2 * Routines for SMB \PIPE\lsarpc packet disassembly
3 * Copyright 2001,2003 Tim Potter <tpot@samba.org>
4 * 2002 Added LSA command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-lsa.c,v 1.91 2003/09/29 00:01:26 tpot Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
37 #include "packet-dcerpc-lsa.h"
38 #include "packet-smb-common.h"
41 static int proto_dcerpc_lsa = -1;
43 static int hf_lsa_opnum = -1;
44 static int hf_lsa_rc = -1;
45 static int hf_lsa_hnd = -1;
46 static int hf_lsa_policy_information = -1;
47 static int hf_lsa_server = -1;
48 static int hf_lsa_controller = -1;
49 static int hf_lsa_obj_attr = -1;
50 static int hf_lsa_obj_attr_len = -1;
51 static int hf_lsa_obj_attr_name = -1;
52 static int hf_lsa_access_mask = -1;
53 static int hf_lsa_info_level = -1;
54 static int hf_lsa_trusted_info_level = -1;
55 static int hf_lsa_sd_size = -1;
56 static int hf_lsa_qos_len = -1;
57 static int hf_lsa_qos_impersonation_level = -1;
58 static int hf_lsa_qos_track_context = -1;
59 static int hf_lsa_qos_effective_only = -1;
60 static int hf_lsa_pali_percent_full = -1;
61 static int hf_lsa_pali_log_size = -1;
62 static int hf_lsa_pali_retention_period = -1;
63 static int hf_lsa_pali_time_to_shutdown = -1;
64 static int hf_lsa_pali_shutdown_in_progress = -1;
65 static int hf_lsa_pali_next_audit_record = -1;
66 static int hf_lsa_paei_enabled = -1;
67 static int hf_lsa_paei_settings = -1;
68 static int hf_lsa_count = -1;
69 static int hf_lsa_size = -1;
70 static int hf_lsa_size16 = -1;
71 static int hf_lsa_privilege_display_name_size = -1;
72 static int hf_lsa_max_count = -1;
73 static int hf_lsa_index = -1;
74 static int hf_lsa_fqdomain = -1;
75 static int hf_lsa_domain = -1;
76 static int hf_lsa_domain_sid = -1;
77 static int hf_lsa_acct = -1;
78 static int hf_lsa_server_role = -1;
79 static int hf_lsa_source = -1;
80 static int hf_lsa_quota_paged_pool = -1;
81 static int hf_lsa_quota_non_paged_pool = -1;
82 static int hf_lsa_quota_min_wss = -1;
83 static int hf_lsa_quota_max_wss = -1;
84 static int hf_lsa_quota_pagefile = -1;
85 static int hf_lsa_mod_seq_no = -1;
86 static int hf_lsa_mod_mtime = -1;
87 static int hf_lsa_cur_mtime = -1;
88 static int hf_lsa_old_mtime = -1;
89 static int hf_lsa_name = -1;
90 static int hf_lsa_key = -1;
91 static int hf_lsa_flat_name = -1;
92 static int hf_lsa_forest = -1;
93 static int hf_lsa_info_type = -1;
94 static int hf_lsa_old_pwd = -1;
95 static int hf_lsa_new_pwd = -1;
96 static int hf_lsa_sid_type = -1;
97 static int hf_lsa_rid = -1;
98 static int hf_lsa_rid_offset = -1;
99 static int hf_lsa_num_mapped = -1;
100 static int hf_lsa_policy_information_class = -1;
101 static int hf_lsa_secret = -1;
102 static int hf_nt_luid_high = -1;
103 static int hf_nt_luid_low = -1;
104 static int hf_lsa_privilege_name = -1;
105 static int hf_lsa_privilege_display_name = -1;
106 static int hf_lsa_attr = -1;
107 static int hf_lsa_resume_handle = -1;
108 static int hf_lsa_trust_direction = -1;
109 static int hf_lsa_trust_type = -1;
110 static int hf_lsa_trust_attr = -1;
111 static int hf_lsa_trust_attr_non_trans = -1;
112 static int hf_lsa_trust_attr_uplevel_only = -1;
113 static int hf_lsa_trust_attr_tree_parent = -1;
114 static int hf_lsa_trust_attr_tree_root = -1;
115 static int hf_lsa_auth_update = -1;
116 static int hf_lsa_auth_type = -1;
117 static int hf_lsa_auth_len = -1;
118 static int hf_lsa_auth_blob = -1;
119 static int hf_lsa_rights = -1;
120 static int hf_lsa_remove_all = -1;
122 static int hf_lsa_unknown_hyper = -1;
123 static int hf_lsa_unknown_long = -1;
124 static int hf_lsa_unknown_short = -1;
125 static int hf_lsa_unknown_char = -1;
126 static int hf_lsa_unknown_string = -1;
127 #ifdef LSA_UNUSED_HANDLES
128 static int hf_lsa_unknown_time = -1;
132 static gint ett_dcerpc_lsa = -1;
133 static gint ett_lsa_OBJECT_ATTRIBUTES = -1;
134 static gint ett_LSA_SECURITY_DESCRIPTOR = -1;
135 static gint ett_lsa_policy_info = -1;
136 static gint ett_lsa_policy_audit_log_info = -1;
137 static gint ett_lsa_policy_audit_events_info = -1;
138 static gint ett_lsa_policy_primary_domain_info = -1;
139 static gint ett_lsa_policy_primary_account_info = -1;
140 static gint ett_lsa_policy_server_role_info = -1;
141 static gint ett_lsa_policy_replica_source_info = -1;
142 static gint ett_lsa_policy_default_quota_info = -1;
143 static gint ett_lsa_policy_modification_info = -1;
144 static gint ett_lsa_policy_audit_full_set_info = -1;
145 static gint ett_lsa_policy_audit_full_query_info = -1;
146 static gint ett_lsa_policy_dns_domain_info = -1;
147 static gint ett_lsa_translated_names = -1;
148 static gint ett_lsa_translated_name = -1;
149 static gint ett_lsa_referenced_domain_list = -1;
150 static gint ett_lsa_trust_information = -1;
151 static gint ett_lsa_trust_information_ex = -1;
152 static gint ett_LUID = -1;
153 static gint ett_LSA_PRIVILEGES = -1;
154 static gint ett_LSA_PRIVILEGE = -1;
155 static gint ett_LSA_LUID_AND_ATTRIBUTES_ARRAY = -1;
156 static gint ett_LSA_LUID_AND_ATTRIBUTES = -1;
157 static gint ett_LSA_TRUSTED_DOMAIN_LIST = -1;
158 static gint ett_LSA_TRUSTED_DOMAIN = -1;
159 static gint ett_LSA_TRANSLATED_SIDS = -1;
160 static gint ett_lsa_trusted_domain_info = -1;
161 static gint ett_lsa_trust_attr = -1;
162 static gint ett_lsa_trusted_domain_auth_information = -1;
163 static gint ett_lsa_auth_information = -1;
167 lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
168 packet_info *pinfo, proto_tree *tree,
173 di=pinfo->private_data;
174 if(di->conformant_run){
175 /*just a run to handle conformant arrays, nothing to dissect */
179 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
186 lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
187 packet_info *pinfo, proto_tree *tree,
192 di=pinfo->private_data;
193 if(di->conformant_run){
194 /*just a run to handle conformant arrays, nothing to dissect */
198 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
204 lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
205 packet_info *pinfo, proto_tree *tree,
210 di=pinfo->private_data;
211 if(di->conformant_run){
212 /*just a run to handle conformant arrays, nothing to dissect */
216 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
217 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
218 "DOMAIN pointer: ", di->hf_index);
224 lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
225 packet_info *pinfo, proto_tree *tree,
230 di=pinfo->private_data;
231 if(di->conformant_run){
232 /*just a run to handle conformant arrays, nothing to dissect */
236 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
243 lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
244 packet_info *pinfo, proto_tree *tree,
250 di=pinfo->private_data;
251 if(di->conformant_run){
252 /*just a run to handle conformant arrays, nothing to dissect */
256 /* this is probably a varying and conformant array */
257 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
258 hf_lsa_sd_size, &len);
260 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
261 hf_lsa_sd_size, &len);
262 proto_tree_add_item(tree, hf_lsa_secret, tvb, offset, len, FALSE);
269 lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
270 packet_info *pinfo, proto_tree *parent_tree,
273 proto_item *item=NULL;
274 proto_tree *tree=NULL;
275 int old_offset=offset;
278 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
280 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
283 /* XXX need to figure this one out */
284 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
285 hf_lsa_sd_size, NULL);
286 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
287 hf_lsa_sd_size, NULL);
288 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
289 lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
290 "LSA_SECRET data: pointer", -1);
292 proto_item_set_len(item, offset-old_offset);
297 lsa_dissect_LSA_SECRET_pointer(tvbuff_t *tvb, int offset,
298 packet_info *pinfo, proto_tree *tree,
301 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
302 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
303 "LSA_SECRET pointer: data", -1);
308 /* Dissect LSA specific access rights */
310 static gint hf_view_local_info = -1;
311 static gint hf_view_audit_info = -1;
312 static gint hf_get_private_info = -1;
313 static gint hf_trust_admin = -1;
314 static gint hf_create_account = -1;
315 static gint hf_create_secret = -1;
316 static gint hf_create_priv = -1;
317 static gint hf_set_default_quota_limits = -1;
318 static gint hf_set_audit_requirements = -1;
319 static gint hf_server_admin = -1;
320 static gint hf_lookup_names = -1;
323 lsa_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree,
326 proto_tree_add_boolean(
327 tree, hf_lookup_names, tvb, offset, 4, access);
329 proto_tree_add_boolean(
330 tree, hf_server_admin, tvb, offset, 4, access);
332 proto_tree_add_boolean(
333 tree, hf_set_audit_requirements, tvb, offset, 4, access);
335 proto_tree_add_boolean(
336 tree, hf_set_default_quota_limits, tvb, offset, 4, access);
338 proto_tree_add_boolean(
339 tree, hf_create_priv, tvb, offset, 4, access);
341 proto_tree_add_boolean(
342 tree, hf_create_secret, tvb, offset, 4, access);
344 proto_tree_add_boolean(
345 tree, hf_create_account, tvb, offset, 4, access);
347 proto_tree_add_boolean(
348 tree, hf_trust_admin, tvb, offset, 4, access);
350 proto_tree_add_boolean(
351 tree, hf_get_private_info, tvb, offset, 4, access);
353 proto_tree_add_boolean(
354 tree, hf_view_audit_info, tvb, offset, 4, access);
356 proto_tree_add_boolean(
357 tree, hf_view_local_info, tvb, offset, 4, access);
360 struct access_mask_info lsa_access_mask_info = {
361 "LSA", /* Name of specific rights */
362 lsa_specific_rights, /* Dissection function */
363 NULL, /* Generic mapping table */
364 NULL /* Standard mapping table */
368 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
369 packet_info *pinfo, proto_tree *tree,
375 di=pinfo->private_data;
376 if(di->conformant_run){
377 /*just a run to handle conformant arrays, nothing to dissect */
381 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
382 hf_lsa_sd_size, &len);
385 tvb, offset, pinfo, tree, drep, len, &lsa_access_mask_info);
392 lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
393 packet_info *pinfo, proto_tree *parent_tree,
396 proto_item *item=NULL;
397 proto_tree *tree=NULL;
398 int old_offset=offset;
401 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
402 "LSA_SECURITY_DESCRIPTOR:");
403 tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
406 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
407 hf_lsa_sd_size, NULL);
409 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
410 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
411 "LSA SECURITY DESCRIPTOR data:", -1);
413 proto_item_set_len(item, offset-old_offset);
418 lsa_dissect_LPSTR(tvbuff_t *tvb, int offset,
419 packet_info *pinfo, proto_tree *tree, char *drep)
421 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
422 hf_lsa_unknown_char, NULL);
427 static const value_string lsa_impersonation_level_vals[] = {
429 {1, "Identification"},
430 {2, "Impersonation"},
437 lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset,
438 packet_info *pinfo, proto_tree *tree, char *drep)
441 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
442 hf_lsa_qos_len, NULL);
444 /* impersonation level */
445 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
446 hf_lsa_qos_impersonation_level, NULL);
448 /* context tracking mode */
449 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
450 hf_lsa_qos_track_context, NULL);
453 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
454 hf_lsa_qos_effective_only, NULL);
460 lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
461 packet_info *pinfo, proto_tree *tree, char *drep)
463 offset = dissect_nt_access_mask(
464 tvb, offset, pinfo, tree, drep, hf_lsa_access_mask,
465 &lsa_access_mask_info);
471 lsa_dissect_LSA_OBJECT_ATTRIBUTES(tvbuff_t *tvb, int offset,
472 packet_info *pinfo, proto_tree *parent_tree, char *drep)
474 int old_offset=offset;
475 proto_item *item = NULL;
476 proto_tree *tree = NULL;
479 item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Object Attributes");
480 tree = proto_item_add_subtree(item, ett_lsa_OBJECT_ATTRIBUTES);
484 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
485 hf_lsa_obj_attr_len, NULL);
488 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
489 lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
490 "LSPTR pointer: ", -1);
493 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
494 lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
495 "NAME pointer: ", hf_lsa_obj_attr_name);
498 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
499 hf_lsa_obj_attr, NULL);
501 /* security descriptor */
502 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
503 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
504 "LSA_SECURITY_DESCRIPTOR pointer: ", -1);
506 /* security quality of service */
507 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
508 lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
509 "LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1);
511 proto_item_set_len(item, offset-old_offset);
516 lsa_dissect_lsarclose_rqst(tvbuff_t *tvb, int offset,
517 packet_info *pinfo, proto_tree *tree, char *drep)
519 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
520 hf_lsa_hnd, NULL, NULL, FALSE, TRUE);
526 lsa_dissect_lsarclose_reply(tvbuff_t *tvb, int offset,
527 packet_info *pinfo, proto_tree *tree, char *drep)
529 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
530 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
532 offset = dissect_ntstatus(
533 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
538 /* A bug in the NT IDL for lsa openpolicy only stores the first (wide)
539 character of the server name which is always '\'. This is fixed in lsa
540 openpolicy2 but the function remains for backwards compatibility. */
542 static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
544 proto_tree *tree, char *drep)
546 return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
547 hf_lsa_server, NULL);
551 lsa_dissect_lsaropenpolicy_rqst(tvbuff_t *tvb, int offset,
552 packet_info *pinfo, proto_tree *tree, char *drep)
554 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
555 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
556 "Server", hf_lsa_server);
558 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
559 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
560 "OBJECT_ATTRIBUTES", -1);
562 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
569 lsa_dissect_lsaropenpolicy_reply(tvbuff_t *tvb, int offset,
570 packet_info *pinfo, proto_tree *tree, char *drep)
572 e_ctx_hnd policy_hnd;
573 proto_item *hnd_item;
576 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
577 hf_lsa_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
579 offset = dissect_ntstatus(
580 tvb, offset, pinfo, tree, drep, hf_lsa_rc, &status);
583 dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
584 "OpenPolicy handle");
586 if (hnd_item != NULL)
587 proto_item_append_text(hnd_item, ": OpenPolicy handle");
594 lsa_dissect_lsaropenpolicy2_rqst(tvbuff_t *tvb, int offset,
595 packet_info *pinfo, proto_tree *tree, char *drep)
597 offset = dissect_ndr_pointer_cb(tvb, offset, pinfo, tree, drep,
598 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Server",
599 hf_lsa_server, cb_wstr_postprocess,
600 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
602 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
