* Copyright 2001, Tim Potter <tpot@samba.org>
* 2002 Added LSA command dissectors Ronnie Sahlberg
*
- * $Id: packet-dcerpc-lsa.c,v 1.46 2002/05/02 08:47:23 sahlberg Exp $
+ * $Id: packet-dcerpc-lsa.c,v 1.60 2002/10/28 20:12:30 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
- *
+ *
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
static int proto_dcerpc_lsa = -1;
+static int hf_lsa_opnum = -1;
static int hf_lsa_rc = -1;
static int hf_lsa_hnd = -1;
static int hf_lsa_server = -1;
static int
-lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree,
+lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
char *drep)
{
dcerpc_info *di;
}
static int
-lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree,
+lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
char *drep)
{
dcerpc_info *di;
}
static int
-lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree,
+lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
char *drep)
{
dcerpc_info *di;
}
static int
-lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree,
+lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
char *drep)
{
dcerpc_info *di;
static int
-lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
+lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
char *drep)
{
return offset;
}
-static int
-lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
+int
+lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
char *drep)
{
guint32 len;
dcerpc_info *di;
-
+
di=pinfo->private_data;
if(di->conformant_run){
/*just a run to handle conformant arrays, nothing to dissect */
return offset;
}
+/* Dissect LSA specific access rights */
+
+static gint hf_view_local_info = -1;
+static gint hf_view_audit_info = -1;
+static gint hf_get_private_info = -1;
+static gint hf_trust_admin = -1;
+static gint hf_create_account = -1;
+static gint hf_create_secret = -1;
+static gint hf_create_priv = -1;
+static gint hf_set_default_quota_limits = -1;
+static gint hf_set_audit_requirements = -1;
+static gint hf_server_admin = -1;
+static gint hf_lookup_names = -1;
+
+static void
+lsa_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree,
+ guint32 access)
+{
+ proto_tree_add_boolean(
+ tree, hf_lookup_names,
+ tvb, offset, 4, access);
+
+ proto_tree_add_boolean(
+ tree, hf_server_admin,
+ tvb, offset, 4, access);
+
+ proto_tree_add_boolean(
+ tree, hf_set_audit_requirements,
+ tvb, offset, 4, access);
+
+ proto_tree_add_boolean(
+ tree, hf_set_default_quota_limits,
+ tvb, offset, 4, access);
+
+ proto_tree_add_boolean(
+ tree, hf_create_priv,
+ tvb, offset, 4, access);
+
+ proto_tree_add_boolean(
+ tree, hf_create_secret,
+ tvb, offset, 4, access);
+
+ proto_tree_add_boolean(
+ tree, hf_create_account,
+ tvb, offset, 4, access);
+
+ proto_tree_add_boolean(
+ tree, hf_trust_admin,
+ tvb, offset, 4, access);
+
+ proto_tree_add_boolean(
+ tree, hf_get_private_info,
+ tvb, offset, 4, access);
+
+ proto_tree_add_boolean(
+ tree, hf_view_audit_info,
+ tvb, offset, 4, access);
+
+ proto_tree_add_boolean(
+ tree, hf_view_local_info,
+ tvb, offset, 4, access);
+}
+
static int
lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, char *drep)
{
- /* XXX is this some bitmask ?*/
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_lsa_access_mask, NULL);
+ offset = dissect_nt_access_mask(
+ tvb, offset, pinfo, tree, drep, hf_lsa_access_mask,
+ lsa_specific_rights);
return offset;
}
+/*
+ * XXX - it'd be nice if we could arrange that this be passed
+ * some out-of-band indication of whether the handle is being opened,
+ * closed, or just used.
+ */
static int
lsa_dissect_LSA_HANDLE(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, char *drep)
{
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
- hf_lsa_hnd, NULL);
+ hf_lsa_hnd, NULL, FALSE, FALSE);
+
+ return offset;
+}
+
+static int
+lsa_dissect_LSA_HANDLE_open(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, char *drep)
+{
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+ hf_lsa_hnd, NULL, TRUE, FALSE);
+
+ return offset;
+}
+
+static int
+lsa_dissect_LSA_HANDLE_close(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, char *drep)
+{
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+ hf_lsa_hnd, NULL, FALSE, TRUE);
return offset;
}
lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
"LSPTR pointer: ", -1, 0);
- /* attribute name */
+ /* attribute name */
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
"NAME pointer: ", hf_lsa_obj_attr_name, 0);
lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
"LSA_SECURITY_DESCRIPTOR pointer: ", -1, 0);
- /* security quality of service */
+ /* security quality of service */
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
"LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1, 0);
packet_info *pinfo, proto_tree *tree, char *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
- "LSA_HANDLE pointer: hnd", -1, 0);
+ lsa_dissect_LSA_HANDLE_close, NDR_POINTER_REF,
+ "LSA_HANDLE", -1, 0);
return offset;
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
- "LSA_HANDLE pointer: hnd", -1, 0);
+ "LSA_HANDLE", -1, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_lsa_rc, NULL);
