rename dcerpc_smb_store_pol_name to dcerpc_store_polhnd_name

rename dcerpc_smb_fetch_pol  to dcerpc_fetch_polhnd_data and also make 
it take an additional parameter to return the "type" of the policy 
handle, if such a type was stored.

extend the pol_value structure used to track policy handles to also 
store a type to represent what created the policy handle
types could be USER/ALIAS/CONNECT/... etc handles returned from the 
SAMR interface

add a new helper function  dcerpc_store_polhnd_type()

track policy handles between request/responses for dcerpc

update the samr.cnf file to make the samr dissectors for
SetSecurity/QuerySecurity dissect the specific bits for the security 
descriptor correctly based on whether the policy handle refers to a 
CONNECT/DOMAIN/USER/ALIAS or GROUP



svn path=/trunk/; revision=22703

11 files changed, 205 insertions, 74 deletions

diff --git a/epan/dissectors/packet-dcerpc-lsa.c b/epan/dissectors/packet-dcerpc-lsa.c
index 9c406961db..40e07471db 100644
--- a/epan/dissectors/packet-dcerpc-lsa.c
+++ b/epan/dissectors/packet-dcerpc-lsa.c
@@ -604,7 +604,7 @@ lsa_dissect_lsaropenpolicy_reply(tvbuff_t *tvb, int offset,
 		tvb, offset, pinfo, tree, drep, hf_lsa_rc, &status);
 
 	if (status == 0) {
-		dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
+		dcerpc_store_polhnd_name(&policy_hnd, pinfo,
 					  "OpenPolicy handle");
 
 		if (hnd_item != NULL)
@@ -671,7 +671,7 @@ lsa_dissect_lsaropenpolicy2_reply(tvbuff_t *tvb, int offset,
 			pol_name = "Unknown OpenPolicy2() handle";
 		}
 		if(!pinfo->fd->flags.visited){
-			dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
+			dcerpc_store_polhnd_name(&policy_hnd, pinfo, pol_name);
 		}
 
 		if(hnd_item)
diff --git a/epan/dissectors/packet-dcerpc-nt.c b/epan/dissectors/packet-dcerpc-nt.c
index ebae197a04..a94526566a 100644
--- a/epan/dissectors/packet-dcerpc-nt.c
+++ b/epan/dissectors/packet-dcerpc-nt.c
@@ -400,14 +400,6 @@ typedef struct {
 	guint8 policy_hnd[20];
 } pol_hash_key;
 
-typedef struct pol_value {
-	struct pol_value *next;          /* Next entry in hash bucket */
-	guint32 open_frame, close_frame; /* Frame numbers for open/close */
-	guint32 first_frame;             /* First frame in which this instance was seen */
-	guint32 last_frame;              /* Last frame in which this instance was seen */
-	char *name;			 /* Name of policy handle */
-} pol_value;
-
 typedef struct {
 	pol_value *list;                 /* List of policy handle entries */
 } pol_hash_value;
@@ -612,15 +604,43 @@ void dcerpc_smb_store_pol_pkts(e_ctx_hnd *policy_hnd, packet_info *pinfo,
 	pol->close_frame = is_close ? pinfo->fd->num : 0;
 	pol->first_frame = pinfo->fd->num;
 	pol->last_frame = pol->close_frame;	/* if 0, unknown; if non-0, known */
-
+	pol->type=0;
 	pol->name = NULL;
 
 	add_pol_handle(policy_hnd, pinfo->fd->num, pol, value);
 }
 
-/* Store a text string with a policy handle */
+/* Store the type of a policy handle */
+static void dcerpc_store_polhnd_type(e_ctx_hnd *policy_hnd, packet_info *pinfo,
+			       guint32 type)
+{
+	pol_hash_value *value;
+	pol_value *pol;
+
+	/*
+	 * By the time the first pass is done, the policy handle database
+	 * has been completely constructed.  If we've already seen this
+	 * frame, there's nothing to do.
+	 */
+	if (pinfo->fd->flags.visited)
+		return;
+
+	if (is_null_pol(policy_hnd))
+		return;
+
+	/* Look up existing value */
+	pol = find_pol_handle(policy_hnd, pinfo->fd->num, &value);
 
