1 /* packet-dcerpc-samr.c
2 * Routines for SMB \PIPE\samr packet disassembly
3 * Copyright 2001,2003 Tim Potter <tpot@samba.org>
4 * 2002 Added all command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-samr.c,v 1.81 2003/02/25 02:03:11 tpot Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
36 #include "packet-dcerpc-nt.h"
37 #include "packet-dcerpc-samr.h"
38 #include "packet-dcerpc-lsa.h"
39 #include "smb.h" /* for "NT_errors[]" */
40 #include "packet-smb-common.h"
41 #include "crypt-md4.h"
42 #include "crypt-rc4.h"
44 #ifdef NEED_SNPRINTF_H
45 # include "snprintf.h"
48 static int proto_dcerpc_samr = -1;
50 static int hf_samr_opnum = -1;
51 static int hf_samr_hnd = -1;
52 static int hf_samr_group = -1;
53 static int hf_samr_rid = -1;
54 static int hf_samr_type = -1;
55 static int hf_samr_alias = -1;
56 static int hf_samr_rid_attrib = -1;
57 static int hf_samr_rc = -1;
58 static int hf_samr_index = -1;
59 static int hf_samr_count = -1;
61 static int hf_samr_level = -1;
62 static int hf_samr_start_idx = -1;
63 static int hf_samr_max_entries = -1;
64 static int hf_samr_entries = -1;
65 static int hf_samr_pref_maxsize = -1;
66 static int hf_samr_total_size = -1;
67 static int hf_samr_ret_size = -1;
68 static int hf_samr_alias_name = -1;
69 static int hf_samr_group_name = -1;
70 static int hf_samr_acct_name = -1;
71 static int hf_samr_full_name = -1;
72 static int hf_samr_acct_desc = -1;
73 static int hf_samr_home = -1;
74 static int hf_samr_home_drive = -1;
75 static int hf_samr_script = -1;
76 static int hf_samr_workstations = -1;
77 static int hf_samr_profile = -1;
78 static int hf_samr_server = -1;
79 static int hf_samr_domain = -1;
80 static int hf_samr_controller = -1;
81 static int hf_samr_access = -1;
82 static int hf_samr_access_granted = -1;
83 static int hf_samr_crypt_password = -1;
84 static int hf_samr_crypt_hash = -1;
85 static int hf_samr_lm_change = -1;
86 static int hf_samr_lm_passchange_block = -1;
87 static int hf_samr_nt_passchange_block = -1;
88 static int hf_samr_nt_passchange_block_decrypted = -1;
89 static int hf_samr_nt_passchange_block_newpass = -1;
90 static int hf_samr_nt_passchange_block_newpass_len = -1;
91 static int hf_samr_nt_passchange_block_pseudorandom = -1;
92 static int hf_samr_lm_verifier = -1;
93 static int hf_samr_nt_verifier = -1;
94 static int hf_samr_attrib = -1;
95 static int hf_samr_max_pwd_age = -1;
96 static int hf_samr_min_pwd_age = -1;
97 static int hf_samr_min_pwd_len = -1;
98 static int hf_samr_pwd_history_len = -1;
99 static int hf_samr_num_users = -1;
100 static int hf_samr_num_groups = -1;
101 static int hf_samr_num_aliases = -1;
102 static int hf_samr_resume_hnd = -1;
103 static int hf_samr_bad_pwd_count = -1;
104 static int hf_samr_logon_count = -1;
105 static int hf_samr_logon_time = -1;
106 static int hf_samr_logoff_time = -1;
107 static int hf_samr_kickoff_time = -1;
108 static int hf_samr_pwd_last_set_time = -1;
109 static int hf_samr_pwd_can_change_time = -1;
110 static int hf_samr_pwd_must_change_time = -1;
111 static int hf_samr_acct_expiry_time = -1;
112 static int hf_samr_country = -1;
113 static int hf_samr_codepage = -1;
114 static int hf_samr_comment = -1;
115 static int hf_samr_parameters = -1;
116 static int hf_samr_nt_pwd_set = -1;
117 static int hf_samr_lm_pwd_set = -1;
118 static int hf_samr_pwd_expired = -1;
119 static int hf_samr_revision = -1;
120 static int hf_samr_divisions = -1;
121 static int hf_samr_info_type = -1;
123 static int hf_samr_unknown_hyper = -1;
124 static int hf_samr_unknown_long = -1;
125 static int hf_samr_unknown_short = -1;
126 static int hf_samr_unknown_char = -1;
127 static int hf_samr_unknown_string = -1;
128 static int hf_samr_unknown_time = -1;
130 static int hf_nt_acct_ctrl = -1;
131 static int hf_nt_acb_disabled = -1;
132 static int hf_nt_acb_homedirreq = -1;
133 static int hf_nt_acb_pwnotreq = -1;
134 static int hf_nt_acb_tempdup = -1;
135 static int hf_nt_acb_normal = -1;
136 static int hf_nt_acb_mns = -1;
137 static int hf_nt_acb_domtrust = -1;
138 static int hf_nt_acb_wstrust = -1;
139 static int hf_nt_acb_svrtrust = -1;
140 static int hf_nt_acb_pwnoexp = -1;
141 static int hf_nt_acb_autolock = -1;
143 static gint ett_dcerpc_samr = -1;
144 static gint ett_samr_user_dispinfo_1 = -1;
145 static gint ett_samr_user_dispinfo_1_array = -1;
146 static gint ett_samr_user_dispinfo_2 = -1;
147 static gint ett_samr_user_dispinfo_2_array = -1;
148 static gint ett_samr_group_dispinfo = -1;
149 static gint ett_samr_group_dispinfo_array = -1;
150 static gint ett_samr_ascii_dispinfo = -1;
151 static gint ett_samr_ascii_dispinfo_array = -1;
152 static gint ett_samr_display_info = -1;
153 static gint ett_samr_password_info = -1;
154 static gint ett_samr_server = -1;
155 static gint ett_samr_user_group = -1;
156 static gint ett_samr_user_group_array = -1;
157 static gint ett_samr_alias_info = -1;
158 static gint ett_samr_group_info = -1;
159 static gint ett_samr_domain_info_1 = -1;
160 static gint ett_samr_domain_info_2 = -1;
161 static gint ett_samr_domain_info_8 = -1;
162 static gint ett_samr_replication_status = -1;
163 static gint ett_samr_domain_info_11 = -1;
164 static gint ett_samr_domain_info_13 = -1;
165 static gint ett_samr_domain_info = -1;
166 static gint ett_samr_sid_pointer = -1;
167 static gint ett_samr_sid_array = -1;
168 static gint ett_samr_index_array = -1;
169 static gint ett_samr_idx_and_name = -1;
170 static gint ett_samr_idx_and_name_array = -1;
171 static gint ett_samr_logon_hours = -1;
172 static gint ett_samr_logon_hours_hours = -1;
173 static gint ett_samr_user_info_1 = -1;
174 static gint ett_samr_user_info_2 = -1;
175 static gint ett_samr_user_info_3 = -1;
176 static gint ett_samr_user_info_5 = -1;
177 static gint ett_samr_user_info_6 = -1;
178 static gint ett_samr_user_info_18 = -1;
179 static gint ett_samr_user_info_19 = -1;
180 static gint ett_samr_buffer_buffer = -1;
181 static gint ett_samr_buffer = -1;
182 static gint ett_samr_user_info_21 = -1;
183 static gint ett_samr_user_info_22 = -1;
184 static gint ett_samr_user_info_23 = -1;
185 static gint ett_samr_user_info_24 = -1;
186 static gint ett_samr_user_info = -1;
187 static gint ett_samr_member_array_types = -1;
188 static gint ett_samr_member_array_rids = -1;
189 static gint ett_samr_member_array = -1;
190 static gint ett_samr_names = -1;
191 static gint ett_samr_rids = -1;
192 static gint ett_nt_acct_ctrl = -1;
193 static gint ett_samr_sid_and_attributes_array = -1;
194 static gint ett_samr_sid_and_attributes = -1;
195 #ifdef SAMR_UNUSED_HANDLES
196 static gint ett_samr_hnd = -1;
199 static e_uuid_t uuid_dcerpc_samr = {
200 0x12345778, 0x1234, 0xabcd,
201 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xac}
204 static guint16 ver_dcerpc_samr = 1;
206 /* Configuration variables */
207 static char *nt_password = NULL;
209 /* Dissect connect specific access rights */
211 static gint hf_access_connect_unknown_01 = -1;
212 static gint hf_access_connect_shutdown_server = -1;
213 static gint hf_access_connect_unknown_04 = -1;
214 static gint hf_access_connect_unknown_08 = -1;
215 static gint hf_access_connect_enum_domains = -1;
216 static gint hf_access_connect_open_domain = -1;
219 specific_rights_connect(tvbuff_t *tvb, gint offset, proto_tree *tree,
222 proto_tree_add_boolean(
223 tree, hf_access_connect_open_domain,
224 tvb, offset, 4, access);
226 proto_tree_add_boolean(
227 tree, hf_access_connect_enum_domains,
228 tvb, offset, 4, access);
230 proto_tree_add_boolean(
231 tree, hf_access_connect_unknown_08,
232 tvb, offset, 4, access);
234 proto_tree_add_boolean(
235 tree, hf_access_connect_unknown_04,
236 tvb, offset, 4, access);
238 proto_tree_add_boolean(
239 tree, hf_access_connect_shutdown_server,
240 tvb, offset, 4, access);
242 proto_tree_add_boolean(
243 tree, hf_access_connect_unknown_01,
244 tvb, offset, 4, access);
247 /* Dissect domain specific access rights */
249 static gint hf_access_domain_lookup_info1 = -1;
250 static gint hf_access_domain_set_info1 = -1;
251 static gint hf_access_domain_lookup_info2 = -1;
252 static gint hf_access_domain_set_info2 = -1;
253 static gint hf_access_domain_create_user = -1;
254 static gint hf_access_domain_create_group = -1;
255 static gint hf_access_domain_create_alias = -1;
256 static gint hf_access_domain_lookup_alias_by_mem = -1;
257 static gint hf_access_domain_enum_accounts = -1;
258 static gint hf_access_domain_open_account = -1;
259 static gint hf_access_domain_set_info3 = -1;
262 specific_rights_domain(tvbuff_t *tvb, gint offset, proto_tree *tree,
265 proto_tree_add_boolean(
266 tree, hf_access_domain_set_info3,
267 tvb, offset, 4, access);
269 proto_tree_add_boolean(
270 tree, hf_access_domain_open_account,
271 tvb, offset, 4, access);
273 proto_tree_add_boolean(
274 tree, hf_access_domain_enum_accounts,
275 tvb, offset, 4, access);
277 proto_tree_add_boolean(
278 tree, hf_access_domain_lookup_alias_by_mem,
279 tvb, offset, 4, access);
281 proto_tree_add_boolean(
282 tree, hf_access_domain_create_alias,
283 tvb, offset, 4, access);
285 proto_tree_add_boolean(
286 tree, hf_access_domain_create_group,
287 tvb, offset, 4, access);
289 proto_tree_add_boolean(
290 tree, hf_access_domain_create_user,
291 tvb, offset, 4, access);
293 proto_tree_add_boolean(
294 tree, hf_access_domain_set_info2,
295 tvb, offset, 4, access);
297 proto_tree_add_boolean(
298 tree, hf_access_domain_lookup_info2,
299 tvb, offset, 4, access);
301 proto_tree_add_boolean(
302 tree, hf_access_domain_set_info1,
303 tvb, offset, 4, access);
305 proto_tree_add_boolean(
306 tree, hf_access_domain_lookup_info1,
307 tvb, offset, 4, access);
310 /* Dissect user specific access rights */
312 static gint hf_access_user_get_name_etc = -1;
313 static gint hf_access_user_get_locale = -1;
314 static gint hf_access_user_get_loc_com = -1;
315 static gint hf_access_user_get_logoninfo = -1;
316 static gint hf_access_user_unknown_10 = -1;
317 static gint hf_access_user_set_attributes = -1;
318 static gint hf_access_user_change_password = -1;
319 static gint hf_access_user_set_password = -1;
320 static gint hf_access_user_get_groups = -1;
321 static gint hf_access_user_unknown_200 = -1;
322 static gint hf_access_user_unknown_400 = -1;
325 specific_rights_user(tvbuff_t *tvb, gint offset, proto_tree *tree,
328 proto_tree_add_boolean(
329 tree, hf_access_user_unknown_400,
330 tvb, offset, 4, access);
332 proto_tree_add_boolean(
333 tree, hf_access_user_unknown_200,
334 tvb, offset, 4, access);
336 proto_tree_add_boolean(
337 tree, hf_access_user_get_groups,
338 tvb, offset, 4, access);
340 proto_tree_add_boolean(
341 tree, hf_access_user_set_password,
342 tvb, offset, 4, access);
344 proto_tree_add_boolean(
345 tree, hf_access_user_change_password,
346 tvb, offset, 4, access);
348 proto_tree_add_boolean(
349 tree, hf_access_user_set_attributes,
350 tvb, offset, 4, access);
352 proto_tree_add_boolean(
353 tree, hf_access_user_unknown_10,
354 tvb, offset, 4, access);
356 proto_tree_add_boolean(
357 tree, hf_access_user_get_logoninfo,
358 tvb, offset, 4, access);
360 proto_tree_add_boolean(
361 tree, hf_access_user_get_loc_com,
362 tvb, offset, 4, access);
364 proto_tree_add_boolean(
365 tree, hf_access_user_get_locale,
366 tvb, offset, 4, access);
368 proto_tree_add_boolean(
369 tree, hf_access_user_get_name_etc,
370 tvb, offset, 4, access);
373 /* Dissect alias specific access rights */
375 static gint hf_access_alias_add_member = -1;
376 static gint hf_access_alias_remove_member = -1;
377 static gint hf_access_alias_get_members = -1;
378 static gint hf_access_alias_lookup_info = -1;
379 static gint hf_access_alias_set_info = -1;
382 specific_rights_alias(tvbuff_t *tvb, gint offset, proto_tree *tree,
385 proto_tree_add_boolean(
386 tree, hf_access_alias_set_info,
387 tvb, offset, 4, access);
389 proto_tree_add_boolean(
390 tree, hf_access_alias_lookup_info,
391 tvb, offset, 4, access);
393 proto_tree_add_boolean(
394 tree, hf_access_alias_get_members,
395 tvb, offset, 4, access);
397 proto_tree_add_boolean(
398 tree, hf_access_alias_remove_member,
399 tvb, offset, 4, access);
401 proto_tree_add_boolean(
402 tree, hf_access_alias_add_member,
403 tvb, offset, 4, access);
406 /* Dissect group specific access rights */
408 static gint hf_access_group_lookup_info = -1;
409 static gint hf_access_group_set_info = -1;
410 static gint hf_access_group_add_member = -1;
411 static gint hf_access_group_remove_member = -1;
412 static gint hf_access_group_get_members = -1;
415 specific_rights_group(tvbuff_t *tvb, gint offset, proto_tree *tree,
418 proto_tree_add_boolean(
419 tree, hf_access_group_get_members,
420 tvb, offset, 4, access);
422 proto_tree_add_boolean(
423 tree, hf_access_group_remove_member,
424 tvb, offset, 4, access);
426 proto_tree_add_boolean(
427 tree, hf_access_group_add_member,
428 tvb, offset, 4, access);
430 proto_tree_add_boolean(
431 tree, hf_access_group_set_info,
432 tvb, offset, 4, access);
434 proto_tree_add_boolean(
435 tree, hf_access_group_lookup_info,
436 tvb, offset, 4, access);
440 dissect_ndr_nt_SID(tvbuff_t *tvb, int offset, packet_info *pinfo,
441 proto_tree *tree, char *drep)
443 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
444 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
447 if(di->conformant_run){
448 /* just a run to handle conformant arrays, no scalars to dissect */
452 /* the SID contains a conformant array, first we must eat
453 the 4-byte max_count before we can hand it off */
455 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
456 hf_samr_count, NULL);
458 offset = dissect_nt_sid(tvb, offset, tree, "Domain", &sid_str);
460 dcv->private_data = sid_str;
466 dissect_ndr_nt_SID_ptr(tvbuff_t *tvb, int offset,
467 packet_info *pinfo, proto_tree *tree,
470 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
471 dissect_ndr_nt_SID, NDR_POINTER_UNIQUE,
478 static const true_false_string tfs_nt_acb_disabled = {
479 "Account is DISABLED",
480 "Account is NOT disabled"
482 static const true_false_string tfs_nt_acb_homedirreq = {
483 "Homedir is REQUIRED",
484 "Homedir is NOT required"
486 static const true_false_string tfs_nt_acb_pwnotreq = {
487 "Password is NOT required",
488 "Password is REQUIRED"
490 static const true_false_string tfs_nt_acb_tempdup = {
491 "This is a TEMPORARY DUPLICATE account",
492 "This is NOT a temporary duplicate account"
494 static const true_false_string tfs_nt_acb_normal = {
495 "This is a NORMAL USER account",
496 "This is NOT a normal user account"
498 static const true_false_string tfs_nt_acb_mns = {
499 "This is a MNS account",
500 "This is NOT a mns account"
502 static const true_false_string tfs_nt_acb_domtrust = {
503 "This is a DOMAIN TRUST account",
504 "This is NOT a domain trust account"
506 static const true_false_string tfs_nt_acb_wstrust = {
507 "This is a WORKSTATION TRUST account",
508 "This is NOT a workstation trust account"
510 static const true_false_string tfs_nt_acb_svrtrust = {
511 "This is a SERVER TRUST account",
512 "This is NOT a server trust account"
514 static const true_false_string tfs_nt_acb_pwnoexp = {
515 "Passwords does NOT expire",
516 "Password will EXPIRE"
518 static const true_false_string tfs_nt_acb_autolock = {
519 "This account has been AUTO LOCKED",
520 "This account has NOT been auto locked"
523 dissect_ndr_nt_acct_ctrl(tvbuff_t *tvb, int offset, packet_info *pinfo,
524 proto_tree *parent_tree, char *drep)
527 proto_item *item = NULL;
528 proto_tree *tree = NULL;
530 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
531 hf_nt_acct_ctrl, &mask);
534 item = proto_tree_add_uint(parent_tree, hf_nt_acct_ctrl,
535 tvb, offset-4, 4, mask);
536 tree = proto_item_add_subtree(item, ett_nt_acct_ctrl);
539 proto_tree_add_boolean(tree, hf_nt_acb_autolock,
540 tvb, offset-4, 4, mask);
541 proto_tree_add_boolean(tree, hf_nt_acb_pwnoexp,
542 tvb, offset-4, 4, mask);
543 proto_tree_add_boolean(tree, hf_nt_acb_svrtrust,
544 tvb, offset-4, 4, mask);
545 proto_tree_add_boolean(tree, hf_nt_acb_wstrust,
546 tvb, offset-4, 4, mask);
547 proto_tree_add_boolean(tree, hf_nt_acb_domtrust,
548 tvb, offset-4, 4, mask);
549 proto_tree_add_boolean(tree, hf_nt_acb_mns,
550 tvb, offset-4, 4, mask);
551 proto_tree_add_boolean(tree, hf_nt_acb_normal,
552 tvb, offset-4, 4, mask);
553 proto_tree_add_boolean(tree, hf_nt_acb_tempdup,
554 tvb, offset-4, 4, mask);
555 proto_tree_add_boolean(tree, hf_nt_acb_pwnotreq,
556 tvb, offset-4, 4, mask);
557 proto_tree_add_boolean(tree, hf_nt_acb_homedirreq,
558 tvb, offset-4, 4, mask);
559 proto_tree_add_boolean(tree, hf_nt_acb_disabled,
560 tvb, offset-4, 4, mask);
566 /* above this line, just some general support routines which should be placed
567 in some more generic file common to all NT services dissectors
571 samr_dissect_open_user_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
572 proto_tree *tree, char *drep)
574 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
575 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
578 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
579 hf_samr_hnd, NULL, FALSE, FALSE);
581 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
582 hf_samr_access, NULL);
584 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
587 if (check_col(pinfo->cinfo, COL_INFO))
588 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
590 dcv->private_data = GINT_TO_POINTER(rid);
596 samr_dissect_open_user_reply(tvbuff_t *tvb, int offset,
597 packet_info *pinfo, proto_tree *tree,
600 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
601 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
602 e_ctx_hnd policy_hnd;
603 guint32 rid = GPOINTER_TO_INT(dcv->private_data);
606 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
607 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
610 pol_name = g_strdup_printf("OpenUser(rid 0x%x)", rid);
612 pol_name = g_strdup("OpenUser handle");
614 dcerpc_smb_store_pol_name(&policy_hnd, pol_name);
618 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
625 samr_dissect_pointer_long(tvbuff_t *tvb, int offset,
626 packet_info *pinfo, proto_tree *tree,
631 di=pinfo->private_data;
632 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
638 samr_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
639 packet_info *pinfo, proto_tree *tree,
644 di=pinfo->private_data;
645 if(di->conformant_run){
646 /*just a run to handle conformant arrays, nothing to dissect */
650 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
