/* packet-dcerpc-samr.c
* Routines for SMB \\PIPE\\samr packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
+ * 2002 Added all command dissectors Ronnie Sahlberg
*
- * $Id: packet-dcerpc-samr.c,v 1.8 2002/02/08 11:02:03 guy Exp $
+ * $Id: packet-dcerpc-samr.c,v 1.22 2002/03/11 00:00:15 sahlberg Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
static int hf_samr_rid_attrib = -1;
static int hf_samr_rc = -1;
static int hf_samr_index = -1;
-static int hf_samr_acct_ctrl = -1;
static int hf_samr_count = -1;
static int hf_samr_level = -1;
static int hf_samr_pref_maxsize = -1;
static int hf_samr_total_size = -1;
static int hf_samr_ret_size = -1;
+static int hf_samr_alias_name = -1;
+static int hf_samr_group_name = -1;
static int hf_samr_acct_name = -1;
static int hf_samr_full_name = -1;
static int hf_samr_acct_desc = -1;
int hf_nt_str_max_len = -1;
int hf_nt_string_length = -1;
int hf_nt_string_size = -1;
-
+static int hf_nt_acct_ctrl = -1;
+static int hf_nt_acb_disabled = -1;
+static int hf_nt_acb_homedirreq = -1;
+static int hf_nt_acb_pwnotreq = -1;
+static int hf_nt_acb_tempdup = -1;
+static int hf_nt_acb_normal = -1;
+static int hf_nt_acb_mns = -1;
+static int hf_nt_acb_domtrust = -1;
+static int hf_nt_acb_wstrust = -1;
+static int hf_nt_acb_svrtrust = -1;
+static int hf_nt_acb_pwnoexp = -1;
+static int hf_nt_acb_autolock = -1;
static gint ett_dcerpc_samr = -1;
gint ett_nt_unicode_string = -1; /* used by packet-dcerpc-nt.c*/
static gint ett_samr_user_dispinfo_1 = -1;
+static gint ett_samr_user_dispinfo_1_array = -1;
+static gint ett_samr_user_dispinfo_2 = -1;
+static gint ett_samr_user_dispinfo_2_array = -1;
+static gint ett_samr_group_dispinfo = -1;
+static gint ett_samr_group_dispinfo_array = -1;
+static gint ett_samr_ascii_dispinfo = -1;
+static gint ett_samr_ascii_dispinfo_array = -1;
+static gint ett_samr_display_info = -1;
+static gint ett_samr_password_info = -1;
+static gint ett_samr_server = -1;
+static gint ett_samr_user_group = -1;
+static gint ett_samr_user_group_array = -1;
+static gint ett_samr_alias_info = -1;
+static gint ett_samr_group_info = -1;
+static gint ett_samr_domain_info_1 = -1;
+static gint ett_samr_domain_info_2 = -1;
+static gint ett_samr_domain_info_8 = -1;
+static gint ett_samr_replication_status = -1;
+static gint ett_samr_domain_info_11 = -1;
+static gint ett_samr_domain_info_13 = -1;
+static gint ett_samr_domain_info = -1;
+static gint ett_samr_sid_pointer = -1;
+static gint ett_samr_sid_array = -1;
+static gint ett_samr_index_array = -1;
+static gint ett_samr_idx_and_name = -1;
+static gint ett_samr_idx_and_name_array = -1;
+static gint ett_samr_logon_hours = -1;
+static gint ett_samr_logon_hours_hours = -1;
+static gint ett_samr_user_info_1 = -1;
+static gint ett_samr_user_info_2 = -1;
+static gint ett_samr_user_info_3 = -1;
+static gint ett_samr_user_info_5 = -1;
+static gint ett_samr_user_info_6 = -1;
+static gint ett_samr_user_info_18 = -1;
+static gint ett_samr_user_info_19 = -1;
+static gint ett_samr_buffer_buffer = -1;
+static gint ett_samr_buffer = -1;
+static gint ett_samr_user_info_21 = -1;
+static gint ett_samr_user_info_22 = -1;
+static gint ett_samr_user_info_23 = -1;
+static gint ett_samr_user_info_24 = -1;
+static gint ett_samr_user_info = -1;
+static gint ett_samr_member_array_types = -1;
+static gint ett_samr_member_array_rids = -1;
+static gint ett_samr_member_array = -1;
+static gint ett_samr_names = -1;
+static gint ett_samr_rids = -1;
+static gint ett_nt_acct_ctrl = -1;
+
static e_uuid_t uuid_dcerpc_samr = {
0x12345778, 0x1234, 0xabcd,
static guint16 ver_dcerpc_samr = 1;
-/* functions to dissect a UNICODE_STRING structure, common to many
- NT services
- struct {
- short len;
- short size;
- [size_is(size/2), length_is(len/2), ptr] unsigned short *string;
- } UNICODE_STRING;
-
- these variables can be found in packet-dcerpc-samr.c
-*/
-extern int hf_nt_str_len;
-extern int hf_nt_str_off;
-extern int hf_nt_str_max_len;
-extern int hf_nt_string_length;
-extern int hf_nt_string_size;
-extern gint ett_nt_unicode_string;
-
-int
-dissect_ndr_nt_UNICODE_STRING_string (tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree,
- char *drep)
-{
- guint32 len, off, max_len;
- guint16 *data16;
- char *text;
- int old_offset;
- header_field_info *hfi;
- dcerpc_info *di;
-
- di=pinfo->private_data;
- if(di->conformant_run){
- /*just a run to handle conformant arrays, nothing to dissect */
- return offset;
- }
-
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_nt_str_len, &len);
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_nt_str_off, &off);
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_nt_str_max_len, &max_len);
-
- old_offset=offset;
- offset = prs_uint16s(tvb, offset, pinfo, tree, max_len, &data16, NULL);
- text = fake_unicode(data16, max_len);
-
- hfi = proto_registrar_get_nth(di->hf_index);
- proto_tree_add_string_format(tree, di->hf_index,
- tvb, old_offset, offset-old_offset,
- text, "%s: %s", hfi->name, text);
-
- if(tree){
- proto_item_set_text(tree, "%s: %s", hfi->name, text);
- proto_item_set_text(tree->parent, "%s: %s", hfi->name, text);
- }
- return offset;
-}
-
-int
-dissect_ndr_nt_UNICODE_STRING (tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *parent_tree,
- char *drep, int hf_index)
-{
- proto_item *item=NULL;
- proto_tree *tree=NULL;
- int old_offset=offset;
- dcerpc_info *di;
-
- di=pinfo->private_data;
- if(di->conformant_run){
- /*just a run to handle conformant arrays, nothing to dissect */
- return offset;
- }
-
- if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "Unicode String");
- tree = proto_item_add_subtree(item, ett_nt_unicode_string);
- }
-
- offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
- hf_nt_string_length, NULL);
- offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
- hf_nt_string_size, NULL);
- offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- dissect_ndr_nt_UNICODE_STRING_string, NDR_POINTER_PTR,
- hf_index);
-
- proto_item_set_len(item, offset-old_offset);
- return offset;
-}
-
/* functions to dissect a STRING structure, common to many
NT services
struct {
guint32 len, off, max_len;
guint8 *text;
int old_offset;
- header_field_info *hfi;
+ char *name;
dcerpc_info *di;
di=pinfo->private_data;
old_offset=offset;
offset = prs_uint8s(tvb, offset, pinfo, tree, max_len, &text, NULL);
- hfi = proto_registrar_get_nth(di->hf_index);
- proto_tree_add_string_format(tree, di->hf_index,
- tvb, old_offset, offset-old_offset,
- text, "%s: %s", hfi->name, text);
