2 * Routines for SMB \PIPE\lsarpc packet disassembly
3 * Copyright 2001, Tim Potter <tpot@samba.org>
4 * 2002 Added LSA command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-lsa.c,v 1.58 2002/08/28 21:00:09 jmayer Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
37 #include "packet-dcerpc-lsa.h"
38 #include "packet-smb-common.h"
41 static int proto_dcerpc_lsa = -1;
43 static int hf_lsa_opnum = -1;
44 static int hf_lsa_rc = -1;
45 static int hf_lsa_hnd = -1;
46 static int hf_lsa_server = -1;
47 static int hf_lsa_controller = -1;
48 static int hf_lsa_obj_attr = -1;
49 static int hf_lsa_obj_attr_len = -1;
50 static int hf_lsa_obj_attr_name = -1;
51 static int hf_lsa_access_mask = -1;
52 static int hf_lsa_info_level = -1;
53 static int hf_lsa_trusted_info_level = -1;
54 static int hf_lsa_sd_size = -1;
55 static int hf_lsa_qos_len = -1;
56 static int hf_lsa_qos_impersonation_level = -1;
57 static int hf_lsa_qos_track_context = -1;
58 static int hf_lsa_qos_effective_only = -1;
59 static int hf_lsa_pali_percent_full = -1;
60 static int hf_lsa_pali_log_size = -1;
61 static int hf_lsa_pali_retention_period = -1;
62 static int hf_lsa_pali_time_to_shutdown = -1;
63 static int hf_lsa_pali_shutdown_in_progress = -1;
64 static int hf_lsa_pali_next_audit_record = -1;
65 static int hf_lsa_paei_enabled = -1;
66 static int hf_lsa_paei_settings = -1;
67 static int hf_lsa_count = -1;
68 static int hf_lsa_size = -1;
69 static int hf_lsa_size16 = -1;
70 static int hf_lsa_size_needed = -1;
71 static int hf_lsa_max_count = -1;
72 static int hf_lsa_index = -1;
73 static int hf_lsa_domain = -1;
74 static int hf_lsa_acct = -1;
75 static int hf_lsa_server_role = -1;
76 static int hf_lsa_source = -1;
77 static int hf_lsa_quota_paged_pool = -1;
78 static int hf_lsa_quota_non_paged_pool = -1;
79 static int hf_lsa_quota_min_wss = -1;
80 static int hf_lsa_quota_max_wss = -1;
81 static int hf_lsa_quota_pagefile = -1;
82 static int hf_lsa_mod_seq_no = -1;
83 static int hf_lsa_mod_mtime = -1;
84 static int hf_lsa_cur_mtime = -1;
85 static int hf_lsa_old_mtime = -1;
86 static int hf_lsa_name = -1;
87 static int hf_lsa_key = -1;
88 static int hf_lsa_flat_name = -1;
89 static int hf_lsa_forest = -1;
90 static int hf_lsa_info_type = -1;
91 static int hf_lsa_old_pwd = -1;
92 static int hf_lsa_new_pwd = -1;
93 static int hf_lsa_sid_type = -1;
94 static int hf_lsa_rid = -1;
95 static int hf_lsa_rid_offset = -1;
96 static int hf_lsa_num_mapped = -1;
97 static int hf_lsa_policy_information_class = -1;
98 static int hf_lsa_secret = -1;
99 static int hf_nt_luid_high = -1;
100 static int hf_nt_luid_low = -1;
101 static int hf_lsa_privilege_name = -1;
102 static int hf_lsa_attr = -1;
103 static int hf_lsa_resume_handle = -1;
104 static int hf_lsa_trust_direction = -1;
105 static int hf_lsa_trust_type = -1;
106 static int hf_lsa_trust_attr = -1;
107 static int hf_lsa_trust_attr_non_trans = -1;
108 static int hf_lsa_trust_attr_uplevel_only = -1;
109 static int hf_lsa_trust_attr_tree_parent = -1;
110 static int hf_lsa_trust_attr_tree_root = -1;
111 static int hf_lsa_auth_update = -1;
112 static int hf_lsa_auth_type = -1;
113 static int hf_lsa_auth_len = -1;
114 static int hf_lsa_auth_blob = -1;
115 static int hf_lsa_rights = -1;
116 static int hf_lsa_remove_all = -1;
118 static int hf_lsa_unknown_hyper = -1;
119 static int hf_lsa_unknown_long = -1;
120 static int hf_lsa_unknown_short = -1;
121 static int hf_lsa_unknown_char = -1;
122 static int hf_lsa_unknown_string = -1;
123 #ifdef LSA_UNUSED_HANDLES
124 static int hf_lsa_unknown_time = -1;
128 static gint ett_dcerpc_lsa = -1;
129 static gint ett_lsa_OBJECT_ATTRIBUTES = -1;
130 static gint ett_LSA_SECURITY_DESCRIPTOR = -1;
131 static gint ett_lsa_policy_info = -1;
132 static gint ett_lsa_policy_audit_log_info = -1;
133 static gint ett_lsa_policy_audit_events_info = -1;
134 static gint ett_lsa_policy_primary_domain_info = -1;
135 static gint ett_lsa_policy_primary_account_info = -1;
136 static gint ett_lsa_policy_server_role_info = -1;
137 static gint ett_lsa_policy_replica_source_info = -1;
138 static gint ett_lsa_policy_default_quota_info = -1;
139 static gint ett_lsa_policy_modification_info = -1;
140 static gint ett_lsa_policy_audit_full_set_info = -1;
141 static gint ett_lsa_policy_audit_full_query_info = -1;
142 static gint ett_lsa_policy_dns_domain_info = -1;
143 static gint ett_lsa_translated_names = -1;
144 static gint ett_lsa_translated_name = -1;
145 static gint ett_lsa_referenced_domain_list = -1;
146 static gint ett_lsa_trust_information = -1;
147 static gint ett_lsa_trust_information_ex = -1;
148 static gint ett_LUID = -1;
149 static gint ett_LSA_PRIVILEGES = -1;
150 static gint ett_LSA_PRIVILEGE = -1;
151 static gint ett_LSA_LUID_AND_ATTRIBUTES_ARRAY = -1;
152 static gint ett_LSA_LUID_AND_ATTRIBUTES = -1;
153 static gint ett_LSA_TRUSTED_DOMAIN_LIST = -1;
154 static gint ett_LSA_TRUSTED_DOMAIN = -1;
155 static gint ett_LSA_TRANSLATED_SIDS = -1;
156 static gint ett_lsa_trusted_domain_info = -1;
157 static gint ett_lsa_trust_attr = -1;
158 static gint ett_lsa_trusted_domain_auth_information = -1;
159 static gint ett_lsa_auth_information = -1;
163 lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
164 packet_info *pinfo, proto_tree *tree,
169 di=pinfo->private_data;
170 if(di->conformant_run){
171 /*just a run to handle conformant arrays, nothing to dissect */
175 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
182 lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
183 packet_info *pinfo, proto_tree *tree,
188 di=pinfo->private_data;
189 if(di->conformant_run){
190 /*just a run to handle conformant arrays, nothing to dissect */
194 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
195 di->hf_index, di->levels);
200 lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
201 packet_info *pinfo, proto_tree *tree,
206 di=pinfo->private_data;
207 if(di->conformant_run){
208 /*just a run to handle conformant arrays, nothing to dissect */
212 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
213 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
214 "DOMAIN pointer: ", di->hf_index, 0);
220 lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
221 packet_info *pinfo, proto_tree *tree,
226 di=pinfo->private_data;
227 if(di->conformant_run){
228 /*just a run to handle conformant arrays, nothing to dissect */
232 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
233 di->hf_index, di->levels);
239 lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
240 packet_info *pinfo, proto_tree *tree,
246 di=pinfo->private_data;
247 if(di->conformant_run){
248 /*just a run to handle conformant arrays, nothing to dissect */
252 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
253 hf_lsa_sd_size, &len);
254 proto_tree_add_item(tree, hf_lsa_secret, tvb, offset, len, FALSE);
260 lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
261 packet_info *pinfo, proto_tree *parent_tree,
264 proto_item *item=NULL;
265 proto_tree *tree=NULL;
266 int old_offset=offset;
269 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
271 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
274 /* XXX need to figure this one out */
275 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
276 hf_lsa_sd_size, NULL);
277 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
278 lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
279 "LSA SECRET data:", -1, 0);
281 proto_item_set_len(item, offset-old_offset);
286 lsa_dissect_LSA_SECRET_pointer(tvbuff_t *tvb, int offset,
287 packet_info *pinfo, proto_tree *tree,
290 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
291 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
292 "LSA_SECRET pointer: data", -1, 0);
298 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
299 packet_info *pinfo, proto_tree *tree,
305 di=pinfo->private_data;
306 if(di->conformant_run){
307 /*just a run to handle conformant arrays, nothing to dissect */
311 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
312 hf_lsa_sd_size, &len);
314 dissect_nt_sec_desc(tvb, offset, tree, len);
320 lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
321 packet_info *pinfo, proto_tree *parent_tree,
324 proto_item *item=NULL;
325 proto_tree *tree=NULL;
326 int old_offset=offset;
329 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
330 "LSA_SECURITY_DESCRIPTOR:");
331 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
334 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
335 hf_lsa_sd_size, NULL);
337 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
338 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
339 "LSA SECURITY DESCRIPTOR data:", -1, 0);
341 proto_item_set_len(item, offset-old_offset);
346 lsa_dissect_LPSTR(tvbuff_t *tvb, int offset,
347 packet_info *pinfo, proto_tree *tree, char *drep)
349 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
350 hf_lsa_unknown_char, NULL);
355 static const value_string lsa_impersonation_level_vals[] = {
357 {1, "Identification"},
358 {2, "Impersonation"},
365 lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset,
366 packet_info *pinfo, proto_tree *tree, char *drep)
369 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
370 hf_lsa_qos_len, NULL);
372 /* impersonation level */
373 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
374 hf_lsa_qos_impersonation_level, NULL);
376 /* context tracking mode */
377 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
378 hf_lsa_qos_track_context, NULL);
381 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
382 hf_lsa_qos_effective_only, NULL);
387 /* Dissect LSA specific access rights */
389 static gint hf_view_local_info = -1;
390 static gint hf_view_audit_info = -1;
391 static gint hf_get_private_info = -1;
392 static gint hf_trust_admin = -1;
393 static gint hf_create_account = -1;
394 static gint hf_create_secret = -1;
395 static gint hf_create_priv = -1;
396 static gint hf_set_default_quota_limits = -1;
397 static gint hf_set_audit_requirements = -1;
398 static gint hf_server_admin = -1;
399 static gint hf_lookup_names = -1;
402 lsa_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree,
405 proto_tree_add_boolean(
406 tree, hf_lookup_names,
407 tvb, offset, 4, access);
409 proto_tree_add_boolean(
410 tree, hf_server_admin,
411 tvb, offset, 4, access);
413 proto_tree_add_boolean(
414 tree, hf_set_audit_requirements,
415 tvb, offset, 4, access);
417 proto_tree_add_boolean(
418 tree, hf_set_default_quota_limits,
419 tvb, offset, 4, access);
421 proto_tree_add_boolean(
422 tree, hf_create_priv,
423 tvb, offset, 4, access);
425 proto_tree_add_boolean(
426 tree, hf_create_secret,
427 tvb, offset, 4, access);
429 proto_tree_add_boolean(
430 tree, hf_create_account,
431 tvb, offset, 4, access);
433 proto_tree_add_boolean(
434 tree, hf_trust_admin,
435 tvb, offset, 4, access);
437 proto_tree_add_boolean(
438 tree, hf_get_private_info,
439 tvb, offset, 4, access);
441 proto_tree_add_boolean(
442 tree, hf_view_audit_info,
443 tvb, offset, 4, access);
445 proto_tree_add_boolean(
446 tree, hf_view_local_info,
447 tvb, offset, 4, access);
451 lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
452 packet_info *pinfo, proto_tree *tree, char *drep)
454 offset = dissect_nt_access_mask(
455 tvb, offset, pinfo, tree, drep, hf_lsa_access_mask,
456 lsa_specific_rights);
462 * XXX - it'd be nice if we could arrange that this be passed
463 * some out-of-band indication of whether the handle is being opened,
464 * closed, or just used.
