| blob | b6be5239f0bfc30dbc7bcc005b6e615d2388abc9 |
1 #
2 # policyhandle tracking
3 # This block is to specify where a policyhandle is opened and where it is
4 # closed so that policyhandles when dissected contain nice info such as
5 # [opened in xxx] [closed in yyy]
6 #
7 # Policyhandles are opened in these functions
8 PARAM_VALUE samr_dissect_element_Connect_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
9 PARAM_VALUE samr_dissect_element_OpenDomain_domain_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_DOMAIN
10 PARAM_VALUE samr_dissect_element_CreateDomainGroup_group_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_GROUP
11 PARAM_VALUE samr_dissect_element_CreateUser_user_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_USER
12 PARAM_VALUE samr_dissect_element_CreateDomAlias_alias_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_ALIAS
13 PARAM_VALUE samr_dissect_element_OpenGroup_group_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_GROUP
14 PARAM_VALUE samr_dissect_element_OpenAlias_alias_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_ALIAS
15 PARAM_VALUE samr_dissect_element_OpenUser_user_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_USER
16 PARAM_VALUE samr_dissect_element_CreateUser2_user_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_USER
17 PARAM_VALUE samr_dissect_element_Connect2_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
18 PARAM_VALUE samr_dissect_element_Connect3_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
19 PARAM_VALUE samr_dissect_element_Connect4_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
20 PARAM_VALUE samr_dissect_element_Connect5_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
21 # Policyhandles are closed in these functions
22 PARAM_VALUE samr_dissect_element_Close_handle_ PIDL_POLHND_CLOSE
23 PARAM_VALUE samr_dissect_element_Shutdown_connect_handle_ PIDL_POLHND_CLOSE
24 PARAM_VALUE samr_dissect_element_DeleteDomainGroup_group_handle_ PIDL_POLHND_CLOSE
25 PARAM_VALUE samr_dissect_element_DeleteDomAlias_alias_handle_ PIDL_POLHND_CLOSE
26 PARAM_VALUE samr_dissect_element_DeleteUser_user_handle_ PIDL_POLHND_CLOSE
30 #
31 # make sure all policy handles of the same type use the same filter name
32 #
33 HF_FIELD hf_samr_handle "Handle" "samr.handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
34 HF_RENAME hf_samr_samr_Close_handle hf_samr_handle
35 HF_RENAME hf_samr_samr_SetSecurity_handle hf_samr_handle
36 HF_RENAME hf_samr_samr_QuerySecurity_handle hf_samr_handle
38 HF_FIELD hf_samr_connect_handle "Connect Handle" "samr.connect_handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
39 HF_RENAME hf_samr_samr_Connect_connect_handle hf_samr_connect_handle
40 HF_RENAME hf_samr_samr_LookupDomain_connect_handle hf_samr_connect_handle
41 HF_RENAME hf_samr_samr_EnumDomain_connect_handle hf_samr_connect_handle
42 HF_RENAME hf_samr_samr_OpenDomain_connect_handle hf_samr_connect_handle
43 HF_RENAME hf_samr_samr_Shutdown_handle hf_samr_connect_handle
44 HF_RENAME hf_samr_samr_Connect2_connect_handle hf_samr_connect_handle
45 HF_RENAME hf_samr_samr_SetBootKeyInformation_connect_handle hf_samr_connect_handle
46 HF_RENAME hf_samr_samr_GetBootKeyInformation_connect_handle hf_samr_connect_handle
47 HF_RENAME hf_samr_samr_Connect3_connect_handle hf_samr_connect_handle
48 HF_RENAME hf_samr_samr_Connect4_connect_handle hf_samr_connect_handle
49 HF_RENAME hf_samr_samr_Connect5_connect_handle hf_samr_connect_handle
51 HF_FIELD hf_samr_domain_handle "Domain Handle" "samr.domain_handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
52 HF_RENAME hf_samr_samr_OpenDomain_domain_handle hf_samr_domain_handle
53 HF_RENAME hf_samr_samr_QueryDomainInfo_domain_handle hf_samr_domain_handle
54 HF_RENAME hf_samr_samr_SetDomainInfo_domain_handle hf_samr_domain_handle
