git.samba.org / obnox / wireshark / wip.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
LSA dissector updates. Adds a lot of LSA functions to the dissector.
[obnox/wireshark/wip.git] / packet-dcerpc-netlogon.c
1 /* packet-dcerpc-netlogon.c
2  * Routines for SMB \\PIPE\\NETLOGON packet disassembly
3  * Copyright 2001, Tim Potter <tpot@samba.org>
4  *  2002 structure and command dissectors by Ronnie Sahlberg
5  *
6  * $Id: packet-dcerpc-netlogon.c,v 1.14 2002/04/17 09:24:08 sahlberg Exp $
7  *
8  * Ethereal - Network traffic analyzer
9  * By Gerald Combs <gerald@ethereal.com>
10  * Copyright 1998 Gerald Combs
11  * 
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License
14  * as published by the Free Software Foundation; either version 2
15  * of the License, or (at your option) any later version.
16  * 
17  * This program is distributed in the hope that it will be useful,
18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20  * GNU General Public License for more details.
21  * 
22  * You should have received a copy of the GNU General Public License
23  * along with this program; if not, write to the Free Software
24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
25  */
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <glib.h>
32 #include <epan/packet.h>
33 #include "packet-dcerpc.h"
34 #include "packet-dcerpc-nt.h"
35 #include "packet-dcerpc-netlogon.h"
36 #include "smb.h"        /* for "NT_errors[]" */
37 #include "packet-smb-common.h"
38
39 static int proto_dcerpc_netlogon = -1;
40 static int hf_netlogon_rc = -1;
41 static int hf_netlogon_len = -1;
42 static int hf_netlogon_status = -1;
43 static int hf_netlogon_attrs = -1;
44 static int hf_netlogon_count = -1;
45 static int hf_netlogon_level = -1;
46 static int hf_netlogon_level_long = -1;
47 static int hf_netlogon_unknown_time = -1;
48 static int hf_netlogon_unknown_string = -1;
49 static int hf_netlogon_unknown_long = -1;
50 static int hf_netlogon_unknown_short = -1;
51 static int hf_netlogon_unknown_char = -1;
52 static int hf_netlogon_logon_time = -1;
53 static int hf_netlogon_logoff_time = -1;
54 static int hf_netlogon_kickoff_time = -1;
55 static int hf_netlogon_pwd_last_set_time = -1;
56 static int hf_netlogon_pwd_can_change_time = -1;
57 static int hf_netlogon_pwd_must_change_time = -1;
58 static int hf_netlogon_timestamp = -1;
59 static int hf_netlogon_nt_chal_resp = -1;
60 static int hf_netlogon_lm_chal_resp = -1;
61 static int hf_netlogon_credential = -1;
62 static int hf_netlogon_cypher_block = -1;
63 static int hf_netlogon_acct_name = -1;
64 static int hf_netlogon_acct_desc = -1;
65 static int hf_netlogon_group_desc = -1;
66 static int hf_netlogon_full_name = -1;
67 static int hf_netlogon_comment = -1;
68 static int hf_netlogon_parameters = -1;
69 static int hf_netlogon_logon_script = -1;
70 static int hf_netlogon_profile_path = -1;
71 static int hf_netlogon_home_dir = -1;
72 static int hf_netlogon_dir_drive = -1;
73 static int hf_netlogon_logon_count = -1;
74 static int hf_netlogon_bad_pw_count = -1;
75 static int hf_netlogon_user_rid = -1;
76 static int hf_netlogon_alias_rid = -1;
77 static int hf_netlogon_group_rid = -1;
78 static int hf_netlogon_logon_srv = -1;
79 static int hf_netlogon_logon_dom = -1;
80 static int hf_netlogon_trusted_domain_name = -1;
81 static int hf_netlogon_num_rids = -1;
82 static int hf_netlogon_num_other_groups = -1;
83 static int hf_netlogon_computer_name = -1;
84 static int hf_netlogon_site_name = -1;
85 static int hf_netlogon_trusted_dc_name = -1;
86 static int hf_netlogon_dc_name = -1;
87 static int hf_netlogon_dc_site_name = -1;
88 static int hf_netlogon_dns_forest_name = -1;
89 static int hf_netlogon_dc_address = -1;
90 static int hf_netlogon_dc_address_type = -1;
91 static int hf_netlogon_client_name = -1;
92 static int hf_netlogon_client_site_name = -1;
93 static int hf_netlogon_workstation_site_name = -1;
94 static int hf_netlogon_workstation_os = -1;
95 static int hf_netlogon_workstations = -1;
96 static int hf_netlogon_workstation_fqdn = -1;
97 static int hf_netlogon_group_name = -1;
98 static int hf_netlogon_alias_name = -1;
99 static int hf_netlogon_cli_name = -1;
100 static int hf_netlogon_country = -1;
101 static int hf_netlogon_codepage = -1;
102 static int hf_netlogon_flags = -1;
103 static int hf_netlogon_user_flags = -1;
104 static int hf_netlogon_pwd_expired = -1;
105 static int hf_netlogon_nt_pwd_present = -1;
106 static int hf_netlogon_lm_pwd_present = -1;
107 static int hf_netlogon_code = -1;
108 static int hf_netlogon_database_id = -1;
109 static int hf_netlogon_max_size = -1;
110 static int hf_netlogon_dns_host = -1;
111 static int hf_netlogon_num_pwd_pairs = -1;
112 static int hf_netlogon_acct_expiry_time = -1;
113 static int hf_netlogon_encrypted_lm_owf_password = -1;
114 static int hf_netlogon_lm_owf_password = -1;
115 static int hf_netlogon_nt_owf_password = -1;
116 static int hf_netlogon_param_ctrl = -1;
117 static int hf_netlogon_logon_id = -1;
118 static int hf_netlogon_num_deltas = -1;
119 static int hf_netlogon_user_session_key = -1;
120 static int hf_netlogon_blob_size = -1;
121 static int hf_netlogon_blob = -1;
122 static int hf_netlogon_logon_attempts = -1;
123 static int hf_netlogon_authoritative = -1;
124 static int hf_netlogon_secure_channel_type = -1;
125 static int hf_netlogon_logonsrv_handle = -1;
126 static int hf_netlogon_lsa_secret = -1;
127 static int hf_netlogon_lsa_sd_size = -1;
128
129 static gint ett_dcerpc_netlogon = -1;
130 static gint ett_NETLOGON_SECURITY_DESCRIPTOR = -1;
131 static gint ett_TYPE_1 = -1;
132 static gint ett_TYPE_2 = -1;
133 static gint ett_CYPHER_BLOCK = -1;
134 static gint ett_NETLOGON_AUTHENTICATOR = -1;
135 static gint ett_NETLOGON_LOGON_IDENTITY_INFO = -1;
136 static gint ett_NETLOGON_INTERACTIVE_INFO = -1;
137 static gint ett_NETLOGON_NETWORK_INFO = -1;
138 static gint ett_NETLOGON_VALIDATION_SAM_INFO1 = -1;
139 static gint ett_NETLOGON_VALIDATION_SAM_INFO2 = -1;
140 static gint ett_TYPE_16 = -1;
141 static gint ett_NETLOGON_SAM_DOMAIN_INFO = -1;
142 static gint ett_NETLOGON_SAM_GROUP_INFO = -1;
143 static gint ett_TYPE_23 = -1;
144 static gint ett_NETLOGON_SAM_ACCOUNT_INFO = -1;
145 static gint ett_NETLOGON_SAM_GROUP_MEM_INFO = -1;
146 static gint ett_NETLOGON_SAM_ALIAS_INFO = -1;
147 static gint ett_NETLOGON_SAM_ALIAS_MEM_INFO = -1;
148 static gint ett_TYPE_30 = -1;
149 static gint ett_TYPE_29 = -1;
150 static gint ett_TYPE_31 = -1;
151 static gint ett_TYPE_32 = -1;
152 static gint ett_TYPE_33 = -1;
153 static gint ett_TYPE_34 = -1;
154 static gint ett_TYPE_35 = -1;
155 static gint ett_SAM_DELTA = -1;
156 static gint ett_SAM_DELTA_ARRAY = -1;
157 static gint ett_TYPE_36 = -1;
158 static gint ett_NETLOGON_INFO_1 = -1;
159 static gint ett_NETLOGON_INFO_2 = -1;
160 static gint ett_NETLOGON_INFO_3 = -1;
161 static gint ett_NETLOGON_INFO_4 = -1;
162 static gint ett_UNICODE_MULTI = -1;
163 static gint ett_DOMAIN_CONTROLLER_INFO = -1;
164 static gint ett_TYPE_46 = -1;
165 static gint ett_TYPE_48 = -1;
166 static gint ett_UNICODE_STRING_512 = -1;
167 static gint ett_TYPE_50 = -1;
168 static gint ett_TYPE_51 = -1;
169 static gint ett_TYPE_52 = -1;
170 static gint ett_NETLOGON_LEVEL = -1;
171 static gint ett_NETLOGON_VALIDATION = -1;
172 static gint ett_TYPE_19 = -1;
173 static gint ett_NETLOGON_CONTROL_QUERY_INFO = -1;
174 static gint ett_TYPE_44 = -1;
175 static gint ett_TYPE_20 = -1;
176 static gint ett_NETLOGON_INFO = -1;
177 static gint ett_TYPE_45 = -1;
178 static gint ett_TYPE_47 = -1;
179 static gint ett_NETLOGON_CREDENTIAL = -1;
180 static gint ett_GUID = -1;
181 static gint ett_ENC_LM_OWF_PASSWORD = -1;
182 static gint ett_LM_OWF_PASSWORD = -1;
183 static gint ett_NT_OWF_PASSWORD = -1;
184 static gint ett_GROUP_MEMBERSHIP = -1;
185 static gint ett_USER_SESSION_KEY = -1;
186 static gint ett_BLOB = -1;
187 static gint ett_rid_array = -1;
188 static gint ett_attrib_array = -1;
189
190 extern gint ett_nt_unicode_string;
191
192 static e_uuid_t uuid_dcerpc_netlogon = {
193         0x12345678, 0x1234, 0xabcd,
194         { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0xcf, 0xfb }
195 };
196
197 static guint16 ver_dcerpc_netlogon = 1;
198
199
200 static int
201 lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset, 
202                              packet_info *pinfo, proto_tree *tree,
203                              char *drep)
204 {
205         guint32 len;
206         dcerpc_info *di;
207         
208         di=pinfo->private_data;
209         if(di->conformant_run){
210                 /*just a run to handle conformant arrays, nothing to dissect */
211                 return offset;
212         }
213
214         offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
215                                      hf_netlogon_lsa_sd_size, &len);
216
217         dissect_nt_sec_desc(tvb, pinfo, offset, tree, len);
218         offset += len;
219
220         return offset;
221 }
222 static int
223 lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
224                         packet_info *pinfo, proto_tree *parent_tree,
225                         char *drep)
226 {
227         proto_item *item=NULL;
228         proto_tree *tree=NULL;
229         int old_offset=offset;
230
231         if(parent_tree){
232                 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
233                         "LSA_SECURITY_DESCRIPTOR:");
234                 tree = proto_item_add_subtree(item, ett_NETLOGON_SECURITY_DESCRIPTOR);
235         }
236
237         offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
238                                      hf_netlogon_lsa_sd_size, NULL);
239         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
240                         lsa_dissect_LSA_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
241                         "LSA SECURITY DESCRIPTOR data:", -1, 0);
242
243         proto_item_set_len(item, offset-old_offset);
244         return offset;
245 }
246
247 /* XXX temporary, until we get the real one in LSA */
248 static int
249 lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset, 
250                              packet_info *pinfo, proto_tree *tree,
251                              char *drep)
252 {
253         guint32 len;
254         dcerpc_info *di;
255
256         di=pinfo->private_data;
257         if(di->conformant_run){
258                 /*just a run to handle conformant arrays, nothing to dissect */
259                 return offset;
260         }
261
262         offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
263                                      hf_netlogon_lsa_sd_size, &len);
264         proto_tree_add_item(tree, hf_netlogon_lsa_secret, tvb, offset, len, FALSE);
265         offset += len;
266
267         return offset;
268 }
269 static int
270 lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
271                         packet_info *pinfo, proto_tree *parent_tree,
272                         char *drep)
273 {
274         proto_item *item=NULL;
275         proto_tree *tree=NULL;
276         int old_offset=offset;
277
278         if(parent_tree){
279                 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
280                         "LSA_SECRET:");
281                 tree = proto_item_add_subtree(item, ett_NETLOGON_SECURITY_DESCRIPTOR);
282         }
283
284         /* XXX need to figure this one out */
285         offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
286                                      hf_netlogon_lsa_sd_size, NULL);
287         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
288                         lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
289                         "LSA SECRET data:", -1, 0);
290
291         proto_item_set_len(item, offset-old_offset);
292         return offset;
293 }
294
295
296 static int
297 netlogon_dissect_pointer_long(tvbuff_t *tvb, int offset, 
298                              packet_info *pinfo, proto_tree *tree, 
299                              char *drep)
300 {
301         dcerpc_info *di;
302
303         di=pinfo->private_data;
304         offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
305                                      di->hf_index, NULL);
306         return offset;
307 }
308
309 static int
310 netlogon_dissect_pointer_char(tvbuff_t *tvb, int offset, 
311                              packet_info *pinfo, proto_tree *tree, 
312                              char *drep)
313 {
314         dcerpc_info *di;
315
316         di=pinfo->private_data;
317         offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
318                                      di->hf_index, NULL);
319         return offset;
320 }
321
322 static int
323 netlogon_dissect_pointer_STRING(tvbuff_t *tvb, int offset, 
324                              packet_info *pinfo, proto_tree *tree, 
325                              char *drep)
326 {
327         dcerpc_info *di;
328
329         di=pinfo->private_data;
330         if(di->conformant_run){
331                 /*just a run to handle conformant arrays, nothing to dissect */
332                 return offset;
333         }
334
335         offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
336                         di->hf_index, 0);
337         return offset;
338 }
339
340 int
341 netlogon_dissect_UNICODE_STRING(tvbuff_t *tvb, int offset, 
342                         packet_info *pinfo, proto_tree *parent_tree, 
343                         char *drep, int type, int hf_index, int levels)
344 {
345         proto_item *item=NULL;
346         proto_tree *tree=NULL;
347         int old_offset=offset;
348         dcerpc_info *di;
349         char *name;
350
351         di=pinfo->private_data;
352         if(di->conformant_run){
353                 /*just a run to handle conformant arrays, nothing to dissect */
354                 return offset;
355         }
356
357         name = proto_registrar_get_name(hf_index);
358         if(parent_tree){
359                 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
360                         "%s", name);
361                 tree = proto_item_add_subtree(item, ett_nt_unicode_string);
362         }
363
364         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
365                         dissect_ndr_nt_UNICODE_STRING_str, type,
366                         name, hf_index, levels);
367
368         proto_item_set_len(item, offset-old_offset);
369         return offset;
370 }
371
372
373 static int
374 netlogon_dissect_NETLOGON_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
375                         packet_info *pinfo, proto_tree *parent_tree,
376                         char *drep)
377 {
378         proto_item *item=NULL;
379         proto_tree *tree=NULL;
380         int old_offset=offset;
381
382         if(parent_tree){
383                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
384                         "NETLOGON_SECURITY_DESCRIPTOR:");
385                 tree = proto_item_add_subtree(item, ett_NETLOGON_SECURITY_DESCRIPTOR);
386         }
387
388         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
389                 hf_netlogon_len, NULL);
390
391         offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset,
392                 pinfo, tree, drep);
393
394         proto_item_set_len(item, offset-old_offset);
395         return offset;
396 }
397
398 static int
399 netlogon_dissect_TYPE_1(tvbuff_t *tvb, int offset,
400                         packet_info *pinfo, proto_tree *parent_tree,
401                         char *drep)
402 {
403         proto_item *item=NULL;
404         proto_tree *tree=NULL;
405         int old_offset=offset;
406
407         if(parent_tree){
408                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
409                         "TYPE_1:");
410                 tree = proto_item_add_subtree(item, ett_TYPE_1);
411         }
412
413         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
414                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
415                 "unknown", hf_netlogon_unknown_string, -1);
416
417         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
418                 hf_netlogon_unknown_long, NULL);
419
420         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
421                 hf_netlogon_unknown_long, NULL);
422
423         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
424                 hf_netlogon_unknown_long, NULL);
425
426         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
427                 hf_netlogon_unknown_long, NULL);
428
429         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
430                 hf_netlogon_unknown_long, NULL);
431
432         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
433                 hf_netlogon_unknown_long, NULL);
434
435         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
436                 hf_netlogon_unknown_long, NULL);
437
438         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
439                 hf_netlogon_unknown_long, NULL);
440
441         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
442                 hf_netlogon_unknown_long, NULL);
443
444         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
445                 hf_netlogon_unknown_long, NULL);
446
447         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
448                 hf_netlogon_unknown_long, NULL);
449
450         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
451                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
452                 "unknown", hf_netlogon_unknown_string, -1);
453
454         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
455                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
456                 "unknown", hf_netlogon_unknown_string, -1);
457
458         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
459                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
460                 "unknown", hf_netlogon_unknown_string, -1);
461
462         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
463                 hf_netlogon_unknown_long, NULL);
464
465         proto_item_set_len(item, offset-old_offset);
466         return offset;
467 }
468
469 static int
470 netlogon_dissect_TYPE_1_ptr(tvbuff_t *tvb, int offset,
471                         packet_info *pinfo, proto_tree *tree,
472                         char *drep)
473 {
474         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
475                 netlogon_dissect_TYPE_1, NDR_POINTER_PTR,
476                 "TYPE_1 pointer: ", -1, 0);
477         return offset;
478 }
479
480 static int
481 netlogon_dissect_TYPE_2(tvbuff_t *tvb, int offset,
482                         packet_info *pinfo, proto_tree *parent_tree,
483                         char *drep)
484 {
485         proto_item *item=NULL;
486         proto_tree *tree=NULL;
487         int old_offset=offset;
488
489         if(parent_tree){
490                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
491                         "TYPE_2:");
492                 tree = proto_item_add_subtree(item, ett_TYPE_2);
493         }
494
495         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
496                 hf_netlogon_unknown_long, NULL);
497
498         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
499                 hf_netlogon_unknown_short, NULL);
500
501         proto_item_set_len(item, offset-old_offset);
502         return offset;
503 }
504
505 static int
506 netlogon_dissect_CYPHER_BLOCK(tvbuff_t *tvb, int offset,
507                         packet_info *pinfo, proto_tree *parent_tree,
508                         char *drep)
509 {
510         proto_item *item=NULL;
511         proto_tree *tree=NULL;
512         int i;
513         dcerpc_info *di;
514
515         di=pinfo->private_data;
516         if(di->conformant_run){
517                 /*just a run to handle conformant arrays, nothing to dissect.*/
518                 return offset;
519         }
520
521         if(parent_tree){
522                 item = proto_tree_add_text(parent_tree, tvb, offset, 8,
523                         "CYPHER_BLOCK:");
524                 tree = proto_item_add_subtree(item, ett_CYPHER_BLOCK);
525         }
526
527         proto_tree_add_item(tree, hf_netlogon_cypher_block, tvb, offset, 8,
528                 FALSE);
529         offset += 8;
530
531         return offset;
532 }
533
534 static int
535 netlogon_dissect_8_unknown_bytes(tvbuff_t *tvb, int offset,
536                         packet_info *pinfo, proto_tree *parent_tree,
537                         char *drep)
538 {
539         proto_item *item=NULL;
540         proto_tree *tree=NULL;
541         int i;
542         dcerpc_info *di;
543
544         di=pinfo->private_data;
545         if(di->conformant_run){
546                 /*just a run to handle conformant arrays, nothing to dissect.*/
547                 return offset;
548         }
549
550         if(parent_tree){
551                 item = proto_tree_add_text(parent_tree, tvb, offset, 8,
552                         "unknown bytes not in IDL:");
553                 tree = proto_item_add_subtree(item, ett_CYPHER_BLOCK);
554         }
555
556         offset += 8;
557
558         return offset;
559 }
560
561 static int
562 netlogon_dissect_NETLOGON_CREDENTIAL(tvbuff_t *tvb, int offset,
563                         packet_info *pinfo, proto_tree *parent_tree,
564                         char *drep)
565 {
566         proto_item *item=NULL;
567         proto_tree *tree=NULL;
568         int i;
569         dcerpc_info *di;
570
571         di=pinfo->private_data;
572         if(di->conformant_run){
573                 /*just a run to handle conformant arrays, nothing to dissect.*/
574                 return offset;
575         }
576
577         if(parent_tree){
578                 item = proto_tree_add_text(parent_tree, tvb, offset, 8,
579                         "NETLOGON_CREDENTIAL:");
580                 tree = proto_item_add_subtree(item, ett_NETLOGON_CREDENTIAL);
581         }
582
583         proto_tree_add_item(tree, hf_netlogon_credential, tvb, offset, 8,
584                 FALSE);
585         offset += 8;
586
587         return offset;
588 }
589
590 static int
591 netlogon_dissect_NETLOGON_AUTHENTICATOR(tvbuff_t *tvb, int offset,
592                         packet_info *pinfo, proto_tree *parent_tree,
593                         char *drep)
594 {
595         proto_item *item=NULL;
596         proto_tree *tree=NULL;
597         int old_offset=offset;
598
599         if(parent_tree){
600                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
601                         "NETLOGON_AUTHENTICATOR:");
602                 tree = proto_item_add_subtree(item, ett_NETLOGON_AUTHENTICATOR);
603         }
604
605         offset = netlogon_dissect_NETLOGON_CREDENTIAL(tvb, offset,
606                 pinfo, tree, drep);
607
608         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
609                 hf_netlogon_timestamp, NULL);
610
611         proto_item_set_len(item, offset-old_offset);
612         return offset;
613 }
614
615 static int
616 netlogon_dissect_USER_SESSION_KEY(tvbuff_t *tvb, int offset,
617                         packet_info *pinfo, proto_tree *parent_tree,
618                         char *drep)
619 {
620         proto_item *item=NULL;
621         proto_tree *tree=NULL;
622         dcerpc_info *di;
623
624         di=pinfo->private_data;
625         if(di->conformant_run){
626                 /*just a run to handle conformant arrays, nothing to dissect.*/
627                 return offset;
628         }
629
630         if(parent_tree){
631                 item = proto_tree_add_text(parent_tree, tvb, offset, 16,
632                         "USER_SESSION_KEY:");
633                 tree = proto_item_add_subtree(item, ett_USER_SESSION_KEY);
634         }
635
636         proto_tree_add_item(tree, hf_netlogon_user_session_key, tvb, offset, 16,
637                 FALSE);
638         offset += 16;
639
640         return offset;
641 }
642
643 static int
644 netlogon_dissect_ENCRYPTED_LM_OWF_PASSWORD(tvbuff_t *tvb, int offset,
645                         packet_info *pinfo, proto_tree *parent_tree,
646                         char *drep)
647 {
648         proto_item *item=NULL;
649         proto_tree *tree=NULL;
650         dcerpc_info *di;
651
652         di=pinfo->private_data;
653         if(di->conformant_run){
654                 /*just a run to handle conformant arrays, nothing to dissect.*/
655                 return offset;
656         }
657
658         if(parent_tree){
659                 item = proto_tree_add_text(parent_tree, tvb, offset, 16,
660                         "ENCRYPTED_LM_OWF_PASSWORD:");
661                 tree = proto_item_add_subtree(item, ett_ENC_LM_OWF_PASSWORD);
662         }
663
664         proto_tree_add_item(tree, hf_netlogon_encrypted_lm_owf_password, tvb, offset, 16,
665                 FALSE);
666         offset += 16;
667
668         return offset;
669 }
670
671 static int
672 netlogon_dissect_LM_OWF_PASSWORD(tvbuff_t *tvb, int offset,
673                         packet_info *pinfo, proto_tree *parent_tree,
674                         char *drep)
675 {
676         proto_item *item=NULL;
677         proto_tree *tree=NULL;
678         dcerpc_info *di;
679
680         di=pinfo->private_data;
681         if(di->conformant_run){
682                 /*just a run to handle conformant arrays, nothing to dissect.*/
683                 return offset;
684         }
685
686         if(parent_tree){
687                 item = proto_tree_add_text(parent_tree, tvb, offset, 16,
688                         "LM_OWF_PASSWORD:");
689                 tree = proto_item_add_subtree(item, ett_LM_OWF_PASSWORD);
690         }
691
692         proto_tree_add_item(tree, hf_netlogon_lm_owf_password, tvb, offset, 16,
693                 FALSE);
694         offset += 16;
695
696         return offset;
697 }
698
699 static int
700 netlogon_dissect_NT_OWF_PASSWORD(tvbuff_t *tvb, int offset,
701                         packet_info *pinfo, proto_tree *parent_tree,
702                         char *drep)
703 {
704         proto_item *item=NULL;
705         proto_tree *tree=NULL;
706         dcerpc_info *di;
707
708         di=pinfo->private_data;
709         if(di->conformant_run){
710                 /*just a run to handle conformant arrays, nothing to dissect.*/
711                 return offset;
712         }
713
714         if(parent_tree){
715                 item = proto_tree_add_text(parent_tree, tvb, offset, 16,
716                         "NT_OWF_PASSWORD:");
717                 tree = proto_item_add_subtree(item, ett_NT_OWF_PASSWORD);
718         }
719
720         proto_tree_add_item(tree, hf_netlogon_nt_owf_password, tvb, offset, 16,
721                 FALSE);
722         offset += 16;
723
724         return offset;
725 }
726
727
728 static int
729 netlogon_dissect_NETLOGON_LOGON_IDENTITY_INFO(tvbuff_t *tvb, int offset,
730                         packet_info *pinfo, proto_tree *parent_tree,
731                         char *drep)
732 {
733         proto_item *item=NULL;
734         proto_tree *tree=NULL;
735         int old_offset=offset;
736
737         if(parent_tree){
738                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
739                         "NETLOGON_LOGON_IDENTITY_INFO:");
740                 tree = proto_item_add_subtree(item, ett_NETLOGON_LOGON_IDENTITY_INFO);
741         }
742
743         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
744                 hf_netlogon_logon_dom, 0);
745
746         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
747                 hf_netlogon_param_ctrl, NULL);
748
749         offset = dissect_ndr_uint64(tvb, offset, pinfo, tree, drep,
750                 hf_netlogon_logon_id, NULL);
751
752         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
753                 hf_netlogon_acct_name, 0);
754
755         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
756                 hf_netlogon_computer_name, 0);
757
758         /* XXX 8 extra bytes here */
759         /* there were 8 extra bytes, either here or in NETWORK_INFO that does not match
760            the idl file. Could be a bug in either the NETLOGON implementation or in the
761            idl file.
