2 * Routines for SMB \PIPE\lsarpc packet disassembly
3 * Copyright 2001, Tim Potter <tpot@samba.org>
4 * 2002 Added LSA command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-lsa.c,v 1.51 2002/06/21 02:17:32 tpot Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
37 #include "packet-dcerpc-lsa.h"
38 #include "packet-smb-common.h"
41 static int proto_dcerpc_lsa = -1;
43 static int hf_lsa_rc = -1;
44 static int hf_lsa_hnd = -1;
45 static int hf_lsa_server = -1;
46 static int hf_lsa_controller = -1;
47 static int hf_lsa_obj_attr = -1;
48 static int hf_lsa_obj_attr_len = -1;
49 static int hf_lsa_obj_attr_name = -1;
50 static int hf_lsa_access_mask = -1;
51 static int hf_lsa_info_level = -1;
52 static int hf_lsa_trusted_info_level = -1;
53 static int hf_lsa_sd_size = -1;
54 static int hf_lsa_qos_len = -1;
55 static int hf_lsa_qos_impersonation_level = -1;
56 static int hf_lsa_qos_track_context = -1;
57 static int hf_lsa_qos_effective_only = -1;
58 static int hf_lsa_pali_percent_full = -1;
59 static int hf_lsa_pali_log_size = -1;
60 static int hf_lsa_pali_retention_period = -1;
61 static int hf_lsa_pali_time_to_shutdown = -1;
62 static int hf_lsa_pali_shutdown_in_progress = -1;
63 static int hf_lsa_pali_next_audit_record = -1;
64 static int hf_lsa_paei_enabled = -1;
65 static int hf_lsa_paei_settings = -1;
66 static int hf_lsa_count = -1;
67 static int hf_lsa_size = -1;
68 static int hf_lsa_size16 = -1;
69 static int hf_lsa_size_needed = -1;
70 static int hf_lsa_max_count = -1;
71 static int hf_lsa_index = -1;
72 static int hf_lsa_domain = -1;
73 static int hf_lsa_acct = -1;
74 static int hf_lsa_server_role = -1;
75 static int hf_lsa_source = -1;
76 static int hf_lsa_quota_paged_pool = -1;
77 static int hf_lsa_quota_non_paged_pool = -1;
78 static int hf_lsa_quota_min_wss = -1;
79 static int hf_lsa_quota_max_wss = -1;
80 static int hf_lsa_quota_pagefile = -1;
81 static int hf_lsa_mod_seq_no = -1;
82 static int hf_lsa_mod_mtime = -1;
83 static int hf_lsa_cur_mtime = -1;
84 static int hf_lsa_old_mtime = -1;
85 static int hf_lsa_name = -1;
86 static int hf_lsa_key = -1;
87 static int hf_lsa_flat_name = -1;
88 static int hf_lsa_forest = -1;
89 static int hf_lsa_info_type = -1;
90 static int hf_lsa_old_pwd = -1;
91 static int hf_lsa_new_pwd = -1;
92 static int hf_lsa_sid_type = -1;
93 static int hf_lsa_rid = -1;
94 static int hf_lsa_rid_offset = -1;
95 static int hf_lsa_num_mapped = -1;
96 static int hf_lsa_policy_information_class = -1;
97 static int hf_lsa_secret = -1;
98 static int hf_nt_luid_high = -1;
99 static int hf_nt_luid_low = -1;
100 static int hf_lsa_privilege_name = -1;
101 static int hf_lsa_attr = -1;
102 static int hf_lsa_resume_handle = -1;
103 static int hf_lsa_trust_direction = -1;
104 static int hf_lsa_trust_type = -1;
105 static int hf_lsa_trust_attr = -1;
106 static int hf_lsa_trust_attr_non_trans = -1;
107 static int hf_lsa_trust_attr_uplevel_only = -1;
108 static int hf_lsa_trust_attr_tree_parent = -1;
109 static int hf_lsa_trust_attr_tree_root = -1;
110 static int hf_lsa_auth_update = -1;
111 static int hf_lsa_auth_type = -1;
112 static int hf_lsa_auth_len = -1;
113 static int hf_lsa_auth_blob = -1;
114 static int hf_lsa_rights = -1;
115 static int hf_lsa_remove_all = -1;
117 static int hf_lsa_unknown_hyper = -1;
118 static int hf_lsa_unknown_long = -1;
119 static int hf_lsa_unknown_short = -1;
120 static int hf_lsa_unknown_char = -1;
121 static int hf_lsa_unknown_string = -1;
122 #ifdef LSA_UNUSED_HANDLES
123 static int hf_lsa_unknown_time = -1;
127 static gint ett_dcerpc_lsa = -1;
128 static gint ett_lsa_OBJECT_ATTRIBUTES = -1;
129 static gint ett_LSA_SECURITY_DESCRIPTOR = -1;
130 static gint ett_lsa_policy_info = -1;
131 static gint ett_lsa_policy_audit_log_info = -1;
132 static gint ett_lsa_policy_audit_events_info = -1;
133 static gint ett_lsa_policy_primary_domain_info = -1;
134 static gint ett_lsa_policy_primary_account_info = -1;
135 static gint ett_lsa_policy_server_role_info = -1;
136 static gint ett_lsa_policy_replica_source_info = -1;
137 static gint ett_lsa_policy_default_quota_info = -1;
138 static gint ett_lsa_policy_modification_info = -1;
139 static gint ett_lsa_policy_audit_full_set_info = -1;
140 static gint ett_lsa_policy_audit_full_query_info = -1;
141 static gint ett_lsa_policy_dns_domain_info = -1;
142 static gint ett_lsa_translated_names = -1;
143 static gint ett_lsa_translated_name = -1;
144 static gint ett_lsa_referenced_domain_list = -1;
145 static gint ett_lsa_trust_information = -1;
146 static gint ett_lsa_trust_information_ex = -1;
147 static gint ett_LUID = -1;
148 static gint ett_LSA_PRIVILEGES = -1;
149 static gint ett_LSA_PRIVILEGE = -1;
150 static gint ett_LSA_LUID_AND_ATTRIBUTES_ARRAY = -1;
151 static gint ett_LSA_LUID_AND_ATTRIBUTES = -1;
152 static gint ett_LSA_TRUSTED_DOMAIN_LIST = -1;
153 static gint ett_LSA_TRUSTED_DOMAIN = -1;
154 static gint ett_LSA_TRANSLATED_SIDS = -1;
155 static gint ett_lsa_trusted_domain_info = -1;
156 static gint ett_lsa_trust_attr = -1;
157 static gint ett_lsa_trusted_domain_auth_information = -1;
158 static gint ett_lsa_auth_information = -1;
162 lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
163 packet_info *pinfo, proto_tree *tree,
168 di=pinfo->private_data;
169 if(di->conformant_run){
170 /*just a run to handle conformant arrays, nothing to dissect */
174 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
181 lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
182 packet_info *pinfo, proto_tree *tree,
187 di=pinfo->private_data;
188 if(di->conformant_run){
189 /*just a run to handle conformant arrays, nothing to dissect */
193 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
194 di->hf_index, di->levels);
199 lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
200 packet_info *pinfo, proto_tree *tree,
205 di=pinfo->private_data;
206 if(di->conformant_run){
207 /*just a run to handle conformant arrays, nothing to dissect */
211 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
212 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
213 "DOMAIN pointer: ", di->hf_index, 0);
219 lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
220 packet_info *pinfo, proto_tree *tree,
225 di=pinfo->private_data;
226 if(di->conformant_run){
227 /*just a run to handle conformant arrays, nothing to dissect */
231 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
232 di->hf_index, di->levels);
238 lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
239 packet_info *pinfo, proto_tree *tree,
245 di=pinfo->private_data;
246 if(di->conformant_run){
247 /*just a run to handle conformant arrays, nothing to dissect */
251 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
252 hf_lsa_sd_size, &len);
253 proto_tree_add_item(tree, hf_lsa_secret, tvb, offset, len, FALSE);
259 lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
260 packet_info *pinfo, proto_tree *parent_tree,
263 proto_item *item=NULL;
264 proto_tree *tree=NULL;
265 int old_offset=offset;
268 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
270 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
273 /* XXX need to figure this one out */
274 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
275 hf_lsa_sd_size, NULL);
276 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
277 lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
278 "LSA SECRET data:", -1, 0);
280 proto_item_set_len(item, offset-old_offset);
285 lsa_dissect_LSA_SECRET_pointer(tvbuff_t *tvb, int offset,
286 packet_info *pinfo, proto_tree *tree,
289 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
290 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
291 "LSA_SECRET pointer: data", -1, 0);
297 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
298 packet_info *pinfo, proto_tree *tree,
304 di=pinfo->private_data;
305 if(di->conformant_run){
306 /*just a run to handle conformant arrays, nothing to dissect */
310 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
311 hf_lsa_sd_size, &len);
313 dissect_nt_sec_desc(tvb, offset, tree, len);
319 lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
320 packet_info *pinfo, proto_tree *parent_tree,
323 proto_item *item=NULL;
324 proto_tree *tree=NULL;
325 int old_offset=offset;
328 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
329 "LSA_SECURITY_DESCRIPTOR:");
330 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
333 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
334 hf_lsa_sd_size, NULL);
336 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
337 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
338 "LSA SECURITY DESCRIPTOR data:", -1, 0);
340 proto_item_set_len(item, offset-old_offset);
345 lsa_dissect_LPSTR(tvbuff_t *tvb, int offset,
346 packet_info *pinfo, proto_tree *tree, char *drep)
348 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
349 hf_lsa_unknown_char, NULL);
354 static const value_string lsa_impersonation_level_vals[] = {
356 {1, "Identification"},
357 {2, "Impersonation"},
364 lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset,
365 packet_info *pinfo, proto_tree *tree, char *drep)
368 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
369 hf_lsa_qos_len, NULL);
371 /* impersonation level */
372 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
373 hf_lsa_qos_impersonation_level, NULL);
375 /* context tracking mode */
376 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
377 hf_lsa_qos_track_context, NULL);
380 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
381 hf_lsa_qos_effective_only, NULL);
387 lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
388 packet_info *pinfo, proto_tree *tree, char *drep)
390 /* XXX is this some bitmask ?*/
391 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
392 hf_lsa_access_mask, NULL);
398 * XXX - it'd be nice if we could arrange that this be passed
399 * some out-of-band indication of whether the handle is being opened,
400 * closed, or just used.
