
717 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1_array);
721 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
722 hf_samr_count, &count);
723 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
724 samr_dissect_USER_DISPINFO_1_ARRAY_users, NDR_POINTER_PTR,
725 "USER_DISPINFO_1_ARRAY", -1);
727 proto_item_set_len(item, offset-old_offset);
734 samr_dissect_USER_DISPINFO_2(tvbuff_t *tvb, int offset,
735 packet_info *pinfo, proto_tree *parent_tree,
738 proto_item *item=NULL;
739 proto_tree *tree=NULL;
740 int old_offset=offset;
743 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
745 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2);
748 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
749 hf_samr_index, NULL);
750 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
752 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
753 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
754 hf_samr_acct_name, 0);
755 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
756 hf_samr_acct_desc, 0);
758 proto_item_set_len(item, offset-old_offset);
763 samr_dissect_USER_DISPINFO_2_ARRAY_users (tvbuff_t *tvb, int offset,
764 packet_info *pinfo, proto_tree *tree,
767 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
768 samr_dissect_USER_DISPINFO_2);
774 samr_dissect_USER_DISPINFO_2_ARRAY (tvbuff_t *tvb, int offset,
775 packet_info *pinfo, proto_tree *parent_tree,
779 proto_item *item=NULL;
780 proto_tree *tree=NULL;
781 int old_offset=offset;
784 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
785 "User_DispInfo_2 Array");
786 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2_array);
790 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
791 hf_samr_count, &count);
792 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
793 samr_dissect_USER_DISPINFO_2_ARRAY_users, NDR_POINTER_PTR,
794 "USER_DISPINFO_2_ARRAY", -1);
796 proto_item_set_len(item, offset-old_offset);
801 samr_dissect_GROUP_DISPINFO(tvbuff_t *tvb, int offset,
802 packet_info *pinfo, proto_tree *parent_tree,
805 proto_item *item=NULL;
806 proto_tree *tree=NULL;
807 int old_offset=offset;
810 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
812 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo);
816 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
817 hf_samr_index, NULL);
818 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
820 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
821 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
822 hf_samr_acct_name, 0);
823 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
824 hf_samr_acct_desc, 0);
826 proto_item_set_len(item, offset-old_offset);
831 samr_dissect_GROUP_DISPINFO_ARRAY_groups(tvbuff_t *tvb, int offset,
832 packet_info *pinfo, proto_tree *tree,
835 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
836 samr_dissect_GROUP_DISPINFO);
842 samr_dissect_GROUP_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
843 packet_info *pinfo, proto_tree *parent_tree,
847 proto_item *item=NULL;
848 proto_tree *tree=NULL;
849 int old_offset=offset;
852 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
853 "Group_DispInfo Array");
854 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo_array);
857 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
858 hf_samr_count, &count);
859 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
860 samr_dissect_GROUP_DISPINFO_ARRAY_groups, NDR_POINTER_PTR,
861 "GROUP_DISPINFO_ARRAY", -1);
863 proto_item_set_len(item, offset-old_offset);
870 samr_dissect_ASCII_DISPINFO(tvbuff_t *tvb, int offset,
871 packet_info *pinfo, proto_tree *parent_tree,
874 proto_item *item=NULL;
875 proto_tree *tree=NULL;
876 int old_offset=offset;
879 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
881 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo);
885 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
886 hf_samr_index, NULL);
887 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
889 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
890 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
891 hf_samr_acct_name, 0);
892 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
893 hf_samr_acct_desc, 0);
895 proto_item_set_len(item, offset-old_offset);
900 samr_dissect_ASCII_DISPINFO_ARRAY_users(tvbuff_t *tvb, int offset,
901 packet_info *pinfo, proto_tree *tree,
904 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
905 samr_dissect_ASCII_DISPINFO);
911 samr_dissect_ASCII_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
912 packet_info *pinfo, proto_tree *parent_tree,
916 proto_item *item=NULL;
917 proto_tree *tree=NULL;
918 int old_offset=offset;
921 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
922 "Ascii_DispInfo Array");
923 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo_array);
926 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
927 hf_samr_count, &count);
928 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
929 samr_dissect_ASCII_DISPINFO_ARRAY_users, NDR_POINTER_PTR,
930 "ACSII_DISPINFO_ARRAY", -1);
932 proto_item_set_len(item, offset-old_offset);
938 samr_dissect_DISPLAY_INFO (tvbuff_t *tvb, int offset,
939 packet_info *pinfo, proto_tree *parent_tree,
942 proto_item *item=NULL;
943 proto_tree *tree=NULL;
944 int old_offset=offset;
948 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
950 tree = proto_item_add_subtree(item, ett_samr_display_info);
953 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
954 hf_samr_level, &level);
957 offset = samr_dissect_USER_DISPINFO_1_ARRAY(
958 tvb, offset, pinfo, tree, drep);
961 offset = samr_dissect_USER_DISPINFO_2_ARRAY(
962 tvb, offset, pinfo, tree, drep);
965 offset = samr_dissect_GROUP_DISPINFO_ARRAY(
966 tvb, offset, pinfo, tree, drep);
969 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
970 tvb, offset, pinfo, tree, drep);
973 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
974 tvb, offset, pinfo, tree, drep);
978 proto_item_set_len(item, offset-old_offset);
983 samr_dissect_query_dispinfo_reply(tvbuff_t *tvb, int offset,
984 packet_info *pinfo, proto_tree *tree,
987 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
988 samr_dissect_pointer_long, NDR_POINTER_REF,
989 "Total Size", hf_samr_total_size);
990 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
991 samr_dissect_pointer_long, NDR_POINTER_REF,
992 "Returned Size", hf_samr_ret_size);
993 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
994 samr_dissect_DISPLAY_INFO, NDR_POINTER_REF,
995 "DISPLAY_INFO:", -1);
996 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1003 samr_dissect_get_display_enumeration_index_rqst(tvbuff_t *tvb, int offset,
1010 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1011 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1013 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1014 hf_samr_level, &level);
1016 if (check_col(pinfo->cinfo, COL_INFO))
1017 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
1019 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1020 hf_samr_acct_name, 0);
1026 samr_dissect_get_display_enumeration_index_reply(tvbuff_t *tvb, int offset,
1027 packet_info *pinfo, proto_tree *tree,
1030 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1031 samr_dissect_pointer_long, NDR_POINTER_REF,
1032 "Index", hf_samr_index);
1034 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1044 samr_dissect_PASSWORD_INFO(tvbuff_t *tvb, int offset,
1045 packet_info *pinfo, proto_tree *parent_tree,
1048 proto_item *item=NULL;
1049 proto_tree *tree=NULL;
1050 int old_offset=offset;
1052 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
1055 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1057 tree = proto_item_add_subtree(item, ett_samr_password_info);
1061 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1062 hf_samr_unknown_short, NULL);
1063 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1064 hf_samr_unknown_long, NULL);
1066 proto_item_set_len(item, offset-old_offset);
1071 samr_dissect_get_usrdom_pwinfo_rqst(tvbuff_t *tvb, int offset,
1072 packet_info *pinfo, proto_tree *tree,
1075 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1076 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1082 samr_dissect_get_usrdom_pwinfo_reply(tvbuff_t *tvb, int offset,
1083 packet_info *pinfo, proto_tree *tree,
1086 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1087 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
1088 "PASSWORD_INFO:", -1);
1090 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1096 samr_dissect_connect2_rqst(tvbuff_t *tvb, int offset,
1097 packet_info *pinfo, proto_tree *tree,
1100 offset = dissect_ndr_pointer_cb(
1101 tvb, offset, pinfo, tree, drep,
1102 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
1103 "Server", hf_samr_server, cb_wstr_postprocess,
1104 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
1106 offset = dissect_nt_access_mask(
1107 tvb, offset, pinfo, tree, drep, hf_samr_access,
1108 &samr_connect_access_mask_info, NULL);
1114 samr_dissect_connect3_4_rqst(tvbuff_t *tvb, int offset,
1115 packet_info *pinfo, proto_tree *tree,
1118 offset = dissect_ndr_pointer_cb(
1119 tvb, offset, pinfo, tree, drep,
1120 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
1121 "Server", hf_samr_server, cb_wstr_postprocess,
1122 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
1124 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1125 hf_samr_unknown_long, NULL);
1127 offset = dissect_nt_access_mask(
1128 tvb, offset, pinfo, tree, drep, hf_samr_access,
1129 &samr_connect_access_mask_info, NULL);
1135 samr_dissect_connect2_3_4_reply(tvbuff_t *tvb, int offset,
1136 packet_info *pinfo, proto_tree *tree,
1139 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
1140 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
1141 e_ctx_hnd policy_hnd;
1142 proto_item *hnd_item;
1144 char *server = (char *)dcv->private_data, *pol_name = NULL;
1146 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1147 hf_samr_hnd, &policy_hnd, &hnd_item,
1150 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1151 hf_samr_rc, &status);
1155 if (dcv->opnum == SAMR_CONNECT2)
1156 pol_name = g_strdup_printf("Connect2(%s)", server);
1157 if (dcv->opnum == SAMR_CONNECT3)
1158 pol_name = g_strdup_printf("Connect3(%s)", server);
1159 if (dcv->opnum == SAMR_CONNECT4)
1160 pol_name = g_strdup_printf("Connect4(%s)", server);
1163 if (dcv->opnum == SAMR_CONNECT2)
1164 pol_name = g_strdup("Connect2 handle");
1165 if (dcv->opnum == SAMR_CONNECT3)
1166 pol_name = g_strdup("Connect3 handle");
1167 if (dcv->opnum == SAMR_CONNECT4)
1168 pol_name = g_strdup("Connect4 handle");
1171 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
1173 if (hnd_item != NULL)
1174 proto_item_append_text(hnd_item, ": %s", pol_name);
1183 samr_dissect_connect_anon_rqst(tvbuff_t *tvb, int offset,
1184 packet_info *pinfo, proto_tree *tree,
1190 offset=dissect_ndr_uint16(tvb, offset, pinfo, NULL, drep,
1191 hf_samr_server, &server);
1194 proto_tree_add_string_format(tree, hf_samr_server, tvb, offset-2, 2,
1195 str, "Server: %s", str);
1201 samr_dissect_connect_anon_reply(tvbuff_t *tvb, int offset,
1202 packet_info *pinfo, proto_tree *tree,
1205 e_ctx_hnd policy_hnd;
1206 proto_item *hnd_item;
1209 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1210 hf_samr_hnd, &policy_hnd, &hnd_item,
1213 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1214 hf_samr_rc, &status);
1217 dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
1218 "ConnectAnon handle");
1220 if (hnd_item != NULL)
1221 proto_item_append_text(hnd_item, ": ConnectAnon handle");
1228 samr_dissect_USER_GROUP(tvbuff_t *tvb, int offset,
1229 packet_info *pinfo, proto_tree *parent_tree,
1232 proto_item *item=NULL;
1233 proto_tree *tree=NULL;
1234 int old_offset=offset;
1237 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1239 tree = proto_item_add_subtree(item, ett_samr_user_group);
1242 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1244 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1245 hf_samr_rid_attrib, NULL);
1247 proto_item_set_len(item, offset-old_offset);
1252 samr_dissect_USER_GROUP_ARRAY_groups (tvbuff_t *tvb, int offset,
1253 packet_info *pinfo, proto_tree *tree,
1256 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1257 samr_dissect_USER_GROUP);
1263 samr_dissect_USER_GROUP_ARRAY(tvbuff_t *tvb, int offset,
1264 packet_info *pinfo, proto_tree *parent_tree,
1268 proto_item *item=NULL;
1269 proto_tree *tree=NULL;
1270 int old_offset=offset;
1273 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1274 "USER_GROUP_ARRAY");
1275 tree = proto_item_add_subtree(item, ett_samr_user_group_array);
1278 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1279 hf_samr_count, &count);
1280 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1281 samr_dissect_USER_GROUP_ARRAY_groups, NDR_POINTER_UNIQUE,
1282 "USER_GROUP_ARRAY", -1);
1284 proto_item_set_len(item, offset-old_offset);
1289 samr_dissect_USER_GROUP_ARRAY_ptr(tvbuff_t *tvb, int offset,
1290 packet_info *pinfo, proto_tree *tree,
1293 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1294 samr_dissect_USER_GROUP_ARRAY, NDR_POINTER_UNIQUE,
1295 "USER_GROUP_ARRAY", -1);
1300 samr_dissect_get_groups_for_user_rqst(tvbuff_t *tvb, int offset,
1301 packet_info *pinfo, proto_tree *tree,
1304 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1305 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1311 samr_dissect_get_groups_for_user_reply(tvbuff_t *tvb, int offset,
1312 packet_info *pinfo, proto_tree *tree,
1315 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1316 samr_dissect_USER_GROUP_ARRAY_ptr, NDR_POINTER_REF,
1317 "USER_GROUP_ARRAY:", -1);
1319 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1325 static void append_sid_col_info(packet_info *pinfo, proto_tree *tree _U_,
1326 proto_item *item _U_, tvbuff_t *tvb _U_,
1327 int start_offset _U_, int end_offset _U_,
1328 void *callback_args _U_)
1330 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
1331 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
1332 char *sid_str = dcv->private_data;
1334 if (sid_str && check_col(pinfo->cinfo, COL_INFO))
1335 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", sid_str);
1339 samr_dissect_open_domain_rqst(tvbuff_t *tvb, int offset,
1340 packet_info *pinfo, proto_tree *tree,
1343 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1344 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1346 offset = dissect_nt_access_mask(
1347 tvb, offset, pinfo, tree, drep, hf_samr_access,
1348 &samr_domain_access_mask_info, NULL);
1350 offset = dissect_ndr_pointer_cb(
1351 tvb, offset, pinfo, tree, drep, dissect_ndr_nt_SID_no_hf,
1352 NDR_POINTER_REF, "SID:", -1, append_sid_col_info, NULL);
1358 samr_dissect_open_domain_reply(tvbuff_t *tvb, int offset,
1359 packet_info *pinfo, proto_tree *tree,
1362 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
1363 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
1364 e_ctx_hnd policy_hnd;
1365 proto_item *hnd_item;
1367 char *pol_name, *sid_str = (char *)dcv->private_data;
1369 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1370 hf_samr_hnd, &policy_hnd, &hnd_item,
1373 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1374 hf_samr_rc, &status);
1378 pol_name = g_strdup_printf("OpenDomain(%s)", sid_str);
1380 pol_name = g_strdup("OpenDomain handle");
1383 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
1385 if (hnd_item != NULL)
1386 proto_item_append_text(hnd_item, ": %s", pol_name);
1396 samr_dissect_context_handle_SID(tvbuff_t *tvb, int offset,
1397 packet_info *pinfo, proto_tree *tree,
1400 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1401 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1403 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1404 dissect_ndr_nt_SID_no_hf, NDR_POINTER_REF,
1412 samr_dissect_add_member_to_group_rqst(tvbuff_t *tvb, int offset,
1413 packet_info *pinfo, proto_tree *tree,
1416 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1417 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1419 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1420 hf_samr_group, NULL);
1422 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1429 samr_dissect_add_member_to_group_reply(tvbuff_t *tvb, int offset,
1430 packet_info *pinfo, proto_tree *tree,
1433 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1440 samr_dissect_get_boot_key_information_rqst(tvbuff_t *tvb, int offset,
1441 packet_info *pinfo, proto_tree *tree,
1444 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1445 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1451 samr_dissect_get_boot_key_information_reply(tvbuff_t *tvb, int offset,
1452 packet_info *pinfo, proto_tree *tree,
1455 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1456 samr_dissect_pointer_short, NDR_POINTER_REF,
1457 "unknown short", hf_samr_unknown_short);
1459 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1465 samr_dissect_create_alias_in_domain_rqst(tvbuff_t *tvb, int offset,
1466 packet_info *pinfo, proto_tree *tree,
1469 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1470 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1472 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1473 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
1474 "Alias Name", hf_samr_alias_name);
1476 offset = dissect_nt_access_mask(
1477 tvb, offset, pinfo, tree, drep, hf_samr_access,
1478 &samr_alias_access_mask_info, NULL);
1484 samr_dissect_create_alias_in_domain_reply(tvbuff_t *tvb, int offset,
1485 packet_info *pinfo, proto_tree *tree,
1488 e_ctx_hnd policy_hnd;
1489 proto_item *hnd_item;
1492 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1493 hf_samr_hnd, &policy_hnd, &hnd_item,
1496 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1499 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1500 hf_samr_rc, &status);
1503 dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
1504 "CreateAlias handle");
1506 if (hnd_item != NULL)
1507 proto_item_append_text(hnd_item, ": CreateAlias handle");
1513 samr_dissect_query_information_alias_rqst(tvbuff_t *tvb, int offset,
1515 proto_tree *tree, guint8 *drep)
1519 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1520 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1522 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1523 hf_samr_level, &level);
1525 if (check_col(pinfo->cinfo, COL_INFO))
1526 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
1532 samr_dissect_ALIAS_INFO_1 (tvbuff_t *tvb, int offset,
1533 packet_info *pinfo, proto_tree *tree,
1536 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1537 tree, drep, hf_samr_alias_name, 0);
