SAMR updates

svn path=/trunk/; revision=26340
author: Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> 2008-10-03 02:39:17 +0000
committer: Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> 2008-10-03 02:39:17 +0000
commit: 48cabe4f20f98ae09dedfcaf4e390b32a9b1c3c9 (patch)
tree: 5bb8b3e2d27d129f064cdac166de2aab5c9fb33f /epan/dissectors
parent: 2a4ddda66a6e8d680111474ab1e5fc700bfdda7d (diff)
5 files changed, 111 insertions, 20 deletions
diff --git a/epan/dissectors/packet-dcerpc-samr.c b/epan/dissectors/packet-dcerpc-samr.c
index 87b3b4c622..4822e07798 100644
--- a/epan/dissectors/packet-dcerpc-samr.c
+++ b/epan/dissectors/packet-dcerpc-samr.c
@@ -330,7 +330,6 @@ static gint hf_samr_samr_DomInfo1_min_password_length = -1;
 static gint hf_samr_samr_ValidatePasswordReq3_pwd_must_change_at_next_logon = -1;
 static gint hf_samr_samr_FieldsPresent_SAMR_FIELD_WORKSTATIONS = -1;
 static gint hf_samr_samr_GetDisplayEnumerationIndex_idx = -1;
-static gint hf_samr_samr_Connect4_unknown = -1;
 static gint hf_samr_samr_UserInfo5_last_logon = -1;
 static gint hf_samr_samr_ServerAccessMask_SAMR_SERVER_ACCESS_CREATE_DOMAIN = -1;
 static gint hf_samr_samr_ChangePasswordUser2_server = -1;
@@ -573,7 +572,6 @@ static gint hf_samr_samr_SetDsrmPassword_hash = -1;
 static gint hf_samr_samr_DomainInfo_general = -1;
 static gint hf_samr_samr_GroupAttrs_SE_GROUP_MANDATORY = -1;
 static gint hf_samr_samr_UserInfo5_description = -1;
-static gint hf_samr_sec_info = -1;
 static gint hf_samr_samr_DomInfo7_role = -1;
 static gint hf_samr_samr_UserInfo21_workstations = -1;
 static gint hf_samr_samr_DispEntryGeneral_description = -1;
@@ -648,6 +646,7 @@ static gint hf_samr_samr_DispInfoAscii_count = -1;
 static gint hf_samr_samr_GetMembersInAlias_sids = -1;
 static gint hf_samr_samr_QueryDisplayInfo3_info = -1;
 static gint hf_samr_samr_OemChangePasswordUser2_hash = -1;
+static gint hf_samr_samr_Connect4_revision = -1;
 static gint hf_samr_samr_QueryUserInfo2_level = -1;
 static gint hf_samr_samr_FieldsPresent_SAMR_FIELD_BAD_PWD_COUNT = -1;
 static gint hf_samr_samr_ValidatePasswordReq3_clear_lockout = -1;
@@ -1898,7 +1897,7 @@ static int samr_dissect_element_Connect3_connect_handle(tvbuff_t *tvb _U_, int o
 static int samr_dissect_element_Connect3_connect_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_);
 static int samr_dissect_element_Connect4_system_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_);
 static int samr_dissect_element_Connect4_system_name_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_);
-static int samr_dissect_element_Connect4_unknown(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_);
+static int samr_dissect_element_Connect4_revision(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_);
 static int samr_dissect_element_Connect4_access_mask(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_);
 static int samr_dissect_element_Connect4_connect_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_);
 static int samr_dissect_element_Connect4_connect_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_);
@@ -2183,6 +2182,12 @@ cnf_dissect_lsa_SidArray(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tr
 	offset = dissect_ndr_nt_PSID_ARRAY(tvb, offset, pinfo, tree, drep);
 	return offset;
 }
+static int
+cnf_dissect_samr_security_secinfo(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, guint8 *drep _U_)
+{
+	offset = dissect_nt_security_information(tvb, offset, tree);
+	return offset;
+}
 