403 lsa_dissect_LSA_HANDLE(tvbuff_t *tvb, int offset,
404 packet_info *pinfo, proto_tree *tree, char *drep)
406 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
407 hf_lsa_hnd, NULL, FALSE, FALSE);
413 lsa_dissect_LSA_HANDLE_open(tvbuff_t *tvb, int offset,
414 packet_info *pinfo, proto_tree *tree, char *drep)
416 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
417 hf_lsa_hnd, NULL, TRUE, FALSE);
423 lsa_dissect_LSA_HANDLE_close(tvbuff_t *tvb, int offset,
424 packet_info *pinfo, proto_tree *tree, char *drep)
426 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
427 hf_lsa_hnd, NULL, FALSE, TRUE);
434 lsa_dissect_LSA_OBJECT_ATTRIBUTES(tvbuff_t *tvb, int offset,
435 packet_info *pinfo, proto_tree *parent_tree, char *drep)
437 int old_offset=offset;
438 proto_item *item = NULL;
439 proto_tree *tree = NULL;
442 item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Object Attributes");
443 tree = proto_item_add_subtree(item, ett_lsa_OBJECT_ATTRIBUTES);
447 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
448 hf_lsa_obj_attr_len, NULL);
451 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
452 lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
453 "LSPTR pointer: ", -1, 0);
456 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
457 lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
458 "NAME pointer: ", hf_lsa_obj_attr_name, 0);
461 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
462 hf_lsa_obj_attr, NULL);
464 /* security descriptor */
465 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
466 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
467 "LSA_SECURITY_DESCRIPTOR pointer: ", -1, 0);
469 /* security quality of service */
470 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
471 lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
472 "LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1, 0);
474 proto_item_set_len(item, offset-old_offset);
479 lsa_dissect_lsaclose_rqst(tvbuff_t *tvb, int offset,
480 packet_info *pinfo, proto_tree *tree, char *drep)
482 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
483 lsa_dissect_LSA_HANDLE_close, NDR_POINTER_REF,
484 "LSA_HANDLE", -1, 0);
490 lsa_dissect_lsaclose_reply(tvbuff_t *tvb, int offset,
491 packet_info *pinfo, proto_tree *tree, char *drep)
493 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
494 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
495 "LSA_HANDLE", -1, 0);
496 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
502 /* A bug in the NT IDL for lsa openpolicy only stores the first (wide)
503 character of the server name which is always '\'. This is fixed in lsa
504 openpolicy2 but the function remains for backwards compatibility. */
506 static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
508 proto_tree *tree, char *drep)
510 return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
511 hf_lsa_server, NULL);
515 lsa_dissect_lsaopenpolicy_rqst(tvbuff_t *tvb, int offset,
516 packet_info *pinfo, proto_tree *tree, char *drep)
518 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
519 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
520 "Server:", hf_lsa_server, 0);
522 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
523 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
524 "OBJECT_ATTRIBUTES", -1, 0);
526 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
533 lsa_dissect_lsaopenpolicy_reply(tvbuff_t *tvb, int offset,
534 packet_info *pinfo, proto_tree *tree, char *drep)
536 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
537 lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
538 "LSA_HANDLE", -1, 0);
539 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
546 lsa_dissect_lsaopenpolicy2_rqst(tvbuff_t *tvb, int offset,
547 packet_info *pinfo, proto_tree *tree, char *drep)
549 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
550 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
551 "Server", hf_lsa_server, 0);
553 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
554 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
555 "OBJECT_ATTRIBUTES", -1, 0);
557 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
564 lsa_dissect_lsaopenpolicy2_reply(tvbuff_t *tvb, int offset,
565 packet_info *pinfo, proto_tree *tree, char *drep)
567 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
568 lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
569 "LSA_HANDLE", -1, 0);
570 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
576 static const value_string policy_information_class_vals[] = {
577 {1, "Audit Log Information"},
578 {2, "Audit Events Information"},
579 {3, "Primary Domain Information"},
580 {4, "Pd Account Information"},
581 {5, "Account Domain Information"},
582 {6, "Server Role Information"},
583 {7, "Replica Source Information"},
584 {8, "Default Quota Information"},
585 {9, "Modification Information"},
586 {10, "Audit Full Set Information"},
587 {11, "Audit Full Query Information"},
588 {12, "DNS Domain Information"},
593 lsa_dissect_lsaqueryinformationpolicy_rqst(tvbuff_t *tvb, int offset,
594 packet_info *pinfo, proto_tree *tree, char *drep)
596 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
597 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
598 "LSA_HANDLE", -1, 0);
600 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
601 hf_lsa_policy_information_class, NULL);
607 lsa_dissect_POLICY_AUDIT_LOG_INFO(tvbuff_t *tvb, int offset,
608 packet_info *pinfo, proto_tree *parent_tree, char *drep)
610 proto_item *item=NULL;
611 proto_tree *tree=NULL;
612 int old_offset=offset;
615 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
616 "POLICY_AUDIT_LOG_INFO:");
617 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_log_info);
621 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
622 hf_lsa_pali_percent_full, NULL);
625 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
626 hf_lsa_pali_log_size, NULL);
628 /* retention period */
629 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
630 hf_lsa_pali_retention_period);
632 /* shutdown in progress */
633 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
634 hf_lsa_pali_shutdown_in_progress, NULL);
636 /* time to shutdown */
637 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
638 hf_lsa_pali_time_to_shutdown);
640 /* next audit record */
641 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
642 hf_lsa_pali_next_audit_record, NULL);
644 proto_item_set_len(item, offset-old_offset);
649 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings(tvbuff_t *tvb, int offset,
650 packet_info *pinfo, proto_tree *tree, char *drep)
652 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
653 hf_lsa_paei_settings, NULL);
658 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array(tvbuff_t *tvb, int offset,
659 packet_info *pinfo, proto_tree *tree, char *drep)
661 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
662 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings);
668 lsa_dissect_POLICY_AUDIT_EVENTS_INFO(tvbuff_t *tvb, int offset,
669 packet_info *pinfo, proto_tree *parent_tree, char *drep)
671 proto_item *item=NULL;
672 proto_tree *tree=NULL;
673 int old_offset=offset;
676 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
677 "POLICY_AUDIT_EVENTS_INFO:");
678 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_events_info);
682 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
683 hf_lsa_paei_enabled, NULL);
686 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
687 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array, NDR_POINTER_UNIQUE,
691 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
694 proto_item_set_len(item, offset-old_offset);
700 lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(tvbuff_t *tvb, int offset,
701 packet_info *pinfo, proto_tree *parent_tree, char *drep)
703 proto_item *item=NULL;
704 proto_tree *tree=NULL;
705 int old_offset=offset;
708 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
709 "POLICY_PRIMARY_DOMAIN_INFO:");
710 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_domain_info);
714 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
718 offset = dissect_ndr_nt_PSID(tvb, offset,
721 proto_item_set_len(item, offset-old_offset);
727 lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(tvbuff_t *tvb, int offset,
728 packet_info *pinfo, proto_tree *parent_tree, char *drep)
730 proto_item *item=NULL;
731 proto_tree *tree=NULL;
732 int old_offset=offset;
735 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
736 "POLICY_ACCOUNT_DOMAIN_INFO:");
737 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_account_info);
741 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
745 offset = dissect_ndr_nt_PSID(tvb, offset,
748 proto_item_set_len(item, offset-old_offset);
753 static const value_string server_role_vals[] = {
755 {1, "Domain Member"},
761 lsa_dissect_POLICY_SERVER_ROLE_INFO(tvbuff_t *tvb, int offset,
762 packet_info *pinfo, proto_tree *parent_tree, char *drep)
764 proto_item *item=NULL;
765 proto_tree *tree=NULL;
766 int old_offset=offset;
769 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
770 "POLICY_SERVER_ROLE_INFO:");
771 tree = proto_item_add_subtree(item, ett_lsa_policy_server_role_info);
775 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
776 hf_lsa_server_role, NULL);
778 proto_item_set_len(item, offset-old_offset);
783 lsa_dissect_POLICY_REPLICA_SOURCE_INFO(tvbuff_t *tvb, int offset,
784 packet_info *pinfo, proto_tree *parent_tree, char *drep)
786 proto_item *item=NULL;
787 proto_tree *tree=NULL;
788 int old_offset=offset;
791 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
792 "POLICY_REPLICA_SOURCE_INFO:");
793 tree = proto_item_add_subtree(item, ett_lsa_policy_replica_source_info);
797 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
801 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
804 proto_item_set_len(item, offset-old_offset);
810 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(tvbuff_t *tvb, int offset,
811 packet_info *pinfo, proto_tree *parent_tree, char *drep)
813 proto_item *item=NULL;
814 proto_tree *tree=NULL;
815 int old_offset=offset;
818 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
819 "POLICY_DEFAULT_QUOTA_INFO:");
820 tree = proto_item_add_subtree(item, ett_lsa_policy_default_quota_info);
824 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
825 hf_lsa_quota_paged_pool, NULL);
828 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
829 hf_lsa_quota_non_paged_pool, NULL);
832 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
833 hf_lsa_quota_min_wss, NULL);
836 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
837 hf_lsa_quota_max_wss, NULL);
840 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
841 hf_lsa_quota_pagefile, NULL);
844 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
845 hf_lsa_unknown_hyper, NULL);
847 proto_item_set_len(item, offset-old_offset);
853 lsa_dissect_POLICY_MODIFICATION_INFO(tvbuff_t *tvb, int offset,
854 packet_info *pinfo, proto_tree *parent_tree, char *drep)
856 proto_item *item=NULL;
857 proto_tree *tree=NULL;
858 int old_offset=offset;
861 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
862 "POLICY_MODIFICATION_INFO:");
863 tree = proto_item_add_subtree(item, ett_lsa_policy_modification_info);
867 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
868 hf_lsa_mod_seq_no, NULL);
871 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
874 proto_item_set_len(item, offset-old_offset);
880 lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(tvbuff_t *tvb, int offset,
881 packet_info *pinfo, proto_tree *parent_tree, char *drep)
883 proto_item *item=NULL;
884 proto_tree *tree=NULL;
885 int old_offset=offset;
888 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
889 "POLICY_AUDIT_FULL_SET_INFO:");
890 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_set_info);
894 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
895 hf_lsa_unknown_char, NULL);
897 proto_item_set_len(item, offset-old_offset);
903 lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(tvbuff_t *tvb, int offset,
904 packet_info *pinfo, proto_tree *parent_tree, char *drep)
906 proto_item *item=NULL;
907 proto_tree *tree=NULL;
908 int old_offset=offset;
911 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
912 "POLICY_AUDIT_FULL_QUERY_INFO:");
913 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_query_info);
917 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
918 hf_lsa_unknown_char, NULL);
921 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
922 hf_lsa_unknown_char, NULL);
924 proto_item_set_len(item, offset-old_offset);
930 lsa_dissect_POLICY_DNS_DOMAIN_INFO(tvbuff_t *tvb, int offset,
931 packet_info *pinfo, proto_tree *parent_tree, char *drep)
933 proto_item *item=NULL;
934 proto_tree *tree=NULL;
935 int old_offset=offset;
938 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
939 "POLICY_DNS_DOMAIN_INFO:");
940 tree = proto_item_add_subtree(item, ett_lsa_policy_dns_domain_info);
944 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
948 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
952 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
956 offset = dissect_nt_GUID(tvb, offset,
960 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
962 proto_item_set_len(item, offset-old_offset);
967 lsa_dissect_POLICY_INFORMATION(tvbuff_t *tvb, int offset,
968 packet_info *pinfo, proto_tree *parent_tree, char *drep)
970 proto_item *item=NULL;
971 proto_tree *tree=NULL;
972 int old_offset=offset;
976 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
978 tree = proto_item_add_subtree(item, ett_lsa_policy_info);
981 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
982 hf_lsa_info_level, &level);
984 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
987 offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
988 tvb, offset, pinfo, tree, drep);
991 offset = lsa_dissect_POLICY_AUDIT_EVENTS_INFO(
992 tvb, offset, pinfo, tree, drep);
995 offset = lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(
996 tvb, offset, pinfo, tree, drep);
999 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1003 offset = lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(
1004 tvb, offset, pinfo, tree, drep);
1007 offset = lsa_dissect_POLICY_SERVER_ROLE_INFO(
1008 tvb, offset, pinfo, tree, drep);
1011 offset = lsa_dissect_POLICY_REPLICA_SOURCE_INFO(
1012 tvb, offset, pinfo, tree, drep);
1015 offset = lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(