1538 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1539 hf_samr_alias_num_of_members, NULL);
1540 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1541 tree, drep, hf_samr_alias_desc, 0);
1546 samr_dissect_ALIAS_INFO(tvbuff_t *tvb, int offset,
1547 packet_info *pinfo, proto_tree *parent_tree,
1550 proto_item *item=NULL;
1551 proto_tree *tree=NULL;
1552 int old_offset=offset;
1556 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1558 tree = proto_item_add_subtree(item, ett_samr_alias_info);
1561 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1562 hf_samr_level, &level);
1565 offset = samr_dissect_ALIAS_INFO_1(
1566 tvb, offset, pinfo, tree, drep);
1569 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1570 tree, drep, hf_samr_alias_name, 0);
1573 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1574 tree, drep, hf_samr_alias_desc, 0);
1578 proto_item_set_len(item, offset-old_offset);
1583 samr_dissect_ALIAS_INFO_ptr(tvbuff_t *tvb, int offset,
1584 packet_info *pinfo, proto_tree *tree,
1587 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1588 samr_dissect_ALIAS_INFO, NDR_POINTER_UNIQUE,
1594 samr_dissect_query_information_alias_reply(tvbuff_t *tvb, int offset,
1596 proto_tree *tree, guint8 *drep)
1598 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1599 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1602 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1609 samr_dissect_set_information_alias_rqst(tvbuff_t *tvb, int offset,
1610 packet_info *pinfo, proto_tree *tree,
1615 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1616 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1618 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1619 hf_samr_level, &level);
1621 if (check_col(pinfo->cinfo, COL_INFO))
1622 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
1624 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1625 samr_dissect_ALIAS_INFO, NDR_POINTER_REF,
1631 samr_dissect_set_information_alias_reply(tvbuff_t *tvb, int offset,
1632 packet_info *pinfo, proto_tree *tree,
1635 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1641 samr_dissect_CRYPT_PASSWORD(tvbuff_t *tvb, int offset,
1642 packet_info *pinfo _U_, proto_tree *tree,
1647 di=pinfo->private_data;
1648 if(di->conformant_run){
1649 /* just a run to handle conformant arrays, no scalars to dissect */
1653 proto_tree_add_item(tree, hf_samr_crypt_password, tvb, offset, 516,
1660 samr_dissect_CRYPT_HASH(tvbuff_t *tvb, int offset,
1661 packet_info *pinfo _U_, proto_tree *tree,
1666 di=pinfo->private_data;
1667 if(di->conformant_run){
1668 /* just a run to handle conformant arrays, no scalars to dissect */
1672 proto_tree_add_item(tree, hf_samr_crypt_hash, tvb, offset, 16,
1678 #define NT_BLOCK_SIZE 516
1681 samr_dissect_decrypted_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset,
1682 packet_info *pinfo _U_, proto_tree *tree,
1685 guint32 new_password_len = 0;
1686 guint32 pseudorandom_len = 0;
1687 const char *printable_password;
1691 /* The length of the new password is represented in the last four
1692 octets of the decrypted buffer. Since the password length cannot
1693 exceed 512, we can check the contents of those bytes to determine
1694 if decryption was successful. If the decrypted contents of those
1695 four bytes is less than 512, then there is a 99% chance that
1696 we decrypted the buffer successfully. Of course, this isn't good
1697 enough for a security application, (NT uses the "verifier" field
1698 to come to the same conclusion), but it should be good enough for
1701 new_password_len = tvb_get_letohl(tvb, 512);
1703 if (new_password_len <= 512)
1705 /* Decryption successful */
1706 proto_tree_add_text (tree, tvb, offset, -1,
1707 "Decryption of NT Password Encrypted block successful");
1709 /* Whatever is before the password is pseudorandom data. We calculate
1710 the length by examining the password length (at the end), and working
1712 pseudorandom_len = NT_BLOCK_SIZE - new_password_len - 4;
1714 /* Pseudorandom data padding up to password */
1715 proto_tree_add_item(tree, hf_samr_nt_passchange_block_pseudorandom,
1716 tvb, offset, pseudorandom_len, TRUE);
1717 offset += pseudorandom_len;
1719 /* The new password itself */
1720 bc = new_password_len;
1721 printable_password = get_unicode_or_ascii_string(tvb, &offset,
1725 proto_tree_add_string(tree, hf_samr_nt_passchange_block_newpass,
1726 tvb, offset, result_length,
1727 printable_password);
1728 offset += new_password_len;
1730 /* Length of password */
1731 proto_tree_add_item(tree, hf_samr_nt_passchange_block_newpass_len,
1732 tvb, offset, 4, TRUE);
1736 /* Decryption failure. Just show the encrypted block */
1737 proto_tree_add_text (tree, tvb, offset, -1,
1738 "Decryption of NT Passchange block failed");
1740 proto_tree_add_item(tree, hf_samr_nt_passchange_block_decrypted, tvb,
1741 offset, NT_BLOCK_SIZE, TRUE);
1746 samr_dissect_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset,
1747 packet_info *pinfo _U_, proto_tree *tree,
1751 size_t password_len;
1752 unsigned char *password_unicode;
1753 size_t password_len_unicode;
1754 unsigned char password_md4_hash[16];
1756 tvbuff_t *decr_tvb; /* Used to store decrypted buffer */
1757 rc4_state_struct rc4_state;
1760 /* This implements the the algorithm discussed in lkcl -"DCE/RPC
1761 over SMB" page 257. Note that this code does not properly support
1764 di=pinfo->private_data;
1765 if(di->conformant_run){
1766 /* just a run to handle conformant arrays, no scalars to dissect */
1770 /* Put in a protocol tree entry for the encrypted block. */
1771 proto_tree_add_text(tree, tvb, offset, NT_BLOCK_SIZE,
1772 "Encrypted NT Password Block");
1774 if (nt_password[0] != '\0') {
1775 /* We have an NT password, so we can decrypt the password
1778 /* Convert the password provided in the Ethereal GUI to Unicode
1779 (UCS-2). Since the input is always ASCII, we can just fake
1780 it and pad every other byte with a NUL. If we ever support
1781 UTF-8 in the GUI, we would have to perform a real UTF-8 to
1783 password_len = strlen(nt_password);
1784 password_len_unicode = password_len*2;
1785 password_unicode = g_malloc(password_len_unicode);
1786 for (i = 0; i < password_len; i++) {
1787 password_unicode[i*2] = nt_password[i];
1788 password_unicode[i*2+1] = 0;
1791 /* Run MD4 against the resulting Unicode password. This will
1792 be used to perform RC4 decryption on the password change
1793 block. Then free the Unicode password, as we're done
1795 crypt_md4(password_md4_hash, password_unicode,
1796 password_len_unicode);
1797 g_free(password_unicode);
1799 /* Copy the block into a temporary buffer so we can decrypt
1801 block = g_malloc(NT_BLOCK_SIZE);
1802 memset(block, 0, NT_BLOCK_SIZE);
1803 tvb_memcpy(tvb, block, offset, NT_BLOCK_SIZE);
1805 /* RC4 decrypt the block with the old NT password hash */
1806 crypt_rc4_init(&rc4_state, password_md4_hash, 16);
1807 crypt_rc4(&rc4_state, block, NT_BLOCK_SIZE);
1809 /* Show the decrypted buffer in a new window */
1810 decr_tvb = tvb_new_real_data(block, NT_BLOCK_SIZE,
1812 tvb_set_free_cb(decr_tvb, g_free);
1813 tvb_set_child_real_data_tvbuff(tvb, decr_tvb);
1814 add_new_data_source(pinfo, decr_tvb,
1815 "Decrypted NT Password Block");
1817 /* Dissect the decrypted block */
1818 samr_dissect_decrypted_NT_PASSCHANGE_BLOCK(decr_tvb, 0, pinfo,
1821 offset += NT_BLOCK_SIZE;
1826 samr_dissect_LM_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset,
1827 packet_info *pinfo _U_, proto_tree *tree,
1832 /* Right now, this just dumps the output. In the long term, we can use
1833 the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to
1834 actually decrypt the block */
1836 di=pinfo->private_data;
1837 if(di->conformant_run){
1838 /* just a run to handle conformant arrays, no scalars to dissect */
1842 proto_tree_add_item(tree, hf_samr_lm_passchange_block, tvb, offset,
1849 samr_dissect_LM_VERIFIER(tvbuff_t *tvb, int offset,
1850 packet_info *pinfo _U_, proto_tree *tree,
1855 /* Right now, this just dumps the output. In the long term, we can use
1856 the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to
1857 actually validate the verifier */
1859 di=pinfo->private_data;
1860 if(di->conformant_run){
1861 /* just a run to handle conformant arrays, no scalars to dissect */
1865 proto_tree_add_item(tree, hf_samr_lm_verifier, tvb, offset, 16,
1873 samr_dissect_NT_VERIFIER(tvbuff_t *tvb, int offset,
1874 packet_info *pinfo _U_, proto_tree *tree,
1879 /* Right now, this just dumps the output. In the long term, we can use
1880 the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to
1881 actually validate the verifier */
1883 di=pinfo->private_data;
1884 if(di->conformant_run){
1885 /* just a run to handle conformant arrays, no scalars to dissect */
1889 proto_tree_add_item(tree, hf_samr_nt_verifier, tvb, offset, 16,
1897 samr_dissect_oem_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1899 proto_tree *tree, guint8 *drep)
1901 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1902 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1904 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1905 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1906 "Server", hf_samr_server);
1908 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1909 samr_dissect_pointer_STRING, NDR_POINTER_REF,
1910 "Account Name", hf_samr_acct_name);
1912 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1913 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1916 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1917 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1923 samr_dissect_oem_change_password_user2_reply(tvbuff_t *tvb, int offset,
1925 proto_tree *tree, guint8 *drep)
1927 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1934 samr_dissect_unicode_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1936 proto_tree *tree, guint8 *drep)
1938 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1939 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
1940 "PASSWORD_INFO:", -1);
1942 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
1943 NDR_POINTER_UNIQUE, "Server", hf_samr_server, 0);
1945 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1946 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
1947 "Account Name", hf_samr_acct_name);
1949 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1950 samr_dissect_NT_PASSCHANGE_BLOCK, NDR_POINTER_UNIQUE,
1951 "New NT Password Encrypted Block", -1);
1952 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1953 samr_dissect_NT_VERIFIER, NDR_POINTER_UNIQUE,
1954 "NT Password Verifier", -1);
1955 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1956 hf_samr_lm_change, NULL);
1957 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1958 samr_dissect_LM_PASSCHANGE_BLOCK, NDR_POINTER_UNIQUE,
1959 "New Lan Manager Password Encrypted Block", -1);
1960 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1961 samr_dissect_LM_VERIFIER, NDR_POINTER_UNIQUE,
1962 "Lan Manager Password Verifier", -1);
1967 samr_dissect_unicode_change_password_user2_reply(tvbuff_t *tvb, int offset,
1969 proto_tree *tree, guint8 *drep)
1971 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1978 samr_dissect_set_boot_key_information_rqst(tvbuff_t *tvb, int offset,
1979 packet_info *pinfo, proto_tree *tree,
1982 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1983 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
1985 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1986 hf_samr_unknown_short, NULL);
1987 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1988 dissect_ndr_counted_string_ptr, NDR_POINTER_UNIQUE,
1989 "Unknown", hf_samr_unknown_string);
1990 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1991 dissect_ndr_counted_string_ptr, NDR_POINTER_UNIQUE,
1992 "Unknown", hf_samr_unknown_string);
1997 samr_dissect_set_boot_key_information_reply(tvbuff_t *tvb, int offset,
1998 packet_info *pinfo, proto_tree *tree,
2001 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2008 samr_dissect_create_user2_in_domain_rqst(tvbuff_t *tvb, int offset,
2009 packet_info *pinfo, proto_tree *tree,
2012 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2013 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2015 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2016 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
2017 "Account Name", hf_samr_acct_name);
2019 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2021 offset = dissect_nt_access_mask(
2022 tvb, offset, pinfo, tree, drep, hf_samr_access,
2023 &samr_user_access_mask_info, NULL);
2029 samr_dissect_create_user2_in_domain_reply(tvbuff_t *tvb, int offset,
2030 packet_info *pinfo, proto_tree *tree,
2033 e_ctx_hnd policy_hnd;
2034 proto_item *hnd_item;
2037 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2038 hf_samr_hnd, &policy_hnd, &hnd_item,
2041 offset = dissect_nt_access_mask(
2042 tvb, offset, pinfo, tree, drep, hf_samr_access_granted,
2043 &samr_user_access_mask_info, NULL);
2045 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2048 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2049 hf_samr_rc, &status);
2052 dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
2053 "CreateUser2 handle");
2055 if (hnd_item != NULL)
2056 proto_item_append_text(hnd_item, ": CreateUser2 handle");
2063 samr_dissect_get_display_enumeration_index2_rqst(tvbuff_t *tvb, int offset,
2065 proto_tree *tree, guint8 *drep)
2067 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2068 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2070 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2071 hf_samr_level, NULL);
2072 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2073 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
2074 "Account Name", hf_samr_acct_name);
2079 samr_dissect_get_display_enumeration_index2_reply(tvbuff_t *tvb, int offset,
2080 packet_info *pinfo, proto_tree *tree,
2083 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2084 hf_samr_index, NULL);
2086 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2092 samr_dissect_change_password_user_rqst(tvbuff_t *tvb, int offset,
2093 packet_info *pinfo, proto_tree *tree,
2096 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2097 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2099 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2100 hf_samr_unknown_char, NULL);
2101 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2102 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2104 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2105 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2107 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2108 hf_samr_unknown_char, NULL);
2109 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2110 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2112 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2113 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2115 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2116 hf_samr_unknown_char, NULL);
2117 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2118 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2120 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2121 hf_samr_unknown_char, NULL);
2122 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2123 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2130 samr_dissect_change_password_user_reply(tvbuff_t *tvb, int offset,
2131 packet_info *pinfo, proto_tree *tree,
2134 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2141 samr_dissect_set_member_attributes_of_group_rqst(tvbuff_t *tvb, int offset,
2143 proto_tree *tree, guint8 *drep)
2145 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2146 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2148 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2149 hf_samr_attrib, NULL);
2154 samr_dissect_set_member_attributes_of_group_reply(tvbuff_t *tvb, int offset,
2155 packet_info *pinfo, proto_tree *tree,
2158 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2165 samr_dissect_GROUP_INFO_1 (tvbuff_t *tvb, int offset,
2166 packet_info *pinfo, proto_tree *tree,
2169 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2170 tree, drep, hf_samr_group_name, 0);
2171 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2172 hf_samr_unknown_long, NULL);
2173 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2174 hf_samr_group_num_of_members, NULL);
2175 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2176 tree, drep, hf_samr_group_desc, 0);
2181 samr_dissect_GROUP_INFO(tvbuff_t *tvb, int offset,
2182 packet_info *pinfo, proto_tree *parent_tree,
2185 proto_item *item=NULL;
2186 proto_tree *tree=NULL;
2187 int old_offset=offset;
2191 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2193 tree = proto_item_add_subtree(item, ett_samr_group_info);
2196 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2197 hf_samr_level, &level);
2200 offset = samr_dissect_GROUP_INFO_1(
2201 tvb, offset, pinfo, tree, drep);
2204 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2205 tree, drep, hf_samr_group_name, 0);
2208 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2209 hf_samr_attrib, NULL);
2212 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2213 tree, drep, hf_samr_group_desc, 0);
2217 proto_item_set_len(item, offset-old_offset);
2222 samr_dissect_GROUP_INFO_ptr(tvbuff_t *tvb, int offset,
2223 packet_info *pinfo, proto_tree *tree,
2226 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2227 samr_dissect_GROUP_INFO, NDR_POINTER_UNIQUE,
2233 samr_dissect_query_information_group_rqst(tvbuff_t *tvb, int offset,
2235 proto_tree *tree, guint8 *drep)
2237 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2238 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2240 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2241 hf_samr_level, NULL);
2247 samr_dissect_query_information_group_reply(tvbuff_t *tvb, int offset,
2248 packet_info *pinfo, proto_tree *tree,
2251 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2252 samr_dissect_GROUP_INFO_ptr, NDR_POINTER_REF,
2255 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2261 samr_dissect_set_information_group_rqst(tvbuff_t *tvb, int offset,
2262 packet_info *pinfo, proto_tree *tree,
2267 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2268 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2270 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2271 hf_samr_level, &level);
2273 if (check_col(pinfo->cinfo, COL_INFO))
2274 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
2276 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2277 samr_dissect_GROUP_INFO, NDR_POINTER_REF,