467 lsa_dissect_LSA_HANDLE(tvbuff_t *tvb, int offset,
468 packet_info *pinfo, proto_tree *tree, char *drep)
470 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
471 hf_lsa_hnd, NULL, FALSE, FALSE);
477 lsa_dissect_LSA_HANDLE_open(tvbuff_t *tvb, int offset,
478 packet_info *pinfo, proto_tree *tree, char *drep)
480 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
481 hf_lsa_hnd, NULL, TRUE, FALSE);
487 lsa_dissect_LSA_HANDLE_close(tvbuff_t *tvb, int offset,
488 packet_info *pinfo, proto_tree *tree, char *drep)
490 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
491 hf_lsa_hnd, NULL, FALSE, TRUE);
498 lsa_dissect_LSA_OBJECT_ATTRIBUTES(tvbuff_t *tvb, int offset,
499 packet_info *pinfo, proto_tree *parent_tree, char *drep)
501 int old_offset=offset;
502 proto_item *item = NULL;
503 proto_tree *tree = NULL;
506 item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Object Attributes");
507 tree = proto_item_add_subtree(item, ett_lsa_OBJECT_ATTRIBUTES);
511 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
512 hf_lsa_obj_attr_len, NULL);
515 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
516 lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
517 "LSPTR pointer: ", -1, 0);
520 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
521 lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
522 "NAME pointer: ", hf_lsa_obj_attr_name, 0);
525 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
526 hf_lsa_obj_attr, NULL);
528 /* security descriptor */
529 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
530 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
531 "LSA_SECURITY_DESCRIPTOR pointer: ", -1, 0);
533 /* security quality of service */
534 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
535 lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
536 "LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1, 0);
538 proto_item_set_len(item, offset-old_offset);
543 lsa_dissect_lsaclose_rqst(tvbuff_t *tvb, int offset,
544 packet_info *pinfo, proto_tree *tree, char *drep)
546 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
547 lsa_dissect_LSA_HANDLE_close, NDR_POINTER_REF,
548 "LSA_HANDLE", -1, 0);
554 lsa_dissect_lsaclose_reply(tvbuff_t *tvb, int offset,
555 packet_info *pinfo, proto_tree *tree, char *drep)
557 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
558 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
559 "LSA_HANDLE", -1, 0);
560 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
566 /* A bug in the NT IDL for lsa openpolicy only stores the first (wide)
567 character of the server name which is always '\'. This is fixed in lsa
568 openpolicy2 but the function remains for backwards compatibility. */
570 static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
572 proto_tree *tree, char *drep)
574 return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
575 hf_lsa_server, NULL);
579 lsa_dissect_lsaopenpolicy_rqst(tvbuff_t *tvb, int offset,
580 packet_info *pinfo, proto_tree *tree, char *drep)
582 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
583 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
584 "Server:", hf_lsa_server, 0);
586 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
587 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
588 "OBJECT_ATTRIBUTES", -1, 0);
590 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
597 lsa_dissect_lsaopenpolicy_reply(tvbuff_t *tvb, int offset,
598 packet_info *pinfo, proto_tree *tree, char *drep)
600 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
601 lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
602 "LSA_HANDLE", -1, 0);
603 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
610 lsa_dissect_lsaopenpolicy2_rqst(tvbuff_t *tvb, int offset,
611 packet_info *pinfo, proto_tree *tree, char *drep)
613 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
614 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
615 "Server", hf_lsa_server, 0);
617 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
618 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
619 "OBJECT_ATTRIBUTES", -1, 0);
621 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
628 lsa_dissect_lsaopenpolicy2_reply(tvbuff_t *tvb, int offset,
629 packet_info *pinfo, proto_tree *tree, char *drep)
631 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
632 lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
633 "LSA_HANDLE", -1, 0);
634 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
640 static const value_string policy_information_class_vals[] = {
641 {1, "Audit Log Information"},
642 {2, "Audit Events Information"},
643 {3, "Primary Domain Information"},
644 {4, "Pd Account Information"},
645 {5, "Account Domain Information"},
646 {6, "Server Role Information"},
647 {7, "Replica Source Information"},
648 {8, "Default Quota Information"},
649 {9, "Modification Information"},
650 {10, "Audit Full Set Information"},
651 {11, "Audit Full Query Information"},
652 {12, "DNS Domain Information"},
657 lsa_dissect_lsaqueryinformationpolicy_rqst(tvbuff_t *tvb, int offset,
658 packet_info *pinfo, proto_tree *tree, char *drep)
660 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
661 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
662 "LSA_HANDLE", -1, 0);
664 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
665 hf_lsa_policy_information_class, NULL);
671 lsa_dissect_POLICY_AUDIT_LOG_INFO(tvbuff_t *tvb, int offset,
672 packet_info *pinfo, proto_tree *parent_tree, char *drep)
674 proto_item *item=NULL;
675 proto_tree *tree=NULL;
676 int old_offset=offset;
679 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
680 "POLICY_AUDIT_LOG_INFO:");
681 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_log_info);
685 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
686 hf_lsa_pali_percent_full, NULL);
689 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
690 hf_lsa_pali_log_size, NULL);
692 /* retention period */
693 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
694 hf_lsa_pali_retention_period);
696 /* shutdown in progress */
697 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
698 hf_lsa_pali_shutdown_in_progress, NULL);
700 /* time to shutdown */
701 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
702 hf_lsa_pali_time_to_shutdown);
704 /* next audit record */
705 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
706 hf_lsa_pali_next_audit_record, NULL);
708 proto_item_set_len(item, offset-old_offset);
713 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings(tvbuff_t *tvb, int offset,
714 packet_info *pinfo, proto_tree *tree, char *drep)
716 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
717 hf_lsa_paei_settings, NULL);
722 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array(tvbuff_t *tvb, int offset,
723 packet_info *pinfo, proto_tree *tree, char *drep)
725 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
726 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings);
732 lsa_dissect_POLICY_AUDIT_EVENTS_INFO(tvbuff_t *tvb, int offset,
733 packet_info *pinfo, proto_tree *parent_tree, char *drep)
735 proto_item *item=NULL;
736 proto_tree *tree=NULL;
737 int old_offset=offset;
740 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
741 "POLICY_AUDIT_EVENTS_INFO:");
742 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_events_info);
746 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
747 hf_lsa_paei_enabled, NULL);
750 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
751 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array, NDR_POINTER_UNIQUE,
755 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
758 proto_item_set_len(item, offset-old_offset);
764 lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(tvbuff_t *tvb, int offset,
765 packet_info *pinfo, proto_tree *parent_tree, char *drep)
767 proto_item *item=NULL;
768 proto_tree *tree=NULL;
769 int old_offset=offset;
772 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
773 "POLICY_PRIMARY_DOMAIN_INFO:");
774 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_domain_info);
778 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
782 offset = dissect_ndr_nt_PSID(tvb, offset,
785 proto_item_set_len(item, offset-old_offset);
791 lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(tvbuff_t *tvb, int offset,
792 packet_info *pinfo, proto_tree *parent_tree, char *drep)
794 proto_item *item=NULL;
795 proto_tree *tree=NULL;
796 int old_offset=offset;
799 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
800 "POLICY_ACCOUNT_DOMAIN_INFO:");
801 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_account_info);
805 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
809 offset = dissect_ndr_nt_PSID(tvb, offset,
812 proto_item_set_len(item, offset-old_offset);
817 static const value_string server_role_vals[] = {
819 {1, "Domain Member"},
825 lsa_dissect_POLICY_SERVER_ROLE_INFO(tvbuff_t *tvb, int offset,
826 packet_info *pinfo, proto_tree *parent_tree, char *drep)
828 proto_item *item=NULL;
829 proto_tree *tree=NULL;
830 int old_offset=offset;
833 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
834 "POLICY_SERVER_ROLE_INFO:");
835 tree = proto_item_add_subtree(item, ett_lsa_policy_server_role_info);
839 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
840 hf_lsa_server_role, NULL);
842 proto_item_set_len(item, offset-old_offset);
847 lsa_dissect_POLICY_REPLICA_SOURCE_INFO(tvbuff_t *tvb, int offset,
848 packet_info *pinfo, proto_tree *parent_tree, char *drep)
850 proto_item *item=NULL;
851 proto_tree *tree=NULL;
852 int old_offset=offset;
855 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
856 "POLICY_REPLICA_SOURCE_INFO:");
857 tree = proto_item_add_subtree(item, ett_lsa_policy_replica_source_info);
861 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
865 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
868 proto_item_set_len(item, offset-old_offset);
874 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(tvbuff_t *tvb, int offset,
875 packet_info *pinfo, proto_tree *parent_tree, char *drep)
877 proto_item *item=NULL;
878 proto_tree *tree=NULL;
879 int old_offset=offset;
882 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
883 "POLICY_DEFAULT_QUOTA_INFO:");
884 tree = proto_item_add_subtree(item, ett_lsa_policy_default_quota_info);
888 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
889 hf_lsa_quota_paged_pool, NULL);
892 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
893 hf_lsa_quota_non_paged_pool, NULL);
896 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
897 hf_lsa_quota_min_wss, NULL);
900 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
901 hf_lsa_quota_max_wss, NULL);
904 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
905 hf_lsa_quota_pagefile, NULL);
908 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
909 hf_lsa_unknown_hyper, NULL);
911 proto_item_set_len(item, offset-old_offset);
917 lsa_dissect_POLICY_MODIFICATION_INFO(tvbuff_t *tvb, int offset,
918 packet_info *pinfo, proto_tree *parent_tree, char *drep)
920 proto_item *item=NULL;
921 proto_tree *tree=NULL;
922 int old_offset=offset;
925 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
926 "POLICY_MODIFICATION_INFO:");
927 tree = proto_item_add_subtree(item, ett_lsa_policy_modification_info);
931 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
932 hf_lsa_mod_seq_no, NULL);
935 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
938 proto_item_set_len(item, offset-old_offset);
944 lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(tvbuff_t *tvb, int offset,
945 packet_info *pinfo, proto_tree *parent_tree, char *drep)
947 proto_item *item=NULL;
948 proto_tree *tree=NULL;
949 int old_offset=offset;
952 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
953 "POLICY_AUDIT_FULL_SET_INFO:");
954 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_set_info);
958 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
959 hf_lsa_unknown_char, NULL);
961 proto_item_set_len(item, offset-old_offset);
967 lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(tvbuff_t *tvb, int offset,
968 packet_info *pinfo, proto_tree *parent_tree, char *drep)
970 proto_item *item=NULL;
971 proto_tree *tree=NULL;
972 int old_offset=offset;
975 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
976 "POLICY_AUDIT_FULL_QUERY_INFO:");
977 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_query_info);
981 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
982 hf_lsa_unknown_char, NULL);
985 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
986 hf_lsa_unknown_char, NULL);
988 proto_item_set_len(item, offset-old_offset);
994 lsa_dissect_POLICY_DNS_DOMAIN_INFO(tvbuff_t *tvb, int offset,
995 packet_info *pinfo, proto_tree *parent_tree, char *drep)
997 proto_item *item=NULL;
998 proto_tree *tree=NULL;
999 int old_offset=offset;
1002 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1003 "POLICY_DNS_DOMAIN_INFO:");
1004 tree = proto_item_add_subtree(item, ett_lsa_policy_dns_domain_info);
1008 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1012 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1016 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1020 offset = dissect_nt_GUID(tvb, offset,
1024 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
1026 proto_item_set_len(item, offset-old_offset);
1031 lsa_dissect_POLICY_INFORMATION(tvbuff_t *tvb, int offset,
1032 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1034 proto_item *item=NULL;
1035 proto_tree *tree=NULL;
1036 int old_offset=offset;
1040 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1042 tree = proto_item_add_subtree(item, ett_lsa_policy_info);
1045 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1046 hf_lsa_info_level, &level);
1048 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
1051 offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
1052 tvb, offset, pinfo, tree, drep);
1055 offset = lsa_dissect_POLICY_AUDIT_EVENTS_INFO(
1056 tvb, offset, pinfo, tree, drep);
1059 offset = lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(
1060 tvb, offset, pinfo, tree, drep);
1063 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1067 offset = lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(
1068 tvb, offset, pinfo, tree, drep);
1071 offset = lsa_dissect_POLICY_SERVER_ROLE_INFO(
1072 tvb, offset, pinfo, tree, drep);
1075 offset = lsa_dissect_POLICY_REPLICA_SOURCE_INFO(
1076 tvb, offset, pinfo, tree, drep);
1079 offset = lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(
1080 tvb, offset, pinfo, tree, drep);
1083 offset = lsa_dissect_POLICY_MODIFICATION_INFO(
1084 tvb, offset, pinfo, tree, drep);
1087 offset = lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(
1088 tvb, offset, pinfo, tree, drep);
1091 offset = lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(
1092 tvb, offset, pinfo, tree, drep);
1095 offset = lsa_dissect_POLICY_DNS_DOMAIN_INFO(
1096 tvb, offset, pinfo, tree, drep);
1100 proto_item_set_len(item, offset-old_offset);
1105 lsa_dissect_lsaqueryinformationpolicy_reply(tvbuff_t *tvb, int offset,
1106 packet_info *pinfo, proto_tree *tree, char *drep)
1108 /* This is really a pointer to a pointer though the first level is REF
1109 so we just ignore that one */
1110 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1111 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
