diff options
Diffstat (limited to 'epan/dissectors/packet-windows-common.c')
-rw-r--r-- | epan/dissectors/packet-windows-common.c | 379 |
1 files changed, 193 insertions, 186 deletions
diff --git a/epan/dissectors/packet-windows-common.c b/epan/dissectors/packet-windows-common.c index b868de724f..a60132837e 100644 --- a/epan/dissectors/packet-windows-common.c +++ b/epan/dissectors/packet-windows-common.c @@ -86,128 +86,128 @@ static const value_string ace_sra_type_vals[] = { { 0, NULL } }; -static int hf_nt_sec_desc_revision = -1; -static int hf_nt_sec_desc_type_owner_defaulted = -1; -static int hf_nt_sec_desc_type_group_defaulted = -1; -static int hf_nt_sec_desc_type_dacl_present = -1; -static int hf_nt_sec_desc_type_dacl_defaulted = -1; -static int hf_nt_sec_desc_type_sacl_present = -1; -static int hf_nt_sec_desc_type_sacl_defaulted = -1; -static int hf_nt_sec_desc_type_dacl_trusted = -1; -static int hf_nt_sec_desc_type_server_security = -1; -static int hf_nt_sec_desc_type_dacl_auto_inherit_req = -1; -static int hf_nt_sec_desc_type_sacl_auto_inherit_req = -1; -static int hf_nt_sec_desc_type_dacl_auto_inherited = -1; -static int hf_nt_sec_desc_type_sacl_auto_inherited = -1; -static int hf_nt_sec_desc_type_dacl_protected = -1; -static int hf_nt_sec_desc_type_sacl_protected = -1; -static int hf_nt_sec_desc_type_rm_control_valid = -1; -static int hf_nt_sec_desc_type_self_relative = -1; -static int hf_nt_sid = -1; -static int hf_nt_sid_revision = -1; -static int hf_nt_sid_num_auth = -1; -static int hf_nt_sid_auth_dec = -1; -static int hf_nt_sid_auth_hex = -1; -static int hf_nt_sid_subauth = -1; -static int hf_nt_sid_rid_dec = -1; -static int hf_nt_sid_rid_hex = -1; -static int hf_nt_sid_wkwn = -1; -static int hf_nt_sid_domain = -1; -static int hf_nt_acl_revision = -1; -static int hf_nt_acl_size = -1; -static int hf_nt_acl_num_aces = -1; -static int hf_nt_ace_flags_object_inherit = -1; -static int hf_nt_ace_flags_container_inherit = -1; -static int hf_nt_ace_flags_non_propagate_inherit = -1; -static int hf_nt_ace_flags_inherit_only = -1; -static int hf_nt_ace_flags_inherited_ace = -1; -static int hf_nt_ace_flags_successful_access = -1; -static int hf_nt_ace_flags_failed_access = -1; -static int hf_nt_ace_type = -1; -static int hf_nt_ace_size = -1; -static int hf_nt_ace_flags_object_type_present = -1; -static int hf_nt_ace_flags_inherited_object_type_present = -1; -static int hf_nt_ace_guid = -1; -static int hf_nt_ace_inherited_guid = -1; +static int hf_nt_sec_desc_revision; +static int hf_nt_sec_desc_type_owner_defaulted; +static int hf_nt_sec_desc_type_group_defaulted; +static int hf_nt_sec_desc_type_dacl_present; +static int hf_nt_sec_desc_type_dacl_defaulted; +static int hf_nt_sec_desc_type_sacl_present; +static int hf_nt_sec_desc_type_sacl_defaulted; +static int hf_nt_sec_desc_type_dacl_trusted; +static int hf_nt_sec_desc_type_server_security; +static int hf_nt_sec_desc_type_dacl_auto_inherit_req; +static int hf_nt_sec_desc_type_sacl_auto_inherit_req; +static int hf_nt_sec_desc_type_dacl_auto_inherited; +static int hf_nt_sec_desc_type_sacl_auto_inherited; +static int hf_nt_sec_desc_type_dacl_protected; +static int hf_nt_sec_desc_type_sacl_protected; +static int hf_nt_sec_desc_type_rm_control_valid; +static int hf_nt_sec_desc_type_self_relative; +static int hf_nt_sid; +static int hf_nt_sid_revision; +static int hf_nt_sid_num_auth; +static int hf_nt_sid_auth_dec; +static int hf_nt_sid_auth_hex; +static int hf_nt_sid_subauth; +static int hf_nt_sid_rid_dec; +static int hf_nt_sid_rid_hex; +static int hf_nt_sid_wkwn; +static int hf_nt_sid_domain; +static int hf_nt_acl_revision; +static int