762         */
763         offset = netlogon_dissect_8_unknown_bytes(tvb, offset, pinfo, tree, drep);
764
765         return offset;
766 }
767
768 static int
769 netlogon_dissect_NETLOGON_INTERACTIVE_INFO(tvbuff_t *tvb, int offset,
770                         packet_info *pinfo, proto_tree *parent_tree,
771                         char *drep)
772 {
773         proto_item *item=NULL;
774         proto_tree *tree=NULL;
775         int old_offset=offset;
776
777         if(parent_tree){
778                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
779                         "NETLOGON_INTERACTIVE_INFO:");
780                 tree = proto_item_add_subtree(item, ett_NETLOGON_INTERACTIVE_INFO);
781         }
782
783         offset = netlogon_dissect_NETLOGON_LOGON_IDENTITY_INFO(tvb, offset,
784                 pinfo, tree, drep);
785
786         offset = netlogon_dissect_LM_OWF_PASSWORD(tvb, offset,
787                 pinfo, tree, drep);
788
789         offset = netlogon_dissect_NT_OWF_PASSWORD(tvb, offset,
790                 pinfo, tree, drep);
791
792         proto_item_set_len(item, offset-old_offset);
793         return offset;
794 }
795
796 static int
797 netlogon_dissect_NETLOGON_NETWORK_INFO(tvbuff_t *tvb, int offset,
798                         packet_info *pinfo, proto_tree *parent_tree,
799                         char *drep)
800 {
801         proto_item *item=NULL;
802         proto_tree *tree=NULL;
803         int old_offset=offset;
804
805         if(parent_tree){
806                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
807                         "NETLOGON_NETWORK_INFO:");
808                 tree = proto_item_add_subtree(item, ett_NETLOGON_NETWORK_INFO);
809         }
810
811         offset = netlogon_dissect_NETLOGON_LOGON_IDENTITY_INFO(tvb, offset,
812                 pinfo, tree, drep);
813
814         offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
815                 hf_netlogon_nt_chal_resp, 0);
816
817         offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
818                 hf_netlogon_lm_chal_resp, 0);
819
820         proto_item_set_len(item, offset-old_offset);
821         return offset;
822 }
823
824 static int
825 netlogon_dissect_GROUP_MEMBERSHIP(tvbuff_t *tvb, int offset,
826                         packet_info *pinfo, proto_tree *parent_tree,
827                         char *drep)
828 {
829         proto_item *item=NULL;
830         proto_tree *tree=NULL;
831         int old_offset=offset;
832
833         if(parent_tree){
834                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
835                         "GROUP_MEMBERSHIP:");
836                 tree = proto_item_add_subtree(item, ett_GROUP_MEMBERSHIP);
837         }
838
839         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
840                 hf_netlogon_user_rid, NULL);
841
842         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
843                 hf_netlogon_attrs, NULL);
844
845         return offset;
846 }
847
848 static int
849 netlogon_dissect_GROUP_MEMBERSHIP_ARRAY(tvbuff_t *tvb, int offset,
850                         packet_info *pinfo, proto_tree *tree,
851                         char *drep)
852 {
853         offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
854                 netlogon_dissect_GROUP_MEMBERSHIP);
855
856         return offset;
857 }
858
859 static int
860 netlogon_dissect_NETLOGON_VALIDATION_SAM_INFO1(tvbuff_t *tvb, int offset,
861                         packet_info *pinfo, proto_tree *parent_tree,
862                         char *drep)
863 {
864         proto_item *item=NULL;
865         proto_tree *tree=NULL;
866         int old_offset=offset;
867         int i;
868
869         if(parent_tree){
870                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
871                         "NETLOGON_VALIDATION_SAM_INFO1:");
872                 tree = proto_item_add_subtree(item, ett_NETLOGON_VALIDATION_SAM_INFO1);
873         }
874
875         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
876                 hf_netlogon_logon_time);
877
878         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
879                 hf_netlogon_logoff_time);
880
881         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
882                 hf_netlogon_kickoff_time);
883
884         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
885                 hf_netlogon_pwd_last_set_time);
886
887         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
888                 hf_netlogon_pwd_can_change_time);
889
890         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
891                 hf_netlogon_pwd_must_change_time);
892
893         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
894                 hf_netlogon_acct_name, 0);
895
896         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
897                 hf_netlogon_full_name, 0);
898
899         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
900                 hf_netlogon_logon_script, 0);
901
902         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
903                 hf_netlogon_profile_path, 0);
904
905         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
906                 hf_netlogon_home_dir, 0);
907
908         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
909                 hf_netlogon_dir_drive, 0);
910
911         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
912                 hf_netlogon_logon_count, NULL);
913
914         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
915                 hf_netlogon_bad_pw_count, NULL);
916
917         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
918                 hf_netlogon_user_rid, NULL);
919
920         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
921                 hf_netlogon_group_rid, NULL);
922
923         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
924                 hf_netlogon_num_rids, NULL);
925
926         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
927                 netlogon_dissect_GROUP_MEMBERSHIP_ARRAY, NDR_POINTER_PTR,
928                 "GROUP_MEMBERSHIP_ARRAY", -1, 0);
929
930         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
931                 hf_netlogon_user_flags, NULL);
932
933         offset = netlogon_dissect_USER_SESSION_KEY(tvb, offset,
934                 pinfo, tree, drep);
935
936         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
937                 hf_netlogon_logon_srv, 0);
938
939         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
940                 hf_netlogon_logon_dom, 0);
941
942         offset = dissect_ndr_nt_PSID(tvb, offset,
943                 pinfo, tree, drep);
944
945         for(i=0;i<10;i++){
946                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
947                         hf_netlogon_unknown_long, NULL);
948         }
949
950         proto_item_set_len(item, offset-old_offset);
951         return offset;
952 }
953
954 static int
955 netlogon_dissect_NETLOGON_VALIDATION_SAM_INFO2(tvbuff_t *tvb, int offset,
956                         packet_info *pinfo, proto_tree *parent_tree,
957                         char *drep)
958 {
959         proto_item *item=NULL;
960         proto_tree *tree=NULL;
961         int old_offset=offset;
962         int i;
963
964         if(parent_tree){
965                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
966                         "NETLOGON_VALIDATION_SAM_INFO2:");
967                 tree = proto_item_add_subtree(item, ett_NETLOGON_VALIDATION_SAM_INFO2);
968         }
969
970         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
971                 hf_netlogon_logon_time);
972
973         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
974                 hf_netlogon_logoff_time);
975
976         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
977                 hf_netlogon_kickoff_time);
978
979         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
980                 hf_netlogon_pwd_last_set_time);
981
982         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
983                 hf_netlogon_pwd_can_change_time);
984
985         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
986                 hf_netlogon_pwd_must_change_time);
987
988         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
989                 hf_netlogon_acct_name, 0);
990
991         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
992                 hf_netlogon_full_name, 0);
993
994         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
995                 hf_netlogon_logon_script, 0);
996
997         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
998                 hf_netlogon_profile_path, 0);
999
1000         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1001                 hf_netlogon_home_dir, 0);
1002
1003         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1004                 hf_netlogon_dir_drive, 0);
1005
1006         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1007                 hf_netlogon_logon_count, NULL);
1008
1009         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1010                 hf_netlogon_bad_pw_count, NULL);
1011
1012         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1013                 hf_netlogon_user_rid, NULL);
1014
1015         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1016                 hf_netlogon_group_rid, NULL);
1017
1018         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1019                 hf_netlogon_num_rids, NULL);
1020
1021         /* XXX i am not sure about this pointer being UNIQUE, though I am
1022            pretty convinced that it is NOT PTR as the idl file suggests.
1023         */
1024         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1025                 netlogon_dissect_GROUP_MEMBERSHIP_ARRAY, NDR_POINTER_UNIQUE,
1026                 "GROUP_MEMBERSHIP_ARRAY", -1, 0);
1027
1028         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1029                 hf_netlogon_user_flags, NULL);
1030
1031         offset = netlogon_dissect_USER_SESSION_KEY(tvb, offset,
1032                 pinfo, tree, drep);
1033
1034         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1035                 hf_netlogon_logon_srv, 0);
1036
1037         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1038                 hf_netlogon_logon_dom, 0);
1039
1040         offset = dissect_ndr_nt_PSID(tvb, offset,
1041                 pinfo, tree, drep);
1042
1043         for(i=0;i<10;i++){
1044                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1045                         hf_netlogon_unknown_long, NULL);
1046         }
1047
1048         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1049                 hf_netlogon_num_other_groups, NULL);
1050
1051         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1052                 dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_PTR,
1053                 "SID_AND_ATTRIBUTES_ARRAY:", -1, 0);
1054
1055         proto_item_set_len(item, offset-old_offset);
1056         return offset;
1057 }
1058
1059 static int
1060 netlogon_dissect_TYPE_16(tvbuff_t *tvb, int offset,
1061                         packet_info *pinfo, proto_tree *parent_tree,
1062                         char *drep)
1063 {
1064         proto_item *item=NULL;
1065         proto_tree *tree=NULL;
1066         int old_offset=offset;
1067
1068         if(parent_tree){
1069                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1070                         "TYPE_16:");
1071                 tree = proto_item_add_subtree(item, ett_TYPE_16);
1072         }
1073
1074         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1075                 hf_netlogon_unknown_time);
1076
1077         proto_item_set_len(item, offset-old_offset);
1078         return offset;
1079 }
1080
1081
1082 static int
1083 netlogon_dissect_NETLOGON_SAM_DOMAIN_INFO(tvbuff_t *tvb, int offset,
1084                         packet_info *pinfo, proto_tree *parent_tree,
1085                         char *drep)
1086 {
1087         proto_item *item=NULL;
1088         proto_tree *tree=NULL;
1089         int old_offset=offset;
1090
1091         if(parent_tree){
1092                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1093                         "NETLOGON_SAM_DOMAIN_INFO:");
1094                 tree = proto_item_add_subtree(item, ett_NETLOGON_SAM_DOMAIN_INFO);
1095         }
1096
1097         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1098                 hf_netlogon_unknown_string, 0);
1099
1100         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1101                 hf_netlogon_unknown_string, 0);
1102
1103         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1104                 hf_netlogon_unknown_time);
1105
1106         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1107                 hf_netlogon_unknown_short, NULL);
1108
1109         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1110                 hf_netlogon_unknown_short, NULL);
1111
1112         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1113                 hf_netlogon_unknown_time);
1114
1115         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1116                 hf_netlogon_unknown_time);
1117
1118         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1119                 hf_netlogon_unknown_time);
1120
1121         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1122                 hf_netlogon_unknown_time);
1123
1124         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1125                 hf_netlogon_unknown_string, 0);
1126
1127         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1128                 hf_netlogon_unknown_string, 0);
1129
1130         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1131                 hf_netlogon_unknown_string, 0);
1132
1133         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1134                 hf_netlogon_unknown_string, 0);
1135
1136         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1137                 hf_netlogon_unknown_string, 0);
1138
1139         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1140                 hf_netlogon_unknown_long, NULL);
1141
1142         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1143                 hf_netlogon_unknown_long, NULL);
1144
1145         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1146                 hf_netlogon_unknown_long, NULL);
1147
1148         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1149                 hf_netlogon_unknown_long, NULL);
1150
1151         proto_item_set_len(item, offset-old_offset);
1152         return offset;
1153 }
1154
1155
1156 static int
1157 netlogon_dissect_NETLOGON_SAM_GROUP_INFO(tvbuff_t *tvb, int offset,
1158                         packet_info *pinfo, proto_tree *parent_tree,
1159                         char *drep)
1160 {
1161         proto_item *item=NULL;
1162         proto_tree *tree=NULL;
1163         int old_offset=offset;
1164
1165         if(parent_tree){
1166                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1167                         "NETLOGON_SAM_GROUP_INFO:");
1168                 tree = proto_item_add_subtree(item, ett_NETLOGON_SAM_GROUP_INFO);
1169         }
1170
1171         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1172                 hf_netlogon_group_name, 0);
1173
1174         offset = netlogon_dissect_GROUP_MEMBERSHIP(tvb, offset,
1175                 pinfo, tree, drep);
1176
1177         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1178                 hf_netlogon_group_desc, 0);
1179
1180         offset = netlogon_dissect_NETLOGON_SECURITY_DESCRIPTOR(tvb, offset,
1181                 pinfo, tree, drep);
1182
1183         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1184                 hf_netlogon_unknown_string, 0);
1185
1186         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1187                 hf_netlogon_unknown_string, 0);
1188
1189         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1190                 hf_netlogon_unknown_string, 0);
1191
1192         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1193                 hf_netlogon_unknown_string, 0);
1194
1195         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1196                 hf_netlogon_unknown_long, NULL);
1197
1198         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1199                 hf_netlogon_unknown_long, NULL);
1200
1201         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1202                 hf_netlogon_unknown_long, NULL);
1203
1204         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1205                 hf_netlogon_unknown_long, NULL);
1206
1207         proto_item_set_len(item, offset-old_offset);
1208         return offset;
1209 }
1210
1211
1212 static int
1213 netlogon_dissect_TYPE_23(tvbuff_t *tvb, int offset,
1214                         packet_info *pinfo, proto_tree *parent_tree,
1215                         char *drep)
1216 {
1217         proto_item *item=NULL;
1218         proto_tree *tree=NULL;
1219         int old_offset=offset;
1220
1221         if(parent_tree){
1222                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1223                         "TYPE_23:");
1224                 tree = proto_item_add_subtree(item, ett_TYPE_23);
1225         }
1226
1227         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1228                 hf_netlogon_unknown_string, 0);
1229
1230         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1231                 hf_netlogon_unknown_string, 0);
1232
1233         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1234                 hf_netlogon_unknown_string, 0);
1235
1236         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1237                 hf_netlogon_unknown_string, 0);
1238
1239         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1240                 hf_netlogon_unknown_string, 0);
1241
1242         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1243                 hf_netlogon_unknown_string, 0);
1244
1245         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1246                 hf_netlogon_unknown_long, NULL);
1247
1248         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1249                 hf_netlogon_unknown_long, NULL);
1250
1251         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1252                 hf_netlogon_unknown_long, NULL);
1253
1254         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1255                 hf_netlogon_unknown_long, NULL);
1256
1257         proto_item_set_len(item, offset-old_offset);
1258         return offset;
1259 }
1260
1261
1262 static int
1263 netlogon_dissect_NETLOGON_SAM_ACCOUNT_INFO(tvbuff_t *tvb, int offset,
1264                         packet_info *pinfo, proto_tree *parent_tree,
1265                         char *drep)
1266 {
1267         proto_item *item=NULL;
1268         proto_tree *tree=NULL;
1269         int old_offset=offset;
1270
1271         if(parent_tree){
1272                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1273                         "NETLOGON_SAM_ACCOUNT_INFO:");
1274                 tree = proto_item_add_subtree(item, ett_NETLOGON_SAM_ACCOUNT_INFO);
1275         }
1276
1277         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1278                 hf_netlogon_acct_name, 0);
1279
1280         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1281                 hf_netlogon_full_name, 0);
1282
1283         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1284                 hf_netlogon_user_rid, NULL);
1285
1286         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1287                 hf_netlogon_group_rid, NULL);
1288
1289         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1290                 hf_netlogon_home_dir, 0);
1291
1292         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1293                 hf_netlogon_dir_drive, 0);
1294
1295         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1296                 hf_netlogon_logon_script, 0);
1297
1298         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1299                 hf_netlogon_acct_desc, 0);
1300
1301         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1302                 hf_netlogon_workstations, 0);
1303
1304         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1305                 hf_netlogon_logon_time);
1306
1307         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1308                 hf_netlogon_logoff_time);
1309
1310         offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
1311
1312         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1313                 hf_netlogon_bad_pw_count, NULL);
1314
1315         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1316                 hf_netlogon_logon_count, NULL);
1317
1318         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1319                 hf_netlogon_pwd_last_set_time);
1320
1321         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1322                 hf_netlogon_acct_expiry_time);
1323
1324         offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
1325
1326         offset = netlogon_dissect_LM_OWF_PASSWORD(tvb, offset,
1327                 pinfo, tree, drep);
1328
1329         offset = netlogon_dissect_NT_OWF_PASSWORD(tvb, offset,
1330                 pinfo, tree, drep);
1331
1332         offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
1333                 hf_netlogon_nt_pwd_present, NULL);
1334
1335         offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
1336                 hf_netlogon_lm_pwd_present, NULL);
1337
1338         offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
1339                 hf_netlogon_pwd_expired, NULL);
1340
1341         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1342                 hf_netlogon_comment, 0);
1343
1344         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1345                 hf_netlogon_parameters, 0);
1346
1347         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1348                 hf_netlogon_country, NULL);
1349
1350         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1351                 hf_netlogon_codepage, NULL);
1352
1353         offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
1354                 hf_netlogon_num_pwd_pairs, NULL);
1355
1356         offset = lsa_dissect_LSA_SECRET(tvb, offset,
1357                 pinfo, tree, drep);
1358
1359         offset = netlogon_dissect_NETLOGON_SECURITY_DESCRIPTOR(tvb, offset,
1360                 pinfo, tree, drep);
1361
1362         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1363                 hf_netlogon_profile_path, 0);
1364
1365         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1366                 hf_netlogon_unknown_string, 0);
1367
1368         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1369                 hf_netlogon_unknown_string, 0);
1370
1371         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1372                 hf_netlogon_unknown_string, 0);
1373
1374         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1375                 hf_netlogon_unknown_long, NULL);
1376
1377         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1378                 hf_netlogon_unknown_long, NULL);
1379
1380         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1381                 hf_netlogon_unknown_long, NULL);
1382
1383         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1384                 hf_netlogon_unknown_long, NULL);
1385
1386         proto_item_set_len(item, offset-old_offset);
1387         return offset;
1388 }
1389
1390
1391 static int
1392 netlogon_dissect_rid(tvbuff_t *tvb, int offset, 
1393                         packet_info *pinfo, proto_tree *tree,
1394                         char *drep)
1395 {
1396         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1397                                 hf_netlogon_user_rid, NULL);
1398
1399         return offset;
1400 }
1401
1402 static int
1403 netlogon_dissect_rids_array(tvbuff_t *tvb, int offset, 
1404                         packet_info *pinfo, proto_tree *parent_tree,
1405                         char *drep)
1406 {
1407         proto_item *item=NULL;
1408         proto_tree *tree=NULL;
1409         int old_offset=offset;
1410
1411         if(parent_tree){
1412                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1413                         "RID array:");
1414                 tree = proto_item_add_subtree(item, ett_rid_array);
1415         }
1416
1417         offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1418                         netlogon_dissect_rid);
1419
1420         proto_item_set_len(item, offset-old_offset);
1421         return offset;
1422 }
1423
1424 static int
1425 netlogon_dissect_attrib(tvbuff_t *tvb, int offset, 
1426                         packet_info *pinfo, proto_tree *tree,
1427                         char *drep)
1428 {
1429         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1430                 hf_netlogon_attrs, NULL);
1431
1432         return offset;
1433 }
1434
1435 static int
1436 netlogon_dissect_attribs_array(tvbuff_t *tvb, int offset, 
1437                         packet_info *pinfo, proto_tree *parent_tree,
1438                         char *drep)
1439 {
1440         proto_item *item=NULL;
1441         proto_tree *tree=NULL;
1442         int old_offset=offset;
1443
1444         if(parent_tree){
1445                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1446                         "Attrib array:");
1447                 tree = proto_item_add_subtree(item, ett_attrib_array);
1448         }
1449
1450         offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1451                         netlogon_dissect_attrib);
1452
1453         proto_item_set_len(item, offset-old_offset);
1454         return offset;
1455 }
1456
1457 static int
1458 netlogon_dissect_NETLOGON_SAM_GROUP_MEM_INFO(tvbuff_t *tvb, int offset,
1459                         packet_info *pinfo, proto_tree *parent_tree,
1460                         char *drep)
1461 {
1462         proto_item *item=NULL;
1463         proto_tree *tree=NULL;
1464         int old_offset=offset;
1465
1466         if(parent_tree){
1467                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1468                         "NETLOGON_SAM_GROUP_MEM_INFO:");
1469                 tree = proto_item_add_subtree(item, ett_NETLOGON_SAM_GROUP_MEM_INFO);
1470         }
1471
1472         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1473                 netlogon_dissect_rids_array, NDR_POINTER_PTR,
