e32a3b8a97
an array of samr_RidWithAttributeArray structures. Don't equate it to hf_samr_rid; that causes hf_samr_rid to be added as an item with a length of -1, but, as hf_samr_rid is an FT_UINT32 field, that causes a dissector bug error. The version of Yapp I was using, at least, didn't like C++-style comments in the IDL file; replace them with C-style comments. svn path=/trunk/; revision=35304
482 lines
23 KiB
INI
482 lines
23 KiB
INI
#
|
|
# policyhandle tracking
|
|
# This block is to specify where a policyhandle is opened and where it is
|
|
# closed so that policyhandles when dissected contain nice info such as
|
|
# [opened in xxx] [closed in yyy]
|
|
#
|
|
# Policyhandles are opened in these functions
|
|
PARAM_VALUE samr_dissect_element_Connect_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
|
|
PARAM_VALUE samr_dissect_element_OpenDomain_domain_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_DOMAIN
|
|
PARAM_VALUE samr_dissect_element_CreateDomainGroup_group_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_GROUP
|
|
PARAM_VALUE samr_dissect_element_CreateUser_user_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_USER
|
|
PARAM_VALUE samr_dissect_element_CreateDomAlias_alias_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_ALIAS
|
|
PARAM_VALUE samr_dissect_element_OpenGroup_group_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_GROUP
|
|
PARAM_VALUE samr_dissect_element_OpenAlias_alias_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_ALIAS
|
|
PARAM_VALUE samr_dissect_element_OpenUser_user_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_USER
|
|
PARAM_VALUE samr_dissect_element_CreateUser2_user_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_USER
|
|
PARAM_VALUE samr_dissect_element_Connect2_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
|
|
PARAM_VALUE samr_dissect_element_Connect3_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
|
|
PARAM_VALUE samr_dissect_element_Connect4_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
|
|
PARAM_VALUE samr_dissect_element_Connect5_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
|
|
# Policyhandles are closed in these functions
|
|
PARAM_VALUE samr_dissect_element_Close_handle_ PIDL_POLHND_CLOSE
|
|
PARAM_VALUE samr_dissect_element_Shutdown_connect_handle_ PIDL_POLHND_CLOSE
|
|
PARAM_VALUE samr_dissect_element_DeleteDomainGroup_group_handle_ PIDL_POLHND_CLOSE
|
|
PARAM_VALUE samr_dissect_element_DeleteDomAlias_alias_handle_ PIDL_POLHND_CLOSE
|
|
PARAM_VALUE samr_dissect_element_DeleteUser_user_handle_ PIDL_POLHND_CLOSE
|
|
|
|
|
|
|
|
#
|
|
# make sure all policy handles of the same type use the same filter name
|
|
#
|
|
HF_FIELD hf_samr_handle "Handle" "samr.handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
|
|
HF_RENAME hf_samr_samr_Close_handle hf_samr_handle
|
|
HF_RENAME hf_samr_samr_SetSecurity_handle hf_samr_handle
|
|
HF_RENAME hf_samr_samr_QuerySecurity_handle hf_samr_handle
|
|
|
|
HF_FIELD hf_samr_connect_handle "Connect Handle" "samr.connect_handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
|
|
HF_RENAME hf_samr_samr_Connect_connect_handle hf_samr_connect_handle
|
|
HF_RENAME hf_samr_samr_LookupDomain_connect_handle hf_samr_connect_handle
|
|
HF_RENAME hf_samr_samr_EnumDomain_connect_handle hf_samr_connect_handle
|
|
HF_RENAME hf_samr_samr_OpenDomain_connect_handle hf_samr_connect_handle
|
|
HF_RENAME hf_samr_samr_Shutdown_handle hf_samr_connect_handle
|
|
HF_RENAME hf_samr_samr_Connect2_connect_handle hf_samr_connect_handle
|
|
HF_RENAME hf_samr_samr_SetBootKeyInformation_connect_handle hf_samr_connect_handle
|
|
HF_RENAME hf_samr_samr_GetBootKeyInformation_connect_handle hf_samr_connect_handle
|
|
HF_RENAME hf_samr_samr_Connect3_connect_handle hf_samr_connect_handle
