Sync with latest SAMBA PIDL source per http://www.wireshark.org/lists/wireshark-dev/201310/msg00217.html

Didn't integrate 0010-frsrpc-Regenerate-frsrpc-due-to-changes-in-the-pidl-.patch 0016-Regenerate-the-dnserver.patch due to compilation errors on Windows. svn path=/trunk/; revision=52744
author: Michael Mann <mmann78@netscape.net> 2013-10-21 19:41:54 +0000
committer: Michael Mann <mmann78@netscape.net> 2013-10-21 19:41:54 +0000
commit: 87e55cb9e046e4d7749333c67862e5bf935ed6a1 (patch)
tree: e984e35b5eed1a6a0eaea7ea19189c1ad72c17e6 /epan/dissectors/packet-dcerpc-efs.c
parent: 15294a1261961d7ac2ad4316eb83b0e413effc47 (diff)
1 files changed, 122 insertions, 93 deletions
diff --git a/epan/dissectors/packet-dcerpc-efs.c b/epan/dissectors/packet-dcerpc-efs.c
index c48f667c96..f7992e1359 100644
--- a/epan/dissectors/packet-dcerpc-efs.c
+++ b/epan/dissectors/packet-dcerpc-efs.c
@@ -12,7 +12,6 @@
 
 
 #include "config.h"
-
 #ifdef _MSC_VER
 #pragma warning(disable:4005)
 #pragma warning(disable:4013)
@@ -39,38 +38,38 @@ static gint ett_efs_ENCRYPTION_CERTIFICATE = -1;
 
 
 /* Header field declarations */
-static gint hf_efs_EfsRpcCloseRaw_pvContext = -1;
-static gint hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate = -1;
+static gint hf_efs_EfsRpcQueryUsersOnFile_pUsers = -1;
+static gint hf_efs_EfsRpcDecryptFileSrv_FileName = -1;
+static gint hf_efs_EfsRpcEncryptFileSrv_Filename = -1;
 static gint hf_efs_EfsRpcOpenFileRaw_pvContext = -1;
-static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid = -1;
+static gint hf_efs_ENCRYPTION_CERTIFICATE_TotalLength = -1;
+static gint hf_efs_EFS_CERTIFICATE_BLOB_dwCertEncodingType = -1;
+static gint hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob = -1;
+static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers = -1;
+static gint hf_efs_EfsRpcWriteFileRaw_pvContext = -1;
+static gint hf_efs_EFS_HASH_BLOB_pbData = -1;
+static gint hf_efs_EfsRpcAddUsersToFile_FileName = -1;
 static gint hf_efs_EfsRpcReadFileRaw_pvContext = -1;
+static gint hf_efs_werror = -1;
+static gint hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate = -1;
 static gint hf_efs_EfsRpcQueryRecoveryAgents_FileName = -1;
-static gint hf_efs_EfsRpcQueryUsersOnFile_FileName = -1;
 static gint hf_efs_EfsRpcOpenFileRaw_FileName = -1;
-static gint hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob = -1;
 static gint hf_efs_opnum = -1;
-static gint hf_efs_EFS_HASH_BLOB_pbData = -1;
-static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation = -1;
-static gint hf_efs_EfsRpcOpenFileRaw_Flags = -1;
-static gint hf_efs_EFS_CERTIFICATE_BLOB_pbData = -1;
 static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash = -1;
-static gint hf_efs_EfsRpcEncryptFileSrv_Filename = -1;
-static gint hf_efs_EfsRpcRemoveUsersFromFile_FileName = -1;
-static gint hf_efs_EfsRpcQueryUsersOnFile_pUsers = -1;
-static gint hf_efs_EfsRpcDecryptFileSrv_FileName = -1;
-static gint hf_efs_ENCRYPTION_CERTIFICATE_TotalLength = -1;
-static gint hf_efs_EfsRpcAddUsersToFile_FileName = -1;
-static gint hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents = -1;
+static gint hf_efs_EfsRpcDecryptFileSrv_Reserved = -1;
 static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_pHash = -1;
-static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength = -1;
-static gint hf_efs_werror = -1;
-static gint hf_efs_EFS_HASH_BLOB_cbData = -1;
-static gint hf_efs_EfsRpcWriteFileRaw_pvContext = -1;
-static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers = -1;
+static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid = -1;
 static gint hf_efs_ENCRYPTION_CERTIFICATE_pUserSid = -1;
-static gint hf_efs_EFS_CERTIFICATE_BLOB_dwCertEncodingType = -1;
-static gint hf_efs_EfsRpcDecryptFileSrv_Reserved = -1;
+static gint hf_efs_EFS_CERTIFICATE_BLOB_pbData = -1;
+static gint hf_efs_EFS_HASH_BLOB_cbData = -1;
+static gint hf_efs_EfsRpcCloseRaw_pvContext = -1;
 static gint hf_efs_EFS_CERTIFICATE_BLOB_cbData = -1;
+static gint hf_efs_EfsRpcQueryUsersOnFile_FileName = -1;
+static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength = -1;
+static gint hf_efs_EfsRpcOpenFileRaw_Flags = -1;
+static gint hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents = -1;
+static gint hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation = -1;
+static gint hf_efs_EfsRpcRemoveUsersFromFile_FileName = -1;
 