+ name = proto_registrar_get_name(di->hf_index);
+ proto_tree_add_string(tree, di->hf_index, tvb, old_offset,
+ offset-old_offset, text);
if(tree){
- proto_item_set_text(tree, "%s: %s", hfi->name, text);
- proto_item_set_text(tree->parent, "%s: %s", hfi->name, text);
+ proto_item_set_text(tree, "%s: %s", name, text);
+ proto_item_set_text(tree->parent, "%s: %s", name, text);
}
return offset;
}
proto_item *item=NULL;
proto_tree *tree=NULL;
int old_offset=offset;
+ char *name;
dcerpc_info *di;
di=pinfo->private_data;
return offset;
}
+ name = proto_registrar_get_name(di->hf_index);
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "Unicode String");
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "%s", name);
tree = proto_item_add_subtree(item, ett_nt_unicode_string);
}
hf_nt_string_size, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
dissect_ndr_nt_STRING_string, NDR_POINTER_PTR,
- hf_index);
+ name, hf_index, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
}
-/* This should get fixed both here and in dissect_smb_64bit_time so
- one can handle both BIG and LITTLE endian encodings
- */
-int dissect_smb_64bit_time(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, int hf_date);
-int
-dissect_ndr_nt_NTTIME (tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *tree,
- char *drep, int hf_index)
-{
- dcerpc_info *di;
-
- di=pinfo->private_data;
- if(di->conformant_run){
- /*just a run to handle conformant arrays, nothing to dissect */
- return offset;
- }
-
- /* align to 4 byte boundary */
- if(offset&0x03){
- offset = (offset&0xfffffffc)+4;
- }
-
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_index);
- return offset;
-}
-
static int
samr_dissect_SID(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
packet_info *pinfo, proto_tree *tree,
char *drep)
{
- offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_SID, NDR_POINTER_UNIQUE,
- -1);
+ "SID pointer", -1, 1);
return offset;
}
-/* above this line, just some general support routines which should be placed
- in some more generic file common to all NT services dissectors
-*/
+static const true_false_string tfs_nt_acb_disabled = {
+ "Account is DISABLED",
+ "Account is NOT disabled"
+};
+static const true_false_string tfs_nt_acb_homedirreq = {
+ "Homedir is REQUIRED",
+ "Homedir is NOT required"
+};
+static const true_false_string tfs_nt_acb_pwnotreq = {
+ "Password is NOT required",
+ "Password is REQUIRED"
+};
+static const true_false_string tfs_nt_acb_tempdup = {
+ "This is a TEMPORARY DUPLICATE account",
+ "This is NOT a temporary duplicate account"
+};
+static const true_false_string tfs_nt_acb_normal = {
+ "This is a NORMAL USER account",
+ "This is NOT a normal user account"
+};
+static const true_false_string tfs_nt_acb_mns = {
+ "This is a MNS account",
+ "This is NOT a mns account"
+};
+static const true_false_string tfs_nt_acb_domtrust = {
+ "This is a DOMAIN TRUST account",
+ "This is NOT a domain trust account"
+};
+static const true_false_string tfs_nt_acb_wstrust = {
+ "This is a WORKSTATION TRUST account",
+ "This is NOT a workstation trust account"
+};
+static const true_false_string tfs_nt_acb_svrtrust = {
+ "This is a SERVER TRUST account",
+ "This is NOT a server trust account"
+};
+static const true_false_string tfs_nt_acb_pwnoexp = {
+ "Passwords does NOT expire",
+ "Password will EXPIRE"
+};
+static const true_false_string tfs_nt_acb_autolock = {
+ "This account has been AUTO LOCKED",
+ "This account has NOT been auto locked"
+};
+int
+dissect_ndr_nt_acct_ctrl(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *parent_tree, char *drep)
+{
+ guint32 mask;
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
+ hf_nt_acct_ctrl, &mask);
+ if(parent_tree){
+ item = proto_tree_add_uint(parent_tree, hf_nt_acct_ctrl,
+ tvb, offset-4, 4, mask);
+ tree = proto_item_add_subtree(item, ett_nt_acct_ctrl);
+ }
+
+ proto_tree_add_boolean(tree, hf_nt_acb_autolock,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_nt_acb_pwnoexp,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_nt_acb_svrtrust,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_nt_acb_wstrust,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_nt_acb_domtrust,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_nt_acb_mns,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_nt_acb_normal,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_nt_acb_tempdup,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_nt_acb_pwnotreq,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_nt_acb_homedirreq,
+ tvb, offset-4, 4, mask);
+ proto_tree_add_boolean(tree, hf_nt_acb_disabled,
+ tvb, offset-4, 4, mask);
+ return offset;
+}
+/* above this line, just some general support routines which should be placed
+ in some more generic file common to all NT services dissectors
+*/
static int
samr_dissect_context_handle_reply(tvbuff_t *tvb, int offset,
}
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- di->hf_index);
+ di->hf_index, di->levels);
return offset;
}
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
"User_DispInfo_1");
tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
}
hf_samr_index, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_samr_acct_ctrl, NULL);
+ offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_full_name);
+ hf_samr_full_name, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_desc);
+ hf_samr_acct_desc, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
"User_DispInfo_1 Array");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1_array);
}
hf_samr_count, &count);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_USER_DISPINFO_1_ARRAY_users, NDR_POINTER_PTR,
- -1);
+ "USER_DISPINFO_1_ARRAY", -1, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
"User_DispInfo_2");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2);
}
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_index, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_samr_acct_ctrl, NULL);
+ offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_desc);
+ hf_samr_acct_desc, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
"User_DispInfo_2 Array");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_2_array);
}
hf_samr_count, &count);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_USER_DISPINFO_2_ARRAY_users, NDR_POINTER_PTR,
- -1);
+ "USER_DISPINFO_2_ARRAY", -1, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
