Update to NETLOGON dissector

svn path=/trunk/; revision=5807
author: Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> 2002-07-01 13:18:21 +0000
committer: Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> 2002-07-01 13:18:21 +0000
commit: 777b598595000ccf9540f9b19ca9900d79a6e7ba (patch)
tree: f2649a6a32c19b27573a6cb6891a2425041d617c /packet-dcerpc-netlogon.c
parent: ac444e6b9d574108a4bbe2d3d91b97b19d5a3546 (diff)
1 files changed, 822 insertions, 631 deletions
diff --git a/packet-dcerpc-netlogon.c b/packet-dcerpc-netlogon.c
index 9edc965209..ce2b0c5eff 100644
--- a/packet-dcerpc-netlogon.c
+++ b/packet-dcerpc-netlogon.c
@@ -3,7 +3,7 @@
  * Copyright 2001, Tim Potter <tpot@samba.org>
  *  2002 structure and command dissectors by Ronnie Sahlberg
  *
- * $Id: packet-dcerpc-netlogon.c,v 1.25 2002/06/30 11:42:47 sahlberg Exp $
+ * $Id: packet-dcerpc-netlogon.c,v 1.26 2002/07/01 13:18:21 sahlberg Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -41,12 +41,19 @@ static int proto_dcerpc_netlogon = -1;
 static int hf_netlogon_opnum = -1;
 static int hf_netlogon_rc = -1;
 static int hf_netlogon_len = -1;
+static int hf_netlogon_dummy = -1;
+static int hf_netlogon_pac_size = -1;
+static int hf_netlogon_pac_data = -1;
+static int hf_netlogon_auth_size = -1;
+static int hf_netlogon_auth_data = -1;
 static int hf_netlogon_priv = -1;
 static int hf_netlogon_status = -1;
 static int hf_netlogon_attrs = -1;
 static int hf_netlogon_count = -1;
+static int hf_netlogon_level16 = -1;
+static int hf_netlogon_validation_level = -1;
 static int hf_netlogon_level = -1;
-static int hf_netlogon_level_long = -1;
+static int hf_netlogon_challenge = -1;
 static int hf_netlogon_reserved = -1;
 static int hf_netlogon_unknown_time = -1;
 static int hf_netlogon_unknown_string = -1;
@@ -65,7 +72,6 @@ static int hf_netlogon_lm_chal_resp = -1;
 static int hf_netlogon_credential = -1;
 static int hf_netlogon_cypher_block = -1;
 static int hf_netlogon_acct_name = -1;
-static int hf_netlogon_acct_name_eff = -1;
 static int hf_netlogon_acct_desc = -1;
 static int hf_netlogon_group_desc = -1;
 static int hf_netlogon_full_name = -1;
@@ -85,6 +91,7 @@ static int hf_netlogon_user_rid = -1;
 static int hf_netlogon_alias_rid = -1;
 static int hf_netlogon_group_rid = -1;
 static int hf_netlogon_logon_srv = -1;
+static int hf_netlogon_principal = -1;
 static int hf_netlogon_logon_dom = -1;
 static int hf_netlogon_domain_name = -1;
 static int hf_netlogon_trusted_domain_name = -1;
@@ -139,13 +146,8 @@ static int hf_netlogon_logonsrv_handle = -1;
 static gint ett_dcerpc_netlogon = -1;
 static gint ett_NETLOGON_SECURITY_DESCRIPTOR = -1;
 static gint ett_CYPHER_BLOCK = -1;
-static gint ett_NETLOGON_AUTHENTICATOR = -1;
-static gint ett_NETLOGON_LOGON_IDENTITY_INFO = -1;
-static gint ett_NETLOGON_INTERACTIVE_INFO = -1;
-static gint ett_NETLOGON_NETWORK_INFO = -1;
-static gint ett_NETLOGON_VALIDATION_SAM_INFO1 = -1;
-static gint ett_NETLOGON_VALIDATION_SAM_INFO2 = -1;
 static gint ett_TYPE_16 = -1;
+static gint ett_IDENTITY_INFO = -1;
 static gint ett_NETLOGON_SAM_DOMAIN_INFO = -1;
 static gint ett_NETLOGON_SAM_GROUP_INFO = -1;
 static gint ett_TYPE_23 = -1;
@@ -175,8 +177,6 @@ static gint ett_UNICODE_STRING_512 = -1;
 static gint ett_TYPE_50 = -1;
 static gint ett_TYPE_51 = -1;
 static gint ett_TYPE_52 = -1;
-static gint ett_NETLOGON_LEVEL = -1;
-static gint ett_NETLOGON_VALIDATION = -1;
 static gint ett_TYPE_19 = -1;
 static gint ett_NETLOGON_CONTROL_QUERY_INFO = -1;
 static gint ett_TYPE_44 = -1;
@@ -184,13 +184,11 @@ static gint ett_TYPE_20 = -1;
 static gint ett_NETLOGON_INFO = -1;
 static gint ett_TYPE_45 = -1;
 static gint ett_TYPE_47 = -1;
-static gint ett_NETLOGON_CREDENTIAL = -1;
 static gint ett_GUID = -1;
 static gint ett_ENC_LM_OWF_PASSWORD = -1;
 static gint ett_LM_OWF_PASSWORD = -1;
 static gint ett_NT_OWF_PASSWORD = -1;
 static gint ett_GROUP_MEMBERSHIP = -1;
-static gint ett_USER_SESSION_KEY = -1;
 static gint ett_BLOB = -1;
 static gint ett_rid_array = -1;
 static gint ett_attrib_array = -1;
@@ -250,7 +248,7 @@ netlogon_dissect_VALIDATION_UAS_INFO(tvbuff_t *tvb, int offset,
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
-		"Effective Account", hf_netlogon_acct_name_eff, 0);
+		"Effective Account", hf_netlogon_acct_name, 0);
 
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
 		hf_netlogon_priv, NULL);
@@ -308,7 +306,7 @@ netlogon_dissect_VALIDATION_UAS_INFO(tvbuff_t *tvb, int offset,
  * IDL      [in][unique][string] wchar_t *ServerName,
  * IDL      [in][ref][string] wchar_t *UserName,
  * IDL      [in][ref][string] wchar_t *Workstation,
- * IDL      [out][unique] NETLOGON_VALIDATION_UAS_INFO *info
+ * IDL      [out][unique] VALIDATION_UAS_INFO *info
  * IDL );
  */
 static int
@@ -416,95 +414,17 @@ netlogon_dissect_netlogonuaslogoff_reply(tvbuff_t *tvb, int offset,
 
 
 
-
-
-/*qqq*/
-/* Updated above this line */
-
-
-
-
-
-
-static int
-netlogon_dissect_pointer_long(tvbuff_t *tvb, int offset, 
-                             packet_info *pinfo, proto_tree *tree, 
-                             char *drep)
-{
-	dcerpc_info *di;
-
-	di=pinfo->private_data;
-        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
-                                     di->hf_index, NULL);
-	return offset;
-}
-
-static int
-netlogon_dissect_pointer_char(tvbuff_t *tvb, int offset, 
-                             packet_info *pinfo, proto_tree *tree, 
-                             char *drep)
-{
-	dcerpc_info *di;
-
-	di=pinfo->private_data;
-        offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
-                                     di->hf_index, NULL);
-	return offset;
-}
-
-static int
-netlogon_dissect_pointer_STRING(tvbuff_t *tvb, int offset, 
-                             packet_info *pinfo, proto_tree *tree, 
-                             char *drep)
-{
-	dcerpc_info *di;
-
-	di=pinfo->private_data;
-	if(di->conformant_run){
-		/*just a run to handle conformant arrays, nothing to dissect */
-		return offset;
-	}
-
-	offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
-			di->hf_index, 0);
-	return offset;
-}
-
-static int
-netlogon_dissect_UNICODE_STRING(tvbuff_t *tvb, int offset, 
-			packet_info *pinfo, proto_tree *parent_tree, 
-			char *drep, int type, int hf_index, int levels)
-{
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
-	int old_offset=offset;
-	dcerpc_info *di;
-	char *name;
-
-	di=pinfo->private_data;
-	if(di->conformant_run){
-		/*just a run to handle conformant arrays, nothing to dissect */
-		return offset;
-	}
-
-	name = proto_registrar_get_name(hf_index);
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
-			"%s", name);
-		tree = proto_item_add_subtree(item, ett_nt_unicode_string);
-	}
-
-	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-			dissect_ndr_nt_UNICODE_STRING_str, type,
-			name, hf_index, levels);
-
-	proto_item_set_len(item, offset-old_offset);
-	return offset;
-}
-
-
+/*
+ * IDL typedef struct {
+ * IDL   UNICODESTRING LogonDomainName;
+ * IDL   long ParameterControl;
+ * IDL   uint64 LogonID;
+ * IDL   UNICODESTRING UserName;
+ * IDL   UNICODESTRING Workstation;
+ * IDL } LOGON_IDENTITY_INFO;
+ */
 static int
-netlogon_dissect_NETLOGON_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
+netlogon_dissect_LOGON_IDENTITY_INFO(tvbuff_t *tvb, int offset,
 			packet_info *pinfo, proto_tree *parent_tree,
 			char *drep)
 {
@@ -514,53 +434,47 @@ netlogon_dissect_NETLOGON_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
 
 	if(parent_tree){
 		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
-			"NETLOGON_SECURITY_DESCRIPTOR:");
-		tree = proto_item_add_subtree(item, ett_NETLOGON_SECURITY_DESCRIPTOR);
+			"IDENTITY_INFO:");
+		tree = proto_item_add_subtree(item, ett_IDENTITY_INFO);
 	}
 
