Hello,
the attached patch slightly enhance the dissection of the
LsarQueryInformationPolicy2 operation, by displaying the information
level in the COL_INFO column, identically to the
LsarQueryInformationPolicy operation.
Jean-Baptiste Marchand
--
Jean-Baptiste.Marchand@xxxxxx
HSC - http://www.hsc.fr/
Index: packet-dcerpc-lsa.c
===================================================================
RCS file: /cvsroot/ethereal/packet-dcerpc-lsa.c,v
retrieving revision 1.95
diff -u -r1.95 packet-dcerpc-lsa.c
--- packet-dcerpc-lsa.c 5 Jun 2004 02:40:22 -0000 1.95
+++ packet-dcerpc-lsa.c 27 Jun 2004 15:09:28 -0000
@@ -3181,11 +3181,19 @@
lsa_dissect_lsarqueryinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
+ guint16 level;
+
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
- hf_lsa_policy_information_class, NULL);
+ hf_lsa_policy_information_class, &level);
+
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(
+ pinfo->cinfo, COL_INFO, ", %s",
+ val_to_str(level, policy_information_class_vals,
+ "Unknown (%d)"));
return offset;
}
@@ -4187,8 +4195,8 @@
NULL, 0x0, "Next audit record", HFILL }},
{ &hf_lsa_paei_enabled,
- { "Enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
- NULL, 0x0, "If Audit Events Information is Enabled or not", HFILL }},
+ { "Auditing enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
+ NULL, 0x0, "If Security auditing is enabled or not", HFILL }},
{ &hf_lsa_paei_settings,
{ "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