|
|
HF_RENAME hf_samr_samr_Connect4_connect_handle hf_samr_connect_handle
|
|
HF_RENAME hf_samr_samr_Connect5_connect_handle hf_samr_connect_handle
|
|
|
|
HF_FIELD hf_samr_domain_handle "Domain Handle" "samr.domain_handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
|
|
HF_RENAME hf_samr_samr_OpenDomain_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_QueryDomainInfo_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_SetDomainInfo_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_CreateDomainGroup_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_EnumDomainGroups_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_CreateUser_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_EnumDomainUsers_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_CreateDomAlias_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_EnumDomainAliases_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_GetAliasMembership_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_LookupNames_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_LookupRids_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_OpenGroup_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_OpenAlias_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_OpenUser_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_QueryDisplayInfo_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_GetDisplayEnumerationIndex_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_TestPrivateFunctionsDomain_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_RemoveMemberFromForeignDomain_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_QueryDomainInfo2_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_QueryDisplayInfo2_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_GetDisplayEnumerationIndex2_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_CreateUser2_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_QueryDisplayInfo3_domain_handle hf_samr_domain_handle
|
|
HF_RENAME hf_samr_samr_RidToSid_domain_handle hf_samr_domain_handle
|
|
|
|
HF_FIELD hf_samr_group_handle "Group Handle" "samr.group_handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
|
|
HF_RENAME hf_samr_samr_CreateDomainGroup_group_handle hf_samr_group_handle
|
|
HF_RENAME hf_samr_samr_OpenGroup_group_handle hf_samr_group_handle
|
|
HF_RENAME hf_samr_samr_QueryGroupInfo_group_handle hf_samr_group_handle
|
|
HF_RENAME hf_samr_samr_SetGroupInfo_group_handle hf_samr_group_handle
|
|
HF_RENAME hf_samr_samr_AddGroupMember_group_handle hf_samr_group_handle
|
|
HF_RENAME hf_samr_samr_DeleteDomainGroup_group_handle hf_samr_group_handle
|
|
HF_RENAME hf_samr_samr_DeleteGroupMember_group_handle hf_samr_group_handle
|
|
HF_RENAME hf_samr_samr_QueryGroupMember_group_handle hf_samr_group_handle
|
|
HF_RENAME hf_samr_samr_SetMemberAttributesOfGroup_group_handle hf_samr_group_handle
|
|
|
|
HF_FIELD hf_samr_user_handle "User Handle" "samr.user_handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
|
|
HF_RENAME hf_samr_samr_CreateUser_user_handle hf_samr_user_handle
|
|
HF_RENAME hf_samr_samr_OpenUser_user_handle hf_samr_user_handle
|
|
HF_RENAME hf_samr_samr_DeleteUser_user_handle hf_samr_user_handle
|
|
HF_RENAME hf_samr_samr_QueryUserInfo_user_handle hf_samr_user_handle
|
|
HF_RENAME hf_samr_samr_SetUserInfo_user_handle hf_samr_user_handle
|
|
HF_RENAME hf_samr_samr_ChangePasswordUser_user_handle hf_samr_user_handle
|
|
HF_RENAME hf_samr_samr_GetGroupsForUser_user_handle hf_samr_user_handle
|
|
HF_RENAME hf_samr_samr_TestPrivateFunctionsUser_user_handle hf_samr_user_handle
|
|
HF_RENAME hf_samr_samr_GetUserPwInfo_user_handle hf_samr_user_handle
|
|
HF_RENAME hf_samr_samr_QueryUserInfo2_user_handle hf_samr_user_handle