character of the server name which is always '\'. This is fixed in lsa
openpolicy2 but the function remains for backwards compatibility. */
-static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
- packet_info *pinfo,
+static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
+ packet_info *pinfo,
proto_tree *tree, char *drep)
{
- return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+ return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
hf_lsa_server, NULL);
}
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
- "", -1, 0);
+ "OBJECT_ATTRIBUTES", -1, 0);
offset = lsa_dissect_ACCESS_MASK(tvb, offset,
pinfo, tree, drep);
packet_info *pinfo, proto_tree *tree, char *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
- "LSA_HANDLE pointer: hnd", -1, 0);
+ lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
+ "LSA_HANDLE", -1, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_lsa_rc, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
- "", -1, 0);
+ "OBJECT_ATTRIBUTES", -1, 0);
offset = lsa_dissect_ACCESS_MASK(tvb, offset,
pinfo, tree, drep);
packet_info *pinfo, proto_tree *tree, char *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
- "LSA_HANDLE pointer: hnd", -1, 0);
+ lsa_dissect_LSA_HANDLE_open, NDR_POINTER_REF,
+ "LSA_HANDLE", -1, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_lsa_rc, NULL);
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
- "LSA_HANDLE pointer: hnd", -1, 0);
+ "LSA_HANDLE", -1, 0);
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
hf_lsa_policy_information_class, NULL);
}
-static int
+int
lsa_dissect_POLICY_DNS_DOMAIN_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree, char *drep)
{
ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
switch(level){
- case 1:
+ case 1:
offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
tvb, offset, pinfo, tree, drep);
break;
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
- "LSA_HANDLE pointer: hnd", -1, 0);
+ "LSA_HANDLE", -1, 0);
return offset;
}
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
- "", -1, 0);
+ "PSID_ARRAY", -1, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
"Tree root is NOT set"
};
static int
-lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
+lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *parent_tree, char *drep)
{
guint32 mask;
/* type */
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_lsa_trust_type, NULL);
-
+
/* attributes */
offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
}
- /* privilege name */
+ /* privilege name */
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
hf_lsa_privilege_name, 0);
offset = lsa_dissect_LSA_HANDLE(tvb, offset,
pinfo, tree, drep);
- /* privilege name */
+ /* privilege name */
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
"NAME pointer: ", hf_lsa_privilege_name, 0);
/* [out, ref] PSID_ARRAY **accounts */
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
- "", -1, 0);
+ "PSID_ARRAY", -1, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_lsa_rc, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
"UNICODE_STRING pointer: ", di->hf_index, 0);
-
+
return offset;
}
ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
switch(level){
- case 1:
+ case 1:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
hf_lsa_domain, 0);
break;
}
static int
-lsa_dissect_lsafunction_2e_rqst(tvbuff_t *tvb, int offset,
+lsa_dissect_lsaqueryinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, char *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
- "LSA_HANDLE pointer: hnd", -1, 0);
+ "LSA_HANDLE", -1, 0);
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
hf_lsa_policy_information_class, NULL);
}
static int
-lsa_dissect_lsafunction_2e_reply(tvbuff_t *tvb, int offset,
+lsa_dissect_lsaqueryinformationpolicy2_reply(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, char *drep)
{
+ /* This is really a pointer to a pointer though the first level is REF
+ so we just ignore that one */
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
+ lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
"POLICY_INFORMATION pointer: info", -1, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
}
static int
-lsa_dissect_lsafunction_2f_rqst(tvbuff_t *tvb, int offset,
+lsa_dissect_lsasetinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, char *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
- "LSA_HANDLE pointer: hnd", -1, 0);
+ "LSA_HANDLE", -1, 0);
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
hf_lsa_policy_information_class, NULL);
}
static int
-lsa_dissect_lsafunction_2f_reply(tvbuff_t *tvb, int offset,
+lsa_dissect_lsasetinformationpolicy2_reply(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, char *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
- "LSA_HANDLE pointer: hnd", -1, 0);
+ "LSA_HANDLE", -1, 0);
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
hf_lsa_policy_information_class, NULL);
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
- "LSA_HANDLE pointer: hnd", -1, 0);
+ "LSA_HANDLE", -1, 0);