 static gint proto_dcerpc_efs = -1;
 /* Version information */
@@ -147,7 +146,7 @@ efs_dissect_struct_dom_sid(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_
 
 /* IDL: struct { */
 /* IDL: 	uint32 cbData; */
-/* IDL: 	[size_is(cbData)] [unique(1)] uint8 *pbData; */
+/* IDL: 	[unique(1)] [size_is(cbData)] uint8 *pbData; */
 /* IDL: } */
 
 static int
@@ -187,14 +186,15 @@ efs_dissect_struct_EFS_HASH_BLOB(tvbuff_t *tvb _U_, int offset _U_, packet_info
 {
 	proto_item *item = NULL;
 	proto_tree *tree = NULL;
+	dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
 	int old_offset;
 
-	ALIGN_TO_4_BYTES;
+	ALIGN_TO_5_BYTES;
 
 	old_offset = offset;
 
 	if (parent_tree) {
-		item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
+		item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
 		tree = proto_item_add_subtree(item, ett_efs_EFS_HASH_BLOB);
 	}
 	
@@ -205,6 +205,11 @@ efs_dissect_struct_EFS_HASH_BLOB(tvbuff_t *tvb _U_, int offset _U_, packet_info
 
 	proto_item_set_len(item, offset-old_offset);
 
+
+	if (di->call_data->flags & DCERPC_IS_NDR64) {
+		ALIGN_TO_5_BYTES;
+	}
+
 	return offset;
 }
 
@@ -213,7 +218,7 @@ efs_dissect_struct_EFS_HASH_BLOB(tvbuff_t *tvb _U_, int offset _U_, packet_info
 /* IDL: 	uint32 cbTotalLength; */
 /* IDL: 	[unique(1)] dom_sid *pUserSid; */
 /* IDL: 	[unique(1)] EFS_HASH_BLOB *pHash; */
-/* IDL: 	[charset(UTF16)] [unique(1)] uint16 *lpDisplayInformation; */
+/* IDL: 	[unique(1)] [charset(UTF16)] uint16 *lpDisplayInformation; */
 /* IDL: } */
 
 static int
@@ -280,14 +285,15 @@ efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH(tvbuff_t *tvb _U_, int offset _U_
 {
 	proto_item *item = NULL;
 	proto_tree *tree = NULL;
+	dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
 	int old_offset;
 
-	ALIGN_TO_4_BYTES;
+	ALIGN_TO_5_BYTES;
 
 	old_offset = offset;
 
 	if (parent_tree) {
-		item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
+		item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
 		tree = proto_item_add_subtree(item, ett_efs_ENCRYPTION_CERTIFICATE_HASH);
 	}
 	
@@ -302,13 +308,18 @@ efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH(tvbuff_t *tvb _U_, int offset _U_
 
 	proto_item_set_len(item, offset-old_offset);
 
+
+	if (di->call_data->flags & DCERPC_IS_NDR64) {
+		ALIGN_TO_5_BYTES;
+	}
+
 	return offset;
 }
 
