Hello,
the attached patch adds dissection of the USER_INFO_25 samr structure
(used by Windows XP clients when joining a domain managed by a W2K3
domain controller).
Jean-Baptiste Marchand
--
Jean-Baptiste.Marchand@xxxxxx
HSC - http://www.hsc.fr/
Index: packet-dcerpc-samr.c
===================================================================
RCS file: /cvsroot/ethereal/packet-dcerpc-samr.c,v
retrieving revision 1.109
diff -u -r1.109 packet-dcerpc-samr.c
--- packet-dcerpc-samr.c 24 Jun 2004 05:23:47 -0000 1.109
+++ packet-dcerpc-samr.c 25 Jun 2004 15:46:24 -0000
@@ -166,6 +166,7 @@
static gint ett_samr_user_info_22 = -1;
static gint ett_samr_user_info_23 = -1;
static gint ett_samr_user_info_24 = -1;
+static gint ett_samr_user_info_25 = -1;
static gint ett_samr_user_info = -1;
static gint ett_samr_member_array_types = -1;
static gint ett_samr_member_array_rids = -1;
@@ -3450,6 +3451,34 @@
return offset;
}
+
+static int
+samr_dissect_USER_INFO_25(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *parent_tree,
+ guint8 *drep)
+{
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ int old_offset = offset;
+
+ if(parent_tree) {
+ item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+ "USER_INFO_25:");
+ tree = proto_item_add_subtree(item, ett_samr_user_info_25);
+ }
+
+ offset = samr_dissect_USER_INFO_21(tvb, offset, pinfo, tree, drep);
+
+ proto_tree_add_item(tree, hf_samr_crypt_password, tvb, offset, 532,
+ TRUE);
+ offset += 532;
+
+ proto_item_set_len(item, offset - old_offset);
+
+ return offset;
+}
+
+
static int
samr_dissect_USER_INFO (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
@@ -3560,6 +3589,9 @@
case 24:
offset = samr_dissect_USER_INFO_24(
tvb, offset, pinfo, tree, drep);
+ case 25:
+ offset = samr_dissect_USER_INFO_25(
+ tvb, offset, pinfo, tree, drep);
break;
}
@@ -5425,6 +5457,7 @@
&ett_samr_user_info_22,
&ett_samr_user_info_23,
&ett_samr_user_info_24,
+ &ett_samr_user_info_25,
&ett_samr_user_info,
&ett_samr_member_array_types,
&ett_samr_member_array_rids,