55 HF_RENAME hf_samr_samr_CreateDomainGroup_domain_handle hf_samr_domain_handle
56 HF_RENAME hf_samr_samr_EnumDomainGroups_domain_handle hf_samr_domain_handle
57 HF_RENAME hf_samr_samr_CreateUser_domain_handle hf_samr_domain_handle
58 HF_RENAME hf_samr_samr_EnumDomainUsers_domain_handle hf_samr_domain_handle
59 HF_RENAME hf_samr_samr_CreateDomAlias_domain_handle hf_samr_domain_handle
60 HF_RENAME hf_samr_samr_EnumDomainAliases_domain_handle hf_samr_domain_handle
61 HF_RENAME hf_samr_samr_GetAliasMembership_domain_handle hf_samr_domain_handle
62 HF_RENAME hf_samr_samr_LookupNames_domain_handle hf_samr_domain_handle
63 HF_RENAME hf_samr_samr_LookupRids_domain_handle hf_samr_domain_handle
64 HF_RENAME hf_samr_samr_OpenGroup_domain_handle hf_samr_domain_handle
65 HF_RENAME hf_samr_samr_OpenAlias_domain_handle hf_samr_domain_handle
66 HF_RENAME hf_samr_samr_OpenUser_domain_handle hf_samr_domain_handle
67 HF_RENAME hf_samr_samr_QueryDisplayInfo_domain_handle hf_samr_domain_handle
68 HF_RENAME hf_samr_samr_GetDisplayEnumerationIndex_domain_handle hf_samr_domain_handle
69 HF_RENAME hf_samr_samr_TestPrivateFunctionsDomain_domain_handle hf_samr_domain_handle
70 HF_RENAME hf_samr_samr_RemoveMemberFromForeignDomain_domain_handle hf_samr_domain_handle
71 HF_RENAME hf_samr_samr_QueryDomainInfo2_domain_handle hf_samr_domain_handle
72 HF_RENAME hf_samr_samr_QueryDisplayInfo2_domain_handle hf_samr_domain_handle
73 HF_RENAME hf_samr_samr_GetDisplayEnumerationIndex2_domain_handle hf_samr_domain_handle
74 HF_RENAME hf_samr_samr_CreateUser2_domain_handle hf_samr_domain_handle
75 HF_RENAME hf_samr_samr_QueryDisplayInfo3_domain_handle hf_samr_domain_handle
76 HF_RENAME hf_samr_samr_RidToSid_domain_handle hf_samr_domain_handle
78 HF_FIELD hf_samr_group_handle "Group Handle" "samr.group_handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
79 HF_RENAME hf_samr_samr_CreateDomainGroup_group_handle hf_samr_group_handle
80 HF_RENAME hf_samr_samr_OpenGroup_group_handle hf_samr_group_handle
81 HF_RENAME hf_samr_samr_QueryGroupInfo_group_handle hf_samr_group_handle
82 HF_RENAME hf_samr_samr_SetGroupInfo_group_handle hf_samr_group_handle
83 HF_RENAME hf_samr_samr_AddGroupMember_group_handle hf_samr_group_handle
84 HF_RENAME hf_samr_samr_DeleteDomainGroup_group_handle hf_samr_group_handle
85 HF_RENAME hf_samr_samr_DeleteGroupMember_group_handle hf_samr_group_handle
86 HF_RENAME hf_samr_samr_QueryGroupMember_group_handle hf_samr_group_handle
87 HF_RENAME hf_samr_samr_SetMemberAttributesOfGroup_group_handle hf_samr_group_handle
89 HF_FIELD hf_samr_user_handle "User Handle" "samr.user_handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
90 HF_RENAME hf_samr_samr_CreateUser_user_handle hf_samr_user_handle
91 HF_RENAME hf_samr_samr_OpenUser_user_handle hf_samr_user_handle
92 HF_RENAME hf_samr_samr_DeleteUser_user_handle hf_samr_user_handle
93 HF_RENAME hf_samr_samr_QueryUserInfo_user_handle hf_samr_user_handle
94 HF_RENAME hf_samr_samr_SetUserInfo_user_handle hf_samr_user_handle
95 HF_RENAME hf_samr_samr_ChangePasswordUser_user_handle hf_samr_user_handle
96 HF_RENAME hf_samr_samr_GetGroupsForUser_user_handle hf_samr_user_handle
97 HF_RENAME hf_samr_samr_TestPrivateFunctionsUser_user_handle hf_samr_user_handle
98 HF_RENAME hf_samr_samr_GetUserPwInfo_user_handle hf_samr_user_handle
99 HF_RENAME hf_samr_samr_QueryUserInfo2_user_handle hf_samr_user_handle
100 HF_RENAME hf_samr_samr_CreateUser2_user_handle hf_samr_user_handle
101 HF_RENAME hf_samr_samr_SetUserInfo2_user_handle hf_samr_user_handle
103 HF_FIELD hf_samr_alias_handle "Alias Handle" "samr.alias_handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
104 HF_RENAME hf_samr_samr_CreateDomAlias_alias_handle hf_samr_alias_handle
105 HF_RENAME hf_samr_samr_OpenAlias_alias_handle hf_samr_alias_handle
106 HF_RENAME hf_samr_samr_QueryAliasInfo_alias_handle hf_samr_alias_handle