 
 /* IDL: struct { */
 /* IDL: 	uint32 nCert_Hash; */
-/* IDL: 	[size_is(nCert_Hash)] [unique(1)] ENCRYPTION_CERTIFICATE_HASH *pUsers[*]; */
+/* IDL: 	[unique(1)] [size_is(nCert_Hash)] ENCRYPTION_CERTIFICATE_HASH *pUsers[*]; */
 /* IDL: } */
 
 static int
@@ -348,14 +359,15 @@ efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH_LIST(tvbuff_t *tvb _U_, int offse
 {
 	proto_item *item = NULL;
 	proto_tree *tree = NULL;
+	dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
 	int old_offset;
 
-	ALIGN_TO_4_BYTES;
+	ALIGN_TO_5_BYTES;
 
 	old_offset = offset;
 
 	if (parent_tree) {
-		item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
+		item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
 		tree = proto_item_add_subtree(item, ett_efs_ENCRYPTION_CERTIFICATE_HASH_LIST);
 	}
 	
@@ -366,6 +378,11 @@ efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH_LIST(tvbuff_t *tvb _U_, int offse
 
 	proto_item_set_len(item, offset-old_offset);
 
+
+	if (di->call_data->flags & DCERPC_IS_NDR64) {
+		ALIGN_TO_5_BYTES;
+	}
+
 	return offset;
 }
 
@@ -373,7 +390,7 @@ efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH_LIST(tvbuff_t *tvb _U_, int offse
 /* IDL: struct { */
 /* IDL: 	uint32 dwCertEncodingType; */
 /* IDL: 	uint32 cbData; */
-/* IDL: 	[size_is(cbData)] [unique(1)] uint8 *pbData; */
+/* IDL: 	[unique(1)] [size_is(cbData)] uint8 *pbData; */
 /* IDL: } */
 
 static int
@@ -421,14 +438,15 @@ efs_dissect_struct_EFS_CERTIFICATE_BLOB(tvbuff_t *tvb _U_, int offset _U_, packe
 {
 	proto_item *item = NULL;
 	proto_tree *tree = NULL;
+	dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
 	int old_offset;
 
-	ALIGN_TO_4_BYTES;
+	ALIGN_TO_5_BYTES;
 
 	old_offset = offset;
 
 	if (parent_tree) {
-		item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
+		item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
 		tree = proto_item_add_subtree(item, ett_efs_EFS_CERTIFICATE_BLOB);
 	}
 	
@@ -441,6 +459,11 @@ efs_dissect_struct_EFS_CERTIFICATE_BLOB(tvbuff_t *tvb _U_, int offset _U_, packe
 
 	proto_item_set_len(item, offset-old_offset);
 
+
+	if (di->call_data->flags & DCERPC_IS_NDR64) {
+		ALIGN_TO_5_BYTES;
+	}
+
 	return offset;
 }
 
@@ -496,14 +519,15 @@ efs_dissect_struct_ENCRYPTION_CERTIFICATE(tvbuff_t *tvb _U_, int offset _U_, pac
 {
 	proto_item *item = NULL;
 	proto_tree *tree = NULL;
+	dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
 	int old_offset;
 
-	ALIGN_TO_4_BYTES;
+	ALIGN_TO_5_BYTES;
 
 	old_offset = offset;
 
 	if (parent_tree) {
-		item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
+		item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
 		tree = proto_item_add_subtree(item, ett_efs_ENCRYPTION_CERTIFICATE);
 	}
 	
@@ -516,6 +540,11 @@ efs_dissect_struct_ENCRYPTION_CERTIFICATE(tvbuff_t *tvb _U_, int offset _U_, pac
 
 	proto_item_set_len(item, offset-old_offset);
 
+
+	if (di->call_data->flags & DCERPC_IS_NDR64) {
+		ALIGN_TO_5_BYTES;
+	}
+
 	return offset;
 }
 
@@ -556,7 +585,7 @@ efs_dissect_element_EfsRpcOpenFileRaw_Flags(tvbuff_t *tvb _U_, int offset _U_, p
 
 /* IDL: WERROR EfsRpcOpenFileRaw( */
 /* IDL: [out] [ref] policy_handle *pvContext, */
-/* IDL: [charset(UTF16)] [in] uint16 FileName[*], */
+/* IDL: [in] [charset(UTF16)] uint16 FileName[*], */
 /* IDL: [in] uint32 Flags */
 /* IDL: ); */
 