656 samr_dissect_pointer_short(tvbuff_t *tvb, int offset,
657 packet_info *pinfo, proto_tree *tree,
662 di=pinfo->private_data;
663 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
670 samr_dissect_query_dispinfo_rqst(tvbuff_t *tvb, int offset,
671 packet_info *pinfo, proto_tree *tree,
677 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
678 hf_samr_hnd, NULL, FALSE, FALSE);
680 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
681 hf_samr_level, &level);
682 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
683 hf_samr_start_idx, &start_idx);
684 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
685 hf_samr_max_entries, NULL);
686 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
687 hf_samr_pref_maxsize, NULL);
689 if (check_col(pinfo->cinfo, COL_INFO))
691 pinfo->cinfo, COL_INFO, ", level %d, start_idx %d",
698 samr_dissect_USER_DISPINFO_1(tvbuff_t *tvb, int offset,
699 packet_info *pinfo, proto_tree *parent_tree,
702 proto_item *item=NULL;
703 proto_tree *tree=NULL;
704 int old_offset=offset;
707 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
709 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
712 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
713 hf_samr_index, NULL);
714 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
716 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
717 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
718 hf_samr_acct_name, 0);
719 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
720 hf_samr_full_name, 0);
721 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
722 hf_samr_acct_desc, 0);
724 proto_item_set_len(item, offset-old_offset);
729 samr_dissect_USER_DISPINFO_1_ARRAY_users(tvbuff_t *tvb, int offset,
730 packet_info *pinfo, proto_tree *tree,
733 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
734 samr_dissect_USER_DISPINFO_1);
740 samr_dissect_USER_DISPINFO_1_ARRAY (tvbuff_t *tvb, int offset,
741 packet_info *pinfo, proto_tree *parent_tree,
745 proto_item *item=NULL;
746 proto_tree *tree=NULL;
747 int old_offset=offset;
750 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
751 "User_DispInfo_1 Array");
752 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1_array);
756 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
757 hf_samr_count, &count);
758 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
759 samr_dissect_USER_DISPINFO_1_ARRAY_users, NDR_POINTER_PTR,
760 "USER_DISPINFO_1_ARRAY", -1);
762 proto_item_set_len(item, offset-old_offset);
769 samr_dissect_USER_DISPINFO_2(tvbuff_t *tvb, int offset,
770 packet_info *pinfo, proto_tree *parent_tree,
773 proto_item *item=NULL;
774 proto_tree *tree=NULL;
775 int old_offset=offset;
778 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
780 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2);
783 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
784 hf_samr_index, NULL);
785 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
787 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
788 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
789 hf_samr_acct_name, 0);
790 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
791 hf_samr_acct_desc, 0);
793 proto_item_set_len(item, offset-old_offset);
798 samr_dissect_USER_DISPINFO_2_ARRAY_users (tvbuff_t *tvb, int offset,
799 packet_info *pinfo, proto_tree *tree,
802 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
803 samr_dissect_USER_DISPINFO_2);
809 samr_dissect_USER_DISPINFO_2_ARRAY (tvbuff_t *tvb, int offset,
810 packet_info *pinfo, proto_tree *parent_tree,
814 proto_item *item=NULL;
815 proto_tree *tree=NULL;
816 int old_offset=offset;
819 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
820 "User_DispInfo_2 Array");
821 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2_array);
825 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
826 hf_samr_count, &count);
827 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
828 samr_dissect_USER_DISPINFO_2_ARRAY_users, NDR_POINTER_PTR,
829 "USER_DISPINFO_2_ARRAY", -1);
831 proto_item_set_len(item, offset-old_offset);
836 samr_dissect_GROUP_DISPINFO(tvbuff_t *tvb, int offset,
837 packet_info *pinfo, proto_tree *parent_tree,
840 proto_item *item=NULL;
841 proto_tree *tree=NULL;
842 int old_offset=offset;
845 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
847 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo);
851 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
852 hf_samr_index, NULL);
853 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
855 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
856 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
857 hf_samr_acct_name, 0);
858 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
859 hf_samr_acct_desc, 0);
861 proto_item_set_len(item, offset-old_offset);
866 samr_dissect_GROUP_DISPINFO_ARRAY_groups(tvbuff_t *tvb, int offset,
867 packet_info *pinfo, proto_tree *tree,
870 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
871 samr_dissect_GROUP_DISPINFO);
877 samr_dissect_GROUP_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
878 packet_info *pinfo, proto_tree *parent_tree,
882 proto_item *item=NULL;
883 proto_tree *tree=NULL;
884 int old_offset=offset;
887 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
888 "Group_DispInfo Array");
889 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo_array);
892 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
893 hf_samr_count, &count);
894 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
895 samr_dissect_GROUP_DISPINFO_ARRAY_groups, NDR_POINTER_PTR,
896 "GROUP_DISPINFO_ARRAY", -1);
898 proto_item_set_len(item, offset-old_offset);
905 samr_dissect_ASCII_DISPINFO(tvbuff_t *tvb, int offset,
906 packet_info *pinfo, proto_tree *parent_tree,
909 proto_item *item=NULL;
910 proto_tree *tree=NULL;
911 int old_offset=offset;
914 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
916 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo);
920 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
921 hf_samr_index, NULL);
922 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
924 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
925 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
926 hf_samr_acct_name, 0);
927 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
928 hf_samr_acct_desc, 0);
930 proto_item_set_len(item, offset-old_offset);
935 samr_dissect_ASCII_DISPINFO_ARRAY_users(tvbuff_t *tvb, int offset,
936 packet_info *pinfo, proto_tree *tree,
939 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
940 samr_dissect_ASCII_DISPINFO);
946 samr_dissect_ASCII_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
947 packet_info *pinfo, proto_tree *parent_tree,
951 proto_item *item=NULL;
952 proto_tree *tree=NULL;
953 int old_offset=offset;
956 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
957 "Ascii_DispInfo Array");
958 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo_array);
961 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
962 hf_samr_count, &count);
963 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
964 samr_dissect_ASCII_DISPINFO_ARRAY_users, NDR_POINTER_PTR,
965 "ACSII_DISPINFO_ARRAY", -1);
967 proto_item_set_len(item, offset-old_offset);
973 samr_dissect_DISPLAY_INFO (tvbuff_t *tvb, int offset,
974 packet_info *pinfo, proto_tree *parent_tree,
977 proto_item *item=NULL;
978 proto_tree *tree=NULL;
979 int old_offset=offset;
983 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
985 tree = proto_item_add_subtree(item, ett_samr_display_info);
988 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
989 hf_samr_level, &level);
992 offset = samr_dissect_USER_DISPINFO_1_ARRAY(
993 tvb, offset, pinfo, tree, drep);
996 offset = samr_dissect_USER_DISPINFO_2_ARRAY(
997 tvb, offset, pinfo, tree, drep);
1000 offset = samr_dissect_GROUP_DISPINFO_ARRAY(
1001 tvb, offset, pinfo, tree, drep);
1004 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
1005 tvb, offset, pinfo, tree, drep);
1008 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
1009 tvb, offset, pinfo, tree, drep);
1013 proto_item_set_len(item, offset-old_offset);
1018 samr_dissect_query_dispinfo_reply(tvbuff_t *tvb, int offset,
1019 packet_info *pinfo, proto_tree *tree,
1022 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1023 samr_dissect_pointer_long, NDR_POINTER_REF,
1024 "Total Size", hf_samr_total_size);
1025 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1026 samr_dissect_pointer_long, NDR_POINTER_REF,
1027 "Returned Size", hf_samr_ret_size);
1028 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1029 samr_dissect_DISPLAY_INFO, NDR_POINTER_REF,
1030 "DISPLAY_INFO:", -1);
1031 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1038 samr_dissect_get_display_enumeration_index_rqst(tvbuff_t *tvb, int offset,
1045 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1046 hf_samr_hnd, NULL, FALSE, FALSE);
1048 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1049 hf_samr_level, &level);
1051 if (check_col(pinfo->cinfo, COL_INFO))
1052 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
1054 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
1055 hf_samr_acct_name, 0);
1061 samr_dissect_get_display_enumeration_index_reply(tvbuff_t *tvb, int offset,
1062 packet_info *pinfo, proto_tree *tree,
1065 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1066 samr_dissect_pointer_long, NDR_POINTER_REF,
1067 "Index", hf_samr_index);
1069 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1079 samr_dissect_PASSWORD_INFO(tvbuff_t *tvb, int offset,
1080 packet_info *pinfo, proto_tree *parent_tree,
1083 proto_item *item=NULL;
1084 proto_tree *tree=NULL;
1085 int old_offset=offset;
1087 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
1090 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1092 tree = proto_item_add_subtree(item, ett_samr_password_info);
1096 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1097 hf_samr_unknown_short, NULL);
1098 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1099 hf_samr_unknown_long, NULL);
1101 proto_item_set_len(item, offset-old_offset);
1106 samr_dissect_get_usrdom_pwinfo_rqst(tvbuff_t *tvb, int offset,
1107 packet_info *pinfo, proto_tree *tree,
1110 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1111 hf_samr_hnd, NULL, FALSE, FALSE);
1117 samr_dissect_get_usrdom_pwinfo_reply(tvbuff_t *tvb, int offset,
1118 packet_info *pinfo, proto_tree *tree,
1121 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1122 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
1123 "PASSWORD_INFO:", -1);
1125 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1131 samr_dissect_connect2_rqst(tvbuff_t *tvb, int offset,
1132 packet_info *pinfo, proto_tree *tree,
1135 offset = dissect_ndr_pointer_cb(
1136 tvb, offset, pinfo, tree, drep,
1137 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
1138 "Server", hf_samr_server, cb_str_postprocess,
1139 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
1141 offset = dissect_nt_access_mask(
1142 tvb, offset, pinfo, tree, drep, hf_samr_access,
1143 specific_rights_connect);
1149 samr_dissect_connect4_rqst(tvbuff_t *tvb, int offset,
1150 packet_info *pinfo, proto_tree *tree,
1153 offset = dissect_ndr_pointer_cb(
1154 tvb, offset, pinfo, tree, drep,
1155 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
1156 "Server", hf_samr_server, cb_str_postprocess,
1157 GINT_TO_POINTER(CB_STR_COL_INFO | 1));
1159 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1160 hf_samr_unknown_long, NULL);
1162 offset = dissect_nt_access_mask(
1163 tvb, offset, pinfo, tree, drep, hf_samr_access,
1164 specific_rights_connect);
1170 samr_dissect_connect2_reply(tvbuff_t *tvb, int offset,
1171 packet_info *pinfo, proto_tree *tree,
1174 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
1175 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
1176 e_ctx_hnd policy_hnd;
1177 char *server = (char *)dcv->private_data, *pol_name;
1179 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1180 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
1183 pol_name = g_strdup_printf("Connect2(%s)", server);
1185 pol_name = g_strdup("Connect2 handle");
1187 dcerpc_smb_store_pol_name(&policy_hnd, pol_name);
1191 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1197 samr_dissect_connect_anon_rqst(tvbuff_t *tvb, int offset,
1198 packet_info *pinfo, proto_tree *tree,
1204 offset=dissect_ndr_uint16(tvb, offset, pinfo, NULL, drep,
1205 hf_samr_server, &server);
1208 proto_tree_add_string_format(tree, hf_samr_server, tvb, offset-2, 2,
1209 str, "Server: %s", str);
1215 samr_dissect_connect_anon_reply(tvbuff_t *tvb, int offset,
1216 packet_info *pinfo, proto_tree *tree,
1219 e_ctx_hnd policy_hnd;
1221 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1222 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
1224 dcerpc_smb_store_pol_name(&policy_hnd, "ConnectAnon handle");
1226 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1233 samr_dissect_USER_GROUP(tvbuff_t *tvb, int offset,
1234 packet_info *pinfo, proto_tree *parent_tree,
1237 proto_item *item=NULL;
1238 proto_tree *tree=NULL;
1239 int old_offset=offset;
1242 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1244 tree = proto_item_add_subtree(item, ett_samr_user_group);
1247 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1249 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1250 hf_samr_rid_attrib, NULL);
1252 proto_item_set_len(item, offset-old_offset);
1257 samr_dissect_USER_GROUP_ARRAY_groups (tvbuff_t *tvb, int offset,
1258 packet_info *pinfo, proto_tree *tree,
1261 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
1262 samr_dissect_USER_GROUP);
1268 samr_dissect_USER_GROUP_ARRAY(tvbuff_t *tvb, int offset,
1269 packet_info *pinfo, proto_tree *parent_tree,
1273 proto_item *item=NULL;
1274 proto_tree *tree=NULL;
1275 int old_offset=offset;
1278 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1279 "USER_GROUP_ARRAY");
1280 tree = proto_item_add_subtree(item, ett_samr_user_group_array);
1283 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1284 hf_samr_count, &count);
1285 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1286 samr_dissect_USER_GROUP_ARRAY_groups, NDR_POINTER_UNIQUE,
1287 "USER_GROUP_ARRAY", -1);
1289 proto_item_set_len(item, offset-old_offset);
1294 samr_dissect_USER_GROUP_ARRAY_ptr(tvbuff_t *tvb, int offset,
1295 packet_info *pinfo, proto_tree *tree,
1298 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1299 samr_dissect_USER_GROUP_ARRAY, NDR_POINTER_UNIQUE,
1300 "USER_GROUP_ARRAY", -1);
1305 samr_dissect_get_groups_for_user_rqst(tvbuff_t *tvb, int offset,
1306 packet_info *pinfo, proto_tree *tree,
1309 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1310 hf_samr_hnd, NULL, FALSE, FALSE);
1316 samr_dissect_get_groups_for_user_reply(tvbuff_t *tvb, int offset,
1317 packet_info *pinfo, proto_tree *tree,
1320 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1321 samr_dissect_USER_GROUP_ARRAY_ptr, NDR_POINTER_REF,
1322 "USER_GROUP_ARRAY:", -1);
1324 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1330 static void append_sid_col_info(packet_info *pinfo, proto_tree *tree _U_,
1331 proto_item *item _U_, tvbuff_t *tvb _U_,
1332 int start_offset _U_, int end_offset _U_,
1333 void *callback_args _U_)
1335 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
1336 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
1337 char *sid_str = dcv->private_data;
1339 if (sid_str && check_col(pinfo->cinfo, COL_INFO))
1340 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", sid_str);
1344 samr_dissect_open_domain_rqst(tvbuff_t *tvb, int offset,
1345 packet_info *pinfo, proto_tree *tree,
1348 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1349 hf_samr_hnd, NULL, FALSE, FALSE);
1351 offset = dissect_nt_access_mask(
1352 tvb, offset, pinfo, tree, drep, hf_samr_access,
1353 specific_rights_domain);
1355 offset = dissect_ndr_pointer_cb(
1356 tvb, offset, pinfo, tree, drep, dissect_ndr_nt_SID,
1357 NDR_POINTER_REF, "SID:", -1, append_sid_col_info, NULL);
1363 samr_dissect_open_domain_reply(tvbuff_t *tvb, int offset,
1364 packet_info *pinfo, proto_tree *tree,
1367 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
1368 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
1369 e_ctx_hnd policy_hnd;
1370 char *pol_name, *sid_str = (char *)dcv->private_data;
1372 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1373 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
1376 pol_name = g_strdup_printf("OpenDomain(%s)", sid_str);
1378 pol_name = g_strdup("OpenDomain handle");
1380 dcerpc_smb_store_pol_name(&policy_hnd, pol_name);
1384 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1392 samr_dissect_context_handle_SID(tvbuff_t *tvb, int offset,
1393 packet_info *pinfo, proto_tree *tree,
1396 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1397 hf_samr_hnd, NULL, FALSE, FALSE);
1399 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1400 dissect_ndr_nt_SID, NDR_POINTER_REF,
1407 samr_dissect_add_member_to_group_rqst(tvbuff_t *tvb, int offset,
1408 packet_info *pinfo, proto_tree *tree,
1411 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1412 hf_samr_hnd, NULL, FALSE, FALSE);
1414 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1415 hf_samr_group, NULL);
1417 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1424 samr_dissect_add_member_to_group_reply(tvbuff_t *tvb, int offset,
1425 packet_info *pinfo, proto_tree *tree,
1428 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1435 samr_dissect_unknown_3c_rqst(tvbuff_t *tvb, int offset,
1436 packet_info *pinfo, proto_tree *tree,
1439 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1440 hf_samr_hnd, NULL, FALSE, FALSE);
1446 samr_dissect_unknown_3c_reply(tvbuff_t *tvb, int offset,
1447 packet_info *pinfo, proto_tree *tree,
1450 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1451 samr_dissect_pointer_short, NDR_POINTER_REF,
1452 "unknown short", hf_samr_unknown_short);
1454 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1460 samr_dissect_create_alias_in_domain_rqst(tvbuff_t *tvb, int offset,
1461 packet_info *pinfo, proto_tree *tree,
1464 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1465 hf_samr_hnd, NULL, FALSE, FALSE);
1467 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1468 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
1469 "Account Name", hf_samr_acct_name);
