1 /* packet-dcerpc-samr.c
2 * Routines for SMB \\PIPE\\samr packet disassembly
3 * Copyright 2001, Tim Potter <tpot@samba.org>
4 * 2002 Added all command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-samr.c,v 1.22 2002/03/11 00:00:15 sahlberg Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #include <epan/packet.h>
33 #include "packet-dcerpc.h"
34 #include "packet-dcerpc-nt.h"
35 #include "packet-dcerpc-samr.h"
36 #include "smb.h" /* for "NT_errors[]" */
38 int dissect_nt_sid(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, char *name);
40 static int proto_dcerpc_samr = -1;
42 static int hf_samr_hnd = -1;
43 static int hf_samr_group = -1;
44 static int hf_samr_rid = -1;
45 static int hf_samr_type = -1;
46 static int hf_samr_alias = -1;
47 static int hf_samr_rid_attrib = -1;
48 static int hf_samr_rc = -1;
49 static int hf_samr_index = -1;
50 static int hf_samr_count = -1;
52 static int hf_samr_level = -1;
53 static int hf_samr_start_idx = -1;
54 static int hf_samr_max_entries = -1;
55 static int hf_samr_entries = -1;
56 static int hf_samr_pref_maxsize = -1;
57 static int hf_samr_total_size = -1;
58 static int hf_samr_ret_size = -1;
59 static int hf_samr_alias_name = -1;
60 static int hf_samr_group_name = -1;
61 static int hf_samr_acct_name = -1;
62 static int hf_samr_full_name = -1;
63 static int hf_samr_acct_desc = -1;
64 static int hf_samr_home = -1;
65 static int hf_samr_home_drive = -1;
66 static int hf_samr_script = -1;
67 static int hf_samr_workstations = -1;
68 static int hf_samr_profile = -1;
69 static int hf_samr_server = -1;
70 static int hf_samr_domain = -1;
71 static int hf_samr_controller = -1;
72 static int hf_samr_access = -1;
73 static int hf_samr_mask = -1;
74 static int hf_samr_crypt_password = -1;
75 static int hf_samr_crypt_hash = -1;
76 static int hf_samr_lm_change = -1;
77 static int hf_samr_attrib = -1;
78 static int hf_samr_max_pwd_age = -1;
79 static int hf_samr_min_pwd_age = -1;
80 static int hf_samr_min_pwd_len = -1;
81 static int hf_samr_pwd_history_len = -1;
82 static int hf_samr_num_users = -1;
83 static int hf_samr_num_groups = -1;
84 static int hf_samr_num_aliases = -1;
85 static int hf_samr_resume_hnd = -1;
86 static int hf_samr_bad_pwd_count = -1;
87 static int hf_samr_logon_count = -1;
88 static int hf_samr_logon_time = -1;
89 static int hf_samr_logoff_time = -1;
90 static int hf_samr_kickoff_time = -1;
91 static int hf_samr_pwd_last_set_time = -1;
92 static int hf_samr_pwd_can_change_time = -1;
93 static int hf_samr_pwd_must_change_time = -1;
94 static int hf_samr_acct_expiry_time = -1;
95 static int hf_samr_country = -1;
96 static int hf_samr_codepage = -1;
97 static int hf_samr_comment = -1;
98 static int hf_samr_parameters = -1;
99 static int hf_samr_nt_pwd_set = -1;
100 static int hf_samr_lm_pwd_set = -1;
101 static int hf_samr_pwd_expired = -1;
102 static int hf_samr_revision = -1;
103 static int hf_samr_divisions = -1;
104 static int hf_samr_info_type = -1;
106 static int hf_samr_unknown_hyper = -1;
107 static int hf_samr_unknown_long = -1;
108 static int hf_samr_unknown_short = -1;
109 static int hf_samr_unknown_char = -1;
110 static int hf_samr_unknown_string = -1;
111 static int hf_samr_unknown_time = -1;
113 /* these are used by functions in packet-dcerpc-nt.c */
114 int hf_nt_str_len = -1;
115 int hf_nt_str_off = -1;
116 int hf_nt_str_max_len = -1;
117 int hf_nt_string_length = -1;
118 int hf_nt_string_size = -1;
119 static int hf_nt_acct_ctrl = -1;
120 static int hf_nt_acb_disabled = -1;
121 static int hf_nt_acb_homedirreq = -1;
122 static int hf_nt_acb_pwnotreq = -1;
123 static int hf_nt_acb_tempdup = -1;
124 static int hf_nt_acb_normal = -1;
125 static int hf_nt_acb_mns = -1;
126 static int hf_nt_acb_domtrust = -1;
127 static int hf_nt_acb_wstrust = -1;
128 static int hf_nt_acb_svrtrust = -1;
129 static int hf_nt_acb_pwnoexp = -1;
130 static int hf_nt_acb_autolock = -1;
132 static gint ett_dcerpc_samr = -1;
133 gint ett_nt_unicode_string = -1; /* used by packet-dcerpc-nt.c*/
134 static gint ett_samr_user_dispinfo_1 = -1;
135 static gint ett_samr_user_dispinfo_1_array = -1;
136 static gint ett_samr_user_dispinfo_2 = -1;
137 static gint ett_samr_user_dispinfo_2_array = -1;
138 static gint ett_samr_group_dispinfo = -1;
139 static gint ett_samr_group_dispinfo_array = -1;
140 static gint ett_samr_ascii_dispinfo = -1;
141 static gint ett_samr_ascii_dispinfo_array = -1;
142 static gint ett_samr_display_info = -1;
143 static gint ett_samr_password_info = -1;
144 static gint ett_samr_server = -1;
145 static gint ett_samr_user_group = -1;
146 static gint ett_samr_user_group_array = -1;
147 static gint ett_samr_alias_info = -1;
148 static gint ett_samr_group_info = -1;
149 static gint ett_samr_domain_info_1 = -1;
150 static gint ett_samr_domain_info_2 = -1;
151 static gint ett_samr_domain_info_8 = -1;
152 static gint ett_samr_replication_status = -1;
153 static gint ett_samr_domain_info_11 = -1;
154 static gint ett_samr_domain_info_13 = -1;
155 static gint ett_samr_domain_info = -1;
156 static gint ett_samr_sid_pointer = -1;
157 static gint ett_samr_sid_array = -1;
158 static gint ett_samr_index_array = -1;
159 static gint ett_samr_idx_and_name = -1;
160 static gint ett_samr_idx_and_name_array = -1;
161 static gint ett_samr_logon_hours = -1;
162 static gint ett_samr_logon_hours_hours = -1;
163 static gint ett_samr_user_info_1 = -1;
164 static gint ett_samr_user_info_2 = -1;
165 static gint ett_samr_user_info_3 = -1;
166 static gint ett_samr_user_info_5 = -1;
167 static gint ett_samr_user_info_6 = -1;
168 static gint ett_samr_user_info_18 = -1;
169 static gint ett_samr_user_info_19 = -1;
170 static gint ett_samr_buffer_buffer = -1;
171 static gint ett_samr_buffer = -1;
172 static gint ett_samr_user_info_21 = -1;
173 static gint ett_samr_user_info_22 = -1;
174 static gint ett_samr_user_info_23 = -1;
175 static gint ett_samr_user_info_24 = -1;
176 static gint ett_samr_user_info = -1;
177 static gint ett_samr_member_array_types = -1;
178 static gint ett_samr_member_array_rids = -1;
179 static gint ett_samr_member_array = -1;
180 static gint ett_samr_names = -1;
181 static gint ett_samr_rids = -1;
182 static gint ett_nt_acct_ctrl = -1;
185 static e_uuid_t uuid_dcerpc_samr = {
186 0x12345778, 0x1234, 0xabcd,
187 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xac}
190 static guint16 ver_dcerpc_samr = 1;
193 /* functions to dissect a STRING structure, common to many
198 [size_is(size), length_is(len), ptr] char *string;
203 dissect_ndr_nt_STRING_string (tvbuff_t *tvb, int offset,
204 packet_info *pinfo, proto_tree *tree,
207 guint32 len, off, max_len;
213 di=pinfo->private_data;
214 if(di->conformant_run){
215 /*just a run to handle conformant arrays, nothing to dissect */
219 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
220 hf_nt_str_len, &len);
221 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
222 hf_nt_str_off, &off);
223 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
224 hf_nt_str_max_len, &max_len);
227 offset = prs_uint8s(tvb, offset, pinfo, tree, max_len, &text, NULL);
229 name = proto_registrar_get_name(di->hf_index);
230 proto_tree_add_string(tree, di->hf_index, tvb, old_offset,
231 offset-old_offset, text);
234 proto_item_set_text(tree, "%s: %s", name, text);
235 proto_item_set_text(tree->parent, "%s: %s", name, text);
241 dissect_ndr_nt_STRING (tvbuff_t *tvb, int offset,
242 packet_info *pinfo, proto_tree *parent_tree,
243 char *drep, int hf_index)
245 proto_item *item=NULL;
246 proto_tree *tree=NULL;
247 int old_offset=offset;
251 di=pinfo->private_data;
252 if(di->conformant_run){
253 /*just a run to handle conformant arrays, nothing to dissect */
257 name = proto_registrar_get_name(di->hf_index);
259 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
261 tree = proto_item_add_subtree(item, ett_nt_unicode_string);
264 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
265 hf_nt_string_length, NULL);
266 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
267 hf_nt_string_size, NULL);
268 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
269 dissect_ndr_nt_STRING_string, NDR_POINTER_PTR,
272 proto_item_set_len(item, offset-old_offset);
277 samr_dissect_SID(tvbuff_t *tvb, int offset,
278 packet_info *pinfo, proto_tree *tree,
283 di=pinfo->private_data;
284 if(di->conformant_run){
285 /* just a run to handle conformant arrays, no scalars to dissect */
289 /* the SID contains a conformant array, first we must eat
290 the 4-byte max_count before we can hand it off */
291 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
292 hf_samr_count, NULL);
294 offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Domain");
299 samr_dissect_SID_ptr(tvbuff_t *tvb, int offset,
300 packet_info *pinfo, proto_tree *tree,
303 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
304 samr_dissect_SID, NDR_POINTER_UNIQUE,
305 "SID pointer", -1, 1);
311 static const true_false_string tfs_nt_acb_disabled = {
312 "Account is DISABLED",
313 "Account is NOT disabled"
315 static const true_false_string tfs_nt_acb_homedirreq = {
316 "Homedir is REQUIRED",
317 "Homedir is NOT required"
319 static const true_false_string tfs_nt_acb_pwnotreq = {
320 "Password is NOT required",
321 "Password is REQUIRED"
323 static const true_false_string tfs_nt_acb_tempdup = {
324 "This is a TEMPORARY DUPLICATE account",
325 "This is NOT a temporary duplicate account"
327 static const true_false_string tfs_nt_acb_normal = {
328 "This is a NORMAL USER account",
329 "This is NOT a normal user account"
331 static const true_false_string tfs_nt_acb_mns = {
332 "This is a MNS account",
333 "This is NOT a mns account"
335 static const true_false_string tfs_nt_acb_domtrust = {
336 "This is a DOMAIN TRUST account",
337 "This is NOT a domain trust account"
339 static const true_false_string tfs_nt_acb_wstrust = {
340 "This is a WORKSTATION TRUST account",
341 "This is NOT a workstation trust account"
343 static const true_false_string tfs_nt_acb_svrtrust = {
344 "This is a SERVER TRUST account",
345 "This is NOT a server trust account"
347 static const true_false_string tfs_nt_acb_pwnoexp = {
348 "Passwords does NOT expire",
349 "Password will EXPIRE"
351 static const true_false_string tfs_nt_acb_autolock = {
352 "This account has been AUTO LOCKED",
353 "This account has NOT been auto locked"
356 dissect_ndr_nt_acct_ctrl(tvbuff_t *tvb, int offset, packet_info *pinfo,
357 proto_tree *parent_tree, char *drep)
360 proto_item *item = NULL;
361 proto_tree *tree = NULL;
363 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
364 hf_nt_acct_ctrl, &mask);
367 item = proto_tree_add_uint(parent_tree, hf_nt_acct_ctrl,
368 tvb, offset-4, 4, mask);
369 tree = proto_item_add_subtree(item, ett_nt_acct_ctrl);
372 proto_tree_add_boolean(tree, hf_nt_acb_autolock,
373 tvb, offset-4, 4, mask);
374 proto_tree_add_boolean(tree, hf_nt_acb_pwnoexp,
375 tvb, offset-4, 4, mask);
376 proto_tree_add_boolean(tree, hf_nt_acb_svrtrust,
377 tvb, offset-4, 4, mask);
378 proto_tree_add_boolean(tree, hf_nt_acb_wstrust,
379 tvb, offset-4, 4, mask);
380 proto_tree_add_boolean(tree, hf_nt_acb_domtrust,
381 tvb, offset-4, 4, mask);
382 proto_tree_add_boolean(tree, hf_nt_acb_mns,
383 tvb, offset-4, 4, mask);
384 proto_tree_add_boolean(tree, hf_nt_acb_normal,
385 tvb, offset-4, 4, mask);
386 proto_tree_add_boolean(tree, hf_nt_acb_tempdup,
387 tvb, offset-4, 4, mask);
388 proto_tree_add_boolean(tree, hf_nt_acb_pwnotreq,
389 tvb, offset-4, 4, mask);
390 proto_tree_add_boolean(tree, hf_nt_acb_homedirreq,
391 tvb, offset-4, 4, mask);
392 proto_tree_add_boolean(tree, hf_nt_acb_disabled,
393 tvb, offset-4, 4, mask);
399 /* above this line, just some general support routines which should be placed
400 in some more generic file common to all NT services dissectors
404 samr_dissect_context_handle_reply(tvbuff_t *tvb, int offset,
405 packet_info *pinfo, proto_tree *tree,
408 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
410 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
418 samr_dissect_open_user_rqst(tvbuff_t *tvb, int offset,
419 packet_info *pinfo, proto_tree *tree,
422 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
424 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
425 hf_samr_access, NULL);
426 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
433 samr_dissect_pointer_long(tvbuff_t *tvb, int offset,
434 packet_info *pinfo, proto_tree *tree,
439 di=pinfo->private_data;
440 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
446 samr_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
447 packet_info *pinfo, proto_tree *tree,
452 di=pinfo->private_data;
453 if(di->conformant_run){
454 /*just a run to handle conformant arrays, nothing to dissect */