-void dcerpc_smb_store_pol_name(e_ctx_hnd *policy_hnd, packet_info *pinfo,
+	if (pol != NULL) {
+		/*
+		 * Update the existing value as appropriate.
+		 */
+		pol->type=type;
+	}
+}
+
+/* Store a text string with a policy handle */
+void dcerpc_store_polhnd_name(e_ctx_hnd *policy_hnd, packet_info *pinfo,
 			       const char *name)
 {
 	pol_hash_value *value;
@@ -666,7 +686,7 @@ void dcerpc_smb_store_pol_name(e_ctx_hnd *policy_hnd, packet_info *pinfo,
 	pol->close_frame = 0;
 	pol->first_frame = pinfo->fd->num;
 	pol->last_frame = 0;
-
+	pol->type = 0;
 	if (name)
 		pol->name = strdup(name);
 	else
@@ -683,7 +703,8 @@ void dcerpc_smb_store_pol_name(e_ctx_hnd *policy_hnd, packet_info *pinfo,
  * close operations?
  */
 
-gboolean dcerpc_smb_fetch_pol(e_ctx_hnd *policy_hnd, char **name,
+gboolean dcerpc_fetch_polhnd_data(e_ctx_hnd *policy_hnd, 
+			      char **name, guint32 *type,
 			      guint32 *open_frame, guint32 *close_frame,
 			      guint32 cur_frame)
 {
@@ -695,12 +716,15 @@ gboolean dcerpc_smb_fetch_pol(e_ctx_hnd *policy_hnd, char **name,
 	if (name)
 		*name = NULL;
 
+	if (type)
+		*type = 0;
+
 	if (open_frame)
 		*open_frame = 0;
 
 	if (close_frame)
 		*close_frame = 0;
-
+	
 	/* Look up existing value */
 	pol = find_pol_handle(policy_hnd, cur_frame, &value);
 
@@ -708,6 +732,9 @@ gboolean dcerpc_smb_fetch_pol(e_ctx_hnd *policy_hnd, char **name,
 		if (name)
 			*name = pol->name;
 
+		if (type)
+			*type = pol->type;
+
 		if (open_frame)
 			*open_frame = pol->open_frame;
 
@@ -872,9 +899,8 @@ dissect_nt_hnd(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 	dcerpc_smb_store_pol_pkts(&hnd, pinfo, is_open, is_close);
 
 	/* Insert open/close/name information if known */
-
-	if (dcerpc_smb_fetch_pol(&hnd, &name, &open_frame, &close_frame,
-	    pinfo->fd->num)) {
+	if (dcerpc_fetch_polhnd_data(&hnd, &name, NULL, &open_frame, 
+			&close_frame, pinfo->fd->num)) {
 
 		if (open_frame) {
 			proto_item *item;
@@ -973,7 +999,19 @@ PIDL_dissect_policy_hnd(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 			pol_name="<...>";
 		}
 		pol_string=ep_strdup_printf("%s(%s)", pinfo->dcerpc_procedure_name, pol_name);
-		dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_string);
+		dcerpc_store_polhnd_name(&policy_hnd, pinfo, pol_string);
+		dcerpc_store_polhnd_type(&policy_hnd, pinfo, param&PIDL_POLHND_TYPE_MASK);
+	}
+
+	/* Track this policy handle for the response */
+	if(!pinfo->fd->flags.visited
+	&& !di->conformant_run){
+		dcerpc_call_value *dcv;
+
+		dcv = (dcerpc_call_value *)di->call_data;
+		if(!dcv->pol){
+			dcv->pol=se_memdup(&policy_hnd, sizeof(e_ctx_hnd));
+		}
 	}
 
 	return offset;
diff --git a/epan/dissectors/packet-dcerpc-nt.h b/epan/dissectors/packet-dcerpc-nt.h
index bc64b3e9f0..1e63e1dc9e 100644
--- a/epan/dissectors/packet-dcerpc-nt.h
+++ b/epan/dissectors/packet-dcerpc-nt.h
@@ -162,13 +162,13 @@ dcerpc_smb_store_pol_pkts(e_ctx_hnd *policy_hnd, packet_info *pinfo,
 /* Store a name with a policy handle */
 
 void
-dcerpc_smb_store_pol_name(e_ctx_hnd *policy_hnd, packet_info *pinfo,
+dcerpc_store_polhnd_name(e_ctx_hnd *policy_hnd, packet_info *pinfo,
 			  const char *name);
 