1471 offset = dissect_nt_access_mask(
1472 tvb, offset, pinfo, tree, drep, hf_samr_access,
1473 specific_rights_alias);
1479 samr_dissect_create_alias_in_domain_reply(tvbuff_t *tvb, int offset,
1480 packet_info *pinfo, proto_tree *tree,
1483 e_ctx_hnd policy_hnd;
1485 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1486 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
1488 dcerpc_smb_store_pol_name(&policy_hnd, "CreateAlias handle");
1490 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1493 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1500 samr_dissect_query_information_alias_rqst(tvbuff_t *tvb, int offset,
1502 proto_tree *tree, char *drep)
1506 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1507 hf_samr_hnd, NULL, FALSE, FALSE);
1509 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1510 hf_samr_level, &level);
1512 if (check_col(pinfo->cinfo, COL_INFO))
1513 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
1519 samr_dissect_ALIAS_INFO_1 (tvbuff_t *tvb, int offset,
1520 packet_info *pinfo, proto_tree *tree,
1523 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1524 tree, drep, hf_samr_acct_name, 0);
1525 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1527 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1528 tree, drep, hf_samr_acct_desc, 0);
1533 samr_dissect_ALIAS_INFO(tvbuff_t *tvb, int offset,
1534 packet_info *pinfo, proto_tree *parent_tree,
1537 proto_item *item=NULL;
1538 proto_tree *tree=NULL;
1539 int old_offset=offset;
1543 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1545 tree = proto_item_add_subtree(item, ett_samr_alias_info);
1548 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1549 hf_samr_level, &level);
1552 offset = samr_dissect_ALIAS_INFO_1(
1553 tvb, offset, pinfo, tree, drep);
1556 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1557 tree, drep, hf_samr_acct_name, 0);
1560 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
1561 tree, drep, hf_samr_acct_desc, 0);
1565 proto_item_set_len(item, offset-old_offset);
1570 samr_dissect_ALIAS_INFO_ptr(tvbuff_t *tvb, int offset,
1571 packet_info *pinfo, proto_tree *tree,
1574 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1575 samr_dissect_ALIAS_INFO, NDR_POINTER_UNIQUE,
1581 samr_dissect_query_information_alias_reply(tvbuff_t *tvb, int offset,
1583 proto_tree *tree, char *drep)
1585 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1586 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1589 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1596 samr_dissect_set_information_alias_rqst(tvbuff_t *tvb, int offset,
1597 packet_info *pinfo, proto_tree *tree,
1602 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1603 hf_samr_hnd, NULL, FALSE, FALSE);
1605 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1606 hf_samr_level, &level);
1608 if (check_col(pinfo->cinfo, COL_INFO))
1609 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
1611 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1612 samr_dissect_ALIAS_INFO, NDR_POINTER_REF,
1618 samr_dissect_set_information_alias_reply(tvbuff_t *tvb, int offset,
1619 packet_info *pinfo, proto_tree *tree,
1622 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1623 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1626 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1632 samr_dissect_CRYPT_PASSWORD(tvbuff_t *tvb, int offset,
1633 packet_info *pinfo _U_, proto_tree *tree,
1638 di=pinfo->private_data;
1639 if(di->conformant_run){
1640 /* just a run to handle conformant arrays, no scalars to dissect */
1644 proto_tree_add_item(tree, hf_samr_crypt_password, tvb, offset, 516,
1651 samr_dissect_CRYPT_HASH(tvbuff_t *tvb, int offset,
1652 packet_info *pinfo _U_, proto_tree *tree,
1657 di=pinfo->private_data;
1658 if(di->conformant_run){
1659 /* just a run to handle conformant arrays, no scalars to dissect */
1663 proto_tree_add_item(tree, hf_samr_crypt_hash, tvb, offset, 16,
1669 #define NT_BLOCK_SIZE 516
1672 samr_dissect_decrypted_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset,
1673 packet_info *pinfo _U_, proto_tree *tree,
1676 guint32 new_password_len = 0;
1677 guint32 pseudorandom_len = 0;
1678 const char *printable_password;
1682 /* The length of the new password is represented in the last four
1683 octets of the decrypted buffer. Since the password length cannot
1684 exceed 512, we can check the contents of those bytes to determine
1685 if decryption was successful. If the decrypted contents of those
1686 four bytes is less than 512, then there is a 99% chance that
1687 we decrypted the buffer successfully. Of course, this isn't good
1688 enough for a security application, (NT uses the "verifier" field
1689 to come to the same conclusion), but it should be good enough for
1692 new_password_len = tvb_get_letohl(tvb, 512);
1694 if (new_password_len <= 512)
1696 /* Decryption successful */
1697 proto_tree_add_text (tree, tvb, offset, -1,
1698 "Decryption of NT Password Encrypted block successful");
1700 /* Whatever is before the password is pseudorandom data. We calculate
1701 the length by examining the password length (at the end), and working
1703 pseudorandom_len = NT_BLOCK_SIZE - new_password_len - 4;
1705 /* Pseudorandom data padding up to password */
1706 proto_tree_add_item(tree, hf_samr_nt_passchange_block_pseudorandom,
1707 tvb, offset, pseudorandom_len, TRUE);
1708 offset += pseudorandom_len;
1710 /* The new password itself */
1711 bc = new_password_len;
1712 printable_password = get_unicode_or_ascii_string(tvb, &offset,
1716 proto_tree_add_string(tree, hf_samr_nt_passchange_block_newpass,
1717 tvb, offset, result_length,
1718 printable_password);
1719 offset += new_password_len;
1721 /* Length of password */
1722 proto_tree_add_item(tree, hf_samr_nt_passchange_block_newpass_len,
1723 tvb, offset, 4, TRUE);
1727 /* Decryption failure. Just show the encrypted block */
1728 proto_tree_add_text (tree, tvb, offset, -1,
1729 "Decryption of NT Passchange block failed");
1731 proto_tree_add_item(tree, hf_samr_nt_passchange_block_decrypted, tvb,
1732 offset, NT_BLOCK_SIZE, TRUE);
1737 samr_dissect_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset,
1738 packet_info *pinfo _U_, proto_tree *tree,
1742 size_t password_len;
1743 unsigned char *password_unicode;
1744 size_t password_len_unicode;
1745 unsigned char password_md4_hash[16];
1747 tvbuff_t *decr_tvb; /* Used to store decrypted buffer */
1748 rc4_state_struct rc4_state;
1751 /* This implements the the algorithm discussed in lkcl -"DCE/RPC
1752 over SMB" page 257. Note that this code does not properly support
1755 di=pinfo->private_data;
1756 if(di->conformant_run){
1757 /* just a run to handle conformant arrays, no scalars to dissect */
1761 /* Put in a protocol tree entry for the encrypted block. */
1762 proto_tree_add_text(tree, tvb, offset, NT_BLOCK_SIZE,
1763 "Encrypted NT Password Block");
1765 if (nt_password != NULL) {
1766 /* We have an NT password, so we can decrypt the password
1769 /* Convert the password provided in the Ethereal GUI to Unicode
1770 (UCS-2). Since the input is always ASCII, we can just fake
1771 it and pad every other byte with a NUL. If we ever support
1772 UTF-8 in the GUI, we would have to perform a real UTF-8 to
1774 password_len = strlen(nt_password);
1775 password_len_unicode = password_len*2;
1776 password_unicode = g_malloc(password_len_unicode);
1777 for (i = 0; i < password_len; i++) {
1778 password_unicode[i*2] = nt_password[i];
1779 password_unicode[i*2+1] = 0;
1782 /* Run MD4 against the resulting Unicode password. This will
1783 be used to perform RC4 decryption on the password change
1784 block. Then free the Unicode password, as we're done
1786 crypt_md4(password_md4_hash, password_unicode,
1787 password_len_unicode);
1788 g_free(password_unicode);
1790 /* Copy the block into a temporary buffer so we can decrypt
1792 block = g_malloc(NT_BLOCK_SIZE);
1793 memset(block, 0, NT_BLOCK_SIZE);
1794 tvb_memcpy(tvb, block, offset, NT_BLOCK_SIZE);
1796 /* RC4 decrypt the block with the old NT password hash */
1797 crypt_rc4_init(&rc4_state, password_md4_hash, 16);
1798 crypt_rc4(&rc4_state, block, NT_BLOCK_SIZE);
1800 /* Show the decrypted buffer in a new window */
1801 decr_tvb = tvb_new_real_data(block, NT_BLOCK_SIZE,
1803 tvb_set_free_cb(decr_tvb, g_free);
1804 tvb_set_child_real_data_tvbuff(tvb, decr_tvb);
1805 add_new_data_source(pinfo, decr_tvb,
1806 "Decrypted NT Password Block");
1808 /* Dissect the decrypted block */
1809 samr_dissect_decrypted_NT_PASSCHANGE_BLOCK(decr_tvb, 0, pinfo,
1812 offset += NT_BLOCK_SIZE;
1817 samr_dissect_LM_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset,
1818 packet_info *pinfo _U_, proto_tree *tree,
1823 /* Right now, this just dumps the output. In the long term, we can use
1824 the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to
1825 actually decrypt the block */
1827 di=pinfo->private_data;
1828 if(di->conformant_run){
1829 /* just a run to handle conformant arrays, no scalars to dissect */
1833 proto_tree_add_item(tree, hf_samr_lm_passchange_block, tvb, offset,
1840 samr_dissect_LM_VERIFIER(tvbuff_t *tvb, int offset,
1841 packet_info *pinfo _U_, proto_tree *tree,
1846 /* Right now, this just dumps the output. In the long term, we can use
1847 the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to
1848 actually validate the verifier */
1850 di=pinfo->private_data;
1851 if(di->conformant_run){
1852 /* just a run to handle conformant arrays, no scalars to dissect */
1856 proto_tree_add_item(tree, hf_samr_lm_verifier, tvb, offset, 16,
1864 samr_dissect_NT_VERIFIER(tvbuff_t *tvb, int offset,
1865 packet_info *pinfo _U_, proto_tree *tree,
1870 /* Right now, this just dumps the output. In the long term, we can use
1871 the algorithm discussed in lkcl -"DCE/RPC over SMB" page 257 to
1872 actually validate the verifier */
1874 di=pinfo->private_data;
1875 if(di->conformant_run){
1876 /* just a run to handle conformant arrays, no scalars to dissect */
1880 proto_tree_add_item(tree, hf_samr_nt_verifier, tvb, offset, 16,
1888 samr_dissect_oem_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1890 proto_tree *tree, char *drep)
1892 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1893 hf_samr_hnd, NULL, FALSE, FALSE);
1895 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1896 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1897 "Server", hf_samr_server);
1899 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1900 samr_dissect_pointer_STRING, NDR_POINTER_REF,
1901 "Account Name", hf_samr_acct_name);
1903 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1904 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1907 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1908 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1914 samr_dissect_oem_change_password_user2_reply(tvbuff_t *tvb, int offset,
1916 proto_tree *tree, char *drep)
1918 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1925 samr_dissect_unicode_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1927 proto_tree *tree, char *drep)
1929 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1930 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
1931 "PASSWORD_INFO:", -1);
1933 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
1934 NDR_POINTER_UNIQUE, "Server", hf_samr_server, 0);
1936 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1937 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
1938 "Account Name", hf_samr_acct_name);
1940 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1941 samr_dissect_NT_PASSCHANGE_BLOCK, NDR_POINTER_UNIQUE,
1942 "New NT Password Encrypted Block", -1);
1943 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1944 samr_dissect_NT_VERIFIER, NDR_POINTER_UNIQUE,
1945 "NT Password Verifier", -1);
1946 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1947 hf_samr_lm_change, NULL);
1948 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1949 samr_dissect_LM_PASSCHANGE_BLOCK, NDR_POINTER_UNIQUE,
1950 "New Lan Manager Password Encrypted Block", -1);
1951 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1952 samr_dissect_LM_VERIFIER, NDR_POINTER_UNIQUE,
1953 "Lan Manager Password Verifier", -1);
1958 samr_dissect_unicode_change_password_user2_reply(tvbuff_t *tvb, int offset,
1960 proto_tree *tree, char *drep)
1962 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1969 samr_dissect_unknown_3b_rqst(tvbuff_t *tvb, int offset,
1970 packet_info *pinfo, proto_tree *tree,
1973 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1974 hf_samr_hnd, NULL, FALSE, FALSE);
1976 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1977 hf_samr_unknown_short, NULL);
1978 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1979 dissect_ndr_counted_string_ptr, NDR_POINTER_UNIQUE,
1980 "Unknown", hf_samr_unknown_string);
1981 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1982 dissect_ndr_counted_string_ptr, NDR_POINTER_UNIQUE,
1983 "Unknown", hf_samr_unknown_string);
1988 samr_dissect_unknown_3b_reply(tvbuff_t *tvb, int offset,
1989 packet_info *pinfo, proto_tree *tree,
1992 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1999 samr_dissect_create_user2_in_domain_rqst(tvbuff_t *tvb, int offset,
2000 packet_info *pinfo, proto_tree *tree,
2003 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2004 hf_samr_hnd, NULL, FALSE, FALSE);
2006 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2007 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
2008 "Account Name", hf_samr_acct_name);
2010 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2012 offset = dissect_nt_access_mask(
2013 tvb, offset, pinfo, tree, drep, hf_samr_access,
2014 specific_rights_user);
2020 samr_dissect_create_user2_in_domain_reply(tvbuff_t *tvb, int offset,
2021 packet_info *pinfo, proto_tree *tree,
2024 e_ctx_hnd policy_hnd;
2026 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2027 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
2029 dcerpc_smb_store_pol_name(&policy_hnd, "CreateUser2 handle");
2031 offset = dissect_nt_access_mask(
2032 tvb, offset, pinfo, tree, drep, hf_samr_access_granted,
2033 specific_rights_user);
2035 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2038 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2044 samr_dissect_get_display_enumeration_index2_rqst(tvbuff_t *tvb, int offset,
2046 proto_tree *tree, char *drep)
2048 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2049 hf_samr_hnd, NULL, FALSE, FALSE);
2051 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2052 hf_samr_level, NULL);
2053 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2054 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
2055 "Account Name", hf_samr_acct_name);
2060 samr_dissect_get_display_enumeration_index2_reply(tvbuff_t *tvb, int offset,
2061 packet_info *pinfo, proto_tree *tree,
2064 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2065 hf_samr_index, NULL);
2067 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2073 samr_dissect_change_password_user_rqst(tvbuff_t *tvb, int offset,
2074 packet_info *pinfo, proto_tree *tree,
2077 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2078 hf_samr_hnd, NULL, FALSE, FALSE);
2080 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2081 hf_samr_unknown_char, NULL);
2082 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2083 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2085 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2086 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2088 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2089 hf_samr_unknown_char, NULL);
2090 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2091 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2093 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2094 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2096 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2097 hf_samr_unknown_char, NULL);
2098 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2099 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2101 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2102 hf_samr_unknown_char, NULL);
2103 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2104 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
2111 samr_dissect_change_password_user_reply(tvbuff_t *tvb, int offset,
2112 packet_info *pinfo, proto_tree *tree,
2115 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2122 samr_dissect_set_member_attributes_of_group_rqst(tvbuff_t *tvb, int offset,
2124 proto_tree *tree, char *drep)
2126 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2127 hf_samr_hnd, NULL, FALSE, FALSE);
2129 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2130 hf_samr_attrib, NULL);
2135 samr_dissect_set_member_attributes_of_group_reply(tvbuff_t *tvb, int offset,
2136 packet_info *pinfo, proto_tree *tree,
2139 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2146 samr_dissect_GROUP_INFO_1 (tvbuff_t *tvb, int offset,
2147 packet_info *pinfo, proto_tree *tree,
2150 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2151 tree, drep, hf_samr_acct_name, 0);
2152 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2154 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2155 hf_samr_attrib, NULL);
2156 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2157 tree, drep, hf_samr_acct_desc, 0);
2162 samr_dissect_GROUP_INFO(tvbuff_t *tvb, int offset,
2163 packet_info *pinfo, proto_tree *parent_tree,
2166 proto_item *item=NULL;
2167 proto_tree *tree=NULL;
2168 int old_offset=offset;
2172 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2174 tree = proto_item_add_subtree(item, ett_samr_group_info);
2177 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2178 hf_samr_level, &level);
2181 offset = samr_dissect_GROUP_INFO_1(
2182 tvb, offset, pinfo, tree, drep);
2185 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2186 tree, drep, hf_samr_acct_name, 0);
2189 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2190 hf_samr_attrib, NULL);
2193 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2194 tree, drep, hf_samr_acct_desc, 0);
2198 proto_item_set_len(item, offset-old_offset);
2203 samr_dissect_GROUP_INFO_ptr(tvbuff_t *tvb, int offset,
2204 packet_info *pinfo, proto_tree *tree,
2207 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2208 samr_dissect_GROUP_INFO, NDR_POINTER_UNIQUE,
2214 samr_dissect_query_information_group_rqst(tvbuff_t *tvb, int offset,
