1 /* packet-dcerpc-samr.c
2 * Routines for SMB \PIPE\samr packet disassembly
3 * Copyright 2001, Tim Potter <tpot@samba.org>
4 * 2002 Added all command dissectors Ronnie Sahlberg
6 * $Id: packet-dcerpc-samr.c,v 1.45 2002/05/11 22:28:05 guy Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #include <epan/packet.h>
34 #include "packet-dcerpc.h"
35 #include "packet-dcerpc-nt.h"
36 #include "packet-dcerpc-samr.h"
37 #include "packet-dcerpc-lsa.h"
38 #include "smb.h" /* for "NT_errors[]" */
39 #include "packet-smb-common.h"
41 static int proto_dcerpc_samr = -1;
43 static int hf_samr_hnd = -1;
44 static int hf_samr_group = -1;
45 static int hf_samr_rid = -1;
46 static int hf_samr_type = -1;
47 static int hf_samr_alias = -1;
48 static int hf_samr_rid_attrib = -1;
49 static int hf_samr_rc = -1;
50 static int hf_samr_index = -1;
51 static int hf_samr_count = -1;
53 static int hf_samr_level = -1;
54 static int hf_samr_start_idx = -1;
55 static int hf_samr_max_entries = -1;
56 static int hf_samr_entries = -1;
57 static int hf_samr_pref_maxsize = -1;
58 static int hf_samr_total_size = -1;
59 static int hf_samr_ret_size = -1;
60 static int hf_samr_alias_name = -1;
61 static int hf_samr_group_name = -1;
62 static int hf_samr_acct_name = -1;
63 static int hf_samr_full_name = -1;
64 static int hf_samr_acct_desc = -1;
65 static int hf_samr_home = -1;
66 static int hf_samr_home_drive = -1;
67 static int hf_samr_script = -1;
68 static int hf_samr_workstations = -1;
69 static int hf_samr_profile = -1;
70 static int hf_samr_server = -1;
71 static int hf_samr_domain = -1;
72 static int hf_samr_controller = -1;
73 static int hf_samr_access = -1;
74 static int hf_samr_mask = -1;
75 static int hf_samr_crypt_password = -1;
76 static int hf_samr_crypt_hash = -1;
77 static int hf_samr_lm_change = -1;
78 static int hf_samr_attrib = -1;
79 static int hf_samr_max_pwd_age = -1;
80 static int hf_samr_min_pwd_age = -1;
81 static int hf_samr_min_pwd_len = -1;
82 static int hf_samr_pwd_history_len = -1;
83 static int hf_samr_num_users = -1;
84 static int hf_samr_num_groups = -1;
85 static int hf_samr_num_aliases = -1;
86 static int hf_samr_resume_hnd = -1;
87 static int hf_samr_bad_pwd_count = -1;
88 static int hf_samr_logon_count = -1;
89 static int hf_samr_logon_time = -1;
90 static int hf_samr_logoff_time = -1;
91 static int hf_samr_kickoff_time = -1;
92 static int hf_samr_pwd_last_set_time = -1;
93 static int hf_samr_pwd_can_change_time = -1;
94 static int hf_samr_pwd_must_change_time = -1;
95 static int hf_samr_acct_expiry_time = -1;
96 static int hf_samr_country = -1;
97 static int hf_samr_codepage = -1;
98 static int hf_samr_comment = -1;
99 static int hf_samr_parameters = -1;
100 static int hf_samr_nt_pwd_set = -1;
101 static int hf_samr_lm_pwd_set = -1;
102 static int hf_samr_pwd_expired = -1;
103 static int hf_samr_revision = -1;
104 static int hf_samr_divisions = -1;
105 static int hf_samr_info_type = -1;
107 static int hf_samr_unknown_hyper = -1;
108 static int hf_samr_unknown_long = -1;
109 static int hf_samr_unknown_short = -1;
110 static int hf_samr_unknown_char = -1;
111 static int hf_samr_unknown_string = -1;
112 static int hf_samr_unknown_time = -1;
114 /* these are used by functions in packet-dcerpc-nt.c */
115 int hf_nt_str_len = -1;
116 int hf_nt_str_off = -1;
117 int hf_nt_str_max_len = -1;
118 int hf_nt_string_length = -1;
119 int hf_nt_string_size = -1;
120 static int hf_nt_acct_ctrl = -1;
121 static int hf_nt_acb_disabled = -1;
122 static int hf_nt_acb_homedirreq = -1;
123 static int hf_nt_acb_pwnotreq = -1;
124 static int hf_nt_acb_tempdup = -1;
125 static int hf_nt_acb_normal = -1;
126 static int hf_nt_acb_mns = -1;
127 static int hf_nt_acb_domtrust = -1;
128 static int hf_nt_acb_wstrust = -1;
129 static int hf_nt_acb_svrtrust = -1;
130 static int hf_nt_acb_pwnoexp = -1;
131 static int hf_nt_acb_autolock = -1;
133 static gint ett_dcerpc_samr = -1;
134 static gint ett_samr_user_dispinfo_1 = -1;
135 static gint ett_samr_user_dispinfo_1_array = -1;
136 static gint ett_samr_user_dispinfo_2 = -1;
137 static gint ett_samr_user_dispinfo_2_array = -1;
138 static gint ett_samr_group_dispinfo = -1;
139 static gint ett_samr_group_dispinfo_array = -1;
140 static gint ett_samr_ascii_dispinfo = -1;
141 static gint ett_samr_ascii_dispinfo_array = -1;
142 static gint ett_samr_display_info = -1;
143 static gint ett_samr_password_info = -1;
144 static gint ett_samr_server = -1;
145 static gint ett_samr_user_group = -1;
146 static gint ett_samr_user_group_array = -1;
147 static gint ett_samr_alias_info = -1;
148 static gint ett_samr_group_info = -1;
149 static gint ett_samr_domain_info_1 = -1;
150 static gint ett_samr_domain_info_2 = -1;
151 static gint ett_samr_domain_info_8 = -1;
152 static gint ett_samr_replication_status = -1;
153 static gint ett_samr_domain_info_11 = -1;
154 static gint ett_samr_domain_info_13 = -1;
155 static gint ett_samr_domain_info = -1;
156 static gint ett_samr_sid_pointer = -1;
157 static gint ett_samr_sid_array = -1;
158 static gint ett_samr_index_array = -1;
159 static gint ett_samr_idx_and_name = -1;
160 static gint ett_samr_idx_and_name_array = -1;
161 static gint ett_samr_logon_hours = -1;
162 static gint ett_samr_logon_hours_hours = -1;
163 static gint ett_samr_user_info_1 = -1;
164 static gint ett_samr_user_info_2 = -1;
165 static gint ett_samr_user_info_3 = -1;
166 static gint ett_samr_user_info_5 = -1;
167 static gint ett_samr_user_info_6 = -1;
168 static gint ett_samr_user_info_18 = -1;
169 static gint ett_samr_user_info_19 = -1;
170 static gint ett_samr_buffer_buffer = -1;
171 static gint ett_samr_buffer = -1;
172 static gint ett_samr_user_info_21 = -1;
173 static gint ett_samr_user_info_22 = -1;
174 static gint ett_samr_user_info_23 = -1;
175 static gint ett_samr_user_info_24 = -1;
176 static gint ett_samr_user_info = -1;
177 static gint ett_samr_member_array_types = -1;
178 static gint ett_samr_member_array_rids = -1;
179 static gint ett_samr_member_array = -1;
180 static gint ett_samr_names = -1;
181 static gint ett_samr_rids = -1;
182 static gint ett_nt_acct_ctrl = -1;
183 static gint ett_samr_sid_and_attributes_array = -1;
184 static gint ett_samr_sid_and_attributes = -1;
185 #ifdef SAMR_UNUSED_HANDLES
186 static gint ett_samr_hnd = -1;
189 static e_uuid_t uuid_dcerpc_samr = {
190 0x12345778, 0x1234, 0xabcd,
191 { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xac}
194 static guint16 ver_dcerpc_samr = 1;
198 dissect_ndr_nt_SID(tvbuff_t *tvb, int offset,
199 packet_info *pinfo, proto_tree *tree,
204 di=pinfo->private_data;
205 if(di->conformant_run){
206 /* just a run to handle conformant arrays, no scalars to dissect */
210 /* the SID contains a conformant array, first we must eat
211 the 4-byte max_count before we can hand it off */
212 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
213 hf_samr_count, NULL);
215 offset = dissect_nt_sid(tvb, offset, tree, "Domain");
220 dissect_ndr_nt_SID_ptr(tvbuff_t *tvb, int offset,
221 packet_info *pinfo, proto_tree *tree,
224 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
225 dissect_ndr_nt_SID, NDR_POINTER_UNIQUE,
226 "SID pointer", -1, 1);
232 static const true_false_string tfs_nt_acb_disabled = {
233 "Account is DISABLED",
234 "Account is NOT disabled"
236 static const true_false_string tfs_nt_acb_homedirreq = {
237 "Homedir is REQUIRED",
238 "Homedir is NOT required"
240 static const true_false_string tfs_nt_acb_pwnotreq = {
241 "Password is NOT required",
242 "Password is REQUIRED"
244 static const true_false_string tfs_nt_acb_tempdup = {
245 "This is a TEMPORARY DUPLICATE account",
246 "This is NOT a temporary duplicate account"
248 static const true_false_string tfs_nt_acb_normal = {
249 "This is a NORMAL USER account",
250 "This is NOT a normal user account"
252 static const true_false_string tfs_nt_acb_mns = {
253 "This is a MNS account",
254 "This is NOT a mns account"
256 static const true_false_string tfs_nt_acb_domtrust = {
257 "This is a DOMAIN TRUST account",
258 "This is NOT a domain trust account"
260 static const true_false_string tfs_nt_acb_wstrust = {
261 "This is a WORKSTATION TRUST account",
262 "This is NOT a workstation trust account"
264 static const true_false_string tfs_nt_acb_svrtrust = {
265 "This is a SERVER TRUST account",
266 "This is NOT a server trust account"
268 static const true_false_string tfs_nt_acb_pwnoexp = {
269 "Passwords does NOT expire",
270 "Password will EXPIRE"
272 static const true_false_string tfs_nt_acb_autolock = {
273 "This account has been AUTO LOCKED",
274 "This account has NOT been auto locked"
277 dissect_ndr_nt_acct_ctrl(tvbuff_t *tvb, int offset, packet_info *pinfo,
278 proto_tree *parent_tree, char *drep)
281 proto_item *item = NULL;
282 proto_tree *tree = NULL;
284 offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
285 hf_nt_acct_ctrl, &mask);
288 item = proto_tree_add_uint(parent_tree, hf_nt_acct_ctrl,
289 tvb, offset-4, 4, mask);
290 tree = proto_item_add_subtree(item, ett_nt_acct_ctrl);
293 proto_tree_add_boolean(tree, hf_nt_acb_autolock,
294 tvb, offset-4, 4, mask);
295 proto_tree_add_boolean(tree, hf_nt_acb_pwnoexp,
296 tvb, offset-4, 4, mask);
297 proto_tree_add_boolean(tree, hf_nt_acb_svrtrust,
298 tvb, offset-4, 4, mask);
299 proto_tree_add_boolean(tree, hf_nt_acb_wstrust,
300 tvb, offset-4, 4, mask);
301 proto_tree_add_boolean(tree, hf_nt_acb_domtrust,
302 tvb, offset-4, 4, mask);
303 proto_tree_add_boolean(tree, hf_nt_acb_mns,
304 tvb, offset-4, 4, mask);
305 proto_tree_add_boolean(tree, hf_nt_acb_normal,
306 tvb, offset-4, 4, mask);
307 proto_tree_add_boolean(tree, hf_nt_acb_tempdup,
308 tvb, offset-4, 4, mask);
309 proto_tree_add_boolean(tree, hf_nt_acb_pwnotreq,
310 tvb, offset-4, 4, mask);
311 proto_tree_add_boolean(tree, hf_nt_acb_homedirreq,
312 tvb, offset-4, 4, mask);
313 proto_tree_add_boolean(tree, hf_nt_acb_disabled,
314 tvb, offset-4, 4, mask);
320 /* above this line, just some general support routines which should be placed
321 in some more generic file common to all NT services dissectors
325 samr_dissect_open_user_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
326 proto_tree *tree, char *drep)
328 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
329 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
332 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
333 hf_samr_hnd, NULL, FALSE, FALSE);
335 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
336 hf_samr_access, NULL);
338 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
341 if (check_col(pinfo->cinfo, COL_INFO))
342 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
344 dcv->private_data = (void *)rid;
350 samr_dissect_open_user_reply(tvbuff_t *tvb, int offset,
351 packet_info *pinfo, proto_tree *tree,
354 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
355 hf_samr_hnd, NULL, FALSE, FALSE);
357 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
364 samr_dissect_pointer_long(tvbuff_t *tvb, int offset,
365 packet_info *pinfo, proto_tree *tree,
370 di=pinfo->private_data;
371 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
377 samr_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
378 packet_info *pinfo, proto_tree *tree,
383 di=pinfo->private_data;
384 if(di->conformant_run){
385 /*just a run to handle conformant arrays, nothing to dissect */
389 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
395 samr_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
396 packet_info *pinfo, proto_tree *tree,
401 di=pinfo->private_data;
402 if(di->conformant_run){
403 /*just a run to handle conformant arrays, nothing to dissect */
407 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
408 di->hf_index, di->levels);
413 samr_dissect_pointer_short(tvbuff_t *tvb, int offset,
414 packet_info *pinfo, proto_tree *tree,
419 di=pinfo->private_data;
420 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
427 samr_dissect_query_dispinfo_rqst(tvbuff_t *tvb, int offset,
428 packet_info *pinfo, proto_tree *tree,
431 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
432 hf_samr_hnd, NULL, FALSE, FALSE);
434 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
435 hf_samr_level, NULL);
436 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
437 hf_samr_start_idx, NULL);
438 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
439 hf_samr_max_entries, NULL);
440 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
441 hf_samr_pref_maxsize, NULL);
447 samr_dissect_USER_DISPINFO_1(tvbuff_t *tvb, int offset,
448 packet_info *pinfo, proto_tree *parent_tree,
451 proto_item *item=NULL;
452 proto_tree *tree=NULL;
453 int old_offset=offset;
456 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
458 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
461 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
462 hf_samr_index, NULL);
463 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
465 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
466 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
467 hf_samr_acct_name, 0);
468 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
469 hf_samr_full_name, 0);
470 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
471 hf_samr_acct_desc, 0);
473 proto_item_set_len(item, offset-old_offset);
478 samr_dissect_USER_DISPINFO_1_ARRAY_users(tvbuff_t *tvb, int offset,
479 packet_info *pinfo, proto_tree *tree,
482 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
483 samr_dissect_USER_DISPINFO_1);
489 samr_dissect_USER_DISPINFO_1_ARRAY (tvbuff_t *tvb, int offset,
490 packet_info *pinfo, proto_tree *parent_tree,
494 proto_item *item=NULL;
495 proto_tree *tree=NULL;
496 int old_offset=offset;
499 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
500 "User_DispInfo_1 Array");
501 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1_array);
505 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
506 hf_samr_count, &count);
507 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
508 samr_dissect_USER_DISPINFO_1_ARRAY_users, NDR_POINTER_PTR,
509 "USER_DISPINFO_1_ARRAY", -1, 0);
511 proto_item_set_len(item, offset-old_offset);
518 samr_dissect_USER_DISPINFO_2(tvbuff_t *tvb, int offset,
519 packet_info *pinfo, proto_tree *parent_tree,
522 proto_item *item=NULL;
523 proto_tree *tree=NULL;
524 int old_offset=offset;
527 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
529 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2);
532 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
533 hf_samr_index, NULL);
534 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
536 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
537 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
538 hf_samr_acct_name, 0);
539 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
540 hf_samr_acct_desc, 0);
542 proto_item_set_len(item, offset-old_offset);
547 samr_dissect_USER_DISPINFO_2_ARRAY_users (tvbuff_t *tvb, int offset,
548 packet_info *pinfo, proto_tree *tree,
551 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
552 samr_dissect_USER_DISPINFO_2);
558 samr_dissect_USER_DISPINFO_2_ARRAY (tvbuff_t *tvb, int offset,
559 packet_info *pinfo, proto_tree *parent_tree,
563 proto_item *item=NULL;
564 proto_tree *tree=NULL;
565 int old_offset=offset;
568 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
569 "User_DispInfo_2 Array");
570 tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2_array);
574 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
575 hf_samr_count, &count);
576 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
577 samr_dissect_USER_DISPINFO_2_ARRAY_users, NDR_POINTER_PTR,