 /* Fetch details stored with a policy handle */
 
 gboolean
-dcerpc_smb_fetch_pol(e_ctx_hnd *policy_hnd, char **name,
+dcerpc_fetch_polhnd_data(e_ctx_hnd *policy_hnd, char **name, guint32 *type,
 		     guint32 *open_frame, guint32 *close_frame,
 		     guint32 cur_frame);
 
@@ -236,8 +236,8 @@ int dissect_ndr_str_pointer_item(tvbuff_t *tvb, gint offset,
 
 /* Number of levels to go up appending string to pointer item */
 #define CB_STR_ITEM_LEVELS(x)	((x) & 0xFFFF)
-#define CB_STR_COL_INFO 0x10000	/* Append string to COL_INFO */
-#define CB_STR_SAVE     0x20000	/* Save string to dcv->private_data */
+#define CB_STR_SAVE     0x20000000	/* Save string to dcv->private_data */
+#define CB_STR_COL_INFO 0x10000000	/* Append string to COL_INFO */
 
 void cb_wstr_postprocess(packet_info *pinfo, proto_tree *tree _U_,
 			proto_item *item, tvbuff_t *tvb, 
@@ -252,4 +252,5 @@ void cb_str_postprocess(packet_info *pinfo, proto_tree *tree _U_,
 
 void dcerpc_smb_init(int proto_dcerpc);
 
+
 #endif /* packet-dcerpc-nt.h */
diff --git a/epan/dissectors/packet-dcerpc-samr.c b/epan/dissectors/packet-dcerpc-samr.c
index 3ba55d57f4..c28a2b3c30 100644
--- a/epan/dissectors/packet-dcerpc-samr.c
+++ b/epan/dissectors/packet-dcerpc-samr.c
@@ -1853,7 +1853,11 @@ static int
 cnf_dissect_sec_desc_buf_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
 	guint32 len;
-	dcerpc_info *di;
+	dcerpc_info *di = NULL;
+	e_ctx_hnd *polhnd = NULL;
+	dcerpc_call_value *dcv = NULL;
+	guint32 type=0;
+	struct access_mask_info *ami=NULL;
 	di=pinfo->private_data;
 	if(di->conformant_run){
 		/*just a run to handle conformant arrays, nothing to dissect */
@@ -1861,8 +1865,34 @@ cnf_dissect_sec_desc_buf_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_t
 	}
 	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 		hf_samr_sec_desc_buf_len, &len);
-	dissect_nt_sec_desc(tvb, offset, pinfo, tree, drep, TRUE, len,
-		NULL);
+	if(di){
+		dcv = (dcerpc_call_value *)di->call_data;
+	}
+	if(dcv){
+		polhnd = dcv->pol;
+	}
+	if(polhnd){
+		dcerpc_fetch_polhnd_data(polhnd, NULL, &type, NULL, NULL,
+					pinfo->fd->num);
+	}
+	switch(type){
+	case PIDL_POLHND_TYPE_SAMR_USER:
+		ami=&samr_user_access_mask_info;
+		break;
+	case PIDL_POLHND_TYPE_SAMR_CONNECT:
+		ami=&samr_connect_access_mask_info;
+		break;
+	case PIDL_POLHND_TYPE_SAMR_DOMAIN:
+		ami=&samr_domain_access_mask_info;
+		break;
+	case PIDL_POLHND_TYPE_SAMR_GROUP:
+		ami=&samr_group_access_mask_info;
+		break;
+	case PIDL_POLHND_TYPE_SAMR_ALIAS:
+		ami=&samr_alias_access_mask_info;
+		break;
+	}
+	dissect_nt_sec_desc(tvb, offset, pinfo, tree, drep, TRUE, len, ami);
 	offset += len;
 	return offset;
 }
@@ -7547,7 +7577,7 @@ samr_dissect_element_Connect_connect_handle(tvbuff_t *tvb _U_, int offset _U_, p
 static int
 samr_dissect_element_Connect_connect_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_connect_handle, PIDL_POLHND_OPEN);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_connect_handle, PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT);
 
 	return offset;
 }
@@ -8063,7 +8093,7 @@ samr_dissect_element_OpenDomain_domain_handle(tvbuff_t *tvb _U_, int offset _U_,
 static int
 samr_dissect_element_OpenDomain_domain_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_domain_handle, PIDL_POLHND_OPEN);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_domain_handle, PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_DOMAIN);
 