2216 proto_tree *tree, char *drep)
2218 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2219 hf_samr_hnd, NULL, FALSE, FALSE);
2221 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2222 hf_samr_level, NULL);
2228 samr_dissect_query_information_group_reply(tvbuff_t *tvb, int offset,
2229 packet_info *pinfo, proto_tree *tree,
2232 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2233 samr_dissect_GROUP_INFO_ptr, NDR_POINTER_REF,
2236 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2242 samr_dissect_set_information_group_rqst(tvbuff_t *tvb, int offset,
2243 packet_info *pinfo, proto_tree *tree,
2248 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2249 hf_samr_hnd, NULL, FALSE, FALSE);
2251 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2252 hf_samr_level, &level);
2254 if (check_col(pinfo->cinfo, COL_INFO))
2255 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
2257 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2258 samr_dissect_GROUP_INFO, NDR_POINTER_REF,
2264 samr_dissect_set_information_group_reply(tvbuff_t *tvb, int offset,
2265 packet_info *pinfo, proto_tree *tree,
2268 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2275 samr_dissect_get_domain_password_information_rqst(tvbuff_t *tvb, int offset,
2280 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2281 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
2282 "PASSWORD_INFO:", -1);
2284 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
2285 NDR_POINTER_UNIQUE, "Domain", hf_samr_domain, 0);
2291 samr_dissect_get_domain_password_information_reply(tvbuff_t *tvb, int offset,
2296 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2297 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
2298 "PASSWORD_INFO:", -1);
2300 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2307 samr_dissect_DOMAIN_INFO_1(tvbuff_t *tvb, int offset,
2308 packet_info *pinfo, proto_tree *parent_tree,
2311 proto_item *item=NULL;
2312 proto_tree *tree=NULL;
2313 int old_offset=offset;
2315 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
2318 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2320 tree = proto_item_add_subtree(item, ett_samr_domain_info_1);
2323 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2324 hf_samr_min_pwd_len, NULL);
2325 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2326 hf_samr_pwd_history_len, NULL);
2327 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2328 hf_samr_unknown_long, NULL);
2329 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2330 hf_samr_max_pwd_age);
2331 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2332 hf_samr_min_pwd_age);
2333 proto_item_set_len(item, offset-old_offset);
2338 samr_dissect_DOMAIN_INFO_2(tvbuff_t *tvb, int offset,
2339 packet_info *pinfo, proto_tree *parent_tree,
2342 proto_item *item=NULL;
2343 proto_tree *tree=NULL;
2344 int old_offset=offset;
2347 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2349 tree = proto_item_add_subtree(item, ett_samr_domain_info_2);
2352 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2353 hf_samr_unknown_time);
2354 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2355 hf_samr_unknown_string, 0);
2356 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2358 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
2359 hf_samr_controller, 0);
2360 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2361 hf_samr_unknown_time);
2362 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2363 hf_samr_unknown_long, NULL);
2364 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2365 hf_samr_unknown_long, NULL);
2366 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2367 hf_samr_unknown_char, NULL);
2368 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2369 hf_samr_num_users, NULL);
2370 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2371 hf_samr_num_groups, NULL);
2372 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2373 hf_samr_num_aliases, NULL);
2375 proto_item_set_len(item, offset-old_offset);
2380 samr_dissect_DOMAIN_INFO_8(tvbuff_t *tvb, int offset,
2381 packet_info *pinfo, proto_tree *parent_tree,
2384 proto_item *item=NULL;
2385 proto_tree *tree=NULL;
2386 int old_offset=offset;
2389 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2391 tree = proto_item_add_subtree(item, ett_samr_domain_info_8);
2394 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2395 hf_samr_max_pwd_age);
2396 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2397 hf_samr_min_pwd_age);
2399 proto_item_set_len(item, offset-old_offset);
2404 samr_dissect_REPLICATION_STATUS(tvbuff_t *tvb, int offset,
2405 packet_info *pinfo, proto_tree *parent_tree,
2408 proto_item *item=NULL;
2409 proto_tree *tree=NULL;
2410 int old_offset=offset;
2413 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2414 "REPLICATION_STATUS:");
2415 tree = proto_item_add_subtree(item, ett_samr_replication_status);
2418 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2419 hf_samr_unknown_hyper, NULL);
2420 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2421 hf_samr_unknown_hyper, NULL);
2422 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2423 hf_samr_unknown_short, NULL);
2425 proto_item_set_len(item, offset-old_offset);
2430 samr_dissect_DOMAIN_INFO_11(tvbuff_t *tvb, int offset,
2431 packet_info *pinfo, proto_tree *parent_tree,
2434 proto_item *item=NULL;
2435 proto_tree *tree=NULL;
2436 int old_offset=offset;
2439 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2441 tree = proto_item_add_subtree(item, ett_samr_domain_info_11);
2444 offset = samr_dissect_DOMAIN_INFO_2(
2445 tvb, offset, pinfo, tree, drep);
2446 offset = samr_dissect_REPLICATION_STATUS(
2447 tvb, offset, pinfo, tree, drep);
2449 proto_item_set_len(item, offset-old_offset);
2454 samr_dissect_DOMAIN_INFO_13(tvbuff_t *tvb, int offset,
2455 packet_info *pinfo, proto_tree *parent_tree,
2458 proto_item *item=NULL;
2459 proto_tree *tree=NULL;
2460 int old_offset=offset;
2463 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2465 tree = proto_item_add_subtree(item, ett_samr_domain_info_13);
2468 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2469 hf_samr_unknown_time);
2470 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2471 hf_samr_unknown_time);
2472 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2473 hf_samr_unknown_time);
2475 proto_item_set_len(item, offset-old_offset);
2481 samr_dissect_DOMAIN_INFO(tvbuff_t *tvb, int offset,
2482 packet_info *pinfo, proto_tree *parent_tree,
2485 proto_item *item=NULL;
2486 proto_tree *tree=NULL;
2487 int old_offset=offset;
2491 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2493 tree = proto_item_add_subtree(item, ett_samr_domain_info);
2496 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2497 hf_samr_level, &level);
2499 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
2502 offset = samr_dissect_DOMAIN_INFO_1(
2503 tvb, offset, pinfo, tree, drep);
2506 offset = samr_dissect_DOMAIN_INFO_2(
2507 tvb, offset, pinfo, tree, drep);
2511 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2512 hf_samr_unknown_time);
2515 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2516 tree, drep, hf_samr_unknown_string, 0);
2520 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2521 tree, drep, hf_samr_domain, 0);
2525 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2526 tree, drep, hf_samr_controller, 0);
2530 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2531 hf_samr_unknown_short, NULL);
2534 offset = samr_dissect_DOMAIN_INFO_8(
2535 tvb, offset, pinfo, tree, drep);
2538 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2539 hf_samr_unknown_short, NULL);
2542 offset = samr_dissect_DOMAIN_INFO_11(
2543 tvb, offset, pinfo, tree, drep);
2546 offset = samr_dissect_REPLICATION_STATUS(
2547 tvb, offset, pinfo, tree, drep);
2550 offset = samr_dissect_DOMAIN_INFO_13(
2551 tvb, offset, pinfo, tree, drep);
2555 proto_item_set_len(item, offset-old_offset);
2560 samr_dissect_set_information_domain_rqst(tvbuff_t *tvb, int offset,
2561 packet_info *pinfo, proto_tree *tree,
2566 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2567 hf_samr_hnd, NULL, FALSE, FALSE);
2569 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2570 hf_samr_level, &level);
2572 if (check_col(pinfo->cinfo, COL_INFO))
2573 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
2575 offset = samr_dissect_DOMAIN_INFO(tvb, offset, pinfo, tree, drep);
2581 samr_dissect_set_information_domain_reply(tvbuff_t *tvb, int offset,
2583 proto_tree *tree, char *drep)
2585 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2592 samr_dissect_lookup_domain_rqst(tvbuff_t *tvb, int offset,
2593 packet_info *pinfo, proto_tree *tree,
2596 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2597 hf_samr_hnd, NULL, FALSE, FALSE);
2599 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2600 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
2601 "Domain", hf_samr_domain);
2607 samr_dissect_lookup_domain_reply(tvbuff_t *tvb, int offset,
2608 packet_info *pinfo, proto_tree *tree,
2611 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2612 dissect_ndr_nt_SID_ptr, NDR_POINTER_REF,
2615 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2621 dissect_ndr_nt_PSID(tvbuff_t *tvb, int offset,
2622 packet_info *pinfo, proto_tree *parent_tree,
2625 proto_item *item=NULL;
2626 proto_tree *tree=NULL;
2627 int old_offset=offset;
2630 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2632 tree = proto_item_add_subtree(item, ett_samr_sid_pointer);
2635 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2636 dissect_ndr_nt_SID, NDR_POINTER_UNIQUE,
2639 proto_item_set_len(item, offset-old_offset);
2645 dissect_ndr_nt_PSID_ARRAY_sids (tvbuff_t *tvb, int offset,
2646 packet_info *pinfo, proto_tree *tree,
2649 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2650 dissect_ndr_nt_PSID);
2657 dissect_ndr_nt_PSID_ARRAY(tvbuff_t *tvb, int offset,
2658 packet_info *pinfo, proto_tree *parent_tree,
2662 proto_item *item=NULL;
2663 proto_tree *tree=NULL;
2664 int old_offset=offset;
2667 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2669 tree = proto_item_add_subtree(item, ett_samr_sid_array);
2672 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2673 hf_samr_count, &count);
2674 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2675 dissect_ndr_nt_PSID_ARRAY_sids, NDR_POINTER_UNIQUE,
2678 proto_item_set_len(item, offset-old_offset);
2682 /* called from NETLOGON but placed here since where are where the hf_fields are defined */
2684 dissect_ndr_nt_SID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
2685 packet_info *pinfo, proto_tree *parent_tree,
2688 proto_item *item=NULL;
2689 proto_tree *tree=NULL;
2692 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2693 "SID_AND_ATTRIBUTES:");
2694 tree = proto_item_add_subtree(item, ett_samr_sid_and_attributes);
2697 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
2699 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2700 hf_samr_attrib, NULL);
2706 dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2707 packet_info *pinfo, proto_tree *parent_tree,
2711 proto_item *item=NULL;
2712 proto_tree *tree=NULL;
2713 int old_offset=offset;
2716 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2717 "SID_AND_ATTRIBUTES array:");
2718 tree = proto_item_add_subtree(item, ett_samr_sid_and_attributes_array);
2721 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2722 hf_samr_count, &count);
2723 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2724 dissect_ndr_nt_SID_AND_ATTRIBUTES);
2726 proto_item_set_len(item, offset-old_offset);
2732 samr_dissect_index(tvbuff_t *tvb, int offset,
2733 packet_info *pinfo, proto_tree *tree,
2738 di=pinfo->private_data;
2740 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2741 di->hf_index, NULL);
2748 samr_dissect_INDEX_ARRAY_value (tvbuff_t *tvb, int offset,
2749 packet_info *pinfo, proto_tree *tree,
2752 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2753 samr_dissect_index);
2759 plural_ending(const char *string)
2763 string_len = strlen(string);
2764 if (string_len > 0 && string[string_len - 1] == 's') {
2765 /* String ends with "s" - pluralize by adding "es" */
2768 /* Field name doesn't end with "s" - pluralize by adding "s" */
2774 samr_dissect_INDEX_ARRAY(tvbuff_t *tvb, int offset,
2775 packet_info *pinfo, proto_tree *parent_tree,
2780 proto_item *item=NULL;
2781 proto_tree *tree=NULL;
2782 int old_offset=offset;
2786 di=pinfo->private_data;
2788 field_name = proto_registrar_get_name(di->hf_index);
2789 snprintf(str, 255, "INDEX_ARRAY: %s%s:", field_name,
2790 plural_ending(field_name));
2792 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2794 tree = proto_item_add_subtree(item, ett_samr_index_array);
2797 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2798 hf_samr_count, &count);
2799 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2800 samr_dissect_INDEX_ARRAY_value, NDR_POINTER_UNIQUE,
2803 proto_item_set_len(item, offset-old_offset);
2808 samr_dissect_get_alias_membership_rqst(tvbuff_t *tvb, int offset,
2809 packet_info *pinfo, proto_tree *tree,
2812 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2813 hf_samr_hnd, NULL, FALSE, FALSE);
2815 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2816 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2823 samr_dissect_get_alias_membership_reply(tvbuff_t *tvb, int offset,
2824 packet_info *pinfo, proto_tree *tree,
2827 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2828 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
2829 "INDEX_ARRAY:", hf_samr_alias);
2831 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2838 samr_dissect_IDX_AND_NAME(tvbuff_t *tvb, int offset,
2839 packet_info *pinfo, proto_tree *parent_tree,
2842 proto_item *item=NULL;
2843 proto_tree *tree=NULL;
2844 int old_offset=offset;
2848 di=pinfo->private_data;
2850 snprintf(str, 255, "IDX_AND_NAME: %s:",proto_registrar_get_name(di->hf_index));
2852 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2854 tree = proto_item_add_subtree(item, ett_samr_idx_and_name);
2857 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2858 hf_samr_index, NULL);
2859 offset = dissect_ndr_counted_string(tvb, offset, pinfo,
2860 tree, drep, di->hf_index, 4);
2862 proto_item_set_len(item, offset-old_offset);
2867 samr_dissect_IDX_AND_NAME_entry (tvbuff_t *tvb, int offset,
2868 packet_info *pinfo, proto_tree *tree,
2871 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2872 samr_dissect_IDX_AND_NAME);
2879 samr_dissect_IDX_AND_NAME_ARRAY(tvbuff_t *tvb, int offset,
2880 packet_info *pinfo, proto_tree *parent_tree,
2885 proto_item *item=NULL;
2886 proto_tree *tree=NULL;
2887 int old_offset=offset;
2891 di=pinfo->private_data;
2893 field_name = proto_registrar_get_name(di->hf_index);
2896 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2897 "IDX_AND_NAME_ARRAY: %s%s:", field_name,
2898 plural_ending(field_name));
2899 tree = proto_item_add_subtree(item, ett_samr_idx_and_name_array);
2903 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2904 hf_samr_count, &count);
2905 snprintf(str, 255, "IDX_AND_NAME pointer: %s%s:", field_name,
2906 plural_ending(field_name));
2907 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2908 samr_dissect_IDX_AND_NAME_entry, NDR_POINTER_UNIQUE,
2911 proto_item_set_len(item, offset-old_offset);
2916 samr_dissect_IDX_AND_NAME_ARRAY_ptr(tvbuff_t *tvb, int offset,
2917 packet_info *pinfo, proto_tree *tree,
2924 di=pinfo->private_data;
2926 field_name = proto_registrar_get_name(di->hf_index);
2927 snprintf(str, 255, "IDX_AND_NAME_ARRAY pointer: %s%s:", field_name,
2928 plural_ending(field_name));
2929 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2930 samr_dissect_IDX_AND_NAME_ARRAY, NDR_POINTER_UNIQUE,
2936 samr_dissect_enum_domains_rqst(tvbuff_t *tvb, int offset,
2937 packet_info *pinfo, proto_tree *tree,
2940 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2941 hf_samr_hnd, NULL, FALSE, FALSE);
2943 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2944 samr_dissect_pointer_long, NDR_POINTER_REF,
2945 "Resume Handle", hf_samr_resume_hnd);
2947 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2948 hf_samr_pref_maxsize, NULL);
2954 samr_dissect_enum_domains_reply(tvbuff_t *tvb, int offset,
2955 packet_info *pinfo, proto_tree *tree,
2958 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2959 samr_dissect_pointer_long, NDR_POINTER_REF,
2960 "Resume Handle:", hf_samr_resume_hnd);
2962 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2963 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2964 "IDX_AND_NAME_ARRAY:", hf_samr_domain);
2966 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2967 samr_dissect_pointer_long, NDR_POINTER_REF,
2968 "Entries:", hf_samr_entries);
2970 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2977 samr_dissect_enum_dom_groups_rqst(tvbuff_t *tvb, int offset,
2978 packet_info *pinfo, proto_tree *tree,
2981 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2982 hf_samr_hnd, NULL, FALSE, FALSE);
2984 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2985 samr_dissect_pointer_long, NDR_POINTER_REF,
2986 "Resume Handle:", hf_samr_resume_hnd);
2988 offset = dissect_ndr_nt_acct_ctrl(
2989 tvb, offset, pinfo, tree, drep);
2991 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2992 hf_samr_pref_maxsize, NULL);
2998 samr_dissect_enum_dom_groups_reply(tvbuff_t *tvb, int offset,
2999 packet_info *pinfo, proto_tree *tree,
3002 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3003 samr_dissect_pointer_long, NDR_POINTER_REF,
3004 "Resume Handle:", hf_samr_resume_hnd);
3006 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3007 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
3008 "IDX_AND_NAME_ARRAY:", hf_samr_group_name);
3010 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3011 samr_dissect_pointer_long, NDR_POINTER_REF,
3012 "Entries:", hf_samr_entries);
3014 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3021 samr_dissect_enum_dom_aliases_rqst(tvbuff_t *tvb, int offset,
3022 packet_info *pinfo, proto_tree *tree,
3025 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3026 hf_samr_hnd, NULL, FALSE, FALSE);
3028 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3029 samr_dissect_pointer_long, NDR_POINTER_REF,
3030 "Resume Handle:", hf_samr_resume_hnd);
3032 offset = dissect_ndr_nt_acct_ctrl(
