2001-11-21 02:08:57 +00:00
|
|
|
/* packet-dcerpc-lsa.c
|
2001-12-16 20:17:10 +00:00
|
|
|
* Routines for SMB \PIPE\lsarpc packet disassembly
|
2003-01-28 06:39:41 +00:00
|
|
|
* Copyright 2001,2003 Tim Potter <tpot@samba.org>
|
2002-04-17 09:51:11 +00:00
|
|
|
* 2002 Added LSA command dissectors Ronnie Sahlberg
|
2001-11-12 08:58:45 +00:00
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2001-11-12 08:58:45 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2001-11-12 08:58:45 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-11-12 08:58:45 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-11-12 08:58:45 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-11-12 08:58:45 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <glib.h>
|
2001-12-16 20:17:10 +00:00
|
|
|
#include <string.h>
|
|
|
|
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2005-08-19 15:35:42 +00:00
|
|
|
#include <epan/emem.h>
|
|
|
|
|
2001-11-12 08:58:45 +00:00
|
|
|
#include "packet-dcerpc.h"
|
2001-12-16 20:17:10 +00:00
|
|
|
#include "packet-dcerpc-nt.h"
|
2001-11-21 02:08:57 +00:00
|
|
|
#include "packet-dcerpc-lsa.h"
|
2004-08-03 02:28:49 +00:00
|
|
|
#include "packet-windows-common.h"
|
2001-11-12 08:58:45 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int proto_dcerpc_lsa = -1;
|
|
|
|
|
2002-06-24 00:03:18 +00:00
|
|
|
static int hf_lsa_opnum = -1;
|
2002-04-17 09:24:09 +00:00
|
|
|
static int hf_lsa_rc = -1;
|
|
|
|
static int hf_lsa_hnd = -1;
|
2003-05-22 11:03:15 +00:00
|
|
|
static int hf_lsa_policy_information = -1;
|
2002-04-17 09:24:09 +00:00
|
|
|
static int hf_lsa_server = -1;
|
2002-04-28 10:09:25 +00:00
|
|
|
static int hf_lsa_controller = -1;
|
2002-04-17 09:24:09 +00:00
|
|
|
static int hf_lsa_obj_attr = -1;
|
|
|
|
static int hf_lsa_obj_attr_len = -1;
|
|
|
|
static int hf_lsa_obj_attr_name = -1;
|
|
|
|
static int hf_lsa_access_mask = -1;
|
|
|
|
static int hf_lsa_info_level = -1;
|
2002-04-28 10:09:25 +00:00
|
|
|
static int hf_lsa_trusted_info_level = -1;
|
2002-04-17 09:24:09 +00:00
|
|
|
static int hf_lsa_sd_size = -1;
|
|
|
|
static int hf_lsa_qos_len = -1;
|
|
|
|
static int hf_lsa_qos_impersonation_level = -1;
|
|
|
|
static int hf_lsa_qos_track_context = -1;
|
|
|
|
static int hf_lsa_qos_effective_only = -1;
|
|
|
|
static int hf_lsa_pali_percent_full = -1;
|
|
|
|
static int hf_lsa_pali_log_size = -1;
|
|
|
|
static int hf_lsa_pali_retention_period = -1;
|
|
|
|
static int hf_lsa_pali_time_to_shutdown = -1;
|
|
|
|
static int hf_lsa_pali_shutdown_in_progress = -1;
|
|
|
|
static int hf_lsa_pali_next_audit_record = -1;
|
|
|
|
static int hf_lsa_paei_enabled = -1;
|
|
|
|
static int hf_lsa_paei_settings = -1;
|
|
|
|
static int hf_lsa_count = -1;
|
2002-04-17 10:29:09 +00:00
|
|
|
static int hf_lsa_size = -1;
|
2002-05-02 06:13:07 +00:00
|
|
|
static int hf_lsa_size16 = -1;
|
2003-09-03 09:48:50 +00:00
|
|
|
static int hf_lsa_privilege_display_name_size = -1;
|
2002-04-17 09:24:09 +00:00
|
|
|
static int hf_lsa_max_count = -1;
|
|
|
|
static int hf_lsa_index = -1;
|
2003-05-22 11:03:15 +00:00
|
|
|
static int hf_lsa_fqdomain = -1;
|
2002-04-17 09:24:09 +00:00
|
|
|
static int hf_lsa_domain = -1;
|
|
|
|
static int hf_lsa_acct = -1;
|
|
|
|
static int hf_lsa_server_role = -1;
|
|
|
|
static int hf_lsa_source = -1;
|
|
|
|
static int hf_lsa_quota_paged_pool = -1;
|
|
|
|
static int hf_lsa_quota_non_paged_pool = -1;
|
|
|
|
static int hf_lsa_quota_min_wss = -1;
|
|
|
|
static int hf_lsa_quota_max_wss = -1;
|
|
|
|
static int hf_lsa_quota_pagefile = -1;
|
|
|
|
static int hf_lsa_mod_seq_no = -1;
|
|
|
|
static int hf_lsa_mod_mtime = -1;
|
2002-04-28 10:24:40 +00:00
|
|
|
static int hf_lsa_cur_mtime = -1;
|
|
|
|
static int hf_lsa_old_mtime = -1;
|
2002-04-17 09:24:09 +00:00
|
|
|
static int hf_lsa_name = -1;
|
2002-05-02 06:21:52 +00:00
|
|
|
static int hf_lsa_key = -1;
|
2002-04-28 10:09:25 +00:00
|
|
|
static int hf_lsa_flat_name = -1;
|
2002-04-17 09:24:09 +00:00
|
|
|
static int hf_lsa_forest = -1;
|
|
|
|
static int hf_lsa_info_type = -1;
|
|
|
|
static int hf_lsa_old_pwd = -1;
|
|
|
|
static int hf_lsa_new_pwd = -1;
|
|
|
|
static int hf_lsa_sid_type = -1;
|
|
|
|
static int hf_lsa_rid = -1;
|
2002-04-28 10:09:25 +00:00
|
|
|
static int hf_lsa_rid_offset = -1;
|
2002-04-17 09:24:09 +00:00
|
|
|
static int hf_lsa_num_mapped = -1;
|
|
|
|
static int hf_lsa_policy_information_class = -1;
|
|
|
|
static int hf_lsa_secret = -1;
|
2002-04-17 10:29:09 +00:00
|
|
|
static int hf_nt_luid_high = -1;
|
|
|
|
static int hf_nt_luid_low = -1;
|
|
|
|
static int hf_lsa_privilege_name = -1;
|
2003-09-03 09:48:50 +00:00
|
|
|
static int hf_lsa_privilege_display_name = -1;
|
2002-04-17 11:01:38 +00:00
|
|
|
static int hf_lsa_attr = -1;
|
2002-04-18 10:40:30 +00:00
|
|
|
static int hf_lsa_resume_handle = -1;
|
2002-04-28 10:09:25 +00:00
|
|
|
static int hf_lsa_trust_direction = -1;
|
|
|
|
static int hf_lsa_trust_type = -1;
|
|
|
|
static int hf_lsa_trust_attr = -1;
|
|
|
|
static int hf_lsa_trust_attr_non_trans = -1;
|
|
|
|
static int hf_lsa_trust_attr_uplevel_only = -1;
|
|
|
|
static int hf_lsa_trust_attr_tree_parent = -1;
|
|
|
|
static int hf_lsa_trust_attr_tree_root = -1;
|
|
|
|
static int hf_lsa_auth_update = -1;
|
|
|
|
static int hf_lsa_auth_type = -1;
|
|
|
|
static int hf_lsa_auth_len = -1;
|
|
|
|
static int hf_lsa_auth_blob = -1;
|
2002-04-28 10:33:30 +00:00
|
|
|
static int hf_lsa_rights = -1;
|
2002-04-29 06:23:03 +00:00
|
|
|
static int hf_lsa_remove_all = -1;
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
static int hf_lsa_unknown_hyper = -1;
|
|
|
|
static int hf_lsa_unknown_long = -1;
|
|
|
|
static int hf_lsa_unknown_short = -1;
|
|
|
|
static int hf_lsa_unknown_char = -1;
|
|
|
|
static int hf_lsa_unknown_string = -1;
|
2002-04-29 08:20:18 +00:00
|
|
|
#ifdef LSA_UNUSED_HANDLES
|
2002-04-17 09:24:09 +00:00
|
|
|
static int hf_lsa_unknown_time = -1;
|
2002-04-29 08:20:18 +00:00
|
|
|
#endif
|
2001-11-12 08:58:45 +00:00
|
|
|
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static gint ett_dcerpc_lsa = -1;
|
|
|
|
static gint ett_lsa_OBJECT_ATTRIBUTES = -1;
|
|
|
|
static gint ett_LSA_SECURITY_DESCRIPTOR = -1;
|
|
|
|
static gint ett_lsa_policy_info = -1;
|
|
|
|
static gint ett_lsa_policy_audit_log_info = -1;
|
|
|
|
static gint ett_lsa_policy_audit_events_info = -1;
|
|
|
|
static gint ett_lsa_policy_primary_domain_info = -1;
|
|
|
|
static gint ett_lsa_policy_primary_account_info = -1;
|
|
|
|
static gint ett_lsa_policy_server_role_info = -1;
|
|
|
|
static gint ett_lsa_policy_replica_source_info = -1;
|
|
|
|
static gint ett_lsa_policy_default_quota_info = -1;
|
|
|
|
static gint ett_lsa_policy_modification_info = -1;
|
|
|
|
static gint ett_lsa_policy_audit_full_set_info = -1;
|
|
|
|
static gint ett_lsa_policy_audit_full_query_info = -1;
|
|
|
|
static gint ett_lsa_policy_dns_domain_info = -1;
|
|
|
|
static gint ett_lsa_translated_names = -1;
|
|
|
|
static gint ett_lsa_translated_name = -1;
|
|
|
|
static gint ett_lsa_referenced_domain_list = -1;
|
|
|
|
static gint ett_lsa_trust_information = -1;
|
2002-04-28 10:09:25 +00:00
|
|
|
static gint ett_lsa_trust_information_ex = -1;
|
2002-04-17 10:29:09 +00:00
|
|
|
static gint ett_LUID = -1;
|
|
|
|
static gint ett_LSA_PRIVILEGES = -1;
|
|
|
|
static gint ett_LSA_PRIVILEGE = -1;
|
2002-04-17 11:01:38 +00:00
|
|
|
static gint ett_LSA_LUID_AND_ATTRIBUTES_ARRAY = -1;
|
|
|
|
static gint ett_LSA_LUID_AND_ATTRIBUTES = -1;
|
2002-04-18 10:40:30 +00:00
|
|
|
static gint ett_LSA_TRUSTED_DOMAIN_LIST = -1;
|
|
|
|
static gint ett_LSA_TRUSTED_DOMAIN = -1;
|
2002-04-27 03:54:17 +00:00
|
|
|
static gint ett_LSA_TRANSLATED_SIDS = -1;
|
2002-04-28 10:09:25 +00:00
|
|
|
static gint ett_lsa_trusted_domain_info = -1;
|
|
|
|
static gint ett_lsa_trust_attr = -1;
|
|
|
|
static gint ett_lsa_trusted_domain_auth_information = -1;
|
|
|
|
static gint ett_lsa_auth_information = -1;
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
|
2002-04-28 10:24:40 +00:00
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-04-28 10:24:40 +00:00
|
|
|
{
|
|
|
|
dcerpc_info *di;
|
|
|
|
|
|
|
|
di=pinfo->private_data;
|
|
|
|
if(di->conformant_run){
|
|
|
|
/*just a run to handle conformant arrays, nothing to dissect */
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
|
|
|
|
di->hf_index);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
dcerpc_info *di;
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
di=pinfo->private_data;
|
|
|
|
if(di->conformant_run){
|
|
|
|
/*just a run to handle conformant arrays, nothing to dissect */
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
di->hf_index, 0);
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-05-02 08:18:53 +00:00
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-05-02 08:18:53 +00:00
|
|
|
{
|
|
|
|
dcerpc_info *di;
|
|
|
|
|
|
|
|
di=pinfo->private_data;
|
|
|
|
if(di->conformant_run){
|
|
|
|
/*just a run to handle conformant arrays, nothing to dissect */
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"DOMAIN pointer: ", di->hf_index);
|
2002-05-02 08:18:53 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 15:11:30 +00:00
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-04-17 15:11:30 +00:00
|
|
|
{
|
|
|
|
dcerpc_info *di;
|
|
|
|
|
|
|
|
di=pinfo->private_data;
|
|
|
|
if(di->conformant_run){
|
|
|
|
/*just a run to handle conformant arrays, nothing to dissect */
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-02-08 09:41:44 +00:00
|
|
|
di->hf_index, 0);
|
2002-04-17 15:11:30 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
|
2003-05-30 11:30:09 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
guint32 len;
|
|
|
|
dcerpc_info *di;
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
di=pinfo->private_data;
|
|
|
|
if(di->conformant_run){
|
|
|
|
/*just a run to handle conformant arrays, nothing to dissect */
|
|
|
|
return offset;
|
2001-12-16 20:17:10 +00:00
|
|
|
}
|
|
|
|
|
2003-05-30 11:30:09 +00:00
|
|
|
/* this is probably a varying and conformant array */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_sd_size, &len);
|
|
|
|
offset+=4;
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_sd_size, &len);
|
|
|
|
proto_tree_add_item(tree, hf_lsa_secret, tvb, offset, len, FALSE);
|
|
|
|
offset += len;
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2003-05-30 11:30:09 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
int
|
|
|
|
lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *parent_tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"LSA_SECRET:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* XXX need to figure this one out */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_sd_size, NULL);
|
2003-05-30 11:30:09 +00:00
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_sd_size, NULL);
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
|
|
|
|
"LSA_SECRET data: pointer", -1);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-05-02 06:21:52 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_SECRET_pointer(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-05-02 06:21:52 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECRET pointer: data", -1);
|
2002-05-02 06:21:52 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2003-02-07 06:04:28 +00:00
|
|
|
/* Dissect LSA specific access rights */
|
|
|
|
|
|
|
|
static gint hf_view_local_info = -1;
|
|
|
|
static gint hf_view_audit_info = -1;
|
|
|
|
static gint hf_get_private_info = -1;
|
|
|
|
static gint hf_trust_admin = -1;
|
|
|
|
static gint hf_create_account = -1;
|
|
|
|
static gint hf_create_secret = -1;
|
|
|
|
static gint hf_create_priv = -1;
|
|
|
|
static gint hf_set_default_quota_limits = -1;
|
|
|
|
static gint hf_set_audit_requirements = -1;
|
2004-06-05 02:40:23 +00:00
|
|
|
static gint hf_audit_log_admin = -1;
|
2003-02-07 06:04:28 +00:00
|
|
|
static gint hf_server_admin = -1;
|
|
|
|
static gint hf_lookup_names = -1;
|
|
|
|
|
|
|
|
static void
|
|
|
|
lsa_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree,
|
|
|
|
guint32 access)
|
|
|
|
{
|
|
|
|
proto_tree_add_boolean(
|
|
|
|
tree, hf_lookup_names, tvb, offset, 4, access);
|
|
|
|
|
|
|
|
proto_tree_add_boolean(
|
|
|
|
tree, hf_server_admin, tvb, offset, 4, access);
|
|
|
|
|
2004-06-05 02:40:23 +00:00
|
|
|
proto_tree_add_boolean(
|
|
|
|
tree, hf_audit_log_admin, tvb, offset, 4, access);
|
|
|
|
|
2003-02-07 06:04:28 +00:00
|
|
|
proto_tree_add_boolean(
|
|
|
|
tree, hf_set_audit_requirements, tvb, offset, 4, access);
|
|
|
|
|
|
|
|
proto_tree_add_boolean(
|
|
|
|
tree, hf_set_default_quota_limits, tvb, offset, 4, access);
|
|
|
|
|
|
|
|
proto_tree_add_boolean(
|
|
|
|
tree, hf_create_priv, tvb, offset, 4, access);
|
|
|
|
|
|
|
|
proto_tree_add_boolean(
|
|
|
|
tree, hf_create_secret, tvb, offset, 4, access);
|
|
|
|
|
|
|
|
proto_tree_add_boolean(
|
|
|
|
tree, hf_create_account, tvb, offset, 4, access);
|
|
|
|
|
|
|
|
proto_tree_add_boolean(
|
|
|
|
tree, hf_trust_admin, tvb, offset, 4, access);
|
|
|
|
|
|
|
|
proto_tree_add_boolean(
|
|
|
|
tree, hf_get_private_info, tvb, offset, 4, access);
|
|
|
|
|
|
|
|
proto_tree_add_boolean(
|
|
|
|
tree, hf_view_audit_info, tvb, offset, 4, access);
|
|
|
|
|
|
|
|
proto_tree_add_boolean(
|
|
|
|
tree, hf_view_local_info, tvb, offset, 4, access);
|
|
|
|
}
|
|
|
|
|
2003-04-28 04:44:54 +00:00
|
|
|
struct access_mask_info lsa_access_mask_info = {
|
|
|
|
"LSA", /* Name of specific rights */
|
2003-05-15 02:14:00 +00:00
|
|
|
lsa_specific_rights, /* Dissection function */
|
|
|
|
NULL, /* Generic mapping table */
|
|
|
|
NULL /* Standard mapping table */
|
2003-04-28 04:44:54 +00:00
|
|
|
};
|
|
|
|
|
2002-06-18 13:18:30 +00:00
|
|
|
int
|
2005-01-30 12:38:38 +00:00
|
|
|
lsa_dissect_sec_desc_buf_data(tvbuff_t *tvb, int offset,
|
2002-04-22 01:07:19 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-04-22 01:07:19 +00:00
|
|
|
{
|
|
|
|
guint32 len;
|
|
|
|
dcerpc_info *di;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2002-04-22 01:07:19 +00:00
|
|
|
di=pinfo->private_data;
|
|
|
|
if(di->conformant_run){
|
|
|
|
/*just a run to handle conformant arrays, nothing to dissect */
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_sd_size, &len);
|
|
|
|
|
2003-02-07 06:04:28 +00:00
|
|
|
dissect_nt_sec_desc(
|
Don't ensure all the bytes of a security descriptor exist before calling
"dissect_nt_sec_desc()". Add a Boolean argument to
"dissect_nt_sec_desc()" to indicate whether a length was passed to it
(so we don't treat -1 as a special value; we want to stop treating -1 as
a special length value, and, in fact, want to stop treating *any*
negative length values specially, so that we don't have to worry about
passing arbitrary 32-bit values from packets as lengths), and have
"dissect_nt_sec_desc()" initially create the protocol tree item for the
security descriptor with a length of "go to the end of the tvbuff", and
set the length once we're done dissecting it - and, if the length was
specified, check at *that* point, *after* we've dissected the security
descriptor, whether we have the entire security descriptor in the
tvbuff.