2283 samr_dissect_set_information_group_reply(tvbuff_t *tvb, int offset,
2284 packet_info *pinfo, proto_tree *tree,
2287 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2294 samr_dissect_get_domain_password_information_rqst(tvbuff_t *tvb, int offset,
2299 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2300 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
2301 "PASSWORD_INFO:", -1);
2303 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
2304 NDR_POINTER_UNIQUE, "Domain", hf_samr_domain, 0);
2310 samr_dissect_get_domain_password_information_reply(tvbuff_t *tvb, int offset,
2315 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2316 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
2317 "PASSWORD_INFO:", -1);
2319 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2326 samr_dissect_DOMAIN_INFO_1(tvbuff_t *tvb, int offset,
2327 packet_info *pinfo, proto_tree *parent_tree,
2330 proto_item *item=NULL;
2331 proto_tree *tree=NULL;
2332 int old_offset=offset;
2334 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
2337 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2339 tree = proto_item_add_subtree(item, ett_samr_domain_info_1);
2342 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2343 hf_samr_min_pwd_len, NULL);
2344 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2345 hf_samr_pwd_history_len, NULL);
2346 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2347 hf_samr_unknown_long, NULL);
2348 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2349 hf_samr_max_pwd_age);
2350 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2351 hf_samr_min_pwd_age);
2352 proto_item_set_len(item, offset-old_offset);
2357 samr_dissect_DOMAIN_INFO_2(tvbuff_t *tvb, int offset,
2358 packet_info *pinfo, proto_tree *parent_tree,
2361 proto_item *item=NULL;
2362 proto_tree *tree=NULL;
2363 int old_offset=offset;
2366 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2368 tree = proto_item_add_subtree(item, ett_samr_domain_info_2);
2371 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2372 hf_samr_unknown_time);
2373 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2374 hf_samr_unknown_string, 0);
2375 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2377 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2378 hf_samr_controller, 0);
2379 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2380 hf_samr_unknown_time);
2381 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2382 hf_samr_unknown_long, NULL);
2383 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2384 hf_samr_unknown_long, NULL);
2385 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2386 hf_samr_unknown_char, NULL);
2387 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2388 hf_samr_num_users, NULL);
2389 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2390 hf_samr_num_groups, NULL);
2391 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2392 hf_samr_num_aliases, NULL);
2394 proto_item_set_len(item, offset-old_offset);
2399 samr_dissect_DOMAIN_INFO_8(tvbuff_t *tvb, int offset,
2400 packet_info *pinfo, proto_tree *parent_tree,
2403 proto_item *item=NULL;
2404 proto_tree *tree=NULL;
2405 int old_offset=offset;
2408 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2410 tree = proto_item_add_subtree(item, ett_samr_domain_info_8);
2413 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2414 hf_samr_max_pwd_age);
2415 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2416 hf_samr_min_pwd_age);
2418 proto_item_set_len(item, offset-old_offset);
2423 samr_dissect_REPLICATION_STATUS(tvbuff_t *tvb, int offset,
2424 packet_info *pinfo, proto_tree *parent_tree,
2427 proto_item *item=NULL;
2428 proto_tree *tree=NULL;
2429 int old_offset=offset;
2432 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2433 "REPLICATION_STATUS:");
2434 tree = proto_item_add_subtree(item, ett_samr_replication_status);
2437 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2438 hf_samr_unknown_hyper, NULL);
2439 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2440 hf_samr_unknown_hyper, NULL);
2441 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2442 hf_samr_unknown_short, NULL);
2444 proto_item_set_len(item, offset-old_offset);
2449 samr_dissect_DOMAIN_INFO_11(tvbuff_t *tvb, int offset,
2450 packet_info *pinfo, proto_tree *parent_tree,
2453 proto_item *item=NULL;
2454 proto_tree *tree=NULL;
2455 int old_offset=offset;
2458 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2460 tree = proto_item_add_subtree(item, ett_samr_domain_info_11);
2463 offset = samr_dissect_DOMAIN_INFO_2(
2464 tvb, offset, pinfo, tree, drep);
2465 offset = samr_dissect_REPLICATION_STATUS(
2466 tvb, offset, pinfo, tree, drep);
2468 proto_item_set_len(item, offset-old_offset);
2473 samr_dissect_DOMAIN_INFO_13(tvbuff_t *tvb, int offset,
2474 packet_info *pinfo, proto_tree *parent_tree,
2477 proto_item *item=NULL;
2478 proto_tree *tree=NULL;
2479 int old_offset=offset;
2482 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2484 tree = proto_item_add_subtree(item, ett_samr_domain_info_13);
2487 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2488 hf_samr_unknown_time);
2489 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2490 hf_samr_unknown_time);
2491 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2492 hf_samr_unknown_time);
2494 proto_item_set_len(item, offset-old_offset);
2500 samr_dissect_DOMAIN_INFO(tvbuff_t *tvb, int offset,
2501 packet_info *pinfo, proto_tree *parent_tree,
2504 proto_item *item=NULL;
2505 proto_tree *tree=NULL;
2506 int old_offset=offset;
2510 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2512 tree = proto_item_add_subtree(item, ett_samr_domain_info);
2515 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2516 hf_samr_level, &level);
2518 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2521 offset = samr_dissect_DOMAIN_INFO_1(
2522 tvb, offset, pinfo, tree, drep);
2525 offset = samr_dissect_DOMAIN_INFO_2(
2526 tvb, offset, pinfo, tree, drep);
2530 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2531 hf_samr_unknown_time);
2534 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2535 tree, drep, hf_samr_unknown_string, 0);
2539 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2540 tree, drep, hf_samr_domain, 0);
2544 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2545 tree, drep, hf_samr_controller, 0);
2549 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2550 hf_samr_unknown_short, NULL);
2553 offset = samr_dissect_DOMAIN_INFO_8(
2554 tvb, offset, pinfo, tree, drep);
2557 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2558 hf_samr_unknown_short, NULL);
2561 offset = samr_dissect_DOMAIN_INFO_11(
2562 tvb, offset, pinfo, tree, drep);
2565 offset = samr_dissect_REPLICATION_STATUS(
2566 tvb, offset, pinfo, tree, drep);
2569 offset = samr_dissect_DOMAIN_INFO_13(
2570 tvb, offset, pinfo, tree, drep);
2574 proto_item_set_len(item, offset-old_offset);
2579 samr_dissect_set_information_domain_rqst(tvbuff_t *tvb, int offset,
2580 packet_info *pinfo, proto_tree *tree,
2585 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2586 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2588 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2589 hf_samr_level, &level);
2591 if (check_col(pinfo->cinfo, COL_INFO))
2592 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
2594 offset = samr_dissect_DOMAIN_INFO(tvb, offset, pinfo, tree, drep);
2600 samr_dissect_set_information_domain_reply(tvbuff_t *tvb, int offset,
2602 proto_tree *tree, guint8 *drep)
2604 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2611 samr_dissect_create_group_in_domain_rqst(tvbuff_t *tvb, int offset,
2612 packet_info *pinfo, proto_tree *tree,
2615 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2616 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2618 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2619 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
2620 "Group Name", hf_samr_group_name);
2622 offset = dissect_nt_access_mask(
2623 tvb, offset, pinfo, tree, drep, hf_samr_access,
2624 &samr_group_access_mask_info, NULL);
2632 samr_dissect_create_group_in_domain_reply(tvbuff_t *tvb, int offset,
2633 packet_info *pinfo, proto_tree *tree,
2636 e_ctx_hnd policy_hnd;
2637 proto_item *hnd_item;
2640 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2641 hf_samr_hnd, &policy_hnd, &hnd_item,
2644 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2647 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2648 hf_samr_rc, &status);
2651 dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
2652 "CreateGroup handle");
2654 if (hnd_item != NULL)
2655 proto_item_append_text(hnd_item, ": CreateGroup handle");
2664 samr_dissect_lookup_domain_rqst(tvbuff_t *tvb, int offset,
2665 packet_info *pinfo, proto_tree *tree,
2668 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2669 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2671 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2672 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
2673 "Domain", hf_samr_domain);
2679 samr_dissect_lookup_domain_reply(tvbuff_t *tvb, int offset,
2680 packet_info *pinfo, proto_tree *tree,
2683 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2684 dissect_ndr_nt_SID_no_hf, NDR_POINTER_UNIQUE,
2687 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2693 samr_dissect_index(tvbuff_t *tvb, int offset,
2694 packet_info *pinfo, proto_tree *tree,
2699 di=pinfo->private_data;
2701 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2702 di->hf_index, NULL);
2709 samr_dissect_INDEX_ARRAY_value (tvbuff_t *tvb, int offset,
2710 packet_info *pinfo, proto_tree *tree,
2713 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2714 samr_dissect_index);
2720 plural_ending(const char *string)
2724 string_len = strlen(string);
2725 if (string_len > 0 && string[string_len - 1] == 's') {
2726 /* String ends with "s" - pluralize by adding "es" */
2729 /* Field name doesn't end with "s" - pluralize by adding "s" */
2735 samr_dissect_INDEX_ARRAY(tvbuff_t *tvb, int offset,
2736 packet_info *pinfo, proto_tree *parent_tree,
2741 proto_item *item=NULL;
2742 proto_tree *tree=NULL;
2743 int old_offset=offset;
2747 di=pinfo->private_data;
2749 field_name = proto_registrar_get_name(di->hf_index);
2750 snprintf(str, 255, "INDEX_ARRAY: %s%s:", field_name,
2751 plural_ending(field_name));
2753 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2755 tree = proto_item_add_subtree(item, ett_samr_index_array);
2758 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2759 hf_samr_count, &count);
2760 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2761 samr_dissect_INDEX_ARRAY_value, NDR_POINTER_UNIQUE,
2764 proto_item_set_len(item, offset-old_offset);
2769 samr_dissect_get_alias_membership_rqst(tvbuff_t *tvb, int offset,
2770 packet_info *pinfo, proto_tree *tree,
2773 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2774 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2776 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2777 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2784 samr_dissect_get_alias_membership_reply(tvbuff_t *tvb, int offset,
2785 packet_info *pinfo, proto_tree *tree,
2788 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2789 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
2790 "INDEX_ARRAY:", hf_samr_alias);
2792 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2799 samr_dissect_IDX_AND_NAME(tvbuff_t *tvb, int offset,
2800 packet_info *pinfo, proto_tree *parent_tree,
2803 proto_item *item=NULL;
2804 proto_tree *tree=NULL;
2805 int old_offset=offset;
2809 di=pinfo->private_data;
2811 snprintf(str, 255, "IDX_AND_NAME: %s:",proto_registrar_get_name(di->hf_index));
2813 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2815 tree = proto_item_add_subtree(item, ett_samr_idx_and_name);
2818 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2819 hf_samr_index, NULL);
2820 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2821 tree, drep, di->hf_index, 4);
2823 proto_item_set_len(item, offset-old_offset);
2828 samr_dissect_IDX_AND_NAME_entry (tvbuff_t *tvb, int offset,
2829 packet_info *pinfo, proto_tree *tree,
2832 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2833 samr_dissect_IDX_AND_NAME);
2840 samr_dissect_IDX_AND_NAME_ARRAY(tvbuff_t *tvb, int offset,
2841 packet_info *pinfo, proto_tree *parent_tree,
2846 proto_item *item=NULL;
2847 proto_tree *tree=NULL;
2848 int old_offset=offset;
2852 di=pinfo->private_data;
2854 field_name = proto_registrar_get_name(di->hf_index);
2857 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2858 "IDX_AND_NAME_ARRAY: %s%s:", field_name,
2859 plural_ending(field_name));
2860 tree = proto_item_add_subtree(item, ett_samr_idx_and_name_array);
2864 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2865 hf_samr_count, &count);
2866 snprintf(str, 255, "IDX_AND_NAME pointer: %s%s:", field_name,
2867 plural_ending(field_name));
2868 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2869 samr_dissect_IDX_AND_NAME_entry, NDR_POINTER_UNIQUE,
2872 proto_item_set_len(item, offset-old_offset);
2877 samr_dissect_IDX_AND_NAME_ARRAY_ptr(tvbuff_t *tvb, int offset,
2878 packet_info *pinfo, proto_tree *tree,
2885 di=pinfo->private_data;
2887 field_name = proto_registrar_get_name(di->hf_index);
2888 snprintf(str, 255, "IDX_AND_NAME_ARRAY pointer: %s%s:", field_name,
2889 plural_ending(field_name));
2890 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2891 samr_dissect_IDX_AND_NAME_ARRAY, NDR_POINTER_UNIQUE,
2897 samr_dissect_enum_domains_rqst(tvbuff_t *tvb, int offset,
2898 packet_info *pinfo, proto_tree *tree,
2901 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2902 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2904 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2905 samr_dissect_pointer_long, NDR_POINTER_REF,
2906 "Resume Handle", hf_samr_resume_hnd);
2908 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2909 hf_samr_pref_maxsize, NULL);
2915 samr_dissect_enum_domains_reply(tvbuff_t *tvb, int offset,
2916 packet_info *pinfo, proto_tree *tree,
2919 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2920 samr_dissect_pointer_long, NDR_POINTER_REF,
2921 "Resume Handle:", hf_samr_resume_hnd);
2923 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2924 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2925 "IDX_AND_NAME_ARRAY:", hf_samr_domain);
2927 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2928 samr_dissect_pointer_long, NDR_POINTER_REF,
2929 "Entries:", hf_samr_entries);
2931 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2938 samr_dissect_enum_dom_groups_rqst(tvbuff_t *tvb, int offset,
2939 packet_info *pinfo, proto_tree *tree,
2942 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2943 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2945 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2946 samr_dissect_pointer_long, NDR_POINTER_REF,
2947 "Resume Handle:", hf_samr_resume_hnd);
2949 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2950 hf_samr_pref_maxsize, NULL);
2956 samr_dissect_enum_dom_groups_reply(tvbuff_t *tvb, int offset,
2957 packet_info *pinfo, proto_tree *tree,
2960 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2961 samr_dissect_pointer_long, NDR_POINTER_REF,
2962 "Resume Handle:", hf_samr_resume_hnd);
2964 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2965 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2966 "IDX_AND_NAME_ARRAY:", hf_samr_group_name);
2968 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2969 samr_dissect_pointer_long, NDR_POINTER_REF,
2970 "Entries:", hf_samr_entries);
2972 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2979 samr_dissect_enum_dom_aliases_rqst(tvbuff_t *tvb, int offset,
2980 packet_info *pinfo, proto_tree *tree,
2983 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2984 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
2986 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2987 samr_dissect_pointer_long, NDR_POINTER_REF,
2988 "Resume Handle:", hf_samr_resume_hnd);
2990 offset = dissect_ndr_nt_acct_ctrl(
2991 tvb, offset, pinfo, tree, drep);
2997 samr_dissect_enum_dom_aliases_reply(tvbuff_t *tvb, int offset,
2998 packet_info *pinfo, proto_tree *tree,
3001 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3002 samr_dissect_pointer_long, NDR_POINTER_REF,
3003 "Resume Handle:", hf_samr_resume_hnd);
3005 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3006 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
3007 "IDX_AND_NAME_ARRAY:", hf_samr_alias_name);
3009 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3010 samr_dissect_pointer_long, NDR_POINTER_REF,
3011 "Entries:", hf_samr_entries);
3013 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3020 samr_dissect_get_members_in_alias_rqst(tvbuff_t *tvb, int offset,
3021 packet_info *pinfo, proto_tree *tree,
3024 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3025 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
3031 samr_dissect_get_members_in_alias_reply(tvbuff_t *tvb, int offset,
3032 packet_info *pinfo, proto_tree *tree,
3035 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3036 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3039 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3046 samr_dissect_USER_INFO_1(tvbuff_t *tvb, int offset,
3047 packet_info *pinfo, proto_tree *parent_tree,
3050 proto_item *item=NULL;
3051 proto_tree *tree=NULL;
3052 int old_offset=offset;
3055 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3057 tree = proto_item_add_subtree(item, ett_samr_user_info_1);
3060 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3061 hf_samr_acct_name, 0);
3063 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3064 hf_samr_full_name, 0);
3066 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3067 hf_samr_primary_group_rid, 0);
3069 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3070 hf_samr_acct_desc, 0);
3072 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3073 hf_samr_comment, 0);
3075 proto_item_set_len(item, offset-old_offset);
3080 samr_dissect_USER_INFO_2(tvbuff_t *tvb, int offset,
3081 packet_info *pinfo, proto_tree *parent_tree,
3084 proto_item *item=NULL;
3085 proto_tree *tree=NULL;
3086 int old_offset=offset;
3089 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3091 tree = proto_item_add_subtree(item, ett_samr_user_info_2);
3094 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3095 hf_samr_comment, 0);
3096 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3097 hf_samr_unknown_string, 0);
3098 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3099 hf_samr_country, NULL);