1016 tvb, offset, pinfo, tree, drep);
1019 offset = lsa_dissect_POLICY_MODIFICATION_INFO(
1020 tvb, offset, pinfo, tree, drep);
1023 offset = lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(
1024 tvb, offset, pinfo, tree, drep);
1027 offset = lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(
1028 tvb, offset, pinfo, tree, drep);
1031 offset = lsa_dissect_POLICY_DNS_DOMAIN_INFO(
1032 tvb, offset, pinfo, tree, drep);
1036 proto_item_set_len(item, offset-old_offset);
1041 lsa_dissect_lsaqueryinformationpolicy_reply(tvbuff_t *tvb, int offset,
1042 packet_info *pinfo, proto_tree *tree, char *drep)
1044 /* This is really a pointer to a pointer though the first level is REF
1045 so we just ignore that one */
1046 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1047 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
1048 "POLICY_INFORMATION pointer: info", -1, 0);
1049 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1056 lsa_dissect_lsadelete_rqst(tvbuff_t *tvb, int offset,
1057 packet_info *pinfo, proto_tree *tree, char *drep)
1059 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1060 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
1061 "LSA_HANDLE", -1, 0);
1067 lsa_dissect_lsadelete_reply(tvbuff_t *tvb, int offset,
1068 packet_info *pinfo, proto_tree *tree, char *drep)
1070 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1078 lsa_dissect_lsaquerysecurityobject_rqst(tvbuff_t *tvb, int offset,
1079 packet_info *pinfo, proto_tree *tree, char *drep)
1081 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1084 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1085 hf_lsa_info_type, NULL);
1092 lsa_dissect_lsaquerysecurityobject_reply(tvbuff_t *tvb, int offset,
1093 packet_info *pinfo, proto_tree *tree, char *drep)
1095 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1096 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
1097 "LSA_SECURITY_DESCRIPTOR pointer: sec_info", -1, 0);
1099 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1107 lsa_dissect_lsasetsecurityobject_rqst(tvbuff_t *tvb, int offset,
1108 packet_info *pinfo, proto_tree *tree, char *drep)
1110 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1113 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1114 hf_lsa_info_type, NULL);
1116 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1117 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
1118 "LSA_SECURITY_DESCRIPTOR: sec_info", -1, 0);
1124 lsa_dissect_lsasetsecurityobject_reply(tvbuff_t *tvb, int offset,
1125 packet_info *pinfo, proto_tree *tree, char *drep)
1127 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1135 lsa_dissect_lsachangepassword_rqst(tvbuff_t *tvb, int offset,
1136 packet_info *pinfo, proto_tree *tree, char *drep)
1139 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1143 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1147 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1151 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1155 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1162 lsa_dissect_lsachangepassword_reply(tvbuff_t *tvb, int offset,
1163 packet_info *pinfo, proto_tree *tree, char *drep)
1165 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1171 static const value_string sid_type_vals[] = {
1176 {5, "Well Known Group"},
1177 {6, "Deleted Account"},
1184 lsa_dissect_LSA_TRANSLATED_NAME(tvbuff_t *tvb, int offset,
1185 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1187 proto_item *item=NULL;
1188 proto_tree *tree=NULL;
1189 int old_offset=offset;
1192 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1193 "LSA_TRANSLATED_NAME:");
1194 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
1198 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1199 hf_lsa_sid_type, NULL);
1202 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1206 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1207 hf_lsa_index, NULL);
1209 proto_item_set_len(item, offset-old_offset);
1214 lsa_dissect_LSA_TRANSLATED_NAME_array(tvbuff_t *tvb, int offset,
1215 packet_info *pinfo, proto_tree *tree, char *drep)
1217 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1218 lsa_dissect_LSA_TRANSLATED_NAME);
1224 lsa_dissect_LSA_TRANSLATED_NAMES(tvbuff_t *tvb, int offset,
1225 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1227 proto_item *item=NULL;
1228 proto_tree *tree=NULL;
1229 int old_offset=offset;
1232 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1233 "LSA_TRANSLATED_NAMES:");
1234 tree = proto_item_add_subtree(item, ett_lsa_translated_names);
1238 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1239 hf_lsa_count, NULL);
1242 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1243 lsa_dissect_LSA_TRANSLATED_NAME_array, NDR_POINTER_UNIQUE,
1244 "TRANSLATED_NAME_ARRAY", -1, 0);
1246 proto_item_set_len(item, offset-old_offset);
1252 lsa_dissect_lsalookupsids_rqst(tvbuff_t *tvb, int offset,
1253 packet_info *pinfo, proto_tree *tree, char *drep)
1255 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1258 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1259 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
1260 "PSID_ARRAY", -1, 0);
1262 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1263 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1264 "LSA_TRANSLATED_NAMES pointer: names", -1, 0);
1266 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1267 hf_lsa_info_level, NULL);
1269 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1270 hf_lsa_num_mapped, NULL);
1276 lsa_dissect_LSA_TRUST_INFORMATION(tvbuff_t *tvb, int offset,
1277 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1279 proto_item *item=NULL;
1280 proto_tree *tree=NULL;
1281 int old_offset=offset;
1284 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1285 "TRUST INFORMATION:");
1286 tree = proto_item_add_subtree(item, ett_lsa_trust_information);
1290 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1294 offset = dissect_ndr_nt_PSID(tvb, offset,
1297 proto_item_set_len(item, offset-old_offset);
1301 static const value_string trusted_direction_vals[] = {
1302 {0, "Trust disabled"},
1303 {1, "Inbound trust"},
1304 {2, "Outbound trust"},
1308 static const value_string trusted_type_vals[] = {
1316 static const true_false_string tfs_trust_attr_non_trans = {
1317 "NON TRANSITIVE is set",
1318 "Non transitive is NOT set"
1320 static const true_false_string tfs_trust_attr_uplevel_only = {
1321 "UPLEVEL ONLY is set",
1322 "Uplevel only is NOT set"
1324 static const true_false_string tfs_trust_attr_tree_parent = {
1325 "TREE PARENT is set",
1326 "Tree parent is NOT set"
1328 static const true_false_string tfs_trust_attr_tree_root = {
1330 "Tree root is NOT set"
1333 lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
1334 proto_tree *parent_tree, char *drep)
1337 proto_item *item = NULL;
1338 proto_tree *tree = NULL;
1340 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
1341 hf_lsa_trust_attr, &mask);
1344 item = proto_tree_add_uint(parent_tree, hf_lsa_trust_attr,
1345 tvb, offset-4, 4, mask);
1346 tree = proto_item_add_subtree(item, ett_lsa_trust_attr);
1349 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_root,
1350 tvb, offset-4, 4, mask);
1351 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_parent,
1352 tvb, offset-4, 4, mask);
1353 proto_tree_add_boolean(tree, hf_lsa_trust_attr_uplevel_only,
1354 tvb, offset-4, 4, mask);
1355 proto_tree_add_boolean(tree, hf_lsa_trust_attr_non_trans,
1356 tvb, offset-4, 4, mask);
1362 lsa_dissect_LSA_TRUST_INFORMATION_EX(tvbuff_t *tvb, int offset,
1363 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1365 proto_item *item=NULL;
1366 proto_tree *tree=NULL;
1367 int old_offset=offset;
1370 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1371 "TRUST INFORMATION EX:");
1372 tree = proto_item_add_subtree(item, ett_lsa_trust_information_ex);
1376 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1380 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1381 hf_lsa_flat_name, 0);
1384 offset = dissect_ndr_nt_PSID(tvb, offset,
1388 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1389 hf_lsa_trust_direction, NULL);
1392 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1393 hf_lsa_trust_type, NULL);
1396 offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
1398 proto_item_set_len(item, offset-old_offset);
1403 lsa_dissect_auth_info_blob(tvbuff_t *tvb, int offset,
1404 packet_info *pinfo, proto_tree *tree, char *drep)
1409 di=pinfo->private_data;
1410 if(di->conformant_run){
1411 /*just a run to handle conformant arrays, nothing to dissect */
1416 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1417 hf_lsa_auth_len, &len);
1419 proto_tree_add_item(tree, hf_lsa_auth_blob, tvb, offset, len, FALSE);
1426 lsa_dissect_auth_info(tvbuff_t *tvb, int offset,
1427 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1429 proto_item *item=NULL;
1430 proto_tree *tree=NULL;
1431 int old_offset=offset;
1434 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1435 "AUTH INFORMATION:");
1436 tree = proto_item_add_subtree(item, ett_lsa_auth_information);
1440 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1441 hf_lsa_auth_update, NULL);
1444 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1445 hf_lsa_auth_type, NULL);
1448 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1449 hf_lsa_auth_len, NULL);
1451 /* auth info blob */
1452 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1453 lsa_dissect_auth_info_blob, NDR_POINTER_UNIQUE,
1454 "AUTH INFO blob:", -1, 0);
1456 proto_item_set_len(item, offset-old_offset);
1461 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvbuff_t *tvb, int offset,
1462 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1464 proto_item *item=NULL;
1465 proto_tree *tree=NULL;
1466 int old_offset=offset;
1469 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1470 "TRUSTED DOMAIN AUTH INFORMATION:");
1471 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_auth_information);
1475 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1476 hf_lsa_unknown_long, NULL);
1479 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1482 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1485 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1486 hf_lsa_unknown_long, NULL);
1489 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1492 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1494 proto_item_set_len(item, offset-old_offset);
1500 lsa_dissect_LSA_TRUST_INFORMATION_array(tvbuff_t *tvb, int offset,
1501 packet_info *pinfo, proto_tree *tree, char *drep)
1503 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1504 lsa_dissect_LSA_TRUST_INFORMATION);
1510 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
1511 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1513 proto_item *item=NULL;
1514 proto_tree *tree=NULL;
1515 int old_offset=offset;
1518 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1519 "LSA_REFERENCED_DOMAIN_LIST:");
1520 tree = proto_item_add_subtree(item, ett_lsa_referenced_domain_list);
1524 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1525 hf_lsa_count, NULL);
1527 /* trust information */
1528 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1529 lsa_dissect_LSA_TRUST_INFORMATION_array, NDR_POINTER_UNIQUE,
1530 "TRUST INFORMATION array:", -1, 0);
1533 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1534 hf_lsa_max_count, NULL);
1536 proto_item_set_len(item, offset-old_offset);
1541 lsa_dissect_lsalookupsids_reply(tvbuff_t *tvb, int offset,
1542 packet_info *pinfo, proto_tree *tree, char *drep)
1544 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1545 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
1546 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
1548 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1549 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1550 "LSA_TRANSLATED_NAMES pointer: names", -1, 0);
1552 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1553 hf_lsa_num_mapped, NULL);
1555 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1563 lsa_dissect_lsasetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1564 packet_info *pinfo, proto_tree *tree, char *drep)
1566 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1569 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1570 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1571 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1, 0);
1578 lsa_dissect_lsasetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1579 packet_info *pinfo, proto_tree *tree, char *drep)
1581 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1589 lsa_dissect_lsagetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1590 packet_info *pinfo, proto_tree *tree, char *drep)
1592 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1600 lsa_dissect_lsagetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1601 packet_info *pinfo, proto_tree *tree, char *drep)
1603 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1604 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1605 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1, 0);
1607 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1615 lsa_dissect_lsasetinformationpolicy_rqst(tvbuff_t *tvb, int offset,
1616 packet_info *pinfo, proto_tree *tree, char *drep)
1618 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1621 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1622 hf_lsa_policy_information_class, NULL);
1624 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1625 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
1626 "POLICY_INFORMATION pointer: info", -1, 0);
1633 lsa_dissect_lsasetinformationpolicy_reply(tvbuff_t *tvb, int offset,
1634 packet_info *pinfo, proto_tree *tree, char *drep)
1636 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1644 lsa_dissect_lsaclearauditlog_rqst(tvbuff_t *tvb, int offset,
1645 packet_info *pinfo, proto_tree *tree, char *drep)
1647 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1650 offset = dissect_ndr_nt_SID(tvb, offset,
1654 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1655 hf_lsa_unknown_long, NULL);
1662 lsa_dissect_lsaclearauditlog_reply(tvbuff_t *tvb, int offset,
1663 packet_info *pinfo, proto_tree *tree, char *drep)
1665 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1668 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1675 lsa_dissect_lsagetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1676 packet_info *pinfo, proto_tree *tree, char *drep)