hf_nt_acl_size; +static int hf_nt_acl_num_aces; +static int hf_nt_ace_flags_object_inherit; +static int hf_nt_ace_flags_container_inherit; +static int hf_nt_ace_flags_non_propagate_inherit; +static int hf_nt_ace_flags_inherit_only; +static int hf_nt_ace_flags_inherited_ace; +static int hf_nt_ace_flags_successful_access; +static int hf_nt_ace_flags_failed_access; +static int hf_nt_ace_type; +static int hf_nt_ace_size; +static int hf_nt_ace_flags_object_type_present; +static int hf_nt_ace_flags_inherited_object_type_present; +static int hf_nt_ace_guid; +static int hf_nt_ace_inherited_guid; /* Conditional ACE dissect */ -static int hf_nt_ace_cond = -1; -static int hf_nt_ace_cond_token = -1; -static int hf_nt_ace_cond_sign = -1; -static int hf_nt_ace_cond_base = -1; -static int hf_nt_ace_cond_value_int8 = -1; -static int hf_nt_ace_cond_value_int16 = -1; -static int hf_nt_ace_cond_value_int32 = -1; -static int hf_nt_ace_cond_value_int64 = -1; -static int hf_nt_ace_cond_value_string = -1; -static int hf_nt_ace_cond_value_octet_string = -1; -static int hf_nt_ace_cond_local_attr = -1; -static int hf_nt_ace_cond_user_attr = -1; -static int hf_nt_ace_cond_resource_attr = -1; -static int hf_nt_ace_cond_device_attr = -1; +static int hf_nt_ace_cond; +static int hf_nt_ace_cond_token; +static int hf_nt_ace_cond_sign; +static int hf_nt_ace_cond_base; +static int hf_nt_ace_cond_value_int8; +static int hf_nt_ace_cond_value_int16; +static int hf_nt_ace_cond_value_int32; +static int hf_nt_ace_cond_value_int64; +static int hf_nt_ace_cond_value_string; +static int hf_nt_ace_cond_value_octet_string; +static int hf_nt_ace_cond_local_attr; +static int hf_nt_ace_cond_user_attr; +static int hf_nt_ace_cond_resource_attr; +static int hf_nt_ace_cond_device_attr; /* System Resource Attribute ACE dissect */ -static int hf_nt_ace_sra = -1; -static int hf_nt_ace_sra_name_offset = -1; -static int hf_nt_ace_sra_name = -1; -static int hf_nt_ace_sra_type = -1; -static int hf_nt_ace_sra_reserved = -1; -static int hf_nt_ace_sra_flags = -1; -static int hf_nt_ace_sra_flags_manual = -1; -static int hf_nt_ace_sra_flags_policy_derived = -1; -static int hf_nt_ace_sra_flags_non_inheritable = -1; -static int hf_nt_ace_sra_flags_case_sensitive = -1; -static int hf_nt_ace_sra_flags_deny_only = -1; -static int hf_nt_ace_sra_flags_disabled_by_default = -1; -static int hf_nt_ace_sra_flags_disabled = -1; -static int hf_nt_ace_sra_flags_mandatory = -1; -static int hf_nt_ace_sra_value_count = -1; -static int hf_nt_ace_sra_value_offset = -1; -static int hf_nt_ace_sra_value_int64 = -1; -static int hf_nt_ace_sra_value_uint64 = -1; -static int hf_nt_ace_sra_value_string = -1; -static int hf_nt_ace_sra_value_sid = -1; -static int hf_nt_ace_sra_value_boolean = -1; -static int hf_nt_ace_sra_value_octet_string = -1; - -static int hf_nt_security_information_sacl = -1; -static int hf_nt_security_information_dacl = -1; -static int hf_nt_security_information_group = -1; -static int hf_nt_security_information_owner = -1; +static int hf_nt_ace_sra; +static int hf_nt_ace_sra_name_offset; +static int hf_nt_ace_sra_name; +static int hf_nt_ace_sra_type; +static int hf_nt_ace_sra_reserved; +static int hf_nt_ace_sra_flags; +static int hf_nt_ace_sra_flags_manual; +static int hf_nt_ace_sra_flags_policy_derived; +static int hf_nt_ace_sra_flags_non_inheritable; +static int hf_nt_ace_sra_flags_case_sensitive; +static int hf_nt_ace_sra_flags_deny_only; +static int hf_nt_ace_sra_flags_disabled_by_default; +static int hf_nt_ace_sra_flags_disabled; +static int hf_nt_ace_sra_flags_mandatory; +static int hf_nt_ace_sra_value_count; +static int hf_nt_ace_sra_value_offset; +static int hf_nt_ace_sra_value_int64; +static int hf_nt_ace_sra_value_uint64; +static int hf_nt_ace_sra_value_string; +static int hf_nt_ace_sra_value_sid; +static int hf_nt_ace_sra_value_boolean; +static int hf_nt_ace_sra_value_octet_string; + +static int hf_nt_security_information_sacl; +static int hf_nt_security_information_dacl; +static int hf_nt_security_information_group; +static int hf_nt_security_information_owner; /* Generated from convert_proto_tree_add_text.pl */ -static int hf_nt_security_information = -1; -static int hf_nt_sec_desc_type = -1; -static int hf_nt_offset_to_dacl = -1; -static int hf_nt_offset_to_owner_sid = -1; -static int hf_nt_ace_flags_object = -1; -static int hf_nt_offset_to_group_sid = -1; -static int hf_nt_ace_flags = -1; -static int hf_nt_offset_to_sacl = -1; - -static gint ett_nt_sec_desc = -1; -static gint ett_nt_sec_desc_type = -1; -static gint ett_nt_sid = -1; -static gint ett_nt_acl = -1; -static gint ett_nt_ace = -1; -static gint ett_nt_ace_flags = -1; -static gint ett_nt_ace_object = -1; -static gint ett_nt_ace_object_flags = -1; -static gint ett_nt_security_information = -1; -static gint ett_nt_ace_cond = -1; -static gint ett_nt_ace_cond_data = -1; -static gint ett_nt_ace_sra = -1; -static gint ett_nt_ace_sra_flags = -1; -static gint ett_nt_ace_sra_value_offsets = -1; -static gint ett_nt_ace_sra_values = -1; - -static expert_field ei_nt_owner_sid_beyond_data = EI_INIT; -static expert_field ei_nt_owner_sid_beyond_reassembled_data = EI_INIT; -static expert_field ei_nt_ace_extends_beyond_data = EI_INIT; -static expert_field ei_nt_ace_extends_beyond_reassembled_data = EI_INIT; -static expert_field ei_nt_group_sid_beyond_data = EI_INIT; -static expert_field ei_nt_group_sid_beyond_reassembled_data = EI_INIT; -static expert_field ei_nt_item_offs_out_of_range = EI_INIT; +static int hf_nt_security_information; +static int hf_nt_sec_desc_type; +static int hf_nt_offset_to_dacl; +static int hf_nt_offset_to_owner_sid; +static int hf_nt_ace_flags_object; +static int hf_nt_offset_to_group_sid; +static int hf_nt_ace_flags; +static int hf_nt_offset_to_sacl; + +static gint ett_nt_sec_desc; +static gint ett_nt_sec_desc_type; +static gint ett_nt_sid; +static gint ett_nt_acl; +static gint ett_nt_ace; +static gint ett_nt_ace_flags; +static gint ett_nt_ace_object; +static gint ett_nt_ace_object_flags; +static gint ett_nt_security_information; +static gint ett_nt_ace_cond; +static gint ett_nt_ace_cond_data; +static gint ett_nt_ace_sra; +static gint ett_nt_ace_sra_flags; +static gint ett_nt_ace_sra_value_offsets; +static gint ett_nt_ace_sra_values; + +static expert_field ei_nt_owner_sid_beyond_data; +static expert_field ei_nt_owner_sid_beyond_reassembled_data; +static expert_field ei_nt_ace_extends_beyond_data; +static expert_field ei_nt_ace_extends_beyond_reassembled_data; +static expert_field ei_nt_group_sid_beyond_data; +static expert_field ei_nt_group_sid_beyond_reassembled_data; +static expert_field ei_nt_item_offs_out_of_range; /* WERR error codes */ @@ -1077,7 +1077,7 @@ const value_string NT_errors[] = { { 0xC002100A, "RPC_P_SEND_FAILED" }, { 0xC002100B, "RPC_P_TIMEOUT" }, { 0xC002100C, "RPC_P_SERVER_TRANSPORT_ERROR" }, - { 0xC002100E, "RPC_P_EXCEPTION_OCCURED" }, + { 0xC002100E, "RPC_P_EXCEPTION_OCCURRED" }, { 0xC0021012, "RPC_P_CONNECTION_SHUTDOWN" }, { 0xC0021015, "RPC_P_THREAD_LISTENING" }, { 0xC0030001, "RPC_NT_NO_MORE_ENTRIES" }, @@ -1379,14 +1379,15 @@ static const sid_strings well_known_sids[] = { {"S-1-5-18", "Local System"}, {"S-1-5-19", "Local Service"}, {"S-1-5-20", "Network Service"}, + + {"S-1-5-21-0-0-0-496", "Compounded Authentication"}, + {"S-1-5-21-0-0-0-497", "Claims Valid"}, + /* * S-1-5-21-<d1>-<d2>-<d3>-<RID> where "<d1>-<d2>-<d3>" is the NT domain * RIDs are defined in 'wkwn_S_1_5_21_rids' */ {"S-1-5-21", "Domain SID"}, - {"S-1-5-21-0-0-0-496", "Compounded Authentication"}, - {"S-1-5-21-0-0-0-497", "Claims Valid"}, - /* S-1-5-32-<RID>: Builtin local group SIDs */ {"S-1-5-32", "Local Group"}, {"S-1-5-32-544", "Administrators"}, @@ -1476,6 +1477,8 @@ match_wkwn_sids(const char* sid) { https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems */ static const value_string wkwn_S_1_5_21_rids[] = { + {496, "Compounded Authentication"}, + {497, "Claims Valid"}, {498, "Enterprise Read-only Domain Controllers"}, {500, "Administrator"}, {501, "Guest"}, @@ -1490,6 +1493,10 @@ static const value_string wkwn_S_1_5_21_rids[] = { {519, "Enterprise Admins"}, {520, "Group Policy Creator Owners"}, {521, "Read-only Domain Controllers"}, + {522, "Cloneable Controllers"}, + {525, "Protected Users"}, + {526, "Key Admins"}, + {527, "Enterprise Key Admins"}, {553, "RAS and IAS Servers"}, {571, "Allowed RODC Password Replication Group"}, {572, "Denied RODC Password Replication Group"}, @@ -1532,7 +1539,7 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, if(sid_str) *sid_str=NULL; - if(hf_sid==-1){ + if(hf_sid <= 0){ /* if no tree, just return the offset of the end_of_SID+1 */ if (!parent_tree) return(offset+(6+(num_auth*4))); @@ -1546,18 +1553,18 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, offset++; } - sid_in_dec_str = wmem_strbuf_new_label(wmem_packet_scope()); - wmem_strbuf_append_printf (sid_in_dec_str, "S-%u-%" G_GINT64_MODIFIER "u", revision, authority); + sid_in_dec_str = wmem_strbuf_create(wmem_packet_scope()); + wmem_strbuf_append_printf (sid_in_dec_str, "S-%u-%" PRIu64, revision, authority); /* If sid_display_hex is set, sid_in_dec_str is still needed for looking up well-known SIDs*/ if (sid_display_hex) { - sid_in_hex_str = wmem_strbuf_new_label(wmem_packet_scope()); - wmem_strbuf_append_printf (sid_in_hex_str, "S-%x-%" G_GINT64_MODIFIER "x", revision, authority); + sid_in_hex_str = wmem_strbuf_create(wmem_packet_scope()); + wmem_strbuf_append_printf (sid_in_hex_str, "S-%x-%" PRIx64, revision, authority); } - wkwn_sid1_str = wmem_strbuf_new_label(wmem_packet_scope()); - label_str = wmem_strbuf_new_label(wmem_packet_scope()); + wkwn_sid1_str = wmem_strbuf_create(wmem_packet_scope()); + label_str = wmem_strbuf_create(wmem_packet_scope()); if (strcmp(wmem_strbuf_get_str(sid_in_dec_str), "S-1-16")==0) S_1_16 = TRUE; @@ -1582,9 +1589,9 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, sa_offset = offset; - sa_str = wmem_strbuf_new_label(wmem_packet_scope()); - wkwn_sid2_str = wmem_strbuf_new_label(wmem_packet_scope()); - domain_str = wmem_strbuf_new_label(wmem_packet_scope()); + sa_str = wmem_strbuf_create(wmem_packet_scope()); + wkwn_sid2_str = wmem_strbuf_create(wmem_packet_scope()); + domain_str = wmem_strbuf_create(wmem_packet_scope()); /* Build the sub-authorities and full SID strings */ for(i=1; i<num_auth+1; i++) { @@ -2195,38 +2202,38 @@ dissect_nt_conditional_ace(tvbuff_t *tvb, int offset, guint16 size, proto_tree * https://docs.microsoft.com/en-us/windows/win32/secauthz/access-mask-format */ -static gint ett_nt_access_mask = -1; -static gint ett_nt_access_mask_generic = -1; -static gint ett_nt_access_mask_standard = -1; -static gint ett_nt_access_mask_specific = -1; - -static int hf_access_sacl = -1; -static int hf_access_maximum_allowed = -1; -static int hf_access_generic_read = -1; -static int hf_access_generic_write = -1; -static int hf_access_generic_execute = -1; -static int hf_access_generic_all = -1; -static int hf_access_standard_delete = -1; -static int hf_access_standard_read_control = -1; -static int hf_access_standard_synchronise = -1; -static int hf_access_standard_write_dac = -1; -static int hf_access_standard_write_owner = -1; -static int hf_access_specific_15 = -1; -static int hf_access_specific_14 = -1; -static int hf_access_specific_13 = -1; -static int hf_access_specific_12 = -1; -static int hf_access_specific_11 = -1; -static int hf_access_specific_10 = -1; -static int hf_access_specific_9 = -1; -static int hf_access_specific_8 = -1; -static int hf_access_specific_7 = -1; -static int hf_access_specific_6 = -1; -static int hf_access_specific_5 = -1; -static int hf_access_specific_4 = -1; -static int hf_access_specific_3 = -1; -static int hf_access_specific_2 = -1; -static int hf_access_specific_1 = -1; -static int hf_access_specific_0 = -1; +static gint ett_nt_access_mask; +static gint ett_nt_access_mask_generic; +static gint ett_nt_access_mask_standard; +static gint ett_nt_access_mask_specific; + +static int hf_access_sacl; +static int hf_access_maximum_allowed; +static int hf_access_generic_read; +static int hf_access_generic_write; +static int hf_access_generic_execute; +static int hf_access_generic_all; +static int hf_access_standard_delete; +static int hf_access_standard_read_control; +static int hf_access_standard_synchronise; +static int hf_access_standard_write_dac; +static int hf_access_standard_write_owner; +static int hf_access_specific_15; +static int hf_access_specific_14; +static int hf_access_specific_13; +static int hf_access_specific_12; +static int hf_access_specific_11; +static int hf_access_specific_10; +static int hf_access_specific_9; +static int hf_access_specific_8; +static int hf_access_specific_7; +static int hf_access_specific_6; +static int hf_access_specific_5; +static int hf_access_specific_4; +static int hf_access_specific_3; +static int hf_access_specific_2; +static int hf_access_specific_1; +static int hf_access_specific_0; /* Map generic permissions to specific permissions */ @@ -2409,7 +2416,7 @@ dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo, return offset; } -static int hf_nt_access_mask = -1; +static int hf_nt_access_mask; #define ACL_REVISION_NT4 2 #define ACL_REVISION_ADS 4 @@ -2994,7 +3001,7 @@ dissect_nt_sec_desc(tvbuff_t *tvb, int offset_a, packet_info *pinfo, struct access_mask_info *ami) { proto_item *item = NULL; - proto_tree *tree = NULL; + proto_tree * volatile tree = NULL; guint16 revision; int start_offset = offset_a; volatile int offset_v=offset_a; @@ -3398,82 +3405,82 @@ proto_do_register_windows_common(int proto_smb) { &hf_access_specific_15, { "Specific access, bit 15", "nt.access_mask.specific_15", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x8000, NULL, HFILL }}, + 0x00008000, NULL, HFILL }}, { &hf_access_specific_14, { "Specific access, bit 14", "nt.access_mask.specific_14", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x4000, NULL, HFILL }}, + 0x00004000, NULL, HFILL }}, { &hf_access_specific_13, { "Specific access, bit 13", "nt.access_mask.specific_13", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x2000, NULL, HFILL }}, + 0x00002000, NULL, HFILL }}, { &hf_access_specific_12, { "Specific access, bit 12", "nt.access_mask.specific_12", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x1000, NULL, HFILL }}, + 0x00001000, NULL, HFILL }}, { &hf_access_specific_11, { "Specific access, bit 11", "nt.access_mask.specific_11", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x0800, NULL, HFILL }}, + 0x00000800, NULL, HFILL }}, { &hf_access_specific_10, { "Specific access, bit 10", "nt.access_mask.specific_10", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x0400, NULL, HFILL }}, + 0x00000400, NULL, HFILL }}, { &hf_access_specific_9, { "Specific access, bit 9", "nt.access_mask.specific_9", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x0200, NULL, HFILL }}, + 0x00000200, NULL, HFILL }}, { &hf_access_specific_8, { "Specific access, bit 8", "nt.access_mask.specific_8", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x0100, NULL, HFILL }}, + 0x00000100, NULL, HFILL }}, { &hf_access_specific_7, { "Specific access, bit 7", "nt.access_mask.specific_7", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x0080, NULL, HFILL }}, + 0x00000080, NULL, HFILL }}, { &hf_access_specific_6, { "Specific access, bit 6", "nt.access_mask.specific_6", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x0040, NULL, HFILL }}, + 0x00000040, NULL, HFILL }}, { &hf_access_specific_5, { "Specific access, bit 5", "nt.access_mask.specific_5", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x0020, NULL, HFILL }}, + 0x00000020, NULL, HFILL }}, { &hf_access_specific_4, { "Specific access, bit 4", "nt.access_mask.specific_4", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x0010, NULL, HFILL }}, + 0x00000010, NULL, HFILL }}, { &hf_access_specific_3, { "Specific access, bit 3", "nt.access_mask.specific_3", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x0008, NULL, HFILL }}, + 0x00000008, NULL, HFILL }}, { &hf_access_specific_2, { "Specific access, bit 2", "nt.access_mask.specific_2", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x0004, NULL, HFILL }}, + 0x00000004, NULL, HFILL }}, { &hf_access_specific_1, { "Specific access, bit 1", "nt.access_mask.specific_1", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x0002, NULL, HFILL }}, + 0x00000002, NULL, HFILL }}, { &hf_access_specific_0, { "Specific access, bit 0", "nt.access_mask.specific_0", FT_BOOLEAN, 32, TFS(&tfs_set_notset), - 0x0001, NULL, HFILL }}, + 0x00000001, NULL, HFILL }}, { &hf_nt_ace_flags_object_type_present, { "Object Type Present", "nt.ace.object.flags.object_type_present", @@ -3587,27 +3594,27 @@ proto_do_register_windows_common(int proto_smb) { &hf_nt_ace_sra_flags_non_inheritable, { "Non-Inheritable", "nt.ace.sra.flags.non_inheritable", FT_BOOLEAN, 32, - TFS(&flags_ace_sra_info_non_inheritable), 0x0001, NULL, HFILL }}, + TFS(&flags_ace_sra_info_non_inheritable), 0x00000001, NULL, HFILL }}, { &hf_nt_ace_sra_flags_case_sensitive, { "Case Sensitive", "nt.ace.sra.flags.case_sensitive", FT_BOOLEAN, 32, - TFS(&flags_ace_sra_info_case_sensitive), 0x0002, NULL, HFILL }}, + TFS(&flags_ace_sra_info_case_sensitive), 0x00000002, NULL, HFILL }}, { &hf_nt_ace_sra_flags_deny_only, { "Deny Only", "nt.ace.sra.flags.deny_only", FT_BOOLEAN, 32, - TFS(&flags_ace_sra_info_deny_only), 0x0004, NULL, HFILL }}, + TFS(&flags_ace_sra_info_deny_only), 0x00000004, NULL, HFILL }}, { &hf_nt_ace_sra_flags_disabled_by_default, { "Disabled By Default", "nt.ace.sra.flags.disabled_by_default", FT_BOOLEAN, 32, - TFS(&flags_ace_sra_info_disabled_by_default), 0x0008, NULL, HFILL }}, + TFS(&flags_ace_sra_info_disabled_by_default), 0x00000008, NULL, HFILL }}, { &hf_nt_ace_sra_flags_disabled, { "Disabled", "nt.ace.sra.flags.disabled", FT_BOOLEAN, 32, - TFS(&flags_ace_sra_info_disabled), 0x0010, NULL, HFILL }}, + TFS(&flags_ace_sra_info_disabled), 0x00000010, NULL, HFILL }}, { &hf_nt_ace_sra_flags_mandatory, { "Mandatory", "nt.ace.sra.flags.mandatory", FT_BOOLEAN, 32, - TFS(&flags_ace_sra_info_mandatory), 0x0020, NULL, HFILL }}, + TFS(&flags_ace_sra_info_mandatory), 0x00000020, NULL, HFILL }}, { &hf_nt_ace_sra_value_count, { "Value Count", "nt.ace.sra.value_count", FT_UINT32, BASE_DEC, NULL, 0, |