578 "USER_DISPINFO_2_ARRAY", -1, 0);
580 proto_item_set_len(item, offset-old_offset);
589 samr_dissect_GROUP_DISPINFO(tvbuff_t *tvb, int offset,
590 packet_info *pinfo, proto_tree *parent_tree,
593 proto_item *item=NULL;
594 proto_tree *tree=NULL;
595 int old_offset=offset;
598 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
600 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo);
604 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
605 hf_samr_index, NULL);
606 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
608 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
609 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
610 hf_samr_acct_name, 0);
611 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
612 hf_samr_acct_desc, 0);
614 proto_item_set_len(item, offset-old_offset);
619 samr_dissect_GROUP_DISPINFO_ARRAY_groups(tvbuff_t *tvb, int offset,
620 packet_info *pinfo, proto_tree *tree,
623 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
624 samr_dissect_GROUP_DISPINFO);
630 samr_dissect_GROUP_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
631 packet_info *pinfo, proto_tree *parent_tree,
635 proto_item *item=NULL;
636 proto_tree *tree=NULL;
637 int old_offset=offset;
640 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
641 "Group_DispInfo Array");
642 tree = proto_item_add_subtree(item, ett_samr_group_dispinfo_array);
645 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
646 hf_samr_count, &count);
647 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
648 samr_dissect_GROUP_DISPINFO_ARRAY_groups, NDR_POINTER_PTR,
649 "GROUP_DISPINFO_ARRAY", -1, 0);
651 proto_item_set_len(item, offset-old_offset);
658 samr_dissect_ASCII_DISPINFO(tvbuff_t *tvb, int offset,
659 packet_info *pinfo, proto_tree *parent_tree,
662 proto_item *item=NULL;
663 proto_tree *tree=NULL;
664 int old_offset=offset;
667 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
669 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo);
673 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
674 hf_samr_index, NULL);
675 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
677 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
678 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
679 hf_samr_acct_name, 0);
680 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
681 hf_samr_acct_desc,0 );
683 proto_item_set_len(item, offset-old_offset);
688 samr_dissect_ASCII_DISPINFO_ARRAY_users(tvbuff_t *tvb, int offset,
689 packet_info *pinfo, proto_tree *tree,
692 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
693 samr_dissect_ASCII_DISPINFO);
699 samr_dissect_ASCII_DISPINFO_ARRAY(tvbuff_t *tvb, int offset,
700 packet_info *pinfo, proto_tree *parent_tree,
704 proto_item *item=NULL;
705 proto_tree *tree=NULL;
706 int old_offset=offset;
709 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
710 "Ascii_DispInfo Array");
711 tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo_array);
714 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
715 hf_samr_count, &count);
716 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
717 samr_dissect_ASCII_DISPINFO_ARRAY_users, NDR_POINTER_PTR,
718 "ACSII_DISPINFO_ARRAY", -1, 0);
720 proto_item_set_len(item, offset-old_offset);
726 samr_dissect_DISPLAY_INFO (tvbuff_t *tvb, int offset,
727 packet_info *pinfo, proto_tree *parent_tree,
730 proto_item *item=NULL;
731 proto_tree *tree=NULL;
732 int old_offset=offset;
736 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
738 tree = proto_item_add_subtree(item, ett_samr_display_info);
741 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
742 hf_samr_level, &level);
745 offset = samr_dissect_USER_DISPINFO_1_ARRAY(
746 tvb, offset, pinfo, tree, drep);
749 offset = samr_dissect_USER_DISPINFO_2_ARRAY(
750 tvb, offset, pinfo, tree, drep);
753 offset = samr_dissect_GROUP_DISPINFO_ARRAY(
754 tvb, offset, pinfo, tree, drep);
757 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
758 tvb, offset, pinfo, tree, drep);
761 offset = samr_dissect_ASCII_DISPINFO_ARRAY(
762 tvb, offset, pinfo, tree, drep);
766 proto_item_set_len(item, offset-old_offset);
771 samr_dissect_query_dispinfo_reply(tvbuff_t *tvb, int offset,
772 packet_info *pinfo, proto_tree *tree,
775 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
776 samr_dissect_pointer_long, NDR_POINTER_REF,
777 "", hf_samr_total_size, 0);
778 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
779 samr_dissect_pointer_long, NDR_POINTER_REF,
780 "", hf_samr_ret_size, 0);
781 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
782 samr_dissect_DISPLAY_INFO, NDR_POINTER_REF,
784 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
791 samr_dissect_get_display_enumeration_index_rqst(tvbuff_t *tvb, int offset,
796 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
797 hf_samr_hnd, NULL, FALSE, FALSE);
799 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
800 hf_samr_level, NULL);
802 offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
803 hf_samr_acct_name, 0);
809 samr_dissect_get_display_enumeration_index_reply(tvbuff_t *tvb, int offset,
810 packet_info *pinfo, proto_tree *tree,
813 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
814 samr_dissect_pointer_long, NDR_POINTER_REF,
815 "", hf_samr_index, 0);
817 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
827 samr_dissect_PASSWORD_INFO(tvbuff_t *tvb, int offset,
828 packet_info *pinfo, proto_tree *parent_tree,
831 proto_item *item=NULL;
832 proto_tree *tree=NULL;
833 int old_offset=offset;
835 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
838 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
840 tree = proto_item_add_subtree(item, ett_samr_password_info);
844 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
845 hf_samr_unknown_short, NULL);
846 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
847 hf_samr_unknown_long, NULL);
849 proto_item_set_len(item, offset-old_offset);
854 samr_dissect_get_usrdom_pwinfo_rqst(tvbuff_t *tvb, int offset,
855 packet_info *pinfo, proto_tree *tree,
858 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
859 hf_samr_hnd, NULL, FALSE, FALSE);
865 samr_dissect_get_usrdom_pwinfo_reply(tvbuff_t *tvb, int offset,
866 packet_info *pinfo, proto_tree *tree,
869 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
870 samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
873 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
881 samr_dissect_connect2_server(tvbuff_t *tvb, int offset,
882 packet_info *pinfo, proto_tree *parent_tree,
885 proto_item *item=NULL;
886 proto_tree *tree=NULL;
887 int old_offset=offset;
890 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
892 tree = proto_item_add_subtree(item, ett_samr_server);
895 offset = dissect_ndr_nt_UNICODE_STRING_str(tvb, offset, pinfo,
898 proto_item_set_len(item, offset-old_offset);
903 samr_dissect_connect2_rqst(tvbuff_t *tvb, int offset,
904 packet_info *pinfo, proto_tree *tree,
907 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
908 samr_dissect_connect2_server, NDR_POINTER_UNIQUE,
909 "Server", hf_samr_server, 1);
911 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
912 hf_samr_access, NULL);
917 samr_dissect_connect2_reply(tvbuff_t *tvb, int offset,
918 packet_info *pinfo, proto_tree *tree,
922 * XXX - does this open the handle?
924 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
925 hf_samr_hnd, NULL, TRUE, FALSE);
927 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
933 samr_dissect_connect_anon_rqst(tvbuff_t *tvb, int offset,
934 packet_info *pinfo, proto_tree *tree,
940 offset=dissect_ndr_uint16(tvb, offset, pinfo, NULL, drep,
941 hf_samr_server, &server);
944 proto_tree_add_string_format(tree, hf_samr_server, tvb, offset-2, 2,
945 str, "Server: %s", str);
951 samr_dissect_connect_anon_reply(tvbuff_t *tvb, int offset,
952 packet_info *pinfo, proto_tree *tree,
956 * XXX - does this open the handle?
958 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
959 hf_samr_hnd, NULL, TRUE, FALSE);
961 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
968 samr_dissect_USER_GROUP(tvbuff_t *tvb, int offset,
969 packet_info *pinfo, proto_tree *parent_tree,
972 proto_item *item=NULL;
973 proto_tree *tree=NULL;
974 int old_offset=offset;
977 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
979 tree = proto_item_add_subtree(item, ett_samr_user_group);
982 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
984 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
985 hf_samr_rid_attrib, NULL);
987 proto_item_set_len(item, offset-old_offset);
992 samr_dissect_USER_GROUP_ARRAY_groups (tvbuff_t *tvb, int offset,
993 packet_info *pinfo, proto_tree *tree,
996 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
997 samr_dissect_USER_GROUP);
1003 samr_dissect_USER_GROUP_ARRAY(tvbuff_t *tvb, int offset,
1004 packet_info *pinfo, proto_tree *parent_tree,
1008 proto_item *item=NULL;
1009 proto_tree *tree=NULL;
1010 int old_offset=offset;
1013 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1014 "USER_GROUP_ARRAY");
1015 tree = proto_item_add_subtree(item, ett_samr_user_group_array);
1018 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1019 hf_samr_count, &count);
1020 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1021 samr_dissect_USER_GROUP_ARRAY_groups, NDR_POINTER_UNIQUE,
1022 "USER_GROUP_ARRAY", -1, 0);
1024 proto_item_set_len(item, offset-old_offset);
1029 samr_dissect_USER_GROUP_ARRAY_ptr(tvbuff_t *tvb, int offset,
1030 packet_info *pinfo, proto_tree *tree,
1033 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1034 samr_dissect_USER_GROUP_ARRAY, NDR_POINTER_UNIQUE,
1035 "USER_GROUP_ARRAY", -1, 0);
1040 samr_dissect_get_groups_for_user_rqst(tvbuff_t *tvb, int offset,
1041 packet_info *pinfo, proto_tree *tree,
1044 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1045 hf_samr_hnd, NULL, FALSE, FALSE);
1051 samr_dissect_get_groups_for_user_reply(tvbuff_t *tvb, int offset,
1052 packet_info *pinfo, proto_tree *tree,
1055 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1056 samr_dissect_USER_GROUP_ARRAY_ptr, NDR_POINTER_REF,
1059 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1067 samr_dissect_open_domain_rqst(tvbuff_t *tvb, int offset,
1068 packet_info *pinfo, proto_tree *tree,
1071 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1072 hf_samr_hnd, NULL, FALSE, FALSE);
1074 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1075 hf_samr_access, NULL);
1076 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1077 dissect_ndr_nt_SID, NDR_POINTER_REF,
1083 samr_dissect_open_domain_reply(tvbuff_t *tvb, int offset,
1084 packet_info *pinfo, proto_tree *tree,
1087 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1088 hf_samr_hnd, NULL, FALSE, FALSE);
1090 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1097 samr_dissect_context_handle_SID(tvbuff_t *tvb, int offset,
1098 packet_info *pinfo, proto_tree *tree,
1101 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1102 hf_samr_hnd, NULL, FALSE, FALSE);
1104 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1105 dissect_ndr_nt_SID, NDR_POINTER_REF,
1111 samr_dissect_add_member_to_group_rqst(tvbuff_t *tvb, int offset,
1112 packet_info *pinfo, proto_tree *tree,
1115 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1116 hf_samr_hnd, NULL, FALSE, FALSE);
1118 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1119 hf_samr_group, NULL);
1121 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1128 samr_dissect_add_member_to_group_reply(tvbuff_t *tvb, int offset,
1129 packet_info *pinfo, proto_tree *tree,
1132 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1139 samr_dissect_unknown_3c_rqst(tvbuff_t *tvb, int offset,
1140 packet_info *pinfo, proto_tree *tree,
1143 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1144 hf_samr_hnd, NULL, FALSE, FALSE);
1150 samr_dissect_unknown_3c_reply(tvbuff_t *tvb, int offset,
1151 packet_info *pinfo, proto_tree *tree,
1154 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1155 samr_dissect_pointer_short, NDR_POINTER_REF,
1156 "", hf_samr_unknown_short, 0);
1158 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1164 samr_dissect_create_alias_in_domain_rqst(tvbuff_t *tvb, int offset,
1165 packet_info *pinfo, proto_tree *tree,
1168 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1169 hf_samr_hnd, NULL, FALSE, FALSE);
1171 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1172 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1173 "Account Name", hf_samr_acct_name, 0);
1175 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1176 hf_samr_access, NULL);
1182 samr_dissect_create_alias_in_domain_reply(tvbuff_t *tvb, int offset,
1183 packet_info *pinfo, proto_tree *tree,
1186 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1187 hf_samr_hnd, NULL, FALSE, FALSE);
1189 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1192 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1199 samr_dissect_query_information_alias_rqst(tvbuff_t *tvb, int offset,
1201 proto_tree *tree, char *drep)
1203 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1204 hf_samr_hnd, NULL, FALSE, FALSE);
1206 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1207 hf_samr_level, NULL);
1213 samr_dissect_ALIAS_INFO_1 (tvbuff_t *tvb, int offset,
1214 packet_info *pinfo, proto_tree *tree,
1217 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1219 hf_samr_acct_name, 0);
1220 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1222 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1224 hf_samr_acct_desc, 0);
1229 samr_dissect_ALIAS_INFO(tvbuff_t *tvb, int offset,
1230 packet_info *pinfo, proto_tree *parent_tree,
1233 proto_item *item=NULL;
1234 proto_tree *tree=NULL;
1235 int old_offset=offset;
1239 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1241 tree = proto_item_add_subtree(item, ett_samr_alias_info);
1244 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1245 hf_samr_level, &level);
1248 offset = samr_dissect_ALIAS_INFO_1(
1249 tvb, offset, pinfo, tree, drep);
1252 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1254 hf_samr_acct_name, 0);
1257 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1259 hf_samr_acct_desc, 0);
1263 proto_item_set_len(item, offset-old_offset);
1268 samr_dissect_ALIAS_INFO_ptr(tvbuff_t *tvb, int offset,
1269 packet_info *pinfo, proto_tree *tree,
1272 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1273 samr_dissect_ALIAS_INFO, NDR_POINTER_UNIQUE,
1274 "ALIAS_INFO", -1, 0);
1279 samr_dissect_query_information_alias_reply(tvbuff_t *tvb, int offset,
1281 proto_tree *tree, char *drep)
1283 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1284 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1287 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1294 samr_dissect_set_information_alias_rqst(tvbuff_t *tvb, int offset,
1295 packet_info *pinfo, proto_tree *tree,
1298 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1299 hf_samr_hnd, NULL, FALSE, FALSE);
1301 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1302 hf_samr_level, NULL);
1303 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1304 samr_dissect_ALIAS_INFO, NDR_POINTER_REF,
1310 samr_dissect_set_information_alias_reply(tvbuff_t *tvb, int offset,
1311 packet_info *pinfo, proto_tree *tree,
1314 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1315 samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
1318 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1324 samr_dissect_CRYPT_PASSWORD(tvbuff_t *tvb, int offset,
1325 packet_info *pinfo _U_, proto_tree *tree,