That means that we don't have to worry about overflows after
"dissect_nt_sec_desc()" returns - if the length was so large that we
would have gotten an overflow, we'd have thrown an exception in the
"tvb_ensure_bytes_exist()" call at the end of "dissect_nt_sec_desc()".
Do sanity checks on offsets within the security descriptor, so we know
the item referred to by the offset is after the fixed-length portion of
the descriptor.
svn path=/trunk/; revision=16113
2005-10-04 10:23:40 +00:00
|
|
|
tvb, offset, pinfo, tree, drep, TRUE, len,
|
|
|
|
&lsa_access_mask_info);
|
2003-02-07 06:04:28 +00:00
|
|
|
|
2002-04-22 01:07:19 +00:00
|
|
|
offset += len;
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
2005-01-30 13:00:35 +00:00
|
|
|
|
|
|
|
/* call a sec_desc_buf through a pointer.
|
|
|
|
this is just temporary function until all
|
|
|
|
interfaces are autogenerated */
|
|
|
|
static int
|
|
|
|
pointer_lsa_dissect_sec_desc_buf(tvbuff_t *tvb, int offset,
|
2002-04-17 09:24:09 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2005-01-30 13:00:35 +00:00
|
|
|
{
|
|
|
|
offset=lsa_dissect_sec_desc_buf(tvb, offset,
|
|
|
|
pinfo, parent_tree,
|
|
|
|
drep, 0, 0);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* dummy1,2 to make signature compatible with autogenerated dissector */
|
|
|
|
int
|
|
|
|
lsa_dissect_sec_desc_buf(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *parent_tree,
|
|
|
|
guint8 *drep, int dummy1 _U_, guint32 dummy2 _U_)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"LSA_SECURITY_DESCRIPTOR:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-22 01:07:19 +00:00
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_sd_size, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2005-01-30 12:38:38 +00:00
|
|
|
lsa_dissect_sec_desc_buf_data, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA SECURITY DESCRIPTOR data:", -1);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LPSTR(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2002-04-17 15:11:30 +00:00
|
|
|
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_char, NULL);
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-22 07:45:38 +00:00
|
|
|
static const value_string lsa_impersonation_level_vals[] = {
|
2002-04-17 09:24:09 +00:00
|
|
|
{0, "Anonymous"},
|
|
|
|
{1, "Identification"},
|
|
|
|
{2, "Impersonation"},
|
|
|
|
{3, "Delegation"},
|
|
|
|
{0, NULL}
|
|
|
|
};
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
/* Length */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_qos_len, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* impersonation level */
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_qos_impersonation_level, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* context tracking mode */
|
|
|
|
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_qos_track_context, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* effective only */
|
|
|
|
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_qos_effective_only, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2002-08-21 21:31:15 +00:00
|
|
|
offset = dissect_nt_access_mask(
|
2002-08-28 21:04:11 +00:00
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_access_mask,
|
2004-03-30 07:39:05 +00:00
|
|
|
&lsa_access_mask_info, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_OBJECT_ATTRIBUTES(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
int old_offset=offset;
|
|
|
|
proto_item *item = NULL;
|
|
|
|
proto_tree *tree = NULL;
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Object Attributes");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_OBJECT_ATTRIBUTES);
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* Length */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_obj_attr_len, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* LPSTR */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSPTR pointer: ", -1);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
/* attribute name */
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2002-04-17 15:11:30 +00:00
|
|
|
lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"NAME pointer: ", hf_lsa_obj_attr_name);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* Attr */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_obj_attr, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 15:11:30 +00:00
|
|
|
/* security descriptor */
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2005-01-30 13:00:35 +00:00
|
|
|
pointer_lsa_dissect_sec_desc_buf, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECURITY_DESCRIPTOR pointer: ", -1);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
/* security quality of service */
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarclose_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, TRUE);
|
2003-05-23 05:20:58 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarclose_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2003-04-27 04:33:10 +00:00
|
|
|
|
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-18 02:35:45 +00:00
|
|
|
/* A bug in the NT IDL for lsa openpolicy only stores the first (wide)
|
|
|
|
character of the server name which is always '\'. This is fixed in lsa
|
|
|
|
openpolicy2 but the function remains for backwards compatibility. */
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *tree, guint8 *drep)
|
2002-04-18 02:35:45 +00:00
|
|
|
{
|
2002-08-28 21:04:11 +00:00
|
|
|
return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
2002-04-18 02:35:45 +00:00
|
|
|
hf_lsa_server, NULL);
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaropenpolicy_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2002-04-18 02:35:45 +00:00
|
|
|
dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
|
2003-05-23 05:20:58 +00:00
|
|
|
"Server", hf_lsa_server);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"OBJECT_ATTRIBUTES", -1);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = lsa_dissect_ACCESS_MASK(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
2003-05-23 05:20:58 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaropenpolicy_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
e_ctx_hnd policy_hnd;
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
proto_item *hnd_item;
|
|
|
|
guint32 status;
|
2003-05-23 05:20:58 +00:00
|
|
|
|
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
|
2003-04-27 04:33:10 +00:00
|
|
|
|
|
|
|
offset = dissect_ntstatus(
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, &status);
|
|
|
|
|
|
|
|
if (status == 0) {
|
2007-08-28 11:45:08 +00:00
|
|
|
dcerpc_store_polhnd_name(&policy_hnd, pinfo,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
"OpenPolicy handle");
|
|
|
|
|
|
|
|
if (hnd_item != NULL)
|
|
|
|
proto_item_append_text(hnd_item, ": OpenPolicy handle");
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 15:11:30 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaropenpolicy2_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 15:11:30 +00:00
|
|
|
{
|
2003-02-04 05:22:41 +00:00
|
|
|
offset = dissect_ndr_pointer_cb(tvb, offset, pinfo, tree, drep,
|
2003-02-07 22:44:54 +00:00
|
|
|
dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Server",
|
2003-04-27 00:49:14 +00:00
|
|
|
hf_lsa_server, cb_wstr_postprocess,
|
2003-02-04 05:22:41 +00:00
|
|
|
GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
|
2002-04-17 15:11:30 +00:00
|
|
|
|
2006-09-13 08:30:16 +00:00
|
|
|
/* OpenPolicy2() stores the servername string in se_data */
|
|
|
|
if(!pinfo->fd->flags.visited){
|
|
|
|
dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
|
|
|
|
dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
|
|
|
|
|
|
|
|
/* did we get a string for the server name above? */
|
|
|
|
if(dcv->private_data && !dcv->se_data){
|
|
|
|
dcv->se_data=se_strdup(dcv->private_data);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-04-17 15:11:30 +00:00
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"OBJECT_ATTRIBUTES", -1);
|
2002-04-17 15:11:30 +00:00
|
|
|
|
|
|
|
offset = lsa_dissect_ACCESS_MASK(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
2003-05-23 05:20:58 +00:00
|
|
|
|
2002-04-17 15:11:30 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaropenpolicy2_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 15:11:30 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
|
|
|
|
dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
|
|
|
|
e_ctx_hnd policy_hnd;
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
proto_item *hnd_item;
|
|
|
|
guint32 status;
|
2003-05-23 05:20:58 +00:00
|
|
|
char *pol_name;
|
|
|
|
|
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
|
2003-05-23 05:20:58 +00:00
|
|
|
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, &status);
|
2003-05-23 05:20:58 +00:00
|
|
|
|
2006-09-13 08:30:16 +00:00
|
|
|
if( status == 0 ){
|
|
|
|
if (dcv->se_data){
|
2005-08-19 15:35:42 +00:00
|
|
|
pol_name = ep_strdup_printf(
|
2006-09-13 08:30:16 +00:00
|
|
|
"OpenPolicy2(%s)", (char *)dcv->se_data);
|
|
|
|
} else {
|
|
|
|
pol_name = "Unknown OpenPolicy2() handle";
|
|
|
|
}
|
|
|
|
if(!pinfo->fd->flags.visited){
|
2007-08-28 11:45:08 +00:00
|
|
|
dcerpc_store_polhnd_name(&policy_hnd, pinfo, pol_name);
|
2006-09-13 08:30:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if(hnd_item)
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
proto_item_append_text(hnd_item, ": %s", pol_name);
|
|
|
|
}
|
2002-04-17 15:11:30 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static const value_string policy_information_class_vals[] = {
|
|
|
|
{1, "Audit Log Information"},
|
|
|
|
{2, "Audit Events Information"},
|
|
|
|
{3, "Primary Domain Information"},
|
|
|
|
{4, "Pd Account Information"},
|
|
|
|
{5, "Account Domain Information"},
|
|
|
|
{6, "Server Role Information"},
|
|
|
|
{7, "Replica Source Information"},
|
|
|
|
{8, "Default Quota Information"},
|
|
|
|
{9, "Modification Information"},
|
|
|
|
{10, "Audit Full Set Information"},
|
|
|
|
{11, "Audit Full Query Information"},
|
|
|
|
{12, "DNS Domain Information"},
|
|
|
|
{0, NULL}
|
|
|
|
};
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarqueryinformationpolicy_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2003-01-30 05:38:56 +00:00
|
|
|
guint16 level;
|
|
|
|
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
2003-01-30 05:38:56 +00:00
|
|
|
hf_lsa_policy_information_class, &level);
|
|
|
|
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
col_append_fstr(
|
|
|
|
pinfo->cinfo, COL_INFO, ", %s",
|
|
|
|
val_to_str(level, policy_information_class_vals,
|
|
|
|
"Unknown (%d)"));
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_POLICY_AUDIT_LOG_INFO(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"POLICY_AUDIT_LOG_INFO:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_policy_audit_log_info);
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* percent full */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_pali_percent_full, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* log size */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_pali_log_size, NULL);
|
|
|
|
|
|
|
|
/* retention period */
|
|
|
|
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_pali_retention_period);
|
|
|
|
|
|
|
|
/* shutdown in progress */
|
|
|
|
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_pali_shutdown_in_progress, NULL);
|
|
|
|
|
|
|
|
/* time to shutdown */
|
|
|
|
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_pali_time_to_shutdown);
|
|
|
|
|
|
|
|
/* next audit record */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_pali_next_audit_record, NULL);
|
|
|
|
|
2004-06-28 05:35:06 +00:00
|
|
|
/* unknown */
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
2001-12-16 20:17:10 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_paei_settings, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_POLICY_AUDIT_EVENTS_INFO(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"POLICY_AUDIT_EVENTS_INFO:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_policy_audit_events_info);
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* enabled */
|
|
|
|
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_paei_enabled, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* settings */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Settings", -1);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* count */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"POLICY_PRIMARY_DOMAIN_INFO:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_policy_primary_domain_info);
|
2001-12-16 20:17:10 +00:00
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* domain */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_domain, 0);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* sid */
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
2001-12-16 20:17:10 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"POLICY_ACCOUNT_DOMAIN_INFO:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_policy_primary_account_info);
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* account */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-05-22 11:48:28 +00:00
|
|
|
hf_lsa_domain, 0);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* sid */
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static const value_string server_role_vals[] = {
|
|
|
|
{0, "Standalone"},
|
|
|
|
{1, "Domain Member"},
|
|
|
|
{2, "Backup"},
|
|
|
|
{3, "Primary"},
|
|
|
|
{0, NULL}
|
|
|
|
};
|
|
|
|
static int
|
|
|
|
lsa_dissect_POLICY_SERVER_ROLE_INFO(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"POLICY_SERVER_ROLE_INFO:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_policy_server_role_info);
|
2001-12-16 20:17:10 +00:00
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* server role */
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_server_role, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_POLICY_REPLICA_SOURCE_INFO(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"POLICY_REPLICA_SOURCE_INFO:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_policy_replica_source_info);
|
2001-12-16 20:17:10 +00:00
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* source */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_source, 0);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
/* account */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_acct, 0);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
2001-12-16 20:17:10 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"POLICY_DEFAULT_QUOTA_INFO:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_policy_default_quota_info);
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* paged pool */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_quota_paged_pool, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* non paged pool */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_quota_non_paged_pool, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* min wss */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_quota_min_wss, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* max wss */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_quota_max_wss, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-18 10:40:30 +00:00
|
|
|
/* pagefile */
|
2002-04-17 15:39:27 +00:00
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
2002-04-18 10:40:30 +00:00
|
|
|
hf_lsa_quota_pagefile, NULL);
|
2002-04-17 15:39:27 +00:00
|
|
|
|
2002-04-18 10:40:30 +00:00
|
|
|
/* */
|
2005-01-28 09:29:49 +00:00
|
|
|
offset = dissect_ndr_duint32 (tvb, offset, pinfo, tree, drep,
|
2002-04-17 09:24:09 +00:00
|
|
|
hf_lsa_unknown_hyper, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
2001-12-16 20:17:10 +00:00
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_POLICY_MODIFICATION_INFO(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"POLICY_MODIFICATION_INFO:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_policy_modification_info);
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* seq no */
|
2005-01-28 09:29:49 +00:00
|
|
|
offset = dissect_ndr_duint32 (tvb, offset, pinfo, tree, drep,
|
2002-04-17 09:24:09 +00:00
|
|
|
hf_lsa_mod_seq_no, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* mtime */
|
|
|
|
offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_mod_mtime);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"POLICY_AUDIT_FULL_SET_INFO:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_set_info);
|
2001-12-16 20:17:10 +00:00
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_char, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"POLICY_AUDIT_FULL_QUERY_INFO:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_query_info);
|
2001-12-16 20:17:10 +00:00
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_char, NULL);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_char, NULL);
|
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
2001-12-16 20:17:10 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2005-01-30 12:21:17 +00:00
|
|
|
/*2005JAN dummy1 and dummy2 to make the signature compatible with soon to follow changes to LSA */
|
2002-09-28 09:43:10 +00:00
|
|
|
int
|
2005-01-30 12:21:17 +00:00
|
|
|
lsa_dissect_DnsDomainInfo(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *parent_tree,
|
|
|
|