 	return offset;
 }
@@ -8303,7 +8333,7 @@ samr_dissect_element_CreateDomainGroup_group_handle(tvbuff_t *tvb _U_, int offse
 static int
 samr_dissect_element_CreateDomainGroup_group_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_group_handle, PIDL_POLHND_OPEN);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_group_handle, PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_GROUP);
 
 	return offset;
 }
@@ -8524,7 +8554,7 @@ samr_dissect_element_CreateUser_user_handle(tvbuff_t *tvb _U_, int offset _U_, p
 static int
 samr_dissect_element_CreateUser_user_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_user_handle, PIDL_POLHND_OPEN);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_user_handle, PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_USER);
 
 	return offset;
 }
@@ -8756,7 +8786,7 @@ samr_dissect_element_CreateDomAlias_alias_handle(tvbuff_t *tvb _U_, int offset _
 static int
 samr_dissect_element_CreateDomAlias_alias_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_alias_handle, PIDL_POLHND_OPEN);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_alias_handle, PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_ALIAS);
 
 	return offset;
 }
@@ -9261,7 +9291,7 @@ samr_dissect_element_OpenGroup_group_handle(tvbuff_t *tvb _U_, int offset _U_, p
 static int
 samr_dissect_element_OpenGroup_group_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_group_handle, PIDL_POLHND_OPEN);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_group_handle, PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_GROUP);
 
 	return offset;
 }
@@ -9786,7 +9816,7 @@ samr_dissect_element_OpenAlias_alias_handle(tvbuff_t *tvb _U_, int offset _U_, p
 static int
 samr_dissect_element_OpenAlias_alias_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_alias_handle, PIDL_POLHND_OPEN);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_alias_handle, PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_ALIAS);
 
 	return offset;
 }
@@ -10243,7 +10273,7 @@ samr_dissect_element_OpenUser_user_handle(tvbuff_t *tvb _U_, int offset _U_, pac
 static int
 samr_dissect_element_OpenUser_user_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_user_handle, PIDL_POLHND_OPEN);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_user_handle, PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_USER);
 
 	return offset;
 }
@@ -11552,7 +11582,7 @@ samr_dissect_element_CreateUser2_user_handle(tvbuff_t *tvb _U_, int offset _U_,
 static int
 samr_dissect_element_CreateUser2_user_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_user_handle, PIDL_POLHND_OPEN);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_user_handle, PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_USER);
 
 	return offset;
 }
@@ -12226,7 +12256,7 @@ samr_dissect_element_Connect2_connect_handle(tvbuff_t *tvb _U_, int offset _U_,
 static int
 samr_dissect_element_Connect2_connect_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_connect_handle, PIDL_POLHND_OPEN);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_connect_handle, PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT);
 
 	return offset;
 }
@@ -12515,7 +12545,7 @@ samr_dissect_element_Connect3_connect_handle(tvbuff_t *tvb _U_, int offset _U_,
 static int
 samr_dissect_element_Connect3_connect_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_connect_handle, PIDL_POLHND_OPEN);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_connect_handle, PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT);
 
 	return offset;
 }
@@ -12603,7 +12633,7 @@ samr_dissect_element_Connect4_connect_handle(tvbuff_t *tvb _U_, int offset _U_,
 static int
 samr_dissect_element_Connect4_connect_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_connect_handle, PIDL_POLHND_OPEN);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_connect_handle, PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT);
 
 	return offset;
 }
@@ -12915,7 +12945,7 @@ samr_dissect_element_Connect5_connect_handle(tvbuff_t *tvb _U_, int offset _U_,
 static int
 samr_dissect_element_Connect5_connect_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_connect_handle, PIDL_POLHND_OPEN);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_samr_connect_handle, PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT);
 
 	return offset;
 }
diff --git a/epan/dissectors/packet-dcerpc-spoolss.c b/epan/dissectors/packet-dcerpc-spoolss.c
index e3f8b7785c..d226bad2ce 100644
--- a/epan/dissectors/packet-dcerpc-spoolss.c
+++ b/epan/dissectors/packet-dcerpc-spoolss.c
@@ -584,7 +584,7 @@ static int SpoolssClosePrinter_q(tvbuff_t *tvb, int offset,
 		tvb, offset, pinfo, tree, drep, hf_hnd, &policy_hnd, NULL,
 		FALSE, TRUE);
 
