diff options
author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2002-04-17 10:29:09 +0000 |
---|---|---|
committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2002-04-17 10:29:09 +0000 |
commit | 2a9a8274458f8b522b6f6b24b695ed61731c9aca (patch) | |
tree | 04d639e7463c3110f906950bd426102058a716cf /packet-dcerpc-lsa.c | |
parent | b2c11b5e13248b1c98ee5104eab411e842911e19 (diff) |
Added dissection and support functions for LSAENUMERATEPRIVILEGES
function.
svn path=/trunk/; revision=5187
Diffstat (limited to 'packet-dcerpc-lsa.c')
-rw-r--r-- | packet-dcerpc-lsa.c | 153 |
1 files changed, 149 insertions, 4 deletions
diff --git a/packet-dcerpc-lsa.c b/packet-dcerpc-lsa.c index 077a0649be..21fd410ecd 100644 --- a/packet-dcerpc-lsa.c +++ b/packet-dcerpc-lsa.c @@ -3,7 +3,7 @@ * Copyright 2001, Tim Potter <tpot@samba.org> * 2002 Added LSA command dissectors Ronnie Sahlberg * - * $Id: packet-dcerpc-lsa.c,v 1.10 2002/04/17 09:51:11 sahlberg Exp $ + * $Id: packet-dcerpc-lsa.c,v 1.11 2002/04/17 10:29:09 sahlberg Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -62,6 +62,7 @@ static int hf_lsa_pali_next_audit_record = -1; static int hf_lsa_paei_enabled = -1; static int hf_lsa_paei_settings = -1; static int hf_lsa_count = -1; +static int hf_lsa_size = -1; static int hf_lsa_max_count = -1; static int hf_lsa_index = -1; static int hf_lsa_domain = -1; @@ -85,6 +86,9 @@ static int hf_lsa_rid = -1; static int hf_lsa_num_mapped = -1; static int hf_lsa_policy_information_class = -1; static int hf_lsa_secret = -1; +static int hf_nt_luid_high = -1; +static int hf_nt_luid_low = -1; +static int hf_lsa_privilege_name = -1; static int hf_lsa_unknown_hyper = -1; static int hf_lsa_unknown_long = -1; @@ -113,6 +117,9 @@ static gint ett_lsa_translated_names = -1; static gint ett_lsa_translated_name = -1; static gint ett_lsa_referenced_domain_list = -1; static gint ett_lsa_trust_information = -1; +static gint ett_LUID = -1; +static gint ett_LSA_PRIVILEGES = -1; +static gint ett_LSA_PRIVILEGE = -1; static int @@ -1381,6 +1388,128 @@ lsa_dissect_lsadeletetrusteddomain_reply(tvbuff_t *tvb, int offset, return offset; } +int +dissect_nt_LUID(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *parent_tree, char *drep) +{ + proto_item *item=NULL; + proto_tree *tree=NULL; + int old_offset=offset; + + if(parent_tree){ + item = proto_tree_add_text(parent_tree, tvb, offset, 0, + "LUID:"); + tree = proto_item_add_subtree(item, ett_LUID); + } + + offset = dissect_ndr_uint64(tvb, offset, pinfo, tree, drep, + hf_nt_luid_low, NULL); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, + hf_nt_luid_high, NULL); + + proto_item_set_len(item, offset-old_offset); + return offset; +} + +static int +lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *parent_tree, char *drep) +{ + proto_item *item=NULL; + proto_tree *tree=NULL; + int old_offset=offset; + + if(parent_tree){ + item = proto_tree_add_text(parent_tree, tvb, offset, 0, + "LSA_PRIVILEGE:"); + tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE); + } + + /* privilege name */ + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE, + "NAME pointer: ", hf_lsa_privilege_name, 0); + + /* LUID */ + offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep); + + proto_item_set_len(item, offset-old_offset); + return offset; +} + +static int +lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, char *drep) +{ + offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep, + lsa_dissect_LSA_PRIVILEGE); + + return offset; +} + +static int +lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *parent_tree, char *drep) +{ + proto_item *item=NULL; + proto_tree *tree=NULL; + int old_offset=offset; + + if(parent_tree){ + item = proto_tree_add_text(parent_tree, tvb, offset, 0, + "LSA_PRIVILEGES:"); + tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES); + } + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, + hf_lsa_count, NULL); + + /* privileges */ + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE, + "LSA_PRIVILEGE array:", -1, 0); + + proto_item_set_len(item, offset-old_offset); + return offset; +} + +static int +lsa_dissect_lsaenumerateprivileges_rqst(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, char *drep) +{ + offset = lsa_dissect_LSA_HANDLE(tvb, offset, + pinfo, tree, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, + hf_lsa_count, NULL); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, + hf_lsa_size, NULL); + + return offset; +} + +static int +lsa_dissect_lsaenumerateprivileges_reply(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, char *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, + hf_lsa_count, NULL); + + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF, + "LSA_PRIVILEGES pointer: privs", -1, 0); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, + hf_lsa_rc, NULL); + + return offset; +} + + + + static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = { { LSA_LSACLOSE, "LSACLOSE", lsa_dissect_lsaclose_rqst, @@ -1389,11 +1518,8 @@ static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = { lsa_dissect_lsadelete_rqst, lsa_dissect_lsadelete_reply }, { LSA_LSAENUMERATEPRIVILEGES, "LSAENUMERATEPRIVILEGES", - NULL, NULL }, -#ifdef REMOVED lsa_dissect_lsaenumerateprivileges_rqst, lsa_dissect_lsaenumerateprivileges_reply }, -#endif { LSA_LSAQUERYSECURITYOBJECT, "LSAQUERYSECURITYOBJECT", lsa_dissect_lsaquerysecurityobject_rqst, lsa_dissect_lsaquerysecurityobject_reply }, @@ -1898,6 +2024,22 @@ proto_register_dcerpc_lsa(void) { "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_nt_luid_high, + { "High", "nt.luid.high", FT_UINT32, BASE_HEX, + NULL, 0x0, "LUID High component", HFILL }}, + + { &hf_nt_luid_low, + { "Low", "nt.luid.low", FT_UINT64, BASE_HEX, + NULL, 0x0, "LUID Low component", HFILL }}, + + { &hf_lsa_size, + { "Size", "lsa.size", FT_UINT32, BASE_DEC, + NULL, 0x0, "", HFILL }}, + + { &hf_lsa_privilege_name, + { "Name", "lsa.privilege.name", FT_STRING, BASE_NONE, + NULL, 0x0, "LSA Privilege Name", HFILL }}, + }; @@ -1921,6 +2063,9 @@ proto_register_dcerpc_lsa(void) &ett_lsa_translated_name, &ett_lsa_referenced_domain_list, &ett_lsa_trust_information, + &ett_LUID, + &ett_LSA_PRIVILEGES, + &ett_LSA_PRIVILEGE, }; proto_dcerpc_lsa = proto_register_protocol( |