458 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
464 samr_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
465 packet_info *pinfo, proto_tree *tree,
470 di=pinfo->private_data;
471 if(di->conformant_run){
472 /*just a run to handle conformant arrays, nothing to dissect */
476 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
477 di->hf_index, di->levels);
482 samr_dissect_pointer_short(tvbuff_t *tvb, int offset,
483 packet_info *pinfo, proto_tree *tree,
488 di=pinfo->private_data;
489 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
496 samr_dissect_query_dispinfo_rqst (tvbuff_t *tvb, int offset,
497 packet_info *pinfo, proto_tree *tree,
500 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
502 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
503 hf_samr_level, NULL);
504 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
505 hf_samr_start_idx, NULL);
506 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
507 hf_samr_max_entries, NULL);
508 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
509 hf_samr_pref_maxsize, NULL);
514 samr_dissect_USER_DISPINFO_1(tvbuff_t *tvb, int offset,
515 packet_info *pinfo, proto_tree *parent_tree,
518 proto_item *item=NULL;
519 proto_tree *tree=NULL;
520 int old_offset=offset;
523 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
525 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
528 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
529 hf_samr_index, NULL);
530 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
532 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
533 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
534 hf_samr_acct_name, 0);
535 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
536 hf_samr_full_name, 0);
537 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
538 hf_samr_acct_desc, 0);
540 proto_item_set_len(item, offset-old_offset);
545 samr_dissect_USER_DISPINFO_1_ARRAY_users(tvbuff_t *tvb, int offset,
546 packet_info *pinfo, proto_tree *tree,
549 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
550 samr_dissect_USER_DISPINFO_1);
556 samr_dissect_USER_DISPINFO_1_ARRAY (tvbuff_t *tvb, int offset,
557 packet_info *pinfo, proto_tree *parent_tree,
561 proto_item *item=NULL;
562 proto_tree *tree=NULL;
563 int old_offset=offset;
566 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
567 "User_DispInfo_1 Array");
568 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1_array);
572 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
573 hf_samr_count, &count);
574 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
575 samr_dissect_USER_DISPINFO_1_ARRAY_users, NDR_POINTER_PTR,
576 "USER_DISPINFO_1_ARRAY", -1, 0);
578 proto_item_set_len(item, offset-old_offset);
585 samr_dissect_USER_DISPINFO_2(tvbuff_t *tvb, int offset,
586 packet_info *pinfo, proto_tree *parent_tree,
589 proto_item *item=NULL;
590 proto_tree *tree=NULL;
591 int old_offset=offset;
594 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
596 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2);
599 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
600 hf_samr_index, NULL);
601 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
603 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
604 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
605 hf_samr_acct_name, 0);
606 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
607 hf_samr_acct_desc, 0);
609 proto_item_set_len(item, offset-old_offset);
614 samr_dissect_USER_DISPINFO_2_ARRAY_users (tvbuff_t *tvb, int offset,
615 packet_info *pinfo, proto_tree *tree,
618 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
619 samr_dissect_USER_DISPINFO_2);
625 samr_dissect_USER_DISPINFO_2_ARRAY (tvbuff_t *tvb, int offset,
626 packet_info *pinfo, proto_tree *parent_tree,
630 proto_item *item=NULL;
631 proto_tree *tree=NULL;
632 int old_offset=offset;
635 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
636 "User_DispInfo_2 Array");
637 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2_array);
641 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
642 hf_samr_count, &count);
643 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
644 samr_dissect_USER_DISPINFO_2_ARRAY_users, NDR_POINTER_PTR,
645 "USER_DISPINFO_2_ARRAY", -1, 0);
647 proto_item_set_len(item, offset-old_offset);
656 samr_dissect_GROUP_DISPINFO(tvbuff_t *tvb, int offset,
657 packet_info *pinfo, proto_tree *parent_tree,
660 proto_item *item=NULL;
661 proto_tree *tree=NULL;
662 int old_offset=offset;
665 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
667 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo);
671 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
672 hf_samr_index, NULL);
673 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
675 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
676 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
677 hf_samr_acct_name, 0);
678 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
679 hf_samr_acct_desc, 0);
681 proto_item_set_len(item, offset-old_offset);
686 samr_dissect_GROUP_DISPINFO_ARRAY_groups(tvbuff_t *tvb, int offset,
687 packet_info *pinfo, proto_tree *tree,
690 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
691 samr_dissect_GROUP_DISPINFO);
697 samr_dissect_GROUP_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
698 packet_info *pinfo, proto_tree *parent_tree,
702 proto_item *item=NULL;
703 proto_tree *tree=NULL;
704 int old_offset=offset;
707 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
708 "Group_DispInfo Array");
709 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo_array);
712 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
713 hf_samr_count, &count);
714 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
715 samr_dissect_GROUP_DISPINFO_ARRAY_groups, NDR_POINTER_PTR,
716 "GROUP_DISPINFO_ARRAY", -1, 0);
718 proto_item_set_len(item, offset-old_offset);
725 samr_dissect_ASCII_DISPINFO(tvbuff_t *tvb, int offset,
726 packet_info *pinfo, proto_tree *parent_tree,
729 proto_item *item=NULL;
730 proto_tree *tree=NULL;
731 int old_offset=offset;
734 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
736 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo);
740 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
741 hf_samr_index, NULL);
742 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
744 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
745 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
747 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
750 proto_item_set_len(item, offset-old_offset);
755 samr_dissect_ASCII_DISPINFO_ARRAY_users(tvbuff_t *tvb, int offset,
756 packet_info *pinfo, proto_tree *tree,
759 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
760 samr_dissect_ASCII_DISPINFO);
766 samr_dissect_ASCII_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
767 packet_info *pinfo, proto_tree *parent_tree,
771 proto_item *item=NULL;
772 proto_tree *tree=NULL;
773 int old_offset=offset;
776 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
777 "Ascii_DispInfo Array");
778 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo_array);
781 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
782 hf_samr_count, &count);
783 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
784 samr_dissect_ASCII_DISPINFO_ARRAY_users, NDR_POINTER_PTR,
785 "ACSII_DISPINFO_ARRAY", -1, 0);
787 proto_item_set_len(item, offset-old_offset);
793 samr_dissect_DISPLAY_INFO (tvbuff_t *tvb, int offset,
794 packet_info *pinfo, proto_tree *parent_tree,
797 proto_item *item=NULL;
798 proto_tree *tree=NULL;
799 int old_offset=offset;
803 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
805 tree = proto_item_add_subtree(item, ett_samr_display_info);
808 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
809 hf_samr_level, &level);
812 offset = samr_dissect_USER_DISPINFO_1_ARRAY(
813 tvb, offset, pinfo, tree, drep);
816 offset = samr_dissect_USER_DISPINFO_2_ARRAY(
817 tvb, offset, pinfo, tree, drep);
820 offset = samr_dissect_GROUP_DISPINFO_ARRAY(
821 tvb, offset, pinfo, tree, drep);
824 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
825 tvb, offset, pinfo, tree, drep);
828 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
829 tvb, offset, pinfo, tree, drep);
833 proto_item_set_len(item, offset-old_offset);
838 samr_dissect_query_dispinfo_reply (tvbuff_t *tvb, int offset,
839 packet_info *pinfo, proto_tree *tree,
842 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
843 samr_dissect_pointer_long, NDR_POINTER_REF,
844 "", hf_samr_total_size, 0);
845 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
846 samr_dissect_pointer_long, NDR_POINTER_REF,
847 "", hf_samr_ret_size, 0);
848 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
849 samr_dissect_DISPLAY_INFO, NDR_POINTER_REF,
851 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
859 samr_dissect_get_display_enumeration_index_rqst(tvbuff_t *tvb, int offset,
860 packet_info *pinfo, proto_tree *tree,
863 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
865 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
866 hf_samr_level, NULL);
867 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
874 samr_dissect_get_display_enumeration_index_reply(tvbuff_t *tvb, int offset,
875 packet_info *pinfo, proto_tree *tree,
878 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
879 samr_dissect_pointer_long, NDR_POINTER_REF,
880 "", hf_samr_index, 0);
881 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
891 samr_dissect_PASSWORD_INFO(tvbuff_t *tvb, int offset,
892 packet_info *pinfo, proto_tree *parent_tree,
896 proto_item *item=NULL;
897 proto_tree *tree=NULL;
898 int old_offset=offset;
900 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
903 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
905 tree = proto_item_add_subtree(item, ett_samr_password_info);
909 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
910 hf_samr_unknown_short, NULL);
911 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
912 hf_samr_unknown_long, NULL);
914 proto_item_set_len(item, offset-old_offset);
919 samr_dissect_get_usrdom_pwinfo_reply(tvbuff_t *tvb, int offset,
920 packet_info *pinfo, proto_tree *tree,
923 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
924 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
926 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
934 samr_dissect_connect2_server(tvbuff_t *tvb, int offset,
935 packet_info *pinfo, proto_tree *parent_tree,
938 proto_item *item=NULL;
939 proto_tree *tree=NULL;
940 int old_offset=offset;
943 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
945 tree = proto_item_add_subtree(item, ett_samr_server);
948 offset = dissect_ndr_nt_UNICODE_STRING_str(tvb, offset, pinfo,
951 proto_item_set_len(item, offset-old_offset);
956 samr_dissect_connect2_rqst(tvbuff_t *tvb, int offset,
957 packet_info *pinfo, proto_tree *tree,
960 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
961 samr_dissect_connect2_server, NDR_POINTER_UNIQUE,
962 "Server", hf_samr_server, 0);
964 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
965 hf_samr_access, NULL);
970 samr_dissect_connect2_reply(tvbuff_t *tvb, int offset,
971 packet_info *pinfo, proto_tree *tree,
974 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
976 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
985 samr_dissect_USER_GROUP(tvbuff_t *tvb, int offset,
986 packet_info *pinfo, proto_tree *parent_tree,
989 proto_item *item=NULL;
990 proto_tree *tree=NULL;
991 int old_offset=offset;
994 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
996 tree = proto_item_add_subtree(item, ett_samr_user_group);
999 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1001 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1002 hf_samr_rid_attrib, NULL);
1004 proto_item_set_len(item, offset-old_offset);
1009 samr_dissect_USER_GROUP_ARRAY_groups (tvbuff_t *tvb, int offset,
1010 packet_info *pinfo, proto_tree *tree,
1013 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1014 samr_dissect_USER_GROUP);
1020 samr_dissect_USER_GROUP_ARRAY(tvbuff_t *tvb, int offset,
1021 packet_info *pinfo, proto_tree *parent_tree,
1025 proto_item *item=NULL;
1026 proto_tree *tree=NULL;
1027 int old_offset=offset;
1030 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1031 "USER_GROUP_ARRAY");
1032 tree = proto_item_add_subtree(item, ett_samr_user_group_array);
1035 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1036 hf_samr_count, &count);
1037 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1038 samr_dissect_USER_GROUP_ARRAY_groups, NDR_POINTER_UNIQUE,
1039 "USER_GROUP_ARRAY", -1, 0);
1041 proto_item_set_len(item, offset-old_offset);