-	dcerpc_smb_fetch_pol(&policy_hnd, &pol_name, NULL, NULL,
+	dcerpc_fetch_polhnd_data(&policy_hnd, &pol_name, NULL, NULL, NULL,
 			     pinfo->fd->num);
 
 	if (check_col(pinfo->cinfo, COL_INFO) && pol_name)
@@ -2600,7 +2600,7 @@ static int SpoolssOpenPrinterEx_r(tvbuff_t *tvb, int offset,
 			pol_name = "Unknown OpenPrinterEx() handle";
 		}
 		if(!pinfo->fd->flags.visited){
-			dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
+			dcerpc_store_polhnd_name(&policy_hnd, pinfo, pol_name);
 		}
 
 		if(hnd_item)
@@ -3224,7 +3224,7 @@ static int SpoolssReplyOpenPrinter_r(tvbuff_t *tvb, int offset,
 			pol_name = "Unknown ReplyOpenPrinter() handle";
 		}
 		if(!pinfo->fd->flags.visited){
-			dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
+			dcerpc_store_polhnd_name(&policy_hnd, pinfo, pol_name);
 		}
 
 		if(hnd_item)
@@ -3732,7 +3732,7 @@ static int SpoolssAddPrinterEx_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
 			pol_name = "Unknown AddPrinterEx() handle";
 		}
 		if(!pinfo->fd->flags.visited){
-			dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
+			dcerpc_store_polhnd_name(&policy_hnd, pinfo, pol_name);
 		}
 
 		if(hnd_item)
@@ -4766,7 +4766,7 @@ static int SpoolssStartPagePrinter_q(tvbuff_t *tvb, int offset,
 		tvb, offset, pinfo, tree, drep, hf_hnd, &policy_hnd, NULL,
 		FALSE, FALSE);
 
-	dcerpc_smb_fetch_pol(&policy_hnd, &pol_name, NULL, NULL,
+	dcerpc_fetch_polhnd_data(&policy_hnd, &pol_name, NULL, NULL, NULL,
 			     pinfo->fd->num);
 
 	if (check_col(pinfo->cinfo, COL_INFO) && pol_name)
@@ -4805,7 +4805,7 @@ static int SpoolssEndPagePrinter_q(tvbuff_t *tvb, int offset,
 		tvb, offset, pinfo, tree, drep, hf_hnd, &policy_hnd, NULL,
 		FALSE, FALSE);
 
-	dcerpc_smb_fetch_pol(&policy_hnd, &pol_name, NULL, NULL,
+	dcerpc_fetch_polhnd_data(&policy_hnd, &pol_name, NULL, NULL, NULL,
 			     pinfo->fd->num);
 
 	if (check_col(pinfo->cinfo, COL_INFO) && pol_name)
@@ -4959,7 +4959,7 @@ static int SpoolssStartDocPrinter_q(tvbuff_t *tvb, int offset,
 		tvb, offset, pinfo, tree, drep, hf_hnd, &policy_hnd, NULL,
 		FALSE, FALSE);
 
-	dcerpc_smb_fetch_pol(&policy_hnd, &pol_name, NULL, NULL,
+	dcerpc_fetch_polhnd_data(&policy_hnd, &pol_name, NULL, NULL, NULL,
 			     pinfo->fd->num);
 
 	if (check_col(pinfo->cinfo, COL_INFO) && pol_name)
@@ -5003,7 +5003,7 @@ static int SpoolssEndDocPrinter_q(tvbuff_t *tvb, int offset,
 		tvb, offset, pinfo, tree, drep, hf_hnd, &policy_hnd, NULL,
 		FALSE, FALSE);
 
-	dcerpc_smb_fetch_pol(&policy_hnd, &pol_name, NULL, NULL,
+	dcerpc_fetch_polhnd_data(&policy_hnd, &pol_name, NULL, NULL, NULL,
 			     pinfo->fd->num);
 
 	if (check_col(pinfo->cinfo, COL_INFO) && pol_name)
@@ -5049,7 +5049,7 @@ static int SpoolssWritePrinter_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
 		tvb, offset, pinfo, tree, drep, hf_hnd, &policy_hnd, NULL,
 		FALSE, FALSE);
 
-	dcerpc_smb_fetch_pol(&policy_hnd, &pol_name, NULL, NULL,
+	dcerpc_fetch_polhnd_data(&policy_hnd, &pol_name, NULL, NULL, NULL,
 			     pinfo->fd->num);
 
 	if (check_col(pinfo->cinfo, COL_INFO) && pol_name)
@@ -5542,7 +5542,7 @@ static int SpoolssGetPrinterDriver2_q(tvbuff_t *tvb, int offset,
 		tvb, offset, pinfo, tree, drep, hf_hnd, &policy_hnd, NULL,
 		FALSE, FALSE);
 