1474                 "RIDs:", -1, 0);
1475
1476         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1477                 netlogon_dissect_attribs_array, NDR_POINTER_PTR,
1478                 "Attribs:", -1, 0);
1479
1480         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1481                 hf_netlogon_num_rids, NULL);
1482
1483         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1484                 hf_netlogon_unknown_long, NULL);
1485
1486         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1487                 hf_netlogon_unknown_long, NULL);
1488
1489         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1490                 hf_netlogon_unknown_long, NULL);
1491
1492         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1493                 hf_netlogon_unknown_long, NULL);
1494
1495         proto_item_set_len(item, offset-old_offset);
1496         return offset;
1497 }
1498
1499
1500 static int
1501 netlogon_dissect_NETLOGON_SAM_ALIAS_INFO(tvbuff_t *tvb, int offset,
1502                         packet_info *pinfo, proto_tree *parent_tree,
1503                         char *drep)
1504 {
1505         proto_item *item=NULL;
1506         proto_tree *tree=NULL;
1507         int old_offset=offset;
1508
1509         if(parent_tree){
1510                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1511                         "NETLOGON_SAM_ALIAS_INFO:");
1512                 tree = proto_item_add_subtree(item, ett_NETLOGON_SAM_ALIAS_INFO);
1513         }
1514
1515
1516         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1517                 hf_netlogon_alias_name, 0);
1518
1519         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1520                 hf_netlogon_alias_rid, NULL);
1521
1522         offset = netlogon_dissect_NETLOGON_SECURITY_DESCRIPTOR(tvb, offset,
1523                 pinfo, tree, drep);
1524
1525         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1526                 hf_netlogon_acct_desc, 0);
1527
1528         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1529                 hf_netlogon_unknown_string, 0);
1530
1531         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1532                 hf_netlogon_unknown_string, 0);
1533
1534         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1535                 hf_netlogon_unknown_string, 0);
1536
1537         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1538                 hf_netlogon_unknown_long, NULL);
1539
1540         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1541                 hf_netlogon_unknown_long, NULL);
1542
1543         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1544                 hf_netlogon_unknown_long, NULL);
1545
1546         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1547                 hf_netlogon_unknown_long, NULL);
1548
1549         proto_item_set_len(item, offset-old_offset);
1550         return offset;
1551 }
1552
1553
1554 static int
1555 netlogon_dissect_NETLOGON_SAM_ALIAS_MEM_INFO(tvbuff_t *tvb, int offset,
1556                         packet_info *pinfo, proto_tree *parent_tree,
1557                         char *drep)
1558 {
1559         proto_item *item=NULL;
1560         proto_tree *tree=NULL;
1561         int old_offset=offset;
1562
1563         if(parent_tree){
1564                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1565                         "NETLOGON_SAM_ALIAS_MEM_INFO:");
1566                 tree = proto_item_add_subtree(item, ett_NETLOGON_SAM_ALIAS_MEM_INFO);
1567         }
1568
1569         offset = dissect_ndr_nt_PSID_ARRAY(tvb, offset, pinfo, tree, drep);
1570
1571         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1572                 hf_netlogon_unknown_long, NULL);
1573
1574         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1575                 hf_netlogon_unknown_long, NULL);
1576
1577         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1578                 hf_netlogon_unknown_long, NULL);
1579
1580         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1581                 hf_netlogon_unknown_long, NULL);
1582
1583         proto_item_set_len(item, offset-old_offset);
1584         return offset;
1585 }
1586
1587 static int
1588 netlogon_dissect_TYPE_30(tvbuff_t *tvb, int offset,
1589                         packet_info *pinfo, proto_tree *parent_tree,
1590                         char *drep)
1591 {
1592         proto_item *item=NULL;
1593         proto_tree *tree=NULL;
1594         int old_offset=offset;
1595
1596         if(parent_tree){
1597                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1598                         "TYPE_30:");
1599                 tree = proto_item_add_subtree(item, ett_TYPE_30);
1600         }
1601
1602         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1603                 hf_netlogon_unknown_long, NULL);
1604
1605         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1606                 hf_netlogon_unknown_long, NULL);
1607
1608         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1609                 hf_netlogon_unknown_long, NULL);
1610
1611         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1612                 hf_netlogon_unknown_long, NULL);
1613
1614         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1615                 hf_netlogon_unknown_long, NULL);
1616
1617         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1618                 hf_netlogon_unknown_time);
1619
1620         proto_item_set_len(item, offset-old_offset);
1621         return offset;
1622 }
1623
1624 static int
1625 netlogon_dissect_element_422(tvbuff_t *tvb, int offset,
1626                         packet_info *pinfo, proto_tree *tree,
1627                         char *drep)
1628 {
1629         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1630                 hf_netlogon_unknown_long, NULL);
1631
1632         return offset;
1633 }
1634
1635 static int
1636 netlogon_dissect_element_422_array(tvbuff_t *tvb, int offset,
1637                         packet_info *pinfo, proto_tree *tree,
1638                         char *drep)
1639 {
1640         offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1641                 netlogon_dissect_element_422);
1642
1643         return offset;
1644 }
1645
1646
1647 static int
1648 netlogon_dissect_TYPE_29(tvbuff_t *tvb, int offset,
1649                         packet_info *pinfo, proto_tree *parent_tree,
1650                         char *drep)
1651 {
1652         proto_item *item=NULL;
1653         proto_tree *tree=NULL;
1654         int old_offset=offset;
1655
1656         if(parent_tree){
1657                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1658                         "TYPE_29:");
1659                 tree = proto_item_add_subtree(item, ett_TYPE_29);
1660         }
1661
1662         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1663                 hf_netlogon_unknown_long, NULL);
1664
1665         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1666                 hf_netlogon_unknown_time);
1667
1668         offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
1669                 hf_netlogon_unknown_char, NULL);
1670
1671         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1672                 hf_netlogon_unknown_long, NULL);
1673
1674         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1675                 netlogon_dissect_element_422_array, NDR_POINTER_PTR,
1676                 "unknown", -1, 0);
1677
1678         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1679                 hf_netlogon_unknown_string, 0);
1680
1681         offset = dissect_ndr_nt_PSID(tvb, offset,
1682                 pinfo, tree, drep);
1683
1684         offset = netlogon_dissect_TYPE_30(tvb, offset,
1685                 pinfo, tree, drep);
1686
1687         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1688                 hf_netlogon_unknown_time);
1689
1690         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1691                 hf_netlogon_unknown_time);
1692
1693         offset = netlogon_dissect_NETLOGON_SECURITY_DESCRIPTOR(tvb, offset,
1694                 pinfo, tree, drep);
1695
1696         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1697                 hf_netlogon_unknown_string, 0);
1698
1699         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1700                 hf_netlogon_unknown_string, 0);
1701
1702         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1703                 hf_netlogon_unknown_string, 0);
1704
1705         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1706                 hf_netlogon_unknown_string, 0);
1707
1708         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1709                 hf_netlogon_unknown_long, NULL);
1710
1711         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1712                 hf_netlogon_unknown_long, NULL);
1713
1714         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1715                 hf_netlogon_unknown_long, NULL);
1716
1717         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1718                 hf_netlogon_unknown_long, NULL);
1719
1720         proto_item_set_len(item, offset-old_offset);
1721         return offset;
1722 }
1723
1724
1725 static int
1726 netlogon_dissect_TYPE_31(tvbuff_t *tvb, int offset,
1727                         packet_info *pinfo, proto_tree *parent_tree,
1728                         char *drep)
1729 {
1730         proto_item *item=NULL;
1731         proto_tree *tree=NULL;
1732         int old_offset=offset;
1733
1734         if(parent_tree){
1735                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1736                         "TYPE_31:");
1737                 tree = proto_item_add_subtree(item, ett_TYPE_31);
1738         }
1739
1740         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1741                 hf_netlogon_unknown_string, 0);
1742
1743         offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
1744                 hf_netlogon_unknown_string, 0);
1745
1746         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1747                 hf_netlogon_unknown_long, NULL);
1748
1749         offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
1750                 hf_netlogon_unknown_string, 0);
1751
1752         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1753                 hf_netlogon_unknown_string, 0);
1754
1755         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1756                 hf_netlogon_unknown_string, 0);
1757
1758         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1759                 hf_netlogon_unknown_string, 0);
1760
1761         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1762                 hf_netlogon_unknown_string, 0);
1763
1764         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1765                 hf_netlogon_unknown_long, NULL);
1766
1767         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1768                 hf_netlogon_unknown_long, NULL);
1769
1770         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1771                 hf_netlogon_unknown_long, NULL);
1772
1773         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1774                 hf_netlogon_unknown_long, NULL);
1775
1776         proto_item_set_len(item, offset-old_offset);
1777         return offset;
1778 }
1779
1780
1781 static int
1782 netlogon_dissect_TYPE_32(tvbuff_t *tvb, int offset,
1783                         packet_info *pinfo, proto_tree *parent_tree,
1784                         char *drep)
1785 {
1786         proto_item *item=NULL;
1787         proto_tree *tree=NULL;
1788         int old_offset=offset;
1789
1790         if(parent_tree){
1791                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1792                         "TYPE_32:");
1793                 tree = proto_item_add_subtree(item, ett_TYPE_32);
1794         }
1795
1796         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1797                 hf_netlogon_unknown_string, 0);
1798
1799         proto_item_set_len(item, offset-old_offset);
1800         return offset;
1801 }
1802
1803
1804 static int
1805 netlogon_dissect_attrs(tvbuff_t *tvb, int offset,
1806                         packet_info *pinfo, proto_tree *tree,
1807                         char *drep)
1808 {
1809         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1810                 hf_netlogon_attrs, NULL);
1811
1812         return offset;
1813 }
1814
1815 static int
1816 netlogon_dissect_attrs_array(tvbuff_t *tvb, int offset,
1817                         packet_info *pinfo, proto_tree *tree,
1818                         char *drep)
1819 {
1820         offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1821                 netlogon_dissect_attrs);
1822
1823         return offset;
1824 }
1825
1826
1827 static int
1828 netlogon_dissect_TYPE_33(tvbuff_t *tvb, int offset,
1829                         packet_info *pinfo, proto_tree *parent_tree,
1830                         char *drep)
1831 {
1832         proto_item *item=NULL;
1833         proto_tree *tree=NULL;
1834         int old_offset=offset;
1835
1836         if(parent_tree){
1837                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1838                         "TYPE_33:");
1839                 tree = proto_item_add_subtree(item, ett_TYPE_33);
1840         }
1841
1842
1843         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1844                 hf_netlogon_count, NULL);
1845
1846         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1847                 hf_netlogon_unknown_long, NULL);
1848
1849         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1850                 netlogon_dissect_attrs_array, NDR_POINTER_PTR,
1851                 "ATTRS_ARRAY:", -1, 0);
1852
1853         offset = netlogon_dissect_TYPE_30(tvb, offset,
1854                 pinfo, tree, drep);
1855
1856         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1857                 hf_netlogon_unknown_long, NULL);
1858
1859         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1860                 hf_netlogon_unknown_long, NULL);
1861
1862         offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
1863                 hf_netlogon_unknown_string, 0);
1864
1865         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1866                 hf_netlogon_unknown_string, 0);
1867
1868         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1869                 hf_netlogon_unknown_string, 0);
1870
1871         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1872                 hf_netlogon_unknown_string, 0);
1873
1874         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1875                 hf_netlogon_unknown_string, 0);
1876
1877         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1878                 hf_netlogon_unknown_long, NULL);
1879
1880         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1881                 hf_netlogon_unknown_long, NULL);
1882
1883         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1884                 hf_netlogon_unknown_long, NULL);
1885
1886         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1887                 hf_netlogon_unknown_long, NULL);
1888
1889         proto_item_set_len(item, offset-old_offset);
1890         return offset;
1891 }
1892
1893
1894 static int
1895 netlogon_dissect_TYPE_34(tvbuff_t *tvb, int offset,
1896                         packet_info *pinfo, proto_tree *parent_tree,
1897                         char *drep)
1898 {
1899         proto_item *item=NULL;
1900         proto_tree *tree=NULL;
1901         int old_offset=offset;
1902
1903         if(parent_tree){
1904                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1905                         "TYPE_34:");
1906                 tree = proto_item_add_subtree(item, ett_TYPE_34);
1907         }
1908
1909         offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
1910                 hf_netlogon_unknown_string, 0);
1911
1912         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1913                 hf_netlogon_unknown_time);
1914
1915         offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
1916                 hf_netlogon_unknown_string, 0);
1917
1918         offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1919                 hf_netlogon_unknown_time);
1920
1921         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1922                 hf_netlogon_unknown_long, NULL);
1923
1924         offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
1925                 hf_netlogon_unknown_string, 0);
1926
1927         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1928                 hf_netlogon_unknown_string, 0);
1929
1930         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1931                 hf_netlogon_unknown_string, 0);
1932
1933         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1934                 hf_netlogon_unknown_string, 0);
1935
1936         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1937                 hf_netlogon_unknown_string, 0);
1938
1939         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1940                 hf_netlogon_unknown_long, NULL);
1941
1942         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1943                 hf_netlogon_unknown_long, NULL);
1944
1945         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1946                 hf_netlogon_unknown_long, NULL);
1947
1948         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1949                 hf_netlogon_unknown_long, NULL);
1950
1951         proto_item_set_len(item, offset-old_offset);
1952         return offset;
1953 }
1954
1955 static int
1956 netlogon_dissect_TYPE_35(tvbuff_t *tvb, int offset,
1957                         packet_info *pinfo, proto_tree *parent_tree,
1958                         char *drep)
1959 {
1960         proto_item *item=NULL;
1961         proto_tree *tree=NULL;
1962         int old_offset=offset;
1963
1964         if(parent_tree){
1965                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
1966                         "TYPE_35:");
1967                 tree = proto_item_add_subtree(item, ett_TYPE_35);
1968         }
1969
1970         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1971                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
1972                 "unknown", hf_netlogon_unknown_string, -1);
1973
1974         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1975                 hf_netlogon_unknown_string, 0);
1976
1977         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1978                 hf_netlogon_unknown_string, 0);
1979
1980         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1981                 hf_netlogon_unknown_string, 0);
1982
1983         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1984                 hf_netlogon_unknown_string, 0);
1985
1986         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1987                 hf_netlogon_unknown_long, NULL);
1988
1989         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1990                 hf_netlogon_unknown_long, NULL);
1991
1992         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1993                 hf_netlogon_unknown_long, NULL);
1994
1995         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1996                 hf_netlogon_unknown_long, NULL);
1997
1998         proto_item_set_len(item, offset-old_offset);
1999         return offset;
2000 }
2001
2002 static int
2003 netlogon_dissect_WCHAR_ptr(tvbuff_t *tvb, int offset,
2004                         packet_info *pinfo, proto_tree *tree,
2005                         char *drep)
2006 {
2007         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2008                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2009                 "unknown string", hf_netlogon_unknown_string, -1);
2010
2011         return offset;
2012 }
2013
2014 static int
2015 netlogon_dissect_TYPE_36(tvbuff_t *tvb, int offset,
2016                         packet_info *pinfo, proto_tree *parent_tree,
2017                         char *drep)
2018 {
2019         proto_item *item=NULL;
2020         proto_tree *tree=NULL;
2021         int old_offset=offset;
2022         int i;
2023
2024         if(parent_tree){
2025                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2026                         "TYPE_36:");
2027                 tree = proto_item_add_subtree(item, ett_TYPE_36);
2028         }
2029
2030         for(i=0;i<16;i++){
2031                 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2032                         hf_netlogon_unknown_char, NULL);
2033         }
2034
2035         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2036                 hf_netlogon_unknown_long, NULL);
2037
2038         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2039                 hf_netlogon_unknown_long, NULL);
2040
2041         proto_item_set_len(item, offset-old_offset);
2042         return offset;
2043 }
2044
2045 static int
2046 netlogon_dissect_NETLOGON_INFO_1(tvbuff_t *tvb, int offset,
2047                         packet_info *pinfo, proto_tree *parent_tree,
2048                         char *drep)
2049 {
2050         proto_item *item=NULL;
2051         proto_tree *tree=NULL;
2052         int old_offset=offset;
2053
2054         if(parent_tree){
2055                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2056                         "NETLOGON_INFO_1:");
2057                 tree = proto_item_add_subtree(item, ett_NETLOGON_INFO_1);
2058         }
2059
2060         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2061                 hf_netlogon_flags, NULL);
2062
2063         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2064                 hf_netlogon_status, NULL);
2065
2066         proto_item_set_len(item, offset-old_offset);
2067         return offset;
2068 }
2069
2070 static int
2071 netlogon_dissect_NETLOGON_INFO_2(tvbuff_t *tvb, int offset,
2072                         packet_info *pinfo, proto_tree *parent_tree,
2073                         char *drep)
2074 {
2075         proto_item *item=NULL;
2076         proto_tree *tree=NULL;
2077         int old_offset=offset;
2078
2079         if(parent_tree){
2080                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2081                         "NETLOGON_INFO_2:");
2082                 tree = proto_item_add_subtree(item, ett_NETLOGON_INFO_2);
2083         }
2084
2085         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2086                 hf_netlogon_unknown_long, NULL);
2087
2088         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2089                 hf_netlogon_unknown_long, NULL);
2090
2091         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2092                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2093                 "unknown", hf_netlogon_unknown_string, -1);
2094
2095         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2096                 hf_netlogon_unknown_long, NULL);
2097
2098         proto_item_set_len(item, offset-old_offset);
2099         return offset;
2100 }
2101
2102 static int
2103 netlogon_dissect_NETLOGON_INFO_3(tvbuff_t *tvb, int offset,
2104                         packet_info *pinfo, proto_tree *parent_tree,
2105                         char *drep)
2106 {
2107         proto_item *item=NULL;
2108         proto_tree *tree=NULL;
2109         int old_offset=offset;
2110
2111         if(parent_tree){
2112                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2113                         "NETLOGON_INFO_3:");
2114                 tree = proto_item_add_subtree(item, ett_NETLOGON_INFO_3);
2115         }
2116
2117         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2118                 hf_netlogon_flags, NULL);
2119
2120         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2121                 hf_netlogon_logon_attempts, NULL);
2122
2123         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2124                 hf_netlogon_unknown_long, NULL);
2125
2126         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2127                 hf_netlogon_unknown_long, NULL);
2128
2129         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2130                 hf_netlogon_unknown_long, NULL);
2131
2132         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2133                 hf_netlogon_unknown_long, NULL);
2134
2135         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2136                 hf_netlogon_unknown_long, NULL);
2137
2138         proto_item_set_len(item, offset-old_offset);
2139         return offset;
2140 }
2141
2142 static int
2143 netlogon_dissect_NETLOGON_INFO_4(tvbuff_t *tvb, int offset,
2144                         packet_info *pinfo, proto_tree *parent_tree,
2145                         char *drep)
2146 {
2147         proto_item *item=NULL;
2148         proto_tree *tree=NULL;
2149         int old_offset=offset;
2150
2151         if(parent_tree){
2152                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2153                         "NETLOGON_INFO_4:");
2154                 tree = proto_item_add_subtree(item, ett_NETLOGON_INFO_4);
2155         }
2156
2157         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2158                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2159                 "unknown", hf_netlogon_trusted_dc_name, -1);
2160
2161         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2162                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2163                 "unknown", hf_netlogon_trusted_domain_name, -1);
2164
2165         proto_item_set_len(item, offset-old_offset);
2166         return offset;
2167 }
2168
2169 static int
2170 netlogon_dissect_UNICODE_MULTI_byte(tvbuff_t *tvb, int offset,
2171                         packet_info *pinfo, proto_tree *tree,
2172                         char *drep)
2173 {
2174                 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2175                         hf_netlogon_unknown_char, NULL);
2176
2177         return offset;
2178 }
2179
2180 static int
2181 netlogon_dissect_UNICODE_MULTI_array(tvbuff_t *tvb, int offset,
2182                         packet_info *pinfo, proto_tree *tree,
2183                         char *drep)
2184 {
2185         offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2186                 netlogon_dissect_UNICODE_MULTI_byte);
2187
2188         return offset;
2189 }
2190
2191 static int
2192 netlogon_dissect_BYTE_byte(tvbuff_t *tvb, int offset,
2193                         packet_info *pinfo, proto_tree *tree,
2194                         char *drep)