-	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_len, NULL);
-
-	offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset,
-		pinfo, tree, drep);
-
-	proto_item_set_len(item, offset-old_offset);
-	return offset;
-}
+	offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_logon_dom, 0);
 
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_param_ctrl, NULL);
 
-#if 0
-static int
-netlogon_dissect_CYPHER_BLOCK(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *parent_tree,
-			char *drep)
-{
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
-	dcerpc_info *di;
+	offset = dissect_ndr_uint64(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_logon_id, NULL);
 
-	di=pinfo->private_data;
-	if(di->conformant_run){
-		/*just a run to handle conformant arrays, nothing to dissect.*/
-		return offset;
-	}
+	offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_acct_name, 0);
 
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 8,
-			"CYPHER_BLOCK:");
-		tree = proto_item_add_subtree(item, ett_CYPHER_BLOCK);
-	}
+	offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_workstation, 0);
 
-	proto_tree_add_item(tree, hf_netlogon_cypher_block, tvb, offset, 8,
-		FALSE);
-	offset += 8;
+#ifdef REMOVED
+	/* NetMon does not recognize these bytes. Ill comment them out until someone complains */
+	/* XXX 8 extra bytes here */
+	/* there were 8 extra bytes, either here or in NETWORK_INFO that does not match
+	   the idl file. Could be a bug in either the NETLOGON implementation or in the
+	   idl file.
+	*/
+	offset = netlogon_dissect_8_unknown_bytes(tvb, offset, pinfo, tree, drep);
+#endif
 
+	proto_item_set_len(item, offset-old_offset);
 	return offset;
 }
-#endif
 
+
+/*
+ * IDL typedef struct {
+ * IDL   char password[16];
+ * IDL } LM_OWF_PASSWORD;
+ */
 static int
-netlogon_dissect_8_unknown_bytes(tvbuff_t *tvb, int offset,
+netlogon_dissect_LM_OWF_PASSWORD(tvbuff_t *tvb, int offset,
 			packet_info *pinfo, proto_tree *parent_tree,
 			char *drep _U_)
 {
@@ -575,18 +489,25 @@ netlogon_dissect_8_unknown_bytes(tvbuff_t *tvb, int offset,
 	}
 
 	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 8,
-			"unknown bytes not in IDL:");
-		tree = proto_item_add_subtree(item, ett_CYPHER_BLOCK);
+		item = proto_tree_add_text(parent_tree, tvb, offset, 16,
+			"LM_OWF_PASSWORD:");
+		tree = proto_item_add_subtree(item, ett_LM_OWF_PASSWORD);
 	}
 
-	offset += 8;
+	proto_tree_add_item(tree, hf_netlogon_lm_owf_password, tvb, offset, 16,
+		FALSE);
+	offset += 16;
 
 	return offset;
 }
 
+/*
+ * IDL typedef struct {
+ * IDL   char password[16];
+ * IDL } NT_OWF_PASSWORD;
+ */
 static int
-netlogon_dissect_NETLOGON_CREDENTIAL(tvbuff_t *tvb, int offset,
+netlogon_dissect_NT_OWF_PASSWORD(tvbuff_t *tvb, int offset,
 			packet_info *pinfo, proto_tree *parent_tree,
 			char *drep _U_)
 {
@@ -601,50 +522,53 @@ netlogon_dissect_NETLOGON_CREDENTIAL(tvbuff_t *tvb, int offset,
 	}
 
 	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 8,
-			"NETLOGON_CREDENTIAL:");
-		tree = proto_item_add_subtree(item, ett_NETLOGON_CREDENTIAL);
+		item = proto_tree_add_text(parent_tree, tvb, offset, 16,
+			"NT_OWF_PASSWORD:");
+		tree = proto_item_add_subtree(item, ett_NT_OWF_PASSWORD);
 	}
 
-	proto_tree_add_item(tree, hf_netlogon_credential, tvb, offset, 8,
+	proto_tree_add_item(tree, hf_netlogon_nt_owf_password, tvb, offset, 16,
 		FALSE);
-	offset += 8;
+	offset += 16;
 
 	return offset;
 }
 
+
+/*
+ * IDL typedef struct {
+ * IDL   LOGON_IDENTITY_INFO identity_info;
+ * IDL   LM_OWF_PASSWORD lmpassword;
+ * IDL   NT_OWF_PASSWORD ntpassword;
+ * IDL } INTERACTIVE_INFO;
+ */
 static int
-netlogon_dissect_NETLOGON_AUTHENTICATOR(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *parent_tree,
+netlogon_dissect_INTERACTIVE_INFO(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *tree,
 			char *drep)
 {
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
- 	int old_offset=offset;
-
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
-			"NETLOGON_AUTHENTICATOR:");
-		tree = proto_item_add_subtree(item, ett_NETLOGON_AUTHENTICATOR);
-	}
+	offset = netlogon_dissect_LOGON_IDENTITY_INFO(tvb, offset,
+		pinfo, tree, drep);
 
-	offset = netlogon_dissect_NETLOGON_CREDENTIAL(tvb, offset,
+	offset = netlogon_dissect_LM_OWF_PASSWORD(tvb, offset,
 		pinfo, tree, drep);
 
-	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_timestamp, NULL);
+	offset = netlogon_dissect_NT_OWF_PASSWORD(tvb, offset,
+		pinfo, tree, drep);
 
-	proto_item_set_len(item, offset-old_offset);
 	return offset;
 }
 
+/*
+ * IDL typedef struct {
+ * IDL   char chl[8];
+ * IDL } CHALLENGE;
+ */
 static int
-netlogon_dissect_USER_SESSION_KEY(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *parent_tree,
+netlogon_dissect_CHALLENGE(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *tree,
 			char *drep _U_)
 {
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
 	dcerpc_info *di;
 
 	di=pinfo->private_data;
@@ -653,199 +577,157 @@ netlogon_dissect_USER_SESSION_KEY(tvbuff_t *tvb, int offset,
 		return offset;
 	}
 
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 16,
-			"USER_SESSION_KEY:");
-		tree = proto_item_add_subtree(item, ett_USER_SESSION_KEY);
-	}
-
-	proto_tree_add_item(tree, hf_netlogon_user_session_key, tvb, offset, 16,
+	proto_tree_add_item(tree, hf_netlogon_challenge, tvb, offset, 8,
 		FALSE);
-	offset += 16;
+	offset += 8;
 
 	return offset;
 }
 
+/*
+ * IDL typedef struct {
+ * IDL   LOGON_IDENTITY_INFO logon_info;
+ * IDL   CHALLENGE chal;
+ * IDL   STRING ntchallengeresponse;
+ * IDL   STRING lmchallengeresponse;
+ * IDL } NETWORK_INFO;
+ */
 static int
-netlogon_dissect_ENCRYPTED_LM_OWF_PASSWORD(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *parent_tree,
-			char *drep _U_)
+netlogon_dissect_NETWORK_INFO(tvbuff_t *tvb, int offset,
+		packet_info *pinfo, proto_tree *tree,
+		char *drep)
 {
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
-	dcerpc_info *di;
+	offset = netlogon_dissect_LOGON_IDENTITY_INFO(tvb, offset,
+		pinfo, tree, drep);
 
-	di=pinfo->private_data;
-	if(di->conformant_run){
-		/*just a run to handle conformant arrays, nothing to dissect.*/
-		return offset;
-	}
+	offset = netlogon_dissect_CHALLENGE(tvb, offset,
+		pinfo, tree, drep);
 
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 16,
-			"ENCRYPTED_LM_OWF_PASSWORD:");
-		tree = proto_item_add_subtree(item, ett_ENC_LM_OWF_PASSWORD);
-	}
+	offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_nt_chal_resp, 0);
 