1678 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1686 lsa_dissect_lsagetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1687 packet_info *pinfo, proto_tree *tree, char *drep)
1689 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1692 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1700 lsa_dissect_lsasetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1701 packet_info *pinfo, proto_tree *tree, char *drep)
1703 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1706 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1714 lsa_dissect_lsasetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1715 packet_info *pinfo, proto_tree *tree, char *drep)
1717 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1725 lsa_dissect_lsaopentrusteddomain_rqst(tvbuff_t *tvb, int offset,
1726 packet_info *pinfo, proto_tree *tree, char *drep)
1728 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1731 offset = dissect_ndr_nt_SID(tvb, offset,
1734 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
1742 lsa_dissect_lsaopentrusteddomain_reply(tvbuff_t *tvb, int offset,
1743 packet_info *pinfo, proto_tree *tree, char *drep)
1745 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1748 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1756 lsa_dissect_lsadeletetrusteddomain_rqst(tvbuff_t *tvb, int offset,
1757 packet_info *pinfo, proto_tree *tree, char *drep)
1759 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1762 offset = dissect_ndr_nt_SID(tvb, offset,
1770 lsa_dissect_lsadeletetrusteddomain_reply(tvbuff_t *tvb, int offset,
1771 packet_info *pinfo, proto_tree *tree, char *drep)
1773 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1780 dissect_nt_LUID(tvbuff_t *tvb, int offset,
1781 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1783 proto_item *item=NULL;
1784 proto_tree *tree=NULL;
1785 int old_offset=offset;
1788 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1790 tree = proto_item_add_subtree(item, ett_LUID);
1793 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1794 hf_nt_luid_low, NULL);
1796 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1797 hf_nt_luid_high, NULL);
1799 proto_item_set_len(item, offset-old_offset);
1804 lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset,
1805 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1807 proto_item *item=NULL;
1808 proto_tree *tree=NULL;
1809 int old_offset=offset;
1812 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1814 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
1817 /* privilege name */
1818 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1819 hf_lsa_privilege_name, 0);
1822 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1824 proto_item_set_len(item, offset-old_offset);
1829 lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset,
1830 packet_info *pinfo, proto_tree *tree, char *drep)
1832 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1833 lsa_dissect_LSA_PRIVILEGE);
1839 lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset,
1840 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1842 proto_item *item=NULL;
1843 proto_tree *tree=NULL;
1844 int old_offset=offset;
1847 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1849 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES);
1852 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1853 hf_lsa_count, NULL);
1856 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1857 lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE,
1858 "LSA_PRIVILEGE array:", -1, 0);
1860 proto_item_set_len(item, offset-old_offset);
1865 lsa_dissect_lsaenumerateprivileges_rqst(tvbuff_t *tvb, int offset,
1866 packet_info *pinfo, proto_tree *tree, char *drep)
1868 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1871 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1872 hf_lsa_count, NULL);
1874 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1881 lsa_dissect_lsaenumerateprivileges_reply(tvbuff_t *tvb, int offset,
1882 packet_info *pinfo, proto_tree *tree, char *drep)
1884 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1885 hf_lsa_count, NULL);
1887 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1888 lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF,
1889 "LSA_PRIVILEGES pointer: privs", -1, 0);
1891 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1898 lsa_dissect_lsalookupprivilegevalue_rqst(tvbuff_t *tvb, int offset,
1899 packet_info *pinfo, proto_tree *tree, char *drep)
1901 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1904 /* privilege name */
1905 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1906 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1907 "NAME pointer: ", hf_lsa_privilege_name, 0);
1914 lsa_dissect_lsalookupprivilegevalue_reply(tvbuff_t *tvb, int offset,
1915 packet_info *pinfo, proto_tree *tree, char *drep)
1919 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1921 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1929 lsa_dissect_lsalookupprivilegename_rqst(tvbuff_t *tvb, int offset,
1930 packet_info *pinfo, proto_tree *tree, char *drep)
1932 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1936 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1937 dissect_nt_LUID, NDR_POINTER_REF,
1938 "LUID pointer: value", -1, 0);
1945 lsa_dissect_lsalookupprivilegename_reply(tvbuff_t *tvb, int offset,
1946 packet_info *pinfo, proto_tree *tree, char *drep)
1948 /* [out, ref] LSA_UNICODE_STRING **name */
1949 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1950 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1951 "PRIVILEGE NAME pointer:", hf_lsa_privilege_name, 0);
1953 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1961 lsa_dissect_lsaenumerateprivilegesaccount_rqst(tvbuff_t *tvb, int offset,
1962 packet_info *pinfo, proto_tree *tree, char *drep)
1964 /* [in] LSA_HANDLE hnd */
1965 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
1973 lsa_dissect_LUID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
1974 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1976 proto_item *item=NULL;
1977 proto_tree *tree=NULL;
1978 int old_offset=offset;
1981 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1982 "LUID_AND_ATTRIBUTES:");
1983 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES);
1987 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1990 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1993 proto_item_set_len(item, offset-old_offset);
1998 lsa_dissect_LUID_AND_ATTRIBUTES_array(tvbuff_t *tvb, int offset,
1999 packet_info *pinfo, proto_tree *tree, char *drep)
2001 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2002 lsa_dissect_LUID_AND_ATTRIBUTES);
2008 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2009 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2011 proto_item *item=NULL;
2012 proto_tree *tree=NULL;
2013 int old_offset=offset;
2016 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2017 "LUID_AND_ATTRIBUTES_ARRAY:");
2018 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES_ARRAY);
2021 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2022 hf_lsa_count, NULL);
2024 /* luid and attributes */
2025 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2026 lsa_dissect_LUID_AND_ATTRIBUTES_array, NDR_POINTER_UNIQUE,
2027 "LUID_AND_ATTRIBUTES array:", -1, 0);
2029 proto_item_set_len(item, offset-old_offset);
2034 lsa_dissect_lsaenumerateprivilegesaccount_reply(tvbuff_t *tvb, int offset,
2035 packet_info *pinfo, proto_tree *tree, char *drep)
2037 /* [out, ref] LUID_AND_ATTRIBUTES_ARRAY * *privs */
2038 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2039 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2040 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1, 0);
2042 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2049 lsa_dissect_lsaaddprivilegestoaccount_rqst(tvbuff_t *tvb, int offset,
2050 packet_info *pinfo, proto_tree *tree, char *drep)
2052 /* [in] LSA_HANDLE hnd */
2053 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2056 /* [in, ref] LUID_AND_ATTRIBUTES_ARRAY *privs */
2057 offset = lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvb, offset,
2065 lsa_dissect_lsaaddprivilegestoaccount_reply(tvbuff_t *tvb, int offset,
2066 packet_info *pinfo, proto_tree *tree, char *drep)
2068 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2075 lsa_dissect_lsaremoveprivilegesfromaccount_rqst(tvbuff_t *tvb, int offset,
2076 packet_info *pinfo, proto_tree *tree, char *drep)
2078 /* [in] LSA_HANDLE hnd */
2079 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2082 /* [in] char unknown */
2083 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2084 hf_lsa_unknown_char, NULL);
2086 /* [in, unique] LUID_AND_ATTRIBUTES_ARRAY *privs */
2087 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2088 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2089 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1, 0);
2096 lsa_dissect_lsaremoveprivilegesfromaccount_reply(tvbuff_t *tvb, int offset,
2097 packet_info *pinfo, proto_tree *tree, char *drep)
2099 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2106 lsa_dissect_lsaenumerateaccounts_rqst(tvbuff_t *tvb, int offset,
2107 packet_info *pinfo, proto_tree *tree, char *drep)
2109 /* [in] LSA_HANDLE hnd */
2110 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2113 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2114 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2115 hf_lsa_resume_handle, NULL);
2117 /* [in] ULONG pref_maxlen */
2118 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2119 hf_lsa_max_count, NULL);
2125 lsa_dissect_lsaenumerateaccounts_reply(tvbuff_t *tvb, int offset,
2126 packet_info *pinfo, proto_tree *tree, char *drep)
2128 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2129 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2130 hf_lsa_resume_handle, NULL);
2132 /* [out, ref] PSID_ARRAY **accounts */
2133 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2134 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2135 "PSID_ARRAY", -1, 0);
2137 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2144 lsa_dissect_lsacreatetrusteddomain_rqst(tvbuff_t *tvb, int offset,
2145 packet_info *pinfo, proto_tree *tree, char *drep)
2147 /* [in] LSA_HANDLE hnd_pol */
2148 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2151 /* [in, ref] LSA_TRUST_INFORMATION *domain */
2152 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2153 lsa_dissect_LSA_TRUST_INFORMATION, NDR_POINTER_REF,
2154 "LSA_TRUST_INFORMATION pointer: domain", -1, 0);
2156 /* [in] ACCESS_MASK access */
2157 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2164 lsa_dissect_lsacreatetrusteddomain_reply(tvbuff_t *tvb, int offset,
2165 packet_info *pinfo, proto_tree *tree, char *drep)
2167 /* [out] LSA_HANDLE *hnd */
2168 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2171 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2178 lsa_dissect_lsaenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
2179 packet_info *pinfo, proto_tree *tree, char *drep)
2181 /* [in] LSA_HANDLE hnd */
2182 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2185 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2186 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2187 hf_lsa_resume_handle, NULL);
2189 /* [in] ULONG pref_maxlen */
2190 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2191 hf_lsa_max_count, NULL);
2197 lsa_dissect_LSA_TRUSTED_DOMAIN(tvbuff_t *tvb, int offset,
2198 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2200 proto_item *item=NULL;
2201 proto_tree *tree=NULL;
2202 int old_offset=offset;
2205 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2207 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN);
2211 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2215 offset = dissect_ndr_nt_PSID(tvb, offset,
2218 proto_item_set_len(item, offset-old_offset);
2223 lsa_dissect_LSA_TRUSTED_DOMAIN_array(tvbuff_t *tvb, int offset,
2224 packet_info *pinfo, proto_tree *tree, char *drep)
2226 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2227 lsa_dissect_LSA_TRUSTED_DOMAIN);
2233 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
2234 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2236 proto_item *item=NULL;
2237 proto_tree *tree=NULL;
2238 int old_offset=offset;
2241 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2242 "TRUSTED_DOMAIN_LIST:");
2243 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN_LIST);
2246 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2247 hf_lsa_count, NULL);
2250 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2251 lsa_dissect_LSA_TRUSTED_DOMAIN_array, NDR_POINTER_UNIQUE,
2252 "TRUSTED_DOMAIN array:", -1, 0);
2254 proto_item_set_len(item, offset-old_offset);
2259 lsa_dissect_lsaenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
2260 packet_info *pinfo, proto_tree *tree, char *drep)
2262 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2263 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2264 hf_lsa_resume_handle, NULL);
2266 /* [out, ref] LSA_REFERENCED_DOMAIN_LIST *domains */
2267 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2268 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST, NDR_POINTER_REF,
2269 "LSA_TRUSTED_DOMAIN_LIST pointer: domains", -1, 0);
2271 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2279 lsa_dissect_LSA_UNICODE_STRING_item(tvbuff_t *tvb, int offset,
2280 packet_info *pinfo, proto_tree *tree, char *drep)
2284 di=pinfo->private_data;
2285 if(di->conformant_run){
2286 /*just a run to handle conformant arrays, nothing to dissect */
2290 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2291 di->hf_index, di->levels);
2297 lsa_dissect_LSA_UNICODE_STRING_array(tvbuff_t *tvb, int offset,
2298 packet_info *pinfo, proto_tree *tree, char *drep)
2300 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2301 lsa_dissect_LSA_UNICODE_STRING_item);
2307 lsa_dissect_LSA_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
2308 packet_info *pinfo, proto_tree *tree, char *drep)
2312 di=pinfo->private_data;
2314 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2315 hf_lsa_count, NULL);
2316 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2317 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2318 "UNICODE_STRING pointer: ", di->hf_index, 0);
2324 lsa_dissect_LSA_TRANSLATED_SID(tvbuff_t *tvb, int offset,
2325 packet_info *pinfo, proto_tree *tree, char *drep)
2328 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2329 hf_lsa_sid_type, NULL);