1112 "POLICY_INFORMATION pointer: info", -1, 0);
1113 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1120 lsa_dissect_lsadelete_rqst(tvbuff_t *tvb, int offset,
1121 packet_info *pinfo, proto_tree *tree, char *drep)
1123 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1124 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
1125 "LSA_HANDLE", -1, 0);
1131 lsa_dissect_lsadelete_reply(tvbuff_t *tvb, int offset,
1132 packet_info *pinfo, proto_tree *tree, char *drep)
1134 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1142 lsa_dissect_lsaquerysecurityobject_rqst(tvbuff_t *tvb, int offset,
1143 packet_info *pinfo, proto_tree *tree, char *drep)
1145 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1148 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1149 hf_lsa_info_type, NULL);
1156 lsa_dissect_lsaquerysecurityobject_reply(tvbuff_t *tvb, int offset,
1157 packet_info *pinfo, proto_tree *tree, char *drep)
1159 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1160 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
1161 "LSA_SECURITY_DESCRIPTOR pointer: sec_info", -1, 0);
1163 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1171 lsa_dissect_lsasetsecurityobject_rqst(tvbuff_t *tvb, int offset,
1172 packet_info *pinfo, proto_tree *tree, char *drep)
1174 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1177 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1178 hf_lsa_info_type, NULL);
1180 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1181 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
1182 "LSA_SECURITY_DESCRIPTOR: sec_info", -1, 0);
1188 lsa_dissect_lsasetsecurityobject_reply(tvbuff_t *tvb, int offset,
1189 packet_info *pinfo, proto_tree *tree, char *drep)
1191 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1199 lsa_dissect_lsachangepassword_rqst(tvbuff_t *tvb, int offset,
1200 packet_info *pinfo, proto_tree *tree, char *drep)
1203 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1207 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1211 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1215 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1219 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1226 lsa_dissect_lsachangepassword_reply(tvbuff_t *tvb, int offset,
1227 packet_info *pinfo, proto_tree *tree, char *drep)
1229 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1235 static const value_string sid_type_vals[] = {
1240 {5, "Well Known Group"},
1241 {6, "Deleted Account"},
1248 lsa_dissect_LSA_TRANSLATED_NAME(tvbuff_t *tvb, int offset,
1249 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1251 proto_item *item=NULL;
1252 proto_tree *tree=NULL;
1253 int old_offset=offset;
1256 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1257 "LSA_TRANSLATED_NAME:");
1258 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
1262 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1263 hf_lsa_sid_type, NULL);
1266 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1270 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1271 hf_lsa_index, NULL);
1273 proto_item_set_len(item, offset-old_offset);
1278 lsa_dissect_LSA_TRANSLATED_NAME_array(tvbuff_t *tvb, int offset,
1279 packet_info *pinfo, proto_tree *tree, char *drep)
1281 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1282 lsa_dissect_LSA_TRANSLATED_NAME);
1288 lsa_dissect_LSA_TRANSLATED_NAMES(tvbuff_t *tvb, int offset,
1289 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1291 proto_item *item=NULL;
1292 proto_tree *tree=NULL;
1293 int old_offset=offset;
1296 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1297 "LSA_TRANSLATED_NAMES:");
1298 tree = proto_item_add_subtree(item, ett_lsa_translated_names);
1302 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1303 hf_lsa_count, NULL);
1306 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1307 lsa_dissect_LSA_TRANSLATED_NAME_array, NDR_POINTER_UNIQUE,
1308 "TRANSLATED_NAME_ARRAY", -1, 0);
1310 proto_item_set_len(item, offset-old_offset);
1316 lsa_dissect_lsalookupsids_rqst(tvbuff_t *tvb, int offset,
1317 packet_info *pinfo, proto_tree *tree, char *drep)
1319 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1322 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1323 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
1324 "PSID_ARRAY", -1, 0);
1326 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1327 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1328 "LSA_TRANSLATED_NAMES pointer: names", -1, 0);
1330 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1331 hf_lsa_info_level, NULL);
1333 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1334 hf_lsa_num_mapped, NULL);
1340 lsa_dissect_LSA_TRUST_INFORMATION(tvbuff_t *tvb, int offset,
1341 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1343 proto_item *item=NULL;
1344 proto_tree *tree=NULL;
1345 int old_offset=offset;
1348 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1349 "TRUST INFORMATION:");
1350 tree = proto_item_add_subtree(item, ett_lsa_trust_information);
1354 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1358 offset = dissect_ndr_nt_PSID(tvb, offset,
1361 proto_item_set_len(item, offset-old_offset);
1365 static const value_string trusted_direction_vals[] = {
1366 {0, "Trust disabled"},
1367 {1, "Inbound trust"},
1368 {2, "Outbound trust"},
1372 static const value_string trusted_type_vals[] = {
1380 static const true_false_string tfs_trust_attr_non_trans = {
1381 "NON TRANSITIVE is set",
1382 "Non transitive is NOT set"
1384 static const true_false_string tfs_trust_attr_uplevel_only = {
1385 "UPLEVEL ONLY is set",
1386 "Uplevel only is NOT set"
1388 static const true_false_string tfs_trust_attr_tree_parent = {
1389 "TREE PARENT is set",
1390 "Tree parent is NOT set"
1392 static const true_false_string tfs_trust_attr_tree_root = {
1394 "Tree root is NOT set"
1397 lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
1398 proto_tree *parent_tree, char *drep)
1401 proto_item *item = NULL;
1402 proto_tree *tree = NULL;
1404 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
1405 hf_lsa_trust_attr, &mask);
1408 item = proto_tree_add_uint(parent_tree, hf_lsa_trust_attr,
1409 tvb, offset-4, 4, mask);
1410 tree = proto_item_add_subtree(item, ett_lsa_trust_attr);
1413 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_root,
1414 tvb, offset-4, 4, mask);
1415 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_parent,
1416 tvb, offset-4, 4, mask);
1417 proto_tree_add_boolean(tree, hf_lsa_trust_attr_uplevel_only,
1418 tvb, offset-4, 4, mask);
1419 proto_tree_add_boolean(tree, hf_lsa_trust_attr_non_trans,
1420 tvb, offset-4, 4, mask);
1426 lsa_dissect_LSA_TRUST_INFORMATION_EX(tvbuff_t *tvb, int offset,
1427 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1429 proto_item *item=NULL;
1430 proto_tree *tree=NULL;
1431 int old_offset=offset;
1434 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1435 "TRUST INFORMATION EX:");
1436 tree = proto_item_add_subtree(item, ett_lsa_trust_information_ex);
1440 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1444 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1445 hf_lsa_flat_name, 0);
1448 offset = dissect_ndr_nt_PSID(tvb, offset,
1452 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1453 hf_lsa_trust_direction, NULL);
1456 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1457 hf_lsa_trust_type, NULL);
1460 offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
1462 proto_item_set_len(item, offset-old_offset);
1467 lsa_dissect_auth_info_blob(tvbuff_t *tvb, int offset,
1468 packet_info *pinfo, proto_tree *tree, char *drep)
1473 di=pinfo->private_data;
1474 if(di->conformant_run){
1475 /*just a run to handle conformant arrays, nothing to dissect */
1480 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1481 hf_lsa_auth_len, &len);
1483 proto_tree_add_item(tree, hf_lsa_auth_blob, tvb, offset, len, FALSE);
1490 lsa_dissect_auth_info(tvbuff_t *tvb, int offset,
1491 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1493 proto_item *item=NULL;
1494 proto_tree *tree=NULL;
1495 int old_offset=offset;
1498 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1499 "AUTH INFORMATION:");
1500 tree = proto_item_add_subtree(item, ett_lsa_auth_information);
1504 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1505 hf_lsa_auth_update, NULL);
1508 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1509 hf_lsa_auth_type, NULL);
1512 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1513 hf_lsa_auth_len, NULL);
1515 /* auth info blob */
1516 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1517 lsa_dissect_auth_info_blob, NDR_POINTER_UNIQUE,
1518 "AUTH INFO blob:", -1, 0);
1520 proto_item_set_len(item, offset-old_offset);
1525 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvbuff_t *tvb, int offset,
1526 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1528 proto_item *item=NULL;
1529 proto_tree *tree=NULL;
1530 int old_offset=offset;
1533 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1534 "TRUSTED DOMAIN AUTH INFORMATION:");
1535 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_auth_information);
1539 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1540 hf_lsa_unknown_long, NULL);
1543 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1546 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1549 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1550 hf_lsa_unknown_long, NULL);
1553 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1556 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1558 proto_item_set_len(item, offset-old_offset);
1564 lsa_dissect_LSA_TRUST_INFORMATION_array(tvbuff_t *tvb, int offset,
1565 packet_info *pinfo, proto_tree *tree, char *drep)
1567 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1568 lsa_dissect_LSA_TRUST_INFORMATION);
1574 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
1575 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1577 proto_item *item=NULL;
1578 proto_tree *tree=NULL;
1579 int old_offset=offset;
1582 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1583 "LSA_REFERENCED_DOMAIN_LIST:");
1584 tree = proto_item_add_subtree(item, ett_lsa_referenced_domain_list);
1588 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1589 hf_lsa_count, NULL);
1591 /* trust information */
1592 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1593 lsa_dissect_LSA_TRUST_INFORMATION_array, NDR_POINTER_UNIQUE,
1594 "TRUST INFORMATION array:", -1, 0);
1597 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1598 hf_lsa_max_count, NULL);
1600 proto_item_set_len(item, offset-old_offset);
1605 lsa_dissect_lsalookupsids_reply(tvbuff_t *tvb, int offset,
1606 packet_info *pinfo, proto_tree *tree, char *drep)
1608 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1609 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
1610 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
1612 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1613 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1614 "LSA_TRANSLATED_NAMES pointer: names", -1, 0);
1616 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1617 hf_lsa_num_mapped, NULL);
1619 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1627 lsa_dissect_lsasetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1628 packet_info *pinfo, proto_tree *tree, char *drep)
1630 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1633 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1634 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1635 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1, 0);
1642 lsa_dissect_lsasetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1643 packet_info *pinfo, proto_tree *tree, char *drep)
1645 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1653 lsa_dissect_lsagetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1654 packet_info *pinfo, proto_tree *tree, char *drep)
1656 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1664 lsa_dissect_lsagetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1665 packet_info *pinfo, proto_tree *tree, char *drep)
1667 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1668 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1669 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1, 0);
1671 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1679 lsa_dissect_lsasetinformationpolicy_rqst(tvbuff_t *tvb, int offset,
1680 packet_info *pinfo, proto_tree *tree, char *drep)
1682 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1685 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1686 hf_lsa_policy_information_class, NULL);
1688 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1689 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
1690 "POLICY_INFORMATION pointer: info", -1, 0);
1697 lsa_dissect_lsasetinformationpolicy_reply(tvbuff_t *tvb, int offset,
1698 packet_info *pinfo, proto_tree *tree, char *drep)
1700 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1708 lsa_dissect_lsaclearauditlog_rqst(tvbuff_t *tvb, int offset,
1709 packet_info *pinfo, proto_tree *tree, char *drep)
1711 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1714 offset = dissect_ndr_nt_SID(tvb, offset,
1718 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1719 hf_lsa_unknown_long, NULL);
1726 lsa_dissect_lsaclearauditlog_reply(tvbuff_t *tvb, int offset,
1727 packet_info *pinfo, proto_tree *tree, char *drep)
1729 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1732 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1739 lsa_dissect_lsagetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1740 packet_info *pinfo, proto_tree *tree, char *drep)
1742 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1750 lsa_dissect_lsagetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1751 packet_info *pinfo, proto_tree *tree, char *drep)
1753 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1756 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1764 lsa_dissect_lsasetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1765 packet_info *pinfo, proto_tree *tree, char *drep)
1767 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1770 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1778 lsa_dissect_lsasetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1779 packet_info *pinfo, proto_tree *tree, char *drep)
1781 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1789 lsa_dissect_lsaopentrusteddomain_rqst(tvbuff_t *tvb, int offset,
1790 packet_info *pinfo, proto_tree *tree, char *drep)
1792 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1795 offset = dissect_ndr_nt_SID(tvb, offset,
1798 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
1806 lsa_dissect_lsaopentrusteddomain_reply(tvbuff_t *tvb, int offset,
1807 packet_info *pinfo, proto_tree *tree, char *drep)
1809 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1812 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1820 lsa_dissect_lsadeletetrusteddomain_rqst(tvbuff_t *tvb, int offset,
1821 packet_info *pinfo, proto_tree *tree, char *drep)
1823 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1826 offset = dissect_ndr_nt_SID(tvb, offset,
1834 lsa_dissect_lsadeletetrusteddomain_reply(tvbuff_t *tvb, int offset,
1835 packet_info *pinfo, proto_tree *tree, char *drep)
1837 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1844 dissect_nt_LUID(tvbuff_t *tvb, int offset,