1046 samr_dissect_USER_GROUP_ARRAY_ptr(tvbuff_t *tvb, int offset,
1047 packet_info *pinfo, proto_tree *tree,
1050 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1051 samr_dissect_USER_GROUP_ARRAY, NDR_POINTER_UNIQUE,
1052 "USER_GROUP_ARRAY", -1, 0);
1057 samr_dissect_get_groups_for_user_reply(tvbuff_t *tvb, int offset,
1058 packet_info *pinfo, proto_tree *tree,
1061 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1062 samr_dissect_USER_GROUP_ARRAY_ptr, NDR_POINTER_REF,
1064 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1072 samr_dissect_open_domain_rqst(tvbuff_t *tvb, int offset,
1073 packet_info *pinfo, proto_tree *tree,
1076 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1078 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1079 hf_samr_access, NULL);
1080 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1081 samr_dissect_SID, NDR_POINTER_REF,
1087 samr_dissect_open_domain_reply(tvbuff_t *tvb, int offset,
1088 packet_info *pinfo, proto_tree *tree,
1091 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1093 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1101 samr_dissect_context_handle_SID(tvbuff_t *tvb, int offset,
1102 packet_info *pinfo, proto_tree *tree,
1105 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1107 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1108 samr_dissect_SID, NDR_POINTER_REF,
1114 samr_dissect_context_handle(tvbuff_t *tvb, int offset,
1115 packet_info *pinfo, proto_tree *tree,
1118 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1125 samr_dissect_rc(tvbuff_t *tvb, int offset,
1126 packet_info *pinfo, proto_tree *tree,
1129 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1135 samr_dissect_add_member_to_group_rqst(tvbuff_t *tvb, int offset,
1136 packet_info *pinfo, proto_tree *tree,
1139 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1141 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1142 hf_samr_group, NULL);
1143 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1149 samr_dissect_unknown_3c_reply(tvbuff_t *tvb, int offset,
1150 packet_info *pinfo, proto_tree *tree,
1153 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1154 samr_dissect_pointer_short, NDR_POINTER_REF,
1155 "", hf_samr_unknown_short, 0);
1156 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1164 samr_dissect_create_alias_in_domain_rqst(tvbuff_t *tvb, int offset,
1165 packet_info *pinfo, proto_tree *tree,
1168 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1170 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1171 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1172 "Account Name", hf_samr_acct_name, 0);
1173 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1174 hf_samr_access, NULL);
1179 samr_dissect_create_alias_in_domain_reply(tvbuff_t *tvb, int offset,
1180 packet_info *pinfo, proto_tree *tree,
1183 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1185 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1187 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1195 samr_dissect_query_information_alias_rqst(tvbuff_t *tvb, int offset,
1196 packet_info *pinfo, proto_tree *tree,
1199 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1201 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1202 hf_samr_level, NULL);
1209 samr_dissect_ALIAS_INFO_1 (tvbuff_t *tvb, int offset,
1210 packet_info *pinfo, proto_tree *tree,
1213 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1215 hf_samr_acct_name, 0);
1216 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1218 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1220 hf_samr_acct_desc, 0);
1225 samr_dissect_ALIAS_INFO(tvbuff_t *tvb, int offset,
1226 packet_info *pinfo, proto_tree *parent_tree,
1229 proto_item *item=NULL;
1230 proto_tree *tree=NULL;
1231 int old_offset=offset;
1235 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1237 tree = proto_item_add_subtree(item, ett_samr_alias_info);
1240 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1241 hf_samr_level, &level);
1244 offset = samr_dissect_ALIAS_INFO_1(
1245 tvb, offset, pinfo, tree, drep);
1248 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1250 hf_samr_acct_name, 0);
1253 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1255 hf_samr_acct_desc, 0);
1259 proto_item_set_len(item, offset-old_offset);
1264 samr_dissect_ALIAS_INFO_ptr(tvbuff_t *tvb, int offset,
1265 packet_info *pinfo, proto_tree *tree,
1268 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1269 samr_dissect_ALIAS_INFO, NDR_POINTER_UNIQUE,
1270 "ALIAS_INFO", -1, 0);
1275 samr_dissect_query_information_alias_reply(tvbuff_t *tvb, int offset,
1276 packet_info *pinfo, proto_tree *tree,
1279 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1280 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1282 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1288 samr_dissect_set_information_alias_rqst(tvbuff_t *tvb, int offset,
1289 packet_info *pinfo, proto_tree *tree,
1292 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1294 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1295 hf_samr_level, NULL);
1296 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1297 samr_dissect_ALIAS_INFO, NDR_POINTER_REF,
1304 samr_dissect_CRYPT_PASSWORD(tvbuff_t *tvb, int offset,
1305 packet_info *pinfo, proto_tree *tree,
1308 proto_tree_add_item(tree, hf_samr_crypt_password, tvb, offset, 516,
1315 samr_dissect_CRYPT_HASH(tvbuff_t *tvb, int offset,
1316 packet_info *pinfo, proto_tree *tree,
1319 proto_tree_add_item(tree, hf_samr_crypt_hash, tvb, offset, 16,
1327 samr_dissect_oem_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1328 packet_info *pinfo, proto_tree *tree,
1331 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1333 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1334 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1335 "Server", hf_samr_server, 0);
1336 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1337 samr_dissect_pointer_STRING, NDR_POINTER_REF,
1338 "Account Name", hf_samr_acct_name, 0);
1339 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1340 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1342 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1343 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1349 samr_dissect_unicode_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1350 packet_info *pinfo, proto_tree *tree,
1353 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1355 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1356 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1357 "Server", hf_samr_server, 0);
1358 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1359 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1360 "Account Name", hf_samr_acct_name, 0);
1361 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1362 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1364 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1365 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1367 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1368 hf_samr_lm_change, NULL);
1369 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1370 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1372 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1373 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1379 samr_dissect_unknown_3b_rqst(tvbuff_t *tvb, int offset,
1380 packet_info *pinfo, proto_tree *tree,
1383 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1385 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1386 hf_samr_unknown_short, NULL);
1387 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1388 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1389 "Unknown", hf_samr_unknown_string, 0);
1390 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1391 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1392 "Unknown", hf_samr_unknown_string, 0);
1398 samr_dissect_create_user2_in_domain_rqst(tvbuff_t *tvb, int offset,
1399 packet_info *pinfo, proto_tree *tree,
1403 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1405 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1406 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1407 "Account Name", hf_samr_acct_name, 0);
1408 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
1409 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1410 hf_samr_access, NULL);
1416 samr_dissect_create_user2_in_domain_reply(tvbuff_t *tvb, int offset,
1417 packet_info *pinfo, proto_tree *tree,
1420 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1422 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1423 hf_samr_unknown_long, NULL);
1424 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1426 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1432 samr_dissect_get_display_enumeration_index2_rqst(tvbuff_t *tvb, int offset,
1433 packet_info *pinfo, proto_tree *tree,
1436 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1438 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1439 hf_samr_level, NULL);
1440 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1441 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1442 "Account Name", hf_samr_acct_name, 0);
1447 samr_dissect_get_display_enumeration_index2_reply(tvbuff_t *tvb, int offset,
1448 packet_info *pinfo, proto_tree *tree,
1451 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1452 hf_samr_index, NULL);
1453 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1459 samr_dissect_change_password_user_rqst(tvbuff_t *tvb, int offset,
1460 packet_info *pinfo, proto_tree *tree,
1463 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1465 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1466 hf_samr_unknown_char, NULL);
1467 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1468 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1470 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1471 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1473 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1474 hf_samr_unknown_char, NULL);
1475 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1476 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1478 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1479 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1481 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1482 hf_samr_unknown_char, NULL);
1483 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1484 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1486 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1487 hf_samr_unknown_char, NULL);
1488 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1489 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1496 samr_dissect_set_member_attributes_of_group_rqst(tvbuff_t *tvb, int offset,
1497 packet_info *pinfo, proto_tree *tree,
1500 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1502 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1503 hf_samr_attrib, NULL);
1509 samr_dissect_GROUP_INFO_1 (tvbuff_t *tvb, int offset,
1510 packet_info *pinfo, proto_tree *tree,
1513 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1515 hf_samr_acct_name, 0);
1516 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1518 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1519 hf_samr_attrib, NULL);
1520 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1522 hf_samr_acct_desc, 0);
1527 samr_dissect_GROUP_INFO(tvbuff_t *tvb, int offset,
1528 packet_info *pinfo, proto_tree *parent_tree,
1531 proto_item *item=NULL;
1532 proto_tree *tree=NULL;
1533 int old_offset=offset;
1537 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1539 tree = proto_item_add_subtree(item, ett_samr_group_info);
1542 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1543 hf_samr_level, &level);
1546 offset = samr_dissect_GROUP_INFO_1(
1547 tvb, offset, pinfo, tree, drep);
1550 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1552 hf_samr_acct_name, 0);
1555 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1556 hf_samr_attrib, NULL);
1559 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1561 hf_samr_acct_desc, 0);
1565 proto_item_set_len(item, offset-old_offset);
1570 samr_dissect_GROUP_INFO_ptr(tvbuff_t *tvb, int offset,
1571 packet_info *pinfo, proto_tree *tree,
1574 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1575 samr_dissect_GROUP_INFO, NDR_POINTER_UNIQUE,
1576 "GROUP_INFO", -1, 0);
1581 samr_dissect_query_information_group_rqst (tvbuff_t *tvb, int offset,
1582 packet_info *pinfo, proto_tree *tree,
1585 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1587 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1588 hf_samr_level, NULL);
1593 samr_dissect_query_information_group_reply(tvbuff_t *tvb, int offset,
