* Copyright 2001,2003 Tim Potter <tpot@samba.org>
* 2002 Added LSA command dissectors Ronnie Sahlberg
*
- * $Id: packet-dcerpc-lsa.c,v 1.80 2003/05/21 10:39:19 sahlberg Exp $
+ * $Id: packet-dcerpc-lsa.c,v 1.81 2003/05/22 11:03:15 sahlberg Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
static int hf_lsa_opnum = -1;
static int hf_lsa_rc = -1;
static int hf_lsa_hnd = -1;
+static int hf_lsa_policy_information = -1;
static int hf_lsa_server = -1;
static int hf_lsa_controller = -1;
static int hf_lsa_obj_attr = -1;
static int hf_lsa_size_needed = -1;
static int hf_lsa_max_count = -1;
static int hf_lsa_index = -1;
+static int hf_lsa_fqdomain = -1;
static int hf_lsa_domain = -1;
static int hf_lsa_domain_sid = -1;
static int hf_lsa_acct = -1;
/* name */
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
- hf_lsa_name, 0);
+ hf_lsa_domain, 0);
/* domain */
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
- hf_lsa_domain, 0);
+ hf_lsa_fqdomain, 0);
/* forest */
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
pinfo, tree, drep);
/* SID pointer */
- offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep, -1);
+ offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep, hf_lsa_domain_sid);
proto_item_set_len(item, offset-old_offset);
return offset;
guint16 level;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, -1,
- "POLICY_INFO:");
+ item = proto_tree_add_item(parent_tree, hf_lsa_policy_information, tvb, offset, 0, FALSE);
+
tree = proto_item_add_subtree(item, ett_lsa_policy_info);
}
{ "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
NULL, 0x0, "", HFILL }},
+ { &hf_lsa_fqdomain,
+ { "FQDN", "lsa.fqdn_domain", FT_STRING, BASE_NONE,
+ NULL, 0x0, "Fully Qualified Domain Name", HFILL }},
+
{ &hf_lsa_domain,
{ "Domain", "lsa.domain", FT_STRING, BASE_NONE,
NULL, 0x0, "Domain", HFILL }},
{ "Rights", "lsa.rights", FT_STRING, BASE_NONE,
NULL, 0x0, "Account Rights", HFILL }},
+ { &hf_lsa_policy_information,
+ { "POLICY INFO", "lsa.policy_information", FT_NONE, BASE_NONE,
+ NULL, 0x0, "Policy Information union", HFILL }},
+
{ &hf_lsa_attr,
{ "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
NULL, 0x0, "LSA Attributes", HFILL }},
* Routines for snooping SID to name mappings
* Copyright 2003, Ronnie Sahlberg
*
- * $Id: packet-smb-sidsnooping.c,v 1.4 2003/05/21 10:39:19 sahlberg Exp $
+ * $Id: packet-smb-sidsnooping.c,v 1.5 2003/05/22 11:03:15 sahlberg Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
#include "packet-smb-sidsnooping.h"
static int hf_lsa = -1;
+static int hf_lsa_info_level = -1;
static int hf_lsa_opnum = -1;
static int hf_lsa_domain = -1;
static int hf_lsa_domain_sid = -1;
static GMemChunk *sid_name_chunk = NULL;
static int sid_name_init_count = 200;
-static void *lsa_QueryInfoPolicy_l3_reply_flag = NULL;
+static void *lsa_policy_information_flag = NULL;
char *
}
/*
- * QueryInfoPolicy level 3 contains both a domain name and a sid
- * which we can use to map a sid into a name.
+ * PolicyInformation :
+ * level 3 : PRIMARY_DOMAIN_INFO lsa.domain_sid -> lsa.domain
+ * level 12 : DNS_DOMAIN_INFO lsa.domain_sid -> lsa.domain
*/
static int
-lsa_QueryInfoPolicy_l3_reply(void *dummy _U_, packet_info *pinfo _U_, epan_dissect_t *edt, void *pri _U_)
+lsa_policy_information(void *dummy _U_, packet_info *pinfo _U_, epan_dissect_t *edt, void *pri _U_)
{
-/* dcerpc_info *ri=pri;*/
- GPtrArray *gp_sid;
- GPtrArray *gp_domain;
+ GPtrArray *gp;
field_info *fi;
char *domain;
char *sid;
+ int info_level;
- gp_domain=proto_get_finfo_ptr_array(edt->tree, hf_lsa_domain);
- if(!gp_domain || gp_domain->len!=1){
+ gp=proto_get_finfo_ptr_array(edt->tree, hf_lsa_info_level);
+ if(!gp || gp->len!=1){
return 0;
}
- fi=gp_domain->pdata[0];
- domain=fi->value->value.string;
-
- gp_sid=proto_get_finfo_ptr_array(edt->tree, hf_lsa_domain_sid);
- if(!gp_sid || gp_sid->len!=1){
- return 0;
+ fi=gp->pdata[0];
+ info_level=fi->value->value.integer;
+
+ switch(info_level){
+ case 3:
+ case 12:
+ gp=proto_get_finfo_ptr_array(edt->tree, hf_lsa_domain);
+ if(!gp || gp->len!=1){
+ return 0;
+ }
+ fi=gp->pdata[0];
+ domain=fi->value->value.string;
+
+ gp=proto_get_finfo_ptr_array(edt->tree, hf_lsa_domain_sid);
+ if(!gp || gp->len!=1){
+ return 0;
+ }
+ fi=gp->pdata[0];
+ sid=fi->value->value.string;
+
+ add_sid_name_mapping(sid, domain);
+ break;
}
- fi=gp_sid->pdata[0];
- sid=fi->value->value.string;
-
- add_sid_name_mapping(sid, domain);
return 0;
}
header_field_info *hfi;
GString *error_string;
- if(lsa_QueryInfoPolicy_l3_reply_flag){
- remove_tap_listener(lsa_QueryInfoPolicy_l3_reply_flag);
- lsa_QueryInfoPolicy_l3_reply_flag=NULL;
+ if(lsa_policy_information_flag){
+ remove_tap_listener(lsa_policy_information_flag);
+ lsa_policy_information_flag=NULL;
}
if(sid_name_table){
hf_lsa_domain=hfi->id;
}
+ hfi=proto_registrar_get_byname("lsa.info.level");
+ if(hfi){
+ hf_lsa_info_level=hfi->id;
+ }
+
- error_string=register_tap_listener("dcerpc", lsa_QueryInfoPolicy_l3_reply, "dcerpc.pkt_type==2 and lsa.opnum==7 and lsa.info.level==3 and lsa.domain and lsa.domain_sid", NULL, lsa_QueryInfoPolicy_l3_reply, NULL);
+ error_string=register_tap_listener("dcerpc", lsa_policy_information, "lsa.policy_information and ( lsa.info.level or lsa.domain or lsa.domain_sid )", NULL, lsa_policy_information, NULL);
if(error_string){
/* error, we failed to attach to the tap. clean up */
- fprintf(stderr, "tethereal: Couldn't register proto_reg_handoff_smb_sidsnooping()/lsa_QueryInfoPolicy_l3_reply tap: %s\n",
+ fprintf(stderr, "tethereal: Couldn't register proto_reg_handoff_smb_sidsnooping()/lsa_policy_information tap: %s\n",
error_string->str);
g_string_free(error_string, TRUE);
exit(1);
}
- lsa_QueryInfoPolicy_l3_reply_flag=lsa_QueryInfoPolicy_l3_reply;
+ lsa_policy_information_flag=lsa_policy_information;
}
void