|
|
HF_RENAME hf_samr_samr_CreateUser2_user_handle hf_samr_user_handle
|
|
HF_RENAME hf_samr_samr_SetUserInfo2_user_handle hf_samr_user_handle
|
|
|
|
HF_FIELD hf_samr_alias_handle "Alias Handle" "samr.alias_handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
|
|
HF_RENAME hf_samr_samr_CreateDomAlias_alias_handle hf_samr_alias_handle
|
|
HF_RENAME hf_samr_samr_OpenAlias_alias_handle hf_samr_alias_handle
|
|
HF_RENAME hf_samr_samr_QueryAliasInfo_alias_handle hf_samr_alias_handle
|
|
HF_RENAME hf_samr_samr_SetAliasInfo_alias_handle hf_samr_alias_handle
|
|
HF_RENAME hf_samr_samr_DeleteDomAlias_alias_handle hf_samr_alias_handle
|
|
HF_RENAME hf_samr_samr_AddAliasMember_alias_handle hf_samr_alias_handle
|
|
HF_RENAME hf_samr_samr_DeleteAliasMember_alias_handle hf_samr_alias_handle
|
|
HF_RENAME hf_samr_samr_GetMembersInAlias_alias_handle hf_samr_alias_handle
|
|
HF_RENAME hf_samr_samr_AddMultipleMembersToAlias_alias_handle hf_samr_alias_handle
|
|
HF_RENAME hf_samr_samr_RemoveMultipleMembersFromAlias_alias_handle hf_samr_alias_handle
|
|
|
|
|
|
|
|
#
|
|
# make all rids use the same hf field
|
|
#
|
|
HF_FIELD hf_samr_rid "RID" "samr.rid" FT_UINT32 BASE_DEC NULL 0 "" "" ""
|
|
HF_RENAME hf_samr_samr_CreateDomainGroup_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_CreateUser_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_CreateDomAlias_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_Ids_ids hf_samr_rid
|
|
HF_RENAME hf_samr_samr_LookupRids_rids hf_samr_rid
|
|
HF_RENAME hf_samr_samr_OpenGroup_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_AddGroupMember_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_DeleteGroupMember_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_RidTypeArray_rids hf_samr_rid
|
|
HF_RENAME hf_samr_samr_OpenAlias_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_OpenUser_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_UserInfo3_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_UserInfo5_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_UserInfo21_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_RidWithAttribute_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_DispEntryGeneral_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_DispEntryFull_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_DispEntryFullGroup_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_CreateUser2_rid hf_samr_rid
|
|
HF_RENAME hf_samr_samr_RidToSid_rid hf_samr_rid
|
|
|
|
|
|
|
|
#
|
|
# Prettification the summary line and the dissection tree
|
|
#
|
|
PARAM_VALUE samr_dissect_element_SamArray_entries__ 3|PIDL_SET_COL_INFO
|
|
PARAM_VALUE samr_dissect_element_LookupDomain_domain_name_ 3|PIDL_SET_COL_INFO
|
|
PARAM_VALUE samr_dissect_element_GetDomPwInfo_domain_name_ 3|PIDL_SET_COL_INFO
|
|
PARAM_VALUE samr_dissect_element_CreateUser_account_name_ 3|PIDL_SET_COL_INFO|PIDL_STR_SAVE
|
|
PARAM_VALUE samr_dissect_element_CreateUser2_account_name_ 3|PIDL_SET_COL_INFO|PIDL_STR_SAVE
|
|
|
|
TYPE lsa_String "offset=dissect_ndr_lsa_String(tvb, offset, pinfo, tree, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 5
|
|
TYPE lsa_AsciiString "offset=cnf_dissect_lsa_AsciiString(tvb, offset, pinfo, tree, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 5
|
|
TYPE lsa_StringLarge "offset=dissect_ndr_lsa_String(tvb, offset, pinfo, tree, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 5
|
|
TYPE lsa_AsciiStringLarge "offset=cnf_dissect_lsa_AsciiString(tvb, offset, pinfo, tree, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 5
|
|
TYPE hyper "offset=cnf_dissect_hyper(tvb, offset, pinfo, tree, drep, @PARAM@, @HF@);" FT_UINT64 BASE_DEC 0 NULL 8
|
|
|
|
|
|