603 lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
604 "OBJECT_ATTRIBUTES", -1);
606 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
614 lsa_dissect_lsaropenpolicy2_reply(tvbuff_t *tvb, int offset,
615 packet_info *pinfo, proto_tree *tree, char *drep)
617 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
618 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
619 e_ctx_hnd policy_hnd;
620 proto_item *hnd_item;
624 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
625 hf_lsa_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
627 offset = dissect_ntstatus(
628 tvb, offset, pinfo, tree, drep, hf_lsa_rc, &status);
631 if (dcv->private_data)
632 pol_name = g_strdup_printf(
633 "OpenPolicy2(%s)", (char *)dcv->private_data);
635 pol_name = g_strdup("OpenPolicy2 handle");
637 dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
639 if (hnd_item != NULL)
640 proto_item_append_text(hnd_item, ": %s", pol_name);
648 static const value_string policy_information_class_vals[] = {
649 {1, "Audit Log Information"},
650 {2, "Audit Events Information"},
651 {3, "Primary Domain Information"},
652 {4, "Pd Account Information"},
653 {5, "Account Domain Information"},
654 {6, "Server Role Information"},
655 {7, "Replica Source Information"},
656 {8, "Default Quota Information"},
657 {9, "Modification Information"},
658 {10, "Audit Full Set Information"},
659 {11, "Audit Full Query Information"},
660 {12, "DNS Domain Information"},
665 lsa_dissect_lsarqueryinformationpolicy_rqst(tvbuff_t *tvb, int offset,
666 packet_info *pinfo, proto_tree *tree, char *drep)
670 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
671 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
673 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
674 hf_lsa_policy_information_class, &level);
676 if (check_col(pinfo->cinfo, COL_INFO))
678 pinfo->cinfo, COL_INFO, ", %s",
679 val_to_str(level, policy_information_class_vals,
686 lsa_dissect_POLICY_AUDIT_LOG_INFO(tvbuff_t *tvb, int offset,
687 packet_info *pinfo, proto_tree *parent_tree, char *drep)
689 proto_item *item=NULL;
690 proto_tree *tree=NULL;
691 int old_offset=offset;
694 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
695 "POLICY_AUDIT_LOG_INFO:");
696 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_log_info);
700 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
701 hf_lsa_pali_percent_full, NULL);
704 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
705 hf_lsa_pali_log_size, NULL);
707 /* retention period */
708 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
709 hf_lsa_pali_retention_period);
711 /* shutdown in progress */
712 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
713 hf_lsa_pali_shutdown_in_progress, NULL);
715 /* time to shutdown */
716 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
717 hf_lsa_pali_time_to_shutdown);
719 /* next audit record */
720 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
721 hf_lsa_pali_next_audit_record, NULL);
723 proto_item_set_len(item, offset-old_offset);
728 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings(tvbuff_t *tvb, int offset,
729 packet_info *pinfo, proto_tree *tree, char *drep)
731 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
732 hf_lsa_paei_settings, NULL);
737 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array(tvbuff_t *tvb, int offset,
738 packet_info *pinfo, proto_tree *tree, char *drep)
740 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
741 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings);
747 lsa_dissect_POLICY_AUDIT_EVENTS_INFO(tvbuff_t *tvb, int offset,
748 packet_info *pinfo, proto_tree *parent_tree, char *drep)
750 proto_item *item=NULL;
751 proto_tree *tree=NULL;
752 int old_offset=offset;
755 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
756 "POLICY_AUDIT_EVENTS_INFO:");
757 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_events_info);
761 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
762 hf_lsa_paei_enabled, NULL);
765 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
766 lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array, NDR_POINTER_UNIQUE,
770 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
773 proto_item_set_len(item, offset-old_offset);
779 lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(tvbuff_t *tvb, int offset,
780 packet_info *pinfo, proto_tree *parent_tree, char *drep)
782 proto_item *item=NULL;
783 proto_tree *tree=NULL;
784 int old_offset=offset;
787 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
788 "POLICY_PRIMARY_DOMAIN_INFO:");
789 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_domain_info);
793 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
797 offset = dissect_ndr_nt_PSID(tvb, offset,
798 pinfo, tree, drep, hf_lsa_domain_sid);
800 proto_item_set_len(item, offset-old_offset);
806 lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(tvbuff_t *tvb, int offset,
807 packet_info *pinfo, proto_tree *parent_tree, char *drep)
809 proto_item *item=NULL;
810 proto_tree *tree=NULL;
811 int old_offset=offset;
814 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
815 "POLICY_ACCOUNT_DOMAIN_INFO:");
816 tree = proto_item_add_subtree(item, ett_lsa_policy_primary_account_info);
820 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
824 offset = dissect_ndr_nt_PSID(tvb, offset,
825 pinfo, tree, drep, hf_lsa_domain_sid);
827 proto_item_set_len(item, offset-old_offset);
832 static const value_string server_role_vals[] = {
834 {1, "Domain Member"},
840 lsa_dissect_POLICY_SERVER_ROLE_INFO(tvbuff_t *tvb, int offset,
841 packet_info *pinfo, proto_tree *parent_tree, char *drep)
843 proto_item *item=NULL;
844 proto_tree *tree=NULL;
845 int old_offset=offset;
848 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
849 "POLICY_SERVER_ROLE_INFO:");
850 tree = proto_item_add_subtree(item, ett_lsa_policy_server_role_info);
854 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
855 hf_lsa_server_role, NULL);
857 proto_item_set_len(item, offset-old_offset);
862 lsa_dissect_POLICY_REPLICA_SOURCE_INFO(tvbuff_t *tvb, int offset,
863 packet_info *pinfo, proto_tree *parent_tree, char *drep)
865 proto_item *item=NULL;
866 proto_tree *tree=NULL;
867 int old_offset=offset;
870 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
871 "POLICY_REPLICA_SOURCE_INFO:");
872 tree = proto_item_add_subtree(item, ett_lsa_policy_replica_source_info);
876 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
880 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
883 proto_item_set_len(item, offset-old_offset);
889 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(tvbuff_t *tvb, int offset,
890 packet_info *pinfo, proto_tree *parent_tree, char *drep)
892 proto_item *item=NULL;
893 proto_tree *tree=NULL;
894 int old_offset=offset;
897 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
898 "POLICY_DEFAULT_QUOTA_INFO:");
899 tree = proto_item_add_subtree(item, ett_lsa_policy_default_quota_info);
903 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
904 hf_lsa_quota_paged_pool, NULL);
907 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
908 hf_lsa_quota_non_paged_pool, NULL);
911 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
912 hf_lsa_quota_min_wss, NULL);
915 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
916 hf_lsa_quota_max_wss, NULL);
919 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
920 hf_lsa_quota_pagefile, NULL);
923 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
924 hf_lsa_unknown_hyper, NULL);
926 proto_item_set_len(item, offset-old_offset);
932 lsa_dissect_POLICY_MODIFICATION_INFO(tvbuff_t *tvb, int offset,
933 packet_info *pinfo, proto_tree *parent_tree, char *drep)
935 proto_item *item=NULL;
936 proto_tree *tree=NULL;
937 int old_offset=offset;
940 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
941 "POLICY_MODIFICATION_INFO:");
942 tree = proto_item_add_subtree(item, ett_lsa_policy_modification_info);
946 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
947 hf_lsa_mod_seq_no, NULL);
950 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
953 proto_item_set_len(item, offset-old_offset);
959 lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(tvbuff_t *tvb, int offset,
960 packet_info *pinfo, proto_tree *parent_tree, char *drep)
962 proto_item *item=NULL;
963 proto_tree *tree=NULL;
964 int old_offset=offset;
967 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
968 "POLICY_AUDIT_FULL_SET_INFO:");
969 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_set_info);
973 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
974 hf_lsa_unknown_char, NULL);
976 proto_item_set_len(item, offset-old_offset);
982 lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(tvbuff_t *tvb, int offset,
983 packet_info *pinfo, proto_tree *parent_tree, char *drep)
985 proto_item *item=NULL;
986 proto_tree *tree=NULL;
987 int old_offset=offset;
990 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
991 "POLICY_AUDIT_FULL_QUERY_INFO:");
992 tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_query_info);
996 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
997 hf_lsa_unknown_char, NULL);
1000 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1001 hf_lsa_unknown_char, NULL);
1003 proto_item_set_len(item, offset-old_offset);
1009 lsa_dissect_POLICY_DNS_DOMAIN_INFO(tvbuff_t *tvb, int offset,
1010 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1012 proto_item *item=NULL;
1013 proto_tree *tree=NULL;
1014 int old_offset=offset;
1017 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1018 "POLICY_DNS_DOMAIN_INFO:");
1019 tree = proto_item_add_subtree(item, ett_lsa_policy_dns_domain_info);
1023 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1027 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1028 hf_lsa_fqdomain, 0);
1031 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1035 offset = dissect_nt_GUID(tvb, offset,
1039 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep, hf_lsa_domain_sid);
1041 proto_item_set_len(item, offset-old_offset);
1046 lsa_dissect_POLICY_INFORMATION(tvbuff_t *tvb, int offset,
1047 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1049 proto_item *item=NULL;
1050 proto_tree *tree=NULL;
1051 int old_offset=offset;
1055 item = proto_tree_add_item(parent_tree, hf_lsa_policy_information, tvb, offset, 0, FALSE);
1057 tree = proto_item_add_subtree(item, ett_lsa_policy_info);
1060 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1061 hf_lsa_info_level, &level);
1063 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
1066 offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
1067 tvb, offset, pinfo, tree, drep);
1070 offset = lsa_dissect_POLICY_AUDIT_EVENTS_INFO(
1071 tvb, offset, pinfo, tree, drep);
1074 offset = lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(
1075 tvb, offset, pinfo, tree, drep);
1078 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1079 tree, drep, hf_lsa_acct, 0);
1082 offset = lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(
1083 tvb, offset, pinfo, tree, drep);
1086 offset = lsa_dissect_POLICY_SERVER_ROLE_INFO(
1087 tvb, offset, pinfo, tree, drep);
1090 offset = lsa_dissect_POLICY_REPLICA_SOURCE_INFO(
1091 tvb, offset, pinfo, tree, drep);
1094 offset = lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(
1095 tvb, offset, pinfo, tree, drep);
1098 offset = lsa_dissect_POLICY_MODIFICATION_INFO(
1099 tvb, offset, pinfo, tree, drep);
1102 offset = lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(
1103 tvb, offset, pinfo, tree, drep);
1106 offset = lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(
1107 tvb, offset, pinfo, tree, drep);
1110 offset = lsa_dissect_POLICY_DNS_DOMAIN_INFO(
1111 tvb, offset, pinfo, tree, drep);
1115 proto_item_set_len(item, offset-old_offset);
1120 lsa_dissect_lsarqueryinformationpolicy_reply(tvbuff_t *tvb, int offset,
1121 packet_info *pinfo, proto_tree *tree, char *drep)
1123 /* This is really a pointer to a pointer though the first level is REF
1124 so we just ignore that one */
1125 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1126 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
1127 "POLICY_INFORMATION pointer: info", -1);
1129 offset = dissect_ntstatus(
1130 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1136 lsa_dissect_lsardelete_rqst(tvbuff_t *tvb, int offset,
1137 packet_info *pinfo, proto_tree *tree, char *drep)
1139 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1140 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1146 lsa_dissect_lsardelete_reply(tvbuff_t *tvb, int offset,
1147 packet_info *pinfo, proto_tree *tree, char *drep)
1149 offset = dissect_ntstatus(
1150 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1157 lsa_dissect_lsarquerysecurityobject_rqst(tvbuff_t *tvb, int offset,
1158 packet_info *pinfo, proto_tree *tree, char *drep)
1160 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1161 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1163 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1164 hf_lsa_info_type, NULL);
1171 lsa_dissect_lsarquerysecurityobject_reply(tvbuff_t *tvb, int offset,
1172 packet_info *pinfo, proto_tree *tree, char *drep)
1174 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1175 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
1176 "LSA_SECURITY_DESCRIPTOR pointer: sec_info", -1);
1178 offset = dissect_ntstatus(
1179 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1186 lsa_dissect_lsarsetsecurityobject_rqst(tvbuff_t *tvb, int offset,
1187 packet_info *pinfo, proto_tree *tree, char *drep)
1189 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1190 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1192 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1193 hf_lsa_info_type, NULL);
1195 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1196 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
1197 "LSA_SECURITY_DESCRIPTOR: sec_info", -1);
1203 lsa_dissect_lsarsetsecurityobject_reply(tvbuff_t *tvb, int offset,
1204 packet_info *pinfo, proto_tree *tree, char *drep)
1206 offset = dissect_ntstatus(
1207 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1214 lsa_dissect_lsarchangepassword_rqst(tvbuff_t *tvb, int offset,
1215 packet_info *pinfo, proto_tree *tree, char *drep)
1218 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1222 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1226 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1230 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1234 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1241 lsa_dissect_lsarchangepassword_reply(tvbuff_t *tvb, int offset,
1242 packet_info *pinfo, proto_tree *tree, char *drep)
1244 offset = dissect_ntstatus(
1245 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1250 static const value_string sid_type_vals[] = {
1255 {5, "Well Known Group"},
1256 {6, "Deleted Account"},
1263 lsa_dissect_LSA_TRANSLATED_NAME(tvbuff_t *tvb, int offset,
1264 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1266 proto_item *item=NULL;
1267 proto_tree *tree=NULL;
1268 int old_offset=offset;
1271 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1272 "LSA_TRANSLATED_NAME:");
1273 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
1277 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1278 hf_lsa_sid_type, NULL);
1281 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1285 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1286 hf_lsa_index, NULL);
1288 proto_item_set_len(item, offset-old_offset);
1293 lsa_dissect_LSA_TRANSLATED_NAME_array(tvbuff_t *tvb, int offset,