3033 tvb, offset, pinfo, tree, drep);
3035 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3036 hf_samr_pref_maxsize, NULL);
3042 samr_dissect_enum_dom_aliases_reply(tvbuff_t *tvb, int offset,
3043 packet_info *pinfo, proto_tree *tree,
3046 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3047 samr_dissect_pointer_long, NDR_POINTER_REF,
3048 "Resume Handle:", hf_samr_resume_hnd);
3050 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3051 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
3052 "IDX_AND_NAME_ARRAY:", hf_samr_alias_name);
3054 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3055 samr_dissect_pointer_long, NDR_POINTER_REF,
3056 "Entries:", hf_samr_entries);
3058 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3065 samr_dissect_get_members_in_alias_rqst(tvbuff_t *tvb, int offset,
3066 packet_info *pinfo, proto_tree *tree,
3069 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3070 hf_samr_hnd, NULL, FALSE, FALSE);
3076 samr_dissect_get_members_in_alias_reply(tvbuff_t *tvb, int offset,
3077 packet_info *pinfo, proto_tree *tree,
3080 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3081 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3084 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3091 samr_dissect_LOGON_HOURS_entry(tvbuff_t *tvb, int offset,
3092 packet_info *pinfo, proto_tree *tree,
3095 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
3096 hf_samr_unknown_char, NULL);
3101 samr_dissect_LOGON_HOURS_hours(tvbuff_t *tvb, int offset,
3102 packet_info *pinfo, proto_tree *parent_tree,
3105 proto_item *item=NULL;
3106 proto_tree *tree=NULL;
3107 int old_offset=offset;
3110 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3112 tree = proto_item_add_subtree(item, ett_samr_logon_hours_hours);
3115 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3116 samr_dissect_LOGON_HOURS_entry);
3118 proto_item_set_len(item, offset-old_offset);
3125 dissect_ndr_nt_LOGON_HOURS(tvbuff_t *tvb, int offset,
3126 packet_info *pinfo, proto_tree *parent_tree,
3129 proto_item *item=NULL;
3130 proto_tree *tree=NULL;
3131 int old_offset=offset;
3133 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
3136 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3138 tree = proto_item_add_subtree(item, ett_samr_logon_hours);
3141 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3142 hf_samr_divisions, NULL);
3143 /* XXX - is this a bitmask like the "logon hours" field in the
3144 Remote API call "NetUserGetInfo()" with an information level
3146 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3147 samr_dissect_LOGON_HOURS_hours, NDR_POINTER_UNIQUE,
3150 proto_item_set_len(item, offset-old_offset);
3156 samr_dissect_USER_INFO_1(tvbuff_t *tvb, int offset,
3157 packet_info *pinfo, proto_tree *parent_tree,
3160 proto_item *item=NULL;
3161 proto_tree *tree=NULL;
3162 int old_offset=offset;
3165 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3167 tree = proto_item_add_subtree(item, ett_samr_user_info_1);
3170 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3171 hf_samr_acct_name, 0);
3172 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3173 hf_samr_full_name, 0);
3174 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3175 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3177 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3180 proto_item_set_len(item, offset-old_offset);
3185 samr_dissect_USER_INFO_2(tvbuff_t *tvb, int offset,
3186 packet_info *pinfo, proto_tree *parent_tree,
3189 proto_item *item=NULL;
3190 proto_tree *tree=NULL;
3191 int old_offset=offset;
3194 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3196 tree = proto_item_add_subtree(item, ett_samr_user_info_2);
3199 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3200 hf_samr_acct_name, 0);
3201 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3202 hf_samr_full_name, 0);
3203 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3204 hf_samr_bad_pwd_count, NULL);
3205 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3206 hf_samr_logon_count, NULL);
3208 proto_item_set_len(item, offset-old_offset);
3213 samr_dissect_USER_INFO_3(tvbuff_t *tvb, int offset,
3214 packet_info *pinfo, proto_tree *parent_tree,
3217 proto_item *item=NULL;
3218 proto_tree *tree=NULL;
3219 int old_offset=offset;
3222 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3224 tree = proto_item_add_subtree(item, ett_samr_user_info_3);
3227 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3228 hf_samr_acct_name, 0);
3229 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3230 hf_samr_full_name, 0);
3231 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3233 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3234 hf_samr_group, NULL);
3235 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3237 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3238 hf_samr_home_drive, 0);
3239 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3241 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3242 hf_samr_acct_desc, 0);
3243 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3244 hf_samr_workstations, 0);
3245 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3246 hf_samr_logon_time);
3247 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3248 hf_samr_logoff_time);
3249 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3250 hf_samr_pwd_last_set_time);
3251 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3252 hf_samr_pwd_can_change_time);
3253 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3254 hf_samr_pwd_must_change_time);
3255 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
3256 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3257 hf_samr_logon_count, NULL);
3258 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3259 hf_samr_bad_pwd_count, NULL);
3260 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3262 proto_item_set_len(item, offset-old_offset);
3267 samr_dissect_USER_INFO_5(tvbuff_t *tvb, int offset,
3268 packet_info *pinfo, proto_tree *parent_tree,
3271 proto_item *item=NULL;
3272 proto_tree *tree=NULL;
3273 int old_offset=offset;
3276 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3278 tree = proto_item_add_subtree(item, ett_samr_user_info_5);
3281 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3282 hf_samr_acct_name, 0);
3283 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3284 hf_samr_full_name, 0);
3285 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3287 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3288 hf_samr_group, NULL);
3289 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3290 hf_samr_country, NULL);
3291 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3292 hf_samr_codepage, NULL);
3293 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3295 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3296 hf_samr_home_drive, 0);
3297 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3299 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3300 hf_samr_acct_desc, 0);
3301 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3302 hf_samr_workstations, 0);
3303 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3304 hf_samr_logon_time);
3305 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3306 hf_samr_logoff_time);
3307 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
3308 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3309 hf_samr_bad_pwd_count, NULL);
3310 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3311 hf_samr_logon_count, NULL);
3312 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3313 hf_samr_pwd_last_set_time);
3314 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3315 hf_samr_acct_expiry_time);
3316 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3318 proto_item_set_len(item, offset-old_offset);
3323 samr_dissect_USER_INFO_6(tvbuff_t *tvb, int offset,
3324 packet_info *pinfo, proto_tree *parent_tree,
3327 proto_item *item=NULL;
3328 proto_tree *tree=NULL;
3329 int old_offset=offset;
3332 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3334 tree = proto_item_add_subtree(item, ett_samr_user_info_6);
3337 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3338 hf_samr_acct_name, 0);
3339 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3340 hf_samr_full_name, 0);
3342 proto_item_set_len(item, offset-old_offset);
3347 samr_dissect_USER_INFO_18(tvbuff_t *tvb, int offset,
3348 packet_info *pinfo, proto_tree *parent_tree,
3351 proto_item *item=NULL;
3352 proto_tree *tree=NULL;
3353 int old_offset=offset;
3356 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3358 tree = proto_item_add_subtree(item, ett_samr_user_info_18);
3361 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
3362 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
3363 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3364 hf_samr_unknown_char, NULL);
3365 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3366 hf_samr_unknown_char, NULL);
3367 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3368 hf_samr_unknown_char, NULL);
3370 proto_item_set_len(item, offset-old_offset);
3375 samr_dissect_USER_INFO_19(tvbuff_t *tvb, int offset,
3376 packet_info *pinfo, proto_tree *parent_tree,
3379 proto_item *item=NULL;
3380 proto_tree *tree=NULL;
3381 int old_offset=offset;
3384 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3386 tree = proto_item_add_subtree(item, ett_samr_user_info_19);
3389 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3390 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3391 hf_samr_logon_time);
3392 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3393 hf_samr_logoff_time);
3394 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3395 hf_samr_bad_pwd_count, NULL);
3396 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3397 hf_samr_logon_count, NULL);
3399 proto_item_set_len(item, offset-old_offset);
3404 samr_dissect_BUFFER_entry(tvbuff_t *tvb, int offset,
3405 packet_info *pinfo, proto_tree *tree,
3408 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3409 hf_samr_unknown_char, NULL);
3415 samr_dissect_BUFFER_buffer(tvbuff_t *tvb, int offset,
3416 packet_info *pinfo, proto_tree *parent_tree,
3419 proto_item *item=NULL;
3420 proto_tree *tree=NULL;
3421 int old_offset=offset;
3424 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3426 tree = proto_item_add_subtree(item, ett_samr_buffer_buffer);
3429 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3430 samr_dissect_BUFFER_entry);
3432 proto_item_set_len(item, offset-old_offset);
3439 samr_dissect_BUFFER(tvbuff_t *tvb, int offset,
3440 packet_info *pinfo, proto_tree *parent_tree,
3443 proto_item *item=NULL;
3444 proto_tree *tree=NULL;
3445 int old_offset=offset;
3448 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3450 tree = proto_item_add_subtree(item, ett_samr_buffer);
3452 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3453 hf_samr_count, NULL);
3454 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3455 samr_dissect_BUFFER_buffer, NDR_POINTER_UNIQUE,
3458 proto_item_set_len(item, offset-old_offset);
3463 samr_dissect_USER_INFO_21(tvbuff_t *tvb, int offset,
3464 packet_info *pinfo, proto_tree *parent_tree,
3467 proto_item *item=NULL;
3468 proto_tree *tree=NULL;
3469 int old_offset=offset;
3472 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3474 tree = proto_item_add_subtree(item, ett_samr_user_info_21);
3477 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3478 hf_samr_logon_time);
3479 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3480 hf_samr_logoff_time);
3481 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3482 hf_samr_kickoff_time);
3483 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3484 hf_samr_pwd_last_set_time);
3485 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3486 hf_samr_pwd_can_change_time);
3487 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3488 hf_samr_pwd_must_change_time);
3489 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3490 hf_samr_acct_name, 2);
3491 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3492 hf_samr_full_name, 0);
3493 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3495 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3496 hf_samr_home_drive, 0);
3497 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3499 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3500 hf_samr_profile, 0);
3501 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3502 hf_samr_acct_desc, 0);
3503 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3504 hf_samr_workstations, 0);
3505 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3506 hf_samr_comment, 0);
3507 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3508 hf_samr_parameters, 0);
3509 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3510 hf_samr_unknown_string, 0);
3511 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3512 hf_samr_unknown_string, 0);
3513 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
3514 hf_samr_unknown_string, 0);
3515 offset = samr_dissect_BUFFER(tvb, offset, pinfo, tree, drep);
3516 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3518 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3519 hf_samr_group, NULL);
3520 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
3521 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3522 hf_samr_unknown_long, NULL);
3523 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
3524 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3525 hf_samr_bad_pwd_count, NULL);
3526 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3527 hf_samr_logon_count, NULL);
3528 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3529 hf_samr_country, NULL);
3530 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
3531 hf_samr_codepage, NULL);
3532 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3533 hf_samr_nt_pwd_set, NULL);
3534 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3535 hf_samr_lm_pwd_set, NULL);
3536 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3537 hf_samr_pwd_expired, NULL);
3538 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3539 hf_samr_unknown_char, NULL);
3541 proto_item_set_len(item, offset-old_offset);
3546 samr_dissect_USER_INFO_22(tvbuff_t *tvb, int offset,
3547 packet_info *pinfo, proto_tree *parent_tree,
3550 proto_item *item=NULL;
3551 proto_tree *tree=NULL;
3552 int old_offset=offset;
3555 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3557 tree = proto_item_add_subtree(item, ett_samr_user_info_22);
3560 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3561 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
3562 hf_samr_revision, NULL);
3564 proto_item_set_len(item, offset-old_offset);
3569 samr_dissect_USER_INFO_23(tvbuff_t *tvb, int offset,
3570 packet_info *pinfo, proto_tree *parent_tree,
3573 proto_item *item=NULL;
3574 proto_tree *tree=NULL;
3575 int old_offset=offset;
3578 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3580 tree = proto_item_add_subtree(item, ett_samr_user_info_23);
3583 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3584 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3586 proto_item_set_len(item, offset-old_offset);
3591 samr_dissect_USER_INFO_24(tvbuff_t *tvb, int offset,
3592 packet_info *pinfo, proto_tree *parent_tree,
3595 proto_item *item=NULL;
3596 proto_tree *tree=NULL;
3597 int old_offset=offset;
3600 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3602 tree = proto_item_add_subtree(item, ett_samr_user_info_24);
3605 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3606 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3607 hf_samr_unknown_char, NULL);
3609 proto_item_set_len(item, offset-old_offset);
3614 samr_dissect_USER_INFO (tvbuff_t *tvb, int offset,
3615 packet_info *pinfo, proto_tree *parent_tree,
3618 proto_item *item=NULL;
3619 proto_tree *tree=NULL;
3620 int old_offset=offset;
3624 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3626 tree = proto_item_add_subtree(item, ett_samr_user_info);
3628 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3629 hf_samr_level, &level);
3633 offset = samr_dissect_USER_INFO_1(
3634 tvb, offset, pinfo, tree, drep);
3637 offset = samr_dissect_USER_INFO_2(
3638 tvb, offset, pinfo, tree, drep);
3641 offset = samr_dissect_USER_INFO_3(
3642 tvb, offset, pinfo, tree, drep);
3645 offset = dissect_ndr_nt_LOGON_HOURS(
3646 tvb, offset, pinfo, tree, drep);
3649 offset = samr_dissect_USER_INFO_5(
3650 tvb, offset, pinfo, tree, drep);
3653 offset = samr_dissect_USER_INFO_6(
3654 tvb, offset, pinfo, tree, drep);
3657 offset = dissect_ndr_counted_string(
3658 tvb, offset, pinfo, tree, drep, hf_samr_full_name, 0);
3661 offset = dissect_ndr_counted_string(
3662 tvb, offset, pinfo, tree, drep, hf_samr_acct_desc, 0);
3665 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3666 hf_samr_unknown_long, NULL);
3669 offset = samr_dissect_USER_INFO_6(
3670 tvb, offset, pinfo, tree, drep);
3673 offset = dissect_ndr_counted_string(
3674 tvb, offset, pinfo, tree, drep, hf_samr_home, 0);
3677 offset = dissect_ndr_counted_string(
3678 tvb, offset, pinfo, tree, drep, hf_samr_home_drive, 0);
3681 offset = dissect_ndr_counted_string(
3682 tvb, offset, pinfo, tree, drep, hf_samr_script, 0);
3685 offset = dissect_ndr_counted_string(
3686 tvb, offset, pinfo, tree, drep, hf_samr_workstations, 0);
3689 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree,
3693 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3694 hf_samr_unknown_time);
3697 offset = samr_dissect_USER_INFO_18(
3698 tvb, offset, pinfo, tree, drep);
3701 offset = samr_dissect_USER_INFO_19(
3702 tvb, offset, pinfo, tree, drep);
3705 offset = dissect_ndr_counted_string(
3706 tvb, offset, pinfo, tree, drep, hf_samr_profile, 0);
3709 offset = samr_dissect_USER_INFO_21(
3710 tvb, offset, pinfo, tree, drep);
3713 offset = samr_dissect_USER_INFO_22(
3714 tvb, offset, pinfo, tree, drep);
3717 offset = samr_dissect_USER_INFO_23(
3718 tvb, offset, pinfo, tree, drep);
3721 offset = samr_dissect_USER_INFO_24(
3722 tvb, offset, pinfo, tree, drep);
3726 proto_item_set_len(item, offset-old_offset);
3731 samr_dissect_USER_INFO_ptr(tvbuff_t *tvb, int offset,
3732 packet_info *pinfo, proto_tree *tree,
3735 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3736 samr_dissect_USER_INFO, NDR_POINTER_UNIQUE,
3737 "USER_INFO pointer", -1);
3742 samr_dissect_set_information_user2_rqst(tvbuff_t *tvb, int offset,
3743 packet_info *pinfo, proto_tree *tree,