-	dcerpc_smb_fetch_pol(&policy_hnd, &pol_name, NULL, NULL,
+	dcerpc_fetch_polhnd_data(&policy_hnd, &pol_name, NULL, NULL, NULL,
 			     pinfo->fd->num);
 
 	if (check_col(pinfo->cinfo, COL_INFO) && pol_name)
diff --git a/epan/dissectors/packet-dcerpc-svcctl.c b/epan/dissectors/packet-dcerpc-svcctl.c
index 49fb39f525..361eeb2416 100644
--- a/epan/dissectors/packet-dcerpc-svcctl.c
+++ b/epan/dissectors/packet-dcerpc-svcctl.c
@@ -186,7 +186,7 @@ svcctl_dissect_OpenSCManager_reply(tvbuff_t *tvb, int offset,
 			pol_name = "Unknown OpenSCManagerW() handle";
 		}
 		if(!pinfo->fd->flags.visited){
-			dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
+			dcerpc_store_polhnd_name(&policy_hnd, pinfo, pol_name);
 		}
 
 		if(hnd_item)
@@ -272,7 +272,7 @@ svcctl_dissect_OpenSCManagerW_reply(tvbuff_t *tvb, int offset,
 			pol_name = "Unknown OpenSCManagerW() handle";
 		}
 		if(!pinfo->fd->flags.visited){
-			dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
+			dcerpc_store_polhnd_name(&policy_hnd, pinfo, pol_name);
 		}
 
 		if(hnd_item)
@@ -303,7 +303,7 @@ svcctl_dissect_CloseServiceHandle_rqst(tvbuff_t *tvb, int offset,
 		tvb, offset, pinfo, tree, drep, hf_svcctl_hnd, &policy_hnd,
 		NULL, FALSE, TRUE);
 
-	dcerpc_smb_fetch_pol(&policy_hnd, &pol_name, NULL, NULL,
+	dcerpc_fetch_polhnd_data(&policy_hnd, &pol_name, NULL, NULL, NULL,
 			     pinfo->fd->num);
 
 	if (check_col(pinfo->cinfo, COL_INFO) && pol_name)
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c
index 3e2c521cfb..6989d6c17b 100644
--- a/epan/dissectors/packet-dcerpc.c
+++ b/epan/dissectors/packet-dcerpc.c
@@ -3358,6 +3358,7 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
 				call_value->max_ptr=0;
 				call_value->se_data = NULL;
 				call_value->private_data = NULL;
+				call_value->pol = NULL;
 				g_hash_table_insert (dcerpc_cn_calls, call_key, call_value);
 
 				new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
@@ -4564,6 +4565,7 @@ dissect_dcerpc_dg_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo,
 	call_value->max_ptr=0;
 	call_value->se_data = NULL;
 	call_value->private_data = NULL;
+	call_value->pol = NULL;
 	g_hash_table_insert (dcerpc_dg_calls, call_key, call_value);
 
 	new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
diff --git a/epan/dissectors/packet-dcerpc.h b/epan/dissectors/packet-dcerpc.h
index 6482df2681..3dfd954999 100644
--- a/epan/dissectors/packet-dcerpc.h
+++ b/epan/dissectors/packet-dcerpc.h
@@ -294,6 +294,7 @@ typedef struct _dcerpc_call_value {
                              * request to the reply.
                              */
     void *private_data;      /* XXX This will later be renamed as ep_data */
+    e_ctx_hnd *pol;	     /* policy handle tracked between request/response*/
 } dcerpc_call_value;
 