guint8 *drep, int dummy1 _U_, guint32 dummy2 _U_)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"POLICY_DNS_DOMAIN_INFO:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_policy_dns_domain_info);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* name */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-05-22 11:03:15 +00:00
|
|
|
hf_lsa_domain, 0);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
/* domain */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-05-22 11:03:15 +00:00
|
|
|
hf_lsa_fqdomain, 0);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* forest */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_forest, 0);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
/* GUID */
|
|
|
|
offset = dissect_nt_GUID(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
|
|
|
|
|
|
|
/* SID pointer */
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_POLICY_INFORMATION(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
2001-12-16 20:17:10 +00:00
|
|
|
guint16 level;
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
if(parent_tree){
|
2003-05-22 11:03:15 +00:00
|
|
|
item = proto_tree_add_item(parent_tree, hf_lsa_policy_information, tvb, offset, 0, FALSE);
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_policy_info);
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_info_level, &level);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
|
|
|
|
switch(level){
|
2002-08-28 21:04:11 +00:00
|
|
|
case 1:
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
|
|
|
|
tvb, offset, pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
break;
|
|
|
|
case 2:
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = lsa_dissect_POLICY_AUDIT_EVENTS_INFO(
|
|
|
|
tvb, offset, pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
break;
|
|
|
|
case 3:
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(
|
|
|
|
tvb, offset, pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
break;
|
|
|
|
case 4:
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo,
|
2003-01-30 08:19:39 +00:00
|
|
|
tree, drep, hf_lsa_acct, 0);
|
2001-12-16 20:17:10 +00:00
|
|
|
break;
|
|
|
|
case 5:
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(
|
|
|
|
tvb, offset, pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
break;
|
|
|
|
case 6:
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = lsa_dissect_POLICY_SERVER_ROLE_INFO(
|
|
|
|
tvb, offset, pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
break;
|
|
|
|
case 7:
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = lsa_dissect_POLICY_REPLICA_SOURCE_INFO(
|
|
|
|
tvb, offset, pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
break;
|
|
|
|
case 8:
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(
|
|
|
|
tvb, offset, pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
break;
|
|
|
|
case 9:
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = lsa_dissect_POLICY_MODIFICATION_INFO(
|
|
|
|
tvb, offset, pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
break;
|
|
|
|
case 10:
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(
|
|
|
|
tvb, offset, pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
break;
|
|
|
|
case 11:
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(
|
|
|
|
tvb, offset, pinfo, tree, drep);
|
|
|
|
break;
|
|
|
|
case 12:
|
2005-01-30 12:21:17 +00:00
|
|
|
offset = lsa_dissect_DnsDomainInfo(
|
|
|
|
tvb, offset, pinfo, tree, drep, 0, 0);
|
2001-12-16 20:17:10 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
2001-12-16 20:17:10 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarqueryinformationpolicy_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
/* This is really a pointer to a pointer though the first level is REF
|
|
|
|
so we just ignore that one */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"POLICY_INFORMATION pointer: info", -1);
|
2003-04-27 04:33:10 +00:00
|
|
|
|
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsardelete_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsardelete_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarquerysecurityobject_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_info_type, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarquerysecurityobject_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2005-01-30 13:00:35 +00:00
|
|
|
pointer_lsa_dissect_sec_desc_buf, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECURITY_DESCRIPTOR pointer: sec_info", -1);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetsecurityobject_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_info_type, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2005-01-30 13:00:35 +00:00
|
|
|
pointer_lsa_dissect_sec_desc_buf, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECURITY_DESCRIPTOR: sec_info", -1);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetsecurityobject_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarchangepassword_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
/* server */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_server, 0);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* domain */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_domain, 0);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* account */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_acct, 0);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* old password */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_old_pwd, 0);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* new password */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_new_pwd, 0);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarchangepassword_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static const value_string sid_type_vals[] = {
|
|
|
|
{1, "User"},
|
|
|
|
{2, "Group"},
|
|
|
|
{3, "Domain"},
|
|
|
|
{4, "Alias"},
|
|
|
|
{5, "Well Known Group"},
|
|
|
|
{6, "Deleted Account"},
|
|
|
|
{7, "Invalid"},
|
|
|
|
{8, "Unknown"},
|
|
|
|
{9, "Computer"},
|
|
|
|
{0, NULL}
|
|
|
|
};
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAME(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"LSA_TRANSLATED_NAME:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_translated_name);
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* sid type */
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_sid_type, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* name */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-02-08 09:41:44 +00:00
|
|
|
hf_lsa_name, 0);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* index */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_index, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAME_array(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAME);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAMES(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"LSA_TRANSLATED_NAMES:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_translated_names);
|
2001-12-16 20:17:10 +00:00
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* count */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
/* settings */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAME_array, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRANSLATED_NAME_ARRAY", -1);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
2001-12-16 20:17:10 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarlookupsids_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"PSID_ARRAY", -1);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_TRANSLATED_NAMES pointer: names", -1);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_info_level, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_num_mapped, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRUST_INFORMATION(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"TRUST INFORMATION:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_trust_information);
|
2001-12-16 20:17:10 +00:00
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* name */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-02-08 09:41:44 +00:00
|
|
|
hf_lsa_name, 0);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
/* sid */
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
2001-12-16 20:17:10 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-28 10:09:25 +00:00
|
|
|
static const value_string trusted_direction_vals[] = {
|
|
|
|
{0, "Trust disabled"},
|
|
|
|
{1, "Inbound trust"},
|
|
|
|
{2, "Outbound trust"},
|
|
|
|
{0, NULL}
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string trusted_type_vals[] = {
|
|
|
|
{1, "Downlevel"},
|
|
|
|
{2, "Uplevel"},
|
|
|
|
{3, "MIT"},
|
|
|
|
{4, "DCE"},
|
|
|
|
{0, NULL}
|
|
|
|
};
|
|
|
|
|
|
|
|
static const true_false_string tfs_trust_attr_non_trans = {
|
|
|
|
"NON TRANSITIVE is set",
|
|
|
|
"Non transitive is NOT set"
|
|
|
|
};
|
|
|
|
static const true_false_string tfs_trust_attr_uplevel_only = {
|
|
|
|
"UPLEVEL ONLY is set",
|
|
|
|
"Uplevel only is NOT set"
|
|
|
|
};
|
|
|
|
static const true_false_string tfs_trust_attr_tree_parent = {
|
|
|
|
"TREE PARENT is set",
|
|
|
|
"Tree parent is NOT set"
|
|
|
|
};
|
|
|
|
static const true_false_string tfs_trust_attr_tree_root = {
|
|
|
|
"TREE ROOT is set",
|
|
|
|
"Tree root is NOT set"
|
|
|
|
};
|
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
2004-01-19 20:10:37 +00:00
|
|
|
proto_tree *parent_tree, guint8 *drep)
|
2002-04-28 10:09:25 +00:00
|
|
|
{
|
|
|
|
guint32 mask;
|
|
|
|
proto_item *item = NULL;
|
|
|
|
proto_tree *tree = NULL;
|
|
|
|
|
|
|
|
offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
|
|
|
|
hf_lsa_trust_attr, &mask);
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_uint(parent_tree, hf_lsa_trust_attr,
|
|
|
|
tvb, offset-4, 4, mask);
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_trust_attr);
|
|
|
|
}
|
|
|
|
|
|
|
|
proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_root,
|
|
|
|
tvb, offset-4, 4, mask);
|
|
|
|
proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_parent,
|
|
|
|
tvb, offset-4, 4, mask);
|
|
|
|
proto_tree_add_boolean(tree, hf_lsa_trust_attr_uplevel_only,
|
|
|
|
tvb, offset-4, 4, mask);
|
|
|
|
proto_tree_add_boolean(tree, hf_lsa_trust_attr_non_trans,
|
|
|
|
tvb, offset-4, 4, mask);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRUST_INFORMATION_EX(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-28 10:09:25 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"TRUST INFORMATION EX:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_trust_information_ex);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* name */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_name, 0);
|
2002-04-28 10:09:25 +00:00
|
|
|
|
|
|
|
/* flat name */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_flat_name, 0);
|
2002-04-28 10:09:25 +00:00
|
|
|
|
|
|
|
/* sid */
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
|
2002-04-28 10:09:25 +00:00
|
|
|
|
|
|
|
/* direction */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_trust_direction, NULL);
|
|
|
|
|
|
|
|
/* type */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_trust_type, NULL);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2002-04-28 10:09:25 +00:00
|
|
|
/* attributes */
|
|
|
|
offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
|
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_auth_info_blob(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:09:25 +00:00
|
|
|
{
|
|
|
|
dcerpc_info *di;
|
|
|
|
guint32 len;
|
|
|
|
|
|
|
|
di=pinfo->private_data;
|
|
|
|
if(di->conformant_run){
|
|
|
|
/*just a run to handle conformant arrays, nothing to dissect */
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* len */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_auth_len, &len);
|
|
|
|
|
|
|
|
proto_tree_add_item(tree, hf_lsa_auth_blob, tvb, offset, len, FALSE);
|
|
|
|
offset += len;
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_auth_info(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-28 10:09:25 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"AUTH INFORMATION:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_auth_information);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* update */
|
2005-01-28 09:29:49 +00:00
|
|
|
offset = dissect_ndr_duint32 (tvb, offset, pinfo, tree, drep,
|
2002-04-28 10:09:25 +00:00
|
|
|
hf_lsa_auth_update, NULL);
|
|
|
|
|
|
|
|
/* type */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_auth_type, NULL);
|
|
|
|
|
|
|
|
/* len */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_auth_len, NULL);
|
|
|
|
|
|
|
|
/* auth info blob */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_auth_info_blob, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"AUTH INFO blob:", -1);
|
2002-04-28 10:09:25 +00:00
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-28 10:09:25 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"TRUSTED DOMAIN AUTH INFORMATION:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_auth_information);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
|
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRUST_INFORMATION_array(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRUST_INFORMATION);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_REFERENCED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"LSA_REFERENCED_DOMAIN_LIST:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_referenced_domain_list);
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* count */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* trust information */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRUST_INFORMATION_array, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRUST INFORMATION array:", -1);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
/* max count */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_max_count, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
2001-11-12 08:58:45 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarlookupsids_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_TRANSLATED_NAMES pointer: names", -1);
|
2001-12-09 00:07:37 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_num_mapped, NULL);
|
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetquotasforaccount_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsargetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsargetquotasforaccount_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetinformationpolicy_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_policy_information_class, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"POLICY_INFORMATION pointer: info", -1);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetinformationpolicy_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarclearauditlog_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
|
2002-04-17 15:39:27 +00:00
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarclearauditlog_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-17 15:39:27 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsargetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsargetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_rid, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_rid, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaropentrusteddomain_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
offset = lsa_dissect_ACCESS_MASK(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaropentrusteddomain_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2001-12-16 20:17:10 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-17 09:24:09 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsardeletetrusteddomain_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
|
2001-12-16 20:17:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2001-12-09 00:07:37 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsardeletetrusteddomain_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 09:24:09 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2001-11-12 08:58:45 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-04-17 10:29:09 +00:00
|
|
|
int
|
|
|
|
dissect_nt_LUID(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-17 10:29:09 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, 0,
|
|
|
|
"LUID:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_LUID);
|
|
|
|
}
|
|
|
|
|
2002-04-17 13:48:56 +00:00
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
2002-04-17 10:29:09 +00:00
|
|
|
hf_nt_luid_low, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_nt_luid_high, NULL);
|
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-17 10:29:09 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, 0,
|
|
|
|
"LSA_PRIVILEGE:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
|
|
|
|
}
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
/* privilege name */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_privilege_name, 0);
|
2002-04-17 10:29:09 +00:00
|
|
|
|
|
|
|
/* LUID */
|
|
|
|
offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
|
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 10:29:09 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_PRIVILEGE);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-17 10:29:09 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, 0,
|
|
|
|
"LSA_PRIVILEGES:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES);
