forked from osmocom/wireshark
Updated DELTA_ALIAS_MEMBER and DELTA_POLICY
svn path=/trunk/; revision=5834
This commit is contained in:
parent
082e7f6317
commit
ec515ae59f
|
@ -3,7 +3,7 @@
|
|||
* Copyright 2001, Tim Potter <tpot@samba.org>
|
||||
* 2002 structure and command dissectors by Ronnie Sahlberg
|
||||
*
|
||||
* $Id: packet-dcerpc-netlogon.c,v 1.36 2002/07/07 05:15:54 sahlberg Exp $
|
||||
* $Id: packet-dcerpc-netlogon.c,v 1.37 2002/07/07 09:49:16 sahlberg Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
@ -46,6 +46,12 @@ static int hf_netlogon_sensitive_data_len = -1;
|
|||
static int hf_netlogon_sensitive_data = -1;
|
||||
static int hf_netlogon_security_information = -1;
|
||||
static int hf_netlogon_dummy = -1;
|
||||
static int hf_netlogon_minworkingsetsize = -1;
|
||||
static int hf_netlogon_maxworkingsetsize = -1;
|
||||
static int hf_netlogon_pagedpoollimit = -1;
|
||||
static int hf_netlogon_pagefilelimit = -1;
|
||||
static int hf_netlogon_timelimit = -1;
|
||||
static int hf_netlogon_nonpagedpoollimit = -1;
|
||||
static int hf_netlogon_pac_size = -1;
|
||||
static int hf_netlogon_pac_data = -1;
|
||||
static int hf_netlogon_auth_size = -1;
|
||||
|
@ -61,6 +67,10 @@ static int hf_netlogon_validation_level = -1;
|
|||
static int hf_netlogon_level = -1;
|
||||
static int hf_netlogon_challenge = -1;
|
||||
static int hf_netlogon_reserved = -1;
|
||||
static int hf_netlogon_audit_retention_period = -1;
|
||||
static int hf_netlogon_auditing_mode = -1;
|
||||
static int hf_netlogon_max_audit_event_count = -1;
|
||||
static int hf_netlogon_event_audit_option = -1;
|
||||
static int hf_netlogon_unknown_time = -1;
|
||||
static int hf_netlogon_unknown_string = -1;
|
||||
static int hf_netlogon_unknown_long = -1;
|
||||
|
@ -76,7 +86,6 @@ static int hf_netlogon_timestamp = -1;
|
|||
static int hf_netlogon_nt_chal_resp = -1;
|
||||
static int hf_netlogon_lm_chal_resp = -1;
|
||||
static int hf_netlogon_credential = -1;
|
||||
static int hf_netlogon_cypher_block = -1;
|
||||
static int hf_netlogon_acct_name = -1;
|
||||
static int hf_netlogon_acct_desc = -1;
|
||||
static int hf_netlogon_group_desc = -1;
|
||||
|
@ -102,6 +111,8 @@ static int hf_netlogon_logon_dom = -1;
|
|||
static int hf_netlogon_domain_name = -1;
|
||||
static int hf_netlogon_domain_create_time = -1;
|
||||
static int hf_netlogon_domain_modify_time = -1;
|
||||
static int hf_netlogon_db_modify_time = -1;
|
||||
static int hf_netlogon_db_create_time = -1;
|
||||
static int hf_netlogon_oem_info = -1;
|
||||
static int hf_netlogon_trusted_domain_name = -1;
|
||||
static int hf_netlogon_num_rids = -1;
|
||||
|
@ -135,6 +146,7 @@ static int hf_netlogon_lm_pwd_present = -1;
|
|||
static int hf_netlogon_code = -1;
|
||||
static int hf_netlogon_database_id = -1;
|
||||
static int hf_netlogon_max_size = -1;
|
||||
static int hf_netlogon_max_log_size = -1;
|
||||
static int hf_netlogon_dns_host = -1;
|
||||
static int hf_netlogon_num_pwd_pairs = -1;
|
||||
static int hf_netlogon_acct_expiry_time = -1;
|
||||
|
@ -154,13 +166,9 @@ static int hf_netlogon_logonsrv_handle = -1;
|
|||
static int hf_netlogon_delta_type = -1;
|
||||
|
||||
static gint ett_dcerpc_netlogon = -1;
|
||||
static gint ett_NETLOGON_SECURITY_DESCRIPTOR = -1;
|
||||
static gint ett_CYPHER_BLOCK = -1;
|
||||
static gint ett_QUOTA_LIMITS = -1;
|
||||
static gint ett_TYPE_16 = -1;
|
||||
static gint ett_IDENTITY_INFO = -1;
|