1845 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1847 proto_item *item=NULL;
1848 proto_tree *tree=NULL;
1849 int old_offset=offset;
1852 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1854 tree = proto_item_add_subtree(item, ett_LUID);
1857 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1858 hf_nt_luid_low, NULL);
1860 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1861 hf_nt_luid_high, NULL);
1863 proto_item_set_len(item, offset-old_offset);
1868 lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset,
1869 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1871 proto_item *item=NULL;
1872 proto_tree *tree=NULL;
1873 int old_offset=offset;
1876 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1878 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
1881 /* privilege name */
1882 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1883 hf_lsa_privilege_name, 0);
1886 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1888 proto_item_set_len(item, offset-old_offset);
1893 lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset,
1894 packet_info *pinfo, proto_tree *tree, char *drep)
1896 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1897 lsa_dissect_LSA_PRIVILEGE);
1903 lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset,
1904 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1906 proto_item *item=NULL;
1907 proto_tree *tree=NULL;
1908 int old_offset=offset;
1911 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1913 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES);
1916 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1917 hf_lsa_count, NULL);
1920 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1921 lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE,
1922 "LSA_PRIVILEGE array:", -1, 0);
1924 proto_item_set_len(item, offset-old_offset);
1929 lsa_dissect_lsaenumerateprivileges_rqst(tvbuff_t *tvb, int offset,
1930 packet_info *pinfo, proto_tree *tree, char *drep)
1932 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1935 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1936 hf_lsa_count, NULL);
1938 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1945 lsa_dissect_lsaenumerateprivileges_reply(tvbuff_t *tvb, int offset,
1946 packet_info *pinfo, proto_tree *tree, char *drep)
1948 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1949 hf_lsa_count, NULL);
1951 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1952 lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF,
1953 "LSA_PRIVILEGES pointer: privs", -1, 0);
1955 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1962 lsa_dissect_lsalookupprivilegevalue_rqst(tvbuff_t *tvb, int offset,
1963 packet_info *pinfo, proto_tree *tree, char *drep)
1965 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1968 /* privilege name */
1969 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1970 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1971 "NAME pointer: ", hf_lsa_privilege_name, 0);
1978 lsa_dissect_lsalookupprivilegevalue_reply(tvbuff_t *tvb, int offset,
1979 packet_info *pinfo, proto_tree *tree, char *drep)
1983 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1985 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1993 lsa_dissect_lsalookupprivilegename_rqst(tvbuff_t *tvb, int offset,
1994 packet_info *pinfo, proto_tree *tree, char *drep)
1996 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2000 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2001 dissect_nt_LUID, NDR_POINTER_REF,
2002 "LUID pointer: value", -1, 0);
2009 lsa_dissect_lsalookupprivilegename_reply(tvbuff_t *tvb, int offset,
2010 packet_info *pinfo, proto_tree *tree, char *drep)
2012 /* [out, ref] LSA_UNICODE_STRING **name */
2013 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2014 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2015 "PRIVILEGE NAME pointer:", hf_lsa_privilege_name, 0);
2017 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2025 lsa_dissect_lsaenumerateprivilegesaccount_rqst(tvbuff_t *tvb, int offset,
2026 packet_info *pinfo, proto_tree *tree, char *drep)
2028 /* [in] LSA_HANDLE hnd */
2029 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2037 lsa_dissect_LUID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
2038 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2040 proto_item *item=NULL;
2041 proto_tree *tree=NULL;
2042 int old_offset=offset;
2045 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2046 "LUID_AND_ATTRIBUTES:");
2047 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES);
2051 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
2054 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2057 proto_item_set_len(item, offset-old_offset);
2062 lsa_dissect_LUID_AND_ATTRIBUTES_array(tvbuff_t *tvb, int offset,
2063 packet_info *pinfo, proto_tree *tree, char *drep)
2065 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2066 lsa_dissect_LUID_AND_ATTRIBUTES);
2072 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2073 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2075 proto_item *item=NULL;
2076 proto_tree *tree=NULL;
2077 int old_offset=offset;
2080 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2081 "LUID_AND_ATTRIBUTES_ARRAY:");
2082 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES_ARRAY);
2085 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2086 hf_lsa_count, NULL);
2088 /* luid and attributes */
2089 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2090 lsa_dissect_LUID_AND_ATTRIBUTES_array, NDR_POINTER_UNIQUE,
2091 "LUID_AND_ATTRIBUTES array:", -1, 0);
2093 proto_item_set_len(item, offset-old_offset);
2098 lsa_dissect_lsaenumerateprivilegesaccount_reply(tvbuff_t *tvb, int offset,
2099 packet_info *pinfo, proto_tree *tree, char *drep)
2101 /* [out, ref] LUID_AND_ATTRIBUTES_ARRAY * *privs */
2102 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2103 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2104 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1, 0);
2106 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2113 lsa_dissect_lsaaddprivilegestoaccount_rqst(tvbuff_t *tvb, int offset,
2114 packet_info *pinfo, proto_tree *tree, char *drep)
2116 /* [in] LSA_HANDLE hnd */
2117 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2120 /* [in, ref] LUID_AND_ATTRIBUTES_ARRAY *privs */
2121 offset = lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvb, offset,
2129 lsa_dissect_lsaaddprivilegestoaccount_reply(tvbuff_t *tvb, int offset,
2130 packet_info *pinfo, proto_tree *tree, char *drep)
2132 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2139 lsa_dissect_lsaremoveprivilegesfromaccount_rqst(tvbuff_t *tvb, int offset,
2140 packet_info *pinfo, proto_tree *tree, char *drep)
2142 /* [in] LSA_HANDLE hnd */
2143 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2146 /* [in] char unknown */
2147 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2148 hf_lsa_unknown_char, NULL);
2150 /* [in, unique] LUID_AND_ATTRIBUTES_ARRAY *privs */
2151 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2152 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2153 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1, 0);
2160 lsa_dissect_lsaremoveprivilegesfromaccount_reply(tvbuff_t *tvb, int offset,
2161 packet_info *pinfo, proto_tree *tree, char *drep)
2163 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2170 lsa_dissect_lsaenumerateaccounts_rqst(tvbuff_t *tvb, int offset,
2171 packet_info *pinfo, proto_tree *tree, char *drep)
2173 /* [in] LSA_HANDLE hnd */
2174 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2177 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2178 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2179 hf_lsa_resume_handle, NULL);
2181 /* [in] ULONG pref_maxlen */
2182 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2183 hf_lsa_max_count, NULL);
2189 lsa_dissect_lsaenumerateaccounts_reply(tvbuff_t *tvb, int offset,
2190 packet_info *pinfo, proto_tree *tree, char *drep)
2192 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2193 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2194 hf_lsa_resume_handle, NULL);
2196 /* [out, ref] PSID_ARRAY **accounts */
2197 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2198 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2199 "PSID_ARRAY", -1, 0);
2201 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2208 lsa_dissect_lsacreatetrusteddomain_rqst(tvbuff_t *tvb, int offset,
2209 packet_info *pinfo, proto_tree *tree, char *drep)
2211 /* [in] LSA_HANDLE hnd_pol */
2212 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2215 /* [in, ref] LSA_TRUST_INFORMATION *domain */
2216 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2217 lsa_dissect_LSA_TRUST_INFORMATION, NDR_POINTER_REF,
2218 "LSA_TRUST_INFORMATION pointer: domain", -1, 0);
2220 /* [in] ACCESS_MASK access */
2221 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2228 lsa_dissect_lsacreatetrusteddomain_reply(tvbuff_t *tvb, int offset,
2229 packet_info *pinfo, proto_tree *tree, char *drep)
2231 /* [out] LSA_HANDLE *hnd */
2232 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2235 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2242 lsa_dissect_lsaenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
2243 packet_info *pinfo, proto_tree *tree, char *drep)
2245 /* [in] LSA_HANDLE hnd */
2246 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2249 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2250 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2251 hf_lsa_resume_handle, NULL);
2253 /* [in] ULONG pref_maxlen */
2254 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2255 hf_lsa_max_count, NULL);
2261 lsa_dissect_LSA_TRUSTED_DOMAIN(tvbuff_t *tvb, int offset,
2262 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2264 proto_item *item=NULL;
2265 proto_tree *tree=NULL;
2266 int old_offset=offset;
2269 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2271 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN);
2275 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2279 offset = dissect_ndr_nt_PSID(tvb, offset,
2282 proto_item_set_len(item, offset-old_offset);
2287 lsa_dissect_LSA_TRUSTED_DOMAIN_array(tvbuff_t *tvb, int offset,
2288 packet_info *pinfo, proto_tree *tree, char *drep)
2290 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2291 lsa_dissect_LSA_TRUSTED_DOMAIN);
2297 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
2298 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2300 proto_item *item=NULL;
2301 proto_tree *tree=NULL;
2302 int old_offset=offset;
2305 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2306 "TRUSTED_DOMAIN_LIST:");
2307 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN_LIST);
2310 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2311 hf_lsa_count, NULL);
2314 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2315 lsa_dissect_LSA_TRUSTED_DOMAIN_array, NDR_POINTER_UNIQUE,
2316 "TRUSTED_DOMAIN array:", -1, 0);
2318 proto_item_set_len(item, offset-old_offset);
2323 lsa_dissect_lsaenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
2324 packet_info *pinfo, proto_tree *tree, char *drep)
2326 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2327 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2328 hf_lsa_resume_handle, NULL);
2330 /* [out, ref] LSA_REFERENCED_DOMAIN_LIST *domains */
2331 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2332 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST, NDR_POINTER_REF,
2333 "LSA_TRUSTED_DOMAIN_LIST pointer: domains", -1, 0);
2335 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2343 lsa_dissect_LSA_UNICODE_STRING_item(tvbuff_t *tvb, int offset,
2344 packet_info *pinfo, proto_tree *tree, char *drep)
2348 di=pinfo->private_data;
2349 if(di->conformant_run){
2350 /*just a run to handle conformant arrays, nothing to dissect */
2354 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2355 di->hf_index, di->levels);
2361 lsa_dissect_LSA_UNICODE_STRING_array(tvbuff_t *tvb, int offset,
2362 packet_info *pinfo, proto_tree *tree, char *drep)
2364 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2365 lsa_dissect_LSA_UNICODE_STRING_item);
2371 lsa_dissect_LSA_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
2372 packet_info *pinfo, proto_tree *tree, char *drep)
2376 di=pinfo->private_data;
2378 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2379 hf_lsa_count, NULL);
2380 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2381 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2382 "UNICODE_STRING pointer: ", di->hf_index, 0);
2388 lsa_dissect_LSA_TRANSLATED_SID(tvbuff_t *tvb, int offset,
2389 packet_info *pinfo, proto_tree *tree, char *drep)
2392 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2393 hf_lsa_sid_type, NULL);
2395 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2398 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2399 hf_lsa_index, NULL);
2405 lsa_dissect_LSA_TRANSLATED_SIDS_array(tvbuff_t *tvb, int offset,
2406 packet_info *pinfo, proto_tree *tree, char *drep)
2408 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2409 lsa_dissect_LSA_TRANSLATED_SID);
2415 lsa_dissect_LSA_TRANSLATED_SIDS(tvbuff_t *tvb, int offset,
2416 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2418 proto_item *item=NULL;
2419 proto_tree *tree=NULL;
2420 int old_offset=offset;
2423 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2424 "LSA_TRANSLATED_SIDS:");
2425 tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
2429 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2430 hf_lsa_count, NULL);
2433 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2434 lsa_dissect_LSA_TRANSLATED_SIDS_array, NDR_POINTER_UNIQUE,
2435 "Translated SIDS", -1, 0);
2437 proto_item_set_len(item, offset-old_offset);
2442 lsa_dissect_lsalookupnames_rqst(tvbuff_t *tvb, int offset,
2443 packet_info *pinfo, proto_tree *tree, char *drep)
2445 /* [in] LSA_HANDLE hnd */
2446 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2449 /* [in] ULONG count */
2450 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2451 hf_lsa_count, NULL);
2453 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
2454 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2455 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
2456 "Account pointer: names", hf_lsa_acct, 0);
2458 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2459 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2460 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2461 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
2463 /* [in] USHORT level */
2464 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2465 hf_lsa_info_level, NULL);
2467 /* [in, out, ref] ULONG *num_mapped */
2468 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2469 hf_lsa_num_mapped, NULL);
2476 lsa_dissect_lsalookupnames_reply(tvbuff_t *tvb, int offset,
2477 packet_info *pinfo, proto_tree *tree, char *drep)
2479 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
2480 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2481 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
2482 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
2484 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2485 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2486 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2487 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