107 HF_RENAME hf_samr_samr_SetAliasInfo_alias_handle hf_samr_alias_handle
108 HF_RENAME hf_samr_samr_DeleteDomAlias_alias_handle hf_samr_alias_handle
109 HF_RENAME hf_samr_samr_AddAliasMember_alias_handle hf_samr_alias_handle
110 HF_RENAME hf_samr_samr_DeleteAliasMember_alias_handle hf_samr_alias_handle
111 HF_RENAME hf_samr_samr_GetMembersInAlias_alias_handle hf_samr_alias_handle
112 HF_RENAME hf_samr_samr_AddMultipleMembersToAlias_alias_handle hf_samr_alias_handle
113 HF_RENAME hf_samr_samr_RemoveMultipleMembersFromAlias_alias_handle hf_samr_alias_handle
117 #
118 # make all rids use the same hf field
119 #
120 HF_FIELD hf_samr_rid "RID" "samr.rid" FT_UINT32 BASE_DEC NULL 0 "" "" ""
121 HF_RENAME hf_samr_samr_CreateDomainGroup_rid hf_samr_rid
122 HF_RENAME hf_samr_samr_CreateUser_rid hf_samr_rid
123 HF_RENAME hf_samr_samr_CreateDomAlias_rid hf_samr_rid
124 HF_RENAME hf_samr_samr_Ids_ids hf_samr_rid
125 HF_RENAME hf_samr_samr_LookupRids_rids hf_samr_rid
126 HF_RENAME hf_samr_samr_OpenGroup_rid hf_samr_rid
127 HF_RENAME hf_samr_samr_AddGroupMember_rid hf_samr_rid
128 HF_RENAME hf_samr_samr_DeleteGroupMember_rid hf_samr_rid
129 HF_RENAME hf_samr_samr_RidTypeArray_rids hf_samr_rid
130 HF_RENAME hf_samr_samr_OpenAlias_rid hf_samr_rid
131 HF_RENAME hf_samr_samr_OpenUser_rid hf_samr_rid
132 HF_RENAME hf_samr_samr_UserInfo3_rid hf_samr_rid
133 HF_RENAME hf_samr_samr_UserInfo5_rid hf_samr_rid
134 HF_RENAME hf_samr_samr_UserInfo21_rid hf_samr_rid
135 HF_RENAME hf_samr_samr_RidWithAttribute_rid hf_samr_rid
136 HF_RENAME hf_samr_samr_DispEntryGeneral_rid hf_samr_rid
137 HF_RENAME hf_samr_samr_DispEntryFull_rid hf_samr_rid
138 HF_RENAME hf_samr_samr_DispEntryFullGroup_rid hf_samr_rid
139 HF_RENAME hf_samr_samr_CreateUser2_rid hf_samr_rid
140 HF_RENAME hf_samr_samr_RidToSid_rid hf_samr_rid
144 #
145 # Prettification the summary line and the dissection tree
146 #
147 PARAM_VALUE samr_dissect_element_SamArray_entries__ 3|PIDL_SET_COL_INFO
148 PARAM_VALUE samr_dissect_element_LookupDomain_domain_name_ 3|PIDL_SET_COL_INFO
149 PARAM_VALUE samr_dissect_element_GetDomPwInfo_domain_name_ 3|PIDL_SET_COL_INFO
150 PARAM_VALUE samr_dissect_element_CreateUser_account_name_ 3|PIDL_SET_COL_INFO|PIDL_STR_SAVE
151 PARAM_VALUE samr_dissect_element_CreateUser2_account_name_ 3|PIDL_SET_COL_INFO|PIDL_STR_SAVE
153 TYPE lsa_String "offset=dissect_ndr_lsa_String(tvb, offset, pinfo, tree, di, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 5
154 TYPE lsa_AsciiString "offset=cnf_dissect_lsa_AsciiString(tvb, offset, pinfo, tree, di, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 5
155 TYPE lsa_StringLarge "offset=dissect_ndr_lsa_String(tvb, offset, pinfo, tree, di, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 5
156 TYPE lsa_AsciiStringLarge "offset=cnf_dissect_lsa_AsciiString(tvb, offset, pinfo, tree, di, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 5
157 TYPE lsa_BinaryString "offset=lsarpc_dissect_struct_lsa_BinaryString(tvb, offset, pinfo, tree, di, drep, @HF@, @PARAM@);" FT_STRING BASE_NONE 0 NULL 5
158 TYPE hyper "offset=cnf_dissect_hyper(tvb, offset, pinfo, tree, di, drep, @PARAM@, @HF@);" FT_UINT64 BASE_DEC 0 NULL 8
161 TYPE sec_desc_buf "offset=cnf_dissect_sec_desc_buf(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL 4
162 HF_FIELD hf_samr_sec_desc_buf_len "Sec Desc Buf Len" "samr.sec_desc_buf_len" FT_UINT32 BASE_DEC NULL 0 "" "" ""
164 TYPE dom_sid2 "offset=cnf_dissect_dom_sid2(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL 4
166 TYPE lsa_SidArray "offset=cnf_dissect_lsa_SidArray(tvb, offset, pinfo, tree, di, drep);" FT_NONE BASE_NONE 0 NULL 4
168 TYPE security_secinfo "offset=cnf_dissect_samr_security_secinfo(tvb, offset, pinfo, tree, drep);" FT_NONE BASE_NONE 0 NULL 4
170 #
171 # ConnectX access masks
172 #
173 MANUAL samr_dissect_bitmap_ConnectAccessMask