"Group_DispInfo");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ tree = proto_item_add_subtree(item, ett_samr_group_dispinfo);
}
hf_samr_index, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_samr_acct_ctrl, NULL);
+ offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_desc);
+ hf_samr_acct_desc, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
"Group_DispInfo Array");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ tree = proto_item_add_subtree(item, ett_samr_group_dispinfo_array);
}
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_count, &count);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_GROUP_DISPINFO_ARRAY_groups, NDR_POINTER_PTR,
- -1);
+ "GROUP_DISPINFO_ARRAY", -1, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
"Ascii_DispInfo");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo);
}
hf_samr_index, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_samr_acct_ctrl, NULL);
+ offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
hf_samr_acct_name);
offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
"Ascii_DispInfo Array");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ tree = proto_item_add_subtree(item, ett_samr_ascii_dispinfo_array);
}
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_count, &count);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_ASCII_DISPINFO_ARRAY_users, NDR_POINTER_PTR,
- -1);
+ "ACSII_DISPINFO_ARRAY", -1, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
guint16 level;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "DispInfo");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "DISP_INFO:");
+ tree = proto_item_add_subtree(item, ett_samr_display_info);
}
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
- hf_samr_total_size);
+ "", hf_samr_total_size, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
- hf_samr_ret_size);
+ "", hf_samr_ret_size, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_DISPLAY_INFO, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
- hf_samr_index);
+ "", hf_samr_index, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
proto_tree *tree=NULL;
int old_offset=offset;
+ ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
+
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "Password Info");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "PASSWORD_INFO:");
+ tree = proto_item_add_subtree(item, ett_samr_password_info);
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_PASSWORD_INFO, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
"Server");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ tree = proto_item_add_subtree(item, ett_samr_server);
}
- offset = dissect_ndr_nt_UNICODE_STRING_string(tvb, offset, pinfo,
+ offset = dissect_ndr_nt_UNICODE_STRING_str(tvb, offset, pinfo,
tree, drep);
proto_item_set_len(item, offset-old_offset);
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_connect2_server, NDR_POINTER_UNIQUE,
- hf_samr_server);
+ "Server", hf_samr_server, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_access, NULL);
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "User Group");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_GROUP:");
+ tree = proto_item_add_subtree(item, ett_samr_user_group);
}
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "User_Group Array");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_GROUP_ARRAY");
+ tree = proto_item_add_subtree(item, ett_samr_user_group_array);
}
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_count, &count);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_USER_GROUP_ARRAY_groups, NDR_POINTER_UNIQUE,
- -1);
+ "USER_GROUP_ARRAY", -1, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_USER_GROUP_ARRAY, NDR_POINTER_UNIQUE,
- -1);
+ "USER_GROUP_ARRAY", -1, 0);
return offset;
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_USER_GROUP_ARRAY_ptr, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
return offset;
hf_samr_access, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_SID, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
return offset;
}
hf_samr_hnd, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_SID, NDR_POINTER_REF,
- -1);
+ "SID", -1, 0);
return offset;
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_short, NDR_POINTER_REF,
- hf_samr_unknown_short);
+ "", hf_samr_unknown_short, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
return offset;
{
offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
hf_samr_hnd, NULL);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
+ "Account Name", hf_samr_acct_name, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_access, NULL);
return offset;
{
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
tree, drep,
- hf_samr_acct_desc);
+ hf_samr_acct_desc, 0);
return offset;
}
guint16 level;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "AliasInfo");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "ALIAS_INFO:");
+ tree = proto_item_add_subtree(item, ett_samr_alias_info);
}
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
case 2:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 0);
break;
case 3:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
tree, drep,
- hf_samr_acct_desc);
+ hf_samr_acct_desc, 0);
break;
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_ALIAS_INFO, NDR_POINTER_UNIQUE,
- -1);
+ "ALIAS_INFO", -1, 0);
return offset;
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_ALIAS_INFO_ptr, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
return offset;
hf_samr_level, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_ALIAS_INFO, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
return offset;
}
hf_samr_hnd, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
- hf_samr_server);
+ "Server", hf_samr_server, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_STRING, NDR_POINTER_REF,
- hf_samr_acct_name);
+ "Account Name", hf_samr_acct_name, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
- -1);
+ "Password", -1, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
- -1);
+ "Hash", -1, 0);
return offset;
}
hf_samr_hnd, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
- hf_samr_server);
+ "Server", hf_samr_server, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
- hf_samr_acct_name);
+ "Account Name", hf_samr_acct_name, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
- -1);
+ "Password", -1, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
- -1);
+ "Hash", -1, 0);
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