@@ -725,7 +754,7 @@ efs_dissect_element_EfsRpcEncryptFileSrv_Filename(tvbuff_t *tvb _U_, int offset
 }
 
 /* IDL: WERROR EfsRpcEncryptFileSrv( */
-/* IDL: [charset(UTF16)] [in] uint16 Filename[*] */
+/* IDL: [in] [charset(UTF16)] uint16 Filename[*] */
 /* IDL: ); */
 
 static int
@@ -771,7 +800,7 @@ efs_dissect_element_EfsRpcDecryptFileSrv_Reserved(tvbuff_t *tvb _U_, int offset
 }
 
 /* IDL: WERROR EfsRpcDecryptFileSrv( */
-/* IDL: [charset(UTF16)] [in] uint16 FileName[*], */
+/* IDL: [in] [charset(UTF16)] uint16 FileName[*], */
 /* IDL: [in] uint32 Reserved */
 /* IDL: ); */
 
@@ -822,7 +851,7 @@ efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers(tvbuff_t *tvb _U_, int offset
 static int
 efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers__, NDR_POINTER_REF, "Pointer to Pusers (ENCRYPTION_CERTIFICATE_HASH_LIST)",hf_efs_EfsRpcQueryUsersOnFile_pUsers);
+	offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers__, NDR_POINTER_UNIQUE, "Pointer to Pusers (ENCRYPTION_CERTIFICATE_HASH_LIST)",hf_efs_EfsRpcQueryUsersOnFile_pUsers);
 
 	return offset;
 }
@@ -836,7 +865,7 @@ efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers__(tvbuff_t *tvb _U_, int offse
 }
 
 /* IDL: WERROR EfsRpcQueryUsersOnFile( */
-/* IDL: [charset(UTF16)] [in] uint16 FileName[*], */
+/* IDL: [in] [charset(UTF16)] uint16 FileName[*], */
 /* IDL: [out] [unique(1)] [ref] ENCRYPTION_CERTIFICATE_HASH_LIST **pUsers */
 /* IDL: ); */
 
@@ -888,7 +917,7 @@ efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents(tvbuff_t *tvb _U_,
 static int
 efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents__, NDR_POINTER_REF, "Pointer to Precoveryagents (ENCRYPTION_CERTIFICATE_HASH_LIST)",hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents);
+	offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents__, NDR_POINTER_UNIQUE, "Pointer to Precoveryagents (ENCRYPTION_CERTIFICATE_HASH_LIST)",hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents);
 
 	return offset;
 }
@@ -902,7 +931,7 @@ efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents__(tvbuff_t *tvb _U
 }
 
 /* IDL: WERROR EfsRpcQueryRecoveryAgents( */
-/* IDL: [charset(UTF16)] [in] uint16 FileName[*], */
+/* IDL: [in] [charset(UTF16)] uint16 FileName[*], */
 /* IDL: [out] [unique(1)] [ref] ENCRYPTION_CERTIFICATE_HASH_LIST **pRecoveryAgents */
 /* IDL: ); */
 
@@ -944,7 +973,7 @@ efs_dissect_element_EfsRpcRemoveUsersFromFile_FileName(tvbuff_t *tvb _U_, int of
 }
 
 /* IDL: WERROR EfsRpcRemoveUsersFromFile( */
-/* IDL: [charset(UTF16)] [in] uint16 FileName[*] */
+/* IDL: [in] [charset(UTF16)] uint16 FileName[*] */
 /* IDL: ); */
 
 static int
@@ -982,7 +1011,7 @@ efs_dissect_element_EfsRpcAddUsersToFile_FileName(tvbuff_t *tvb _U_, int offset
 }
 