-	proto_tree_add_item(tree, hf_netlogon_encrypted_lm_owf_password, tvb, offset, 16,
-		FALSE);
-	offset += 16;
+	offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_lm_chal_resp, 0);
 
 	return offset;
 }
 
+/*
+ * IDL typedef struct {
+ * IDL   LOGON_IDENTITY_INFO logon_info;
+ * IDL   LM_OWF_PASSWORD lmpassword;
+ * IDL   NT_OWF_PASSWORD ntpassword;
+ * IDL } SERVICE_INFO;
+ */
 static int
-netlogon_dissect_LM_OWF_PASSWORD(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *parent_tree,
-			char *drep _U_)
+netlogon_dissect_SERVICE_INFO(tvbuff_t *tvb, int offset,
+		packet_info *pinfo, proto_tree *tree,
+		char *drep)
 {
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
-	dcerpc_info *di;
-
-	di=pinfo->private_data;
-	if(di->conformant_run){
-		/*just a run to handle conformant arrays, nothing to dissect.*/
-		return offset;
-	}
+	offset = netlogon_dissect_LOGON_IDENTITY_INFO(tvb, offset,
+		pinfo, tree, drep);
 
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 16,
-			"LM_OWF_PASSWORD:");
-		tree = proto_item_add_subtree(item, ett_LM_OWF_PASSWORD);
-	}
+	offset = netlogon_dissect_LM_OWF_PASSWORD(tvb, offset,
+		pinfo, tree, drep);
 
-	proto_tree_add_item(tree, hf_netlogon_lm_owf_password, tvb, offset, 16,
-		FALSE);
-	offset += 16;
+	offset = netlogon_dissect_NT_OWF_PASSWORD(tvb, offset,
+		pinfo, tree, drep);
 
 	return offset;
 }
 
+/*
+ * IDL typedef [switch_type(short)] union {
+ * IDL    [case(1)][unique] INTERACTIVE_INFO *iinfo;
+ * IDL    [case(2)][unique] NETWORK_INFO *ninfo;
+ * IDL    [case(3)][unique] SERVICE_INFO *sinfo;
+ * IDL } LEVEL;
+ */
 static int
-netlogon_dissect_NT_OWF_PASSWORD(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *parent_tree,
-			char *drep _U_)
+netlogon_dissect_LEVEL(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *tree,
+			char *drep)
 {
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
-	dcerpc_info *di;
+	guint16 level;
 
-	di=pinfo->private_data;
-	if(di->conformant_run){
-		/*just a run to handle conformant arrays, nothing to dissect.*/
-		return offset;
-	}
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_level16, &level);
 
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 16,
-			"NT_OWF_PASSWORD:");
-		tree = proto_item_add_subtree(item, ett_NT_OWF_PASSWORD);
+	ALIGN_TO_4_BYTES;
+	switch(level){
+	case 1:
+		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			netlogon_dissect_INTERACTIVE_INFO, NDR_POINTER_UNIQUE,
+			"INTERACTIVE_INFO:", -1, 0);
+		break;
+	case 2:
+		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			netlogon_dissect_NETWORK_INFO, NDR_POINTER_UNIQUE,
+			"NETWORK_INFO:", -1, 0);
+		break;
+	case 3:
+		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			netlogon_dissect_SERVICE_INFO, NDR_POINTER_UNIQUE,
+			"SERVICE_INFO:", -1, 0);
+		break;
 	}
 
-	proto_tree_add_item(tree, hf_netlogon_nt_owf_password, tvb, offset, 16,
-		FALSE);
-	offset += 16;
-
 	return offset;
 }
 
-
+/*
+ * IDL typedef struct {
+ * IDL   char cred[8];
+ * IDL } CREDENTIAL;
+ */
 static int
-netlogon_dissect_NETLOGON_LOGON_IDENTITY_INFO(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *parent_tree,
-			char *drep)
+netlogon_dissect_CREDENTIAL(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *tree,
+			char *drep _U_)
 {
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
+	dcerpc_info *di;
 
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
-			"NETLOGON_LOGON_IDENTITY_INFO:");
-		tree = proto_item_add_subtree(item, ett_NETLOGON_LOGON_IDENTITY_INFO);
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect.*/
+		return offset;
 	}
 
-	offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_logon_dom, 0);
-
-	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_param_ctrl, NULL);
-
-	offset = dissect_ndr_uint64(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_logon_id, NULL);
-
-	offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_acct_name, 0);
-
-	offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_computer_name, 0);
-
-	/* XXX 8 extra bytes here */
-	/* there were 8 extra bytes, either here or in NETWORK_INFO that does not match
-	   the idl file. Could be a bug in either the NETLOGON implementation or in the
-	   idl file.
-	*/
-	offset = netlogon_dissect_8_unknown_bytes(tvb, offset, pinfo, tree, drep);
+	proto_tree_add_item(tree, hf_netlogon_credential, tvb, offset, 8,
+		FALSE);
+	offset += 8;
 
 	return offset;
 }
 
-static int
-netlogon_dissect_NETLOGON_INTERACTIVE_INFO(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *parent_tree,
-			char *drep)
-{
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
- 	int old_offset=offset;
-
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
-			"NETLOGON_INTERACTIVE_INFO:");
-		tree = proto_item_add_subtree(item, ett_NETLOGON_INTERACTIVE_INFO);
-	}
-
-	offset = netlogon_dissect_NETLOGON_LOGON_IDENTITY_INFO(tvb, offset,
-		pinfo, tree, drep);
-
-	offset = netlogon_dissect_LM_OWF_PASSWORD(tvb, offset,
-		pinfo, tree, drep);
-
-	offset = netlogon_dissect_NT_OWF_PASSWORD(tvb, offset,
-		pinfo, tree, drep);
-
-	proto_item_set_len(item, offset-old_offset);
-	return offset;
-}
 
+/*
+ * IDL typedef struct {
+ * IDL   CREDENTIAL cred;
+ * IDL   long timestamp;
+ * IDL } AUTHENTICATOR;
+ */
 static int
-netlogon_dissect_NETLOGON_NETWORK_INFO(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *parent_tree,
+netlogon_dissect_AUTHENTICATOR(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *tree,
 			char *drep)
 {
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
- 	int old_offset=offset;
-
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
-			"NETLOGON_NETWORK_INFO:");
-		tree = proto_item_add_subtree(item, ett_NETLOGON_NETWORK_INFO);
-	}
-
-	offset = netlogon_dissect_NETLOGON_LOGON_IDENTITY_INFO(tvb, offset,
+	offset = netlogon_dissect_CREDENTIAL(tvb, offset,
 		pinfo, tree, drep);
 
-	offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_nt_chal_resp, 0);
-
-	offset = dissect_ndr_nt_STRING(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_lm_chal_resp, 0);
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_timestamp, NULL);
 
-	proto_item_set_len(item, offset-old_offset);
 	return offset;
 }
 
+
+/* 
+ * IDL typedef struct {
+ * IDL   long user_id;
+ * IDL   long attributes;
+ * IDL } GROUP_MEMBERSHIP;
+ */
 static int
 netlogon_dissect_GROUP_MEMBERSHIP(tvbuff_t *tvb, int offset,
 			packet_info *pinfo, proto_tree *parent_tree,
@@ -880,22 +762,66 @@ netlogon_dissect_GROUP_MEMBERSHIP_ARRAY(tvbuff_t *tvb, int offset,
 	return offset;
 }
 
+/*
+ * IDL typedef struct {
+ * IDL   char user_session_key[16];
+ * IDL } USER_SESSION_KEY;
+ */
 static int
-netlogon_dissect_NETLOGON_VALIDATION_SAM_INFO1(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *parent_tree,
-			char *drep)
+netlogon_dissect_USER_SESSION_KEY(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *tree,
+			char *drep _U_)
 {
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
- 	int old_offset=offset;
-	int i;
+	dcerpc_info *di;
 
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
-			"NETLOGON_VALIDATION_SAM_INFO1:");
-		tree = proto_item_add_subtree(item, ett_NETLOGON_VALIDATION_SAM_INFO1);
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect.*/
+		return offset;
 	}
 