2489 /* [in, out, ref] ULONG *num_mapped */
2490 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2491 hf_lsa_num_mapped, NULL);
2493 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2500 lsa_dissect_lsacreatesecret_rqst(tvbuff_t *tvb, int offset,
2501 packet_info *pinfo, proto_tree *tree, char *drep)
2503 /* [in] LSA_HANDLE hnd_pol */
2504 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2507 /* [in, ref] LSA_UNICODE_STRING *name */
2508 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2511 /* [in] ACCESS_MASK access */
2512 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2519 lsa_dissect_lsacreatesecret_reply(tvbuff_t *tvb, int offset,
2520 packet_info *pinfo, proto_tree *tree, char *drep)
2523 /* [out] LSA_HANDLE *hnd */
2524 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2527 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2534 lsa_dissect_lsaopenaccount_rqst(tvbuff_t *tvb, int offset,
2535 packet_info *pinfo, proto_tree *tree, char *drep)
2537 /* [in] LSA_HANDLE hnd_pol */
2538 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2541 /* [in, ref] SID *account */
2542 offset = dissect_ndr_nt_SID(tvb, offset,
2545 /* [in] ACCESS_MASK access */
2546 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2554 lsa_dissect_lsaopenaccount_reply(tvbuff_t *tvb, int offset,
2555 packet_info *pinfo, proto_tree *tree, char *drep)
2557 /* [out] LSA_HANDLE *hnd */
2558 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2561 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2567 static const value_string trusted_info_level_vals[] = {
2568 {1, "Domain Name Information"},
2569 {2, "Controllers Information"},
2570 {3, "Posix Offset Information"},
2571 {4, "Password Information"},
2572 {5, "Domain Information Basic"},
2573 {6, "Domain Information Ex"},
2574 {7, "Domain Auth Information"},
2575 {8, "Domain Full Information"},
2576 {9, "Domain Security Descriptor"},
2577 {10, "Domain Private Information"},
2582 lsa_dissect_TRUSTED_DOMAIN_INFORMATION(tvbuff_t *tvb, int offset,
2583 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2585 proto_item *item=NULL;
2586 proto_tree *tree=NULL;
2587 int old_offset=offset;
2591 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2592 "TRUSTED_DOMAIN_INFO:");
2593 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_info);
2596 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2597 hf_lsa_trusted_info_level, &level);
2599 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2602 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2606 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2607 hf_lsa_count, NULL);
2608 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2609 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2610 "Controllers pointer: ", hf_lsa_controller, 0);
2613 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2614 hf_lsa_rid_offset, NULL);
2617 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2618 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2621 offset = lsa_dissect_LSA_TRUST_INFORMATION(tvb, offset,
2625 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2629 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2632 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2634 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2635 hf_lsa_rid_offset, NULL);
2636 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2639 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2642 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2644 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2645 hf_lsa_rid_offset, NULL);
2646 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2650 proto_item_set_len(item, offset-old_offset);
2655 lsa_dissect_lsaqueryinfotrusteddomain_rqst(tvbuff_t *tvb, int offset,
2656 packet_info *pinfo, proto_tree *tree, char *drep)
2658 /* [in] LSA_HANDLE hnd */
2659 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2662 /* [in] TRUSTED_INFORMATION_CLASS level */
2663 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2664 hf_lsa_trusted_info_level, NULL);
2671 lsa_dissect_lsaqueryinfotrusteddomain_reply(tvbuff_t *tvb, int offset,
2672 packet_info *pinfo, proto_tree *tree, char *drep)
2674 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info */
2675 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2676 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2677 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
2679 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2686 lsa_dissect_lsasetinformationtrusteddomain_rqst(tvbuff_t *tvb, int offset,
2687 packet_info *pinfo, proto_tree *tree, char *drep)
2689 /* [in] LSA_HANDLE hnd */
2690 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2693 /* [in] TRUSTED_INFORMATION_CLASS level */
2694 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2695 hf_lsa_trusted_info_level, NULL);
2697 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info */
2698 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2699 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2700 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
2707 lsa_dissect_lsasetinformationtrusteddomain_reply(tvbuff_t *tvb, int offset,
2708 packet_info *pinfo, proto_tree *tree, char *drep)
2710 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2717 lsa_dissect_lsaopensecret_rqst(tvbuff_t *tvb, int offset,
2718 packet_info *pinfo, proto_tree *tree, char *drep)
2720 /* [in] LSA_HANDLE hnd_pol */
2721 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2724 /* [in, ref] LSA_UNICODE_STRING *name */
2725 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2728 /* [in] ACCESS_MASK access */
2729 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2737 lsa_dissect_lsaopensecret_reply(tvbuff_t *tvb, int offset,
2738 packet_info *pinfo, proto_tree *tree, char *drep)
2740 /* [out] LSA_HANDLE *hnd */
2741 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2744 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2751 lsa_dissect_lsasetsecret_rqst(tvbuff_t *tvb, int offset,
2752 packet_info *pinfo, proto_tree *tree, char *drep)
2754 /* [in] LSA_HANDLE hnd */
2755 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2758 /* [in, unique] LSA_SECRET *new_val */
2759 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2760 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2761 "LSA_SECRET pointer: new_val", -1, 0);
2763 /* [in, unique] LSA_SECRET *old_val */
2764 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2765 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2766 "LSA_SECRET pointer: old_val", -1, 0);
2773 lsa_dissect_lsasetsecret_reply(tvbuff_t *tvb, int offset,
2774 packet_info *pinfo, proto_tree *tree, char *drep)
2776 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2783 lsa_dissect_lsaquerysecret_rqst(tvbuff_t *tvb, int offset,
2784 packet_info *pinfo, proto_tree *tree, char *drep)
2786 /* [in] LSA_HANDLE hnd */
2787 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2790 /* [in, out, unique] LSA_SECRET **curr_val */
2791 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2792 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2793 "LSA_SECRET pointer: curr_val", -1, 0);
2795 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2796 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2797 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2798 "NTIME pointer: old_mtime", hf_lsa_cur_mtime, 0);
2800 /* [in, out, unique] LSA_SECRET **old_val */
2801 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2802 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2803 "LSA_SECRET pointer: old_val", -1, 0);
2805 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2806 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2807 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2808 "NTIME pointer: old_mtime", hf_lsa_old_mtime, 0);
2815 lsa_dissect_lsaquerysecret_reply(tvbuff_t *tvb, int offset,
2816 packet_info *pinfo, proto_tree *tree, char *drep)
2818 /* [in, out, unique] LSA_SECRET **curr_val */
2819 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2820 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2821 "LSA_SECRET pointer: curr_val", -1, 0);
2823 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2824 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2825 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2826 "NTIME pointer: old_mtime", hf_lsa_cur_mtime, 0);
2828 /* [in, out, unique] LSA_SECRET **old_val */
2829 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2830 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2831 "LSA_SECRET pointer: old_val", -1, 0);
2833 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2834 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2835 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2836 "NTIME pointer: old_mtime", hf_lsa_old_mtime, 0);
2842 lsa_dissect_lsadeleteobject_rqst(tvbuff_t *tvb, int offset,
2843 packet_info *pinfo, proto_tree *tree, char *drep)
2845 /* [in] LSA_HANDLE hnd */
2846 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2854 lsa_dissect_lsadeleteobject_reply(tvbuff_t *tvb, int offset,
2855 packet_info *pinfo, proto_tree *tree, char *drep)
2857 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2864 lsa_dissect_lsaenumerateaccountswithuserright_rqst(tvbuff_t *tvb, int offset,
2865 packet_info *pinfo, proto_tree *tree, char *drep)
2867 /* [in] LSA_HANDLE hnd */
2868 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2871 /* [in, unique] LSA_UNICODE_STRING *rights */
2872 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2873 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2874 "LSA_UNICODE_STRING pointer: rights", hf_lsa_rights, 0);
2880 lsa_dissect_lsaenumerateaccountswithuserright_reply(tvbuff_t *tvb, int offset,
2881 packet_info *pinfo, proto_tree *tree, char *drep)
2883 /* [out, ref] LSA_UNICODE_STRING_ARRAY *accounts */
2884 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2885 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2886 "Account pointer: names", hf_lsa_acct, 0);
2888 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2895 lsa_dissect_lsaenumerateaccountrights_rqst(tvbuff_t *tvb, int offset,
2896 packet_info *pinfo, proto_tree *tree, char *drep)
2898 /* [in] LSA_HANDLE hnd */
2899 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2902 /* [in, ref] SID *account */
2903 offset = dissect_ndr_nt_SID(tvb, offset,
2911 lsa_dissect_lsaenumerateaccountrights_reply(tvbuff_t *tvb, int offset,
2912 packet_info *pinfo, proto_tree *tree, char *drep)
2914 /* [out, ref] LSA_UNICODE_STRING_ARRAY *rights */
2915 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2916 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2917 "Account pointer: rights", hf_lsa_rights, 0);
2919 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2926 lsa_dissect_lsaaddaccountrights_rqst(tvbuff_t *tvb, int offset,
2927 packet_info *pinfo, proto_tree *tree, char *drep)
2929 /* [in] LSA_HANDLE hnd */
2930 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2933 /* [in, ref] SID *account */
2934 offset = dissect_ndr_nt_SID(tvb, offset,
2937 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2938 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2939 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2940 "Account pointer: rights", hf_lsa_rights, 0);
2947 lsa_dissect_lsaaddaccountrights_reply(tvbuff_t *tvb, int offset,
2948 packet_info *pinfo, proto_tree *tree, char *drep)
2950 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2957 lsa_dissect_lsaremoveaccountrights_rqst(tvbuff_t *tvb, int offset,
2958 packet_info *pinfo, proto_tree *tree, char *drep)
2960 /* [in] LSA_HANDLE hnd */
2961 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2964 /* [in, ref] SID *account */
2965 offset = dissect_ndr_nt_SID(tvb, offset,
2969 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2970 hf_lsa_remove_all, NULL);
2972 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2973 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2974 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2975 "Account pointer: rights", hf_lsa_rights, 0);
2982 lsa_dissect_lsaremoveaccountrights_reply(tvbuff_t *tvb, int offset,
2983 packet_info *pinfo, proto_tree *tree, char *drep)
2985 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2993 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
2994 packet_info *pinfo, proto_tree *tree, char *drep)
2996 /* [in] LSA_HANDLE handle */
2997 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3000 /* [in, ref] LSA_UNICODE_STRING *name */
3002 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3005 /* [in] TRUSTED_INFORMATION_CLASS level */
3006 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3007 hf_lsa_trusted_info_level, NULL);
3014 lsa_dissect_lsaquerytrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3015 packet_info *pinfo, proto_tree *tree, char *drep)
3017 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3018 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3019 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3020 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
3022 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3030 lsa_dissect_lsasettrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3031 packet_info *pinfo, proto_tree *tree, char *drep)
3033 /* [in] LSA_HANDLE handle */
3034 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3037 /* [in, ref] LSA_UNICODE_STRING *name */
3039 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3042 /* [in] TRUSTED_INFORMATION_CLASS level */
3043 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3044 hf_lsa_trusted_info_level, NULL);
3046 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3047 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3048 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3049 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
3056 lsa_dissect_lsasettrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3057 packet_info *pinfo, proto_tree *tree, char *drep)
3059 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3066 lsa_dissect_lsaquerytrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3067 packet_info *pinfo, proto_tree *tree, char *drep)
3069 /* [in] LSA_HANDLE handle */
3070 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3073 /* [in, ref] SID *sid */
3074 offset = dissect_ndr_nt_SID(tvb, offset,
3077 /* [in] TRUSTED_INFORMATION_CLASS level */
3078 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3079 hf_lsa_trusted_info_level, NULL);
3085 lsa_dissect_lsaopentrusteddomainbyname_rqst(tvbuff_t *tvb, int offset,
3086 packet_info *pinfo, proto_tree *tree, char *drep)
3088 /* [in] LSA_HANDLE handle */
3089 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3092 /* [in, ref] LSA_UNICODE_STRING *name */
3094 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3097 /* [in] ACCESS_MASK access */
3098 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3106 lsa_dissect_lsaopentrusteddomainbyname_reply(tvbuff_t *tvb, int offset,
3107 packet_info *pinfo, proto_tree *tree, char *drep)
3109 /* [out] LSA_HANDLE handle */
3110 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3113 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3122 lsa_dissect_lsaquerytrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3123 packet_info *pinfo, proto_tree *tree, char *drep)