hf_samr_lm_change, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_CRYPT_PASSWORD, NDR_POINTER_UNIQUE,
- -1);
+ "Password", -1, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
- -1);
+ "Hash", -1, 0);
return offset;
}
hf_samr_unknown_short, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
- hf_samr_unknown_string);
+ "Unknown", hf_samr_unknown_string, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
- hf_samr_unknown_string);
+ "Unknown", hf_samr_unknown_string, 0);
return offset;
}
offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
hf_samr_hnd, NULL);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_samr_acct_ctrl, NULL);
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
+ "Account Name", hf_samr_acct_name, 0);
+ offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_access, NULL);
hf_samr_hnd, NULL);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, NULL);
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
+ "Account Name", hf_samr_acct_name, 0);
return offset;
}
hf_samr_unknown_char, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
- -1);
+ "Hash", -1, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
- -1);
+ "Hash", -1, 0);
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
hf_samr_unknown_char, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
- -1);
+ "Hash", -1, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
- -1);
+ "Hash", -1, 0);
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
hf_samr_unknown_char, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
- -1);
+ "Hash", -1, 0);
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
hf_samr_unknown_char, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_CRYPT_HASH, NDR_POINTER_UNIQUE,
- -1);
+ "Hash", -1, 0);
return offset;
}
{
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_attrib, NULL);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
tree, drep,
- hf_samr_acct_desc);
+ hf_samr_acct_desc, 0);
return offset;
}
guint16 level;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "GroupInfo");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "GROUP_INFO:");
+ tree = proto_item_add_subtree(item, ett_samr_group_info);
}
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
case 2:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 0);
break;
case 3:
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
case 4:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
tree, drep,
- hf_samr_acct_desc);
+ hf_samr_acct_desc, 0);
break;
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_GROUP_INFO, NDR_POINTER_UNIQUE,
- -1);
+ "GROUP_INFO", -1, 0);
return offset;
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_GROUP_INFO_ptr, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
return offset;
hf_samr_level, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_GROUP_INFO, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
return offset;
}
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
- hf_samr_domain);
+ "Domain", hf_samr_domain, 0);
return offset;
}
proto_tree *tree=NULL;
int old_offset=offset;
+ ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
+
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "DomainInfo_1");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "DOMAIN_INFO_1:");
+ tree = proto_item_add_subtree(item, ett_samr_domain_info_1);
}
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "DomainInfo_2");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "DOMAIN_INFO_2:");
+ tree = proto_item_add_subtree(item, ett_samr_domain_info_2);
}
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_unknown_time);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_unknown_string);
+ hf_samr_unknown_string, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_domain);
+ hf_samr_domain, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_controller);
+ hf_samr_controller, 0);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_unknown_time);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "DomainInfo_8");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "DOMAIN_INFO_8:");
+ tree = proto_item_add_subtree(item, ett_samr_domain_info_8);
}
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "Replication Status");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "REPLICATION_STATUS:");
+ tree = proto_item_add_subtree(item, ett_samr_replication_status);
}
offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "DomainInfo_11");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "DOMAIN_INFO_11:");
+ tree = proto_item_add_subtree(item, ett_samr_domain_info_11);
}
offset = samr_dissect_DOMAIN_INFO_2(
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "DomainInfo_13");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "DOMAIN_INFO_13:");
+ tree = proto_item_add_subtree(item, ett_samr_domain_info_13);
}
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
guint16 level;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "DomainInfo");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "DOMAIN_INFO:");
+ tree = proto_item_add_subtree(item, ett_samr_domain_info);
}
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, &level);
+
+ ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
switch(level){
case 1:
offset = samr_dissect_DOMAIN_INFO_1(
break;
case 4:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
- tree, drep, hf_samr_unknown_string);
+ tree, drep, hf_samr_unknown_string, 0);
break;
case 5:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
- tree, drep, hf_samr_domain);
+ tree, drep, hf_samr_domain, 0);
break;
case 6:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
- tree, drep, hf_samr_controller);
+ tree, drep, hf_samr_controller, 0);
break;
case 7:
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_DOMAIN_INFO, NDR_POINTER_UNIQUE,
- hf_samr_domain);
+ "DOMAIN_INFO pointer", hf_samr_domain, 0);
return offset;
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_DOMAIN_INFO_ptr, NDR_POINTER_REF,
- hf_samr_domain);
+ "", hf_samr_domain, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
return offset;
+static int
+samr_dissect_lookup_domain_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
+ char *drep)
+{
+ offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
+ hf_samr_hnd, NULL);
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ samr_dissect_pointer_UNICODE_STRING, NDR_POINTER_REF,
+ "", hf_samr_domain, 0);
+ return offset;
+}
+
static int