||||
static gint ett_NETLOGON_SAM_ALIAS_MEM_INFO = -1;
|
||||
static gint ett_TYPE_30 = -1;
|
||||
static gint ett_TYPE_29 = -1;
|
||||
static gint ett_TYPE_31 = -1;
|
||||
static gint ett_TYPE_32 = -1;
|
||||
static gint ett_TYPE_33 = -1;
|
||||
|
@ -2124,6 +2132,203 @@ netlogon_dissect_DELTA_ALIAS(tvbuff_t *tvb, int offset,
|
|||
}
|
||||
|
||||
|
||||
/*
|
||||
* IDL typedef struct {
|
||||
* IDL [unique] SID_ARRAY sids;
|
||||
* IDL long dummy1;
|
||||
* IDL long dummy2;
|
||||
* IDL long dummy3;
|
||||
* IDL long dummy4;
|
||||
* IDL } DELTA_ALIAS_MEMBER;
|
||||
*/
|
||||
static int
|
||||
netlogon_dissect_DELTA_ALIAS_MEMBER(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *tree,
|
||||
char *drep)
|
||||
{
|
||||
offset = dissect_ndr_nt_PSID_ARRAY(tvb, offset, pinfo, tree, drep);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_reserved, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_reserved, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_reserved, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_reserved, NULL);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
netlogon_dissect_EVENT_AUDIT_OPTION(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *tree,
|
||||
char *drep)
|
||||
{
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_event_audit_option, NULL);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
static int
|
||||
netlogon_dissect_EVENT_AUDIT_OPTIONS_ARRAY(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *tree,
|
||||
char *drep)
|
||||
{
|
||||
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
||||
netlogon_dissect_EVENT_AUDIT_OPTION);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* IDL typedef struct {
|
||||
* IDL long pagedpoollimit;
|
||||
* IDL long nonpagedpoollimit;
|
||||
* IDL long minimumworkingsetsize;
|
||||
* IDL long maximumworkingsetsize;
|
||||
* IDL long pagefilelimit;
|
||||
* IDL NTTIME timelimit;
|
||||
* IDL } QUOTA_LIMITS;
|
||||
*/
|
||||
static int
|
||||
netlogon_dissect_QUOTA_LIMITS(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *parent_tree,
|
||||
char *drep)
|
||||
{
|
||||
proto_item *item=NULL;
|
||||
proto_tree *tree=NULL;
|
||||
int old_offset=offset;
|
||||
|
||||
if(parent_tree){
|
||||
item = proto_tree_add_text(parent_tree, tvb, offset, 0,
|
||||
"QUOTA_LIMTS:");
|
||||
tree = proto_item_add_subtree(item, ett_QUOTA_LIMITS);
|
||||
}
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_pagedpoollimit, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_nonpagedpoollimit, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_minworkingsetsize, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_maxworkingsetsize, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_pagefilelimit, NULL);
|
||||
|
||||
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_timelimit);
|
||||
|
||||
proto_item_set_len(item, offset-old_offset);
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* IDL typedef struct {
|
||||
* IDL long maxlogsize;
|
||||
* IDL NTTIME auditretentionperiod;
|
||||
* IDL bool auditingmode;
|
||||
* IDL long maxauditeventcount;
|
||||
* IDL [unique][size_is(maxauditeventcount)] long *eventauditoptions;
|
||||
* IDL UNICODESTRING primarydomainname;
|
||||
* IDL [unique] SID *sid;
|
||||
* IDL QUOTA_LIMITS quota_limits;
|
||||
* IDL NTTIME db_modify_time;
|
||||
* IDL NTTIME db_create_time;
|
||||
* IDL long SecurityInformation;
|
||||
* IDL LSA_SECURITY_DESCRIPTOR sec_desc;
|
||||
* IDL UNICODESTRING dummy1;
|
||||
* IDL UNICODESTRING dummy2;
|
||||
* IDL UNICODESTRING dummy3;
|
||||
* IDL UNICODESTRING dummy4;
|
||||
* IDL long dummy5;
|
||||
* IDL long dummy6;
|
||||
* IDL long dummy7;
|
||||
* IDL long dummy8;
|
||||
* IDL } DELTA_POLICY;
|
||||
*/
|
||||
static int
|
||||
netlogon_dissect_DELTA_POLICY(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *tree,
|
||||
char *drep)
|
||||
{
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_max_log_size, NULL);
|
||||
|
||||
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_audit_retention_period);
|
||||
|
||||
offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_auditing_mode, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_max_audit_event_count, NULL);
|
||||
|
||||
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
||||
netlogon_dissect_EVENT_AUDIT_OPTIONS_ARRAY, NDR_POINTER_UNIQUE,
|
||||
"Event Audit Options:", -1, 0);
|
||||
|
||||
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_domain_name, 0);
|
||||
|
||||
offset = dissect_ndr_nt_PSID(tvb, offset,
|
||||
pinfo, tree, drep);
|
||||
|
||||
offset = netlogon_dissect_QUOTA_LIMITS(tvb, offset,
|
||||
pinfo, tree, drep);
|
||||
|
||||
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_db_modify_time);
|
||||
|
||||
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_db_create_time);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_security_information, NULL);
|
||||
|
||||
offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset,
|
||||
pinfo, tree, drep);
|
||||
|
||||
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_dummy, 0);
|
||||
|
||||
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_dummy, 0);
|
||||
|
||||
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_dummy, 0);
|
||||
|
||||
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_dummy, 0);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_reserved, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_reserved, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_reserved, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_reserved, NULL);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -2194,63 +2399,6 @@ netlogon_dissect_UNICODE_STRING(tvbuff_t *tvb, int offset,
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
netlogon_dissect_NETLOGON_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *parent_tree,
|
||||
char *drep)
|
||||
{
|
||||
proto_item *item=NULL;
|
||||
proto_tree *tree=NULL;
|
||||
int old_offset=offset;
|
||||
|
||||
if(parent_tree){
|
||||
item = proto_tree_add_text(parent_tree, tvb, offset, 0,
|
||||
"NETLOGON_SECURITY_DESCRIPTOR:");
|
||||
tree = proto_item_add_subtree(item, ett_NETLOGON_SECURITY_DESCRIPTOR);
|
||||
}
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_len, NULL);
|
||||
|
||||
offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset,
|
||||
pinfo, tree, drep);
|
||||
|
||||
proto_item_set_len(item, offset-old_offset);
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
||||
#if 0
|
||||
static int
|
||||
netlogon_dissect_CYPHER_BLOCK(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *parent_tree,
|
||||
char *drep)
|
||||
{
|
||||
proto_item *item=NULL;
|
||||
proto_tree *tree=NULL;
|
||||
dcerpc_info *di;
|
||||
|
||||
di=pinfo->private_data;
|
||||
if(di->conformant_run){
|
||||
/*just a run to handle conformant arrays, nothing to dissect.*/
|
||||
return offset;
|
||||
}
|
||||
|
||||
if(parent_tree){
|
||||
item = proto_tree_add_text(parent_tree, tvb, offset, 8,
|
||||
"CYPHER_BLOCK:");
|
||||
tree = proto_item_add_subtree(item, ett_CYPHER_BLOCK);
|
||||
}
|
||||
|
||||
proto_tree_add_item(tree, hf_netlogon_cypher_block, tvb, offset, 8,
|
||||
FALSE);
|
||||
offset += 8;
|
||||
|
||||
return offset;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
static int
|
||||
netlogon_dissect_TYPE_16(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *parent_tree,
|
||||
|
@ -2274,177 +2422,6 @@ netlogon_dissect_TYPE_16(tvbuff_t *tvb, int offset,
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
netlogon_dissect_NETLOGON_SAM_ALIAS_MEM_INFO(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *parent_tree,
|
||||
char *drep)
|
||||
{
|
||||
proto_item *item=NULL;
|
||||
proto_tree *tree=NULL;
|
||||
int old_offset=offset;
|
||||
|
||||
if(parent_tree){
|
||||
item = proto_tree_add_text(parent_tree, tvb, offset, 0,
|
||||
"NETLOGON_SAM_ALIAS_MEM_INFO:");
|
||||
tree = proto_item_add_subtree(item, ett_NETLOGON_SAM_ALIAS_MEM_INFO);
|
||||
}
|
||||
|
||||
offset = dissect_ndr_nt_PSID_ARRAY(tvb, offset, pinfo, tree, drep);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
proto_item_set_len(item, offset-old_offset);
|
||||
return offset;
|
||||
}
|
||||
|
||||
static int
|
||||
netlogon_dissect_TYPE_30(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *parent_tree,
|
||||
char *drep)
|
||||
{
|
||||
proto_item *item=NULL;
|
||||
proto_tree *tree=NULL;
|
||||
int old_offset=offset;
|
||||
|
||||
if(parent_tree){
|
||||
item = proto_tree_add_text(parent_tree, tvb, offset, 0,
|
||||
"TYPE_30:");
|
||||
tree = proto_item_add_subtree(item, ett_TYPE_30);
|
||||
}
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_time);
|
||||
|
||||
proto_item_set_len(item, offset-old_offset);
|
||||
return offset;
|
||||
}
|
||||
|
||||
static int
|
||||
netlogon_dissect_element_422(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *tree,
|
||||
char *drep)
|
||||
{
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
static int
|
||||
netlogon_dissect_element_422_array(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *tree,
|
||||
char *drep)
|
||||
{
|
||||
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
||||
netlogon_dissect_element_422);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
netlogon_dissect_TYPE_29(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *parent_tree,
|
||||
char *drep)
|
||||
{
|
||||
proto_item *item=NULL;
|
||||
proto_tree *tree=NULL;
|
||||
int old_offset=offset;
|
||||
|
||||
if(parent_tree){
|
||||
item = proto_tree_add_text(parent_tree, tvb, offset, 0,
|
||||
"TYPE_29:");
|
||||
tree = proto_item_add_subtree(item, ett_TYPE_29);
|
||||
}
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_time);
|
||||
|
||||
offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_char, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
||||
netlogon_dissect_element_422_array, NDR_POINTER_PTR,
|
||||
"unknown", -1, 0);
|
||||
|
||||
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_string, 0);
|
||||
|
||||
offset = dissect_ndr_nt_PSID(tvb, offset,
|
||||
pinfo, tree, drep);
|
||||
|
||||
offset = netlogon_dissect_TYPE_30(tvb, offset,
|
||||
pinfo, tree, drep);
|
||||
|
||||
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_time);
|
||||
|
||||
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_time);
|
||||
|
||||
offset = netlogon_dissect_NETLOGON_SECURITY_DESCRIPTOR(tvb, offset,
|
||||
pinfo, tree, drep);
|
||||
|
||||
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_string, 0);
|
||||
|
||||
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_string, 0);
|
||||
|
||||
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_string, 0);
|
||||
|
||||
offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_string, 0);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_unknown_long, NULL);
|
||||
|
||||
proto_item_set_len(item, offset-old_offset);
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
netlogon_dissect_TYPE_31(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *parent_tree,
|
||||
|
@ -2573,7 +2550,7 @@ netlogon_dissect_TYPE_33(tvbuff_t *tvb, int offset,
|
|||
netlogon_dissect_attrs_array, NDR_POINTER_PTR,
|
||||
"ATTRS_ARRAY:", -1, 0);
|
||||
|
||||
offset = netlogon_dissect_TYPE_30(tvb, offset,
|
||||
offset = netlogon_dissect_QUOTA_LIMITS(tvb, offset,
|
||||
pinfo, tree, drep);
|
||||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
|
@ -3728,13 +3705,13 @@ netlogon_dissect_TYPE_20(tvbuff_t *tvb, int offset,
|
|||
break;
|
||||
case 12:
|
||||
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
||||
netlogon_dissect_NETLOGON_SAM_ALIAS_MEM_INFO, NDR_POINTER_PTR,
|
||||
"NETLOGON_SAM_ALIAS_MEM_INFO pointer:", -1, 0);
|
||||
netlogon_dissect_DELTA_ALIAS_MEMBER, NDR_POINTER_UNIQUE,
|
||||
"DELTA_ALIAS_MEMBER:", -1, 0);
|
||||
break;
|
||||
case 13:
|
||||
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
||||
netlogon_dissect_TYPE_29, NDR_POINTER_PTR,
|
||||
"TYPE_29 pointer:", -1, 0);
|
||||
netlogon_dissect_DELTA_POLICY, NDR_POINTER_UNIQUE,
|
||||
"DELTA_POLICY:", -1, 0);
|
||||
break;
|
||||
case 14:
|
||||
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
||||
|
@ -3987,6 +3964,7 @@ netlogon_dissect_netsamdeltas_rqst(tvbuff_t *tvb, int offset,
|
|||
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
||||
hf_netlogon_max_size, NULL);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
@ -5581,10 +5559,6 @@ static hf_register_info hf[] = {
|
|||
"Challenge", "netlogon.challenge", FT_BYTES, BASE_HEX,
|
||||
NULL, 0x0, "Netlogon challenge", HFILL }},
|
||||
|
||||
{ &hf_netlogon_cypher_block, {
|
||||
"Cypher Block", "netlogon.cypher_block", FT_BYTES, BASE_HEX,
|
||||
NULL, 0x0, "Netlogon cypher block", HFILL }},
|
||||
|
||||
{ &hf_netlogon_lm_owf_password, {
|
||||
"LM Pwd", "netlogon.lm_owf_pwd", FT_BYTES, BASE_HEX,
|
||||
NULL, 0x0, "LanManager OWF Password", HFILL }},
|
||||
|
@ -5670,6 +5644,18 @@ static hf_register_info hf[] = {
|
|||
{ "Sensitive Data", "netlogon.sensitive_data_flag", FT_UINT8, BASE_DEC,
|
||||
NULL, 0x0, "Sensitive data flag", HFILL }},
|
||||
|
||||
{ &hf_netlogon_auditing_mode,
|
||||
{ "Auditing Mode", "netlogon.auditing_mode", FT_UINT8, BASE_DEC,
|
||||
NULL, 0x0, "Auditing Mode", HFILL }},
|
||||
|
||||
{ &hf_netlogon_max_audit_event_count,
|
||||
{ "Max Audit Event Count", "netlogon.max_audit_event_count", FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0, "Max audit event count", HFILL }},
|
||||
|
||||
{ &hf_netlogon_event_audit_option,
|
||||
{ "Event Audit Option", "netlogon.event_audit_option", FT_UINT32, BASE_HEX,
|
||||
NULL, 0x0, "Event audit option", HFILL }},
|
||||
|
||||
{ &hf_netlogon_sensitive_data_len,
|
||||
{ "Length", "netlogon.sensitive_data_len", FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0, "Length of sensitive data", HFILL }},
|
||||
|
@ -5954,6 +5940,10 @@ static hf_register_info hf[] = {
|
|||
{ "Max Size", "netlogon.max_size", FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0, "Max Size of database", HFILL }},
|
||||
|
||||
{ &hf_netlogon_max_log_size,
|
||||
{ "Max Log Size", "netlogon.max_log_size", FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0, "Max Size of log", HFILL }},
|
||||
|
||||
{ &hf_netlogon_pac_size,
|
||||
{ "Pac Size", "netlogon.pac.size", FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0, "Size of PacData in bytes", HFILL }},
|
||||
|
@ -5970,6 +5960,26 @@ static hf_register_info hf[] = {
|
|||
{ "Logon Attempts", "netlogon.logon_attempts", FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0, "Number of logon attempts", HFILL }},
|
||||
|
||||
{ &hf_netlogon_pagefilelimit,
|
||||
{ "Page File Limit", "netlogon.page_file_limit", FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0, "", HFILL }},
|
||||
|
||||
{ &hf_netlogon_pagedpoollimit,
|
||||
{ "Paged Pool Limit", "netlogon.paged_pool_limit", FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0, "", HFILL }},
|
||||
|
||||
{ &hf_netlogon_nonpagedpoollimit,
|
||||
{ "Non-Paged Pool Limit", "netlogon.nonpaged_pool_limit", FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0, "", HFILL }},
|
||||
|
||||
{ &hf_netlogon_minworkingsetsize,
|
||||
{ "Min Working Set Size", "netlogon.min_working_set_size", FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0, "", HFILL }},
|
||||
|
||||
{ &hf_netlogon_maxworkingsetsize,
|
||||
{ "Max Working Set Size", "netlogon.max_working_set_size", FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0, "", HFILL }},
|
||||
|
||||
{ &hf_netlogon_logon_time,
|
||||
{ "Logon Time", "netlogon.logon_time", FT_ABSOLUTE_TIME, BASE_NONE,
|
||||
NULL, 0, "Time for last time this user logged on", HFILL }},
|
||||
|
@ -6000,19 +6010,31 @@ static hf_register_info hf[] = {
|
|||
|
||||
{ &hf_netlogon_domain_modify_time,
|
||||
{ "Domain Modify Time", "netlogon.domain_modify_time", FT_ABSOLUTE_TIME, BASE_NONE,
|
||||
NULL, 0, "Time when this domain was last modified", HFILL }}
|
||||
NULL, 0, "Time when this domain was last modified", HFILL }},
|
||||
|
||||
{ &hf_netlogon_db_modify_time,
|
||||
{ "DB Modify Time", "netlogon.db_modify_time", FT_ABSOLUTE_TIME, BASE_NONE,
|
||||
NULL, 0, "Time when last modified", HFILL }},
|
||||
|
||||
{ &hf_netlogon_db_create_time,
|
||||
{ "DB Create Time", "netlogon.db_create_time", FT_ABSOLUTE_TIME, BASE_NONE,
|
||||
NULL, 0, "Time when created", HFILL }},
|
||||
|
||||
{ &hf_netlogon_audit_retention_period,
|
||||
{ "Audit Retention Period", "netlogon.audit_retention_period", FT_RELATIVE_TIME, BASE_NONE,
|
||||
NULL, 0, "Audit retention period", HFILL }},
|
||||
|
||||
{ &hf_netlogon_timelimit,
|
||||
{ "Time Limit", "netlogon.time_limit", FT_RELATIVE_TIME, BASE_NONE,
|
||||
NULL, 0, "", HFILL }}
|
||||
|
||||
};
|
||||
|
||||
static gint *ett[] = {
|
||||
&ett_dcerpc_netlogon,
|
||||
&ett_NETLOGON_SECURITY_DESCRIPTOR,
|
||||
&ett_CYPHER_BLOCK,
|
||||
&ett_TYPE_16,
|
||||
&ett_QUOTA_LIMITS,
|
||||
&ett_IDENTITY_INFO,
|
||||
&ett_NETLOGON_SAM_ALIAS_MEM_INFO,
|
||||
&ett_TYPE_30,
|
||||
&ett_TYPE_29,
|
||||
&ett_TYPE_31,
|
||||
&ett_TYPE_32,
|
||||
&ett_TYPE_33,
|
||||
|
|
Loading…
Reference in New Issue