diff options
| author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2006-08-19 09:22:20 +0000 |
|---|---|---|
| committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2006-08-19 09:22:20 +0000 |
| commit | c0e5ca30ad92f42d552f24ac00934edd0619457d (patch) | |
| tree | fc44ff3af337fc2732b5787029cbd18e2b562106 /epan/dissectors | |
| parent | f4457669d3f87c8eff1c419ab59803caed7f1c1d (diff) | |
add some well known rids from s4 security.idl and code to show the name of this rid
when dissecting a security descriptor
svn path=/trunk/; revision=18959
Diffstat (limited to 'epan/dissectors')
| -rw-r--r-- | epan/dissectors/packet-windows-common.c | 28 | ||||
| -rw-r--r-- | epan/dissectors/packet-windows-common.h | 3 |
2 files changed, 30 insertions, 1 deletions
diff --git a/epan/dissectors/packet-windows-common.c b/epan/dissectors/packet-windows-common.c index a370186405..f88ea395ca 100644 --- a/epan/dissectors/packet-windows-common.c +++ b/epan/dissectors/packet-windows-common.c @@ -1232,6 +1232,25 @@ dissect_nt_64bit_time(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date) return offset; } + +static const value_string well_known_rids[] = { + { 9, "Logon"}, + {500, "Administrator"}, + {501, "Guest"}, + {512, "Domain Administrators"}, + {513, "Domain Users"}, + {516, "Domain Controllers"}, + {517, "Cert Administrators"}, + {518, "Schema Administrators"}, + {519, "Enterprise Administrators"}, + {0,NULL} +}; +const char * +get_well_known_rid_name(guint32 rid) +{ + return match_strval(rid, well_known_rids); +} + /* Dissect a NT SID. Label it with 'name' and return a string version of the SID in the 'sid_str' parameter which must be freed by the caller. hf_sid can be -1 if the caller doesnt care what name is used and then @@ -1346,7 +1365,14 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree_add_text(tree, tvb, sa_offset, num_auth * 4, "Sub-authorities: %s", str); if(rid_present){ - proto_tree_add_text(tree, tvb, rid_offset, 4, "RID: %u", rid); + char *rid_name; + proto_item *it; + + it=proto_tree_add_text(tree, tvb, rid_offset, 4, "RID: %u", rid); + rid_name=get_well_known_rid_name(rid); + if(it && rid_name){ + proto_item_append_text(it, " (%s)",rid_name); + } } if(sid_str){ diff --git a/epan/dissectors/packet-windows-common.h b/epan/dissectors/packet-windows-common.h index 9e51cac232..6ae9a748c3 100644 --- a/epan/dissectors/packet-windows-common.h +++ b/epan/dissectors/packet-windows-common.h @@ -180,5 +180,8 @@ dissect_nt_sec_desc(tvbuff_t *tvb, int offset, packet_info *pinfo, void proto_do_register_windows_common(int proto_smb); +const char * +get_well_known_rid_name(guint32); + #endif |