samr_dissect_lookup_domain_reply(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_SID_ptr, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "SID");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "SID pointer:");
+ tree = proto_item_add_subtree(item, ett_samr_sid_pointer);
}
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_SID, NDR_POINTER_UNIQUE,
- -1);
+ "SID", -1, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "SID Array");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "SID array:");
+ tree = proto_item_add_subtree(item, ett_samr_sid_array);
}
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_count, &count);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_PSID_ARRAY_sids, NDR_POINTER_UNIQUE,
- -1);
+ "PSID_ARRAY", -1, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
}
static int
-samr_dissect_pindex(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *parent_tree,
+samr_dissect_index(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
char *drep)
{
- proto_item *item=NULL;
- proto_tree *tree=NULL;
int old_offset=offset;
dcerpc_info *di;
di=pinfo->private_data;
- if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "SID");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
- }
-
- offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- samr_dissect_pointer_long, NDR_POINTER_UNIQUE,
- di->hf_index);
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ di->hf_index, NULL);
- proto_item_set_len(item, offset-old_offset);
return offset;
}
char *drep)
{
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
- samr_dissect_pindex);
+ samr_dissect_index);
return offset;
}
+static char *
+plural_ending(const char *string)
+{
+ size_t string_len;
+
+ string_len = strlen(string);
+ if (string_len > 0 && string[string_len - 1] == 's') {
+ /* String ends with "s" - pluralize by adding "es" */
+ return "es";
+ } else {
+ /* Field name doesn't end with "s" - pluralize by adding "s" */
+ return "s";
+ }
+}
static int
samr_dissect_INDEX_ARRAY(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
char *drep)
{
+ char *field_name;
guint32 count;
proto_item *item=NULL;
proto_tree *tree=NULL;
int old_offset=offset;
dcerpc_info *di;
+ char str[256];
di=pinfo->private_data;
+ field_name = proto_registrar_get_name(di->hf_index);
+ snprintf(str, 255, "INDEX_ARRAY: %s%s:", field_name,
+ plural_ending(field_name));
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "Index Array");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "%s", str);
+ tree = proto_item_add_subtree(item, ett_samr_index_array);
}
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_count, &count);
- offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_INDEX_ARRAY_value, NDR_POINTER_UNIQUE,
- di->hf_index);
+ str, di->hf_index, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
hf_samr_hnd, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_PSID_ARRAY, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
return offset;
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
- hf_samr_alias);
+ "", hf_samr_alias, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
return offset;
proto_item *item=NULL;
proto_tree *tree=NULL;
int old_offset=offset;
+ char str[256];
dcerpc_info *di;
di=pinfo->private_data;
+ snprintf(str, 255, "IDX_AND_NAME: %s:",proto_registrar_get_name(di->hf_index));
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "IDX_AND_NAME");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "%s",str);
+ tree = proto_item_add_subtree(item, ett_samr_idx_and_name);
}
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_index, NULL);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo,
- tree, drep, di->hf_index);
+ tree, drep, di->hf_index, 4);
proto_item_set_len(item, offset-old_offset);
return offset;
packet_info *pinfo, proto_tree *parent_tree,
char *drep)
{
+ char *field_name;
guint32 count;
proto_item *item=NULL;
proto_tree *tree=NULL;
int old_offset=offset;
dcerpc_info *di;
+ char str[256];
di=pinfo->private_data;
+ field_name = proto_registrar_get_name(di->hf_index);
+
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "IDX_AND_NAME Array");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "IDX_AND_NAME_ARRAY: %s%s:", field_name,
+ plural_ending(field_name));
+ tree = proto_item_add_subtree(item, ett_samr_idx_and_name_array);
}
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_count, &count);
+ snprintf(str, 255, "IDX_AND_NAME pointer: %s%s:", field_name,
+ plural_ending(field_name));
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_IDX_AND_NAME_entry, NDR_POINTER_UNIQUE,
- di->hf_index);
+ str, di->hf_index, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
packet_info *pinfo, proto_tree *tree,
char *drep)
{
+ char *field_name;
+ char str[256];
+ dcerpc_info *di;
+
+ di=pinfo->private_data;
+
+ field_name = proto_registrar_get_name(di->hf_index);
+ snprintf(str, 255, "IDX_AND_NAME_ARRAY pointer: %s%s:", field_name,
+ plural_ending(field_name));
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_IDX_AND_NAME_ARRAY, NDR_POINTER_UNIQUE,
- hf_samr_domain);
+ str, di->hf_index, 0);
return offset;
}
hf_samr_hnd, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
- hf_samr_resume_hnd);
+ "", hf_samr_resume_hnd, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_pref_maxsize, NULL);
return offset;
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
- hf_samr_resume_hnd);
+ "", hf_samr_resume_hnd, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
- hf_samr_domain);
+ "", hf_samr_domain, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
- hf_samr_entries);
+ "", hf_samr_entries, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
return offset;
hf_samr_hnd, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
- hf_samr_resume_hnd);
+ "", hf_samr_resume_hnd, 0);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_mask, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
- hf_samr_resume_hnd);
+ "", hf_samr_resume_hnd, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
- hf_samr_group);
+ "", hf_samr_group_name, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
- hf_samr_entries);
+ "", hf_samr_entries, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
return offset;
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
- hf_samr_resume_hnd);
+ "", hf_samr_resume_hnd, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_IDX_AND_NAME_ARRAY_ptr, NDR_POINTER_REF,
- hf_samr_alias);
+ "", hf_samr_alias_name, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_pointer_long, NDR_POINTER_REF,