1594 packet_info *pinfo, proto_tree *tree,
1597 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1598 samr_dissect_GROUP_INFO_ptr, NDR_POINTER_REF,
1600 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1606 samr_dissect_set_information_group_rqst (tvbuff_t *tvb, int offset,
1607 packet_info *pinfo, proto_tree *tree,
1610 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1612 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1613 hf_samr_level, NULL);
1614 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1615 samr_dissect_GROUP_INFO, NDR_POINTER_REF,
1623 samr_dissect_get_domain_password_information_rqst (tvbuff_t *tvb, int offset,
1624 packet_info *pinfo, proto_tree *tree,
1627 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1630 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1631 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1632 "Domain", hf_samr_domain, 0);
1638 samr_dissect_DOMAIN_INFO_1(tvbuff_t *tvb, int offset,
1639 packet_info *pinfo, proto_tree *parent_tree,
1642 proto_item *item=NULL;
1643 proto_tree *tree=NULL;
1644 int old_offset=offset;
1646 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
1649 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1651 tree = proto_item_add_subtree(item, ett_samr_domain_info_1);
1654 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1655 hf_samr_min_pwd_len, NULL);
1656 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1657 hf_samr_pwd_history_len, NULL);
1658 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1659 hf_samr_unknown_long, NULL);
1660 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1661 hf_samr_max_pwd_age);
1662 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1663 hf_samr_min_pwd_age);
1664 proto_item_set_len(item, offset-old_offset);
1669 samr_dissect_DOMAIN_INFO_2(tvbuff_t *tvb, int offset,
1670 packet_info *pinfo, proto_tree *parent_tree,
1673 proto_item *item=NULL;
1674 proto_tree *tree=NULL;
1675 int old_offset=offset;
1678 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1680 tree = proto_item_add_subtree(item, ett_samr_domain_info_2);
1683 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1684 hf_samr_unknown_time);
1685 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1686 hf_samr_unknown_string, 0);
1687 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1689 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1690 hf_samr_controller, 0);
1691 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1692 hf_samr_unknown_time);
1693 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1694 hf_samr_unknown_long, NULL);
1695 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1696 hf_samr_unknown_long, NULL);
1697 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1698 hf_samr_unknown_char, NULL);
1699 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1700 hf_samr_num_users, NULL);
1701 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1702 hf_samr_num_groups, NULL);
1703 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1704 hf_samr_num_aliases, NULL);
1706 proto_item_set_len(item, offset-old_offset);
1711 samr_dissect_DOMAIN_INFO_8(tvbuff_t *tvb, int offset,
1712 packet_info *pinfo, proto_tree *parent_tree,
1715 proto_item *item=NULL;
1716 proto_tree *tree=NULL;
1717 int old_offset=offset;
1720 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1722 tree = proto_item_add_subtree(item, ett_samr_domain_info_8);
1725 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1726 hf_samr_max_pwd_age);
1727 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1728 hf_samr_min_pwd_age);
1730 proto_item_set_len(item, offset-old_offset);
1735 samr_dissect_REPLICATION_STATUS(tvbuff_t *tvb, int offset,
1736 packet_info *pinfo, proto_tree *parent_tree,
1739 proto_item *item=NULL;
1740 proto_tree *tree=NULL;
1741 int old_offset=offset;
1744 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1745 "REPLICATION_STATUS:");
1746 tree = proto_item_add_subtree(item, ett_samr_replication_status);
1749 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1750 hf_samr_unknown_hyper, NULL);
1751 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1752 hf_samr_unknown_hyper, NULL);
1753 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1754 hf_samr_unknown_short, NULL);
1756 proto_item_set_len(item, offset-old_offset);
1761 samr_dissect_DOMAIN_INFO_11(tvbuff_t *tvb, int offset,
1762 packet_info *pinfo, proto_tree *parent_tree,
1765 proto_item *item=NULL;
1766 proto_tree *tree=NULL;
1767 int old_offset=offset;
1770 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1772 tree = proto_item_add_subtree(item, ett_samr_domain_info_11);
1775 offset = samr_dissect_DOMAIN_INFO_2(
1776 tvb, offset, pinfo, tree, drep);
1777 offset = samr_dissect_REPLICATION_STATUS(
1778 tvb, offset, pinfo, tree, drep);
1780 proto_item_set_len(item, offset-old_offset);
1785 samr_dissect_DOMAIN_INFO_13(tvbuff_t *tvb, int offset,
1786 packet_info *pinfo, proto_tree *parent_tree,
1789 proto_item *item=NULL;
1790 proto_tree *tree=NULL;
1791 int old_offset=offset;
1794 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1796 tree = proto_item_add_subtree(item, ett_samr_domain_info_13);
1799 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1800 hf_samr_unknown_time);
1801 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1802 hf_samr_unknown_time);
1803 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1804 hf_samr_unknown_time);
1806 proto_item_set_len(item, offset-old_offset);
1812 samr_dissect_DOMAIN_INFO(tvbuff_t *tvb, int offset,
1813 packet_info *pinfo, proto_tree *parent_tree,
1816 proto_item *item=NULL;
1817 proto_tree *tree=NULL;
1818 int old_offset=offset;
1822 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1824 tree = proto_item_add_subtree(item, ett_samr_domain_info);
1827 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1828 hf_samr_level, &level);
1830 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
1833 offset = samr_dissect_DOMAIN_INFO_1(
1834 tvb, offset, pinfo, tree, drep);
1837 offset = samr_dissect_DOMAIN_INFO_2(
1838 tvb, offset, pinfo, tree, drep);
1842 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1843 hf_samr_unknown_time);
1846 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1847 tree, drep, hf_samr_unknown_string, 0);
1851 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1852 tree, drep, hf_samr_domain, 0);
1856 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1857 tree, drep, hf_samr_controller, 0);
1861 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1862 hf_samr_unknown_short, NULL);
1865 offset = samr_dissect_DOMAIN_INFO_8(
1866 tvb, offset, pinfo, tree, drep);
1869 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1870 hf_samr_unknown_short, NULL);
1873 offset = samr_dissect_DOMAIN_INFO_11(
1874 tvb, offset, pinfo, tree, drep);
1877 offset = samr_dissect_REPLICATION_STATUS(
1878 tvb, offset, pinfo, tree, drep);
1881 offset = samr_dissect_DOMAIN_INFO_13(
1882 tvb, offset, pinfo, tree, drep);
1886 proto_item_set_len(item, offset-old_offset);
1891 samr_dissect_DOMAIN_INFO_ptr(tvbuff_t *tvb, int offset,
1892 packet_info *pinfo, proto_tree *tree,
1895 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1896 samr_dissect_DOMAIN_INFO, NDR_POINTER_UNIQUE,
1897 "DOMAIN_INFO pointer", hf_samr_domain, 0);
1902 samr_dissect_query_information_domain_reply(tvbuff_t *tvb, int offset,
1903 packet_info *pinfo, proto_tree *tree,
1906 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1907 samr_dissect_DOMAIN_INFO_ptr, NDR_POINTER_REF,
1908 "", hf_samr_domain, 0);
1909 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1916 samr_dissect_set_information_domain_rqst(tvbuff_t *tvb, int offset,
1917 packet_info *pinfo, proto_tree *tree,
1920 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1922 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1923 hf_samr_level, NULL);
1924 offset = samr_dissect_DOMAIN_INFO(tvb, offset, pinfo, tree, drep);
1931 samr_dissect_lookup_domain_rqst(tvbuff_t *tvb, int offset,
1932 packet_info *pinfo, proto_tree *tree,
1935 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
1937 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1938 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1939 "", hf_samr_domain, 0);
1944 samr_dissect_lookup_domain_reply(tvbuff_t *tvb, int offset,
1945 packet_info *pinfo, proto_tree *tree,
1948 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1949 samr_dissect_SID_ptr, NDR_POINTER_REF,
1951 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1957 samr_dissect_PSID(tvbuff_t *tvb, int offset,
1958 packet_info *pinfo, proto_tree *parent_tree,
1961 proto_item *item=NULL;
1962 proto_tree *tree=NULL;
1963 int old_offset=offset;
1966 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1968 tree = proto_item_add_subtree(item, ett_samr_sid_pointer);
1971 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1972 samr_dissect_SID, NDR_POINTER_UNIQUE,
1975 proto_item_set_len(item, offset-old_offset);
1981 samr_dissect_PSID_ARRAY_sids (tvbuff_t *tvb, int offset,
1982 packet_info *pinfo, proto_tree *tree,
1985 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1993 samr_dissect_PSID_ARRAY(tvbuff_t *tvb, int offset,
1994 packet_info *pinfo, proto_tree *parent_tree,
1998 proto_item *item=NULL;
1999 proto_tree *tree=NULL;
2000 int old_offset=offset;
2003 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2005 tree = proto_item_add_subtree(item, ett_samr_sid_array);
2008 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2009 hf_samr_count, &count);
2010 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2011 samr_dissect_PSID_ARRAY_sids, NDR_POINTER_UNIQUE,
2012 "PSID_ARRAY", -1, 0);
2014 proto_item_set_len(item, offset-old_offset);
2019 samr_dissect_index(tvbuff_t *tvb, int offset,
2020 packet_info *pinfo, proto_tree *tree,
2023 int old_offset=offset;
2026 di=pinfo->private_data;
2028 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2029 di->hf_index, NULL);
2036 samr_dissect_INDEX_ARRAY_value (tvbuff_t *tvb, int offset,
2037 packet_info *pinfo, proto_tree *tree,
2040 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2041 samr_dissect_index);
2047 plural_ending(const char *string)
2051 string_len = strlen(string);
2052 if (string_len > 0 && string[string_len - 1] == 's') {
2053 /* String ends with "s" - pluralize by adding "es" */
2056 /* Field name doesn't end with "s" - pluralize by adding "s" */
2062 samr_dissect_INDEX_ARRAY(tvbuff_t *tvb, int offset,
2063 packet_info *pinfo, proto_tree *parent_tree,
2068 proto_item *item=NULL;
2069 proto_tree *tree=NULL;
2070 int old_offset=offset;
2074 di=pinfo->private_data;
2076 field_name = proto_registrar_get_name(di->hf_index);
2077 snprintf(str, 255, "INDEX_ARRAY: %s%s:", field_name,
2078 plural_ending(field_name));
2080 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2082 tree = proto_item_add_subtree(item, ett_samr_index_array);
2085 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2086 hf_samr_count, &count);
2087 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2088 samr_dissect_INDEX_ARRAY_value, NDR_POINTER_UNIQUE,
2089 str, di->hf_index, 0);
2091 proto_item_set_len(item, offset-old_offset);
2097 samr_dissect_get_alias_membership_rqst(tvbuff_t *tvb, int offset,
2098 packet_info *pinfo, proto_tree *tree,
2101 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
2103 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2104 samr_dissect_PSID_ARRAY, NDR_POINTER_REF,
2110 samr_dissect_get_alias_membership_reply(tvbuff_t *tvb, int offset,
2111 packet_info *pinfo, proto_tree *tree,
2114 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2115 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
2116 "", hf_samr_alias, 0);
2117 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2124 samr_dissect_IDX_AND_NAME(tvbuff_t *tvb, int offset,
2125 packet_info *pinfo, proto_tree *parent_tree,
2128 proto_item *item=NULL;
2129 proto_tree *tree=NULL;
2130 int old_offset=offset;
2134 di=pinfo->private_data;
2136 snprintf(str, 255, "IDX_AND_NAME: %s:",proto_registrar_get_name(di->hf_index));
2138 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2140 tree = proto_item_add_subtree(item, ett_samr_idx_and_name);
2143 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2144 hf_samr_index, NULL);
2145 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
2146 tree, drep, di->hf_index, 4);
2148 proto_item_set_len(item, offset-old_offset);
2153 samr_dissect_IDX_AND_NAME_entry (tvbuff_t *tvb, int offset,
2154 packet_info *pinfo, proto_tree *tree,
2157 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2158 samr_dissect_IDX_AND_NAME);