 /* IDL: WERROR EfsRpcAddUsersToFile( */
-/* IDL: [charset(UTF16)] [in] uint16 FileName[*] */
+/* IDL: [in] [charset(UTF16)] uint16 FileName[*] */
 /* IDL: ); */
 
 static int
@@ -1162,70 +1191,70 @@ static dcerpc_sub_dissector efs_dissectors[] = {
 void proto_register_dcerpc_efs(void)
 {
 	static hf_register_info hf[] = {
-	{ &hf_efs_EfsRpcCloseRaw_pvContext, 
-	  { "Pvcontext", "efs.EfsRpcCloseRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate, 
-	  { "Pencryptioncertificate", "efs.EfsRpcSetFileEncryptionKey.pEncryptionCertificate", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EfsRpcQueryUsersOnFile_pUsers, 
+	  { "Pusers", "efs.EfsRpcQueryUsersOnFile.pUsers", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EfsRpcDecryptFileSrv_FileName, 
+	  { "Filename", "efs.EfsRpcDecryptFileSrv.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EfsRpcEncryptFileSrv_Filename, 
+	  { "Filename", "efs.EfsRpcEncryptFileSrv.Filename", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_efs_EfsRpcOpenFileRaw_pvContext, 
 	  { "Pvcontext", "efs.EfsRpcOpenFileRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid, 
-	  { "Pusersid", "efs.ENCRYPTION_CERTIFICATE_HASH.pUserSid", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_ENCRYPTION_CERTIFICATE_TotalLength, 
+	  { "Totallength", "efs.ENCRYPTION_CERTIFICATE.TotalLength", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EFS_CERTIFICATE_BLOB_dwCertEncodingType, 
+	  { "Dwcertencodingtype", "efs.EFS_CERTIFICATE_BLOB.dwCertEncodingType", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob, 
+	  { "Pcertblob", "efs.ENCRYPTION_CERTIFICATE.pCertBlob", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers, 
+	  { "Pusers", "efs.ENCRYPTION_CERTIFICATE_HASH_LIST.pUsers", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EfsRpcWriteFileRaw_pvContext, 
+	  { "Pvcontext", "efs.EfsRpcWriteFileRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EFS_HASH_BLOB_pbData, 
+	  { "Pbdata", "efs.EFS_HASH_BLOB.pbData", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EfsRpcAddUsersToFile_FileName, 
+	  { "Filename", "efs.EfsRpcAddUsersToFile.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_efs_EfsRpcReadFileRaw_pvContext, 
 	  { "Pvcontext", "efs.EfsRpcReadFileRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_werror, 
+	  { "Windows Error", "efs.werror", FT_UINT32, BASE_HEX, VALS(WERR_errors), 0, NULL, HFILL }},
+	{ &hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate, 
+	  { "Pencryptioncertificate", "efs.EfsRpcSetFileEncryptionKey.pEncryptionCertificate", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_efs_EfsRpcQueryRecoveryAgents_FileName, 
 	  { "Filename", "efs.EfsRpcQueryRecoveryAgents.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EfsRpcQueryUsersOnFile_FileName, 
-	  { "Filename", "efs.EfsRpcQueryUsersOnFile.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_efs_EfsRpcOpenFileRaw_FileName, 
 	  { "Filename", "efs.EfsRpcOpenFileRaw.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob, 
-	  { "Pcertblob", "efs.ENCRYPTION_CERTIFICATE.pCertBlob", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_efs_opnum, 
 	  { "Operation", "efs.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EFS_HASH_BLOB_pbData, 
-	  { "Pbdata", "efs.EFS_HASH_BLOB.pbData", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation, 
-	  { "Lpdisplayinformation", "efs.ENCRYPTION_CERTIFICATE_HASH.lpDisplayInformation", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EfsRpcOpenFileRaw_Flags, 
-	  { "Flags", "efs.EfsRpcOpenFileRaw.Flags", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EFS_CERTIFICATE_BLOB_pbData, 
-	  { "Pbdata", "efs.EFS_CERTIFICATE_BLOB.pbData", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash, 
 	  { "Ncert Hash", "efs.ENCRYPTION_CERTIFICATE_HASH_LIST.nCert_Hash", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EfsRpcEncryptFileSrv_Filename, 
-	  { "Filename", "efs.EfsRpcEncryptFileSrv.Filename", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EfsRpcRemoveUsersFromFile_FileName, 