 typedef struct _dcerpc_info {
@@ -430,12 +431,40 @@ init_ndr_pointer_list(packet_info *pinfo);
  */
 /* Policy handle tracking. Describes in which function a handle is 
  * opened/closed.  See "winreg.cnf" for example.
+ *
+ * The guint32 param is divided up into multiple fields 
+ *
+ * +--------+--------+--------+--------+
+ * | Flags  | Type   |        |        |
+ * +--------+--------+--------+--------+
  */
+/* Flags : */
 #define PIDL_POLHND_OPEN		0x80000000
 #define PIDL_POLHND_CLOSE		0x40000000
 /* To "save" a pointer to the string in dcv->private_data */
-#define PIDL_STR_SAVE			0x00020000
+#define PIDL_STR_SAVE			0x20000000
 /* To make this value appear on the summary line for the packet */
-#define PIDL_SET_COL_INFO		0x00010000
+#define PIDL_SET_COL_INFO		0x10000000
+
+/* Type */
+#define PIDL_POLHND_TYPE_MASK		0x00ff0000
+#define PIDL_POLHND_TYPE_SAMR_USER	0x00010000
+#define PIDL_POLHND_TYPE_SAMR_CONNECT	0x00020000
+#define PIDL_POLHND_TYPE_SAMR_DOMAIN	0x00030000
+#define PIDL_POLHND_TYPE_SAMR_GROUP	0x00040000
+#define PIDL_POLHND_TYPE_SAMR_ALIAS	0x00050000
+
+
+/* a structure we store for all policy handles we track */
+typedef struct pol_value {
+	struct pol_value *next;          /* Next entry in hash bucket */
+	guint32 open_frame, close_frame; /* Frame numbers for open/close */
+	guint32 first_frame;             /* First frame in which this instance was seen */
+	guint32 last_frame;              /* Last frame in which this instance was seen */
+	char *name;			 /* Name of policy handle */
+	guint32 type;			 /* policy handle type */ 
+} pol_value;
+
+
 
 #endif /* packet-dcerpc.h */
diff --git a/epan/dissectors/packet-smb-sidsnooping.c b/epan/dissectors/packet-smb-sidsnooping.c
index 443df7da3d..5d868a0827 100644
--- a/epan/dissectors/packet-smb-sidsnooping.c
+++ b/epan/dissectors/packet-smb-sidsnooping.c
@@ -164,7 +164,7 @@ samr_query_dispinfo(void *dummy _U_, packet_info *pinfo, epan_dissect_t *edt, co
 		return 0;
 	}
 
-	if (!dcerpc_smb_fetch_pol(old_ctx, &pol_name, NULL, NULL, ri->call_data->req_frame)) {
+	if (!dcerpc_fetch_polhnd_data(old_ctx, &pol_name, NULL, NULL, NULL, ri->call_data->req_frame)) {
 		return 0;
 	}
 
diff --git a/epan/dissectors/packet-smb2.c b/epan/dissectors/packet-smb2.c
index 5009f0237d..8615a41a23 100644
--- a/epan/dissectors/packet-smb2.c
+++ b/epan/dissectors/packet-smb2.c
@@ -941,7 +941,7 @@ dissect_smb2_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset
 			} else {
 				fid_name = se_strdup_printf("File: ");
 			}
-			dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
+			dcerpc_store_polhnd_name(&policy_hnd, pinfo,
 						  fid_name);
 		}
 		break;
@@ -957,7 +957,7 @@ dissect_smb2_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset
 