2165 samr_dissect_IDX_AND_NAME_ARRAY(tvbuff_t *tvb, int offset,
2166 packet_info *pinfo, proto_tree *parent_tree,
2171 proto_item *item=NULL;
2172 proto_tree *tree=NULL;
2173 int old_offset=offset;
2177 di=pinfo->private_data;
2179 field_name = proto_registrar_get_name(di->hf_index);
2182 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2183 "IDX_AND_NAME_ARRAY: %s%s:", field_name,
2184 plural_ending(field_name));
2185 tree = proto_item_add_subtree(item, ett_samr_idx_and_name_array);
2189 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2190 hf_samr_count, &count);
2191 snprintf(str, 255, "IDX_AND_NAME pointer: %s%s:", field_name,
2192 plural_ending(field_name));
2193 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2194 samr_dissect_IDX_AND_NAME_entry, NDR_POINTER_UNIQUE,
2195 str, di->hf_index, 0);
2197 proto_item_set_len(item, offset-old_offset);
2202 samr_dissect_IDX_AND_NAME_ARRAY_ptr(tvbuff_t *tvb, int offset,
2203 packet_info *pinfo, proto_tree *tree,
2210 di=pinfo->private_data;
2212 field_name = proto_registrar_get_name(di->hf_index);
2213 snprintf(str, 255, "IDX_AND_NAME_ARRAY pointer: %s%s:", field_name,
2214 plural_ending(field_name));
2215 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2216 samr_dissect_IDX_AND_NAME_ARRAY, NDR_POINTER_UNIQUE,
2217 str, di->hf_index, 0);
2222 samr_dissect_enum_domains_rqst(tvbuff_t *tvb, int offset,
2223 packet_info *pinfo, proto_tree *tree,
2226 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
2228 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2229 samr_dissect_pointer_long, NDR_POINTER_REF,
2230 "", hf_samr_resume_hnd, 0);
2231 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2232 hf_samr_pref_maxsize, NULL);
2237 samr_dissect_enum_domains_reply(tvbuff_t *tvb, int offset,
2238 packet_info *pinfo, proto_tree *tree,
2241 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2242 samr_dissect_pointer_long, NDR_POINTER_REF,
2243 "", hf_samr_resume_hnd, 0);
2244 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2245 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2246 "", hf_samr_domain, 0);
2247 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2248 samr_dissect_pointer_long, NDR_POINTER_REF,
2249 "", hf_samr_entries, 0);
2250 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2256 samr_dissect_enum_dom_groups_rqst(tvbuff_t *tvb, int offset,
2257 packet_info *pinfo, proto_tree *tree,
2260 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
2262 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2263 samr_dissect_pointer_long, NDR_POINTER_REF,
2264 "", hf_samr_resume_hnd, 0);
2265 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2266 hf_samr_mask, NULL);
2267 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2268 hf_samr_pref_maxsize, NULL);
2273 samr_dissect_enum_dom_groups_reply(tvbuff_t *tvb, int offset,
2274 packet_info *pinfo, proto_tree *tree,
2277 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2278 samr_dissect_pointer_long, NDR_POINTER_REF,
2279 "", hf_samr_resume_hnd, 0);
2280 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2281 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2282 "", hf_samr_group_name, 0);
2283 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2284 samr_dissect_pointer_long, NDR_POINTER_REF,
2285 "", hf_samr_entries, 0);
2286 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2292 samr_dissect_enum_dom_alias_reply(tvbuff_t *tvb, int offset,
2293 packet_info *pinfo, proto_tree *tree,
2296 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2297 samr_dissect_pointer_long, NDR_POINTER_REF,
2298 "", hf_samr_resume_hnd, 0);
2299 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2300 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2301 "", hf_samr_alias_name, 0);
2302 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2303 samr_dissect_pointer_long, NDR_POINTER_REF,
2304 "", hf_samr_entries, 0);
2305 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2311 samr_dissect_get_members_in_alias_reply(tvbuff_t *tvb, int offset,
2312 packet_info *pinfo, proto_tree *tree,
2315 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2316 samr_dissect_PSID_ARRAY, NDR_POINTER_REF,
2318 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2325 samr_dissect_LOGON_HOURS_entry(tvbuff_t *tvb, int offset,
2326 packet_info *pinfo, proto_tree *tree,
2329 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2330 hf_samr_unknown_char, NULL);
2335 samr_dissect_LOGON_HOURS_hours(tvbuff_t *tvb, int offset,
2336 packet_info *pinfo, proto_tree *parent_tree,
2339 proto_item *item=NULL;
2340 proto_tree *tree=NULL;
2341 int old_offset=offset;
2344 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2346 tree = proto_item_add_subtree(item, ett_samr_logon_hours_hours);
2349 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
2350 samr_dissect_LOGON_HOURS_entry);
2352 proto_item_set_len(item, offset-old_offset);
2359 dissect_ndr_nt_LOGON_HOURS(tvbuff_t *tvb, int offset,
2360 packet_info *pinfo, proto_tree *parent_tree,
2363 proto_item *item=NULL;
2364 proto_tree *tree=NULL;
2365 int old_offset=offset;
2367 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
2370 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2372 tree = proto_item_add_subtree(item, ett_samr_logon_hours);
2375 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2376 hf_samr_divisions, NULL);
2377 /* XXX - is this a bitmask like the "logon hours" field in the
2378 Remote API call "NetUserGetInfo()" with an information level
2380 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2381 samr_dissect_LOGON_HOURS_hours, NDR_POINTER_UNIQUE,
2382 "LOGON_HOURS", -1, 0);
2384 proto_item_set_len(item, offset-old_offset);
2390 samr_dissect_USER_INFO_1(tvbuff_t *tvb, int offset,
2391 packet_info *pinfo, proto_tree *parent_tree,
2394 proto_item *item=NULL;
2395 proto_tree *tree=NULL;
2396 int old_offset=offset;
2399 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2401 tree = proto_item_add_subtree(item, ett_samr_user_info_1);
2404 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2405 hf_samr_acct_name, 0);
2406 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2407 hf_samr_full_name, 0);
2408 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2409 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2411 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2414 proto_item_set_len(item, offset-old_offset);
2419 samr_dissect_USER_INFO_2(tvbuff_t *tvb, int offset,
2420 packet_info *pinfo, proto_tree *parent_tree,
2423 proto_item *item=NULL;
2424 proto_tree *tree=NULL;
2425 int old_offset=offset;
2428 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2430 tree = proto_item_add_subtree(item, ett_samr_user_info_2);
2433 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2434 hf_samr_acct_name, 0);
2435 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2436 hf_samr_full_name, 0);
2437 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2438 hf_samr_bad_pwd_count, NULL);
2439 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2440 hf_samr_logon_count, NULL);
2442 proto_item_set_len(item, offset-old_offset);
2447 samr_dissect_USER_INFO_3(tvbuff_t *tvb, int offset,
2448 packet_info *pinfo, proto_tree *parent_tree,
2451 proto_item *item=NULL;
2452 proto_tree *tree=NULL;
2453 int old_offset=offset;
2456 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2458 tree = proto_item_add_subtree(item, ett_samr_user_info_3);
2461 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2462 hf_samr_acct_name, 0);
2463 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2464 hf_samr_full_name, 0);
2465 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2467 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2468 hf_samr_group, NULL);
2469 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2471 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2472 hf_samr_home_drive, 0);
2473 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2475 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2476 hf_samr_acct_desc, 0);
2477 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2478 hf_samr_workstations, 0);
2479 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2480 hf_samr_logon_time);
2481 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2482 hf_samr_logoff_time);
2483 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2484 hf_samr_pwd_last_set_time);
2485 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2486 hf_samr_pwd_can_change_time);
2487 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2488 hf_samr_pwd_must_change_time);
2489 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2490 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2491 hf_samr_logon_count, NULL);
2492 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2493 hf_samr_bad_pwd_count, NULL);
2494 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2496 proto_item_set_len(item, offset-old_offset);
2501 samr_dissect_USER_INFO_5(tvbuff_t *tvb, int offset,
2502 packet_info *pinfo, proto_tree *parent_tree,
2505 proto_item *item=NULL;
2506 proto_tree *tree=NULL;
2507 int old_offset=offset;
2510 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2512 tree = proto_item_add_subtree(item, ett_samr_user_info_5);
2515 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2516 hf_samr_acct_name, 0);
2517 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2518 hf_samr_full_name, 0);
2519 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2521 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2522 hf_samr_group, NULL);
2523 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2524 hf_samr_country, NULL);
2525 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2526 hf_samr_codepage, NULL);
2527 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2529 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2530 hf_samr_home_drive, 0);
2531 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2533 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2534 hf_samr_acct_desc, 0);
2535 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2536 hf_samr_workstations, 0);
2537 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2538 hf_samr_logon_time);
2539 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2540 hf_samr_logoff_time);
2541 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2542 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2543 hf_samr_bad_pwd_count, NULL);
2544 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2545 hf_samr_logon_count, NULL);
2546 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2547 hf_samr_pwd_last_set_time);
2548 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2549 hf_samr_acct_expiry_time);
2550 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2552 proto_item_set_len(item, offset-old_offset);
2557 samr_dissect_USER_INFO_6(tvbuff_t *tvb, int offset,
2558 packet_info *pinfo, proto_tree *parent_tree,
2561 proto_item *item=NULL;
2562 proto_tree *tree=NULL;
2563 int old_offset=offset;
2566 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2568 tree = proto_item_add_subtree(item, ett_samr_user_info_6);
2571 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2572 hf_samr_acct_name, 0);
2573 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2574 hf_samr_full_name, 0);
2576 proto_item_set_len(item, offset-old_offset);
2581 samr_dissect_USER_INFO_18(tvbuff_t *tvb, int offset,
2582 packet_info *pinfo, proto_tree *parent_tree,
2585 proto_item *item=NULL;
2586 proto_tree *tree=NULL;
2587 int old_offset=offset;
2590 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2592 tree = proto_item_add_subtree(item, ett_samr_user_info_18);
2595 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
2596 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
2597 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2598 hf_samr_unknown_char, NULL);
2599 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2600 hf_samr_unknown_char, NULL);
2601 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2602 hf_samr_unknown_char, NULL);
2604 proto_item_set_len(item, offset-old_offset);
2609 samr_dissect_USER_INFO_19(tvbuff_t *tvb, int offset,
2610 packet_info *pinfo, proto_tree *parent_tree,
2613 proto_item *item=NULL;
2614 proto_tree *tree=NULL;
2615 int old_offset=offset;
2618 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2620 tree = proto_item_add_subtree(item, ett_samr_user_info_19);
2623 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2624 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2625 hf_samr_logon_time);
2626 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2627 hf_samr_logoff_time);
2628 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2629 hf_samr_bad_pwd_count, NULL);