|
|
|
|
}
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
/* privileges */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_PRIVILEGE array:", -1);
|
2002-04-17 10:29:09 +00:00
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumerateprivileges_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 10:29:09 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-17 10:29:09 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_size, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumerateprivileges_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 10:29:09 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_PRIVILEGES pointer: privs", -1);
|
2002-04-17 10:29:09 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-17 10:29:09 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 10:41:05 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarlookupprivilegevalue_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 10:41:05 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-17 10:41:05 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
/* privilege name */
|
2002-04-17 10:41:05 +00:00
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"NAME pointer: ", hf_lsa_privilege_name);
|
2002-04-17 10:41:05 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarlookupprivilegevalue_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 10:41:05 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
/* LUID */
|
|
|
|
offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
|
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-17 10:41:05 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarlookupprivilegename_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 10:41:05 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-17 10:41:05 +00:00
|
|
|
|
|
|
|
/* LUID */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
dissect_nt_LUID, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LUID pointer: value", -1);
|
2002-04-17 10:41:05 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarlookupprivilegename_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 10:41:05 +00:00
|
|
|
{
|
|
|
|
/* [out, ref] LSA_UNICODE_STRING **name */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"PRIVILEGE NAME pointer:", hf_lsa_privilege_name);
|
2002-04-17 10:41:05 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-17 10:41:05 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
2002-04-17 10:29:09 +00:00
|
|
|
|
|
|
|
|
2002-04-17 11:01:38 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumerateprivilegesaccount_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 11:01:38 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-17 11:01:38 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LUID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-17 11:01:38 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, 0,
|
|
|
|
"LUID_AND_ATTRIBUTES:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* LUID */
|
|
|
|
offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
|
|
|
|
|
|
|
|
/* attr */
|
2005-01-28 09:29:49 +00:00
|
|
|
offset = dissect_ndr_duint32 (tvb, offset, pinfo, tree, drep,
|
2002-04-17 11:01:38 +00:00
|
|
|
hf_lsa_attr, NULL);
|
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LUID_AND_ATTRIBUTES_array(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 11:01:38 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LUID_AND_ATTRIBUTES);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-17 11:01:38 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, 0,
|
|
|
|
"LUID_AND_ATTRIBUTES_ARRAY:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES_ARRAY);
|
|
|
|
}
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
/* luid and attributes */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LUID_AND_ATTRIBUTES_array, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LUID_AND_ATTRIBUTES array:", -1);
|
2002-04-17 11:01:38 +00:00
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumerateprivilegesaccount_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 11:01:38 +00:00
|
|
|
{
|
|
|
|
/* [out, ref] LUID_AND_ATTRIBUTES_ARRAY * *privs */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
|
2002-04-17 11:01:38 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-17 11:01:38 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaraddprivilegestoaccount_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 11:01:38 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-17 11:01:38 +00:00
|
|
|
|
|
|
|
/* [in, ref] LUID_AND_ATTRIBUTES_ARRAY *privs */
|
|
|
|
offset = lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaraddprivilegestoaccount_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 11:01:38 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-17 11:01:38 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarremoveprivilegesfromaccount_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 11:01:38 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-17 11:01:38 +00:00
|
|
|
|
|
|
|
/* [in] char unknown */
|
|
|
|
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_char, NULL);
|
|
|
|
|
|
|
|
/* [in, unique] LUID_AND_ATTRIBUTES_ARRAY *privs */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
|
2002-04-17 11:01:38 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarremoveprivilegesfromaccount_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-17 11:01:38 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-17 11:01:38 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-18 10:40:30 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumerateaccounts_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-18 10:40:30 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-18 10:40:30 +00:00
|
|
|
|
|
|
|
/* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_resume_handle, NULL);
|
|
|
|
|
|
|
|
/* [in] ULONG pref_maxlen */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_max_count, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumerateaccounts_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-18 10:40:30 +00:00
|
|
|
{
|
|
|
|
/* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_resume_handle, NULL);
|
|
|
|
|
|
|
|
/* [out, ref] PSID_ARRAY **accounts */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"PSID_ARRAY", -1);
|
2002-04-18 10:40:30 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-18 10:40:30 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarcreatetrusteddomain_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-18 10:40:30 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd_pol */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-18 10:40:30 +00:00
|
|
|
|
|
|
|
/* [in, ref] LSA_TRUST_INFORMATION *domain */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRUST_INFORMATION, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_TRUST_INFORMATION pointer: domain", -1);
|
2002-04-18 10:40:30 +00:00
|
|
|
|
|
|
|
/* [in] ACCESS_MASK access */
|
|
|
|
offset = lsa_dissect_ACCESS_MASK(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarcreatetrusteddomain_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-18 10:40:30 +00:00
|
|
|
{
|
|
|
|
/* [out] LSA_HANDLE *hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-18 10:40:30 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-18 10:40:30 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-18 10:40:30 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-18 10:40:30 +00:00
|
|
|
|
|
|
|
/* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_resume_handle, NULL);
|
|
|
|
|
|
|
|
/* [in] ULONG pref_maxlen */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_max_count, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRUSTED_DOMAIN(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-18 10:40:30 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, 0,
|
|
|
|
"TRUSTED_DOMAIN:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* domain */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-02-08 09:41:44 +00:00
|
|
|
hf_lsa_domain, 0);
|
2002-04-18 10:40:30 +00:00
|
|
|
|
|
|
|
/* sid */
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
|
2002-04-18 10:40:30 +00:00
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRUSTED_DOMAIN_array(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-18 10:40:30 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRUSTED_DOMAIN);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRUSTED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-18 10:40:30 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, 0,
|
|
|
|
"TRUSTED_DOMAIN_LIST:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN_LIST);
|
|
|
|
}
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
/* privileges */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRUSTED_DOMAIN_array, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRUSTED_DOMAIN array:", -1);
|
2002-04-18 10:40:30 +00:00
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-18 10:40:30 +00:00
|
|
|
{
|
|
|
|
/* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_resume_handle, NULL);
|
|
|
|
|
|
|
|
/* [out, ref] LSA_REFERENCED_DOMAIN_LIST *domains */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRUSTED_DOMAIN_LIST, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_TRUSTED_DOMAIN_LIST pointer: domains", -1);
|
2002-04-18 10:40:30 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-18 10:40:30 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-04-27 03:54:17 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_UNICODE_STRING_item(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-27 03:54:17 +00:00
|
|
|
{
|
|
|
|
dcerpc_info *di;
|
|
|
|
|
|
|
|
di=pinfo->private_data;
|
|
|
|
if(di->conformant_run){
|
|
|
|
/*just a run to handle conformant arrays, nothing to dissect */
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
di->hf_index, 0);
|
2002-04-27 03:54:17 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_UNICODE_STRING_array(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-27 03:54:17 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_UNICODE_STRING_item);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-29 06:15:31 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-29 06:15:31 +00:00
|
|
|
{
|
|
|
|
dcerpc_info *di;
|
|
|
|
|
|
|
|
di=pinfo->private_data;
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"UNICODE_STRING pointer: ", di->hf_index);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2002-04-29 06:15:31 +00:00
|
|
|
return offset;
|
|
|
|
}
|
2002-04-27 03:54:17 +00:00
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SID(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-27 03:54:17 +00:00
|
|
|
{
|
|
|
|
/* sid type */
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_sid_type, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_rid, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_index, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS_array(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-27 03:54:17 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SID);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-27 03:54:17 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"LSA_TRANSLATED_SIDS:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* count */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
/* settings */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS_array, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Translated SIDS", -1);
|
2002-04-27 03:54:17 +00:00
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2006-03-15 08:26:21 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SID2(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
|
|
|
{
|
|
|
|
/* sid type */
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_sid_type, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_rid, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_index, NULL);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2008-09-29 22:10:40 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SID3(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
|
|
|
{
|
|
|
|
/* sid type */
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_sid_type, NULL);
|
|
|
|
|
|
|
|
/* sid */
|
|
|
|
offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_index, NULL);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2006-03-15 08:26:21 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS2_array(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SID2);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2008-09-29 22:10:40 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS3_array(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SID3);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2006-03-15 08:26:21 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS2(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"LSA_TRANSLATED_SIDS:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* count */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
/* settings */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS2_array, NDR_POINTER_UNIQUE,
|
|
|
|
"Translated SIDS", -1);
|
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-27 03:54:17 +00:00
|
|
|
static int
|
2008-09-29 22:10:40 +00:00
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS3(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-27 03:54:17 +00:00
|
|
|
{
|
2008-09-29 22:10:40 +00:00
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"LSA_TRANSLATED_SIDS:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* count */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
/* settings */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS3_array, NDR_POINTER_UNIQUE,
|
|
|
|
"Translated SIDS", -1);
|
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int lsa_dissect_lsarlookupnames_rqst(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep) { /* [in]
|
|
|
|
LSA_HANDLE hnd */ offset = dissect_nt_policy_hnd(tvb, offset, pinfo,
|
|
|
|
tree, drep, hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-27 03:54:17 +00:00
|
|
|
|
|
|
|
/* [in] ULONG count */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
/* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Account pointer: names", hf_lsa_acct);
|
2002-04-27 03:54:17 +00:00
|
|
|
|
|
|
|
/* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2006-03-16 08:47:19 +00:00
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_TRANSLATED_SIDS pointer: rids", -1);
|
2002-04-27 03:54:17 +00:00
|
|
|
|
|
|
|
/* [in] USHORT level */
|
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_info_level, NULL);
|
|
|
|
|
|
|
|
/* [in, out, ref] ULONG *num_mapped */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_num_mapped, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarlookupnames_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-27 03:54:17 +00:00
|
|
|
{
|
2002-04-29 01:25:51 +00:00
|
|
|
/* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
|
2002-04-27 03:54:17 +00:00
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2002-04-29 01:25:51 +00:00
|
|
|
lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
|
2002-04-27 03:54:17 +00:00
|
|
|
|
|
|
|
/* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2006-03-16 08:47:19 +00:00
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_TRANSLATED_SIDS pointer: rids", -1);
|
2002-04-27 03:54:17 +00:00
|
|
|
|
|
|
|
/* [in, out, ref] ULONG *num_mapped */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_num_mapped, NULL);
|
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-27 03:54:17 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-28 07:00:06 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarcreatesecret_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 07:00:06 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd_pol */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-28 07:00:06 +00:00
|
|
|
|
|
|
|
/* [in, ref] LSA_UNICODE_STRING *name */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_name, 0);
|
2002-04-28 07:00:06 +00:00
|
|
|
|
|
|
|
/* [in] ACCESS_MASK access */
|
|
|
|
offset = lsa_dissect_ACCESS_MASK(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarcreatesecret_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 07:00:06 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
/* [out] LSA_HANDLE *hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-28 07:00:06 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-28 07:00:06 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-28 07:06:30 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaropenaccount_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 07:06:30 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd_pol */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-28 07:06:30 +00:00
|
|
|
|
|
|
|
/* [in, ref] SID *account */
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
|
2002-04-28 07:06:30 +00:00
|
|
|
|
|
|
|
/* [in] ACCESS_MASK access */
|
|
|
|
offset = lsa_dissect_ACCESS_MASK(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaropenaccount_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 07:06:30 +00:00
|
|
|
{
|
|
|
|