- hf_samr_entries);
+ "", hf_samr_entries, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
return offset;
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_PSID_ARRAY, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "LOGON_HOURS");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "LOGON_HOURS:");
+ tree = proto_item_add_subtree(item, ett_samr_logon_hours_hours);
}
offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
return offset;
}
-static int
-samr_dissect_LOGON_HOURS(tvbuff_t *tvb, int offset,
+int
+dissect_ndr_nt_LOGON_HOURS(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
char *drep)
{
proto_tree *tree=NULL;
int old_offset=offset;
+ ALIGN_TO_4_BYTES; /* strcture starts with short, but is aligned for longs */
+
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "LOGON_HOURS");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "LOGON_HOURS:");
+ tree = proto_item_add_subtree(item, ett_samr_logon_hours);
}
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
of 11? */
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_LOGON_HOURS_hours, NDR_POINTER_UNIQUE,
- -1);
+ "LOGON_HOURS", -1, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "UserInfo_1");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_INFO_1:");
+ tree = proto_item_add_subtree(item, ett_samr_user_info_1);
}
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_full_name);
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_samr_acct_ctrl, NULL);
+ hf_samr_full_name, 0);
+ offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_home);
+ hf_samr_home, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_script);
+ hf_samr_script, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "UserInfo_2");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_INFO_2:");
+ tree = proto_item_add_subtree(item, ett_samr_user_info_2);
}
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_full_name);
+ hf_samr_full_name, 0);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_bad_pwd_count, NULL);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "UserInfo_3");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_INFO_3:");
+ tree = proto_item_add_subtree(item, ett_samr_user_info_3);
}
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_full_name);
+ hf_samr_full_name, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_group, NULL);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_home);
+ hf_samr_home, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_home_drive);
+ hf_samr_home_drive, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_script);
+ hf_samr_script, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_desc);
+ hf_samr_acct_desc, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_workstations);
+ hf_samr_workstations, 0);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_logon_time);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_pwd_can_change_time);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_pwd_must_change_time);
- offset = samr_dissect_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
+ offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_logon_count, NULL);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_bad_pwd_count, NULL);
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_samr_acct_ctrl, NULL);
+ offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
proto_item_set_len(item, offset-old_offset);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "UserInfo_5");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_INFO_5:");
+ tree = proto_item_add_subtree(item, ett_samr_user_info_5);
}
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_full_name);
+ hf_samr_full_name, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
hf_samr_codepage, NULL);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_home);
+ hf_samr_home, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_home_drive);
+ hf_samr_home_drive, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_script);
+ hf_samr_script, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_desc);
+ hf_samr_acct_desc, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_workstations);
+ hf_samr_workstations, 0);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_logon_time);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_logoff_time);
- offset = samr_dissect_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
+ offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_bad_pwd_count, NULL);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_pwd_last_set_time);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_acct_expiry_time);
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_samr_acct_ctrl, NULL);
+ offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
proto_item_set_len(item, offset-old_offset);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "UserInfo_6");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_INFO_6:");
+ tree = proto_item_add_subtree(item, ett_samr_user_info_6);
}
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_full_name);
+ hf_samr_full_name, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "UserInfo_18");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_INFO_18:");
+ tree = proto_item_add_subtree(item, ett_samr_user_info_18);
}
offset = samr_dissect_CRYPT_HASH(tvb, offset, pinfo, tree, drep);
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "UserInfo_19");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_INFO_19:");
+ tree = proto_item_add_subtree(item, ett_samr_user_info_19);
}
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_samr_acct_ctrl, NULL);
+ offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_logon_time);
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "BUFFER");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "BUFFER:");
+ tree = proto_item_add_subtree(item, ett_samr_buffer_buffer);
}
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "BUFFER");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "BUFFER:");
+ tree = proto_item_add_subtree(item, ett_samr_buffer);
}
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_count, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_BUFFER_buffer, NDR_POINTER_UNIQUE,
- -1);
+ "BUFFER", -1, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_BUFFER, NDR_POINTER_UNIQUE,
- -1);
+ "BUFFER", -1, 0);
return offset;
}
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "UserInfo_21");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_INFO_21:");