3100 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3101 hf_samr_codepage, NULL);
3103 proto_item_set_len(item, offset-old_offset);
3108 samr_dissect_USER_INFO_3(tvbuff_t *tvb, int offset,
3109 packet_info *pinfo, proto_tree *parent_tree,
3112 proto_item *item=NULL;
3113 proto_tree *tree=NULL;
3114 int old_offset=offset;
3117 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3119 tree = proto_item_add_subtree(item, ett_samr_user_info_3);
3122 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3123 hf_samr_acct_name, 0);
3124 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3125 hf_samr_full_name, 0);
3126 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3128 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3129 hf_samr_primary_group_rid, NULL);
3130 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3132 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3133 hf_samr_home_drive, 0);
3134 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3136 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3137 hf_samr_profile, 0);
3138 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3139 hf_samr_workstations, 0);
3140 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3141 hf_samr_logon_time);
3142 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3143 hf_samr_logoff_time);
3144 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3145 hf_samr_pwd_last_set_time);
3146 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3147 hf_samr_pwd_can_change_time);
3148 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3149 hf_samr_pwd_must_change_time);
3150 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
3151 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3152 hf_samr_bad_pwd_count, NULL);
3153 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3154 hf_samr_logon_count, NULL);
3155 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3157 proto_item_set_len(item, offset-old_offset);
3162 samr_dissect_USER_INFO_5(tvbuff_t *tvb, int offset,
3163 packet_info *pinfo, proto_tree *parent_tree,
3166 proto_item *item=NULL;
3167 proto_tree *tree=NULL;
3168 int old_offset=offset;
3171 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3173 tree = proto_item_add_subtree(item, ett_samr_user_info_5);
3176 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3177 hf_samr_acct_name, 0);
3178 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3179 hf_samr_full_name, 0);
3180 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3182 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3183 hf_samr_primary_group_rid, NULL);
3184 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3186 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3187 hf_samr_home_drive, 0);
3188 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3190 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3191 hf_samr_acct_desc, 0);
3192 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3193 hf_samr_workstations, 0);
3194 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3195 hf_samr_logon_time);
3196 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3197 hf_samr_logoff_time);
3198 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
3199 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3200 hf_samr_bad_pwd_count, NULL);
3201 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3202 hf_samr_logon_count, NULL);
3203 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3204 hf_samr_pwd_last_set_time);
3205 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3206 hf_samr_acct_expiry_time);
3207 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3209 proto_item_set_len(item, offset-old_offset);
3214 samr_dissect_USER_INFO_6(tvbuff_t *tvb, int offset,
3215 packet_info *pinfo, proto_tree *parent_tree,
3218 proto_item *item=NULL;
3219 proto_tree *tree=NULL;
3220 int old_offset=offset;
3223 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3225 tree = proto_item_add_subtree(item, ett_samr_user_info_6);
3228 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3229 hf_samr_acct_name, 0);
3230 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3231 hf_samr_full_name, 0);
3233 proto_item_set_len(item, offset-old_offset);
3238 samr_dissect_USER_INFO_10(tvbuff_t *tvb, int offset,
3239 packet_info *pinfo, proto_tree *parent_tree,
3242 proto_item *item=NULL;
3243 proto_tree *tree=NULL;
3244 int old_offset=offset;
3247 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3249 tree = proto_item_add_subtree(item, ett_samr_user_info_10);
3252 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3254 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3255 hf_samr_home_drive, 0);
3257 proto_item_set_len(item, offset-old_offset);
3263 samr_dissect_USER_INFO_18(tvbuff_t *tvb, int offset,
3264 packet_info *pinfo, proto_tree *parent_tree,
3267 proto_item *item=NULL;
3268 proto_tree *tree=NULL;
3269 int old_offset=offset;
3272 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3274 tree = proto_item_add_subtree(item, ett_samr_user_info_18);
3277 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
3278 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
3279 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3280 hf_samr_unknown_char, NULL);
3281 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3282 hf_samr_unknown_char, NULL);
3283 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3284 hf_samr_unknown_char, NULL);
3286 proto_item_set_len(item, offset-old_offset);
3291 samr_dissect_USER_INFO_19(tvbuff_t *tvb, int offset,
3292 packet_info *pinfo, proto_tree *parent_tree,
3295 proto_item *item=NULL;
3296 proto_tree *tree=NULL;
3297 int old_offset=offset;
3300 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3302 tree = proto_item_add_subtree(item, ett_samr_user_info_19);
3305 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3306 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3307 hf_samr_logon_time);
3308 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3309 hf_samr_logoff_time);
3310 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3311 hf_samr_bad_pwd_count, NULL);
3312 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3313 hf_samr_logon_count, NULL);
3315 proto_item_set_len(item, offset-old_offset);
3320 samr_dissect_BUFFER_entry(tvbuff_t *tvb, int offset,
3321 packet_info *pinfo, proto_tree *tree,
3324 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3325 hf_samr_unknown_char, NULL);
3331 samr_dissect_BUFFER_buffer(tvbuff_t *tvb, int offset,
3332 packet_info *pinfo, proto_tree *parent_tree,
3335 proto_item *item=NULL;
3336 proto_tree *tree=NULL;
3337 int old_offset=offset;
3340 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3342 tree = proto_item_add_subtree(item, ett_samr_buffer_buffer);
3345 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3346 samr_dissect_BUFFER_entry);
3348 proto_item_set_len(item, offset-old_offset);
3355 samr_dissect_BUFFER(tvbuff_t *tvb, int offset,
3356 packet_info *pinfo, proto_tree *parent_tree,
3359 proto_item *item=NULL;
3360 proto_tree *tree=NULL;
3361 int old_offset=offset;
3364 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3366 tree = proto_item_add_subtree(item, ett_samr_buffer);
3368 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3369 hf_samr_count, NULL);
3370 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3371 samr_dissect_BUFFER_buffer, NDR_POINTER_UNIQUE,
3374 proto_item_set_len(item, offset-old_offset);
3379 samr_dissect_USER_INFO_21(tvbuff_t *tvb, int offset,
3380 packet_info *pinfo, proto_tree *parent_tree,
3383 proto_item *item=NULL;
3384 proto_tree *tree=NULL;
3385 int old_offset=offset;
3388 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3390 tree = proto_item_add_subtree(item, ett_samr_user_info_21);
3393 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3394 hf_samr_logon_time);
3395 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3396 hf_samr_logoff_time);
3397 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3398 hf_samr_pwd_last_set_time);
3399 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3400 hf_samr_acct_expiry_time);
3401 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3402 hf_samr_pwd_can_change_time);
3403 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3404 hf_samr_pwd_must_change_time);
3405 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3406 hf_samr_acct_name, 2);
3407 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3408 hf_samr_full_name, 0);
3409 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3411 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3412 hf_samr_home_drive, 0);
3413 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3415 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3416 hf_samr_profile, 0);
3417 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3418 hf_samr_acct_desc, 0);
3419 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3420 hf_samr_workstations, 0);
3421 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3422 hf_samr_comment, 0);
3423 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3424 hf_samr_callback, 0);
3425 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3426 hf_samr_unknown_string, 0);
3427 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3428 hf_samr_unknown_string, 0);
3429 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3430 hf_samr_unknown_string, 0);
3431 offset = samr_dissect_BUFFER(tvb, offset, pinfo, tree, drep);
3432 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3434 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3435 hf_samr_primary_group_rid, NULL);
3436 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3437 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3438 hf_samr_unknown_long, NULL);
3439 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
3440 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3441 hf_samr_bad_pwd_count, NULL);
3442 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3443 hf_samr_logon_count, NULL);
3444 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3445 hf_samr_country, NULL);
3446 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3447 hf_samr_codepage, NULL);
3448 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3449 hf_samr_nt_pwd_set, NULL);
3450 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3451 hf_samr_lm_pwd_set, NULL);
3452 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3453 hf_samr_pwd_expired, NULL);
3454 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3455 hf_samr_unknown_char, NULL);
3457 proto_item_set_len(item, offset-old_offset);
3462 samr_dissect_USER_INFO_22(tvbuff_t *tvb, int offset,
3463 packet_info *pinfo, proto_tree *parent_tree,
3466 proto_item *item=NULL;
3467 proto_tree *tree=NULL;
3468 int old_offset=offset;
3471 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3473 tree = proto_item_add_subtree(item, ett_samr_user_info_22);
3476 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3477 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
3478 hf_samr_revision, NULL);
3480 proto_item_set_len(item, offset-old_offset);
3485 samr_dissect_USER_INFO_23(tvbuff_t *tvb, int offset,
3486 packet_info *pinfo, proto_tree *parent_tree,
3489 proto_item *item=NULL;
3490 proto_tree *tree=NULL;
3491 int old_offset=offset;
3494 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3496 tree = proto_item_add_subtree(item, ett_samr_user_info_23);
3499 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3500 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3502 proto_item_set_len(item, offset-old_offset);
3507 samr_dissect_USER_INFO_24(tvbuff_t *tvb, int offset,
3508 packet_info *pinfo, proto_tree *parent_tree,
3511 proto_item *item=NULL;
3512 proto_tree *tree=NULL;
3513 int old_offset=offset;
3516 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3518 tree = proto_item_add_subtree(item, ett_samr_user_info_24);
3521 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3522 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3523 hf_samr_unknown_char, NULL);
3525 proto_item_set_len(item, offset-old_offset);
3531 samr_dissect_USER_INFO_25(tvbuff_t *tvb, int offset,
3532 packet_info *pinfo, proto_tree *parent_tree,
3535 proto_item *item = NULL;
3536 proto_tree *tree = NULL;
3537 int old_offset = offset;
3540 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3542 tree = proto_item_add_subtree(item, ett_samr_user_info_25);
3545 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3547 proto_tree_add_item(tree, hf_samr_crypt_password, tvb, offset, 532,
3551 proto_item_set_len(item, offset - old_offset);
3558 samr_dissect_USER_INFO (tvbuff_t *tvb, int offset,
3559 packet_info *pinfo, proto_tree *parent_tree,
3562 proto_item *item=NULL;
3563 proto_tree *tree=NULL;
3564 int old_offset=offset;
3568 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3570 tree = proto_item_add_subtree(item, ett_samr_user_info);
3572 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3573 hf_samr_level, &level);
3577 offset = samr_dissect_USER_INFO_1(
3578 tvb, offset, pinfo, tree, drep);
3581 offset = samr_dissect_USER_INFO_2(
3582 tvb, offset, pinfo, tree, drep);
3585 offset = samr_dissect_USER_INFO_3(
3586 tvb, offset, pinfo, tree, drep);
3589 offset = dissect_ndr_nt_LOGON_HOURS(
3590 tvb, offset, pinfo, tree, drep);
3593 offset = samr_dissect_USER_INFO_5(
3594 tvb, offset, pinfo, tree, drep);
3597 offset = samr_dissect_USER_INFO_6(
3598 tvb, offset, pinfo, tree, drep);
3601 offset = dissect_ndr_counted_string(
3602 tvb, offset, pinfo, tree, drep, hf_samr_acct_name, 0);
3605 offset = dissect_ndr_counted_string(
3606 tvb, offset, pinfo, tree, drep, hf_samr_full_name, 0);
3609 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3610 hf_samr_primary_group_rid, NULL);
3613 offset = samr_dissect_USER_INFO_10(
3614 tvb, offset, pinfo, tree, drep);
3617 offset = dissect_ndr_counted_string(
3618 tvb, offset, pinfo, tree, drep, hf_samr_script, 0);
3621 offset = dissect_ndr_counted_string(
3622 tvb, offset, pinfo, tree, drep, hf_samr_profile, 0);
3625 offset = dissect_ndr_counted_string(
3626 tvb, offset, pinfo, tree, drep, hf_samr_acct_desc, 0);
3629 offset = dissect_ndr_counted_string(
3630 tvb, offset, pinfo, tree, drep, hf_samr_workstations, 0);
3633 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree,
3637 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3638 hf_samr_acct_expiry_time);
3641 offset = samr_dissect_USER_INFO_18(
3642 tvb, offset, pinfo, tree, drep);
3645 offset = samr_dissect_USER_INFO_19(
3646 tvb, offset, pinfo, tree, drep);
3649 offset = dissect_ndr_counted_string(
3650 tvb, offset, pinfo, tree, drep, hf_samr_callback, 0);
3653 offset = samr_dissect_USER_INFO_21(
3654 tvb, offset, pinfo, tree, drep);
3657 offset = samr_dissect_USER_INFO_22(
3658 tvb, offset, pinfo, tree, drep);
3661 offset = samr_dissect_USER_INFO_23(
3662 tvb, offset, pinfo, tree, drep);
3665 offset = samr_dissect_USER_INFO_24(
3666 tvb, offset, pinfo, tree, drep);
3668 offset = samr_dissect_USER_INFO_25(
3669 tvb, offset, pinfo, tree, drep);
3673 proto_item_set_len(item, offset-old_offset);
3678 samr_dissect_USER_INFO_ptr(tvbuff_t *tvb, int offset,
3679 packet_info *pinfo, proto_tree *tree,
3682 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3683 samr_dissect_USER_INFO, NDR_POINTER_UNIQUE,
3684 "USER_INFO pointer", -1);
3689 samr_dissect_set_information_user2_rqst(tvbuff_t *tvb, int offset,
3690 packet_info *pinfo, proto_tree *tree,
3695 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3696 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
3698 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3699 hf_samr_level, &level);
3701 if (check_col(pinfo->cinfo, COL_INFO))
3702 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
3704 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3705 samr_dissect_USER_INFO, NDR_POINTER_REF,
3712 samr_dissect_set_information_user2_reply(tvbuff_t *tvb, int offset,
3713 packet_info *pinfo, proto_tree *tree,
3716 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3723 samr_dissect_query_information_user2_rqst(tvbuff_t *tvb, int offset,
3724 packet_info *pinfo, proto_tree *tree,
3729 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3730 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
3732 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3733 hf_samr_level, &level);
3735 if (check_col(pinfo->cinfo, COL_INFO))
3736 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
3742 samr_dissect_query_information_user2_reply(tvbuff_t *tvb, int offset,
3743 packet_info *pinfo, proto_tree *tree,
3746 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3747 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
3750 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3757 samr_dissect_MEMBER_ARRAY_type(tvbuff_t *tvb, int offset,
3758 packet_info *pinfo, proto_tree *tree,
3761 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3762 hf_samr_type, NULL);
3769 samr_dissect_MEMBER_ARRAY_types(tvbuff_t *tvb, int offset,
3770 packet_info *pinfo, proto_tree *parent_tree,
3773 proto_item *item=NULL;
3774 proto_tree *tree=NULL;
3775 int old_offset=offset;
3778 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3779 "MEMBER_ARRAY_types:");
3780 tree = proto_item_add_subtree(item, ett_samr_member_array_types);
3783 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3784 samr_dissect_MEMBER_ARRAY_type);
3786 proto_item_set_len(item, offset-old_offset);
3793 samr_dissect_MEMBER_ARRAY_rid(tvbuff_t *tvb, int offset,
3794 packet_info *pinfo, proto_tree *tree,
3797 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3805 samr_dissect_MEMBER_ARRAY_rids(tvbuff_t *tvb, int offset,
3806 packet_info *pinfo, proto_tree *parent_tree,
3809 proto_item *item=NULL;
3810 proto_tree *tree=NULL;
3811 int old_offset=offset;
3814 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3815 "MEMBER_ARRAY_rids:");
3816 tree = proto_item_add_subtree(item, ett_samr_member_array_rids);
3819 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3820 samr_dissect_MEMBER_ARRAY_rid);
3822 proto_item_set_len(item, offset-old_offset);
3829 samr_dissect_MEMBER_ARRAY(tvbuff_t *tvb, int offset,
3830 packet_info *pinfo, proto_tree *parent_tree,
3834 proto_item *item=NULL;
3835 proto_tree *tree=NULL;
3836 int old_offset=offset;
3839 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3841 tree = proto_item_add_subtree(item, ett_samr_member_array);
3844 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3845 hf_samr_count, &count);
3846 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3847 samr_dissect_MEMBER_ARRAY_rids, NDR_POINTER_UNIQUE,