+	proto_tree_add_item(tree, hf_netlogon_user_session_key, tvb, offset, 16,
+		FALSE);
+	offset += 16;
+
+	return offset;
+}
+
+/*
+ * IDL typedef struct {
+ * IDL   uint64 LogonTime;
+ * IDL   uint64 LogoffTime;
+ * IDL   uint64 KickOffTime;
+ * IDL   uint64 PasswdLastSet;
+ * IDL   uint64 PasswdCanChange;
+ * IDL   uint64 PasswdMustChange;
+ * IDL   unicodestring effectivename;
+ * IDL   unicodestring fullname;
+ * IDL   unicodestring logonscript;
+ * IDL   unicodestring profilepath;
+ * IDL   unicodestring homedirectory;
+ * IDL   unicodestring homedirectorydrive;
+ * IDL   short LogonCount;
+ * IDL   short BadPasswdCount;
+ * IDL   long userid;
+ * IDL   long primarygroup;
+ * IDL   long groupcount;
+ * IDL   [unique][size_is(groupcount)] GROUP_MEMBERSHIP *groupids;
+ * IDL   long userflags;
+ * IDL   USER_SESSION_KEY key;
+ * IDL   unicodestring logonserver;
+ * IDL   unicodestring domainname;
+ * IDL   [unique] SID logondomainid;
+ * IDL   long expansionroom[10];
+ * IDL } VALIDATION_SAM_INFO;
+ */
+static int
+netlogon_dissect_VALIDATION_SAM_INFO(tvbuff_t *tvb, int offset,
+		packet_info *pinfo, proto_tree *tree,
+		char *drep)
+{
+	int i;
+
 	offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
 		hf_netlogon_logon_time);
 
@@ -948,7 +874,7 @@ netlogon_dissect_NETLOGON_VALIDATION_SAM_INFO1(tvbuff_t *tvb, int offset,
 		hf_netlogon_num_rids, NULL);
 
         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_GROUP_MEMBERSHIP_ARRAY, NDR_POINTER_PTR,
+		netlogon_dissect_GROUP_MEMBERSHIP_ARRAY, NDR_POINTER_UNIQUE,
 		"GROUP_MEMBERSHIP_ARRAY", -1, 0);
 
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
@@ -968,29 +894,51 @@ netlogon_dissect_NETLOGON_VALIDATION_SAM_INFO1(tvbuff_t *tvb, int offset,
 
 	for(i=0;i<10;i++){
 		offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-			hf_netlogon_unknown_long, NULL);
+			hf_netlogon_reserved, NULL);
 	}
 
-	proto_item_set_len(item, offset-old_offset);
 	return offset;
 }
 
-static int
-netlogon_dissect_NETLOGON_VALIDATION_SAM_INFO2(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *parent_tree,
+
+
+/*
+ * IDL typedef struct {
+ * IDL   uint64 LogonTime;
+ * IDL   uint64 LogoffTime;
+ * IDL   uint64 KickOffTime;
+ * IDL   uint64 PasswdLastSet;
+ * IDL   uint64 PasswdCanChange;
+ * IDL   uint64 PasswdMustChange;
+ * IDL   unicodestring effectivename;
+ * IDL   unicodestring fullname;
+ * IDL   unicodestring logonscript;
+ * IDL   unicodestring profilepath;
+ * IDL   unicodestring homedirectory;
+ * IDL   unicodestring homedirectorydrive;
+ * IDL   short LogonCount;
+ * IDL   short BadPasswdCount;
+ * IDL   long userid;
+ * IDL   long primarygroup;
+ * IDL   long groupcount;
+ * IDL   [unique] GROUP_MEMBERSHIP *groupids;
+ * IDL   long userflags;
+ * IDL   USER_SESSION_KEY key;
+ * IDL   unicodestring logonserver;
+ * IDL   unicodestring domainname;
+ * IDL   [unique] SID logondomainid;
+ * IDL   long expansionroom[10];
+ * IDL   long sidcount;
+ * IDL   [unique] SID_AND_ATTRIBS;
+ * IDL } VALIDATION_SAM_INFO2;
+ */ 
+static int
+netlogon_dissect_VALIDATION_SAM_INFO2(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *tree,
 			char *drep)
 {
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
- 	int old_offset=offset;
 	int i;
 
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
-			"NETLOGON_VALIDATION_SAM_INFO2:");
-		tree = proto_item_add_subtree(item, ett_NETLOGON_VALIDATION_SAM_INFO2);
-	}
-
 	offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
 		hf_netlogon_logon_time);
 
@@ -1042,9 +990,6 @@ netlogon_dissect_NETLOGON_VALIDATION_SAM_INFO2(tvbuff_t *tvb, int offset,
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
 		hf_netlogon_num_rids, NULL);
 
-	/* XXX i am not sure about this pointer being UNIQUE, though I am
-	   pretty convinced that it is NOT PTR as the idl file suggests.
-	*/
         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_GROUP_MEMBERSHIP_ARRAY, NDR_POINTER_UNIQUE,
 		"GROUP_MEMBERSHIP_ARRAY", -1, 0);
@@ -1073,13 +1018,410 @@ netlogon_dissect_NETLOGON_VALIDATION_SAM_INFO2(tvbuff_t *tvb, int offset,
 		hf_netlogon_num_other_groups, NULL);
 
         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_PTR,
+		dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
 		"SID_AND_ATTRIBUTES_ARRAY:", -1, 0);
 
