summaryrefslogtreecommitdiffstats
path: root/epan/dissectors/pidl/efs/efs.cnf
diff options
context:
space:
mode:
Diffstat (limited to 'epan/dissectors/pidl/efs/efs.cnf')
-rw-r--r--epan/dissectors/pidl/efs/efs.cnf27
1 files changed, 27 insertions, 0 deletions
diff --git a/epan/dissectors/pidl/efs/efs.cnf b/epan/dissectors/pidl/efs/efs.cnf
new file mode 100644
index 00000000..cac75869
--- /dev/null
+++ b/epan/dissectors/pidl/efs/efs.cnf
@@ -0,0 +1,27 @@
+# Conformance file for EFS
+
+#
+# policyhandle tracking
+# This block is to specify where a policyhandle is opened and where it is
+# closed so that policyhandles when dissected contain nice info such as
+# [opened in xxx] [closed in yyy]
+#
+# Policyhandles are opened in these functions
+PARAM_VALUE efs_dissect_element_EfsRpcOpenFileRaw_pvContext_ PIDL_POLHND_OPEN
+# Policyhandles are closed in these functions
+PARAM_VALUE efs_dissect_element_EfsRpcCloseRaw_pvContext_ PIDL_POLHND_CLOSE
+
+CODE START
+static int
+efs_dissect_struct_dom_sid(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info* di, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ if(di->conformant_run){
+ /* just a run to handle conformant arrays, no scalars to dissect */
+ return offset;
+ }
+
+ offset=dissect_nt_sid(tvb, offset, tree, "SID", NULL, -1);
+ return offset;
+}
+
+CODE END
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-29 18:02:54 +0000