2195 {
2196                 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2197                         hf_netlogon_unknown_char, NULL);
2198
2199         return offset;
2200 }
2201
2202 static int
2203 netlogon_dissect_BYTE_array(tvbuff_t *tvb, int offset,
2204                         packet_info *pinfo, proto_tree *tree,
2205                         char *drep)
2206 {
2207         offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2208                 netlogon_dissect_BYTE_byte);
2209
2210         return offset;
2211 }
2212
2213 static int
2214 netlogon_dissect_UNICODE_MULTI(tvbuff_t *tvb, int offset,
2215                         packet_info *pinfo, proto_tree *parent_tree,
2216                         char *drep)
2217 {
2218         proto_item *item=NULL;
2219         proto_tree *tree=NULL;
2220         int old_offset=offset;
2221
2222         if(parent_tree){
2223                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2224                         "UNICODE_MULTI:");
2225                 tree = proto_item_add_subtree(item, ett_UNICODE_MULTI);
2226         }
2227
2228         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2229                 hf_netlogon_len, NULL);
2230
2231         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2232                 netlogon_dissect_UNICODE_MULTI_array, NDR_POINTER_PTR,
2233                 "unknown", hf_netlogon_unknown_string, 0);
2234
2235         proto_item_set_len(item, offset-old_offset);
2236         return offset;
2237 }
2238
2239 int
2240 dissect_nt_GUID(tvbuff_t *tvb, int offset,
2241                         packet_info *pinfo, proto_tree *parent_tree,
2242                         char *drep)
2243 {
2244         proto_item *item=NULL;
2245         proto_tree *tree=NULL;
2246         int old_offset=offset;
2247         int i;
2248
2249         if(parent_tree){
2250                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2251                         "GUID:");
2252                 tree = proto_item_add_subtree(item, ett_GUID);
2253         }
2254
2255         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2256                 hf_netlogon_unknown_long, NULL);
2257
2258         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2259                 hf_netlogon_unknown_short, NULL);
2260
2261         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2262                 hf_netlogon_unknown_short, NULL);
2263
2264         for(i=0;i<8;i++){
2265                 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2266                         hf_netlogon_unknown_char, NULL);
2267         }
2268
2269         proto_item_set_len(item, offset-old_offset);
2270         return offset;
2271 }
2272
2273 static int
2274 netlogon_dissect_DOMAIN_CONTROLLER_INFO(tvbuff_t *tvb, int offset,
2275                         packet_info *pinfo, proto_tree *parent_tree,
2276                         char *drep)
2277 {
2278         proto_item *item=NULL;
2279         proto_tree *tree=NULL;
2280         int old_offset=offset;
2281
2282         if(parent_tree){
2283                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2284                         "DOMAIN_CONTROLLER_INFO:");
2285                 tree = proto_item_add_subtree(item, ett_DOMAIN_CONTROLLER_INFO);
2286         }
2287
2288         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2289                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2290                 "unknown", hf_netlogon_dc_name, -1);
2291
2292         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2293                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2294                 "unknown", hf_netlogon_dc_address, -1);
2295
2296         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2297                 hf_netlogon_dc_address_type, NULL);
2298
2299         offset = dissect_nt_GUID(tvb, offset,
2300                 pinfo, tree, drep);
2301
2302         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2303                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2304                 "unknown", hf_netlogon_logon_dom, -1);
2305
2306         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2307                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2308                 "unknown", hf_netlogon_dns_forest_name, -1);
2309
2310         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2311                 hf_netlogon_flags, NULL);
2312
2313         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2314                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2315                 "unknown", hf_netlogon_dc_site_name, -1);
2316
2317         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2318                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2319                 "unknown", hf_netlogon_client_site_name, -1);
2320
2321         proto_item_set_len(item, offset-old_offset);
2322         return offset;
2323 }
2324
2325 static int
2326 netlogon_dissect_DOMAIN_CONTROLLER_INFO_ptr(tvbuff_t *tvb, int offset,
2327                         packet_info *pinfo, proto_tree *tree,
2328                         char *drep)
2329 {
2330         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2331                 netlogon_dissect_DOMAIN_CONTROLLER_INFO, NDR_POINTER_PTR,
2332                 "DOMAIN_CONTROLLER_INFO pointer: info", -1, 0);
2333
2334         return offset;
2335 }
2336
2337 static int
2338 netlogon_dissect_DOMAIN_CONTROLLER_INFO_ptr_ptr(tvbuff_t *tvb, int offset,
2339                         packet_info *pinfo, proto_tree *tree,
2340                         char *drep)
2341 {
2342         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2343                 netlogon_dissect_DOMAIN_CONTROLLER_INFO_ptr, NDR_POINTER_PTR,
2344                 "DOMAIN_CONTROLLER_INFO pointer: info", -1, 0);
2345
2346         return offset;
2347 }
2348
2349 static int
2350 netlogon_dissect_BLOB_array(tvbuff_t *tvb, int offset,
2351                         packet_info *pinfo, proto_tree *tree,
2352                         char *drep)
2353 {
2354         guint32 len;
2355         dcerpc_info *di;
2356
2357         di=pinfo->private_data;
2358         if(di->conformant_run){
2359                 /*just a run to handle conformant arrays, nothing to dissect.*/
2360                 return offset;
2361         }
2362
2363         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2364                 hf_netlogon_blob_size, &len);
2365
2366         proto_tree_add_item(tree, hf_netlogon_blob, tvb, offset, len,
2367                 FALSE);
2368         offset += len;
2369
2370         return offset;
2371 }
2372
2373 static int
2374 netlogon_dissect_BLOB(tvbuff_t *tvb, int offset,
2375                         packet_info *pinfo, proto_tree *parent_tree,
2376                         char *drep)
2377 {
2378         proto_item *item=NULL;
2379         proto_tree *tree=NULL;
2380         int old_offset=offset;
2381
2382         if(parent_tree){
2383                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2384                         "BLOB:");
2385                 tree = proto_item_add_subtree(item, ett_BLOB);
2386         }
2387
2388         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2389                 hf_netlogon_blob_size, NULL);
2390
2391         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2392                 netlogon_dissect_BLOB_array, NDR_POINTER_PTR,
2393                 "BLOB:", -1, 0);
2394
2395         return offset;
2396 }
2397
2398 static int
2399 netlogon_dissect_BLOB_ptr(tvbuff_t *tvb, int offset,
2400                         packet_info *pinfo, proto_tree *tree,
2401                         char *drep)
2402 {
2403         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2404                 netlogon_dissect_BLOB, NDR_POINTER_PTR,
2405                 "BLOB pointer:", -1, 0);
2406
2407         return offset;
2408 }
2409
2410 static int
2411 netlogon_dissect_TYPE_46(tvbuff_t *tvb, int offset,
2412                         packet_info *pinfo, proto_tree *parent_tree,
2413                         char *drep)
2414 {
2415         proto_item *item=NULL;
2416         proto_tree *tree=NULL;
2417         int old_offset=offset;
2418
2419         if(parent_tree){
2420                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2421                         "TYPE_46:");
2422                 tree = proto_item_add_subtree(item, ett_TYPE_46);
2423         }
2424
2425         offset = netlogon_dissect_BLOB(tvb, offset,
2426                 pinfo, tree, drep);
2427
2428         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2429                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2430                 "unknown", hf_netlogon_workstation_fqdn, -1);
2431
2432         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2433                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2434                 "unknown", hf_netlogon_workstation_site_name, -1);
2435
2436         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2437                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2438                 "unknown", hf_netlogon_workstation_os, -1);
2439
2440         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2441                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2442                 "unknown", hf_netlogon_unknown_string, -1);
2443
2444         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2445                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2446                 "unknown", hf_netlogon_unknown_string, -1);
2447
2448         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2449                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
2450                 "unknown", hf_netlogon_unknown_string, -1);
2451
2452         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2453                 hf_netlogon_unknown_string, 0);
2454
2455         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2456                 hf_netlogon_unknown_string, 0);
2457
2458         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2459                 hf_netlogon_unknown_string, 0);
2460
2461         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2462                 hf_netlogon_unknown_string, 0);
2463
2464         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2465                 hf_netlogon_unknown_long, NULL);
2466
2467         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2468                 hf_netlogon_unknown_long, NULL);
2469
2470         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2471                 hf_netlogon_unknown_long, NULL);
2472
2473         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2474                 hf_netlogon_unknown_long, NULL);
2475
2476         proto_item_set_len(item, offset-old_offset);
2477         return offset;
2478 }
2479
2480 static int
2481 netlogon_dissect_TYPE_48(tvbuff_t *tvb, int offset,
2482                         packet_info *pinfo, proto_tree *parent_tree,
2483                         char *drep)
2484 {
2485         proto_item *item=NULL;
2486         proto_tree *tree=NULL;
2487         int old_offset=offset;
2488
2489         if(parent_tree){
2490                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2491                         "TYPE_48:");
2492                 tree = proto_item_add_subtree(item, ett_TYPE_48);
2493         }
2494
2495         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2496                 hf_netlogon_unknown_string, 0);
2497
2498         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2499                 hf_netlogon_unknown_string, 0);
2500
2501         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2502                 hf_netlogon_unknown_string, 0);
2503
2504         offset = dissect_nt_GUID(tvb, offset,
2505                 pinfo, tree, drep);
2506
2507         offset = dissect_ndr_nt_PSID(tvb, offset,
2508                 pinfo, tree, drep);
2509
2510         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2511                 hf_netlogon_unknown_string, 0);
2512
2513         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2514                 hf_netlogon_unknown_string, 0);
2515
2516         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2517                 hf_netlogon_unknown_string, 0);
2518
2519         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2520                 hf_netlogon_unknown_string, 0);
2521
2522         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2523                 hf_netlogon_unknown_long, NULL);
2524
2525         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2526                 hf_netlogon_unknown_long, NULL);
2527
2528         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2529                 hf_netlogon_unknown_long, NULL);
2530
2531         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2532                 hf_netlogon_unknown_long, NULL);
2533
2534         offset = netlogon_dissect_BLOB(tvb, offset,
2535                 pinfo, tree, drep);
2536
2537         offset = netlogon_dissect_BLOB(tvb, offset,
2538                 pinfo, tree, drep);
2539
2540         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2541                 hf_netlogon_unknown_string, 0);
2542
2543         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2544                 hf_netlogon_unknown_string, 0);
2545
2546         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2547                 hf_netlogon_unknown_string, 0);
2548
2549         offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2550                 hf_netlogon_unknown_string, 0);
2551
2552         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2553                 hf_netlogon_unknown_long, NULL);
2554
2555         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2556                 hf_netlogon_unknown_long, NULL);
2557
2558         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2559                 hf_netlogon_unknown_long, NULL);
2560
2561         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2562                 hf_netlogon_unknown_long, NULL);
2563
2564         proto_item_set_len(item, offset-old_offset);
2565         return offset;
2566 }
2567
2568 static int
2569 netlogon_dissect_UNICODE_STRING_512(tvbuff_t *tvb, int offset,
2570                         packet_info *pinfo, proto_tree *parent_tree,
2571                         char *drep)
2572 {
2573         proto_item *item=NULL;
2574         proto_tree *tree=NULL;
2575         int old_offset=offset;
2576         int i;
2577
2578         if(parent_tree){
2579                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2580                         "UNICODE_STRING_512:");
2581                 tree = proto_item_add_subtree(item, ett_UNICODE_STRING_512);
2582         }
2583
2584         for(i=0;i<512;i++){
2585                 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2586                         hf_netlogon_unknown_short, NULL);
2587         }
2588
2589         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2590                 hf_netlogon_unknown_long, NULL);
2591
2592         proto_item_set_len(item, offset-old_offset);
2593         return offset;
2594 }
2595
2596 static int
2597 netlogon_dissect_NETLOGON_SECURE_CHANNEL_TYPE(tvbuff_t *tvb, int offset,
2598                         packet_info *pinfo, proto_tree *tree,
2599                         char *drep)
2600 {
2601                 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2602                         hf_netlogon_secure_channel_type, NULL);
2603
2604         return offset;
2605 }
2606
2607 static int
2608 netlogon_dissect_element_844_byte(tvbuff_t *tvb, int offset,
2609                         packet_info *pinfo, proto_tree *tree,
2610                         char *drep)
2611 {
2612                 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2613                         hf_netlogon_unknown_char, NULL);
2614
2615         return offset;
2616 }
2617
2618 static int
2619 netlogon_dissect_element_844_array(tvbuff_t *tvb, int offset,
2620                         packet_info *pinfo, proto_tree *tree,
2621                         char *drep)
2622 {
2623         offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2624                 netlogon_dissect_element_844_byte);
2625
2626         return offset;
2627 }
2628
2629 static int
2630 netlogon_dissect_TYPE_50(tvbuff_t *tvb, int offset,
2631                         packet_info *pinfo, proto_tree *parent_tree,
2632                         char *drep)
2633 {
2634         proto_item *item=NULL;
2635         proto_tree *tree=NULL;
2636         int old_offset=offset;
2637
2638         if(parent_tree){
2639                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2640                         "TYPE_50:");
2641                 tree = proto_item_add_subtree(item, ett_TYPE_50);
2642         }
2643
2644         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2645                 hf_netlogon_unknown_long, NULL);
2646
2647         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2648                 netlogon_dissect_element_844_array, NDR_POINTER_UNIQUE,
2649                 "unknown", hf_netlogon_unknown_string, 0);
2650
2651         proto_item_set_len(item, offset-old_offset);
2652         return offset;
2653 }
2654
2655 static int
2656 netlogon_dissect_TYPE_50_ptr(tvbuff_t *tvb, int offset,
2657                         packet_info *pinfo, proto_tree *tree,
2658                         char *drep)
2659 {
2660         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2661                 netlogon_dissect_TYPE_50, NDR_POINTER_PTR,
2662                 "TYPE_50 pointer: unknown_TYPE_50", -1, 0);
2663         
2664         return offset;
2665 }
2666
2667 static int
2668 netlogon_dissect_TYPE_50_ptr_ptr(tvbuff_t *tvb, int offset,
2669                         packet_info *pinfo, proto_tree *tree,
2670                         char *drep)
2671 {
2672         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2673                 netlogon_dissect_TYPE_50_ptr, NDR_POINTER_PTR,
2674                 "TYPE_50* pointer: unknown_TYPE_50", -1, 0);
2675         
2676         return offset;
2677 }
2678
2679 static int
2680 netlogon_dissect_element_861_byte(tvbuff_t *tvb, int offset,
2681                         packet_info *pinfo, proto_tree *tree,
2682                         char *drep)
2683 {
2684                 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2685                         hf_netlogon_unknown_char, NULL);
2686
2687         return offset;
2688 }
2689
2690 static int
2691 netlogon_dissect_element_861_array(tvbuff_t *tvb, int offset,
2692                         packet_info *pinfo, proto_tree *tree,
2693                         char *drep)
2694 {
2695         offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2696                 netlogon_dissect_element_861_byte);
2697
2698         return offset;
2699 }
2700
2701 static int
2702 netlogon_dissect_TYPE_51(tvbuff_t *tvb, int offset,
2703                         packet_info *pinfo, proto_tree *parent_tree,
2704                         char *drep)
2705 {
2706         proto_item *item=NULL;
2707         proto_tree *tree=NULL;
2708         int old_offset=offset;
2709
2710         if(parent_tree){
2711                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2712                         "TYPE_51:");
2713                 tree = proto_item_add_subtree(item, ett_TYPE_51);
2714         }
2715
2716         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2717                 hf_netlogon_unknown_long, NULL);
2718
2719         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2720                 netlogon_dissect_element_861_array, NDR_POINTER_UNIQUE,
2721                 "unknown", hf_netlogon_unknown_string, 0);
2722
2723         proto_item_set_len(item, offset-old_offset);
2724         return offset;
2725 }
2726
2727 static int
2728 netlogon_dissect_element_865_byte(tvbuff_t *tvb, int offset,
2729                         packet_info *pinfo, proto_tree *tree,
2730                         char *drep)
2731 {
2732                 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2733                         hf_netlogon_unknown_char, NULL);
2734
2735         return offset;
2736 }
2737
2738 static int
2739 netlogon_dissect_element_865_array(tvbuff_t *tvb, int offset,
2740                         packet_info *pinfo, proto_tree *tree,
2741                         char *drep)
2742 {
2743         offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2744                 netlogon_dissect_element_865_byte);
2745
2746         return offset;
2747 }
2748
2749 static int
2750 netlogon_dissect_element_866_byte(tvbuff_t *tvb, int offset,
2751                         packet_info *pinfo, proto_tree *tree,
2752                         char *drep)
2753 {
2754                 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2755                         hf_netlogon_unknown_char, NULL);
2756
2757         return offset;
2758 }
2759
2760 static int
2761 netlogon_dissect_element_866_array(tvbuff_t *tvb, int offset,
2762                         packet_info *pinfo, proto_tree *tree,
2763                         char *drep)
2764 {
2765         offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2766                 netlogon_dissect_element_866_byte);
2767
2768         return offset;
2769 }
2770
2771 static int
2772 netlogon_dissect_TYPE_52(tvbuff_t *tvb, int offset,
2773                         packet_info *pinfo, proto_tree *parent_tree,
2774                         char *drep)
2775 {
2776         proto_item *item=NULL;
2777         proto_tree *tree=NULL;
2778         int old_offset=offset;
2779
2780         if(parent_tree){
2781                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2782                         "TYPE_52:");
2783                 tree = proto_item_add_subtree(item, ett_TYPE_52);
2784         }
2785
2786         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2787                 hf_netlogon_unknown_long, NULL);
2788
2789         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2790                 netlogon_dissect_element_865_array, NDR_POINTER_UNIQUE,
2791                 "unknown", hf_netlogon_unknown_string, 0);
2792
2793         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2794                 netlogon_dissect_element_866_array, NDR_POINTER_UNIQUE,
2795                 "unknown", hf_netlogon_unknown_string, 0);
2796
2797         proto_item_set_len(item, offset-old_offset);
2798         return offset;
2799 }
2800
2801 static int
2802 netlogon_dissect_TYPE_52_ptr(tvbuff_t *tvb, int offset,
2803                         packet_info *pinfo, proto_tree *tree,
2804                         char *drep)
2805 {
2806         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2807                 netlogon_dissect_TYPE_52, NDR_POINTER_PTR,
2808                 "TYPE_52 pointer: unknown_TYPE_52", -1, 0);
2809         return offset;
2810 }
2811
2812 static int
2813 netlogon_dissect_TYPE_52_ptr_ptr(tvbuff_t *tvb, int offset,
2814                         packet_info *pinfo, proto_tree *tree,
2815                         char *drep)
2816 {
2817         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2818                 netlogon_dissect_TYPE_52_ptr, NDR_POINTER_PTR,
2819                 "TYPE_52* pointer: unknown_TYPE_52", -1, 0);
2820         return offset;
2821 }
2822
2823 static int
2824 netlogon_dissect_NETLOGON_LEVEL(tvbuff_t *tvb, int offset,
2825                         packet_info *pinfo, proto_tree *parent_tree,
2826                         char *drep)
2827 {
2828         proto_item *item=NULL;
2829         proto_tree *tree=NULL;
2830         int old_offset=offset;
2831         guint16 level;
2832
2833         if(parent_tree){
2834                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2835                         "NETLOGON_LEVEL:");
2836                 tree = proto_item_add_subtree(item, ett_NETLOGON_LEVEL);
2837         }
2838
2839         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2840                 hf_netlogon_level, &level);
2841
2842         ALIGN_TO_4_BYTES;
2843         switch(level){
2844         case 1:
2845                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2846                         netlogon_dissect_NETLOGON_INTERACTIVE_INFO, NDR_POINTER_PTR,
2847                         "INTERACTIVE_INFO pointer:", -1, 0);
2848                 break;
2849         case 2:
2850                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2851                         netlogon_dissect_NETLOGON_NETWORK_INFO, NDR_POINTER_PTR,
2852                         "NETWORK_INFO pointer:", -1, 0);
2853                 break;
2854         case 3:
2855                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2856                         netlogon_dissect_NETLOGON_INTERACTIVE_INFO, NDR_POINTER_PTR,
2857                         "INTERACTIVE_INFO pointer:", -1, 0);
2858                 break;
2859         case 5:
2860                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2861                         netlogon_dissect_NETLOGON_INTERACTIVE_INFO, NDR_POINTER_PTR,
2862                         "INTERACTIVE_INFO pointer:", -1, 0);
2863                 break;
2864         case 6:
2865                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2866                         netlogon_dissect_NETLOGON_NETWORK_INFO, NDR_POINTER_PTR,
2867                         "NETWORK_INFO pointer:", -1, 0);
2868                 break;
2869         case 7:
2870                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2871                         netlogon_dissect_NETLOGON_INTERACTIVE_INFO, NDR_POINTER_PTR,
2872                         "INTERACTIVE_INFO pointer:", -1, 0);
2873                 break;
2874         }
2875
2876         proto_item_set_len(item, offset-old_offset);
2877         return offset;
2878 }
2879
2880 static int
2881 netlogon_dissect_NETLOGON_VALIDATION(tvbuff_t *tvb, int offset,
2882                         packet_info *pinfo, proto_tree *parent_tree,
2883                         char *drep)
2884 {
2885         proto_item *item=NULL;
2886         proto_tree *tree=NULL;
2887         int old_offset=offset;
2888         guint16 level;
2889
2890         if(parent_tree){
2891                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2892                         "NETLOGON_VALIDATION:");
2893                 tree = proto_item_add_subtree(item, ett_NETLOGON_VALIDATION);
2894         }
2895
2896         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2897                 hf_netlogon_level, &level);
2898
2899         /* XXX i am not sure about these pointers being UNIQUE, though I am
2900            pretty convinced that they are NOT PTR as the idl file suggests.