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
hf_lsa_policy_information_class, NULL);
/* [in, out] LSA_HANDLE *tdHnd */
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
- "LSA_HANDLE pointer: tdHnd", -1, 0);
+ "LSA_HANDLE", -1, 0);
return offset;
}
/* [in, out] LSA_HANDLE *tdHnd */
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_HANDLE, NDR_POINTER_REF,
- "LSA_HANDLE pointer: tdHnd", -1, 0);
+ "LSA_HANDLE", -1, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_lsa_rc, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
- "", -1, 0);
+ "PSID_ARRAY", -1, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
packet_info *pinfo, proto_tree *tree, char *drep)
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_REF,
+ lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
"LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
- { LSA_LSACLOSE, "LSACLOSE",
+ { LSA_LSACLOSE, "Close",
lsa_dissect_lsaclose_rqst,
lsa_dissect_lsaclose_reply },
- { LSA_LSADELETE, "LSADELETE",
+ { LSA_LSADELETE, "Delete",
lsa_dissect_lsadelete_rqst,
lsa_dissect_lsadelete_reply },
- { LSA_LSAENUMERATEPRIVILEGES, "LSAENUMERATEPRIVILEGES",
+ { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs",
lsa_dissect_lsaenumerateprivileges_rqst,
lsa_dissect_lsaenumerateprivileges_reply },
- { LSA_LSAQUERYSECURITYOBJECT, "LSAQUERYSECURITYOBJECT",
+ { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject",
lsa_dissect_lsaquerysecurityobject_rqst,
lsa_dissect_lsaquerysecurityobject_reply },
- { LSA_LSASETSECURITYOBJECT, "LSASETSECURITYOBJECT",
+ { LSA_LSASETSECURITYOBJECT, "SetSecObject",
lsa_dissect_lsasetsecurityobject_rqst,
lsa_dissect_lsasetsecurityobject_reply },
- { LSA_LSACHANGEPASSWORD, "LSACHANGEPASSWORD",
+ { LSA_LSACHANGEPASSWORD, "ChangePassword",
lsa_dissect_lsachangepassword_rqst,
lsa_dissect_lsachangepassword_reply },
- { LSA_LSAOPENPOLICY, "LSAOPENPOLICY",
+ { LSA_LSAOPENPOLICY, "OpenPolicy",
lsa_dissect_lsaopenpolicy_rqst,
lsa_dissect_lsaopenpolicy_reply },
- { LSA_LSAQUERYINFORMATIONPOLICY, "LSAQUERYINFORMATIONPOLICY",
+ { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy",
lsa_dissect_lsaqueryinformationpolicy_rqst,
lsa_dissect_lsaqueryinformationpolicy_reply },
- { LSA_LSASETINFORMATIONPOLICY, "LSASETINFORMATIONPOLICY",
+ { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy",
lsa_dissect_lsasetinformationpolicy_rqst,
lsa_dissect_lsasetinformationpolicy_reply },
- { LSA_LSACLEARAUDITLOG, "LSACLEARAUDITLOG",
+ { LSA_LSACLEARAUDITLOG, "ClearAuditLog",
lsa_dissect_lsaclearauditlog_rqst,
lsa_dissect_lsaclearauditlog_reply },
- { LSA_LSACREATEACCOUNT, "LSACREATEACCOUNT",
+ { LSA_LSACREATEACCOUNT, "CreateAccount",
lsa_dissect_lsacreateaccount_rqst,
lsa_dissect_lsacreateaccount_reply },
- { LSA_LSAENUMERATEACCOUNTS, "LSAENUMERATEACCOUNTS",
+ { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts",
lsa_dissect_lsaenumerateaccounts_rqst,
lsa_dissect_lsaenumerateaccounts_reply },
- { LSA_LSACREATETRUSTEDDOMAIN, "LSACREATETRUSTEDDOMAIN",
+ { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain",
lsa_dissect_lsacreatetrusteddomain_rqst,
lsa_dissect_lsacreatetrusteddomain_reply },
- { LSA_LSAENUMERATETRUSTEDDOMAINS, "LSAENUMERATETRUSTEDDOMAINS",
+ { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains",
lsa_dissect_lsaenumeratetrusteddomains_rqst,
lsa_dissect_lsaenumeratetrusteddomains_reply },
- { LSA_LSALOOKUPNAMES, "LSALOOKUPNAMES",
+ { LSA_LSALOOKUPNAMES, "LookupNames",
lsa_dissect_lsalookupnames_rqst,
lsa_dissect_lsalookupnames_reply },
- { LSA_LSALOOKUPSIDS, "LSALOOKUPSIDS",
+ { LSA_LSALOOKUPSIDS, "LookupSIDs",
lsa_dissect_lsalookupsids_rqst,
lsa_dissect_lsalookupsids_reply },
- { LSA_LSACREATESECRET, "LSACREATESECRET", /*0x10*/
+ { LSA_LSACREATESECRET, "CreateSecret",
lsa_dissect_lsacreatesecret_rqst,
lsa_dissect_lsacreatesecret_reply },
- { LSA_LSAOPENACCOUNT, "LSAOPENACCOUNT",
+ { LSA_LSAOPENACCOUNT, "OpenAccount",
lsa_dissect_lsaopenaccount_rqst,
lsa_dissect_lsaopenaccount_reply },
- { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "LSAENUMERATEPRIVILEGESACCOUNT",
+ { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount",
lsa_dissect_lsaenumerateprivilegesaccount_rqst,
lsa_dissect_lsaenumerateprivilegesaccount_reply },
- { LSA_LSAADDPRIVILEGESTOACCOUNT, "LSAADDPRIVILEGESTOACCOUNT",
+ { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount",
lsa_dissect_lsaaddprivilegestoaccount_rqst,
lsa_dissect_lsaaddprivilegestoaccount_reply },
- { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "LSAREMOVEPRIVILEGESFROMACCOUNT",
+ { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount",
lsa_dissect_lsaremoveprivilegesfromaccount_rqst,
lsa_dissect_lsaremoveprivilegesfromaccount_reply },
- { LSA_LSAGETQUOTASFORACCOUNT, "LSAGETQUOTASFORACCOUNT",
+ { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount",
lsa_dissect_lsagetquotasforaccount_rqst,
lsa_dissect_lsagetquotasforaccount_reply },
- { LSA_LSASETQUOTASFORACCOUNT, "LSASETQUOTASFORACCOUNT",
+ { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount",
lsa_dissect_lsasetquotasforaccount_rqst,
lsa_dissect_lsasetquotasforaccount_reply },