174 HF_FIELD hf_samr_connect_access_mask "Access Mask" "samr.connect.access_mask" FT_UINT32 BASE_HEX NULL 0 "" "" ""
175 HF_RENAME hf_samr_samr_Connect_access_mask hf_samr_connect_access_mask
176 HF_RENAME hf_samr_samr_Connect2_access_mask hf_samr_connect_access_mask
177 HF_RENAME hf_samr_samr_Connect3_access_mask hf_samr_connect_access_mask
178 HF_RENAME hf_samr_samr_Connect4_access_mask hf_samr_connect_access_mask
179 HF_RENAME hf_samr_samr_Connect5_access_mask hf_samr_connect_access_mask
180 #
181 # User access masks
182 #
183 MANUAL samr_dissect_bitmap_UserAccessMask
184 HF_FIELD hf_samr_user_access_mask "Access Mask" "samr.user.access_mask" FT_UINT32 BASE_HEX NULL 0 "" "" ""
185 HF_RENAME hf_samr_samr_CreateUser_access_mask hf_samr_user_access_mask
186 HF_RENAME hf_samr_samr_OpenUser_access_mask hf_samr_user_access_mask
187 HF_RENAME hf_samr_samr_CreateUser2_access_mask hf_samr_user_access_mask
188 #
189 # Domain access masks
190 #
191 MANUAL samr_dissect_bitmap_DomainAccessMask
192 HF_FIELD hf_samr_domain_access_mask "Access Mask" "samr.domain.access_mask" FT_UINT32 BASE_HEX NULL 0 "" "" ""
193 HF_RENAME hf_samr_samr_OpenDomain_access_mask hf_samr_domain_access_mask
194 #
195 # Group access masks
196 #
197 MANUAL samr_dissect_bitmap_GroupAccessMask
198 HF_FIELD hf_samr_group_access_mask "Access Mask" "samr.group.access_mask" FT_UINT32 BASE_HEX NULL 0 "" "" ""
199 HF_RENAME hf_samr_samr_CreateDomainGroup_access_mask hf_samr_group_access_mask
200 HF_RENAME hf_samr_samr_OpenGroup_access_mask hf_samr_group_access_mask
201 #
202 # Alias access masks
203 #
204 MANUAL samr_dissect_bitmap_AliasAccessMask
205 HF_FIELD hf_samr_alias_access_mask "Access Mask" "samr.alias.access_mask" FT_UINT32 BASE_HEX NULL 0 "" "" ""
206 HF_RENAME hf_samr_samr_CreateDomAlias_access_mask hf_samr_alias_access_mask
207 HF_RENAME hf_samr_samr_OpenAlias_access_mask hf_samr_alias_access_mask
210 CODE START
211 #include "packet-dcerpc-lsa.h"
213 static void
214 samr_connect_specific_rights(tvbuff_t *tvb, int offset, proto_tree *tree, uint32_t access)
215 {
216 static int* const access_flags[] = {
217 &hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_LOOKUP_DOMAIN,
218 &hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_ENUM_DOMAINS,
219 &hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_CREATE_DOMAIN,
220 &hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_INITIALIZE_SERVER,
221 &hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_SHUTDOWN_SERVER,
222 &hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_CONNECT_TO_SERVER,
223 NULL
224 };
226 proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access);
227 }
229 static struct access_mask_info samr_connect_access_mask_info = {
230 "SAMR Connect", /* Name of specific rights */
231 samr_connect_specific_rights, /* Dissection function */
232 NULL, /* Generic mapping table */
233 NULL /* Standard mapping table */
234 };
236 int
237 samr_dissect_bitmap_ConnectAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, int hf_index _U_, uint32_t param _U_)
238 {
239 offset = dissect_nt_access_mask(
240 tvb, offset, pinfo, tree, di, drep, hf_samr_connect_access_mask,
241 &samr_connect_access_mask_info, NULL);
242 return offset;
243 }
246 static void
247 samr_alias_specific_rights(tvbuff_t *tvb, int offset, proto_tree *tree, uint32_t access)
248 {
249 static int* const access_flags[] = {
250 &hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_ADD_MEMBER,
251 &hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_REMOVE_MEMBER,
252 &hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_GET_MEMBERS,
253 &hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_LOOKUP_INFO,
254 &hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_SET_INFO,
255 NULL
256 };
258 proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access);
259 }
261 static struct access_mask_info samr_alias_access_mask_info = {