1294 packet_info *pinfo, proto_tree *tree, char *drep)
1296 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1297 lsa_dissect_LSA_TRANSLATED_NAME);
1303 lsa_dissect_LSA_TRANSLATED_NAMES(tvbuff_t *tvb, int offset,
1304 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1306 proto_item *item=NULL;
1307 proto_tree *tree=NULL;
1308 int old_offset=offset;
1311 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1312 "LSA_TRANSLATED_NAMES:");
1313 tree = proto_item_add_subtree(item, ett_lsa_translated_names);
1317 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1318 hf_lsa_count, NULL);
1321 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1322 lsa_dissect_LSA_TRANSLATED_NAME_array, NDR_POINTER_UNIQUE,
1323 "TRANSLATED_NAME_ARRAY", -1);
1325 proto_item_set_len(item, offset-old_offset);
1331 lsa_dissect_lsarlookupsids_rqst(tvbuff_t *tvb, int offset,
1332 packet_info *pinfo, proto_tree *tree, char *drep)
1334 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1335 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1337 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1338 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
1341 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1342 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1343 "LSA_TRANSLATED_NAMES pointer: names", -1);
1345 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1346 hf_lsa_info_level, NULL);
1348 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1349 hf_lsa_num_mapped, NULL);
1355 lsa_dissect_LSA_TRUST_INFORMATION(tvbuff_t *tvb, int offset,
1356 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1358 proto_item *item=NULL;
1359 proto_tree *tree=NULL;
1360 int old_offset=offset;
1363 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1364 "TRUST INFORMATION:");
1365 tree = proto_item_add_subtree(item, ett_lsa_trust_information);
1369 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1373 offset = dissect_ndr_nt_PSID(tvb, offset,
1374 pinfo, tree, drep, -1);
1376 proto_item_set_len(item, offset-old_offset);
1380 static const value_string trusted_direction_vals[] = {
1381 {0, "Trust disabled"},
1382 {1, "Inbound trust"},
1383 {2, "Outbound trust"},
1387 static const value_string trusted_type_vals[] = {
1395 static const true_false_string tfs_trust_attr_non_trans = {
1396 "NON TRANSITIVE is set",
1397 "Non transitive is NOT set"
1399 static const true_false_string tfs_trust_attr_uplevel_only = {
1400 "UPLEVEL ONLY is set",
1401 "Uplevel only is NOT set"
1403 static const true_false_string tfs_trust_attr_tree_parent = {
1404 "TREE PARENT is set",
1405 "Tree parent is NOT set"
1407 static const true_false_string tfs_trust_attr_tree_root = {
1409 "Tree root is NOT set"
1412 lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
1413 proto_tree *parent_tree, char *drep)
1416 proto_item *item = NULL;
1417 proto_tree *tree = NULL;
1419 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
1420 hf_lsa_trust_attr, &mask);
1423 item = proto_tree_add_uint(parent_tree, hf_lsa_trust_attr,
1424 tvb, offset-4, 4, mask);
1425 tree = proto_item_add_subtree(item, ett_lsa_trust_attr);
1428 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_root,
1429 tvb, offset-4, 4, mask);
1430 proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_parent,
1431 tvb, offset-4, 4, mask);
1432 proto_tree_add_boolean(tree, hf_lsa_trust_attr_uplevel_only,
1433 tvb, offset-4, 4, mask);
1434 proto_tree_add_boolean(tree, hf_lsa_trust_attr_non_trans,
1435 tvb, offset-4, 4, mask);
1441 lsa_dissect_LSA_TRUST_INFORMATION_EX(tvbuff_t *tvb, int offset,
1442 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1444 proto_item *item=NULL;
1445 proto_tree *tree=NULL;
1446 int old_offset=offset;
1449 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1450 "TRUST INFORMATION EX:");
1451 tree = proto_item_add_subtree(item, ett_lsa_trust_information_ex);
1455 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1459 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1460 hf_lsa_flat_name, 0);
1463 offset = dissect_ndr_nt_PSID(tvb, offset,
1464 pinfo, tree, drep, -1);
1467 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1468 hf_lsa_trust_direction, NULL);
1471 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1472 hf_lsa_trust_type, NULL);
1475 offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
1477 proto_item_set_len(item, offset-old_offset);
1482 lsa_dissect_auth_info_blob(tvbuff_t *tvb, int offset,
1483 packet_info *pinfo, proto_tree *tree, char *drep)
1488 di=pinfo->private_data;
1489 if(di->conformant_run){
1490 /*just a run to handle conformant arrays, nothing to dissect */
1495 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1496 hf_lsa_auth_len, &len);
1498 proto_tree_add_item(tree, hf_lsa_auth_blob, tvb, offset, len, FALSE);
1505 lsa_dissect_auth_info(tvbuff_t *tvb, int offset,
1506 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1508 proto_item *item=NULL;
1509 proto_tree *tree=NULL;
1510 int old_offset=offset;
1513 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1514 "AUTH INFORMATION:");
1515 tree = proto_item_add_subtree(item, ett_lsa_auth_information);
1519 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1520 hf_lsa_auth_update, NULL);
1523 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1524 hf_lsa_auth_type, NULL);
1527 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1528 hf_lsa_auth_len, NULL);
1530 /* auth info blob */
1531 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1532 lsa_dissect_auth_info_blob, NDR_POINTER_UNIQUE,
1533 "AUTH INFO blob:", -1);
1535 proto_item_set_len(item, offset-old_offset);
1540 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvbuff_t *tvb, int offset,
1541 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1543 proto_item *item=NULL;
1544 proto_tree *tree=NULL;
1545 int old_offset=offset;
1548 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1549 "TRUSTED DOMAIN AUTH INFORMATION:");
1550 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_auth_information);
1554 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1555 hf_lsa_unknown_long, NULL);
1558 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1561 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1564 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1565 hf_lsa_unknown_long, NULL);
1568 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1571 offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
1573 proto_item_set_len(item, offset-old_offset);
1579 lsa_dissect_LSA_TRUST_INFORMATION_array(tvbuff_t *tvb, int offset,
1580 packet_info *pinfo, proto_tree *tree, char *drep)
1582 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1583 lsa_dissect_LSA_TRUST_INFORMATION);
1589 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
1590 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1592 proto_item *item=NULL;
1593 proto_tree *tree=NULL;
1594 int old_offset=offset;
1597 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1598 "LSA_REFERENCED_DOMAIN_LIST:");
1599 tree = proto_item_add_subtree(item, ett_lsa_referenced_domain_list);
1603 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1604 hf_lsa_count, NULL);
1606 /* trust information */
1607 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1608 lsa_dissect_LSA_TRUST_INFORMATION_array, NDR_POINTER_UNIQUE,
1609 "TRUST INFORMATION array:", -1);
1612 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1613 hf_lsa_max_count, NULL);
1615 proto_item_set_len(item, offset-old_offset);
1620 lsa_dissect_lsarlookupsids_reply(tvbuff_t *tvb, int offset,
1621 packet_info *pinfo, proto_tree *tree, char *drep)
1623 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1624 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
1625 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
1627 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1628 lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
1629 "LSA_TRANSLATED_NAMES pointer: names", -1);
1631 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1632 hf_lsa_num_mapped, NULL);
1634 offset = dissect_ntstatus(
1635 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1642 lsa_dissect_lsarsetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1643 packet_info *pinfo, proto_tree *tree, char *drep)
1645 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1646 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1648 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1649 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1650 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1657 lsa_dissect_lsarsetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1658 packet_info *pinfo, proto_tree *tree, char *drep)
1660 offset = dissect_ntstatus(
1661 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1668 lsa_dissect_lsargetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
1669 packet_info *pinfo, proto_tree *tree, char *drep)
1671 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1672 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1679 lsa_dissect_lsargetquotasforaccount_reply(tvbuff_t *tvb, int offset,
1680 packet_info *pinfo, proto_tree *tree, char *drep)
1682 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1683 lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
1684 "POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
1686 offset = dissect_ntstatus(
1687 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1694 lsa_dissect_lsarsetinformationpolicy_rqst(tvbuff_t *tvb, int offset,
1695 packet_info *pinfo, proto_tree *tree, char *drep)
1697 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1698 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1700 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1701 hf_lsa_policy_information_class, NULL);
1703 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1704 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
1705 "POLICY_INFORMATION pointer: info", -1);
1712 lsa_dissect_lsarsetinformationpolicy_reply(tvbuff_t *tvb, int offset,
1713 packet_info *pinfo, proto_tree *tree, char *drep)
1715 offset = dissect_ntstatus(
1716 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1723 lsa_dissect_lsarclearauditlog_rqst(tvbuff_t *tvb, int offset,
1724 packet_info *pinfo, proto_tree *tree, char *drep)
1726 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1727 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1729 offset = dissect_ndr_nt_SID(tvb, offset,
1730 pinfo, tree, drep, -1);
1733 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1734 hf_lsa_unknown_long, NULL);
1741 lsa_dissect_lsarclearauditlog_reply(tvbuff_t *tvb, int offset,
1742 packet_info *pinfo, proto_tree *tree, char *drep)
1744 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1745 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1747 offset = dissect_ntstatus(
1748 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1754 lsa_dissect_lsargetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1755 packet_info *pinfo, proto_tree *tree, char *drep)
1757 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1758 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1765 lsa_dissect_lsargetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1766 packet_info *pinfo, proto_tree *tree, char *drep)
1768 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1771 offset = dissect_ntstatus(
1772 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1779 lsa_dissect_lsarsetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
1780 packet_info *pinfo, proto_tree *tree, char *drep)
1782 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1783 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1785 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1793 lsa_dissect_lsarsetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
1794 packet_info *pinfo, proto_tree *tree, char *drep)
1796 offset = dissect_ntstatus(
1797 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1804 lsa_dissect_lsaropentrusteddomain_rqst(tvbuff_t *tvb, int offset,
1805 packet_info *pinfo, proto_tree *tree, char *drep)
1807 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1808 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1810 offset = dissect_ndr_nt_SID(tvb, offset,
1811 pinfo, tree, drep, -1);
1813 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
1821 lsa_dissect_lsaropentrusteddomain_reply(tvbuff_t *tvb, int offset,
1822 packet_info *pinfo, proto_tree *tree, char *drep)
1824 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1825 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1827 offset = dissect_ntstatus(
1828 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1835 lsa_dissect_lsardeletetrusteddomain_rqst(tvbuff_t *tvb, int offset,
1836 packet_info *pinfo, proto_tree *tree, char *drep)
1838 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1839 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1841 offset = dissect_ndr_nt_SID(tvb, offset,
1842 pinfo, tree, drep, -1);
1849 lsa_dissect_lsardeletetrusteddomain_reply(tvbuff_t *tvb, int offset,
1850 packet_info *pinfo, proto_tree *tree, char *drep)
1852 offset = dissect_ntstatus(
1853 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1859 dissect_nt_LUID(tvbuff_t *tvb, int offset,
1860 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1862 proto_item *item=NULL;
1863 proto_tree *tree=NULL;
1864 int old_offset=offset;
1867 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1869 tree = proto_item_add_subtree(item, ett_LUID);
1872 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1873 hf_nt_luid_low, NULL);
1875 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1876 hf_nt_luid_high, NULL);
1878 proto_item_set_len(item, offset-old_offset);
1883 lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset,
1884 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1886 proto_item *item=NULL;
1887 proto_tree *tree=NULL;
1888 int old_offset=offset;
1891 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1893 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
1896 /* privilege name */
1897 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1898 hf_lsa_privilege_name, 0);
1901 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
1903 proto_item_set_len(item, offset-old_offset);
1908 lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset,
1909 packet_info *pinfo, proto_tree *tree, char *drep)
1911 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1912 lsa_dissect_LSA_PRIVILEGE);
1918 lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset,
1919 packet_info *pinfo, proto_tree *parent_tree, char *drep)
1921 proto_item *item=NULL;
1922 proto_tree *tree=NULL;
1923 int old_offset=offset;
1926 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1928 tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES);
1931 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1932 hf_lsa_count, NULL);
1935 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1936 lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE,
1937 "LSA_PRIVILEGE array:", -1);
1939 proto_item_set_len(item, offset-old_offset);
1944 lsa_dissect_lsarenumerateprivileges_rqst(tvbuff_t *tvb, int offset,
1945 packet_info *pinfo, proto_tree *tree, char *drep)
1947 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1948 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1950 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1951 hf_lsa_count, NULL);
1953 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1960 lsa_dissect_lsarenumerateprivileges_reply(tvbuff_t *tvb, int offset,