- { LSA_LSAGETSYSTEMACCESSACCOUNT, "LSAGETSYSTEMACCESSACCOUNT",
+ { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount",
lsa_dissect_lsagetsystemaccessaccount_rqst,
lsa_dissect_lsagetsystemaccessaccount_reply },
- { LSA_LSASETSYSTEMACCESSACCOUNT, "LSASETSYSTEMACCESSACCOUNT",
+ { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount",
lsa_dissect_lsasetsystemaccessaccount_rqst,
lsa_dissect_lsasetsystemaccessaccount_reply },
- { LSA_LSAOPENTRUSTEDDOMAIN, "LSAOPENTRUSTEDDOMAIN",
+ { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain",
lsa_dissect_lsaopentrusteddomain_rqst,
lsa_dissect_lsaopentrusteddomain_reply },
- { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "LSAQUERYINFOTRUSTEDDOMAIN",
+ { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain",
lsa_dissect_lsaqueryinfotrusteddomain_rqst,
lsa_dissect_lsaqueryinfotrusteddomain_reply },
- { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "LSASETINFORMATIONTRUSTEDDOMAIN",
+ { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain",
lsa_dissect_lsasetinformationtrusteddomain_rqst,
lsa_dissect_lsasetinformationtrusteddomain_reply },
- { LSA_LSAOPENSECRET, "LSAOPENSECRET",
+ { LSA_LSAOPENSECRET, "OpenSecret",
lsa_dissect_lsaopensecret_rqst,
lsa_dissect_lsaopensecret_reply },
- { LSA_LSASETSECRET, "LSASETSECRET",
+ { LSA_LSASETSECRET, "SetSecret",
lsa_dissect_lsasetsecret_rqst,
lsa_dissect_lsasetsecret_reply },
- { LSA_LSAQUERYSECRET, "LSAQUERYSECRET",
+ { LSA_LSAQUERYSECRET, "QuerySecret",
lsa_dissect_lsaquerysecret_rqst,
lsa_dissect_lsaquerysecret_reply },
- { LSA_LSALOOKUPPRIVILEGEVALUE, "LSALOOKUPPRIVILEGEVALUE",
+ { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue",
lsa_dissect_lsalookupprivilegevalue_rqst,
lsa_dissect_lsalookupprivilegevalue_reply },
- { LSA_LSALOOKUPPRIVILEGENAME, "LSALOOKUPPRIVILEGENAME",
+ { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName",
lsa_dissect_lsalookupprivilegename_rqst,
lsa_dissect_lsalookupprivilegename_reply },
- { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LSALOOKUPPRIVILEGEDISPLAYNAME",
+ { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName",
lsa_dissect_lsalookupprivilegedisplayname_rqst,
lsa_dissect_lsalookupprivilegedisplayname_reply },
- { LSA_LSADELETEOBJECT, "LSADELETEOBJECT",
+ { LSA_LSADELETEOBJECT, "DeleteObject",
lsa_dissect_lsadeleteobject_rqst,
lsa_dissect_lsadeleteobject_reply },
- { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "LSAENUMERATEACCOUNTSWITHUSERRIGHT",
+ { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight",
lsa_dissect_lsaenumerateaccountswithuserright_rqst,
lsa_dissect_lsaenumerateaccountswithuserright_reply },
- { LSA_LSAENUMERATEACCOUNTRIGHTS, "LSAENUMERATEACCOUNTRIGHTS",
+ { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights",
lsa_dissect_lsaenumerateaccountrights_rqst,
lsa_dissect_lsaenumerateaccountrights_reply },
- { LSA_LSAADDACCOUNTRIGHTS, "LSAADDACCOUNTRIGHTS",
+ { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights",
lsa_dissect_lsaaddaccountrights_rqst,
lsa_dissect_lsaaddaccountrights_reply },
- { LSA_LSAREMOVEACCOUNTRIGHTS, "LSAREMOVEACCOUNTRIGHTS",
+ { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights",
lsa_dissect_lsaremoveaccountrights_rqst,
lsa_dissect_lsaremoveaccountrights_reply },
- { LSA_LSAQUERYTRUSTEDDOMAININFO, "LSAQUERYTRUSTEDDOMAININFO",
+ { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo",
lsa_dissect_lsaquerytrusteddomaininfo_rqst,
lsa_dissect_lsaquerytrusteddomaininfo_reply },
- { LSA_LSASETTRUSTEDDOMAININFO, "LSASETTRUSTEDDOMAININFO",
+ { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo",
lsa_dissect_lsasettrusteddomaininfo_rqst,
lsa_dissect_lsasettrusteddomaininfo_reply },
- { LSA_LSADELETETRUSTEDDOMAIN, "LSADELETETRUSTEDDOMAIN",
+ { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain",
lsa_dissect_lsadeletetrusteddomain_rqst,
lsa_dissect_lsadeletetrusteddomain_reply },
- { LSA_LSASTOREPRIVATEDATA, "LSASTOREPRIVATEDATA",
+ { LSA_LSASTOREPRIVATEDATA, "StorePrivateData",
lsa_dissect_lsastoreprivatedata_rqst,
lsa_dissect_lsastoreprivatedata_reply },
- { LSA_LSARETRIEVEPRIVATEDATA, "LSARETRIEVEPRIVATEDATA",
+ { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData",
lsa_dissect_lsaretrieveprivatedata_rqst,
lsa_dissect_lsaretrieveprivatedata_reply },
- { LSA_LSAOPENPOLICY2, "LSAOPENPOLICY2",
+ { LSA_LSAOPENPOLICY2, "OpenPolicy2",
lsa_dissect_lsaopenpolicy2_rqst,
lsa_dissect_lsaopenpolicy2_reply },
- { LSA_LSAGETUSERNAME, "LSAGETUSERNAME",
+ { LSA_LSAGETUSERNAME, "GetUsername",
lsa_dissect_lsagetusername_rqst,
lsa_dissect_lsagetusername_reply },
- { LSA_LSAFUNCTION_2E, "LSAFUNCTION_2E",
- lsa_dissect_lsafunction_2e_rqst,
- lsa_dissect_lsafunction_2e_reply },
- { LSA_LSAFUNCTION_2F, "LSAFUNCTION_2F",
- lsa_dissect_lsafunction_2f_rqst,
- lsa_dissect_lsafunction_2f_reply },
- { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "LSAQUERYTRUSTEDDOMAININFOBYNAME",
+ { LSA_LSAQUERYINFORMATIONPOLICY2, "QueryInformationPolicy2",
+ lsa_dissect_lsaqueryinformationpolicy2_rqst,
+ lsa_dissect_lsaqueryinformationpolicy2_reply },
+ { LSA_LSASETINFORMATIONPOLICY2, "SetInformationPolicy2",
+ lsa_dissect_lsasetinformationpolicy2_rqst,