3849 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3850 samr_dissect_MEMBER_ARRAY_types, NDR_POINTER_UNIQUE,
3853 proto_item_set_len(item, offset-old_offset);
3858 samr_dissect_MEMBER_ARRAY_ptr(tvbuff_t *tvb, int offset,
3859 packet_info *pinfo, proto_tree *tree,
3862 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3863 samr_dissect_MEMBER_ARRAY, NDR_POINTER_UNIQUE,
3864 "MEMBER_ARRAY", -1);
3869 samr_dissect_query_groupmem_rqst(tvbuff_t *tvb, int offset,
3870 packet_info *pinfo, proto_tree *tree,
3873 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3874 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
3880 samr_dissect_query_groupmem_reply(tvbuff_t *tvb, int offset,
3881 packet_info *pinfo, proto_tree *tree,
3884 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3885 samr_dissect_MEMBER_ARRAY_ptr, NDR_POINTER_REF,
3886 "MEMBER_ARRAY:", -1);
3888 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3895 samr_dissect_set_sec_object_rqst(tvbuff_t *tvb, int offset,
3896 packet_info *pinfo, proto_tree *tree,
3901 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3902 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
3904 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3905 hf_samr_info_type, &info_type);
3907 if (check_col(pinfo->cinfo, COL_INFO))
3909 pinfo->cinfo, COL_INFO, ", info type %d", info_type);
3911 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3912 sam_dissect_SAM_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3913 "SAM_SECURITY_DESCRIPTOR pointer: ", -1);
3919 samr_dissect_set_sec_object_reply(tvbuff_t *tvb, int offset,
3920 packet_info *pinfo, proto_tree *tree,
3923 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3930 samr_dissect_query_sec_object_rqst(tvbuff_t *tvb, int offset,
3931 packet_info *pinfo, proto_tree *tree,
3936 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3937 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
3939 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3940 hf_samr_info_type, &info_type);
3942 if (check_col(pinfo->cinfo, COL_INFO))
3944 pinfo->cinfo, COL_INFO, ", info_type %d", info_type);
3950 samr_dissect_query_sec_object_reply(tvbuff_t *tvb, int offset,
3951 packet_info *pinfo, proto_tree *tree,
3954 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3955 sam_dissect_SAM_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3956 "SAM_SECURITY_DESCRIPTOR pointer: ", -1);
3958 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3965 samr_dissect_LOOKUP_NAMES_name(tvbuff_t *tvb, int offset,
3966 packet_info *pinfo, proto_tree *tree,
3969 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3970 hf_samr_acct_name, 1);
3975 samr_dissect_LOOKUP_NAMES(tvbuff_t *tvb, int offset,
3976 packet_info *pinfo, proto_tree *parent_tree,
3979 proto_item *item=NULL;
3980 proto_tree *tree=NULL;
3981 int old_offset=offset;
3984 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3986 tree = proto_item_add_subtree(item, ett_samr_names);
3989 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3990 samr_dissect_LOOKUP_NAMES_name);
3992 proto_item_set_len(item, offset-old_offset);
3998 samr_dissect_lookup_names_rqst(tvbuff_t *tvb, int offset,
3999 packet_info *pinfo, proto_tree *tree,
4002 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4003 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4005 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4006 hf_samr_count, NULL);
4008 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4009 samr_dissect_LOOKUP_NAMES, NDR_POINTER_REF,
4010 "LOOKUP_NAMES:", -1);
4016 samr_dissect_lookup_names_reply(tvbuff_t *tvb, int offset,
4017 packet_info *pinfo, proto_tree *tree,
4020 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4021 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
4022 "Rids:", hf_samr_rid);
4024 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4025 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
4026 "Types:", hf_samr_type);
4028 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4035 samr_dissect_LOOKUP_RIDS_rid(tvbuff_t *tvb, int offset,
4036 packet_info *pinfo, proto_tree *tree,
4039 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4046 samr_dissect_LOOKUP_RIDS(tvbuff_t *tvb, int offset,
4047 packet_info *pinfo, proto_tree *parent_tree,
4050 proto_item *item=NULL;
4051 proto_tree *tree=NULL;
4052 int old_offset=offset;
4055 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
4057 tree = proto_item_add_subtree(item, ett_samr_rids);
4060 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
4061 samr_dissect_LOOKUP_RIDS_rid);
4063 proto_item_set_len(item, offset-old_offset);
4069 samr_dissect_lookup_rids_rqst(tvbuff_t *tvb, int offset,
4070 packet_info *pinfo, proto_tree *tree,
4073 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4074 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4076 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4077 hf_samr_count, NULL);
4079 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4080 samr_dissect_LOOKUP_RIDS, NDR_POINTER_REF,
4081 "LOOKUP_RIDS:", -1);
4087 samr_dissect_UNICODE_STRING_ARRAY_name(tvbuff_t *tvb, int offset,
4088 packet_info *pinfo, proto_tree *tree,
4091 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
4092 hf_samr_acct_name, 0);
4097 samr_dissect_UNICODE_STRING_ARRAY_names(tvbuff_t *tvb, int offset,
4098 packet_info *pinfo, proto_tree *tree,
4101 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
4102 samr_dissect_UNICODE_STRING_ARRAY_name);
4107 samr_dissect_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
4108 packet_info *pinfo, proto_tree *parent_tree,
4111 proto_item *item=NULL;
4112 proto_tree *tree=NULL;
4113 int old_offset=offset;
4116 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
4118 tree = proto_item_add_subtree(item, ett_samr_names);
4121 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4122 hf_samr_count, NULL);
4124 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4125 samr_dissect_UNICODE_STRING_ARRAY_names, NDR_POINTER_UNIQUE,
4128 proto_item_set_len(item, offset-old_offset);
4136 samr_dissect_lookup_rids_reply(tvbuff_t *tvb, int offset,
4137 packet_info *pinfo, proto_tree *tree,
4140 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4141 samr_dissect_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
4142 "RIDs:", hf_samr_rid);
4144 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4145 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
4146 "Types:", hf_samr_type);
4148 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4155 samr_dissect_close_hnd_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4156 proto_tree *tree, guint8 *drep)
4158 e_ctx_hnd policy_hnd;
4161 offset = dissect_nt_policy_hnd(
4162 tvb, offset, pinfo, tree, drep, hf_samr_hnd, &policy_hnd,
4165 dcerpc_smb_fetch_pol(&policy_hnd, &name, NULL, NULL, pinfo->fd->num);
4167 if (name != NULL && check_col(pinfo->cinfo, COL_INFO))
4169 pinfo->cinfo, COL_INFO, ", %s", name);
4175 samr_dissect_close_hnd_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
4176 proto_tree *tree, guint8 *drep)
4178 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4179 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4181 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4188 samr_dissect_shutdown_sam_server_rqst(tvbuff_t *tvb, int offset,
4189 packet_info *pinfo, proto_tree *tree,
4192 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4193 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4199 samr_dissect_shutdown_sam_server_reply(tvbuff_t *tvb, int offset,
4200 packet_info *pinfo, proto_tree *tree,
4203 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4210 samr_dissect_delete_dom_group_rqst(tvbuff_t *tvb, int offset,
4211 packet_info *pinfo, proto_tree *tree,
4214 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4215 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4221 samr_dissect_delete_dom_group_reply(tvbuff_t *tvb, int offset,
4222 packet_info *pinfo, proto_tree *tree,
4225 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4232 samr_dissect_remove_member_from_group_rqst(tvbuff_t *tvb, int offset,
4234 proto_tree *tree, guint8 *drep)
4236 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4237 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4239 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4240 hf_samr_group, NULL);
4242 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4249 samr_dissect_remove_member_from_group_reply(tvbuff_t *tvb, int offset,
4251 proto_tree *tree, guint8 *drep)
4253 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4260 samr_dissect_delete_dom_alias_rqst(tvbuff_t *tvb, int offset,
4261 packet_info *pinfo, proto_tree *tree,
4264 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4265 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4271 samr_dissect_delete_dom_alias_reply(tvbuff_t *tvb, int offset,
4272 packet_info *pinfo, proto_tree *tree,
4275 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4276 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4278 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4285 samr_dissect_add_alias_member_rqst(tvbuff_t *tvb, int offset,
4286 packet_info *pinfo, proto_tree *tree,
4289 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4290 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4292 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4293 dissect_ndr_nt_SID_no_hf, NDR_POINTER_REF,
4300 samr_dissect_add_alias_member_reply(tvbuff_t *tvb, int offset,
4301 packet_info *pinfo, proto_tree *tree,
4304 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4311 samr_dissect_remove_alias_member_rqst(tvbuff_t *tvb, int offset,
4312 packet_info *pinfo, proto_tree *tree,
4315 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4316 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4318 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4319 dissect_ndr_nt_SID_no_hf, NDR_POINTER_REF,
4326 samr_dissect_remove_alias_member_reply(tvbuff_t *tvb, int offset,
4327 packet_info *pinfo, proto_tree *tree,
4330 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4337 samr_dissect_delete_dom_user_rqst(tvbuff_t *tvb, int offset,
4338 packet_info *pinfo, proto_tree *tree,
4341 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4342 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4348 samr_dissect_delete_dom_user_reply(tvbuff_t *tvb, int offset,
4349 packet_info *pinfo, proto_tree *tree,
4352 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4353 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4355 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4362 samr_dissect_test_private_fns_domain_rqst(tvbuff_t *tvb, int offset,
4363 packet_info *pinfo, proto_tree *tree,
4366 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4367 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4373 samr_dissect_test_private_fns_domain_reply(tvbuff_t *tvb, int offset,
4375 proto_tree *tree, guint8 *drep)
4377 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4384 samr_dissect_test_private_fns_user_rqst(tvbuff_t *tvb, int offset,
4385 packet_info *pinfo, proto_tree *tree,
4388 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4389 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4395 samr_dissect_test_private_fns_user_reply(tvbuff_t *tvb, int offset,
4397 proto_tree *tree, guint8 *drep)
4399 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4406 samr_dissect_remove_member_from_foreign_domain_rqst(tvbuff_t *tvb, int offset,
4411 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4412 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4414 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4415 dissect_ndr_nt_SID_no_hf, NDR_POINTER_REF,
4422 samr_dissect_remove_member_from_foreign_domain_reply(tvbuff_t *tvb, int offset,
4427 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4434 samr_dissect_remove_multiple_members_from_alias_rqst(tvbuff_t *tvb,
4440 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4441 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4443 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4444 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
4451 samr_dissect_remove_multiple_members_from_alias_reply(tvbuff_t *tvb,
4457 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4464 samr_dissect_open_group_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4465 proto_tree *tree, guint8 *drep)
4467 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4468 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4471 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4472 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4474 offset = dissect_nt_access_mask(
4475 tvb, offset, pinfo, tree, drep, hf_samr_access,
4476 &samr_group_access_mask_info, NULL);
4478 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4481 if (check_col(pinfo->cinfo, COL_INFO))
4482 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
4484 dcv->private_data = GINT_TO_POINTER(rid);
4490 samr_dissect_open_group_reply(tvbuff_t *tvb, int offset,
4491 packet_info *pinfo, proto_tree *tree,
4494 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4495 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4496 guint32 rid = GPOINTER_TO_INT(dcv->private_data);
4497 e_ctx_hnd policy_hnd;
4498 proto_item *hnd_item;
4502 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4503 hf_samr_hnd, &policy_hnd, &hnd_item,
4506 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4507 hf_samr_rc, &status);
4511 pol_name = g_strdup_printf("OpenGroup(rid 0x%x)", rid);
4513 pol_name = g_strdup("OpenGroup handle");
4515 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
4517 if (hnd_item != NULL)
4518 proto_item_append_text(hnd_item, ": %s", pol_name);
4527 samr_dissect_open_alias_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4528 proto_tree *tree, guint8 *drep)
4530 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4531 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4534 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4535 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4537 offset = dissect_nt_access_mask(
4538 tvb, offset, pinfo, tree, drep, hf_samr_access,
4539 &samr_alias_access_mask_info, NULL);
4541 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4544 if (check_col(pinfo->cinfo, COL_INFO))
4545 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
4547 dcv->private_data = GINT_TO_POINTER(rid);
4553 samr_dissect_open_alias_reply(tvbuff_t *tvb, int offset,
4554 packet_info *pinfo, proto_tree *tree,
4557 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4558 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4559 e_ctx_hnd policy_hnd;
4561 proto_item *hnd_item;
4565 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4566 hf_samr_hnd, &policy_hnd, &hnd_item,
4569 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4570 hf_samr_rc, &status);
4573 rid = GPOINTER_TO_INT(dcv->private_data);
4576 pol_name = g_strdup_printf("OpenAlias(rid 0x%x)", rid);
4578 pol_name = g_strdup_printf("OpenAlias handle");
4580 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
4582 if (hnd_item != NULL)
4583 proto_item_append_text(hnd_item, ": %s", pol_name);
4592 samr_dissect_add_multiple_members_to_alias_rqst(tvbuff_t *tvb, int offset,
4594 proto_tree *tree, guint8 *drep)
4596 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4597 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4599 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4600 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
4607 samr_dissect_add_multiple_members_to_alias_reply(tvbuff_t *tvb, int offset,
4609 proto_tree *tree, guint8 *drep)
4611 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4618 samr_dissect_create_user_in_domain_rqst(tvbuff_t *tvb, int offset,
4619 packet_info *pinfo, proto_tree *tree,
4622 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4623 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4625 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4626 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
4627 "Account Name", hf_samr_acct_name);
4629 offset = dissect_nt_access_mask(
4630 tvb, offset, pinfo, tree, drep, hf_samr_access,
4631 &samr_user_access_mask_info, NULL);
4637 samr_dissect_create_user_in_domain_reply(tvbuff_t *tvb, int offset,
4638 packet_info *pinfo, proto_tree *tree,
4641 e_ctx_hnd policy_hnd;
4642 proto_item *hnd_item;
4647 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4648 hf_samr_hnd, &policy_hnd, &hnd_item,
4651 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4654 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4655 hf_samr_rc, &status);
4658 pol_name = g_strdup_printf("CreateUser(rid 0x%x)", rid);
4660 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
4662 if (hnd_item != NULL)
4663 proto_item_append_text(hnd_item, ": %s", pol_name);
4673 samr_dissect_enum_users_in_domain_rqst(tvbuff_t *tvb, int offset,
4675 proto_tree *tree, guint8 *drep)
4677 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4678 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4680 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4681 samr_dissect_pointer_long, NDR_POINTER_REF,
4682 "Resume Handle", hf_samr_resume_hnd);
4684 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
4686 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4687 hf_samr_pref_maxsize, NULL);
4694 samr_dissect_enum_users_in_domain_reply(tvbuff_t *tvb, int offset,
4696 proto_tree *tree, guint8 *drep)
4698 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4699 samr_dissect_pointer_long, NDR_POINTER_REF,
4700 "Resume Handle:", hf_samr_resume_hnd);
4702 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4703 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
4704 "IDX_AND_NAME_ARRAY:", hf_samr_acct_name);
4706 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4707 samr_dissect_pointer_long, NDR_POINTER_REF,
4708 "Entries:", hf_samr_entries);
4710 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4719 samr_dissect_query_information_domain_rqst(tvbuff_t *tvb, int offset,
4721 proto_tree *tree, guint8 *drep)
4725 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4726 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4728 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4729 hf_samr_level, &level);
4731 if (check_col(pinfo->cinfo, COL_INFO))
4732 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
4738 samr_dissect_query_information_domain_reply(tvbuff_t *tvb, int offset,
4739 packet_info *pinfo, proto_tree *tree,
4743 * Yes, in at least one capture with replies from a W2K server,
4744 * this was, indeed, a UNIQUE pointer, not a REF pointer.