1961 packet_info *pinfo, proto_tree *tree, char *drep)
1963 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1964 hf_lsa_count, NULL);
1966 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1967 lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF,
1968 "LSA_PRIVILEGES pointer: privs", -1);
1970 offset = dissect_ntstatus(
1971 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
1977 lsa_dissect_lsarlookupprivilegevalue_rqst(tvbuff_t *tvb, int offset,
1978 packet_info *pinfo, proto_tree *tree, char *drep)
1980 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1981 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
1983 /* privilege name */
1984 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1985 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1986 "NAME pointer: ", hf_lsa_privilege_name);
1993 lsa_dissect_lsarlookupprivilegevalue_reply(tvbuff_t *tvb, int offset,
1994 packet_info *pinfo, proto_tree *tree, char *drep)
1998 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
2000 offset = dissect_ntstatus(
2001 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2008 lsa_dissect_lsarlookupprivilegename_rqst(tvbuff_t *tvb, int offset,
2009 packet_info *pinfo, proto_tree *tree, char *drep)
2011 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2012 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2015 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2016 dissect_nt_LUID, NDR_POINTER_REF,
2017 "LUID pointer: value", -1);
2024 lsa_dissect_lsarlookupprivilegename_reply(tvbuff_t *tvb, int offset,
2025 packet_info *pinfo, proto_tree *tree, char *drep)
2027 /* [out, ref] LSA_UNICODE_STRING **name */
2028 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2029 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2030 "PRIVILEGE NAME pointer:", hf_lsa_privilege_name);
2032 offset = dissect_ntstatus(
2033 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2040 lsa_dissect_lsarenumerateprivilegesaccount_rqst(tvbuff_t *tvb, int offset,
2041 packet_info *pinfo, proto_tree *tree, char *drep)
2043 /* [in] LSA_HANDLE hnd */
2044 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2045 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2052 lsa_dissect_LUID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
2053 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2055 proto_item *item=NULL;
2056 proto_tree *tree=NULL;
2057 int old_offset=offset;
2060 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2061 "LUID_AND_ATTRIBUTES:");
2062 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES);
2066 offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
2069 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2072 proto_item_set_len(item, offset-old_offset);
2077 lsa_dissect_LUID_AND_ATTRIBUTES_array(tvbuff_t *tvb, int offset,
2078 packet_info *pinfo, proto_tree *tree, char *drep)
2080 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2081 lsa_dissect_LUID_AND_ATTRIBUTES);
2087 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2088 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2090 proto_item *item=NULL;
2091 proto_tree *tree=NULL;
2092 int old_offset=offset;
2095 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2096 "LUID_AND_ATTRIBUTES_ARRAY:");
2097 tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES_ARRAY);
2100 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2101 hf_lsa_count, NULL);
2103 /* luid and attributes */
2104 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2105 lsa_dissect_LUID_AND_ATTRIBUTES_array, NDR_POINTER_UNIQUE,
2106 "LUID_AND_ATTRIBUTES array:", -1);
2108 proto_item_set_len(item, offset-old_offset);
2113 lsa_dissect_lsarenumerateprivilegesaccount_reply(tvbuff_t *tvb, int offset,
2114 packet_info *pinfo, proto_tree *tree, char *drep)
2116 /* [out, ref] LUID_AND_ATTRIBUTES_ARRAY * *privs */
2117 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2118 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2119 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2121 offset = dissect_ntstatus(
2122 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2128 lsa_dissect_lsaraddprivilegestoaccount_rqst(tvbuff_t *tvb, int offset,
2129 packet_info *pinfo, proto_tree *tree, char *drep)
2131 /* [in] LSA_HANDLE hnd */
2132 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2133 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2135 /* [in, ref] LUID_AND_ATTRIBUTES_ARRAY *privs */
2136 offset = lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvb, offset,
2144 lsa_dissect_lsaraddprivilegestoaccount_reply(tvbuff_t *tvb, int offset,
2145 packet_info *pinfo, proto_tree *tree, char *drep)
2147 offset = dissect_ntstatus(
2148 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2154 lsa_dissect_lsarremoveprivilegesfromaccount_rqst(tvbuff_t *tvb, int offset,
2155 packet_info *pinfo, proto_tree *tree, char *drep)
2157 /* [in] LSA_HANDLE hnd */
2158 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2159 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2161 /* [in] char unknown */
2162 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2163 hf_lsa_unknown_char, NULL);
2165 /* [in, unique] LUID_AND_ATTRIBUTES_ARRAY *privs */
2166 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2167 lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
2168 "LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
2175 lsa_dissect_lsarremoveprivilegesfromaccount_reply(tvbuff_t *tvb, int offset,
2176 packet_info *pinfo, proto_tree *tree, char *drep)
2178 offset = dissect_ntstatus(
2179 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2185 lsa_dissect_lsarenumerateaccounts_rqst(tvbuff_t *tvb, int offset,
2186 packet_info *pinfo, proto_tree *tree, char *drep)
2188 /* [in] LSA_HANDLE hnd */
2189 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2190 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2192 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2193 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2194 hf_lsa_resume_handle, NULL);
2196 /* [in] ULONG pref_maxlen */
2197 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2198 hf_lsa_max_count, NULL);
2204 lsa_dissect_lsarenumerateaccounts_reply(tvbuff_t *tvb, int offset,
2205 packet_info *pinfo, proto_tree *tree, char *drep)
2207 /* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2208 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2209 hf_lsa_resume_handle, NULL);
2211 /* [out, ref] PSID_ARRAY **accounts */
2212 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2213 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2216 offset = dissect_ntstatus(
2217 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2223 lsa_dissect_lsarcreatetrusteddomain_rqst(tvbuff_t *tvb, int offset,
2224 packet_info *pinfo, proto_tree *tree, char *drep)
2226 /* [in] LSA_HANDLE hnd_pol */
2227 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2228 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2230 /* [in, ref] LSA_TRUST_INFORMATION *domain */
2231 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2232 lsa_dissect_LSA_TRUST_INFORMATION, NDR_POINTER_REF,
2233 "LSA_TRUST_INFORMATION pointer: domain", -1);
2235 /* [in] ACCESS_MASK access */
2236 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2243 lsa_dissect_lsarcreatetrusteddomain_reply(tvbuff_t *tvb, int offset,
2244 packet_info *pinfo, proto_tree *tree, char *drep)
2246 /* [out] LSA_HANDLE *hnd */
2247 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2248 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2250 offset = dissect_ntstatus(
2251 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2257 lsa_dissect_lsarenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
2258 packet_info *pinfo, proto_tree *tree, char *drep)
2260 /* [in] LSA_HANDLE hnd */
2261 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2262 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2264 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2265 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2266 hf_lsa_resume_handle, NULL);
2268 /* [in] ULONG pref_maxlen */
2269 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2270 hf_lsa_max_count, NULL);
2276 lsa_dissect_LSA_TRUSTED_DOMAIN(tvbuff_t *tvb, int offset,
2277 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2279 proto_item *item=NULL;
2280 proto_tree *tree=NULL;
2281 int old_offset=offset;
2284 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2286 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN);
2290 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2294 offset = dissect_ndr_nt_PSID(tvb, offset,
2295 pinfo, tree, drep, -1);
2297 proto_item_set_len(item, offset-old_offset);
2302 lsa_dissect_LSA_TRUSTED_DOMAIN_array(tvbuff_t *tvb, int offset,
2303 packet_info *pinfo, proto_tree *tree, char *drep)
2305 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2306 lsa_dissect_LSA_TRUSTED_DOMAIN);
2312 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
2313 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2315 proto_item *item=NULL;
2316 proto_tree *tree=NULL;
2317 int old_offset=offset;
2320 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2321 "TRUSTED_DOMAIN_LIST:");
2322 tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN_LIST);
2325 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2326 hf_lsa_count, NULL);
2329 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2330 lsa_dissect_LSA_TRUSTED_DOMAIN_array, NDR_POINTER_UNIQUE,
2331 "TRUSTED_DOMAIN array:", -1);
2333 proto_item_set_len(item, offset-old_offset);
2338 lsa_dissect_lsarenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
2339 packet_info *pinfo, proto_tree *tree, char *drep)
2341 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
2342 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2343 hf_lsa_resume_handle, NULL);
2345 /* [out, ref] LSA_REFERENCED_DOMAIN_LIST *domains */
2346 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2347 lsa_dissect_LSA_TRUSTED_DOMAIN_LIST, NDR_POINTER_REF,
2348 "LSA_TRUSTED_DOMAIN_LIST pointer: domains", -1);
2350 offset = dissect_ntstatus(
2351 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2358 lsa_dissect_LSA_UNICODE_STRING_item(tvbuff_t *tvb, int offset,
2359 packet_info *pinfo, proto_tree *tree, char *drep)
2363 di=pinfo->private_data;
2364 if(di->conformant_run){
2365 /*just a run to handle conformant arrays, nothing to dissect */
2369 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2376 lsa_dissect_LSA_UNICODE_STRING_array(tvbuff_t *tvb, int offset,
2377 packet_info *pinfo, proto_tree *tree, char *drep)
2379 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2380 lsa_dissect_LSA_UNICODE_STRING_item);
2386 lsa_dissect_LSA_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
2387 packet_info *pinfo, proto_tree *tree, char *drep)
2391 di=pinfo->private_data;
2393 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2394 hf_lsa_count, NULL);
2395 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2396 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2397 "UNICODE_STRING pointer: ", di->hf_index);
2403 lsa_dissect_LSA_TRANSLATED_SID(tvbuff_t *tvb, int offset,
2404 packet_info *pinfo, proto_tree *tree, char *drep)
2407 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2408 hf_lsa_sid_type, NULL);
2410 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2413 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2414 hf_lsa_index, NULL);
2420 lsa_dissect_LSA_TRANSLATED_SIDS_array(tvbuff_t *tvb, int offset,
2421 packet_info *pinfo, proto_tree *tree, char *drep)
2423 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2424 lsa_dissect_LSA_TRANSLATED_SID);
2430 lsa_dissect_LSA_TRANSLATED_SIDS(tvbuff_t *tvb, int offset,
2431 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2433 proto_item *item=NULL;
2434 proto_tree *tree=NULL;
2435 int old_offset=offset;
2438 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2439 "LSA_TRANSLATED_SIDS:");
2440 tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
2444 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2445 hf_lsa_count, NULL);
2448 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2449 lsa_dissect_LSA_TRANSLATED_SIDS_array, NDR_POINTER_UNIQUE,
2450 "Translated SIDS", -1);
2452 proto_item_set_len(item, offset-old_offset);
2457 lsa_dissect_lsarlookupnames_rqst(tvbuff_t *tvb, int offset,
2458 packet_info *pinfo, proto_tree *tree, char *drep)
2460 /* [in] LSA_HANDLE hnd */
2461 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2462 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2464 /* [in] ULONG count */
2465 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2466 hf_lsa_count, NULL);
2468 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
2469 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2470 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
2471 "Account pointer: names", hf_lsa_acct);
2473 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2474 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2475 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2476 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2478 /* [in] USHORT level */
2479 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2480 hf_lsa_info_level, NULL);
2482 /* [in, out, ref] ULONG *num_mapped */
2483 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2484 hf_lsa_num_mapped, NULL);
2491 lsa_dissect_lsarlookupnames_reply(tvbuff_t *tvb, int offset,
2492 packet_info *pinfo, proto_tree *tree, char *drep)
2494 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
2495 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2496 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
2497 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
2499 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
2500 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2501 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
2502 "LSA_TRANSLATED_SIDS pointer: rids", -1);
2504 /* [in, out, ref] ULONG *num_mapped */
2505 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2506 hf_lsa_num_mapped, NULL);
2508 offset = dissect_ntstatus(
2509 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2515 lsa_dissect_lsarcreatesecret_rqst(tvbuff_t *tvb, int offset,
2516 packet_info *pinfo, proto_tree *tree, char *drep)
2518 /* [in] LSA_HANDLE hnd_pol */
2519 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2520 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2522 /* [in, ref] LSA_UNICODE_STRING *name */
2523 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2526 /* [in] ACCESS_MASK access */
2527 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2534 lsa_dissect_lsarcreatesecret_reply(tvbuff_t *tvb, int offset,
2535 packet_info *pinfo, proto_tree *tree, char *drep)
2538 /* [out] LSA_HANDLE *hnd */
2539 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2540 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2542 offset = dissect_ntstatus(
2543 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2549 lsa_dissect_lsaropenaccount_rqst(tvbuff_t *tvb, int offset,
2550 packet_info *pinfo, proto_tree *tree, char *drep)
2552 /* [in] LSA_HANDLE hnd_pol */
2553 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2554 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2556 /* [in, ref] SID *account */
2557 offset = dissect_ndr_nt_SID(tvb, offset,
2558 pinfo, tree, drep, -1);
2560 /* [in] ACCESS_MASK access */
2561 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2569 lsa_dissect_lsaropenaccount_reply(tvbuff_t *tvb, int offset,