+ lsa_dissect_lsasetinformationpolicy2_reply },
+ { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName",
lsa_dissect_lsaquerytrusteddomaininfobyname_rqst,
lsa_dissect_lsaquerytrusteddomaininfobyname_reply },
- { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "LSASETTRUSTEDDOMAININFOBYNAME",
+ { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName",
lsa_dissect_lsasettrusteddomaininfobyname_rqst,
lsa_dissect_lsasettrusteddomaininfobyname_reply },
- { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "LSAENUMERATETRUSTEDDOMAINSEX",
+ { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx",
lsa_dissect_lsaenumeratetrusteddomainsex_rqst,
lsa_dissect_lsaenumeratetrusteddomainsex_reply },
- { LSA_LSACREATETRUSTEDDOMAINEX, "LSACREATETRUSTEDDOMAINEX",
+ { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx",
lsa_dissect_lsacreatetrusteddomainex_rqst,
lsa_dissect_lsacreatetrusteddomainex_reply },
- { LSA_LSACLOSETRUSTEDDOMAINEX, "LSACLOSETRUSTEDDOMAINEX",
+ { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx",
lsa_dissect_lsaclosetrusteddomainex_rqst,
lsa_dissect_lsaclosetrusteddomainex_reply },
- { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "LSAQUERYDOMAININFORMATIONPOLICY",
+ { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy",
lsa_dissect_lsaquerydomaininformationpolicy_rqst,
lsa_dissect_lsaquerydomaininformationpolicy_reply },
- { LSA_LSASETDOMAININFORMATIONPOLICY, "LSASETDOMAININFORMATIONPOLICY",
+ { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy",
lsa_dissect_lsasetdomaininformationpolicy_rqst,
lsa_dissect_lsasetdomaininformationpolicy_reply },
- { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "LSAOPENTRUSTEDDOMAINBYNAME",
+ { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName",
lsa_dissect_lsaopentrusteddomainbyname_rqst,
lsa_dissect_lsaopentrusteddomainbyname_reply },
{ LSA_LSAFUNCTION_38, "LSAFUNCTION_38",
lsa_dissect_lsafunction_38_rqst,
lsa_dissect_lsafunction_38_reply },
- { LSA_LSALOOKUPSIDS2, "LSALOOKUPSIDS2",
+ { LSA_LSALOOKUPSIDS2, "LookupSIDs2",
lsa_dissect_lsalookupsids2_rqst,
lsa_dissect_lsalookupsids2_reply },
- { LSA_LSALOOKUPNAMES2, "LSALOOKUPNAMES2",
+ { LSA_LSALOOKUPNAMES2, "LookupNames2",
lsa_dissect_lsalookupnames2_rqst,
lsa_dissect_lsalookupnames2_reply },
{ LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B",
lsa_dissect_lsafunction_3b_rqst,
lsa_dissect_lsafunction_3b_reply },
- {0, NULL, NULL, NULL},
+ {0, NULL, NULL, NULL}
};
-void
+static const value_string lsa_opnum_vals[] = {
+ { LSA_LSACLOSE, "Close" },
+ { LSA_LSADELETE, "Delete" },
+ { LSA_LSAENUMERATEPRIVILEGES, "EnumPrivs" },
+ { LSA_LSAQUERYSECURITYOBJECT, "QuerySecObject" },
+ { LSA_LSASETSECURITYOBJECT, "SetSecObject" },
+ { LSA_LSACHANGEPASSWORD, "ChangePassword" },
+ { LSA_LSAOPENPOLICY, "OpenPolicy" },
+ { LSA_LSAQUERYINFORMATIONPOLICY, "QueryInfoPolicy" },
+ { LSA_LSASETINFORMATIONPOLICY, "SetInfoPolicy" },
+ { LSA_LSACLEARAUDITLOG, "ClearAuditLog" },
+ { LSA_LSACREATEACCOUNT, "CreateAccount" },
+ { LSA_LSAENUMERATEACCOUNTS, "EnumAccounts" },
+ { LSA_LSACREATETRUSTEDDOMAIN, "CreateTrustedDomain" },
+ { LSA_LSAENUMERATETRUSTEDDOMAINS, "EnumTrustedDomains" },
+ { LSA_LSALOOKUPNAMES, "LookupNames" },
+ { LSA_LSALOOKUPSIDS, "LookupSIDs" },
+ { LSA_LSACREATESECRET, "CreateSecret" },
+ { LSA_LSAOPENACCOUNT, "OpenAccount" },
+ { LSA_LSAENUMERATEPRIVILEGESACCOUNT, "EnumPrivsAccount" },
+ { LSA_LSAADDPRIVILEGESTOACCOUNT, "AddPrivsToAccount" },
+ { LSA_LSAREMOVEPRIVILEGESFROMACCOUNT, "MovePrivsFromAccount" },
+ { LSA_LSAGETQUOTASFORACCOUNT, "GetQuotasForAccount" },
+ { LSA_LSASETQUOTASFORACCOUNT, "SetQuotasForAccount" },
+ { LSA_LSAGETSYSTEMACCESSACCOUNT, "GetSystemAccessAccount" },
+ { LSA_LSASETSYSTEMACCESSACCOUNT, "SetSystemAccessAccount" },
+ { LSA_LSAOPENTRUSTEDDOMAIN, "OpenTrustedDomain" },
+ { LSA_LSAQUERYINFOTRUSTEDDOMAIN, "QueryInfoTrustedDomain" },
+ { LSA_LSASETINFORMATIONTRUSTEDDOMAIN, "SetInfoTrustedDomain" },
+ { LSA_LSAOPENSECRET, "OpenSecret" },
+ { LSA_LSASETSECRET, "SetSecret" },
+ { LSA_LSAQUERYSECRET, "QuerySecret" },
+ { LSA_LSALOOKUPPRIVILEGEVALUE, "LookupPrivValue" },
+ { LSA_LSALOOKUPPRIVILEGENAME, "LookupPrivName" },
+ { LSA_LSALOOKUPPRIVILEGEDISPLAYNAME, "LookupPrivDispName" },
+ { LSA_LSADELETEOBJECT, "DeleteObject" },
+ { LSA_LSAENUMERATEACCOUNTSWITHUSERRIGHT, "EnumAccountsWithUserRight" },
+ { LSA_LSAENUMERATEACCOUNTRIGHTS, "EnumAccountRights" },
+ { LSA_LSAADDACCOUNTRIGHTS, "AddAccountRights" },
+ { LSA_LSAREMOVEACCOUNTRIGHTS, "RemoveAccountRights" },
+ { LSA_LSAQUERYTRUSTEDDOMAININFO, "QueryTrustedDomainInfo" },
+ { LSA_LSASETTRUSTEDDOMAININFO, "SetTrustedDomainInfo" },
+ { LSA_LSADELETETRUSTEDDOMAIN, "DeleteTrsutedDomain" },
+ { LSA_LSASTOREPRIVATEDATA, "StorePrivateData" },
+ { LSA_LSARETRIEVEPRIVATEDATA, "RetrievePrivateData" },
+ { LSA_LSAOPENPOLICY2, "OpenPolicy2" },
+ { LSA_LSAGETUSERNAME, "GetUsername" },
+ { LSA_LSAQUERYINFORMATIONPOLICY2, "QueryInformationPolicy2" },
+ { LSA_LSASETINFORMATIONPOLICY2, "SetInformationPolicy2" },
+ { LSA_LSAQUERYTRUSTEDDOMAININFOBYNAME, "QueryTrustedDomainInfoByName" },