262 "SAMR Alias", /* Name of specific rights */
263 samr_alias_specific_rights, /* Dissection function */
264 NULL, /* Generic mapping table */
265 NULL /* Standard mapping table */
266 };
268 int
269 samr_dissect_bitmap_AliasAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, int hf_index _U_, uint32_t param _U_)
270 {
271 offset = dissect_nt_access_mask(
272 tvb, offset, pinfo, tree, di, drep, hf_samr_alias_access_mask,
273 &samr_alias_access_mask_info, NULL);
274 return offset;
275 }
278 static void
279 samr_group_specific_rights(tvbuff_t *tvb, int offset, proto_tree *tree, uint32_t access)
280 {
281 static int* const access_flags[] = {
282 &hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_GET_MEMBERS,
283 &hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_REMOVE_MEMBER,
284 &hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_ADD_MEMBER,
285 &hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_SET_INFO,
286 &hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_LOOKUP_INFO,
287 NULL
288 };
290 proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access);
291 }
293 static struct access_mask_info samr_group_access_mask_info = {
294 "SAMR Group", /* Name of specific rights */
295 samr_group_specific_rights, /* Dissection function */
296 NULL, /* Generic mapping table */
297 NULL /* Standard mapping table */
298 };
300 int
301 samr_dissect_bitmap_GroupAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, int hf_index _U_, uint32_t param _U_)
302 {
303 offset = dissect_nt_access_mask(
304 tvb, offset, pinfo, tree, di, drep, hf_samr_group_access_mask,
305 &samr_group_access_mask_info, NULL);
306 return offset;
307 }
310 static void
311 samr_domain_specific_rights(tvbuff_t *tvb, int offset, proto_tree *tree, uint32_t access)
312 {
313 static int* const access_flags[] = {
314 &hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1,
315 &hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_SET_INFO_1,
316 &hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2,
317 &hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_SET_INFO_2,
318 &hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_CREATE_USER,
319 &hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_CREATE_GROUP,
320 &hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_CREATE_ALIAS,
321 &hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
322 &hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
323 &hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
324 &hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_SET_INFO_3,
325 NULL
326 };
328 proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access);
329 }
331 static struct access_mask_info samr_domain_access_mask_info = {
332 "SAMR Domain", /* Name of specific rights */
333 samr_domain_specific_rights, /* Dissection function */
334 NULL, /* Generic mapping table */
335 NULL /* Standard mapping table */
336 };
338 int
339 samr_dissect_bitmap_DomainAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, int hf_index _U_, uint32_t param _U_)
340 {
341 offset = dissect_nt_access_mask(
342 tvb, offset, pinfo, tree, di, drep, hf_samr_domain_access_mask,
343 &samr_domain_access_mask_info, NULL);
344 return offset;
345 }
348 static void
349 samr_user_specific_rights(tvbuff_t *tvb, int offset, proto_tree *tree, uint32_t access)
350 {
351 static int* const access_flags[] = {
352 &hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP,
353 &hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP,
354 &hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_GROUPS,
355 &hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_SET_PASSWORD,
356 &hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_CHANGE_PASSWORD,
357 &hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_SET_ATTRIBUTES,
358 &hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_ATTRIBUTES,