4746 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4747 samr_dissect_DOMAIN_INFO, NDR_POINTER_UNIQUE,
4748 "DOMAIN_INFO pointer", hf_samr_domain);
4750 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4757 samr_dissect_query_information_user_rqst(tvbuff_t *tvb, int offset,
4759 proto_tree *tree, guint8 *drep)
4763 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4764 hf_samr_hnd, NULL, NULL, FALSE, FALSE);
4766 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4767 hf_samr_level, &level);
4769 if (check_col(pinfo->cinfo, COL_INFO))
4770 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
4776 samr_dissect_query_information_user_reply(tvbuff_t *tvb, int offset,
4778 proto_tree *tree, guint8 *drep)
4780 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4781 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
4784 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4792 samr_dissect_connect5_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4793 proto_tree *tree, guint8 *drep)
4795 offset = dissect_ndr_pointer_cb(
4796 tvb, offset, pinfo, tree, drep,
4797 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
4798 "Server", hf_samr_server, cb_wstr_postprocess,
4799 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
4801 offset = dissect_nt_access_mask(
4802 tvb, offset, pinfo, tree, drep, hf_samr_access,
4803 &samr_connect_access_mask_info, NULL);
4806 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4807 hf_samr_unknown_long, NULL);
4809 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4810 hf_samr_unknown_long, NULL);
4812 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4813 hf_samr_unknown_long, NULL);
4815 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4816 hf_samr_unknown_long, NULL);
4824 samr_dissect_connect5_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
4825 proto_tree *tree, guint8 *drep)
4827 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4828 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4829 e_ctx_hnd policy_hnd;
4830 proto_item *hnd_item;
4832 char *server = (char *)dcv->private_data, *pol_name;
4835 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4836 hf_samr_unknown_long, NULL);
4838 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4839 hf_samr_unknown_long, NULL);
4841 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4842 hf_samr_unknown_long, NULL);
4844 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4845 hf_samr_unknown_long, NULL);
4847 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4848 hf_samr_hnd, &policy_hnd,
4849 &hnd_item, TRUE, FALSE);
4851 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4852 hf_samr_rc, &status);
4856 pol_name = g_strdup_printf("Connect5(%s)", server);
4858 pol_name = g_strdup("Connect5 handle");
4860 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
4862 if (hnd_item != NULL)
4863 proto_item_append_text(hnd_item, ": %s", pol_name);
4873 static dcerpc_sub_dissector dcerpc_samr_dissectors[] = {
4874 { SAMR_CONNECT, "SamrConnect",
4875 samr_dissect_connect_anon_rqst,
4876 samr_dissect_connect_anon_reply },
4877 { SAMR_CLOSE_HND, "SamrCloseHandle",
4878 samr_dissect_close_hnd_rqst,
4879 samr_dissect_close_hnd_reply },
4880 { SAMR_SET_SEC_OBJECT, "SamrSetSecurityObject",
4881 samr_dissect_set_sec_object_rqst,
4882 samr_dissect_set_sec_object_reply },
4883 { SAMR_QUERY_SEC_OBJECT, "SamrQuerySecurityObject",
4884 samr_dissect_query_sec_object_rqst,
4885 samr_dissect_query_sec_object_reply },
4886 { SAMR_SHUTDOWN_SAM_SERVER, "SamrShutdownSamServer",
4887 samr_dissect_shutdown_sam_server_rqst,
4888 samr_dissect_shutdown_sam_server_reply },
4889 { SAMR_LOOKUP_DOMAIN, "SamrLookupDomainInSamServer",
4890 samr_dissect_lookup_domain_rqst,
4891 samr_dissect_lookup_domain_reply },
4892 { SAMR_ENUM_DOMAINS, "SamrEnumerateDomainsInSamServer",
4893 samr_dissect_enum_domains_rqst,
4894 samr_dissect_enum_domains_reply },
4895 { SAMR_OPEN_DOMAIN, "SamrOpenDomain",
4896 samr_dissect_open_domain_rqst,
4897 samr_dissect_open_domain_reply },
4898 { SAMR_QUERY_DOMAIN_INFO, "SamrQueryInformationDomain",
4899 samr_dissect_query_information_alias_rqst,
4900 samr_dissect_query_information_domain_reply },
4901 { SAMR_SET_DOMAIN_INFO, "SamrSetInformationDomain",
4902 samr_dissect_set_information_domain_rqst,
4903 samr_dissect_set_information_domain_reply },
4904 { SAMR_CREATE_DOM_GROUP, "SamrCreateGroupInDomain",
4905 samr_dissect_create_group_in_domain_rqst,
4906 samr_dissect_create_group_in_domain_reply },
4907 { SAMR_ENUM_DOM_GROUPS, "SamrEnumerateGroupsInDomain",
4908 samr_dissect_enum_dom_groups_rqst,
4909 samr_dissect_enum_dom_groups_reply },
4910 { SAMR_CREATE_USER_IN_DOMAIN, "SamrCreateUserInDomain",
4911 samr_dissect_create_user_in_domain_rqst,
4912 samr_dissect_create_user_in_domain_reply },
4913 { SAMR_ENUM_DOM_USERS, "SamrEnumerateUsersInDomain",
4914 samr_dissect_enum_users_in_domain_rqst,
4915 samr_dissect_enum_users_in_domain_reply },
4916 { SAMR_CREATE_DOM_ALIAS, "SamrCreateAliasInDomain",
4917 samr_dissect_create_alias_in_domain_rqst,
4918 samr_dissect_create_alias_in_domain_reply },
4919 { SAMR_ENUM_DOM_ALIASES, "SamrEnumerateAliasesInDomain",
4920 samr_dissect_enum_dom_aliases_rqst,
4921 samr_dissect_enum_dom_aliases_reply },
4922 { SAMR_GET_ALIAS_MEMBERSHIP, "SamrGetAliasMembership",
4923 samr_dissect_get_alias_membership_rqst,
4924 samr_dissect_get_alias_membership_reply },
4925 { SAMR_LOOKUP_NAMES, "SamrLookupNamesInDomain",
4926 samr_dissect_lookup_names_rqst,
4927 samr_dissect_lookup_names_reply },
4928 { SAMR_LOOKUP_RIDS, "SamrLookupIdsInDomain",
4929 samr_dissect_lookup_rids_rqst,
4930 samr_dissect_lookup_rids_reply },
4931 { SAMR_OPEN_GROUP, "SamrOpenGroup",
4932 samr_dissect_open_group_rqst,
4933 samr_dissect_open_group_reply },
4934 { SAMR_QUERY_GROUPINFO, "SamrQueryInformationGroup",
4935 samr_dissect_query_information_group_rqst,
4936 samr_dissect_query_information_group_reply },
4937 { SAMR_SET_GROUPINFO, "SamrSetInformationGroup",
4938 samr_dissect_set_information_group_rqst,
4939 samr_dissect_set_information_group_reply },
4940 { SAMR_ADD_GROUPMEM, "SamrAddMemberToGroup",
4941 samr_dissect_add_member_to_group_rqst,
4942 samr_dissect_add_member_to_group_reply },
4943 { SAMR_DELETE_DOM_GROUP, "SamrDeleteGroup",
4944 samr_dissect_delete_dom_group_rqst,
4945 samr_dissect_delete_dom_group_reply },
4946 { SAMR_DEL_GROUPMEM, "SamrRemoveMemberFromGroup",
4947 samr_dissect_remove_member_from_group_rqst,
4948 samr_dissect_remove_member_from_group_reply },
4949 { SAMR_QUERY_GROUPMEM, "SamrGetMembersInGroup",
4950 samr_dissect_query_groupmem_rqst,
4951 samr_dissect_query_groupmem_reply },
4952 { SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SamrSetMemberAttributesOfGroup",
4953 samr_dissect_set_member_attributes_of_group_rqst,
4954 samr_dissect_set_member_attributes_of_group_reply },
4955 { SAMR_OPEN_ALIAS, "SamrOpenAlias",
4956 samr_dissect_open_alias_rqst,
4957 samr_dissect_open_alias_reply },
4958 { SAMR_QUERY_ALIASINFO, "SamrQueryInformationAlias",
4959 samr_dissect_query_information_alias_rqst,
4960 samr_dissect_query_information_alias_reply },
4961 { SAMR_SET_ALIASINFO, "SamrSetInformationAlias",
4962 samr_dissect_set_information_alias_rqst,
4963 samr_dissect_set_information_alias_reply },
4964 { SAMR_DELETE_DOM_ALIAS, "SamrDeleteAlias",
4965 samr_dissect_delete_dom_alias_rqst,
4966 samr_dissect_delete_dom_alias_reply },
4967 { SAMR_ADD_ALIASMEM, "SamrAddMemberToAlias",
4968 samr_dissect_add_alias_member_rqst,
4969 samr_dissect_add_alias_member_reply },
4970 { SAMR_DEL_ALIASMEM, "SamrRemoveMemberFromAlias",
4971 samr_dissect_remove_alias_member_rqst,
4972 samr_dissect_remove_alias_member_reply },
4973 { SAMR_GET_MEMBERS_IN_ALIAS, "SamrGetMembersInAlias",
4974 samr_dissect_get_members_in_alias_rqst,
4975 samr_dissect_get_members_in_alias_reply },
4976 { SAMR_OPEN_USER, "SamrOpenUser",
4977 samr_dissect_open_user_rqst,
4978 samr_dissect_open_user_reply },
4979 { SAMR_DELETE_DOM_USER, "SamrDeleteUser",
4980 samr_dissect_delete_dom_user_rqst,
4981 samr_dissect_delete_dom_user_reply },
4982 { SAMR_QUERY_USERINFO, "SamrQueryInformationUser",
4983 samr_dissect_query_information_user_rqst,
4984 samr_dissect_query_information_user_reply },
4985 { SAMR_SET_USERINFO, "SamrSetInformationUser",
4986 samr_dissect_set_information_user2_rqst,
4987 samr_dissect_set_information_user2_reply },
4988 { SAMR_CHANGE_PASSWORD_USER, "SamrChangePasswordUser",
4989 samr_dissect_change_password_user_rqst,
4990 samr_dissect_change_password_user_reply },
4991 { SAMR_GET_GROUPS_FOR_USER, "SamrGetGroupsForUser",
4992 samr_dissect_get_groups_for_user_rqst,
4993 samr_dissect_get_groups_for_user_reply },
4994 { SAMR_QUERY_DISPINFO, "SamrQueryDisplayInformation",
4995 samr_dissect_query_dispinfo_rqst,
4996 samr_dissect_query_dispinfo_reply },
4997 { SAMR_GET_DISPLAY_ENUMERATION_INDEX, "SamrGetDisplayEnumerationIndex",
4998 samr_dissect_get_display_enumeration_index_rqst,
4999 samr_dissect_get_display_enumeration_index_reply },
5000 { SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "SamrTestPrivateFunctionsDomain",
5001 samr_dissect_test_private_fns_domain_rqst,
5002 samr_dissect_test_private_fns_domain_reply },
5003 { SAMR_TEST_PRIVATE_FUNCTIONS_USER, "SamrTestPrivateFunctionsUser",
5004 samr_dissect_test_private_fns_user_rqst,
5005 samr_dissect_test_private_fns_user_reply },
5006 { SAMR_GET_USRDOM_PWINFO, "SamrGetUserDomainPasswordInformation",
5007 samr_dissect_get_usrdom_pwinfo_rqst,
5008 samr_dissect_get_usrdom_pwinfo_reply },
5009 { SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "SamrRemoveMemberFromForeignDomain",
5010 samr_dissect_remove_member_from_foreign_domain_rqst,
5011 samr_dissect_remove_member_from_foreign_domain_reply },
5012 { SAMR_QUERY_INFORMATION_DOMAIN2, "SamrQueryInformationDomain2",
5013 samr_dissect_query_information_domain_rqst,
5014 samr_dissect_query_information_domain_reply },
5015 { SAMR_QUERY_INFORMATION_USER2, "SamrQueryInformationUser2",
5016 samr_dissect_query_information_user2_rqst,
5017 samr_dissect_query_information_user2_reply },
5018 { SAMR_QUERY_DISPINFO2, "SamrQueryDisplayInformation2",
5019 samr_dissect_query_dispinfo_rqst,
5020 samr_dissect_query_dispinfo_reply },
5021 { SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "SamrGetDisplayEnumerationIndex2",
5022 samr_dissect_get_display_enumeration_index2_rqst,
5023 samr_dissect_get_display_enumeration_index2_reply },
5024 { SAMR_CREATE_USER2_IN_DOMAIN, "SamrCreateUser2InDomain",
5025 samr_dissect_create_user2_in_domain_rqst,
5026 samr_dissect_create_user2_in_domain_reply },
5027 { SAMR_QUERY_DISPINFO3, "SamrQueryDisplayInformation3",
5028 samr_dissect_query_dispinfo_rqst,
5029 samr_dissect_query_dispinfo_reply },
5030 { SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "SamrAddMultipleMembersToAlias",
5031 samr_dissect_add_multiple_members_to_alias_rqst,
5032 samr_dissect_add_multiple_members_to_alias_reply },
5033 { SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "SamrRemoveMultipleMembersFromAlias",
5034 samr_dissect_remove_multiple_members_from_alias_rqst,
5035 samr_dissect_remove_multiple_members_from_alias_reply },
5036 { SAMR_OEM_CHANGE_PASSWORD_USER2, "SamrOemChangePasswordUser2",
5037 samr_dissect_oem_change_password_user2_rqst,
5038 samr_dissect_oem_change_password_user2_reply },
5039 { SAMR_UNICODE_CHANGE_PASSWORD_USER2, "SamrUnicodeChangePasswordUser2",
5040 samr_dissect_unicode_change_password_user2_rqst,
5041 samr_dissect_unicode_change_password_user2_reply },
5042 { SAMR_GET_DOM_PWINFO, "SamrGetDomainPasswordInformation",
5043 samr_dissect_get_domain_password_information_rqst,
5044 samr_dissect_get_domain_password_information_reply },