2901         */
2902         ALIGN_TO_4_BYTES;
2903         switch(level){
2904         case 2:
2905                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2906                         netlogon_dissect_NETLOGON_VALIDATION_SAM_INFO1, NDR_POINTER_UNIQUE,
2907                         "NETLOGON_VALIDATION_SAM_INFO1 pointer:", -1, 0);
2908                 break;
2909         case 3:
2910                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2911                         netlogon_dissect_NETLOGON_VALIDATION_SAM_INFO2, NDR_POINTER_UNIQUE,
2912                         "NETLOGON_VALIDATION_SAM_INFO2 pointer:", -1, 0);
2913                 break;
2914         case 4:
2915                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2916                         netlogon_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
2917                         "STRING pointer:", -1, 0);
2918                 break;
2919         case 5:
2920                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2921                         netlogon_dissect_BLOB_ptr, NDR_POINTER_UNIQUE,
2922                         "BLOB pointer:", -1, 0);
2923                 break;
2924         }
2925
2926         proto_item_set_len(item, offset-old_offset);
2927         return offset;
2928 }
2929
2930
2931 static int
2932 netlogon_dissect_TYPE_19(tvbuff_t *tvb, int offset,
2933                         packet_info *pinfo, proto_tree *parent_tree,
2934                         char *drep)
2935 {
2936         proto_item *item=NULL;
2937         proto_tree *tree=NULL;
2938         int old_offset=offset;
2939         guint16 level;
2940
2941         if(parent_tree){
2942                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2943                         "TYPE_19:");
2944                 tree = proto_item_add_subtree(item, ett_TYPE_19);
2945         }
2946
2947         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2948                 hf_netlogon_level, &level);
2949
2950         ALIGN_TO_4_BYTES;
2951         switch(level){
2952         case 1:
2953                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2954                         hf_netlogon_unknown_long, NULL);
2955                 break;
2956         case 2:
2957                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2958                         hf_netlogon_unknown_long, NULL);
2959                 break;
2960         case 3:
2961                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2962                         hf_netlogon_unknown_long, NULL);
2963                 break;
2964         case 4:
2965                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2966                         hf_netlogon_unknown_long, NULL);
2967                 break;
2968         case 5:
2969                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2970                         hf_netlogon_unknown_long, NULL);
2971                 break;
2972         case 6:
2973                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2974                         hf_netlogon_unknown_long, NULL);
2975                 break;
2976         case 7:
2977                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2978                         hf_netlogon_unknown_long, NULL);
2979                 break;
2980         case 8:
2981                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2982                         hf_netlogon_unknown_long, NULL);
2983                 break;
2984         case 9:
2985                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2986                         hf_netlogon_unknown_long, NULL);
2987                 break;
2988         case 10:
2989                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2990                         hf_netlogon_unknown_long, NULL);
2991                 break;
2992         case 11:
2993                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2994                         hf_netlogon_unknown_long, NULL);
2995                 break;
2996         case 12:
2997                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2998                         hf_netlogon_unknown_long, NULL);
2999                 break;
3000         case 20:
3001                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3002                         hf_netlogon_unknown_long, NULL);
3003                 break;
3004         case 21:
3005                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3006                         hf_netlogon_unknown_long, NULL);
3007                 break;
3008         case 13:
3009                 offset = dissect_ndr_nt_PSID(tvb, offset,
3010                         pinfo, tree, drep);
3011                 break;
3012         case 14:
3013                 offset = dissect_ndr_nt_PSID(tvb, offset,
3014                         pinfo, tree, drep);
3015                 break;
3016         case 15:
3017                 offset = dissect_ndr_nt_PSID(tvb, offset,
3018                         pinfo, tree, drep);
3019                 break;
3020         case 16:
3021                 offset = dissect_ndr_nt_PSID(tvb, offset,
3022                         pinfo, tree, drep);
3023                 break;
3024         case 17:
3025                 offset = dissect_ndr_nt_PSID(tvb, offset,
3026                         pinfo, tree, drep);
3027                 break;
3028         case 18:
3029                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3030                         dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
3031                         "unknown", hf_netlogon_unknown_string, -1);
3032                 break;
3033         case 19:
3034                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3035                         dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
3036                         "unknown", hf_netlogon_unknown_string, -1);
3037                 break;
3038         }
3039
3040         proto_item_set_len(item, offset-old_offset);
3041         return offset;
3042 }
3043
3044
3045 static int
3046 netlogon_dissect_NETLOGON_CONTROL_QUERY_INFO(tvbuff_t *tvb, int offset,
3047                         packet_info *pinfo, proto_tree *parent_tree,
3048                         char *drep)
3049 {
3050         proto_item *item=NULL;
3051         proto_tree *tree=NULL;
3052         int old_offset=offset;
3053         guint32 level;
3054
3055         if(parent_tree){
3056                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
3057                         "NETLOGON_CONTROL_QUERY_INFO:");
3058                 tree = proto_item_add_subtree(item, ett_NETLOGON_CONTROL_QUERY_INFO);
3059         }
3060
3061         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3062                 hf_netlogon_level_long, &level);
3063
3064         ALIGN_TO_4_BYTES;
3065         switch(level){
3066         case 5:
3067                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3068                         dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
3069                         "unknown", hf_netlogon_unknown_string, -1);
3070                 break;
3071         case 6:
3072                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3073                         dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
3074                         "unknown", hf_netlogon_unknown_string, -1);
3075                 break;
3076         case 0xfffe:
3077                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3078                         hf_netlogon_unknown_long, NULL);
3079                 break;
3080         case 8:
3081                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3082                         dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
3083                         "unknown", hf_netlogon_unknown_string, -1);
3084                 break;
3085         }
3086
3087         proto_item_set_len(item, offset-old_offset);
3088         return offset;
3089 }
3090
3091
3092 static int
3093 netlogon_dissect_TYPE_44(tvbuff_t *tvb, int offset,
3094                         packet_info *pinfo, proto_tree *parent_tree,
3095                         char *drep)
3096 {
3097         proto_item *item=NULL;
3098         proto_tree *tree=NULL;
3099         int old_offset=offset;
3100         guint32 level;
3101
3102         if(parent_tree){
3103                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
3104                         "TYPE_44:");
3105                 tree = proto_item_add_subtree(item, ett_TYPE_44);
3106         }
3107
3108         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3109                 hf_netlogon_level_long, &level);
3110
3111         ALIGN_TO_4_BYTES;
3112         switch(level){
3113         case 1:
3114                 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3115                         hf_netlogon_unknown_long, NULL);
3116                 break;
3117         }
3118
3119         proto_item_set_len(item, offset-old_offset);
3120         return offset;
3121 }
3122
3123 static int
3124 netlogon_dissect_TYPE_20(tvbuff_t *tvb, int offset,
3125                         packet_info *pinfo, proto_tree *parent_tree,
3126                         char *drep)
3127 {
3128         proto_item *item=NULL;
3129         proto_tree *tree=NULL;
3130         int old_offset=offset;
3131         guint16 level;
3132
3133         if(parent_tree){
3134                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
3135                         "TYPE_20:");
3136                 tree = proto_item_add_subtree(item, ett_TYPE_20);
3137         }
3138
3139         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3140                 hf_netlogon_level, &level);
3141
3142         ALIGN_TO_4_BYTES;
3143         switch(level){
3144         case 1:
3145                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3146                         netlogon_dissect_NETLOGON_SAM_DOMAIN_INFO, NDR_POINTER_PTR,
3147                         "NETLOGON_SAM_DOMAIN_INFO pointer:", -1, 0);
3148                 break;
3149         case 2:
3150                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3151                         netlogon_dissect_NETLOGON_SAM_GROUP_INFO, NDR_POINTER_PTR,
3152                         "NETLOGON_SAM_GROUP_INFO pointer:", -1, 0);
3153                 break;
3154         case 4:
3155                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3156                         netlogon_dissect_TYPE_23, NDR_POINTER_PTR,
3157                         "TYPE_23 pointer:", -1, 0);
3158                 break;
3159         case 5:
3160                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3161                         netlogon_dissect_NETLOGON_SAM_ACCOUNT_INFO, NDR_POINTER_PTR,
3162                         "NETLOGON_SAM_ACCOUNT_INFO pointer:", -1, 0);
3163                 break;
3164         case 7:
3165                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3166                         netlogon_dissect_TYPE_23, NDR_POINTER_PTR,
3167                         "TYPE_23 pointer:", -1, 0);
3168                 break;
3169         case 8:
3170                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3171                         netlogon_dissect_NETLOGON_SAM_GROUP_MEM_INFO, NDR_POINTER_PTR,
3172                         "NETLOGON_SAM_GROUP_MEM_INFO pointer:", -1, 0);
3173                 break;
3174         case 9:
3175                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3176                         netlogon_dissect_NETLOGON_SAM_ALIAS_INFO, NDR_POINTER_PTR,
3177                         "NETLOGON_SAM_ALIAS_INFO pointer:", -1, 0);
3178                 break;
3179         case 11:
3180                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3181                         netlogon_dissect_TYPE_23, NDR_POINTER_PTR,
3182                         "TYPE_23 pointer:", -1, 0);
3183                 break;
3184         case 12:
3185                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3186                         netlogon_dissect_NETLOGON_SAM_ALIAS_MEM_INFO, NDR_POINTER_PTR,
3187                         "NETLOGON_SAM_ALIAS_MEM_INFO pointer:", -1, 0);
3188                 break;
3189         case 13:
3190                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3191                         netlogon_dissect_TYPE_29, NDR_POINTER_PTR,
3192                         "TYPE_29 pointer:", -1, 0);
3193                 break;
3194         case 14:
3195                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3196                         netlogon_dissect_TYPE_31, NDR_POINTER_PTR,
3197                         "TYPE_31 pointer:", -1, 0);
3198                 break;
3199         case 16:
3200                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3201                         netlogon_dissect_TYPE_33, NDR_POINTER_PTR,
3202                         "TYPE_33 pointer:", -1, 0);
3203                 break;
3204         case 18:
3205                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3206                         netlogon_dissect_TYPE_34, NDR_POINTER_PTR,
3207                         "TYPE_34 pointer:", -1, 0);
3208                 break;
3209         case 20:
3210                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3211                         netlogon_dissect_TYPE_35, NDR_POINTER_PTR,
3212                         "TYPE_35 pointer:", -1, 0);
3213                 break;
3214         case 21:
3215                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3216                         netlogon_dissect_TYPE_35, NDR_POINTER_PTR,
3217                         "TYPE_35 pointer:", -1, 0);
3218                 break;
3219         case 22:
3220                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3221                         netlogon_dissect_TYPE_16, NDR_POINTER_PTR,
3222                         "TYPE_16 pointer:", -1, 0);
3223                 break;
3224         }
3225
3226         proto_item_set_len(item, offset-old_offset);
3227         return offset;
3228 }
3229
3230 static int
3231 netlogon_dissect_SAM_DELTA(tvbuff_t *tvb, int offset,
3232                         packet_info *pinfo, proto_tree *parent_tree,
3233                         char *drep)
3234 {
3235         proto_item *item=NULL;
3236         proto_tree *tree=NULL;
3237         int old_offset=offset;
3238
3239         if(parent_tree){
3240                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
3241                         "SAM_DELTA:");
3242                 tree = proto_item_add_subtree(item, ett_SAM_DELTA);
3243         }
3244
3245         offset = netlogon_dissect_TYPE_19(tvb, offset,
3246                 pinfo, tree, drep);
3247
3248         offset = netlogon_dissect_TYPE_20(tvb, offset,
3249                 pinfo, tree, drep);
3250
3251         proto_item_set_len(item, offset-old_offset);
3252         return offset;
3253 }
3254
3255 static int
3256 netlogon_dissect_SAM_DELTA_array(tvbuff_t *tvb, int offset,
3257                         packet_info *pinfo, proto_tree *tree,
3258                         char *drep)
3259 {
3260         offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3261                 netlogon_dissect_SAM_DELTA);
3262
3263         return offset;
3264 }
3265
3266 static int
3267 netlogon_dissect_SAM_DELTA_ARRAY(tvbuff_t *tvb, int offset,
3268                         packet_info *pinfo, proto_tree *parent_tree,
3269                         char *drep)
3270 {
3271         proto_item *item=NULL;
3272         proto_tree *tree=NULL;
3273         int old_offset=offset;
3274
3275         if(parent_tree){
3276                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
3277                         "SAM_DELTA_ARRAY:");
3278                 tree = proto_item_add_subtree(item, ett_SAM_DELTA_ARRAY);
3279         }
3280
3281         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3282                 hf_netlogon_num_deltas, NULL);
3283
3284         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3285                 netlogon_dissect_SAM_DELTA_array, NDR_POINTER_UNIQUE,
3286                 "unknown", -1, 0);
3287
3288         proto_item_set_len(item, offset-old_offset);
3289         return offset;
3290 }
3291
3292 static int
3293 netlogon_dissect_SAM_DELTA_ARRAY_ptr(tvbuff_t *tvb, int offset,
3294                         packet_info *pinfo, proto_tree *tree,
3295                         char *drep)
3296 {
3297         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3298                 netlogon_dissect_SAM_DELTA_ARRAY, NDR_POINTER_PTR,
3299                 "SAM_DELTA_ARRAY pointer: deltas", -1, 0);
3300
3301         return offset;
3302 }
3303
3304 static int
3305 netlogon_dissect_LOGONSRV_HANDLE(tvbuff_t *tvb, int offset,
3306                         packet_info *pinfo, proto_tree *tree,
3307                         char *drep)
3308 {
3309         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3310                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
3311                 "Handle", hf_netlogon_logonsrv_handle, 0);
3312
3313         return offset;
3314 }
3315
3316 static int
3317 netlogon_dissect_NETLOGON_INFO(tvbuff_t *tvb, int offset,
3318                         packet_info *pinfo, proto_tree *parent_tree,
3319                         char *drep)
3320 {
3321         proto_item *item=NULL;
3322         proto_tree *tree=NULL;
3323         int old_offset=offset;
3324         guint32 level;
3325
3326         if(parent_tree){
3327                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
3328                         "NETLOGON_INFO:");
3329                 tree = proto_item_add_subtree(item, ett_NETLOGON_INFO);
3330         }
3331
3332         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3333                 hf_netlogon_level_long, &level);
3334
3335         ALIGN_TO_4_BYTES;
3336         switch(level){
3337         case 1:
3338                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3339                         netlogon_dissect_NETLOGON_INFO_1, NDR_POINTER_PTR,
3340                         "NETLOGON_INFO_1 pointer:", -1, 0);
3341                 break;
3342         case 2:
3343                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3344                         netlogon_dissect_NETLOGON_INFO_2, NDR_POINTER_PTR,
3345                         "NETLOGON_INFO_2 pointer:", -1, 0);
3346                 break;
3347         case 3:
3348                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3349                         netlogon_dissect_NETLOGON_INFO_3, NDR_POINTER_PTR,
3350                         "NETLOGON_INFO_3 pointer:", -1, 0);
3351                 break;
3352         case 4:
3353                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3354                         netlogon_dissect_NETLOGON_INFO_4, NDR_POINTER_PTR,
3355                         "NETLOGON_INFO_4 pointer:", -1, 0);
3356                 break;
3357         }
3358
3359         proto_item_set_len(item, offset-old_offset);
3360         return offset;
3361 }
3362
3363 static int
3364 netlogon_dissect_TYPE_45(tvbuff_t *tvb, int offset,
3365                         packet_info *pinfo, proto_tree *parent_tree,
3366                         char *drep)
3367 {
3368         proto_item *item=NULL;
3369         proto_tree *tree=NULL;
3370         int old_offset=offset;
3371         guint32 level;
3372
3373         if(parent_tree){
3374                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
3375                         "TYPE_45:");
3376                 tree = proto_item_add_subtree(item, ett_TYPE_45);
3377         }
3378
3379         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3380                 hf_netlogon_level_long, &level);
3381
3382         ALIGN_TO_4_BYTES;
3383         switch(level){
3384         case 1:
3385                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3386                         netlogon_dissect_TYPE_46, NDR_POINTER_PTR,
3387                         "TYPE_46 pointer:", -1, 0);
3388                 break;
3389         case 2:
3390                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3391                         netlogon_dissect_TYPE_46, NDR_POINTER_PTR,
3392                         "TYPE_46 pointer:", -1, 0);
3393                 break;
3394         }
3395
3396         proto_item_set_len(item, offset-old_offset);
3397         return offset;
3398 }
3399
3400 static int
3401 netlogon_dissect_TYPE_47(tvbuff_t *tvb, int offset,
3402                         packet_info *pinfo, proto_tree *parent_tree,
3403                         char *drep)
3404 {
3405         proto_item *item=NULL;
3406         proto_tree *tree=NULL;
3407         int old_offset=offset;
3408         guint32 level;
3409
3410         if(parent_tree){
3411                 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
3412                         "TYPE_47:");
3413                 tree = proto_item_add_subtree(item, ett_TYPE_47);
3414         }
3415
3416         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3417                 hf_netlogon_level_long, &level);
3418
3419         ALIGN_TO_4_BYTES;
3420         switch(level){
3421         case 1:
3422                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3423                         netlogon_dissect_TYPE_48, NDR_POINTER_PTR,
3424                         "TYPE_48 pointer:", -1, 0);
3425                 break;
3426         case 2:
3427                 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3428                         netlogon_dissect_UNICODE_MULTI, NDR_POINTER_PTR,
3429                         "UNICODE_MULTI pointer:", -1, 0);
3430                 break;
3431         }
3432
3433         proto_item_set_len(item, offset-old_offset);
3434         return offset;
3435 }
3436
3437
3438 static int
3439 netlogon_dissect_function_00_rqst(tvbuff_t *tvb, int offset,
3440         packet_info *pinfo, proto_tree *tree, char *drep)
3441 {
3442         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
3443                 pinfo, tree, drep);
3444
3445         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3446                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_REF,
3447                 "unknown string", hf_netlogon_unknown_string, -1);
3448
3449         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3450                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_REF,
3451                 "unknown string", hf_netlogon_unknown_string, -1);
3452
3453         return offset;
3454 }
3455
3456
3457 static int
3458 netlogon_dissect_function_00_reply(tvbuff_t *tvb, int offset,
3459         packet_info *pinfo, proto_tree *tree, char *drep)
3460 {
3461         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3462                 netlogon_dissect_TYPE_1_ptr, NDR_POINTER_REF,
3463                 "TYPE_1* pointer: unknown_TYPE_1", -1, 0);
3464
3465         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3466                 hf_netlogon_rc, NULL);
3467
3468         return offset;
3469 }
3470
3471 static int
3472 netlogon_dissect_function_01_rqst(tvbuff_t *tvb, int offset,
3473         packet_info *pinfo, proto_tree *tree, char *drep)
3474 {
3475         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
3476                 pinfo, tree, drep);
3477
3478         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3479                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_REF,
3480                 "unknown string", hf_netlogon_unknown_string, -1);
3481
3482         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3483                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_REF,
3484                 "unknown string", hf_netlogon_unknown_string, -1);
3485
3486         return offset;
3487 }
3488
3489
3490 static int
3491 netlogon_dissect_function_01_reply(tvbuff_t *tvb, int offset,
3492         packet_info *pinfo, proto_tree *tree, char *drep)
3493 {
3494         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3495                 netlogon_dissect_TYPE_2, NDR_POINTER_REF,
3496                 "TYPE_2 pointer: unknown_TYPE_2", -1, 0);
3497
3498         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3499                 hf_netlogon_rc, NULL);
3500
3501         return offset;
3502 }
3503
3504 static int
3505 netlogon_dissect_netlogonsamlogon_rqst(tvbuff_t *tvb, int offset,
3506         packet_info *pinfo, proto_tree *tree, char *drep)
3507 {
3508         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
3509                 pinfo, tree, drep);
3510
3511         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3512                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
3513                 "Computer Name", hf_netlogon_computer_name, 0);
3514
3515         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3516                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_UNIQUE,
3517                 "NETLOGON_AUTHENTICATOR pointer: client_cred", -1, 0);
3518
3519         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3520                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_UNIQUE,
3521                 "NETLOGON_AUTHENTICATOR pointer: server_cred", -1, 0);
3522
3523         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3524                 netlogon_dissect_NETLOGON_LEVEL, NDR_POINTER_REF,
3525                 "NETLOGON_LEVEL pointer: id_ctr", -1, 0);
3526
3527         return offset;
3528 }
3529
3530
3531 static int
3532 netlogon_dissect_netlogonsamlogon_reply(tvbuff_t *tvb, int offset,
3533         packet_info *pinfo, proto_tree *tree, char *drep)
3534 {
3535         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3536                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_UNIQUE,
3537                 "NETLOGON_AUTHENTICATOR pointer: server_cred", -1, 0);
3538
3539         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3540                 netlogon_dissect_NETLOGON_VALIDATION, NDR_POINTER_REF,
3541                 "NETLOGON_VALIDATION pointer: ctr", -1, 0);
3542
3543         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3544                 netlogon_dissect_pointer_char, NDR_POINTER_REF,
3545                 "BOOLEAN pointer: Authoritative", hf_netlogon_authoritative, 0);
3546
3547         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3548                 hf_netlogon_rc, NULL);
3549
3550         return offset;
3551 }
3552
3553 static int
3554 netlogon_dissect_netlogonsamlogoff_rqst(tvbuff_t *tvb, int offset,
3555         packet_info *pinfo, proto_tree *tree, char *drep)
3556 {
3557         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
3558                 pinfo, tree, drep);
3559
3560         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3561                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
3562                 "unknown string", hf_netlogon_unknown_string, 0);
3563
3564         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3565                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_UNIQUE,
3566                 "NETLOGON_AUTHENTICATOR pointer: client_cred", -1, 0);
3567
3568         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3569                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_UNIQUE,
3570                 "NETLOGON_AUTHENTICATOR pointer: server_cred", -1, 0);
3571
3572         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3573                 netlogon_dissect_NETLOGON_LEVEL, NDR_POINTER_REF,
3574                 "NETLOGON_LEVEL pointer: id_ctr", -1, 0);
3575
3576         return offset;
3577 }
3578
3579
3580 static int
3581 netlogon_dissect_netlogonsamlogoff_reply(tvbuff_t *tvb, int offset,
3582         packet_info *pinfo, proto_tree *tree, char *drep)
3583 {
3584
3585         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3586                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_UNIQUE,
3587                 "NETLOGON_AUTHENTICATOR pointer: server_cred", -1, 0);
3588
3589         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3590                 hf_netlogon_rc, NULL);
3591
3592         return offset;
3593 }
3594
3595 static int
3596 netlogon_dissect_netserverreqchallenge_rqst(tvbuff_t *tvb, int offset,
3597         packet_info *pinfo, proto_tree *tree, char *drep)
3598 {
3599         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
3600                 pinfo, tree, drep);
3601
3602         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3603                 NDR_POINTER_REF, hf_netlogon_client_name, 0);
3604
3605         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3606                 netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
3607                 "NETLOGON_CREDENTIAL pointer: client_chal", -1, 0);