3748 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3749 hf_samr_hnd, NULL, FALSE, FALSE);
3751 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3752 hf_samr_level, &level);
3754 if (check_col(pinfo->cinfo, COL_INFO))
3755 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
3757 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3758 samr_dissect_USER_INFO, NDR_POINTER_REF,
3765 samr_dissect_set_information_user2_reply(tvbuff_t *tvb, int offset,
3766 packet_info *pinfo, proto_tree *tree,
3769 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3776 samr_dissect_unknown_2f_rqst(tvbuff_t *tvb, int offset,
3777 packet_info *pinfo, proto_tree *tree,
3782 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3783 hf_samr_hnd, NULL, FALSE, FALSE);
3785 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3786 hf_samr_level, &level);
3788 if (check_col(pinfo->cinfo, COL_INFO))
3789 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
3795 samr_dissect_unknown_2f_reply(tvbuff_t *tvb, int offset,
3796 packet_info *pinfo, proto_tree *tree,
3799 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3800 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
3803 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3810 samr_dissect_MEMBER_ARRAY_type(tvbuff_t *tvb, int offset,
3811 packet_info *pinfo, proto_tree *tree,
3814 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3815 hf_samr_type, NULL);
3822 samr_dissect_MEMBER_ARRAY_types(tvbuff_t *tvb, int offset,
3823 packet_info *pinfo, proto_tree *parent_tree,
3826 proto_item *item=NULL;
3827 proto_tree *tree=NULL;
3828 int old_offset=offset;
3831 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3832 "MEMBER_ARRAY_types:");
3833 tree = proto_item_add_subtree(item, ett_samr_member_array_types);
3836 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3837 samr_dissect_MEMBER_ARRAY_type);
3839 proto_item_set_len(item, offset-old_offset);
3846 samr_dissect_MEMBER_ARRAY_rid(tvbuff_t *tvb, int offset,
3847 packet_info *pinfo, proto_tree *tree,
3850 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3858 samr_dissect_MEMBER_ARRAY_rids(tvbuff_t *tvb, int offset,
3859 packet_info *pinfo, proto_tree *parent_tree,
3862 proto_item *item=NULL;
3863 proto_tree *tree=NULL;
3864 int old_offset=offset;
3867 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3868 "MEMBER_ARRAY_rids:");
3869 tree = proto_item_add_subtree(item, ett_samr_member_array_rids);
3872 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3873 samr_dissect_MEMBER_ARRAY_rid);
3875 proto_item_set_len(item, offset-old_offset);
3882 samr_dissect_MEMBER_ARRAY(tvbuff_t *tvb, int offset,
3883 packet_info *pinfo, proto_tree *parent_tree,
3887 proto_item *item=NULL;
3888 proto_tree *tree=NULL;
3889 int old_offset=offset;
3892 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3894 tree = proto_item_add_subtree(item, ett_samr_member_array);
3897 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3898 hf_samr_count, &count);
3899 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3900 samr_dissect_MEMBER_ARRAY_rids, NDR_POINTER_UNIQUE,
3902 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3903 samr_dissect_MEMBER_ARRAY_types, NDR_POINTER_UNIQUE,
3906 proto_item_set_len(item, offset-old_offset);
3911 samr_dissect_MEMBER_ARRAY_ptr(tvbuff_t *tvb, int offset,
3912 packet_info *pinfo, proto_tree *tree,
3915 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3916 samr_dissect_MEMBER_ARRAY, NDR_POINTER_UNIQUE,
3917 "MEMBER_ARRAY", -1);
3922 samr_dissect_query_groupmem_rqst(tvbuff_t *tvb, int offset,
3923 packet_info *pinfo, proto_tree *tree,
3926 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3933 samr_dissect_query_groupmem_reply(tvbuff_t *tvb, int offset,
3934 packet_info *pinfo, proto_tree *tree,
3937 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3938 samr_dissect_MEMBER_ARRAY_ptr, NDR_POINTER_REF,
3939 "MEMBER_ARRAY:", -1);
3941 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3948 samr_dissect_set_sec_object_rqst(tvbuff_t *tvb, int offset,
3949 packet_info *pinfo, proto_tree *tree,
3954 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3955 hf_samr_hnd, NULL, FALSE, FALSE);
3957 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3958 hf_samr_info_type, &info_type);
3960 if (check_col(pinfo->cinfo, COL_INFO))
3962 pinfo->cinfo, COL_INFO, ", info type %d", info_type);
3964 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3965 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3966 "LSA_SECURITY_DESCRIPTOR pointer: ", -1);
3972 samr_dissect_set_sec_object_reply(tvbuff_t *tvb, int offset,
3973 packet_info *pinfo, proto_tree *tree,
3976 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3983 samr_dissect_query_sec_object_rqst(tvbuff_t *tvb, int offset,
3984 packet_info *pinfo, proto_tree *tree,
3989 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3990 hf_samr_hnd, NULL, FALSE, FALSE);
3992 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3993 hf_samr_info_type, &info_type);
3995 if (check_col(pinfo->cinfo, COL_INFO))
3997 pinfo->cinfo, COL_INFO, ", info_type %d", info_type);
4003 samr_dissect_query_sec_object_reply(tvbuff_t *tvb, int offset,
4004 packet_info *pinfo, proto_tree *tree,
4007 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4008 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
4009 "LSA_SECURITY_DESCRIPTOR pointer: ", -1);
4011 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4018 samr_dissect_LOOKUP_NAMES_name(tvbuff_t *tvb, int offset,
4019 packet_info *pinfo, proto_tree *tree,
4022 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
4023 hf_samr_acct_name, 1);
4028 samr_dissect_LOOKUP_NAMES(tvbuff_t *tvb, int offset,
4029 packet_info *pinfo, proto_tree *parent_tree,
4032 proto_item *item=NULL;
4033 proto_tree *tree=NULL;
4034 int old_offset=offset;
4037 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
4039 tree = proto_item_add_subtree(item, ett_samr_names);
4042 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
4043 samr_dissect_LOOKUP_NAMES_name);
4045 proto_item_set_len(item, offset-old_offset);
4051 samr_dissect_lookup_names_rqst(tvbuff_t *tvb, int offset,
4052 packet_info *pinfo, proto_tree *tree,
4055 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4056 hf_samr_hnd, NULL, FALSE, FALSE);
4058 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4059 hf_samr_count, NULL);
4061 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4062 samr_dissect_LOOKUP_NAMES, NDR_POINTER_REF,
4063 "LOOKUP_NAMES:", -1);
4069 samr_dissect_lookup_names_reply(tvbuff_t *tvb, int offset,
4070 packet_info *pinfo, proto_tree *tree,
4073 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4074 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
4075 "Rids:", hf_samr_rid);
4077 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4078 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
4079 "Types:", hf_samr_type);
4081 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4088 samr_dissect_LOOKUP_RIDS_rid(tvbuff_t *tvb, int offset,
4089 packet_info *pinfo, proto_tree *tree,
4092 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4099 samr_dissect_LOOKUP_RIDS(tvbuff_t *tvb, int offset,
4100 packet_info *pinfo, proto_tree *parent_tree,
4103 proto_item *item=NULL;
4104 proto_tree *tree=NULL;
4105 int old_offset=offset;
4108 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
4110 tree = proto_item_add_subtree(item, ett_samr_rids);
4113 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
4114 samr_dissect_LOOKUP_RIDS_rid);
4116 proto_item_set_len(item, offset-old_offset);
4122 samr_dissect_lookup_rids_rqst(tvbuff_t *tvb, int offset,
4123 packet_info *pinfo, proto_tree *tree,
4126 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4127 hf_samr_hnd, NULL, FALSE, FALSE);
4129 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4130 hf_samr_count, NULL);
4132 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4133 samr_dissect_LOOKUP_RIDS, NDR_POINTER_REF,
4134 "LOOKUP_RIDS:", -1);
4140 samr_dissect_UNICODE_STRING_ARRAY_name(tvbuff_t *tvb, int offset,
4141 packet_info *pinfo, proto_tree *tree,
4144 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
4145 hf_samr_acct_name, 0);
4150 samr_dissect_UNICODE_STRING_ARRAY_names(tvbuff_t *tvb, int offset,
4151 packet_info *pinfo, proto_tree *tree,
4154 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
4155 samr_dissect_UNICODE_STRING_ARRAY_name);
4160 samr_dissect_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
4161 packet_info *pinfo, proto_tree *parent_tree,
4164 proto_item *item=NULL;
4165 proto_tree *tree=NULL;
4166 int old_offset=offset;
4169 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
4171 tree = proto_item_add_subtree(item, ett_samr_names);
4174 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
4175 hf_samr_count, NULL);
4177 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4178 samr_dissect_UNICODE_STRING_ARRAY_names, NDR_POINTER_UNIQUE,
4181 proto_item_set_len(item, offset-old_offset);
4189 samr_dissect_lookup_rids_reply(tvbuff_t *tvb, int offset,
4190 packet_info *pinfo, proto_tree *tree,
4193 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4194 samr_dissect_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
4195 "RIDs:", hf_samr_rid);
4197 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4198 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
4199 "Types:", hf_samr_type);
4201 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4208 samr_dissect_close_hnd_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4209 proto_tree *tree, char *drep)
4211 e_ctx_hnd policy_hnd;
4214 offset = dissect_nt_policy_hnd(
4215 tvb, offset, pinfo, tree, drep, hf_samr_hnd, &policy_hnd,
4218 dcerpc_smb_fetch_pol(&policy_hnd, &name, NULL, NULL);
4220 if (name != NULL && check_col(pinfo->cinfo, COL_INFO))
4222 pinfo->cinfo, COL_INFO, ", %s", name);
4228 samr_dissect_close_hnd_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
4229 proto_tree *tree, char *drep)
4231 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4232 hf_samr_hnd, NULL, FALSE, FALSE);
4234 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4241 samr_dissect_shutdown_sam_server_rqst(tvbuff_t *tvb, int offset,
4242 packet_info *pinfo, proto_tree *tree,
4245 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
4252 samr_dissect_shutdown_sam_server_reply(tvbuff_t *tvb, int offset,
4253 packet_info *pinfo, proto_tree *tree,
4256 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4263 samr_dissect_delete_dom_group_rqst(tvbuff_t *tvb, int offset,
4264 packet_info *pinfo, proto_tree *tree,
4267 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
4274 samr_dissect_delete_dom_group_reply(tvbuff_t *tvb, int offset,
4275 packet_info *pinfo, proto_tree *tree,
4278 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4285 samr_dissect_remove_member_from_group_rqst(tvbuff_t *tvb, int offset,
4287 proto_tree *tree, char *drep)
4289 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4290 hf_samr_hnd, NULL, FALSE, FALSE);
4292 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4293 hf_samr_group, NULL);
4295 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4302 samr_dissect_remove_member_from_group_reply(tvbuff_t *tvb, int offset,
4304 proto_tree *tree, char *drep)
4306 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4313 samr_dissect_delete_dom_alias_rqst(tvbuff_t *tvb, int offset,
4314 packet_info *pinfo, proto_tree *tree,
4317 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
4324 samr_dissect_delete_dom_alias_reply(tvbuff_t *tvb, int offset,
4325 packet_info *pinfo, proto_tree *tree,
4328 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4335 samr_dissect_add_alias_member_rqst(tvbuff_t *tvb, int offset,
4336 packet_info *pinfo, proto_tree *tree,
4339 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4340 hf_samr_hnd, NULL, FALSE, FALSE);
4342 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4343 dissect_ndr_nt_SID, NDR_POINTER_REF,
4350 samr_dissect_add_alias_member_reply(tvbuff_t *tvb, int offset,
4351 packet_info *pinfo, proto_tree *tree,
4354 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4361 samr_dissect_remove_alias_member_rqst(tvbuff_t *tvb, int offset,
4362 packet_info *pinfo, proto_tree *tree,
4365 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4366 hf_samr_hnd, NULL, FALSE, FALSE);
4368 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4369 dissect_ndr_nt_SID, NDR_POINTER_REF,
4375 samr_dissect_remove_alias_member_reply(tvbuff_t *tvb, int offset,
4376 packet_info *pinfo, proto_tree *tree,
4379 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4386 samr_dissect_delete_dom_user_rqst(tvbuff_t *tvb, int offset,
4387 packet_info *pinfo, proto_tree *tree,
4390 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4391 hf_samr_hnd, NULL, FALSE, FALSE);
4397 samr_dissect_delete_dom_user_reply(tvbuff_t *tvb, int offset,
4398 packet_info *pinfo, proto_tree *tree,
4401 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4408 samr_dissect_test_private_fns_domain_rqst(tvbuff_t *tvb, int offset,
4409 packet_info *pinfo, proto_tree *tree,
4412 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4413 hf_samr_hnd, NULL, FALSE, FALSE);
4419 samr_dissect_test_private_fns_domain_reply(tvbuff_t *tvb, int offset,
4421 proto_tree *tree, char *drep)
4423 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4430 samr_dissect_test_private_fns_user_rqst(tvbuff_t *tvb, int offset,
4431 packet_info *pinfo, proto_tree *tree,
4434 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4435 hf_samr_hnd, NULL, FALSE, FALSE);
4441 samr_dissect_test_private_fns_user_reply(tvbuff_t *tvb, int offset,
4443 proto_tree *tree, char *drep)
4445 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4452 samr_dissect_remove_member_from_foreign_domain_rqst(tvbuff_t *tvb, int offset,
4457 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4458 hf_samr_hnd, NULL, FALSE, FALSE);
4460 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4461 dissect_ndr_nt_SID, NDR_POINTER_REF,
4467 samr_dissect_remove_member_from_foreign_domain_reply(tvbuff_t *tvb, int offset,
4472 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4479 samr_dissect_remove_multiple_members_from_alias_rqst(tvbuff_t *tvb,
4485 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4486 hf_samr_hnd, NULL, FALSE, FALSE);
4488 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4489 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
4496 samr_dissect_remove_multiple_members_from_alias_reply(tvbuff_t *tvb,
4502 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4509 samr_dissect_open_group_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4510 proto_tree *tree, char *drep)
4512 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4513 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4516 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4517 hf_samr_hnd, NULL, FALSE, FALSE);
4519 offset = dissect_nt_access_mask(
4520 tvb, offset, pinfo, tree, drep, hf_samr_access,
4521 specific_rights_group);
4523 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4526 if (check_col(pinfo->cinfo, COL_INFO))
4527 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
4529 dcv->private_data = GINT_TO_POINTER(rid);
4535 samr_dissect_open_group_reply(tvbuff_t *tvb, int offset,
4536 packet_info *pinfo, proto_tree *tree,
4539 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4540 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4541 guint32 rid = GPOINTER_TO_INT(dcv->private_data);
4542 e_ctx_hnd policy_hnd;
4545 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4546 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
4549 pol_name = g_strdup_printf("OpenGroup(rid 0x%x)", rid);
4551 pol_name = g_strdup("OpenGroup handle");
4553 dcerpc_smb_store_pol_name(&policy_hnd, pol_name);
4557 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4564 samr_dissect_open_alias_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
4565 proto_tree *tree, char *drep)
4567 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4568 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4571 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4572 hf_samr_hnd, NULL, FALSE, FALSE);
4574 offset = dissect_nt_access_mask(
4575 tvb, offset, pinfo, tree, drep, hf_samr_access,
4576 specific_rights_alias);
4578 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4581 if (check_col(pinfo->cinfo, COL_INFO))
4582 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
4584 dcv->private_data = GINT_TO_POINTER(rid);
4590 samr_dissect_open_alias_reply(tvbuff_t *tvb, int offset,
4591 packet_info *pinfo, proto_tree *tree,
4594 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
4595 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
4596 e_ctx_hnd policy_hnd;
4600 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4601 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
4603 rid = GPOINTER_TO_INT(dcv->private_data);
4606 pol_name = g_strdup_printf("OpenAlias(rid 0x%x)", rid);
4608 pol_name = g_strdup_printf("OpenAlias handle");
4610 dcerpc_smb_store_pol_name(&policy_hnd, pol_name);
4614 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4621 samr_dissect_add_multiple_members_to_alias_rqst(tvbuff_t *tvb, int offset,
4623 proto_tree *tree, char *drep)
4625 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4626 hf_samr_hnd, NULL, FALSE, FALSE);
4628 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4629 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
4636 samr_dissect_add_multiple_members_to_alias_reply(tvbuff_t *tvb, int offset,
4638 proto_tree *tree, char *drep)
4640 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4647 samr_dissect_create_group_in_domain_rqst(tvbuff_t *tvb, int offset,
4648 packet_info *pinfo, proto_tree *tree,
4651 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4652 hf_samr_hnd, NULL, FALSE, FALSE);
4654 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4655 dissect_ndr_counted_string_ptr, NDR_POINTER_REF,
4656 "Account Name", hf_samr_acct_name);
4658 offset = dissect_nt_access_mask(
4659 tvb, offset, pinfo, tree, drep, hf_samr_access,
4660 specific_rights_group);
4666 samr_dissect_create_group_in_domain_reply(tvbuff_t *tvb, int offset,
4667 packet_info *pinfo, proto_tree *tree,
4670 e_ctx_hnd policy_hnd;
4674 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4675 hf_samr_hnd, &policy_hnd, TRUE, FALSE);