359 &hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_LOGONINFO,
360 &hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_SET_LOC_COM,
361 &hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_LOCALE,
362 &hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_NAME_ETC,
363 NULL
364 };
366 proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access);
367 }
369 static struct access_mask_info samr_user_access_mask_info = {
370 "SAMR User", /* Name of specific rights */
371 samr_user_specific_rights, /* Dissection function */
372 NULL, /* Generic mapping table */
373 NULL /* Standard mapping table */
374 };
376 int
377 samr_dissect_bitmap_UserAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, int hf_index _U_, uint32_t param _U_)
378 {
379 offset = dissect_nt_access_mask(
380 tvb, offset, pinfo, tree, di, drep, hf_samr_user_access_mask,
381 &samr_user_access_mask_info, NULL);
382 return offset;
383 }
386 static int
387 cnf_dissect_lsa_AsciiString(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, uint32_t param _U_, int hfindex)
388 {
389 offset = dissect_ndr_counted_ascii_string(tvb, offset, pinfo, tree, di, drep,
390 hfindex, 0);
392 return offset;
393 }
395 static int
396 cnf_dissect_hyper(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, uint32_t param _U_, int hfindex)
397 {
398 offset = dissect_ndr_uint64(tvb, offset, pinfo, tree, di, drep, hfindex, NULL);
400 return offset;
401 }
406 static int
407 cnf_dissect_sec_desc_buf_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep)
408 {
409 uint64_t len;
410 e_ctx_hnd *polhnd = NULL;
411 dcerpc_call_value *dcv = NULL;
412 uint32_t type=0;
413 struct access_mask_info *ami=NULL;
415 if(di->conformant_run){
416 /*just a run to handle conformant arrays, nothing to dissect */
417 return offset;
418 }
420 offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, di, drep,
421 hf_samr_sec_desc_buf_len, &len);
423 dcv = (dcerpc_call_value *)di->call_data;
424 if(dcv){
425 polhnd = dcv->pol;
426 }
427 if(polhnd){
428 dcerpc_fetch_polhnd_data(polhnd, NULL, &type, NULL, NULL,
429 pinfo->num);
430 }
431 switch(type){
432 case PIDL_POLHND_TYPE_SAMR_USER:
433 ami=&samr_user_access_mask_info;
434 break;
435 case PIDL_POLHND_TYPE_SAMR_CONNECT:
436 ami=&samr_connect_access_mask_info;
437 break;
438 case PIDL_POLHND_TYPE_SAMR_DOMAIN:
439 ami=&samr_domain_access_mask_info;
440 break;
441 case PIDL_POLHND_TYPE_SAMR_GROUP:
442 ami=&samr_group_access_mask_info;
443 break;
444 case PIDL_POLHND_TYPE_SAMR_ALIAS:
445 ami=&samr_alias_access_mask_info;
446 break;
447 }
449 dissect_nt_sec_desc(tvb, offset, pinfo, tree, drep, true, (int)len, ami);
451 offset += (int)len;
453 return offset;
454 }
456 static int
457 cnf_dissect_sec_desc_buf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep)
458 {
459 uint64_t len;
461 if(di->conformant_run){
462 /*just a run to handle conformant arrays, nothing to dissect */
463 return offset;
464 }
466 offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, di, drep,
467 hf_samr_sec_desc_buf_len, &len);
469 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
470 cnf_dissect_sec_desc_buf_, NDR_POINTER_UNIQUE,
471 "SAM SECURITY DESCRIPTOR data:", -1);
473 return offset;
474 }
478 static int
479 cnf_dissect_dom_sid2(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep)
480 {
481 offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, di, drep);
483 return offset;
484 }
486 static int
487 cnf_dissect_lsa_SidArray(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep)
488 {
489 offset = dissect_ndr_nt_PSID_ARRAY(tvb, offset, pinfo, tree, di, drep);
491 return offset;
492 }
495 static int
496 cnf_dissect_samr_security_secinfo(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, uint8_t *drep _U_)
497 {
498 offset = dissect_nt_security_information(tvb, offset, tree);
500 return offset;
501 }
503 CODE END