2570 packet_info *pinfo, proto_tree *tree, char *drep)
2572 /* [out] LSA_HANDLE *hnd */
2573 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2574 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2576 offset = dissect_ntstatus(
2577 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2582 static const value_string trusted_info_level_vals[] = {
2583 {1, "Domain Name Information"},
2584 {2, "Controllers Information"},
2585 {3, "Posix Offset Information"},
2586 {4, "Password Information"},
2587 {5, "Domain Information Basic"},
2588 {6, "Domain Information Ex"},
2589 {7, "Domain Auth Information"},
2590 {8, "Domain Full Information"},
2591 {9, "Domain Security Descriptor"},
2592 {10, "Domain Private Information"},
2597 lsa_dissect_TRUSTED_DOMAIN_INFORMATION(tvbuff_t *tvb, int offset,
2598 packet_info *pinfo, proto_tree *parent_tree, char *drep)
2600 proto_item *item=NULL;
2601 proto_tree *tree=NULL;
2602 int old_offset=offset;
2606 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2607 "TRUSTED_DOMAIN_INFO:");
2608 tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_info);
2611 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2612 hf_lsa_trusted_info_level, &level);
2614 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2617 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2621 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2622 hf_lsa_count, NULL);
2623 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2624 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
2625 "Controllers pointer: ", hf_lsa_controller);
2628 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2629 hf_lsa_rid_offset, NULL);
2632 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2633 offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
2636 offset = lsa_dissect_LSA_TRUST_INFORMATION(tvb, offset,
2640 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2644 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2647 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2649 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2650 hf_lsa_rid_offset, NULL);
2651 offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
2654 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2657 offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
2659 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2660 hf_lsa_rid_offset, NULL);
2661 offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
2665 proto_item_set_len(item, offset-old_offset);
2670 lsa_dissect_lsarqueryinfotrusteddomain_rqst(tvbuff_t *tvb, int offset,
2671 packet_info *pinfo, proto_tree *tree, char *drep)
2673 /* [in] LSA_HANDLE hnd */
2674 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2675 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2677 /* [in] TRUSTED_INFORMATION_CLASS level */
2678 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2679 hf_lsa_trusted_info_level, NULL);
2686 lsa_dissect_lsarqueryinfotrusteddomain_reply(tvbuff_t *tvb, int offset,
2687 packet_info *pinfo, proto_tree *tree, char *drep)
2689 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info */
2690 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2691 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2692 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2694 offset = dissect_ntstatus(
2695 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2701 lsa_dissect_lsarsetinformationtrusteddomain_rqst(tvbuff_t *tvb, int offset,
2702 packet_info *pinfo, proto_tree *tree, char *drep)
2704 /* [in] LSA_HANDLE hnd */
2705 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2706 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2708 /* [in] TRUSTED_INFORMATION_CLASS level */
2709 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2710 hf_lsa_trusted_info_level, NULL);
2712 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info */
2713 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2714 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
2715 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
2722 lsa_dissect_lsarsetinformationtrusteddomain_reply(tvbuff_t *tvb, int offset,
2723 packet_info *pinfo, proto_tree *tree, char *drep)
2725 offset = dissect_ntstatus(
2726 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2732 lsa_dissect_lsaropensecret_rqst(tvbuff_t *tvb, int offset,
2733 packet_info *pinfo, proto_tree *tree, char *drep)
2735 /* [in] LSA_HANDLE hnd_pol */
2736 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2737 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2739 /* [in, ref] LSA_UNICODE_STRING *name */
2740 offset = dissect_ndr_counted_string_cb(
2741 tvb, offset, pinfo, tree, drep, hf_lsa_name,
2742 cb_wstr_postprocess,
2743 GINT_TO_POINTER(CB_STR_COL_INFO | 1));
2745 /* [in] ACCESS_MASK access */
2746 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
2754 lsa_dissect_lsaropensecret_reply(tvbuff_t *tvb, int offset,
2755 packet_info *pinfo, proto_tree *tree, char *drep)
2757 /* [out] LSA_HANDLE *hnd */
2758 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2759 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2761 offset = dissect_ntstatus(
2762 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2768 lsa_dissect_lsarsetsecret_rqst(tvbuff_t *tvb, int offset,
2769 packet_info *pinfo, proto_tree *tree, char *drep)
2771 /* [in] LSA_HANDLE hnd */
2772 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2773 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2775 /* [in, unique] LSA_SECRET *new_val */
2776 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2777 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2778 "LSA_SECRET pointer: new_val", -1);
2780 /* [in, unique] LSA_SECRET *old_val */
2781 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2782 lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
2783 "LSA_SECRET pointer: old_val", -1);
2790 lsa_dissect_lsarsetsecret_reply(tvbuff_t *tvb, int offset,
2791 packet_info *pinfo, proto_tree *tree, char *drep)
2793 offset = dissect_ntstatus(
2794 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2800 lsa_dissect_lsarquerysecret_rqst(tvbuff_t *tvb, int offset,
2801 packet_info *pinfo, proto_tree *tree, char *drep)
2803 /* [in] LSA_HANDLE hnd */
2804 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2805 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2807 /* [in, out, unique] LSA_SECRET **curr_val */
2808 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2809 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2810 "LSA_SECRET pointer: curr_val", -1);
2812 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2813 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2814 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2815 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2817 /* [in, out, unique] LSA_SECRET **old_val */
2818 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2819 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2820 "LSA_SECRET pointer: old_val", -1);
2822 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2823 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2824 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2825 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2832 lsa_dissect_lsarquerysecret_reply(tvbuff_t *tvb, int offset,
2833 packet_info *pinfo, proto_tree *tree, char *drep)
2835 /* [in, out, unique] LSA_SECRET **curr_val */
2836 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2837 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2838 "LSA_SECRET pointer: curr_val", -1);
2840 /* [in, out, unique] LARGE_INTEGER *curr_mtime */
2841 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2842 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2843 "NTIME pointer: old_mtime", hf_lsa_cur_mtime);
2845 /* [in, out, unique] LSA_SECRET **old_val */
2846 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2847 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
2848 "LSA_SECRET pointer: old_val", -1);
2850 /* [in, out, unique] LARGE_INTEGER *old_mtime */
2851 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2852 lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
2853 "NTIME pointer: old_mtime", hf_lsa_old_mtime);
2855 offset = dissect_ntstatus(
2856 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2862 lsa_dissect_lsardeleteobject_rqst(tvbuff_t *tvb, int offset,
2863 packet_info *pinfo, proto_tree *tree, char *drep)
2865 /* [in] LSA_HANDLE hnd */
2866 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2867 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2874 lsa_dissect_lsardeleteobject_reply(tvbuff_t *tvb, int offset,
2875 packet_info *pinfo, proto_tree *tree, char *drep)
2877 offset = dissect_ntstatus(
2878 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2884 lsa_dissect_lsarenumerateaccountswithuserright_rqst(tvbuff_t *tvb, int offset,
2885 packet_info *pinfo, proto_tree *tree, char *drep)
2887 /* [in] LSA_HANDLE hnd */
2888 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2889 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2891 /* [in, unique] LSA_UNICODE_STRING *rights */
2892 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2893 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
2894 "LSA_UNICODE_STRING pointer: rights", hf_lsa_rights);
2900 lsa_dissect_lsarenumerateaccountswithuserright_reply(tvbuff_t *tvb, int offset,
2901 packet_info *pinfo, proto_tree *tree, char *drep)
2903 /* [out, ref] LSA_UNICODE_STRING_ARRAY *accounts */
2904 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2905 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2906 "Account pointer: names", hf_lsa_acct);
2908 offset = dissect_ntstatus(
2909 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2915 lsa_dissect_lsarenumerateaccountrights_rqst(tvbuff_t *tvb, int offset,
2916 packet_info *pinfo, proto_tree *tree, char *drep)
2918 /* [in] LSA_HANDLE hnd */
2919 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2920 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2922 /* [in, ref] SID *account */
2923 offset = dissect_ndr_nt_SID(tvb, offset,
2924 pinfo, tree, drep, -1);
2931 lsa_dissect_lsarenumerateaccountrights_reply(tvbuff_t *tvb, int offset,
2932 packet_info *pinfo, proto_tree *tree, char *drep)
2934 /* [out, ref] LSA_UNICODE_STRING_ARRAY *rights */
2935 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2936 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2937 "Account pointer: rights", hf_lsa_rights);
2939 offset = dissect_ntstatus(
2940 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2946 lsa_dissect_lsaraddaccountrights_rqst(tvbuff_t *tvb, int offset,
2947 packet_info *pinfo, proto_tree *tree, char *drep)
2949 /* [in] LSA_HANDLE hnd */
2950 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2951 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2953 /* [in, ref] SID *account */
2954 offset = dissect_ndr_nt_SID(tvb, offset,
2955 pinfo, tree, drep, -1);
2957 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2958 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2959 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2960 "Account pointer: rights", hf_lsa_rights);
2967 lsa_dissect_lsaraddaccountrights_reply(tvbuff_t *tvb, int offset,
2968 packet_info *pinfo, proto_tree *tree, char *drep)
2970 offset = dissect_ntstatus(
2971 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
2977 lsa_dissect_lsarremoveaccountrights_rqst(tvbuff_t *tvb, int offset,
2978 packet_info *pinfo, proto_tree *tree, char *drep)
2980 /* [in] LSA_HANDLE hnd */
2981 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2982 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
2984 /* [in, ref] SID *account */
2985 offset = dissect_ndr_nt_SID(tvb, offset,
2986 pinfo, tree, drep, -1);
2989 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2990 hf_lsa_remove_all, NULL);
2992 /* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
2993 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2994 lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
2995 "Account pointer: rights", hf_lsa_rights);
3002 lsa_dissect_lsarremoveaccountrights_reply(tvbuff_t *tvb, int offset,
3003 packet_info *pinfo, proto_tree *tree, char *drep)
3005 offset = dissect_ntstatus(
3006 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3013 lsa_dissect_lsarquerytrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3014 packet_info *pinfo, proto_tree *tree, char *drep)
3016 /* [in] LSA_HANDLE handle */
3017 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3018 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3020 /* [in, ref] LSA_UNICODE_STRING *name */
3022 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3025 /* [in] TRUSTED_INFORMATION_CLASS level */
3026 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3027 hf_lsa_trusted_info_level, NULL);
3034 lsa_dissect_lsarquerytrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3035 packet_info *pinfo, proto_tree *tree, char *drep)
3037 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3038 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3039 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3040 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3042 offset = dissect_ntstatus(
3043 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3050 lsa_dissect_lsarsettrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
3051 packet_info *pinfo, proto_tree *tree, char *drep)
3053 /* [in] LSA_HANDLE handle */
3054 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3055 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3057 /* [in, ref] LSA_UNICODE_STRING *name */
3059 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3062 /* [in] TRUSTED_INFORMATION_CLASS level */
3063 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3064 hf_lsa_trusted_info_level, NULL);
3066 /* [in, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3067 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3068 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3069 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3076 lsa_dissect_lsarsettrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
3077 packet_info *pinfo, proto_tree *tree, char *drep)
3079 offset = dissect_ntstatus(
3080 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3086 lsa_dissect_lsarquerytrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3087 packet_info *pinfo, proto_tree *tree, char *drep)
3089 /* [in] LSA_HANDLE handle */
3090 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3091 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3093 /* [in, ref] SID *sid */
3094 offset = dissect_ndr_nt_SID(tvb, offset,
3095 pinfo, tree, drep, -1);
3097 /* [in] TRUSTED_INFORMATION_CLASS level */
3098 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3099 hf_lsa_trusted_info_level, NULL);
3105 lsa_dissect_lsaropentrusteddomainbyname_rqst(tvbuff_t *tvb, int offset,
3106 packet_info *pinfo, proto_tree *tree, char *drep)
3108 /* [in] LSA_HANDLE handle */
3109 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3110 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3112 /* [in, ref] LSA_UNICODE_STRING *name */
3114 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3117 /* [in] ACCESS_MASK access */
3118 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3126 lsa_dissect_lsaropentrusteddomainbyname_reply(tvbuff_t *tvb, int offset,
3127 packet_info *pinfo, proto_tree *tree, char *drep)
3129 /* [out] LSA_HANDLE handle */
3130 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3131 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3133 offset = dissect_ntstatus(