+	return offset;
+}
+
+
+
+static int
+netlogon_dissect_PAC(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *tree,
+			char *drep _U_)
+{
+	dcerpc_info *di;
+	guint32 pac_size;
+
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect */
+		return offset;
+	}
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_pac_size, &pac_size);
+
+	proto_tree_add_item(tree, hf_netlogon_pac_data, tvb, offset, pac_size,
+		FALSE);
+	offset += pac_size;
+
+	return offset;
+}
+
+static int
+netlogon_dissect_AUTH(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *tree,
+			char *drep _U_)
+{
+	dcerpc_info *di;
+	guint32 auth_size;
+
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect */
+		return offset;
+	}
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_auth_size, &auth_size);
+
+	proto_tree_add_item(tree, hf_netlogon_auth_data, tvb, offset, auth_size,
+		FALSE);
+	offset += auth_size;
+
+	return offset;
+}
+
+
+/*
+ * IDL typedef struct {
+ * IDL   long pac_size
+ * IDL   [unique][size_is(pac_size)] char *pac;
+ * IDL   UNICODESTRING logondomain;
+ * IDL   UNICODESTRING logonserver;
+ * IDL   UNICODESTRING principalname;
+ * IDL   long auth_size;
+ * IDL   [unique][size_is(auth_size)] char *auth;
+ * IDL   USER_SESSION_KEY user_session_key;
+ * IDL   long expansionroom[10];
+ * IDL   UNICODESTRING dummy1;
+ * IDL   UNICODESTRING dummy2;
+ * IDL   UNICODESTRING dummy3;
+ * IDL   UNICODESTRING dummy4;
+ * IDL } VALIDATION_PAC_INFO;
+ */
+static int
+netlogon_dissect_VALIDATION_PAC_INFO(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *tree,
+			char *drep)
+{
+	int i;
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_pac_size, NULL);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		netlogon_dissect_PAC, NDR_POINTER_UNIQUE,
+		"PAC:", -1, 0);
+
+	offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_logon_dom, 0);
+
+	offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_logon_srv, 0);
+
+	offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_principal, 0);
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_auth_size, NULL);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		netlogon_dissect_AUTH, NDR_POINTER_UNIQUE,
+		"AUTH:", -1, 0);
+
+	offset = netlogon_dissect_USER_SESSION_KEY(tvb, offset,
+		pinfo, tree, drep);
+
+	for(i=0;i<10;i++){
+		offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+			hf_netlogon_unknown_long, NULL);
+	}
+
+	offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_dummy, 0);
+
+	offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_dummy, 0);
+
+	offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_dummy, 0);
+
+	offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_dummy, 0);
+
+	return offset;
+}
+
+
+/*
+ * IDL typedef [switch_type(short)] union {
+ * IDL    [case(2)][unique] VALIDATION_SAM_INFO *sam;
+ * IDL    [case(3)][unique] VALIDATION_SAM_INFO2 *sam2;
+ * IDL    [case(4)][unique] VALIDATION_PAC_INFO *pac;
+ * IDL    [case(5)][unique] VALIDATION_PAC_INFO *pac2;
+ * IDL } VALIDATION;
+ */
+static int
+netlogon_dissect_VALIDATION(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *tree,
+			char *drep)
+{
+	guint16 level;
+
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_validation_level, &level);
+
+	ALIGN_TO_4_BYTES;
+	switch(level){
+	case 2:
+		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			netlogon_dissect_VALIDATION_SAM_INFO, NDR_POINTER_UNIQUE,
+			"VALIDATION_SAM_INFO:", -1, 0);
+		break;
+	case 3:
+		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			netlogon_dissect_VALIDATION_SAM_INFO2, NDR_POINTER_UNIQUE,
+			"VALIDATION_SAM_INFO2:", -1, 0);
+		break;
+	case 4:
+		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			netlogon_dissect_VALIDATION_PAC_INFO, NDR_POINTER_UNIQUE,
+			"VALIDATION_PAC_INFO:", -1, 0);
+		break;
+	case 5:
+		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			netlogon_dissect_VALIDATION_PAC_INFO, NDR_POINTER_UNIQUE,
+			"VALIDATION_PAC_INFO:", -1, 0);
+		break;
+	}
+
+	return offset;
+}
+
+
+/*
+ * IDL long NetLogonSamLogon(
+ * IDL      [in][unique][string] wchar_t *ServerName,
+ * IDL      [in][unique][string] wchar_t *Workstation,
+ * IDL      [in][unique] AUTHENTICATOR *credential,
+ * IDL      [in][out][unique] AUTHENTICATOR *returnauthenticator,
+ * IDL      [in] short LogonLevel,
+ * IDL      [in][ref] LOGON_LEVEL *logonlevel,
+ * IDL      [in] short ValidationLevel,
+ * IDL      [out][ref] VALIDATION *validation,
+ * IDL      [out][ref] boolean Authorative
+ * IDL );
+ */
+static int
+netlogon_dissect_netlogonsamlogon_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, char *drep)
+{
+	if (check_col(pinfo->cinfo, COL_INFO))
+		col_set_str(pinfo->cinfo, COL_INFO, "SamLogon request");
+
+	offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
+		pinfo, tree, drep);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
+		"Computer Name", hf_netlogon_computer_name, 0);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_UNIQUE,
+		"AUTHENTICATOR: credential", -1, 0);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_UNIQUE,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
+
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_level16, NULL);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		netlogon_dissect_LEVEL, NDR_POINTER_REF,
+		"LEVEL: LogonLevel", -1, 0);
+
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_validation_level, NULL);
+
+	return offset;
+}
+
+static int
+netlogon_dissect_netlogonsamlogon_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, char *drep)
+{
+	if (check_col(pinfo->cinfo, COL_INFO))
+		col_set_str(pinfo->cinfo, COL_INFO, "SamLogon response");
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_UNIQUE,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		netlogon_dissect_VALIDATION, NDR_POINTER_REF,
+		"VALIDATION:", -1, 0);
+
+	offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_authoritative, NULL);
+
+	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
+				  hf_netlogon_rc, NULL);
+
+	return offset;
+}
+
+
+
+
+
+
+
+/*qqq*/
+/* Updated above this line */
+
+
+
+
+
+
+static int
+netlogon_dissect_pointer_long(tvbuff_t *tvb, int offset, 
+                             packet_info *pinfo, proto_tree *tree, 
+                             char *drep)
+{
+	dcerpc_info *di;
+
+	di=pinfo->private_data;
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     di->hf_index, NULL);
+	return offset;
+}
+
+static int
+netlogon_dissect_pointer_char(tvbuff_t *tvb, int offset, 
+                             packet_info *pinfo, proto_tree *tree, 
+                             char *drep)
+{
+	dcerpc_info *di;
+
+	di=pinfo->private_data;
+        offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
+                                     di->hf_index, NULL);
+	return offset;
+}
+
+static int
+netlogon_dissect_UNICODE_STRING(tvbuff_t *tvb, int offset, 
+			packet_info *pinfo, proto_tree *parent_tree, 
+			char *drep, int type, int hf_index, int levels)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+	dcerpc_info *di;
+	char *name;
+
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect */
+		return offset;
+	}
+
+	name = proto_registrar_get_name(hf_index);
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"%s", name);
+		tree = proto_item_add_subtree(item, ett_nt_unicode_string);
+	}
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			dissect_ndr_nt_UNICODE_STRING_str, type,
+			name, hf_index, levels);
+
 	proto_item_set_len(item, offset-old_offset);
 	return offset;
 }
 
+
+static int
+netlogon_dissect_NETLOGON_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *parent_tree,
+			char *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+ 	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+			"NETLOGON_SECURITY_DESCRIPTOR:");
+		tree = proto_item_add_subtree(item, ett_NETLOGON_SECURITY_DESCRIPTOR);
+	}
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_netlogon_len, NULL);
+
+	offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset,
+		pinfo, tree, drep);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+
+#if 0
+static int
+netlogon_dissect_CYPHER_BLOCK(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *parent_tree,
+			char *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	dcerpc_info *di;
+
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect.*/
+		return offset;
+	}
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, 8,
+			"CYPHER_BLOCK:");
+		tree = proto_item_add_subtree(item, ett_CYPHER_BLOCK);
+	}
+
+	proto_tree_add_item(tree, hf_netlogon_cypher_block, tvb, offset, 8,
+		FALSE);
+	offset += 8;
+
+	return offset;
+}
+#endif
+
+static int
+netlogon_dissect_ENCRYPTED_LM_OWF_PASSWORD(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *parent_tree,
+			char *drep _U_)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	dcerpc_info *di;
+
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect.*/
+		return offset;
+	}
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, 16,
+			"ENCRYPTED_LM_OWF_PASSWORD:");
+		tree = proto_item_add_subtree(item, ett_ENC_LM_OWF_PASSWORD);
+	}
+
+	proto_tree_add_item(tree, hf_netlogon_encrypted_lm_owf_password, tvb, offset, 16,
+		FALSE);
+	offset += 16;
+
+	return offset;
+}
+
+
 static int
 netlogon_dissect_TYPE_16(tvbuff_t *tvb, int offset,
 			packet_info *pinfo, proto_tree *parent_tree,
@@ -2419,18 +2761,6 @@ netlogon_dissect_BLOB(tvbuff_t *tvb, int offset,
 }
 
 static int
-netlogon_dissect_BLOB_ptr(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *tree,
-			char *drep)
-{
-	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_BLOB, NDR_POINTER_PTR,
-		"BLOB pointer:", -1, 0);
-
-	return offset;
-}
-
-static int
 netlogon_dissect_TYPE_46(tvbuff_t *tvb, int offset,
 			packet_info *pinfo, proto_tree *parent_tree,
 			char *drep)
@@ -2843,113 +3173,6 @@ netlogon_dissect_TYPE_52_ptr_ptr(tvbuff_t *tvb, int offset,
 	return offset;
 }
 
-static int
-netlogon_dissect_NETLOGON_LEVEL(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *parent_tree,
-			char *drep)
-{
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
- 	int old_offset=offset;
-	guint16 level;
-
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
-			"NETLOGON_LEVEL:");
-		tree = proto_item_add_subtree(item, ett_NETLOGON_LEVEL);
-	}
-
-	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_level, &level);
-
-	ALIGN_TO_4_BYTES;
-	switch(level){
-	case 1:
-		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-			netlogon_dissect_NETLOGON_INTERACTIVE_INFO, NDR_POINTER_PTR,
-			"INTERACTIVE_INFO pointer:", -1, 0);
-		break;
-	case 2:
-		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-			netlogon_dissect_NETLOGON_NETWORK_INFO, NDR_POINTER_PTR,
-			"NETWORK_INFO pointer:", -1, 0);
-		break;
-	case 3:
-		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-			netlogon_dissect_NETLOGON_INTERACTIVE_INFO, NDR_POINTER_PTR,
-			"INTERACTIVE_INFO pointer:", -1, 0);
-		break;
-	case 5:
-		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-			netlogon_dissect_NETLOGON_INTERACTIVE_INFO, NDR_POINTER_PTR,
-			"INTERACTIVE_INFO pointer:", -1, 0);
-		break;
-	case 6:
-		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-			netlogon_dissect_NETLOGON_NETWORK_INFO, NDR_POINTER_PTR,
-			"NETWORK_INFO pointer:", -1, 0);
-		break;
-	case 7:
-		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-			netlogon_dissect_NETLOGON_INTERACTIVE_INFO, NDR_POINTER_PTR,
-			"INTERACTIVE_INFO pointer:", -1, 0);
-		break;
-	}
-
-	proto_item_set_len(item, offset-old_offset);
-	return offset;
-}
-
-static int
-netlogon_dissect_NETLOGON_VALIDATION(tvbuff_t *tvb, int offset,
-			packet_info *pinfo, proto_tree *parent_tree,
-			char *drep)
-{
-	proto_item *item=NULL;
-	proto_tree *tree=NULL;
- 	int old_offset=offset;
-	guint16 level;
-
-	if(parent_tree){
-		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
-			"NETLOGON_VALIDATION:");
-		tree = proto_item_add_subtree(item, ett_NETLOGON_VALIDATION);
-	}
-
-	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_level, &level);
-
-	/* XXX i am not sure about these pointers being UNIQUE, though I am
-	   pretty convinced that they are NOT PTR as the idl file suggests.
-	*/
-	ALIGN_TO_4_BYTES;
-	switch(level){
-	case 2:
-		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-			netlogon_dissect_NETLOGON_VALIDATION_SAM_INFO1, NDR_POINTER_UNIQUE,
-			"NETLOGON_VALIDATION_SAM_INFO1 pointer:", -1, 0);
-		break;
-	case 3:
-		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-			netlogon_dissect_NETLOGON_VALIDATION_SAM_INFO2, NDR_POINTER_UNIQUE,
-			"NETLOGON_VALIDATION_SAM_INFO2 pointer:", -1, 0);
-		break;
-	case 4:
-		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-			netlogon_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
-			"STRING pointer:", -1, 0);
-		break;
-	case 5:
-		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-			netlogon_dissect_BLOB_ptr, NDR_POINTER_UNIQUE,
-			"BLOB pointer:", -1, 0);
-		break;
-	}
-
-	proto_item_set_len(item, offset-old_offset);
-	return offset;
-}
-
 