3125 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3126 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3127 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3128 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
3130 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3137 lsa_dissect_lsasettrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3138 packet_info *pinfo, proto_tree *tree, char *drep)
3140 /* [in] LSA_HANDLE handle */
3141 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3144 /* [in, ref] SID *sid */
3145 offset = dissect_ndr_nt_SID(tvb, offset,
3148 /* [in] TRUSTED_INFORMATION_CLASS level */
3149 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3150 hf_lsa_trusted_info_level, NULL);
3152 /* [ref, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3153 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3154 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3155 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
3162 lsa_dissect_lsasettrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3163 packet_info *pinfo, proto_tree *tree, char *drep)
3165 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3172 lsa_dissect_lsaqueryinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3173 packet_info *pinfo, proto_tree *tree, char *drep)
3175 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3176 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3177 "LSA_HANDLE", -1, 0);
3179 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3180 hf_lsa_policy_information_class, NULL);
3186 lsa_dissect_lsaqueryinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3187 packet_info *pinfo, proto_tree *tree, char *drep)
3189 /* This is really a pointer to a pointer though the first level is REF
3190 so we just ignore that one */
3191 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3192 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
3193 "POLICY_INFORMATION pointer: info", -1, 0);
3195 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3202 lsa_dissect_lsasetinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3203 packet_info *pinfo, proto_tree *tree, char *drep)
3205 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3206 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3207 "LSA_HANDLE", -1, 0);
3209 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3210 hf_lsa_policy_information_class, NULL);
3212 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3213 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3214 "POLICY_INFORMATION pointer: info", -1, 0);
3220 lsa_dissect_lsasetinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3221 packet_info *pinfo, proto_tree *tree, char *drep)
3223 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3230 lsa_dissect_lsaquerydomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3231 packet_info *pinfo, proto_tree *tree, char *drep)
3233 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3234 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3235 "LSA_HANDLE", -1, 0);
3237 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3238 hf_lsa_policy_information_class, NULL);
3244 lsa_dissect_lsaquerydomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3245 packet_info *pinfo, proto_tree *tree, char *drep)
3247 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3248 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3249 "POLICY_INFORMATION pointer: info", -1, 0);
3251 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3258 lsa_dissect_lsasetdomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3259 packet_info *pinfo, proto_tree *tree, char *drep)
3261 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3262 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3263 "LSA_HANDLE", -1, 0);
3265 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3266 hf_lsa_policy_information_class, NULL);
3268 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3269 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3270 "POLICY_INFORMATION pointer: info", -1, 0);
3276 lsa_dissect_lsasetdomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3277 packet_info *pinfo, proto_tree *tree, char *drep)
3279 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3286 lsa_dissect_lsalookupnames2_rqst(tvbuff_t *tvb, int offset,
3287 packet_info *pinfo, proto_tree *tree, char *drep)
3289 /* [in] LSA_HANDLE hnd */
3290 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3293 /* [in] ULONG count */
3294 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3295 hf_lsa_count, NULL);
3297 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
3298 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3299 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
3300 "Account pointer: names", hf_lsa_acct, 0);
3302 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3303 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3304 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3305 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
3307 /* [in] USHORT level */
3308 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3309 hf_lsa_info_level, NULL);
3311 /* [in, out, ref] ULONG *num_mapped */
3312 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3313 hf_lsa_num_mapped, NULL);
3316 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3317 hf_lsa_unknown_long, NULL);
3320 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3321 hf_lsa_unknown_long, NULL);
3328 lsa_dissect_lsalookupnames2_reply(tvbuff_t *tvb, int offset,
3329 packet_info *pinfo, proto_tree *tree, char *drep)
3331 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
3332 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3333 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3334 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
3336 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3337 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3338 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3339 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
3341 /* [in, out, ref] ULONG *num_mapped */
3342 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3343 hf_lsa_num_mapped, NULL);
3345 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3353 lsa_dissect_lsacreateaccount_rqst(tvbuff_t *tvb, int offset,
3354 packet_info *pinfo, proto_tree *tree, char *drep)
3356 /* [in] LSA_HANDLE hnd */
3357 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3360 offset = dissect_ndr_nt_SID(tvb, offset,
3363 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3370 lsa_dissect_lsacreateaccount_reply(tvbuff_t *tvb, int offset,
3371 packet_info *pinfo, proto_tree *tree, char *drep)
3373 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3376 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3383 lsa_dissect_lsalookupprivilegedisplayname_rqst(tvbuff_t *tvb, int offset,
3384 packet_info *pinfo, proto_tree *tree, char *drep)
3386 /* [in] LSA_HANDLE hnd */
3387 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3390 /* [in, ref] LSA_UNICODE_STRING *name */
3391 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3394 /* [in] USHORT unknown */
3395 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3396 hf_lsa_unknown_short, NULL);
3398 /* [in] USHORT size */
3399 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3400 hf_lsa_size16, NULL);
3407 lsa_dissect_lsalookupprivilegedisplayname_reply(tvbuff_t *tvb, int offset,
3408 packet_info *pinfo, proto_tree *tree, char *drep)
3410 /* [out, ref] LSA_UNICODE_STRING **disp_name */
3411 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3412 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3413 "NAME pointer: ", hf_lsa_privilege_name, 0);
3415 /* [out, ref] USHORT *size_needed */
3416 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3417 hf_lsa_size_needed, NULL);
3419 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3426 lsa_dissect_lsastoreprivatedata_rqst(tvbuff_t *tvb, int offset,
3427 packet_info *pinfo, proto_tree *tree, char *drep)
3429 /* [in] LSA_HANDLE hnd */
3430 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3433 /* [in, ref] LSA_UNICODE_STRING *key */
3434 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3437 /* [in, unique] LSA_SECRET **data */
3438 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3439 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
3440 "LSA_SECRET* pointer: data", -1, 0);
3447 lsa_dissect_lsastoreprivatedata_reply(tvbuff_t *tvb, int offset,
3448 packet_info *pinfo, proto_tree *tree, char *drep)
3450 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3457 lsa_dissect_lsaretrieveprivatedata_rqst(tvbuff_t *tvb, int offset,
3458 packet_info *pinfo, proto_tree *tree, char *drep)
3460 /* [in] LSA_HANDLE hnd */
3461 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3464 /* [in, ref] LSA_UNICODE_STRING *key */
3465 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3468 /* [in, out, ref] LSA_SECRET **data */
3469 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3470 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3471 "LSA_SECRET* pointer: data", -1, 0);
3478 lsa_dissect_lsaretrieveprivatedata_reply(tvbuff_t *tvb, int offset,
3479 packet_info *pinfo, proto_tree *tree, char *drep)
3481 /* [in, out, ref] LSA_SECRET **data */
3482 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3483 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3484 "LSA_SECRET* pointer: data", -1, 0);
3486 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3493 lsa_dissect_lsaclosetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3494 packet_info *pinfo, proto_tree *tree, char *drep)
3497 /* [in, out] LSA_HANDLE *tdHnd */
3498 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3499 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3500 "LSA_HANDLE", -1, 0);
3507 lsa_dissect_lsaclosetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3508 packet_info *pinfo, proto_tree *tree, char *drep)
3511 /* [in, out] LSA_HANDLE *tdHnd */
3512 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3513 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3514 "LSA_HANDLE", -1, 0);
3516 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3523 lsa_dissect_LSA_TRANSLATED_NAME_EX(tvbuff_t *tvb, int offset,
3524 packet_info *pinfo, proto_tree *parent_tree, char *drep)
3526 proto_item *item=NULL;
3527 proto_tree *tree=NULL;
3528 int old_offset=offset;
3531 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3532 "LSA_TRANSLATED_NAME:");
3533 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
3537 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3538 hf_lsa_sid_type, NULL);
3541 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3545 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3546 hf_lsa_index, NULL);
3549 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3550 hf_lsa_unknown_long, NULL);
3552 proto_item_set_len(item, offset-old_offset);
3557 lsa_dissect_LSA_TRANSLATED_NAME_EX_array(tvbuff_t *tvb, int offset,
3558 packet_info *pinfo, proto_tree *tree, char *drep)
3560 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3561 lsa_dissect_LSA_TRANSLATED_NAME_EX);
3566 lsa_dissect_LSA_TRANSLATED_NAMES_EX(tvbuff_t *tvb, int offset,
3567 packet_info *pinfo, proto_tree *tree, char *drep)
3570 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3571 hf_lsa_count, NULL);
3573 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3574 lsa_dissect_LSA_TRANSLATED_NAME_EX_array, NDR_POINTER_UNIQUE,
3575 "LSA_TRANSLATED_NAME_EX: pointer", -1, 0);
3582 lsa_dissect_lsalookupsids2_rqst(tvbuff_t *tvb, int offset,
3583 packet_info *pinfo, proto_tree *tree, char *drep)
3585 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3588 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3589 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3590 "PSID_ARRAY", -1, 0);
3592 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3593 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3594 "LSA_TRANSLATED_NAMES_EX pointer: names", -1, 0);
3596 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3597 hf_lsa_info_level, NULL);
3599 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3600 hf_lsa_num_mapped, NULL);
3603 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3604 hf_lsa_unknown_long, NULL);
3607 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3608 hf_lsa_unknown_long, NULL);
3614 lsa_dissect_lsalookupsids2_reply(tvbuff_t *tvb, int offset,
3615 packet_info *pinfo, proto_tree *tree, char *drep)
3617 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3618 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_REF,
3619 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
3621 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3622 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3623 "LSA_TRANSLATED_NAMES_EX pointer: names", -1, 0);
3625 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3626 hf_lsa_num_mapped, NULL);
3628 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3635 lsa_dissect_lsagetusername_rqst(tvbuff_t *tvb, int offset,
3636 packet_info *pinfo, proto_tree *tree, char *drep)
3639 /* [in, unique, string] WCHAR *server */
3640 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3641 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
3642 "Server:", hf_lsa_server, 0);
3644 /* [in, out, ref] LSA_UNICODE_STRING **user */
3645 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3646 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3647 "ACCOUNT pointer: ", hf_lsa_acct, 0);
3649 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3650 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3651 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3652 "DOMAIN pointer: ", hf_lsa_domain, 0);
3659 lsa_dissect_lsagetusername_reply(tvbuff_t *tvb, int offset,
3660 packet_info *pinfo, proto_tree *tree, char *drep)
3662 /* [in, out, ref] LSA_UNICODE_STRING **user */
3663 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3664 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3665 "ACCOUNT pointer: ", hf_lsa_acct, 0);
3667 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3668 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3669 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3670 "DOMAIN pointer: ", hf_lsa_domain, 0);
3672 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3679 lsa_dissect_lsacreatetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3680 packet_info *pinfo, proto_tree *tree, char *drep)
3682 /* [in] LSA_HANDLE hnd */
3683 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3686 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3687 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3688 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3689 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1, 0);
3691 /* [in, ref] TRUSTED_DOMAIN_AUTH_INFORMATION *auth */
3692 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3693 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION, NDR_POINTER_REF,
3694 "TRUSTED_DOMAIN_AUTH_INFORMATION pointer: auth", -1, 0);
3696 /* [in] ACCESS_MASK mask */
3697 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3705 lsa_dissect_lsacreatetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3706 packet_info *pinfo, proto_tree *tree, char *drep)
3708 /* [out] LSA_HANDLE *tdHnd) */