1328 proto_tree_add_item(tree, hf_samr_crypt_password, tvb, offset, 516,
1335 samr_dissect_CRYPT_HASH(tvbuff_t *tvb, int offset,
1336 packet_info *pinfo _U_, proto_tree *tree,
1339 proto_tree_add_item(tree, hf_samr_crypt_hash, tvb, offset, 16,
1347 samr_dissect_oem_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1349 proto_tree *tree, char *drep)
1351 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1352 hf_samr_hnd, NULL, FALSE, FALSE);
1354 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1355 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1356 "Server", hf_samr_server, 0);
1357 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1358 samr_dissect_pointer_STRING, NDR_POINTER_REF,
1359 "Account Name", hf_samr_acct_name, 0);
1360 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1361 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1363 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1364 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1370 samr_dissect_oem_change_password_user2_reply(tvbuff_t *tvb, int offset,
1372 proto_tree *tree, char *drep)
1374 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1381 samr_dissect_unicode_change_password_user2_rqst(tvbuff_t *tvb, int offset,
1383 proto_tree *tree, char *drep)
1385 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1386 hf_samr_hnd, NULL, FALSE, FALSE);
1388 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1389 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1390 "Server", hf_samr_server, 0);
1391 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1392 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1393 "Account Name", hf_samr_acct_name, 0);
1394 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1395 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1397 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1398 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1400 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1401 hf_samr_lm_change, NULL);
1402 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1403 samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
1405 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1406 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1412 samr_dissect_unicode_change_password_user2_reply(tvbuff_t *tvb, int offset,
1414 proto_tree *tree, char *drep)
1416 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1423 samr_dissect_unknown_3b_rqst(tvbuff_t *tvb, int offset,
1424 packet_info *pinfo, proto_tree *tree,
1427 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1428 hf_samr_hnd, NULL, FALSE, FALSE);
1430 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1431 hf_samr_unknown_short, NULL);
1432 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1433 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1434 "Unknown", hf_samr_unknown_string, 0);
1435 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1436 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
1437 "Unknown", hf_samr_unknown_string, 0);
1442 samr_dissect_unknown_3b_reply(tvbuff_t *tvb, int offset,
1443 packet_info *pinfo, proto_tree *tree,
1446 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1453 samr_dissect_create_user2_in_domain_rqst(tvbuff_t *tvb, int offset,
1454 packet_info *pinfo, proto_tree *tree,
1457 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1458 hf_samr_hnd, NULL, FALSE, FALSE);
1460 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1461 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1462 "Account Name", hf_samr_acct_name, 0);
1463 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
1464 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1465 hf_samr_access, NULL);
1471 samr_dissect_create_user2_in_domain_reply(tvbuff_t *tvb, int offset,
1472 packet_info *pinfo, proto_tree *tree,
1475 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1476 hf_samr_hnd, NULL, FALSE, FALSE);
1478 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1479 hf_samr_unknown_long, NULL);
1480 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1483 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1489 samr_dissect_get_display_enumeration_index2_rqst(tvbuff_t *tvb, int offset,
1491 proto_tree *tree, char *drep)
1493 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1494 hf_samr_hnd, NULL, FALSE, FALSE);
1496 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1497 hf_samr_level, NULL);
1498 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1499 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
1500 "Account Name", hf_samr_acct_name, 0);
1505 samr_dissect_get_display_enumeration_index2_reply(tvbuff_t *tvb, int offset,
1506 packet_info *pinfo, proto_tree *tree,
1509 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1510 hf_samr_index, NULL);
1512 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1518 samr_dissect_change_password_user_rqst(tvbuff_t *tvb, int offset,
1519 packet_info *pinfo, proto_tree *tree,
1522 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1523 hf_samr_hnd, NULL, FALSE, FALSE);
1525 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1526 hf_samr_unknown_char, NULL);
1527 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1528 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1530 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1531 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1533 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1534 hf_samr_unknown_char, NULL);
1535 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1536 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1538 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1539 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1541 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1542 hf_samr_unknown_char, NULL);
1543 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1544 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1546 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1547 hf_samr_unknown_char, NULL);
1548 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1549 samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
1556 samr_dissect_change_password_user_reply(tvbuff_t *tvb, int offset,
1557 packet_info *pinfo, proto_tree *tree,
1560 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1567 samr_dissect_set_member_attributes_of_group_rqst(tvbuff_t *tvb, int offset,
1569 proto_tree *tree, char *drep)
1571 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1572 hf_samr_hnd, NULL, FALSE, FALSE);
1574 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1575 hf_samr_attrib, NULL);
1580 samr_dissect_set_member_attributes_of_group_reply(tvbuff_t *tvb, int offset,
1581 packet_info *pinfo, proto_tree *tree,
1584 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1591 samr_dissect_GROUP_INFO_1 (tvbuff_t *tvb, int offset,
1592 packet_info *pinfo, proto_tree *tree,
1595 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1597 hf_samr_acct_name, 0);
1598 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1600 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1601 hf_samr_attrib, NULL);
1602 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1604 hf_samr_acct_desc, 0);
1609 samr_dissect_GROUP_INFO(tvbuff_t *tvb, int offset,
1610 packet_info *pinfo, proto_tree *parent_tree,
1613 proto_item *item=NULL;
1614 proto_tree *tree=NULL;
1615 int old_offset=offset;
1619 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1621 tree = proto_item_add_subtree(item, ett_samr_group_info);
1624 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1625 hf_samr_level, &level);
1628 offset = samr_dissect_GROUP_INFO_1(
1629 tvb, offset, pinfo, tree, drep);
1632 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1634 hf_samr_acct_name, 0);
1637 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1638 hf_samr_attrib, NULL);
1641 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1643 hf_samr_acct_desc, 0);
1647 proto_item_set_len(item, offset-old_offset);
1652 samr_dissect_GROUP_INFO_ptr(tvbuff_t *tvb, int offset,
1653 packet_info *pinfo, proto_tree *tree,
1656 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1657 samr_dissect_GROUP_INFO, NDR_POINTER_UNIQUE,
1658 "GROUP_INFO", -1, 0);
1663 samr_dissect_query_information_group_rqst(tvbuff_t *tvb, int offset,
1665 proto_tree *tree, char *drep)
1667 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1668 hf_samr_hnd, NULL, FALSE, FALSE);
1670 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1671 hf_samr_level, NULL);
1677 samr_dissect_query_information_group_reply(tvbuff_t *tvb, int offset,
1678 packet_info *pinfo, proto_tree *tree,
1681 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1682 samr_dissect_GROUP_INFO_ptr, NDR_POINTER_REF,
1685 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1691 samr_dissect_set_information_group_rqst(tvbuff_t *tvb, int offset,
1692 packet_info *pinfo, proto_tree *tree,
1695 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1696 hf_samr_hnd, NULL, FALSE, FALSE);
1698 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1699 hf_samr_level, NULL);
1700 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1701 samr_dissect_GROUP_INFO, NDR_POINTER_REF,
1707 samr_dissect_set_information_group_reply(tvbuff_t *tvb, int offset,
1708 packet_info *pinfo, proto_tree *tree,
1711 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
1719 samr_dissect_get_domain_password_information_rqst(tvbuff_t *tvb, int offset,
1724 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1725 hf_samr_hnd, NULL, FALSE, FALSE);
1727 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1728 samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
1729 "Domain", hf_samr_domain, 0);
1734 samr_dissect_get_domain_password_information_reply(tvbuff_t *tvb, int offset,
1740 * XXX - really? Not the same as
1741 * "samr_dissect_get_usrdom_pwinfo_reply()"?
1743 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
1744 hf_samr_hnd, NULL, FALSE, FALSE);
1750 samr_dissect_DOMAIN_INFO_1(tvbuff_t *tvb, int offset,
1751 packet_info *pinfo, proto_tree *parent_tree,
1754 proto_item *item=NULL;
1755 proto_tree *tree=NULL;
1756 int old_offset=offset;
1758 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
1761 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1763 tree = proto_item_add_subtree(item, ett_samr_domain_info_1);
1766 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1767 hf_samr_min_pwd_len, NULL);
1768 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
1769 hf_samr_pwd_history_len, NULL);
1770 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
1771 hf_samr_unknown_long, NULL);
1772 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1773 hf_samr_max_pwd_age);
1774 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1775 hf_samr_min_pwd_age);
1776 proto_item_set_len(item, offset-old_offset);
1781 samr_dissect_DOMAIN_INFO_2(tvbuff_t *tvb, int offset,
1782 packet_info *pinfo, proto_tree *parent_tree,
1785 proto_item *item=NULL;
1786 proto_tree *tree=NULL;
1787 int old_offset=offset;
1790 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1792 tree = proto_item_add_subtree(item, ett_samr_domain_info_2);
1795 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1796 hf_samr_unknown_time);
1797 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1798 hf_samr_unknown_string, 0);
1799 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1801 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
1802 hf_samr_controller, 0);
1803 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1804 hf_samr_unknown_time);
1805 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1806 hf_samr_unknown_long, NULL);
1807 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1808 hf_samr_unknown_long, NULL);
1809 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
1810 hf_samr_unknown_char, NULL);
1811 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1812 hf_samr_num_users, NULL);
1813 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1814 hf_samr_num_groups, NULL);
1815 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
1816 hf_samr_num_aliases, NULL);
1818 proto_item_set_len(item, offset-old_offset);
1823 samr_dissect_DOMAIN_INFO_8(tvbuff_t *tvb, int offset,
1824 packet_info *pinfo, proto_tree *parent_tree,
1827 proto_item *item=NULL;
1828 proto_tree *tree=NULL;
1829 int old_offset=offset;
1832 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1834 tree = proto_item_add_subtree(item, ett_samr_domain_info_8);
1837 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1838 hf_samr_max_pwd_age);
1839 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1840 hf_samr_min_pwd_age);
1842 proto_item_set_len(item, offset-old_offset);
1847 samr_dissect_REPLICATION_STATUS(tvbuff_t *tvb, int offset,
1848 packet_info *pinfo, proto_tree *parent_tree,
1851 proto_item *item=NULL;
1852 proto_tree *tree=NULL;
1853 int old_offset=offset;
1856 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1857 "REPLICATION_STATUS:");
1858 tree = proto_item_add_subtree(item, ett_samr_replication_status);
1861 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1862 hf_samr_unknown_hyper, NULL);
1863 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
1864 hf_samr_unknown_hyper, NULL);
1865 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1866 hf_samr_unknown_short, NULL);
1868 proto_item_set_len(item, offset-old_offset);
1873 samr_dissect_DOMAIN_INFO_11(tvbuff_t *tvb, int offset,
1874 packet_info *pinfo, proto_tree *parent_tree,
1877 proto_item *item=NULL;
1878 proto_tree *tree=NULL;
1879 int old_offset=offset;
1882 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1884 tree = proto_item_add_subtree(item, ett_samr_domain_info_11);
1887 offset = samr_dissect_DOMAIN_INFO_2(
1888 tvb, offset, pinfo, tree, drep);
1889 offset = samr_dissect_REPLICATION_STATUS(
1890 tvb, offset, pinfo, tree, drep);
1892 proto_item_set_len(item, offset-old_offset);
1897 samr_dissect_DOMAIN_INFO_13(tvbuff_t *tvb, int offset,
1898 packet_info *pinfo, proto_tree *parent_tree,
1901 proto_item *item=NULL;
1902 proto_tree *tree=NULL;
1903 int old_offset=offset;
1906 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1908 tree = proto_item_add_subtree(item, ett_samr_domain_info_13);
1911 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1912 hf_samr_unknown_time);
1913 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1914 hf_samr_unknown_time);
1915 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1916 hf_samr_unknown_time);
1918 proto_item_set_len(item, offset-old_offset);
1924 samr_dissect_DOMAIN_INFO(tvbuff_t *tvb, int offset,
1925 packet_info *pinfo, proto_tree *parent_tree,
1928 proto_item *item=NULL;
1929 proto_tree *tree=NULL;
1930 int old_offset=offset;
1934 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
1936 tree = proto_item_add_subtree(item, ett_samr_domain_info);
1939 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1940 hf_samr_level, &level);
1942 ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
1945 offset = samr_dissect_DOMAIN_INFO_1(
1946 tvb, offset, pinfo, tree, drep);
1949 offset = samr_dissect_DOMAIN_INFO_2(
1950 tvb, offset, pinfo, tree, drep);
1954 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
1955 hf_samr_unknown_time);
1958 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1959 tree, drep, hf_samr_unknown_string, 0);
1963 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1964 tree, drep, hf_samr_domain, 0);
1968 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
1969 tree, drep, hf_samr_controller, 0);
1973 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1974 hf_samr_unknown_short, NULL);