3608
3609         return offset;
3610 }
3611
3612
3613 static int
3614 netlogon_dissect_netserverreqchallenge_reply(tvbuff_t *tvb, int offset,
3615         packet_info *pinfo, proto_tree *tree, char *drep)
3616 {
3617         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3618                 netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
3619                 "NETLOGON_CREDENTIAL pointer: server_chal", -1, 0);
3620
3621         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3622                 hf_netlogon_rc, NULL);
3623
3624         return offset;
3625 }
3626
3627 static int
3628 netlogon_dissect_netserverauthenticate_rqst(tvbuff_t *tvb, int offset,
3629         packet_info *pinfo, proto_tree *tree, char *drep)
3630 {
3631         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
3632                 pinfo, tree, drep);
3633
3634         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3635                 NDR_POINTER_REF, hf_netlogon_acct_name, 0);
3636
3637         offset = netlogon_dissect_NETLOGON_SECURE_CHANNEL_TYPE(tvb, offset,
3638                 pinfo, tree, drep);
3639
3640         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3641                 NDR_POINTER_REF, hf_netlogon_computer_name, 0);
3642
3643         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3644                 netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
3645                 "NETLOGON_CREDENTIAL pointer: client_chal", -1, 0);
3646
3647         return offset;
3648 }
3649
3650
3651 static int
3652 netlogon_dissect_netserverauthenticate_reply(tvbuff_t *tvb, int offset,
3653         packet_info *pinfo, proto_tree *tree, char *drep)
3654 {
3655         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3656                 netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
3657                 "NETLOGON_CREDENTIAL pointer: server_chal", -1, 0);
3658
3659         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3660                 hf_netlogon_rc, NULL);
3661
3662         return offset;
3663 }
3664
3665 static int
3666 netlogon_dissect_netserverpasswordset_rqst(tvbuff_t *tvb, int offset,
3667         packet_info *pinfo, proto_tree *tree, char *drep)
3668 {
3669         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
3670                 pinfo, tree, drep);
3671
3672         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3673                 NDR_POINTER_REF, hf_netlogon_acct_name, 0);
3674
3675         offset = netlogon_dissect_NETLOGON_SECURE_CHANNEL_TYPE(tvb, offset,
3676                 pinfo, tree, drep);
3677
3678         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3679                 NDR_POINTER_REF, hf_netlogon_computer_name, 0);
3680
3681         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3682                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3683                 "NETLOGON_AUTHENTICATOR pointer: client_cred", -1, 0);
3684
3685         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3686                 netlogon_dissect_ENCRYPTED_LM_OWF_PASSWORD, NDR_POINTER_REF,
3687                 "ENCRYPTED_LM_OWF_PASSWORD pointer: hashed_pwd", -1, 0);
3688
3689         return offset;
3690 }
3691
3692
3693 static int
3694 netlogon_dissect_netserverpasswordset_reply(tvbuff_t *tvb, int offset,
3695         packet_info *pinfo, proto_tree *tree, char *drep)
3696 {
3697         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3698                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3699                 "NETLOGON_AUTHENTICATOR pointer: server_cred", -1, 0);
3700
3701         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3702                 hf_netlogon_rc, NULL);
3703
3704         return offset;
3705 }
3706
3707 static int
3708 netlogon_dissect_netsamdeltas_rqst(tvbuff_t *tvb, int offset,
3709         packet_info *pinfo, proto_tree *tree, char *drep)
3710 {
3711         /* XXX idl file has LOGONSRV_HANDLE here, ms capture has string srv_name */
3712         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3713                 NDR_POINTER_REF, hf_netlogon_logon_srv, 0);
3714
3715         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3716                 NDR_POINTER_REF, hf_netlogon_cli_name, 0);
3717
3718         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3719                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3720                 "NETLOGON_AUTHENTICATOR pointer: client_creds", -1, 0);
3721
3722         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3723                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3724                 "NETLOGON_AUTHENTICATOR pointer: server_creds", -1, 0);
3725
3726         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3727                 hf_netlogon_database_id, NULL);
3728
3729         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3730                 netlogon_dissect_TYPE_16, NDR_POINTER_REF,
3731                 "TYPE_16 pointer: dom_mod_count", -1, 0);
3732
3733         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3734                 hf_netlogon_max_size, NULL);
3735         return offset;
3736 }
3737
3738
3739 static int
3740 netlogon_dissect_netsamdeltas_reply(tvbuff_t *tvb, int offset,
3741         packet_info *pinfo, proto_tree *tree, char *drep)
3742 {
3743         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3744                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3745                 "NETLOGON_AUTHENTICATOR pointer: server_creds", -1, 0);
3746
3747         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3748                 netlogon_dissect_TYPE_16, NDR_POINTER_REF,
3749                 "TYPE_16 pointer: dom_mod_count", -1, 0);
3750
3751         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3752                 netlogon_dissect_SAM_DELTA_ARRAY_ptr, NDR_POINTER_REF,
3753                 "SAM_DELTA_ARRAY_ptr pointer: deltas", -1, 0);
3754
3755         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3756                 hf_netlogon_rc, NULL);
3757
3758         return offset;
3759 }
3760
3761 static int
3762 netlogon_dissect_function_08_rqst(tvbuff_t *tvb, int offset,
3763         packet_info *pinfo, proto_tree *tree, char *drep)
3764 {
3765         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3766                 NDR_POINTER_REF, hf_netlogon_logon_srv, 0);
3767
3768         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3769                 NDR_POINTER_REF, hf_netlogon_cli_name, 0);
3770
3771         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3772                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3773                 "NETLOGON_AUTHENTICATOR pointer: client_creds", -1, 0);
3774
3775         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3776                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3777                 "NETLOGON_AUTHENTICATOR pointer: server_creds", -1, 0);
3778
3779         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3780                 hf_netlogon_unknown_long, NULL);
3781
3782         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3783                 netlogon_dissect_pointer_long, NDR_POINTER_REF,
3784                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
3785
3786         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3787                 hf_netlogon_unknown_long, NULL);
3788         return offset;
3789 }
3790
3791
3792 static int
3793 netlogon_dissect_function_08_reply(tvbuff_t *tvb, int offset,
3794         packet_info *pinfo, proto_tree *tree, char *drep)
3795 {
3796         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3797                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3798                 "NETLOGON_AUTHENTICATOR pointer: server_creds", -1, 0);
3799
3800         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3801                 netlogon_dissect_pointer_long, NDR_POINTER_REF,
3802                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
3803
3804         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3805                 netlogon_dissect_SAM_DELTA_ARRAY_ptr, NDR_POINTER_REF,
3806                 "SAM_DELTA_ARRAY* pointer: unknown_SAM_DELTA_ARRAY", -1, 0);
3807
3808         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3809                 hf_netlogon_rc, NULL);
3810
3811         return offset;
3812 }
3813
3814 static int
3815 netlogon_dissect_function_09_rqst(tvbuff_t *tvb, int offset,
3816         packet_info *pinfo, proto_tree *tree, char *drep)
3817 {
3818         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
3819                 pinfo, tree, drep);
3820
3821         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3822                 NDR_POINTER_REF, hf_netlogon_unknown_string, 0);
3823
3824         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3825                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3826                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
3827
3828         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3829                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3830                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
3831
3832         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3833                 netlogon_dissect_TYPE_36, NDR_POINTER_REF,
3834                 "TYPE_36 pointer: unknown_TYPE_36", -1, 0);
3835
3836         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3837                 hf_netlogon_unknown_long, NULL);
3838
3839         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3840                 hf_netlogon_unknown_long, NULL);
3841
3842         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3843                 hf_netlogon_unknown_long, NULL);
3844         return offset;
3845 }
3846
3847
3848 static int
3849 netlogon_dissect_function_09_reply(tvbuff_t *tvb, int offset,
3850         packet_info *pinfo, proto_tree *tree, char *drep)
3851 {
3852         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3853                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3854                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
3855
3856         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3857                 netlogon_dissect_BYTE_array, NDR_POINTER_REF,
3858                 "BYTE_array pointer: unknown_BYTE", -1, 0);
3859
3860         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3861                 netlogon_dissect_pointer_long, NDR_POINTER_REF,
3862                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
3863
3864         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3865                 netlogon_dissect_pointer_long, NDR_POINTER_REF,
3866                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
3867
3868         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3869                 netlogon_dissect_TYPE_36, NDR_POINTER_REF,
3870                 "TYPE_36 pointer: unknown_TYPE_36", -1, 0);
3871
3872         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3873                 hf_netlogon_rc, NULL);
3874
3875         return offset;
3876 }
3877
3878 static int
3879 netlogon_dissect_function_0a_rqst(tvbuff_t *tvb, int offset,
3880         packet_info *pinfo, proto_tree *tree, char *drep)
3881 {
3882         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
3883                 pinfo, tree, drep);
3884
3885         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3886                 NDR_POINTER_REF, hf_netlogon_unknown_string, 0);
3887
3888         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3889                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3890                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
3891
3892         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3893                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3894                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
3895
3896         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3897                 hf_netlogon_unknown_long, NULL);
3898
3899         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3900                 hf_netlogon_unknown_long, NULL);
3901
3902         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3903                 hf_netlogon_unknown_long, NULL);
3904
3905         return offset;
3906 }
3907
3908
3909 static int
3910 netlogon_dissect_function_0a_reply(tvbuff_t *tvb, int offset,
3911         packet_info *pinfo, proto_tree *tree, char *drep)
3912 {
3913         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3914                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
3915                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
3916
3917         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3918                 netlogon_dissect_BYTE_array, NDR_POINTER_REF,
3919                 "BYTE_array pointer: unknown_BYTE", -1, 0);
3920
3921         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3922                 netlogon_dissect_pointer_long, NDR_POINTER_REF,
3923                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
3924
3925         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3926                 netlogon_dissect_pointer_long, NDR_POINTER_REF,
3927                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
3928
3929         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3930                 netlogon_dissect_pointer_long, NDR_POINTER_REF,
3931                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
3932
3933         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3934                 netlogon_dissect_TYPE_36, NDR_POINTER_REF,
3935                 "TYPE_36 pointer: unknown_TYPE_36", -1, 0);
3936
3937         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3938                 hf_netlogon_rc, NULL);
3939
3940         return offset;
3941 }
3942
3943 static int
3944 netlogon_dissect_function_0b_rqst(tvbuff_t *tvb, int offset,
3945         packet_info *pinfo, proto_tree *tree, char *drep)
3946 {
3947
3948         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3949                 NDR_POINTER_REF, hf_netlogon_unknown_string, 0);
3950
3951         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3952                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
3953                 "unknown string", hf_netlogon_unknown_string, 0);
3954
3955         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3956                 netlogon_dissect_WCHAR_ptr, NDR_POINTER_REF,
3957                 "WCHAR* pointer: unknown string", -1, 0);
3958         return offset;
3959 }
3960
3961
3962 static int
3963 netlogon_dissect_function_0b_reply(tvbuff_t *tvb, int offset,
3964         packet_info *pinfo, proto_tree *tree, char *drep)
3965 {
3966         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3967                 netlogon_dissect_WCHAR_ptr, NDR_POINTER_REF,
3968                 "WCHAR* pointer: unknown string", -1, 0);
3969
3970         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3971                 hf_netlogon_rc, NULL);
3972
3973         return offset;
3974 }
3975
3976 static int
3977 netlogon_dissect_netlogoncontrol_rqst(tvbuff_t *tvb, int offset,
3978         packet_info *pinfo, proto_tree *tree, char *drep)
3979 {
3980         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
3981                 pinfo, tree, drep);
3982
3983         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3984                 hf_netlogon_code, NULL);
3985
3986         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3987                 hf_netlogon_level, NULL);
3988
3989         return offset;
3990 }
3991
3992
3993 static int
3994 netlogon_dissect_netlogoncontrol_reply(tvbuff_t *tvb, int offset,
3995         packet_info *pinfo, proto_tree *tree, char *drep)
3996 {
3997         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3998                 netlogon_dissect_NETLOGON_INFO, NDR_POINTER_REF,
3999                 "NETLOGON_INFO pointer: unknown_NETLOGON_INFO", -1, 0);
4000
4001         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4002                 hf_netlogon_rc, NULL);
4003
4004         return offset;
4005 }
4006
4007 static int
4008 netlogon_dissect_function_0d_rqst(tvbuff_t *tvb, int offset,
4009         packet_info *pinfo, proto_tree *tree, char *drep)
4010 {
4011         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4012                 pinfo, tree, drep);
4013
4014         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4015                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4016                 "unknown string", hf_netlogon_unknown_string, 0);
4017
4018         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4019                 netlogon_dissect_WCHAR_ptr, NDR_POINTER_REF,
4020                 "WCHAR* pointer: unknown string", -1, 0);
4021         return offset;
4022 }
4023
4024
4025 static int
4026 netlogon_dissect_function_0d_reply(tvbuff_t *tvb, int offset,
4027         packet_info *pinfo, proto_tree *tree, char *drep)
4028 {
4029         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4030                 netlogon_dissect_WCHAR_ptr, NDR_POINTER_REF,
4031                 "WCHAR* pointer: unknown string", -1, 0);
4032
4033         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4034                 hf_netlogon_rc, NULL);
4035
4036         return offset;
4037 }
4038
4039 static int
4040 netlogon_dissect_netlogoncontrol2_rqst(tvbuff_t *tvb, int offset,
4041         packet_info *pinfo, proto_tree *tree, char *drep)
4042 {
4043         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4044                 pinfo, tree, drep);
4045
4046         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4047                 hf_netlogon_code, NULL);
4048
4049         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4050                 hf_netlogon_level, NULL);
4051
4052         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4053                 netlogon_dissect_NETLOGON_CONTROL_QUERY_INFO, NDR_POINTER_REF,
4054                 "NETLOGON_CONTROL_QUERY_INFO pointer: unknown_NETLOGON_CONTROL_QUERY_INFO", -1, 0);
4055
4056         return offset;
4057 }
4058
4059
4060 static int
4061 netlogon_dissect_netlogoncontrol2_reply(tvbuff_t *tvb, int offset,
4062         packet_info *pinfo, proto_tree *tree, char *drep)
4063 {
4064         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4065                 netlogon_dissect_NETLOGON_INFO, NDR_POINTER_REF,
4066                 "NETLOGON_INFO pointer: unknown_NETLOGON_INFO", -1, 0);
4067
4068         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4069                 hf_netlogon_rc, NULL);
4070
4071         return offset;
4072 }
4073
4074 static int
4075 netlogon_dissect_netserverauthenticate2_rqst(tvbuff_t *tvb, int offset,
4076         packet_info *pinfo, proto_tree *tree, char *drep)
4077 {
4078         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4079                 pinfo, tree, drep);
4080
4081         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
4082                 NDR_POINTER_REF, hf_netlogon_acct_name, 0);
4083
4084         offset = netlogon_dissect_NETLOGON_SECURE_CHANNEL_TYPE(tvb, offset,
4085                 pinfo, tree, drep);
4086
4087         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
4088                 NDR_POINTER_REF, hf_netlogon_computer_name, 0);
4089
4090         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4091                 netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
4092                 "NETLOGON_CREDENTIAL pointer: client_chal", -1, 0);
4093
4094         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4095                 netlogon_dissect_pointer_long, NDR_POINTER_REF,
4096                 "ULONG pointer: neg_flags", hf_netlogon_unknown_long, 0);
4097         return offset;
4098 }
4099
4100
4101 static int
4102 netlogon_dissect_netserverauthenticate2_reply(tvbuff_t *tvb, int offset,
4103         packet_info *pinfo, proto_tree *tree, char *drep)
4104 {
4105         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4106                 netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
4107                 "NETLOGON_CREDENTIAL pointer: server_chal", -1, 0);
4108
4109         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4110                 netlogon_dissect_pointer_long, NDR_POINTER_REF,
4111                 "ULONG pointer: neg_flags", hf_netlogon_unknown_long, 0);
4112
4113         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4114                 hf_netlogon_rc, NULL);
4115
4116         return offset;
4117 }
4118
4119 static int
4120 netlogon_dissect_netdatabasesync2_rqst(tvbuff_t *tvb, int offset,
4121         packet_info *pinfo, proto_tree *tree, char *drep)
4122 {
4123         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4124                 pinfo, tree, drep);
4125
4126         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
4127                 NDR_POINTER_REF, hf_netlogon_unknown_string, 0);
4128
4129         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4130                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
4131                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
4132
4133         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4134                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
4135                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
4136
4137         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4138                 hf_netlogon_unknown_long, NULL);
4139
4140         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
4141                 hf_netlogon_unknown_short, NULL);
4142
4143         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4144                 netlogon_dissect_pointer_long, NDR_POINTER_REF,
4145                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
4146
4147         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4148                 hf_netlogon_unknown_long, NULL);
4149
4150         return offset;
4151 }
4152
4153
4154 static int
4155 netlogon_dissect_netdatabasesync2_reply(tvbuff_t *tvb, int offset,
4156         packet_info *pinfo, proto_tree *tree, char *drep)
4157 {
4158         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4159                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
4160                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
4161
4162         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4163                 netlogon_dissect_pointer_long, NDR_POINTER_REF,
4164                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
4165
4166         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4167                 netlogon_dissect_SAM_DELTA_ARRAY_ptr, NDR_POINTER_REF,
4168                 "SAM_DELTA_ARRAY* pointer: unknown_SAM_DELTA_ARRAY", -1, 0);
4169
4170         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4171                 hf_netlogon_rc, NULL);
4172
4173         return offset;
4174 }
4175
4176 static int
4177 netlogon_dissect_function_11_rqst(tvbuff_t *tvb, int offset,
4178         packet_info *pinfo, proto_tree *tree, char *drep)
4179 {
4180         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
4181                 NDR_POINTER_REF, hf_netlogon_unknown_string, 0);
4182
4183         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
4184                 NDR_POINTER_REF, hf_netlogon_unknown_string, 0);
4185
4186         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4187                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
4188                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
4189
4190         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4191                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
4192                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
4193
4194         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4195                 netlogon_dissect_BYTE_array, NDR_POINTER_REF,
4196                 "BYTE pointer: unknown_BYTE", -1, 0);
4197
4198         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4199                 hf_netlogon_unknown_long, NULL);
4200
4201         return offset;
4202 }
4203
4204
4205 static int
4206 netlogon_dissect_function_11_reply(tvbuff_t *tvb, int offset,
4207         packet_info *pinfo, proto_tree *tree, char *drep)
4208 {
4209         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4210                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
4211                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
4212
4213         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4214                 netlogon_dissect_SAM_DELTA_ARRAY_ptr, NDR_POINTER_REF,
4215                 "SAM_DELTA_ARRAY* pointer: unknown_SAM_DELTA_ARRAY", -1, 0);
4216
4217         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4218                 hf_netlogon_rc, NULL);
4219
4220         return offset;
4221 }
4222
4223 static int
4224 netlogon_dissect_function_12_rqst(tvbuff_t *tvb, int offset,
4225         packet_info *pinfo, proto_tree *tree, char *drep)
4226 {
4227         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4228                 pinfo, tree, drep);
4229
4230         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4231                 hf_netlogon_unknown_long, NULL);
4232
4233         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4234                 hf_netlogon_level, NULL);
4235
4236         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4237                 netlogon_dissect_NETLOGON_CONTROL_QUERY_INFO, NDR_POINTER_REF,
4238                 "NETLOGON_CONTROL_QUERY_INFO pointer: unknown_NETLOGON_CONTROL_QUERY_INFO", -1, 0);
4239
4240         return offset;
4241 }
4242
4243
4244 static int
4245 netlogon_dissect_function_12_reply(tvbuff_t *tvb, int offset,
4246         packet_info *pinfo, proto_tree *tree, char *drep)
4247 {
4248         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4249                 netlogon_dissect_NETLOGON_INFO, NDR_POINTER_REF,
4250                 "NETLOGON_INFO pointer: unknown_NETLOGON_INFO", -1, 0);
4251
4252         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4253                 hf_netlogon_rc, NULL);
4254
4255         return offset;
4256 }
4257
4258 static int
4259 netlogon_dissect_nettrusteddomainlist_rqst(tvbuff_t *tvb, int offset,
4260         packet_info *pinfo, proto_tree *tree, char *drep)
4261 {
4262         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4263                 pinfo, tree, drep);
4264
4265         return offset;
4266 }
4267
4268
4269 static int
4270 netlogon_dissect_nettrusteddomainlist_reply(tvbuff_t *tvb, int offset,
4271         packet_info *pinfo, proto_tree *tree, char *drep)
4272 {
4273         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4274                 netlogon_dissect_UNICODE_MULTI, NDR_POINTER_REF,
4275                 "UNICODE_MULTI pointer: trust_dom_name_list", -1, 0);
4276
4277         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4278                 hf_netlogon_rc, NULL);
4279
4280         return offset;
4281 }
4282
4283 static int
4284 netlogon_dissect_dsrgetdcname2_rqst(tvbuff_t *tvb, int offset,
4285         packet_info *pinfo, proto_tree *tree, char *drep)
4286 {
4287         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4288                 pinfo, tree, drep);
4289
4290         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4291                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4292                 "Domain", hf_netlogon_logon_dom, 0);
4293
4294         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4295                 dissect_nt_GUID, NDR_POINTER_UNIQUE,
4296                 "GUID pointer: domain_guid", -1, 0);
4297
4298         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4299                 dissect_nt_GUID, NDR_POINTER_UNIQUE,
4300                 "GUID pointer: site_guid", -1, 0);
4301
4302         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4303                 hf_netlogon_flags, NULL);
4304
4305         return offset;
4306 }
4307
4308
4309 static int
4310 netlogon_dissect_dsrgetdcname2_reply(tvbuff_t *tvb, int offset,
4311         packet_info *pinfo, proto_tree *tree, char *drep)
4312 {
4313         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4314                 netlogon_dissect_DOMAIN_CONTROLLER_INFO_ptr, NDR_POINTER_REF,
4315                 "DOMAIN_CONTROLLER_INFO* pointer: info", -1, 0);
4316
4317         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4318                 hf_netlogon_rc, NULL);
4319
4320         return offset;
4321 }
4322