3709 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3712 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3719 lsa_dissect_lsaenumeratetrusteddomainsex_rqst(tvbuff_t *tvb, int offset,
3720 packet_info *pinfo, proto_tree *tree, char *drep)
3722 /* [in] LSA_HANDLE hnd */
3723 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3726 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3727 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3728 hf_lsa_resume_handle, NULL);
3730 /* [in] ULONG pref_maxlen */
3731 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3732 hf_lsa_max_count, NULL);
3739 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array(tvbuff_t *tvb, int offset,
3740 packet_info *pinfo, proto_tree *tree, char *drep)
3742 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3743 lsa_dissect_LSA_TRUST_INFORMATION_EX);
3749 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX(tvbuff_t *tvb, int offset,
3750 packet_info *pinfo, proto_tree *tree, char *drep)
3753 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3754 hf_lsa_count, NULL);
3756 /* trust information */
3757 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3758 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array, NDR_POINTER_UNIQUE,
3759 "TRUST INFORMATION array:", -1, 0);
3762 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3763 hf_lsa_max_count, NULL);
3770 lsa_dissect_lsaenumeratetrusteddomainsex_reply(tvbuff_t *tvb, int offset,
3771 packet_info *pinfo, proto_tree *tree, char *drep)
3773 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3774 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3775 hf_lsa_resume_handle, NULL);
3777 /* [out, ref] TRUSTED_DOMAIN_INFORMATION_LIST_EX *domains */
3778 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3779 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX, NDR_POINTER_REF,
3780 "TRUSTED_DOMAIN_INFORMATION_LIST_EX pointer: domains", -1, 0);
3782 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3789 lsa_dissect_lsafunction_38_rqst(tvbuff_t *tvb, int offset,
3790 packet_info *pinfo, proto_tree *tree, char *drep)
3792 /* [in] LSA_HANDLE handle */
3793 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3796 /* [in] USHORT flag */
3797 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3798 hf_lsa_unknown_short, NULL);
3800 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3801 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3802 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3803 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1, 0);
3810 lsa_dissect_lsafunction_38_reply(tvbuff_t *tvb, int offset,
3811 packet_info *pinfo, proto_tree *tree, char *drep)
3813 /* [out, ref] LSA_SECURITY_DESCRIPTOR **psd) */
3814 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3815 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3816 "LSA_SECURITY_DESCRIPTOR pointer: psd)", -1, 0);
3822 lsa_dissect_lsafunction_3b_rqst(tvbuff_t *tvb, int offset,
3823 packet_info *pinfo, proto_tree *tree, char *drep)
3825 /* [in] LSA_HANDLE hnd */
3826 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3829 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3830 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3831 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3832 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1, 0);
3834 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3835 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3836 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3837 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1, 0);
3839 /* [in] ULONG unknown */
3840 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3841 hf_lsa_unknown_long, NULL);
3848 lsa_dissect_lsafunction_3b_reply(tvbuff_t *tvb, int offset,
3849 packet_info *pinfo, proto_tree *tree, char *drep)
3851 /* [out] LSA_HANDLE *h2) */
3852 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3855 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3862 static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
3863 { LSA_LSACLOSE, "Close",
3864 lsa_dissect_lsaclose_rqst,
3865 lsa_dissect_lsaclose_reply },
3866 { LSA_LSADELETE, "Delete",
3867 lsa_dissect_lsadelete_rqst,
3868 lsa_dissect_lsadelete_reply },
3869 { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs",
3870 lsa_dissect_lsaenumerateprivileges_rqst,
3871 lsa_dissect_lsaenumerateprivileges_reply },
3872 { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject",
3873 lsa_dissect_lsaquerysecurityobject_rqst,
3874 lsa_dissect_lsaquerysecurityobject_reply },
3875 { LSA_LSASETSECURITYOBJECT, "SetSecObject",
3876 lsa_dissect_lsasetsecurityobject_rqst,
3877 lsa_dissect_lsasetsecurityobject_reply },
3878 { LSA_LSACHANGEPASSWORD, "ChangePassword",
3879 lsa_dissect_lsachangepassword_rqst,
3880 lsa_dissect_lsachangepassword_reply },
3881 { LSA_LSAOPENPOLICY, "OpenPolicy",
3882 lsa_dissect_lsaopenpolicy_rqst,
3883 lsa_dissect_lsaopenpolicy_reply },
3884 { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy",
3885 lsa_dissect_lsaqueryinformationpolicy_rqst,
3886 lsa_dissect_lsaqueryinformationpolicy_reply },
3887 { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy",
3888 lsa_dissect_lsasetinformationpolicy_rqst,
3889 lsa_dissect_lsasetinformationpolicy_reply },
3890 { LSA_LSACLEARAUDITLOG, "ClearAuditLog",
3891 lsa_dissect_lsaclearauditlog_rqst,
3892 lsa_dissect_lsaclearauditlog_reply },
3893 { LSA_LSACREATEACCOUNT, "CreateAccount",
3894 lsa_dissect_lsacreateaccount_rqst,
3895 lsa_dissect_lsacreateaccount_reply },
3896 { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts",
3897 lsa_dissect_lsaenumerateaccounts_rqst,
3898 lsa_dissect_lsaenumerateaccounts_reply },
3899 { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain",
3900 lsa_dissect_lsacreatetrusteddomain_rqst,
3901 lsa_dissect_lsacreatetrusteddomain_reply },
3902 { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains",
3903 lsa_dissect_lsaenumeratetrusteddomains_rqst,
3904 lsa_dissect_lsaenumeratetrusteddomains_reply },
3905 { LSA_LSALOOKUPNAMES, "LookupNames",
3906 lsa_dissect_lsalookupnames_rqst,
3907 lsa_dissect_lsalookupnames_reply },
3908 { LSA_LSALOOKUPSIDS, "LookupSIDs",
3909 lsa_dissect_lsalookupsids_rqst,
3910 lsa_dissect_lsalookupsids_reply },
3911 { LSA_LSACREATESECRET, "CreateSecret",
3912 lsa_dissect_lsacreatesecret_rqst,
3913 lsa_dissect_lsacreatesecret_reply },
3914 { LSA_LSAOPENACCOUNT, "OpenAccount",
3915 lsa_dissect_lsaopenaccount_rqst,
3916 lsa_dissect_lsaopenaccount_reply },
3917 { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount",
3918 lsa_dissect_lsaenumerateprivilegesaccount_rqst,
3919 lsa_dissect_lsaenumerateprivilegesaccount_reply },
3920 { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount",
3921 lsa_dissect_lsaaddprivilegestoaccount_rqst,
3922 lsa_dissect_lsaaddprivilegestoaccount_reply },
3923 { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount",
3924 lsa_dissect_lsaremoveprivilegesfromaccount_rqst,
3925 lsa_dissect_lsaremoveprivilegesfromaccount_reply },
3926 { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount",
3927 lsa_dissect_lsagetquotasforaccount_rqst,
3928 lsa_dissect_lsagetquotasforaccount_reply },
3929 { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount",
3930 lsa_dissect_lsasetquotasforaccount_rqst,
3931 lsa_dissect_lsasetquotasforaccount_reply },
3932 { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount",
3933 lsa_dissect_lsagetsystemaccessaccount_rqst,
3934 lsa_dissect_lsagetsystemaccessaccount_reply },
3935 { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount",
3936 lsa_dissect_lsasetsystemaccessaccount_rqst,
3937 lsa_dissect_lsasetsystemaccessaccount_reply },
3938 { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain",
3939 lsa_dissect_lsaopentrusteddomain_rqst,
3940 lsa_dissect_lsaopentrusteddomain_reply },
3941 { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain",
3942 lsa_dissect_lsaqueryinfotrusteddomain_rqst,
3943 lsa_dissect_lsaqueryinfotrusteddomain_reply },
3944 { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain",
3945 lsa_dissect_lsasetinformationtrusteddomain_rqst,
3946 lsa_dissect_lsasetinformationtrusteddomain_reply },
3947 { LSA_LSAOPENSECRET, "OpenSecret",
3948 lsa_dissect_lsaopensecret_rqst,
3949 lsa_dissect_lsaopensecret_reply },
3950 { LSA_LSASETSECRET, "SetSecret",
3951 lsa_dissect_lsasetsecret_rqst,
3952 lsa_dissect_lsasetsecret_reply },
3953 { LSA_LSAQUERYSECRET, "QuerySecret",
3954 lsa_dissect_lsaquerysecret_rqst,
3955 lsa_dissect_lsaquerysecret_reply },
3956 { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue",
3957 lsa_dissect_lsalookupprivilegevalue_rqst,
3958 lsa_dissect_lsalookupprivilegevalue_reply },
3959 { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName",
3960 lsa_dissect_lsalookupprivilegename_rqst,
3961 lsa_dissect_lsalookupprivilegename_reply },
3962 { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName",
3963 lsa_dissect_lsalookupprivilegedisplayname_rqst,
3964 lsa_dissect_lsalookupprivilegedisplayname_reply },
3965 { LSA_LSADELETEOBJECT, "DeleteObject",
3966 lsa_dissect_lsadeleteobject_rqst,
3967 lsa_dissect_lsadeleteobject_reply },
3968 { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight",
3969 lsa_dissect_lsaenumerateaccountswithuserright_rqst,
3970 lsa_dissect_lsaenumerateaccountswithuserright_reply },
3971 { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights",
3972 lsa_dissect_lsaenumerateaccountrights_rqst,
3973 lsa_dissect_lsaenumerateaccountrights_reply },
3974 { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights",
3975 lsa_dissect_lsaaddaccountrights_rqst,
3976 lsa_dissect_lsaaddaccountrights_reply },
3977 { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights",
3978 lsa_dissect_lsaremoveaccountrights_rqst,
3979 lsa_dissect_lsaremoveaccountrights_reply },
3980 { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo",
3981 lsa_dissect_lsaquerytrusteddomaininfo_rqst,
3982 lsa_dissect_lsaquerytrusteddomaininfo_reply },
3983 { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo",
3984 lsa_dissect_lsasettrusteddomaininfo_rqst,
3985 lsa_dissect_lsasettrusteddomaininfo_reply },
3986 { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain",
3987 lsa_dissect_lsadeletetrusteddomain_rqst,
3988 lsa_dissect_lsadeletetrusteddomain_reply },
3989 { LSA_LSASTOREPRIVATEDATA, "StorePrivateData",
3990 lsa_dissect_lsastoreprivatedata_rqst,
3991 lsa_dissect_lsastoreprivatedata_reply },
3992 { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData",
3993 lsa_dissect_lsaretrieveprivatedata_rqst,
3994 lsa_dissect_lsaretrieveprivatedata_reply },
3995 { LSA_LSAOPENPOLICY2, "OpenPolicy2",
3996 lsa_dissect_lsaopenpolicy2_rqst,
3997 lsa_dissect_lsaopenpolicy2_reply },
3998 { LSA_LSAGETUSERNAME, "GetUsername",
3999 lsa_dissect_lsagetusername_rqst,
4000 lsa_dissect_lsagetusername_reply },
4001 { LSA_LSAQUERYINFORMATIONPOLICY2, "QueryInformationPolicy2",
4002 lsa_dissect_lsaqueryinformationpolicy2_rqst,
4003 lsa_dissect_lsaqueryinformationpolicy2_reply },
4004 { LSA_LSASETINFORMATIONPOLICY2, "SetInformationPolicy2",
4005 lsa_dissect_lsasetinformationpolicy2_rqst,
4006 lsa_dissect_lsasetinformationpolicy2_reply },
4007 { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName",
4008 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst,
4009 lsa_dissect_lsaquerytrusteddomaininfobyname_reply },
4010 { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName",
4011 lsa_dissect_lsasettrusteddomaininfobyname_rqst,
4012 lsa_dissect_lsasettrusteddomaininfobyname_reply },
4013 { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx",
4014 lsa_dissect_lsaenumeratetrusteddomainsex_rqst,
4015 lsa_dissect_lsaenumeratetrusteddomainsex_reply },
4016 { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx",
4017 lsa_dissect_lsacreatetrusteddomainex_rqst,
4018 lsa_dissect_lsacreatetrusteddomainex_reply },
4019 { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx",
4020 lsa_dissect_lsaclosetrusteddomainex_rqst,
4021 lsa_dissect_lsaclosetrusteddomainex_reply },
4022 { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy",
4023 lsa_dissect_lsaquerydomaininformationpolicy_rqst,
4024 lsa_dissect_lsaquerydomaininformationpolicy_reply },
4025 { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy",
4026 lsa_dissect_lsasetdomaininformationpolicy_rqst,
4027 lsa_dissect_lsasetdomaininformationpolicy_reply },
4028 { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName",
4029 lsa_dissect_lsaopentrusteddomainbyname_rqst,
4030 lsa_dissect_lsaopentrusteddomainbyname_reply },
4031 { LSA_LSAFUNCTION_38, "LSAFUNCTION_38",
4032 lsa_dissect_lsafunction_38_rqst,
4033 lsa_dissect_lsafunction_38_reply },
4034 { LSA_LSALOOKUPSIDS2, "LookupSIDs2",
4035 lsa_dissect_lsalookupsids2_rqst,
4036 lsa_dissect_lsalookupsids2_reply },
4037 { LSA_LSALOOKUPNAMES2, "LookupNames2",
4038 lsa_dissect_lsalookupnames2_rqst,
4039 lsa_dissect_lsalookupnames2_reply },
4040 { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B",
4041 lsa_dissect_lsafunction_3b_rqst,
4042 lsa_dissect_lsafunction_3b_reply },
4043 {0, NULL, NULL, NULL}
4046 static const value_string lsa_opnum_vals[] = {
4047 { LSA_LSACLOSE, "Close" },
4048 { LSA_LSADELETE, "Delete" },
4049 { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs" },
4050 { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject" },
4051 { LSA_LSASETSECURITYOBJECT, "SetSecObject" },
4052 { LSA_LSACHANGEPASSWORD, "ChangePassword" },
4053 { LSA_LSAOPENPOLICY, "OpenPolicy" },
4054 { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy" },
4055 { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy" },
4056 { LSA_LSACLEARAUDITLOG, "ClearAuditLog" },
4057 { LSA_LSACREATEACCOUNT, "CreateAccount" },
4058 { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts" },
4059 { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain" },
4060 { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains" },
4061 { LSA_LSALOOKUPNAMES, "LookupNames" },
4062 { LSA_LSALOOKUPSIDS, "LookupSIDs" },
4063 { LSA_LSACREATESECRET, "CreateSecret" },
4064 { LSA_LSAOPENACCOUNT, "OpenAccount" },
4065 { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount" },
4066 { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount" },
4067 { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount" },
4068 { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount" },
4069 { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount" },
4070 { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount" },
4071 { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount" },
4072 { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain" },
4073 { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain" },
4074 { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain" },
4075 { LSA_LSAOPENSECRET, "OpenSecret" },
4076 { LSA_LSASETSECRET, "SetSecret" },
4077 { LSA_LSAQUERYSECRET, "QuerySecret" },
4078 { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue" },
4079 { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName" },
4080 { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName" },
4081 { LSA_LSADELETEOBJECT, "DeleteObject" },
4082 { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight" },
4083 { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights" },
4084 { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights" },
4085 { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights" },
4086 { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo" },