5045 { SAMR_CONNECT2, "SamrConnect2",
5046 samr_dissect_connect2_rqst,
5047 samr_dissect_connect2_3_4_reply },
5048 { SAMR_SET_USERINFO2, "SamrSetInformationUser2",
5049 samr_dissect_set_information_user2_rqst,
5050 samr_dissect_set_information_user2_reply },
5051 { SAMR_SET_BOOT_KEY_INFORMATION, "SamrSetBootKeyInformation",
5052 samr_dissect_set_boot_key_information_rqst,
5053 samr_dissect_set_boot_key_information_reply },
5054 { SAMR_GET_BOOT_KEY_INFORMATION, "SamrGetBootKeyInformation",
5055 samr_dissect_get_boot_key_information_rqst,
5056 samr_dissect_get_boot_key_information_reply },
5057 { SAMR_CONNECT3, "SamrConnect3",
5058 samr_dissect_connect3_4_rqst,
5059 samr_dissect_connect2_3_4_reply },
5060 { SAMR_CONNECT4, "SamrConnect4",
5061 samr_dissect_connect3_4_rqst,
5062 samr_dissect_connect2_3_4_reply },
5063 { SAMR_UNICODE_CHANGE_PASSWORD_USER3, "SamrUnicodeChangePasswordUser3",
5065 { SAMR_CONNECT5, "SamrConnect5",
5066 samr_dissect_connect5_rqst,
5067 samr_dissect_connect5_reply },
5068 { SAMR_RID_TO_SID, "SamrRidToSid", NULL, NULL },
5069 { SAMR_SET_DSRM_PASSWORD, "SamrSetDSRMPassword", NULL, NULL },
5070 { SAMR_VALIDATE_PASSWORD, "SamrValidatePassword", NULL, NULL },
5071 {0, NULL, NULL, NULL }
5075 proto_register_dcerpc_samr(void)
5077 static hf_register_info hf[] = {
5079 { "Operation", "samr.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "Operation", HFILL }},
5081 { "Context Handle", "samr.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }},
5083 { "Group", "samr.group", FT_UINT32, BASE_DEC, NULL, 0x0, "Group", HFILL }},
5085 { "Rid", "samr.rid", FT_UINT32, BASE_DEC, NULL, 0x0, "RID", HFILL }},
5087 { "Type", "samr.type", FT_UINT32, BASE_HEX, NULL, 0x0, "Type", HFILL }},
5089 { "Alias", "samr.alias", FT_UINT32, BASE_HEX, NULL, 0x0, "Alias", HFILL }},
5090 { &hf_samr_rid_attrib,
5091 { "Rid Attrib", "samr.rid.attrib", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
5093 { "Attributes", "samr.attr", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
5095 { "Return code", "samr.rc", FT_UINT32, BASE_HEX, VALS (NT_errors), 0x0, "", HFILL }},
5098 { "Level", "samr.level", FT_UINT16, BASE_DEC,
5099 NULL, 0x0, "Level requested/returned for Information", HFILL }},
5100 { &hf_samr_start_idx,
5101 { "Start Idx", "samr.start_idx", FT_UINT32, BASE_DEC,
5102 NULL, 0x0, "Start Index for returned Information", HFILL }},
5105 { "Entries", "samr.entries", FT_UINT32, BASE_DEC,
5106 NULL, 0x0, "Number of entries to return", HFILL }},
5108 { &hf_samr_max_entries,
5109 { "Max Entries", "samr.max_entries", FT_UINT32, BASE_DEC,
5110 NULL, 0x0, "Maximum number of entries", HFILL }},
5112 { &hf_samr_pref_maxsize,
5113 { "Pref MaxSize", "samr.pref_maxsize", FT_UINT32, BASE_DEC,
5114 NULL, 0x0, "Maximum Size of data to return", HFILL }},
5116 { &hf_samr_total_size,
5117 { "Total Size", "samr.total_size", FT_UINT32, BASE_DEC,
5118 NULL, 0x0, "Total size of data", HFILL }},
5120 { &hf_samr_bad_pwd_count,
5121 { "Bad Pwd Count", "samr.bad_pwd_count", FT_UINT16, BASE_DEC,
5122 NULL, 0x0, "Number of bad pwd entries for this user", HFILL }},
5124 { &hf_samr_logon_count,
5125 { "Logon Count", "samr.logon_count", FT_UINT16, BASE_DEC,
5126 NULL, 0x0, "Number of logons for this user", HFILL }},
5128 { &hf_samr_ret_size,
5129 { "Returned Size", "samr.ret_size", FT_UINT32, BASE_DEC,
5130 NULL, 0x0, "Number of returned objects in this PDU", HFILL }},
5133 { "Index", "samr.index", FT_UINT32, BASE_DEC,
5134 NULL, 0x0, "Index", HFILL }},
5137 { "Count", "samr.count", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of elements in following array", HFILL }},
5139 { &hf_samr_alias_name,
5140 { "Alias Name", "samr.alias_name", FT_STRING, BASE_NONE,
5141 NULL, 0, "Name of Alias (Local Group)", HFILL }},
5143 { &hf_samr_group_name,
5144 { "Group Name", "samr.group_name", FT_STRING, BASE_NONE,
5145 NULL, 0, "Name of Group", HFILL }},
5147 { &hf_samr_acct_name,
5148 { "Account Name", "samr.acct_name", FT_STRING, BASE_NONE,
5149 NULL, 0, "Name of Account", HFILL }},
5152 { "Server", "samr.server", FT_STRING, BASE_NONE,
5153 NULL, 0, "Name of Server", HFILL }},
5156 { "Domain", "samr.domain", FT_STRING, BASE_NONE,
5157 NULL, 0, "Name of Domain", HFILL }},
5159 { &hf_samr_controller,
5160 { "DC", "samr.dc", FT_STRING, BASE_NONE,
5161 NULL, 0, "Name of Domain Controller", HFILL }},
5163 { &hf_samr_full_name,
5164 { "Full Name", "samr.full_name", FT_STRING, BASE_NONE,
5165 NULL, 0, "Full Name of Account", HFILL }},
5168 { "Home", "samr.home", FT_STRING, BASE_NONE,
5169 NULL, 0, "Home directory for this user", HFILL }},
5171 { &hf_samr_home_drive,
5172 { "Home Drive", "samr.home_drive", FT_STRING, BASE_NONE,
5173 NULL, 0, "Home drive for this user", HFILL }},
5176 { "Script", "samr.script", FT_STRING, BASE_NONE,
5177 NULL, 0, "Login script for this user", HFILL }},
5179 { &hf_samr_workstations,
5180 { "Workstations", "samr.workstations", FT_STRING, BASE_NONE,
5181 NULL, 0, "", HFILL }},
5184 { "Profile", "samr.profile", FT_STRING, BASE_NONE,
5185 NULL, 0, "Profile for this user", HFILL }},
5187 { &hf_samr_acct_desc,
5188 { "Account Desc", "samr.acct_desc", FT_STRING, BASE_NONE,
5189 NULL, 0, "Account Description", HFILL }},
5192 { "Account Comment", "samr.comment", FT_STRING, BASE_NONE,
5193 NULL, 0, "Account Comment", HFILL }},
5195 { &hf_samr_unknown_string,
5196 { "Unknown string", "samr.unknown_string", FT_STRING, BASE_NONE,
5197 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
5199 { &hf_samr_unknown_hyper,
5200 { "Unknown hyper", "samr.unknown.hyper", FT_UINT64, BASE_HEX,
5201 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
5202 { &hf_samr_unknown_long,
5203 { "Unknown long", "samr.unknown.long", FT_UINT32, BASE_HEX,
5204 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
5206 { &hf_samr_unknown_short,
5207 { "Unknown short", "samr.unknown.short", FT_UINT16, BASE_HEX,
5208 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
5210 { &hf_samr_unknown_char,
5211 { "Unknown char", "samr.unknown.char", FT_UINT8, BASE_HEX,
5212 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
5214 { &hf_samr_revision,
5215 { "Revision", "samr.revision", FT_UINT64, BASE_HEX,
5216 NULL, 0x0, "Revision number for this structure", HFILL }},
5218 { &hf_samr_nt_pwd_set,
5219 { "NT Pwd Set", "samr.nt_pwd_set", FT_UINT8, BASE_HEX,
5220 NULL, 0x0, "Flag indicating whether the NT password has been set", HFILL }},
5222 { &hf_samr_lm_pwd_set,
5223 { "LM Pwd Set", "samr.lm_pwd_set", FT_UINT8, BASE_HEX,
5224 NULL, 0x0, "Flag indicating whether the LanManager password has been set", HFILL }},
5226 { &hf_samr_pwd_expired,
5227 { "Expired flag", "samr.pwd_Expired", FT_UINT8, BASE_HEX,
5228 NULL, 0x0, "Flag indicating if the password for this account has expired or not", HFILL }},
5231 { "Access Mask", "samr.access", FT_UINT32, BASE_HEX,
5232 NULL, 0x0, "Access", HFILL }},
5234 { &hf_samr_access_granted,
5235 { "Access Granted", "samr.access_granted", FT_UINT32, BASE_HEX,
5236 NULL, 0x0, "Access Granted", HFILL }},
5238 { &hf_samr_crypt_password, {
5239 "Password", "samr.crypt_password", FT_BYTES, BASE_HEX,
5240 NULL, 0, "Encrypted Password", HFILL }},
5242 { &hf_samr_crypt_hash, {
5243 "Hash", "samr.crypt_hash", FT_BYTES, BASE_HEX,
5244 NULL, 0, "Encrypted Hash", HFILL }},
5246 { &hf_samr_lm_verifier, {
5247 "Verifier", "samr.lm_password_verifier", FT_BYTES, BASE_HEX,
5248 NULL, 0, "Lan Manager Password Verifier", HFILL }},
5250 { &hf_samr_nt_verifier, {
5251 "Verifier", "samr.nt_password_verifier", FT_BYTES, BASE_HEX,
5252 NULL, 0, "NT Password Verifier", HFILL }},
5254 { &hf_samr_lm_passchange_block, {
5255 "Encrypted Block", "samr.lm_passchange_block", FT_BYTES,
5256 BASE_HEX, NULL, 0, "Lan Manager Password Change Block",
5259 { &hf_samr_nt_passchange_block, {
5260 "Encrypted Block", "samr.nt_passchange_block", FT_BYTES,
5261 BASE_HEX, NULL, 0, "NT Password Change Block", HFILL }},
5263 { &hf_samr_nt_passchange_block_decrypted, {
5264 "Decrypted Block", "samr.nt_passchange_block_decrypted",
5265 FT_BYTES, BASE_HEX, NULL, 0,
5266 "NT Password Change Decrypted Block", HFILL }},
5268 { &hf_samr_nt_passchange_block_newpass, {
5269 "New NT Password", "samr.nt_passchange_block_new_ntpassword",
5270 FT_STRING, BASE_NONE, NULL, 0, "New NT Password", HFILL }},
5272 { &hf_samr_nt_passchange_block_newpass_len, {
5273 "New NT Unicode Password length",
5274 "samr.nt_passchange_block_new_ntpassword_len", FT_UINT32,
5275 BASE_DEC, NULL, 0, "New NT Password Unicode Length", HFILL }},
5277 { &hf_samr_nt_passchange_block_pseudorandom, {
5278 "Pseudorandom data", "samr.nt_passchange_block_pseudorandom",
5279 FT_BYTES, BASE_HEX, NULL, 0, "Pseudorandom data", HFILL }},
5281 { &hf_samr_lm_change, {
5282 "LM Change", "samr.lm_change", FT_UINT8, BASE_HEX,
5283 NULL, 0, "LM Change value", HFILL }},
5285 { &hf_samr_max_pwd_age,
5286 { "Max Pwd Age", "samr.max_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
5287 NULL, 0, "Maximum Password Age before it expires", HFILL }},
5289 { &hf_samr_min_pwd_age,
5290 { "Min Pwd Age", "samr.min_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
5291 NULL, 0, "Minimum Password Age before it can be changed", HFILL }},
5292 { &hf_samr_unknown_time,
5293 { "Unknown time", "samr.unknown_time", FT_ABSOLUTE_TIME, BASE_NONE,
5294 NULL, 0, "Unknown NT TIME, contact ethereal developers if you know what this is", HFILL }},
5295 { &hf_samr_logon_time,
5296 { "Last Logon Time", "samr.logon_time", FT_ABSOLUTE_TIME, BASE_NONE,
5297 NULL, 0, "Time for last time this user logged on", HFILL }},
5298 { &hf_samr_kickoff_time,
5299 { "Kickoff Time", "samr.kickoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
5300 NULL, 0, "Time when this user will be kicked off", HFILL }},
5301 { &hf_samr_logoff_time,
5302 { "Last Logoff Time", "samr.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
5303 NULL, 0, "Time for last time this user logged off", HFILL }},
5304 { &hf_samr_pwd_last_set_time,
5305 { "PWD Last Set", "samr.pwd_last_set_time", FT_ABSOLUTE_TIME, BASE_NONE,
5306 NULL, 0, "Last time this users password was changed", HFILL }},
5307 { &hf_samr_pwd_can_change_time,
5308 { "PWD Can Change", "samr.pwd_can_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
5309 NULL, 0, "When this users password may be changed", HFILL }},
5310 { &hf_samr_pwd_must_change_time,
5311 { "PWD Must Change", "samr.pwd_must_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
5312 NULL, 0, "When this users password must be changed", HFILL }},
5313 { &hf_samr_acct_expiry_time,
5314 { "Acct Expiry", "samr.acct_expiry_time", FT_ABSOLUTE_TIME, BASE_NONE,
5315 NULL, 0, "When this user account expires", HFILL }},
5317 { &hf_samr_min_pwd_len, {
5318 "Min Pwd Len", "samr.min_pwd_len", FT_UINT16, BASE_DEC,
5319 NULL, 0, "Minimum Password Length", HFILL }},
5320 { &hf_samr_pwd_history_len, {
5321 "Pwd History Len", "samr.pwd_history_len", FT_UINT16, BASE_DEC,
5322 NULL, 0, "Password History Length", HFILL }},
5323 { &hf_samr_num_users, {
5324 "Num Users", "samr.num_users", FT_UINT32, BASE_DEC,
5325 NULL, 0, "Number of users in this domain", HFILL }},
5326 { &hf_samr_num_groups, {
5327 "Num Groups", "samr.num_groups", FT_UINT32, BASE_DEC,
5328 NULL, 0, "Number of groups in this domain", HFILL }},
5329 { &hf_samr_num_aliases, {
5330 "Num Aliases", "samr.num_aliases", FT_UINT32, BASE_DEC,
5331 NULL, 0, "Number of aliases in this domain", HFILL }},
5332 { &hf_samr_info_type, {
5333 "Info Type", "samr.info_type", FT_UINT32, BASE_DEC,
5334 NULL, 0, "Information Type", HFILL }},
5335 { &hf_samr_resume_hnd, {
5336 "Resume Hnd", "samr.resume_hnd", FT_UINT32, BASE_DEC,
5337 NULL, 0, "Resume handle", HFILL }},
5338 { &hf_samr_country, {
5339 "Country", "samr.country", FT_UINT16, BASE_DEC,