 
 /* IDL: struct { */
@@ -9047,7 +9052,7 @@ samr_dissect_element_SetSecurity_handle_(tvbuff_t *tvb _U_, int offset _U_, pack
 static int
 samr_dissect_element_SetSecurity_sec_info(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-		offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_samr_sec_info, NULL);
+	offset=cnf_dissect_samr_security_secinfo(tvb, offset, pinfo, tree, drep);
 
 	return offset;
 }
@@ -9120,7 +9125,7 @@ samr_dissect_element_QuerySecurity_handle_(tvbuff_t *tvb _U_, int offset _U_, pa
 static int
 samr_dissect_element_QuerySecurity_sec_info(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-		offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_samr_sec_info, NULL);
+	offset=cnf_dissect_samr_security_secinfo(tvb, offset, pinfo, tree, drep);
 
 	return offset;
 }
@@ -13981,9 +13986,9 @@ samr_dissect_element_Connect4_system_name_(tvbuff_t *tvb _U_, int offset _U_, pa
 }
 
 static int
-samr_dissect_element_Connect4_unknown(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+samr_dissect_element_Connect4_revision(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, drep, hf_samr_samr_Connect4_unknown, 0);
+	offset = samr_dissect_enum_ConnectRevision(tvb, offset, pinfo, tree, drep, hf_samr_samr_Connect4_revision, 0);
 
 	return offset;
 }
@@ -14014,7 +14019,7 @@ samr_dissect_element_Connect4_connect_handle_(tvbuff_t *tvb _U_, int offset _U_,
 
 /* IDL: NTSTATUS samr_Connect4( */
 /* IDL: [unique(1)] [in] [charset(UTF16)] uint16 *system_name, */
-/* IDL: [in] uint32 unknown, */
+/* IDL: [in] samr_ConnectRevision revision, */
 /* IDL: [in] samr_ServerAccessMask access_mask, */
 /* IDL: [out] [ref] policy_handle *connect_handle */
 /* IDL: ); */
@@ -14042,7 +14047,7 @@ samr_dissect_Connect4_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pi
 	pinfo->dcerpc_procedure_name="Connect4";
 	offset = samr_dissect_element_Connect4_system_name(tvb, offset, pinfo, tree, drep);
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
-	offset = samr_dissect_element_Connect4_unknown(tvb, offset, pinfo, tree, drep);
+	offset = samr_dissect_element_Connect4_revision(tvb, offset, pinfo, tree, drep);
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
 	offset = samr_dissect_element_Connect4_access_mask(tvb, offset, pinfo, tree, drep);
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
@@ -15143,8 +15148,6 @@ void proto_register_dcerpc_samr(void)
 	  { "Samr Field Workstations", "samr.samr_FieldsPresent.SAMR_FIELD_WORKSTATIONS", FT_BOOLEAN, 32, TFS(&samr_FieldsPresent_SAMR_FIELD_WORKSTATIONS_tfs), ( 0x00000400 ), "", HFILL }},
 	{ &hf_samr_samr_GetDisplayEnumerationIndex_idx, 
 	  { "Idx", "samr.samr_GetDisplayEnumerationIndex.idx", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
-	{ &hf_samr_samr_Connect4_unknown, 
-	  { "Unknown", "samr.samr_Connect4.unknown", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
 	{ &hf_samr_samr_UserInfo5_last_logon, 
 	  { "Last Logon", "samr.samr_UserInfo5.last_logon", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0, "", HFILL }},
 	{ &hf_samr_samr_ServerAccessMask_SAMR_SERVER_ACCESS_CREATE_DOMAIN, 
@@ -15254,7 +15257,7 @@ void proto_register_dcerpc_samr(void)
 	{ &hf_samr_samr_ValidatePasswordReq2_password_matched, 
 	  { "Password Matched", "samr.samr_ValidatePasswordReq2.password_matched", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
 	{ &hf_samr_samr_QuerySecurity_sec_info, 
-	  { "Sec Info", "samr.samr_QuerySecurity.sec_info", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
+	  { "Sec Info", "samr.samr_QuerySecurity.sec_info", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
 	{ &hf_samr_samr_DomainInfo_info12, 
 	  { "Info12", "samr.samr_DomainInfo.info12", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
 	{ &hf_samr_samr_QueryDisplayInfo_max_entries, 
@@ -15380,7 +15383,7 @@ void proto_register_dcerpc_samr(void)
 	{ &hf_samr_samr_DomainInfo_info13, 
 	  { "Info13", "samr.samr_DomainInfo.info13", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
 	{ &hf_samr_samr_SetSecurity_sec_info, 
-	  { "Sec Info", "samr.samr_SetSecurity.sec_info", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
+	  { "Sec Info", "samr.samr_SetSecurity.sec_info", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
 	{ &hf_samr_samr_QueryDisplayInfo2_buf_size, 
 	  { "Buf Size", "samr.samr_QueryDisplayInfo2.buf_size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
 	{ &hf_samr_samr_PasswordProperties_DOMAIN_PASSWORD_STORE_CLEARTEXT, 
@@ -15629,8 +15632,6 @@ void proto_register_dcerpc_samr(void)
 	  { "Se Group Mandatory", "samr.samr_GroupAttrs.SE_GROUP_MANDATORY", FT_BOOLEAN, 32, TFS(&samr_GroupAttrs_SE_GROUP_MANDATORY_tfs), ( 0x00000001 ), "", HFILL }},
 	{ &hf_samr_samr_UserInfo5_description, 
 	  { "Description", "samr.samr_UserInfo5.description", FT_STRING, BASE_NONE, NULL, 0, "", HFILL }},
-	{ &hf_samr_sec_info, 
-	  { "SecInfo", "samr.sec_info", FT_UINT32, BASE_HEX, NULL, 0, " ", HFILL }},
 	{ &hf_samr_samr_DomInfo7_role, 
 	  { "Role", "samr.samr_DomInfo7.role", FT_UINT32, BASE_DEC, VALS(samr_samr_Role_vals), 0, "", HFILL }},
 	{ &hf_samr_samr_UserInfo21_workstations, 
@@ -15779,6 +15780,8 @@ void proto_register_dcerpc_samr(void)
 	  { "Info", "samr.samr_QueryDisplayInfo3.info", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
 	{ &hf_samr_samr_OemChangePasswordUser2_hash, 
 	  { "Hash", "samr.samr_OemChangePasswordUser2.hash", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+	{ &hf_samr_samr_Connect4_revision, 
+	  { "Revision", "samr.samr_Connect4.revision", FT_UINT32, BASE_DEC, VALS(samr_samr_ConnectRevision_vals), 0, "", HFILL }},
 	{ &hf_samr_samr_QueryUserInfo2_level, 
 	  { "Level", "samr.samr_QueryUserInfo2.level", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
 	{ &hf_samr_samr_FieldsPresent_SAMR_FIELD_BAD_PWD_COUNT, 
diff --git a/epan/dissectors/packet-windows-common.c b/epan/dissectors/packet-windows-common.c
index 1baf10930d..4cd125a9a3 100644
--- a/epan/dissectors/packet-windows-common.c
+++ b/epan/dissectors/packet-windows-common.c
@@ -71,6 +71,10 @@ static int hf_nt_ace_flags_object_type_present = -1;
 static int hf_nt_ace_flags_inherited_object_type_present = -1;
 static int hf_nt_ace_guid = -1;
 static int hf_nt_ace_inherited_guid = -1;
+static int hf_nt_security_information_sacl = -1;
+static int hf_nt_security_information_dacl = -1;
+static int hf_nt_security_information_group = -1;
+static int hf_nt_security_information_owner = -1;
 
 static gint ett_nt_sec_desc = -1;
 static gint ett_nt_sec_desc_type = -1;
@@ -80,6 +84,7 @@ static gint ett_nt_ace = -1;
 static gint ett_nt_ace_flags = -1;
 static gint ett_nt_ace_object = -1;
 static gint ett_nt_ace_object_flags = -1;
+static gint ett_nt_security_information = -1;
 
 /* WERR error codes
  * This list is based on the samba doserr.h file and was generated by running
@@ -1857,6 +1862,23 @@ static const true_false_string tfs_ace_flags_failed_access = {
   "Failed accesses will not be audited"
 };
 
+static const true_false_string flags_sec_info_sacl = {
+  "Request SACL",
+  "Do NOT request SACL"
+};
+static const true_false_string flags_sec_info_dacl = {
+  "Request DACL",
+  "Do NOT request DACL"
+};
+static const true_false_string flags_sec_info_group = {
+  "Request GROUP",
+  "Do NOT request group"
+};
+static const true_false_string flags_sec_info_owner = {
+  "Request OWNER",
+  "Do NOT request owner"
+};
+
 #define APPEND_ACE_TEXT(flag, item, string) \
 	if(flag){							\
 		if(item)						\
@@ -2250,6 +2272,46 @@ dissect_nt_sec_desc_type(tvbuff_t *tvb, int offset, proto_tree *parent_tree)
 }
 
 int
+dissect_nt_security_information(tvbuff_t *tvb, int offset, proto_tree *parent_tree)
+{
+	proto_item *item = NULL;
+	proto_tree *tree = NULL;
+	guint32 mask;
+
+	mask = tvb_get_letohl(tvb, offset);
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, 2,
+					   "SEC INFO: 0x%08x", mask);
+		tree = proto_item_add_subtree(item, ett_nt_security_information);
+	}
+
+	proto_tree_add_boolean(tree,hf_nt_security_information_sacl,
+			       tvb, offset, 4, mask);
+	if (mask & 0x00000008) {
+		proto_item_append_text(item, " SACL");
+	}
+	proto_tree_add_boolean(tree,hf_nt_security_information_dacl,
+			       tvb, offset, 4, mask);
+	if (mask & 0x00000004) {
+		proto_item_append_text(item, " DACL");
+	}
+	proto_tree_add_boolean(tree,hf_nt_security_information_group,
+			       tvb, offset, 4, mask);
+	if (mask & 0x00000002) {
+		proto_item_append_text(item, " GROUP");
+	}
+	proto_tree_add_boolean(tree,hf_nt_security_information_owner,
+			       tvb, offset, 4, mask);
+	if (mask & 0x00000001) {
+		proto_item_append_text(item, " OWNER");
+	}
+
+	offset += 4;
+
+	return offset;
+}
+
+int
 dissect_nt_sec_desc(tvbuff_t *tvb, int offset, packet_info *pinfo,
 		    proto_tree *parent_tree, guint8 *drep,
 		    gboolean len_supplied, int len, 
@@ -2709,6 +2771,22 @@ proto_do_register_windows_common(int proto_smb)
 		  { "Inherited GUID", "nt.ace.object.inherited_guid", FT_GUID, BASE_NONE,
 		    NULL, 0, "", HFILL }},
 
+		{ &hf_nt_security_information_sacl,
+		  { "SACL", "nt.sec_info.sacl", FT_BOOLEAN, 32,
+		    TFS(&flags_sec_info_sacl), 0x00000008, "", HFILL }},
+
+		{ &hf_nt_security_information_dacl,
+		  { "DACL", "nt.sec_info.dacl", FT_BOOLEAN, 32,
+		    TFS(&flags_sec_info_dacl), 0x00000004, "", HFILL }},
+
+		{ &hf_nt_security_information_group,
+		  { "Group", "nt.sec_info.group", FT_BOOLEAN, 32,
+		    TFS(&flags_sec_info_group), 0x00000002, "", HFILL }},
+
+		{ &hf_nt_security_information_owner,
+		  { "Owner", "nt.sec_info.owner", FT_BOOLEAN, 32,
+		    TFS(&flags_sec_info_owner), 0x00000001, "", HFILL }},
+
 	};
 
 	static gint *ett[] = {
@@ -2724,6 +2802,7 @@ proto_do_register_windows_common(int proto_smb)
 		&ett_nt_access_mask_generic,
 		&ett_nt_access_mask_standard,
 		&ett_nt_access_mask_specific,
+		&ett_nt_security_information,
 	};
 
 	proto_register_subtree_array(ett, array_length(ett));
diff --git a/epan/dissectors/packet-windows-common.h b/epan/dissectors/packet-windows-common.h
index 19cafb55f7..88b957e3c4 100644
--- a/epan/dissectors/packet-windows-common.h
+++ b/epan/dissectors/packet-windows-common.h
@@ -289,5 +289,8 @@ proto_do_register_windows_common(int proto_smb);
 const char *
 get_well_known_rid_name(guint32);
 
+int
+dissect_nt_security_information(tvbuff_t *tvb, int offset, proto_tree *parent_tree);
+
 #endif
 
diff --git a/epan/dissectors/pidl/samr.cnf b/epan/dissectors/pidl/samr.cnf
index d63c1b94c7..1679fe625d 100644
--- a/epan/dissectors/pidl/samr.cnf
+++ b/epan/dissectors/pidl/samr.cnf
@@ -1,7 +1,3 @@
-IMPORT security_secinfo 	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_samr_sec_info, NULL);
-HF_FIELD hf_samr_sec_info "SecInfo" "samr.sec_info" FT_UINT32 BASE_HEX NULL 0 "" "" ""
-
-
 #
 # policyhandle tracking
 # This block is to specify where a policyhandle is opened and where it is
@@ -169,6 +165,7 @@ TYPE dom_sid2 "offset=cnf_dissect_dom_sid2(tvb, offset, pinfo, tree, drep);" FT_
 
 TYPE lsa_SidArray "offset=cnf_dissect_lsa_SidArray(tvb, offset, pinfo, tree, drep);" FT_NONE BASE_NONE 0 NULL 4 
 
+TYPE security_secinfo "offset=cnf_dissect_samr_security_secinfo(tvb, offset, pinfo, tree, drep);" FT_NONE BASE_NONE 0 NULL 4 
 
 #
 # ConnectX access masks
@@ -507,4 +504,13 @@ cnf_dissect_lsa_SidArray(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tr
 	return offset;
 }
 
+
+static int
+cnf_dissect_samr_security_secinfo(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, guint8 *drep _U_)
+{
+	offset = dissect_nt_security_information(tvb, offset, tree);
+
+	return offset;
+}
+
 CODE END
diff --git a/epan/dissectors/pidl/samr.idl b/epan/dissectors/pidl/samr.idl
index 5828151c5f..8784c24e38 100644
--- a/epan/dissectors/pidl/samr.idl
+++ b/epan/dissectors/pidl/samr.idl
@@ -1310,7 +1310,7 @@
 	/* Function    0x3e     */
 	NTSTATUS samr_Connect4(
 		[in,unique,string,charset(UTF16)] uint16 *system_name,
-		[in] uint32 unknown,
+		[in] samr_ConnectRevision revision,
 		[in] samr_ServerAccessMask access_mask,
 		[out,ref]  policy_handle *connect_handle
 		);
author	Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>	2008-10-03 02:39:17 +0000
committer	Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>	2008-10-03 02:39:17 +0000
commit	48cabe4f20f98ae09dedfcaf4e390b32a9b1c3c9 (patch)
tree	5bb8b3e2d27d129f064cdac166de2aab5c9fb33f /epan/dissectors
parent	2a4ddda66a6e8d680111474ab1e5fc700bfdda7d (diff)