/* [out] LSA_HANDLE *hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-28 07:06:30 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-28 07:06:30 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-28 10:09:25 +00:00
|
|
|
static const value_string trusted_info_level_vals[] = {
|
|
|
|
{1, "Domain Name Information"},
|
|
|
|
{2, "Controllers Information"},
|
|
|
|
{3, "Posix Offset Information"},
|
|
|
|
{4, "Password Information"},
|
|
|
|
{5, "Domain Information Basic"},
|
|
|
|
{6, "Domain Information Ex"},
|
|
|
|
{7, "Domain Auth Information"},
|
|
|
|
{8, "Domain Full Information"},
|
|
|
|
{9, "Domain Security Descriptor"},
|
|
|
|
{10, "Domain Private Information"},
|
|
|
|
{0, NULL}
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_TRUSTED_DOMAIN_INFORMATION(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-04-28 10:09:25 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
guint16 level;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"TRUSTED_DOMAIN_INFO:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_info);
|
|
|
|
}
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_trusted_info_level, &level);
|
|
|
|
|
|
|
|
ALIGN_TO_4_BYTES; /* all union arms aligned to 4 bytes, case 7 and 9 need this */
|
|
|
|
switch(level){
|
2002-08-28 21:04:11 +00:00
|
|
|
case 1:
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_domain, 0);
|
2002-04-28 10:09:25 +00:00
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Controllers pointer: ", hf_lsa_controller);
|
2002-04-28 10:09:25 +00:00
|
|
|
break;
|
|
|
|
case 3:
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_rid_offset, NULL);
|
|
|
|
break;
|
|
|
|
case 4:
|
|
|
|
offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
|
|
|
|
offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
|
|
|
|
break;
|
|
|
|
case 5:
|
|
|
|
offset = lsa_dissect_LSA_TRUST_INFORMATION(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
|
|
|
break;
|
|
|
|
case 6:
|
|
|
|
offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
|
|
|
break;
|
|
|
|
case 7:
|
|
|
|
offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
|
|
|
|
break;
|
|
|
|
case 8:
|
|
|
|
offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_rid_offset, NULL);
|
|
|
|
offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
|
|
|
|
break;
|
|
|
|
case 9:
|
2005-01-30 13:00:35 +00:00
|
|
|
offset = lsa_dissect_sec_desc_buf(tvb, offset, pinfo, tree, drep, 0, 0);
|
2002-04-28 10:09:25 +00:00
|
|
|
break;
|
|
|
|
case 10:
|
|
|
|
offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_rid_offset, NULL);
|
2005-01-30 13:00:35 +00:00
|
|
|
offset = lsa_dissect_sec_desc_buf(tvb, offset, pinfo, tree, drep, 0, 0);
|
2002-04-28 10:09:25 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarqueryinfotrusteddomain_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:09:25 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-28 10:09:25 +00:00
|
|
|
|
|
|
|
/* [in] TRUSTED_INFORMATION_CLASS level */
|
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_trusted_info_level, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarqueryinfotrusteddomain_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:09:25 +00:00
|
|
|
{
|
|
|
|
/* [out, ref] TRUSTED_DOMAIN_INFORMATION *info */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
|
2002-04-28 10:09:25 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-28 10:09:25 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetinformationtrusteddomain_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:09:25 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-28 10:09:25 +00:00
|
|
|
|
|
|
|
/* [in] TRUSTED_INFORMATION_CLASS level */
|
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_trusted_info_level, NULL);
|
|
|
|
|
|
|
|
/* [in, ref] TRUSTED_DOMAIN_INFORMATION *info */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
|
2002-04-28 10:09:25 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetinformationtrusteddomain_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:09:25 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-28 10:09:25 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-28 10:24:40 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaropensecret_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:24:40 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd_pol */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
/* [in, ref] LSA_UNICODE_STRING *name */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string_cb(
|
2003-01-30 05:38:56 +00:00
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_name,
|
2003-04-27 00:49:14 +00:00
|
|
|
cb_wstr_postprocess,
|
2003-02-08 09:41:44 +00:00
|
|
|
GINT_TO_POINTER(CB_STR_COL_INFO | 1));
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
/* [in] ACCESS_MASK access */
|
|
|
|
offset = lsa_dissect_ACCESS_MASK(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaropensecret_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:24:40 +00:00
|
|
|
{
|
|
|
|
/* [out] LSA_HANDLE *hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetsecret_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:24:40 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
/* [in, unique] LSA_SECRET *new_val */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECRET pointer: new_val", -1);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
/* [in, unique] LSA_SECRET *old_val */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECRET pointer: old_val", -1);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetsecret_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:24:40 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarquerysecret_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:24:40 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
/* [in, out, unique] LSA_SECRET **curr_val */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2003-05-30 11:30:09 +00:00
|
|
|
lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECRET pointer: curr_val", -1);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
/* [in, out, unique] LARGE_INTEGER *curr_mtime */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"NTIME pointer: old_mtime", hf_lsa_cur_mtime);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
/* [in, out, unique] LSA_SECRET **old_val */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2003-05-30 11:30:09 +00:00
|
|
|
lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECRET pointer: old_val", -1);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
/* [in, out, unique] LARGE_INTEGER *old_mtime */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"NTIME pointer: old_mtime", hf_lsa_old_mtime);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarquerysecret_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:24:40 +00:00
|
|
|
{
|
|
|
|
/* [in, out, unique] LSA_SECRET **curr_val */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2003-05-30 11:30:09 +00:00
|
|
|
lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECRET pointer: curr_val", -1);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
/* [in, out, unique] LARGE_INTEGER *curr_mtime */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"NTIME pointer: old_mtime", hf_lsa_cur_mtime);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
/* [in, out, unique] LSA_SECRET **old_val */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2003-05-30 11:30:09 +00:00
|
|
|
lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECRET pointer: old_val", -1);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
|
|
|
/* [in, out, unique] LARGE_INTEGER *old_mtime */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"NTIME pointer: old_mtime", hf_lsa_old_mtime);
|
2002-04-28 10:24:40 +00:00
|
|
|
|
2003-05-30 11:30:09 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
|
|
|
|
2002-04-28 10:24:40 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-28 10:33:30 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsardeleteobject_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:33:30 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-28 10:33:30 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsardeleteobject_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:33:30 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-28 10:33:30 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumerateaccountswithuserright_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:33:30 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-28 10:33:30 +00:00
|
|
|
|
|
|
|
/* [in, unique] LSA_UNICODE_STRING *rights */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_UNICODE_STRING pointer: rights", hf_lsa_rights);
|
2002-04-28 10:33:30 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumerateaccountswithuserright_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-28 10:33:30 +00:00
|
|
|
{
|
|
|
|
/* [out, ref] LSA_UNICODE_STRING_ARRAY *accounts */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2002-04-29 06:15:31 +00:00
|
|
|
lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Account pointer: names", hf_lsa_acct);
|
2002-04-28 10:33:30 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-28 10:33:30 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-29 06:15:31 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumerateaccountrights_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-29 06:15:31 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-29 06:15:31 +00:00
|
|
|
|
|
|
|
/* [in, ref] SID *account */
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
|
2002-04-29 06:15:31 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumerateaccountrights_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-29 06:15:31 +00:00
|
|
|
{
|
|
|
|
/* [out, ref] LSA_UNICODE_STRING_ARRAY *rights */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Account pointer: rights", hf_lsa_rights);
|
2002-04-29 06:15:31 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-29 06:15:31 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-29 06:23:03 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaraddaccountrights_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-29 06:23:03 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-29 06:23:03 +00:00
|
|
|
|
|
|
|
/* [in, ref] SID *account */
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
|
2002-04-29 06:23:03 +00:00
|
|
|
|
|
|
|
/* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Account pointer: rights", hf_lsa_rights);
|
2002-04-29 06:23:03 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaraddaccountrights_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-29 06:23:03 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-29 06:23:03 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarremoveaccountrights_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-29 06:23:03 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-29 06:23:03 +00:00
|
|
|
|
|
|
|
/* [in, ref] SID *account */
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
|
2002-04-29 06:23:03 +00:00
|
|
|
|
|
|
|
/* remove all */
|
|
|
|
offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_remove_all, NULL);
|
|
|
|
|
|
|
|
/* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Account pointer: rights", hf_lsa_rights);
|
2002-04-29 06:23:03 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarremoveaccountrights_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-29 06:23:03 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-29 06:23:03 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 11:01:38 +00:00
|
|
|
|
2002-04-30 09:35:10 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarquerytrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 09:35:10 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE handle */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-30 09:35:10 +00:00
|
|
|
|
|
|
|
/* [in, ref] LSA_UNICODE_STRING *name */
|
|
|
|
/* domain */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_domain, 0);
|
2002-04-30 09:35:10 +00:00
|
|
|
|
|
|
|
/* [in] TRUSTED_INFORMATION_CLASS level */
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_trusted_info_level, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarquerytrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 09:35:10 +00:00
|
|
|
{
|
|
|
|
/* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
|
2002-04-30 09:35:10 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-30 09:35:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsettrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 09:35:10 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE handle */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-30 09:35:10 +00:00
|
|
|
|
|
|
|
/* [in, ref] LSA_UNICODE_STRING *name */
|
|
|
|
/* domain */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_domain, 0);
|
2002-04-30 09:35:10 +00:00
|
|
|
|
|
|
|
/* [in] TRUSTED_INFORMATION_CLASS level */
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_trusted_info_level, NULL);
|
|
|
|
|
|
|
|
/* [in, ref] TRUSTED_DOMAIN_INFORMATION *info) */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
|
2002-04-30 09:35:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsettrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 09:35:10 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-30 09:35:10 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-30 09:40:41 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarquerytrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 09:40:41 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE handle */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-30 09:40:41 +00:00
|
|
|
|
|
|
|
/* [in, ref] SID *sid */
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
|
2002-04-30 09:40:41 +00:00
|
|
|
|
|
|
|
/* [in] TRUSTED_INFORMATION_CLASS level */
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_trusted_info_level, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-30 09:46:48 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaropentrusteddomainbyname_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 09:46:48 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE handle */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-30 09:46:48 +00:00
|
|
|
|
|
|
|
/* [in, ref] LSA_UNICODE_STRING *name */
|
|
|
|
/* domain */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_domain, 0);
|
2002-04-30 09:46:48 +00:00
|
|
|
|
|
|
|
/* [in] ACCESS_MASK access */
|
|
|
|
offset = lsa_dissect_ACCESS_MASK(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsaropentrusteddomainbyname_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 09:46:48 +00:00
|
|
|
{
|
|
|
|
/* [out] LSA_HANDLE handle */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-30 09:46:48 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-30 09:46:48 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-04-30 09:40:41 +00:00
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarquerytrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 09:40:41 +00:00
|
|
|
{
|
|
|
|
/* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
|
2002-04-30 09:40:41 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-30 09:40:41 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsettrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 09:40:41 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE handle */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-30 09:40:41 +00:00
|
|
|
|
|
|
|
/* [in, ref] SID *sid */
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
|
2002-04-30 09:40:41 +00:00
|
|
|
|
|
|
|
/* [in] TRUSTED_INFORMATION_CLASS level */
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_trusted_info_level, NULL);
|
|
|
|
|
|
|
|
/* [ref, ref] TRUSTED_DOMAIN_INFORMATION *info) */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
|
2002-04-30 09:40:41 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsettrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 09:40:41 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-30 09:40:41 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-30 10:02:11 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarqueryinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 10:02:11 +00:00
|
|
|
{
|
2004-06-28 05:29:21 +00:00
|
|
|
guint16 level;
|
|
|
|
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-30 10:02:11 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
2004-06-28 05:29:21 +00:00
|
|
|
hf_lsa_policy_information_class, &level);
|
|
|
|
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
col_append_fstr(
|
|
|
|
pinfo->cinfo, COL_INFO, ", %s",
|
|
|
|
val_to_str(level, policy_information_class_vals,
|
|
|
|
"Unknown (%d)"));
|
2002-04-30 10:02:11 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarqueryinformationpolicy2_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 10:02:11 +00:00
|
|
|
{
|
2002-07-31 21:22:39 +00:00
|
|
|
/* This is really a pointer to a pointer though the first level is REF
|
|
|
|
so we just ignore that one */
|
2002-04-30 10:02:11 +00:00
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2002-07-31 21:22:39 +00:00
|
|
|
lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"POLICY_INFORMATION pointer: info", -1);
|
2002-04-30 10:02:11 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-30 10:02:11 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 10:02:11 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-30 10:02:11 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_policy_information_class, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"POLICY_INFORMATION pointer: info", -1);
|
2002-04-30 10:02:11 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetinformationpolicy2_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 10:02:11 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-30 10:02:11 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarquerydomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 10:02:11 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-30 10:02:11 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_policy_information_class, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarquerydomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 10:02:11 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"POLICY_INFORMATION pointer: info", -1);
|
2002-04-30 10:02:11 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-30 10:02:11 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetdomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 10:02:11 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-30 10:02:11 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_policy_information_class, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"POLICY_INFORMATION pointer: info", -1);
|
2002-04-30 10:02:11 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarsetdomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 10:02:11 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-30 10:02:11 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-30 10:14:34 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarlookupnames2_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 10:14:34 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-30 10:14:34 +00:00
|
|
|
|
|
|
|
/* [in] ULONG count */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
/* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Account pointer: names", hf_lsa_acct);
|
2002-04-30 10:14:34 +00:00
|
|
|
|
|
|
|
/* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2006-03-16 08:47:19 +00:00
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS2, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_TRANSLATED_SIDS pointer: rids", -1);
|
2002-04-30 10:14:34 +00:00
|
|
|
|
|
|
|
/* [in] USHORT level */
|
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_info_level, NULL);
|
|
|
|
|
|
|
|
/* [in, out, ref] ULONG *num_mapped */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_num_mapped, NULL);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarlookupnames2_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 10:14:34 +00:00
|
|
|
{
|
|
|
|
/* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
|
2002-04-30 10:14:34 +00:00
|
|
|
|
|
|
|
/* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2006-03-16 08:47:19 +00:00
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS2, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_TRANSLATED_SIDS pointer: rids", -1);
|
2002-04-30 10:14:34 +00:00
|
|
|
|
|
|
|
/* [in, out, ref] ULONG *num_mapped */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_num_mapped, NULL);
|
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-30 10:14:34 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2008-09-29 22:10:40 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_lsarlookupnames3_rqst(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
|
|
|
|
|
|
|
/* [in] ULONG count */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
/* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
|
|
|
|
"Account pointer: names", hf_lsa_acct);
|
|
|
|
|
|
|
|
/* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS3, NDR_POINTER_REF,
|
|
|
|
"LSA_TRANSLATED_SIDS pointer: rids", -1);
|
|
|
|
|
|
|
|
/* [in] USHORT level */
|
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_info_level, NULL);
|
|
|
|
|
|
|
|
/* [in, out, ref] ULONG *num_mapped */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_num_mapped, NULL);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_lsarlookupnames3_reply(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
|
|
|
{
|
|
|
|
/* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
|
|
|
|
"LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
|
|
|
|
|
|
|
|
/* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_SIDS3, NDR_POINTER_REF,
|
|
|
|
"LSA_TRANSLATED_SIDS pointer: rids", -1);
|
|
|
|
|
|
|
|
/* [in, out, ref] ULONG *num_mapped */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_num_mapped, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
2002-04-30 09:35:10 +00:00
|
|
|
|
2002-04-30 10:17:53 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarcreateaccount_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 10:17:53 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-30 10:17:53 +00:00
|
|
|
|
2004-05-19 04:52:31 +00:00
|
|
|
offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
|
2002-04-30 10:17:53 +00:00
|
|
|
|
|
|
|
offset = lsa_dissect_ACCESS_MASK(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarcreateaccount_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-04-30 10:17:53 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-04-30 10:17:53 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-04-30 10:17:53 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-05-02 06:13:07 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarlookupprivilegedisplayname_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 06:13:07 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-05-02 06:13:07 +00:00
|
|
|
|
|
|
|
/* [in, ref] LSA_UNICODE_STRING *name */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-09-03 09:48:50 +00:00
|
|
|
hf_lsa_privilege_name, 0);
|
2002-05-02 06:13:07 +00:00
|
|
|
|
2003-09-03 09:48:50 +00:00
|
|
|
/* [in, ref] long *size */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_privilege_display_name_size, NULL);
|
2002-05-02 06:13:07 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarlookupprivilegedisplayname_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 06:13:07 +00:00
|
|
|
{
|
|
|
|
/* [out, ref] LSA_UNICODE_STRING **disp_name */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
|
2003-09-03 09:48:50 +00:00
|
|
|
"NAME pointer: ", hf_lsa_privilege_display_name);
|
2002-05-02 06:13:07 +00:00
|
|
|
|
2003-09-03 09:48:50 +00:00
|
|
|
/* [out, ref] long *size */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_privilege_display_name_size, NULL);
|
2002-05-02 06:13:07 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-05-02 06:13:07 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-05-02 06:21:52 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarstoreprivatedata_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 06:21:52 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-05-02 06:21:52 +00:00
|
|
|
|
|
|
|
/* [in, ref] LSA_UNICODE_STRING *key */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_key, 0);
|
2002-05-02 06:21:52 +00:00
|
|
|
|
|
|
|
/* [in, unique] LSA_SECRET **data */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECRET* pointer: data", -1);
|
2002-05-02 06:21:52 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarstoreprivatedata_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 06:21:52 +00:00
|
|
|
{
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-05-02 06:21:52 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarretrieveprivatedata_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 06:21:52 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-05-02 06:21:52 +00:00
|
|
|
|
|
|
|
/* [in, ref] LSA_UNICODE_STRING *key */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_key, 0);
|
2002-05-02 06:21:52 +00:00
|
|
|
|
|
|
|
/* [in, out, ref] LSA_SECRET **data */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECRET* pointer: data", -1);
|
2002-05-02 06:21:52 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarretrieveprivatedata_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 06:21:52 +00:00
|
|
|
{
|
|
|
|
/* [in, out, ref] LSA_SECRET **data */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECRET* pointer: data", -1);
|
2002-05-02 06:21:52 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-05-02 06:21:52 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-05-02 06:33:39 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarclosetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 06:33:39 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
/* [in, out] LSA_HANDLE *tdHnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-05-02 06:33:39 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarclosetrusteddomainex_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 06:33:39 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
/* [in, out] LSA_HANDLE *tdHnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-05-02 06:33:39 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-05-02 06:33:39 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-05-02 06:46:31 +00:00
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAME_EX(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
|
2002-05-02 06:46:31 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
|
|
|
|
"LSA_TRANSLATED_NAME:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_lsa_translated_name);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* sid type */
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_sid_type, NULL);
|
|
|
|
|
|
|
|
/* name */
|
2003-02-03 02:14:01 +00:00
|
|
|
offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
|
2003-01-30 08:19:39 +00:00
|
|
|
hf_lsa_name, 0);
|
2002-05-02 06:46:31 +00:00
|
|
|
|
|
|
|
/* index */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_index, NULL);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAME_EX_array(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 06:46:31 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAME_EX);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAMES_EX(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 06:46:31 +00:00
|
|
|
{
|
|
|
|
/* count */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAME_EX_array, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_TRANSLATED_NAME_EX: pointer", -1);
|
2002-05-02 06:46:31 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarlookupsids2_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 06:46:31 +00:00
|
|
|
{
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-05-02 06:46:31 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"PSID_ARRAY", -1);
|
2002-05-02 06:46:31 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_TRANSLATED_NAMES_EX pointer: names", -1);
|
2002-05-02 06:46:31 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_info_level, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_num_mapped, NULL);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
|
|
|
/* unknown */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarlookupsids2_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 06:46:31 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2002-10-28 20:12:30 +00:00
|
|
|
lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
|
2002-05-02 06:46:31 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_TRANSLATED_NAMES_EX pointer: names", -1);
|
2002-05-02 06:46:31 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_num_mapped, NULL);
|
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-05-02 06:46:31 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
2002-05-02 06:21:52 +00:00
|
|
|
|
2002-05-02 08:18:53 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsargetusername_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 08:18:53 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
/* [in, unique, string] WCHAR *server */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Server:", hf_lsa_server);
|
2002-05-02 08:18:53 +00:00
|
|
|
|
|
|
|
/* [in, out, ref] LSA_UNICODE_STRING **user */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"ACCOUNT pointer: ", hf_lsa_acct);
|
2002-05-02 08:18:53 +00:00
|
|
|
|
|
|
|
/* [in, out, unique] LSA_UNICODE_STRING **domain */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"DOMAIN pointer: ", hf_lsa_domain);
|
2002-05-02 08:18:53 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsargetusername_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 08:18:53 +00:00
|
|
|
{
|
|
|
|
/* [in, out, ref] LSA_UNICODE_STRING **user */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"ACCOUNT pointer: ", hf_lsa_acct);
|
2002-05-02 08:18:53 +00:00
|
|
|
|
|
|
|
/* [in, out, unique] LSA_UNICODE_STRING **domain */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"DOMAIN pointer: ", hf_lsa_domain);
|
2002-05-02 08:18:53 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-05-02 08:18:53 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-05-02 08:38:24 +00:00
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarcreatetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 08:38:24 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-05-02 08:38:24 +00:00
|
|
|
|
|
|
|
/* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
|
2002-05-02 08:38:24 +00:00
|
|
|
|
|
|
|
/* [in, ref] TRUSTED_DOMAIN_AUTH_INFORMATION *auth */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRUSTED_DOMAIN_AUTH_INFORMATION pointer: auth", -1);
|
2002-05-02 08:38:24 +00:00
|
|
|
|
|
|
|
/* [in] ACCESS_MASK mask */
|
|
|
|
offset = lsa_dissect_ACCESS_MASK(tvb, offset,
|
|
|
|
pinfo, tree, drep);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarcreatetrusteddomainex_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 08:38:24 +00:00
|
|
|
{
|
|
|
|
/* [out] LSA_HANDLE *tdHnd) */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-05-02 08:38:24 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-05-02 08:38:24 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumeratetrusteddomainsex_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 08:38:24 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-05-02 08:38:24 +00:00
|
|
|
|
|
|
|
/* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_resume_handle, NULL);
|
|
|
|
|
|
|
|
/* [in] ULONG pref_maxlen */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_max_count, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 08:38:24 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRUST_INFORMATION_EX);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 08:38:24 +00:00
|
|
|
{
|
|
|
|
/* count */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_count, NULL);
|
|
|
|
|
|
|
|
/* trust information */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRUST INFORMATION array:", -1);
|
2002-05-02 08:38:24 +00:00
|
|
|
|
|
|
|
/* max count */
|
2003-08-20 00:09:36 +00:00
|
|
|
/* The original code here was wrong. It now handles these correctly */
|
|
|
|
/*offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
2002-05-02 08:38:24 +00:00
|
|
|
hf_lsa_max_count, NULL);
|
2003-08-20 00:09:36 +00:00
|
|
|
*/
|
2002-05-02 08:38:24 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsarenumeratetrusteddomainsex_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 08:38:24 +00:00
|
|
|
{
|
|
|
|
/* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_resume_handle, NULL);
|
|
|
|
|
|
|
|
/* [out, ref] TRUSTED_DOMAIN_INFORMATION_LIST_EX *domains */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRUSTED_DOMAIN_INFORMATION_LIST_EX pointer: domains", -1);
|
2002-05-02 08:38:24 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-05-02 08:38:24 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-05-02 08:47:23 +00:00
|
|
|
static int
|
2003-09-29 00:01:27 +00:00
|
|
|
lsa_dissect_lsartestcall_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 08:47:23 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE handle */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-05-02 08:47:23 +00:00
|
|
|
|
|
|
|
/* [in] USHORT flag */
|
|
|
|
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_short, NULL);
|
|
|
|
|
|
|
|
/* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2005-01-30 13:00:35 +00:00
|
|
|
pointer_lsa_dissect_sec_desc_buf, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
|
2002-05-02 08:47:23 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
2002-05-02 08:38:24 +00:00
|
|
|
|
2002-05-02 06:13:07 +00:00
|
|
|
|
2002-05-02 08:47:23 +00:00
|
|
|
static int
|
2003-09-29 00:01:27 +00:00
|
|
|
lsa_dissect_lsartestcall_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 08:47:23 +00:00
|
|
|
{
|
|
|
|
/* [out, ref] LSA_SECURITY_DESCRIPTOR **psd) */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2005-01-30 13:00:35 +00:00
|
|
|
pointer_lsa_dissect_sec_desc_buf, NDR_POINTER_UNIQUE,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECURITY_DESCRIPTOR pointer: psd)", -1);
|
2002-05-02 08:47:23 +00:00
|
|
|
|
2003-05-30 11:30:09 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
|
|
|
|
2002-05-02 08:47:23 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2003-09-29 00:01:27 +00:00
|
|
|
lsa_dissect_lsarcreatetrusteddomainex2_rqst(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 08:47:23 +00:00
|
|
|
{
|
|
|
|
/* [in] LSA_HANDLE hnd */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-05-02 08:47:23 +00:00
|
|
|
|
|
|
|
/* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
|
2002-05-02 08:47:23 +00:00
|
|
|
|
|
|
|
/* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
2005-01-30 13:00:35 +00:00
|
|
|
pointer_lsa_dissect_sec_desc_buf, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
|
2002-05-02 08:47:23 +00:00
|
|
|
|
|
|
|
/* [in] ULONG unknown */
|
|
|
|
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_lsa_unknown_long, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2003-09-29 00:01:27 +00:00
|
|
|
lsa_dissect_lsarcreatetrusteddomainex2_reply(tvbuff_t *tvb, int offset,
|
2004-01-19 20:10:37 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
2002-05-02 08:47:23 +00:00
|
|
|
{
|
|
|
|
/* [out] LSA_HANDLE *h2) */
|
2003-05-23 05:20:58 +00:00
|
|
|
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
|
In the policy handle hashing, handle more than one policy handle having
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
2003-06-05 04:22:04 +00:00
|
|
|
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
|
2002-05-02 08:47:23 +00:00
|
|
|
|
2003-04-27 04:33:10 +00:00
|
|
|
offset = dissect_ntstatus(
|
|
|
|
tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
|
2002-05-02 08:47:23 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-04-17 10:29:09 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
|
2003-09-23 12:06:20 +00:00
|
|
|
{ LSA_LSARCLOSE, "LsarClose",
|
|
|
|
lsa_dissect_lsarclose_rqst,
|
|
|
|
lsa_dissect_lsarclose_reply },
|
|
|
|
{ LSA_LSARDELETE, "LsarDelete",
|
|
|
|
lsa_dissect_lsardelete_rqst,
|
|
|
|
lsa_dissect_lsardelete_reply },
|
|
|
|
{ LSA_LSARENUMERATEPRIVILEGES, "LsarEnumeratePrivileges",
|
|
|
|
lsa_dissect_lsarenumerateprivileges_rqst,
|
|
|
|
lsa_dissect_lsarenumerateprivileges_reply },
|
|
|
|
{ LSA_LSARQUERYSECURITYOBJECT, "LsarQuerySecurityObject",
|
|
|
|
lsa_dissect_lsarquerysecurityobject_rqst,
|
|
|
|
lsa_dissect_lsarquerysecurityobject_reply },
|
|
|
|
{ LSA_LSARSETSECURITYOBJECT, "LsarSetSecurityObject",
|
|
|
|
lsa_dissect_lsarsetsecurityobject_rqst,
|
|
|
|
lsa_dissect_lsarsetsecurityobject_reply },
|
|
|
|
{ LSA_LSARCHANGEPASSWORD, "LsarChangePassword",
|
|
|
|
lsa_dissect_lsarchangepassword_rqst,
|
|
|
|
lsa_dissect_lsarchangepassword_reply },
|
|
|
|
{ LSA_LSAROPENPOLICY, "LsarOpenPolicy",
|
|
|
|
lsa_dissect_lsaropenpolicy_rqst,
|
|
|
|
lsa_dissect_lsaropenpolicy_reply },
|
|
|
|
{ LSA_LSARQUERYINFORMATIONPOLICY, "LsarQueryInformationPolicy",
|
|
|
|
lsa_dissect_lsarqueryinformationpolicy_rqst,
|
|
|
|
lsa_dissect_lsarqueryinformationpolicy_reply },
|
|
|
|
{ LSA_LSARSETINFORMATIONPOLICY, "LsarSetInformationPolicy",
|
|
|
|
lsa_dissect_lsarsetinformationpolicy_rqst,
|
|
|
|
lsa_dissect_lsarsetinformationpolicy_reply },
|
|
|
|
{ LSA_LSARCLEARAUDITLOG, "LsarClearAuditLog",
|
|
|
|
lsa_dissect_lsarclearauditlog_rqst,
|
|
|
|
lsa_dissect_lsarclearauditlog_reply },
|
|
|
|
{ LSA_LSARCREATEACCOUNT, "LsarCreateAccount",
|
|
|
|
lsa_dissect_lsarcreateaccount_rqst,
|
|
|
|
lsa_dissect_lsarcreateaccount_reply },
|
|
|
|
{ LSA_LSARENUMERATEACCOUNTS, "LsarEnumerateAccounts",
|
|
|
|
lsa_dissect_lsarenumerateaccounts_rqst,
|
|
|
|
lsa_dissect_lsarenumerateaccounts_reply },
|
|
|
|
{ LSA_LSARCREATETRUSTEDDOMAIN, "LsarCreateTrustedDomain",
|
|
|
|
lsa_dissect_lsarcreatetrusteddomain_rqst,
|
|
|
|
lsa_dissect_lsarcreatetrusteddomain_reply },
|
|
|
|
{ LSA_LSARENUMERATETRUSTEDDOMAINS, "LsarEnumerateTrustedDomains",
|
|
|
|
lsa_dissect_lsarenumeratetrusteddomains_rqst,
|
|
|
|
lsa_dissect_lsarenumeratetrusteddomains_reply },
|
|
|
|
{ LSA_LSARLOOKUPNAMES, "LsarLookupNames",
|
|
|
|
lsa_dissect_lsarlookupnames_rqst,
|
|
|
|
lsa_dissect_lsarlookupnames_reply },
|
|
|
|
{ LSA_LSARLOOKUPSIDS, "LsarLookupSids",
|
|
|
|
lsa_dissect_lsarlookupsids_rqst,
|
|
|
|
lsa_dissect_lsarlookupsids_reply },
|
|
|
|
{ LSA_LSARCREATESECRET, "LsarCreateSecret",
|
|
|
|
lsa_dissect_lsarcreatesecret_rqst,
|
|
|
|
lsa_dissect_lsarcreatesecret_reply },
|
|
|
|
{ LSA_LSAROPENACCOUNT, "LsarOpenAccount",
|
|
|
|
lsa_dissect_lsaropenaccount_rqst,
|
|
|
|
lsa_dissect_lsaropenaccount_reply },
|
|
|
|
{ LSA_LSARENUMERATEPRIVILEGESACCOUNT, "LsarEnumeratePrivilegesAccount",
|
|
|
|
lsa_dissect_lsarenumerateprivilegesaccount_rqst,
|
|
|
|
lsa_dissect_lsarenumerateprivilegesaccount_reply },
|
|
|
|
{ LSA_LSARADDPRIVILEGESTOACCOUNT, "LsarAddPrivilegesToAccount",
|
|
|
|
lsa_dissect_lsaraddprivilegestoaccount_rqst,
|
|
|
|
lsa_dissect_lsaraddprivilegestoaccount_reply },
|
|
|
|
{ LSA_LSARREMOVEPRIVILEGESFROMACCOUNT, "LsarRemovePrivilegesFromAccount",
|
|
|
|
lsa_dissect_lsarremoveprivilegesfromaccount_rqst,
|
|
|
|
lsa_dissect_lsarremoveprivilegesfromaccount_reply },
|
|
|
|
{ LSA_LSARGETQUOTASFORACCOUNT, "LsarGetQuotasForAccount",
|
|
|
|
lsa_dissect_lsargetquotasforaccount_rqst,
|
|
|
|
lsa_dissect_lsargetquotasforaccount_reply },
|
|
|
|
{ LSA_LSARSETQUOTASFORACCOUNT, "LsarSetQuotasForAccount",
|
|
|
|
lsa_dissect_lsarsetquotasforaccount_rqst,
|
|
|
|
lsa_dissect_lsarsetquotasforaccount_reply },
|
|
|
|
{ LSA_LSARGETSYSTEMACCESSACCOUNT, "LsarGetSystemAccessAccount",
|
|
|
|
lsa_dissect_lsargetsystemaccessaccount_rqst,
|
|
|
|
lsa_dissect_lsargetsystemaccessaccount_reply },
|
|
|
|
{ LSA_LSARSETSYSTEMACCESSACCOUNT, "LsarSetSystemAccessAccount",
|
|
|
|
lsa_dissect_lsarsetsystemaccessaccount_rqst,
|
|
|
|
lsa_dissect_lsarsetsystemaccessaccount_reply },
|
|
|
|
{ LSA_LSAROPENTRUSTEDDOMAIN, "LsarOpenTrustedDomain",
|
|
|
|
lsa_dissect_lsaropentrusteddomain_rqst,
|
|
|
|
lsa_dissect_lsaropentrusteddomain_reply },
|
|
|
|
{ LSA_LSARQUERYINFOTRUSTEDDOMAIN, "LsarQueryInfoTrustedDomain",
|
|
|
|
lsa_dissect_lsarqueryinfotrusteddomain_rqst,
|
|
|
|
lsa_dissect_lsarqueryinfotrusteddomain_reply },
|
|
|
|
{ LSA_LSARSETINFORMATIONTRUSTEDDOMAIN, "LsarSetInformationTrustedDomain",
|
|
|
|
lsa_dissect_lsarsetinformationtrusteddomain_rqst,
|
|
|
|
lsa_dissect_lsarsetinformationtrusteddomain_reply },
|
|
|
|
{ LSA_LSAROPENSECRET, "LsarOpenSecret",
|
|
|
|
lsa_dissect_lsaropensecret_rqst,
|
|
|
|
lsa_dissect_lsaropensecret_reply },
|
|
|
|
{ LSA_LSARSETSECRET, "LsarSetSecret",
|
|
|
|
lsa_dissect_lsarsetsecret_rqst,
|
|
|
|
lsa_dissect_lsarsetsecret_reply },
|
|
|
|
{ LSA_LSARQUERYSECRET, "LsarQuerySecret",
|
|
|
|
lsa_dissect_lsarquerysecret_rqst,
|
|
|
|
lsa_dissect_lsarquerysecret_reply },
|
|
|
|
{ LSA_LSARLOOKUPPRIVILEGEVALUE, "LsarLookupPrivilegeValue",
|
|
|
|
lsa_dissect_lsarlookupprivilegevalue_rqst,
|
|
|
|
lsa_dissect_lsarlookupprivilegevalue_reply },
|
|
|
|
{ LSA_LSARLOOKUPPRIVILEGENAME, "LsarLookupPrivilegeName",
|
|
|
|
lsa_dissect_lsarlookupprivilegename_rqst,
|
|
|
|
lsa_dissect_lsarlookupprivilegename_reply },
|
|
|
|
{ LSA_LSARLOOKUPPRIVILEGEDISPLAYNAME, "LsarLookupPrivilegeDisplayName",
|
|
|
|
lsa_dissect_lsarlookupprivilegedisplayname_rqst,
|
|
|
|
lsa_dissect_lsarlookupprivilegedisplayname_reply },
|
|
|
|
{ LSA_LSARDELETEOBJECT, "LsarDeleteObject",
|
|
|
|
lsa_dissect_lsardeleteobject_rqst,
|
|
|
|
lsa_dissect_lsardeleteobject_reply },
|
|
|
|
{ LSA_LSARENUMERATEACCOUNTSWITHUSERRIGHT, "LsarEnumerateAccountsWithUserRight",
|
|
|
|
lsa_dissect_lsarenumerateaccountswithuserright_rqst,
|
|
|
|
lsa_dissect_lsarenumerateaccountswithuserright_reply },
|
|
|
|
{ LSA_LSARENUMERATEACCOUNTRIGHTS, "LsarEnumerateAccountRights",
|
|
|
|
lsa_dissect_lsarenumerateaccountrights_rqst,
|
|
|
|
lsa_dissect_lsarenumerateaccountrights_reply },
|
|
|
|
{ LSA_LSARADDACCOUNTRIGHTS, "LsarAddAccountRights",
|
|
|
|
lsa_dissect_lsaraddaccountrights_rqst,
|
|
|
|
lsa_dissect_lsaraddaccountrights_reply },
|
|
|
|
{ LSA_LSARREMOVEACCOUNTRIGHTS, "LsarRemoveAccountRights",
|
|
|
|
lsa_dissect_lsarremoveaccountrights_rqst,
|
|
|
|
lsa_dissect_lsarremoveaccountrights_reply },
|
|
|
|
{ LSA_LSARQUERYTRUSTEDDOMAININFO, "LsarQueryTrustedDomainInfo",
|
|
|
|
lsa_dissect_lsarquerytrusteddomaininfo_rqst,
|
|
|
|
lsa_dissect_lsarquerytrusteddomaininfo_reply },
|
|
|
|
{ LSA_LSARSETTRUSTEDDOMAININFO, "LsarSetTrustedDomainInfo",
|
|
|
|
lsa_dissect_lsarsettrusteddomaininfo_rqst,
|
|
|
|
lsa_dissect_lsarsettrusteddomaininfo_reply },
|
|
|
|
{ LSA_LSARDELETETRUSTEDDOMAIN, "LsarDeleteTrustedDomain",
|
|
|
|
lsa_dissect_lsardeletetrusteddomain_rqst,
|
|
|
|
lsa_dissect_lsardeletetrusteddomain_reply },
|
|
|
|
{ LSA_LSARSTOREPRIVATEDATA, "LsarStorePrivateData",
|
|
|
|
lsa_dissect_lsarstoreprivatedata_rqst,
|
|
|
|
lsa_dissect_lsarstoreprivatedata_reply },
|
|
|
|
{ LSA_LSARRETRIEVEPRIVATEDATA, "LsarRetrievePrivateData",
|
|
|
|
lsa_dissect_lsarretrieveprivatedata_rqst,
|
|
|
|
lsa_dissect_lsarretrieveprivatedata_reply },
|
|
|
|
{ LSA_LSAROPENPOLICY2, "LsarOpenPolicy2",
|
|
|
|
lsa_dissect_lsaropenpolicy2_rqst,
|
|
|
|
lsa_dissect_lsaropenpolicy2_reply },
|
2003-09-29 00:01:27 +00:00
|
|
|
{ LSA_LSARGETUSERNAME, "LsarGetUserName",
|
2003-09-23 12:06:20 +00:00
|
|
|
lsa_dissect_lsargetusername_rqst,
|
|
|
|
lsa_dissect_lsargetusername_reply },
|
|
|
|
{ LSA_LSARQUERYINFORMATIONPOLICY2, "LsarQueryInformationPolicy2",
|
|
|
|
lsa_dissect_lsarqueryinformationpolicy2_rqst,
|
|
|
|
lsa_dissect_lsarqueryinformationpolicy2_reply },
|
|
|
|
{ LSA_LSARSETINFORMATIONPOLICY2, "LsarSetInformationPolicy2",
|
|
|
|
lsa_dissect_lsarsetinformationpolicy2_rqst,
|
|
|
|
lsa_dissect_lsarsetinformationpolicy2_reply },
|
|
|
|
{ LSA_LSARQUERYTRUSTEDDOMAININFOBYNAME, "LsarQueryTrustedDomainInfoByName",
|
|
|
|
lsa_dissect_lsarquerytrusteddomaininfobyname_rqst,
|
|
|
|
lsa_dissect_lsarquerytrusteddomaininfobyname_reply },
|
|
|
|
{ LSA_LSARSETTRUSTEDDOMAININFOBYNAME, "LsarSetTrustedDomainInfoByName",
|
|
|
|
lsa_dissect_lsarsettrusteddomaininfobyname_rqst,
|
|
|
|
lsa_dissect_lsarsettrusteddomaininfobyname_reply },
|
|
|
|
{ LSA_LSARENUMERATETRUSTEDDOMAINSEX, "LsarEnumerateTrustedDomainsEx",
|
|
|
|
lsa_dissect_lsarenumeratetrusteddomainsex_rqst,
|
|
|
|
lsa_dissect_lsarenumeratetrusteddomainsex_reply },
|
|
|
|
{ LSA_LSARCREATETRUSTEDDOMAINEX, "LsarCreateTrustedDomainEx",
|
|
|
|
lsa_dissect_lsarcreatetrusteddomainex_rqst,
|
|
|
|
lsa_dissect_lsarcreatetrusteddomainex_reply },
|
|
|
|
{ LSA_LSARCLOSETRUSTEDDOMAINEX, "LsarCloseTrustedDomainEx",
|
|
|
|
lsa_dissect_lsarclosetrusteddomainex_rqst,
|
|
|
|
lsa_dissect_lsarclosetrusteddomainex_reply },
|
|
|
|
{ LSA_LSARQUERYDOMAININFORMATIONPOLICY, "LsarQueryDomainInformationPolicy",
|
|
|
|
lsa_dissect_lsarquerydomaininformationpolicy_rqst,
|
|
|
|
lsa_dissect_lsarquerydomaininformationpolicy_reply },
|
|
|
|
{ LSA_LSARSETDOMAININFORMATIONPOLICY, "LsarSetDomainInformationPolicy",
|
|
|
|
lsa_dissect_lsarsetdomaininformationpolicy_rqst,
|
|
|
|
lsa_dissect_lsarsetdomaininformationpolicy_reply },
|
|
|
|
{ LSA_LSAROPENTRUSTEDDOMAINBYNAME, "LsarOpenTrustedDomainByName",
|
|
|
|
lsa_dissect_lsaropentrusteddomainbyname_rqst,
|
|
|
|
lsa_dissect_lsaropentrusteddomainbyname_reply },
|
2003-09-29 00:01:27 +00:00
|
|
|
{ LSA_LSARTESTCALL, "LsarTestCall",
|
|
|
|
lsa_dissect_lsartestcall_rqst,
|
|
|
|
lsa_dissect_lsartestcall_reply },
|
2003-09-23 12:06:20 +00:00
|
|
|
{ LSA_LSARLOOKUPSIDS2, "LsarLookupSids2",
|
|
|
|
lsa_dissect_lsarlookupsids2_rqst,
|
|
|
|
lsa_dissect_lsarlookupsids2_reply },
|
|
|
|
{ LSA_LSARLOOKUPNAMES2, "LsarLookupNames2",
|
|
|
|
lsa_dissect_lsarlookupnames2_rqst,
|
|
|
|
lsa_dissect_lsarlookupnames2_reply },
|
2003-09-29 00:01:27 +00:00
|
|
|
{ LSA_LSARCREATETRUSTEDDOMAINEX2, "LsarCreateTrustedDomainEx2",
|
|
|
|
lsa_dissect_lsarcreatetrusteddomainex2_rqst,
|
|
|
|
lsa_dissect_lsarcreatetrusteddomainex2_reply },
|
|
|
|
{ LSA_CREDRWRITE, "CredrWrite", NULL, NULL },
|
|
|
|
{ LSA_CREDRREAD, "CredrRead", NULL, NULL },
|
|
|
|
{ LSA_CREDRENUMERATE, "CredrEnumerate", NULL, NULL },
|
|
|
|
{ LSA_CREDRWRITEDOMAINCREDENTIALS, "CredrWriteDomainCredentials",
|
|
|
|
NULL, NULL },
|
|
|
|
{ LSA_CREDRREADDOMAINCREDENTIALS, "CredrReadDomainCredentials",
|
|
|
|
NULL, NULL },
|
|
|
|
{ LSA_CREDRDELETE, "CredrDelete", NULL, NULL },
|
|
|
|
{ LSA_CREDRGETTARGETINFO, "CredrGetTargetInfo", NULL, NULL },
|
|
|
|
{ LSA_CREDRPROFILELOADED, "CredrProfileLoaded", NULL, NULL },
|
2008-09-29 22:10:40 +00:00
|
|
|
{ LSA_LSARLOOKUPNAMES3, "LsarLookupNames3",
|
|
|
|
lsa_dissect_lsarlookupnames3_rqst,
|
|
|
|
lsa_dissect_lsarlookupnames3_reply },
|
2003-09-29 00:01:27 +00:00
|
|
|
{ LSA_CREDRGETSESSIONTYPES, "CredrGetSessionTypes", NULL, NULL },
|
|
|
|
{ LSA_LSARREGISTERAUDITEVENT, "LsarRegisterAuditEvent", NULL, NULL },
|
|
|
|
{ LSA_LSARGENAUDITEVENT, "LsarGenAuditEvent", NULL, NULL },
|
|
|
|
{ LSA_LSARUNREGISTERAUDITEVENT, "LsarUnregisterAuditEvent", NULL, NULL},
|
|
|
|
{ LSA_LSARQUERYFORESTTRUSTINFORMATION,
|
|
|
|
"LsarQueryForestTrustInformation", NULL, NULL },
|
|
|
|
{ LSA_LSARSETFORESTTRUSTINFORMATION, "LsarSetForestTrustInformation",
|
|
|
|
NULL, NULL },
|
|
|
|
{ LSA_CREDRRENAME, "CredrRename", NULL, NULL },
|
|
|
|
{ LSA_LSARLOOKUPSIDS3, "LsarLookupSids3", NULL, NULL },
|
|
|
|
{ LSA_LSARLOOKUPNAMES4, "LsarLookupNames4", NULL, NULL },
|
|
|
|
{ LSA_LSAROPENPOLICYSCE, "LsarOpenPolicySce", NULL, NULL },
|
|
|
|
{ LSA_LSARADTREGISTERSECURITYEVENTSOURCE,
|
|
|
|
"LsarAdtRegisterSecurityEventSource", NULL, NULL },
|
|
|
|
{ LSA_LSARADTUNREGISTERSECURITYEVENTSOURCE,
|
|
|
|
"LsarAdtUnregisterSecurityEventSource", NULL, NULL },
|
|
|
|
{ LSA_LSARADTREPORTSECURITYEVENT, "LsarAdtReportSecurityEvent",
|
|
|
|
NULL, NULL },
|
2002-05-31 00:31:13 +00:00
|
|
|
{0, NULL, NULL, NULL}
|
2002-04-17 09:24:09 +00:00
|
|
|
};
|
2001-12-16 20:17:10 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
void
|
2001-11-21 02:08:57 +00:00
|
|
|
proto_register_dcerpc_lsa(void)
|
2001-11-12 08:58:45 +00:00
|
|
|
{
|
2002-04-17 09:24:09 +00:00
|
|
|
static hf_register_info hf[] = {
|
2002-06-24 00:03:18 +00:00
|
|
|
|
|
|
|
{ &hf_lsa_opnum,
|
2003-06-26 04:30:31 +00:00
|
|
|
{ "Operation", "lsa.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "Operation", HFILL }},
|
2002-06-24 00:03:18 +00:00
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
{ &hf_lsa_unknown_string,
|
|
|
|
{ "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
|
2006-05-21 04:49:01 +00:00
|
|
|
NULL, 0, "Unknown string. If you know what this is, contact wireshark developers.", HFILL }},
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
{ &hf_lsa_hnd,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "LSA policy handle", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_server,
|
|
|
|
{ "Server", "lsa.server", FT_STRING, BASE_NONE,
|
|
|
|
NULL, 0, "Name of Server", HFILL }},
|
|
|
|
|
2002-04-28 10:09:25 +00:00
|
|
|
{ &hf_lsa_controller,
|
|
|
|
{ "Controller", "lsa.controller", FT_STRING, BASE_NONE,
|
|
|
|
NULL, 0, "Name of Domain Controller", HFILL }},
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
{ &hf_lsa_unknown_hyper,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
|
2006-05-21 04:49:01 +00:00
|
|
|
NULL, 0x0, "Unknown hyper. If you know what this is, contact wireshark developers.", HFILL }},
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
{ &hf_lsa_unknown_long,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
|
2006-05-21 04:49:01 +00:00
|
|
|
NULL, 0x0, "Unknown long. If you know what this is, contact wireshark developers.", HFILL }},
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
{ &hf_lsa_unknown_short,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
|
2006-05-21 04:49:01 +00:00
|
|
|
NULL, 0x0, "Unknown short. If you know what this is, contact wireshark developers.", HFILL }},
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
{ &hf_lsa_unknown_char,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
|
2006-05-21 04:49:01 +00:00
|
|
|
NULL, 0x0, "Unknown char. If you know what this is, contact wireshark developers.", HFILL }},
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
{ &hf_lsa_rc,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
|
2002-04-17 09:24:09 +00:00
|
|
|
VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_obj_attr,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "LSA Attributes", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_obj_attr_len,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Length of object attribute structure", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_obj_attr_name,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Name of object attribute", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_access_mask,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "LSA Access Mask", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_info_level,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Information level of requested data", HFILL }},
|
|
|
|
|
2002-04-28 10:09:25 +00:00
|
|
|
{ &hf_lsa_trusted_info_level,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
|
2002-04-28 10:09:25 +00:00
|
|
|
VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
{ &hf_lsa_sd_size,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Size of lsa security descriptor", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_qos_len,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Length of quality of service structure", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_qos_impersonation_level,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
|
2002-04-22 07:45:38 +00:00
|
|
|
VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