-	  { "Filename", "efs.EfsRpcRemoveUsersFromFile.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EfsRpcQueryUsersOnFile_pUsers, 
-	  { "Pusers", "efs.EfsRpcQueryUsersOnFile.pUsers", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EfsRpcDecryptFileSrv_FileName, 
-	  { "Filename", "efs.EfsRpcDecryptFileSrv.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_ENCRYPTION_CERTIFICATE_TotalLength, 
-	  { "Totallength", "efs.ENCRYPTION_CERTIFICATE.TotalLength", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EfsRpcAddUsersToFile_FileName, 
-	  { "Filename", "efs.EfsRpcAddUsersToFile.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents, 
-	  { "Precoveryagents", "efs.EfsRpcQueryRecoveryAgents.pRecoveryAgents", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EfsRpcDecryptFileSrv_Reserved, 
+	  { "Reserved", "efs.EfsRpcDecryptFileSrv.Reserved", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_efs_ENCRYPTION_CERTIFICATE_HASH_pHash, 
 	  { "Phash", "efs.ENCRYPTION_CERTIFICATE_HASH.pHash", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength, 
-	  { "Cbtotallength", "efs.ENCRYPTION_CERTIFICATE_HASH.cbTotalLength", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_werror, 
-	  { "Windows Error", "efs.werror", FT_UINT32, BASE_HEX, VALS(WERR_errors), 0, NULL, HFILL }},
-	{ &hf_efs_EFS_HASH_BLOB_cbData, 
-	  { "Cbdata", "efs.EFS_HASH_BLOB.cbData", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EfsRpcWriteFileRaw_pvContext, 
-	  { "Pvcontext", "efs.EfsRpcWriteFileRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers, 
-	  { "Pusers", "efs.ENCRYPTION_CERTIFICATE_HASH_LIST.pUsers", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid, 
+	  { "Pusersid", "efs.ENCRYPTION_CERTIFICATE_HASH.pUserSid", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_efs_ENCRYPTION_CERTIFICATE_pUserSid, 
 	  { "Pusersid", "efs.ENCRYPTION_CERTIFICATE.pUserSid", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EFS_CERTIFICATE_BLOB_dwCertEncodingType, 
-	  { "Dwcertencodingtype", "efs.EFS_CERTIFICATE_BLOB.dwCertEncodingType", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
-	{ &hf_efs_EfsRpcDecryptFileSrv_Reserved, 
-	  { "Reserved", "efs.EfsRpcDecryptFileSrv.Reserved", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EFS_CERTIFICATE_BLOB_pbData, 
+	  { "Pbdata", "efs.EFS_CERTIFICATE_BLOB.pbData", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EFS_HASH_BLOB_cbData, 
+	  { "Cbdata", "efs.EFS_HASH_BLOB.cbData", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EfsRpcCloseRaw_pvContext, 
+	  { "Pvcontext", "efs.EfsRpcCloseRaw.pvContext", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_efs_EFS_CERTIFICATE_BLOB_cbData, 
 	  { "Cbdata", "efs.EFS_CERTIFICATE_BLOB.cbData", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EfsRpcQueryUsersOnFile_FileName, 
+	  { "Filename", "efs.EfsRpcQueryUsersOnFile.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength, 
+	  { "Cbtotallength", "efs.ENCRYPTION_CERTIFICATE_HASH.cbTotalLength", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EfsRpcOpenFileRaw_Flags, 
+	  { "Flags", "efs.EfsRpcOpenFileRaw.Flags", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents, 
+	  { "Precoveryagents", "efs.EfsRpcQueryRecoveryAgents.pRecoveryAgents", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation, 
+	  { "Lpdisplayinformation", "efs.ENCRYPTION_CERTIFICATE_HASH.lpDisplayInformation", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_efs_EfsRpcRemoveUsersFromFile_FileName, 
+	  { "Filename", "efs.EfsRpcRemoveUsersFromFile.FileName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
 	};
author	Michael Mann <mmann78@netscape.net>	2013-10-21 19:41:54 +0000
committer	Michael Mann <mmann78@netscape.net>	2013-10-21 19:41:54 +0000
commit	87e55cb9e046e4d7749333c67862e5bf935ed6a1 (patch)
tree	e984e35b5eed1a6a0eaea7ea19189c1ad72c17e6 /epan/dissectors/packet-dcerpc-efs.c
parent	15294a1261961d7ac2ad4316eb83b0e413effc47 (diff)