1977 offset = samr_dissect_DOMAIN_INFO_8(
1978 tvb, offset, pinfo, tree, drep);
1981 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
1982 hf_samr_unknown_short, NULL);
1985 offset = samr_dissect_DOMAIN_INFO_11(
1986 tvb, offset, pinfo, tree, drep);
1989 offset = samr_dissect_REPLICATION_STATUS(
1990 tvb, offset, pinfo, tree, drep);
1993 offset = samr_dissect_DOMAIN_INFO_13(
1994 tvb, offset, pinfo, tree, drep);
1998 proto_item_set_len(item, offset-old_offset);
2003 samr_dissect_set_information_domain_rqst(tvbuff_t *tvb, int offset,
2004 packet_info *pinfo, proto_tree *tree,
2007 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2008 hf_samr_hnd, NULL, FALSE, FALSE);
2010 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2011 hf_samr_level, NULL);
2012 offset = samr_dissect_DOMAIN_INFO(tvb, offset, pinfo, tree, drep);
2018 samr_dissect_set_information_domain_reply(tvbuff_t *tvb, int offset,
2020 proto_tree *tree, char *drep)
2022 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2029 samr_dissect_lookup_domain_rqst(tvbuff_t *tvb, int offset,
2030 packet_info *pinfo, proto_tree *tree,
2033 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2034 hf_samr_hnd, NULL, FALSE, FALSE);
2036 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2037 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
2038 "", hf_samr_domain, 0);
2044 samr_dissect_lookup_domain_reply(tvbuff_t *tvb, int offset,
2045 packet_info *pinfo, proto_tree *tree,
2048 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2049 dissect_ndr_nt_SID_ptr, NDR_POINTER_REF,
2052 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2058 dissect_ndr_nt_PSID(tvbuff_t *tvb, int offset,
2059 packet_info *pinfo, proto_tree *parent_tree,
2062 proto_item *item=NULL;
2063 proto_tree *tree=NULL;
2064 int old_offset=offset;
2067 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2069 tree = proto_item_add_subtree(item, ett_samr_sid_pointer);
2072 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2073 dissect_ndr_nt_SID, NDR_POINTER_UNIQUE,
2076 proto_item_set_len(item, offset-old_offset);
2082 dissect_ndr_nt_PSID_ARRAY_sids (tvbuff_t *tvb, int offset,
2083 packet_info *pinfo, proto_tree *tree,
2086 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2087 dissect_ndr_nt_PSID);
2094 dissect_ndr_nt_PSID_ARRAY(tvbuff_t *tvb, int offset,
2095 packet_info *pinfo, proto_tree *parent_tree,
2099 proto_item *item=NULL;
2100 proto_tree *tree=NULL;
2101 int old_offset=offset;
2104 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2106 tree = proto_item_add_subtree(item, ett_samr_sid_array);
2109 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2110 hf_samr_count, &count);
2111 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2112 dissect_ndr_nt_PSID_ARRAY_sids, NDR_POINTER_UNIQUE,
2113 "PSID_ARRAY", -1, 0);
2115 proto_item_set_len(item, offset-old_offset);
2119 /* called from NETLOGON but placed here since where are where the hf_fields are defined */
2121 dissect_ndr_nt_SID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
2122 packet_info *pinfo, proto_tree *parent_tree,
2125 proto_item *item=NULL;
2126 proto_tree *tree=NULL;
2129 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2130 "SID_AND_ATTRIBUTES:");
2131 tree = proto_item_add_subtree(item, ett_samr_sid_and_attributes);
2134 offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
2136 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2137 hf_samr_attrib, NULL);
2143 dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
2144 packet_info *pinfo, proto_tree *parent_tree,
2148 proto_item *item=NULL;
2149 proto_tree *tree=NULL;
2150 int old_offset=offset;
2153 item = proto_tree_add_text(parent_tree, tvb, offset, 0,
2154 "SID_AND_ATTRIBUTES array:");
2155 tree = proto_item_add_subtree(item, ett_samr_sid_and_attributes_array);
2158 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2159 hf_samr_count, &count);
2160 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2161 dissect_ndr_nt_SID_AND_ATTRIBUTES);
2163 proto_item_set_len(item, offset-old_offset);
2169 samr_dissect_index(tvbuff_t *tvb, int offset,
2170 packet_info *pinfo, proto_tree *tree,
2175 di=pinfo->private_data;
2177 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2178 di->hf_index, NULL);
2185 samr_dissect_INDEX_ARRAY_value (tvbuff_t *tvb, int offset,
2186 packet_info *pinfo, proto_tree *tree,
2189 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2190 samr_dissect_index);
2196 plural_ending(const char *string)
2200 string_len = strlen(string);
2201 if (string_len > 0 && string[string_len - 1] == 's') {
2202 /* String ends with "s" - pluralize by adding "es" */
2205 /* Field name doesn't end with "s" - pluralize by adding "s" */
2211 samr_dissect_INDEX_ARRAY(tvbuff_t *tvb, int offset,
2212 packet_info *pinfo, proto_tree *parent_tree,
2217 proto_item *item=NULL;
2218 proto_tree *tree=NULL;
2219 int old_offset=offset;
2223 di=pinfo->private_data;
2225 field_name = proto_registrar_get_name(di->hf_index);
2226 snprintf(str, 255, "INDEX_ARRAY: %s%s:", field_name,
2227 plural_ending(field_name));
2229 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2231 tree = proto_item_add_subtree(item, ett_samr_index_array);
2234 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2235 hf_samr_count, &count);
2236 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2237 samr_dissect_INDEX_ARRAY_value, NDR_POINTER_UNIQUE,
2238 str, di->hf_index, 0);
2240 proto_item_set_len(item, offset-old_offset);
2245 samr_dissect_get_alias_membership_rqst(tvbuff_t *tvb, int offset,
2246 packet_info *pinfo, proto_tree *tree,
2249 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2250 hf_samr_hnd, NULL, FALSE, FALSE);
2252 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2253 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2260 samr_dissect_get_alias_membership_reply(tvbuff_t *tvb, int offset,
2261 packet_info *pinfo, proto_tree *tree,
2264 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2265 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
2266 "", hf_samr_alias, 0);
2268 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2275 samr_dissect_IDX_AND_NAME(tvbuff_t *tvb, int offset,
2276 packet_info *pinfo, proto_tree *parent_tree,
2279 proto_item *item=NULL;
2280 proto_tree *tree=NULL;
2281 int old_offset=offset;
2285 di=pinfo->private_data;
2287 snprintf(str, 255, "IDX_AND_NAME: %s:",proto_registrar_get_name(di->hf_index));
2289 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2291 tree = proto_item_add_subtree(item, ett_samr_idx_and_name);
2294 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2295 hf_samr_index, NULL);
2296 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
2297 tree, drep, di->hf_index, 4);
2299 proto_item_set_len(item, offset-old_offset);
2304 samr_dissect_IDX_AND_NAME_entry (tvbuff_t *tvb, int offset,
2305 packet_info *pinfo, proto_tree *tree,
2308 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2309 samr_dissect_IDX_AND_NAME);
2316 samr_dissect_IDX_AND_NAME_ARRAY(tvbuff_t *tvb, int offset,
2317 packet_info *pinfo, proto_tree *parent_tree,
2322 proto_item *item=NULL;
2323 proto_tree *tree=NULL;
2324 int old_offset=offset;
2328 di=pinfo->private_data;
2330 field_name = proto_registrar_get_name(di->hf_index);
2333 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2334 "IDX_AND_NAME_ARRAY: %s%s:", field_name,
2335 plural_ending(field_name));
2336 tree = proto_item_add_subtree(item, ett_samr_idx_and_name_array);
2340 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2341 hf_samr_count, &count);
2342 snprintf(str, 255, "IDX_AND_NAME pointer: %s%s:", field_name,
2343 plural_ending(field_name));
2344 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2345 samr_dissect_IDX_AND_NAME_entry, NDR_POINTER_UNIQUE,
2346 str, di->hf_index, 0);
2348 proto_item_set_len(item, offset-old_offset);
2353 samr_dissect_IDX_AND_NAME_ARRAY_ptr(tvbuff_t *tvb, int offset,
2354 packet_info *pinfo, proto_tree *tree,
2361 di=pinfo->private_data;
2363 field_name = proto_registrar_get_name(di->hf_index);
2364 snprintf(str, 255, "IDX_AND_NAME_ARRAY pointer: %s%s:", field_name,
2365 plural_ending(field_name));
2366 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2367 samr_dissect_IDX_AND_NAME_ARRAY, NDR_POINTER_UNIQUE,
2368 str, di->hf_index, 0);
2373 samr_dissect_enum_domains_rqst(tvbuff_t *tvb, int offset,
2374 packet_info *pinfo, proto_tree *tree,
2377 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2378 hf_samr_hnd, NULL, FALSE, FALSE);
2380 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2381 samr_dissect_pointer_long, NDR_POINTER_REF,
2382 "", hf_samr_resume_hnd, 0);
2384 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2385 hf_samr_pref_maxsize, NULL);
2391 samr_dissect_enum_domains_reply(tvbuff_t *tvb, int offset,
2392 packet_info *pinfo, proto_tree *tree,
2395 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2396 samr_dissect_pointer_long, NDR_POINTER_REF,
2397 "", hf_samr_resume_hnd, 0);
2398 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2399 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2400 "", hf_samr_domain, 0);
2401 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2402 samr_dissect_pointer_long, NDR_POINTER_REF,
2403 "", hf_samr_entries, 0);
2405 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2412 samr_dissect_enum_dom_groups_rqst(tvbuff_t *tvb, int offset,
2413 packet_info *pinfo, proto_tree *tree,
2416 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2417 hf_samr_hnd, NULL, FALSE, FALSE);
2419 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2420 samr_dissect_pointer_long, NDR_POINTER_REF,
2421 "", hf_samr_resume_hnd, 0);
2422 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2423 hf_samr_mask, NULL);
2424 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2425 hf_samr_pref_maxsize, NULL);
2431 samr_dissect_enum_dom_groups_reply(tvbuff_t *tvb, int offset,
2432 packet_info *pinfo, proto_tree *tree,
2435 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2436 samr_dissect_pointer_long, NDR_POINTER_REF,
2437 "", hf_samr_resume_hnd, 0);
2438 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2439 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2440 "", hf_samr_group_name, 0);
2441 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2442 samr_dissect_pointer_long, NDR_POINTER_REF,
2443 "", hf_samr_entries, 0);
2445 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2452 samr_dissect_enum_dom_aliases_rqst(tvbuff_t *tvb, int offset,
2453 packet_info *pinfo, proto_tree *tree,
2456 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2457 hf_samr_hnd, NULL, FALSE, FALSE);
2459 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2460 samr_dissect_pointer_long, NDR_POINTER_REF,
2461 "", hf_samr_resume_hnd, 0);
2463 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2464 hf_samr_mask, NULL);
2466 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2467 hf_samr_pref_maxsize, NULL);
2473 samr_dissect_enum_dom_aliases_reply(tvbuff_t *tvb, int offset,
2474 packet_info *pinfo, proto_tree *tree,
2477 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2478 samr_dissect_pointer_long, NDR_POINTER_REF,
2479 "", hf_samr_resume_hnd, 0);
2481 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2482 samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
2483 "", hf_samr_alias_name, 0);
2485 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2486 samr_dissect_pointer_long, NDR_POINTER_REF,
2487 "", hf_samr_entries, 0);
2489 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2496 samr_dissect_get_members_in_alias_rqst(tvbuff_t *tvb, int offset,
2497 packet_info *pinfo, proto_tree *tree,
2500 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
2501 hf_samr_hnd, NULL, FALSE, FALSE);
2507 samr_dissect_get_members_in_alias_reply(tvbuff_t *tvb, int offset,
2508 packet_info *pinfo, proto_tree *tree,
2511 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2512 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
2515 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
2522 samr_dissect_LOGON_HOURS_entry(tvbuff_t *tvb, int offset,
2523 packet_info *pinfo, proto_tree *tree,
2526 offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
2527 hf_samr_unknown_char, NULL);
2532 samr_dissect_LOGON_HOURS_hours(tvbuff_t *tvb, int offset,
2533 packet_info *pinfo, proto_tree *parent_tree,
2536 proto_item *item=NULL;
2537 proto_tree *tree=NULL;
2538 int old_offset=offset;
2541 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2543 tree = proto_item_add_subtree(item, ett_samr_logon_hours_hours);
2546 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
2547 samr_dissect_LOGON_HOURS_entry);
2549 proto_item_set_len(item, offset-old_offset);
2556 dissect_ndr_nt_LOGON_HOURS(tvbuff_t *tvb, int offset,
2557 packet_info *pinfo, proto_tree *parent_tree,
2560 proto_item *item=NULL;
2561 proto_tree *tree=NULL;
2562 int old_offset=offset;
2564 ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
2567 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2569 tree = proto_item_add_subtree(item, ett_samr_logon_hours);
2572 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2573 hf_samr_divisions, NULL);
2574 /* XXX - is this a bitmask like the "logon hours" field in the
2575 Remote API call "NetUserGetInfo()" with an information level
2577 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2578 samr_dissect_LOGON_HOURS_hours, NDR_POINTER_UNIQUE,
2579 "LOGON_HOURS", -1, 0);
2581 proto_item_set_len(item, offset-old_offset);
2587 samr_dissect_USER_INFO_1(tvbuff_t *tvb, int offset,
2588 packet_info *pinfo, proto_tree *parent_tree,
2591 proto_item *item=NULL;
2592 proto_tree *tree=NULL;
2593 int old_offset=offset;
2596 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2598 tree = proto_item_add_subtree(item, ett_samr_user_info_1);
2601 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2602 hf_samr_acct_name, 0);
2603 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2604 hf_samr_full_name, 0);
2605 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2606 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2608 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2611 proto_item_set_len(item, offset-old_offset);
2616 samr_dissect_USER_INFO_2(tvbuff_t *tvb, int offset,
2617 packet_info *pinfo, proto_tree *parent_tree,
2620 proto_item *item=NULL;
2621 proto_tree *tree=NULL;
2622 int old_offset=offset;
2625 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2627 tree = proto_item_add_subtree(item, ett_samr_user_info_2);
2630 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2631 hf_samr_acct_name, 0);
2632 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2633 hf_samr_full_name, 0);
2634 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2635 hf_samr_bad_pwd_count, NULL);
2636 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2637 hf_samr_logon_count, NULL);
2639 proto_item_set_len(item, offset-old_offset);
2644 samr_dissect_USER_INFO_3(tvbuff_t *tvb, int offset,
2645 packet_info *pinfo, proto_tree *parent_tree,
2648 proto_item *item=NULL;
2649 proto_tree *tree=NULL;
2650 int old_offset=offset;
2653 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2655 tree = proto_item_add_subtree(item, ett_samr_user_info_3);
2658 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2659 hf_samr_acct_name, 0);
2660 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2661 hf_samr_full_name, 0);
2662 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2664 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2665 hf_samr_group, NULL);
2666 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2668 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2669 hf_samr_home_drive, 0);
2670 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2672 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2673 hf_samr_acct_desc, 0);
2674 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2675 hf_samr_workstations, 0);
2676 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2677 hf_samr_logon_time);
2678 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2679 hf_samr_logoff_time);
2680 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2681 hf_samr_pwd_last_set_time);
2682 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2683 hf_samr_pwd_can_change_time);
2684 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2685 hf_samr_pwd_must_change_time);
2686 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2687 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2688 hf_samr_logon_count, NULL);
2689 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2690 hf_samr_bad_pwd_count, NULL);
2691 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2693 proto_item_set_len(item, offset-old_offset);
2698 samr_dissect_USER_INFO_5(tvbuff_t *tvb, int offset,
2699 packet_info *pinfo, proto_tree *parent_tree,
2702 proto_item *item=NULL;
2703 proto_tree *tree=NULL;
2704 int old_offset=offset;
2707 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2709 tree = proto_item_add_subtree(item, ett_samr_user_info_5);
2712 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2713 hf_samr_acct_name, 0);
2714 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2715 hf_samr_full_name, 0);
2716 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2718 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2719 hf_samr_group, NULL);
2720 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2721 hf_samr_country, NULL);
2722 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2723 hf_samr_codepage, NULL);
2724 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2726 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2727 hf_samr_home_drive, 0);
2728 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2730 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2731 hf_samr_acct_desc, 0);
2732 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2733 hf_samr_workstations, 0);
2734 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2735 hf_samr_logon_time);
2736 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2737 hf_samr_logoff_time);
2738 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2739 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2740 hf_samr_bad_pwd_count, NULL);
2741 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2742 hf_samr_logon_count, NULL);
2743 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2744 hf_samr_pwd_last_set_time);
2745 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2746 hf_samr_acct_expiry_time);
2747 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2749 proto_item_set_len(item, offset-old_offset);
2754 samr_dissect_USER_INFO_6(tvbuff_t *tvb, int offset,
2755 packet_info *pinfo, proto_tree *parent_tree,
2758 proto_item *item=NULL;
2759 proto_tree *tree=NULL;
2760 int old_offset=offset;
2763 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2765 tree = proto_item_add_subtree(item, ett_samr_user_info_6);
2768 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2769 hf_samr_acct_name, 0);
2770 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2771 hf_samr_full_name, 0);
2773 proto_item_set_len(item, offset-old_offset);
2778 samr_dissect_USER_INFO_18(tvbuff_t *tvb, int offset,
2779 packet_info *pinfo, proto_tree *parent_tree,
2782 proto_item *item=NULL;
2783 proto_tree *tree=NULL;
2784 int old_offset=offset;
2787 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2789 tree = proto_item_add_subtree(item, ett_samr_user_info_18);
2792 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
2793 offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
2794 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2795 hf_samr_unknown_char, NULL);
2796 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2797 hf_samr_unknown_char, NULL);
2798 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2799 hf_samr_unknown_char, NULL);
2801 proto_item_set_len(item, offset-old_offset);
2806 samr_dissect_USER_INFO_19(tvbuff_t *tvb, int offset,
2807 packet_info *pinfo, proto_tree *parent_tree,
2810 proto_item *item=NULL;
2811 proto_tree *tree=NULL;
2812 int old_offset=offset;
2815 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2817 tree = proto_item_add_subtree(item, ett_samr_user_info_19);
2820 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2821 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2822 hf_samr_logon_time);
2823 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2824 hf_samr_logoff_time);
2825 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2826 hf_samr_bad_pwd_count, NULL);
2827 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2828 hf_samr_logon_count, NULL);
2830 proto_item_set_len(item, offset-old_offset);
2835 samr_dissect_BUFFER_entry(tvbuff_t *tvb, int offset,
2836 packet_info *pinfo, proto_tree *tree,
2839 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2840 hf_samr_unknown_char, NULL);
2846 samr_dissect_BUFFER_buffer(tvbuff_t *tvb, int offset,
2847 packet_info *pinfo, proto_tree *parent_tree,
2850 proto_item *item=NULL;
2851 proto_tree *tree=NULL;
2852 int old_offset=offset;
2855 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2857 tree = proto_item_add_subtree(item, ett_samr_buffer_buffer);
2860 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
2861 samr_dissect_BUFFER_entry);
2863 proto_item_set_len(item, offset-old_offset);
2870 samr_dissect_BUFFER(tvbuff_t *tvb, int offset,
2871 packet_info *pinfo, proto_tree *parent_tree,
2874 proto_item *item=NULL;
2875 proto_tree *tree=NULL;
2876 int old_offset=offset;
2879 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2881 tree = proto_item_add_subtree(item, ett_samr_buffer);
2883 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2884 hf_samr_count, NULL);
2885 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2886 samr_dissect_BUFFER_buffer, NDR_POINTER_UNIQUE,
2889 proto_item_set_len(item, offset-old_offset);
2894 samr_dissect_USER_INFO_21(tvbuff_t *tvb, int offset,
2895 packet_info *pinfo, proto_tree *parent_tree,
2898 proto_item *item=NULL;
2899 proto_tree *tree=NULL;
2900 int old_offset=offset;
2903 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2905 tree = proto_item_add_subtree(item, ett_samr_user_info_21);
2908 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2909 hf_samr_logon_time);
2910 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2911 hf_samr_logoff_time);
2912 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2913 hf_samr_kickoff_time);
2914 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2915 hf_samr_pwd_last_set_time);
2916 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2917 hf_samr_pwd_can_change_time);
2918 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
2919 hf_samr_pwd_must_change_time);
2920 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2921 hf_samr_acct_name, 2);
2922 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2923 hf_samr_full_name, 0);
2924 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2926 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2927 hf_samr_home_drive, 0);
2928 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2930 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2931 hf_samr_profile, 0);
2932 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2933 hf_samr_acct_desc, 0);
2934 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2935 hf_samr_workstations, 0);
2936 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2937 hf_samr_comment, 0);
2938 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2939 hf_samr_parameters, 0);
2940 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2941 hf_samr_unknown_string, 0);
2942 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2943 hf_samr_unknown_string, 0);
2944 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
2945 hf_samr_unknown_string, 0);
2946 offset = samr_dissect_BUFFER(tvb, offset, pinfo, tree, drep);
2947 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2949 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
2950 hf_samr_group, NULL);
2951 offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
2952 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
2953 hf_samr_unknown_long, NULL);
2954 offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
2955 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2956 hf_samr_bad_pwd_count, NULL);
2957 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
2958 hf_samr_logon_count, NULL);
2959 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2960 hf_samr_country, NULL);
2961 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
2962 hf_samr_codepage, NULL);
2963 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2964 hf_samr_nt_pwd_set, NULL);
2965 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2966 hf_samr_lm_pwd_set, NULL);
2967 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2968 hf_samr_pwd_expired, NULL);
2969 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
2970 hf_samr_unknown_char, NULL);
2972 proto_item_set_len(item, offset-old_offset);
2977 samr_dissect_USER_INFO_22(tvbuff_t *tvb, int offset,
2978 packet_info *pinfo, proto_tree *parent_tree,
2981 proto_item *item=NULL;
2982 proto_tree *tree=NULL;
2983 int old_offset=offset;
2986 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
2988 tree = proto_item_add_subtree(item, ett_samr_user_info_22);
2991 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
2992 offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
2993 hf_samr_revision, NULL);
2995 proto_item_set_len(item, offset-old_offset);
3000 samr_dissect_USER_INFO_23(tvbuff_t *tvb, int offset,
3001 packet_info *pinfo, proto_tree *parent_tree,
3004 proto_item *item=NULL;
3005 proto_tree *tree=NULL;
3006 int old_offset=offset;
3009 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3011 tree = proto_item_add_subtree(item, ett_samr_user_info_23);
3014 offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
3015 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3017 proto_item_set_len(item, offset-old_offset);
3022 samr_dissect_USER_INFO_24(tvbuff_t *tvb, int offset,
3023 packet_info *pinfo, proto_tree *parent_tree,
3026 proto_item *item=NULL;
3027 proto_tree *tree=NULL;
3028 int old_offset=offset;
3031 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3033 tree = proto_item_add_subtree(item, ett_samr_user_info_24);
3036 offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
3037 offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
3038 hf_samr_unknown_char, NULL);
3040 proto_item_set_len(item, offset-old_offset);
3045 samr_dissect_USER_INFO (tvbuff_t *tvb, int offset,
3046 packet_info *pinfo, proto_tree *parent_tree,
3049 proto_item *item=NULL;
3050 proto_tree *tree=NULL;
3051 int old_offset=offset;
3055 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3057 tree = proto_item_add_subtree(item, ett_samr_user_info);
3059 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3060 hf_samr_level, &level);
3064 offset = samr_dissect_USER_INFO_1(
3065 tvb, offset, pinfo, tree, drep);
3068 offset = samr_dissect_USER_INFO_2(
3069 tvb, offset, pinfo, tree, drep);
3072 offset = samr_dissect_USER_INFO_3(
3073 tvb, offset, pinfo, tree, drep);
3076 offset = dissect_ndr_nt_LOGON_HOURS(
3077 tvb, offset, pinfo, tree, drep);
3080 offset = samr_dissect_USER_INFO_5(
3081 tvb, offset, pinfo, tree, drep);
3084 offset = samr_dissect_USER_INFO_6(
3085 tvb, offset, pinfo, tree, drep);
3088 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3089 hf_samr_full_name, 0);
3092 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3093 hf_samr_acct_desc, 0);
3096 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3097 hf_samr_unknown_long, NULL);
3100 offset = samr_dissect_USER_INFO_6(
3101 tvb, offset, pinfo, tree, drep);
3104 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3108 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3109 hf_samr_home_drive, 0);
3112 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3116 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3117 hf_samr_workstations, 0);
3120 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3121 hf_samr_unknown_long, NULL);
3124 offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
3125 hf_samr_unknown_time);
3128 offset = samr_dissect_USER_INFO_18(
3129 tvb, offset, pinfo, tree, drep);
3132 offset = samr_dissect_USER_INFO_19(
3133 tvb, offset, pinfo, tree, drep);
3136 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3137 hf_samr_profile, 0);
3140 offset = samr_dissect_USER_INFO_21(
3141 tvb, offset, pinfo, tree, drep);
3144 offset = samr_dissect_USER_INFO_22(
3145 tvb, offset, pinfo, tree, drep);
3148 offset = samr_dissect_USER_INFO_23(
3149 tvb, offset, pinfo, tree, drep);
3152 offset = samr_dissect_USER_INFO_24(
3153 tvb, offset, pinfo, tree, drep);
3157 proto_item_set_len(item, offset-old_offset);
3162 samr_dissect_USER_INFO_ptr(tvbuff_t *tvb, int offset,
3163 packet_info *pinfo, proto_tree *tree,
3166 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3167 samr_dissect_USER_INFO, NDR_POINTER_UNIQUE,
3168 "USER_INFO pointer", -1, 0);
3173 samr_dissect_set_information_user2_rqst(tvbuff_t *tvb, int offset,
3174 packet_info *pinfo, proto_tree *tree,
3177 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3178 hf_samr_hnd, NULL, FALSE, FALSE);
3180 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3181 hf_samr_level, NULL);
3183 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3184 samr_dissect_USER_INFO, NDR_POINTER_REF,
3191 samr_dissect_set_information_user2_reply(tvbuff_t *tvb, int offset,
3192 packet_info *pinfo, proto_tree *tree,
3195 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3202 samr_dissect_unknown_2f_rqst(tvbuff_t *tvb, int offset,
3203 packet_info *pinfo, proto_tree *tree,
3206 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3207 hf_samr_hnd, NULL, FALSE, FALSE);
3209 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
3210 hf_samr_level, NULL);
3216 samr_dissect_unknown_2f_reply(tvbuff_t *tvb, int offset,
3217 packet_info *pinfo, proto_tree *tree,
3220 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3221 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
3224 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3231 samr_dissect_MEMBER_ARRAY_type(tvbuff_t *tvb, int offset,
3232 packet_info *pinfo, proto_tree *tree,
3235 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3236 hf_samr_type, NULL);
3243 samr_dissect_MEMBER_ARRAY_types(tvbuff_t *tvb, int offset,
3244 packet_info *pinfo, proto_tree *parent_tree,
3247 proto_item *item=NULL;
3248 proto_tree *tree=NULL;
3249 int old_offset=offset;
3252 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3253 "MEMBER_ARRAY_types:");
3254 tree = proto_item_add_subtree(item, ett_samr_member_array_types);
3257 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3258 samr_dissect_MEMBER_ARRAY_type);
3260 proto_item_set_len(item, offset-old_offset);
3267 samr_dissect_MEMBER_ARRAY_rid(tvbuff_t *tvb, int offset,
3268 packet_info *pinfo, proto_tree *tree,
3271 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3279 samr_dissect_MEMBER_ARRAY_rids(tvbuff_t *tvb, int offset,
3280 packet_info *pinfo, proto_tree *parent_tree,
3283 proto_item *item=NULL;
3284 proto_tree *tree=NULL;
3285 int old_offset=offset;
3288 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3289 "MEMBER_ARRAY_rids:");
3290 tree = proto_item_add_subtree(item, ett_samr_member_array_rids);
3293 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3294 samr_dissect_MEMBER_ARRAY_rid);
3296 proto_item_set_len(item, offset-old_offset);
3303 samr_dissect_MEMBER_ARRAY(tvbuff_t *tvb, int offset,
3304 packet_info *pinfo, proto_tree *parent_tree,
3308 proto_item *item=NULL;
3309 proto_tree *tree=NULL;
3310 int old_offset=offset;
3313 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3315 tree = proto_item_add_subtree(item, ett_samr_member_array);
3318 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3319 hf_samr_count, &count);
3320 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3321 samr_dissect_MEMBER_ARRAY_rids, NDR_POINTER_UNIQUE,
3323 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3324 samr_dissect_MEMBER_ARRAY_types, NDR_POINTER_UNIQUE,
3327 proto_item_set_len(item, offset-old_offset);
3332 samr_dissect_MEMBER_ARRAY_ptr(tvbuff_t *tvb, int offset,
3333 packet_info *pinfo, proto_tree *tree,
3336 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3337 samr_dissect_MEMBER_ARRAY, NDR_POINTER_UNIQUE,
3338 "MEMBER_ARRAY", -1, 0);
3343 samr_dissect_query_groupmem_rqst(tvbuff_t *tvb, int offset,
3344 packet_info *pinfo, proto_tree *tree,
3347 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3353 samr_dissect_query_groupmem_reply(tvbuff_t *tvb, int offset,
3354 packet_info *pinfo, proto_tree *tree,
3357 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3358 samr_dissect_MEMBER_ARRAY_ptr, NDR_POINTER_REF,
3361 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3368 samr_dissect_set_sec_object_rqst(tvbuff_t *tvb, int offset,
3369 packet_info *pinfo, proto_tree *tree,
3372 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3373 hf_samr_hnd, NULL, FALSE, FALSE);
3375 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3376 hf_samr_info_type, NULL);
3378 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3379 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
3380 "LSA_SECURITY_DESCRIPTOR pointer: ", -1, 0);
3386 samr_dissect_set_sec_object_reply(tvbuff_t *tvb, int offset,
3387 packet_info *pinfo, proto_tree *tree,
3390 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3397 samr_dissect_query_sec_object_rqst(tvbuff_t *tvb, int offset,
3398 packet_info *pinfo, proto_tree *tree,
3401 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3402 hf_samr_hnd, NULL, FALSE, FALSE);
3404 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3405 hf_samr_info_type, NULL);
3411 samr_dissect_query_sec_object_reply(tvbuff_t *tvb, int offset,
3412 packet_info *pinfo, proto_tree *tree,
3415 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3416 lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
3417 "LSA_SECURITY_DESCRIPTOR pointer: ", -1, 0);
3419 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3426 samr_dissect_LOOKUP_NAMES_name(tvbuff_t *tvb, int offset,
3427 packet_info *pinfo, proto_tree *tree,
3430 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3431 hf_samr_acct_name, 1);
3436 samr_dissect_LOOKUP_NAMES(tvbuff_t *tvb, int offset,
3437 packet_info *pinfo, proto_tree *parent_tree,
3440 proto_item *item=NULL;
3441 proto_tree *tree=NULL;
3442 int old_offset=offset;
3445 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3447 tree = proto_item_add_subtree(item, ett_samr_names);
3450 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3451 samr_dissect_LOOKUP_NAMES_name);
3453 proto_item_set_len(item, offset-old_offset);
3459 samr_dissect_lookup_names_rqst(tvbuff_t *tvb, int offset,
3460 packet_info *pinfo, proto_tree *tree,
3463 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3464 hf_samr_hnd, NULL, FALSE, FALSE);
3466 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3467 hf_samr_count, NULL);
3469 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3470 samr_dissect_LOOKUP_NAMES, NDR_POINTER_REF,
3477 samr_dissect_lookup_names_reply(tvbuff_t *tvb, int offset,
3478 packet_info *pinfo, proto_tree *tree,
3481 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3482 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3483 "", hf_samr_rid, 0);
3484 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3485 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3486 "", hf_samr_type, 0);
3488 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3495 samr_dissect_LOOKUP_RIDS_rid(tvbuff_t *tvb, int offset,
3496 packet_info *pinfo, proto_tree *tree,
3499 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3506 samr_dissect_LOOKUP_RIDS(tvbuff_t *tvb, int offset,
3507 packet_info *pinfo, proto_tree *parent_tree,
3510 proto_item *item=NULL;
3511 proto_tree *tree=NULL;
3512 int old_offset=offset;
3515 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3517 tree = proto_item_add_subtree(item, ett_samr_rids);
3520 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
3521 samr_dissect_LOOKUP_RIDS_rid);
3523 proto_item_set_len(item, offset-old_offset);
3529 samr_dissect_lookup_rids_rqst(tvbuff_t *tvb, int offset,
3530 packet_info *pinfo, proto_tree *tree,
3533 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3534 hf_samr_hnd, NULL, FALSE, FALSE);
3536 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3537 hf_samr_count, NULL);
3539 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3540 samr_dissect_LOOKUP_RIDS, NDR_POINTER_REF,
3547 samr_dissect_UNICODE_STRING_ARRAY_name(tvbuff_t *tvb, int offset,
3548 packet_info *pinfo, proto_tree *tree,
3551 offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
3552 hf_samr_acct_name, 0);
3557 samr_dissect_UNICODE_STRING_ARRAY_names(tvbuff_t *tvb, int offset,
3558 packet_info *pinfo, proto_tree *tree,
3561 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
3562 samr_dissect_UNICODE_STRING_ARRAY_name);
3567 samr_dissect_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
3568 packet_info *pinfo, proto_tree *parent_tree,
3571 proto_item *item=NULL;
3572 proto_tree *tree=NULL;
3573 int old_offset=offset;
3576 item = proto_tree_add_text(parent_tree, tvb, offset, -1,
3578 tree = proto_item_add_subtree(item, ett_samr_names);
3581 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
3582 hf_samr_count, NULL);
3584 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3585 samr_dissect_UNICODE_STRING_ARRAY_names, NDR_POINTER_UNIQUE,
3588 proto_item_set_len(item, offset-old_offset);
3596 samr_dissect_lookup_rids_reply(tvbuff_t *tvb, int offset,
3597 packet_info *pinfo, proto_tree *tree,
3600 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3601 samr_dissect_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
3602 "", hf_samr_rid, 0);
3603 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3604 samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
3605 "", hf_samr_type, 0);
3607 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3614 samr_dissect_close_hnd_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
3615 proto_tree *tree, char *drep)
3617 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3618 hf_samr_hnd, NULL, FALSE, TRUE);
3624 samr_dissect_close_hnd_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
3625 proto_tree *tree, char *drep)
3627 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3628 hf_samr_hnd, NULL, FALSE, FALSE);
3630 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3637 samr_dissect_shutdown_sam_server_rqst(tvbuff_t *tvb, int offset,
3638 packet_info *pinfo, proto_tree *tree,
3641 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3648 samr_dissect_shutdown_sam_server_reply(tvbuff_t *tvb, int offset,
3649 packet_info *pinfo, proto_tree *tree,
3652 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3659 samr_dissect_delete_dom_group_rqst(tvbuff_t *tvb, int offset,
3660 packet_info *pinfo, proto_tree *tree,
3663 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3670 samr_dissect_delete_dom_group_reply(tvbuff_t *tvb, int offset,
3671 packet_info *pinfo, proto_tree *tree,
3674 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3681 samr_dissect_remove_member_from_group_rqst(tvbuff_t *tvb, int offset,
3683 proto_tree *tree, char *drep)
3685 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3686 hf_samr_hnd, NULL, FALSE, FALSE);
3688 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3689 hf_samr_group, NULL);
3691 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3698 samr_dissect_remove_member_from_group_reply(tvbuff_t *tvb, int offset,
3700 proto_tree *tree, char *drep)
3702 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3709 samr_dissect_delete_dom_alias_rqst(tvbuff_t *tvb, int offset,
3710 packet_info *pinfo, proto_tree *tree,
3713 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
3720 samr_dissect_delete_dom_alias_reply(tvbuff_t *tvb, int offset,
3721 packet_info *pinfo, proto_tree *tree,
3724 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3731 samr_dissect_add_alias_member_rqst(tvbuff_t *tvb, int offset,
3732 packet_info *pinfo, proto_tree *tree,
3735 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3736 hf_samr_hnd, NULL, FALSE, FALSE);
3738 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3739 dissect_ndr_nt_SID, NDR_POINTER_REF,
3745 samr_dissect_add_alias_member_reply(tvbuff_t *tvb, int offset,
3746 packet_info *pinfo, proto_tree *tree,
3749 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3756 samr_dissect_remove_alias_member_rqst(tvbuff_t *tvb, int offset,
3757 packet_info *pinfo, proto_tree *tree,
3760 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3761 hf_samr_hnd, NULL, FALSE, FALSE);
3763 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3764 dissect_ndr_nt_SID, NDR_POINTER_REF,
3770 samr_dissect_remove_alias_member_reply(tvbuff_t *tvb, int offset,
3771 packet_info *pinfo, proto_tree *tree,
3774 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3781 samr_dissect_delete_dom_user_rqst(tvbuff_t *tvb, int offset,
3782 packet_info *pinfo, proto_tree *tree,
3785 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3786 hf_samr_hnd, NULL, FALSE, FALSE);
3792 samr_dissect_delete_dom_user_reply(tvbuff_t *tvb, int offset,
3793 packet_info *pinfo, proto_tree *tree,
3796 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3803 samr_dissect_test_private_fns_domain_rqst(tvbuff_t *tvb, int offset,
3804 packet_info *pinfo, proto_tree *tree,
3807 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3808 hf_samr_hnd, NULL, FALSE, FALSE);
3814 samr_dissect_test_private_fns_domain_reply(tvbuff_t *tvb, int offset,
3816 proto_tree *tree, char *drep)
3818 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3825 samr_dissect_test_private_fns_user_rqst(tvbuff_t *tvb, int offset,
3826 packet_info *pinfo, proto_tree *tree,
3829 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3830 hf_samr_hnd, NULL, FALSE, FALSE);
3836 samr_dissect_test_private_fns_user_reply(tvbuff_t *tvb, int offset,
3838 proto_tree *tree, char *drep)
3840 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3847 samr_dissect_remove_member_from_foreign_domain_rqst(tvbuff_t *tvb, int offset,
3852 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3853 hf_samr_hnd, NULL, FALSE, FALSE);
3855 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3856 dissect_ndr_nt_SID, NDR_POINTER_REF,
3862 samr_dissect_remove_member_from_foreign_domain_reply(tvbuff_t *tvb, int offset,
3867 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3874 samr_dissect_remove_multiple_members_from_alias_rqst(tvbuff_t *tvb,
3880 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3881 hf_samr_hnd, NULL, FALSE, FALSE);
3883 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3884 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3891 samr_dissect_remove_multiple_members_from_alias_reply(tvbuff_t *tvb,
3897 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3904 samr_dissect_open_group_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
3905 proto_tree *tree, char *drep)
3907 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
3908 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
3911 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3912 hf_samr_hnd, NULL, FALSE, FALSE);
3914 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3915 hf_samr_access, NULL);
3917 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3920 if (check_col(pinfo->cinfo, COL_INFO))
3921 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
3923 dcv->private_data = (void *)rid;
3929 samr_dissect_open_group_reply(tvbuff_t *tvb, int offset,
3930 packet_info *pinfo, proto_tree *tree,
3933 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3934 hf_samr_hnd, NULL, FALSE, FALSE);
3936 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3943 samr_dissect_open_alias_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
3944 proto_tree *tree, char *drep)
3946 dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
3947 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
3950 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3951 hf_samr_hnd, NULL, FALSE, FALSE);
3953 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3954 hf_samr_access, NULL);
3956 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
3959 if (check_col(pinfo->cinfo, COL_INFO))
3960 col_append_fstr(pinfo->cinfo, COL_INFO, ", rid 0x%x", rid);
3962 dcv->private_data = (void *)rid;
3968 samr_dissect_open_alias_reply(tvbuff_t *tvb, int offset,
3969 packet_info *pinfo, proto_tree *tree,
3972 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3973 hf_samr_hnd, NULL, FALSE, FALSE);
3975 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
3982 samr_dissect_add_multiple_members_to_alias_rqst(tvbuff_t *tvb, int offset,
3984 proto_tree *tree, char *drep)
3986 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
3987 hf_samr_hnd, NULL, FALSE, FALSE);
3989 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
3990 dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
3997 samr_dissect_add_multiple_members_to_alias_reply(tvbuff_t *tvb, int offset,
3999 proto_tree *tree, char *drep)
4001 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4008 samr_dissect_create_group_in_domain_rqst(tvbuff_t *tvb, int offset,
4009 packet_info *pinfo, proto_tree *tree,
4012 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4013 hf_samr_hnd, NULL, FALSE, FALSE);
4015 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4016 samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
4017 "Account Name", hf_samr_acct_name, 0);
4019 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4020 hf_samr_access, NULL);
4026 samr_dissect_create_group_in_domain_reply(tvbuff_t *tvb, int offset,
4027 packet_info *pinfo, proto_tree *tree,
4030 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4031 hf_samr_hnd, NULL, FALSE, FALSE);
4033 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4036 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4043 samr_dissect_query_information_domain_rqst(tvbuff_t *tvb, int offset,
4045 proto_tree *tree, char *drep)
4047 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4048 hf_samr_hnd, NULL, FALSE, FALSE);
4050 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4051 hf_samr_level, NULL);
4057 samr_dissect_query_information_domain_reply(tvbuff_t *tvb, int offset,
4058 packet_info *pinfo, proto_tree *tree,
4062 * Yes, in at least one capture with replies from a W2K server,
4063 * this was, indeed, a UNIQUE pointer, not a REF pointer.