+ { LSA_LSASETTRUSTEDDOMAININFOBYNAME, "SetTrustedDomainInfoByName" },
+ { LSA_LSAENUMERATETRUSTEDDOMAINSEX, "EnumTrustedDomainsEx" },
+ { LSA_LSACREATETRUSTEDDOMAINEX, "CreateTrustedDomainEx" },
+ { LSA_LSACLOSETRUSTEDDOMAINEX, "CloseTrustedDomainEx" },
+ { LSA_LSAQUERYDOMAININFORMATIONPOLICY, "QueryDomainInfoPolicy" },
+ { LSA_LSASETDOMAININFORMATIONPOLICY, "SetDomainInfoPolicy" },
+ { LSA_LSAOPENTRUSTEDDOMAINBYNAME, "OpenTrustedDomainByName" },
+ { LSA_LSAFUNCTION_38, "LSAFUNCTION_38" },
+ { LSA_LSALOOKUPSIDS2, "LookupSIDs2" },
+ { LSA_LSALOOKUPNAMES2, "LookupNames2" },
+ { LSA_LSAFUNCTION_3B, "LSAFUNCTION_3B" },
+ { 0, NULL }
+};
+
+void
proto_register_dcerpc_lsa(void)
{
static hf_register_info hf[] = {
+
+ { &hf_lsa_opnum,
+ { "Operation", "lsa.opnum", FT_UINT16, BASE_DEC,
+ VALS(lsa_opnum_vals), 0x0, "Operation", HFILL }},
+
{ &hf_lsa_unknown_string,
{ "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
{ &hf_lsa_hnd,
- { "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
+ { "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
NULL, 0x0, "LSA policy handle", HFILL }},
{ &hf_lsa_server,
NULL, 0, "Name of Domain Controller", HFILL }},
{ &hf_lsa_unknown_hyper,
- { "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
+ { "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
{ &hf_lsa_unknown_long,
- { "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
+ { "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
{ &hf_lsa_unknown_short,
- { "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
+ { "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
{ &hf_lsa_unknown_char,
- { "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
+ { "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
{ &hf_lsa_rc,
- { "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
+ { "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
{ &hf_lsa_obj_attr,
- { "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
+ { "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
NULL, 0x0, "LSA Attributes", HFILL }},
{ &hf_lsa_obj_attr_len,
- { "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
+ { "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
NULL, 0x0, "Length of object attribute structure", HFILL }},
{ &hf_lsa_obj_attr_name,
- { "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
+ { "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
NULL, 0x0, "Name of object attribute", HFILL }},
{ &hf_lsa_access_mask,
- { "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
+ { "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
NULL, 0x0, "LSA Access Mask", HFILL }},
{ &hf_lsa_info_level,
- { "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
+ { "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
NULL, 0x0, "Information level of requested data", HFILL }},
{ &hf_lsa_trusted_info_level,
- { "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
+ { "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
{ &hf_lsa_sd_size,
- { "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
+ { "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
NULL, 0x0, "Size of lsa security descriptor", HFILL }},
{ &hf_lsa_qos_len,
- { "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
+ { "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
NULL, 0x0, "Length of quality of service structure", HFILL }},
{ &hf_lsa_qos_impersonation_level,
- { "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
+ { "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
{ &hf_lsa_qos_track_context,
- { "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
+ { "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
{ &hf_lsa_qos_effective_only,
- { "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
+ { "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
{ &hf_lsa_pali_percent_full,
- { "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
+ { "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
NULL, 0x0, "How full audit log is in percentage", HFILL }},
{ &hf_lsa_pali_log_size,
- { "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
+ { "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
NULL, 0x0, "Size of audit log", HFILL }},
{ &hf_lsa_pali_retention_period,
- { "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
+ { "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
NULL, 0x0, "", HFILL }},
{ &hf_lsa_pali_time_to_shutdown,
- { "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
+ { "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
NULL, 0x0, "Time to shutdown", HFILL }},
- { &hf_lsa_pali_shutdown_in_progress,
- { "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
+ { &hf_lsa_pali_shutdown_in_progress,
+ { "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
{ &hf_lsa_pali_next_audit_record,
- { "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
+ { "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
NULL, 0x0, "Next audit record", HFILL }},
{ &hf_lsa_paei_enabled,
- { "Enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
+ { "Enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