 static int
 netlogon_dissect_TYPE_19(tvbuff_t *tvb, int offset,
@@ -2968,7 +3191,7 @@ netlogon_dissect_TYPE_19(tvbuff_t *tvb, int offset,
 	}
 
 	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_level, &level);
+		hf_netlogon_level16, &level);
 
 	ALIGN_TO_4_BYTES;
 	switch(level){
@@ -3082,7 +3305,7 @@ netlogon_dissect_NETLOGON_CONTROL_QUERY_INFO(tvbuff_t *tvb, int offset,
 	}
 
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_level_long, &level);
+		hf_netlogon_level, &level);
 
 	ALIGN_TO_4_BYTES;
 	switch(level){
@@ -3129,7 +3352,7 @@ netlogon_dissect_TYPE_44(tvbuff_t *tvb, int offset,
 	}
 
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_level_long, &level);
+		hf_netlogon_level, &level);
 
 	ALIGN_TO_4_BYTES;
 	switch(level){
@@ -3160,7 +3383,7 @@ netlogon_dissect_TYPE_20(tvbuff_t *tvb, int offset,
 	}
 
 	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_level, &level);
+		hf_netlogon_level16, &level);
 
 	ALIGN_TO_4_BYTES;
 	switch(level){
@@ -3341,7 +3564,7 @@ netlogon_dissect_NETLOGON_INFO(tvbuff_t *tvb, int offset,
 	}
 
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_level_long, &level);
+		hf_netlogon_level, &level);
 
 	ALIGN_TO_4_BYTES;
 	switch(level){
@@ -3388,7 +3611,7 @@ netlogon_dissect_TYPE_45(tvbuff_t *tvb, int offset,
 	}
 
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_level_long, &level);
+		hf_netlogon_level, &level);
 
 	ALIGN_TO_4_BYTES;
 	switch(level){
@@ -3425,7 +3648,7 @@ netlogon_dissect_TYPE_47(tvbuff_t *tvb, int offset,
 	}
 
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-		hf_netlogon_level_long, &level);
+		hf_netlogon_level, &level);
 
 	ALIGN_TO_4_BYTES;
 	switch(level){
@@ -3447,61 +3670,6 @@ netlogon_dissect_TYPE_47(tvbuff_t *tvb, int offset,
 
 
 static int
-netlogon_dissect_netlogonsamlogon_rqst(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, char *drep)
-{
-	if (check_col(pinfo->cinfo, COL_INFO))
-		col_set_str(pinfo->cinfo, COL_INFO, "SamLogon request");
-
-	offset = netlogon_dissect_LOGONSRV_HANDLE(tvb, offset,
-		pinfo, tree, drep);
-
-	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
-		"Computer Name", hf_netlogon_computer_name, 0);
-
-	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_UNIQUE,
-		"NETLOGON_AUTHENTICATOR pointer: client_cred", -1, 0);
-
-	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_UNIQUE,
-		"NETLOGON_AUTHENTICATOR pointer: server_cred", -1, 0);
-
-	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_LEVEL, NDR_POINTER_REF,
-		"NETLOGON_LEVEL pointer: id_ctr", -1, 0);
-
-	return offset;
-}
-
-
-static int
-netlogon_dissect_netlogonsamlogon_reply(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, char *drep)
-{
-	if (check_col(pinfo->cinfo, COL_INFO))
-		col_set_str(pinfo->cinfo, COL_INFO, "SamLogon response");
-
-	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_UNIQUE,
-		"NETLOGON_AUTHENTICATOR pointer: server_cred", -1, 0);
-
-	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_VALIDATION, NDR_POINTER_REF,
-		"NETLOGON_VALIDATION pointer: ctr", -1, 0);
-
-	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_pointer_char, NDR_POINTER_REF,
-		"BOOLEAN pointer: Authoritative", hf_netlogon_authoritative, 0);
-
-	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
-				  hf_netlogon_rc, NULL);
-
-	return offset;
-}
-
-static int
 netlogon_dissect_netlogonsamlogoff_rqst(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
@@ -3513,16 +3681,16 @@ netlogon_dissect_netlogonsamlogoff_rqst(tvbuff_t *tvb, int offset,
 		"unknown string", hf_netlogon_unknown_string, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_UNIQUE,
-		"NETLOGON_AUTHENTICATOR pointer: client_cred", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_UNIQUE,
+		"AUTHENTICATOR: credential", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_UNIQUE,
-		"NETLOGON_AUTHENTICATOR pointer: server_cred", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_UNIQUE,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_LEVEL, NDR_POINTER_REF,
-		"NETLOGON_LEVEL pointer: id_ctr", -1, 0);
+		netlogon_dissect_LEVEL, NDR_POINTER_REF,
+		"LEVEL pointer: id_ctr", -1, 0);
 
 	return offset;
 }
@@ -3534,8 +3702,8 @@ netlogon_dissect_netlogonsamlogoff_reply(tvbuff_t *tvb, int offset,
 {
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_UNIQUE,
-		"NETLOGON_AUTHENTICATOR pointer: server_cred", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_UNIQUE,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
 				  hf_netlogon_rc, NULL);
@@ -3558,8 +3726,8 @@ netlogon_dissect_netserverreqchallenge_rqst(tvbuff_t *tvb, int offset,
 		NDR_POINTER_REF, hf_netlogon_client_name, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
-		"NETLOGON_CREDENTIAL pointer: client_chal", -1, 0);
+		netlogon_dissect_CREDENTIAL, NDR_POINTER_REF,
+		"CREDENTIAL pointer: client_chal", -1, 0);
 
 	return offset;
 }
@@ -3574,8 +3742,8 @@ netlogon_dissect_netserverreqchallenge_reply(tvbuff_t *tvb, int offset,
 			    "RequestChallenge response");
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
-		"NETLOGON_CREDENTIAL pointer: server_chal", -1, 0);
+		netlogon_dissect_CREDENTIAL, NDR_POINTER_REF,
+		"CREDENTIAL pointer: server_chal", -1, 0);
 
 	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
 				  hf_netlogon_rc, NULL);
@@ -3600,8 +3768,8 @@ netlogon_dissect_netserverauthenticate_rqst(tvbuff_t *tvb, int offset,
 		NDR_POINTER_REF, hf_netlogon_computer_name, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
-		"NETLOGON_CREDENTIAL pointer: client_chal", -1, 0);
+		netlogon_dissect_CREDENTIAL, NDR_POINTER_REF,
+		"CREDENTIAL pointer: client_chal", -1, 0);
 
 	return offset;
 }
@@ -3612,8 +3780,8 @@ netlogon_dissect_netserverauthenticate_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
-		"NETLOGON_CREDENTIAL pointer: server_chal", -1, 0);
+		netlogon_dissect_CREDENTIAL, NDR_POINTER_REF,
+		"CREDENTIAL pointer: server_chal", -1, 0);
 
 	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
 				  hf_netlogon_rc, NULL);
@@ -3638,8 +3806,8 @@ netlogon_dissect_netserverpasswordset_rqst(tvbuff_t *tvb, int offset,
 		NDR_POINTER_REF, hf_netlogon_computer_name, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: client_cred", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: credential", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_ENCRYPTED_LM_OWF_PASSWORD, NDR_POINTER_REF,
@@ -3654,8 +3822,8 @@ netlogon_dissect_netserverpasswordset_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: server_cred", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
 				  hf_netlogon_rc, NULL);
@@ -3675,12 +3843,12 @@ netlogon_dissect_netsamdeltas_rqst(tvbuff_t *tvb, int offset,
 		NDR_POINTER_REF, hf_netlogon_cli_name, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: client_creds", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: credential", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: server_creds", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
 		hf_netlogon_database_id, NULL);
@@ -3700,8 +3868,8 @@ netlogon_dissect_netsamdeltas_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: server_creds", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_TYPE_16, NDR_POINTER_REF,
@@ -3728,12 +3896,12 @@ netlogon_dissect_netlogondatabasesync_rqst(tvbuff_t *tvb, int offset,
 		NDR_POINTER_REF, hf_netlogon_cli_name, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: client_creds", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: credential", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: server_creds", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
 		hf_netlogon_unknown_long, NULL);
@@ -3753,8 +3921,8 @@ netlogon_dissect_netlogondatabasesync_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: server_creds", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_pointer_long, NDR_POINTER_REF,
@@ -3781,12 +3949,12 @@ netlogon_dissect_netlogonaccountdeltas_rqst(tvbuff_t *tvb, int offset,
 		NDR_POINTER_REF, hf_netlogon_unknown_string, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: credential", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_TYPE_36, NDR_POINTER_REF,
@@ -3809,8 +3977,8 @@ netlogon_dissect_netlogonaccountdeltas_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_BYTE_array, NDR_POINTER_REF,
@@ -3845,12 +4013,12 @@ netlogon_dissect_netlogonaccountsync_rqst(tvbuff_t *tvb, int offset,
 		NDR_POINTER_REF, hf_netlogon_unknown_string, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: credential", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
 		hf_netlogon_unknown_long, NULL);
@@ -3870,8 +4038,8 @@ netlogon_dissect_netlogonaccountsync_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_BYTE_array, NDR_POINTER_REF,
@@ -4050,8 +4218,8 @@ netlogon_dissect_netserverauthenticate2_rqst(tvbuff_t *tvb, int offset,
 		NDR_POINTER_REF, hf_netlogon_computer_name, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
-		"NETLOGON_CREDENTIAL pointer: client_chal", -1, 0);
+		netlogon_dissect_CREDENTIAL, NDR_POINTER_REF,
+		"CREDENTIAL pointer: client_chal", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_pointer_long, NDR_POINTER_REF,
@@ -4068,8 +4236,8 @@ netlogon_dissect_netserverauthenticate2_reply(tvbuff_t *tvb, int offset,
 		col_set_str(pinfo->cinfo, COL_INFO, "Auth2 response");
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
-		"NETLOGON_CREDENTIAL pointer: server_chal", -1, 0);
+		netlogon_dissect_CREDENTIAL, NDR_POINTER_REF,
+		"CREDENTIAL pointer: server_chal", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_pointer_long, NDR_POINTER_REF,
@@ -4092,12 +4260,12 @@ netlogon_dissect_netdatabasesync2_rqst(tvbuff_t *tvb, int offset,
 		NDR_POINTER_REF, hf_netlogon_unknown_string, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: credential", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
 		hf_netlogon_unknown_long, NULL);
@@ -4121,8 +4289,8 @@ netlogon_dissect_netdatabasesync2_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_pointer_long, NDR_POINTER_REF,
@@ -4149,12 +4317,12 @@ netlogon_dissect_netlogondatabaseredo_rqst(tvbuff_t *tvb, int offset,
 		NDR_POINTER_REF, hf_netlogon_unknown_string, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: credential", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_BYTE_array, NDR_POINTER_REF,
@@ -4172,8 +4340,8 @@ netlogon_dissect_netlogondatabaseredo_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_SAM_DELTA_ARRAY_ptr, NDR_POINTER_REF,
@@ -4296,12 +4464,13 @@ netlogon_dissect_function_15_rqst(tvbuff_t *tvb, int offset,
 		dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
 		"unknown string", hf_netlogon_unknown_string, 0);
 
-	offset = netlogon_dissect_NETLOGON_AUTHENTICATOR(tvb, offset,
-		pinfo, tree, drep);
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: credential", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_PTR,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_PTR,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
 		hf_netlogon_unknown_long, NULL);
@@ -4315,8 +4484,8 @@ netlogon_dissect_function_15_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_PTR,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_PTR,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_TYPE_44, NDR_POINTER_PTR,
@@ -4487,8 +4656,8 @@ netlogon_dissect_netserverauthenticate3_rqst(tvbuff_t *tvb, int offset,
 		"Computer Name", hf_netlogon_computer_name, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
-		"NETLOGON_CREDENTIAL pointer: authenticator", -1, 0);
+		netlogon_dissect_CREDENTIAL, NDR_POINTER_REF,
+		"CREDENTIAL pointer: authenticator", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_pointer_long, NDR_POINTER_PTR,
@@ -4503,8 +4672,8 @@ netlogon_dissect_netserverauthenticate3_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_CREDENTIAL, NDR_POINTER_REF,
-		"NETLOGON_CREDENTIAL pointer: unknown_NETLOGON_CREDENTIAL", -1, 0);
+		netlogon_dissect_CREDENTIAL, NDR_POINTER_REF,
+		"CREDENTIAL pointer: unknown_NETLOGON_CREDENTIAL", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_pointer_long, NDR_POINTER_PTR,
@@ -4596,12 +4765,13 @@ netlogon_dissect_function_1d_rqst(tvbuff_t *tvb, int offset,
 		dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
 		"Computer Name", hf_netlogon_computer_name, 0);
 
-	offset = netlogon_dissect_NETLOGON_AUTHENTICATOR(tvb, offset,
-		pinfo, tree, drep);
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: credential", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_PTR,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_PTR,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
 		hf_netlogon_unknown_long, NULL);
@@ -4618,8 +4788,8 @@ netlogon_dissect_function_1d_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_PTR,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_PTR,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_TYPE_47, NDR_POINTER_PTR,
@@ -4649,8 +4819,9 @@ netlogon_dissect_function_1e_rqst(tvbuff_t *tvb, int offset,
 		dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_UNIQUE,
 		"unknown string", hf_netlogon_unknown_string, 0);
 
-	offset = netlogon_dissect_NETLOGON_AUTHENTICATOR(tvb, offset,
-		pinfo, tree, drep);
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: credential", -1, 0);
 
 	offset = netlogon_dissect_UNICODE_STRING_512(tvb, offset,
 		pinfo, tree, drep);
@@ -4664,8 +4835,8 @@ netlogon_dissect_function_1e_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_PTR,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_PTR,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
 				  hf_netlogon_rc, NULL);
@@ -4692,8 +4863,8 @@ netlogon_dissect_netserverpasswordset2_rqst(tvbuff_t *tvb, int offset,
 		"Computer Name", hf_netlogon_computer_name, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: client_cred", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: credential", -1, 0);
 
 	return offset;
 }
@@ -4704,8 +4875,8 @@ netlogon_dissect_netserverpasswordset2_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_REF,
-		"NETLOGON_AUTHENTICATOR pointer: server_cred", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_LM_OWF_PASSWORD, NDR_POINTER_REF,
@@ -4728,8 +4899,9 @@ netlogon_dissect_function_20_rqst(tvbuff_t *tvb, int offset,
 		dissect_ndr_nt_UNICODE_STRING_str, NDR_POINTER_PTR,
 		"unknown string", hf_netlogon_unknown_string, -1);
 
-	offset = netlogon_dissect_NETLOGON_AUTHENTICATOR(tvb, offset,
-		pinfo, tree, drep);
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_REF,
+		"AUTHENTICATOR: credential", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_BYTE_array, NDR_POINTER_PTR,
@@ -4747,8 +4919,8 @@ netlogon_dissect_function_20_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_AUTHENTICATOR, NDR_POINTER_PTR,
-		"NETLOGON_AUTHENTICATOR pointer: unknown_NETLOGON_AUTHENTICATOR", -1, 0);
+		netlogon_dissect_AUTHENTICATOR, NDR_POINTER_PTR,
+		"AUTHENTICATOR: return_authenticator", -1, 0);
 
 	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
 				  hf_netlogon_rc, NULL);
@@ -4964,8 +5136,8 @@ netlogon_dissect_function_27_rqst(tvbuff_t *tvb, int offset,
 		hf_netlogon_unknown_short, NULL);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_LEVEL, NDR_POINTER_PTR,
-		"NETLOGON_LEVEL pointer: unknown_NETLOGON_LEVEL", -1, 0);
+		netlogon_dissect_LEVEL, NDR_POINTER_PTR,
+		"LEVEL pointer: unknown_NETLOGON_LEVEL", -1, 0);
 