4065 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4066 samr_dissect_DOMAIN_INFO, NDR_POINTER_UNIQUE,
4067 "DOMAIN_INFO pointer", hf_samr_domain, 0);
4069 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
4076 samr_dissect_query_information_user_rqst(tvbuff_t *tvb, int offset,
4078 proto_tree *tree, char *drep)
4080 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
4081 hf_samr_hnd, NULL, FALSE, FALSE);
4083 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
4084 hf_samr_level, NULL);
4090 samr_dissect_query_information_user_reply(tvbuff_t *tvb, int offset,
4092 proto_tree *tree, char *drep)
4094 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
4095 samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
4098 offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
4104 static dcerpc_sub_dissector dcerpc_samr_dissectors[] = {
4105 { SAMR_CONNECT_ANON, "ConnectAnonymous",
4106 samr_dissect_connect_anon_rqst,
4107 samr_dissect_connect_anon_reply },
4108 { SAMR_CLOSE_HND, "Close",
4109 samr_dissect_close_hnd_rqst,
4110 samr_dissect_close_hnd_reply },
4111 { SAMR_SET_SEC_OBJECT, "SetSecObject",
4112 samr_dissect_set_sec_object_rqst,
4113 samr_dissect_set_sec_object_reply },
4114 { SAMR_QUERY_SEC_OBJECT, "QuerySecObject",
4115 samr_dissect_query_sec_object_rqst,
4116 samr_dissect_query_sec_object_reply },
4117 { SAMR_SHUTDOWN_SAM_SERVER, "ShutdownSamServer",
4118 samr_dissect_shutdown_sam_server_rqst,
4119 samr_dissect_shutdown_sam_server_reply },
4120 { SAMR_LOOKUP_DOMAIN, "LookupDomain",
4121 samr_dissect_lookup_domain_rqst,
4122 samr_dissect_lookup_domain_reply },
4123 { SAMR_ENUM_DOMAINS, "EnumDomains",
4124 samr_dissect_enum_domains_rqst,
4125 samr_dissect_enum_domains_reply },
4126 { SAMR_OPEN_DOMAIN, "OpenDomain",
4127 samr_dissect_open_domain_rqst,
4128 samr_dissect_open_domain_reply },
4129 { SAMR_QUERY_DOMAIN_INFO, "QueryDomainInfo",
4130 samr_dissect_query_information_alias_rqst,
4131 samr_dissect_query_information_domain_reply },
4132 { SAMR_SET_DOMAIN_INFO, "SetDomainInfo",
4133 samr_dissect_set_information_domain_rqst,
4134 samr_dissect_set_information_domain_reply },
4135 { SAMR_CREATE_DOM_GROUP, "CreateGroup",
4136 samr_dissect_create_alias_in_domain_rqst,
4137 samr_dissect_create_alias_in_domain_reply },
4138 { SAMR_ENUM_DOM_GROUPS, "EnumDomainGroups",
4139 samr_dissect_enum_dom_groups_rqst,
4140 samr_dissect_enum_dom_groups_reply },
4141 { SAMR_CREATE_USER_IN_DOMAIN, "CreateUser",
4142 samr_dissect_create_group_in_domain_rqst,
4143 samr_dissect_create_group_in_domain_reply },
4144 { SAMR_ENUM_DOM_USERS, "EnumDomainUsers",
4145 samr_dissect_enum_dom_groups_rqst,
4146 samr_dissect_enum_dom_groups_reply },
4147 { SAMR_CREATE_DOM_ALIAS, "CreateAlias",
4148 samr_dissect_create_alias_in_domain_rqst,
4149 samr_dissect_create_alias_in_domain_reply },
4150 { SAMR_ENUM_DOM_ALIASES, "EnumAlises",
4151 samr_dissect_enum_dom_aliases_rqst,
4152 samr_dissect_enum_dom_aliases_reply },
4153 { SAMR_GET_ALIAS_MEMBERSHIP, "GetAliasMem",
4154 samr_dissect_get_alias_membership_rqst,
4155 samr_dissect_get_alias_membership_reply },
4156 { SAMR_LOOKUP_NAMES, "LookupNames",
4157 samr_dissect_lookup_names_rqst,
4158 samr_dissect_lookup_names_reply },
4159 { SAMR_LOOKUP_RIDS, "LookupRIDs",
4160 samr_dissect_lookup_rids_rqst,
4161 samr_dissect_lookup_rids_reply },
4162 { SAMR_OPEN_GROUP, "OpenGroup",
4163 samr_dissect_open_group_rqst,
4164 samr_dissect_open_group_reply },
4165 { SAMR_QUERY_GROUPINFO, "QueryGroupInfo",
4166 samr_dissect_query_information_group_rqst,
4167 samr_dissect_query_information_group_reply },
4168 { SAMR_SET_GROUPINFO, "SetGroupInfo",
4169 samr_dissect_set_information_group_rqst,
4170 samr_dissect_set_information_group_reply },
4171 { SAMR_ADD_GROUPMEM, "AddGroupMem",
4172 samr_dissect_add_member_to_group_rqst,
4173 samr_dissect_add_member_to_group_reply },
4174 { SAMR_DELETE_DOM_GROUP, "DeleteDomainGroup",
4175 samr_dissect_delete_dom_group_rqst,
4176 samr_dissect_delete_dom_group_reply },
4177 { SAMR_DEL_GROUPMEM, "RemoveGroupMem",
4178 samr_dissect_remove_member_from_group_rqst,
4179 samr_dissect_remove_member_from_group_reply },
4180 { SAMR_QUERY_GROUPMEM, "QueryGroupMem",
4181 samr_dissect_query_groupmem_rqst,
4182 samr_dissect_query_groupmem_reply },
4183 { SAMR_SET_MEMBER_ATTRIBUTES_OF_GROUP, "SetMemberAttrGroup",
4184 samr_dissect_set_member_attributes_of_group_rqst,
4185 samr_dissect_set_member_attributes_of_group_reply },
4186 { SAMR_OPEN_ALIAS, "OpenAlias",
4187 samr_dissect_open_alias_rqst,
4188 samr_dissect_open_alias_reply },
4189 { SAMR_QUERY_ALIASINFO, "QueryAliasInfo",
4190 samr_dissect_query_information_alias_rqst,
4191 samr_dissect_query_information_alias_reply },
4192 { SAMR_SET_ALIASINFO, "SetAliasInfo",
4193 samr_dissect_set_information_alias_rqst,
4194 samr_dissect_set_information_alias_reply },
4195 { SAMR_DELETE_DOM_ALIAS, "DeleteAlias",
4196 samr_dissect_delete_dom_alias_rqst,
4197 samr_dissect_delete_dom_alias_reply },
4198 { SAMR_ADD_ALIASMEM, "AddAliasMem",
4199 samr_dissect_add_alias_member_rqst,
4200 samr_dissect_add_alias_member_reply },
4201 { SAMR_DEL_ALIASMEM, "RemoveAliasMem",
4202 samr_dissect_remove_alias_member_rqst,
4203 samr_dissect_remove_alias_member_reply },
4204 { SAMR_GET_MEMBERS_IN_ALIAS, "GetAliasMem",
4205 samr_dissect_get_members_in_alias_rqst,
4206 samr_dissect_get_members_in_alias_reply },
4207 { SAMR_OPEN_USER, "OpenUser",
4208 samr_dissect_open_user_rqst,
4209 samr_dissect_open_user_reply },
4210 { SAMR_DELETE_DOM_USER, "DeleteUser",
4211 samr_dissect_delete_dom_user_rqst,
4212 samr_dissect_delete_dom_user_reply },
4213 { SAMR_QUERY_USERINFO, "QueryUserInfo",
4214 samr_dissect_query_information_user_rqst,
4215 samr_dissect_query_information_user_reply },
4216 { SAMR_SET_USERINFO2, "SetUserInfo2",
4217 samr_dissect_set_information_user2_rqst,
4218 samr_dissect_set_information_user2_reply },
4219 { SAMR_CHANGE_PASSWORD_USER, "ChangePassword",
4220 samr_dissect_change_password_user_rqst,
4221 samr_dissect_change_password_user_reply },
4222 { SAMR_GET_GROUPS_FOR_USER, "GetGroups",
4223 samr_dissect_get_groups_for_user_rqst,
4224 samr_dissect_get_groups_for_user_reply },
4225 { SAMR_QUERY_DISPINFO, "QueryDispinfo",
4226 samr_dissect_query_dispinfo_rqst,
4227 samr_dissect_query_dispinfo_reply },
4228 { SAMR_GET_DISPLAY_ENUMERATION_INDEX, "GetDispEnumNDX",
4229 samr_dissect_get_display_enumeration_index_rqst,
4230 samr_dissect_get_display_enumeration_index_reply },
4231 { SAMR_TEST_PRIVATE_FUNCTIONS_DOMAIN, "TestPrivateFnsDomain",
4232 samr_dissect_test_private_fns_domain_rqst,
4233 samr_dissect_test_private_fns_domain_reply },
4234 { SAMR_TEST_PRIVATE_FUNCTIONS_USER, "TestPrivateFnsUser",
4235 samr_dissect_test_private_fns_user_rqst,
4236 samr_dissect_test_private_fns_user_reply },
4237 { SAMR_GET_USRDOM_PWINFO, "GetUserDomPwInfo",
4238 samr_dissect_get_usrdom_pwinfo_rqst,
4239 samr_dissect_get_usrdom_pwinfo_reply },
4240 { SAMR_REMOVE_MEMBER_FROM_FOREIGN_DOMAIN, "RemoveMemberForeignDomain",
4241 samr_dissect_remove_member_from_foreign_domain_rqst,
4242 samr_dissect_remove_member_from_foreign_domain_reply },
4243 { SAMR_QUERY_INFORMATION_DOMAIN2, "QueryDomInfo2",
4244 samr_dissect_query_information_domain_rqst,
4245 samr_dissect_query_information_domain_reply },
4246 { SAMR_UNKNOWN_2f, "Unknown 0x2f",
4247 samr_dissect_unknown_2f_rqst,
4248 samr_dissect_unknown_2f_reply },
4249 { SAMR_QUERY_DISPINFO2, "QueryDispinfo2",
4250 samr_dissect_query_dispinfo_rqst,
4251 samr_dissect_query_dispinfo_reply },
4252 { SAMR_GET_DISPLAY_ENUMERATION_INDEX2, "GetDispEnumNDX2",
4253 samr_dissect_get_display_enumeration_index2_rqst,
4254 samr_dissect_get_display_enumeration_index2_reply },
4255 { SAMR_CREATE_USER2_IN_DOMAIN, "CreateUser2",
4256 samr_dissect_create_user2_in_domain_rqst,
4257 samr_dissect_create_user2_in_domain_reply },
4258 { SAMR_QUERY_DISPINFO3, "QueryDispinfo3",
4259 samr_dissect_query_dispinfo_rqst,
4260 samr_dissect_query_dispinfo_reply },
4261 { SAMR_ADD_MULTIPLE_MEMBERS_TO_ALIAS, "AddAliasMemMultiple",
4262 samr_dissect_add_multiple_members_to_alias_rqst,
4263 samr_dissect_add_multiple_members_to_alias_reply },
4264 { SAMR_REMOVE_MULTIPLE_MEMBERS_FROM_ALIAS, "RemoveAliasMemMultiple",
4265 samr_dissect_remove_multiple_members_from_alias_rqst,
4266 samr_dissect_remove_multiple_members_from_alias_reply },
4267 { SAMR_OEM_CHANGE_PASSWORD_USER2, "OEMChangePassword2",
4268 samr_dissect_oem_change_password_user2_rqst,
4269 samr_dissect_oem_change_password_user2_reply },
4270 { SAMR_UNICODE_CHANGE_PASSWORD_USER2, "UnicodeChangePassword2",
4271 samr_dissect_unicode_change_password_user2_rqst,
4272 samr_dissect_unicode_change_password_user2_reply },
4273 { SAMR_GET_DOM_PWINFO, "GetDomainPasswordInfo",
4274 samr_dissect_get_domain_password_information_rqst,
4275 samr_dissect_get_domain_password_information_reply },
4276 { SAMR_CONNECT2, "Connect2",
4277 samr_dissect_connect2_rqst,
4278 samr_dissect_connect2_reply },
4279 { SAMR_SET_USERINFO, "SetUserInfo",
4280 samr_dissect_set_information_user2_rqst,
4281 samr_dissect_set_information_user2_reply },
4282 { SAMR_UNKNOWN_3B, "Unknown 0x3b",
4283 samr_dissect_unknown_3b_rqst,
4284 samr_dissect_unknown_3b_reply },
4285 { SAMR_UNKNOWN_3C, "Unknown 0x3c",
4286 samr_dissect_unknown_3c_rqst,
4287 samr_dissect_unknown_3c_reply },
4288 {0, NULL, NULL, NULL },
4292 proto_register_dcerpc_samr(void)
4294 static hf_register_info hf[] = {
4296 { "Context Handle", "samr.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }},
4298 { "Group", "samr.group", FT_UINT32, BASE_DEC, NULL, 0x0, "Group", HFILL }},
4300 { "Rid", "samr.rid", FT_UINT32, BASE_DEC, NULL, 0x0, "RID", HFILL }},
4302 { "Type", "samr.type", FT_UINT32, BASE_HEX, NULL, 0x0, "Type", HFILL }},
4304 { "Alias", "samr.alias", FT_UINT32, BASE_HEX, NULL, 0x0, "Alias", HFILL }},
4305 { &hf_samr_rid_attrib,
4306 { "Rid Attrib", "samr.rid.attrib", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
4308 { "Attributes", "samr.attr", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
4310 { "Return code", "samr.rc", FT_UINT32, BASE_HEX, VALS (NT_errors), 0x0, "", HFILL }},
4313 { "Level", "samr.level", FT_UINT16, BASE_DEC,
4314 NULL, 0x0, "Level requested/returned for Information", HFILL }},
4315 { &hf_samr_start_idx,
4316 { "Start Idx", "samr.start_idx", FT_UINT32, BASE_DEC,
4317 NULL, 0x0, "Start Index for returned Information", HFILL }},
4320 { "Entries", "samr.entries", FT_UINT32, BASE_DEC,
4321 NULL, 0x0, "Number of entries to return", HFILL }},
4323 { &hf_samr_max_entries,
4324 { "Max Entries", "samr.max_entries", FT_UINT32, BASE_DEC,
4325 NULL, 0x0, "Maximum number of entries", HFILL }},
4327 { &hf_samr_pref_maxsize,
4328 { "Pref MaxSize", "samr.pref_maxsize", FT_UINT32, BASE_DEC,
4329 NULL, 0x0, "Maximum Size of data to return", HFILL }},
4331 { &hf_samr_total_size,
4332 { "Total Size", "samr.total_size", FT_UINT32, BASE_DEC,
4333 NULL, 0x0, "Total size of data", HFILL }},
4335 { &hf_samr_bad_pwd_count,
4336 { "Bad Pwd Count", "samr.bad_pwd_count", FT_UINT16, BASE_DEC,
4337 NULL, 0x0, "Number of bad pwd entries for this user", HFILL }},
4339 { &hf_samr_logon_count,
4340 { "Logon Count", "samr.logon_count", FT_UINT16, BASE_DEC,
4341 NULL, 0x0, "Number of logons for this user", HFILL }},
4343 { &hf_samr_ret_size,
4344 { "Returned Size", "samr.ret_size", FT_UINT32, BASE_DEC,
4345 NULL, 0x0, "Number of returned objects in this PDU", HFILL }},
4348 { "Index", "samr.index", FT_UINT32, BASE_DEC,
4349 NULL, 0x0, "Index", HFILL }},
4352 { "Count", "samr.count", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of elements in following array", HFILL }},