NULL, 0x0, "If Audit Events Information is Enabled or not", HFILL }},
{ &hf_lsa_paei_settings,
- { "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
+ { "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
NULL, 0x0, "Audit Events Information settings", HFILL }},
{ &hf_lsa_count,
- { "Count", "lsa.count", FT_UINT32, BASE_DEC,
+ { "Count", "lsa.count", FT_UINT32, BASE_DEC,
NULL, 0x0, "Count of objects", HFILL }},
{ &hf_lsa_max_count,
- { "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
+ { "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
NULL, 0x0, "", HFILL }},
{ &hf_lsa_domain,
- { "Domain", "lsa.domain", FT_STRING, BASE_NONE,
+ { "Domain", "lsa.domain", FT_STRING, BASE_NONE,
NULL, 0x0, "Domain", HFILL }},
{ &hf_lsa_acct,
- { "Account", "lsa.acct", FT_STRING, BASE_NONE,
+ { "Account", "lsa.acct", FT_STRING, BASE_NONE,
NULL, 0x0, "Account", HFILL }},
{ &hf_lsa_source,
- { "Source", "lsa.source", FT_STRING, BASE_NONE,
+ { "Source", "lsa.source", FT_STRING, BASE_NONE,
NULL, 0x0, "Replica Source", HFILL }},
{ &hf_lsa_server_role,
- { "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
+ { "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
{ &hf_lsa_quota_paged_pool,
- { "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
+ { "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
{ &hf_lsa_quota_non_paged_pool,
- { "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
+ { "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
{ &hf_lsa_quota_min_wss,
- { "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
+ { "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
NULL, 0x0, "Size of Quota Min WSS", HFILL }},
{ &hf_lsa_quota_max_wss,
- { "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
+ { "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
NULL, 0x0, "Size of Quota Max WSS", HFILL }},
{ &hf_lsa_quota_pagefile,
- { "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
+ { "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
NULL, 0x0, "Size of quota pagefile usage", HFILL }},
{ &hf_lsa_mod_seq_no,
- { "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
+ { "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
NULL, 0x0, "Sequence number for this modification", HFILL }},
{ &hf_lsa_mod_mtime,
- { "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
+ { "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
NULL, 0x0, "Time when this modification occured", HFILL }},
{ &hf_lsa_cur_mtime,
- { "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
+ { "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
NULL, 0x0, "Current MTime to set", HFILL }},
{ &hf_lsa_old_mtime,
- { "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
+ { "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
NULL, 0x0, "Old MTime for this object", HFILL }},
{ &hf_lsa_name,
- { "Name", "lsa.name", FT_STRING, BASE_NONE,
+ { "Name", "lsa.name", FT_STRING, BASE_NONE,
NULL, 0x0, "", HFILL }},
{ &hf_lsa_key,
- { "Key", "lsa.key", FT_BYTES, BASE_NONE,
+ { "Key", "lsa.key", FT_STRING, BASE_NONE,
NULL, 0x0, "", HFILL }},
{ &hf_lsa_flat_name,
- { "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
+ { "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
NULL, 0x0, "", HFILL }},
{ &hf_lsa_forest,
- { "Forest", "lsa.forest", FT_STRING, BASE_NONE,
+ { "Forest", "lsa.forest", FT_STRING, BASE_NONE,
NULL, 0x0, "", HFILL }},
{ &hf_lsa_info_type,
- { "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
+ { "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
NULL, 0x0, "", HFILL }},
{ &hf_lsa_new_pwd,
- { "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
+ { "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
NULL, 0x0, "New password", HFILL }},
{ &hf_lsa_old_pwd,
- { "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
+ { "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
NULL, 0x0, "Old password", HFILL }},
{ &hf_lsa_sid_type,
- { "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
+ { "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
{ &hf_lsa_rid,
- { "RID", "lsa.rid", FT_UINT32, BASE_HEX,
+ { "RID", "lsa.rid", FT_UINT32, BASE_HEX,
NULL, 0x0, "RID", HFILL }},
{ &hf_lsa_rid_offset,
- { "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
+ { "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
NULL, 0x0, "RID Offset", HFILL }},
{ &hf_lsa_index,
- { "Index", "lsa.index", FT_UINT32, BASE_DEC,
+ { "Index", "lsa.index", FT_UINT32, BASE_DEC,
NULL, 0x0, "", HFILL }},
{ &hf_lsa_num_mapped,
- { "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
+ { "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
NULL, 0x0, "", HFILL }},
{ &hf_lsa_policy_information_class,
- { "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
+ { "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
{ &hf_lsa_secret,
NULL, 0, "", HFILL }},
{ &hf_nt_luid_high,
- { "High", "nt.luid.high", FT_UINT32, BASE_HEX,
+ { "High", "nt.luid.high", FT_UINT32, BASE_HEX,
NULL, 0x0, "LUID High component", HFILL }},
{ &hf_nt_luid_low,
- { "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
+ { "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