 
 	/* put the filename in col_info */
-	if (dcerpc_smb_fetch_pol(&policy_hnd, &fid_name, &open_frame, &close_frame, pinfo->fd->num)) {
+	if (dcerpc_fetch_polhnd_data(&policy_hnd, &fid_name, NULL, &open_frame, &close_frame, pinfo->fd->num)) {
 		if(fid_name){
 			if(hnd_item){
 				proto_item_append_text(hnd_item, " %s", fid_name);
diff --git a/epan/dissectors/pidl/samr.cnf b/epan/dissectors/pidl/samr.cnf
index bbc1e8b793..c5164f5283 100644
--- a/epan/dissectors/pidl/samr.cnf
+++ b/epan/dissectors/pidl/samr.cnf
@@ -9,19 +9,19 @@ HF_FIELD hf_samr_sec_info "SecInfo" "samr.sec_info" FT_UINT32 BASE_HEX NULL 0 ""
 # [opened in xxx]  [closed in yyy]
 #
 # Policyhandles are opened in these functions
-PARAM_VALUE samr_dissect_element_Connect_connect_handle_ PIDL_POLHND_OPEN
-PARAM_VALUE samr_dissect_element_OpenDomain_domain_handle_ PIDL_POLHND_OPEN
-PARAM_VALUE samr_dissect_element_CreateDomainGroup_group_handle_ PIDL_POLHND_OPEN
-PARAM_VALUE samr_dissect_element_CreateUser_user_handle_ PIDL_POLHND_OPEN
-PARAM_VALUE samr_dissect_element_CreateDomAlias_alias_handle_ PIDL_POLHND_OPEN
-PARAM_VALUE samr_dissect_element_OpenGroup_group_handle_ PIDL_POLHND_OPEN
-PARAM_VALUE samr_dissect_element_OpenAlias_alias_handle_ PIDL_POLHND_OPEN
-PARAM_VALUE samr_dissect_element_OpenUser_user_handle_ PIDL_POLHND_OPEN
-PARAM_VALUE samr_dissect_element_CreateUser2_user_handle_ PIDL_POLHND_OPEN
-PARAM_VALUE samr_dissect_element_Connect2_connect_handle_ PIDL_POLHND_OPEN
-PARAM_VALUE samr_dissect_element_Connect3_connect_handle_ PIDL_POLHND_OPEN
-PARAM_VALUE samr_dissect_element_Connect4_connect_handle_ PIDL_POLHND_OPEN
-PARAM_VALUE samr_dissect_element_Connect5_connect_handle_ PIDL_POLHND_OPEN
+PARAM_VALUE samr_dissect_element_Connect_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
+PARAM_VALUE samr_dissect_element_OpenDomain_domain_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_DOMAIN
+PARAM_VALUE samr_dissect_element_CreateDomainGroup_group_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_GROUP
+PARAM_VALUE samr_dissect_element_CreateUser_user_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_USER
+PARAM_VALUE samr_dissect_element_CreateDomAlias_alias_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_ALIAS
+PARAM_VALUE samr_dissect_element_OpenGroup_group_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_GROUP
+PARAM_VALUE samr_dissect_element_OpenAlias_alias_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_ALIAS
+PARAM_VALUE samr_dissect_element_OpenUser_user_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_USER
+PARAM_VALUE samr_dissect_element_CreateUser2_user_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_USER
+PARAM_VALUE samr_dissect_element_Connect2_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
+PARAM_VALUE samr_dissect_element_Connect3_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
+PARAM_VALUE samr_dissect_element_Connect4_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
+PARAM_VALUE samr_dissect_element_Connect5_connect_handle_ PIDL_POLHND_OPEN|PIDL_POLHND_TYPE_SAMR_CONNECT
 # Policyhandles are closed in these functions
 PARAM_VALUE samr_dissect_element_Close_handle_ PIDL_POLHND_CLOSE
 PARAM_VALUE samr_dissect_element_Shutdown_connect_handle_ PIDL_POLHND_CLOSE
@@ -417,7 +417,11 @@ static int
 cnf_dissect_sec_desc_buf_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
 	guint32 len;
-	dcerpc_info *di;
+	dcerpc_info *di = NULL;
+	e_ctx_hnd *polhnd = NULL;
+	dcerpc_call_value *dcv = NULL;
+	guint32 type=0;
+	struct access_mask_info *ami=NULL;
 
 	di=pinfo->private_data;
 	if(di->conformant_run){
@@ -428,8 +432,35 @@ cnf_dissect_sec_desc_buf_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_t
 	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 		hf_samr_sec_desc_buf_len, &len);
 
-	dissect_nt_sec_desc(tvb, offset, pinfo, tree, drep, TRUE, len,
-		NULL);
+	if(di){
+		dcv = (dcerpc_call_value *)di->call_data;
+	}
+	if(dcv){
+		polhnd = dcv->pol;
+	}
+	if(polhnd){
+		dcerpc_fetch_polhnd_data(polhnd, NULL, &type, NULL, NULL,
+					pinfo->fd->num);
+	}
+	switch(type){
+	case PIDL_POLHND_TYPE_SAMR_USER:
+		ami=&samr_user_access_mask_info;
+		break;
+	case PIDL_POLHND_TYPE_SAMR_CONNECT:
+		ami=&samr_connect_access_mask_info;
+		break;
+	case PIDL_POLHND_TYPE_SAMR_DOMAIN:
+		ami=&samr_domain_access_mask_info;
+		break;
+	case PIDL_POLHND_TYPE_SAMR_GROUP:
+		ami=&samr_group_access_mask_info;
+		break;
+	case PIDL_POLHND_TYPE_SAMR_ALIAS:
+		ami=&samr_alias_access_mask_info;
+		break;
+	}
+
+	dissect_nt_sec_desc(tvb, offset, pinfo, tree, drep, TRUE, len, ami);
 
 	offset += len;