4087 { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo" },
4088 { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain" },
4089 { LSA_LSASTOREPRIVATEDATA, "StorePrivateData" },
4090 { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData" },
4091 { LSA_LSAOPENPOLICY2, "OpenPolicy2" },
4092 { LSA_LSAGETUSERNAME, "GetUsername" },
4093 { LSA_LSAQUERYINFORMATIONPOLICY2, "QueryInformationPolicy2" },
4094 { LSA_LSASETINFORMATIONPOLICY2, "SetInformationPolicy2" },
4095 { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName" },
4096 { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName" },
4097 { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx" },
4098 { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx" },
4099 { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx" },
4100 { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy" },
4101 { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy" },
4102 { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName" },
4103 { LSA_LSAFUNCTION_38, "LSAFUNCTION_38" },
4104 { LSA_LSALOOKUPSIDS2, "LookupSIDs2" },
4105 { LSA_LSALOOKUPNAMES2, "LookupNames2" },
4106 { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B" },
4111 proto_register_dcerpc_lsa(void)
4113 static hf_register_info hf[] = {
4116 { "Operation", "lsa.opnum", FT_UINT16, BASE_DEC,
4117 VALS(lsa_opnum_vals), 0x0, "Operation", HFILL }},
4119 { &hf_lsa_unknown_string,
4120 { "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
4121 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
4124 { "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
4125 NULL, 0x0, "LSA policy handle", HFILL }},
4128 { "Server", "lsa.server", FT_STRING, BASE_NONE,
4129 NULL, 0, "Name of Server", HFILL }},
4131 { &hf_lsa_controller,
4132 { "Controller", "lsa.controller", FT_STRING, BASE_NONE,
4133 NULL, 0, "Name of Domain Controller", HFILL }},
4135 { &hf_lsa_unknown_hyper,
4136 { "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
4137 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4139 { &hf_lsa_unknown_long,
4140 { "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
4141 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4143 { &hf_lsa_unknown_short,
4144 { "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
4145 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4147 { &hf_lsa_unknown_char,
4148 { "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
4149 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4152 { "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
4153 VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
4156 { "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
4157 NULL, 0x0, "LSA Attributes", HFILL }},
4159 { &hf_lsa_obj_attr_len,
4160 { "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
4161 NULL, 0x0, "Length of object attribute structure", HFILL }},
4163 { &hf_lsa_obj_attr_name,
4164 { "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
4165 NULL, 0x0, "Name of object attribute", HFILL }},
4167 { &hf_lsa_access_mask,
4168 { "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
4169 NULL, 0x0, "LSA Access Mask", HFILL }},
4171 { &hf_lsa_info_level,
4172 { "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
4173 NULL, 0x0, "Information level of requested data", HFILL }},
4175 { &hf_lsa_trusted_info_level,
4176 { "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
4177 VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
4180 { "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
4181 NULL, 0x0, "Size of lsa security descriptor", HFILL }},
4184 { "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
4185 NULL, 0x0, "Length of quality of service structure", HFILL }},
4187 { &hf_lsa_qos_impersonation_level,
4188 { "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
4189 VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
4191 { &hf_lsa_qos_track_context,
4192 { "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
4193 NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
4195 { &hf_lsa_qos_effective_only,
4196 { "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
4197 NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
4199 { &hf_lsa_pali_percent_full,
4200 { "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
4201 NULL, 0x0, "How full audit log is in percentage", HFILL }},
4203 { &hf_lsa_pali_log_size,
4204 { "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
4205 NULL, 0x0, "Size of audit log", HFILL }},
4207 { &hf_lsa_pali_retention_period,
4208 { "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
4209 NULL, 0x0, "", HFILL }},
4211 { &hf_lsa_pali_time_to_shutdown,
4212 { "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
4213 NULL, 0x0, "Time to shutdown", HFILL }},
4215 { &hf_lsa_pali_shutdown_in_progress,
4216 { "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
4217 NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
4219 { &hf_lsa_pali_next_audit_record,
4220 { "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
4221 NULL, 0x0, "Next audit record", HFILL }},
4223 { &hf_lsa_paei_enabled,
4224 { "Enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
4225 NULL, 0x0, "If Audit Events Information is Enabled or not", HFILL }},
4227 { &hf_lsa_paei_settings,
4228 { "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
4229 NULL, 0x0, "Audit Events Information settings", HFILL }},
4232 { "Count", "lsa.count", FT_UINT32, BASE_DEC,
4233 NULL, 0x0, "Count of objects", HFILL }},
4235 { &hf_lsa_max_count,
4236 { "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
4237 NULL, 0x0, "", HFILL }},
4240 { "Domain", "lsa.domain", FT_STRING, BASE_NONE,
4241 NULL, 0x0, "Domain", HFILL }},
4244 { "Account", "lsa.acct", FT_STRING, BASE_NONE,
4245 NULL, 0x0, "Account", HFILL }},
4248 { "Source", "lsa.source", FT_STRING, BASE_NONE,
4249 NULL, 0x0, "Replica Source", HFILL }},
4251 { &hf_lsa_server_role,
4252 { "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
4253 VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
4255 { &hf_lsa_quota_paged_pool,
4256 { "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
4257 NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
4259 { &hf_lsa_quota_non_paged_pool,
4260 { "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
4261 NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
4263 { &hf_lsa_quota_min_wss,
4264 { "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
4265 NULL, 0x0, "Size of Quota Min WSS", HFILL }},
4267 { &hf_lsa_quota_max_wss,
4268 { "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
4269 NULL, 0x0, "Size of Quota Max WSS", HFILL }},
4271 { &hf_lsa_quota_pagefile,
4272 { "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
4273 NULL, 0x0, "Size of quota pagefile usage", HFILL }},
4275 { &hf_lsa_mod_seq_no,
4276 { "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
4277 NULL, 0x0, "Sequence number for this modification", HFILL }},
4279 { &hf_lsa_mod_mtime,
4280 { "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4281 NULL, 0x0, "Time when this modification occured", HFILL }},
4283 { &hf_lsa_cur_mtime,
4284 { "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4285 NULL, 0x0, "Current MTime to set", HFILL }},
4287 { &hf_lsa_old_mtime,
4288 { "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4289 NULL, 0x0, "Old MTime for this object", HFILL }},
4292 { "Name", "lsa.name", FT_STRING, BASE_NONE,
4293 NULL, 0x0, "", HFILL }},
4296 { "Key", "lsa.key", FT_STRING, BASE_NONE,
4297 NULL, 0x0, "", HFILL }},
4299 { &hf_lsa_flat_name,
4300 { "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
4301 NULL, 0x0, "", HFILL }},
4304 { "Forest", "lsa.forest", FT_STRING, BASE_NONE,
4305 NULL, 0x0, "", HFILL }},
4307 { &hf_lsa_info_type,
4308 { "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
4309 NULL, 0x0, "", HFILL }},
4312 { "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
4313 NULL, 0x0, "New password", HFILL }},
4316 { "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
4317 NULL, 0x0, "Old password", HFILL }},
4320 { "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
4321 VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
4324 { "RID", "lsa.rid", FT_UINT32, BASE_HEX,
4325 NULL, 0x0, "RID", HFILL }},
4327 { &hf_lsa_rid_offset,
4328 { "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
4329 NULL, 0x0, "RID Offset", HFILL }},
4332 { "Index", "lsa.index", FT_UINT32, BASE_DEC,
4333 NULL, 0x0, "", HFILL }},
4335 { &hf_lsa_num_mapped,
4336 { "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
4337 NULL, 0x0, "", HFILL }},
4339 { &hf_lsa_policy_information_class,
4340 { "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
4341 VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
4344 { "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX,
4345 NULL, 0, "", HFILL }},
4347 { &hf_lsa_auth_blob,
4348 { "Auth blob", "lsa.auth.blob", FT_BYTES, BASE_HEX,
4349 NULL, 0, "", HFILL }},
4352 { "High", "nt.luid.high", FT_UINT32, BASE_HEX,
4353 NULL, 0x0, "LUID High component", HFILL }},
4356 { "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
4357 NULL, 0x0, "LUID Low component", HFILL }},
4360 { "Size", "lsa.size", FT_UINT32, BASE_DEC,
4361 NULL, 0x0, "", HFILL }},
4364 { "Size", "lsa.size", FT_UINT16, BASE_DEC,
4365 NULL, 0x0, "", HFILL }},
4367 { &hf_lsa_size_needed,
4368 { "Size Needed", "lsa.size_needed", FT_UINT16, BASE_DEC,
4369 NULL, 0x0, "", HFILL }},
4371 { &hf_lsa_privilege_name,
4372 { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
4373 NULL, 0x0, "LSA Privilege Name", HFILL }},
4376 { "Rights", "lsa.rights", FT_STRING, BASE_NONE,
4377 NULL, 0x0, "Account Rights", HFILL }},
4380 { "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
4381 NULL, 0x0, "LSA Attributes", HFILL }},
4383 { &hf_lsa_auth_update,
4384 { "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
4385 NULL, 0x0, "LSA Auth Info update", HFILL }},
4387 { &hf_lsa_resume_handle,
4388 { "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
4389 NULL, 0x0, "Resume Handle", HFILL }},
4391 { &hf_lsa_trust_direction,
4392 { "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
4393 VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
4395 { &hf_lsa_trust_type,
4396 { "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
4397 VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
4399 { &hf_lsa_trust_attr,
4400 { "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
4401 NULL, 0x0, "Trust attributes", HFILL }},
4403 { &hf_lsa_trust_attr_non_trans,
4404 { "Non Transitive", "lsa.trust.attr.non_trans", FT_BOOLEAN, 32,
4405 TFS(&tfs_trust_attr_non_trans), 0x00000001, "Non Transitive trust", HFILL }},
4407 { &hf_lsa_trust_attr_uplevel_only,
4408 { "Upleve only", "lsa.trust.attr.uplevel_only", FT_BOOLEAN, 32,
4409 TFS(&tfs_trust_attr_uplevel_only), 0x00000002, "Uplevel only trust", HFILL }},
4411 { &hf_lsa_trust_attr_tree_parent,
4412 { "Tree Parent", "lsa.trust.attr.tree_parent", FT_BOOLEAN, 32,
4413 TFS(&tfs_trust_attr_tree_parent), 0x00400000, "Tree Parent trust", HFILL }},
4415 { &hf_lsa_trust_attr_tree_root,
4416 { "Tree Root", "lsa.trust.attr.tree_root", FT_BOOLEAN, 32,
4417 TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
4419 { &hf_lsa_auth_type,
4420 { "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
4421 NULL, 0x0, "Auth Info type", HFILL }},
4424 { "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
4425 NULL, 0x0, "Auth Info len", HFILL }},
4427 { &hf_lsa_remove_all,
4428 { "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
4429 NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }},
4431 { &hf_view_local_info,
4432 { "View local info", "lsa.access_mask.view_local_info",
4433 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_LOCAL_INFORMATION,
4434 "View local info", HFILL }},
4436 { &hf_view_audit_info,
4437 { "View audit info", "lsa.access_mask.view_audit_info",
4438 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_AUDIT_INFORMATION,
4439 "View audit info", HFILL }},
4441 { &hf_get_private_info,
4442 { "Get private info", "lsa.access_mask.get_privateinfo",
4443 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_GET_PRIVATE_INFORMATION,
4444 "Get private info", HFILL }},
4447 { "Trust admin", "lsa.access_mask.trust_admin",
4448 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_TRUST_ADMIN,
4449 "Trust admin", HFILL }},
4451 { &hf_create_account,
4452 { "Create account", "lsa.access_mask.create_account",
4453 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_ACCOUNT,
4454 "Create account", HFILL }},
4456 { &hf_create_secret,
4457 { "Create secret", "lsa.access_mask.create_secret",
4458 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_SECRET,
4459 "Create secret", HFILL }},
4462 { "Create privilege", "lsa.access_mask.create_priv",
4463 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_PRIVILEGE,
4464 "Create privilege", HFILL }},
4466 { &hf_set_default_quota_limits,
4467 { "Set default quota limits", "lsa.access_mask.set_default_quota_limits",
4468 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_DEFAULT_QUOTA_LIMITS,
4469 "Set default quota limits", HFILL }},
4471 { &hf_set_audit_requirements,
4472 { "Set audit requirements", "lsa.access_mask.set_audit_requirements",
4473 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_AUDIT_REQUIREMENTS,
4474 "Set audit requirements", HFILL }},
4477 { "Server admin", "lsa.access_mask.server_admin",
4478 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SERVER_ADMIN,
4479 "Server admin", HFILL }},
4482 { "Lookup names", "lsa.access_mask.lookup_names",
4483 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_LOOKUP_NAMES,
4484 "Lookup names", HFILL }}
4487 static gint *ett[] = {
4489 &ett_lsa_OBJECT_ATTRIBUTES,
4490 &ett_LSA_SECURITY_DESCRIPTOR,
4491 &ett_lsa_policy_info,
4492 &ett_lsa_policy_audit_log_info,
4493 &ett_lsa_policy_audit_events_info,
4494 &ett_lsa_policy_primary_domain_info,
4495 &ett_lsa_policy_primary_account_info,
4496 &ett_lsa_policy_server_role_info,
4497 &ett_lsa_policy_replica_source_info,
4498 &ett_lsa_policy_default_quota_info,
4499 &ett_lsa_policy_modification_info,
4500 &ett_lsa_policy_audit_full_set_info,
4501 &ett_lsa_policy_audit_full_query_info,
4502 &ett_lsa_policy_dns_domain_info,
4503 &ett_lsa_translated_names,
4504 &ett_lsa_translated_name,
4505 &ett_lsa_referenced_domain_list,
4506 &ett_lsa_trust_information,
4507 &ett_lsa_trust_information_ex,
4509 &ett_LSA_PRIVILEGES,
4511 &ett_LSA_LUID_AND_ATTRIBUTES_ARRAY,
4512 &ett_LSA_LUID_AND_ATTRIBUTES,
4513 &ett_LSA_TRUSTED_DOMAIN_LIST,
4514 &ett_LSA_TRUSTED_DOMAIN,
4515 &ett_LSA_TRANSLATED_SIDS,
4516 &ett_lsa_trusted_domain_info,
4517 &ett_lsa_trust_attr,
4518 &ett_lsa_trusted_domain_auth_information,
4519 &ett_lsa_auth_information
4522 proto_dcerpc_lsa = proto_register_protocol(
4523 "Microsoft Local Security Architecture", "LSA", "lsa");
4525 proto_register_field_array (proto_dcerpc_lsa, hf, array_length (hf));
4526 proto_register_subtree_array(ett, array_length(ett));
4529 /* Protocol handoff */
4531 static e_uuid_t uuid_dcerpc_lsa = {
4532 0x12345778, 0x1234, 0xabcd,
4533 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
4536 static guint16 ver_dcerpc_lsa = 0;
4539 proto_reg_handoff_dcerpc_lsa(void)
4541 /* Register protocol as dcerpc */
4543 dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
4544 ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum);