2 * Routines for SMB \PIPE\lsarpc packet disassembly
3 * Copyright 2001,2003 Tim Potter <tpot@samba.org>
4 * 2002 Added LSA command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-lsa.c,v 1.94 2004/05/19 04:52:31 tpot Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
37 #include "packet-dcerpc-lsa.h"
38 #include "packet-smb-common.h"
41 static int proto_dcerpc_lsa = -1;
43 static int hf_lsa_opnum = -1;
44 static int hf_lsa_rc = -1;
45 static int hf_lsa_hnd = -1;
46 static int hf_lsa_policy_information = -1;
47 static int hf_lsa_server = -1;
48 static int hf_lsa_controller = -1;
49 static int hf_lsa_obj_attr = -1;
50 static int hf_lsa_obj_attr_len = -1;
51 static int hf_lsa_obj_attr_name = -1;
52 static int hf_lsa_access_mask = -1;
53 static int hf_lsa_info_level = -1;
54 static int hf_lsa_trusted_info_level = -1;
55 static int hf_lsa_sd_size = -1;
56 static int hf_lsa_qos_len = -1;
57 static int hf_lsa_qos_impersonation_level = -1;
58 static int hf_lsa_qos_track_context = -1;
59 static int hf_lsa_qos_effective_only = -1;
60 static int hf_lsa_pali_percent_full = -1;
61 static int hf_lsa_pali_log_size = -1;
62 static int hf_lsa_pali_retention_period = -1;
63 static int hf_lsa_pali_time_to_shutdown = -1;
64 static int hf_lsa_pali_shutdown_in_progress = -1;
65 static int hf_lsa_pali_next_audit_record = -1;
66 static int hf_lsa_paei_enabled = -1;
67 static int hf_lsa_paei_settings = -1;
68 static int hf_lsa_count = -1;
69 static int hf_lsa_size = -1;
70 static int hf_lsa_size16 = -1;
71 static int hf_lsa_privilege_display_name_size = -1;
72 static int hf_lsa_max_count = -1;
73 static int hf_lsa_index = -1;
74 static int hf_lsa_fqdomain = -1;
75 static int hf_lsa_domain = -1;
76 static int hf_lsa_acct = -1;
77 static int hf_lsa_server_role = -1;
78 static int hf_lsa_source = -1;
79 static int hf_lsa_quota_paged_pool = -1;
80 static int hf_lsa_quota_non_paged_pool = -1;
81 static int hf_lsa_quota_min_wss = -1;
82 static int hf_lsa_quota_max_wss = -1;
83 static int hf_lsa_quota_pagefile = -1;
84 static int hf_lsa_mod_seq_no = -1;
85 static int hf_lsa_mod_mtime = -1;
86 static int hf_lsa_cur_mtime = -1;
87 static int hf_lsa_old_mtime = -1;
88 static int hf_lsa_name = -1;
89 static int hf_lsa_key = -1;
90 static int hf_lsa_flat_name = -1;
91 static int hf_lsa_forest = -1;
92 static int hf_lsa_info_type = -1;
93 static int hf_lsa_old_pwd = -1;
94 static int hf_lsa_new_pwd = -1;
95 static int hf_lsa_sid_type = -1;
96 static int hf_lsa_rid = -1;
97 static int hf_lsa_rid_offset = -1;
98 static int hf_lsa_num_mapped = -1;
99 static int hf_lsa_policy_information_class = -1;
100 static int hf_lsa_secret = -1;
101 static int hf_nt_luid_high = -1;
102 static int hf_nt_luid_low = -1;
103 static int hf_lsa_privilege_name = -1;
104 static int hf_lsa_privilege_display_name = -1;
105 static int hf_lsa_attr = -1;
106 static int hf_lsa_resume_handle = -1;
107 static int hf_lsa_trust_direction = -1;
108 static int hf_lsa_trust_type = -1;
109 static int hf_lsa_trust_attr = -1;
110 static int hf_lsa_trust_attr_non_trans = -1;
111 static int hf_lsa_trust_attr_uplevel_only = -1;
112 static int hf_lsa_trust_attr_tree_parent = -1;
113 static int hf_lsa_trust_attr_tree_root = -1;
114 static int hf_lsa_auth_update = -1;
115 static int hf_lsa_auth_type = -1;
116 static int hf_lsa_auth_len = -1;
117 static int hf_lsa_auth_blob = -1;
118 static int hf_lsa_rights = -1;
119 static int hf_lsa_remove_all = -1;
121 static int hf_lsa_unknown_hyper = -1;
122 static int hf_lsa_unknown_long = -1;
123 static int hf_lsa_unknown_short = -1;
124 static int hf_lsa_unknown_char = -1;
125 static int hf_lsa_unknown_string = -1;
126 #ifdef LSA_UNUSED_HANDLES
127 static int hf_lsa_unknown_time = -1;
131 static gint ett_dcerpc_lsa = -1;
132 static gint ett_lsa_OBJECT_ATTRIBUTES = -1;
133 static gint ett_LSA_SECURITY_DESCRIPTOR = -1;
134 static gint ett_lsa_policy_info = -1;
135 static gint ett_lsa_policy_audit_log_info = -1;
136 static gint ett_lsa_policy_audit_events_info = -1;
137 static gint ett_lsa_policy_primary_domain_info = -1;
138 static gint ett_lsa_policy_primary_account_info = -1;
139 static gint ett_lsa_policy_server_role_info = -1;
140 static gint ett_lsa_policy_replica_source_info = -1;
141 static gint ett_lsa_policy_default_quota_info = -1;
142 static gint ett_lsa_policy_modification_info = -1;
143 static gint ett_lsa_policy_audit_full_set_info = -1;
144 static gint ett_lsa_policy_audit_full_query_info = -1;
145 static gint ett_lsa_policy_dns_domain_info = -1;
146 static gint ett_lsa_translated_names = -1;
147 static gint ett_lsa_translated_name = -1;
148 static gint ett_lsa_referenced_domain_list = -1;
149 static gint ett_lsa_trust_information = -1;
150 static gint ett_lsa_trust_information_ex = -1;
151 static gint ett_LUID = -1;
152 static gint ett_LSA_PRIVILEGES = -1;
153 static gint ett_LSA_PRIVILEGE = -1;
154 static gint ett_LSA_LUID_AND_ATTRIBUTES_ARRAY = -1;
155 static gint ett_LSA_LUID_AND_ATTRIBUTES = -1;
156 static gint ett_LSA_TRUSTED_DOMAIN_LIST = -1;
157 static gint ett_LSA_TRUSTED_DOMAIN = -1;
158 static gint ett_LSA_TRANSLATED_SIDS = -1;
159 static gint ett_lsa_trusted_domain_info = -1;
160 static gint ett_lsa_trust_attr = -1;
161 static gint ett_lsa_trusted_domain_auth_information = -1;
162 static gint ett_lsa_auth_information = -1;
166 lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
167 packet_info *pinfo, proto_tree *tree,
172 di=pinfo->private_data;
173 if(di->conformant_run){
174 /*just a run to handle conformant arrays, nothing to dissect */
178 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
185 lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
186 packet_info *pinfo, proto_tree *tree,
191 di=pinfo->private_data;
192 if(di->conformant_run){
193 /*just a run to handle conformant arrays, nothing to dissect */
197 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
203 lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
204 packet_info *pinfo, proto_tree *tree,
209 di=pinfo->private_data;
210 if(di->conformant_run){
211 /*just a run to handle conformant arrays, nothing to dissect */
215 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
216 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
217 "DOMAIN pointer: ", di->hf_index);
223 lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
224 packet_info *pinfo, proto_tree *tree,
229 di=pinfo->private_data;
230 if(di->conformant_run){
231 /*just a run to handle conformant arrays, nothing to dissect */
235 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
242 lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
243 packet_info *pinfo, proto_tree *tree,
249 di=pinfo->private_data;
250 if(di->conformant_run){
251 /*just a run to handle conformant arrays, nothing to dissect */
255 /* this is probably a varying and conformant array */
256 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
257 hf_lsa_sd_size, &len);
259 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
260 hf_lsa_sd_size, &len);
261 proto_tree_add_item(tree, hf_lsa_secret, tvb, offset, len, FALSE);
268 lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
269 packet_info *pinfo, proto_tree *parent_tree,
272 proto_item *item=NULL;
273 proto_tree *tree=NULL;
274 int old_offset=offset;
277 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
279 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
282 /* XXX need to figure this one out */
283 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
284 hf_lsa_sd_size, NULL);
285 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
286 hf_lsa_sd_size, NULL);
287 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
288 lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
289 "LSA_SECRET data: pointer", -1);
291 proto_item_set_len(item, offset-old_offset);
296 lsa_dissect_LSA_SECRET_pointer(tvbuff_t *tvb, int offset,
297 packet_info *pinfo, proto_tree *tree,
300 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
301 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
302 "LSA_SECRET pointer: data", -1);
307 /* Dissect LSA specific access rights */
309 static gint hf_view_local_info = -1;
310 static gint hf_view_audit_info = -1;
311 static gint hf_get_private_info = -1;
312 static gint hf_trust_admin = -1;
313 static gint hf_create_account = -1;
314 static gint hf_create_secret = -1;
315 static gint hf_create_priv = -1;
316 static gint hf_set_default_quota_limits = -1;
317 static gint hf_set_audit_requirements = -1;
318 static gint hf_server_admin = -1;
319 static gint hf_lookup_names = -1;
322 lsa_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree,
325 proto_tree_add_boolean(
326 tree, hf_lookup_names, tvb, offset, 4, access);
328 proto_tree_add_boolean(
329 tree, hf_server_admin, tvb, offset, 4, access);
331 proto_tree_add_boolean(
332 tree, hf_set_audit_requirements, tvb, offset, 4, access);
334 proto_tree_add_boolean(
335 tree, hf_set_default_quota_limits, tvb, offset, 4, access);
337 proto_tree_add_boolean(
338 tree, hf_create_priv, tvb, offset, 4, access);
340 proto_tree_add_boolean(
341 tree, hf_create_secret, tvb, offset, 4, access);
343 proto_tree_add_boolean(
344 tree, hf_create_account, tvb, offset, 4, access);
346 proto_tree_add_boolean(
347 tree, hf_trust_admin, tvb, offset, 4, access);
349 proto_tree_add_boolean(
350 tree, hf_get_private_info, tvb, offset, 4, access);
352 proto_tree_add_boolean(
353 tree, hf_view_audit_info, tvb, offset, 4, access);
355 proto_tree_add_boolean(
356 tree, hf_view_local_info, tvb, offset, 4, access);
359 struct access_mask_info lsa_access_mask_info = {
360 "LSA", /* Name of specific rights */
361 lsa_specific_rights, /* Dissection function */
362 NULL, /* Generic mapping table */
363 NULL /* Standard mapping table */
367 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
368 packet_info *pinfo, proto_tree *tree,
374 di=pinfo->private_data;
375 if(di->conformant_run){
376 /*just a run to handle conformant arrays, nothing to dissect */
380 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
381 hf_lsa_sd_size, &len);
384 tvb, offset, pinfo, tree, drep, len, &lsa_access_mask_info);
391 lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
392 packet_info *pinfo, proto_tree *parent_tree,
395 proto_item *item=NULL;
396 proto_tree *tree=NULL;
397 int old_offset=offset;
400 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
401 "LSA_SECURITY_DESCRIPTOR:");
402 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
405 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
406 hf_lsa_sd_size, NULL);
408 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
409 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
410 "LSA SECURITY DESCRIPTOR data:", -1);
412 proto_item_set_len(item, offset-old_offset);
417 lsa_dissect_LPSTR(tvbuff_t *tvb, int offset,
418 packet_info *pinfo, proto_tree *tree, guint8 *drep)
420 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
421 hf_lsa_unknown_char, NULL);
426 static const value_string lsa_impersonation_level_vals[] = {
428 {1, "Identification"},
429 {2, "Impersonation"},
436 lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset,
437 packet_info *pinfo, proto_tree *tree, guint8 *drep)
440 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
441 hf_lsa_qos_len, NULL);
443 /* impersonation level */
444 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
445 hf_lsa_qos_impersonation_level, NULL);
447 /* context tracking mode */
448 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
449 hf_lsa_qos_track_context, NULL);
452 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
453 hf_lsa_qos_effective_only, NULL);
459 lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
460 packet_info *pinfo, proto_tree *tree, guint8 *drep)
462 offset = dissect_nt_access_mask(
463 tvb, offset, pinfo, tree, drep, hf_lsa_access_mask,
464 &lsa_access_mask_info, NULL);
470 lsa_dissect_LSA_OBJECT_ATTRIBUTES(tvbuff_t *tvb, int offset,
471 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
473 int old_offset=offset;
474 proto_item *item = NULL;
475 proto_tree *tree = NULL;
478 item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Object Attributes");
479 tree = proto_item_add_subtree(item, ett_lsa_OBJECT_ATTRIBUTES);
483 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
484 hf_lsa_obj_attr_len, NULL);
487 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
488 lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
489 "LSPTR pointer: ", -1);
492 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
493 lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
494 "NAME pointer: ", hf_lsa_obj_attr_name);
497 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
498 hf_lsa_obj_attr, NULL);
500 /* security descriptor */
501 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
502 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
503 "LSA_SECURITY_DESCRIPTOR pointer: ", -1);
505 /* security quality of service */
506 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
507 lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
508 "LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1);
510 proto_item_set_len(item, offset-old_offset);
515 lsa_dissect_lsarclose_rqst(tvbuff_t *tvb, int offset,
516 packet_info *pinfo, proto_tree *tree, guint8 *drep)
518 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
519 hf_lsa_hnd, NULL, NULL, FALSE, TRUE);
525 lsa_dissect_lsarclose_reply(tvbuff_t *tvb, int offset,
526 packet_info *pinfo, proto_tree *tree, guint8 *drep)
528 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
529 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
531 offset = dissect_ntstatus(
532 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
537 /* A bug in the NT IDL for lsa openpolicy only stores the first (wide)
538 character of the server name which is always '\'. This is fixed in lsa
539 openpolicy2 but the function remains for backwards compatibility. */
541 static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
543 proto_tree *tree, guint8 *drep)
545 return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
546 hf_lsa_server, NULL);
550 lsa_dissect_lsaropenpolicy_rqst(tvbuff_t *tvb, int offset,
551 packet_info *pinfo, proto_tree *tree, guint8 *drep)
553 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
554 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
555 "Server", hf_lsa_server);
557 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
558 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
559 "OBJECT_ATTRIBUTES", -1);
561 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
568 lsa_dissect_lsaropenpolicy_reply(tvbuff_t *tvb, int offset,
569 packet_info *pinfo, proto_tree *tree, guint8 *drep)
571 e_ctx_hnd policy_hnd;
572 proto_item *hnd_item;
575 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
576 hf_lsa_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
578 offset = dissect_ntstatus(
579 tvb, offset, pinfo, tree, drep, hf_lsa_rc, &status);
582 dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
583 "OpenPolicy handle");
585 if (hnd_item != NULL)
586 proto_item_append_text(hnd_item, ": OpenPolicy handle");
593 lsa_dissect_lsaropenpolicy2_rqst(tvbuff_t *tvb, int offset,
594 packet_info *pinfo, proto_tree *tree, guint8 *drep)
596 offset = dissect_ndr_pointer_cb(tvb, offset, pinfo, tree, drep,
597 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Server",
598 hf_lsa_server, cb_wstr_postprocess,
599 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
601 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
602 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
603 "OBJECT_ATTRIBUTES", -1);
605 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
613 lsa_dissect_lsaropenpolicy2_reply(tvbuff_t *tvb, int offset,
614 packet_info *pinfo, proto_tree *tree, guint8 *drep)
616 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
617 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
618 e_ctx_hnd policy_hnd;
619 proto_item *hnd_item;
623 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
624 hf_lsa_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
626 offset = dissect_ntstatus(
627 tvb, offset, pinfo, tree, drep, hf_lsa_rc, &status);
630 if (dcv->private_data)
631 pol_name = g_strdup_printf(
632 "OpenPolicy2(%s)", (char *)dcv->private_data);
634 pol_name = g_strdup("OpenPolicy2 handle");
636 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
638 if (hnd_item != NULL)
639 proto_item_append_text(hnd_item, ": %s", pol_name);
647 static const value_string policy_information_class_vals[] = {
648 {1, "Audit Log Information"},
649 {2, "Audit Events Information"},
650 {3, "Primary Domain Information"},
651 {4, "Pd Account Information"},
652 {5, "Account Domain Information"},
653 {6, "Server Role Information"},
654 {7, "Replica Source Information"},
655 {8, "Default Quota Information"},
656 {9, "Modification Information"},
657 {10, "Audit Full Set Information"},
658 {11, "Audit Full Query Information"},
659 {12, "DNS Domain Information"},
664 lsa_dissect_lsarqueryinformationpolicy_rqst(tvbuff_t *tvb, int offset,
665 packet_info *pinfo, proto_tree *tree, guint8 *drep)
669 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
670 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
672 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
673 hf_lsa_policy_information_class, &level);
675 if (check_col(pinfo->cinfo, COL_INFO))
677 pinfo->cinfo, COL_INFO, ", %s",
678 val_to_str(level, policy_information_class_vals,
685 lsa_dissect_POLICY_AUDIT_LOG_INFO(tvbuff_t *tvb, int offset,
686 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
688 proto_item *item=NULL;
689 proto_tree *tree=NULL;
690 int old_offset=offset;
693 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
694 "POLICY_AUDIT_LOG_INFO:");
695 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_log_info);
699 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
700 hf_lsa_pali_percent_full, NULL);
703 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
704 hf_lsa_pali_log_size, NULL);
706 /* retention period */
707 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
708 hf_lsa_pali_retention_period);
710 /* shutdown in progress */
711 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
712 hf_lsa_pali_shutdown_in_progress, NULL);
714 /* time to shutdown */
715 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
716 hf_lsa_pali_time_to_shutdown);
718 /* next audit record */
719 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
720 hf_lsa_pali_next_audit_record, NULL);
722 proto_item_set_len(item, offset-old_offset);
727 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings(tvbuff_t *tvb, int offset,
728 packet_info *pinfo, proto_tree *tree, guint8 *drep)
730 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
731 hf_lsa_paei_settings, NULL);
736 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array(tvbuff_t *tvb, int offset,
737 packet_info *pinfo, proto_tree *tree, guint8 *drep)
739 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
740 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings);
746 lsa_dissect_POLICY_AUDIT_EVENTS_INFO(tvbuff_t *tvb, int offset,
747 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
749 proto_item *item=NULL;
750 proto_tree *tree=NULL;
751 int old_offset=offset;
754 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
755 "POLICY_AUDIT_EVENTS_INFO:");
756 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_events_info);
760 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
761 hf_lsa_paei_enabled, NULL);
764 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
765 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array, NDR_POINTER_UNIQUE,
769 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
772 proto_item_set_len(item, offset-old_offset);
778 lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(tvbuff_t *tvb, int offset,
779 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
781 proto_item *item=NULL;
782 proto_tree *tree=NULL;
783 int old_offset=offset;
786 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
787 "POLICY_PRIMARY_DOMAIN_INFO:");
788 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_domain_info);
792 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
796 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
798 proto_item_set_len(item, offset-old_offset);
804 lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(tvbuff_t *tvb, int offset,
805 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
807 proto_item *item=NULL;
808 proto_tree *tree=NULL;
809 int old_offset=offset;
812 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
813 "POLICY_ACCOUNT_DOMAIN_INFO:");
814 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_account_info);
818 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
822 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
824 proto_item_set_len(item, offset-old_offset);
829 static const value_string server_role_vals[] = {
831 {1, "Domain Member"},
837 lsa_dissect_POLICY_SERVER_ROLE_INFO(tvbuff_t *tvb, int offset,
838 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
840 proto_item *item=NULL;
841 proto_tree *tree=NULL;
842 int old_offset=offset;
845 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
846 "POLICY_SERVER_ROLE_INFO:");
847 tree = proto_item_add_subtree(item, ett_lsa_policy_server_role_info);
851 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
852 hf_lsa_server_role, NULL);
854 proto_item_set_len(item, offset-old_offset);
859 lsa_dissect_POLICY_REPLICA_SOURCE_INFO(tvbuff_t *tvb, int offset,
860 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
862 proto_item *item=NULL;
863 proto_tree *tree=NULL;
864 int old_offset=offset;
867 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
868 "POLICY_REPLICA_SOURCE_INFO:");
869 tree = proto_item_add_subtree(item, ett_lsa_policy_replica_source_info);
873 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
877 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
880 proto_item_set_len(item, offset-old_offset);
886 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(tvbuff_t *tvb, int offset,
887 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
889 proto_item *item=NULL;
890 proto_tree *tree=NULL;
891 int old_offset=offset;
894 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
895 "POLICY_DEFAULT_QUOTA_INFO:");
896 tree = proto_item_add_subtree(item, ett_lsa_policy_default_quota_info);
900 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
901 hf_lsa_quota_paged_pool, NULL);
904 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
905 hf_lsa_quota_non_paged_pool, NULL);
908 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
909 hf_lsa_quota_min_wss, NULL);
912 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
913 hf_lsa_quota_max_wss, NULL);
916 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
917 hf_lsa_quota_pagefile, NULL);
920 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
921 hf_lsa_unknown_hyper, NULL);
923 proto_item_set_len(item, offset-old_offset);
929 lsa_dissect_POLICY_MODIFICATION_INFO(tvbuff_t *tvb, int offset,
930 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
932 proto_item *item=NULL;
933 proto_tree *tree=NULL;
934 int old_offset=offset;
937 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
938 "POLICY_MODIFICATION_INFO:");
939 tree = proto_item_add_subtree(item, ett_lsa_policy_modification_info);
943 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
944 hf_lsa_mod_seq_no, NULL);
947 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
950 proto_item_set_len(item, offset-old_offset);
956 lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(tvbuff_t *tvb, int offset,
957 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
959 proto_item *item=NULL;
960 proto_tree *tree=NULL;
961 int old_offset=offset;
964 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
965 "POLICY_AUDIT_FULL_SET_INFO:");
966 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_set_info);
970 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
971 hf_lsa_unknown_char, NULL);
973 proto_item_set_len(item, offset-old_offset);
979 lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(tvbuff_t *tvb, int offset,
980 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
982 proto_item *item=NULL;
983 proto_tree *tree=NULL;
984 int old_offset=offset;
987 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
988 "POLICY_AUDIT_FULL_QUERY_INFO:");
989 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_query_info);
993 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
994 hf_lsa_unknown_char, NULL);
997 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
998 hf_lsa_unknown_char, NULL);
1000 proto_item_set_len(item, offset-old_offset);
1006 lsa_dissect_POLICY_DNS_DOMAIN_INFO(tvbuff_t *tvb, int offset,
1007 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1009 proto_item *item=NULL;
1010 proto_tree *tree=NULL;
1011 int old_offset=offset;
1014 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1015 "POLICY_DNS_DOMAIN_INFO:");
1016 tree = proto_item_add_subtree(item, ett_lsa_policy_dns_domain_info);
1020 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1024 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1025 hf_lsa_fqdomain, 0);
1028 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1032 offset = dissect_nt_GUID(tvb, offset,
1036 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
1038 proto_item_set_len(item, offset-old_offset);
1043 lsa_dissect_POLICY_INFORMATION(tvbuff_t *tvb, int offset,
1044 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1046 proto_item *item=NULL;
1047 proto_tree *tree=NULL;
1048 int old_offset=offset;
1052 item = proto_tree_add_item(parent_tree, hf_lsa_policy_information, tvb, offset, 0, FALSE);
1054 tree = proto_item_add_subtree(item, ett_lsa_policy_info);
1057 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1058 hf_lsa_info_level, &level);
1060 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
1063 offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
1064 tvb, offset, pinfo, tree, drep);
1067 offset = lsa_dissect_POLICY_AUDIT_EVENTS_INFO(
1068 tvb, offset, pinfo, tree, drep);
1071 offset = lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(
1072 tvb, offset, pinfo, tree, drep);
1075 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1076 tree, drep, hf_lsa_acct, 0);
1079 offset = lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(
1080 tvb, offset, pinfo, tree, drep);
1083 offset = lsa_dissect_POLICY_SERVER_ROLE_INFO(
1084 tvb, offset, pinfo, tree, drep);
1087 offset = lsa_dissect_POLICY_REPLICA_SOURCE_INFO(
1088 tvb, offset, pinfo, tree, drep);
1091 offset = lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(
1092 tvb, offset, pinfo, tree, drep);
1095 offset = lsa_dissect_POLICY_MODIFICATION_INFO(
1096 tvb, offset, pinfo, tree, drep);
1099 offset = lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(
1100 tvb, offset, pinfo, tree, drep);
1103 offset = lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(
1104 tvb, offset, pinfo, tree, drep);
1107 offset = lsa_dissect_POLICY_DNS_DOMAIN_INFO(
1108 tvb, offset, pinfo, tree, drep);
1112 proto_item_set_len(item, offset-old_offset);
1117 lsa_dissect_lsarqueryinformationpolicy_reply(tvbuff_t *tvb, int offset,
1118 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1120 /* This is really a pointer to a pointer though the first level is REF
1121 so we just ignore that one */
1122 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1123 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
1124 "POLICY_INFORMATION pointer: info", -1);
1126 offset = dissect_ntstatus(
1127 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1133 lsa_dissect_lsardelete_rqst(tvbuff_t *tvb, int offset,
1134 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1136 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1137 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1143 lsa_dissect_lsardelete_reply(tvbuff_t *tvb, int offset,
1144 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1146 offset = dissect_ntstatus(
1147 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1154 lsa_dissect_lsarquerysecurityobject_rqst(tvbuff_t *tvb, int offset,
1155 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1157 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1158 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1160 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1161 hf_lsa_info_type, NULL);
1168 lsa_dissect_lsarquerysecurityobject_reply(tvbuff_t *tvb, int offset,
1169 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1171 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1172 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
1173 "LSA_SECURITY_DESCRIPTOR pointer: sec_info", -1);
1175 offset = dissect_ntstatus(
1176 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1183 lsa_dissect_lsarsetsecurityobject_rqst(tvbuff_t *tvb, int offset,
1184 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1186 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1187 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1189 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1190 hf_lsa_info_type, NULL);
1192 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1193 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
1194 "LSA_SECURITY_DESCRIPTOR: sec_info", -1);
1200 lsa_dissect_lsarsetsecurityobject_reply(tvbuff_t *tvb, int offset,
1201 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1203 offset = dissect_ntstatus(
1204 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1211 lsa_dissect_lsarchangepassword_rqst(tvbuff_t *tvb, int offset,
1212 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1215 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1219 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1223 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1227 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1231 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1238 lsa_dissect_lsarchangepassword_reply(tvbuff_t *tvb, int offset,
1239 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1241 offset = dissect_ntstatus(
1242 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1247 static const value_string sid_type_vals[] = {
1252 {5, "Well Known Group"},
1253 {6, "Deleted Account"},
1260 lsa_dissect_LSA_TRANSLATED_NAME(tvbuff_t *tvb, int offset,
1261 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1263 proto_item *item=NULL;
1264 proto_tree *tree=NULL;
1265 int old_offset=offset;
1268 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1269 "LSA_TRANSLATED_NAME:");
1270 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
1274 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1275 hf_lsa_sid_type, NULL);
1278 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1282 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1283 hf_lsa_index, NULL);
1285 proto_item_set_len(item, offset-old_offset);
1290 lsa_dissect_LSA_TRANSLATED_NAME_array(tvbuff_t *tvb, int offset,
1291 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1293 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1294 lsa_dissect_LSA_TRANSLATED_NAME);
1300 lsa_dissect_LSA_TRANSLATED_NAMES(tvbuff_t *tvb, int offset,
1301 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1303 proto_item *item=NULL;
1304 proto_tree *tree=NULL;
1305 int old_offset=offset;
1308 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1309 "LSA_TRANSLATED_NAMES:");
1310 tree = proto_item_add_subtree(item, ett_lsa_translated_names);
1314 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1315 hf_lsa_count, NULL);
1318 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1319 lsa_dissect_LSA_TRANSLATED_NAME_array, NDR_POINTER_UNIQUE,
1320 "TRANSLATED_NAME_ARRAY", -1);
1322 proto_item_set_len(item, offset-old_offset);
1328 lsa_dissect_lsarlookupsids_rqst(tvbuff_t *tvb, int offset,
1329 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1331 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1332 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1334 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1335 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
1338 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1339 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1340 "LSA_TRANSLATED_NAMES pointer: names", -1);
1342 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1343 hf_lsa_info_level, NULL);
1345 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1346 hf_lsa_num_mapped, NULL);
1352 lsa_dissect_LSA_TRUST_INFORMATION(tvbuff_t *tvb, int offset,
1353 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1355 proto_item *item=NULL;
1356 proto_tree *tree=NULL;
1357 int old_offset=offset;
1360 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1361 "TRUST INFORMATION:");
1362 tree = proto_item_add_subtree(item, ett_lsa_trust_information);
1366 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1370 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
1372 proto_item_set_len(item, offset-old_offset);
1376 static const value_string trusted_direction_vals[] = {
1377 {0, "Trust disabled"},
1378 {1, "Inbound trust"},
1379 {2, "Outbound trust"},
1383 static const value_string trusted_type_vals[] = {
1391 static const true_false_string tfs_trust_attr_non_trans = {
1392 "NON TRANSITIVE is set",
1393 "Non transitive is NOT set"
1395 static const true_false_string tfs_trust_attr_uplevel_only = {
1396 "UPLEVEL ONLY is set",
1397 "Uplevel only is NOT set"
1399 static const true_false_string tfs_trust_attr_tree_parent = {
1400 "TREE PARENT is set",
1401 "Tree parent is NOT set"
1403 static const true_false_string tfs_trust_attr_tree_root = {
1405 "Tree root is NOT set"
1408 lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
1409 proto_tree *parent_tree, guint8 *drep)
1412 proto_item *item = NULL;
1413 proto_tree *tree = NULL;
1415 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
1416 hf_lsa_trust_attr, &mask);
1419 item = proto_tree_add_uint(parent_tree, hf_lsa_trust_attr,
1420 tvb, offset-4, 4, mask);
1421 tree = proto_item_add_subtree(item, ett_lsa_trust_attr);
1424 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_root,
1425 tvb, offset-4, 4, mask);
1426 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_parent,
1427 tvb, offset-4, 4, mask);
1428 proto_tree_add_boolean(tree, hf_lsa_trust_attr_uplevel_only,
1429 tvb, offset-4, 4, mask);
1430 proto_tree_add_boolean(tree, hf_lsa_trust_attr_non_trans,
1431 tvb, offset-4, 4, mask);
1437 lsa_dissect_LSA_TRUST_INFORMATION_EX(tvbuff_t *tvb, int offset,
1438 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1440 proto_item *item=NULL;
1441 proto_tree *tree=NULL;
1442 int old_offset=offset;
1445 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1446 "TRUST INFORMATION EX:");
1447 tree = proto_item_add_subtree(item, ett_lsa_trust_information_ex);
1451 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1455 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1456 hf_lsa_flat_name, 0);
1459 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
1462 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1463 hf_lsa_trust_direction, NULL);
1466 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1467 hf_lsa_trust_type, NULL);
1470 offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
1472 proto_item_set_len(item, offset-old_offset);
1477 lsa_dissect_auth_info_blob(tvbuff_t *tvb, int offset,
1478 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1483 di=pinfo->private_data;
1484 if(di->conformant_run){
1485 /*just a run to handle conformant arrays, nothing to dissect */
1490 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1491 hf_lsa_auth_len, &len);
1493 proto_tree_add_item(tree, hf_lsa_auth_blob, tvb, offset, len, FALSE);
1500 lsa_dissect_auth_info(tvbuff_t *tvb, int offset,
1501 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1503 proto_item *item=NULL;
1504 proto_tree *tree=NULL;
1505 int old_offset=offset;
1508 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1509 "AUTH INFORMATION:");
1510 tree = proto_item_add_subtree(item, ett_lsa_auth_information);
1514 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1515 hf_lsa_auth_update, NULL);
1518 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1519 hf_lsa_auth_type, NULL);
1522 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1523 hf_lsa_auth_len, NULL);
1525 /* auth info blob */
1526 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1527 lsa_dissect_auth_info_blob, NDR_POINTER_UNIQUE,
1528 "AUTH INFO blob:", -1);
1530 proto_item_set_len(item, offset-old_offset);
1535 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvbuff_t *tvb, int offset,
1536 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1538 proto_item *item=NULL;
1539 proto_tree *tree=NULL;
1540 int old_offset=offset;
1543 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1544 "TRUSTED DOMAIN AUTH INFORMATION:");
1545 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_auth_information);
1549 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1550 hf_lsa_unknown_long, NULL);
1553 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1556 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1559 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1560 hf_lsa_unknown_long, NULL);
1563 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1566 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1568 proto_item_set_len(item, offset-old_offset);
1574 lsa_dissect_LSA_TRUST_INFORMATION_array(tvbuff_t *tvb, int offset,
1575 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1577 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1578 lsa_dissect_LSA_TRUST_INFORMATION);
1584 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
1585 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1587 proto_item *item=NULL;
1588 proto_tree *tree=NULL;
1589 int old_offset=offset;
1592 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1593 "LSA_REFERENCED_DOMAIN_LIST:");
1594 tree = proto_item_add_subtree(item, ett_lsa_referenced_domain_list);
1598 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1599 hf_lsa_count, NULL);
1601 /* trust information */
1602 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1603 lsa_dissect_LSA_TRUST_INFORMATION_array, NDR_POINTER_UNIQUE,
1604 "TRUST INFORMATION array:", -1);
1607 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1608 hf_lsa_max_count, NULL);
1610 proto_item_set_len(item, offset-old_offset);
1615 lsa_dissect_lsarlookupsids_reply(tvbuff_t *tvb, int offset,
1616 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1618 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1619 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
1620 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
1622 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1623 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1624 "LSA_TRANSLATED_NAMES pointer: names", -1);
1626 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1627 hf_lsa_num_mapped, NULL);
1629 offset = dissect_ntstatus(
1630 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1637 lsa_dissect_lsarsetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1638 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1640 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1641 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1643 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1644 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1645 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1652 lsa_dissect_lsarsetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1653 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1655 offset = dissect_ntstatus(
1656 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1663 lsa_dissect_lsargetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1664 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1666 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1667 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1674 lsa_dissect_lsargetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1675 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1677 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1678 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1679 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1681 offset = dissect_ntstatus(
1682 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1689 lsa_dissect_lsarsetinformationpolicy_rqst(tvbuff_t *tvb, int offset,
1690 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1692 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1693 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1695 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1696 hf_lsa_policy_information_class, NULL);
1698 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1699 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
1700 "POLICY_INFORMATION pointer: info", -1);
1707 lsa_dissect_lsarsetinformationpolicy_reply(tvbuff_t *tvb, int offset,
1708 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1710 offset = dissect_ntstatus(
1711 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1718 lsa_dissect_lsarclearauditlog_rqst(tvbuff_t *tvb, int offset,
1719 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1721 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1722 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1724 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
1727 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1728 hf_lsa_unknown_long, NULL);
1735 lsa_dissect_lsarclearauditlog_reply(tvbuff_t *tvb, int offset,
1736 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1738 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1739 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1741 offset = dissect_ntstatus(
1742 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1748 lsa_dissect_lsargetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1749 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1751 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1752 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1759 lsa_dissect_lsargetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1760 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1762 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1765 offset = dissect_ntstatus(
1766 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1773 lsa_dissect_lsarsetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1774 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1776 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1777 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1779 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1787 lsa_dissect_lsarsetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1788 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1790 offset = dissect_ntstatus(
1791 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1798 lsa_dissect_lsaropentrusteddomain_rqst(tvbuff_t *tvb, int offset,
1799 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1801 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1802 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1804 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
1806 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
1814 lsa_dissect_lsaropentrusteddomain_reply(tvbuff_t *tvb, int offset,
1815 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1817 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1818 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1820 offset = dissect_ntstatus(
1821 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1828 lsa_dissect_lsardeletetrusteddomain_rqst(tvbuff_t *tvb, int offset,
1829 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1831 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1832 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1834 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
1841 lsa_dissect_lsardeletetrusteddomain_reply(tvbuff_t *tvb, int offset,
1842 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1844 offset = dissect_ntstatus(
1845 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1851 dissect_nt_LUID(tvbuff_t *tvb, int offset,
1852 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1854 proto_item *item=NULL;
1855 proto_tree *tree=NULL;
1856 int old_offset=offset;
1859 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1861 tree = proto_item_add_subtree(item, ett_LUID);
1864 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1865 hf_nt_luid_low, NULL);
1867 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1868 hf_nt_luid_high, NULL);
1870 proto_item_set_len(item, offset-old_offset);
1875 lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset,
1876 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1878 proto_item *item=NULL;
1879 proto_tree *tree=NULL;
1880 int old_offset=offset;
1883 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1885 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
1888 /* privilege name */
1889 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1890 hf_lsa_privilege_name, 0);
1893 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1895 proto_item_set_len(item, offset-old_offset);
1900 lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset,
1901 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1903 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1904 lsa_dissect_LSA_PRIVILEGE);
1910 lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset,
1911 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
1913 proto_item *item=NULL;
1914 proto_tree *tree=NULL;
1915 int old_offset=offset;
1918 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1920 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES);
1923 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1924 hf_lsa_count, NULL);
1927 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1928 lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE,
1929 "LSA_PRIVILEGE array:", -1);
1931 proto_item_set_len(item, offset-old_offset);
1936 lsa_dissect_lsarenumerateprivileges_rqst(tvbuff_t *tvb, int offset,
1937 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1939 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1940 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1942 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1943 hf_lsa_count, NULL);
1945 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1952 lsa_dissect_lsarenumerateprivileges_reply(tvbuff_t *tvb, int offset,
1953 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1955 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1956 hf_lsa_count, NULL);
1958 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1959 lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF,
1960 "LSA_PRIVILEGES pointer: privs", -1);
1962 offset = dissect_ntstatus(
1963 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1969 lsa_dissect_lsarlookupprivilegevalue_rqst(tvbuff_t *tvb, int offset,
1970 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1972 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1973 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1975 /* privilege name */
1976 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1977 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1978 "NAME pointer: ", hf_lsa_privilege_name);
1985 lsa_dissect_lsarlookupprivilegevalue_reply(tvbuff_t *tvb, int offset,
1986 packet_info *pinfo, proto_tree *tree, guint8 *drep)
1990 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1992 offset = dissect_ntstatus(
1993 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2000 lsa_dissect_lsarlookupprivilegename_rqst(tvbuff_t *tvb, int offset,
2001 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2003 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2004 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2007 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2008 dissect_nt_LUID, NDR_POINTER_REF,
2009 "LUID pointer: value", -1);
2016 lsa_dissect_lsarlookupprivilegename_reply(tvbuff_t *tvb, int offset,
2017 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2019 /* [out, ref] LSA_UNICODE_STRING **name */
2020 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2021 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2022 "PRIVILEGE NAME pointer:", hf_lsa_privilege_name);
2024 offset = dissect_ntstatus(
2025 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2032 lsa_dissect_lsarenumerateprivilegesaccount_rqst(tvbuff_t *tvb, int offset,
2033 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2035 /* [in] LSA_HANDLE hnd */
2036 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2037 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2044 lsa_dissect_LUID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
2045 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
2047 proto_item *item=NULL;
2048 proto_tree *tree=NULL;
2049 int old_offset=offset;
2052 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2053 "LUID_AND_ATTRIBUTES:");
2054 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES);
2058 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
2061 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2064 proto_item_set_len(item, offset-old_offset);
2069 lsa_dissect_LUID_AND_ATTRIBUTES_array(tvbuff_t *tvb, int offset,
2070 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2072 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2073 lsa_dissect_LUID_AND_ATTRIBUTES);
2079 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2080 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
2082 proto_item *item=NULL;
2083 proto_tree *tree=NULL;
2084 int old_offset=offset;
2087 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2088 "LUID_AND_ATTRIBUTES_ARRAY:");
2089 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES_ARRAY);
2092 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2093 hf_lsa_count, NULL);
2095 /* luid and attributes */
2096 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2097 lsa_dissect_LUID_AND_ATTRIBUTES_array, NDR_POINTER_UNIQUE,
2098 "LUID_AND_ATTRIBUTES array:", -1);
2100 proto_item_set_len(item, offset-old_offset);
2105 lsa_dissect_lsarenumerateprivilegesaccount_reply(tvbuff_t *tvb, int offset,
2106 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2108 /* [out, ref] LUID_AND_ATTRIBUTES_ARRAY * *privs */
2109 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2110 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2111 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2113 offset = dissect_ntstatus(
2114 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2120 lsa_dissect_lsaraddprivilegestoaccount_rqst(tvbuff_t *tvb, int offset,
2121 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2123 /* [in] LSA_HANDLE hnd */
2124 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2125 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2127 /* [in, ref] LUID_AND_ATTRIBUTES_ARRAY *privs */
2128 offset = lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvb, offset,
2136 lsa_dissect_lsaraddprivilegestoaccount_reply(tvbuff_t *tvb, int offset,
2137 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2139 offset = dissect_ntstatus(
2140 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2146 lsa_dissect_lsarremoveprivilegesfromaccount_rqst(tvbuff_t *tvb, int offset,
2147 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2149 /* [in] LSA_HANDLE hnd */
2150 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2151 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2153 /* [in] char unknown */
2154 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2155 hf_lsa_unknown_char, NULL);
2157 /* [in, unique] LUID_AND_ATTRIBUTES_ARRAY *privs */
2158 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2159 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2160 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2167 lsa_dissect_lsarremoveprivilegesfromaccount_reply(tvbuff_t *tvb, int offset,
2168 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2170 offset = dissect_ntstatus(
2171 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2177 lsa_dissect_lsarenumerateaccounts_rqst(tvbuff_t *tvb, int offset,
2178 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2180 /* [in] LSA_HANDLE hnd */
2181 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2182 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2184 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2185 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2186 hf_lsa_resume_handle, NULL);
2188 /* [in] ULONG pref_maxlen */
2189 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2190 hf_lsa_max_count, NULL);
2196 lsa_dissect_lsarenumerateaccounts_reply(tvbuff_t *tvb, int offset,
2197 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2199 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2200 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2201 hf_lsa_resume_handle, NULL);
2203 /* [out, ref] PSID_ARRAY **accounts */
2204 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2205 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2208 offset = dissect_ntstatus(
2209 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2215 lsa_dissect_lsarcreatetrusteddomain_rqst(tvbuff_t *tvb, int offset,
2216 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2218 /* [in] LSA_HANDLE hnd_pol */
2219 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2220 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2222 /* [in, ref] LSA_TRUST_INFORMATION *domain */
2223 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2224 lsa_dissect_LSA_TRUST_INFORMATION, NDR_POINTER_REF,
2225 "LSA_TRUST_INFORMATION pointer: domain", -1);
2227 /* [in] ACCESS_MASK access */
2228 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2235 lsa_dissect_lsarcreatetrusteddomain_reply(tvbuff_t *tvb, int offset,
2236 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2238 /* [out] LSA_HANDLE *hnd */
2239 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2240 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2242 offset = dissect_ntstatus(
2243 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2249 lsa_dissect_lsarenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
2250 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2252 /* [in] LSA_HANDLE hnd */
2253 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2254 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2256 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2257 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2258 hf_lsa_resume_handle, NULL);
2260 /* [in] ULONG pref_maxlen */
2261 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2262 hf_lsa_max_count, NULL);
2268 lsa_dissect_LSA_TRUSTED_DOMAIN(tvbuff_t *tvb, int offset,
2269 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
2271 proto_item *item=NULL;
2272 proto_tree *tree=NULL;
2273 int old_offset=offset;
2276 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2278 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN);
2282 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2286 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
2288 proto_item_set_len(item, offset-old_offset);
2293 lsa_dissect_LSA_TRUSTED_DOMAIN_array(tvbuff_t *tvb, int offset,
2294 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2296 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2297 lsa_dissect_LSA_TRUSTED_DOMAIN);
2303 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
2304 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
2306 proto_item *item=NULL;
2307 proto_tree *tree=NULL;
2308 int old_offset=offset;
2311 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2312 "TRUSTED_DOMAIN_LIST:");
2313 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN_LIST);
2316 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2317 hf_lsa_count, NULL);
2320 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2321 lsa_dissect_LSA_TRUSTED_DOMAIN_array, NDR_POINTER_UNIQUE,
2322 "TRUSTED_DOMAIN array:", -1);
2324 proto_item_set_len(item, offset-old_offset);
2329 lsa_dissect_lsarenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
2330 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2332 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2333 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2334 hf_lsa_resume_handle, NULL);
2336 /* [out, ref] LSA_REFERENCED_DOMAIN_LIST *domains */
2337 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2338 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST, NDR_POINTER_REF,
2339 "LSA_TRUSTED_DOMAIN_LIST pointer: domains", -1);
2341 offset = dissect_ntstatus(
2342 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2349 lsa_dissect_LSA_UNICODE_STRING_item(tvbuff_t *tvb, int offset,
2350 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2354 di=pinfo->private_data;
2355 if(di->conformant_run){
2356 /*just a run to handle conformant arrays, nothing to dissect */
2360 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2367 lsa_dissect_LSA_UNICODE_STRING_array(tvbuff_t *tvb, int offset,
2368 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2370 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2371 lsa_dissect_LSA_UNICODE_STRING_item);
2377 lsa_dissect_LSA_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
2378 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2382 di=pinfo->private_data;
2384 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2385 hf_lsa_count, NULL);
2386 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2387 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2388 "UNICODE_STRING pointer: ", di->hf_index);
2394 lsa_dissect_LSA_TRANSLATED_SID(tvbuff_t *tvb, int offset,
2395 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2398 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2399 hf_lsa_sid_type, NULL);
2401 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2404 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2405 hf_lsa_index, NULL);
2411 lsa_dissect_LSA_TRANSLATED_SIDS_array(tvbuff_t *tvb, int offset,
2412 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2414 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2415 lsa_dissect_LSA_TRANSLATED_SID);
2421 lsa_dissect_LSA_TRANSLATED_SIDS(tvbuff_t *tvb, int offset,
2422 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
2424 proto_item *item=NULL;
2425 proto_tree *tree=NULL;
2426 int old_offset=offset;
2429 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2430 "LSA_TRANSLATED_SIDS:");
2431 tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
2435 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2436 hf_lsa_count, NULL);
2439 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2440 lsa_dissect_LSA_TRANSLATED_SIDS_array, NDR_POINTER_UNIQUE,
2441 "Translated SIDS", -1);
2443 proto_item_set_len(item, offset-old_offset);
2448 lsa_dissect_lsarlookupnames_rqst(tvbuff_t *tvb, int offset,
2449 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2451 /* [in] LSA_HANDLE hnd */
2452 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2453 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2455 /* [in] ULONG count */
2456 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2457 hf_lsa_count, NULL);
2459 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
2460 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2461 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
2462 "Account pointer: names", hf_lsa_acct);
2464 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2465 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2466 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2467 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2469 /* [in] USHORT level */
2470 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2471 hf_lsa_info_level, NULL);
2473 /* [in, out, ref] ULONG *num_mapped */
2474 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2475 hf_lsa_num_mapped, NULL);
2482 lsa_dissect_lsarlookupnames_reply(tvbuff_t *tvb, int offset,
2483 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2485 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
2486 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2487 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
2488 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
2490 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2491 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2492 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2493 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2495 /* [in, out, ref] ULONG *num_mapped */
2496 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2497 hf_lsa_num_mapped, NULL);
2499 offset = dissect_ntstatus(
2500 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2506 lsa_dissect_lsarcreatesecret_rqst(tvbuff_t *tvb, int offset,
2507 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2509 /* [in] LSA_HANDLE hnd_pol */
2510 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2511 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2513 /* [in, ref] LSA_UNICODE_STRING *name */
2514 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2517 /* [in] ACCESS_MASK access */
2518 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2525 lsa_dissect_lsarcreatesecret_reply(tvbuff_t *tvb, int offset,
2526 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2529 /* [out] LSA_HANDLE *hnd */
2530 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2531 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2533 offset = dissect_ntstatus(
2534 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2540 lsa_dissect_lsaropenaccount_rqst(tvbuff_t *tvb, int offset,
2541 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2543 /* [in] LSA_HANDLE hnd_pol */
2544 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2545 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2547 /* [in, ref] SID *account */
2548 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
2550 /* [in] ACCESS_MASK access */
2551 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2559 lsa_dissect_lsaropenaccount_reply(tvbuff_t *tvb, int offset,