TYPE sec_desc_buf "offset=cnf_dissect_sec_desc_buf(tvb, offset, pinfo, tree, drep);" FT_NONE BASE_NONE 0 NULL 4
|
|
HF_FIELD hf_samr_sec_desc_buf_len "Sec Desc Buf Len" "samr.sec_desc_buf_len" FT_UINT32 BASE_DEC NULL 0 "" "" ""
|
|
|
|
TYPE dom_sid2 "offset=cnf_dissect_dom_sid2(tvb, offset, pinfo, tree, drep);" FT_NONE BASE_NONE 0 NULL 4
|
|
|
|
TYPE lsa_SidArray "offset=cnf_dissect_lsa_SidArray(tvb, offset, pinfo, tree, drep);" FT_NONE BASE_NONE 0 NULL 4
|
|
|
|
TYPE security_secinfo "offset=cnf_dissect_samr_security_secinfo(tvb, offset, pinfo, tree, drep);" FT_NONE BASE_NONE 0 NULL 4
|
|
|
|
#
|
|
# ConnectX access masks
|
|
#
|
|
MANUAL samr_dissect_bitmap_ConnectAccessMask
|
|
HF_FIELD hf_samr_connect_access_mask "Access Mask" "samr.connect.access_mask" FT_UINT32 BASE_HEX NULL 0 "" "" ""
|
|
HF_RENAME hf_samr_samr_Connect_access_mask hf_samr_connect_access_mask
|
|
HF_RENAME hf_samr_samr_Connect2_access_mask hf_samr_connect_access_mask
|
|
HF_RENAME hf_samr_samr_Connect3_access_mask hf_samr_connect_access_mask
|
|
HF_RENAME hf_samr_samr_Connect4_access_mask hf_samr_connect_access_mask
|
|
HF_RENAME hf_samr_samr_Connect5_access_mask hf_samr_connect_access_mask
|
|
#
|
|
# User access masks
|
|
#
|
|
MANUAL samr_dissect_bitmap_UserAccessMask
|
|
HF_FIELD hf_samr_user_access_mask "Access Mask" "samr.user.access_mask" FT_UINT32 BASE_HEX NULL 0 "" "" ""
|
|
HF_RENAME hf_samr_samr_CreateUser_access_mask hf_samr_user_access_mask
|
|
HF_RENAME hf_samr_samr_OpenUser_access_mask hf_samr_user_access_mask
|
|
HF_RENAME hf_samr_samr_CreateUser2_access_mask hf_samr_user_access_mask
|
|
#
|
|
# Domain access masks
|
|
#
|
|
MANUAL samr_dissect_bitmap_DomainAccessMask
|
|
HF_FIELD hf_samr_domain_access_mask "Access Mask" "samr.domain.access_mask" FT_UINT32 BASE_HEX NULL 0 "" "" ""
|
|
HF_RENAME hf_samr_samr_OpenDomain_access_mask hf_samr_domain_access_mask
|
|
#
|
|
# Group access masks
|
|
#
|
|
MANUAL samr_dissect_bitmap_GroupAccessMask
|
|
HF_FIELD hf_samr_group_access_mask "Access Mask" "samr.group.access_mask" FT_UINT32 BASE_HEX NULL 0 "" "" ""
|
|
HF_RENAME hf_samr_samr_CreateDomainGroup_access_mask hf_samr_group_access_mask
|
|
HF_RENAME hf_samr_samr_OpenGroup_access_mask hf_samr_group_access_mask
|
|
#
|
|
# Alias access masks
|
|
#
|
|
MANUAL samr_dissect_bitmap_AliasAccessMask
|
|
HF_FIELD hf_samr_alias_access_mask "Access Mask" "samr.alias.access_mask" FT_UINT32 BASE_HEX NULL 0 "" "" ""
|
|
HF_RENAME hf_samr_samr_CreateDomAlias_access_mask hf_samr_alias_access_mask
|
|
HF_RENAME hf_samr_samr_OpenAlias_access_mask hf_samr_alias_access_mask
|
|
|
|
|
|
CODE START
|
|
|
|
static void
|
|
samr_connect_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
|
|
{
|
|
proto_tree_add_boolean(tree, hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_LOOKUP_DOMAIN, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_ENUM_DOMAINS, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_CREATE_DOMAIN, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_INITIALIZE_SERVER, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_SHUTDOWN_SERVER, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_CONNECT_TO_SERVER, tvb, offset, 4, access);
|
|
}
|
|
|
|
struct access_mask_info samr_connect_access_mask_info = {
|
|
"SAMR Connect", /* Name of specific rights */
|
|
samr_connect_specific_rights, /* Dissection function */
|
|
NULL, /* Generic mapping table */
|
|
NULL /* Standard mapping table */
|
|
};
|
|
|
|
int
|
|
samr_dissect_bitmap_ConnectAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index _U_, guint32 param _U_)
|
|
{
|
|
offset = dissect_nt_access_mask(
|
|
tvb, offset, pinfo, tree, drep, hf_samr_connect_access_mask,
|
|
&samr_connect_access_mask_info, NULL);
|
|
return offset;
|
|
}
|
|
|
|
|
|
static void
|
|