+ tree = proto_item_add_subtree(item, ett_samr_user_info_21);
}
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
hf_samr_pwd_must_change_time);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 2);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_full_name);
+ hf_samr_full_name, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_home);
+ hf_samr_home, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_home_drive);
+ hf_samr_home_drive, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_script);
+ hf_samr_script, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_profile);
+ hf_samr_profile, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_desc);
+ hf_samr_acct_desc, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_workstations);
+ hf_samr_workstations, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_comment);
+ hf_samr_comment, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_parameters);
+ hf_samr_parameters, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_unknown_string);
+ hf_samr_unknown_string, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_unknown_string);
+ hf_samr_unknown_string, 0);
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_unknown_string);
+ hf_samr_unknown_string, 0);
offset = samr_dissect_BUFFER(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_rid, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_group, NULL);
- offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
- hf_samr_acct_ctrl, NULL);
+ offset = dissect_ndr_nt_acct_ctrl(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_samr_unknown_long, NULL);
- offset = samr_dissect_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
+ offset = dissect_ndr_nt_LOGON_HOURS(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_bad_pwd_count, NULL);
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "UserInfo_22");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_INFO_22:");
+ tree = proto_item_add_subtree(item, ett_samr_user_info_22);
}
offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "UserInfo_23");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_INFO_23:");
+ tree = proto_item_add_subtree(item, ett_samr_user_info_23);
}
offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "UserInfo_24");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_INFO_24:");
+ tree = proto_item_add_subtree(item, ett_samr_user_info_24);
}
offset = samr_dissect_CRYPT_PASSWORD(tvb, offset, pinfo, tree, drep);
guint16 level;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "UserInfo");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_INFO:");
+ tree = proto_item_add_subtree(item, ett_samr_user_info);
}
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
hf_samr_level, &level);
tvb, offset, pinfo, tree, drep);
break;
case 4:
- offset = samr_dissect_LOGON_HOURS(
+ offset = dissect_ndr_nt_LOGON_HOURS(
tvb, offset, pinfo, tree, drep);
break;
case 5:
break;
case 7:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_full_name);
+ hf_samr_full_name, 0);
break;
case 8:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_desc);
+ hf_samr_acct_desc, 0);
break;
case 9:
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
break;
case 11:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_home);
+ hf_samr_home, 0);
break;
case 12:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_home_drive);
+ hf_samr_home_drive, 0);
break;
case 13:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_script);
+ hf_samr_script, 0);
break;
case 14:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_workstations);
+ hf_samr_workstations, 0);
break;
case 16:
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
break;
case 20:
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_profile);
+ hf_samr_profile, 0);
break;
case 21:
offset = samr_dissect_USER_INFO_21(
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_USER_INFO, NDR_POINTER_UNIQUE,
- -1);
+ "USER_INFO pointer", -1, 0);
return offset;
}
hf_samr_level, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_USER_INFO, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
return offset;
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_USER_INFO_ptr, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "Types");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "MEMBER_ARRAY_types:");
+ tree = proto_item_add_subtree(item, ett_samr_member_array_types);
}
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "RIDs");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "MEMBER_ARRAY_rids:");
+ tree = proto_item_add_subtree(item, ett_samr_member_array_rids);
}
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "Member Array");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "MEMBER_ARRAY:");
+ tree = proto_item_add_subtree(item, ett_samr_member_array);
}
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_count, &count);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_MEMBER_ARRAY_rids, NDR_POINTER_UNIQUE,
- -1);
+ "RIDs", -1, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_MEMBER_ARRAY_types, NDR_POINTER_UNIQUE,
- -1);
+ "Types", -1, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_MEMBER_ARRAY, NDR_POINTER_UNIQUE,
- -1);
+ "MEMBER_ARRAY", -1, 0);
return offset;
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_MEMBER_ARRAY_ptr, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
hf_samr_info_type, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_BUFFER, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
return offset;
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_BUFFER_ptr, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
char *drep)
{
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 1);
return offset;
}
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "Names");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "NAMES:");
+ tree = proto_item_add_subtree(item, ett_samr_names);
}
offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
hf_samr_count, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_LOOKUP_NAMES, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
return offset;
}
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
- hf_samr_rid);
+ "", hf_samr_rid, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
- hf_samr_type);
+ "", hf_samr_type, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "RIDs");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "RIDS:");