2630 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2631 hf_samr_logon_count, NULL);
2633 proto_item_set_len(item, offset-old_offset);
2638 samr_dissect_BUFFER_entry(tvbuff_t *tvb, int offset,
2639 packet_info *pinfo, proto_tree *tree,
2642 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2643 hf_samr_unknown_char, NULL);
2649 samr_dissect_BUFFER_buffer(tvbuff_t *tvb, int offset,
2650 packet_info *pinfo, proto_tree *parent_tree,
2653 proto_item *item=NULL;
2654 proto_tree *tree=NULL;
2655 int old_offset=offset;
2658 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2660 tree = proto_item_add_subtree(item, ett_samr_buffer_buffer);
2663 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2664 samr_dissect_BUFFER_entry);
2666 proto_item_set_len(item, offset-old_offset);
2673 samr_dissect_BUFFER(tvbuff_t *tvb, int offset,
2674 packet_info *pinfo, proto_tree *parent_tree,
2677 proto_item *item=NULL;
2678 proto_tree *tree=NULL;
2679 int old_offset=offset;
2682 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2684 tree = proto_item_add_subtree(item, ett_samr_buffer);
2686 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2687 hf_samr_count, NULL);
2688 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2689 samr_dissect_BUFFER_buffer, NDR_POINTER_UNIQUE,
2692 proto_item_set_len(item, offset-old_offset);
2697 samr_dissect_BUFFER_ptr(tvbuff_t *tvb, int offset,
2698 packet_info *pinfo, proto_tree *tree,
2701 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2702 samr_dissect_BUFFER, NDR_POINTER_UNIQUE,
2708 samr_dissect_USER_INFO_21(tvbuff_t *tvb, int offset,
2709 packet_info *pinfo, proto_tree *parent_tree,
2712 proto_item *item=NULL;
2713 proto_tree *tree=NULL;
2714 int old_offset=offset;
2717 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2719 tree = proto_item_add_subtree(item, ett_samr_user_info_21);
2722 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2723 hf_samr_logon_time);
2724 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2725 hf_samr_logoff_time);
2726 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2727 hf_samr_kickoff_time);
2728 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2729 hf_samr_pwd_last_set_time);
2730 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2731 hf_samr_pwd_can_change_time);
2732 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2733 hf_samr_pwd_must_change_time);
2734 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2735 hf_samr_acct_name, 2);
2736 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2737 hf_samr_full_name, 0);
2738 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2740 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2741 hf_samr_home_drive, 0);
2742 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2744 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2745 hf_samr_profile, 0);
2746 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2747 hf_samr_acct_desc, 0);
2748 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2749 hf_samr_workstations, 0);
2750 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2751 hf_samr_comment, 0);
2752 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2753 hf_samr_parameters, 0);
2754 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2755 hf_samr_unknown_string, 0);
2756 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2757 hf_samr_unknown_string, 0);
2758 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2759 hf_samr_unknown_string, 0);
2760 offset = samr_dissect_BUFFER(tvb, offset, pinfo, tree, drep);
2761 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2763 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2764 hf_samr_group, NULL);
2765 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2766 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2767 hf_samr_unknown_long, NULL);
2768 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2769 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2770 hf_samr_bad_pwd_count, NULL);
2771 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2772 hf_samr_logon_count, NULL);
2773 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2774 hf_samr_country, NULL);
2775 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2776 hf_samr_codepage, NULL);
2777 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2778 hf_samr_nt_pwd_set, NULL);
2779 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2780 hf_samr_lm_pwd_set, NULL);
2781 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2782 hf_samr_pwd_expired, NULL);
2783 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2784 hf_samr_unknown_char, NULL);
2786 proto_item_set_len(item, offset-old_offset);
2791 samr_dissect_USER_INFO_22(tvbuff_t *tvb, int offset,
2792 packet_info *pinfo, proto_tree *parent_tree,
2795 proto_item *item=NULL;
2796 proto_tree *tree=NULL;
2797 int old_offset=offset;
2800 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2802 tree = proto_item_add_subtree(item, ett_samr_user_info_22);
2805 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
2806 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2807 hf_samr_revision, NULL);
2809 proto_item_set_len(item, offset-old_offset);
2814 samr_dissect_USER_INFO_23(tvbuff_t *tvb, int offset,
2815 packet_info *pinfo, proto_tree *parent_tree,
2818 proto_item *item=NULL;
2819 proto_tree *tree=NULL;
2820 int old_offset=offset;
2823 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2825 tree = proto_item_add_subtree(item, ett_samr_user_info_23);
2828 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
2829 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
2831 proto_item_set_len(item, offset-old_offset);
2836 samr_dissect_USER_INFO_24(tvbuff_t *tvb, int offset,
2837 packet_info *pinfo, proto_tree *parent_tree,
2840 proto_item *item=NULL;
2841 proto_tree *tree=NULL;
2842 int old_offset=offset;
2845 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2847 tree = proto_item_add_subtree(item, ett_samr_user_info_24);
2850 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
2851 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2852 hf_samr_unknown_char, NULL);
2854 proto_item_set_len(item, offset-old_offset);
2859 samr_dissect_USER_INFO (tvbuff_t *tvb, int offset,
2860 packet_info *pinfo, proto_tree *parent_tree,
2863 proto_item *item=NULL;
2864 proto_tree *tree=NULL;
2865 int old_offset=offset;
2869 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2871 tree = proto_item_add_subtree(item, ett_samr_user_info);
2873 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2874 hf_samr_level, &level);
2878 offset = samr_dissect_USER_INFO_1(
2879 tvb, offset, pinfo, tree, drep);
2882 offset = samr_dissect_USER_INFO_2(
2883 tvb, offset, pinfo, tree, drep);
2886 offset = samr_dissect_USER_INFO_3(
2887 tvb, offset, pinfo, tree, drep);
2890 offset = dissect_ndr_nt_LOGON_HOURS(
2891 tvb, offset, pinfo, tree, drep);
2894 offset = samr_dissect_USER_INFO_5(
2895 tvb, offset, pinfo, tree, drep);
2898 offset = samr_dissect_USER_INFO_6(
2899 tvb, offset, pinfo, tree, drep);
2902 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2903 hf_samr_full_name, 0);
2906 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2907 hf_samr_acct_desc, 0);
2910 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2911 hf_samr_unknown_long, NULL);
2914 offset = samr_dissect_USER_INFO_6(
2915 tvb, offset, pinfo, tree, drep);
2918 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2922 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2923 hf_samr_home_drive, 0);
2926 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2930 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2931 hf_samr_workstations, 0);
2934 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2935 hf_samr_unknown_long, NULL);
2938 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2939 hf_samr_unknown_time);
2942 offset = samr_dissect_USER_INFO_18(
2943 tvb, offset, pinfo, tree, drep);
2946 offset = samr_dissect_USER_INFO_19(
2947 tvb, offset, pinfo, tree, drep);
2950 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2951 hf_samr_profile, 0);
2954 offset = samr_dissect_USER_INFO_21(
2955 tvb, offset, pinfo, tree, drep);
2958 offset = samr_dissect_USER_INFO_22(
2959 tvb, offset, pinfo, tree, drep);
2962 offset = samr_dissect_USER_INFO_23(
2963 tvb, offset, pinfo, tree, drep);
2966 offset = samr_dissect_USER_INFO_24(
2967 tvb, offset, pinfo, tree, drep);
2971 proto_item_set_len(item, offset-old_offset);
2976 samr_dissect_USER_INFO_ptr(tvbuff_t *tvb, int offset,
2977 packet_info *pinfo, proto_tree *tree,
2980 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2981 samr_dissect_USER_INFO, NDR_POINTER_UNIQUE,
2982 "USER_INFO pointer", -1, 0);
2987 samr_dissect_set_information_user2_rqst(tvbuff_t *tvb, int offset,
2988 packet_info *pinfo, proto_tree *tree,
2991 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
2993 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2994 hf_samr_level, NULL);
2995 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2996 samr_dissect_USER_INFO, NDR_POINTER_REF,
3003 samr_dissect_query_userinfo_reply(tvbuff_t *tvb, int offset,
3004 packet_info *pinfo, proto_tree *tree,
3007 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3008 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
3010 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3017 samr_dissect_MEMBER_ARRAY_type(tvbuff_t *tvb, int offset,
3018 packet_info *pinfo, proto_tree *tree,
3021 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3022 hf_samr_type, NULL);
3029 samr_dissect_MEMBER_ARRAY_types(tvbuff_t *tvb, int offset,
3030 packet_info *pinfo, proto_tree *parent_tree,
3033 proto_item *item=NULL;
3034 proto_tree *tree=NULL;
3035 int old_offset=offset;
3038 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3039 "MEMBER_ARRAY_types:");
3040 tree = proto_item_add_subtree(item, ett_samr_member_array_types);
3043 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3044 samr_dissect_MEMBER_ARRAY_type);
3046 proto_item_set_len(item, offset-old_offset);
3053 samr_dissect_MEMBER_ARRAY_rid(tvbuff_t *tvb, int offset,
3054 packet_info *pinfo, proto_tree *tree,
3057 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3065 samr_dissect_MEMBER_ARRAY_rids(tvbuff_t *tvb, int offset,
3066 packet_info *pinfo, proto_tree *parent_tree,
3069 proto_item *item=NULL;
3070 proto_tree *tree=NULL;
3071 int old_offset=offset;
3074 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3075 "MEMBER_ARRAY_rids:");
3076 tree = proto_item_add_subtree(item, ett_samr_member_array_rids);
3079 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3080 samr_dissect_MEMBER_ARRAY_rid);
3082 proto_item_set_len(item, offset-old_offset);
3089 samr_dissect_MEMBER_ARRAY(tvbuff_t *tvb, int offset,
3090 packet_info *pinfo, proto_tree *parent_tree,
3094 proto_item *item=NULL;
3095 proto_tree *tree=NULL;
3096 int old_offset=offset;
3099 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3101 tree = proto_item_add_subtree(item, ett_samr_member_array);
3104 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3105 hf_samr_count, &count);
3106 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3107 samr_dissect_MEMBER_ARRAY_rids, NDR_POINTER_UNIQUE,
3109 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3110 samr_dissect_MEMBER_ARRAY_types, NDR_POINTER_UNIQUE,
3113 proto_item_set_len(item, offset-old_offset);
3118 samr_dissect_MEMBER_ARRAY_ptr(tvbuff_t *tvb, int offset,
3119 packet_info *pinfo, proto_tree *tree,
3122 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3123 samr_dissect_MEMBER_ARRAY, NDR_POINTER_UNIQUE,
3124 "MEMBER_ARRAY", -1, 0);
3129 samr_dissect_query_groupmem_reply(tvbuff_t *tvb, int offset,
3130 packet_info *pinfo, proto_tree *tree,
3133 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3134 samr_dissect_MEMBER_ARRAY_ptr, NDR_POINTER_REF,
3136 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3143 samr_dissect_set_sec_object_rqst(tvbuff_t *tvb, int offset,
3144 packet_info *pinfo, proto_tree *tree,
3147 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3149 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3150 hf_samr_info_type, NULL);
3151 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3152 samr_dissect_BUFFER, NDR_POINTER_REF,
3159 samr_dissect_query_sec_object_rqst(tvbuff_t *tvb, int offset,
3160 packet_info *pinfo, proto_tree *tree,
3163 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3165 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3166 hf_samr_info_type, NULL);
3172 samr_dissect_query_sec_object_reply(tvbuff_t *tvb, int offset,
3173 packet_info *pinfo, proto_tree *tree,
3176 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3177 samr_dissect_BUFFER_ptr, NDR_POINTER_REF,