samr_alias_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
|
|
{
|
|
proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_ADD_MEMBER, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_REMOVE_MEMBER, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_GET_MEMBERS, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_LOOKUP_INFO, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_SET_INFO, tvb, offset, 4, access);
|
|
}
|
|
|
|
struct access_mask_info samr_alias_access_mask_info = {
|
|
"SAMR Alias", /* Name of specific rights */
|
|
samr_alias_specific_rights, /* Dissection function */
|
|
NULL, /* Generic mapping table */
|
|
NULL /* Standard mapping table */
|
|
};
|
|
|
|
int
|
|
samr_dissect_bitmap_AliasAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index _U_, guint32 param _U_)
|
|
{
|
|
offset = dissect_nt_access_mask(
|
|
tvb, offset, pinfo, tree, drep, hf_samr_alias_access_mask,
|
|
&samr_alias_access_mask_info, NULL);
|
|
return offset;
|
|
}
|
|
|
|
|
|
static void
|
|
samr_group_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
|
|
{
|
|
proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_GET_MEMBERS, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_REMOVE_MEMBER, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_ADD_MEMBER, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_SET_INFO, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_LOOKUP_INFO, tvb, offset, 4, access);
|
|
}
|
|
|
|
struct access_mask_info samr_group_access_mask_info = {
|
|
"SAMR Group", /* Name of specific rights */
|
|
samr_group_specific_rights, /* Dissection function */
|
|
NULL, /* Generic mapping table */
|
|
NULL /* Standard mapping table */
|
|
};
|
|
|
|
int
|
|
samr_dissect_bitmap_GroupAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index _U_, guint32 param _U_)
|
|
{
|
|
offset = dissect_nt_access_mask(
|
|
tvb, offset, pinfo, tree, drep, hf_samr_group_access_mask,
|
|
&samr_group_access_mask_info, NULL);
|
|
return offset;
|
|
}
|
|
|
|
|
|
static void
|
|
samr_domain_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
|
|
{
|
|
proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_SET_INFO_1, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_SET_INFO_2, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_CREATE_USER, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_CREATE_GROUP, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_CREATE_ALIAS, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_SET_INFO_3, tvb, offset, 4, access);
|
|
}
|
|
|
|
struct access_mask_info samr_domain_access_mask_info = {
|
|
"SAMR Domain", /* Name of specific rights */
|
|
samr_domain_specific_rights, /* Dissection function */
|
|
NULL, /* Generic mapping table */
|
|
NULL /* Standard mapping table */
|
|
};
|
|
|
|
int
|
|
samr_dissect_bitmap_DomainAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index _U_, guint32 param _U_)
|
|
{
|
|
offset = dissect_nt_access_mask(
|
|
tvb, offset, pinfo, tree, drep, hf_samr_domain_access_mask,
|
|
&samr_domain_access_mask_info, NULL);
|
|
return offset;
|
|
}
|
|
|
|
|
|
static void
|
|
samr_user_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
|
|
{
|
|
proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_GROUPS, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_SET_PASSWORD, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_CHANGE_PASSWORD, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_SET_ATTRIBUTES, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_ATTRIBUTES, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_LOGONINFO, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_SET_LOC_COM, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_LOCALE, tvb, offset, 4, access);
|
|
proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_NAME_ETC, tvb, offset, 4, access);
|
|
}
|
|
|
|
struct access_mask_info samr_user_access_mask_info = {
|
|
"SAMR User", /* Name of specific rights */
|
|
samr_user_specific_rights, /* Dissection function */
|
|
NULL, /* Generic mapping table */
|
|
NULL /* Standard mapping table */
|
|
};
|
|
|
|
int
|
|
samr_dissect_bitmap_UserAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index _U_, guint32 param _U_)
|
|
{
|
|
offset = dissect_nt_access_mask(
|
|
tvb, offset, pinfo, tree, drep, hf_samr_user_access_mask,
|
|
&samr_user_access_mask_info, NULL);
|
|
return offset;
|
|
}
|
|
|
|
|
|
static int
|
|
cnf_dissect_lsa_AsciiString(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, guint32 param _U_, int hfindex)
|
|
{
|
|
offset = dissect_ndr_counted_ascii_string(tvb, offset, pinfo, tree, drep,
|
|
hfindex, 0);
|
|
|
|
return offset;
|
|
}
|
|
|
|
static int
|
|
cnf_dissect_hyper(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, guint32 param _U_, int hfindex)
|
|
{
|
|
offset = dissect_ndr_uint64(tvb, offset, pinfo, tree, drep, hfindex, NULL);
|
|
|
|
return offset;
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
cnf_dissect_sec_desc_buf_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
|
{
|
|
guint64 len;
|
|
dcerpc_info *di = NULL;
|
|
e_ctx_hnd *polhnd = NULL;
|
|
dcerpc_call_value *dcv = NULL;
|
|
guint32 type=0;
|
|
struct access_mask_info *ami=NULL;
|
|
|
|
di=pinfo->private_data;
|
|
|
|
if(di->conformant_run){
|
|
/*just a run to handle conformant arrays, nothing to dissect */
|
|
return offset;
|
|
}
|
|
|
|
offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep,
|
|
hf_samr_sec_desc_buf_len, &len);
|
|
|
|
dcv = (dcerpc_call_value *)di->call_data;
|
|
if(dcv){
|
|
polhnd = dcv->pol;
|
|
}
|
|
if(polhnd){
|
|
dcerpc_fetch_polhnd_data(polhnd, NULL, &type, NULL, NULL,
|
|
pinfo->fd->num);
|
|
}
|
|
switch(type){
|
|
case PIDL_POLHND_TYPE_SAMR_USER:
|
|
ami=&samr_user_access_mask_info;
|
|
break;
|
|
case PIDL_POLHND_TYPE_SAMR_CONNECT:
|
|
ami=&samr_connect_access_mask_info;
|
|
break;
|
|
case PIDL_POLHND_TYPE_SAMR_DOMAIN:
|
|
ami=&samr_domain_access_mask_info;
|
|
break;
|
|
case PIDL_POLHND_TYPE_SAMR_GROUP:
|
|
ami=&samr_group_access_mask_info;
|
|
break;
|
|
case PIDL_POLHND_TYPE_SAMR_ALIAS:
|
|
ami=&samr_alias_access_mask_info;
|
|
break;
|
|
}
|
|
|
|
dissect_nt_sec_desc(tvb, offset, pinfo, tree, drep, TRUE, (int)len, ami);
|
|
|
|
offset += (int)len;
|
|
|
|
return offset;
|
|
}
|
|
|
|
static int
|
|
cnf_dissect_sec_desc_buf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
|
{
|
|
guint64 len;
|
|
dcerpc_info *di;
|
|
|
|
di=pinfo->private_data;
|
|
if(di->conformant_run){
|
|
/*just a run to handle conformant arrays, nothing to dissect */
|
|
return offset;
|
|
}
|
|
|
|
offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep,
|
|
hf_samr_sec_desc_buf_len, &len);
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
cnf_dissect_sec_desc_buf_, NDR_POINTER_UNIQUE,
|
|
"SAM SECURITY DESCRIPTOR data:", -1);
|
|
|
|
return offset;
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
cnf_dissect_dom_sid2(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
|
{
|
|
offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
|
|
|
|
return offset;
|
|
}
|
|
|
|
static int
|
|
cnf_dissect_lsa_SidArray(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
|
{
|
|
offset = dissect_ndr_nt_PSID_ARRAY(tvb, offset, pinfo, tree, drep);
|
|
|
|
return offset;
|
|
}
|
|
|
|
|
|
static int
|
|
cnf_dissect_samr_security_secinfo(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, guint8 *drep _U_)
|
|
{
|
|
offset = dissect_nt_security_information(tvb, offset, tree);
|
|
|
|
return offset;
|
|
}
|
|
|
|
CODE END
|