NULL, 0x0, "LUID Low component", HFILL }},
{ &hf_lsa_size,
- { "Size", "lsa.size", FT_UINT32, BASE_DEC,
+ { "Size", "lsa.size", FT_UINT32, BASE_DEC,
NULL, 0x0, "", HFILL }},
{ &hf_lsa_size16,
- { "Size", "lsa.size", FT_UINT16, BASE_DEC,
+ { "Size", "lsa.size", FT_UINT16, BASE_DEC,
NULL, 0x0, "", HFILL }},
{ &hf_lsa_size_needed,
- { "Size Needed", "lsa.size_needed", FT_UINT16, BASE_DEC,
+ { "Size Needed", "lsa.size_needed", FT_UINT16, BASE_DEC,
NULL, 0x0, "", HFILL }},
{ &hf_lsa_privilege_name,
- { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
+ { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
NULL, 0x0, "LSA Privilege Name", HFILL }},
{ &hf_lsa_rights,
- { "Rights", "lsa.rights", FT_STRING, BASE_NONE,
+ { "Rights", "lsa.rights", FT_STRING, BASE_NONE,
NULL, 0x0, "Account Rights", HFILL }},
{ &hf_lsa_attr,
- { "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
+ { "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
NULL, 0x0, "LSA Attributes", HFILL }},
{ &hf_lsa_auth_update,
- { "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
+ { "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
NULL, 0x0, "LSA Auth Info update", HFILL }},
{ &hf_lsa_resume_handle,
- { "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
+ { "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
NULL, 0x0, "Resume Handle", HFILL }},
{ &hf_lsa_trust_direction,
- { "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
+ { "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
{ &hf_lsa_trust_type,
- { "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
+ { "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
{ &hf_lsa_trust_attr,
- { "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
+ { "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
NULL, 0x0, "Trust attributes", HFILL }},
{ &hf_lsa_trust_attr_non_trans,
TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
{ &hf_lsa_auth_type,
- { "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
+ { "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
NULL, 0x0, "Auth Info type", HFILL }},
{ &hf_lsa_auth_len,
- { "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
+ { "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
NULL, 0x0, "Auth Info len", HFILL }},
{ &hf_lsa_remove_all,
- { "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
+ { "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }},
-
- };
+ { &hf_view_local_info,
+ { "View local info", "lsa.access_mask.view_local_info",
+ FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_LOCAL_INFORMATION,
+ "View local info", HFILL }},
+
+ { &hf_view_audit_info,
+ { "View audit info", "lsa.access_mask.view_audit_info",
+ FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_AUDIT_INFORMATION,
+ "View audit info", HFILL }},
+
+ { &hf_get_private_info,
+ { "Get private info", "lsa.access_mask.get_privateinfo",
+ FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_GET_PRIVATE_INFORMATION,
+ "Get private info", HFILL }},
+
+ { &hf_trust_admin,
+ { "Trust admin", "lsa.access_mask.trust_admin",
+ FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_TRUST_ADMIN,
+ "Trust admin", HFILL }},
+
+ { &hf_create_account,
+ { "Create account", "lsa.access_mask.create_account",
+ FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_ACCOUNT,
+ "Create account", HFILL }},
+
+ { &hf_create_secret,
+ { "Create secret", "lsa.access_mask.create_secret",
+ FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_SECRET,
+ "Create secret", HFILL }},
+
+ { &hf_create_priv,
+ { "Create privilege", "lsa.access_mask.create_priv",
+ FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_PRIVILEGE,
+ "Create privilege", HFILL }},
+
+ { &hf_set_default_quota_limits,
+ { "Set default quota limits", "lsa.access_mask.set_default_quota_limits",
+ FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_DEFAULT_QUOTA_LIMITS,
+ "Set default quota limits", HFILL }},
+
+ { &hf_set_audit_requirements,
+ { "Set audit requirements", "lsa.access_mask.set_audit_requirements",
+ FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_AUDIT_REQUIREMENTS,
+ "Set audit requirements", HFILL }},
+
+ { &hf_server_admin,
+ { "Server admin", "lsa.access_mask.server_admin",
+ FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SERVER_ADMIN,
+ "Server admin", HFILL }},
+
+ { &hf_lookup_names,
+ { "Lookup names", "lsa.access_mask.lookup_names",
+ FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_LOOKUP_NAMES,
+ "Lookup names", HFILL }}
+};
static gint *ett[] = {
&ett_dcerpc_lsa,
&ett_lsa_trusted_domain_info,
&ett_lsa_trust_attr,
&ett_lsa_trusted_domain_auth_information,
- &ett_lsa_auth_information,
+ &ett_lsa_auth_information
};
proto_dcerpc_lsa = proto_register_protocol(
/* Protocol handoff */
static e_uuid_t uuid_dcerpc_lsa = {
- 0x12345778, 0x1234, 0xabcd,
+ 0x12345778, 0x1234, 0xabcd,
{ 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
};
/* Register protocol as dcerpc */
dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
- ver_dcerpc_lsa, dcerpc_lsa_dissectors);
+ ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum);
}