4354 { &hf_samr_alias_name,
4355 { "Alias Name", "samr.alias_name", FT_STRING, BASE_NONE,
4356 NULL, 0, "Name of Alias", HFILL }},
4358 { &hf_samr_group_name,
4359 { "Group Name", "samr.group_name", FT_STRING, BASE_NONE,
4360 NULL, 0, "Name of Group", HFILL }},
4362 { &hf_samr_acct_name,
4363 { "Account Name", "samr.acct_name", FT_STRING, BASE_NONE,
4364 NULL, 0, "Name of Account", HFILL }},
4367 { "Server", "samr.server", FT_STRING, BASE_NONE,
4368 NULL, 0, "Name of Server", HFILL }},
4371 { "Domain", "samr.domain", FT_STRING, BASE_NONE,
4372 NULL, 0, "Name of Domain", HFILL }},
4374 { &hf_samr_controller,
4375 { "DC", "samr.dc", FT_STRING, BASE_NONE,
4376 NULL, 0, "Name of Domain Controller", HFILL }},
4378 { &hf_samr_full_name,
4379 { "Full Name", "samr.full_name", FT_STRING, BASE_NONE,
4380 NULL, 0, "Full Name of Account", HFILL }},
4383 { "Home", "samr.home", FT_STRING, BASE_NONE,
4384 NULL, 0, "Home directory for this user", HFILL }},
4386 { &hf_samr_home_drive,
4387 { "Home Drive", "samr.home_drive", FT_STRING, BASE_NONE,
4388 NULL, 0, "Home drive for this user", HFILL }},
4391 { "Script", "samr.script", FT_STRING, BASE_NONE,
4392 NULL, 0, "Login script for this user", HFILL }},
4394 { &hf_samr_workstations,
4395 { "Workstations", "samr.workstations", FT_STRING, BASE_NONE,
4396 NULL, 0, "", HFILL }},
4399 { "Profile", "samr.profile", FT_STRING, BASE_NONE,
4400 NULL, 0, "Profile for this user", HFILL }},
4402 { &hf_samr_acct_desc,
4403 { "Account Desc", "samr.acct_desc", FT_STRING, BASE_NONE,
4404 NULL, 0, "Account Description", HFILL }},
4407 { "Comment", "samr.comment", FT_STRING, BASE_NONE,
4408 NULL, 0, "Comment", HFILL }},
4410 { &hf_samr_parameters,
4411 { "Parameters", "samr.parameters", FT_STRING, BASE_NONE,
4412 NULL, 0, "Parameters", HFILL }},
4414 { &hf_samr_unknown_string,
4415 { "Unknown string", "samr.unknown_string", FT_STRING, BASE_NONE,
4416 NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
4418 { &hf_samr_unknown_hyper,
4419 { "Unknown hyper", "samr.unknown.hyper", FT_UINT64, BASE_HEX,
4420 NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
4421 { &hf_samr_unknown_long,
4422 { "Unknown long", "samr.unknown.long", FT_UINT32, BASE_HEX,
4423 NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
4425 { &hf_samr_unknown_short,
4426 { "Unknown short", "samr.unknown.short", FT_UINT16, BASE_HEX,
4427 NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
4429 { &hf_samr_unknown_char,
4430 { "Unknown char", "samr.unknown.char", FT_UINT8, BASE_HEX,
4431 NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
4433 { &hf_samr_revision,
4434 { "Revision", "samr.revision", FT_UINT64, BASE_HEX,
4435 NULL, 0x0, "Revision number for this structure", HFILL }},
4437 { &hf_samr_nt_pwd_set,
4438 { "NT Pwd Set", "samr.nt_pwd_set", FT_UINT8, BASE_HEX,
4439 NULL, 0x0, "Flag indicating whether the NT password has been set", HFILL }},
4441 { &hf_samr_lm_pwd_set,
4442 { "LM Pwd Set", "samr.lm_pwd_set", FT_UINT8, BASE_HEX,
4443 NULL, 0x0, "Flag indicating whether the LanManager password has been set", HFILL }},
4445 { &hf_samr_pwd_expired,
4446 { "Expired flag", "samr.pwd_Expired", FT_UINT8, BASE_HEX,
4447 NULL, 0x0, "Flag indicating if the password for this account has expired or not", HFILL }},
4449 /* XXX - is this a standard NT access mask? */
4451 { "Access Mask", "samr.access", FT_UINT32, BASE_HEX,
4452 NULL, 0x0, "Access", HFILL }},
4455 { "Mask", "samr.mask", FT_UINT32, BASE_HEX,
4456 NULL, 0x0, "Mask", HFILL }},
4458 { &hf_samr_crypt_password, {
4459 "Password", "samr.crypt_password", FT_BYTES, BASE_HEX,
4460 NULL, 0, "Encrypted Password", HFILL }},
4462 { &hf_samr_crypt_hash, {
4463 "Hash", "samr.crypt_hash", FT_BYTES, BASE_HEX,
4464 NULL, 0, "Encrypted Hash", HFILL }},
4466 { &hf_samr_lm_change, {
4467 "LM Change", "samr.lm_change", FT_UINT8, BASE_HEX,
4468 NULL, 0, "LM Change value", HFILL }},
4470 { &hf_samr_max_pwd_age,
4471 { "Max Pwd Age", "samr.max_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
4472 NULL, 0, "Maximum Password Age before it expires", HFILL }},
4474 { &hf_samr_min_pwd_age,
4475 { "Min Pwd Age", "samr.min_pwd_age", FT_RELATIVE_TIME, BASE_NONE,
4476 NULL, 0, "Minimum Password Age before it can be changed", HFILL }},
4477 { &hf_samr_unknown_time,
4478 { "Unknown time", "samr.unknown_time", FT_ABSOLUTE_TIME, BASE_NONE,
4479 NULL, 0, "Unknown NT TIME, contact ethereal developers if you know what this is", HFILL }},
4480 { &hf_samr_logon_time,
4481 { "Logon Time", "samr.logon_time", FT_ABSOLUTE_TIME, BASE_NONE,
4482 NULL, 0, "Time for last time this user logged on", HFILL }},
4483 { &hf_samr_kickoff_time,
4484 { "Kickoff Time", "samr.kickoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
4485 NULL, 0, "Time when this user will be kicked off", HFILL }},
4486 { &hf_samr_logoff_time,
4487 { "Logoff Time", "samr.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
4488 NULL, 0, "Time for last time this user logged off", HFILL }},
4489 { &hf_samr_pwd_last_set_time,
4490 { "PWD Last Set", "samr.pwd_last_set_time", FT_ABSOLUTE_TIME, BASE_NONE,
4491 NULL, 0, "Last time this users password was changed", HFILL }},
4492 { &hf_samr_pwd_can_change_time,
4493 { "PWD Can Change", "samr.pwd_can_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
4494 NULL, 0, "When this users password may be changed", HFILL }},
4495 { &hf_samr_pwd_must_change_time,
4496 { "PWD Must Change", "samr.pwd_must_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
4497 NULL, 0, "When this users password must be changed", HFILL }},
4498 { &hf_samr_acct_expiry_time,
4499 { "Acct Expiry", "samr.acct_expiry_time", FT_ABSOLUTE_TIME, BASE_NONE,
4500 NULL, 0, "When this user account expires", HFILL }},
4502 { &hf_samr_min_pwd_len, {
4503 "Min Pwd Len", "samr.min_pwd_len", FT_UINT16, BASE_DEC,
4504 NULL, 0, "Minimum Password Length", HFILL }},
4505 { &hf_samr_pwd_history_len, {
4506 "Pwd History Len", "samr.pwd_history_len", FT_UINT16, BASE_DEC,
4507 NULL, 0, "Password History Length", HFILL }},
4508 { &hf_samr_num_users, {
4509 "Num Users", "samr.num_users", FT_UINT32, BASE_DEC,
4510 NULL, 0, "Number of users in this domain", HFILL }},
4511 { &hf_samr_num_groups, {
4512 "Num Groups", "samr.num_groups", FT_UINT32, BASE_DEC,
4513 NULL, 0, "Number of groups in this domain", HFILL }},
4514 { &hf_samr_num_aliases, {
4515 "Num Aliases", "samr.num_aliases", FT_UINT32, BASE_DEC,
4516 NULL, 0, "Number of aliases in this domain", HFILL }},
4517 { &hf_samr_info_type, {
4518 "Info Type", "samr.info_type", FT_UINT32, BASE_DEC,
4519 NULL, 0, "Information Type", HFILL }},
4520 { &hf_samr_resume_hnd, {
4521 "Resume Hnd", "samr.resume_hnd", FT_UINT32, BASE_DEC,
4522 NULL, 0, "Resume handle", HFILL }},
4523 { &hf_samr_country, {
4524 "Country", "samr.country", FT_UINT16, BASE_DEC,
4525 VALS(ms_country_codes), 0, "Country setting for this user", HFILL }},
4526 { &hf_samr_codepage, {
4527 "Codepage", "samr.codepage", FT_UINT16, BASE_DEC,
4528 NULL, 0, "Codepage setting for this user", HFILL }},
4529 { &hf_samr_divisions, {
4530 "Divisions", "samr.divisions", FT_UINT16, BASE_DEC,
4531 NULL, 0, "Number of divisions for LOGON_HOURS", HFILL }},
4533 /* these are used by packet-dcerpc-nt.c */
4534 { &hf_nt_string_length,
4535 { "Length", "nt.string.length", FT_UINT16, BASE_DEC,
4536 NULL, 0x0, "Length of string in bytes", HFILL }},
4538 { &hf_nt_string_size,
4539 { "Size", "nt.string.size", FT_UINT16, BASE_DEC,
4540 NULL, 0x0, "Size of string in bytes", HFILL }},
4543 { "Length", "nt.str.len", FT_UINT32, BASE_DEC,
4544 NULL, 0x0, "Length of string in short integers", HFILL }},
4547 { "Offset", "nt.str.offset", FT_UINT32, BASE_DEC,
4548 NULL, 0x0, "Offset into string in short integers", HFILL }},
4550 { &hf_nt_str_max_len,
4551 { "Max Length", "nt.str.max_len", FT_UINT32, BASE_DEC,
4552 NULL, 0x0, "Max Length of string in short integers", HFILL }},
4555 { "Acct Ctrl", "nt.acct_ctrl", FT_UINT32, BASE_HEX,
4556 NULL, 0x0, "Acct CTRL", HFILL }},
4558 { &hf_nt_acb_disabled, {
4559 "", "nt.acb.disabled", FT_BOOLEAN, 32,
4560 TFS(&tfs_nt_acb_disabled), 0x0001, "If this account is enabled or disabled", HFILL }},
4562 { &hf_nt_acb_homedirreq, {
4563 "", "nt.acb.homedirreq", FT_BOOLEAN, 32,
4564 TFS(&tfs_nt_acb_homedirreq), 0x0002, "Is hom,edirs required for this account?", HFILL }},
4566 { &hf_nt_acb_pwnotreq, {
4567 "", "nt.acb.pwnotreq", FT_BOOLEAN, 32,
4568 TFS(&tfs_nt_acb_pwnotreq), 0x0004, "If a password is required for this account?", HFILL }},
4570 { &hf_nt_acb_tempdup, {
4571 "", "nt.acb.tempdup", FT_BOOLEAN, 32,
4572 TFS(&tfs_nt_acb_tempdup), 0x0008, "If this is a temporary duplicate account", HFILL }},
4574 { &hf_nt_acb_normal, {
4575 "", "nt.acb.normal", FT_BOOLEAN, 32,
4576 TFS(&tfs_nt_acb_normal), 0x0010, "If this is a normal user account", HFILL }},
4579 "", "nt.acb.mns", FT_BOOLEAN, 32,
4580 TFS(&tfs_nt_acb_mns), 0x0020, "MNS logon user account", HFILL }},
4582 { &hf_nt_acb_domtrust, {
4583 "", "nt.acb.domtrust", FT_BOOLEAN, 32,
4584 TFS(&tfs_nt_acb_domtrust), 0x0040, "Interdomain trust account", HFILL }},
4586 { &hf_nt_acb_wstrust, {
4587 "", "nt.acb.wstrust", FT_BOOLEAN, 32,
4588 TFS(&tfs_nt_acb_wstrust), 0x0080, "Workstation trust account", HFILL }},
4590 { &hf_nt_acb_svrtrust, {
4591 "", "nt.acb.svrtrust", FT_BOOLEAN, 32,
4592 TFS(&tfs_nt_acb_svrtrust), 0x0100, "Server trust account", HFILL }},
4594 { &hf_nt_acb_pwnoexp, {
4595 "", "nt.acb.pwnoexp", FT_BOOLEAN, 32,
4596 TFS(&tfs_nt_acb_pwnoexp), 0x0200, "If this account expires or not", HFILL }},
4598 { &hf_nt_acb_autolock, {
4599 "", "nt.acb.autolock", FT_BOOLEAN, 32,
4600 TFS(&tfs_nt_acb_autolock), 0x0400, "If this account has been autolocked", HFILL }},
4602 static gint *ett[] = {
4604 &ett_samr_user_dispinfo_1,
4605 &ett_samr_user_dispinfo_1_array,
4606 &ett_samr_user_dispinfo_2,
4607 &ett_samr_user_dispinfo_2_array,
4608 &ett_samr_group_dispinfo,
4609 &ett_samr_group_dispinfo_array,
4610 &ett_samr_ascii_dispinfo,
4611 &ett_samr_ascii_dispinfo_array,
4612 &ett_samr_display_info,
4613 &ett_samr_password_info,
4615 &ett_samr_user_group,
4616 &ett_samr_user_group_array,
4617 &ett_samr_alias_info,
4618 &ett_samr_group_info,
4619 &ett_samr_domain_info_1,
4620 &ett_samr_domain_info_2,
4621 &ett_samr_domain_info_8,
4622 &ett_samr_replication_status,
4623 &ett_samr_domain_info_11,
4624 &ett_samr_domain_info_13,
4625 &ett_samr_domain_info,
4626 &ett_samr_sid_pointer,
4627 &ett_samr_sid_array,
4628 &ett_samr_index_array,
4629 &ett_samr_idx_and_name,
4630 &ett_samr_idx_and_name_array,
4631 &ett_samr_logon_hours,
4632 &ett_samr_logon_hours_hours,
4633 &ett_samr_user_info_1,
4634 &ett_samr_user_info_2,
4635 &ett_samr_user_info_3,
4636 &ett_samr_user_info_5,
4637 &ett_samr_user_info_6,
4638 &ett_samr_user_info_18,
4639 &ett_samr_user_info_19,
4640 &ett_samr_buffer_buffer,
4642 &ett_samr_user_info_21,
4643 &ett_samr_user_info_22,
4644 &ett_samr_user_info_23,
4645 &ett_samr_user_info_24,
4646 &ett_samr_user_info,
4647 &ett_samr_member_array_types,
4648 &ett_samr_member_array_rids,
4649 &ett_samr_member_array,
4652 &ett_samr_sid_and_attributes_array,
4653 &ett_samr_sid_and_attributes,
4657 proto_dcerpc_samr = proto_register_protocol(
4658 "Microsoft Security Account Manager", "SAMR", "samr");
4660 proto_register_field_array (proto_dcerpc_samr, hf, array_length (hf));
4661 proto_register_subtree_array(ett, array_length(ett));
4665 proto_reg_handoff_dcerpc_samr(void)
4667 /* Register protocol as dcerpc */
4669 dcerpc_init_uuid(proto_dcerpc_samr, ett_dcerpc_samr, &uuid_dcerpc_samr,
4670 ver_dcerpc_samr, dcerpc_samr_dissectors);