aboutsummaryrefslogtreecommitdiffstats
path: root/packet-dcerpc-netlogon.c
diff options
context:
space:
mode:
Diffstat (limited to 'packet-dcerpc-netlogon.c')
-rw-r--r--packet-dcerpc-netlogon.c201
1 files changed, 121 insertions, 80 deletions
diff --git a/packet-dcerpc-netlogon.c b/packet-dcerpc-netlogon.c
index 1091facebb..3e0798892d 100644
--- a/packet-dcerpc-netlogon.c
+++ b/packet-dcerpc-netlogon.c
@@ -3,7 +3,7 @@
* Copyright 2001, Tim Potter <tpot@samba.org>
* 2002 structure and command dissectors by Ronnie Sahlberg
*
- * $Id: packet-dcerpc-netlogon.c,v 1.31 2002/07/06 00:22:05 sahlberg Exp $
+ * $Id: packet-dcerpc-netlogon.c,v 1.32 2002/07/07 01:07:23 sahlberg Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@@ -54,6 +54,8 @@ static int hf_netlogon_priv = -1;
static int hf_netlogon_status = -1;
static int hf_netlogon_attrs = -1;
static int hf_netlogon_count = -1;
+static int hf_netlogon_minpasswdlen = -1;
+static int hf_netlogon_passwdhistorylen = -1;
static int hf_netlogon_level16 = -1;
static int hf_netlogon_validation_level = -1;
static int hf_netlogon_level = -1;
@@ -98,6 +100,9 @@ static int hf_netlogon_logon_srv = -1;
static int hf_netlogon_principal = -1;
static int hf_netlogon_logon_dom = -1;
static int hf_netlogon_domain_name = -1;
+static int hf_netlogon_domain_create_time = -1;
+static int hf_netlogon_domain_modify_time = -1;
+static int hf_netlogon_oem_info = -1;
static int hf_netlogon_trusted_domain_name = -1;
static int hf_netlogon_num_rids = -1;
static int hf_netlogon_num_other_groups = -1;
@@ -153,7 +158,6 @@ static gint ett_NETLOGON_SECURITY_DESCRIPTOR = -1;
static gint ett_CYPHER_BLOCK = -1;
static gint ett_TYPE_16 = -1;
static gint ett_IDENTITY_INFO = -1;
-static gint ett_NETLOGON_SAM_DOMAIN_INFO = -1;
static gint ett_NETLOGON_SAM_GROUP_INFO = -1;
static gint ett_TYPE_23 = -1;
static gint ett_NETLOGON_SAM_GROUP_MEM_INFO = -1;
@@ -1767,6 +1771,98 @@ netlogon_dissect_DELTA_USER(tvbuff_t *tvb, int offset,
}
+/*
+ * IDL typedef struct {
+ * IDL UNICODESTRING DomainName;
+ * IDL UNICODESTRING OEMInfo;
+ * IDL NTTIME forcedlogoff;
+ * IDL short minpasswdlen;
+ * IDL short passwdhistorylen;
+ * IDL NTTIME pwd_must_change_time;
+ * IDL NTTIME pwd_can_change_time;
+ * IDL NTTIME domain_modify_time;
+ * IDL NTTIME domain_create_time;
+ * IDL long SecurityInformation;
+ * IDL LSA_SECURITY_DESCRIPTOR sec_desc;
+ * IDL UNICODESTRING dummy1;
+ * IDL UNICODESTRING dummy2;
+ * IDL UNICODESTRING dummy3;
+ * IDL UNICODESTRING dummy4;
+ * IDL long dummy5;
+ * IDL long dummy6;
+ * IDL long dummy7;
+ * IDL long dummy8;
+ * IDL } DELTA_DOMAIN;
+ */
+static int
+netlogon_dissect_DELTA_DOMAIN(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree,
+ char *drep)
+{
+ offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_domain_name, 1);
+
+ offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_oem_info, 0);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_kickoff_time);
+
+ offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_minpasswdlen, NULL);
+
+ offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_passwdhistorylen, NULL);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_pwd_must_change_time);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_pwd_can_change_time);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_domain_modify_time);
+
+ offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_domain_create_time);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_security_information, NULL);
+
+ offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset,
+ pinfo, tree, drep);
+
+ offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_profile_path, 0);
+
+ offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_dummy, 0);
+
+ offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_dummy, 0);
+
+ offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_dummy, 0);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_reserved, NULL);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_reserved, NULL);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_reserved, NULL);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+ hf_netlogon_reserved, NULL);
+
+ return offset;
+}
+
+
+
+
+
/*qqq*/
@@ -1917,80 +2013,6 @@ netlogon_dissect_TYPE_16(tvbuff_t *tvb, int offset,
static int
-netlogon_dissect_NETLOGON_SAM_DOMAIN_INFO(tvbuff_t *tvb, int offset,
- packet_info *pinfo, proto_tree *parent_tree,
- char *drep)
-{
- proto_item *item=NULL;
- proto_tree *tree=NULL;
- int old_offset=offset;
-
- if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 0,
- "NETLOGON_SAM_DOMAIN_INFO:");
- tree = proto_item_add_subtree(item, ett_NETLOGON_SAM_DOMAIN_INFO);
- }
-
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_string, 0);
-
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_string, 0);
-
- offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_time);
-
- offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_short, NULL);
-
- offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_short, NULL);
-
- offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_time);
-
- offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_time);
-
- offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_time);
-
- offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_time);
-
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_string, 0);
-
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_string, 0);
-
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_string, 0);
-
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_string, 0);
-
- offset = dissect_ndr_nt_UNICODE_STRING(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_string, 0);
-
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_long, NULL);
-
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_long, NULL);
-
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_long, NULL);
-
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
- hf_netlogon_unknown_long, NULL);
-
- proto_item_set_len(item, offset-old_offset);
- return offset;
-}
-
-
-static int
netlogon_dissect_NETLOGON_SAM_GROUP_INFO(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
char *drep)
@@ -3673,8 +3695,8 @@ netlogon_dissect_TYPE_20(tvbuff_t *tvb, int offset,
switch(level){
case 1:
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- netlogon_dissect_NETLOGON_SAM_DOMAIN_INFO, NDR_POINTER_PTR,
- "NETLOGON_SAM_DOMAIN_INFO pointer:", -1, 0);
+ netlogon_dissect_DELTA_DOMAIN, NDR_POINTER_UNIQUE,
+ "DELTA_DOMAIN:", -1, 0);
break;
case 2:
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
@@ -5811,6 +5833,10 @@ static hf_register_info hf[] = {
{ "Domain", "netlogon.domain", FT_STRING, BASE_NONE,
NULL, 0, "Domain Name", HFILL }},
+ { &hf_netlogon_oem_info,
+ { "OEM Info", "netlogon.oem_info", FT_STRING, BASE_NONE,
+ NULL, 0, "OEM Info", HFILL }},
+
{ &hf_netlogon_trusted_dc_name,
{ "Trusted DC", "netlogon.trusted_dc", FT_STRING, BASE_NONE,
NULL, 0, "Trusted DC", HFILL }},
@@ -5863,6 +5889,14 @@ static hf_register_info hf[] = {
{ "Validation Level", "netlogon.validation_level", FT_UINT16, BASE_DEC,
NULL, 0x0, "Requested level of validation", HFILL }},
+ { &hf_netlogon_minpasswdlen,
+ { "Min Password Len", "netlogon.min_passwd_len", FT_UINT16, BASE_DEC,
+ NULL, 0x0, "Minimum length of password", HFILL }},
+
+ { &hf_netlogon_passwdhistorylen,
+ { "Passwd History Len", "netlogon.passwd_history_len", FT_UINT16, BASE_DEC,
+ NULL, 0x0, "Length of password history", HFILL }},
+
{ &hf_netlogon_secure_channel_type,
{ "Sec Chn Type", "netlogon.sec_chn_type", FT_UINT16, BASE_DEC,
NULL, 0x0, "Secure Channel Type", HFILL }},
@@ -5965,7 +5999,15 @@ static hf_register_info hf[] = {
{ &hf_netlogon_pwd_must_change_time,
{ "PWD Must Change", "netlogon.pwd_must_change_time", FT_ABSOLUTE_TIME, BASE_NONE,
- NULL, 0, "When this users password must be changed", HFILL }}
+ NULL, 0, "When this users password must be changed", HFILL }},
+
+ { &hf_netlogon_domain_create_time,
+ { "Domain Create Time", "netlogon.domain_create_time", FT_ABSOLUTE_TIME, BASE_NONE,
+ NULL, 0, "Time when this domain was created", HFILL }},
+
+ { &hf_netlogon_domain_modify_time,
+ { "Domain Modify Time", "netlogon.domain_modify_time", FT_ABSOLUTE_TIME, BASE_NONE,
+ NULL, 0, "Time when this domain was last modified", HFILL }}
};
@@ -5975,7 +6017,6 @@ static hf_register_info hf[] = {
&ett_CYPHER_BLOCK,
&ett_TYPE_16,
&ett_IDENTITY_INFO,
- &ett_NETLOGON_SAM_DOMAIN_INFO,
&ett_NETLOGON_SAM_GROUP_INFO,
&ett_TYPE_23,
&ett_NETLOGON_SAM_GROUP_MEM_INFO,
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-04 21:39:39 +0000