3179 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3187 samr_dissect_LOOKUP_NAMES_name(tvbuff_t *tvb, int offset,
3188 packet_info *pinfo, proto_tree *tree,
3191 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3192 hf_samr_acct_name, 1);
3197 samr_dissect_LOOKUP_NAMES(tvbuff_t *tvb, int offset,
3198 packet_info *pinfo, proto_tree *parent_tree,
3201 proto_item *item=NULL;
3202 proto_tree *tree=NULL;
3203 int old_offset=offset;
3206 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3208 tree = proto_item_add_subtree(item, ett_samr_names);
3211 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3212 samr_dissect_LOOKUP_NAMES_name);
3214 proto_item_set_len(item, offset-old_offset);
3220 samr_dissect_lookup_names_rqst(tvbuff_t *tvb, int offset,
3221 packet_info *pinfo, proto_tree *tree,
3224 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3226 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3227 hf_samr_count, NULL);
3228 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3229 samr_dissect_LOOKUP_NAMES, NDR_POINTER_REF,
3236 samr_dissect_lookup_names_reply(tvbuff_t *tvb, int offset,
3237 packet_info *pinfo, proto_tree *tree,
3240 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3241 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3242 "", hf_samr_rid, 0);
3243 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3244 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3245 "", hf_samr_type, 0);
3246 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3253 samr_dissect_LOOKUP_RIDS_rid(tvbuff_t *tvb, int offset,
3254 packet_info *pinfo, proto_tree *tree,
3257 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3264 samr_dissect_LOOKUP_RIDS(tvbuff_t *tvb, int offset,
3265 packet_info *pinfo, proto_tree *parent_tree,
3268 proto_item *item=NULL;
3269 proto_tree *tree=NULL;
3270 int old_offset=offset;
3273 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3275 tree = proto_item_add_subtree(item, ett_samr_rids);
3278 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3279 samr_dissect_LOOKUP_RIDS_rid);
3281 proto_item_set_len(item, offset-old_offset);
3287 samr_dissect_lookup_rids_rqst(tvbuff_t *tvb, int offset,
3288 packet_info *pinfo, proto_tree *tree,
3291 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3293 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3294 hf_samr_count, NULL);
3295 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3296 samr_dissect_LOOKUP_RIDS, NDR_POINTER_REF,
3303 samr_dissect_UNICODE_STRING_ARRAY_name(tvbuff_t *tvb, int offset,
3304 packet_info *pinfo, proto_tree *tree,
3307 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3308 hf_samr_acct_name, 0);
3313 samr_dissect_UNICODE_STRING_ARRAY_names(tvbuff_t *tvb, int offset,
3314 packet_info *pinfo, proto_tree *tree,
3317 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3318 samr_dissect_UNICODE_STRING_ARRAY_name);
3323 samr_dissect_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
3324 packet_info *pinfo, proto_tree *parent_tree,
3327 proto_item *item=NULL;
3328 proto_tree *tree=NULL;
3329 int old_offset=offset;
3332 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3334 tree = proto_item_add_subtree(item, ett_samr_names);
3337 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3338 hf_samr_count, NULL);
3340 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3341 samr_dissect_UNICODE_STRING_ARRAY_names, NDR_POINTER_UNIQUE,
3344 proto_item_set_len(item, offset-old_offset);
3352 samr_dissect_lookup_rids_reply(tvbuff_t *tvb, int offset,
3353 packet_info *pinfo, proto_tree *tree,
3356 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3357 samr_dissect_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
3358 "", hf_samr_rid, 0);
3359 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3360 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3361 "", hf_samr_type, 0);
3362 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3370 static dcerpc_sub_dissector dcerpc_samr_dissectors[] = {
3371 { SAMR_CONNECT_ANON, "CONNECT_ANON",
3372 samr_dissect_connect2_rqst,
3373 samr_dissect_context_handle_reply },
3374 { SAMR_CLOSE_HND, "CLOSE_HND",
3375 samr_dissect_context_handle,
3376 samr_dissect_context_handle_reply },
3377 { SAMR_SET_SEC_OBJECT, "SET_SEC_OBJECT",
3378 samr_dissect_set_sec_object_rqst,
3380 { SAMR_QUERY_SEC_OBJECT, "QUERY_SEC_OBJECT",
3381 samr_dissect_query_sec_object_rqst,
3382 samr_dissect_query_sec_object_reply },
3383 { SAMR_SHUTDOWN_SAM_SERVER, "SHUTDOWN_SAM_SERVER",
3384 samr_dissect_context_handle,
3386 { SAMR_LOOKUP_DOMAIN, "LOOKUP_DOMAIN",
3387 samr_dissect_lookup_domain_rqst,
3388 samr_dissect_lookup_domain_reply },
3389 { SAMR_ENUM_DOMAINS, "ENUM_DOMAINS",
3390 samr_dissect_enum_domains_rqst,
3391 samr_dissect_enum_domains_reply },
3392 { SAMR_OPEN_DOMAIN, "OPEN_DOMAIN",
3393 samr_dissect_open_domain_rqst,
3394 samr_dissect_open_domain_reply },
3395 { SAMR_QUERY_DOMAIN_INFO, "QUERY_INFORMATION_DOMAIN",
3396 samr_dissect_query_information_alias_rqst,
3397 samr_dissect_query_information_domain_reply },
3398 { SAMR_SET_DOMAIN_INFO, "SET_INFORMATION_DOMAIN",
3399 samr_dissect_set_information_domain_rqst,
3401 { SAMR_CREATE_DOM_GROUP, "CREATE_GROUP_IN_DOMAIN",
3402 samr_dissect_create_alias_in_domain_rqst,
3403 samr_dissect_create_alias_in_domain_reply },
3404 { SAMR_ENUM_DOM_GROUPS, "ENUM_DOM_GROUPS",
3405 samr_dissect_enum_dom_groups_rqst,
3406 samr_dissect_enum_dom_groups_reply },
3407 { SAMR_CREATE_USER_IN_DOMAIN, "CREATE_USER_IN_DOMAIN",
3408 samr_dissect_create_alias_in_domain_rqst,
3409 samr_dissect_create_alias_in_domain_reply },
3410 { SAMR_ENUM_DOM_USERS, "ENUM_DOM_USERS",
3411 samr_dissect_enum_dom_groups_rqst,
3412 samr_dissect_enum_dom_groups_reply },
3413 { SAMR_CREATE_DOM_ALIAS, "CREATE_ALIAS_IN_DOMAIN",
3414 samr_dissect_create_alias_in_domain_rqst,
3415 samr_dissect_create_alias_in_domain_reply },
3416 { SAMR_ENUM_DOM_ALIASES, "ENUM_DOM_ALIASES",
3417 samr_dissect_enum_dom_groups_rqst,
3418 samr_dissect_enum_dom_alias_reply },
3419 { SAMR_GET_ALIAS_MEMBERSHIP, "GET_ALIAS_MEMBERSHIP",
3420 samr_dissect_get_alias_membership_rqst,
3421 samr_dissect_get_alias_membership_reply },
3422 { SAMR_LOOKUP_NAMES, "LOOKUP_NAMES",
3423 samr_dissect_lookup_names_rqst,
3424 samr_dissect_lookup_names_reply },
3425 { SAMR_LOOKUP_RIDS, "LOOKUP_RIDS",
3426 samr_dissect_lookup_rids_rqst,
3427 samr_dissect_lookup_rids_reply },
3428 { SAMR_OPEN_GROUP, "OPEN_GROUP",
3429 samr_dissect_open_user_rqst,
3430 samr_dissect_context_handle_reply },
3431 { SAMR_QUERY_GROUPINFO, "QUERY_INFORMATION_GROUP",
3432 samr_dissect_query_information_group_rqst,
3433 samr_dissect_query_information_group_reply },
3434 { SAMR_SET_GROUPINFO, "SET_INFORMATION_GROUP",
3435 samr_dissect_set_information_group_rqst,
3437 { SAMR_ADD_GROUPMEM, "ADD_MEMBER_TO_GROUP",
3438 samr_dissect_add_member_to_group_rqst,
3440 { SAMR_DELETE_DOM_GROUP, "DELETE_DOM_GROUP",
3441 samr_dissect_context_handle,
3443 { SAMR_DEL_GROUPMEM, "REMOVE_MEMBER_FROM_GROUP",
3444 samr_dissect_add_member_to_group_rqst,
3446 { SAMR_QUERY_GROUPMEM, "QUERY_GROUPMEM",
3447 samr_dissect_context_handle,
3448 samr_dissect_query_groupmem_reply },
3449 { SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SET_MEMBER_ATTRIBUTES_OF_GROUP",
3450 samr_dissect_set_member_attributes_of_group_rqst,
3452 { SAMR_OPEN_ALIAS, "OPEN_ALIAS",
3453 samr_dissect_open_user_rqst,
3454 samr_dissect_context_handle_reply },
3455 { SAMR_QUERY_ALIASINFO, "QUERY_INFORMATION_ALIAS",
3456 samr_dissect_query_information_alias_rqst,
3457 samr_dissect_query_information_alias_reply },
3458 { SAMR_SET_ALIASINFO, "SET_INFORMATION_ALIAS",
3459 samr_dissect_set_information_alias_rqst,
3461 { SAMR_DELETE_DOM_ALIAS, "DELETE_DOM_ALIAS",
3462 samr_dissect_context_handle,
3464 { SAMR_ADD_ALIASMEM, "ADD_MEMBER_TO_ALIAS",
3465 samr_dissect_context_handle_SID,
3467 { SAMR_DEL_ALIASMEM, "REMOVE_MEMBER_FROM_ALIAS",
3468 samr_dissect_context_handle_SID,
3470 { SAMR_GET_MEMBERS_IN_ALIAS, "GET_MEMBERS_IN_ALIAS",
3471 samr_dissect_context_handle,
3472 samr_dissect_get_members_in_alias_reply },
3473 { SAMR_OPEN_USER, "OPEN_USER",
3474 samr_dissect_open_user_rqst,
3475 samr_dissect_context_handle_reply },
3476 { SAMR_DELETE_DOM_USER, "DELETE_DOM_USER",
3477 samr_dissect_context_handle,
3479 { SAMR_QUERY_USERINFO, "QUERY_USERINFO",
3480 samr_dissect_query_information_alias_rqst,
3481 samr_dissect_query_userinfo_reply },
3482 { SAMR_SET_USERINFO2, "SET_USERINFO2",
3483 samr_dissect_set_information_user2_rqst,
3485 { SAMR_CHANGE_PASSWORD_USER, "CHANGE_PASSWORD_USER",
3486 samr_dissect_change_password_user_rqst,
3488 { SAMR_GET_GROUPS_FOR_USER, "GET_GROUPS_FOR_USER",
3489 samr_dissect_context_handle,
3490 samr_dissect_get_groups_for_user_reply },
3491 { SAMR_QUERY_DISPINFO, "QUERY_DISPINFO",
3492 samr_dissect_query_dispinfo_rqst,
3493 samr_dissect_query_dispinfo_reply },
3494 { SAMR_GET_DISPLAY_ENUMERATION_INDEX, "GET_DISPLAY_ENUMERATION_INDEX",
3495 samr_dissect_get_display_enumeration_index_rqst,
3496 samr_dissect_get_display_enumeration_index_reply },
3497 { SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "TEST_PRIVATE_FUNCTIONS_DOMAIN",
3498 samr_dissect_context_handle,
3500 { SAMR_TEST_PRIVATE_FUNCTIONS_USER, "TEST_PRIVATE_FUNCTIONS_USER",
3501 samr_dissect_context_handle,
3503 { SAMR_GET_USRDOM_PWINFO, "GET_USRDOM_PWINFO",
3504 samr_dissect_context_handle,
3505 samr_dissect_get_usrdom_pwinfo_reply },
3506 { SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "REMOVE_MEMBER_FROM_FOREIGN_DOMAIN",
3507 samr_dissect_context_handle_SID,
3509 { SAMR_QUERY_INFORMATION_DOMAIN2, "QUERY_INFORMATION_DOMAIN2",
3510 samr_dissect_query_information_alias_rqst,
3511 samr_dissect_query_information_domain_reply },
3512 { SAMR_UNKNOWN_2f, "UNKNOWN_2f",
3513 samr_dissect_query_information_alias_rqst,
3514 samr_dissect_query_userinfo_reply },
3515 { SAMR_QUERY_DISPINFO2, "QUERY_INFORMATION_DISPLAY2",
3516 samr_dissect_query_dispinfo_rqst,
3517 samr_dissect_query_dispinfo_reply },
3518 { SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "GET_DISPLAY_ENUMERATION_INDEX2",
3519 samr_dissect_get_display_enumeration_index2_rqst,
3520 samr_dissect_get_display_enumeration_index2_reply },
3521 { SAMR_CREATE_USER2_IN_DOMAIN, "CREATE_USER2_IN_DOMAIN",
3522 samr_dissect_create_user2_in_domain_rqst,
3523 samr_dissect_create_user2_in_domain_reply },
3524 { SAMR_QUERY_DISPINFO3, "QUERY_INFORMATION_DISPLAY3",
3525 samr_dissect_query_dispinfo_rqst,
3526 samr_dissect_query_dispinfo_reply },
3527 { SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "ADD_MULTIPLE_MEMBERS_TO_ALIAS",
3528 samr_dissect_get_alias_membership_rqst,
3530 { SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS",
3531 samr_dissect_get_alias_membership_rqst,
3533 { SAMR_OEM_CHANGE_PASSWORD_USER2, "OEM_CHANGE_PASSWORD_USER2",
3534 samr_dissect_oem_change_password_user2_rqst,
3536 { SAMR_UNICODE_CHANGE_PASSWORD_USER2, "UNICODE_CHANGE_PASSWORD_USER2",
3537 samr_dissect_unicode_change_password_user2_rqst,
3539 { SAMR_GET_DOM_PWINFO, "GET_DOMAIN_PASSWORD_INFORMATION",
3540 samr_dissect_get_domain_password_information_rqst,
3541 samr_dissect_get_usrdom_pwinfo_reply },
3542 { SAMR_CONNECT2, "CONNECT2",
3543 samr_dissect_connect2_rqst,
3544 samr_dissect_connect2_reply },
3545 { SAMR_SET_USERINFO, "SET_USERINFO",
3546 samr_dissect_set_information_user2_rqst,
3548 { SAMR_UNKNOWN_3B, "UNKNOWN_3B",
3549 samr_dissect_unknown_3b_rqst,
3551 { SAMR_UNKNOWN_3C, "SAMR_UNKNOWN_3C",
3552 samr_dissect_context_handle,
3553 samr_dissect_unknown_3c_reply },
3554 {0, NULL, NULL, NULL },
3558 proto_register_dcerpc_samr(void)
3560 static hf_register_info hf[] = {
3562 { "Context Handle", "samr.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }},
3564 { "Group", "samr.group", FT_UINT32, BASE_DEC, NULL, 0x0, "Group", HFILL }},
3566 { "Rid", "samr.rid", FT_UINT32, BASE_DEC, NULL, 0x0, "RID", HFILL }},
3568 { "Type", "samr.type", FT_UINT32, BASE_HEX, NULL, 0x0, "Type", HFILL }},
3570 { "Alias", "samr.alias", FT_UINT32, BASE_HEX, NULL, 0x0, "Alias", HFILL }},
3571 { &hf_samr_rid_attrib,
3572 { "Rid Attrib", "samr.rid.attrib", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
3574 { "Attributes", "samr.attr", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
3576 { "Return code", "samr.rc", FT_UINT32, BASE_HEX, VALS (NT_errors), 0x0, "", HFILL }},
3579 { "Level", "samr.level", FT_UINT16, BASE_DEC,
3580 NULL, 0x0, "Level requested/returned for Information", HFILL }},
3581 { &hf_samr_start_idx,
3582 { "Start Idx", "samr.start_idx", FT_UINT32, BASE_DEC,
3583 NULL, 0x0, "Start Index for returned Information", HFILL }},
3586 { "Entries", "samr.entries", FT_UINT32, BASE_DEC,