4677 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4680 pol_name = g_strdup_printf("CreateGroup(rid 0x%x)", rid);
4682 dcerpc_smb_store_pol_name(&policy_hnd, pol_name);
4686 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4693 samr_dissect_query_information_domain_rqst(tvbuff_t *tvb, int offset,
4695 proto_tree *tree, char *drep)
4699 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4700 hf_samr_hnd, NULL, FALSE, FALSE);
4702 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4703 hf_samr_level, &level);
4705 if (check_col(pinfo->cinfo, COL_INFO))
4706 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
4712 samr_dissect_query_information_domain_reply(tvbuff_t *tvb, int offset,
4713 packet_info *pinfo, proto_tree *tree,
4717 * Yes, in at least one capture with replies from a W2K server,
4718 * this was, indeed, a UNIQUE pointer, not a REF pointer.
4720 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4721 samr_dissect_DOMAIN_INFO, NDR_POINTER_UNIQUE,
4722 "DOMAIN_INFO pointer", hf_samr_domain);
4724 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4731 samr_dissect_query_information_user_rqst(tvbuff_t *tvb, int offset,
4733 proto_tree *tree, char *drep)
4737 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4738 hf_samr_hnd, NULL, FALSE, FALSE);
4740 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4741 hf_samr_level, &level);
4743 if (check_col(pinfo->cinfo, COL_INFO))
4744 col_append_fstr(pinfo->cinfo, COL_INFO, ", level %d", level);
4750 samr_dissect_query_information_user_reply(tvbuff_t *tvb, int offset,
4752 proto_tree *tree, char *drep)
4754 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4755 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
4758 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4764 static dcerpc_sub_dissector dcerpc_samr_dissectors[] = {
4765 { SAMR_CONNECT, "SamrConnect",
4766 samr_dissect_connect_anon_rqst,
4767 samr_dissect_connect_anon_reply },
4768 { SAMR_CLOSE_HND, "Close",
4769 samr_dissect_close_hnd_rqst,
4770 samr_dissect_close_hnd_reply },
4771 { SAMR_SET_SEC_OBJECT, "SetSecObject",
4772 samr_dissect_set_sec_object_rqst,
4773 samr_dissect_set_sec_object_reply },
4774 { SAMR_QUERY_SEC_OBJECT, "QuerySecObject",
4775 samr_dissect_query_sec_object_rqst,
4776 samr_dissect_query_sec_object_reply },
4777 { SAMR_SHUTDOWN_SAM_SERVER, "ShutdownSamServer",
4778 samr_dissect_shutdown_sam_server_rqst,
4779 samr_dissect_shutdown_sam_server_reply },
4780 { SAMR_LOOKUP_DOMAIN, "LookupDomain",
4781 samr_dissect_lookup_domain_rqst,
4782 samr_dissect_lookup_domain_reply },
4783 { SAMR_ENUM_DOMAINS, "EnumDomains",
4784 samr_dissect_enum_domains_rqst,
4785 samr_dissect_enum_domains_reply },
4786 { SAMR_OPEN_DOMAIN, "OpenDomain",
4787 samr_dissect_open_domain_rqst,
4788 samr_dissect_open_domain_reply },
4789 { SAMR_QUERY_DOMAIN_INFO, "QueryDomainInfo",
4790 samr_dissect_query_information_alias_rqst,
4791 samr_dissect_query_information_domain_reply },
4792 { SAMR_SET_DOMAIN_INFO, "SetDomainInfo",
4793 samr_dissect_set_information_domain_rqst,
4794 samr_dissect_set_information_domain_reply },
4795 { SAMR_CREATE_DOM_GROUP, "CreateGroup",
4796 samr_dissect_create_alias_in_domain_rqst,
4797 samr_dissect_create_alias_in_domain_reply },
4798 { SAMR_ENUM_DOM_GROUPS, "EnumDomainGroups",
4799 samr_dissect_enum_dom_groups_rqst,
4800 samr_dissect_enum_dom_groups_reply },
4801 { SAMR_CREATE_USER_IN_DOMAIN, "CreateUser",
4802 samr_dissect_create_group_in_domain_rqst,
4803 samr_dissect_create_group_in_domain_reply },
4804 { SAMR_ENUM_DOM_USERS, "EnumDomainUsers",
4805 samr_dissect_enum_dom_groups_rqst,
4806 samr_dissect_enum_dom_groups_reply },
4807 { SAMR_CREATE_DOM_ALIAS, "CreateAlias",
4808 samr_dissect_create_alias_in_domain_rqst,
4809 samr_dissect_create_alias_in_domain_reply },
4810 { SAMR_ENUM_DOM_ALIASES, "EnumAlises",
4811 samr_dissect_enum_dom_aliases_rqst,
4812 samr_dissect_enum_dom_aliases_reply },
4813 { SAMR_GET_ALIAS_MEMBERSHIP, "GetAliasMem",
4814 samr_dissect_get_alias_membership_rqst,
4815 samr_dissect_get_alias_membership_reply },
4816 { SAMR_LOOKUP_NAMES, "LookupNames",
4817 samr_dissect_lookup_names_rqst,
4818 samr_dissect_lookup_names_reply },
4819 { SAMR_LOOKUP_RIDS, "LookupRIDs",
4820 samr_dissect_lookup_rids_rqst,
4821 samr_dissect_lookup_rids_reply },
4822 { SAMR_OPEN_GROUP, "OpenGroup",
4823 samr_dissect_open_group_rqst,
4824 samr_dissect_open_group_reply },
4825 { SAMR_QUERY_GROUPINFO, "QueryGroupInfo",
4826 samr_dissect_query_information_group_rqst,
4827 samr_dissect_query_information_group_reply },
4828 { SAMR_SET_GROUPINFO, "SetGroupInfo",
4829 samr_dissect_set_information_group_rqst,
4830 samr_dissect_set_information_group_reply },
4831 { SAMR_ADD_GROUPMEM, "AddGroupMem",
4832 samr_dissect_add_member_to_group_rqst,
4833 samr_dissect_add_member_to_group_reply },
4834 { SAMR_DELETE_DOM_GROUP, "DeleteDomainGroup",
4835 samr_dissect_delete_dom_group_rqst,
4836 samr_dissect_delete_dom_group_reply },
4837 { SAMR_DEL_GROUPMEM, "RemoveGroupMem",
4838 samr_dissect_remove_member_from_group_rqst,
4839 samr_dissect_remove_member_from_group_reply },
4840 { SAMR_QUERY_GROUPMEM, "QueryGroupMem",
4841 samr_dissect_query_groupmem_rqst,
4842 samr_dissect_query_groupmem_reply },
4843 { SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SetMemberAttrGroup",
4844 samr_dissect_set_member_attributes_of_group_rqst,
4845 samr_dissect_set_member_attributes_of_group_reply },
4846 { SAMR_OPEN_ALIAS, "OpenAlias",
4847 samr_dissect_open_alias_rqst,
4848 samr_dissect_open_alias_reply },
4849 { SAMR_QUERY_ALIASINFO, "QueryAliasInfo",
4850 samr_dissect_query_information_alias_rqst,
4851 samr_dissect_query_information_alias_reply },
4852 { SAMR_SET_ALIASINFO, "SetAliasInfo",
4853 samr_dissect_set_information_alias_rqst,
4854 samr_dissect_set_information_alias_reply },
4855 { SAMR_DELETE_DOM_ALIAS, "DeleteAlias",
4856 samr_dissect_delete_dom_alias_rqst,
4857 samr_dissect_delete_dom_alias_reply },
4858 { SAMR_ADD_ALIASMEM, "AddAliasMem",
4859 samr_dissect_add_alias_member_rqst,
4860 samr_dissect_add_alias_member_reply },
4861 { SAMR_DEL_ALIASMEM, "RemoveAliasMem",
4862 samr_dissect_remove_alias_member_rqst,
4863 samr_dissect_remove_alias_member_reply },
4864 { SAMR_GET_MEMBERS_IN_ALIAS, "GetAliasMem",
4865 samr_dissect_get_members_in_alias_rqst,
4866 samr_dissect_get_members_in_alias_reply },
4867 { SAMR_OPEN_USER, "OpenUser",
4868 samr_dissect_open_user_rqst,
4869 samr_dissect_open_user_reply },
4870 { SAMR_DELETE_DOM_USER, "DeleteUser",
4871 samr_dissect_delete_dom_user_rqst,
4872 samr_dissect_delete_dom_user_reply },
4873 { SAMR_QUERY_USERINFO, "QueryUserInfo",
4874 samr_dissect_query_information_user_rqst,
4875 samr_dissect_query_information_user_reply },
4876 { SAMR_SET_USERINFO2, "SetUserInfo2",
4877 samr_dissect_set_information_user2_rqst,
4878 samr_dissect_set_information_user2_reply },
4879 { SAMR_CHANGE_PASSWORD_USER, "ChangePassword",
4880 samr_dissect_change_password_user_rqst,
4881 samr_dissect_change_password_user_reply },
4882 { SAMR_GET_GROUPS_FOR_USER, "GetGroups",
4883 samr_dissect_get_groups_for_user_rqst,
4884 samr_dissect_get_groups_for_user_reply },
4885 { SAMR_QUERY_DISPINFO, "QueryDispinfo",
4886 samr_dissect_query_dispinfo_rqst,
4887 samr_dissect_query_dispinfo_reply },
4888 { SAMR_GET_DISPLAY_ENUMERATION_INDEX, "GetDispEnumNDX",
4889 samr_dissect_get_display_enumeration_index_rqst,
4890 samr_dissect_get_display_enumeration_index_reply },
4891 { SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "TestPrivateFnsDomain",
4892 samr_dissect_test_private_fns_domain_rqst,
4893 samr_dissect_test_private_fns_domain_reply },
4894 { SAMR_TEST_PRIVATE_FUNCTIONS_USER, "TestPrivateFnsUser",
4895 samr_dissect_test_private_fns_user_rqst,
4896 samr_dissect_test_private_fns_user_reply },
4897 { SAMR_GET_USRDOM_PWINFO, "GetUserDomPwInfo",
4898 samr_dissect_get_usrdom_pwinfo_rqst,
4899 samr_dissect_get_usrdom_pwinfo_reply },
4900 { SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "RemoveMemberForeignDomain",
4901 samr_dissect_remove_member_from_foreign_domain_rqst,
4902 samr_dissect_remove_member_from_foreign_domain_reply },
4903 { SAMR_QUERY_INFORMATION_DOMAIN2, "QueryDomInfo2",
4904 samr_dissect_query_information_domain_rqst,
4905 samr_dissect_query_information_domain_reply },
4906 { SAMR_UNKNOWN_2f, "Unknown 0x2f",
4907 samr_dissect_unknown_2f_rqst,
4908 samr_dissect_unknown_2f_reply },
4909 { SAMR_QUERY_DISPINFO2, "QueryDispinfo2",
4910 samr_dissect_query_dispinfo_rqst,
4911 samr_dissect_query_dispinfo_reply },
4912 { SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "GetDispEnumNDX2",
4913 samr_dissect_get_display_enumeration_index2_rqst,
4914 samr_dissect_get_display_enumeration_index2_reply },
4915 { SAMR_CREATE_USER2_IN_DOMAIN, "CreateUser2",
4916 samr_dissect_create_user2_in_domain_rqst,
4917 samr_dissect_create_user2_in_domain_reply },
4918 { SAMR_QUERY_DISPINFO3, "QueryDispinfo3",
4919 samr_dissect_query_dispinfo_rqst,
4920 samr_dissect_query_dispinfo_reply },
4921 { SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "AddAliasMemMultiple",
4922 samr_dissect_add_multiple_members_to_alias_rqst,
4923 samr_dissect_add_multiple_members_to_alias_reply },
4924 { SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "RemoveAliasMemMultiple",
4925 samr_dissect_remove_multiple_members_from_alias_rqst,
4926 samr_dissect_remove_multiple_members_from_alias_reply },
4927 { SAMR_OEM_CHANGE_PASSWORD_USER2, "OEMChangePassword2",
4928 samr_dissect_oem_change_password_user2_rqst,
4929 samr_dissect_oem_change_password_user2_reply },
4930 { SAMR_UNICODE_CHANGE_PASSWORD_USER2, "UnicodeChangePassword2",
4931 samr_dissect_unicode_change_password_user2_rqst,
4932 samr_dissect_unicode_change_password_user2_reply },
4933 { SAMR_GET_DOM_PWINFO, "GetDomainPasswordInfo",
4934 samr_dissect_get_domain_password_information_rqst,
4935 samr_dissect_get_domain_password_information_reply },
4936 { SAMR_CONNECT2, "Connect2",
4937 samr_dissect_connect2_rqst,
4938 samr_dissect_connect2_reply },
4939 { SAMR_SET_USERINFO, "SetUserInfo",
4940 samr_dissect_set_information_user2_rqst,
4941 samr_dissect_set_information_user2_reply },
4942 { SAMR_UNKNOWN_3B, "Unknown 0x3b",
4943 samr_dissect_unknown_3b_rqst,
4944 samr_dissect_unknown_3b_reply },
4945 { SAMR_UNKNOWN_3C, "Unknown 0x3c",
4946 samr_dissect_unknown_3c_rqst,
4947 samr_dissect_unknown_3c_reply },
4948 { SAMR_CONNECT4, "Connect4",
4949 samr_dissect_connect4_rqst,
4950 samr_dissect_connect2_reply },
4951 {0, NULL, NULL, NULL }
4954 static const value_string samr_opnum_vals[] = {
4955 { SAMR_CONNECT, "SamrConnect" },
4956 { SAMR_CLOSE_HND, "Close" },
4957 { SAMR_SET_SEC_OBJECT, "SetSecObject" },
4958 { SAMR_QUERY_SEC_OBJECT, "QuerySecObject" },
4959 { SAMR_SHUTDOWN_SAM_SERVER, "ShutdownSamServer" },
4960 { SAMR_LOOKUP_DOMAIN, "LookupDomain" },
4961 { SAMR_ENUM_DOMAINS, "EnumDomains" },
4962 { SAMR_OPEN_DOMAIN, "OpenDomain" },
4963 { SAMR_QUERY_DOMAIN_INFO, "QueryDomainInfo" },
4964 { SAMR_SET_DOMAIN_INFO, "SetDomainInfo" },
4965 { SAMR_CREATE_DOM_GROUP, "CreateGroup" },
4966 { SAMR_ENUM_DOM_GROUPS, "EnumDomainGroups" },
4967 { SAMR_CREATE_USER_IN_DOMAIN, "CreateUser" },
4968 { SAMR_ENUM_DOM_USERS, "EnumDomainUsers" },
4969 { SAMR_CREATE_DOM_ALIAS, "CreateAlias" },
4970 { SAMR_ENUM_DOM_ALIASES, "EnumAlises" },
4971 { SAMR_GET_ALIAS_MEMBERSHIP, "GetAliasMem" },
4972 { SAMR_LOOKUP_NAMES, "LookupNames" },
4973 { SAMR_LOOKUP_RIDS, "LookupRIDs" },
4974 { SAMR_OPEN_GROUP, "OpenGroup" },
4975 { SAMR_QUERY_GROUPINFO, "QueryGroupInfo" },
4976 { SAMR_SET_GROUPINFO, "SetGroupInfo" },
4977 { SAMR_ADD_GROUPMEM, "AddGroupMem" },
4978 { SAMR_DELETE_DOM_GROUP, "DeleteDomainGroup" },
4979 { SAMR_DEL_GROUPMEM, "RemoveGroupMem" },
4980 { SAMR_QUERY_GROUPMEM, "QueryGroupMem" },
4981 { SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SetMemberAttrGroup" },
4982 { SAMR_OPEN_ALIAS, "OpenAlias" },
4983 { SAMR_QUERY_ALIASINFO, "QueryAliasInfo" },
4984 { SAMR_SET_ALIASINFO, "SetAliasInfo" },
4985 { SAMR_DELETE_DOM_ALIAS, "DeleteAlias" },
4986 { SAMR_ADD_ALIASMEM, "AddAliasMem" },
4987 { SAMR_DEL_ALIASMEM, "RemoveAliasMem" },
4988 { SAMR_GET_MEMBERS_IN_ALIAS, "GetAliasMem" },
4989 { SAMR_OPEN_USER, "OpenUser" },
4990 { SAMR_DELETE_DOM_USER, "DeleteUser" },
4991 { SAMR_QUERY_USERINFO, "QueryUserInfo" },
4992 { SAMR_SET_USERINFO2, "SetUserInfo2" },
4993 { SAMR_CHANGE_PASSWORD_USER, "ChangePassword" },
4994 { SAMR_GET_GROUPS_FOR_USER, "GetGroups" },
4995 { SAMR_QUERY_DISPINFO, "QueryDispinfo" },
4996 { SAMR_GET_DISPLAY_ENUMERATION_INDEX, "GetDispEnumNDX" },
4997 { SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "TestPrivateFnsDomain" },
4998 { SAMR_TEST_PRIVATE_FUNCTIONS_USER, "TestPrivateFnsUser" },
4999 { SAMR_GET_USRDOM_PWINFO, "GetUserDomPwInfo" },
5000 { SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "RemoveMemberForeignDomain" },
5001 { SAMR_QUERY_INFORMATION_DOMAIN2, "QueryDomInfo2" },
5002 { SAMR_UNKNOWN_2f, "Unknown 0x2f" },
5003 { SAMR_QUERY_DISPINFO2, "QueryDispinfo2" },
5004 { SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "GetDispEnumNDX2" },
5005 { SAMR_CREATE_USER2_IN_DOMAIN, "CreateUser2" },
5006 { SAMR_QUERY_DISPINFO3, "QueryDispinfo3" },
5007 { SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "AddAliasMemMultiple" },
5008 { SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "RemoveAliasMemMultiple" },
5009 { SAMR_OEM_CHANGE_PASSWORD_USER2, "OEMChangePassword2" },
5010 { SAMR_UNICODE_CHANGE_PASSWORD_USER2, "UnicodeChangePassword2" },
5011 { SAMR_GET_DOM_PWINFO, "GetDomainPasswordInfo" },
5012 { SAMR_CONNECT2, "Connect2" },
5013 { SAMR_SET_USERINFO, "SetUserInfo" },
5014 { SAMR_UNKNOWN_3B, "Unknown 0x3b" },
5015 { SAMR_UNKNOWN_3C, "Unknown 0x3c" },
5016 { SAMR_CONNECT3, "Connect3" },
5017 { SAMR_CONNECT4, "Connect4" },
5022 proto_register_dcerpc_samr(void)
5024 static hf_register_info hf[] = {
5027 { "Operation", "samr.opnum", FT_UINT16, BASE_DEC,
5028 VALS(samr_opnum_vals), 0x0, "Operation", HFILL }},
5031 { "Context Handle", "samr.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }},
5033 { "Group", "samr.group", FT_UINT32, BASE_DEC, NULL, 0x0, "Group", HFILL }},
5035 { "Rid", "samr.rid", FT_UINT32, BASE_DEC, NULL, 0x0, "RID", HFILL }},
5037 { "Type", "samr.type", FT_UINT32, BASE_HEX, NULL, 0x0, "Type", HFILL }},
5039 { "Alias", "samr.alias", FT_UINT32, BASE_HEX, NULL, 0x0, "Alias", HFILL }},
5040 { &hf_samr_rid_attrib,
5041 { "Rid Attrib", "samr.rid.attrib", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
5043 { "Attributes", "samr.attr", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
5045 { "Return code", "samr.rc", FT_UINT32, BASE_HEX, VALS (NT_errors), 0x0, "", HFILL }},
5048 { "Level", "samr.level", FT_UINT16, BASE_DEC,
5049 NULL, 0x0, "Level requested/returned for Information", HFILL }},
5050 { &hf_samr_start_idx,
5051 { "Start Idx", "samr.start_idx", FT_UINT32, BASE_DEC,
5052 NULL, 0x0, "Start Index for returned Information", HFILL }},
5055 { "Entries", "samr.entries", FT_UINT32, BASE_DEC,
5056 NULL, 0x0, "Number of entries to return", HFILL }},
5058 { &hf_samr_max_entries,
5059 { "Max Entries", "samr.max_entries", FT_UINT32, BASE_DEC,
5060 NULL, 0x0, "Maximum number of entries", HFILL }},
5062 { &hf_samr_pref_maxsize,
5063 { "Pref MaxSize", "samr.pref_maxsize", FT_UINT32, BASE_DEC,
5064 NULL, 0x0, "Maximum Size of data to return", HFILL }},
5066 { &hf_samr_total_size,
5067 { "Total Size", "samr.total_size", FT_UINT32, BASE_DEC,
5068 NULL, 0x0, "Total size of data", HFILL }},
5070 { &hf_samr_bad_pwd_count,
5071 { "Bad Pwd Count", "samr.bad_pwd_count", FT_UINT16, BASE_DEC,
5072 NULL, 0x0, "Number of bad pwd entries for this user", HFILL }},
5074 { &hf_samr_logon_count,
5075 { "Logon Count", "samr.logon_count", FT_UINT16, BASE_DEC,
5076 NULL, 0x0, "Number of logons for this user", HFILL }},
5078 { &hf_samr_ret_size,
5079 { "Returned Size", "samr.ret_size", FT_UINT32, BASE_DEC,
5080 NULL, 0x0, "Number of returned objects in this PDU", HFILL }},
5083 { "Index", "samr.index", FT_UINT32, BASE_DEC,
5084 NULL, 0x0, "Index", HFILL }},
5087 { "Count", "samr.count", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of elements in following array", HFILL }},
5089 { &hf_samr_alias_name,
5090 { "Alias Name", "samr.alias_name", FT_STRING, BASE_NONE,
5091 NULL, 0, "Name of Alias", HFILL }},
5093 { &hf_samr_group_name,
5094 { "Group Name", "samr.group_name", FT_STRING, BASE_NONE,
5095 NULL, 0, "Name of Group", HFILL }},
5097 { &hf_samr_acct_name,
5098 { "Account Name", "samr.acct_name", FT_STRING, BASE_NONE,
5099 NULL, 0, "Name of Account", HFILL }},
5102 { "Server", "samr.server", FT_STRING, BASE_NONE,
5103 NULL, 0, "Name of Server", HFILL }},
5106 { "Domain", "samr.domain", FT_STRING, BASE_NONE,
5107 NULL, 0, "Name of Domain", HFILL }},
5109 { &hf_samr_controller,
5110 { "DC", "samr.dc", FT_STRING, BASE_NONE,
5111 NULL, 0, "Name of Domain Controller", HFILL }},
5113 { &hf_samr_full_name,
5114 { "Full Name", "samr.full_name", FT_STRING, BASE_NONE,
5115 NULL, 0, "Full Name of Account", HFILL }},
5118 { "Home", "samr.home", FT_STRING, BASE_NONE,
5119 NULL, 0, "Home directory for this user", HFILL }},
5121 { &hf_samr_home_drive,
5122 { "Home Drive", "samr.home_drive", FT_STRING, BASE_NONE,
5123 NULL, 0, "Home drive for this user", HFILL }},
5126 { "Script", "samr.script", FT_STRING, BASE_NONE,
5127 NULL, 0, "Login script for this user", HFILL }},
5129 { &hf_samr_workstations,
5130 { "Workstations", "samr.workstations", FT_STRING, BASE_NONE,
5131 NULL, 0, "", HFILL }},
5134 { "Profile", "samr.profile", FT_STRING, BASE_NONE,
5135 NULL, 0, "Profile for this user", HFILL }},
5137 { &hf_samr_acct_desc,
5138 { "Account Desc", "samr.acct_desc", FT_STRING, BASE_NONE,
5139 NULL, 0, "Account Description", HFILL }},
5142 { "Comment", "samr.comment", FT_STRING, BASE_NONE,
5143 NULL, 0, "Comment", HFILL }},
5145 { &hf_samr_parameters,
5146 { "Parameters", "samr.parameters", FT_STRING, BASE_NONE,
5147 NULL, 0, "Parameters", HFILL }},
5149 { &hf_samr_unknown_string,
5150 { "Unknown string", "samr.unknown_string", FT_STRING, BASE_NONE,
5151 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
5153 { &hf_samr_unknown_hyper,
5154 { "Unknown hyper", "samr.unknown.hyper", FT_UINT64, BASE_HEX,
5155 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
5156 { &hf_samr_unknown_long,
5157 { "Unknown long", "samr.unknown.long", FT_UINT32, BASE_HEX,