2331 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2334 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2335 hf_lsa_index, NULL);
2341 lsa_dissect_LSA_TRANSLATED_SIDS_array(tvbuff_t *tvb, int offset,
2342 packet_info *pinfo, proto_tree *tree, char *drep)
2344 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2345 lsa_dissect_LSA_TRANSLATED_SID);
2351 lsa_dissect_LSA_TRANSLATED_SIDS(tvbuff_t *tvb, int offset,
2352 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2354 proto_item *item=NULL;
2355 proto_tree *tree=NULL;
2356 int old_offset=offset;
2359 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2360 "LSA_TRANSLATED_SIDS:");
2361 tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
2365 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2366 hf_lsa_count, NULL);
2369 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2370 lsa_dissect_LSA_TRANSLATED_SIDS_array, NDR_POINTER_UNIQUE,
2371 "Translated SIDS", -1, 0);
2373 proto_item_set_len(item, offset-old_offset);
2378 lsa_dissect_lsalookupnames_rqst(tvbuff_t *tvb, int offset,
2379 packet_info *pinfo, proto_tree *tree, char *drep)
2381 /* [in] LSA_HANDLE hnd */
2382 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2385 /* [in] ULONG count */
2386 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2387 hf_lsa_count, NULL);
2389 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
2390 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2391 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
2392 "Account pointer: names", hf_lsa_acct, 0);
2394 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2395 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2396 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2397 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
2399 /* [in] USHORT level */
2400 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2401 hf_lsa_info_level, NULL);
2403 /* [in, out, ref] ULONG *num_mapped */
2404 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2405 hf_lsa_num_mapped, NULL);
2412 lsa_dissect_lsalookupnames_reply(tvbuff_t *tvb, int offset,
2413 packet_info *pinfo, proto_tree *tree, char *drep)
2415 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
2416 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2417 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
2418 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
2420 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2421 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2422 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2423 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
2425 /* [in, out, ref] ULONG *num_mapped */
2426 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2427 hf_lsa_num_mapped, NULL);
2429 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2436 lsa_dissect_lsacreatesecret_rqst(tvbuff_t *tvb, int offset,
2437 packet_info *pinfo, proto_tree *tree, char *drep)
2439 /* [in] LSA_HANDLE hnd_pol */
2440 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2443 /* [in, ref] LSA_UNICODE_STRING *name */
2444 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2447 /* [in] ACCESS_MASK access */
2448 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2455 lsa_dissect_lsacreatesecret_reply(tvbuff_t *tvb, int offset,
2456 packet_info *pinfo, proto_tree *tree, char *drep)
2459 /* [out] LSA_HANDLE *hnd */
2460 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2463 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2470 lsa_dissect_lsaopenaccount_rqst(tvbuff_t *tvb, int offset,
2471 packet_info *pinfo, proto_tree *tree, char *drep)
2473 /* [in] LSA_HANDLE hnd_pol */
2474 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2477 /* [in, ref] SID *account */
2478 offset = dissect_ndr_nt_SID(tvb, offset,
2481 /* [in] ACCESS_MASK access */
2482 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2490 lsa_dissect_lsaopenaccount_reply(tvbuff_t *tvb, int offset,
2491 packet_info *pinfo, proto_tree *tree, char *drep)
2493 /* [out] LSA_HANDLE *hnd */
2494 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2497 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2503 static const value_string trusted_info_level_vals[] = {
2504 {1, "Domain Name Information"},
2505 {2, "Controllers Information"},
2506 {3, "Posix Offset Information"},
2507 {4, "Password Information"},
2508 {5, "Domain Information Basic"},
2509 {6, "Domain Information Ex"},
2510 {7, "Domain Auth Information"},
2511 {8, "Domain Full Information"},
2512 {9, "Domain Security Descriptor"},
2513 {10, "Domain Private Information"},
2518 lsa_dissect_TRUSTED_DOMAIN_INFORMATION(tvbuff_t *tvb, int offset,
2519 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2521 proto_item *item=NULL;
2522 proto_tree *tree=NULL;
2523 int old_offset=offset;
2527 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2528 "TRUSTED_DOMAIN_INFO:");
2529 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_info);
2532 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2533 hf_lsa_trusted_info_level, &level);
2535 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2538 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2542 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2543 hf_lsa_count, NULL);
2544 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2545 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2546 "Controllers pointer: ", hf_lsa_controller, 0);
2549 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2550 hf_lsa_rid_offset, NULL);
2553 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2554 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2557 offset = lsa_dissect_LSA_TRUST_INFORMATION(tvb, offset,
2561 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2565 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2568 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2570 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2571 hf_lsa_rid_offset, NULL);
2572 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2575 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2578 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2580 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2581 hf_lsa_rid_offset, NULL);
2582 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2586 proto_item_set_len(item, offset-old_offset);
2591 lsa_dissect_lsaqueryinfotrusteddomain_rqst(tvbuff_t *tvb, int offset,
2592 packet_info *pinfo, proto_tree *tree, char *drep)
2594 /* [in] LSA_HANDLE hnd */
2595 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2598 /* [in] TRUSTED_INFORMATION_CLASS level */
2599 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2600 hf_lsa_trusted_info_level, NULL);
2607 lsa_dissect_lsaqueryinfotrusteddomain_reply(tvbuff_t *tvb, int offset,
2608 packet_info *pinfo, proto_tree *tree, char *drep)
2610 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info */
2611 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2612 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2613 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
2615 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2622 lsa_dissect_lsasetinformationtrusteddomain_rqst(tvbuff_t *tvb, int offset,
2623 packet_info *pinfo, proto_tree *tree, char *drep)
2625 /* [in] LSA_HANDLE hnd */
2626 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2629 /* [in] TRUSTED_INFORMATION_CLASS level */
2630 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2631 hf_lsa_trusted_info_level, NULL);
2633 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info */
2634 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2635 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2636 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
2643 lsa_dissect_lsasetinformationtrusteddomain_reply(tvbuff_t *tvb, int offset,
2644 packet_info *pinfo, proto_tree *tree, char *drep)
2646 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2653 lsa_dissect_lsaopensecret_rqst(tvbuff_t *tvb, int offset,
2654 packet_info *pinfo, proto_tree *tree, char *drep)
2656 /* [in] LSA_HANDLE hnd_pol */
2657 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2660 /* [in, ref] LSA_UNICODE_STRING *name */
2661 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2664 /* [in] ACCESS_MASK access */
2665 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2673 lsa_dissect_lsaopensecret_reply(tvbuff_t *tvb, int offset,
2674 packet_info *pinfo, proto_tree *tree, char *drep)
2676 /* [out] LSA_HANDLE *hnd */
2677 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2680 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2687 lsa_dissect_lsasetsecret_rqst(tvbuff_t *tvb, int offset,
2688 packet_info *pinfo, proto_tree *tree, char *drep)
2690 /* [in] LSA_HANDLE hnd */
2691 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2694 /* [in, unique] LSA_SECRET *new_val */
2695 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2696 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2697 "LSA_SECRET pointer: new_val", -1, 0);
2699 /* [in, unique] LSA_SECRET *old_val */
2700 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2701 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2702 "LSA_SECRET pointer: old_val", -1, 0);
2709 lsa_dissect_lsasetsecret_reply(tvbuff_t *tvb, int offset,
2710 packet_info *pinfo, proto_tree *tree, char *drep)
2712 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2719 lsa_dissect_lsaquerysecret_rqst(tvbuff_t *tvb, int offset,
2720 packet_info *pinfo, proto_tree *tree, char *drep)
2722 /* [in] LSA_HANDLE hnd */
2723 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2726 /* [in, out, unique] LSA_SECRET **curr_val */
2727 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2728 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2729 "LSA_SECRET pointer: curr_val", -1, 0);
2731 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2732 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2733 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2734 "NTIME pointer: old_mtime", hf_lsa_cur_mtime, 0);
2736 /* [in, out, unique] LSA_SECRET **old_val */
2737 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2738 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2739 "LSA_SECRET pointer: old_val", -1, 0);
2741 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2742 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2743 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2744 "NTIME pointer: old_mtime", hf_lsa_old_mtime, 0);
2751 lsa_dissect_lsaquerysecret_reply(tvbuff_t *tvb, int offset,
2752 packet_info *pinfo, proto_tree *tree, char *drep)
2754 /* [in, out, unique] LSA_SECRET **curr_val */
2755 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2756 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2757 "LSA_SECRET pointer: curr_val", -1, 0);
2759 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2760 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2761 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2762 "NTIME pointer: old_mtime", hf_lsa_cur_mtime, 0);
2764 /* [in, out, unique] LSA_SECRET **old_val */
2765 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2766 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2767 "LSA_SECRET pointer: old_val", -1, 0);
2769 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2770 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2771 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2772 "NTIME pointer: old_mtime", hf_lsa_old_mtime, 0);
2778 lsa_dissect_lsadeleteobject_rqst(tvbuff_t *tvb, int offset,
2779 packet_info *pinfo, proto_tree *tree, char *drep)
2781 /* [in] LSA_HANDLE hnd */
2782 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2790 lsa_dissect_lsadeleteobject_reply(tvbuff_t *tvb, int offset,
2791 packet_info *pinfo, proto_tree *tree, char *drep)
2793 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2800 lsa_dissect_lsaenumerateaccountswithuserright_rqst(tvbuff_t *tvb, int offset,
2801 packet_info *pinfo, proto_tree *tree, char *drep)
2803 /* [in] LSA_HANDLE hnd */
2804 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2807 /* [in, unique] LSA_UNICODE_STRING *rights */
2808 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2809 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2810 "LSA_UNICODE_STRING pointer: rights", hf_lsa_rights, 0);
2816 lsa_dissect_lsaenumerateaccountswithuserright_reply(tvbuff_t *tvb, int offset,
2817 packet_info *pinfo, proto_tree *tree, char *drep)
2819 /* [out, ref] LSA_UNICODE_STRING_ARRAY *accounts */
2820 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2821 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2822 "Account pointer: names", hf_lsa_acct, 0);
2824 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2831 lsa_dissect_lsaenumerateaccountrights_rqst(tvbuff_t *tvb, int offset,
2832 packet_info *pinfo, proto_tree *tree, char *drep)
2834 /* [in] LSA_HANDLE hnd */
2835 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2838 /* [in, ref] SID *account */
2839 offset = dissect_ndr_nt_SID(tvb, offset,
2847 lsa_dissect_lsaenumerateaccountrights_reply(tvbuff_t *tvb, int offset,
2848 packet_info *pinfo, proto_tree *tree, char *drep)
2850 /* [out, ref] LSA_UNICODE_STRING_ARRAY *rights */
2851 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2852 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2853 "Account pointer: rights", hf_lsa_rights, 0);
2855 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2862 lsa_dissect_lsaaddaccountrights_rqst(tvbuff_t *tvb, int offset,
2863 packet_info *pinfo, proto_tree *tree, char *drep)
2865 /* [in] LSA_HANDLE hnd */
2866 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2869 /* [in, ref] SID *account */
2870 offset = dissect_ndr_nt_SID(tvb, offset,
2873 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2874 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2875 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2876 "Account pointer: rights", hf_lsa_rights, 0);
2883 lsa_dissect_lsaaddaccountrights_reply(tvbuff_t *tvb, int offset,
2884 packet_info *pinfo, proto_tree *tree, char *drep)
2886 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2893 lsa_dissect_lsaremoveaccountrights_rqst(tvbuff_t *tvb, int offset,
2894 packet_info *pinfo, proto_tree *tree, char *drep)
2896 /* [in] LSA_HANDLE hnd */
2897 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2900 /* [in, ref] SID *account */
2901 offset = dissect_ndr_nt_SID(tvb, offset,
2905 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2906 hf_lsa_remove_all, NULL);