4323 static int
4324 netlogon_dissect_function_15_rqst(tvbuff_t *tvb, int offset,
4325         packet_info *pinfo, proto_tree *tree, char *drep)
4326 {
4327         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4328                 pinfo, tree, drep);
4329
4330         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4331                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4332                 "unknown string", hf_netlogon_unknown_string, 0);
4333
4334         offset = netlogon_dissect_NETLOGON_AUTHENTICATOR(tvb, offset,
4335                 pinfo, tree, drep);
4336
4337         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4338                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_PTR,
4339                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
4340
4341         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4342                 hf_netlogon_unknown_long, NULL);
4343
4344         return offset;
4345 }
4346
4347
4348 static int
4349 netlogon_dissect_function_15_reply(tvbuff_t *tvb, int offset,
4350         packet_info *pinfo, proto_tree *tree, char *drep)
4351 {
4352         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4353                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_PTR,
4354                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
4355
4356         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4357                 netlogon_dissect_TYPE_44, NDR_POINTER_PTR,
4358                 "TYPE_44 pointer: unknown_TYPE_44", -1, 0);
4359
4360         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4361                 hf_netlogon_rc, NULL);
4362
4363         return offset;
4364 }
4365
4366 static int
4367 netlogon_dissect_function_16_rqst(tvbuff_t *tvb, int offset,
4368         packet_info *pinfo, proto_tree *tree, char *drep)
4369 {
4370         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4371                 pinfo, tree, drep);
4372
4373         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4374                 hf_netlogon_unknown_long, NULL);
4375
4376         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4377                 hf_netlogon_unknown_long, NULL);
4378
4379         return offset;
4380 }
4381
4382
4383 static int
4384 netlogon_dissect_function_16_reply(tvbuff_t *tvb, int offset,
4385         packet_info *pinfo, proto_tree *tree, char *drep)
4386 {
4387         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4388                 hf_netlogon_rc, NULL);
4389
4390         return offset;
4391 }
4392
4393 static int
4394 netlogon_dissect_function_17_rqst(tvbuff_t *tvb, int offset,
4395         packet_info *pinfo, proto_tree *tree, char *drep)
4396 {
4397         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4398                 pinfo, tree, drep);
4399
4400         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4401                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4402                 "unknown string", hf_netlogon_unknown_string, 0);
4403
4404         return offset;
4405 }
4406
4407
4408 static int
4409 netlogon_dissect_function_17_reply(tvbuff_t *tvb, int offset,
4410         packet_info *pinfo, proto_tree *tree, char *drep)
4411 {
4412         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4413                 netlogon_dissect_pointer_long, NDR_POINTER_PTR,
4414                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
4415
4416         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4417                 hf_netlogon_rc, NULL);
4418
4419         return offset;
4420 }
4421
4422 static int
4423 netlogon_dissect_function_18_rqst(tvbuff_t *tvb, int offset,
4424         packet_info *pinfo, proto_tree *tree, char *drep)
4425 {
4426         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4427                 pinfo, tree, drep);
4428
4429         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4430                 hf_netlogon_unknown_long, NULL);
4431
4432         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4433                 netlogon_dissect_BYTE_array, NDR_POINTER_PTR,
4434                 "BYTE pointer: unknown_BYTE", -1, 0);
4435
4436         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4437                 hf_netlogon_unknown_long, NULL);
4438
4439         return offset;
4440 }
4441
4442 static int
4443 netlogon_dissect_BYTE_16_array(tvbuff_t *tvb, int offset,
4444         packet_info *pinfo, proto_tree *tree, char *drep)
4445 {
4446         int i;
4447
4448         for(i=0;i<16;i++){
4449                 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
4450                         hf_netlogon_unknown_char, NULL);
4451         }
4452
4453         return offset;
4454 }
4455
4456 static int
4457 netlogon_dissect_function_18_reply(tvbuff_t *tvb, int offset,
4458         packet_info *pinfo, proto_tree *tree, char *drep)
4459 {
4460         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4461                 netlogon_dissect_BYTE_16_array, NDR_POINTER_PTR,
4462                 "BYTE pointer: unknown_BYTE", -1, 0);
4463
4464         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4465                 hf_netlogon_rc, NULL);
4466
4467         return offset;
4468 }
4469
4470 static int
4471 netlogon_dissect_function_19_rqst(tvbuff_t *tvb, int offset,
4472         packet_info *pinfo, proto_tree *tree, char *drep)
4473 {
4474         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4475                 pinfo, tree, drep);
4476
4477         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4478                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4479                 "unknown string", hf_netlogon_unknown_string, 0);
4480
4481         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4482                 netlogon_dissect_BYTE_array, NDR_POINTER_PTR,
4483                 "BYTE pointer: unknown_BYTE", -1, 0);
4484
4485         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4486                 hf_netlogon_unknown_long, NULL);
4487
4488         return offset;
4489 }
4490
4491
4492 static int
4493 netlogon_dissect_function_19_reply(tvbuff_t *tvb, int offset,
4494         packet_info *pinfo, proto_tree *tree, char *drep)
4495 {
4496         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4497                 netlogon_dissect_BYTE_16_array, NDR_POINTER_PTR,
4498                 "BYTE pointer: unknown_BYTE", -1, 0);
4499
4500         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4501                 hf_netlogon_rc, NULL);
4502
4503         return offset;
4504 }
4505
4506 static int
4507 netlogon_dissect_netserverauthenticate3_rqst(tvbuff_t *tvb, int offset,
4508         packet_info *pinfo, proto_tree *tree, char *drep)
4509 {
4510         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4511                 pinfo, tree, drep);
4512
4513         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4514                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4515                 "Acct Name", hf_netlogon_acct_name, 0);
4516
4517         offset = netlogon_dissect_NETLOGON_SECURE_CHANNEL_TYPE(tvb, offset,
4518                 pinfo, tree, drep);
4519
4520         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4521                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4522                 "Computer Name", hf_netlogon_computer_name, 0);
4523
4524         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4525                 netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
4526                 "NETLOGON_CREDENTIAL pointer: authenticator", -1, 0);
4527
4528         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4529                 netlogon_dissect_pointer_long, NDR_POINTER_PTR,
4530                 "ULONG pointer: negotiate_flags", hf_netlogon_unknown_long, 0);
4531
4532         return offset;
4533 }
4534
4535
4536 static int
4537 netlogon_dissect_netserverauthenticate3_reply(tvbuff_t *tvb, int offset,
4538         packet_info *pinfo, proto_tree *tree, char *drep)
4539 {
4540         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4541                 netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
4542                 "NETLOGON_CREDENTIAL pointer: unknown_NETLOGON_CREDENTIAL", -1, 0);
4543
4544         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4545                 netlogon_dissect_pointer_long, NDR_POINTER_PTR,
4546                 "ULONG pointer: negotiate_flags", hf_netlogon_unknown_long, 0);
4547
4548         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4549                 netlogon_dissect_pointer_long, NDR_POINTER_PTR,
4550                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
4551
4552         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4553                 hf_netlogon_rc, NULL);
4554
4555         return offset;
4556 }
4557
4558 static int
4559 netlogon_dissect_dsrgetdcname_rqst(tvbuff_t *tvb, int offset,
4560         packet_info *pinfo, proto_tree *tree, char *drep)
4561 {
4562         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4563                 pinfo, tree, drep);
4564
4565         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4566                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4567                 "Domain", hf_netlogon_logon_dom, 0);
4568
4569         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4570                 dissect_nt_GUID, NDR_POINTER_UNIQUE,
4571                 "GUID pointer: domain_guid", -1, 0);
4572
4573         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4574                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4575                 "Site Name", hf_netlogon_site_name, 0);
4576
4577         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4578                 hf_netlogon_flags, NULL);
4579
4580         return offset;
4581 }
4582
4583
4584 static int
4585 netlogon_dissect_dsrgetdcname_reply(tvbuff_t *tvb, int offset,
4586         packet_info *pinfo, proto_tree *tree, char *drep)
4587 {
4588         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4589                 netlogon_dissect_DOMAIN_CONTROLLER_INFO_ptr, NDR_POINTER_REF,
4590                 "DOMAIN_CONTROLLER_INFO* pointer: info", -1, 0);
4591
4592         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4593                 hf_netlogon_rc, NULL);
4594
4595         return offset;
4596 }
4597
4598 static int
4599 netlogon_dissect_dsrgetsitename_rqst(tvbuff_t *tvb, int offset,
4600         packet_info *pinfo, proto_tree *tree, char *drep)
4601 {
4602         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4603                 pinfo, tree, drep);
4604
4605         return offset;
4606 }
4607
4608
4609 static int
4610 netlogon_dissect_dsrgetsitename_reply(tvbuff_t *tvb, int offset,
4611         packet_info *pinfo, proto_tree *tree, char *drep)
4612 {
4613
4614         offset = netlogon_dissect_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
4615                 NDR_POINTER_REF, hf_netlogon_site_name, 0);
4616
4617         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4618                 hf_netlogon_rc, NULL);
4619
4620         return offset;
4621 }
4622
4623 static int
4624 netlogon_dissect_function_1d_rqst(tvbuff_t *tvb, int offset,
4625         packet_info *pinfo, proto_tree *tree, char *drep)
4626 {
4627         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4628                 pinfo, tree, drep);
4629
4630         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4631                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4632                 "Computer Name", hf_netlogon_computer_name, 0);
4633
4634         offset = netlogon_dissect_NETLOGON_AUTHENTICATOR(tvb, offset,
4635                 pinfo, tree, drep);
4636
4637         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4638                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_PTR,
4639                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
4640
4641         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4642                 hf_netlogon_unknown_long, NULL);
4643
4644         offset = netlogon_dissect_TYPE_45(tvb, offset,
4645                 pinfo, tree, drep);
4646
4647         return offset;
4648 }
4649
4650
4651 static int
4652 netlogon_dissect_function_1d_reply(tvbuff_t *tvb, int offset,
4653         packet_info *pinfo, proto_tree *tree, char *drep)
4654 {
4655         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4656                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_PTR,
4657                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
4658
4659         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4660                 netlogon_dissect_TYPE_47, NDR_POINTER_PTR,
4661                 "TYPE_47 pointer: unknown_TYPE_47", -1, 0);
4662
4663         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4664                 hf_netlogon_rc, NULL);
4665
4666         return offset;
4667 }
4668
4669 static int
4670 netlogon_dissect_function_1e_rqst(tvbuff_t *tvb, int offset,
4671         packet_info *pinfo, proto_tree *tree, char *drep)
4672 {
4673         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4674                 pinfo, tree, drep);
4675
4676         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4677                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4678                 "unknown string", hf_netlogon_unknown_string, 0);
4679
4680         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
4681                 hf_netlogon_unknown_short, NULL);
4682
4683         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4684                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4685                 "unknown string", hf_netlogon_unknown_string, 0);
4686
4687         offset = netlogon_dissect_NETLOGON_AUTHENTICATOR(tvb, offset,
4688                 pinfo, tree, drep);
4689
4690         offset = netlogon_dissect_UNICODE_STRING_512(tvb, offset,
4691                 pinfo, tree, drep);
4692
4693         return offset;
4694 }
4695
4696
4697 static int
4698 netlogon_dissect_function_1e_reply(tvbuff_t *tvb, int offset,
4699         packet_info *pinfo, proto_tree *tree, char *drep)
4700 {
4701         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4702                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_PTR,
4703                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
4704
4705         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4706                 hf_netlogon_rc, NULL);
4707
4708         return offset;
4709 }
4710
4711 static int
4712 netlogon_dissect_netserverpasswordset2_rqst(tvbuff_t *tvb, int offset,
4713         packet_info *pinfo, proto_tree *tree, char *drep)
4714 {
4715         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4716                 pinfo, tree, drep);
4717
4718         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4719                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4720                 "Acct Name", hf_netlogon_acct_name, 0);
4721
4722         offset = netlogon_dissect_NETLOGON_SECURE_CHANNEL_TYPE(tvb, offset,
4723                 pinfo, tree, drep);
4724
4725         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4726                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4727                 "Computer Name", hf_netlogon_computer_name, 0);
4728
4729         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4730                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
4731                 "NETLOGON_AUTHENTICATOR pointer: client_cred", -1, 0);
4732
4733         return offset;
4734 }
4735
4736
4737 static int
4738 netlogon_dissect_netserverpasswordset2_reply(tvbuff_t *tvb, int offset,
4739         packet_info *pinfo, proto_tree *tree, char *drep)
4740 {
4741         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4742                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
4743                 "NETLOGON_AUTHENTICATOR pointer: server_cred", -1, 0);
4744
4745         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4746                 netlogon_dissect_LM_OWF_PASSWORD, NDR_POINTER_REF,
4747                 "LM_OWF_PASSWORD pointer: server_pwd", -1, 0);
4748
4749         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4750                 hf_netlogon_rc, NULL);
4751
4752         return offset;
4753 }
4754
4755 static int
4756 netlogon_dissect_function_20_rqst(tvbuff_t *tvb, int offset,
4757         packet_info *pinfo, proto_tree *tree, char *drep)
4758 {
4759         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4760                 pinfo, tree, drep);
4761
4762         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4763                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
4764                 "unknown string", hf_netlogon_unknown_string, -1);
4765
4766         offset = netlogon_dissect_NETLOGON_AUTHENTICATOR(tvb, offset,
4767                 pinfo, tree, drep);
4768
4769         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4770                 netlogon_dissect_BYTE_array, NDR_POINTER_PTR,
4771                 "BYTE pointer: unknown_BYTE", -1, 0);
4772
4773         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4774                 hf_netlogon_unknown_long, NULL);
4775
4776         return offset;
4777 }
4778
4779
4780 static int
4781 netlogon_dissect_function_20_reply(tvbuff_t *tvb, int offset,
4782         packet_info *pinfo, proto_tree *tree, char *drep)
4783 {
4784         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4785                 netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_PTR,
4786                 "NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
4787
4788         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4789                 hf_netlogon_rc, NULL);
4790
4791         return offset;
4792 }
4793
4794 static int
4795 netlogon_dissect_function_21_rqst(tvbuff_t *tvb, int offset,
4796         packet_info *pinfo, proto_tree *tree, char *drep)
4797 {
4798         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4799                 pinfo, tree, drep);
4800
4801         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4802                 hf_netlogon_unknown_long, NULL);
4803
4804         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4805                 netlogon_dissect_BYTE_array, NDR_POINTER_PTR,
4806                 "BYTE pointer: unknown_BYTE", -1, 0);
4807
4808         return offset;
4809 }
4810
4811
4812 static int
4813 netlogon_dissect_function_21_reply(tvbuff_t *tvb, int offset,
4814         packet_info *pinfo, proto_tree *tree, char *drep)
4815 {
4816         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4817                 netlogon_dissect_TYPE_50_ptr_ptr, NDR_POINTER_REF,
4818                 "TYPE_50** pointer: unknown_TYPE_50", -1, 0);
4819
4820         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4821                 hf_netlogon_rc, NULL);
4822
4823         return offset;
4824 }
4825
4826 static int
4827 netlogon_dissect_function_22_rqst(tvbuff_t *tvb, int offset,
4828         packet_info *pinfo, proto_tree *tree, char *drep)
4829 {
4830         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4831                 pinfo, tree, drep);
4832
4833         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4834                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4835                 "unknown string", hf_netlogon_unknown_string, 0);
4836
4837         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4838                 hf_netlogon_unknown_long, NULL);
4839
4840         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4841                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4842                 "unknown string", hf_netlogon_unknown_string, 0);
4843
4844         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4845                 dissect_nt_GUID, NDR_POINTER_UNIQUE,
4846                 "GUID pointer: unknown_GUID", -1, 0);
4847
4848         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4849                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4850                 "unknown string", hf_netlogon_unknown_string, 0);
4851
4852         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4853                 hf_netlogon_unknown_long, NULL);
4854
4855         return offset;
4856 }
4857
4858
4859 static int
4860 netlogon_dissect_function_22_reply(tvbuff_t *tvb, int offset,
4861         packet_info *pinfo, proto_tree *tree, char *drep)
4862 {
4863         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4864                 netlogon_dissect_DOMAIN_CONTROLLER_INFO_ptr_ptr, NDR_POINTER_REF,
4865                 "DOMAIN_CONTROLLER_INFO** pointer: unknown_DOMAIN_CONTROLLER_INFO", -1, 0);
4866
4867         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4868                 hf_netlogon_rc, NULL);
4869
4870         return offset;
4871 }
4872
4873 static int
4874 netlogon_dissect_function_23_rqst(tvbuff_t *tvb, int offset,
4875         packet_info *pinfo, proto_tree *tree, char *drep)
4876 {
4877         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4878                 pinfo, tree, drep);
4879
4880         return offset;
4881 }
4882
4883
4884 static int
4885 netlogon_dissect_function_23_reply(tvbuff_t *tvb, int offset,
4886         packet_info *pinfo, proto_tree *tree, char *drep)
4887 {
4888         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4889                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
4890                 "unknown string", hf_netlogon_unknown_string, -1);
4891
4892         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4893                 netlogon_dissect_pointer_long, NDR_POINTER_PTR,
4894                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
4895
4896         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4897                 hf_netlogon_rc, NULL);
4898
4899         return offset;
4900 }
4901
4902 static int
4903 netlogon_dissect_function_24_rqst(tvbuff_t *tvb, int offset,
4904         packet_info *pinfo, proto_tree *tree, char *drep)
4905 {
4906         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4907                 pinfo, tree, drep);
4908
4909         return offset;
4910 }
4911
4912
4913 static int
4914 netlogon_dissect_function_24_reply(tvbuff_t *tvb, int offset,
4915         packet_info *pinfo, proto_tree *tree, char *drep)
4916 {
4917         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4918                 netlogon_dissect_TYPE_51, NDR_POINTER_PTR,
4919                 "TYPE_51 pointer: unknown_TYPE_51", -1, 0);
4920
4921         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4922                 hf_netlogon_rc, NULL);
4923
4924         return offset;
4925 }
4926
4927 static int
4928 netlogon_dissect_function_25_rqst(tvbuff_t *tvb, int offset,
4929         packet_info *pinfo, proto_tree *tree, char *drep)
4930 {
4931         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
4932                 pinfo, tree, drep);
4933
4934         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4935                 hf_netlogon_unknown_long, NULL);
4936
4937         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4938                 netlogon_dissect_BYTE_array, NDR_POINTER_PTR,
4939                 "BYTE pointer: unknown_BYTE", -1, 0);
4940
4941         return offset;
4942 }
4943
4944
4945 static int
4946 netlogon_dissect_function_25_reply(tvbuff_t *tvb, int offset,
4947         packet_info *pinfo, proto_tree *tree, char *drep)
4948 {
4949         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4950                 netlogon_dissect_TYPE_52_ptr_ptr, NDR_POINTER_REF,
4951                 "TYPE_52** pointer: unknown_TYPE_52", -1, 0);
4952
4953         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4954                 hf_netlogon_rc, NULL);
4955
4956         return offset;
4957 }
4958
4959
4960 static int
4961 netlogon_dissect_function_26_rqst(tvbuff_t *tvb, int offset,
4962         packet_info *pinfo, proto_tree *tree, char *drep)
4963 {
4964         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4965                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4966                 "unknown string", hf_netlogon_unknown_string, 0);
4967
4968         return offset;
4969 }
4970
4971
4972 static int
4973 netlogon_dissect_function_26_reply(tvbuff_t *tvb, int offset,
4974         packet_info *pinfo, proto_tree *tree, char *drep)
4975 {
4976         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4977                 netlogon_dissect_TYPE_50_ptr_ptr, NDR_POINTER_REF,
4978                 "TYPE_50** pointer: unknown_TYPE_50", -1, 0);
4979
4980         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4981                 hf_netlogon_rc, NULL);
4982
4983         return offset;
4984 }
4985
4986 static int
4987 netlogon_dissect_function_27_rqst(tvbuff_t *tvb, int offset,
4988         packet_info *pinfo, proto_tree *tree, char *drep)
4989 {
4990         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4991                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4992                 "unknown string", hf_netlogon_unknown_string, 0);
4993
4994         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4995                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
4996                 "unknown string", hf_netlogon_unknown_string, 0);
4997
4998         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
4999                 hf_netlogon_unknown_short, NULL);
5000
5001         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
5002                 netlogon_dissect_NETLOGON_LEVEL, NDR_POINTER_PTR,
5003                 "NETLOGON_LEVEL pointer: unknown_NETLOGON_LEVEL", -1, 0);
5004
5005         offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
5006                 hf_netlogon_unknown_short, NULL);
5007
5008         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
5009                 netlogon_dissect_pointer_long, NDR_POINTER_PTR,
5010                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
5011         return offset;
5012 }
5013
5014
5015 static int
5016 netlogon_dissect_function_27_reply(tvbuff_t *tvb, int offset,
5017         packet_info *pinfo, proto_tree *tree, char *drep)
5018 {
5019         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
5020                 netlogon_dissect_NETLOGON_VALIDATION, NDR_POINTER_PTR,
5021                 "NETLOGON_VALIDATION pointer: unknown_NETLOGON_VALIDATION", -1, 0);
5022
5023         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
5024                 netlogon_dissect_pointer_char, NDR_POINTER_PTR,
5025                 "BOOLEAN pointer: unknown_BOOLEAN", hf_netlogon_unknown_char, 0);
5026
5027         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
5028                 netlogon_dissect_pointer_long, NDR_POINTER_PTR,
5029                 "ULONG pointer: unknown_ULONG", hf_netlogon_unknown_long, 0);
5030
5031         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
5032                 hf_netlogon_rc, NULL);
5033
5034         return offset;
5035 }
5036
5037 static int
5038 netlogon_dissect_dsrrolegetprimarydomaininformation_rqst(tvbuff_t *tvb, int offset,
5039         packet_info *pinfo, proto_tree *tree, char *drep)
5040 {
5041         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
5042                 pinfo, tree, drep);
5043
5044         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
5045                 hf_netlogon_unknown_long, NULL);
5046
5047         return offset;
5048 }
5049
5050
5051 static int
5052 netlogon_dissect_dsrrolegetprimarydomaininformation_reply(tvbuff_t *tvb, int offset,
5053         packet_info *pinfo, proto_tree *tree, char *drep)
5054 {
5055         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
5056                 netlogon_dissect_TYPE_51, NDR_POINTER_PTR,
5057                 "TYPE_51 pointer: unknown_TYPE_51", -1, 0);
5058
5059         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
5060                 hf_netlogon_rc, NULL);
5061
5062         return offset;
5063 }
5064
5065 static int
5066 netlogon_dissect_dsrderegisterdnshostrecords_rqst(tvbuff_t *tvb, int offset,
5067         packet_info *pinfo, proto_tree *tree, char *drep)
5068 {
5069         offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
5070                 pinfo, tree, drep);
5071
5072         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
5073                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
5074                 "Domain", hf_netlogon_logon_dom, 0);
5075
5076         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
5077                 dissect_nt_GUID, NDR_POINTER_UNIQUE,
5078                 "GUID pointer: domain_guid", -1, 0);
5079