5158 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
5160 { &hf_samr_unknown_short,
5161 { "Unknown short", "samr.unknown.short", FT_UINT16, BASE_HEX,
5162 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
5164 { &hf_samr_unknown_char,
5165 { "Unknown char", "samr.unknown.char", FT_UINT8, BASE_HEX,
5166 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
5168 { &hf_samr_revision,
5169 { "Revision", "samr.revision", FT_UINT64, BASE_HEX,
5170 NULL, 0x0, "Revision number for this structure", HFILL }},
5172 { &hf_samr_nt_pwd_set,
5173 { "NT Pwd Set", "samr.nt_pwd_set", FT_UINT8, BASE_HEX,
5174 NULL, 0x0, "Flag indicating whether the NT password has been set", HFILL }},
5176 { &hf_samr_lm_pwd_set,
5177 { "LM Pwd Set", "samr.lm_pwd_set", FT_UINT8, BASE_HEX,
5178 NULL, 0x0, "Flag indicating whether the LanManager password has been set", HFILL }},
5180 { &hf_samr_pwd_expired,
5181 { "Expired flag", "samr.pwd_Expired", FT_UINT8, BASE_HEX,
5182 NULL, 0x0, "Flag indicating if the password for this account has expired or not", HFILL }},
5185 { "Access Mask", "samr.access", FT_UINT32, BASE_HEX,
5186 NULL, 0x0, "Access", HFILL }},
5188 { &hf_samr_access_granted,
5189 { "Access Granted", "samr.access_granted", FT_UINT32, BASE_HEX,
5190 NULL, 0x0, "Access Granted", HFILL }},
5192 { &hf_samr_crypt_password, {
5193 "Password", "samr.crypt_password", FT_BYTES, BASE_HEX,
5194 NULL, 0, "Encrypted Password", HFILL }},
5196 { &hf_samr_crypt_hash, {
5197 "Hash", "samr.crypt_hash", FT_BYTES, BASE_HEX,
5198 NULL, 0, "Encrypted Hash", HFILL }},
5200 { &hf_samr_lm_verifier, {
5201 "Verifier", "samr.lm_password_verifier", FT_BYTES, BASE_HEX,
5202 NULL, 0, "Lan Manager Password Verifier", HFILL }},
5204 { &hf_samr_nt_verifier, {
5205 "Verifier", "samr.nt_password_verifier", FT_BYTES, BASE_HEX,
5206 NULL, 0, "NT Password Verifier", HFILL }},
5208 { &hf_samr_lm_passchange_block, {
5209 "Encrypted Block", "samr.lm_passchange_block", FT_BYTES,
5210 BASE_HEX, NULL, 0, "Lan Manager Password Change Block",
5213 { &hf_samr_nt_passchange_block, {
5214 "Encrypted Block", "samr.nt_passchange_block", FT_BYTES,
5215 BASE_HEX, NULL, 0, "NT Password Change Block", HFILL }},
5217 { &hf_samr_nt_passchange_block_decrypted, {
5218 "Decrypted Block", "samr.nt_passchange_block_decrypted",
5219 FT_BYTES, BASE_HEX, NULL, 0,
5220 "NT Password Change Decrypted Block", HFILL }},
5222 { &hf_samr_nt_passchange_block_newpass, {
5223 "New NT Password", "samr.nt_passchange_block_new_ntpassword",
5224 FT_STRING, BASE_NONE, NULL, 0, "New NT Password", HFILL }},
5226 { &hf_samr_nt_passchange_block_newpass_len, {
5227 "New NT Unicode Password length",
5228 "samr.nt_passchange_block_new_ntpassword_len", FT_UINT32,
5229 BASE_DEC, NULL, 0, "New NT Password Unicode Length", HFILL }},
5231 { &hf_samr_nt_passchange_block_pseudorandom, {
5232 "Pseudorandom data", "samr.nt_passchange_block_pseudorandom",
5233 FT_BYTES, BASE_HEX, NULL, 0, "Pseudorandom data", HFILL }},
5235 { &hf_samr_lm_change, {
5236 "LM Change", "samr.lm_change", FT_UINT8, BASE_HEX,
5237 NULL, 0, "LM Change value", HFILL }},
5239 { &hf_samr_max_pwd_age,
5240 { "Max Pwd Age", "samr.max_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
5241 NULL, 0, "Maximum Password Age before it expires", HFILL }},
5243 { &hf_samr_min_pwd_age,
5244 { "Min Pwd Age", "samr.min_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
5245 NULL, 0, "Minimum Password Age before it can be changed", HFILL }},
5246 { &hf_samr_unknown_time,
5247 { "Unknown time", "samr.unknown_time", FT_ABSOLUTE_TIME, BASE_NONE,
5248 NULL, 0, "Unknown NT TIME, contact ethereal developers if you know what this is", HFILL }},
5249 { &hf_samr_logon_time,
5250 { "Logon Time", "samr.logon_time", FT_ABSOLUTE_TIME, BASE_NONE,
5251 NULL, 0, "Time for last time this user logged on", HFILL }},
5252 { &hf_samr_kickoff_time,
5253 { "Kickoff Time", "samr.kickoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
5254 NULL, 0, "Time when this user will be kicked off", HFILL }},
5255 { &hf_samr_logoff_time,
5256 { "Logoff Time", "samr.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
5257 NULL, 0, "Time for last time this user logged off", HFILL }},
5258 { &hf_samr_pwd_last_set_time,
5259 { "PWD Last Set", "samr.pwd_last_set_time", FT_ABSOLUTE_TIME, BASE_NONE,
5260 NULL, 0, "Last time this users password was changed", HFILL }},
5261 { &hf_samr_pwd_can_change_time,
5262 { "PWD Can Change", "samr.pwd_can_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
5263 NULL, 0, "When this users password may be changed", HFILL }},
5264 { &hf_samr_pwd_must_change_time,
5265 { "PWD Must Change", "samr.pwd_must_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
5266 NULL, 0, "When this users password must be changed", HFILL }},
5267 { &hf_samr_acct_expiry_time,
5268 { "Acct Expiry", "samr.acct_expiry_time", FT_ABSOLUTE_TIME, BASE_NONE,
5269 NULL, 0, "When this user account expires", HFILL }},
5271 { &hf_samr_min_pwd_len, {
5272 "Min Pwd Len", "samr.min_pwd_len", FT_UINT16, BASE_DEC,
5273 NULL, 0, "Minimum Password Length", HFILL }},
5274 { &hf_samr_pwd_history_len, {
5275 "Pwd History Len", "samr.pwd_history_len", FT_UINT16, BASE_DEC,
5276 NULL, 0, "Password History Length", HFILL }},
5277 { &hf_samr_num_users, {
5278 "Num Users", "samr.num_users", FT_UINT32, BASE_DEC,
5279 NULL, 0, "Number of users in this domain", HFILL }},
5280 { &hf_samr_num_groups, {
5281 "Num Groups", "samr.num_groups", FT_UINT32, BASE_DEC,
5282 NULL, 0, "Number of groups in this domain", HFILL }},
5283 { &hf_samr_num_aliases, {
5284 "Num Aliases", "samr.num_aliases", FT_UINT32, BASE_DEC,
5285 NULL, 0, "Number of aliases in this domain", HFILL }},
5286 { &hf_samr_info_type, {
5287 "Info Type", "samr.info_type", FT_UINT32, BASE_DEC,
5288 NULL, 0, "Information Type", HFILL }},
5289 { &hf_samr_resume_hnd, {
5290 "Resume Hnd", "samr.resume_hnd", FT_UINT32, BASE_DEC,
5291 NULL, 0, "Resume handle", HFILL }},
5292 { &hf_samr_country, {
5293 "Country", "samr.country", FT_UINT16, BASE_DEC,
5294 VALS(ms_country_codes), 0, "Country setting for this user", HFILL }},
5295 { &hf_samr_codepage, {
5296 "Codepage", "samr.codepage", FT_UINT16, BASE_DEC,
5297 NULL, 0, "Codepage setting for this user", HFILL }},
5298 { &hf_samr_divisions, {
5299 "Divisions", "samr.divisions", FT_UINT16, BASE_DEC,
5300 NULL, 0, "Number of divisions for LOGON_HOURS", HFILL }},
5303 { "Acct Ctrl", "nt.acct_ctrl", FT_UINT32, BASE_HEX,
5304 NULL, 0x0, "Acct CTRL", HFILL }},
5306 { &hf_nt_acb_disabled, {
5307 "", "nt.acb.disabled", FT_BOOLEAN, 32,
5308 TFS(&tfs_nt_acb_disabled), 0x0001, "If this account is enabled or disabled", HFILL }},
5310 { &hf_nt_acb_homedirreq, {
5311 "", "nt.acb.homedirreq", FT_BOOLEAN, 32,
5312 TFS(&tfs_nt_acb_homedirreq), 0x0002, "Is hom,edirs required for this account?", HFILL }},
5314 { &hf_nt_acb_pwnotreq, {
5315 "", "nt.acb.pwnotreq", FT_BOOLEAN, 32,
5316 TFS(&tfs_nt_acb_pwnotreq), 0x0004, "If a password is required for this account?", HFILL }},
5318 { &hf_nt_acb_tempdup, {
5319 "", "nt.acb.tempdup", FT_BOOLEAN, 32,
5320 TFS(&tfs_nt_acb_tempdup), 0x0008, "If this is a temporary duplicate account", HFILL }},
5322 { &hf_nt_acb_normal, {
5323 "", "nt.acb.normal", FT_BOOLEAN, 32,
5324 TFS(&tfs_nt_acb_normal), 0x0010, "If this is a normal user account", HFILL }},
5327 "", "nt.acb.mns", FT_BOOLEAN, 32,
5328 TFS(&tfs_nt_acb_mns), 0x0020, "MNS logon user account", HFILL }},
5330 { &hf_nt_acb_domtrust, {
5331 "", "nt.acb.domtrust", FT_BOOLEAN, 32,
5332 TFS(&tfs_nt_acb_domtrust), 0x0040, "Interdomain trust account", HFILL }},
5334 { &hf_nt_acb_wstrust, {
5335 "", "nt.acb.wstrust", FT_BOOLEAN, 32,
5336 TFS(&tfs_nt_acb_wstrust), 0x0080, "Workstation trust account", HFILL }},
5338 { &hf_nt_acb_svrtrust, {
5339 "", "nt.acb.svrtrust", FT_BOOLEAN, 32,
5340 TFS(&tfs_nt_acb_svrtrust), 0x0100, "Server trust account", HFILL }},
5342 { &hf_nt_acb_pwnoexp, {
5343 "", "nt.acb.pwnoexp", FT_BOOLEAN, 32,
5344 TFS(&tfs_nt_acb_pwnoexp), 0x0200, "If this account expires or not", HFILL }},
5346 { &hf_nt_acb_autolock, {
5347 "", "nt.acb.autolock", FT_BOOLEAN, 32,
5348 TFS(&tfs_nt_acb_autolock), 0x0400, "If this account has been autolocked", HFILL }},
5350 /* Object specific access rights */
5352 { &hf_access_domain_lookup_info1,
5353 { "Lookup info1", "samr_access_mask.domain_lookup_info1",
5354 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5355 DOMAIN_ACCESS_LOOKUP_INFO_1, "Lookup info1", HFILL }},
5357 { &hf_access_domain_set_info1,
5358 { "Set info1", "samr_access_mask.domain_set_info1",
5359 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5360 DOMAIN_ACCESS_SET_INFO_1, "Set info1", HFILL }},
5362 { &hf_access_domain_lookup_info2,
5363 { "Lookup info2", "samr_access_mask.domain_lookup_info2",
5364 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5365 DOMAIN_ACCESS_LOOKUP_INFO_2, "Lookup info2", HFILL }},
5367 { &hf_access_domain_set_info2,
5368 { "Set info2", "samr_access_mask.domain_set_info2",
5369 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5370 DOMAIN_ACCESS_SET_INFO_2, "Set info2", HFILL }},
5372 { &hf_access_domain_create_user,
5373 { "Create user", "samr_access_mask.domain_create_user",
5374 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5375 DOMAIN_ACCESS_CREATE_USER, "Create user", HFILL }},
5377 { &hf_access_domain_create_group,
5378 { "Create group", "samr_access_mask.domain_create_group",
5379 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5380 DOMAIN_ACCESS_CREATE_GROUP, "Create group", HFILL }},
5382 { &hf_access_domain_create_alias,
5383 { "Create alias", "samr_access_mask.domain_create_alias",
5384 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5385 DOMAIN_ACCESS_CREATE_ALIAS, "Create alias", HFILL }},
5387 { &hf_access_domain_lookup_alias_by_mem,
5388 { "Lookup alias", "samr_access_mask.domain_lookup_alias_by_mem",
5389 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5390 DOMAIN_ACCESS_LOOKUP_ALIAS, "Lookup alias", HFILL }},
5392 { &hf_access_domain_enum_accounts,
5393 { "Enum accounts", "samr_access_mask.domain_enum_accounts",
5394 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5395 DOMAIN_ACCESS_ENUM_ACCOUNTS, "Enum accounts", HFILL }},
5397 { &hf_access_domain_open_account,
5398 { "Open account", "samr_access_mask.domain_open_account",
5399 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5400 DOMAIN_ACCESS_OPEN_ACCOUNT, "Open account", HFILL }},
5402 { &hf_access_domain_set_info3,
5403 { "Set info3", "samr_access_mask.domain_set_info3",
5404 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5405 DOMAIN_ACCESS_SET_INFO_3, "Set info3", HFILL }},
5407 { &hf_access_user_get_name_etc,
5408 { "Get name, etc", "samr_access_mask.user_get_name_etc",
5409 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5410 USER_ACCESS_GET_NAME_ETC, "Get name, etc", HFILL }},
5412 { &hf_access_user_get_locale,
5413 { "Get locale", "samr_access_mask.user_get_locale",
5414 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5415 USER_ACCESS_GET_LOCALE, "Get locale", HFILL }},
5417 { &hf_access_user_get_loc_com,
5418 { "Set loc com", "samr_access_mask.user_set_loc_com",
5419 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5420 USER_ACCESS_SET_LOC_COM, "Set loc com", HFILL }},
5422 { &hf_access_user_get_logoninfo,
5423 { "Get logon info", "samr_access_mask.user_get_logoninfo",
5424 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5425 USER_ACCESS_GET_LOGONINFO, "Get logon info", HFILL }},
5427 { &hf_access_user_unknown_10,
5428 { "Unknown 0x10", "samr_access_mask.user_unknown_10",
5429 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5430 USER_ACCESS_UNKNOWN_10, "Unknown 0x10", HFILL }},
5432 { &hf_access_user_set_attributes,
5433 { "Set attributes", "samr_access_mask.user_set_attributes",
5434 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5435 USER_ACCESS_SET_ATTRIBUTES, "Set attributes", HFILL }},
5437 { &hf_access_user_change_password,
5438 { "Change password", "samr_access_mask.user_change_password",
5439 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5440 USER_ACCESS_CHANGE_PASSWORD, "Change password", HFILL }},
5442 { &hf_access_user_set_password,
5443 { "Set password", "samr_access_mask.user_set_password",
5444 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5445 USER_ACCESS_SET_PASSWORD, "Set password", HFILL }},
5447 { &hf_access_user_get_groups,
5448 { "Get groups", "samr_access_mask.user_get_groups",
5449 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5450 USER_ACCESS_GET_GROUPS, "Get groups", HFILL }},
5452 { &hf_access_user_unknown_200,
5453 { "Unknown 0x200", "samr_access_mask.user_unknown_200",
5454 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5455 USER_ACCESS_UNKNOWN_200, "Unknown 0x200", HFILL }},
5457 { &hf_access_user_unknown_400,
5458 { "Unknown 0x400", "samr_access_mask.user_unknown_400",
5459 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5460 USER_ACCESS_UNKNOWN_400, "Unknown 0x400", HFILL }},
5462 { &hf_access_group_lookup_info,
5463 { "Lookup info", "samr_access_mask.group_lookup_info",
5464 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5465 GROUP_ACCESS_LOOKUP_INFO, "Lookup info", HFILL }},
5467 { &hf_access_group_set_info,
5468 { "Get info", "samr_access_mask.group_set_info",
5469 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5470 GROUP_ACCESS_SET_INFO, "Get info", HFILL }},
5472 { &hf_access_group_add_member,
5473 { "Add member", "samr_access_mask.group_add_member",
5474 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5475 GROUP_ACCESS_ADD_MEMBER, "Add member", HFILL }},
5477 { &hf_access_group_remove_member,
5478 { "Remove member", "samr_access_mask.group_remove_member",
5479 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5480 GROUP_ACCESS_REMOVE_MEMBER, "Remove member", HFILL }},
5482 { &hf_access_group_get_members,
5483 { "Get members", "samr_access_mask.group_get_members",
5484 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5485 GROUP_ACCESS_GET_MEMBERS, "Get members", HFILL }},
5487 { &hf_access_alias_add_member,
5488 { "Add member", "samr_access_mask.alias_add_member",
5489 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5490 ALIAS_ACCESS_ADD_MEMBER, "Add member", HFILL }},
5492 { &hf_access_alias_remove_member,
5493 { "Remove member", "samr_access_mask.alias_remove_member",
5494 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5495 ALIAS_ACCESS_REMOVE_MEMBER, "Remove member", HFILL }},
5497 { &hf_access_alias_get_members,
5498 { "Get members", "samr_access_mask.alias_get_members",
5499 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5500 ALIAS_ACCESS_GET_MEMBERS, "Get members", HFILL }},
5502 { &hf_access_alias_lookup_info,
5503 { "Lookup info", "samr_access_mask.alias_lookup_info",
5504 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5505 ALIAS_ACCESS_LOOKUP_INFO, "Lookup info", HFILL }},
5507 { &hf_access_alias_set_info,
5508 { "Set info", "samr_access_mask.alias_set_info",
5509 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5510 ALIAS_ACCESS_SET_INFO, "Set info", HFILL }},
5512 { &hf_access_connect_unknown_01,
5513 { "Unknown 0x01", "samr_access_mask.connect_unknown_01",
5514 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5515 SAMR_ACCESS_UNKNOWN_1, "Unknown 0x01", HFILL }},
5517 { &hf_access_connect_shutdown_server,
5518 { "Shutdown server", "samr_access_mask.connect_shutdown_server",
5519 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5520 SAMR_ACCESS_SHUTDOWN_SERVER, "Shutdown server", HFILL }},
5522 { &hf_access_connect_unknown_04,
5523 { "Unknown 0x04", "samr_access_mask.connect_unknown_04",
5524 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5525 SAMR_ACCESS_UNKNOWN_4, "Unknown 0x04", HFILL }},
5527 { &hf_access_connect_unknown_08,
5528 { "Unknown 0x08", "samr_access_mask.connect_unknown_08",
5529 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5530 SAMR_ACCESS_UNKNOWN_8, "Unknown 0x08", HFILL }},
5532 { &hf_access_connect_enum_domains,
5533 { "Enum domains", "samr_access_mask.connect_enum_domains",
5534 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5535 SAMR_ACCESS_ENUM_DOMAINS, "Enum domains", HFILL }},
5537 { &hf_access_connect_open_domain,
5538 { "Open domain", "samr_access_mask.connect_open_domain",
5539 FT_BOOLEAN, 32, TFS(&flags_set_truth),
5540 SAMR_ACCESS_OPEN_DOMAIN, "Open domain", HFILL }}
5544 static gint *ett[] = {
5546 &ett_samr_user_dispinfo_1,
5547 &ett_samr_user_dispinfo_1_array,
5548 &ett_samr_user_dispinfo_2,
5549 &ett_samr_user_dispinfo_2_array,
5550 &ett_samr_group_dispinfo,
5551 &ett_samr_group_dispinfo_array,
5552 &ett_samr_ascii_dispinfo,
5553 &ett_samr_ascii_dispinfo_array,
5554 &ett_samr_display_info,
5555 &ett_samr_password_info,
5557 &ett_samr_user_group,
5558 &ett_samr_user_group_array,
5559 &ett_samr_alias_info,
5560 &ett_samr_group_info,
5561 &ett_samr_domain_info_1,
5562 &ett_samr_domain_info_2,
5563 &ett_samr_domain_info_8,
5564 &ett_samr_replication_status,
5565 &ett_samr_domain_info_11,
5566 &ett_samr_domain_info_13,
5567 &ett_samr_domain_info,
5568 &ett_samr_sid_pointer,
5569 &ett_samr_sid_array,
5570 &ett_samr_index_array,
5571 &ett_samr_idx_and_name,
5572 &ett_samr_idx_and_name_array,
5573 &ett_samr_logon_hours,
5574 &ett_samr_logon_hours_hours,
5575 &ett_samr_user_info_1,
5576 &ett_samr_user_info_2,
5577 &ett_samr_user_info_3,
5578 &ett_samr_user_info_5,
5579 &ett_samr_user_info_6,
5580 &ett_samr_user_info_18,
5581 &ett_samr_user_info_19,
5582 &ett_samr_buffer_buffer,
5584 &ett_samr_user_info_21,
5585 &ett_samr_user_info_22,
5586 &ett_samr_user_info_23,
5587 &ett_samr_user_info_24,
5588 &ett_samr_user_info,
5589 &ett_samr_member_array_types,
5590 &ett_samr_member_array_rids,
5591 &ett_samr_member_array,
5594 &ett_samr_sid_and_attributes_array,
5595 &ett_samr_sid_and_attributes,
5598 module_t *dcerpc_samr_module;
5600 proto_dcerpc_samr = proto_register_protocol(
5601 "Microsoft Security Account Manager", "SAMR", "samr");
5603 proto_register_field_array (proto_dcerpc_samr, hf, array_length (hf));
5604 proto_register_subtree_array(ett, array_length(ett));
5606 dcerpc_samr_module = prefs_register_protocol(proto_dcerpc_samr, NULL);
5608 prefs_register_string_preference(dcerpc_samr_module, "nt_password",
5610 "NT Password (used to verify password changes)",
5615 proto_reg_handoff_dcerpc_samr(void)
5617 /* Register protocol as dcerpc */
5619 dcerpc_init_uuid(proto_dcerpc_samr, ett_dcerpc_samr, &uuid_dcerpc_samr,
5620 ver_dcerpc_samr, dcerpc_samr_dissectors, hf_samr_opnum);