 	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
 		hf_netlogon_unknown_short, NULL);
@@ -4982,8 +5154,8 @@ netlogon_dissect_function_27_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		netlogon_dissect_NETLOGON_VALIDATION, NDR_POINTER_PTR,
-		"NETLOGON_VALIDATION pointer: unknown_NETLOGON_VALIDATION", -1, 0);
+		netlogon_dissect_VALIDATION, NDR_POINTER_PTR,
+		"VALIDATION: unknown_NETLOGON_VALIDATION", -1, 0);
 
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
 		netlogon_dissect_pointer_char, NDR_POINTER_PTR,
@@ -5271,6 +5443,10 @@ static hf_register_info hf[] = {
 		"Credential", "netlogon.credential", FT_BYTES, BASE_HEX, 
 		NULL, 0x0, "Netlogon credential", HFILL }},
 
+	{ &hf_netlogon_challenge, { 
+		"Challenge", "netlogon.challenge", FT_BYTES, BASE_HEX, 
+		NULL, 0x0, "Netlogon challenge", HFILL }},
+
 	{ &hf_netlogon_cypher_block, { 
 		"Cypher Block", "netlogon.cypher_block", FT_BYTES, BASE_HEX, 
 		NULL, 0x0, "Netlogon cypher block", HFILL }},
@@ -5364,14 +5540,18 @@ static hf_register_info hf[] = {
 		{ "LM Chal resp", "netlogon.lm_chal_resp", FT_BYTES, BASE_HEX,
 		NULL, 0, "Challenge response for LM authentication", HFILL }},
 
+	{ &hf_netlogon_pac_data,
+		{ "Pac Data", "netlogon.pac.data", FT_BYTES, BASE_HEX,
+		NULL, 0, "Pac Data", HFILL }},
+
+	{ &hf_netlogon_auth_data,
+		{ "Auth Data", "netlogon.auth.data", FT_BYTES, BASE_HEX,
+		NULL, 0, "Auth Data", HFILL }},
+
 	{ &hf_netlogon_acct_name,
 		{ "Acct Name", "netlogon.acct_name", FT_STRING, BASE_NONE,
 		NULL, 0, "Account Name", HFILL }},
 
-	{ &hf_netlogon_acct_name_eff,
-		{ "Effective Acct Name", "netlogon.acct_name_eff", FT_STRING, BASE_NONE,
-		NULL, 0, "Effective Account Name", HFILL }},
-
 	{ &hf_netlogon_acct_desc,
 		{ "Acct Desc", "netlogon.acct_desc", FT_STRING, BASE_NONE,
 		NULL, 0, "Account Description", HFILL }},
@@ -5412,6 +5592,10 @@ static hf_register_info hf[] = {
 		{ "Server", "netlogon.server", FT_STRING, BASE_NONE,
 		NULL, 0, "Server", HFILL }},
 
+	{ &hf_netlogon_principal,
+		{ "Principal", "netlogon.principal", FT_STRING, BASE_NONE,
+		NULL, 0, "Principal", HFILL }},
+
 	{ &hf_netlogon_logon_dom,
 		{ "Domain", "netlogon.domain", FT_STRING, BASE_NONE,
 		NULL, 0, "Domain", HFILL }},
@@ -5504,6 +5688,10 @@ static hf_register_info hf[] = {
 		{ "Handle", "netlogon.handle", FT_STRING, BASE_NONE,
 		NULL, 0, "Logon Srv Handle", HFILL }},
 
+	{ &hf_netlogon_dummy,
+		{ "Dummy", "netlogon.dummy", FT_STRING, BASE_NONE,
+		NULL, 0, "Dummy string", HFILL }},
+
 	{ &hf_netlogon_logon_count16,
 		{ "Logon Count", "netlogon.logon_count16", FT_UINT16, BASE_DEC, 
 		NULL, 0x0, "Number of successful logins", HFILL }},
@@ -5536,10 +5724,14 @@ static hf_register_info hf[] = {
 		{ "Codepage", "netlogon.codepage", FT_UINT16, BASE_DEC, 
 		NULL, 0x0, "Codepage setting for this account", HFILL }},
 
-	{ &hf_netlogon_level,
-		{ "Level", "netlogon.level", FT_UINT16, BASE_DEC, 
+	{ &hf_netlogon_level16,
+		{ "Level", "netlogon.level16", FT_UINT16, BASE_DEC, 
 		NULL, 0x0, "Which option of the union is represented here", HFILL }},
 
+	{ &hf_netlogon_validation_level,
+		{ "Validation Level", "netlogon.validation_level", FT_UINT16, BASE_DEC, 
+		NULL, 0x0, "Requested level of validation", HFILL }},
+
 	{ &hf_netlogon_secure_channel_type,
 		{ "Sec Chn Type", "netlogon.sec_chn_type", FT_UINT16, BASE_DEC, 
 		NULL, 0x0, "Secure Channel Type", HFILL }},
@@ -5552,8 +5744,8 @@ static hf_register_info hf[] = {
 		{ "Code", "netlogon.code", FT_UINT32, BASE_HEX, 
 		NULL, 0x0, "Code", HFILL }},
 
-	{ &hf_netlogon_level_long,
-		{ "Level", "netlogon.level32", FT_UINT32, BASE_DEC, 
+	{ &hf_netlogon_level,
+		{ "Level", "netlogon.level", FT_UINT32, BASE_DEC, 
 		NULL, 0x0, "Which option of the union is represented here", HFILL }},
 
 	{ &hf_netlogon_timestamp,
@@ -5600,6 +5792,14 @@ static hf_register_info hf[] = {
 		{ "Max Size", "netlogon.max_size", FT_UINT32, BASE_DEC, 
 		NULL, 0x0, "Max Size of database", HFILL }},
 
+	{ &hf_netlogon_pac_size,
+		{ "Pac Size", "netlogon.pac.size", FT_UINT32, BASE_DEC, 
+		NULL, 0x0, "Size of PacData in bytes", HFILL }},
+
+	{ &hf_netlogon_auth_size,
+		{ "Auth Size", "netlogon.auth.size", FT_UINT32, BASE_DEC, 
+		NULL, 0x0, "Size of AuthData in bytes", HFILL }},
+
 	{ &hf_netlogon_num_deltas,
 		{ "Num Deltas", "netlogon.num_deltas", FT_UINT32, BASE_DEC, 
 		NULL, 0x0, "Number of SAM Deltas in array", HFILL }},
@@ -5638,13 +5838,8 @@ static hf_register_info hf[] = {
                 &ett_dcerpc_netlogon,
 		&ett_NETLOGON_SECURITY_DESCRIPTOR,
 		&ett_CYPHER_BLOCK,
-		&ett_NETLOGON_AUTHENTICATOR,
-		&ett_NETLOGON_LOGON_IDENTITY_INFO,
-		&ett_NETLOGON_INTERACTIVE_INFO,
-		&ett_NETLOGON_NETWORK_INFO,
-		&ett_NETLOGON_VALIDATION_SAM_INFO1,
-		&ett_NETLOGON_VALIDATION_SAM_INFO2,
 		&ett_TYPE_16,
+		&ett_IDENTITY_INFO,
 		&ett_NETLOGON_SAM_DOMAIN_INFO,
 		&ett_NETLOGON_SAM_GROUP_INFO,
 		&ett_TYPE_23,
@@ -5674,8 +5869,6 @@ static hf_register_info hf[] = {
 		&ett_TYPE_50,
 		&ett_TYPE_51,
 		&ett_TYPE_52,
-		&ett_NETLOGON_LEVEL,
-		&ett_NETLOGON_VALIDATION,
 		&ett_TYPE_19,
 		&ett_NETLOGON_CONTROL_QUERY_INFO,
 		&ett_TYPE_44,
@@ -5683,13 +5876,11 @@ static hf_register_info hf[] = {
 		&ett_NETLOGON_INFO,
 		&ett_TYPE_45,
 		&ett_TYPE_47,
-		&ett_NETLOGON_CREDENTIAL,
 		&ett_GUID,
 		&ett_ENC_LM_OWF_PASSWORD,
 		&ett_LM_OWF_PASSWORD,
 		&ett_NT_OWF_PASSWORD,
 		&ett_GROUP_MEMBERSHIP,
-		&ett_USER_SESSION_KEY,
 		&ett_BLOB,
 		&ett_rid_array,
 		&ett_attrib_array
author	Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>	2002-07-01 13:18:21 +0000
committer	Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>	2002-07-01 13:18:21 +0000
commit	777b598595000ccf9540f9b19ca9900d79a6e7ba (patch)
tree	f2649a6a32c19b27573a6cb6891a2425041d617c /packet-dcerpc-netlogon.c
parent	ac444e6b9d574108a4bbe2d3d91b97b19d5a3546 (diff)