5080         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
5081                 dissect_nt_GUID, NDR_POINTER_UNIQUE,
5082                 "GUID pointer: dsa_guid", -1, 0);
5083
5084         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
5085                 dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
5086                 "dns_host", hf_netlogon_dns_host, -1);
5087
5088         return offset;
5089 }
5090
5091
5092 static int
5093 netlogon_dissect_dsrderegisterdnshostrecords_reply(tvbuff_t *tvb, int offset,
5094         packet_info *pinfo, proto_tree *tree, char *drep)
5095 {
5096         offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
5097                 hf_netlogon_rc, NULL);
5098
5099         return offset;
5100 }
5101
5102
5103
5104 static dcerpc_sub_dissector dcerpc_netlogon_dissectors[] = {
5105         { NETLOGON_FUNCTION_00, "FUNCTION_00",
5106                 netlogon_dissect_function_00_rqst,
5107                 netlogon_dissect_function_00_reply },
5108         { NETLOGON_FUNCTION_01, "FUNCTION_01",
5109                 netlogon_dissect_function_01_rqst,
5110                 netlogon_dissect_function_01_reply },
5111         { NETLOGON_NETLOGONSAMLOGON, "NETLOGONSAMLOGON",
5112                 netlogon_dissect_netlogonsamlogon_rqst,
5113                 netlogon_dissect_netlogonsamlogon_reply },
5114         { NETLOGON_NETLOGONSAMLOGOFF, "NETLOGONSAMLOGOFF",
5115                 netlogon_dissect_netlogonsamlogoff_rqst,
5116                 netlogon_dissect_netlogonsamlogoff_reply },
5117         { NETLOGON_NETSERVERREQCHALLENGE, "NETSERVERREQCHALLENGE",
5118                 netlogon_dissect_netserverreqchallenge_rqst,
5119                 netlogon_dissect_netserverreqchallenge_reply },
5120         { NETLOGON_NETSERVERAUTHENTICATE, "NETSERVERAUTHENTICATE",
5121                 netlogon_dissect_netserverauthenticate_rqst,
5122                 netlogon_dissect_netserverauthenticate_reply },
5123         { NETLOGON_NETSERVERPASSWORDSET, "NETSERVERPASSWORDSET",
5124                 netlogon_dissect_netserverpasswordset_rqst,
5125                 netlogon_dissect_netserverpasswordset_reply },
5126         { NETLOGON_NETSAMDELTAS, "NETSAMDELTAS",
5127                 netlogon_dissect_netsamdeltas_rqst,
5128                 netlogon_dissect_netsamdeltas_reply },
5129         { NETLOGON_FUNCTION_08, "FUNCTION_08",
5130                 netlogon_dissect_function_08_rqst,
5131                 netlogon_dissect_function_08_reply },
5132         { NETLOGON_FUNCTION_09, "FUNCTION_09",
5133                 netlogon_dissect_function_09_rqst,
5134                 netlogon_dissect_function_09_reply },
5135         { NETLOGON_FUNCTION_0A, "FUNCTION_0A",
5136                 netlogon_dissect_function_0a_rqst,
5137                 netlogon_dissect_function_0a_reply },
5138         { NETLOGON_FUNCTION_0B, "FUNCTION_0B",
5139                 netlogon_dissect_function_0b_rqst,
5140                 netlogon_dissect_function_0b_reply },
5141         { NETLOGON_NETLOGONCONTROL, "NETLOGONCONTROL",
5142                 netlogon_dissect_netlogoncontrol_rqst,
5143                 netlogon_dissect_netlogoncontrol_reply },
5144         { NETLOGON_FUNCTION_0D, "FUNCTION_0D",
5145                 netlogon_dissect_function_0d_rqst,
5146                 netlogon_dissect_function_0d_reply },
5147         { NETLOGON_NETLOGONCONTROL2, "NETLOGONCONTROL2",
5148                 netlogon_dissect_netlogoncontrol2_rqst,
5149                 netlogon_dissect_netlogoncontrol2_reply },
5150         { NETLOGON_NETSERVERAUTHENTICATE2, "NETSERVERAUTHENTICATE2",
5151                 netlogon_dissect_netserverauthenticate2_rqst,
5152                 netlogon_dissect_netserverauthenticate2_reply },
5153         { NETLOGON_NETDATABASESYNC2, "NETDATABASESYNC2",
5154                 netlogon_dissect_netdatabasesync2_rqst,
5155                 netlogon_dissect_netdatabasesync2_reply },
5156         { NETLOGON_FUNCTION_11, "FUNCTION_11",
5157                 netlogon_dissect_function_11_rqst,
5158                 netlogon_dissect_function_11_reply },
5159         { NETLOGON_FUNCTION_12, "FUNCTION_12",
5160                 netlogon_dissect_function_12_rqst,
5161                 netlogon_dissect_function_12_reply },
5162         { NETLOGON_NETTRUSTEDDOMAINLIST, "NETTRUSTEDDOMAINLIST",
5163                 netlogon_dissect_nettrusteddomainlist_rqst,
5164                 netlogon_dissect_nettrusteddomainlist_reply },
5165         { NETLOGON_DSRGETDCNAME2, "DSRGETDCNAME2",
5166                 netlogon_dissect_dsrgetdcname2_rqst,
5167                 netlogon_dissect_dsrgetdcname2_reply },
5168         { NETLOGON_FUNCTION_15, "FUNCTION_15",
5169                 netlogon_dissect_function_15_rqst,
5170                 netlogon_dissect_function_15_reply },
5171         { NETLOGON_FUNCTION_16, "FUNCTION_16",
5172                 netlogon_dissect_function_16_rqst,
5173                 netlogon_dissect_function_16_reply },
5174         { NETLOGON_FUNCTION_17, "FUNCTION_17",
5175                 netlogon_dissect_function_17_rqst,
5176                 netlogon_dissect_function_17_reply },
5177         { NETLOGON_FUNCTION_18, "FUNCTION_18",
5178                 netlogon_dissect_function_18_rqst,
5179                 netlogon_dissect_function_18_reply },
5180         { NETLOGON_FUNCTION_19, "FUNCTION_19",
5181                 netlogon_dissect_function_19_rqst,
5182                 netlogon_dissect_function_19_reply },
5183         { NETLOGON_NETSERVERAUTHENTICATE3, "NETSERVERAUTHENTICATE3",
5184                 netlogon_dissect_netserverauthenticate3_rqst,
5185                 netlogon_dissect_netserverauthenticate3_reply },
5186         { NETLOGON_DSRGETDCNAME, "DSRGETDCNAME",
5187                 netlogon_dissect_dsrgetdcname_rqst,
5188                 netlogon_dissect_dsrgetdcname_reply },
5189         { NETLOGON_DSRGETSITENAME, "DSRGETSITENAME",
5190                 netlogon_dissect_dsrgetsitename_rqst,
5191                 netlogon_dissect_dsrgetsitename_reply },
5192         { NETLOGON_FUNCTION_1D, "FUNCTION_1D",
5193                 netlogon_dissect_function_1d_rqst,
5194                 netlogon_dissect_function_1d_reply },
5195         { NETLOGON_FUNCTION_1E, "FUNCTION_1E",
5196                 netlogon_dissect_function_1e_rqst,
5197                 netlogon_dissect_function_1e_reply },
5198         { NETLOGON_NETSERVERPASSWORDSET2, "NETSERVERPASSWORDSET2",
5199                 netlogon_dissect_netserverpasswordset2_rqst,
5200                 netlogon_dissect_netserverpasswordset2_reply },
5201         { NETLOGON_FUNCTION_20, "FUNCTION_20",
5202                 netlogon_dissect_function_20_rqst,
5203                 netlogon_dissect_function_20_reply },
5204         { NETLOGON_FUNCTION_21, "FUNCTION_21",
5205                 netlogon_dissect_function_21_rqst,
5206                 netlogon_dissect_function_21_reply },
5207         { NETLOGON_FUNCTION_22, "FUNCTION_22",
5208                 netlogon_dissect_function_22_rqst,
5209                 netlogon_dissect_function_22_reply },
5210         { NETLOGON_FUNCTION_23, "FUNCTION_23",
5211                 netlogon_dissect_function_23_rqst,
5212                 netlogon_dissect_function_23_reply },
5213         { NETLOGON_FUNCTION_24, "FUNCTION_24",
5214                 netlogon_dissect_function_24_rqst,
5215                 netlogon_dissect_function_24_reply },
5216         { NETLOGON_FUNCTION_25, "FUNCTION_25",
5217                 netlogon_dissect_function_25_rqst,
5218                 netlogon_dissect_function_25_reply },
5219         { NETLOGON_FUNCTION_26, "FUNCTION_26",
5220                 netlogon_dissect_function_26_rqst,
5221                 netlogon_dissect_function_26_reply },
5222         { NETLOGON_FUNCTION_27, "FUNCTION_27",
5223                 netlogon_dissect_function_27_rqst,
5224                 netlogon_dissect_function_27_reply },
5225         { NETLOGON_DSRROLEGETPRIMARYDOMAININFORMATION, "DSRROLEGETPRIMARYDOMAININFORMATION",
5226                 netlogon_dissect_dsrrolegetprimarydomaininformation_rqst,
5227                 netlogon_dissect_dsrrolegetprimarydomaininformation_reply },
5228         { NETLOGON_DSRDEREGISTERDNSHOSTRECORDS, "DSRDEREGISTERDNSHOSTRECORDS",
5229                 netlogon_dissect_dsrderegisterdnshostrecords_rqst,
5230                 netlogon_dissect_dsrderegisterdnshostrecords_reply },
5231         {0, NULL, NULL,  NULL },
5232 };
5233
5234 static void netlogon_init(void)
5235 {
5236         /* Initialise DCERPC/SMB data structures */
5237
5238         dcerpc_smb_init();
5239 }
5240
5241 void 
5242 proto_register_dcerpc_netlogon(void)
5243 {
5244
5245 static hf_register_info hf[] = {
5246         { &hf_netlogon_rc, { 
5247                 "Return code", "netlogon.rc", FT_UINT32, BASE_HEX, 
5248                 VALS(NT_errors), 0x0, "Netlogon return code", HFILL }},
5249
5250         { &hf_netlogon_param_ctrl, { 
5251                 "Param Ctrl", "netlogon.param_ctrl", FT_UINT32, BASE_HEX, 
5252                 NULL, 0x0, "Param ctrl", HFILL }},
5253
5254         { &hf_netlogon_logon_id, { 
5255                 "Logon ID", "netlogon.logon_id", FT_UINT64, BASE_DEC, 
5256                 NULL, 0x0, "Logon ID", HFILL }},
5257
5258         { &hf_netlogon_count, { 
5259                 "Count", "netlogon.count", FT_UINT16, BASE_DEC, 
5260                 NULL, 0x0, "", HFILL }},
5261
5262         { &hf_netlogon_credential, { 
5263                 "Credential", "netlogon.credential", FT_BYTES, BASE_HEX, 
5264                 NULL, 0x0, "Netlogon credential", HFILL }},
5265
5266         { &hf_netlogon_cypher_block, { 
5267                 "Cypher Block", "netlogon.cypher_block", FT_BYTES, BASE_HEX, 
5268                 NULL, 0x0, "Netlogon cypher block", HFILL }},
5269
5270         { &hf_netlogon_lm_owf_password, { 
5271                 "LM Pwd", "netlogon.lm_owf_pwd", FT_BYTES, BASE_HEX, 
5272                 NULL, 0x0, "LanManager OWF Password", HFILL }},
5273
5274         { &hf_netlogon_user_session_key, { 
5275                 "User Session Key", "netlogon.user_session_key", FT_BYTES, BASE_HEX, 
5276                 NULL, 0x0, "User Session Key", HFILL }},
5277
5278         { &hf_netlogon_encrypted_lm_owf_password, { 
5279                 "Encrypted LM Pwd", "netlogon.lm_owf_pwd.encrypted", FT_BYTES, BASE_HEX, 
5280                 NULL, 0x0, "Encrypted LanManager OWF Password", HFILL }},
5281
5282         { &hf_netlogon_nt_owf_password, { 
5283                 "NT Pwd", "netlogon.nt_owf_pwd", FT_BYTES, BASE_HEX, 
5284                 NULL, 0x0, "NT OWF Password", HFILL }},
5285
5286         { &hf_netlogon_blob, { 
5287                 "BLOB", "netlogon.blob", FT_BYTES, BASE_HEX, 
5288                 NULL, 0x0, "BLOB", HFILL }},
5289
5290         { &hf_netlogon_len, {
5291                 "Len", "netlogon.len", FT_UINT32, BASE_DEC,
5292                 NULL, 0, "Length", HFILL }},
5293
5294         { &hf_netlogon_status, {
5295                 "Status", "netlogon.status", FT_UINT32, BASE_DEC,
5296                 NULL, 0, "Status", HFILL }},
5297
5298         { &hf_netlogon_attrs, {
5299                 "Attributes", "netlogon.attrs", FT_UINT32, BASE_HEX,
5300                 NULL, 0, "Attributes", HFILL }},
5301
5302         { &hf_netlogon_unknown_string,
5303                 { "Unknown string", "netlogon.unknown_string", FT_STRING, BASE_NONE,
5304                 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
5305         { &hf_netlogon_unknown_long,
5306                 { "Unknown long", "netlogon.unknown.long", FT_UINT32, BASE_HEX, 
5307                 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
5308         { &hf_netlogon_unknown_short,
5309                 { "Unknown short", "netlogon.unknown.short", FT_UINT16, BASE_HEX, 
5310                 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
5311
5312         { &hf_netlogon_unknown_char,
5313                 { "Unknown char", "netlogon.unknown.char", FT_UINT8, BASE_HEX, 
5314                 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
5315
5316         { &hf_netlogon_unknown_time,
5317                 { "Unknown time", "netlogon.unknown.time", FT_ABSOLUTE_TIME, BASE_NONE, 
5318                 NULL, 0x0, "Unknown time. If you know what this is, contact ethereal developers.", HFILL }},
5319
5320         { &hf_netlogon_acct_expiry_time,
5321                 { "Acct Expiry Time", "netlogon.acct.expiry_time", FT_ABSOLUTE_TIME, BASE_NONE, 
5322                 NULL, 0x0, "When this account will expire", HFILL }},
5323
5324         { &hf_netlogon_nt_pwd_present,
5325                 { "NT PWD Present", "netlogon.nt_pwd_present", FT_UINT8, BASE_HEX, 
5326                 NULL, 0x0, "Is NT password present for this account?", HFILL }},
5327
5328         { &hf_netlogon_lm_pwd_present,
5329                 { "LM PWD Present", "netlogon.lm_pwd_present", FT_UINT8, BASE_HEX, 
5330                 NULL, 0x0, "Is LanManager password present for this account?", HFILL }},
5331
5332         { &hf_netlogon_pwd_expired,
5333                 { "PWD Expired", "netlogon.pwd_expired", FT_UINT8, BASE_HEX, 
5334                 NULL, 0x0, "Whether this password has expired or not", HFILL }},
5335
5336         { &hf_netlogon_num_pwd_pairs,
5337                 { "Num PWD Pairs", "netlogon.num_pwd_pairs", FT_UINT8, BASE_DEC, 
5338                 NULL, 0x0, "Number of password pairs. Password history length?", HFILL }},
5339
5340         { &hf_netlogon_authoritative,
5341                 { "Authoritative", "netlogon.authoritative", FT_UINT8, BASE_DEC, 
5342                 NULL, 0x0, "", HFILL }},
5343
5344         { &hf_netlogon_nt_chal_resp,
5345                 { "NT Chal resp", "netlogon.nt_chal_resp", FT_BYTES, BASE_HEX,
5346                 NULL, 0, "Challenge response for NT authentication", HFILL }},
5347
5348         { &hf_netlogon_lm_chal_resp,
5349                 { "LM Chal resp", "netlogon.lm_chal_resp", FT_BYTES, BASE_HEX,
5350                 NULL, 0, "Challenge response for LM authentication", HFILL }},
5351
5352         { &hf_netlogon_lsa_secret,
5353                 { "LSA Secret", "netlogon.lsa.secret", FT_BYTES, BASE_HEX,
5354                 NULL, 0, "", HFILL }},
5355
5356         { &hf_netlogon_acct_name,
5357                 { "Acct Name", "netlogon.acct_name", FT_STRING, BASE_NONE,
5358                 NULL, 0, "Account Name", HFILL }},
5359
5360         { &hf_netlogon_acct_desc,
5361                 { "Acct Desc", "netlogon.acct_desc", FT_STRING, BASE_NONE,
5362                 NULL, 0, "Account Description", HFILL }},
5363
5364         { &hf_netlogon_group_desc,
5365                 { "Group Desc", "netlogon.group_desc", FT_STRING, BASE_NONE,
5366                 NULL, 0, "Group Description", HFILL }},
5367
5368         { &hf_netlogon_full_name,
5369                 { "Full Name", "netlogon.full_name", FT_STRING, BASE_NONE,
5370                 NULL, 0, "Full Name", HFILL }},
5371
5372         { &hf_netlogon_comment,
5373                 { "Comment", "netlogon.comment", FT_STRING, BASE_NONE,
5374                 NULL, 0, "Comment", HFILL }},
5375
5376         { &hf_netlogon_parameters,
5377                 { "Parameters", "netlogon.parameters", FT_STRING, BASE_NONE,
5378                 NULL, 0, "Parameters", HFILL }},
5379
5380         { &hf_netlogon_logon_script,
5381                 { "Logon Script", "netlogon.logon_script", FT_STRING, BASE_NONE,
5382                 NULL, 0, "Logon Script", HFILL }},
5383
5384         { &hf_netlogon_profile_path,
5385                 { "Profile Path", "netlogon.profile_path", FT_STRING, BASE_NONE,
5386                 NULL, 0, "Profile Path", HFILL }},
5387
5388         { &hf_netlogon_home_dir,
5389                 { "Home Dir", "netlogon.home_dir", FT_STRING, BASE_NONE,
5390                 NULL, 0, "Home Directory", HFILL }},
5391
5392         { &hf_netlogon_dir_drive,
5393                 { "Dir Drive", "netlogon.dir_drive", FT_STRING, BASE_NONE,
5394                 NULL, 0, "Drive letter for home directory", HFILL }},
5395
5396         { &hf_netlogon_logon_srv,
5397                 { "Server", "netlogon.server", FT_STRING, BASE_NONE,
5398                 NULL, 0, "Server", HFILL }},
5399
5400         { &hf_netlogon_logon_dom,
5401                 { "Domain", "netlogon.domain", FT_STRING, BASE_NONE,
5402                 NULL, 0, "Domain", HFILL }},
5403
5404         { &hf_netlogon_computer_name,
5405                 { "Computer Name", "netlogon.computer_name", FT_STRING, BASE_NONE,
5406                 NULL, 0, "Computer Name", HFILL }},
5407
5408         { &hf_netlogon_site_name,
5409                 { "Site Name", "netlogon.site_name", FT_STRING, BASE_NONE,
5410                 NULL, 0, "Site Name", HFILL }},
5411
5412         { &hf_netlogon_dc_name,
5413                 { "DC Name", "netlogon.dc.name", FT_STRING, BASE_NONE,
5414                 NULL, 0, "DC Name", HFILL }},
5415
5416         { &hf_netlogon_dc_site_name,
5417                 { "DC Site Name", "netlogon.dc.site_name", FT_STRING, BASE_NONE,
5418                 NULL, 0, "DC Site Name", HFILL }},
5419
5420         { &hf_netlogon_dns_forest_name,
5421                 { "DNS Forest Name", "netlogon.dns.forest_name", FT_STRING, BASE_NONE,
5422                 NULL, 0, "DNS Forest Name", HFILL }},
5423
5424         { &hf_netlogon_dc_address,
5425                 { "DC Address", "netlogon.dc.address", FT_STRING, BASE_NONE,
5426                 NULL, 0, "DC Address", HFILL }},
5427
5428         { &hf_netlogon_dc_address_type,
5429                 { "DC Address Type", "netlogon.dc.address_type", FT_UINT32, BASE_DEC,
5430                 NULL, 0, "DC Address Type", HFILL }},
5431
5432         { &hf_netlogon_client_name,
5433                 { "Client Name", "netlogon.client.name", FT_STRING, BASE_NONE,
5434                 NULL, 0, "Client Name", HFILL }},
5435
5436         { &hf_netlogon_client_site_name,
5437                 { "Client Site Name", "netlogon.client.site_name", FT_STRING, BASE_NONE,
5438                 NULL, 0, "Client Site Name", HFILL }},
5439
5440         { &hf_netlogon_workstation_site_name,
5441                 { "Wkst Site Name", "netlogon.wkst.site_name", FT_STRING, BASE_NONE,
5442                 NULL, 0, "Workstation Site Name", HFILL }},
5443
5444         { &hf_netlogon_workstation_os,
5445                 { "Wkst OS", "netlogon.wkst.os", FT_STRING, BASE_NONE,
5446                 NULL, 0, "Workstation OS", HFILL }},
5447
5448         { &hf_netlogon_workstations,
5449                 { "Workstations", "netlogon.wksts", FT_STRING, BASE_NONE,
5450                 NULL, 0, "Workstations", HFILL }},
5451
5452         { &hf_netlogon_workstation_fqdn,
5453                 { "Wkst FQDN", "netlogon.wkst.fqdn", FT_STRING, BASE_NONE,
5454                 NULL, 0, "Workstation FQDN", HFILL }},
5455
5456         { &hf_netlogon_group_name,
5457                 { "Group Name", "netlogon.group_name", FT_STRING, BASE_NONE,
5458                 NULL, 0, "Group Name", HFILL }},
5459
5460         { &hf_netlogon_alias_name,
5461                 { "Alias Name", "netlogon.alias_name", FT_STRING, BASE_NONE,
5462                 NULL, 0, "Alias Name", HFILL }},
5463
5464         { &hf_netlogon_cli_name,
5465                 { "CLI Name", "netlogon.cli_name", FT_STRING, BASE_NONE,
5466                 NULL, 0, "CLI Name", HFILL }},
5467
5468         { &hf_netlogon_dns_host,
5469                 { "DNS Host", "netlogon.dns_host", FT_STRING, BASE_NONE,
5470                 NULL, 0, "DNS Host", HFILL }},
5471
5472         { &hf_netlogon_trusted_domain_name,
5473                 { "Trusted Domain", "netlogon.trusted_domain", FT_STRING, BASE_NONE,
5474                 NULL, 0, "Trusted Domain Name", HFILL }},
5475
5476         { &hf_netlogon_trusted_dc_name,
5477                 { "Trusted DC", "netlogon.trusted_dc", FT_STRING, BASE_NONE,
5478                 NULL, 0, "Trusted DC", HFILL }},
5479
5480         { &hf_netlogon_logonsrv_handle,
5481                 { "Handle", "netlogon.handle", FT_STRING, BASE_NONE,
5482                 NULL, 0, "Logon Srv Handle", HFILL }},
5483
5484         { &hf_netlogon_logon_count,
5485                 { "Logon Count", "netlogon.logon_count", FT_UINT16, BASE_DEC, 
5486                 NULL, 0x0, "Number of successful logins", HFILL }},
5487
5488         { &hf_netlogon_bad_pw_count,
5489                 { "Bad PW Count", "netlogon.bad_pw_count", FT_UINT16, BASE_DEC, 
5490                 NULL, 0x0, "Number of failed logins", HFILL }},
5491
5492         { &hf_netlogon_country,
5493                 { "Country", "netlogon.country", FT_UINT16, BASE_DEC, 
5494                 VALS(ms_country_codes), 0x0, "Country setting for this account", HFILL }},
5495
5496         { &hf_netlogon_codepage,
5497                 { "Codepage", "netlogon.codepage", FT_UINT16, BASE_DEC, 
5498                 NULL, 0x0, "Codepage setting for this account", HFILL }},
5499
5500         { &hf_netlogon_level,
5501                 { "Level", "netlogon.level", FT_UINT16, BASE_DEC, 
5502                 NULL, 0x0, "Which option of the union is represented here", HFILL }},
5503
5504         { &hf_netlogon_secure_channel_type,
5505                 { "Sec Chn Type", "netlogon.sec_chn_type", FT_UINT16, BASE_DEC, 
5506                 NULL, 0x0, "Secure Channel Type", HFILL }},
5507
5508         { &hf_netlogon_blob_size,
5509                 { "Size", "netlogon.blob.size", FT_UINT32, BASE_DEC, 
5510                 NULL, 0x0, "Size in bytes of BLOB", HFILL }},
5511
5512         { &hf_netlogon_code,
5513                 { "Code", "netlogon.code", FT_UINT32, BASE_HEX, 
5514                 NULL, 0x0, "Code", HFILL }},
5515
5516         { &hf_netlogon_level_long,
5517                 { "Level", "netlogon.level32", FT_UINT32, BASE_DEC, 
5518                 NULL, 0x0, "Which option of the union is represented here", HFILL }},
5519
5520         { &hf_netlogon_timestamp,
5521                 { "Timestamp", "netlogon.timestamp", FT_UINT32, BASE_HEX, 
5522                 NULL, 0x0, "Some sort of timestamp", HFILL }},
5523
5524         { &hf_netlogon_user_rid,
5525                 { "User RID", "netlogon.rid", FT_UINT32, BASE_DEC, 
5526                 NULL, 0x0, "", HFILL }},
5527
5528         { &hf_netlogon_alias_rid,
5529                 { "Alias RID", "netlogon.alias_rid", FT_UINT32, BASE_DEC, 
5530                 NULL, 0x0, "", HFILL }},
5531
5532         { &hf_netlogon_group_rid,
5533                 { "Group RID", "netlogon.group_rid", FT_UINT32, BASE_DEC, 
5534                 NULL, 0x0, "", HFILL }},
5535
5536         { &hf_netlogon_num_rids,
5537                 { "Num RIDs", "netlogon.num_rids", FT_UINT32, BASE_DEC, 
5538                 NULL, 0x0, "Number of RIDs", HFILL }},
5539
5540         { &hf_netlogon_num_other_groups,
5541                 { "Num Other Groups", "netlogon.num_other_groups", FT_UINT32, BASE_DEC, 
5542                 NULL, 0x0, "", HFILL }},
5543
5544         { &hf_netlogon_flags,
5545                 { "Flags", "netlogon.flags", FT_UINT32, BASE_HEX, 
5546                 NULL, 0x0, "", HFILL }},
5547
5548         { &hf_netlogon_user_flags,
5549                 { "User Flags", "netlogon.user_flags", FT_UINT32, BASE_HEX, 
5550                 NULL, 0x0, "", HFILL }},
5551
5552         { &hf_netlogon_database_id,
5553                 { "Database Id", "netlogon.database_id", FT_UINT32, BASE_DEC, 
5554                 NULL, 0x0, "Database Id", HFILL }},
5555
5556         { &hf_netlogon_max_size,
5557                 { "Max Size", "netlogon.max_size", FT_UINT32, BASE_DEC, 
5558                 NULL, 0x0, "Max Size of database", HFILL }},
5559
5560         { &hf_netlogon_num_deltas,
5561                 { "Num Deltas", "netlogon.num_deltas", FT_UINT32, BASE_DEC, 
5562                 NULL, 0x0, "Number of SAM Deltas in array", HFILL }},
5563
5564         { &hf_netlogon_logon_attempts,
5565                 { "Logon Attempts", "netlogon.logon_attempts", FT_UINT32, BASE_DEC, 
5566                 NULL, 0x0, "Number of logon attempts", HFILL }},
5567
5568         { &hf_netlogon_lsa_sd_size,
5569                 { "Size", "netlogon.lsa_sd_size", FT_UINT32, BASE_DEC, 
5570                 NULL, 0x0, "Size of lsa security descriptor", HFILL }},
5571
5572         { &hf_netlogon_logon_time,
5573                 { "Logon Time", "netlogon.logon_time", FT_ABSOLUTE_TIME, BASE_NONE,
5574                 NULL, 0, "Time for last time this user logged on", HFILL }},
5575
5576         { &hf_netlogon_kickoff_time,
5577                 { "Kickoff Time", "netlogon.kickoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
5578                 NULL, 0, "Time when this user will be kicked off", HFILL }},
5579
5580         { &hf_netlogon_logoff_time,
5581                 { "Logoff Time", "netlogon.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
5582                 NULL, 0, "Time for last time this user logged off", HFILL }},
5583
5584         { &hf_netlogon_pwd_last_set_time,
5585                 { "PWD Last Set", "netlogon.pwd_last_set_time", FT_ABSOLUTE_TIME, BASE_NONE,
5586                 NULL, 0, "Last time this users password was changed", HFILL }},
5587
5588         { &hf_netlogon_pwd_can_change_time,
5589                 { "PWD Can Change", "netlogon.pwd_can_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
5590                 NULL, 0, "When this users password may be changed", HFILL }},
5591
5592         { &hf_netlogon_pwd_must_change_time,
5593                 { "PWD Must Change", "netlogon.pwd_must_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
5594                 NULL, 0, "When this users password must be changed", HFILL }},
5595
5596         };
5597
5598         static gint *ett[] = {
5599                 &ett_dcerpc_netlogon,
5600                 &ett_NETLOGON_SECURITY_DESCRIPTOR,
5601                 &ett_TYPE_1,
5602                 &ett_TYPE_2,
5603                 &ett_CYPHER_BLOCK,
5604                 &ett_NETLOGON_AUTHENTICATOR,
5605                 &ett_NETLOGON_LOGON_IDENTITY_INFO,
5606                 &ett_NETLOGON_INTERACTIVE_INFO,
5607                 &ett_NETLOGON_NETWORK_INFO,
5608                 &ett_NETLOGON_VALIDATION_SAM_INFO1,
5609                 &ett_NETLOGON_VALIDATION_SAM_INFO2,
5610                 &ett_TYPE_16,
5611                 &ett_NETLOGON_SAM_DOMAIN_INFO,
5612                 &ett_NETLOGON_SAM_GROUP_INFO,
5613                 &ett_TYPE_23,
5614                 &ett_NETLOGON_SAM_ACCOUNT_INFO,
5615                 &ett_NETLOGON_SAM_GROUP_MEM_INFO,
5616                 &ett_NETLOGON_SAM_ALIAS_INFO,
5617                 &ett_NETLOGON_SAM_ALIAS_MEM_INFO,
5618                 &ett_TYPE_30,
5619                 &ett_TYPE_29,
5620                 &ett_TYPE_31,
5621                 &ett_TYPE_32,
5622                 &ett_TYPE_33,
5623                 &ett_TYPE_34,
5624                 &ett_TYPE_35,
5625                 &ett_SAM_DELTA,
5626                 &ett_SAM_DELTA_ARRAY,
5627                 &ett_TYPE_36,
5628                 &ett_NETLOGON_INFO_1,
5629                 &ett_NETLOGON_INFO_2,
5630                 &ett_NETLOGON_INFO_3,
5631                 &ett_NETLOGON_INFO_4,
5632                 &ett_UNICODE_MULTI,
5633                 &ett_DOMAIN_CONTROLLER_INFO,
5634                 &ett_TYPE_46,
5635                 &ett_TYPE_48,
5636                 &ett_UNICODE_STRING_512,
5637                 &ett_TYPE_50,
5638                 &ett_TYPE_51,
5639                 &ett_TYPE_52,
5640                 &ett_NETLOGON_LEVEL,
5641                 &ett_NETLOGON_VALIDATION,
5642                 &ett_TYPE_19,
5643                 &ett_NETLOGON_CONTROL_QUERY_INFO,
5644                 &ett_TYPE_44,
5645                 &ett_TYPE_20,
5646                 &ett_NETLOGON_INFO,
5647                 &ett_TYPE_45,
5648                 &ett_TYPE_47,
5649                 &ett_NETLOGON_CREDENTIAL,
5650                 &ett_GUID,
5651                 &ett_ENC_LM_OWF_PASSWORD,
5652                 &ett_LM_OWF_PASSWORD,
5653                 &ett_NT_OWF_PASSWORD,
5654                 &ett_GROUP_MEMBERSHIP,
5655                 &ett_USER_SESSION_KEY,
5656                 &ett_BLOB,
5657                 &ett_rid_array,
5658                 &ett_attrib_array,
5659         };
5660
5661         proto_dcerpc_netlogon = proto_register_protocol(
5662                 "Microsoft Network Logon", "NETLOGON", "rpc_netlogon");
5663
5664         proto_register_field_array(proto_dcerpc_netlogon, hf, 
5665                                    array_length(hf));
5666         proto_register_subtree_array(ett, array_length(ett));
5667
5668         register_init_routine(netlogon_init);
5669 }
5670
5671 void
5672 proto_reg_handoff_dcerpc_netlogon(void)
5673 {
5674         /* Register protocol as dcerpc */
5675
5676         dcerpc_init_uuid(proto_dcerpc_netlogon, ett_dcerpc_netlogon, 
5677                          &uuid_dcerpc_netlogon, ver_dcerpc_netlogon, 
5678                          dcerpc_netlogon_dissectors);
5679 }
git mirror of the wireshark svn