3587 NULL, 0x0, "Number of entries to return", HFILL }},
3589 { &hf_samr_max_entries,
3590 { "Max Entries", "samr.max_entries", FT_UINT32, BASE_DEC,
3591 NULL, 0x0, "Maximum number of entries", HFILL }},
3593 { &hf_samr_pref_maxsize,
3594 { "Pref MaxSize", "samr.pref_maxsize", FT_UINT32, BASE_DEC,
3595 NULL, 0x0, "Maximum Size of data to return", HFILL }},
3597 { &hf_samr_total_size,
3598 { "Total Size", "samr.total_size", FT_UINT32, BASE_DEC,
3599 NULL, 0x0, "Total size of data", HFILL }},
3601 { &hf_samr_bad_pwd_count,
3602 { "Bad Pwd Count", "samr.bad_pwd_count", FT_UINT16, BASE_DEC,
3603 NULL, 0x0, "Number of bad pwd entries for this user", HFILL }},
3605 { &hf_samr_logon_count,
3606 { "Logon Count", "samr.logon_count", FT_UINT16, BASE_DEC,
3607 NULL, 0x0, "Number of logons for this user", HFILL }},
3609 { &hf_samr_ret_size,
3610 { "Returned Size", "samr.ret_size", FT_UINT32, BASE_DEC,
3611 NULL, 0x0, "Number of returned objects in this PDU", HFILL }},
3614 { "Index", "samr.index", FT_UINT32, BASE_DEC,
3615 NULL, 0x0, "Index", HFILL }},
3618 { "Count", "samr.count", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of elements in following array", HFILL }},
3620 { &hf_samr_alias_name,
3621 { "Alias Name", "samr.alias_name", FT_STRING, BASE_NONE,
3622 NULL, 0, "Name of Alias", HFILL }},
3624 { &hf_samr_group_name,
3625 { "Group Name", "samr.group_name", FT_STRING, BASE_NONE,
3626 NULL, 0, "Name of Group", HFILL }},
3628 { &hf_samr_acct_name,
3629 { "Account Name", "samr.acct_name", FT_STRING, BASE_NONE,
3630 NULL, 0, "Name of Account", HFILL }},
3633 { "Server", "samr.server", FT_STRING, BASE_NONE,
3634 NULL, 0, "Name of Server", HFILL }},
3637 { "Domain", "samr.domain", FT_STRING, BASE_NONE,
3638 NULL, 0, "Name of Domain", HFILL }},
3640 { &hf_samr_controller,
3641 { "DC", "samr.dc", FT_STRING, BASE_NONE,
3642 NULL, 0, "Name of Domain Controller", HFILL }},
3644 { &hf_samr_full_name,
3645 { "Full Name", "samr.full_name", FT_STRING, BASE_NONE,
3646 NULL, 0, "Full Name of Account", HFILL }},
3649 { "Home", "samr.home", FT_STRING, BASE_NONE,
3650 NULL, 0, "Home directory for this user", HFILL }},
3652 { &hf_samr_home_drive,
3653 { "Home Drive", "samr.home_drive", FT_STRING, BASE_NONE,
3654 NULL, 0, "Home drive for this user", HFILL }},
3657 { "Script", "samr.script", FT_STRING, BASE_NONE,
3658 NULL, 0, "Login script for this user", HFILL }},
3660 { &hf_samr_workstations,
3661 { "Workstations", "samr.workstations", FT_STRING, BASE_NONE,
3662 NULL, 0, "", HFILL }},
3665 { "Profile", "samr.profile", FT_STRING, BASE_NONE,
3666 NULL, 0, "Profile for this user", HFILL }},
3668 { &hf_samr_acct_desc,
3669 { "Account Desc", "samr.acct_desc", FT_STRING, BASE_NONE,
3670 NULL, 0, "Account Description", HFILL }},
3673 { "Comment", "samr.comment", FT_STRING, BASE_NONE,
3674 NULL, 0, "Comment", HFILL }},
3676 { &hf_samr_parameters,
3677 { "Parameters", "samr.parameters", FT_STRING, BASE_NONE,
3678 NULL, 0, "Parameters", HFILL }},
3680 { &hf_samr_unknown_string,
3681 { "Unknown string", "samr.unknown_string", FT_STRING, BASE_NONE,
3682 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
3684 { &hf_samr_unknown_hyper,
3685 { "Unknown hyper", "samr.unknown.hyper", FT_UINT64, BASE_HEX,
3686 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
3687 { &hf_samr_unknown_long,
3688 { "Unknown long", "samr.unknown.long", FT_UINT32, BASE_HEX,
3689 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
3691 { &hf_samr_unknown_short,
3692 { "Unknown short", "samr.unknown.short", FT_UINT16, BASE_HEX,
3693 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
3695 { &hf_samr_unknown_char,
3696 { "Unknown char", "samr.unknown.char", FT_UINT8, BASE_HEX,
3697 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
3699 { &hf_samr_revision,
3700 { "Revision", "samr.revision", FT_UINT64, BASE_HEX,
3701 NULL, 0x0, "Revision number for this structure", HFILL }},
3703 { &hf_samr_nt_pwd_set,
3704 { "NT Pwd Set", "samr.nt_pwd_set", FT_UINT8, BASE_HEX,
3705 NULL, 0x0, "Flag indicating whether the NT password has been set", HFILL }},
3707 { &hf_samr_lm_pwd_set,
3708 { "LM Pwd Set", "samr.lm_pwd_set", FT_UINT8, BASE_HEX,
3709 NULL, 0x0, "Flag indicating whether the LanManager password has been set", HFILL }},
3711 { &hf_samr_pwd_expired,
3712 { "Expired flag", "samr.pwd_Expired", FT_UINT8, BASE_HEX,
3713 NULL, 0x0, "Flag indicating if the password for this account has expired or not", HFILL }},
3715 /* XXX - is this a standard NT access mask? */
3717 { "Access Mask", "samr.access", FT_UINT32, BASE_HEX,
3718 NULL, 0x0, "Access", HFILL }},
3721 { "Mask", "samr.mask", FT_UINT32, BASE_HEX,
3722 NULL, 0x0, "Mask", HFILL }},
3724 { &hf_samr_crypt_password, {
3725 "Password", "samr.crypt_password", FT_BYTES, BASE_HEX,
3726 NULL, 0, "Encrypted Password", HFILL }},
3728 { &hf_samr_crypt_hash, {
3729 "Hash", "samr.crypt_hash", FT_BYTES, BASE_HEX,
3730 NULL, 0, "Encrypted Hash", HFILL }},
3732 { &hf_samr_lm_change, {
3733 "LM Change", "samr.lm_change", FT_UINT8, BASE_HEX,
3734 NULL, 0, "LM Change value", HFILL }},
3736 { &hf_samr_max_pwd_age,
3737 { "Max Pwd Age", "samr.max_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
3738 NULL, 0, "Maximum Password Age before it expires", HFILL }},
3740 { &hf_samr_min_pwd_age,
3741 { "Min Pwd Age", "samr.min_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
3742 NULL, 0, "Minimum Password Age before it can be changed", HFILL }},
3743 { &hf_samr_unknown_time,
3744 { "Unknown time", "samr.unknown_time", FT_ABSOLUTE_TIME, BASE_NONE,
3745 NULL, 0, "Unknown NT TIME, contact ethereal developers if you know what this is", HFILL }},
3746 { &hf_samr_logon_time,
3747 { "Logon Time", "samr.logon_time", FT_ABSOLUTE_TIME, BASE_NONE,
3748 NULL, 0, "Time for last time this user logged on", HFILL }},
3749 { &hf_samr_kickoff_time,
3750 { "Kickoff Time", "samr.kickoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
3751 NULL, 0, "Time when this user will be kicked off", HFILL }},
3752 { &hf_samr_logoff_time,
3753 { "Logoff Time", "samr.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
3754 NULL, 0, "Time for last time this user logged off", HFILL }},
3755 { &hf_samr_pwd_last_set_time,
3756 { "PWD Last Set", "samr.pwd_last_set_time", FT_ABSOLUTE_TIME, BASE_NONE,
3757 NULL, 0, "Last time this users password was changed", HFILL }},
3758 { &hf_samr_pwd_can_change_time,
3759 { "PWD Can Change", "samr.pwd_can_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
3760 NULL, 0, "When this users password may be changed", HFILL }},
3761 { &hf_samr_pwd_must_change_time,
3762 { "PWD Must Change", "samr.pwd_must_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
3763 NULL, 0, "When this users password must be changed", HFILL }},
3764 { &hf_samr_acct_expiry_time,
3765 { "Acct Expiry", "samr.acct_expiry_time", FT_ABSOLUTE_TIME, BASE_NONE,
3766 NULL, 0, "When this user account expires", HFILL }},
3768 { &hf_samr_min_pwd_len, {
3769 "Min Pwd Len", "samr.min_pwd_len", FT_UINT16, BASE_DEC,
3770 NULL, 0, "Minimum Password Length", HFILL }},
3771 { &hf_samr_pwd_history_len, {
3772 "Pwd History Len", "samr.pwd_history_len", FT_UINT16, BASE_DEC,
3773 NULL, 0, "Password History Length", HFILL }},
3774 { &hf_samr_num_users, {
3775 "Num Users", "samr.num_users", FT_UINT32, BASE_DEC,
3776 NULL, 0, "Number of users in this domain", HFILL }},
3777 { &hf_samr_num_groups, {
3778 "Num Groups", "samr.num_groups", FT_UINT32, BASE_DEC,
3779 NULL, 0, "Number of groups in this domain", HFILL }},
3780 { &hf_samr_num_aliases, {
3781 "Num Aliases", "samr.num_aliases", FT_UINT32, BASE_DEC,
3782 NULL, 0, "Number of aliases in this domain", HFILL }},
3783 { &hf_samr_info_type, {
3784 "Info Type", "samr.info_type", FT_UINT32, BASE_DEC,
3785 NULL, 0, "Information Type", HFILL }},
3786 { &hf_samr_resume_hnd, {
3787 "Resume Hnd", "samr.resume_hnd", FT_UINT32, BASE_DEC,
3788 NULL, 0, "Resume handle", HFILL }},
3789 { &hf_samr_country, {
3790 "Country", "samr.country", FT_UINT16, BASE_DEC,
3791 NULL, 0, "Country setting for this user", HFILL }},
3792 { &hf_samr_codepage, {
3793 "Codepage", "samr.codepage", FT_UINT16, BASE_DEC,
3794 NULL, 0, "Codepage setting for this user", HFILL }},
3795 { &hf_samr_divisions, {
3796 "Divisions", "samr.divisions", FT_UINT16, BASE_DEC,
3797 NULL, 0, "Number of divisions for LOGON_HOURS", HFILL }},
3799 /* these are used by packet-dcerpc-nt.c */
3800 { &hf_nt_string_length,
3801 { "Length", "nt.string.length", FT_UINT16, BASE_DEC,
3802 NULL, 0x0, "Length of string in bytes", HFILL }},
3804 { &hf_nt_string_size,
3805 { "Size", "nt.string.size", FT_UINT16, BASE_DEC,
3806 NULL, 0x0, "Size of string in bytes", HFILL }},
3809 { "Length", "nt.str.len", FT_UINT32, BASE_DEC,
3810 NULL, 0x0, "Length of string in short integers", HFILL }},
3813 { "Offset", "nt.str.offset", FT_UINT32, BASE_DEC,
3814 NULL, 0x0, "Offset into string in short integers", HFILL }},
3816 { &hf_nt_str_max_len,
3817 { "Max Length", "nt.str.max_len", FT_UINT32, BASE_DEC,
3818 NULL, 0x0, "Max Length of string in short integers", HFILL }},
3821 { "Acct Ctrl", "nt.acct_ctrl", FT_UINT32, BASE_HEX,
3822 NULL, 0x0, "Acct CTRL", HFILL }},
3824 { &hf_nt_acb_disabled, {
3825 "", "nt.acb.disabled", FT_BOOLEAN, 32,
3826 TFS(&tfs_nt_acb_disabled), 0x0001, "If this account is enabled or disabled", HFILL }},
3828 { &hf_nt_acb_homedirreq, {
3829 "", "nt.acb.homedirreq", FT_BOOLEAN, 32,
3830 TFS(&tfs_nt_acb_homedirreq), 0x0002, "Is hom,edirs required for this account?", HFILL }},
3832 { &hf_nt_acb_pwnotreq, {
3833 "", "nt.acb.pwnotreq", FT_BOOLEAN, 32,
3834 TFS(&tfs_nt_acb_pwnotreq), 0x0004, "If a password is required for this account?", HFILL }},
3836 { &hf_nt_acb_tempdup, {
3837 "", "nt.acb.tempdup", FT_BOOLEAN, 32,
3838 TFS(&tfs_nt_acb_tempdup), 0x0008, "If this is a temporary duplicate account", HFILL }},
3840 { &hf_nt_acb_normal, {
3841 "", "nt.acb.normal", FT_BOOLEAN, 32,
3842 TFS(&tfs_nt_acb_normal), 0x0010, "If this is a normal user account", HFILL }},
3845 "", "nt.acb.mns", FT_BOOLEAN, 32,
3846 TFS(&tfs_nt_acb_mns), 0x0020, "MNS logon user account", HFILL }},
3848 { &hf_nt_acb_domtrust, {
3849 "", "nt.acb.domtrust", FT_BOOLEAN, 32,
3850 TFS(&tfs_nt_acb_domtrust), 0x0040, "Interdomain trust account", HFILL }},
3852 { &hf_nt_acb_wstrust, {
3853 "", "nt.acb.wstrust", FT_BOOLEAN, 32,
3854 TFS(&tfs_nt_acb_wstrust), 0x0080, "Workstation trust account", HFILL }},
3856 { &hf_nt_acb_svrtrust, {
3857 "", "nt.acb.svrtrust", FT_BOOLEAN, 32,
3858 TFS(&tfs_nt_acb_svrtrust), 0x0100, "Server trust account", HFILL }},
3860 { &hf_nt_acb_pwnoexp, {
3861 "", "nt.acb.pwnoexp", FT_BOOLEAN, 32,
3862 TFS(&tfs_nt_acb_pwnoexp), 0x0200, "If this account expires or not", HFILL }},
3864 { &hf_nt_acb_autolock, {
3865 "", "nt.acb.autolock", FT_BOOLEAN, 32,
3866 TFS(&tfs_nt_acb_autolock), 0x0400, "If this account has been autolocked", HFILL }},
3868 static gint *ett[] = {
3870 &ett_nt_unicode_string,
3871 &ett_samr_user_dispinfo_1,
3872 &ett_samr_user_dispinfo_1_array,
3873 &ett_samr_user_dispinfo_2,
3874 &ett_samr_user_dispinfo_2_array,
3875 &ett_samr_group_dispinfo,
3876 &ett_samr_group_dispinfo_array,
3877 &ett_samr_ascii_dispinfo,
3878 &ett_samr_ascii_dispinfo_array,
3879 &ett_samr_display_info,
3880 &ett_samr_password_info,
3882 &ett_samr_user_group,
3883 &ett_samr_user_group_array,
3884 &ett_samr_alias_info,
3885 &ett_samr_group_info,
3886 &ett_samr_domain_info_1,
3887 &ett_samr_domain_info_2,
3888 &ett_samr_domain_info_8,
3889 &ett_samr_replication_status,
3890 &ett_samr_domain_info_11,
3891 &ett_samr_domain_info_13,
3892 &ett_samr_domain_info,
3893 &ett_samr_sid_pointer,
3894 &ett_samr_sid_array,
3895 &ett_samr_index_array,
3896 &ett_samr_idx_and_name,
3897 &ett_samr_idx_and_name_array,
3898 &ett_samr_logon_hours,
3899 &ett_samr_logon_hours_hours,
3900 &ett_samr_user_info_1,
3901 &ett_samr_user_info_2,
3902 &ett_samr_user_info_3,
3903 &ett_samr_user_info_5,
3904 &ett_samr_user_info_6,
3905 &ett_samr_user_info_18,
3906 &ett_samr_user_info_19,
3907 &ett_samr_buffer_buffer,
3909 &ett_samr_user_info_21,
3910 &ett_samr_user_info_22,
3911 &ett_samr_user_info_23,
3912 &ett_samr_user_info_24,
3913 &ett_samr_user_info,
3914 &ett_samr_member_array_types,
3915 &ett_samr_member_array_rids,
3916 &ett_samr_member_array,
3923 proto_dcerpc_samr = proto_register_protocol(
3924 "Microsoft Security Account Manager", "SAMR", "samr");
3926 proto_register_field_array (proto_dcerpc_samr, hf, array_length (hf));
3927 proto_register_subtree_array(ett, array_length(ett));
3931 proto_reg_handoff_dcerpc_samr(void)
3933 /* Register protocol as dcerpc */
3935 dcerpc_init_uuid(proto_dcerpc_samr, ett_dcerpc_samr, &uuid_dcerpc_samr,
3936 ver_dcerpc_samr, dcerpc_samr_dissectors);