3134 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3142 lsa_dissect_lsarquerytrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3143 packet_info *pinfo, proto_tree *tree, char *drep)
3145 /* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3146 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3147 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3148 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3150 offset = dissect_ntstatus(
3151 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3157 lsa_dissect_lsarsettrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
3158 packet_info *pinfo, proto_tree *tree, char *drep)
3160 /* [in] LSA_HANDLE handle */
3161 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3162 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3164 /* [in, ref] SID *sid */
3165 offset = dissect_ndr_nt_SID(tvb, offset,
3166 pinfo, tree, drep, -1);
3168 /* [in] TRUSTED_INFORMATION_CLASS level */
3169 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3170 hf_lsa_trusted_info_level, NULL);
3172 /* [ref, ref] TRUSTED_DOMAIN_INFORMATION *info) */
3173 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3174 lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
3175 "TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
3182 lsa_dissect_lsarsettrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
3183 packet_info *pinfo, proto_tree *tree, char *drep)
3185 offset = dissect_ntstatus(
3186 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3192 lsa_dissect_lsarqueryinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3193 packet_info *pinfo, proto_tree *tree, char *drep)
3195 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3196 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3198 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3199 hf_lsa_policy_information_class, NULL);
3205 lsa_dissect_lsarqueryinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3206 packet_info *pinfo, proto_tree *tree, char *drep)
3208 /* This is really a pointer to a pointer though the first level is REF
3209 so we just ignore that one */
3210 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3211 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
3212 "POLICY_INFORMATION pointer: info", -1);
3214 offset = dissect_ntstatus(
3215 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3221 lsa_dissect_lsarsetinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
3222 packet_info *pinfo, proto_tree *tree, char *drep)
3224 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3225 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3227 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3228 hf_lsa_policy_information_class, NULL);
3230 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3231 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3232 "POLICY_INFORMATION pointer: info", -1);
3238 lsa_dissect_lsarsetinformationpolicy2_reply(tvbuff_t *tvb, int offset,
3239 packet_info *pinfo, proto_tree *tree, char *drep)
3241 offset = dissect_ntstatus(
3242 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3248 lsa_dissect_lsarquerydomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3249 packet_info *pinfo, proto_tree *tree, char *drep)
3251 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3252 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3254 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3255 hf_lsa_policy_information_class, NULL);
3261 lsa_dissect_lsarquerydomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3262 packet_info *pinfo, proto_tree *tree, char *drep)
3264 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3265 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3266 "POLICY_INFORMATION pointer: info", -1);
3268 offset = dissect_ntstatus(
3269 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3275 lsa_dissect_lsarsetdomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
3276 packet_info *pinfo, proto_tree *tree, char *drep)
3278 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3279 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3281 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3282 hf_lsa_policy_information_class, NULL);
3284 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3285 lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
3286 "POLICY_INFORMATION pointer: info", -1);
3292 lsa_dissect_lsarsetdomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
3293 packet_info *pinfo, proto_tree *tree, char *drep)
3295 offset = dissect_ntstatus(
3296 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3302 lsa_dissect_lsarlookupnames2_rqst(tvbuff_t *tvb, int offset,
3303 packet_info *pinfo, proto_tree *tree, char *drep)
3305 /* [in] LSA_HANDLE hnd */
3306 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3307 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3309 /* [in] ULONG count */
3310 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3311 hf_lsa_count, NULL);
3313 /* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
3314 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3315 lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
3316 "Account pointer: names", hf_lsa_acct);
3318 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3319 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3320 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3321 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3323 /* [in] USHORT level */
3324 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3325 hf_lsa_info_level, NULL);
3327 /* [in, out, ref] ULONG *num_mapped */
3328 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3329 hf_lsa_num_mapped, NULL);
3332 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3333 hf_lsa_unknown_long, NULL);
3336 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3337 hf_lsa_unknown_long, NULL);
3344 lsa_dissect_lsarlookupnames2_reply(tvbuff_t *tvb, int offset,
3345 packet_info *pinfo, proto_tree *tree, char *drep)
3347 /* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
3348 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3349 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3350 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3352 /* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
3353 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3354 lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
3355 "LSA_TRANSLATED_SIDS pointer: rids", -1);
3357 /* [in, out, ref] ULONG *num_mapped */
3358 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3359 hf_lsa_num_mapped, NULL);
3361 offset = dissect_ntstatus(
3362 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3369 lsa_dissect_lsarcreateaccount_rqst(tvbuff_t *tvb, int offset,
3370 packet_info *pinfo, proto_tree *tree, char *drep)
3372 /* [in] LSA_HANDLE hnd */
3373 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3374 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3376 offset = dissect_ndr_nt_SID(tvb, offset,
3377 pinfo, tree, drep, -1);
3379 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3386 lsa_dissect_lsarcreateaccount_reply(tvbuff_t *tvb, int offset,
3387 packet_info *pinfo, proto_tree *tree, char *drep)
3389 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3390 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3392 offset = dissect_ntstatus(
3393 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3399 lsa_dissect_lsarlookupprivilegedisplayname_rqst(tvbuff_t *tvb, int offset,
3400 packet_info *pinfo, proto_tree *tree, char *drep)
3402 /* [in] LSA_HANDLE hnd */
3403 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3404 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3406 /* [in, ref] LSA_UNICODE_STRING *name */
3407 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3408 hf_lsa_privilege_name, 0);
3410 /* [in, ref] long *size */
3411 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3412 hf_lsa_privilege_display_name_size, NULL);
3419 lsa_dissect_lsarlookupprivilegedisplayname_reply(tvbuff_t *tvb, int offset,
3420 packet_info *pinfo, proto_tree *tree, char *drep)
3422 /* [out, ref] LSA_UNICODE_STRING **disp_name */
3423 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3424 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3425 "NAME pointer: ", hf_lsa_privilege_display_name);
3427 /* [out, ref] long *size */
3428 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3429 hf_lsa_privilege_display_name_size, NULL);
3431 offset = dissect_ntstatus(
3432 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3438 lsa_dissect_lsarstoreprivatedata_rqst(tvbuff_t *tvb, int offset,
3439 packet_info *pinfo, proto_tree *tree, char *drep)
3441 /* [in] LSA_HANDLE hnd */
3442 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3443 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3445 /* [in, ref] LSA_UNICODE_STRING *key */
3446 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3449 /* [in, unique] LSA_SECRET **data */
3450 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3451 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
3452 "LSA_SECRET* pointer: data", -1);
3459 lsa_dissect_lsarstoreprivatedata_reply(tvbuff_t *tvb, int offset,
3460 packet_info *pinfo, proto_tree *tree, char *drep)
3462 offset = dissect_ntstatus(
3463 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3469 lsa_dissect_lsarretrieveprivatedata_rqst(tvbuff_t *tvb, int offset,
3470 packet_info *pinfo, proto_tree *tree, char *drep)
3472 /* [in] LSA_HANDLE hnd */
3473 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3474 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3476 /* [in, ref] LSA_UNICODE_STRING *key */
3477 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3480 /* [in, out, ref] LSA_SECRET **data */
3481 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3482 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3483 "LSA_SECRET* pointer: data", -1);
3490 lsa_dissect_lsarretrieveprivatedata_reply(tvbuff_t *tvb, int offset,
3491 packet_info *pinfo, proto_tree *tree, char *drep)
3493 /* [in, out, ref] LSA_SECRET **data */
3494 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3495 lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
3496 "LSA_SECRET* pointer: data", -1);
3498 offset = dissect_ntstatus(
3499 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3505 lsa_dissect_lsarclosetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3506 packet_info *pinfo, proto_tree *tree, char *drep)
3509 /* [in, out] LSA_HANDLE *tdHnd */
3510 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3511 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3518 lsa_dissect_lsarclosetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3519 packet_info *pinfo, proto_tree *tree, char *drep)
3522 /* [in, out] LSA_HANDLE *tdHnd */
3523 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3524 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3526 offset = dissect_ntstatus(
3527 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3533 lsa_dissect_LSA_TRANSLATED_NAME_EX(tvbuff_t *tvb, int offset,
3534 packet_info *pinfo, proto_tree *parent_tree, char *drep)
3536 proto_item *item=NULL;
3537 proto_tree *tree=NULL;
3538 int old_offset=offset;
3541 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3542 "LSA_TRANSLATED_NAME:");
3543 tree = proto_item_add_subtree(item, ett_lsa_translated_name);
3547 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3548 hf_lsa_sid_type, NULL);
3551 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3555 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3556 hf_lsa_index, NULL);
3559 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3560 hf_lsa_unknown_long, NULL);
3562 proto_item_set_len(item, offset-old_offset);
3567 lsa_dissect_LSA_TRANSLATED_NAME_EX_array(tvbuff_t *tvb, int offset,
3568 packet_info *pinfo, proto_tree *tree, char *drep)
3570 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3571 lsa_dissect_LSA_TRANSLATED_NAME_EX);
3576 lsa_dissect_LSA_TRANSLATED_NAMES_EX(tvbuff_t *tvb, int offset,
3577 packet_info *pinfo, proto_tree *tree, char *drep)
3580 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3581 hf_lsa_count, NULL);
3583 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3584 lsa_dissect_LSA_TRANSLATED_NAME_EX_array, NDR_POINTER_UNIQUE,
3585 "LSA_TRANSLATED_NAME_EX: pointer", -1);
3592 lsa_dissect_lsarlookupsids2_rqst(tvbuff_t *tvb, int offset,
3593 packet_info *pinfo, proto_tree *tree, char *drep)
3595 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3596 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3598 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3599 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3602 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3603 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3604 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3606 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3607 hf_lsa_info_level, NULL);
3609 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3610 hf_lsa_num_mapped, NULL);
3613 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3614 hf_lsa_unknown_long, NULL);
3617 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3618 hf_lsa_unknown_long, NULL);
3624 lsa_dissect_lsarlookupsids2_reply(tvbuff_t *tvb, int offset,
3625 packet_info *pinfo, proto_tree *tree, char *drep)
3627 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3628 lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
3629 "LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
3631 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3632 lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
3633 "LSA_TRANSLATED_NAMES_EX pointer: names", -1);
3635 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3636 hf_lsa_num_mapped, NULL);
3638 offset = dissect_ntstatus(
3639 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3645 lsa_dissect_lsargetusername_rqst(tvbuff_t *tvb, int offset,
3646 packet_info *pinfo, proto_tree *tree, char *drep)
3649 /* [in, unique, string] WCHAR *server */
3650 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3651 dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
3652 "Server:", hf_lsa_server);
3654 /* [in, out, ref] LSA_UNICODE_STRING **user */
3655 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3656 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3657 "ACCOUNT pointer: ", hf_lsa_acct);
3659 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3660 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3661 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3662 "DOMAIN pointer: ", hf_lsa_domain);
3669 lsa_dissect_lsargetusername_reply(tvbuff_t *tvb, int offset,
3670 packet_info *pinfo, proto_tree *tree, char *drep)
3672 /* [in, out, ref] LSA_UNICODE_STRING **user */
3673 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3674 lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3675 "ACCOUNT pointer: ", hf_lsa_acct);
3677 /* [in, out, unique] LSA_UNICODE_STRING **domain */
3678 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3679 lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
3680 "DOMAIN pointer: ", hf_lsa_domain);
3682 offset = dissect_ntstatus(
3683 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3689 lsa_dissect_lsarcreatetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
3690 packet_info *pinfo, proto_tree *tree, char *drep)
3692 /* [in] LSA_HANDLE hnd */