{ &hf_lsa_qos_track_context,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_qos_effective_only,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_pali_percent_full,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "How full audit log is in percentage", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_pali_log_size,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Size of audit log", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_pali_retention_period,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_pali_time_to_shutdown,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Time to shutdown", HFILL }},
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
{ &hf_lsa_pali_shutdown_in_progress,
|
|
|
|
{ "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_pali_next_audit_record,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Next audit record", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_paei_enabled,
|
2004-06-28 05:29:21 +00:00
|
|
|
{ "Auditing enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
|
|
|
|
NULL, 0x0, "If Security auditing is enabled or not", HFILL }},
|
2002-04-17 09:24:09 +00:00
|
|
|
|
|
|
|
{ &hf_lsa_paei_settings,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Audit Events Information settings", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_count,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Count", "lsa.count", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Count of objects", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_max_count,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "", HFILL }},
|
|
|
|
|
2003-05-22 11:03:15 +00:00
|
|
|
{ &hf_lsa_fqdomain,
|
|
|
|
{ "FQDN", "lsa.fqdn_domain", FT_STRING, BASE_NONE,
|
|
|
|
NULL, 0x0, "Fully Qualified Domain Name", HFILL }},
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
{ &hf_lsa_domain,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Domain", "lsa.domain", FT_STRING, BASE_NONE,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Domain", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_acct,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Account", "lsa.acct", FT_STRING, BASE_NONE,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Account", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_source,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Source", "lsa.source", FT_STRING, BASE_NONE,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Replica Source", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_server_role,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_quota_paged_pool,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_quota_non_paged_pool,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_quota_min_wss,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Size of Quota Min WSS", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_quota_max_wss,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Size of Quota Max WSS", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_quota_pagefile,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Size of quota pagefile usage", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_mod_seq_no,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Sequence number for this modification", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_mod_mtime,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Time when this modification occured", HFILL }},
|
|
|
|
|
2002-04-28 10:24:40 +00:00
|
|
|
{ &hf_lsa_cur_mtime,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
|
2002-04-28 10:24:40 +00:00
|
|
|
NULL, 0x0, "Current MTime to set", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_old_mtime,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
|
2002-04-28 10:24:40 +00:00
|
|
|
NULL, 0x0, "Old MTime for this object", HFILL }},
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
{ &hf_lsa_name,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Name", "lsa.name", FT_STRING, BASE_NONE,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "", HFILL }},
|
|
|
|
|
2002-05-02 06:21:52 +00:00
|
|
|
{ &hf_lsa_key,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Key", "lsa.key", FT_STRING, BASE_NONE,
|
2002-05-02 06:21:52 +00:00
|
|
|
NULL, 0x0, "", HFILL }},
|
|
|
|
|
2002-04-28 10:09:25 +00:00
|
|
|
{ &hf_lsa_flat_name,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
|
2002-04-28 10:09:25 +00:00
|
|
|
NULL, 0x0, "", HFILL }},
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
{ &hf_lsa_forest,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Forest", "lsa.forest", FT_STRING, BASE_NONE,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_info_type,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_new_pwd,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "New password", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_old_pwd,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "Old password", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_sid_type,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_rid,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "RID", "lsa.rid", FT_UINT32, BASE_HEX,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "RID", HFILL }},
|
|
|
|
|
2002-04-28 10:09:25 +00:00
|
|
|
{ &hf_lsa_rid_offset,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
|
2002-04-28 10:09:25 +00:00
|
|
|
NULL, 0x0, "RID Offset", HFILL }},
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
{ &hf_lsa_index,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Index", "lsa.index", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_num_mapped,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
NULL, 0x0, "", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_policy_information_class,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
|
2002-04-17 09:24:09 +00:00
|
|
|
VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_secret,
|
|
|
|
{ "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX,
|
|
|
|
NULL, 0, "", HFILL }},
|
|
|
|
|
2002-04-28 10:09:25 +00:00
|
|
|
{ &hf_lsa_auth_blob,
|
|
|
|
{ "Auth blob", "lsa.auth.blob", FT_BYTES, BASE_HEX,
|
|
|
|
NULL, 0, "", HFILL }},
|
|
|
|
|
2002-04-17 10:29:09 +00:00
|
|
|
{ &hf_nt_luid_high,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "High", "nt.luid.high", FT_UINT32, BASE_HEX,
|
2002-04-17 10:29:09 +00:00
|
|
|
NULL, 0x0, "LUID High component", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_nt_luid_low,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
|
2002-04-17 10:29:09 +00:00
|
|
|
NULL, 0x0, "LUID Low component", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_size,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Size", "lsa.size", FT_UINT32, BASE_DEC,
|
2002-04-17 10:29:09 +00:00
|
|
|
NULL, 0x0, "", HFILL }},
|
|
|
|
|
2002-05-02 06:13:07 +00:00
|
|
|
{ &hf_lsa_size16,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Size", "lsa.size", FT_UINT16, BASE_DEC,
|
2002-05-02 06:13:07 +00:00
|
|
|
NULL, 0x0, "", HFILL }},
|
|
|
|
|
2003-09-03 09:48:50 +00:00
|
|
|
{ &hf_lsa_privilege_display_name_size,
|
|
|
|
{ "Size Needed", "lsa.privilege.display__name.size", FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0x0, "Number of characters in the privilege display name", HFILL }},
|
2002-05-02 06:13:07 +00:00
|
|
|
|
2002-04-17 10:29:09 +00:00
|
|
|
{ &hf_lsa_privilege_name,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
|
2002-04-17 10:29:09 +00:00
|
|
|
NULL, 0x0, "LSA Privilege Name", HFILL }},
|
|
|
|
|
2003-09-03 09:48:50 +00:00
|
|
|
{ &hf_lsa_privilege_display_name,
|
|
|
|
{ "Display Name", "lsa.privilege.display_name", FT_STRING, BASE_NONE,
|
|
|
|
NULL, 0x0, "LSA Privilege Display Name", HFILL }},
|
|
|
|
|
2002-04-28 10:33:30 +00:00
|
|
|
{ &hf_lsa_rights,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Rights", "lsa.rights", FT_STRING, BASE_NONE,
|
2002-04-28 10:33:30 +00:00
|
|
|
NULL, 0x0, "Account Rights", HFILL }},
|
|
|
|
|
2003-05-22 11:03:15 +00:00
|
|
|
{ &hf_lsa_policy_information,
|
|
|
|
{ "POLICY INFO", "lsa.policy_information", FT_NONE, BASE_NONE,
|
|
|
|
NULL, 0x0, "Policy Information union", HFILL }},
|
|
|
|
|
2002-04-17 11:01:38 +00:00
|
|
|
{ &hf_lsa_attr,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
|
2002-04-17 11:01:38 +00:00
|
|
|
NULL, 0x0, "LSA Attributes", HFILL }},
|
|
|
|
|
2002-04-28 10:09:25 +00:00
|
|
|
{ &hf_lsa_auth_update,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
|
2002-04-28 10:09:25 +00:00
|
|
|
NULL, 0x0, "LSA Auth Info update", HFILL }},
|
|
|
|
|
2002-04-18 10:40:30 +00:00
|
|
|
{ &hf_lsa_resume_handle,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
|
2002-04-18 10:40:30 +00:00
|
|
|
NULL, 0x0, "Resume Handle", HFILL }},
|
|
|
|
|
2002-04-28 10:09:25 +00:00
|
|
|
{ &hf_lsa_trust_direction,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
|
2002-04-28 10:09:25 +00:00
|
|
|
VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_trust_type,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
|
2002-04-28 10:09:25 +00:00
|
|
|
VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_trust_attr,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
|
2002-04-28 10:09:25 +00:00
|
|
|
NULL, 0x0, "Trust attributes", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_trust_attr_non_trans,
|
|
|
|
{ "Non Transitive", "lsa.trust.attr.non_trans", FT_BOOLEAN, 32,
|
|
|
|
TFS(&tfs_trust_attr_non_trans), 0x00000001, "Non Transitive trust", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_trust_attr_uplevel_only,
|
|
|
|
{ "Upleve only", "lsa.trust.attr.uplevel_only", FT_BOOLEAN, 32,
|
|
|
|
TFS(&tfs_trust_attr_uplevel_only), 0x00000002, "Uplevel only trust", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_trust_attr_tree_parent,
|
|
|
|
{ "Tree Parent", "lsa.trust.attr.tree_parent", FT_BOOLEAN, 32,
|
|
|
|
TFS(&tfs_trust_attr_tree_parent), 0x00400000, "Tree Parent trust", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_trust_attr_tree_root,
|
|
|
|
{ "Tree Root", "lsa.trust.attr.tree_root", FT_BOOLEAN, 32,
|
|
|
|
TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_auth_type,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
|
2002-04-28 10:09:25 +00:00
|
|
|
NULL, 0x0, "Auth Info type", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_lsa_auth_len,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
|
2002-04-28 10:09:25 +00:00
|
|
|
NULL, 0x0, "Auth Info len", HFILL }},
|
|
|
|
|
2002-04-29 06:23:03 +00:00
|
|
|
{ &hf_lsa_remove_all,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
|
2002-08-21 21:31:15 +00:00
|
|
|
NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }},
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2002-08-21 21:31:15 +00:00
|
|
|
{ &hf_view_local_info,
|
2004-06-05 02:40:23 +00:00
|
|
|
{ "View non-sensitive policy information", "lsa.access_mask.view_local_info",
|
2002-08-28 21:04:11 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_LOCAL_INFORMATION,
|
2004-06-05 02:40:23 +00:00
|
|
|
"View non-sensitive policy information", HFILL }},
|
2002-08-21 21:31:15 +00:00
|
|
|
|
|
|
|
{ &hf_view_audit_info,
|
2004-06-05 02:40:23 +00:00
|
|
|
{ "View system audit requirements", "lsa.access_mask.view_audit_info",
|
2002-08-28 21:04:11 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_AUDIT_INFORMATION,
|
2004-06-05 02:40:23 +00:00
|
|
|
"View system audit requirements", HFILL }},
|
2002-08-21 21:31:15 +00:00
|
|
|
|
|
|
|
{ &hf_get_private_info,
|
2004-06-05 02:40:23 +00:00
|
|
|
{ "Get sensitive policy information", "lsa.access_mask.get_privateinfo",
|
2002-08-28 21:04:11 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_GET_PRIVATE_INFORMATION,
|
2004-06-05 02:40:23 +00:00
|
|
|
"Get sensitive policy information", HFILL }},
|
2002-08-21 21:31:15 +00:00
|
|
|
|
|
|
|
{ &hf_trust_admin,
|
2004-06-05 02:40:23 +00:00
|
|
|
{ "Modify domain trust relationships", "lsa.access_mask.trust_admin",
|
2002-08-28 21:04:11 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_TRUST_ADMIN,
|
2004-06-05 02:40:23 +00:00
|
|
|
"Modify domain trust relationships", HFILL }},
|
2002-08-21 21:31:15 +00:00
|
|
|
|
|
|
|
{ &hf_create_account,
|
2004-06-05 02:40:23 +00:00
|
|
|
{ "Create special accounts (for assignment of user rights)", "lsa.access_mask.create_account",
|
2002-08-28 21:04:11 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_ACCOUNT,
|
2004-06-05 02:40:23 +00:00
|
|
|
"Create special accounts (for assignment of user rights)", HFILL }},
|
2002-08-21 21:31:15 +00:00
|
|
|
|
|
|
|
{ &hf_create_secret,
|
2004-06-05 02:40:23 +00:00
|
|
|
{ "Create a secret object", "lsa.access_mask.create_secret",
|
2002-08-28 21:04:11 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_SECRET,
|
2004-06-05 02:40:23 +00:00
|
|
|
"Create a secret object", HFILL }},
|
2002-08-21 21:31:15 +00:00
|
|
|
|
|
|
|
{ &hf_create_priv,
|
2004-06-05 02:40:23 +00:00
|
|
|
{ "Create a privilege", "lsa.access_mask.create_priv",
|
2002-08-28 21:04:11 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_PRIVILEGE,
|
2004-06-05 02:40:23 +00:00
|
|
|
"Create a privilege", HFILL }},
|
2002-08-21 21:31:15 +00:00
|
|
|
|
|
|
|
{ &hf_set_default_quota_limits,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Set default quota limits", "lsa.access_mask.set_default_quota_limits",
|
|
|
|
FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_DEFAULT_QUOTA_LIMITS,
|
2002-08-21 21:31:15 +00:00
|
|
|
"Set default quota limits", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_set_audit_requirements,
|
2004-06-05 02:40:23 +00:00
|
|
|
{ "Change system audit requirements", "lsa.access_mask.set_audit_requirements",
|
2002-08-28 21:04:11 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_AUDIT_REQUIREMENTS,
|
2004-06-05 02:40:23 +00:00
|
|
|
"Change system audit requirements", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_audit_log_admin,
|
|
|
|
{ "Administer audit log attributes", "lsa.access_mask.audit_log_admin",
|
|
|
|
FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_AUDIT_LOG_ADMIN,
|
|
|
|
"Administer audit log attributes", HFILL }},
|
2002-08-21 21:31:15 +00:00
|
|
|
|
|
|
|
{ &hf_server_admin,
|
2004-06-05 02:40:23 +00:00
|
|
|
{ "Enable/Disable LSA", "lsa.access_mask.server_admin",
|
2002-08-28 21:04:11 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SERVER_ADMIN,
|
2004-06-05 02:40:23 +00:00
|
|
|
"Enable/Disable LSA", HFILL }},
|
2002-08-21 21:31:15 +00:00
|
|
|
|
|
|
|
{ &hf_lookup_names,
|
2004-06-05 02:40:23 +00:00
|
|
|
{ "Lookup Names/SIDs", "lsa.access_mask.lookup_names",
|
2002-08-28 21:04:11 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_LOOKUP_NAMES,
|
2004-06-05 02:40:23 +00:00
|
|
|
"Lookup Names/SIDs", HFILL }}
|
2002-08-21 21:31:15 +00:00
|
|
|
};
|
2002-04-17 09:24:09 +00:00
|
|
|
|
2001-11-12 08:58:45 +00:00
|
|
|
static gint *ett[] = {
|
2002-04-17 09:24:09 +00:00
|
|
|
&ett_dcerpc_lsa,
|
|
|
|
&ett_lsa_OBJECT_ATTRIBUTES,
|
|
|
|
&ett_LSA_SECURITY_DESCRIPTOR,
|
|
|
|
&ett_lsa_policy_info,
|
|
|
|
&ett_lsa_policy_audit_log_info,
|
|
|
|
&ett_lsa_policy_audit_events_info,
|
|
|
|
&ett_lsa_policy_primary_domain_info,
|
|
|
|
&ett_lsa_policy_primary_account_info,
|
|
|
|
&ett_lsa_policy_server_role_info,
|
|
|
|
&ett_lsa_policy_replica_source_info,
|
|
|
|
&ett_lsa_policy_default_quota_info,
|
|
|
|
&ett_lsa_policy_modification_info,
|
|
|
|
&ett_lsa_policy_audit_full_set_info,
|
|
|
|
&ett_lsa_policy_audit_full_query_info,
|
|
|
|
&ett_lsa_policy_dns_domain_info,
|
|
|
|
&ett_lsa_translated_names,
|
|
|
|
&ett_lsa_translated_name,
|
|
|
|
&ett_lsa_referenced_domain_list,
|
|
|
|
&ett_lsa_trust_information,
|
2002-04-28 10:09:25 +00:00
|
|
|
&ett_lsa_trust_information_ex,
|
2002-04-17 10:29:09 +00:00
|
|
|
&ett_LUID,
|
|
|
|
&ett_LSA_PRIVILEGES,
|
|
|
|
&ett_LSA_PRIVILEGE,
|
2002-04-17 11:01:38 +00:00
|
|
|
&ett_LSA_LUID_AND_ATTRIBUTES_ARRAY,
|
|
|
|
&ett_LSA_LUID_AND_ATTRIBUTES,
|
2002-04-18 10:40:30 +00:00
|
|
|
&ett_LSA_TRUSTED_DOMAIN_LIST,
|
|
|
|
&ett_LSA_TRUSTED_DOMAIN,
|
2002-04-27 03:54:17 +00:00
|
|
|
&ett_LSA_TRANSLATED_SIDS,
|
2002-04-28 10:09:25 +00:00
|
|
|
&ett_lsa_trusted_domain_info,
|
|
|
|
&ett_lsa_trust_attr,
|
|
|
|
&ett_lsa_trusted_domain_auth_information,
|
2002-05-31 00:31:13 +00:00
|
|
|
&ett_lsa_auth_information
|
2001-11-12 08:58:45 +00:00
|
|
|
};
|
|
|
|
|
2001-11-21 02:08:57 +00:00
|
|
|
proto_dcerpc_lsa = proto_register_protocol(
|
2001-11-12 08:58:45 +00:00
|
|
|
"Microsoft Local Security Architecture", "LSA", "lsa");
|
|
|
|
|
2002-04-17 09:24:09 +00:00
|
|
|
proto_register_field_array (proto_dcerpc_lsa, hf, array_length (hf));
|
2001-11-12 08:58:45 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
|
|
}
|
|
|
|
|
2001-12-16 20:17:10 +00:00
|
|
|
/* Protocol handoff */
|
|
|
|
|
|
|
|
static e_uuid_t uuid_dcerpc_lsa = {
|
2002-08-28 21:04:11 +00:00
|
|
|
0x12345778, 0x1234, 0xabcd,
|
2001-12-16 20:17:10 +00:00
|
|
|
{ 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
|
|
|
|
};
|
|
|
|
|
|
|
|
static guint16 ver_dcerpc_lsa = 0;
|
|
|
|
|
2001-11-12 08:58:45 +00:00
|
|
|
void
|
2001-11-21 02:08:57 +00:00
|
|
|
proto_reg_handoff_dcerpc_lsa(void)
|
2001-11-12 08:58:45 +00:00
|
|
|
{
|
|
|
|
/* Register protocol as dcerpc */
|
|
|
|
|
2001-11-21 02:08:57 +00:00
|
|
|
dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
|
2002-06-24 00:03:18 +00:00
|
|
|
ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum);
|
2001-11-12 08:58:45 +00:00
|
|
|
}
|