2908 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2909 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2910 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2911 "Account pointer: rights", hf_lsa_rights, 0);
2918 lsa_dissect_lsaremoveaccountrights_reply(tvbuff_t *tvb, int offset,
2919 packet_info *pinfo, proto_tree *tree, char *drep)
2921 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2929 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
2930 packet_info *pinfo, proto_tree *tree, char *drep)
2932 /* [in] LSA_HANDLE handle */
2933 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2936 /* [in, ref] LSA_UNICODE_STRING *name */
2938 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2941 /* [in] TRUSTED_INFORMATION_CLASS level */
2942 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2943 hf_lsa_trusted_info_level, NULL);
2950 lsa_dissect_lsaquerytrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
2951 packet_info *pinfo, proto_tree *tree, char *drep)
2953 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
2954 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2955 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2956 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
2958 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2966 lsa_dissect_lsasettrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
2967 packet_info *pinfo, proto_tree *tree, char *drep)
2969 /* [in] LSA_HANDLE handle */
2970 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
2973 /* [in, ref] LSA_UNICODE_STRING *name */
2975 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2978 /* [in] TRUSTED_INFORMATION_CLASS level */
2979 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2980 hf_lsa_trusted_info_level, NULL);
2982 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info) */
2983 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2984 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2985 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
2992 lsa_dissect_lsasettrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
2993 packet_info *pinfo, proto_tree *tree, char *drep)
2995 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3002 lsa_dissect_lsaquerytrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3003 packet_info *pinfo, proto_tree *tree, char *drep)
3005 /* [in] LSA_HANDLE handle */
3006 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3009 /* [in, ref] SID *sid */
3010 offset = dissect_ndr_nt_SID(tvb, offset,
3013 /* [in] TRUSTED_INFORMATION_CLASS level */
3014 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3015 hf_lsa_trusted_info_level, NULL);
3021 lsa_dissect_lsaopentrusteddomainbyname_rqst(tvbuff_t *tvb, int offset,
3022 packet_info *pinfo, proto_tree *tree, char *drep)
3024 /* [in] LSA_HANDLE handle */
3025 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3028 /* [in, ref] LSA_UNICODE_STRING *name */
3030 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3033 /* [in] ACCESS_MASK access */
3034 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3042 lsa_dissect_lsaopentrusteddomainbyname_reply(tvbuff_t *tvb, int offset,
3043 packet_info *pinfo, proto_tree *tree, char *drep)
3045 /* [out] LSA_HANDLE handle */
3046 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3049 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3058 lsa_dissect_lsaquerytrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3059 packet_info *pinfo, proto_tree *tree, char *drep)
3061 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3062 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3063 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3064 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
3066 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3073 lsa_dissect_lsasettrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3074 packet_info *pinfo, proto_tree *tree, char *drep)
3076 /* [in] LSA_HANDLE handle */
3077 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3080 /* [in, ref] SID *sid */
3081 offset = dissect_ndr_nt_SID(tvb, offset,
3084 /* [in] TRUSTED_INFORMATION_CLASS level */
3085 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3086 hf_lsa_trusted_info_level, NULL);
3088 /* [ref, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3089 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3090 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3091 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1, 0);
3098 lsa_dissect_lsasettrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3099 packet_info *pinfo, proto_tree *tree, char *drep)
3101 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3108 lsa_dissect_lsafunction_2e_rqst(tvbuff_t *tvb, int offset,
3109 packet_info *pinfo, proto_tree *tree, char *drep)
3111 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3112 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3113 "LSA_HANDLE", -1, 0);
3115 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3116 hf_lsa_policy_information_class, NULL);
3122 lsa_dissect_lsafunction_2e_reply(tvbuff_t *tvb, int offset,
3123 packet_info *pinfo, proto_tree *tree, char *drep)
3125 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3126 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3127 "POLICY_INFORMATION pointer: info", -1, 0);
3129 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3136 lsa_dissect_lsafunction_2f_rqst(tvbuff_t *tvb, int offset,
3137 packet_info *pinfo, proto_tree *tree, char *drep)
3139 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3140 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3141 "LSA_HANDLE", -1, 0);
3143 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3144 hf_lsa_policy_information_class, NULL);
3146 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3147 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3148 "POLICY_INFORMATION pointer: info", -1, 0);
3154 lsa_dissect_lsafunction_2f_reply(tvbuff_t *tvb, int offset,
3155 packet_info *pinfo, proto_tree *tree, char *drep)
3157 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3164 lsa_dissect_lsaquerydomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3165 packet_info *pinfo, proto_tree *tree, char *drep)
3167 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3168 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3169 "LSA_HANDLE", -1, 0);
3171 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3172 hf_lsa_policy_information_class, NULL);
3178 lsa_dissect_lsaquerydomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3179 packet_info *pinfo, proto_tree *tree, char *drep)
3181 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3182 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3183 "POLICY_INFORMATION pointer: info", -1, 0);
3185 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3192 lsa_dissect_lsasetdomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3193 packet_info *pinfo, proto_tree *tree, char *drep)
3195 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3196 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3197 "LSA_HANDLE", -1, 0);
3199 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3200 hf_lsa_policy_information_class, NULL);
3202 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3203 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3204 "POLICY_INFORMATION pointer: info", -1, 0);
3210 lsa_dissect_lsasetdomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3211 packet_info *pinfo, proto_tree *tree, char *drep)
3213 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3220 lsa_dissect_lsalookupnames2_rqst(tvbuff_t *tvb, int offset,
3221 packet_info *pinfo, proto_tree *tree, char *drep)
3223 /* [in] LSA_HANDLE hnd */
3224 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3227 /* [in] ULONG count */
3228 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3229 hf_lsa_count, NULL);
3231 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
3232 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3233 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
3234 "Account pointer: names", hf_lsa_acct, 0);
3236 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3237 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3238 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3239 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
3241 /* [in] USHORT level */
3242 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3243 hf_lsa_info_level, NULL);
3245 /* [in, out, ref] ULONG *num_mapped */
3246 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3247 hf_lsa_num_mapped, NULL);
3250 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3251 hf_lsa_unknown_long, NULL);
3254 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3255 hf_lsa_unknown_long, NULL);
3262 lsa_dissect_lsalookupnames2_reply(tvbuff_t *tvb, int offset,
3263 packet_info *pinfo, proto_tree *tree, char *drep)
3265 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
3266 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3267 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3268 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
3270 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3271 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3272 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3273 "LSA_TRANSLATED_SIDS pointer: rids", -1, 0);
3275 /* [in, out, ref] ULONG *num_mapped */
3276 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3277 hf_lsa_num_mapped, NULL);
3279 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3287 lsa_dissect_lsacreateaccount_rqst(tvbuff_t *tvb, int offset,
3288 packet_info *pinfo, proto_tree *tree, char *drep)
3290 /* [in] LSA_HANDLE hnd */
3291 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3294 offset = dissect_ndr_nt_SID(tvb, offset,
3297 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3304 lsa_dissect_lsacreateaccount_reply(tvbuff_t *tvb, int offset,
3305 packet_info *pinfo, proto_tree *tree, char *drep)
3307 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3310 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3317 lsa_dissect_lsalookupprivilegedisplayname_rqst(tvbuff_t *tvb, int offset,
3318 packet_info *pinfo, proto_tree *tree, char *drep)
3320 /* [in] LSA_HANDLE hnd */
3321 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3324 /* [in, ref] LSA_UNICODE_STRING *name */
3325 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3328 /* [in] USHORT unknown */
3329 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3330 hf_lsa_unknown_short, NULL);
3332 /* [in] USHORT size */
3333 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3334 hf_lsa_size16, NULL);
3341 lsa_dissect_lsalookupprivilegedisplayname_reply(tvbuff_t *tvb, int offset,
3342 packet_info *pinfo, proto_tree *tree, char *drep)
3344 /* [out, ref] LSA_UNICODE_STRING **disp_name */
3345 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3346 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3347 "NAME pointer: ", hf_lsa_privilege_name, 0);
3349 /* [out, ref] USHORT *size_needed */
3350 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3351 hf_lsa_size_needed, NULL);
3353 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3360 lsa_dissect_lsastoreprivatedata_rqst(tvbuff_t *tvb, int offset,
3361 packet_info *pinfo, proto_tree *tree, char *drep)
3363 /* [in] LSA_HANDLE hnd */
3364 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3367 /* [in, ref] LSA_UNICODE_STRING *key */
3368 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3371 /* [in, unique] LSA_SECRET **data */
3372 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3373 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
3374 "LSA_SECRET* pointer: data", -1, 0);
3381 lsa_dissect_lsastoreprivatedata_reply(tvbuff_t *tvb, int offset,
3382 packet_info *pinfo, proto_tree *tree, char *drep)
3384 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3391 lsa_dissect_lsaretrieveprivatedata_rqst(tvbuff_t *tvb, int offset,
3392 packet_info *pinfo, proto_tree *tree, char *drep)
3394 /* [in] LSA_HANDLE hnd */
3395 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3398 /* [in, ref] LSA_UNICODE_STRING *key */
3399 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3402 /* [in, out, ref] LSA_SECRET **data */
3403 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3404 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3405 "LSA_SECRET* pointer: data", -1, 0);
3412 lsa_dissect_lsaretrieveprivatedata_reply(tvbuff_t *tvb, int offset,
3413 packet_info *pinfo, proto_tree *tree, char *drep)
3415 /* [in, out, ref] LSA_SECRET **data */
3416 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3417 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3418 "LSA_SECRET* pointer: data", -1, 0);
3420 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3427 lsa_dissect_lsaclosetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3428 packet_info *pinfo, proto_tree *tree, char *drep)
3431 /* [in, out] LSA_HANDLE *tdHnd */
3432 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3433 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3434 "LSA_HANDLE", -1, 0);
3441 lsa_dissect_lsaclosetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3442 packet_info *pinfo, proto_tree *tree, char *drep)
3445 /* [in, out] LSA_HANDLE *tdHnd */
3446 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3447 lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
3448 "LSA_HANDLE", -1, 0);
3450 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3457 lsa_dissect_LSA_TRANSLATED_NAME_EX(tvbuff_t *tvb, int offset,
3458 packet_info *pinfo, proto_tree *parent_tree, char *drep)
3460 proto_item *item=NULL;
3461 proto_tree *tree=NULL;
3462 int old_offset=offset;
3465 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3466 "LSA_TRANSLATED_NAME:");
3467 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
3471 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3472 hf_lsa_sid_type, NULL);
3475 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3479 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3480 hf_lsa_index, NULL);
3483 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3484 hf_lsa_unknown_long, NULL);
3486 proto_item_set_len(item, offset-old_offset);
3491 lsa_dissect_LSA_TRANSLATED_NAME_EX_array(tvbuff_t *tvb, int offset,
3492 packet_info *pinfo, proto_tree *tree, char *drep)
3494 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3495 lsa_dissect_LSA_TRANSLATED_NAME_EX);
3500 lsa_dissect_LSA_TRANSLATED_NAMES_EX(tvbuff_t *tvb, int offset,
3501 packet_info *pinfo, proto_tree *tree, char *drep)
3504 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3505 hf_lsa_count, NULL);
3507 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3508 lsa_dissect_LSA_TRANSLATED_NAME_EX_array, NDR_POINTER_UNIQUE,
3509 "LSA_TRANSLATED_NAME_EX: pointer", -1, 0);
3516 lsa_dissect_lsalookupsids2_rqst(tvbuff_t *tvb, int offset,
3517 packet_info *pinfo, proto_tree *tree, char *drep)
3519 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3522 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3523 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3524 "PSID_ARRAY", -1, 0);
3526 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3527 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3528 "LSA_TRANSLATED_NAMES_EX pointer: names", -1, 0);
3530 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3531 hf_lsa_info_level, NULL);
3533 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3534 hf_lsa_num_mapped, NULL);
3537 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3538 hf_lsa_unknown_long, NULL);
3541 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3542 hf_lsa_unknown_long, NULL);
3548 lsa_dissect_lsalookupsids2_reply(tvbuff_t *tvb, int offset,
3549 packet_info *pinfo, proto_tree *tree, char *drep)
3551 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3552 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_REF,
3553 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
3555 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3556 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3557 "LSA_TRANSLATED_NAMES_EX pointer: names", -1, 0);
3559 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3560 hf_lsa_num_mapped, NULL);
3562 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3569 lsa_dissect_lsagetusername_rqst(tvbuff_t *tvb, int offset,
3570 packet_info *pinfo, proto_tree *tree, char *drep)
3573 /* [in, unique, string] WCHAR *server */
3574 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3575 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
3576 "Server:", hf_lsa_server, 0);
3578 /* [in, out, ref] LSA_UNICODE_STRING **user */
3579 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3580 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3581 "ACCOUNT pointer: ", hf_lsa_acct, 0);
3583 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3584 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3585 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3586 "DOMAIN pointer: ", hf_lsa_domain, 0);
3593 lsa_dissect_lsagetusername_reply(tvbuff_t *tvb, int offset,
3594 packet_info *pinfo, proto_tree *tree, char *drep)
3596 /* [in, out, ref] LSA_UNICODE_STRING **user */
3597 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3598 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3599 "ACCOUNT pointer: ", hf_lsa_acct, 0);
3601 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3602 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3603 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3604 "DOMAIN pointer: ", hf_lsa_domain, 0);
3606 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3613 lsa_dissect_lsacreatetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3614 packet_info *pinfo, proto_tree *tree, char *drep)
3616 /* [in] LSA_HANDLE hnd */
3617 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3620 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3621 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3622 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3623 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1, 0);
3625 /* [in, ref] TRUSTED_DOMAIN_AUTH_INFORMATION *auth */
3626 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3627 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION, NDR_POINTER_REF,
3628 "TRUSTED_DOMAIN_AUTH_INFORMATION pointer: auth", -1, 0);
3630 /* [in] ACCESS_MASK mask */
3631 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3639 lsa_dissect_lsacreatetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3640 packet_info *pinfo, proto_tree *tree, char *drep)
3642 /* [out] LSA_HANDLE *tdHnd) */
3643 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3646 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3653 lsa_dissect_lsaenumeratetrusteddomainsex_rqst(tvbuff_t *tvb, int offset,
3654 packet_info *pinfo, proto_tree *tree, char *drep)
3656 /* [in] LSA_HANDLE hnd */
3657 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3660 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3661 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3662 hf_lsa_resume_handle, NULL);
3664 /* [in] ULONG pref_maxlen */
3665 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3666 hf_lsa_max_count, NULL);
3673 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array(tvbuff_t *tvb, int offset,
3674 packet_info *pinfo, proto_tree *tree, char *drep)
3676 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3677 lsa_dissect_LSA_TRUST_INFORMATION_EX);
3683 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX(tvbuff_t *tvb, int offset,
3684 packet_info *pinfo, proto_tree *tree, char *drep)
3687 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3688 hf_lsa_count, NULL);
3690 /* trust information */
3691 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3692 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array, NDR_POINTER_UNIQUE,
3693 "TRUST INFORMATION array:", -1, 0);
3696 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3697 hf_lsa_max_count, NULL);
3704 lsa_dissect_lsaenumeratetrusteddomainsex_reply(tvbuff_t *tvb, int offset,
3705 packet_info *pinfo, proto_tree *tree, char *drep)
3707 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3708 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3709 hf_lsa_resume_handle, NULL);
3711 /* [out, ref] TRUSTED_DOMAIN_INFORMATION_LIST_EX *domains */
3712 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3713 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX, NDR_POINTER_REF,
3714 "TRUSTED_DOMAIN_INFORMATION_LIST_EX pointer: domains", -1, 0);
3716 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3723 lsa_dissect_lsafunction_38_rqst(tvbuff_t *tvb, int offset,
3724 packet_info *pinfo, proto_tree *tree, char *drep)
3726 /* [in] LSA_HANDLE handle */
3727 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3730 /* [in] USHORT flag */
3731 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3732 hf_lsa_unknown_short, NULL);
3734 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3735 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3736 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3737 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1, 0);
3744 lsa_dissect_lsafunction_38_reply(tvbuff_t *tvb, int offset,
3745 packet_info *pinfo, proto_tree *tree, char *drep)
3747 /* [out, ref] LSA_SECURITY_DESCRIPTOR **psd) */
3748 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3749 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3750 "LSA_SECURITY_DESCRIPTOR pointer: psd)", -1, 0);
3756 lsa_dissect_lsafunction_3b_rqst(tvbuff_t *tvb, int offset,
3757 packet_info *pinfo, proto_tree *tree, char *drep)
3759 /* [in] LSA_HANDLE hnd */
3760 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3763 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3764 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3765 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3766 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1, 0);
3768 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3769 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3770 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3771 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1, 0);
3773 /* [in] ULONG unknown */
3774 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3775 hf_lsa_unknown_long, NULL);
3782 lsa_dissect_lsafunction_3b_reply(tvbuff_t *tvb, int offset,
3783 packet_info *pinfo, proto_tree *tree, char *drep)
3785 /* [out] LSA_HANDLE *h2) */
3786 offset = lsa_dissect_LSA_HANDLE(tvb, offset,
3789 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3796 static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
3797 { LSA_LSACLOSE, "Close",
3798 lsa_dissect_lsaclose_rqst,
3799 lsa_dissect_lsaclose_reply },
3800 { LSA_LSADELETE, "Delete",
3801 lsa_dissect_lsadelete_rqst,
3802 lsa_dissect_lsadelete_reply },
3803 { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs",
3804 lsa_dissect_lsaenumerateprivileges_rqst,
3805 lsa_dissect_lsaenumerateprivileges_reply },
3806 { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject",
3807 lsa_dissect_lsaquerysecurityobject_rqst,
3808 lsa_dissect_lsaquerysecurityobject_reply },
3809 { LSA_LSASETSECURITYOBJECT, "SetSecObject",
3810 lsa_dissect_lsasetsecurityobject_rqst,
3811 lsa_dissect_lsasetsecurityobject_reply },
3812 { LSA_LSACHANGEPASSWORD, "ChangePassword",
3813 lsa_dissect_lsachangepassword_rqst,
3814 lsa_dissect_lsachangepassword_reply },
3815 { LSA_LSAOPENPOLICY, "OpenPolicy",
3816 lsa_dissect_lsaopenpolicy_rqst,
3817 lsa_dissect_lsaopenpolicy_reply },
3818 { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy",
3819 lsa_dissect_lsaqueryinformationpolicy_rqst,
3820 lsa_dissect_lsaqueryinformationpolicy_reply },
3821 { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy",
3822 lsa_dissect_lsasetinformationpolicy_rqst,
3823 lsa_dissect_lsasetinformationpolicy_reply },
3824 { LSA_LSACLEARAUDITLOG, "ClearAuditLog",
3825 lsa_dissect_lsaclearauditlog_rqst,
3826 lsa_dissect_lsaclearauditlog_reply },
3827 { LSA_LSACREATEACCOUNT, "CreateAccount",
3828 lsa_dissect_lsacreateaccount_rqst,
3829 lsa_dissect_lsacreateaccount_reply },
3830 { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts",
3831 lsa_dissect_lsaenumerateaccounts_rqst,
3832 lsa_dissect_lsaenumerateaccounts_reply },
3833 { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain",
3834 lsa_dissect_lsacreatetrusteddomain_rqst,
3835 lsa_dissect_lsacreatetrusteddomain_reply },
3836 { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains",
3837 lsa_dissect_lsaenumeratetrusteddomains_rqst,
3838 lsa_dissect_lsaenumeratetrusteddomains_reply },
3839 { LSA_LSALOOKUPNAMES, "LookupNames",
3840 lsa_dissect_lsalookupnames_rqst,
3841 lsa_dissect_lsalookupnames_reply },
3842 { LSA_LSALOOKUPSIDS, "LookupSIDs",
3843 lsa_dissect_lsalookupsids_rqst,
3844 lsa_dissect_lsalookupsids_reply },
3845 { LSA_LSACREATESECRET, "CreateSecret",
3846 lsa_dissect_lsacreatesecret_rqst,
3847 lsa_dissect_lsacreatesecret_reply },
3848 { LSA_LSAOPENACCOUNT, "OpenAccount",
3849 lsa_dissect_lsaopenaccount_rqst,
3850 lsa_dissect_lsaopenaccount_reply },
3851 { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount",
3852 lsa_dissect_lsaenumerateprivilegesaccount_rqst,
3853 lsa_dissect_lsaenumerateprivilegesaccount_reply },
3854 { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount",
3855 lsa_dissect_lsaaddprivilegestoaccount_rqst,
3856 lsa_dissect_lsaaddprivilegestoaccount_reply },
3857 { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount",
3858 lsa_dissect_lsaremoveprivilegesfromaccount_rqst,
3859 lsa_dissect_lsaremoveprivilegesfromaccount_reply },
3860 { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount",
3861 lsa_dissect_lsagetquotasforaccount_rqst,
3862 lsa_dissect_lsagetquotasforaccount_reply },
3863 { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount",
3864 lsa_dissect_lsasetquotasforaccount_rqst,
3865 lsa_dissect_lsasetquotasforaccount_reply },
3866 { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount",
3867 lsa_dissect_lsagetsystemaccessaccount_rqst,
3868 lsa_dissect_lsagetsystemaccessaccount_reply },
3869 { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount",
3870 lsa_dissect_lsasetsystemaccessaccount_rqst,
3871 lsa_dissect_lsasetsystemaccessaccount_reply },
3872 { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain",
3873 lsa_dissect_lsaopentrusteddomain_rqst,
3874 lsa_dissect_lsaopentrusteddomain_reply },
3875 { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain",
3876 lsa_dissect_lsaqueryinfotrusteddomain_rqst,
3877 lsa_dissect_lsaqueryinfotrusteddomain_reply },
3878 { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain",
3879 lsa_dissect_lsasetinformationtrusteddomain_rqst,
3880 lsa_dissect_lsasetinformationtrusteddomain_reply },
3881 { LSA_LSAOPENSECRET, "OpenSecret",
3882 lsa_dissect_lsaopensecret_rqst,
3883 lsa_dissect_lsaopensecret_reply },
3884 { LSA_LSASETSECRET, "SetSecret",
3885 lsa_dissect_lsasetsecret_rqst,
3886 lsa_dissect_lsasetsecret_reply },
3887 { LSA_LSAQUERYSECRET, "QuerySecret",
3888 lsa_dissect_lsaquerysecret_rqst,
3889 lsa_dissect_lsaquerysecret_reply },
3890 { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue",
3891 lsa_dissect_lsalookupprivilegevalue_rqst,
3892 lsa_dissect_lsalookupprivilegevalue_reply },
3893 { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName",
3894 lsa_dissect_lsalookupprivilegename_rqst,
3895 lsa_dissect_lsalookupprivilegename_reply },
3896 { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName",
3897 lsa_dissect_lsalookupprivilegedisplayname_rqst,
3898 lsa_dissect_lsalookupprivilegedisplayname_reply },
3899 { LSA_LSADELETEOBJECT, "DeleteObject",
3900 lsa_dissect_lsadeleteobject_rqst,
3901 lsa_dissect_lsadeleteobject_reply },
3902 { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight",
3903 lsa_dissect_lsaenumerateaccountswithuserright_rqst,
3904 lsa_dissect_lsaenumerateaccountswithuserright_reply },
3905 { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights",
3906 lsa_dissect_lsaenumerateaccountrights_rqst,
3907 lsa_dissect_lsaenumerateaccountrights_reply },
3908 { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights",
3909 lsa_dissect_lsaaddaccountrights_rqst,
3910 lsa_dissect_lsaaddaccountrights_reply },
3911 { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights",
3912 lsa_dissect_lsaremoveaccountrights_rqst,
3913 lsa_dissect_lsaremoveaccountrights_reply },
3914 { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo",
3915 lsa_dissect_lsaquerytrusteddomaininfo_rqst,
3916 lsa_dissect_lsaquerytrusteddomaininfo_reply },
3917 { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo",
3918 lsa_dissect_lsasettrusteddomaininfo_rqst,
3919 lsa_dissect_lsasettrusteddomaininfo_reply },
3920 { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain",
3921 lsa_dissect_lsadeletetrusteddomain_rqst,
3922 lsa_dissect_lsadeletetrusteddomain_reply },
3923 { LSA_LSASTOREPRIVATEDATA, "StorePrivateData",
3924 lsa_dissect_lsastoreprivatedata_rqst,
3925 lsa_dissect_lsastoreprivatedata_reply },