5340 VALS(ms_country_codes), 0, "Country setting for this user", HFILL }},
5341 { &hf_samr_codepage, {
5342 "Codepage", "samr.codepage", FT_UINT16, BASE_DEC,
5343 NULL, 0, "Codepage setting for this user", HFILL }},
5344 { &hf_samr_primary_group_rid,
5345 { "Primary group RID", "samr.primary_group_rid", FT_UINT32,
5346 BASE_DEC, NULL, 0x0, "RID of the user primary group", HFILL }},
5347 { &hf_samr_callback,
5348 { "Callback", "samr.callback", FT_STRING, BASE_NONE,
5349 NULL, 0, "Callback for this user", HFILL }},
5350 { &hf_samr_alias_desc,
5351 { "Alias Desc", "samr.alias.desc", FT_STRING, BASE_NONE,
5352 NULL, 0, "Alias (Local Group) Description", HFILL }},
5353 { &hf_samr_alias_num_of_members,
5354 { "Num of Members in Alias", "samr.alias.num_of_members",
5355 FT_UINT32, BASE_DEC, NULL, 0,
5356 "Number of members in Alias (Local Group)", HFILL }},
5357 { &hf_samr_group_desc,
5358 { "Group Desc", "samr.group.desc", FT_STRING, BASE_NONE,
5359 NULL, 0, "Group Description", HFILL }},
5360 { &hf_samr_group_num_of_members,
5361 { "Num of Members in Group", "samr.group.num_of_members",
5362 FT_UINT32, BASE_DEC, NULL, 0,
5363 "Number of members in Group", HFILL }},
5365 /* Object specific access rights */
5367 { &hf_access_domain_lookup_info1,
5368 { "Lookup info1", "samr_access_mask.domain_lookup_info1",
5369 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5370 DOMAIN_ACCESS_LOOKUP_INFO_1, "Lookup info1", HFILL }},
5372 { &hf_access_domain_set_info1,
5373 { "Set info1", "samr_access_mask.domain_set_info1",
5374 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5375 DOMAIN_ACCESS_SET_INFO_1, "Set info1", HFILL }},
5377 { &hf_access_domain_lookup_info2,
5378 { "Lookup info2", "samr_access_mask.domain_lookup_info2",
5379 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5380 DOMAIN_ACCESS_LOOKUP_INFO_2, "Lookup info2", HFILL }},
5382 { &hf_access_domain_set_info2,
5383 { "Set info2", "samr_access_mask.domain_set_info2",
5384 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5385 DOMAIN_ACCESS_SET_INFO_2, "Set info2", HFILL }},
5387 { &hf_access_domain_create_user,
5388 { "Create user", "samr_access_mask.domain_create_user",
5389 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5390 DOMAIN_ACCESS_CREATE_USER, "Create user", HFILL }},
5392 { &hf_access_domain_create_group,
5393 { "Create group", "samr_access_mask.domain_create_group",
5394 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5395 DOMAIN_ACCESS_CREATE_GROUP, "Create group", HFILL }},
5397 { &hf_access_domain_create_alias,
5398 { "Create alias", "samr_access_mask.domain_create_alias",
5399 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5400 DOMAIN_ACCESS_CREATE_ALIAS, "Create alias", HFILL }},
5402 { &hf_access_domain_lookup_alias_by_mem,
5403 { "Lookup alias", "samr_access_mask.domain_lookup_alias_by_mem",
5404 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5405 DOMAIN_ACCESS_LOOKUP_ALIAS, "Lookup alias", HFILL }},
5407 { &hf_access_domain_enum_accounts,
5408 { "Enum accounts", "samr_access_mask.domain_enum_accounts",
5409 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5410 DOMAIN_ACCESS_ENUM_ACCOUNTS, "Enum accounts", HFILL }},
5412 { &hf_access_domain_open_account,
5413 { "Open account", "samr_access_mask.domain_open_account",
5414 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5415 DOMAIN_ACCESS_OPEN_ACCOUNT, "Open account", HFILL }},
5417 { &hf_access_domain_set_info3,
5418 { "Set info3", "samr_access_mask.domain_set_info3",
5419 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5420 DOMAIN_ACCESS_SET_INFO_3, "Set info3", HFILL }},
5422 { &hf_access_user_get_name_etc,
5423 { "Get name, etc", "samr_access_mask.user_get_name_etc",
5424 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5425 USER_ACCESS_GET_NAME_ETC, "Get name, etc", HFILL }},
5427 { &hf_access_user_get_locale,
5428 { "Get locale", "samr_access_mask.user_get_locale",
5429 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5430 USER_ACCESS_GET_LOCALE, "Get locale", HFILL }},
5432 { &hf_access_user_get_loc_com,
5433 { "Set loc com", "samr_access_mask.user_set_loc_com",
5434 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5435 USER_ACCESS_SET_LOC_COM, "Set loc com", HFILL }},
5437 { &hf_access_user_get_logoninfo,
5438 { "Get logon info", "samr_access_mask.user_get_logoninfo",
5439 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5440 USER_ACCESS_GET_LOGONINFO, "Get logon info", HFILL }},
5442 { &hf_access_user_get_attributes,
5443 { "Get attributes", "samr_access_mask.user_get_attributes",
5444 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5445 USER_ACCESS_GET_ATTRIBUTES, "Get attributes", HFILL }},
5447 { &hf_access_user_set_attributes,
5448 { "Set attributes", "samr_access_mask.user_set_attributes",
5449 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5450 USER_ACCESS_SET_ATTRIBUTES, "Set attributes", HFILL }},
5452 { &hf_access_user_change_password,
5453 { "Change password", "samr_access_mask.user_change_password",
5454 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5455 USER_ACCESS_CHANGE_PASSWORD, "Change password", HFILL }},
5457 { &hf_access_user_set_password,
5458 { "Set password", "samr_access_mask.user_set_password",
5459 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5460 USER_ACCESS_SET_PASSWORD, "Set password", HFILL }},
5462 { &hf_access_user_get_groups,
5463 { "Get groups", "samr_access_mask.user_get_groups",
5464 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5465 USER_ACCESS_GET_GROUPS, "Get groups", HFILL }},
5467 { &hf_access_user_get_group_membership,
5468 { "Get group membership", "samr_access_mask.user_get_group_membership",
5469 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5470 USER_ACCESS_GET_GROUP_MEMBERSHIP, "Get group membership", HFILL }},
5472 { &hf_access_user_change_group_membership,
5473 { "Change group membership", "samr_access_mask.user_change_group_membership",
5474 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5475 USER_ACCESS_CHANGE_GROUP_MEMBERSHIP, "Change group membership", HFILL }},
5477 { &hf_access_group_lookup_info,
5478 { "Lookup info", "samr_access_mask.group_lookup_info",
5479 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5480 GROUP_ACCESS_LOOKUP_INFO, "Lookup info", HFILL }},
5482 { &hf_access_group_set_info,
5483 { "Get info", "samr_access_mask.group_set_info",
5484 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5485 GROUP_ACCESS_SET_INFO, "Get info", HFILL }},
5487 { &hf_access_group_add_member,
5488 { "Add member", "samr_access_mask.group_add_member",
5489 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5490 GROUP_ACCESS_ADD_MEMBER, "Add member", HFILL }},
5492 { &hf_access_group_remove_member,
5493 { "Remove member", "samr_access_mask.group_remove_member",
5494 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5495 GROUP_ACCESS_REMOVE_MEMBER, "Remove member", HFILL }},
5497 { &hf_access_group_get_members,
5498 { "Get members", "samr_access_mask.group_get_members",
5499 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5500 GROUP_ACCESS_GET_MEMBERS, "Get members", HFILL }},
5502 { &hf_access_alias_add_member,
5503 { "Add member", "samr_access_mask.alias_add_member",
5504 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5505 ALIAS_ACCESS_ADD_MEMBER, "Add member", HFILL }},
5507 { &hf_access_alias_remove_member,
5508 { "Remove member", "samr_access_mask.alias_remove_member",
5509 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5510 ALIAS_ACCESS_REMOVE_MEMBER, "Remove member", HFILL }},
5512 { &hf_access_alias_get_members,
5513 { "Get members", "samr_access_mask.alias_get_members",
5514 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5515 ALIAS_ACCESS_GET_MEMBERS, "Get members", HFILL }},
5517 { &hf_access_alias_lookup_info,
5518 { "Lookup info", "samr_access_mask.alias_lookup_info",
5519 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5520 ALIAS_ACCESS_LOOKUP_INFO, "Lookup info", HFILL }},
5522 { &hf_access_alias_set_info,
5523 { "Set info", "samr_access_mask.alias_set_info",
5524 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5525 ALIAS_ACCESS_SET_INFO, "Set info", HFILL }},
5527 { &hf_access_connect_connect_to_server,
5528 { "Connect to server", "samr_access_mask.connect_connect_to_server",
5529 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5530 SAMR_ACCESS_CONNECT_TO_SERVER, "Connect to server", HFILL }},
5532 { &hf_access_connect_shutdown_server,
5533 { "Shutdown server", "samr_access_mask.connect_shutdown_server",
5534 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5535 SAMR_ACCESS_SHUTDOWN_SERVER, "Shutdown server", HFILL }},
5537 { &hf_access_connect_initialize_server,
5538 { "Initialize server", "samr_access_mask.connect_initialize_server",
5539 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5540 SAMR_ACCESS_INITIALIZE_SERVER, "Initialize server", HFILL }},
5542 { &hf_access_connect_create_domain,
5543 { "Create domain", "samr_access_mask.connect_create_domain",
5544 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5545 SAMR_ACCESS_CREATE_DOMAIN, "Create domain", HFILL }},
5547 { &hf_access_connect_enum_domains,
5548 { "Enum domains", "samr_access_mask.connect_enum_domains",
5549 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5550 SAMR_ACCESS_ENUM_DOMAINS, "Enum domains", HFILL }},
5552 { &hf_access_connect_open_domain,
5553 { "Open domain", "samr_access_mask.connect_open_domain",
5554 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5555 SAMR_ACCESS_OPEN_DOMAIN, "Open domain", HFILL }},
5558 { "Size", "sam.sd_size", FT_UINT32, BASE_DEC,
5559 NULL, 0x0, "Size of SAM security descriptor", HFILL }},
5563 static gint *ett[] = {
5565 &ett_SAM_SECURITY_DESCRIPTOR,
5566 &ett_samr_user_dispinfo_1,
5567 &ett_samr_user_dispinfo_1_array,
5568 &ett_samr_user_dispinfo_2,
5569 &ett_samr_user_dispinfo_2_array,
5570 &ett_samr_group_dispinfo,
5571 &ett_samr_group_dispinfo_array,
5572 &ett_samr_ascii_dispinfo,
5573 &ett_samr_ascii_dispinfo_array,
5574 &ett_samr_display_info,
5575 &ett_samr_password_info,
5577 &ett_samr_user_group,
5578 &ett_samr_user_group_array,
5579 &ett_samr_alias_info,
5580 &ett_samr_group_info,
5581 &ett_samr_domain_info_1,
5582 &ett_samr_domain_info_2,
5583 &ett_samr_domain_info_8,
5584 &ett_samr_replication_status,
5585 &ett_samr_domain_info_11,
5586 &ett_samr_domain_info_13,
5587 &ett_samr_domain_info,
5588 &ett_samr_index_array,
5589 &ett_samr_idx_and_name,
5590 &ett_samr_idx_and_name_array,
5591 &ett_samr_user_info_1,
5592 &ett_samr_user_info_2,
5593 &ett_samr_user_info_3,
5594 &ett_samr_user_info_5,
5595 &ett_samr_user_info_6,
5596 &ett_samr_user_info_10,
5597 &ett_samr_user_info_18,
5598 &ett_samr_user_info_19,
5599 &ett_samr_buffer_buffer,
5601 &ett_samr_user_info_21,
5602 &ett_samr_user_info_22,
5603 &ett_samr_user_info_23,
5604 &ett_samr_user_info_24,
5605 &ett_samr_user_info_25,
5606 &ett_samr_user_info,
5607 &ett_samr_member_array_types,
5608 &ett_samr_member_array_rids,
5609 &ett_samr_member_array,
5613 module_t *dcerpc_samr_module;
5615 proto_dcerpc_samr = proto_register_protocol(
5616 "Microsoft Security Account Manager", "SAMR", "samr");
5618 proto_register_field_array (proto_dcerpc_samr, hf, array_length (hf));
5619 proto_register_subtree_array(ett, array_length(ett));
5621 dcerpc_samr_module = prefs_register_protocol(proto_dcerpc_samr, NULL);
5623 prefs_register_string_preference(dcerpc_samr_module, "nt_password",
5625 "NT Password (used to verify password changes)",
5630 proto_reg_handoff_dcerpc_samr(void)
5632 /* Register protocol as dcerpc */
5634 dcerpc_init_uuid(proto_dcerpc_samr, ett_dcerpc_samr, &uuid_dcerpc_samr,
5635 ver_dcerpc_samr, dcerpc_samr_dissectors, hf_samr_opnum);