+ tree = proto_item_add_subtree(item, ett_samr_rids);
}
offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
hf_samr_count, NULL);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_LOOKUP_RIDS, NDR_POINTER_REF,
- -1);
+ "", -1, 0);
return offset;
}
char *drep)
{
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_samr_acct_name);
+ hf_samr_acct_name, 0);
+ return offset;
+}
+
+static int
+samr_dissect_UNICODE_STRING_ARRAY_names(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
+ char *drep)
+{
+ offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
+ samr_dissect_UNICODE_STRING_ARRAY_name);
return offset;
}
int old_offset=offset;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "Names");
- tree = proto_item_add_subtree(item, ett_samr_user_dispinfo_1);
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "NAMES:");
+ tree = proto_item_add_subtree(item, ett_samr_names);
}
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_count, NULL);
- offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
- samr_dissect_UNICODE_STRING_ARRAY_name);
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ samr_dissect_UNICODE_STRING_ARRAY_names, NDR_POINTER_UNIQUE,
+ "Strings", -1, 0);
proto_item_set_len(item, offset-old_offset);
return offset;
{
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
samr_dissect_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
- hf_samr_rid);
+ "", hf_samr_rid, 0);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- samr_dissect_MEMBER_ARRAY_types, NDR_POINTER_REF,
- -1);
+ samr_dissect_INDEX_ARRAY, NDR_POINTER_REF,
+ "", hf_samr_type, 0);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
hf_samr_rc, NULL);
samr_dissect_context_handle,
samr_dissect_rc },
{ SAMR_LOOKUP_DOMAIN, "LOOKUP_DOMAIN",
- samr_dissect_get_domain_password_information_rqst,
+ samr_dissect_lookup_domain_rqst,
samr_dissect_lookup_domain_reply },
{ SAMR_ENUM_DOMAINS, "ENUM_DOMAINS",
samr_dissect_enum_domains_rqst,
{ "Index", "samr.index", FT_UINT32, BASE_DEC,
NULL, 0x0, "Index", HFILL }},
- { &hf_samr_acct_ctrl,
- { "Acct Ctrl", "samr.acct_ctrl", FT_UINT32, BASE_DEC,
- NULL, 0x0, "Acct CTRL", HFILL }},
-
{ &hf_samr_count,
{ "Count", "samr.count", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of elements in following array", HFILL }},
+ { &hf_samr_alias_name,
+ { "Alias Name", "samr.alias_name", FT_STRING, BASE_NONE,
+ NULL, 0, "Name of Alias", HFILL }},
+
+ { &hf_samr_group_name,
+ { "Group Name", "samr.group_name", FT_STRING, BASE_NONE,
+ NULL, 0, "Name of Group", HFILL }},
+
{ &hf_samr_acct_name,
{ "Account Name", "samr.acct_name", FT_STRING, BASE_NONE,
NULL, 0, "Name of Account", HFILL }},
NULL, 0, "Parameters", HFILL }},
{ &hf_samr_unknown_string,
- { "Unknwon string", "samr.unknown_string", FT_STRING, BASE_NONE,
+ { "Unknown string", "samr.unknown_string", FT_STRING, BASE_NONE,
NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
{ &hf_samr_unknown_hyper,
"Divisions", "samr.divisions", FT_UINT16, BASE_DEC,
NULL, 0, "Number of divisions for LOGON_HOURS", HFILL }},
-
/* these are used by packet-dcerpc-nt.c */
{ &hf_nt_string_length,
{ "Length", "nt.string.length", FT_UINT16, BASE_DEC,
{ &hf_nt_str_max_len,
{ "Max Length", "nt.str.max_len", FT_UINT32, BASE_DEC,
NULL, 0x0, "Max Length of string in short integers", HFILL }},
+
+ { &hf_nt_acct_ctrl,
+ { "Acct Ctrl", "nt.acct_ctrl", FT_UINT32, BASE_HEX,
+ NULL, 0x0, "Acct CTRL", HFILL }},
+
+ { &hf_nt_acb_disabled, {
+ "", "nt.acb.disabled", FT_BOOLEAN, 32,
+ TFS(&tfs_nt_acb_disabled), 0x0001, "If this account is enabled or disabled", HFILL }},
+
+ { &hf_nt_acb_homedirreq, {
+ "", "nt.acb.homedirreq", FT_BOOLEAN, 32,
+ TFS(&tfs_nt_acb_homedirreq), 0x0002, "Is hom,edirs required for this account?", HFILL }},
+
+ { &hf_nt_acb_pwnotreq, {
+ "", "nt.acb.pwnotreq", FT_BOOLEAN, 32,
+ TFS(&tfs_nt_acb_pwnotreq), 0x0004, "If a password is required for this account?", HFILL }},
+
+ { &hf_nt_acb_tempdup, {
+ "", "nt.acb.tempdup", FT_BOOLEAN, 32,
+ TFS(&tfs_nt_acb_tempdup), 0x0008, "If this is a temporary duplicate account", HFILL }},
+
+ { &hf_nt_acb_normal, {
+ "", "nt.acb.normal", FT_BOOLEAN, 32,
+ TFS(&tfs_nt_acb_normal), 0x0010, "If this is a normal user account", HFILL }},
+
+ { &hf_nt_acb_mns, {
+ "", "nt.acb.mns", FT_BOOLEAN, 32,
+ TFS(&tfs_nt_acb_mns), 0x0020, "MNS logon user account", HFILL }},
+
+ { &hf_nt_acb_domtrust, {
+ "", "nt.acb.domtrust", FT_BOOLEAN, 32,
+ TFS(&tfs_nt_acb_domtrust), 0x0040, "Interdomain trust account", HFILL }},
+
+ { &hf_nt_acb_wstrust, {
+ "", "nt.acb.wstrust", FT_BOOLEAN, 32,
+ TFS(&tfs_nt_acb_wstrust), 0x0080, "Workstation trust account", HFILL }},
+
+ { &hf_nt_acb_svrtrust, {
+ "", "nt.acb.svrtrust", FT_BOOLEAN, 32,
+ TFS(&tfs_nt_acb_svrtrust), 0x0100, "Server trust account", HFILL }},
+
+ { &hf_nt_acb_pwnoexp, {
+ "", "nt.acb.pwnoexp", FT_BOOLEAN, 32,
+ TFS(&tfs_nt_acb_pwnoexp), 0x0200, "If this account expires or not", HFILL }},
+
+ { &hf_nt_acb_autolock, {
+ "", "nt.acb.autolock", FT_BOOLEAN, 32,
+ TFS(&tfs_nt_acb_autolock), 0x0400, "If this account has been autolocked", HFILL }},
};
static gint *ett[] = {
&ett_dcerpc_samr,
&ett_nt_unicode_string,
&ett_samr_user_dispinfo_1,
+ &ett_samr_user_dispinfo_1_array,
+ &ett_samr_user_dispinfo_2,
+ &ett_samr_user_dispinfo_2_array,
+ &ett_samr_group_dispinfo,
+ &ett_samr_group_dispinfo_array,
+ &ett_samr_ascii_dispinfo,
+ &ett_samr_ascii_dispinfo_array,
+ &ett_samr_display_info,
+ &ett_samr_password_info,
+ &ett_samr_server,
+ &ett_samr_user_group,
+ &ett_samr_user_group_array,
+ &ett_samr_alias_info,
+ &ett_samr_group_info,
+ &ett_samr_domain_info_1,
+ &ett_samr_domain_info_2,
+ &ett_samr_domain_info_8,
+ &ett_samr_replication_status,
+ &ett_samr_domain_info_11,
+ &ett_samr_domain_info_13,
+ &ett_samr_domain_info,
+ &ett_samr_sid_pointer,
+ &ett_samr_sid_array,
+ &ett_samr_index_array,
+ &ett_samr_idx_and_name,
+ &ett_samr_idx_and_name_array,
+ &ett_samr_logon_hours,
+ &ett_samr_logon_hours_hours,
+ &ett_samr_user_info_1,
+ &ett_samr_user_info_2,
+ &ett_samr_user_info_3,
+ &ett_samr_user_info_5,
+ &ett_samr_user_info_6,
+ &ett_samr_user_info_18,
+ &ett_samr_user_info_19,
+ &ett_samr_buffer_buffer,
+ &ett_samr_buffer,
+ &ett_samr_user_info_21,
+ &ett_samr_user_info_22,
+ &ett_samr_user_info_23,
+ &ett_samr_user_info_24,
+ &ett_samr_user_info,
+ &ett_samr_member_array_types,
+ &ett_samr_member_array_rids,
+ &ett_samr_member_array,
+ &ett_samr_names,
+ &ett_samr_rids,
+
+ &ett_nt_acct_ctrl,
};
proto_dcerpc_samr = proto_register_protocol(