3693 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3694 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3696 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3697 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3698 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3699 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3701 /* [in, ref] TRUSTED_DOMAIN_AUTH_INFORMATION *auth */
3702 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3703 lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION, NDR_POINTER_REF,
3704 "TRUSTED_DOMAIN_AUTH_INFORMATION pointer: auth", -1);
3706 /* [in] ACCESS_MASK mask */
3707 offset = lsa_dissect_ACCESS_MASK(tvb, offset,
3715 lsa_dissect_lsarcreatetrusteddomainex_reply(tvbuff_t *tvb, int offset,
3716 packet_info *pinfo, proto_tree *tree, char *drep)
3718 /* [out] LSA_HANDLE *tdHnd) */
3719 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3720 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3722 offset = dissect_ntstatus(
3723 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3729 lsa_dissect_lsarenumeratetrusteddomainsex_rqst(tvbuff_t *tvb, int offset,
3730 packet_info *pinfo, proto_tree *tree, char *drep)
3732 /* [in] LSA_HANDLE hnd */
3733 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3734 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3736 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3737 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3738 hf_lsa_resume_handle, NULL);
3740 /* [in] ULONG pref_maxlen */
3741 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3742 hf_lsa_max_count, NULL);
3749 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array(tvbuff_t *tvb, int offset,
3750 packet_info *pinfo, proto_tree *tree, char *drep)
3752 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3753 lsa_dissect_LSA_TRUST_INFORMATION_EX);
3759 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX(tvbuff_t *tvb, int offset,
3760 packet_info *pinfo, proto_tree *tree, char *drep)
3763 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3764 hf_lsa_count, NULL);
3766 /* trust information */
3767 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3768 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array, NDR_POINTER_UNIQUE,
3769 "TRUST INFORMATION array:", -1);
3772 /* The original code here was wrong. It now handles these correctly */
3773 /*offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3774 hf_lsa_max_count, NULL);
3781 lsa_dissect_lsarenumeratetrusteddomainsex_reply(tvbuff_t *tvb, int offset,
3782 packet_info *pinfo, proto_tree *tree, char *drep)
3784 /* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
3785 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3786 hf_lsa_resume_handle, NULL);
3788 /* [out, ref] TRUSTED_DOMAIN_INFORMATION_LIST_EX *domains */
3789 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3790 lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX, NDR_POINTER_REF,
3791 "TRUSTED_DOMAIN_INFORMATION_LIST_EX pointer: domains", -1);
3793 offset = dissect_ntstatus(
3794 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3800 lsa_dissect_lsartestcall_rqst(tvbuff_t *tvb, int offset,
3801 packet_info *pinfo, proto_tree *tree, char *drep)
3803 /* [in] LSA_HANDLE handle */
3804 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3805 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3807 /* [in] USHORT flag */
3808 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3809 hf_lsa_unknown_short, NULL);
3811 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3812 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3813 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3814 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3821 lsa_dissect_lsartestcall_reply(tvbuff_t *tvb, int offset,
3822 packet_info *pinfo, proto_tree *tree, char *drep)
3824 /* [out, ref] LSA_SECURITY_DESCRIPTOR **psd) */
3825 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3826 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3827 "LSA_SECURITY_DESCRIPTOR pointer: psd)", -1);
3829 offset = dissect_ntstatus(
3830 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3836 lsa_dissect_lsarcreatetrusteddomainex2_rqst(tvbuff_t *tvb, int offset,
3837 packet_info *pinfo, proto_tree *tree, char *drep)
3839 /* [in] LSA_HANDLE hnd */
3840 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3841 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3843 /* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
3844 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3845 lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
3846 "TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
3848 /* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
3849 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3850 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3851 "LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
3853 /* [in] ULONG unknown */
3854 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3855 hf_lsa_unknown_long, NULL);
3862 lsa_dissect_lsarcreatetrusteddomainex2_reply(tvbuff_t *tvb, int offset,
3863 packet_info *pinfo, proto_tree *tree, char *drep)
3865 /* [out] LSA_HANDLE *h2) */
3866 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3867 hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
3869 offset = dissect_ntstatus(
3870 tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
3876 static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
3877 { LSA_LSARCLOSE, "LsarClose",
3878 lsa_dissect_lsarclose_rqst,
3879 lsa_dissect_lsarclose_reply },
3880 { LSA_LSARDELETE, "LsarDelete",
3881 lsa_dissect_lsardelete_rqst,
3882 lsa_dissect_lsardelete_reply },
3883 { LSA_LSARENUMERATEPRIVILEGES, "LsarEnumeratePrivileges",
3884 lsa_dissect_lsarenumerateprivileges_rqst,
3885 lsa_dissect_lsarenumerateprivileges_reply },
3886 { LSA_LSARQUERYSECURITYOBJECT, "LsarQuerySecurityObject",
3887 lsa_dissect_lsarquerysecurityobject_rqst,
3888 lsa_dissect_lsarquerysecurityobject_reply },
3889 { LSA_LSARSETSECURITYOBJECT, "LsarSetSecurityObject",
3890 lsa_dissect_lsarsetsecurityobject_rqst,
3891 lsa_dissect_lsarsetsecurityobject_reply },
3892 { LSA_LSARCHANGEPASSWORD, "LsarChangePassword",
3893 lsa_dissect_lsarchangepassword_rqst,
3894 lsa_dissect_lsarchangepassword_reply },
3895 { LSA_LSAROPENPOLICY, "LsarOpenPolicy",
3896 lsa_dissect_lsaropenpolicy_rqst,
3897 lsa_dissect_lsaropenpolicy_reply },
3898 { LSA_LSARQUERYINFORMATIONPOLICY, "LsarQueryInformationPolicy",
3899 lsa_dissect_lsarqueryinformationpolicy_rqst,
3900 lsa_dissect_lsarqueryinformationpolicy_reply },
3901 { LSA_LSARSETINFORMATIONPOLICY, "LsarSetInformationPolicy",
3902 lsa_dissect_lsarsetinformationpolicy_rqst,
3903 lsa_dissect_lsarsetinformationpolicy_reply },
3904 { LSA_LSARCLEARAUDITLOG, "LsarClearAuditLog",
3905 lsa_dissect_lsarclearauditlog_rqst,
3906 lsa_dissect_lsarclearauditlog_reply },
3907 { LSA_LSARCREATEACCOUNT, "LsarCreateAccount",
3908 lsa_dissect_lsarcreateaccount_rqst,
3909 lsa_dissect_lsarcreateaccount_reply },
3910 { LSA_LSARENUMERATEACCOUNTS, "LsarEnumerateAccounts",
3911 lsa_dissect_lsarenumerateaccounts_rqst,
3912 lsa_dissect_lsarenumerateaccounts_reply },
3913 { LSA_LSARCREATETRUSTEDDOMAIN, "LsarCreateTrustedDomain",
3914 lsa_dissect_lsarcreatetrusteddomain_rqst,
3915 lsa_dissect_lsarcreatetrusteddomain_reply },
3916 { LSA_LSARENUMERATETRUSTEDDOMAINS, "LsarEnumerateTrustedDomains",
3917 lsa_dissect_lsarenumeratetrusteddomains_rqst,
3918 lsa_dissect_lsarenumeratetrusteddomains_reply },
3919 { LSA_LSARLOOKUPNAMES, "LsarLookupNames",
3920 lsa_dissect_lsarlookupnames_rqst,
3921 lsa_dissect_lsarlookupnames_reply },
3922 { LSA_LSARLOOKUPSIDS, "LsarLookupSids",
3923 lsa_dissect_lsarlookupsids_rqst,
3924 lsa_dissect_lsarlookupsids_reply },
3925 { LSA_LSARCREATESECRET, "LsarCreateSecret",
3926 lsa_dissect_lsarcreatesecret_rqst,
3927 lsa_dissect_lsarcreatesecret_reply },
3928 { LSA_LSAROPENACCOUNT, "LsarOpenAccount",
3929 lsa_dissect_lsaropenaccount_rqst,
3930 lsa_dissect_lsaropenaccount_reply },
3931 { LSA_LSARENUMERATEPRIVILEGESACCOUNT, "LsarEnumeratePrivilegesAccount",
3932 lsa_dissect_lsarenumerateprivilegesaccount_rqst,
3933 lsa_dissect_lsarenumerateprivilegesaccount_reply },
3934 { LSA_LSARADDPRIVILEGESTOACCOUNT, "LsarAddPrivilegesToAccount",
3935 lsa_dissect_lsaraddprivilegestoaccount_rqst,
3936 lsa_dissect_lsaraddprivilegestoaccount_reply },
3937 { LSA_LSARREMOVEPRIVILEGESFROMACCOUNT, "LsarRemovePrivilegesFromAccount",
3938 lsa_dissect_lsarremoveprivilegesfromaccount_rqst,
3939 lsa_dissect_lsarremoveprivilegesfromaccount_reply },
3940 { LSA_LSARGETQUOTASFORACCOUNT, "LsarGetQuotasForAccount",
3941 lsa_dissect_lsargetquotasforaccount_rqst,
3942 lsa_dissect_lsargetquotasforaccount_reply },
3943 { LSA_LSARSETQUOTASFORACCOUNT, "LsarSetQuotasForAccount",
3944 lsa_dissect_lsarsetquotasforaccount_rqst,
3945 lsa_dissect_lsarsetquotasforaccount_reply },
3946 { LSA_LSARGETSYSTEMACCESSACCOUNT, "LsarGetSystemAccessAccount",
3947 lsa_dissect_lsargetsystemaccessaccount_rqst,
3948 lsa_dissect_lsargetsystemaccessaccount_reply },
3949 { LSA_LSARSETSYSTEMACCESSACCOUNT, "LsarSetSystemAccessAccount",
3950 lsa_dissect_lsarsetsystemaccessaccount_rqst,
3951 lsa_dissect_lsarsetsystemaccessaccount_reply },
3952 { LSA_LSAROPENTRUSTEDDOMAIN, "LsarOpenTrustedDomain",
3953 lsa_dissect_lsaropentrusteddomain_rqst,
3954 lsa_dissect_lsaropentrusteddomain_reply },
3955 { LSA_LSARQUERYINFOTRUSTEDDOMAIN, "LsarQueryInfoTrustedDomain",
3956 lsa_dissect_lsarqueryinfotrusteddomain_rqst,
3957 lsa_dissect_lsarqueryinfotrusteddomain_reply },
3958 { LSA_LSARSETINFORMATIONTRUSTEDDOMAIN, "LsarSetInformationTrustedDomain",
3959 lsa_dissect_lsarsetinformationtrusteddomain_rqst,
3960 lsa_dissect_lsarsetinformationtrusteddomain_reply },
3961 { LSA_LSAROPENSECRET, "LsarOpenSecret",
3962 lsa_dissect_lsaropensecret_rqst,
3963 lsa_dissect_lsaropensecret_reply },
3964 { LSA_LSARSETSECRET, "LsarSetSecret",
3965 lsa_dissect_lsarsetsecret_rqst,
3966 lsa_dissect_lsarsetsecret_reply },
3967 { LSA_LSARQUERYSECRET, "LsarQuerySecret",
3968 lsa_dissect_lsarquerysecret_rqst,
3969 lsa_dissect_lsarquerysecret_reply },
3970 { LSA_LSARLOOKUPPRIVILEGEVALUE, "LsarLookupPrivilegeValue",
3971 lsa_dissect_lsarlookupprivilegevalue_rqst,
3972 lsa_dissect_lsarlookupprivilegevalue_reply },
3973 { LSA_LSARLOOKUPPRIVILEGENAME, "LsarLookupPrivilegeName",
3974 lsa_dissect_lsarlookupprivilegename_rqst,
3975 lsa_dissect_lsarlookupprivilegename_reply },
3976 { LSA_LSARLOOKUPPRIVILEGEDISPLAYNAME, "LsarLookupPrivilegeDisplayName",
3977 lsa_dissect_lsarlookupprivilegedisplayname_rqst,
3978 lsa_dissect_lsarlookupprivilegedisplayname_reply },
3979 { LSA_LSARDELETEOBJECT, "LsarDeleteObject",
3980 lsa_dissect_lsardeleteobject_rqst,
3981 lsa_dissect_lsardeleteobject_reply },
3982 { LSA_LSARENUMERATEACCOUNTSWITHUSERRIGHT, "LsarEnumerateAccountsWithUserRight",
3983 lsa_dissect_lsarenumerateaccountswithuserright_rqst,
3984 lsa_dissect_lsarenumerateaccountswithuserright_reply },
3985 { LSA_LSARENUMERATEACCOUNTRIGHTS, "LsarEnumerateAccountRights",
3986 lsa_dissect_lsarenumerateaccountrights_rqst,
3987 lsa_dissect_lsarenumerateaccountrights_reply },
3988 { LSA_LSARADDACCOUNTRIGHTS, "LsarAddAccountRights",
3989 lsa_dissect_lsaraddaccountrights_rqst,
3990 lsa_dissect_lsaraddaccountrights_reply },
3991 { LSA_LSARREMOVEACCOUNTRIGHTS, "LsarRemoveAccountRights",
3992 lsa_dissect_lsarremoveaccountrights_rqst,
3993 lsa_dissect_lsarremoveaccountrights_reply },
3994 { LSA_LSARQUERYTRUSTEDDOMAININFO, "LsarQueryTrustedDomainInfo",
3995 lsa_dissect_lsarquerytrusteddomaininfo_rqst,
3996 lsa_dissect_lsarquerytrusteddomaininfo_reply },
3997 { LSA_LSARSETTRUSTEDDOMAININFO, "LsarSetTrustedDomainInfo",
3998 lsa_dissect_lsarsettrusteddomaininfo_rqst,
3999 lsa_dissect_lsarsettrusteddomaininfo_reply },
4000 { LSA_LSARDELETETRUSTEDDOMAIN, "LsarDeleteTrustedDomain",
4001 lsa_dissect_lsardeletetrusteddomain_rqst,
4002 lsa_dissect_lsardeletetrusteddomain_reply },
4003 { LSA_LSARSTOREPRIVATEDATA, "LsarStorePrivateData",
4004 lsa_dissect_lsarstoreprivatedata_rqst,
4005 lsa_dissect_lsarstoreprivatedata_reply },
4006 { LSA_LSARRETRIEVEPRIVATEDATA, "LsarRetrievePrivateData",
4007 lsa_dissect_lsarretrieveprivatedata_rqst,
4008 lsa_dissect_lsarretrieveprivatedata_reply },
4009 { LSA_LSAROPENPOLICY2, "LsarOpenPolicy2",
4010 lsa_dissect_lsaropenpolicy2_rqst,
4011 lsa_dissect_lsaropenpolicy2_reply },
4012 { LSA_LSARGETUSERNAME, "LsarGetUserName",
4013 lsa_dissect_lsargetusername_rqst,
4014 lsa_dissect_lsargetusername_reply },
4015 { LSA_LSARQUERYINFORMATIONPOLICY2, "LsarQueryInformationPolicy2",
4016 lsa_dissect_lsarqueryinformationpolicy2_rqst,
4017 lsa_dissect_lsarqueryinformationpolicy2_reply },
4018 { LSA_LSARSETINFORMATIONPOLICY2, "LsarSetInformationPolicy2",
4019 lsa_dissect_lsarsetinformationpolicy2_rqst,
4020 lsa_dissect_lsarsetinformationpolicy2_reply },
4021 { LSA_LSARQUERYTRUSTEDDOMAININFOBYNAME, "LsarQueryTrustedDomainInfoByName",
4022 lsa_dissect_lsarquerytrusteddomaininfobyname_rqst,
4023 lsa_dissect_lsarquerytrusteddomaininfobyname_reply },
4024 { LSA_LSARSETTRUSTEDDOMAININFOBYNAME, "LsarSetTrustedDomainInfoByName",
4025 lsa_dissect_lsarsettrusteddomaininfobyname_rqst,
4026 lsa_dissect_lsarsettrusteddomaininfobyname_reply },
4027 { LSA_LSARENUMERATETRUSTEDDOMAINSEX, "LsarEnumerateTrustedDomainsEx",
4028 lsa_dissect_lsarenumeratetrusteddomainsex_rqst,
4029 lsa_dissect_lsarenumeratetrusteddomainsex_reply },
4030 { LSA_LSARCREATETRUSTEDDOMAINEX, "LsarCreateTrustedDomainEx",
4031 lsa_dissect_lsarcreatetrusteddomainex_rqst,
4032 lsa_dissect_lsarcreatetrusteddomainex_reply },
4033 { LSA_LSARCLOSETRUSTEDDOMAINEX, "LsarCloseTrustedDomainEx",
4034 lsa_dissect_lsarclosetrusteddomainex_rqst,
4035 lsa_dissect_lsarclosetrusteddomainex_reply },
4036 { LSA_LSARQUERYDOMAININFORMATIONPOLICY, "LsarQueryDomainInformationPolicy",
4037 lsa_dissect_lsarquerydomaininformationpolicy_rqst,
4038 lsa_dissect_lsarquerydomaininformationpolicy_reply },
4039 { LSA_LSARSETDOMAININFORMATIONPOLICY, "LsarSetDomainInformationPolicy",
4040 lsa_dissect_lsarsetdomaininformationpolicy_rqst,
4041 lsa_dissect_lsarsetdomaininformationpolicy_reply },
4042 { LSA_LSAROPENTRUSTEDDOMAINBYNAME, "LsarOpenTrustedDomainByName",
4043 lsa_dissect_lsaropentrusteddomainbyname_rqst,
4044 lsa_dissect_lsaropentrusteddomainbyname_reply },
4045 { LSA_LSARTESTCALL, "LsarTestCall",
4046 lsa_dissect_lsartestcall_rqst,
4047 lsa_dissect_lsartestcall_reply },
4048 { LSA_LSARLOOKUPSIDS2, "LsarLookupSids2",
4049 lsa_dissect_lsarlookupsids2_rqst,
4050 lsa_dissect_lsarlookupsids2_reply },
4051 { LSA_LSARLOOKUPNAMES2, "LsarLookupNames2",
4052 lsa_dissect_lsarlookupnames2_rqst,
4053 lsa_dissect_lsarlookupnames2_reply },
4054 { LSA_LSARCREATETRUSTEDDOMAINEX2, "LsarCreateTrustedDomainEx2",
4055 lsa_dissect_lsarcreatetrusteddomainex2_rqst,
4056 lsa_dissect_lsarcreatetrusteddomainex2_reply },
4057 { LSA_CREDRWRITE, "CredrWrite", NULL, NULL },
4058 { LSA_CREDRREAD, "CredrRead", NULL, NULL },
4059 { LSA_CREDRENUMERATE, "CredrEnumerate", NULL, NULL },
4060 { LSA_CREDRWRITEDOMAINCREDENTIALS, "CredrWriteDomainCredentials",
4062 { LSA_CREDRREADDOMAINCREDENTIALS, "CredrReadDomainCredentials",
4064 { LSA_CREDRDELETE, "CredrDelete", NULL, NULL },
4065 { LSA_CREDRGETTARGETINFO, "CredrGetTargetInfo", NULL, NULL },
4066 { LSA_CREDRPROFILELOADED, "CredrProfileLoaded", NULL, NULL },
4067 { LSA_LSARLOOKUPNAMES3, "LsarLookupNames3", NULL, NULL },
4068 { LSA_CREDRGETSESSIONTYPES, "CredrGetSessionTypes", NULL, NULL },
4069 { LSA_LSARREGISTERAUDITEVENT, "LsarRegisterAuditEvent", NULL, NULL },
4070 { LSA_LSARGENAUDITEVENT, "LsarGenAuditEvent", NULL, NULL },
4071 { LSA_LSARUNREGISTERAUDITEVENT, "LsarUnregisterAuditEvent", NULL, NULL},