3926 { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData",
3927 lsa_dissect_lsaretrieveprivatedata_rqst,
3928 lsa_dissect_lsaretrieveprivatedata_reply },
3929 { LSA_LSAOPENPOLICY2, "OpenPolicy2",
3930 lsa_dissect_lsaopenpolicy2_rqst,
3931 lsa_dissect_lsaopenpolicy2_reply },
3932 { LSA_LSAGETUSERNAME, "GetUsername",
3933 lsa_dissect_lsagetusername_rqst,
3934 lsa_dissect_lsagetusername_reply },
3935 { LSA_LSAFUNCTION_2E, "LSAFUNCTION_2E",
3936 lsa_dissect_lsafunction_2e_rqst,
3937 lsa_dissect_lsafunction_2e_reply },
3938 { LSA_LSAFUNCTION_2F, "LSAFUNCTION_2F",
3939 lsa_dissect_lsafunction_2f_rqst,
3940 lsa_dissect_lsafunction_2f_reply },
3941 { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName",
3942 lsa_dissect_lsaquerytrusteddomaininfobyname_rqst,
3943 lsa_dissect_lsaquerytrusteddomaininfobyname_reply },
3944 { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName",
3945 lsa_dissect_lsasettrusteddomaininfobyname_rqst,
3946 lsa_dissect_lsasettrusteddomaininfobyname_reply },
3947 { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx",
3948 lsa_dissect_lsaenumeratetrusteddomainsex_rqst,
3949 lsa_dissect_lsaenumeratetrusteddomainsex_reply },
3950 { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx",
3951 lsa_dissect_lsacreatetrusteddomainex_rqst,
3952 lsa_dissect_lsacreatetrusteddomainex_reply },
3953 { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx",
3954 lsa_dissect_lsaclosetrusteddomainex_rqst,
3955 lsa_dissect_lsaclosetrusteddomainex_reply },
3956 { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy",
3957 lsa_dissect_lsaquerydomaininformationpolicy_rqst,
3958 lsa_dissect_lsaquerydomaininformationpolicy_reply },
3959 { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy",
3960 lsa_dissect_lsasetdomaininformationpolicy_rqst,
3961 lsa_dissect_lsasetdomaininformationpolicy_reply },
3962 { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName",
3963 lsa_dissect_lsaopentrusteddomainbyname_rqst,
3964 lsa_dissect_lsaopentrusteddomainbyname_reply },
3965 { LSA_LSAFUNCTION_38, "LSAFUNCTION_38",
3966 lsa_dissect_lsafunction_38_rqst,
3967 lsa_dissect_lsafunction_38_reply },
3968 { LSA_LSALOOKUPSIDS2, "LookupSIDs2",
3969 lsa_dissect_lsalookupsids2_rqst,
3970 lsa_dissect_lsalookupsids2_reply },
3971 { LSA_LSALOOKUPNAMES2, "LookupNames2",
3972 lsa_dissect_lsalookupnames2_rqst,
3973 lsa_dissect_lsalookupnames2_reply },
3974 { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B",
3975 lsa_dissect_lsafunction_3b_rqst,
3976 lsa_dissect_lsafunction_3b_reply },
3977 {0, NULL, NULL, NULL}
3981 proto_register_dcerpc_lsa(void)
3983 static hf_register_info hf[] = {
3984 { &hf_lsa_unknown_string,
3985 { "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
3986 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
3989 { "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
3990 NULL, 0x0, "LSA policy handle", HFILL }},
3993 { "Server", "lsa.server", FT_STRING, BASE_NONE,
3994 NULL, 0, "Name of Server", HFILL }},
3996 { &hf_lsa_controller,
3997 { "Controller", "lsa.controller", FT_STRING, BASE_NONE,
3998 NULL, 0, "Name of Domain Controller", HFILL }},
4000 { &hf_lsa_unknown_hyper,
4001 { "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
4002 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4004 { &hf_lsa_unknown_long,
4005 { "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
4006 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4008 { &hf_lsa_unknown_short,
4009 { "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
4010 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4012 { &hf_lsa_unknown_char,
4013 { "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
4014 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4017 { "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
4018 VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
4021 { "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
4022 NULL, 0x0, "LSA Attributes", HFILL }},
4024 { &hf_lsa_obj_attr_len,
4025 { "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
4026 NULL, 0x0, "Length of object attribute structure", HFILL }},
4028 { &hf_lsa_obj_attr_name,
4029 { "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
4030 NULL, 0x0, "Name of object attribute", HFILL }},
4032 { &hf_lsa_access_mask,
4033 { "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
4034 NULL, 0x0, "LSA Access Mask", HFILL }},
4036 { &hf_lsa_info_level,
4037 { "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
4038 NULL, 0x0, "Information level of requested data", HFILL }},
4040 { &hf_lsa_trusted_info_level,
4041 { "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
4042 VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
4045 { "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
4046 NULL, 0x0, "Size of lsa security descriptor", HFILL }},
4049 { "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
4050 NULL, 0x0, "Length of quality of service structure", HFILL }},
4052 { &hf_lsa_qos_impersonation_level,
4053 { "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
4054 VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
4056 { &hf_lsa_qos_track_context,
4057 { "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
4058 NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
4060 { &hf_lsa_qos_effective_only,
4061 { "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
4062 NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
4064 { &hf_lsa_pali_percent_full,
4065 { "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
4066 NULL, 0x0, "How full audit log is in percentage", HFILL }},
4068 { &hf_lsa_pali_log_size,
4069 { "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
4070 NULL, 0x0, "Size of audit log", HFILL }},
4072 { &hf_lsa_pali_retention_period,
4073 { "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
4074 NULL, 0x0, "", HFILL }},
4076 { &hf_lsa_pali_time_to_shutdown,
4077 { "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
4078 NULL, 0x0, "Time to shutdown", HFILL }},
4080 { &hf_lsa_pali_shutdown_in_progress,
4081 { "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
4082 NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
4084 { &hf_lsa_pali_next_audit_record,
4085 { "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
4086 NULL, 0x0, "Next audit record", HFILL }},
4088 { &hf_lsa_paei_enabled,
4089 { "Enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
4090 NULL, 0x0, "If Audit Events Information is Enabled or not", HFILL }},
4092 { &hf_lsa_paei_settings,
4093 { "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
4094 NULL, 0x0, "Audit Events Information settings", HFILL }},
4097 { "Count", "lsa.count", FT_UINT32, BASE_DEC,
4098 NULL, 0x0, "Count of objects", HFILL }},
4100 { &hf_lsa_max_count,
4101 { "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
4102 NULL, 0x0, "", HFILL }},
4105 { "Domain", "lsa.domain", FT_STRING, BASE_NONE,
4106 NULL, 0x0, "Domain", HFILL }},
4109 { "Account", "lsa.acct", FT_STRING, BASE_NONE,
4110 NULL, 0x0, "Account", HFILL }},
4113 { "Source", "lsa.source", FT_STRING, BASE_NONE,
4114 NULL, 0x0, "Replica Source", HFILL }},
4116 { &hf_lsa_server_role,
4117 { "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
4118 VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
4120 { &hf_lsa_quota_paged_pool,
4121 { "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
4122 NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
4124 { &hf_lsa_quota_non_paged_pool,
4125 { "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
4126 NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
4128 { &hf_lsa_quota_min_wss,
4129 { "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
4130 NULL, 0x0, "Size of Quota Min WSS", HFILL }},
4132 { &hf_lsa_quota_max_wss,
4133 { "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
4134 NULL, 0x0, "Size of Quota Max WSS", HFILL }},
4136 { &hf_lsa_quota_pagefile,
4137 { "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
4138 NULL, 0x0, "Size of quota pagefile usage", HFILL }},
4140 { &hf_lsa_mod_seq_no,
4141 { "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
4142 NULL, 0x0, "Sequence number for this modification", HFILL }},
4144 { &hf_lsa_mod_mtime,
4145 { "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4146 NULL, 0x0, "Time when this modification occured", HFILL }},
4148 { &hf_lsa_cur_mtime,
4149 { "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4150 NULL, 0x0, "Current MTime to set", HFILL }},
4152 { &hf_lsa_old_mtime,
4153 { "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4154 NULL, 0x0, "Old MTime for this object", HFILL }},
4157 { "Name", "lsa.name", FT_STRING, BASE_NONE,
4158 NULL, 0x0, "", HFILL }},
4161 { "Key", "lsa.key", FT_BYTES, BASE_NONE,
4162 NULL, 0x0, "", HFILL }},
4164 { &hf_lsa_flat_name,
4165 { "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
4166 NULL, 0x0, "", HFILL }},
4169 { "Forest", "lsa.forest", FT_STRING, BASE_NONE,
4170 NULL, 0x0, "", HFILL }},
4172 { &hf_lsa_info_type,
4173 { "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
4174 NULL, 0x0, "", HFILL }},
4177 { "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
4178 NULL, 0x0, "New password", HFILL }},
4181 { "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
4182 NULL, 0x0, "Old password", HFILL }},
4185 { "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
4186 VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
4189 { "RID", "lsa.rid", FT_UINT32, BASE_HEX,
4190 NULL, 0x0, "RID", HFILL }},
4192 { &hf_lsa_rid_offset,
4193 { "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
4194 NULL, 0x0, "RID Offset", HFILL }},
4197 { "Index", "lsa.index", FT_UINT32, BASE_DEC,
4198 NULL, 0x0, "", HFILL }},
4200 { &hf_lsa_num_mapped,
4201 { "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
4202 NULL, 0x0, "", HFILL }},
4204 { &hf_lsa_policy_information_class,
4205 { "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
4206 VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
4209 { "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX,
4210 NULL, 0, "", HFILL }},
4212 { &hf_lsa_auth_blob,
4213 { "Auth blob", "lsa.auth.blob", FT_BYTES, BASE_HEX,
4214 NULL, 0, "", HFILL }},
4217 { "High", "nt.luid.high", FT_UINT32, BASE_HEX,
4218 NULL, 0x0, "LUID High component", HFILL }},
4221 { "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
4222 NULL, 0x0, "LUID Low component", HFILL }},
4225 { "Size", "lsa.size", FT_UINT32, BASE_DEC,
4226 NULL, 0x0, "", HFILL }},
4229 { "Size", "lsa.size", FT_UINT16, BASE_DEC,
4230 NULL, 0x0, "", HFILL }},
4232 { &hf_lsa_size_needed,
4233 { "Size Needed", "lsa.size_needed", FT_UINT16, BASE_DEC,
4234 NULL, 0x0, "", HFILL }},
4236 { &hf_lsa_privilege_name,
4237 { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
4238 NULL, 0x0, "LSA Privilege Name", HFILL }},
4241 { "Rights", "lsa.rights", FT_STRING, BASE_NONE,
4242 NULL, 0x0, "Account Rights", HFILL }},
4245 { "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
4246 NULL, 0x0, "LSA Attributes", HFILL }},
4248 { &hf_lsa_auth_update,
4249 { "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
4250 NULL, 0x0, "LSA Auth Info update", HFILL }},
4252 { &hf_lsa_resume_handle,
4253 { "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
4254 NULL, 0x0, "Resume Handle", HFILL }},
4256 { &hf_lsa_trust_direction,
4257 { "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
4258 VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
4260 { &hf_lsa_trust_type,
4261 { "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
4262 VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
4264 { &hf_lsa_trust_attr,
4265 { "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
4266 NULL, 0x0, "Trust attributes", HFILL }},
4268 { &hf_lsa_trust_attr_non_trans,
4269 { "Non Transitive", "lsa.trust.attr.non_trans", FT_BOOLEAN, 32,
4270 TFS(&tfs_trust_attr_non_trans), 0x00000001, "Non Transitive trust", HFILL }},
4272 { &hf_lsa_trust_attr_uplevel_only,
4273 { "Upleve only", "lsa.trust.attr.uplevel_only", FT_BOOLEAN, 32,
4274 TFS(&tfs_trust_attr_uplevel_only), 0x00000002, "Uplevel only trust", HFILL }},
4276 { &hf_lsa_trust_attr_tree_parent,
4277 { "Tree Parent", "lsa.trust.attr.tree_parent", FT_BOOLEAN, 32,
4278 TFS(&tfs_trust_attr_tree_parent), 0x00400000, "Tree Parent trust", HFILL }},
4280 { &hf_lsa_trust_attr_tree_root,
4281 { "Tree Root", "lsa.trust.attr.tree_root", FT_BOOLEAN, 32,
4282 TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
4284 { &hf_lsa_auth_type,
4285 { "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
4286 NULL, 0x0, "Auth Info type", HFILL }},
4289 { "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
4290 NULL, 0x0, "Auth Info len", HFILL }},
4292 { &hf_lsa_remove_all,
4293 { "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
4294 NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }}
4297 static gint *ett[] = {
4299 &ett_lsa_OBJECT_ATTRIBUTES,
4300 &ett_LSA_SECURITY_DESCRIPTOR,
4301 &ett_lsa_policy_info,
4302 &ett_lsa_policy_audit_log_info,
4303 &ett_lsa_policy_audit_events_info,
4304 &ett_lsa_policy_primary_domain_info,
4305 &ett_lsa_policy_primary_account_info,
4306 &ett_lsa_policy_server_role_info,
4307 &ett_lsa_policy_replica_source_info,
4308 &ett_lsa_policy_default_quota_info,
4309 &ett_lsa_policy_modification_info,
4310 &ett_lsa_policy_audit_full_set_info,
4311 &ett_lsa_policy_audit_full_query_info,
4312 &ett_lsa_policy_dns_domain_info,
4313 &ett_lsa_translated_names,
4314 &ett_lsa_translated_name,
4315 &ett_lsa_referenced_domain_list,
4316 &ett_lsa_trust_information,
4317 &ett_lsa_trust_information_ex,
4319 &ett_LSA_PRIVILEGES,
4321 &ett_LSA_LUID_AND_ATTRIBUTES_ARRAY,
4322 &ett_LSA_LUID_AND_ATTRIBUTES,
4323 &ett_LSA_TRUSTED_DOMAIN_LIST,
4324 &ett_LSA_TRUSTED_DOMAIN,
4325 &ett_LSA_TRANSLATED_SIDS,
4326 &ett_lsa_trusted_domain_info,
4327 &ett_lsa_trust_attr,
4328 &ett_lsa_trusted_domain_auth_information,
4329 &ett_lsa_auth_information
4332 proto_dcerpc_lsa = proto_register_protocol(
4333 "Microsoft Local Security Architecture", "LSA", "lsa");
4335 proto_register_field_array (proto_dcerpc_lsa, hf, array_length (hf));
4336 proto_register_subtree_array(ett, array_length(ett));
4339 /* Protocol handoff */
4341 static e_uuid_t uuid_dcerpc_lsa = {
4342 0x12345778, 0x1234, 0xabcd,
4343 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
4346 static guint16 ver_dcerpc_lsa = 0;
4349 proto_reg_handoff_dcerpc_lsa(void)
4351 /* Register protocol as dcerpc */
4353 dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
4354 ver_dcerpc_lsa, dcerpc_lsa_dissectors);