2560 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2562 /* [out] LSA_HANDLE *hnd */
2563 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2564 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2566 offset = dissect_ntstatus(
2567 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2572 static const value_string trusted_info_level_vals[] = {
2573 {1, "Domain Name Information"},
2574 {2, "Controllers Information"},
2575 {3, "Posix Offset Information"},
2576 {4, "Password Information"},
2577 {5, "Domain Information Basic"},
2578 {6, "Domain Information Ex"},
2579 {7, "Domain Auth Information"},
2580 {8, "Domain Full Information"},
2581 {9, "Domain Security Descriptor"},
2582 {10, "Domain Private Information"},
2587 lsa_dissect_TRUSTED_DOMAIN_INFORMATION(tvbuff_t *tvb, int offset,
2588 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
2590 proto_item *item=NULL;
2591 proto_tree *tree=NULL;
2592 int old_offset=offset;
2596 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2597 "TRUSTED_DOMAIN_INFO:");
2598 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_info);
2601 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2602 hf_lsa_trusted_info_level, &level);
2604 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2607 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2611 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2612 hf_lsa_count, NULL);
2613 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2614 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2615 "Controllers pointer: ", hf_lsa_controller);
2618 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2619 hf_lsa_rid_offset, NULL);
2622 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2623 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2626 offset = lsa_dissect_LSA_TRUST_INFORMATION(tvb, offset,
2630 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2634 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2637 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2639 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2640 hf_lsa_rid_offset, NULL);
2641 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2644 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2647 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2649 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2650 hf_lsa_rid_offset, NULL);
2651 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2655 proto_item_set_len(item, offset-old_offset);
2660 lsa_dissect_lsarqueryinfotrusteddomain_rqst(tvbuff_t *tvb, int offset,
2661 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2663 /* [in] LSA_HANDLE hnd */
2664 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2665 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2667 /* [in] TRUSTED_INFORMATION_CLASS level */
2668 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2669 hf_lsa_trusted_info_level, NULL);
2676 lsa_dissect_lsarqueryinfotrusteddomain_reply(tvbuff_t *tvb, int offset,
2677 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2679 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info */
2680 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2681 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2682 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2684 offset = dissect_ntstatus(
2685 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2691 lsa_dissect_lsarsetinformationtrusteddomain_rqst(tvbuff_t *tvb, int offset,
2692 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2694 /* [in] LSA_HANDLE hnd */
2695 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2696 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2698 /* [in] TRUSTED_INFORMATION_CLASS level */
2699 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2700 hf_lsa_trusted_info_level, NULL);
2702 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info */
2703 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2704 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2705 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2712 lsa_dissect_lsarsetinformationtrusteddomain_reply(tvbuff_t *tvb, int offset,
2713 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2715 offset = dissect_ntstatus(
2716 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2722 lsa_dissect_lsaropensecret_rqst(tvbuff_t *tvb, int offset,
2723 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2725 /* [in] LSA_HANDLE hnd_pol */
2726 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2727 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2729 /* [in, ref] LSA_UNICODE_STRING *name */
2730 offset = dissect_ndr_counted_string_cb(
2731 tvb, offset, pinfo, tree, drep, hf_lsa_name,
2732 cb_wstr_postprocess,
2733 GINT_TO_POINTER(CB_STR_COL_INFO | 1));
2735 /* [in] ACCESS_MASK access */
2736 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2744 lsa_dissect_lsaropensecret_reply(tvbuff_t *tvb, int offset,
2745 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2747 /* [out] LSA_HANDLE *hnd */
2748 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2749 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2751 offset = dissect_ntstatus(
2752 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2758 lsa_dissect_lsarsetsecret_rqst(tvbuff_t *tvb, int offset,
2759 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2761 /* [in] LSA_HANDLE hnd */
2762 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2763 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2765 /* [in, unique] LSA_SECRET *new_val */
2766 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2767 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2768 "LSA_SECRET pointer: new_val", -1);
2770 /* [in, unique] LSA_SECRET *old_val */
2771 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2772 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2773 "LSA_SECRET pointer: old_val", -1);
2780 lsa_dissect_lsarsetsecret_reply(tvbuff_t *tvb, int offset,
2781 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2783 offset = dissect_ntstatus(
2784 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2790 lsa_dissect_lsarquerysecret_rqst(tvbuff_t *tvb, int offset,
2791 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2793 /* [in] LSA_HANDLE hnd */
2794 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2795 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2797 /* [in, out, unique] LSA_SECRET **curr_val */
2798 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2799 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2800 "LSA_SECRET pointer: curr_val", -1);
2802 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2803 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2804 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2805 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2807 /* [in, out, unique] LSA_SECRET **old_val */
2808 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2809 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2810 "LSA_SECRET pointer: old_val", -1);
2812 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2813 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2814 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2815 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2822 lsa_dissect_lsarquerysecret_reply(tvbuff_t *tvb, int offset,
2823 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2825 /* [in, out, unique] LSA_SECRET **curr_val */
2826 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2827 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2828 "LSA_SECRET pointer: curr_val", -1);
2830 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2831 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2832 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2833 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2835 /* [in, out, unique] LSA_SECRET **old_val */
2836 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2837 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2838 "LSA_SECRET pointer: old_val", -1);
2840 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2841 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2842 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2843 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2845 offset = dissect_ntstatus(
2846 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2852 lsa_dissect_lsardeleteobject_rqst(tvbuff_t *tvb, int offset,
2853 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2855 /* [in] LSA_HANDLE hnd */
2856 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2857 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2864 lsa_dissect_lsardeleteobject_reply(tvbuff_t *tvb, int offset,
2865 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2867 offset = dissect_ntstatus(
2868 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2874 lsa_dissect_lsarenumerateaccountswithuserright_rqst(tvbuff_t *tvb, int offset,
2875 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2877 /* [in] LSA_HANDLE hnd */
2878 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2879 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2881 /* [in, unique] LSA_UNICODE_STRING *rights */
2882 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2883 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2884 "LSA_UNICODE_STRING pointer: rights", hf_lsa_rights);
2890 lsa_dissect_lsarenumerateaccountswithuserright_reply(tvbuff_t *tvb, int offset,
2891 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2893 /* [out, ref] LSA_UNICODE_STRING_ARRAY *accounts */
2894 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2895 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2896 "Account pointer: names", hf_lsa_acct);
2898 offset = dissect_ntstatus(
2899 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2905 lsa_dissect_lsarenumerateaccountrights_rqst(tvbuff_t *tvb, int offset,
2906 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2908 /* [in] LSA_HANDLE hnd */
2909 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2910 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2912 /* [in, ref] SID *account */
2913 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
2920 lsa_dissect_lsarenumerateaccountrights_reply(tvbuff_t *tvb, int offset,
2921 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2923 /* [out, ref] LSA_UNICODE_STRING_ARRAY *rights */
2924 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2925 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2926 "Account pointer: rights", hf_lsa_rights);
2928 offset = dissect_ntstatus(
2929 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2935 lsa_dissect_lsaraddaccountrights_rqst(tvbuff_t *tvb, int offset,
2936 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2938 /* [in] LSA_HANDLE hnd */
2939 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2940 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2942 /* [in, ref] SID *account */
2943 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
2945 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2946 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2947 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2948 "Account pointer: rights", hf_lsa_rights);
2955 lsa_dissect_lsaraddaccountrights_reply(tvbuff_t *tvb, int offset,
2956 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2958 offset = dissect_ntstatus(
2959 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2965 lsa_dissect_lsarremoveaccountrights_rqst(tvbuff_t *tvb, int offset,
2966 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2968 /* [in] LSA_HANDLE hnd */
2969 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2970 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2972 /* [in, ref] SID *account */
2973 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
2976 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2977 hf_lsa_remove_all, NULL);
2979 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2980 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2981 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2982 "Account pointer: rights", hf_lsa_rights);
2989 lsa_dissect_lsarremoveaccountrights_reply(tvbuff_t *tvb, int offset,
2990 packet_info *pinfo, proto_tree *tree, guint8 *drep)
2992 offset = dissect_ntstatus(
2993 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3000 lsa_dissect_lsarquerytrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3001 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3003 /* [in] LSA_HANDLE handle */
3004 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3005 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3007 /* [in, ref] LSA_UNICODE_STRING *name */
3009 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3012 /* [in] TRUSTED_INFORMATION_CLASS level */
3013 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3014 hf_lsa_trusted_info_level, NULL);
3021 lsa_dissect_lsarquerytrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3022 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3024 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3025 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3026 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3027 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3029 offset = dissect_ntstatus(
3030 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3037 lsa_dissect_lsarsettrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3038 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3040 /* [in] LSA_HANDLE handle */
3041 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3042 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3044 /* [in, ref] LSA_UNICODE_STRING *name */
3046 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3049 /* [in] TRUSTED_INFORMATION_CLASS level */
3050 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3051 hf_lsa_trusted_info_level, NULL);
3053 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3054 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3055 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3056 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3063 lsa_dissect_lsarsettrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3064 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3066 offset = dissect_ntstatus(
3067 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3073 lsa_dissect_lsarquerytrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3074 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3076 /* [in] LSA_HANDLE handle */
3077 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3078 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3080 /* [in, ref] SID *sid */
3081 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
3083 /* [in] TRUSTED_INFORMATION_CLASS level */
3084 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3085 hf_lsa_trusted_info_level, NULL);
3091 lsa_dissect_lsaropentrusteddomainbyname_rqst(tvbuff_t *tvb, int offset,
3092 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3094 /* [in] LSA_HANDLE handle */
3095 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3096 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3098 /* [in, ref] LSA_UNICODE_STRING *name */
3100 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3103 /* [in] ACCESS_MASK access */
3104 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3112 lsa_dissect_lsaropentrusteddomainbyname_reply(tvbuff_t *tvb, int offset,
3113 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3115 /* [out] LSA_HANDLE handle */
3116 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3117 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3119 offset = dissect_ntstatus(
3120 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3128 lsa_dissect_lsarquerytrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3129 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3131 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3132 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3133 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3134 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3136 offset = dissect_ntstatus(
3137 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3143 lsa_dissect_lsarsettrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3144 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3146 /* [in] LSA_HANDLE handle */
3147 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3148 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3150 /* [in, ref] SID *sid */
3151 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
3153 /* [in] TRUSTED_INFORMATION_CLASS level */
3154 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3155 hf_lsa_trusted_info_level, NULL);
3157 /* [ref, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3158 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3159 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3160 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3167 lsa_dissect_lsarsettrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3168 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3170 offset = dissect_ntstatus(
3171 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3177 lsa_dissect_lsarqueryinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3178 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3180 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3181 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3183 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3184 hf_lsa_policy_information_class, NULL);
3190 lsa_dissect_lsarqueryinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3191 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3193 /* This is really a pointer to a pointer though the first level is REF
3194 so we just ignore that one */
3195 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3196 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
3197 "POLICY_INFORMATION pointer: info", -1);
3199 offset = dissect_ntstatus(
3200 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3206 lsa_dissect_lsarsetinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3207 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3209 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3210 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3212 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3213 hf_lsa_policy_information_class, NULL);
3215 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3216 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3217 "POLICY_INFORMATION pointer: info", -1);
3223 lsa_dissect_lsarsetinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3224 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3226 offset = dissect_ntstatus(
3227 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3233 lsa_dissect_lsarquerydomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3234 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3236 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3237 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3239 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3240 hf_lsa_policy_information_class, NULL);
3246 lsa_dissect_lsarquerydomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3247 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3249 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3250 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3251 "POLICY_INFORMATION pointer: info", -1);
3253 offset = dissect_ntstatus(
3254 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3260 lsa_dissect_lsarsetdomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3261 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3263 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3264 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3266 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3267 hf_lsa_policy_information_class, NULL);
3269 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3270 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3271 "POLICY_INFORMATION pointer: info", -1);
3277 lsa_dissect_lsarsetdomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3278 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3280 offset = dissect_ntstatus(
3281 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3287 lsa_dissect_lsarlookupnames2_rqst(tvbuff_t *tvb, int offset,
3288 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3290 /* [in] LSA_HANDLE hnd */
3291 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3292 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3294 /* [in] ULONG count */
3295 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3296 hf_lsa_count, NULL);
3298 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
3299 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3300 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
3301 "Account pointer: names", hf_lsa_acct);
3303 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3304 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3305 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3306 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3308 /* [in] USHORT level */
3309 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3310 hf_lsa_info_level, NULL);
3312 /* [in, out, ref] ULONG *num_mapped */
3313 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3314 hf_lsa_num_mapped, NULL);
3317 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3318 hf_lsa_unknown_long, NULL);
3321 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3322 hf_lsa_unknown_long, NULL);
3329 lsa_dissect_lsarlookupnames2_reply(tvbuff_t *tvb, int offset,
3330 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3332 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
3333 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3334 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3335 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3337 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3338 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3339 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3340 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3342 /* [in, out, ref] ULONG *num_mapped */
3343 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3344 hf_lsa_num_mapped, NULL);
3346 offset = dissect_ntstatus(
3347 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3354 lsa_dissect_lsarcreateaccount_rqst(tvbuff_t *tvb, int offset,
3355 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3357 /* [in] LSA_HANDLE hnd */
3358 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3359 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3361 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
3363 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3370 lsa_dissect_lsarcreateaccount_reply(tvbuff_t *tvb, int offset,
3371 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3373 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3374 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3376 offset = dissect_ntstatus(
3377 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3383 lsa_dissect_lsarlookupprivilegedisplayname_rqst(tvbuff_t *tvb, int offset,
3384 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3386 /* [in] LSA_HANDLE hnd */
3387 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3388 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3390 /* [in, ref] LSA_UNICODE_STRING *name */
3391 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3392 hf_lsa_privilege_name, 0);
3394 /* [in, ref] long *size */
3395 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3396 hf_lsa_privilege_display_name_size, NULL);
3403 lsa_dissect_lsarlookupprivilegedisplayname_reply(tvbuff_t *tvb, int offset,
3404 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3406 /* [out, ref] LSA_UNICODE_STRING **disp_name */
3407 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3408 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3409 "NAME pointer: ", hf_lsa_privilege_display_name);
3411 /* [out, ref] long *size */
3412 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3413 hf_lsa_privilege_display_name_size, NULL);
3415 offset = dissect_ntstatus(
3416 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3422 lsa_dissect_lsarstoreprivatedata_rqst(tvbuff_t *tvb, int offset,
3423 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3425 /* [in] LSA_HANDLE hnd */
3426 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3427 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3429 /* [in, ref] LSA_UNICODE_STRING *key */
3430 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3433 /* [in, unique] LSA_SECRET **data */
3434 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3435 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
3436 "LSA_SECRET* pointer: data", -1);
3443 lsa_dissect_lsarstoreprivatedata_reply(tvbuff_t *tvb, int offset,
3444 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3446 offset = dissect_ntstatus(
3447 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3453 lsa_dissect_lsarretrieveprivatedata_rqst(tvbuff_t *tvb, int offset,
3454 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3456 /* [in] LSA_HANDLE hnd */
3457 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3458 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3460 /* [in, ref] LSA_UNICODE_STRING *key */
3461 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3464 /* [in, out, ref] LSA_SECRET **data */
3465 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3466 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3467 "LSA_SECRET* pointer: data", -1);
3474 lsa_dissect_lsarretrieveprivatedata_reply(tvbuff_t *tvb, int offset,
3475 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3477 /* [in, out, ref] LSA_SECRET **data */
3478 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3479 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3480 "LSA_SECRET* pointer: data", -1);
3482 offset = dissect_ntstatus(
3483 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3489 lsa_dissect_lsarclosetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3490 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3493 /* [in, out] LSA_HANDLE *tdHnd */
3494 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3495 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3502 lsa_dissect_lsarclosetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3503 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3506 /* [in, out] LSA_HANDLE *tdHnd */
3507 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3508 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3510 offset = dissect_ntstatus(
3511 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3517 lsa_dissect_LSA_TRANSLATED_NAME_EX(tvbuff_t *tvb, int offset,
3518 packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
3520 proto_item *item=NULL;
3521 proto_tree *tree=NULL;
3522 int old_offset=offset;
3525 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3526 "LSA_TRANSLATED_NAME:");
3527 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
3531 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3532 hf_lsa_sid_type, NULL);
3535 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3539 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3540 hf_lsa_index, NULL);
3543 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3544 hf_lsa_unknown_long, NULL);
3546 proto_item_set_len(item, offset-old_offset);
3551 lsa_dissect_LSA_TRANSLATED_NAME_EX_array(tvbuff_t *tvb, int offset,
3552 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3554 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3555 lsa_dissect_LSA_TRANSLATED_NAME_EX);
3560 lsa_dissect_LSA_TRANSLATED_NAMES_EX(tvbuff_t *tvb, int offset,
3561 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3564 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3565 hf_lsa_count, NULL);
3567 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3568 lsa_dissect_LSA_TRANSLATED_NAME_EX_array, NDR_POINTER_UNIQUE,
3569 "LSA_TRANSLATED_NAME_EX: pointer", -1);
3576 lsa_dissect_lsarlookupsids2_rqst(tvbuff_t *tvb, int offset,
3577 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3579 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3580 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3582 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3583 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3586 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3587 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3588 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3590 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3591 hf_lsa_info_level, NULL);
3593 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3594 hf_lsa_num_mapped, NULL);
3597 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3598 hf_lsa_unknown_long, NULL);
3601 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3602 hf_lsa_unknown_long, NULL);
3608 lsa_dissect_lsarlookupsids2_reply(tvbuff_t *tvb, int offset,
3609 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3611 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3612 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3613 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3615 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3616 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3617 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3619 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3620 hf_lsa_num_mapped, NULL);
3622 offset = dissect_ntstatus(
3623 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3629 lsa_dissect_lsargetusername_rqst(tvbuff_t *tvb, int offset,
3630 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3633 /* [in, unique, string] WCHAR *server */
3634 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3635 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
3636 "Server:", hf_lsa_server);
3638 /* [in, out, ref] LSA_UNICODE_STRING **user */
3639 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3640 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3641 "ACCOUNT pointer: ", hf_lsa_acct);
3643 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3644 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3645 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3646 "DOMAIN pointer: ", hf_lsa_domain);
3653 lsa_dissect_lsargetusername_reply(tvbuff_t *tvb, int offset,
3654 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3656 /* [in, out, ref] LSA_UNICODE_STRING **user */
3657 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3658 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3659 "ACCOUNT pointer: ", hf_lsa_acct);
3661 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3662 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3663 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3664 "DOMAIN pointer: ", hf_lsa_domain);
3666 offset = dissect_ntstatus(
3667 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3673 lsa_dissect_lsarcreatetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3674 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3676 /* [in] LSA_HANDLE hnd */
3677 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3678 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3680 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3681 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3682 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3683 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3685 /* [in, ref] TRUSTED_DOMAIN_AUTH_INFORMATION *auth */
3686 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3687 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION, NDR_POINTER_REF,
3688 "TRUSTED_DOMAIN_AUTH_INFORMATION pointer: auth", -1);
3690 /* [in] ACCESS_MASK mask */
3691 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3699 lsa_dissect_lsarcreatetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3700 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3702 /* [out] LSA_HANDLE *tdHnd) */
3703 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3704 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3706 offset = dissect_ntstatus(
3707 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3713 lsa_dissect_lsarenumeratetrusteddomainsex_rqst(tvbuff_t *tvb, int offset,
3714 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3716 /* [in] LSA_HANDLE hnd */
3717 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3718 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3720 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3721 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3722 hf_lsa_resume_handle, NULL);
3724 /* [in] ULONG pref_maxlen */
3725 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3726 hf_lsa_max_count, NULL);
3733 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array(tvbuff_t *tvb, int offset,
3734 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3736 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3737 lsa_dissect_LSA_TRUST_INFORMATION_EX);
3743 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX(tvbuff_t *tvb, int offset,
3744 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3747 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3748 hf_lsa_count, NULL);
3750 /* trust information */
3751 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3752 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array, NDR_POINTER_UNIQUE,
3753 "TRUST INFORMATION array:", -1);
3756 /* The original code here was wrong. It now handles these correctly */
3757 /*offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3758 hf_lsa_max_count, NULL);
3765 lsa_dissect_lsarenumeratetrusteddomainsex_reply(tvbuff_t *tvb, int offset,
3766 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3768 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3769 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3770 hf_lsa_resume_handle, NULL);
3772 /* [out, ref] TRUSTED_DOMAIN_INFORMATION_LIST_EX *domains */
3773 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3774 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX, NDR_POINTER_REF,
3775 "TRUSTED_DOMAIN_INFORMATION_LIST_EX pointer: domains", -1);
3777 offset = dissect_ntstatus(
3778 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3784 lsa_dissect_lsartestcall_rqst(tvbuff_t *tvb, int offset,
3785 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3787 /* [in] LSA_HANDLE handle */
3788 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3789 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3791 /* [in] USHORT flag */
3792 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3793 hf_lsa_unknown_short, NULL);
3795 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3796 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3797 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3798 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3805 lsa_dissect_lsartestcall_reply(tvbuff_t *tvb, int offset,
3806 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3808 /* [out, ref] LSA_SECURITY_DESCRIPTOR **psd) */
3809 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3810 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3811 "LSA_SECURITY_DESCRIPTOR pointer: psd)", -1);
3813 offset = dissect_ntstatus(
3814 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3820 lsa_dissect_lsarcreatetrusteddomainex2_rqst(tvbuff_t *tvb, int offset,
3821 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3823 /* [in] LSA_HANDLE hnd */
3824 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3825 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3827 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3828 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3829 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3830 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3832 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3833 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3834 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3835 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3837 /* [in] ULONG unknown */
3838 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3839 hf_lsa_unknown_long, NULL);
3846 lsa_dissect_lsarcreatetrusteddomainex2_reply(tvbuff_t *tvb, int offset,
3847 packet_info *pinfo, proto_tree *tree, guint8 *drep)
3849 /* [out] LSA_HANDLE *h2) */
3850 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3851 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3853 offset = dissect_ntstatus(
3854 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3860 static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
3861 { LSA_LSARCLOSE, "LsarClose",
3862 lsa_dissect_lsarclose_rqst,
3863 lsa_dissect_lsarclose_reply },
3864 { LSA_LSARDELETE, "LsarDelete",
3865 lsa_dissect_lsardelete_rqst,
3866 lsa_dissect_lsardelete_reply },
3867 { LSA_LSARENUMERATEPRIVILEGES, "LsarEnumeratePrivileges",
3868 lsa_dissect_lsarenumerateprivileges_rqst,
3869 lsa_dissect_lsarenumerateprivileges_reply },
3870 { LSA_LSARQUERYSECURITYOBJECT, "LsarQuerySecurityObject",
3871 lsa_dissect_lsarquerysecurityobject_rqst,
3872 lsa_dissect_lsarquerysecurityobject_reply },
3873 { LSA_LSARSETSECURITYOBJECT, "LsarSetSecurityObject",
3874 lsa_dissect_lsarsetsecurityobject_rqst,
3875 lsa_dissect_lsarsetsecurityobject_reply },
3876 { LSA_LSARCHANGEPASSWORD, "LsarChangePassword",
3877 lsa_dissect_lsarchangepassword_rqst,
3878 lsa_dissect_lsarchangepassword_reply },
3879 { LSA_LSAROPENPOLICY, "LsarOpenPolicy",
3880 lsa_dissect_lsaropenpolicy_rqst,
3881 lsa_dissect_lsaropenpolicy_reply },
3882 { LSA_LSARQUERYINFORMATIONPOLICY, "LsarQueryInformationPolicy",
3883 lsa_dissect_lsarqueryinformationpolicy_rqst,
3884 lsa_dissect_lsarqueryinformationpolicy_reply },
3885 { LSA_LSARSETINFORMATIONPOLICY, "LsarSetInformationPolicy",
3886 lsa_dissect_lsarsetinformationpolicy_rqst,
3887 lsa_dissect_lsarsetinformationpolicy_reply },
3888 { LSA_LSARCLEARAUDITLOG, "LsarClearAuditLog",
3889 lsa_dissect_lsarclearauditlog_rqst,
3890 lsa_dissect_lsarclearauditlog_reply },
3891 { LSA_LSARCREATEACCOUNT, "LsarCreateAccount",
3892 lsa_dissect_lsarcreateaccount_rqst,
3893 lsa_dissect_lsarcreateaccount_reply },
3894 { LSA_LSARENUMERATEACCOUNTS, "LsarEnumerateAccounts",
3895 lsa_dissect_lsarenumerateaccounts_rqst,
3896 lsa_dissect_lsarenumerateaccounts_reply },
3897 { LSA_LSARCREATETRUSTEDDOMAIN, "LsarCreateTrustedDomain",
3898 lsa_dissect_lsarcreatetrusteddomain_rqst,
3899 lsa_dissect_lsarcreatetrusteddomain_reply },
3900 { LSA_LSARENUMERATETRUSTEDDOMAINS, "LsarEnumerateTrustedDomains",
3901 lsa_dissect_lsarenumeratetrusteddomains_rqst,
3902 lsa_dissect_lsarenumeratetrusteddomains_reply },
3903 { LSA_LSARLOOKUPNAMES, "LsarLookupNames",
3904 lsa_dissect_lsarlookupnames_rqst,
3905 lsa_dissect_lsarlookupnames_reply },
3906 { LSA_LSARLOOKUPSIDS, "LsarLookupSids",
3907 lsa_dissect_lsarlookupsids_rqst,
3908 lsa_dissect_lsarlookupsids_reply },
3909 { LSA_LSARCREATESECRET, "LsarCreateSecret",
3910 lsa_dissect_lsarcreatesecret_rqst,
3911 lsa_dissect_lsarcreatesecret_reply },
3912 { LSA_LSAROPENACCOUNT, "LsarOpenAccount",
3913 lsa_dissect_lsaropenaccount_rqst,
3914 lsa_dissect_lsaropenaccount_reply },
3915 { LSA_LSARENUMERATEPRIVILEGESACCOUNT, "LsarEnumeratePrivilegesAccount",
3916 lsa_dissect_lsarenumerateprivilegesaccount_rqst,
3917 lsa_dissect_lsarenumerateprivilegesaccount_reply },
3918 { LSA_LSARADDPRIVILEGESTOACCOUNT, "LsarAddPrivilegesToAccount",
3919 lsa_dissect_lsaraddprivilegestoaccount_rqst,
3920 lsa_dissect_lsaraddprivilegestoaccount_reply },
3921 { LSA_LSARREMOVEPRIVILEGESFROMACCOUNT, "LsarRemovePrivilegesFromAccount",
3922 lsa_dissect_lsarremoveprivilegesfromaccount_rqst,
3923 lsa_dissect_lsarremoveprivilegesfromaccount_reply },
3924 { LSA_LSARGETQUOTASFORACCOUNT, "LsarGetQuotasForAccount",
3925 lsa_dissect_lsargetquotasforaccount_rqst,
3926 lsa_dissect_lsargetquotasforaccount_reply },
3927 { LSA_LSARSETQUOTASFORACCOUNT, "LsarSetQuotasForAccount",
3928 lsa_dissect_lsarsetquotasforaccount_rqst,
3929 lsa_dissect_lsarsetquotasforaccount_reply },
3930 { LSA_LSARGETSYSTEMACCESSACCOUNT, "LsarGetSystemAccessAccount",
3931 lsa_dissect_lsargetsystemaccessaccount_rqst,
3932 lsa_dissect_lsargetsystemaccessaccount_reply },
3933 { LSA_LSARSETSYSTEMACCESSACCOUNT, "LsarSetSystemAccessAccount",
3934 lsa_dissect_lsarsetsystemaccessaccount_rqst,
3935 lsa_dissect_lsarsetsystemaccessaccount_reply },
3936 { LSA_LSAROPENTRUSTEDDOMAIN, "LsarOpenTrustedDomain",
3937 lsa_dissect_lsaropentrusteddomain_rqst,
3938 lsa_dissect_lsaropentrusteddomain_reply },
3939 { LSA_LSARQUERYINFOTRUSTEDDOMAIN, "LsarQueryInfoTrustedDomain",
3940 lsa_dissect_lsarqueryinfotrusteddomain_rqst,
3941 lsa_dissect_lsarqueryinfotrusteddomain_reply },
3942 { LSA_LSARSETINFORMATIONTRUSTEDDOMAIN, "LsarSetInformationTrustedDomain",
3943 lsa_dissect_lsarsetinformationtrusteddomain_rqst,
3944 lsa_dissect_lsarsetinformationtrusteddomain_reply },
3945 { LSA_LSAROPENSECRET, "LsarOpenSecret",
3946 lsa_dissect_lsaropensecret_rqst,
3947 lsa_dissect_lsaropensecret_reply },
3948 { LSA_LSARSETSECRET, "LsarSetSecret",
3949 lsa_dissect_lsarsetsecret_rqst,
3950 lsa_dissect_lsarsetsecret_reply },
3951 { LSA_LSARQUERYSECRET, "LsarQuerySecret",
3952 lsa_dissect_lsarquerysecret_rqst,
3953 lsa_dissect_lsarquerysecret_reply },
3954 { LSA_LSARLOOKUPPRIVILEGEVALUE, "LsarLookupPrivilegeValue",
3955 lsa_dissect_lsarlookupprivilegevalue_rqst,
3956 lsa_dissect_lsarlookupprivilegevalue_reply },
3957 { LSA_LSARLOOKUPPRIVILEGENAME, "LsarLookupPrivilegeName",
3958 lsa_dissect_lsarlookupprivilegename_rqst,
3959 lsa_dissect_lsarlookupprivilegename_reply },
3960 { LSA_LSARLOOKUPPRIVILEGEDISPLAYNAME, "LsarLookupPrivilegeDisplayName",
3961 lsa_dissect_lsarlookupprivilegedisplayname_rqst,
3962 lsa_dissect_lsarlookupprivilegedisplayname_reply },
3963 { LSA_LSARDELETEOBJECT, "LsarDeleteObject",
3964 lsa_dissect_lsardeleteobject_rqst,
3965 lsa_dissect_lsardeleteobject_reply },
3966 { LSA_LSARENUMERATEACCOUNTSWITHUSERRIGHT, "LsarEnumerateAccountsWithUserRight",
3967 lsa_dissect_lsarenumerateaccountswithuserright_rqst,
3968 lsa_dissect_lsarenumerateaccountswithuserright_reply },
3969 { LSA_LSARENUMERATEACCOUNTRIGHTS, "LsarEnumerateAccountRights",
3970 lsa_dissect_lsarenumerateaccountrights_rqst,
3971 lsa_dissect_lsarenumerateaccountrights_reply },
3972 { LSA_LSARADDACCOUNTRIGHTS, "LsarAddAccountRights",
3973 lsa_dissect_lsaraddaccountrights_rqst,
3974 lsa_dissect_lsaraddaccountrights_reply },
3975 { LSA_LSARREMOVEACCOUNTRIGHTS, "LsarRemoveAccountRights",
3976 lsa_dissect_lsarremoveaccountrights_rqst,
3977 lsa_dissect_lsarremoveaccountrights_reply },
3978 { LSA_LSARQUERYTRUSTEDDOMAININFO, "LsarQueryTrustedDomainInfo",
3979 lsa_dissect_lsarquerytrusteddomaininfo_rqst,
3980 lsa_dissect_lsarquerytrusteddomaininfo_reply },
3981 { LSA_LSARSETTRUSTEDDOMAININFO, "LsarSetTrustedDomainInfo",
3982 lsa_dissect_lsarsettrusteddomaininfo_rqst,
3983 lsa_dissect_lsarsettrusteddomaininfo_reply },
3984 { LSA_LSARDELETETRUSTEDDOMAIN, "LsarDeleteTrustedDomain",
3985 lsa_dissect_lsardeletetrusteddomain_rqst,
3986 lsa_dissect_lsardeletetrusteddomain_reply },
3987 { LSA_LSARSTOREPRIVATEDATA, "LsarStorePrivateData",
3988 lsa_dissect_lsarstoreprivatedata_rqst,
3989 lsa_dissect_lsarstoreprivatedata_reply },
3990 { LSA_LSARRETRIEVEPRIVATEDATA, "LsarRetrievePrivateData",
3991 lsa_dissect_lsarretrieveprivatedata_rqst,
3992 lsa_dissect_lsarretrieveprivatedata_reply },
3993 { LSA_LSAROPENPOLICY2, "LsarOpenPolicy2",
3994 lsa_dissect_lsaropenpolicy2_rqst,
3995 lsa_dissect_lsaropenpolicy2_reply },
3996 { LSA_LSARGETUSERNAME, "LsarGetUserName",
3997 lsa_dissect_lsargetusername_rqst,
3998 lsa_dissect_lsargetusername_reply },
3999 { LSA_LSARQUERYINFORMATIONPOLICY2, "LsarQueryInformationPolicy2",
4000 lsa_dissect_lsarqueryinformationpolicy2_rqst,
4001 lsa_dissect_lsarqueryinformationpolicy2_reply },
4002 { LSA_LSARSETINFORMATIONPOLICY2, "LsarSetInformationPolicy2",
4003 lsa_dissect_lsarsetinformationpolicy2_rqst,
4004 lsa_dissect_lsarsetinformationpolicy2_reply },
4005 { LSA_LSARQUERYTRUSTEDDOMAININFOBYNAME, "LsarQueryTrustedDomainInfoByName",
4006 lsa_dissect_lsarquerytrusteddomaininfobyname_rqst,
4007 lsa_dissect_lsarquerytrusteddomaininfobyname_reply },
4008 { LSA_LSARSETTRUSTEDDOMAININFOBYNAME, "LsarSetTrustedDomainInfoByName",
4009 lsa_dissect_lsarsettrusteddomaininfobyname_rqst,
4010 lsa_dissect_lsarsettrusteddomaininfobyname_reply },
4011 { LSA_LSARENUMERATETRUSTEDDOMAINSEX, "LsarEnumerateTrustedDomainsEx",
4012 lsa_dissect_lsarenumeratetrusteddomainsex_rqst,
4013 lsa_dissect_lsarenumeratetrusteddomainsex_reply },
4014 { LSA_LSARCREATETRUSTEDDOMAINEX, "LsarCreateTrustedDomainEx",
4015 lsa_dissect_lsarcreatetrusteddomainex_rqst,
4016 lsa_dissect_lsarcreatetrusteddomainex_reply },
4017 { LSA_LSARCLOSETRUSTEDDOMAINEX, "LsarCloseTrustedDomainEx",
4018 lsa_dissect_lsarclosetrusteddomainex_rqst,
4019 lsa_dissect_lsarclosetrusteddomainex_reply },
4020 { LSA_LSARQUERYDOMAININFORMATIONPOLICY, "LsarQueryDomainInformationPolicy",
4021 lsa_dissect_lsarquerydomaininformationpolicy_rqst,
4022 lsa_dissect_lsarquerydomaininformationpolicy_reply },
4023 { LSA_LSARSETDOMAININFORMATIONPOLICY, "LsarSetDomainInformationPolicy",
4024 lsa_dissect_lsarsetdomaininformationpolicy_rqst,
4025 lsa_dissect_lsarsetdomaininformationpolicy_reply },
4026 { LSA_LSAROPENTRUSTEDDOMAINBYNAME, "LsarOpenTrustedDomainByName",
4027 lsa_dissect_lsaropentrusteddomainbyname_rqst,
4028 lsa_dissect_lsaropentrusteddomainbyname_reply },
4029 { LSA_LSARTESTCALL, "LsarTestCall",
4030 lsa_dissect_lsartestcall_rqst,
4031 lsa_dissect_lsartestcall_reply },
4032 { LSA_LSARLOOKUPSIDS2, "LsarLookupSids2",
4033 lsa_dissect_lsarlookupsids2_rqst,
4034 lsa_dissect_lsarlookupsids2_reply },
4035 { LSA_LSARLOOKUPNAMES2, "LsarLookupNames2",
4036 lsa_dissect_lsarlookupnames2_rqst,
4037 lsa_dissect_lsarlookupnames2_reply },
4038 { LSA_LSARCREATETRUSTEDDOMAINEX2, "LsarCreateTrustedDomainEx2",
4039 lsa_dissect_lsarcreatetrusteddomainex2_rqst,
4040 lsa_dissect_lsarcreatetrusteddomainex2_reply },
4041 { LSA_CREDRWRITE, "CredrWrite", NULL, NULL },
4042 { LSA_CREDRREAD, "CredrRead", NULL, NULL },
4043 { LSA_CREDRENUMERATE, "CredrEnumerate", NULL, NULL },
4044 { LSA_CREDRWRITEDOMAINCREDENTIALS, "CredrWriteDomainCredentials",
4046 { LSA_CREDRREADDOMAINCREDENTIALS, "CredrReadDomainCredentials",
4048 { LSA_CREDRDELETE, "CredrDelete", NULL, NULL },
4049 { LSA_CREDRGETTARGETINFO, "CredrGetTargetInfo", NULL, NULL },
4050 { LSA_CREDRPROFILELOADED, "CredrProfileLoaded", NULL, NULL },
4051 { LSA_LSARLOOKUPNAMES3, "LsarLookupNames3", NULL, NULL },
4052 { LSA_CREDRGETSESSIONTYPES, "CredrGetSessionTypes", NULL, NULL },
4053 { LSA_LSARREGISTERAUDITEVENT, "LsarRegisterAuditEvent", NULL, NULL },
4054 { LSA_LSARGENAUDITEVENT, "LsarGenAuditEvent", NULL, NULL },
4055 { LSA_LSARUNREGISTERAUDITEVENT, "LsarUnregisterAuditEvent", NULL, NULL},
4056 { LSA_LSARQUERYFORESTTRUSTINFORMATION,
4057 "LsarQueryForestTrustInformation", NULL, NULL },
4058 { LSA_LSARSETFORESTTRUSTINFORMATION, "LsarSetForestTrustInformation",
4060 { LSA_CREDRRENAME, "CredrRename", NULL, NULL },
4061 { LSA_LSARLOOKUPSIDS3, "LsarLookupSids3", NULL, NULL },
4062 { LSA_LSARLOOKUPNAMES4, "LsarLookupNames4", NULL, NULL },
4063 { LSA_LSAROPENPOLICYSCE, "LsarOpenPolicySce", NULL, NULL },
4064 { LSA_LSARADTREGISTERSECURITYEVENTSOURCE,
4065 "LsarAdtRegisterSecurityEventSource", NULL, NULL },
4066 { LSA_LSARADTUNREGISTERSECURITYEVENTSOURCE,
4067 "LsarAdtUnregisterSecurityEventSource", NULL, NULL },
4068 { LSA_LSARADTREPORTSECURITYEVENT, "LsarAdtReportSecurityEvent",
4070 {0, NULL, NULL, NULL}
4074 proto_register_dcerpc_lsa(void)
4076 static hf_register_info hf[] = {
4079 { "Operation", "lsa.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "Operation", HFILL }},
4081 { &hf_lsa_unknown_string,
4082 { "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
4083 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
4086 { "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
4087 NULL, 0x0, "LSA policy handle", HFILL }},
4090 { "Server", "lsa.server", FT_STRING, BASE_NONE,
4091 NULL, 0, "Name of Server", HFILL }},
4093 { &hf_lsa_controller,
4094 { "Controller", "lsa.controller", FT_STRING, BASE_NONE,
4095 NULL, 0, "Name of Domain Controller", HFILL }},
4097 { &hf_lsa_unknown_hyper,
4098 { "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
4099 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4101 { &hf_lsa_unknown_long,
4102 { "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
4103 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4105 { &hf_lsa_unknown_short,
4106 { "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
4107 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4109 { &hf_lsa_unknown_char,
4110 { "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
4111 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4114 { "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
4115 VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
4118 { "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
4119 NULL, 0x0, "LSA Attributes", HFILL }},
4121 { &hf_lsa_obj_attr_len,
4122 { "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
4123 NULL, 0x0, "Length of object attribute structure", HFILL }},
4125 { &hf_lsa_obj_attr_name,
4126 { "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
4127 NULL, 0x0, "Name of object attribute", HFILL }},
4129 { &hf_lsa_access_mask,
4130 { "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
4131 NULL, 0x0, "LSA Access Mask", HFILL }},
4133 { &hf_lsa_info_level,
4134 { "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
4135 NULL, 0x0, "Information level of requested data", HFILL }},
4137 { &hf_lsa_trusted_info_level,
4138 { "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
4139 VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
4142 { "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
4143 NULL, 0x0, "Size of lsa security descriptor", HFILL }},
4146 { "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
4147 NULL, 0x0, "Length of quality of service structure", HFILL }},
4149 { &hf_lsa_qos_impersonation_level,
4150 { "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
4151 VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
4153 { &hf_lsa_qos_track_context,
4154 { "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
4155 NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
4157 { &hf_lsa_qos_effective_only,
4158 { "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
4159 NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
4161 { &hf_lsa_pali_percent_full,
4162 { "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
4163 NULL, 0x0, "How full audit log is in percentage", HFILL }},
4165 { &hf_lsa_pali_log_size,
4166 { "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
4167 NULL, 0x0, "Size of audit log", HFILL }},
4169 { &hf_lsa_pali_retention_period,
4170 { "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
4171 NULL, 0x0, "", HFILL }},
4173 { &hf_lsa_pali_time_to_shutdown,
4174 { "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
4175 NULL, 0x0, "Time to shutdown", HFILL }},
4177 { &hf_lsa_pali_shutdown_in_progress,
4178 { "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
4179 NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
4181 { &hf_lsa_pali_next_audit_record,
4182 { "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
4183 NULL, 0x0, "Next audit record", HFILL }},
4185 { &hf_lsa_paei_enabled,
4186 { "Enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
4187 NULL, 0x0, "If Audit Events Information is Enabled or not", HFILL }},
4189 { &hf_lsa_paei_settings,
4190 { "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
4191 NULL, 0x0, "Audit Events Information settings", HFILL }},
4194 { "Count", "lsa.count", FT_UINT32, BASE_DEC,
4195 NULL, 0x0, "Count of objects", HFILL }},
4197 { &hf_lsa_max_count,
4198 { "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
4199 NULL, 0x0, "", HFILL }},
4202 { "FQDN", "lsa.fqdn_domain", FT_STRING, BASE_NONE,
4203 NULL, 0x0, "Fully Qualified Domain Name", HFILL }},
4206 { "Domain", "lsa.domain", FT_STRING, BASE_NONE,
4207 NULL, 0x0, "Domain", HFILL }},
4210 { "Account", "lsa.acct", FT_STRING, BASE_NONE,
4211 NULL, 0x0, "Account", HFILL }},
4214 { "Source", "lsa.source", FT_STRING, BASE_NONE,
4215 NULL, 0x0, "Replica Source", HFILL }},
4217 { &hf_lsa_server_role,
4218 { "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
4219 VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
4221 { &hf_lsa_quota_paged_pool,
4222 { "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
4223 NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
4225 { &hf_lsa_quota_non_paged_pool,
4226 { "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
4227 NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
4229 { &hf_lsa_quota_min_wss,
4230 { "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
4231 NULL, 0x0, "Size of Quota Min WSS", HFILL }},
4233 { &hf_lsa_quota_max_wss,
4234 { "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
4235 NULL, 0x0, "Size of Quota Max WSS", HFILL }},
4237 { &hf_lsa_quota_pagefile,
4238 { "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
4239 NULL, 0x0, "Size of quota pagefile usage", HFILL }},
4241 { &hf_lsa_mod_seq_no,
4242 { "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
4243 NULL, 0x0, "Sequence number for this modification", HFILL }},
4245 { &hf_lsa_mod_mtime,
4246 { "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4247 NULL, 0x0, "Time when this modification occured", HFILL }},
4249 { &hf_lsa_cur_mtime,
4250 { "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4251 NULL, 0x0, "Current MTime to set", HFILL }},
4253 { &hf_lsa_old_mtime,
4254 { "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4255 NULL, 0x0, "Old MTime for this object", HFILL }},
4258 { "Name", "lsa.name", FT_STRING, BASE_NONE,
4259 NULL, 0x0, "", HFILL }},
4262 { "Key", "lsa.key", FT_STRING, BASE_NONE,
4263 NULL, 0x0, "", HFILL }},
4265 { &hf_lsa_flat_name,
4266 { "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
4267 NULL, 0x0, "", HFILL }},
4270 { "Forest", "lsa.forest", FT_STRING, BASE_NONE,
4271 NULL, 0x0, "", HFILL }},
4273 { &hf_lsa_info_type,
4274 { "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
4275 NULL, 0x0, "", HFILL }},
4278 { "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
4279 NULL, 0x0, "New password", HFILL }},
4282 { "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
4283 NULL, 0x0, "Old password", HFILL }},
4286 { "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
4287 VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
4290 { "RID", "lsa.rid", FT_UINT32, BASE_HEX,
4291 NULL, 0x0, "RID", HFILL }},
4293 { &hf_lsa_rid_offset,
4294 { "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
4295 NULL, 0x0, "RID Offset", HFILL }},
4298 { "Index", "lsa.index", FT_UINT32, BASE_DEC,
4299 NULL, 0x0, "", HFILL }},
4301 { &hf_lsa_num_mapped,
4302 { "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
4303 NULL, 0x0, "", HFILL }},
4305 { &hf_lsa_policy_information_class,
4306 { "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
4307 VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
4310 { "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX,
4311 NULL, 0, "", HFILL }},
4313 { &hf_lsa_auth_blob,
4314 { "Auth blob", "lsa.auth.blob", FT_BYTES, BASE_HEX,
4315 NULL, 0, "", HFILL }},
4318 { "High", "nt.luid.high", FT_UINT32, BASE_HEX,
4319 NULL, 0x0, "LUID High component", HFILL }},
4322 { "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
4323 NULL, 0x0, "LUID Low component", HFILL }},
4326 { "Size", "lsa.size", FT_UINT32, BASE_DEC,
4327 NULL, 0x0, "", HFILL }},
4330 { "Size", "lsa.size", FT_UINT16, BASE_DEC,
4331 NULL, 0x0, "", HFILL }},
4333 { &hf_lsa_privilege_display_name_size,
4334 { "Size Needed", "lsa.privilege.display__name.size", FT_UINT32, BASE_DEC,
4335 NULL, 0x0, "Number of characters in the privilege display name", HFILL }},
4337 { &hf_lsa_privilege_name,
4338 { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
4339 NULL, 0x0, "LSA Privilege Name", HFILL }},
4341 { &hf_lsa_privilege_display_name,
4342 { "Display Name", "lsa.privilege.display_name", FT_STRING, BASE_NONE,
4343 NULL, 0x0, "LSA Privilege Display Name", HFILL }},
4346 { "Rights", "lsa.rights", FT_STRING, BASE_NONE,
4347 NULL, 0x0, "Account Rights", HFILL }},
4349 { &hf_lsa_policy_information,
4350 { "POLICY INFO", "lsa.policy_information", FT_NONE, BASE_NONE,
4351 NULL, 0x0, "Policy Information union", HFILL }},
4354 { "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
4355 NULL, 0x0, "LSA Attributes", HFILL }},
4357 { &hf_lsa_auth_update,
4358 { "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
4359 NULL, 0x0, "LSA Auth Info update", HFILL }},
4361 { &hf_lsa_resume_handle,
4362 { "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
4363 NULL, 0x0, "Resume Handle", HFILL }},
4365 { &hf_lsa_trust_direction,
4366 { "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
4367 VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
4369 { &hf_lsa_trust_type,
4370 { "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
4371 VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
4373 { &hf_lsa_trust_attr,
4374 { "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
4375 NULL, 0x0, "Trust attributes", HFILL }},
4377 { &hf_lsa_trust_attr_non_trans,
4378 { "Non Transitive", "lsa.trust.attr.non_trans", FT_BOOLEAN, 32,
4379 TFS(&tfs_trust_attr_non_trans), 0x00000001, "Non Transitive trust", HFILL }},
4381 { &hf_lsa_trust_attr_uplevel_only,
4382 { "Upleve only", "lsa.trust.attr.uplevel_only", FT_BOOLEAN, 32,
4383 TFS(&tfs_trust_attr_uplevel_only), 0x00000002, "Uplevel only trust", HFILL }},
4385 { &hf_lsa_trust_attr_tree_parent,
4386 { "Tree Parent", "lsa.trust.attr.tree_parent", FT_BOOLEAN, 32,
4387 TFS(&tfs_trust_attr_tree_parent), 0x00400000, "Tree Parent trust", HFILL }},
4389 { &hf_lsa_trust_attr_tree_root,
4390 { "Tree Root", "lsa.trust.attr.tree_root", FT_BOOLEAN, 32,
4391 TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
4393 { &hf_lsa_auth_type,
4394 { "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
4395 NULL, 0x0, "Auth Info type", HFILL }},
4398 { "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
4399 NULL, 0x0, "Auth Info len", HFILL }},
4401 { &hf_lsa_remove_all,
4402 { "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
4403 NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }},
4405 { &hf_view_local_info,
4406 { "View local info", "lsa.access_mask.view_local_info",
4407 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_LOCAL_INFORMATION,
4408 "View local info", HFILL }},
4410 { &hf_view_audit_info,
4411 { "View audit info", "lsa.access_mask.view_audit_info",
4412 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_AUDIT_INFORMATION,
4413 "View audit info", HFILL }},
4415 { &hf_get_private_info,
4416 { "Get private info", "lsa.access_mask.get_privateinfo",
4417 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_GET_PRIVATE_INFORMATION,
4418 "Get private info", HFILL }},
4421 { "Trust admin", "lsa.access_mask.trust_admin",
4422 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_TRUST_ADMIN,
4423 "Trust admin", HFILL }},
4425 { &hf_create_account,
4426 { "Create account", "lsa.access_mask.create_account",
4427 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_ACCOUNT,
4428 "Create account", HFILL }},
4430 { &hf_create_secret,
4431 { "Create secret", "lsa.access_mask.create_secret",
4432 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_SECRET,
4433 "Create secret", HFILL }},
4436 { "Create privilege", "lsa.access_mask.create_priv",
4437 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_PRIVILEGE,
4438 "Create privilege", HFILL }},
4440 { &hf_set_default_quota_limits,
4441 { "Set default quota limits", "lsa.access_mask.set_default_quota_limits",
4442 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_DEFAULT_QUOTA_LIMITS,
4443 "Set default quota limits", HFILL }},
4445 { &hf_set_audit_requirements,
4446 { "Set audit requirements", "lsa.access_mask.set_audit_requirements",
4447 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_AUDIT_REQUIREMENTS,
4448 "Set audit requirements", HFILL }},
4451 { "Server admin", "lsa.access_mask.server_admin",
4452 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SERVER_ADMIN,
4453 "Server admin", HFILL }},
4456 { "Lookup names", "lsa.access_mask.lookup_names",
4457 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_LOOKUP_NAMES,
4458 "Lookup names", HFILL }}
4461 static gint *ett[] = {
4463 &ett_lsa_OBJECT_ATTRIBUTES,
4464 &ett_LSA_SECURITY_DESCRIPTOR,
4465 &ett_lsa_policy_info,
4466 &ett_lsa_policy_audit_log_info,
4467 &ett_lsa_policy_audit_events_info,
4468 &ett_lsa_policy_primary_domain_info,
4469 &ett_lsa_policy_primary_account_info,
4470 &ett_lsa_policy_server_role_info,
4471 &ett_lsa_policy_replica_source_info,
4472 &ett_lsa_policy_default_quota_info,
4473 &ett_lsa_policy_modification_info,
4474 &ett_lsa_policy_audit_full_set_info,
4475 &ett_lsa_policy_audit_full_query_info,
4476 &ett_lsa_policy_dns_domain_info,
4477 &ett_lsa_translated_names,
4478 &ett_lsa_translated_name,
4479 &ett_lsa_referenced_domain_list,
4480 &ett_lsa_trust_information,
4481 &ett_lsa_trust_information_ex,
4483 &ett_LSA_PRIVILEGES,
4485 &ett_LSA_LUID_AND_ATTRIBUTES_ARRAY,
4486 &ett_LSA_LUID_AND_ATTRIBUTES,
4487 &ett_LSA_TRUSTED_DOMAIN_LIST,
4488 &ett_LSA_TRUSTED_DOMAIN,
4489 &ett_LSA_TRANSLATED_SIDS,
4490 &ett_lsa_trusted_domain_info,
4491 &ett_lsa_trust_attr,
4492 &ett_lsa_trusted_domain_auth_information,
4493 &ett_lsa_auth_information
4496 proto_dcerpc_lsa = proto_register_protocol(
4497 "Microsoft Local Security Architecture", "LSA", "lsa");
4499 proto_register_field_array (proto_dcerpc_lsa, hf, array_length (hf));
4500 proto_register_subtree_array(ett, array_length(ett));
4503 /* Protocol handoff */
4505 static e_uuid_t uuid_dcerpc_lsa = {
4506 0x12345778, 0x1234, 0xabcd,
4507 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
4510 static guint16 ver_dcerpc_lsa = 0;
4513 proto_reg_handoff_dcerpc_lsa(void)
4515 /* Register protocol as dcerpc */
4517 dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
4518 ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum);