aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-windows-common.c
diff options
context:
space:
mode:
Diffstat (limited to 'epan/dissectors/packet-windows-common.c')
-rw-r--r--epan/dissectors/packet-windows-common.c379
1 files changed, 193 insertions, 186 deletions
diff --git a/epan/dissectors/packet-windows-common.c b/epan/dissectors/packet-windows-common.c
index b868de724f..a60132837e 100644
--- a/epan/dissectors/packet-windows-common.c
+++ b/epan/dissectors/packet-windows-common.c
@@ -86,128 +86,128 @@ static const value_string ace_sra_type_vals[] = {
{ 0, NULL }
};
-static int hf_nt_sec_desc_revision = -1;
-static int hf_nt_sec_desc_type_owner_defaulted = -1;
-static int hf_nt_sec_desc_type_group_defaulted = -1;
-static int hf_nt_sec_desc_type_dacl_present = -1;
-static int hf_nt_sec_desc_type_dacl_defaulted = -1;
-static int hf_nt_sec_desc_type_sacl_present = -1;
-static int hf_nt_sec_desc_type_sacl_defaulted = -1;
-static int hf_nt_sec_desc_type_dacl_trusted = -1;
-static int hf_nt_sec_desc_type_server_security = -1;
-static int hf_nt_sec_desc_type_dacl_auto_inherit_req = -1;
-static int hf_nt_sec_desc_type_sacl_auto_inherit_req = -1;
-static int hf_nt_sec_desc_type_dacl_auto_inherited = -1;
-static int hf_nt_sec_desc_type_sacl_auto_inherited = -1;
-static int hf_nt_sec_desc_type_dacl_protected = -1;
-static int hf_nt_sec_desc_type_sacl_protected = -1;
-static int hf_nt_sec_desc_type_rm_control_valid = -1;
-static int hf_nt_sec_desc_type_self_relative = -1;
-static int hf_nt_sid = -1;
-static int hf_nt_sid_revision = -1;
-static int hf_nt_sid_num_auth = -1;
-static int hf_nt_sid_auth_dec = -1;
-static int hf_nt_sid_auth_hex = -1;
-static int hf_nt_sid_subauth = -1;
-static int hf_nt_sid_rid_dec = -1;
-static int hf_nt_sid_rid_hex = -1;
-static int hf_nt_sid_wkwn = -1;
-static int hf_nt_sid_domain = -1;
-static int hf_nt_acl_revision = -1;
-static int hf_nt_acl_size = -1;
-static int hf_nt_acl_num_aces = -1;
-static int hf_nt_ace_flags_object_inherit = -1;
-static int hf_nt_ace_flags_container_inherit = -1;
-static int hf_nt_ace_flags_non_propagate_inherit = -1;
-static int hf_nt_ace_flags_inherit_only = -1;
-static int hf_nt_ace_flags_inherited_ace = -1;
-static int hf_nt_ace_flags_successful_access = -1;
-static int hf_nt_ace_flags_failed_access = -1;
-static int hf_nt_ace_type = -1;
-static int hf_nt_ace_size = -1;
-static int hf_nt_ace_flags_object_type_present = -1;
-static int hf_nt_ace_flags_inherited_object_type_present = -1;
-static int hf_nt_ace_guid = -1;
-static int hf_nt_ace_inherited_guid = -1;
+static int hf_nt_sec_desc_revision;
+static int hf_nt_sec_desc_type_owner_defaulted;
+static int hf_nt_sec_desc_type_group_defaulted;
+static int hf_nt_sec_desc_type_dacl_present;
+static int hf_nt_sec_desc_type_dacl_defaulted;
+static int hf_nt_sec_desc_type_sacl_present;
+static int hf_nt_sec_desc_type_sacl_defaulted;
+static int hf_nt_sec_desc_type_dacl_trusted;
+static int hf_nt_sec_desc_type_server_security;
+static int hf_nt_sec_desc_type_dacl_auto_inherit_req;
+static int hf_nt_sec_desc_type_sacl_auto_inherit_req;
+static int hf_nt_sec_desc_type_dacl_auto_inherited;
+static int hf_nt_sec_desc_type_sacl_auto_inherited;
+static int hf_nt_sec_desc_type_dacl_protected;
+static int hf_nt_sec_desc_type_sacl_protected;
+static int hf_nt_sec_desc_type_rm_control_valid;
+static int hf_nt_sec_desc_type_self_relative;
+static int hf_nt_sid;
+static int hf_nt_sid_revision;
+static int hf_nt_sid_num_auth;
+static int hf_nt_sid_auth_dec;
+static int hf_nt_sid_auth_hex;
+static int hf_nt_sid_subauth;
+static int hf_nt_sid_rid_dec;
+static int hf_nt_sid_rid_hex;
+static int hf_nt_sid_wkwn;
+static int hf_nt_sid_domain;
+static int hf_nt_acl_revision;
+static int hf_nt_acl_size;
+static int hf_nt_acl_num_aces;
+static int hf_nt_ace_flags_object_inherit;
+static int hf_nt_ace_flags_container_inherit;
+static int hf_nt_ace_flags_non_propagate_inherit;
+static int hf_nt_ace_flags_inherit_only;
+static int hf_nt_ace_flags_inherited_ace;
+static int hf_nt_ace_flags_successful_access;
+static int hf_nt_ace_flags_failed_access;
+static int hf_nt_ace_type;
+static int hf_nt_ace_size;
+static int hf_nt_ace_flags_object_type_present;
+static int hf_nt_ace_flags_inherited_object_type_present;
+static int hf_nt_ace_guid;
+static int hf_nt_ace_inherited_guid;
/* Conditional ACE dissect */
-static int hf_nt_ace_cond = -1;
-static int hf_nt_ace_cond_token = -1;
-static int hf_nt_ace_cond_sign = -1;
-static int hf_nt_ace_cond_base = -1;
-static int hf_nt_ace_cond_value_int8 = -1;
-static int hf_nt_ace_cond_value_int16 = -1;
-static int hf_nt_ace_cond_value_int32 = -1;
-static int hf_nt_ace_cond_value_int64 = -1;
-static int hf_nt_ace_cond_value_string = -1;
-static int hf_nt_ace_cond_value_octet_string = -1;
-static int hf_nt_ace_cond_local_attr = -1;
-static int hf_nt_ace_cond_user_attr = -1;
-static int hf_nt_ace_cond_resource_attr = -1;
-static int hf_nt_ace_cond_device_attr = -1;
+static int hf_nt_ace_cond;
+static int hf_nt_ace_cond_token;
+static int hf_nt_ace_cond_sign;
+static int hf_nt_ace_cond_base;
+static int hf_nt_ace_cond_value_int8;
+static int hf_nt_ace_cond_value_int16;
+static int hf_nt_ace_cond_value_int32;
+static int hf_nt_ace_cond_value_int64;
+static int hf_nt_ace_cond_value_string;
+static int hf_nt_ace_cond_value_octet_string;
+static int hf_nt_ace_cond_local_attr;
+static int hf_nt_ace_cond_user_attr;
+static int hf_nt_ace_cond_resource_attr;
+static int hf_nt_ace_cond_device_attr;
/* System Resource Attribute ACE dissect */
-static int hf_nt_ace_sra = -1;
-static int hf_nt_ace_sra_name_offset = -1;
-static int hf_nt_ace_sra_name = -1;
-static int hf_nt_ace_sra_type = -1;
-static int hf_nt_ace_sra_reserved = -1;
-static int hf_nt_ace_sra_flags = -1;
-static int hf_nt_ace_sra_flags_manual = -1;
-static int hf_nt_ace_sra_flags_policy_derived = -1;
-static int hf_nt_ace_sra_flags_non_inheritable = -1;
-static int hf_nt_ace_sra_flags_case_sensitive = -1;
-static int hf_nt_ace_sra_flags_deny_only = -1;
-static int hf_nt_ace_sra_flags_disabled_by_default = -1;
-static int hf_nt_ace_sra_flags_disabled = -1;
-static int hf_nt_ace_sra_flags_mandatory = -1;
-static int hf_nt_ace_sra_value_count = -1;
-static int hf_nt_ace_sra_value_offset = -1;
-static int hf_nt_ace_sra_value_int64 = -1;
-static int hf_nt_ace_sra_value_uint64 = -1;
-static int hf_nt_ace_sra_value_string = -1;
-static int hf_nt_ace_sra_value_sid = -1;
-static int hf_nt_ace_sra_value_boolean = -1;
-static int hf_nt_ace_sra_value_octet_string = -1;
-
-static int hf_nt_security_information_sacl = -1;
-static int hf_nt_security_information_dacl = -1;
-static int hf_nt_security_information_group = -1;
-static int hf_nt_security_information_owner = -1;
+static int hf_nt_ace_sra;
+static int hf_nt_ace_sra_name_offset;
+static int hf_nt_ace_sra_name;
+static int hf_nt_ace_sra_type;
+static int hf_nt_ace_sra_reserved;
+static int hf_nt_ace_sra_flags;
+static int hf_nt_ace_sra_flags_manual;
+static int hf_nt_ace_sra_flags_policy_derived;
+static int hf_nt_ace_sra_flags_non_inheritable;
+static int hf_nt_ace_sra_flags_case_sensitive;
+static int hf_nt_ace_sra_flags_deny_only;
+static int hf_nt_ace_sra_flags_disabled_by_default;
+static int hf_nt_ace_sra_flags_disabled;
+static int hf_nt_ace_sra_flags_mandatory;
+static int hf_nt_ace_sra_value_count;
+static int hf_nt_ace_sra_value_offset;
+static int hf_nt_ace_sra_value_int64;
+static int hf_nt_ace_sra_value_uint64;
+static int hf_nt_ace_sra_value_string;
+static int hf_nt_ace_sra_value_sid;
+static int hf_nt_ace_sra_value_boolean;
+static int hf_nt_ace_sra_value_octet_string;
+
+static int hf_nt_security_information_sacl;
+static int hf_nt_security_information_dacl;
+static int hf_nt_security_information_group;
+static int hf_nt_security_information_owner;
/* Generated from convert_proto_tree_add_text.pl */
-static int hf_nt_security_information = -1;
-static int hf_nt_sec_desc_type = -1;
-static int hf_nt_offset_to_dacl = -1;
-static int hf_nt_offset_to_owner_sid = -1;
-static int hf_nt_ace_flags_object = -1;
-static int hf_nt_offset_to_group_sid = -1;
-static int hf_nt_ace_flags = -1;
-static int hf_nt_offset_to_sacl = -1;
-
-static gint ett_nt_sec_desc = -1;
-static gint ett_nt_sec_desc_type = -1;
-static gint ett_nt_sid = -1;
-static gint ett_nt_acl = -1;
-static gint ett_nt_ace = -1;
-static gint ett_nt_ace_flags = -1;
-static gint ett_nt_ace_object = -1;
-static gint ett_nt_ace_object_flags = -1;
-static gint ett_nt_security_information = -1;
-static gint ett_nt_ace_cond = -1;
-static gint ett_nt_ace_cond_data = -1;
-static gint ett_nt_ace_sra = -1;
-static gint ett_nt_ace_sra_flags = -1;
-static gint ett_nt_ace_sra_value_offsets = -1;
-static gint ett_nt_ace_sra_values = -1;
-
-static expert_field ei_nt_owner_sid_beyond_data = EI_INIT;
-static expert_field ei_nt_owner_sid_beyond_reassembled_data = EI_INIT;
-static expert_field ei_nt_ace_extends_beyond_data = EI_INIT;
-static expert_field ei_nt_ace_extends_beyond_reassembled_data = EI_INIT;
-static expert_field ei_nt_group_sid_beyond_data = EI_INIT;
-static expert_field ei_nt_group_sid_beyond_reassembled_data = EI_INIT;
-static expert_field ei_nt_item_offs_out_of_range = EI_INIT;
+static int hf_nt_security_information;
+static int hf_nt_sec_desc_type;
+static int hf_nt_offset_to_dacl;
+static int hf_nt_offset_to_owner_sid;
+static int hf_nt_ace_flags_object;
+static int hf_nt_offset_to_group_sid;
+static int hf_nt_ace_flags;
+static int hf_nt_offset_to_sacl;
+
+static gint ett_nt_sec_desc;
+static gint ett_nt_sec_desc_type;
+static gint ett_nt_sid;
+static gint ett_nt_acl;
+static gint ett_nt_ace;
+static gint ett_nt_ace_flags;
+static gint ett_nt_ace_object;
+static gint ett_nt_ace_object_flags;
+static gint ett_nt_security_information;
+static gint ett_nt_ace_cond;
+static gint ett_nt_ace_cond_data;
+static gint ett_nt_ace_sra;
+static gint ett_nt_ace_sra_flags;
+static gint ett_nt_ace_sra_value_offsets;
+static gint ett_nt_ace_sra_values;
+
+static expert_field ei_nt_owner_sid_beyond_data;
+static expert_field ei_nt_owner_sid_beyond_reassembled_data;
+static expert_field ei_nt_ace_extends_beyond_data;
+static expert_field ei_nt_ace_extends_beyond_reassembled_data;
+static expert_field ei_nt_group_sid_beyond_data;
+static expert_field ei_nt_group_sid_beyond_reassembled_data;
+static expert_field ei_nt_item_offs_out_of_range;
/* WERR error codes */
@@ -1077,7 +1077,7 @@ const value_string NT_errors[] = {
{ 0xC002100A, "RPC_P_SEND_FAILED" },
{ 0xC002100B, "RPC_P_TIMEOUT" },
{ 0xC002100C, "RPC_P_SERVER_TRANSPORT_ERROR" },
- { 0xC002100E, "RPC_P_EXCEPTION_OCCURED" },
+ { 0xC002100E, "RPC_P_EXCEPTION_OCCURRED" },
{ 0xC0021012, "RPC_P_CONNECTION_SHUTDOWN" },
{ 0xC0021015, "RPC_P_THREAD_LISTENING" },
{ 0xC0030001, "RPC_NT_NO_MORE_ENTRIES" },
@@ -1379,14 +1379,15 @@ static const sid_strings well_known_sids[] = {
{"S-1-5-18", "Local System"},
{"S-1-5-19", "Local Service"},
{"S-1-5-20", "Network Service"},
+
+ {"S-1-5-21-0-0-0-496", "Compounded Authentication"},
+ {"S-1-5-21-0-0-0-497", "Claims Valid"},
+
/*
* S-1-5-21-<d1>-<d2>-<d3>-<RID> where "<d1>-<d2>-<d3>" is the NT domain
* RIDs are defined in 'wkwn_S_1_5_21_rids' */
{"S-1-5-21", "Domain SID"},
- {"S-1-5-21-0-0-0-496", "Compounded Authentication"},
- {"S-1-5-21-0-0-0-497", "Claims Valid"},
-
/* S-1-5-32-<RID>: Builtin local group SIDs */
{"S-1-5-32", "Local Group"},
{"S-1-5-32-544", "Administrators"},
@@ -1476,6 +1477,8 @@ match_wkwn_sids(const char* sid) {
https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
*/
static const value_string wkwn_S_1_5_21_rids[] = {
+ {496, "Compounded Authentication"},
+ {497, "Claims Valid"},
{498, "Enterprise Read-only Domain Controllers"},
{500, "Administrator"},
{501, "Guest"},
@@ -1490,6 +1493,10 @@ static const value_string wkwn_S_1_5_21_rids[] = {
{519, "Enterprise Admins"},
{520, "Group Policy Creator Owners"},
{521, "Read-only Domain Controllers"},
+ {522, "Cloneable Controllers"},
+ {525, "Protected Users"},
+ {526, "Key Admins"},
+ {527, "Enterprise Key Admins"},
{553, "RAS and IAS Servers"},
{571, "Allowed RODC Password Replication Group"},
{572, "Denied RODC Password Replication Group"},
@@ -1532,7 +1539,7 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
if(sid_str)
*sid_str=NULL;
- if(hf_sid==-1){
+ if(hf_sid <= 0){
/* if no tree, just return the offset of the end_of_SID+1 */
if (!parent_tree)
return(offset+(6+(num_auth*4)));
@@ -1546,18 +1553,18 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
offset++;
}
- sid_in_dec_str = wmem_strbuf_new_label(wmem_packet_scope());
- wmem_strbuf_append_printf (sid_in_dec_str, "S-%u-%" G_GINT64_MODIFIER "u", revision, authority);
+ sid_in_dec_str = wmem_strbuf_create(wmem_packet_scope());
+ wmem_strbuf_append_printf (sid_in_dec_str, "S-%u-%" PRIu64, revision, authority);
/* If sid_display_hex is set, sid_in_dec_str is still needed for
looking up well-known SIDs*/
if (sid_display_hex) {
- sid_in_hex_str = wmem_strbuf_new_label(wmem_packet_scope());
- wmem_strbuf_append_printf (sid_in_hex_str, "S-%x-%" G_GINT64_MODIFIER "x", revision, authority);
+ sid_in_hex_str = wmem_strbuf_create(wmem_packet_scope());
+ wmem_strbuf_append_printf (sid_in_hex_str, "S-%x-%" PRIx64, revision, authority);
}
- wkwn_sid1_str = wmem_strbuf_new_label(wmem_packet_scope());
- label_str = wmem_strbuf_new_label(wmem_packet_scope());
+ wkwn_sid1_str = wmem_strbuf_create(wmem_packet_scope());
+ label_str = wmem_strbuf_create(wmem_packet_scope());
if (strcmp(wmem_strbuf_get_str(sid_in_dec_str), "S-1-16")==0)
S_1_16 = TRUE;
@@ -1582,9 +1589,9 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
sa_offset = offset;
- sa_str = wmem_strbuf_new_label(wmem_packet_scope());
- wkwn_sid2_str = wmem_strbuf_new_label(wmem_packet_scope());
- domain_str = wmem_strbuf_new_label(wmem_packet_scope());
+ sa_str = wmem_strbuf_create(wmem_packet_scope());
+ wkwn_sid2_str = wmem_strbuf_create(wmem_packet_scope());
+ domain_str = wmem_strbuf_create(wmem_packet_scope());
/* Build the sub-authorities and full SID strings */
for(i=1; i<num_auth+1; i++) {
@@ -2195,38 +2202,38 @@ dissect_nt_conditional_ace(tvbuff_t *tvb, int offset, guint16 size, proto_tree *
https://docs.microsoft.com/en-us/windows/win32/secauthz/access-mask-format
*/
-static gint ett_nt_access_mask = -1;
-static gint ett_nt_access_mask_generic = -1;
-static gint ett_nt_access_mask_standard = -1;
-static gint ett_nt_access_mask_specific = -1;
-
-static int hf_access_sacl = -1;
-static int hf_access_maximum_allowed = -1;
-static int hf_access_generic_read = -1;
-static int hf_access_generic_write = -1;
-static int hf_access_generic_execute = -1;
-static int hf_access_generic_all = -1;
-static int hf_access_standard_delete = -1;
-static int hf_access_standard_read_control = -1;
-static int hf_access_standard_synchronise = -1;
-static int hf_access_standard_write_dac = -1;
-static int hf_access_standard_write_owner = -1;
-static int hf_access_specific_15 = -1;
-static int hf_access_specific_14 = -1;
-static int hf_access_specific_13 = -1;
-static int hf_access_specific_12 = -1;
-static int hf_access_specific_11 = -1;
-static int hf_access_specific_10 = -1;
-static int hf_access_specific_9 = -1;
-static int hf_access_specific_8 = -1;
-static int hf_access_specific_7 = -1;
-static int hf_access_specific_6 = -1;
-static int hf_access_specific_5 = -1;
-static int hf_access_specific_4 = -1;
-static int hf_access_specific_3 = -1;
-static int hf_access_specific_2 = -1;
-static int hf_access_specific_1 = -1;
-static int hf_access_specific_0 = -1;
+static gint ett_nt_access_mask;
+static gint ett_nt_access_mask_generic;
+static gint ett_nt_access_mask_standard;
+static gint ett_nt_access_mask_specific;
+
+static int hf_access_sacl;
+static int hf_access_maximum_allowed;
+static int hf_access_generic_read;
+static int hf_access_generic_write;
+static int hf_access_generic_execute;
+static int hf_access_generic_all;
+static int hf_access_standard_delete;
+static int hf_access_standard_read_control;
+static int hf_access_standard_synchronise;
+static int hf_access_standard_write_dac;
+static int hf_access_standard_write_owner;
+static int hf_access_specific_15;
+static int hf_access_specific_14;
+static int hf_access_specific_13;
+static int hf_access_specific_12;
+static int hf_access_specific_11;
+static int hf_access_specific_10;
+static int hf_access_specific_9;
+static int hf_access_specific_8;
+static int hf_access_specific_7;
+static int hf_access_specific_6;
+static int hf_access_specific_5;
+static int hf_access_specific_4;
+static int hf_access_specific_3;
+static int hf_access_specific_2;
+static int hf_access_specific_1;
+static int hf_access_specific_0;
/* Map generic permissions to specific permissions */
@@ -2409,7 +2416,7 @@ dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo,
return offset;
}
-static int hf_nt_access_mask = -1;
+static int hf_nt_access_mask;
#define ACL_REVISION_NT4 2
#define ACL_REVISION_ADS 4
@@ -2994,7 +3001,7 @@ dissect_nt_sec_desc(tvbuff_t *tvb, int offset_a, packet_info *pinfo,
struct access_mask_info *ami)
{
proto_item *item = NULL;
- proto_tree *tree = NULL;
+ proto_tree * volatile tree = NULL;
guint16 revision;
int start_offset = offset_a;
volatile int offset_v=offset_a;
@@ -3398,82 +3405,82 @@ proto_do_register_windows_common(int proto_smb)
{ &hf_access_specific_15,
{ "Specific access, bit 15", "nt.access_mask.specific_15",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x8000, NULL, HFILL }},
+ 0x00008000, NULL, HFILL }},
{ &hf_access_specific_14,
{ "Specific access, bit 14", "nt.access_mask.specific_14",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x4000, NULL, HFILL }},
+ 0x00004000, NULL, HFILL }},
{ &hf_access_specific_13,
{ "Specific access, bit 13", "nt.access_mask.specific_13",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x2000, NULL, HFILL }},
+ 0x00002000, NULL, HFILL }},
{ &hf_access_specific_12,
{ "Specific access, bit 12", "nt.access_mask.specific_12",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x1000, NULL, HFILL }},
+ 0x00001000, NULL, HFILL }},
{ &hf_access_specific_11,
{ "Specific access, bit 11", "nt.access_mask.specific_11",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x0800, NULL, HFILL }},
+ 0x00000800, NULL, HFILL }},
{ &hf_access_specific_10,
{ "Specific access, bit 10", "nt.access_mask.specific_10",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x0400, NULL, HFILL }},
+ 0x00000400, NULL, HFILL }},
{ &hf_access_specific_9,
{ "Specific access, bit 9", "nt.access_mask.specific_9",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x0200, NULL, HFILL }},
+ 0x00000200, NULL, HFILL }},
{ &hf_access_specific_8,
{ "Specific access, bit 8", "nt.access_mask.specific_8",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x0100, NULL, HFILL }},
+ 0x00000100, NULL, HFILL }},
{ &hf_access_specific_7,
{ "Specific access, bit 7", "nt.access_mask.specific_7",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x0080, NULL, HFILL }},
+ 0x00000080, NULL, HFILL }},
{ &hf_access_specific_6,
{ "Specific access, bit 6", "nt.access_mask.specific_6",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x0040, NULL, HFILL }},
+ 0x00000040, NULL, HFILL }},
{ &hf_access_specific_5,
{ "Specific access, bit 5", "nt.access_mask.specific_5",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x0020, NULL, HFILL }},
+ 0x00000020, NULL, HFILL }},
{ &hf_access_specific_4,
{ "Specific access, bit 4", "nt.access_mask.specific_4",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x0010, NULL, HFILL }},
+ 0x00000010, NULL, HFILL }},
{ &hf_access_specific_3,
{ "Specific access, bit 3", "nt.access_mask.specific_3",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x0008, NULL, HFILL }},
+ 0x00000008, NULL, HFILL }},
{ &hf_access_specific_2,
{ "Specific access, bit 2", "nt.access_mask.specific_2",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x0004, NULL, HFILL }},
+ 0x00000004, NULL, HFILL }},
{ &hf_access_specific_1,
{ "Specific access, bit 1", "nt.access_mask.specific_1",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x0002, NULL, HFILL }},
+ 0x00000002, NULL, HFILL }},
{ &hf_access_specific_0,
{ "Specific access, bit 0", "nt.access_mask.specific_0",
FT_BOOLEAN, 32, TFS(&tfs_set_notset),
- 0x0001, NULL, HFILL }},
+ 0x00000001, NULL, HFILL }},
{ &hf_nt_ace_flags_object_type_present,
{ "Object Type Present", "nt.ace.object.flags.object_type_present",
@@ -3587,27 +3594,27 @@ proto_do_register_windows_common(int proto_smb)
{ &hf_nt_ace_sra_flags_non_inheritable,
{ "Non-Inheritable", "nt.ace.sra.flags.non_inheritable", FT_BOOLEAN, 32,
- TFS(&flags_ace_sra_info_non_inheritable), 0x0001, NULL, HFILL }},
+ TFS(&flags_ace_sra_info_non_inheritable), 0x00000001, NULL, HFILL }},
{ &hf_nt_ace_sra_flags_case_sensitive,
{ "Case Sensitive", "nt.ace.sra.flags.case_sensitive", FT_BOOLEAN, 32,
- TFS(&flags_ace_sra_info_case_sensitive), 0x0002, NULL, HFILL }},
+ TFS(&flags_ace_sra_info_case_sensitive), 0x00000002, NULL, HFILL }},
{ &hf_nt_ace_sra_flags_deny_only,
{ "Deny Only", "nt.ace.sra.flags.deny_only", FT_BOOLEAN, 32,
- TFS(&flags_ace_sra_info_deny_only), 0x0004, NULL, HFILL }},
+ TFS(&flags_ace_sra_info_deny_only), 0x00000004, NULL, HFILL }},
{ &hf_nt_ace_sra_flags_disabled_by_default,
{ "Disabled By Default", "nt.ace.sra.flags.disabled_by_default", FT_BOOLEAN, 32,
- TFS(&flags_ace_sra_info_disabled_by_default), 0x0008, NULL, HFILL }},
+ TFS(&flags_ace_sra_info_disabled_by_default), 0x00000008, NULL, HFILL }},
{ &hf_nt_ace_sra_flags_disabled,
{ "Disabled", "nt.ace.sra.flags.disabled", FT_BOOLEAN, 32,
- TFS(&flags_ace_sra_info_disabled), 0x0010, NULL, HFILL }},
+ TFS(&flags_ace_sra_info_disabled), 0x00000010, NULL, HFILL }},
{ &hf_nt_ace_sra_flags_mandatory,
{ "Mandatory", "nt.ace.sra.flags.mandatory", FT_BOOLEAN, 32,
- TFS(&flags_ace_sra_info_mandatory), 0x0020, NULL, HFILL }},
+ TFS(&flags_ace_sra_info_mandatory), 0x00000020, NULL, HFILL }},
{ &hf_nt_ace_sra_value_count,
{ "Value Count", "nt.ace.sra.value_count", FT_UINT32, BASE_DEC, NULL, 0,
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 12:25:36 +0000