4072 { LSA_LSARQUERYFORESTTRUSTINFORMATION,
4073 "LsarQueryForestTrustInformation", NULL, NULL },
4074 { LSA_LSARSETFORESTTRUSTINFORMATION, "LsarSetForestTrustInformation",
4076 { LSA_CREDRRENAME, "CredrRename", NULL, NULL },
4077 { LSA_LSARLOOKUPSIDS3, "LsarLookupSids3", NULL, NULL },
4078 { LSA_LSARLOOKUPNAMES4, "LsarLookupNames4", NULL, NULL },
4079 { LSA_LSAROPENPOLICYSCE, "LsarOpenPolicySce", NULL, NULL },
4080 { LSA_LSARADTREGISTERSECURITYEVENTSOURCE,
4081 "LsarAdtRegisterSecurityEventSource", NULL, NULL },
4082 { LSA_LSARADTUNREGISTERSECURITYEVENTSOURCE,
4083 "LsarAdtUnregisterSecurityEventSource", NULL, NULL },
4084 { LSA_LSARADTREPORTSECURITYEVENT, "LsarAdtReportSecurityEvent",
4086 {0, NULL, NULL, NULL}
4090 proto_register_dcerpc_lsa(void)
4092 static hf_register_info hf[] = {
4095 { "Operation", "lsa.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "Operation", HFILL }},
4097 { &hf_lsa_unknown_string,
4098 { "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
4099 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
4102 { "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
4103 NULL, 0x0, "LSA policy handle", HFILL }},
4106 { "Server", "lsa.server", FT_STRING, BASE_NONE,
4107 NULL, 0, "Name of Server", HFILL }},
4109 { &hf_lsa_controller,
4110 { "Controller", "lsa.controller", FT_STRING, BASE_NONE,
4111 NULL, 0, "Name of Domain Controller", HFILL }},
4113 { &hf_lsa_unknown_hyper,
4114 { "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
4115 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4117 { &hf_lsa_unknown_long,
4118 { "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
4119 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4121 { &hf_lsa_unknown_short,
4122 { "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
4123 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4125 { &hf_lsa_unknown_char,
4126 { "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
4127 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4130 { "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
4131 VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
4134 { "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
4135 NULL, 0x0, "LSA Attributes", HFILL }},
4137 { &hf_lsa_obj_attr_len,
4138 { "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
4139 NULL, 0x0, "Length of object attribute structure", HFILL }},
4141 { &hf_lsa_obj_attr_name,
4142 { "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
4143 NULL, 0x0, "Name of object attribute", HFILL }},
4145 { &hf_lsa_access_mask,
4146 { "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
4147 NULL, 0x0, "LSA Access Mask", HFILL }},
4149 { &hf_lsa_info_level,
4150 { "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
4151 NULL, 0x0, "Information level of requested data", HFILL }},
4153 { &hf_lsa_trusted_info_level,
4154 { "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
4155 VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
4158 { "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
4159 NULL, 0x0, "Size of lsa security descriptor", HFILL }},
4162 { "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
4163 NULL, 0x0, "Length of quality of service structure", HFILL }},
4165 { &hf_lsa_qos_impersonation_level,
4166 { "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
4167 VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
4169 { &hf_lsa_qos_track_context,
4170 { "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
4171 NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
4173 { &hf_lsa_qos_effective_only,
4174 { "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
4175 NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
4177 { &hf_lsa_pali_percent_full,
4178 { "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
4179 NULL, 0x0, "How full audit log is in percentage", HFILL }},
4181 { &hf_lsa_pali_log_size,
4182 { "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
4183 NULL, 0x0, "Size of audit log", HFILL }},
4185 { &hf_lsa_pali_retention_period,
4186 { "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
4187 NULL, 0x0, "", HFILL }},
4189 { &hf_lsa_pali_time_to_shutdown,
4190 { "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
4191 NULL, 0x0, "Time to shutdown", HFILL }},
4193 { &hf_lsa_pali_shutdown_in_progress,
4194 { "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
4195 NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
4197 { &hf_lsa_pali_next_audit_record,
4198 { "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
4199 NULL, 0x0, "Next audit record", HFILL }},
4201 { &hf_lsa_paei_enabled,
4202 { "Enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
4203 NULL, 0x0, "If Audit Events Information is Enabled or not", HFILL }},
4205 { &hf_lsa_paei_settings,
4206 { "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
4207 NULL, 0x0, "Audit Events Information settings", HFILL }},
4210 { "Count", "lsa.count", FT_UINT32, BASE_DEC,
4211 NULL, 0x0, "Count of objects", HFILL }},
4213 { &hf_lsa_max_count,
4214 { "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
4215 NULL, 0x0, "", HFILL }},
4218 { "FQDN", "lsa.fqdn_domain", FT_STRING, BASE_NONE,
4219 NULL, 0x0, "Fully Qualified Domain Name", HFILL }},
4222 { "Domain", "lsa.domain", FT_STRING, BASE_NONE,
4223 NULL, 0x0, "Domain", HFILL }},
4225 { &hf_lsa_domain_sid,
4226 { "Domain SID", "lsa.domain_sid", FT_STRING, BASE_NONE,
4227 NULL, 0x0, "The Domain SID", HFILL }},
4230 { "Account", "lsa.acct", FT_STRING, BASE_NONE,
4231 NULL, 0x0, "Account", HFILL }},
4234 { "Source", "lsa.source", FT_STRING, BASE_NONE,
4235 NULL, 0x0, "Replica Source", HFILL }},
4237 { &hf_lsa_server_role,
4238 { "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
4239 VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
4241 { &hf_lsa_quota_paged_pool,
4242 { "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
4243 NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
4245 { &hf_lsa_quota_non_paged_pool,
4246 { "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
4247 NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
4249 { &hf_lsa_quota_min_wss,
4250 { "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
4251 NULL, 0x0, "Size of Quota Min WSS", HFILL }},
4253 { &hf_lsa_quota_max_wss,
4254 { "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
4255 NULL, 0x0, "Size of Quota Max WSS", HFILL }},
4257 { &hf_lsa_quota_pagefile,
4258 { "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
4259 NULL, 0x0, "Size of quota pagefile usage", HFILL }},
4261 { &hf_lsa_mod_seq_no,
4262 { "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
4263 NULL, 0x0, "Sequence number for this modification", HFILL }},
4265 { &hf_lsa_mod_mtime,
4266 { "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4267 NULL, 0x0, "Time when this modification occured", HFILL }},
4269 { &hf_lsa_cur_mtime,
4270 { "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4271 NULL, 0x0, "Current MTime to set", HFILL }},
4273 { &hf_lsa_old_mtime,
4274 { "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
4275 NULL, 0x0, "Old MTime for this object", HFILL }},
4278 { "Name", "lsa.name", FT_STRING, BASE_NONE,
4279 NULL, 0x0, "", HFILL }},
4282 { "Key", "lsa.key", FT_STRING, BASE_NONE,
4283 NULL, 0x0, "", HFILL }},
4285 { &hf_lsa_flat_name,
4286 { "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
4287 NULL, 0x0, "", HFILL }},
4290 { "Forest", "lsa.forest", FT_STRING, BASE_NONE,
4291 NULL, 0x0, "", HFILL }},
4293 { &hf_lsa_info_type,
4294 { "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
4295 NULL, 0x0, "", HFILL }},
4298 { "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
4299 NULL, 0x0, "New password", HFILL }},
4302 { "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
4303 NULL, 0x0, "Old password", HFILL }},
4306 { "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
4307 VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
4310 { "RID", "lsa.rid", FT_UINT32, BASE_HEX,
4311 NULL, 0x0, "RID", HFILL }},
4313 { &hf_lsa_rid_offset,
4314 { "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
4315 NULL, 0x0, "RID Offset", HFILL }},
4318 { "Index", "lsa.index", FT_UINT32, BASE_DEC,
4319 NULL, 0x0, "", HFILL }},
4321 { &hf_lsa_num_mapped,
4322 { "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
4323 NULL, 0x0, "", HFILL }},
4325 { &hf_lsa_policy_information_class,
4326 { "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
4327 VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
4330 { "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX,
4331 NULL, 0, "", HFILL }},
4333 { &hf_lsa_auth_blob,
4334 { "Auth blob", "lsa.auth.blob", FT_BYTES, BASE_HEX,
4335 NULL, 0, "", HFILL }},
4338 { "High", "nt.luid.high", FT_UINT32, BASE_HEX,
4339 NULL, 0x0, "LUID High component", HFILL }},
4342 { "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
4343 NULL, 0x0, "LUID Low component", HFILL }},
4346 { "Size", "lsa.size", FT_UINT32, BASE_DEC,
4347 NULL, 0x0, "", HFILL }},
4350 { "Size", "lsa.size", FT_UINT16, BASE_DEC,
4351 NULL, 0x0, "", HFILL }},
4353 { &hf_lsa_privilege_display_name_size,
4354 { "Size Needed", "lsa.privilege.display__name.size", FT_UINT32, BASE_DEC,
4355 NULL, 0x0, "Number of characters in the privilege display name", HFILL }},
4357 { &hf_lsa_privilege_name,
4358 { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
4359 NULL, 0x0, "LSA Privilege Name", HFILL }},
4361 { &hf_lsa_privilege_display_name,
4362 { "Display Name", "lsa.privilege.display_name", FT_STRING, BASE_NONE,
4363 NULL, 0x0, "LSA Privilege Display Name", HFILL }},
4366 { "Rights", "lsa.rights", FT_STRING, BASE_NONE,
4367 NULL, 0x0, "Account Rights", HFILL }},
4369 { &hf_lsa_policy_information,
4370 { "POLICY INFO", "lsa.policy_information", FT_NONE, BASE_NONE,
4371 NULL, 0x0, "Policy Information union", HFILL }},
4374 { "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
4375 NULL, 0x0, "LSA Attributes", HFILL }},
4377 { &hf_lsa_auth_update,
4378 { "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
4379 NULL, 0x0, "LSA Auth Info update", HFILL }},
4381 { &hf_lsa_resume_handle,
4382 { "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
4383 NULL, 0x0, "Resume Handle", HFILL }},
4385 { &hf_lsa_trust_direction,
4386 { "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
4387 VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
4389 { &hf_lsa_trust_type,
4390 { "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
4391 VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
4393 { &hf_lsa_trust_attr,
4394 { "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
4395 NULL, 0x0, "Trust attributes", HFILL }},
4397 { &hf_lsa_trust_attr_non_trans,
4398 { "Non Transitive", "lsa.trust.attr.non_trans", FT_BOOLEAN, 32,
4399 TFS(&tfs_trust_attr_non_trans), 0x00000001, "Non Transitive trust", HFILL }},
4401 { &hf_lsa_trust_attr_uplevel_only,
4402 { "Upleve only", "lsa.trust.attr.uplevel_only", FT_BOOLEAN, 32,
4403 TFS(&tfs_trust_attr_uplevel_only), 0x00000002, "Uplevel only trust", HFILL }},
4405 { &hf_lsa_trust_attr_tree_parent,
4406 { "Tree Parent", "lsa.trust.attr.tree_parent", FT_BOOLEAN, 32,
4407 TFS(&tfs_trust_attr_tree_parent), 0x00400000, "Tree Parent trust", HFILL }},
4409 { &hf_lsa_trust_attr_tree_root,
4410 { "Tree Root", "lsa.trust.attr.tree_root", FT_BOOLEAN, 32,
4411 TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
4413 { &hf_lsa_auth_type,
4414 { "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
4415 NULL, 0x0, "Auth Info type", HFILL }},
4418 { "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
4419 NULL, 0x0, "Auth Info len", HFILL }},
4421 { &hf_lsa_remove_all,
4422 { "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
4423 NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }},
4425 { &hf_view_local_info,
4426 { "View local info", "lsa.access_mask.view_local_info",
4427 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_LOCAL_INFORMATION,
4428 "View local info", HFILL }},
4430 { &hf_view_audit_info,
4431 { "View audit info", "lsa.access_mask.view_audit_info",
4432 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_AUDIT_INFORMATION,
4433 "View audit info", HFILL }},
4435 { &hf_get_private_info,
4436 { "Get private info", "lsa.access_mask.get_privateinfo",
4437 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_GET_PRIVATE_INFORMATION,
4438 "Get private info", HFILL }},
4441 { "Trust admin", "lsa.access_mask.trust_admin",
4442 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_TRUST_ADMIN,
4443 "Trust admin", HFILL }},
4445 { &hf_create_account,
4446 { "Create account", "lsa.access_mask.create_account",
4447 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_ACCOUNT,
4448 "Create account", HFILL }},
4450 { &hf_create_secret,
4451 { "Create secret", "lsa.access_mask.create_secret",
4452 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_SECRET,
4453 "Create secret", HFILL }},
4456 { "Create privilege", "lsa.access_mask.create_priv",
4457 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_PRIVILEGE,
4458 "Create privilege", HFILL }},
4460 { &hf_set_default_quota_limits,
4461 { "Set default quota limits", "lsa.access_mask.set_default_quota_limits",
4462 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_DEFAULT_QUOTA_LIMITS,
4463 "Set default quota limits", HFILL }},
4465 { &hf_set_audit_requirements,
4466 { "Set audit requirements", "lsa.access_mask.set_audit_requirements",
4467 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_AUDIT_REQUIREMENTS,
4468 "Set audit requirements", HFILL }},
4471 { "Server admin", "lsa.access_mask.server_admin",
4472 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SERVER_ADMIN,
4473 "Server admin", HFILL }},
4476 { "Lookup names", "lsa.access_mask.lookup_names",
4477 FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_LOOKUP_NAMES,
4478 "Lookup names", HFILL }}
4481 static gint *ett[] = {
4483 &ett_lsa_OBJECT_ATTRIBUTES,
4484 &ett_LSA_SECURITY_DESCRIPTOR,
4485 &ett_lsa_policy_info,
4486 &ett_lsa_policy_audit_log_info,
4487 &ett_lsa_policy_audit_events_info,
4488 &ett_lsa_policy_primary_domain_info,
4489 &ett_lsa_policy_primary_account_info,
4490 &ett_lsa_policy_server_role_info,
4491 &ett_lsa_policy_replica_source_info,
4492 &ett_lsa_policy_default_quota_info,
4493 &ett_lsa_policy_modification_info,
4494 &ett_lsa_policy_audit_full_set_info,
4495 &ett_lsa_policy_audit_full_query_info,
4496 &ett_lsa_policy_dns_domain_info,
4497 &ett_lsa_translated_names,
4498 &ett_lsa_translated_name,
4499 &ett_lsa_referenced_domain_list,
4500 &ett_lsa_trust_information,
4501 &ett_lsa_trust_information_ex,
4503 &ett_LSA_PRIVILEGES,
4505 &ett_LSA_LUID_AND_ATTRIBUTES_ARRAY,
4506 &ett_LSA_LUID_AND_ATTRIBUTES,
4507 &ett_LSA_TRUSTED_DOMAIN_LIST,
4508 &ett_LSA_TRUSTED_DOMAIN,
4509 &ett_LSA_TRANSLATED_SIDS,
4510 &ett_lsa_trusted_domain_info,
4511 &ett_lsa_trust_attr,
4512 &ett_lsa_trusted_domain_auth_information,
4513 &ett_lsa_auth_information
4516 proto_dcerpc_lsa = proto_register_protocol(
4517 "Microsoft Local Security Architecture", "LSA", "lsa");
4519 proto_register_field_array (proto_dcerpc_lsa, hf, array_length (hf));
4520 proto_register_subtree_array(ett, array_length(ett));
4523 /* Protocol handoff */
4525 static e_uuid_t uuid_dcerpc_lsa = {
4526 0x12345778, 0x1234, 0xabcd,
4527 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
4530 static guint16 ver_dcerpc_lsa = 0;
4533 proto_reg_handoff_dcerpc_lsa(void)
4535 /* Register protocol as dcerpc */
4537 dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
4538 ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum);