Move dissectors to epan/dissectors directory.

Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.

Adjust #include lines in files that include packet-*.h
files.

svn path=/trunk/; revision=11410

1 files changed, 4541 insertions, 0 deletions

diff --git a/epan/dissectors/packet-dcerpc-lsa.c b/epan/dissectors/packet-dcerpc-lsa.c
new file mode 100644
index 0000000000..d276869292
--- /dev/null
+++ b/epan/dissectors/packet-dcerpc-lsa.c
@@ -0,0 +1,4541 @@
+/* packet-dcerpc-lsa.c
+ * Routines for SMB \PIPE\lsarpc packet disassembly
+ * Copyright 2001,2003 Tim Potter <tpot@samba.org>
+ *  2002  Added LSA command dissectors  Ronnie Sahlberg
+ *
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <glib.h>
+#include <string.h>
+
+#include <epan/packet.h>
+#include "packet-dcerpc.h"
+#include "packet-dcerpc-nt.h"
+#include "packet-dcerpc-lsa.h"
+#include "packet-smb-common.h"
+#include "smb.h"
+
+static int proto_dcerpc_lsa = -1;
+
+static int hf_lsa_opnum = -1;
+static int hf_lsa_rc = -1;
+static int hf_lsa_hnd = -1;
+static int hf_lsa_policy_information = -1;
+static int hf_lsa_server = -1;
+static int hf_lsa_controller = -1;
+static int hf_lsa_obj_attr = -1;
+static int hf_lsa_obj_attr_len = -1;
+static int hf_lsa_obj_attr_name = -1;
+static int hf_lsa_access_mask = -1;
+static int hf_lsa_info_level = -1;
+static int hf_lsa_trusted_info_level = -1;
+static int hf_lsa_sd_size = -1;
+static int hf_lsa_qos_len = -1;
+static int hf_lsa_qos_impersonation_level = -1;
+static int hf_lsa_qos_track_context = -1;
+static int hf_lsa_qos_effective_only = -1;
+static int hf_lsa_pali_percent_full = -1;
+static int hf_lsa_pali_log_size = -1;
+static int hf_lsa_pali_retention_period = -1;
+static int hf_lsa_pali_time_to_shutdown = -1;
+static int hf_lsa_pali_shutdown_in_progress = -1;
+static int hf_lsa_pali_next_audit_record = -1;
+static int hf_lsa_paei_enabled = -1;
+static int hf_lsa_paei_settings = -1;
+static int hf_lsa_count = -1;
+static int hf_lsa_size = -1;
+static int hf_lsa_size16 = -1;
+static int hf_lsa_privilege_display_name_size = -1;
+static int hf_lsa_max_count = -1;
+static int hf_lsa_index = -1;
+static int hf_lsa_fqdomain = -1;
+static int hf_lsa_domain = -1;
+static int hf_lsa_acct = -1;
+static int hf_lsa_server_role = -1;
+static int hf_lsa_source = -1;
+static int hf_lsa_quota_paged_pool = -1;
+static int hf_lsa_quota_non_paged_pool = -1;
+static int hf_lsa_quota_min_wss = -1;
+static int hf_lsa_quota_max_wss = -1;
+static int hf_lsa_quota_pagefile = -1;
+static int hf_lsa_mod_seq_no = -1;
+static int hf_lsa_mod_mtime = -1;
+static int hf_lsa_cur_mtime = -1;
+static int hf_lsa_old_mtime = -1;
+static int hf_lsa_name = -1;
+static int hf_lsa_key = -1;
+static int hf_lsa_flat_name = -1;
+static int hf_lsa_forest = -1;
+static int hf_lsa_info_type = -1;
+static int hf_lsa_old_pwd = -1;
+static int hf_lsa_new_pwd = -1;
+static int hf_lsa_sid_type = -1;
+static int hf_lsa_rid = -1;
+static int hf_lsa_rid_offset = -1;
+static int hf_lsa_num_mapped = -1;
+static int hf_lsa_policy_information_class = -1;
+static int hf_lsa_secret = -1;
+static int hf_nt_luid_high = -1;
+static int hf_nt_luid_low = -1;
+static int hf_lsa_privilege_name = -1;
+static int hf_lsa_privilege_display_name = -1;
+static int hf_lsa_attr = -1;
+static int hf_lsa_resume_handle = -1;
+static int hf_lsa_trust_direction = -1;
+static int hf_lsa_trust_type = -1;
+static int hf_lsa_trust_attr = -1;
+static int hf_lsa_trust_attr_non_trans = -1;
+static int hf_lsa_trust_attr_uplevel_only = -1;
+static int hf_lsa_trust_attr_tree_parent = -1;
+static int hf_lsa_trust_attr_tree_root = -1;
+static int hf_lsa_auth_update = -1;
+static int hf_lsa_auth_type = -1;
+static int hf_lsa_auth_len = -1;
+static int hf_lsa_auth_blob = -1;
+static int hf_lsa_rights = -1;
+static int hf_lsa_remove_all = -1;
+
+static int hf_lsa_unknown_hyper = -1;
+static int hf_lsa_unknown_long = -1;
+static int hf_lsa_unknown_short = -1;
+static int hf_lsa_unknown_char = -1;
+static int hf_lsa_unknown_string = -1;
+#ifdef LSA_UNUSED_HANDLES
+static int hf_lsa_unknown_time = -1;
+#endif
+
+
+static gint ett_dcerpc_lsa = -1;
+static gint ett_lsa_OBJECT_ATTRIBUTES = -1;
+static gint ett_LSA_SECURITY_DESCRIPTOR = -1;
+static gint ett_lsa_policy_info = -1;
+static gint ett_lsa_policy_audit_log_info = -1;
+static gint ett_lsa_policy_audit_events_info = -1;
+static gint ett_lsa_policy_primary_domain_info = -1;
+static gint ett_lsa_policy_primary_account_info = -1;
+static gint ett_lsa_policy_server_role_info = -1;
+static gint ett_lsa_policy_replica_source_info = -1;
+static gint ett_lsa_policy_default_quota_info = -1;
+static gint ett_lsa_policy_modification_info = -1;
+static gint ett_lsa_policy_audit_full_set_info = -1;
+static gint ett_lsa_policy_audit_full_query_info = -1;
+static gint ett_lsa_policy_dns_domain_info = -1;
+static gint ett_lsa_translated_names = -1;
+static gint ett_lsa_translated_name = -1;
+static gint ett_lsa_referenced_domain_list = -1;
+static gint ett_lsa_trust_information = -1;
+static gint ett_lsa_trust_information_ex = -1;
+static gint ett_LUID = -1;
+static gint ett_LSA_PRIVILEGES = -1;
+static gint ett_LSA_PRIVILEGE = -1;
+static gint ett_LSA_LUID_AND_ATTRIBUTES_ARRAY = -1;
+static gint ett_LSA_LUID_AND_ATTRIBUTES = -1;
+static gint ett_LSA_TRUSTED_DOMAIN_LIST = -1;
+static gint ett_LSA_TRUSTED_DOMAIN = -1;
+static gint ett_LSA_TRANSLATED_SIDS = -1;
+static gint ett_lsa_trusted_domain_info = -1;
+static gint ett_lsa_trust_attr = -1;
+static gint ett_lsa_trusted_domain_auth_information = -1;
+static gint ett_lsa_auth_information = -1;
+
+
+static int
+lsa_dissect_pointer_NTTIME(tvbuff_t *tvb, int offset,
+                             packet_info *pinfo, proto_tree *tree,
+                             guint8 *drep)
+{
+	dcerpc_info *di;
+
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect */
+		return offset;
+	}
+
+	offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+		di->hf_index);
+
+	return offset;
+}
+
+static int
+lsa_dissect_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
+                             packet_info *pinfo, proto_tree *tree,
+                             guint8 *drep)
+{
+	dcerpc_info *di;
+
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect */
+		return offset;
+	}
+
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+			di->hf_index, 0);
+	return offset;
+}
+
+static int
+lsa_dissect_pointer_pointer_UNICODE_STRING(tvbuff_t *tvb, int offset,
+                             packet_info *pinfo, proto_tree *tree,
+                             guint8 *drep)
+{
+	dcerpc_info *di;
+
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect */
+		return offset;
+	}
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
+		"DOMAIN pointer: ", di->hf_index);
+
+	return offset;
+}
+
+static int
+lsa_dissect_pointer_STRING(tvbuff_t *tvb, int offset,
+                             packet_info *pinfo, proto_tree *tree,
+                             guint8 *drep)
+{
+	dcerpc_info *di;
+
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect */
+		return offset;
+	}
+
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+			di->hf_index, 0);
+	return offset;
+}
+
+
+static int
+lsa_dissect_LSA_SECRET_data(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *tree,
+			guint8 *drep)
+{
+	guint32 len;
+	dcerpc_info *di;
+
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect */
+		return offset;
+	}
+
+	/* this is probably a varying and conformant array */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_sd_size, &len);
+	offset+=4;
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_sd_size, &len);
+	proto_tree_add_item(tree, hf_lsa_secret, tvb, offset, len, FALSE);
+	offset += len;
+
+	return offset;
+}
+
+int
+lsa_dissect_LSA_SECRET(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *parent_tree,
+			guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+ 	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"LSA_SECRET:");
+		tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
+	}
+
+	/* XXX need to figure this one out */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_sd_size, NULL);
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_sd_size, NULL);
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECRET_data, NDR_POINTER_UNIQUE,
+		"LSA_SECRET data: pointer", -1);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_SECRET_pointer(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *tree,
+			guint8 *drep)
+{
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
+		"LSA_SECRET pointer: data", -1);
+
+	return offset;
+}
+
+/* Dissect LSA specific access rights */
+
+static gint hf_view_local_info = -1;
+static gint hf_view_audit_info = -1;
+static gint hf_get_private_info = -1;
+static gint hf_trust_admin = -1;
+static gint hf_create_account = -1;
+static gint hf_create_secret = -1;
+static gint hf_create_priv = -1;
+static gint hf_set_default_quota_limits = -1;
+static gint hf_set_audit_requirements = -1;
+static gint hf_audit_log_admin = -1;
+static gint hf_server_admin = -1;
+static gint hf_lookup_names = -1;
+
+static void
+lsa_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree,
+		    guint32 access)
+{
+	proto_tree_add_boolean(
+		tree, hf_lookup_names, tvb, offset, 4, access);
+
+	proto_tree_add_boolean(
+		tree, hf_server_admin, tvb, offset, 4, access);
+
+	proto_tree_add_boolean(
+		tree, hf_audit_log_admin, tvb, offset, 4, access);
+
+	proto_tree_add_boolean(
+		tree, hf_set_audit_requirements, tvb, offset, 4, access);
+
+	proto_tree_add_boolean(
+		tree, hf_set_default_quota_limits, tvb, offset, 4, access);
+
+	proto_tree_add_boolean(
+		tree, hf_create_priv, tvb, offset, 4, access);
+
+	proto_tree_add_boolean(
+		tree, hf_create_secret, tvb, offset, 4, access);
+
+	proto_tree_add_boolean(
+		tree, hf_create_account, tvb, offset, 4, access);
+
+	proto_tree_add_boolean(
+		tree, hf_trust_admin, tvb, offset, 4, access);
+
+	proto_tree_add_boolean(
+		tree, hf_get_private_info, tvb, offset, 4, access);
+
+	proto_tree_add_boolean(
+		tree, hf_view_audit_info, tvb, offset, 4, access);
+
+	proto_tree_add_boolean(
+		tree, hf_view_local_info, tvb, offset, 4, access);
+}
+
+struct access_mask_info lsa_access_mask_info = {
+	"LSA",			/* Name of specific rights */
+	lsa_specific_rights,	/* Dissection function */
+	NULL,			/* Generic mapping table */
+	NULL			/* Standard mapping table */
+};
+
+int
+lsa_dissect_LSA_SECURITY_DESCRIPTOR_data(tvbuff_t *tvb, int offset,
+                             packet_info *pinfo, proto_tree *tree,
+                             guint8 *drep)
+{
+	guint32 len;
+	dcerpc_info *di;
+
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect */
+		return offset;
+	}
+
+	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+				     hf_lsa_sd_size, &len);
+
+	dissect_nt_sec_desc(
+		tvb, offset, pinfo, tree, drep, len, &lsa_access_mask_info);
+
+	offset += len;
+
+	return offset;
+}
+int
+lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvbuff_t *tvb, int offset,
+			packet_info *pinfo, proto_tree *parent_tree,
+			guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+ 	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"LSA_SECURITY_DESCRIPTOR:");
+		tree = proto_item_add_subtree(item, ett_LSA_SECURITY_DESCRIPTOR);
+	}
+
+	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+				    hf_lsa_sd_size, NULL);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			lsa_dissect_LSA_SECURITY_DESCRIPTOR_data, NDR_POINTER_UNIQUE,
+			"LSA SECURITY DESCRIPTOR data:", -1);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_LPSTR(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_unknown_char, NULL);
+
+	return offset;
+}
+
+static const value_string lsa_impersonation_level_vals[] = {
+	{0,	"Anonymous"},
+	{1,	"Identification"},
+	{2,	"Impersonation"},
+	{3,	"Delegation"},
+	{0, NULL}
+};
+
+
+static int
+lsa_dissect_SECURITY_QUALITY_OF_SERVICE(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* Length */
+	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_qos_len, NULL);
+
+	/* impersonation level */
+	offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_qos_impersonation_level, NULL);
+
+	/* context tracking mode */
+	offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_qos_track_context, NULL);
+
+	/* effective only */
+	offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_qos_effective_only, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_ACCESS_MASK(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_access_mask(
+		tvb, offset, pinfo, tree, drep, hf_lsa_access_mask,
+		&lsa_access_mask_info, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_OBJECT_ATTRIBUTES(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	int old_offset=offset;
+	proto_item *item = NULL;
+	proto_tree *tree = NULL;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Object Attributes");
+		tree = proto_item_add_subtree(item, ett_lsa_OBJECT_ATTRIBUTES);
+	}
+
+	/* Length */
+	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_obj_attr_len, NULL);
+
+	/* LPSTR */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LPSTR, NDR_POINTER_UNIQUE,
+		"LSPTR pointer: ", -1);
+
+	/* attribute name */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_STRING, NDR_POINTER_UNIQUE,
+		"NAME pointer: ", hf_lsa_obj_attr_name);
+
+	/* Attr */
+	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_obj_attr, NULL);
+
+	/* security descriptor */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
+		"LSA_SECURITY_DESCRIPTOR pointer: ", -1);
+
+	/* security quality of service */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_SECURITY_QUALITY_OF_SERVICE, NDR_POINTER_UNIQUE,
+		"LSA_SECURITY_QUALITY_OF_SERVICE pointer: ", -1);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_lsarclose_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, TRUE);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarclose_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+/* A bug in the NT IDL for lsa openpolicy only stores the first (wide)
+   character of the server name which is always '\'.  This is fixed in lsa
+   openpolicy2 but the function remains for backwards compatibility. */
+
+static int dissect_lsa_openpolicy_server(tvbuff_t *tvb, int offset,
+					     packet_info *pinfo,
+					     proto_tree *tree, guint8 *drep)
+{
+	return dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+				  hf_lsa_server, NULL);
+}
+
+static int
+lsa_dissect_lsaropenpolicy_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
+		"Server", hf_lsa_server);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
+		"OBJECT_ATTRIBUTES", -1);
+
+	offset = lsa_dissect_ACCESS_MASK(tvb, offset,
+		pinfo, tree, drep);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsaropenpolicy_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	e_ctx_hnd policy_hnd;
+	proto_item *hnd_item;
+	guint32 status;
+
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, &status);
+
+	if (status == 0) {
+		dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
+					  "OpenPolicy handle");
+
+		if (hnd_item != NULL)
+			proto_item_append_text(hnd_item, ": OpenPolicy handle");
+	}
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsaropenpolicy2_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_pointer_cb(tvb, offset, pinfo, tree, drep,
+		dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Server", 
+		hf_lsa_server, cb_wstr_postprocess, 
+		GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_OBJECT_ATTRIBUTES, NDR_POINTER_REF,
+		"OBJECT_ATTRIBUTES", -1);
+
+	offset = lsa_dissect_ACCESS_MASK(tvb, offset,
+		pinfo, tree, drep);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsaropenpolicy2_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
+	dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
+	e_ctx_hnd policy_hnd;
+	proto_item *hnd_item;
+	guint32 status;
+	char *pol_name;
+
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, &status);
+
+	if (status == 0) {
+		if (dcv->private_data)
+			pol_name = g_strdup_printf(
+				"OpenPolicy2(%s)", (char *)dcv->private_data);
+		else
+			pol_name = g_strdup("OpenPolicy2 handle");
+
+		dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
+
+		if (hnd_item != NULL)
+			proto_item_append_text(hnd_item, ": %s", pol_name);
+
+		g_free(pol_name);
+	}
+
+	return offset;
+}
+
+static const value_string policy_information_class_vals[] = {
+	{1,	"Audit Log Information"},
+	{2,	"Audit Events Information"},
+	{3,	"Primary Domain Information"},
+	{4,	"Pd Account Information"},
+	{5,	"Account Domain Information"},
+	{6,	"Server Role Information"},
+	{7,	"Replica Source Information"},
+	{8,	"Default Quota Information"},
+	{9,	"Modification Information"},
+	{10,	"Audit Full Set Information"},
+	{11,	"Audit Full Query Information"},
+	{12,	"DNS Domain Information"},
+	{0, NULL}
+};
+
+static int
+lsa_dissect_lsarqueryinformationpolicy_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	guint16 level;
+
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_lsa_policy_information_class, &level);
+
+	if (check_col(pinfo->cinfo, COL_INFO))
+		col_append_fstr(
+			pinfo->cinfo, COL_INFO, ", %s",
+			val_to_str(level, policy_information_class_vals,
+				   "Unknown (%d)"));
+
+	return offset;
+}
+
+static int
+lsa_dissect_POLICY_AUDIT_LOG_INFO(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"POLICY_AUDIT_LOG_INFO:");
+		tree = proto_item_add_subtree(item, ett_lsa_policy_audit_log_info);
+	}
+
+	/* percent full */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_pali_percent_full, NULL);
+
+	/* log size */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_pali_log_size, NULL);
+
+	/* retention period */
+	offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+				hf_lsa_pali_retention_period);
+
+	/* shutdown in progress */
+        offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_pali_shutdown_in_progress, NULL);
+
+	/* time to shutdown */
+	offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+				hf_lsa_pali_time_to_shutdown);
+
+	/* next audit record */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_pali_next_audit_record, NULL);
+
+	/* unknown */
+
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_unknown_long, NULL);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_paei_settings, NULL);
+	return offset;
+}
+
+static int
+lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings);
+
+	return offset;
+}
+
+static int
+lsa_dissect_POLICY_AUDIT_EVENTS_INFO(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"POLICY_AUDIT_EVENTS_INFO:");
+		tree = proto_item_add_subtree(item, ett_lsa_policy_audit_events_info);
+	}
+
+	/* enabled */
+        offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_paei_enabled, NULL);
+
+	/* settings */
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_POLICY_AUDIT_EVENTS_INFO_settings_array, NDR_POINTER_UNIQUE,
+		"Settings", -1);
+
+	/* count */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_count, NULL);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+
+static int
+lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"POLICY_PRIMARY_DOMAIN_INFO:");
+		tree = proto_item_add_subtree(item, ett_lsa_policy_primary_domain_info);
+	}
+
+	/* domain */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_domain, 0);
+
+	/* sid */
+	offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+
+static int
+lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"POLICY_ACCOUNT_DOMAIN_INFO:");
+		tree = proto_item_add_subtree(item, ett_lsa_policy_primary_account_info);
+	}
+
+	/* account */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_domain, 0);
+
+	/* sid */
+	offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+
+static const value_string server_role_vals[] = {
+	{0,	"Standalone"},
+	{1,	"Domain Member"},
+	{2,	"Backup"},
+	{3,	"Primary"},
+	{0, NULL}
+};
+static int
+lsa_dissect_POLICY_SERVER_ROLE_INFO(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"POLICY_SERVER_ROLE_INFO:");
+		tree = proto_item_add_subtree(item, ett_lsa_policy_server_role_info);
+	}
+
+	/* server role */
+        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_server_role, NULL);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_POLICY_REPLICA_SOURCE_INFO(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"POLICY_REPLICA_SOURCE_INFO:");
+		tree = proto_item_add_subtree(item, ett_lsa_policy_replica_source_info);
+	}
+
+	/* source */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_source, 0);
+
+	/* account */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_acct, 0);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+
+static int
+lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"POLICY_DEFAULT_QUOTA_INFO:");
+		tree = proto_item_add_subtree(item, ett_lsa_policy_default_quota_info);
+	}
+
+	/* paged pool */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_quota_paged_pool, NULL);
+
+	/* non paged pool */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_quota_non_paged_pool, NULL);
+
+	/* min wss */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_quota_min_wss, NULL);
+
+	/* max wss */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_quota_max_wss, NULL);
+
+	/* pagefile */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_quota_pagefile, NULL);
+
+	/*  */
+        offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_unknown_hyper, NULL);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+
+static int
+lsa_dissect_POLICY_MODIFICATION_INFO(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"POLICY_MODIFICATION_INFO:");
+		tree = proto_item_add_subtree(item, ett_lsa_policy_modification_info);
+	}
+
+	/* seq no */
+        offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_mod_seq_no, NULL);
+
+	/* mtime */
+	offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep,
+				hf_lsa_mod_mtime);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+
+static int
+lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"POLICY_AUDIT_FULL_SET_INFO:");
+		tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_set_info);
+	}
+
+	/* unknown */
+	offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_unknown_char, NULL);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+
+static int
+lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"POLICY_AUDIT_FULL_QUERY_INFO:");
+		tree = proto_item_add_subtree(item, ett_lsa_policy_audit_full_query_info);
+	}
+
+	/* unknown */
+	offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_unknown_char, NULL);
+
+	/* unknown */
+	offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_unknown_char, NULL);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+
+int
+lsa_dissect_POLICY_DNS_DOMAIN_INFO(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"POLICY_DNS_DOMAIN_INFO:");
+		tree = proto_item_add_subtree(item, ett_lsa_policy_dns_domain_info);
+	}
+
+	/* name */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_domain, 0);
+
+	/* domain */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_fqdomain, 0);
+
+	/* forest */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_forest, 0);
+
+	/* GUID */
+	offset = dissect_nt_GUID(tvb, offset,
+		pinfo, tree, drep);
+
+	/* SID pointer */
+	offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_POLICY_INFORMATION(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+	guint16 level;
+
+	if(parent_tree){
+		item = proto_tree_add_item(parent_tree, hf_lsa_policy_information, tvb, offset, 0, FALSE);
+
+		tree = proto_item_add_subtree(item, ett_lsa_policy_info);
+	}
+
+        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_info_level, &level);
+
+	ALIGN_TO_4_BYTES;  /* all union arms aligned to 4 bytes, case 7 and 9 need this  */
+	switch(level){
+	case 1:
+		offset = lsa_dissect_POLICY_AUDIT_LOG_INFO(
+				tvb, offset, pinfo, tree, drep);
+		break;
+	case 2:
+		offset = lsa_dissect_POLICY_AUDIT_EVENTS_INFO(
+				tvb, offset, pinfo, tree, drep);
+		break;
+	case 3:
+		offset = lsa_dissect_POLICY_PRIMARY_DOMAIN_INFO(
+				tvb, offset, pinfo, tree, drep);
+		break;
+	case 4:
+		offset = dissect_ndr_counted_string(tvb, offset, pinfo, 
+			tree, drep, hf_lsa_acct, 0);
+		break;
+	case 5:
+		offset = lsa_dissect_POLICY_ACCOUNT_DOMAIN_INFO(
+				tvb, offset, pinfo, tree, drep);
+		break;
+	case 6:
+		offset = lsa_dissect_POLICY_SERVER_ROLE_INFO(
+				tvb, offset, pinfo, tree, drep);
+		break;
+	case 7:
+		offset = lsa_dissect_POLICY_REPLICA_SOURCE_INFO(
+				tvb, offset, pinfo, tree, drep);
+		break;
+	case 8:
+		offset = lsa_dissect_POLICY_DEFAULT_QUOTA_INFO(
+				tvb, offset, pinfo, tree, drep);
+		break;
+	case 9:
+		offset = lsa_dissect_POLICY_MODIFICATION_INFO(
+				tvb, offset, pinfo, tree, drep);
+		break;
+	case 10:
+		offset = lsa_dissect_POLICY_AUDIT_FULL_SET_INFO(
+				tvb, offset, pinfo, tree, drep);
+		break;
+	case 11:
+		offset = lsa_dissect_POLICY_AUDIT_FULL_QUERY_INFO(
+				tvb, offset, pinfo, tree, drep);
+		break;
+	case 12:
+		offset = lsa_dissect_POLICY_DNS_DOMAIN_INFO(
+				tvb, offset, pinfo, tree, drep);
+		break;
+	}
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_lsarqueryinformationpolicy_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* This is really a pointer to a pointer though the first level is REF
+	  so we just ignore that one */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
+		"POLICY_INFORMATION pointer: info", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsardelete_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsardelete_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarquerysecurityobject_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_info_type, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarquerysecurityobject_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
+		"LSA_SECURITY_DESCRIPTOR pointer: sec_info", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarsetsecurityobject_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_info_type, NULL);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
+		"LSA_SECURITY_DESCRIPTOR: sec_info", -1);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarsetsecurityobject_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarchangepassword_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* server */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_server, 0);
+
+	/* domain */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_domain, 0);
+
+	/* account */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_acct, 0);
+
+	/* old password */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_old_pwd, 0);
+
+	/* new password */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_new_pwd, 0);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarchangepassword_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static const value_string sid_type_vals[] = {
+	{1,	"User"},
+	{2,	"Group"},
+	{3,	"Domain"},
+	{4,	"Alias"},
+	{5,	"Well Known Group"},
+	{6,	"Deleted Account"},
+	{7,	"Invalid"},
+	{8,	"Unknown"},
+	{9,	"Computer"},
+	{0, NULL}
+};
+static int
+lsa_dissect_LSA_TRANSLATED_NAME(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"LSA_TRANSLATED_NAME:");
+		tree = proto_item_add_subtree(item, ett_lsa_translated_name);
+	}
+
+	/* sid type */
+	offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_sid_type, NULL);
+
+	/* name */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_name, 0);
+
+	/* index */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_index, NULL);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRANSLATED_NAME_array(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRANSLATED_NAME);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRANSLATED_NAMES(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"LSA_TRANSLATED_NAMES:");
+		tree = proto_item_add_subtree(item, ett_lsa_translated_names);
+	}
+
+	/* count */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_count, NULL);
+
+	/* settings */
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRANSLATED_NAME_array, NDR_POINTER_UNIQUE,
+		"TRANSLATED_NAME_ARRAY", -1);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarlookupsids_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
+			"PSID_ARRAY", -1);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
+		"LSA_TRANSLATED_NAMES pointer: names", -1);
+
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_lsa_info_level, NULL);
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_num_mapped, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRUST_INFORMATION(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"TRUST INFORMATION:");
+		tree = proto_item_add_subtree(item, ett_lsa_trust_information);
+	}
+
+	/* name */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_name, 0);
+
+	/* sid */
+	offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static const value_string trusted_direction_vals[] = {
+	{0,	"Trust disabled"},
+	{1,	"Inbound trust"},
+	{2,	"Outbound trust"},
+	{0,	NULL}
+};
+
+static const value_string trusted_type_vals[] = {
+	{1,	"Downlevel"},
+	{2,	"Uplevel"},
+	{3,	"MIT"},
+	{4,	"DCE"},
+	{0,	NULL}
+};
+
+static const true_false_string tfs_trust_attr_non_trans = {
+	"NON TRANSITIVE is set",
+	"Non transitive is NOT set"
+};
+static const true_false_string tfs_trust_attr_uplevel_only = {
+	"UPLEVEL ONLY is set",
+	"Uplevel only is NOT set"
+};
+static const true_false_string tfs_trust_attr_tree_parent = {
+	"TREE PARENT is set",
+	"Tree parent is NOT set"
+};
+static const true_false_string tfs_trust_attr_tree_root = {
+	"TREE ROOT is set",
+	"Tree root is NOT set"
+};
+static int
+lsa_dissect_trust_attr(tvbuff_t *tvb, int offset, packet_info *pinfo,
+			proto_tree *parent_tree, guint8 *drep)
+{
+	guint32 mask;
+	proto_item *item = NULL;
+	proto_tree *tree = NULL;
+
+	offset=dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
+			hf_lsa_trust_attr, &mask);
+
+	if(parent_tree){
+		item = proto_tree_add_uint(parent_tree, hf_lsa_trust_attr,
+			tvb, offset-4, 4, mask);
+		tree = proto_item_add_subtree(item, ett_lsa_trust_attr);
+	}
+
+	proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_root,
+		tvb, offset-4, 4, mask);
+	proto_tree_add_boolean(tree, hf_lsa_trust_attr_tree_parent,
+		tvb, offset-4, 4, mask);
+	proto_tree_add_boolean(tree, hf_lsa_trust_attr_uplevel_only,
+		tvb, offset-4, 4, mask);
+	proto_tree_add_boolean(tree, hf_lsa_trust_attr_non_trans,
+		tvb, offset-4, 4, mask);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRUST_INFORMATION_EX(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"TRUST INFORMATION EX:");
+		tree = proto_item_add_subtree(item, ett_lsa_trust_information_ex);
+	}
+
+	/* name */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_name, 0);
+
+	/* flat name */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_flat_name, 0);
+
+	/* sid */
+	offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
+
+	/* direction */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_trust_direction, NULL);
+
+	/* type */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_trust_type, NULL);
+
+	/* attributes */
+	offset = lsa_dissect_trust_attr(tvb, offset, pinfo, tree, drep);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_auth_info_blob(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	dcerpc_info *di;
+	guint32 len;
+
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect */
+		return offset;
+	}
+
+	/* len */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_auth_len, &len);
+
+	proto_tree_add_item(tree, hf_lsa_auth_blob, tvb, offset, len, FALSE);
+	offset += len;
+
+	return offset;
+}
+
+static int
+lsa_dissect_auth_info(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"AUTH INFORMATION:");
+		tree = proto_item_add_subtree(item, ett_lsa_auth_information);
+	}
+
+	/* update */
+        offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_auth_update, NULL);
+
+	/* type */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_auth_type, NULL);
+
+	/* len */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_auth_len, NULL);
+
+	/* auth info blob */
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			lsa_dissect_auth_info_blob, NDR_POINTER_UNIQUE,
+			"AUTH INFO blob:", -1);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"TRUSTED DOMAIN AUTH INFORMATION:");
+		tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_auth_information);
+	}
+
+	/* unknown */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_unknown_long, NULL);
+
+	/* unknown */
+	offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
+
+	/* unknown */
+	offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
+
+	/* unknown */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_unknown_long, NULL);
+
+	/* unknown */
+	offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
+
+	/* unknown */
+	offset = lsa_dissect_auth_info(tvb, offset, pinfo, tree, drep);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+
+static int
+lsa_dissect_LSA_TRUST_INFORMATION_array(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRUST_INFORMATION);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_REFERENCED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"LSA_REFERENCED_DOMAIN_LIST:");
+		tree = proto_item_add_subtree(item, ett_lsa_referenced_domain_list);
+	}
+
+	/* count */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_count, NULL);
+
+	/* trust information */
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRUST_INFORMATION_array, NDR_POINTER_UNIQUE,
+		"TRUST INFORMATION array:", -1);
+
+	/* max count */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_max_count, NULL);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_lsarlookupsids_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
+		"LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRANSLATED_NAMES, NDR_POINTER_REF,
+		"LSA_TRANSLATED_NAMES pointer: names", -1);
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_num_mapped, NULL);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarsetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
+		"POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarsetquotasforaccount_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsargetquotasforaccount_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsargetquotasforaccount_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_POLICY_DEFAULT_QUOTA_INFO, NDR_POINTER_REF,
+		"POLICY_DEFAULT_QUOTA_INFO pointer: quotas", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarsetinformationpolicy_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_lsa_policy_information_class, NULL);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
+		"POLICY_INFORMATION pointer: info", -1);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarsetinformationpolicy_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarclearauditlog_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
+
+	/* unknown */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_unknown_long, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarclearauditlog_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsargetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsargetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_rid, NULL);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarsetsystemaccessaccount_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_rid, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarsetsystemaccessaccount_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsaropentrusteddomain_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
+
+	offset = lsa_dissect_ACCESS_MASK(tvb, offset,
+		pinfo, tree, drep);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsaropentrusteddomain_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsardeletetrusteddomain_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsardeletetrusteddomain_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+int
+dissect_nt_LUID(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+ 	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+			"LUID:");
+		tree = proto_item_add_subtree(item, ett_LUID);
+	}
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_nt_luid_low, NULL);
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_nt_luid_high, NULL);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_PRIVILEGE(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+ 	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+			"LSA_PRIVILEGE:");
+		tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGE);
+	}
+
+	/* privilege name */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+			hf_lsa_privilege_name, 0);
+
+	/* LUID */
+	offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_PRIVILEGE_array(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_PRIVILEGE);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_PRIVILEGES(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+ 	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+			"LSA_PRIVILEGES:");
+		tree = proto_item_add_subtree(item, ett_LSA_PRIVILEGES);
+	}
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_count, NULL);
+
+	/* privileges */
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_PRIVILEGE_array, NDR_POINTER_UNIQUE,
+		"LSA_PRIVILEGE array:", -1);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_lsarenumerateprivileges_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_count, NULL);
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_size, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarenumerateprivileges_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_count, NULL);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_PRIVILEGES, NDR_POINTER_REF,
+		"LSA_PRIVILEGES pointer: privs", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarlookupprivilegevalue_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* privilege name */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
+		"NAME pointer: ", hf_lsa_privilege_name);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarlookupprivilegevalue_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+
+	/* LUID */
+	offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarlookupprivilegename_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* LUID */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		dissect_nt_LUID, NDR_POINTER_REF,
+		"LUID pointer: value", -1);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarlookupprivilegename_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out, ref] LSA_UNICODE_STRING **name */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
+		"PRIVILEGE NAME pointer:", hf_lsa_privilege_name);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarenumerateprivilegesaccount_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_LUID_AND_ATTRIBUTES(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+ 	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+			"LUID_AND_ATTRIBUTES:");
+		tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES);
+	}
+
+	/* LUID */
+	offset = dissect_nt_LUID(tvb, offset, pinfo, tree, drep);
+
+	/* attr */
+        offset = dissect_ndr_uint64 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_attr, NULL);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_LUID_AND_ATTRIBUTES_array(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LUID_AND_ATTRIBUTES);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+ 	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+			"LUID_AND_ATTRIBUTES_ARRAY:");
+		tree = proto_item_add_subtree(item, ett_LSA_LUID_AND_ATTRIBUTES_ARRAY);
+	}
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_count, NULL);
+
+	/* luid and attributes */
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LUID_AND_ATTRIBUTES_array, NDR_POINTER_UNIQUE,
+		"LUID_AND_ATTRIBUTES array:", -1);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_lsarenumerateprivilegesaccount_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out, ref] LUID_AND_ATTRIBUTES_ARRAY * *privs */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
+		"LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsaraddprivilegestoaccount_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] LUID_AND_ATTRIBUTES_ARRAY *privs */
+	offset = lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY(tvb, offset,
+		pinfo, tree, drep);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsaraddprivilegestoaccount_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarremoveprivilegesfromaccount_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in] char unknown */
+	offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_unknown_char, NULL);
+
+	/* [in, unique] LUID_AND_ATTRIBUTES_ARRAY *privs */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LUID_AND_ATTRIBUTES_ARRAY, NDR_POINTER_UNIQUE,
+		"LUID_AND_ATTRIBUTES_ARRAY pointer: privs", -1);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarremoveprivilegesfromaccount_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarenumerateaccounts_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_resume_handle, NULL);
+
+	/* [in] ULONG pref_maxlen */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_max_count, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarenumerateaccounts_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in,out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_resume_handle, NULL);
+
+	/* [out, ref] PSID_ARRAY **accounts */
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
+			"PSID_ARRAY", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarcreatetrusteddomain_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd_pol */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] LSA_TRUST_INFORMATION *domain */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRUST_INFORMATION, NDR_POINTER_REF,
+		"LSA_TRUST_INFORMATION pointer: domain", -1);
+
+	/* [in] ACCESS_MASK access */
+	offset = lsa_dissect_ACCESS_MASK(tvb, offset,
+		pinfo, tree, drep);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarcreatetrusteddomain_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out] LSA_HANDLE *hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarenumeratetrusteddomains_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_resume_handle, NULL);
+
+	/* [in] ULONG pref_maxlen */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_max_count, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRUSTED_DOMAIN(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+ 	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+			"TRUSTED_DOMAIN:");
+		tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN);
+	}
+
+	/* domain */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_domain, 0);
+
+	/* sid */
+	offset = dissect_ndr_nt_PSID(tvb, offset, pinfo, tree, drep);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRUSTED_DOMAIN_array(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRUSTED_DOMAIN);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRUSTED_DOMAIN_LIST(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+ 	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, 0,
+			"TRUSTED_DOMAIN_LIST:");
+		tree = proto_item_add_subtree(item, ett_LSA_TRUSTED_DOMAIN_LIST);
+	}
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_count, NULL);
+
+	/* privileges */
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRUSTED_DOMAIN_array, NDR_POINTER_UNIQUE,
+		"TRUSTED_DOMAIN array:", -1);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_lsarenumeratetrusteddomains_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_resume_handle, NULL);
+
+	/* [out, ref] LSA_REFERENCED_DOMAIN_LIST *domains */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRUSTED_DOMAIN_LIST, NDR_POINTER_REF,
+		"LSA_TRUSTED_DOMAIN_LIST pointer: domains", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_LSA_UNICODE_STRING_item(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	dcerpc_info *di;
+
+	di=pinfo->private_data;
+	if(di->conformant_run){
+		/*just a run to handle conformant arrays, nothing to dissect */
+		return offset;
+	}
+
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+			di->hf_index, 0);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_UNICODE_STRING_array(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_UNICODE_STRING_item);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_UNICODE_STRING_ARRAY(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	dcerpc_info *di;
+
+	di=pinfo->private_data;
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_count, NULL);
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
+		"UNICODE_STRING pointer: ", di->hf_index);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRANSLATED_SID(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* sid type */
+	offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_sid_type, NULL);
+
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_rid, NULL);
+
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_index, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRANSLATED_SIDS_array(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRANSLATED_SID);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRANSLATED_SIDS(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"LSA_TRANSLATED_SIDS:");
+		tree = proto_item_add_subtree(item, ett_LSA_TRANSLATED_SIDS);
+	}
+
+	/* count */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_count, NULL);
+
+	/* settings */
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRANSLATED_SIDS_array, NDR_POINTER_UNIQUE,
+		"Translated SIDS", -1);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_lsarlookupnames_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in] ULONG count */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_count, NULL);
+
+	/* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
+		"Account pointer: names", hf_lsa_acct);
+
+	/* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
+		"LSA_TRANSLATED_SIDS pointer: rids", -1);
+
+	/* [in] USHORT level */
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_lsa_info_level, NULL);
+
+	/* [in, out, ref] ULONG *num_mapped */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_num_mapped, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarlookupnames_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
+		"LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
+
+	/* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
+		"LSA_TRANSLATED_SIDS pointer: rids", -1);
+
+	/* [in, out, ref] ULONG *num_mapped */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_num_mapped, NULL);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarcreatesecret_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd_pol */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] LSA_UNICODE_STRING *name */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_name, 0);
+
+	/* [in] ACCESS_MASK access */
+	offset = lsa_dissect_ACCESS_MASK(tvb, offset,
+		pinfo, tree, drep);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarcreatesecret_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+
+	/* [out] LSA_HANDLE *hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsaropenaccount_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd_pol */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] SID *account */
+	offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
+
+	/* [in] ACCESS_MASK access */
+	offset = lsa_dissect_ACCESS_MASK(tvb, offset,
+		pinfo, tree, drep);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsaropenaccount_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out] LSA_HANDLE *hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static const value_string trusted_info_level_vals[] = {
+	{1,	"Domain Name Information"},
+	{2,	"Controllers Information"},
+	{3,	"Posix Offset Information"},
+	{4,	"Password Information"},
+	{5,	"Domain Information Basic"},
+	{6,	"Domain Information Ex"},
+	{7,	"Domain Auth Information"},
+	{8,	"Domain Full Information"},
+	{9,	"Domain Security Descriptor"},
+	{10,	"Domain Private Information"},
+	{0,	NULL}
+};
+
+static int
+lsa_dissect_TRUSTED_DOMAIN_INFORMATION(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+	guint16 level;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"TRUSTED_DOMAIN_INFO:");
+		tree = proto_item_add_subtree(item, ett_lsa_trusted_domain_info);
+	}
+
+        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_trusted_info_level, &level);
+
+	ALIGN_TO_4_BYTES;  /* all union arms aligned to 4 bytes, case 7 and 9 need this  */
+	switch(level){
+	case 1:
+		offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+			hf_lsa_domain, 0);
+		break;
+	case 2:
+		offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+			hf_lsa_count, NULL);
+		offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_UNIQUE,
+			"Controllers pointer: ", hf_lsa_controller);
+		break;
+	case 3:
+	        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_rid_offset, NULL);
+		break;
+	case 4:
+		offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
+		offset = lsa_dissect_LSA_SECRET(tvb, offset, pinfo, tree, drep);
+		break;
+	case 5:
+		offset = lsa_dissect_LSA_TRUST_INFORMATION(tvb, offset,
+			pinfo, tree, drep);
+		break;
+	case 6:
+		offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
+			pinfo, tree, drep);
+		break;
+	case 7:
+		offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
+		break;
+	case 8:
+		offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
+			pinfo, tree, drep);
+	        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_rid_offset, NULL);
+		offset = lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION(tvb, offset, pinfo, tree, drep);
+		break;
+	case 9:
+		offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
+		break;
+	case 10:
+		offset = lsa_dissect_LSA_TRUST_INFORMATION_EX(tvb, offset,
+			pinfo, tree, drep);
+	        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_rid_offset, NULL);
+		offset = lsa_dissect_LSA_SECURITY_DESCRIPTOR(tvb, offset, pinfo, tree, drep);
+		break;
+	}
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_lsarqueryinfotrusteddomain_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in] TRUSTED_INFORMATION_CLASS level */
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_lsa_trusted_info_level, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarqueryinfotrusteddomain_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out, ref] TRUSTED_DOMAIN_INFORMATION *info */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
+		"TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarsetinformationtrusteddomain_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in] TRUSTED_INFORMATION_CLASS level */
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_lsa_trusted_info_level, NULL);
+
+	/* [in, ref] TRUSTED_DOMAIN_INFORMATION *info */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
+		"TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarsetinformationtrusteddomain_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsaropensecret_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd_pol */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] LSA_UNICODE_STRING *name */
+	offset = dissect_ndr_counted_string_cb(
+		tvb, offset, pinfo, tree, drep, hf_lsa_name,
+		cb_wstr_postprocess, 
+		GINT_TO_POINTER(CB_STR_COL_INFO | 1));
+
+	/* [in] ACCESS_MASK access */
+	offset = lsa_dissect_ACCESS_MASK(tvb, offset,
+		pinfo, tree, drep);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsaropensecret_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out] LSA_HANDLE *hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarsetsecret_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, unique] LSA_SECRET *new_val */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
+		"LSA_SECRET pointer: new_val", -1);
+
+	/* [in, unique] LSA_SECRET *old_val */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECRET, NDR_POINTER_UNIQUE,
+		"LSA_SECRET pointer: old_val", -1);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarsetsecret_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarquerysecret_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, out, unique] LSA_SECRET **curr_val */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
+		"LSA_SECRET pointer: curr_val", -1);
+
+	/* [in, out, unique] LARGE_INTEGER *curr_mtime */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
+		"NTIME pointer: old_mtime", hf_lsa_cur_mtime);
+
+	/* [in, out, unique] LSA_SECRET **old_val */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
+		"LSA_SECRET pointer: old_val", -1);
+
+	/* [in, out, unique] LARGE_INTEGER *old_mtime */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
+		"NTIME pointer: old_mtime", hf_lsa_old_mtime);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarquerysecret_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in, out, unique] LSA_SECRET **curr_val */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
+		"LSA_SECRET pointer: curr_val", -1);
+
+	/* [in, out, unique] LARGE_INTEGER *curr_mtime */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
+		"NTIME pointer: old_mtime", hf_lsa_cur_mtime);
+
+	/* [in, out, unique] LSA_SECRET **old_val */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
+		"LSA_SECRET pointer: old_val", -1);
+
+	/* [in, out, unique] LARGE_INTEGER *old_mtime */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_NTTIME, NDR_POINTER_UNIQUE,
+		"NTIME pointer: old_mtime", hf_lsa_old_mtime);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsardeleteobject_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsardeleteobject_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarenumerateaccountswithuserright_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, unique] LSA_UNICODE_STRING *rights */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
+		"LSA_UNICODE_STRING pointer: rights", hf_lsa_rights);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarenumerateaccountswithuserright_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out, ref] LSA_UNICODE_STRING_ARRAY *accounts */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
+		"Account pointer: names", hf_lsa_acct);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarenumerateaccountrights_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] SID *account */
+	offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarenumerateaccountrights_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out, ref] LSA_UNICODE_STRING_ARRAY *rights */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
+		"Account pointer: rights", hf_lsa_rights);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsaraddaccountrights_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] SID *account */
+	offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
+
+	/* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
+		"Account pointer: rights", hf_lsa_rights);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsaraddaccountrights_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarremoveaccountrights_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] SID *account */
+	offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
+
+	/* remove all */
+	offset = dissect_ndr_uint8 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_remove_all, NULL);
+
+	/* [in, ref] LSA_UNICODE_STRING_ARRAY *rights */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_UNICODE_STRING_ARRAY, NDR_POINTER_REF,
+		"Account pointer: rights", hf_lsa_rights);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarremoveaccountrights_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarquerytrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE handle */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] LSA_UNICODE_STRING *name */
+	/* domain */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_domain, 0);
+
+	/* [in] TRUSTED_INFORMATION_CLASS level */
+        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_trusted_info_level, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarquerytrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
+		"TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarsettrusteddomaininfobyname_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE handle */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] LSA_UNICODE_STRING *name */
+	/* domain */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_domain, 0);
+
+	/* [in] TRUSTED_INFORMATION_CLASS level */
+        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_trusted_info_level, NULL);
+
+	/* [in, ref] TRUSTED_DOMAIN_INFORMATION *info) */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
+		"TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarsettrusteddomaininfobyname_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarquerytrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE handle */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] SID *sid */
+	offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
+
+	/* [in] TRUSTED_INFORMATION_CLASS level */
+        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_trusted_info_level, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsaropentrusteddomainbyname_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE handle */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] LSA_UNICODE_STRING *name */
+	/* domain */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_domain, 0);
+
+	/* [in] ACCESS_MASK access */
+	offset = lsa_dissect_ACCESS_MASK(tvb, offset,
+		pinfo, tree, drep);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsaropentrusteddomainbyname_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out] LSA_HANDLE handle */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+
+static int
+lsa_dissect_lsarquerytrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out, ref] TRUSTED_DOMAIN_INFORMATION *info) */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
+		"TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarsettrusteddomaininfo_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE handle */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] SID *sid */
+	offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
+
+	/* [in] TRUSTED_INFORMATION_CLASS level */
+        offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_trusted_info_level, NULL);
+
+	/* [ref, ref] TRUSTED_DOMAIN_INFORMATION *info) */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_TRUSTED_DOMAIN_INFORMATION, NDR_POINTER_REF,
+		"TRUSTED_DOMAIN_INFORMATION pointer: info", -1);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarsettrusteddomaininfo_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarqueryinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	guint16 level;
+
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_lsa_policy_information_class, &level);
+
+	if (check_col(pinfo->cinfo, COL_INFO))
+		col_append_fstr(
+			pinfo->cinfo, COL_INFO, ", %s",
+			val_to_str(level, policy_information_class_vals,
+				   "Unknown (%d)"));
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarqueryinformationpolicy2_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* This is really a pointer to a pointer though the first level is REF
+	  so we just ignore that one */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_POLICY_INFORMATION, NDR_POINTER_UNIQUE,
+		"POLICY_INFORMATION pointer: info", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarsetinformationpolicy2_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_lsa_policy_information_class, NULL);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
+		"POLICY_INFORMATION pointer: info", -1);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarsetinformationpolicy2_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarquerydomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_lsa_policy_information_class, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarquerydomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
+		"POLICY_INFORMATION pointer: info", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarsetdomaininformationpolicy_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_lsa_policy_information_class, NULL);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_POLICY_INFORMATION, NDR_POINTER_REF,
+		"POLICY_INFORMATION pointer: info", -1);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarsetdomaininformationpolicy_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarlookupnames2_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in] ULONG count */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_count, NULL);
+
+	/* [in, size_is(count), ref] LSA_UNICODE_STRING *names */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_UNICODE_STRING_array, NDR_POINTER_REF,
+		"Account pointer: names", hf_lsa_acct);
+
+	/* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
+		"LSA_TRANSLATED_SIDS pointer: rids", -1);
+
+	/* [in] USHORT level */
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_lsa_info_level, NULL);
+
+	/* [in, out, ref] ULONG *num_mapped */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_num_mapped, NULL);
+
+	/* unknown */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_unknown_long, NULL);
+
+	/* unknown */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_unknown_long, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarlookupnames2_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out] LSA_REFERENCED_DOMAIN_LIST *domains */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
+		"LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
+
+	/* [in, out, ref] LSA_TRANSLATED_SIDS *rids */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRANSLATED_SIDS, NDR_POINTER_REF,
+		"LSA_TRANSLATED_SIDS pointer: rids", -1);
+
+	/* [in, out, ref] ULONG *num_mapped */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_num_mapped, NULL);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarcreateaccount_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
+
+	offset = lsa_dissect_ACCESS_MASK(tvb, offset,
+		pinfo, tree, drep);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarcreateaccount_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarlookupprivilegedisplayname_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] LSA_UNICODE_STRING *name */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_privilege_name, 0);
+
+	/* [in, ref] long *size */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_privilege_display_name_size, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarlookupprivilegedisplayname_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out, ref] LSA_UNICODE_STRING **disp_name */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
+		"NAME pointer: ", hf_lsa_privilege_display_name);
+
+	/* [out, ref] long *size */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_privilege_display_name_size, NULL);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarstoreprivatedata_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] LSA_UNICODE_STRING *key */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_key, 0);
+
+	/* [in, unique] LSA_SECRET **data */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_UNIQUE,
+		"LSA_SECRET* pointer: data", -1);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarstoreprivatedata_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarretrieveprivatedata_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] LSA_UNICODE_STRING *key */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_key, 0);
+
+	/* [in, out, ref] LSA_SECRET **data */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
+		"LSA_SECRET* pointer: data", -1);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarretrieveprivatedata_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in, out, ref] LSA_SECRET **data */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECRET_pointer, NDR_POINTER_REF,
+		"LSA_SECRET* pointer: data", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarclosetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+
+	/* [in, out] LSA_HANDLE *tdHnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarclosetrusteddomainex_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+
+	/* [in, out] LSA_HANDLE *tdHnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRANSLATED_NAME_EX(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *parent_tree, guint8 *drep)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	int old_offset=offset;
+
+	if(parent_tree){
+		item = proto_tree_add_text(parent_tree, tvb, offset, -1,
+			"LSA_TRANSLATED_NAME:");
+		tree = proto_item_add_subtree(item, ett_lsa_translated_name);
+	}
+
+	/* sid type */
+	offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
+			hf_lsa_sid_type, NULL);
+
+	/* name */
+	offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, drep,
+		hf_lsa_name, 0);
+
+	/* index */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_index, NULL);
+
+	/* unknown */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_unknown_long, NULL);
+
+	proto_item_set_len(item, offset-old_offset);
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRANSLATED_NAME_EX_array(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRANSLATED_NAME_EX);
+
+	return offset;
+}
+static int
+lsa_dissect_LSA_TRANSLATED_NAMES_EX(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* count */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_count, NULL);
+
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			lsa_dissect_LSA_TRANSLATED_NAME_EX_array, NDR_POINTER_UNIQUE,
+			"LSA_TRANSLATED_NAME_EX: pointer", -1);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarlookupsids2_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			dissect_ndr_nt_PSID_ARRAY, NDR_POINTER_REF,
+			"PSID_ARRAY", -1);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
+		"LSA_TRANSLATED_NAMES_EX pointer: names", -1);
+
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_lsa_info_level, NULL);
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_num_mapped, NULL);
+
+	/* unknown */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_unknown_long, NULL);
+
+	/* unknown */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_unknown_long, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarlookupsids2_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_REFERENCED_DOMAIN_LIST, NDR_POINTER_UNIQUE,
+		"LSA_REFERENCED_DOMAIN_LIST pointer: domains", -1);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRANSLATED_NAMES_EX, NDR_POINTER_REF,
+		"LSA_TRANSLATED_NAMES_EX pointer: names", -1);
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_num_mapped, NULL);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsargetusername_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+
+	/* [in, unique, string] WCHAR *server */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		dissect_lsa_openpolicy_server, NDR_POINTER_UNIQUE,
+		"Server:", hf_lsa_server);
+
+	/* [in, out, ref] LSA_UNICODE_STRING **user */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
+		"ACCOUNT pointer: ", hf_lsa_acct);
+
+	/* [in, out, unique] LSA_UNICODE_STRING **domain */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
+		"DOMAIN pointer: ", hf_lsa_domain);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsargetusername_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in, out, ref] LSA_UNICODE_STRING **user */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
+		"ACCOUNT pointer: ", hf_lsa_acct);
+
+	/* [in, out, unique] LSA_UNICODE_STRING **domain */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_pointer_pointer_UNICODE_STRING, NDR_POINTER_UNIQUE,
+		"DOMAIN pointer: ", hf_lsa_domain);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarcreatetrusteddomainex_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
+		"TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
+
+	/* [in, ref] TRUSTED_DOMAIN_AUTH_INFORMATION *auth */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRUSTED_DOMAIN_AUTH_INFORMATION, NDR_POINTER_REF,
+		"TRUSTED_DOMAIN_AUTH_INFORMATION pointer: auth", -1);
+
+	/* [in] ACCESS_MASK mask */
+	offset = lsa_dissect_ACCESS_MASK(tvb, offset,
+		pinfo, tree, drep);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarcreatetrusteddomainex_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out] LSA_HANDLE *tdHnd) */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarenumeratetrusteddomainsex_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_resume_handle, NULL);
+
+	/* [in] ULONG pref_maxlen */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_max_count, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRUST_INFORMATION_EX);
+
+	return offset;
+}
+
+static int
+lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* count */
+        offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_count, NULL);
+
+	/* trust information */
+        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_EX_array, NDR_POINTER_UNIQUE,
+		"TRUST INFORMATION array:", -1);
+
+	/* max count */
+	/* The original code here was wrong. It now handles these correctly */
+        /*offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+                                     hf_lsa_max_count, NULL);
+	*/
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarenumeratetrusteddomainsex_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in, out, ref] LSA_ENUMERATION_HANDLE *resume_hnd */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_resume_handle, NULL);
+
+	/* [out, ref] TRUSTED_DOMAIN_INFORMATION_LIST_EX *domains */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRUSTED_DOMAIN_INFORMATION_LIST_EX, NDR_POINTER_REF,
+		"TRUSTED_DOMAIN_INFORMATION_LIST_EX pointer: domains", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsartestcall_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE handle */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in] USHORT flag */
+	offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep,
+		hf_lsa_unknown_short, NULL);
+
+	/* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
+		"LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsartestcall_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out, ref] LSA_SECURITY_DESCRIPTOR **psd) */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_UNIQUE,
+		"LSA_SECURITY_DESCRIPTOR pointer: psd)", -1);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+static int
+lsa_dissect_lsarcreatetrusteddomainex2_rqst(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [in] LSA_HANDLE hnd */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	/* [in, ref] TRUSTED_DOMAIN_INFORMATION_EX *info */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_TRUST_INFORMATION_EX, NDR_POINTER_REF,
+		"TRUSTED_DOMAIN_INFORMATION_EX pointer: info", -1);
+
+	/* [in, ref] LSA_SECURITY_DESCRIPTOR *sd */
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		lsa_dissect_LSA_SECURITY_DESCRIPTOR, NDR_POINTER_REF,
+		"LSA_SECURITY_DESCRIPTOR pointer: sd", -1);
+
+	/* [in] ULONG unknown */
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_lsa_unknown_long, NULL);
+
+	return offset;
+}
+
+
+static int
+lsa_dissect_lsarcreatetrusteddomainex2_reply(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+	/* [out] LSA_HANDLE *h2) */
+	offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+			hf_lsa_hnd, NULL, NULL, FALSE, FALSE);
+
+	offset = dissect_ntstatus(
+		tvb, offset, pinfo, tree, drep, hf_lsa_rc, NULL);
+
+	return offset;
+}
+
+
+static dcerpc_sub_dissector dcerpc_lsa_dissectors[] = {
+	{ LSA_LSARCLOSE, "LsarClose",
+		lsa_dissect_lsarclose_rqst,
+		lsa_dissect_lsarclose_reply },
+	{ LSA_LSARDELETE, "LsarDelete",
+		lsa_dissect_lsardelete_rqst,
+		lsa_dissect_lsardelete_reply },
+	{ LSA_LSARENUMERATEPRIVILEGES, "LsarEnumeratePrivileges",
+		lsa_dissect_lsarenumerateprivileges_rqst,
+		lsa_dissect_lsarenumerateprivileges_reply },
+	{ LSA_LSARQUERYSECURITYOBJECT, "LsarQuerySecurityObject",
+		lsa_dissect_lsarquerysecurityobject_rqst,
+		lsa_dissect_lsarquerysecurityobject_reply },
+	{ LSA_LSARSETSECURITYOBJECT, "LsarSetSecurityObject",
+		lsa_dissect_lsarsetsecurityobject_rqst,
+		lsa_dissect_lsarsetsecurityobject_reply },
+	{ LSA_LSARCHANGEPASSWORD, "LsarChangePassword",
+		lsa_dissect_lsarchangepassword_rqst,
+		lsa_dissect_lsarchangepassword_reply },
+	{ LSA_LSAROPENPOLICY, "LsarOpenPolicy",
+		lsa_dissect_lsaropenpolicy_rqst,
+		lsa_dissect_lsaropenpolicy_reply },
+	{ LSA_LSARQUERYINFORMATIONPOLICY, "LsarQueryInformationPolicy",
+		lsa_dissect_lsarqueryinformationpolicy_rqst,
+		lsa_dissect_lsarqueryinformationpolicy_reply },
+	{ LSA_LSARSETINFORMATIONPOLICY, "LsarSetInformationPolicy",
+		lsa_dissect_lsarsetinformationpolicy_rqst,
+		lsa_dissect_lsarsetinformationpolicy_reply },
+	{ LSA_LSARCLEARAUDITLOG, "LsarClearAuditLog",
+		lsa_dissect_lsarclearauditlog_rqst,
+		lsa_dissect_lsarclearauditlog_reply },
+	{ LSA_LSARCREATEACCOUNT, "LsarCreateAccount",
+		lsa_dissect_lsarcreateaccount_rqst,
+		lsa_dissect_lsarcreateaccount_reply },
+	{ LSA_LSARENUMERATEACCOUNTS, "LsarEnumerateAccounts",
+		lsa_dissect_lsarenumerateaccounts_rqst,
+		lsa_dissect_lsarenumerateaccounts_reply },
+	{ LSA_LSARCREATETRUSTEDDOMAIN, "LsarCreateTrustedDomain",
+		lsa_dissect_lsarcreatetrusteddomain_rqst,
+		lsa_dissect_lsarcreatetrusteddomain_reply },
+	{ LSA_LSARENUMERATETRUSTEDDOMAINS, "LsarEnumerateTrustedDomains",
+		lsa_dissect_lsarenumeratetrusteddomains_rqst,
+		lsa_dissect_lsarenumeratetrusteddomains_reply },
+	{ LSA_LSARLOOKUPNAMES, "LsarLookupNames",
+		lsa_dissect_lsarlookupnames_rqst,
+		lsa_dissect_lsarlookupnames_reply },
+	{ LSA_LSARLOOKUPSIDS, "LsarLookupSids",
+		lsa_dissect_lsarlookupsids_rqst,
+		lsa_dissect_lsarlookupsids_reply },
+	{ LSA_LSARCREATESECRET, "LsarCreateSecret",
+		lsa_dissect_lsarcreatesecret_rqst,
+		lsa_dissect_lsarcreatesecret_reply },
+	{ LSA_LSAROPENACCOUNT, "LsarOpenAccount",
+		lsa_dissect_lsaropenaccount_rqst,
+		lsa_dissect_lsaropenaccount_reply },
+	{ LSA_LSARENUMERATEPRIVILEGESACCOUNT, "LsarEnumeratePrivilegesAccount",
+		lsa_dissect_lsarenumerateprivilegesaccount_rqst,
+		lsa_dissect_lsarenumerateprivilegesaccount_reply },
+	{ LSA_LSARADDPRIVILEGESTOACCOUNT, "LsarAddPrivilegesToAccount",
+		lsa_dissect_lsaraddprivilegestoaccount_rqst,
+		lsa_dissect_lsaraddprivilegestoaccount_reply },
+	{ LSA_LSARREMOVEPRIVILEGESFROMACCOUNT, "LsarRemovePrivilegesFromAccount",
+		lsa_dissect_lsarremoveprivilegesfromaccount_rqst,
+		lsa_dissect_lsarremoveprivilegesfromaccount_reply },
+	{ LSA_LSARGETQUOTASFORACCOUNT, "LsarGetQuotasForAccount",
+		lsa_dissect_lsargetquotasforaccount_rqst,
+		lsa_dissect_lsargetquotasforaccount_reply },
+	{ LSA_LSARSETQUOTASFORACCOUNT, "LsarSetQuotasForAccount",
+		lsa_dissect_lsarsetquotasforaccount_rqst,
+		lsa_dissect_lsarsetquotasforaccount_reply },
+	{ LSA_LSARGETSYSTEMACCESSACCOUNT, "LsarGetSystemAccessAccount",
+		lsa_dissect_lsargetsystemaccessaccount_rqst,
+		lsa_dissect_lsargetsystemaccessaccount_reply },
+	{ LSA_LSARSETSYSTEMACCESSACCOUNT, "LsarSetSystemAccessAccount",
+		lsa_dissect_lsarsetsystemaccessaccount_rqst,
+		lsa_dissect_lsarsetsystemaccessaccount_reply },
+	{ LSA_LSAROPENTRUSTEDDOMAIN, "LsarOpenTrustedDomain",
+		lsa_dissect_lsaropentrusteddomain_rqst,
+		lsa_dissect_lsaropentrusteddomain_reply },
+	{ LSA_LSARQUERYINFOTRUSTEDDOMAIN, "LsarQueryInfoTrustedDomain",
+		lsa_dissect_lsarqueryinfotrusteddomain_rqst,
+		lsa_dissect_lsarqueryinfotrusteddomain_reply },
+	{ LSA_LSARSETINFORMATIONTRUSTEDDOMAIN, "LsarSetInformationTrustedDomain",
+		lsa_dissect_lsarsetinformationtrusteddomain_rqst,
+		lsa_dissect_lsarsetinformationtrusteddomain_reply },
+	{ LSA_LSAROPENSECRET, "LsarOpenSecret",
+		lsa_dissect_lsaropensecret_rqst,
+		lsa_dissect_lsaropensecret_reply },
+	{ LSA_LSARSETSECRET, "LsarSetSecret",
+		lsa_dissect_lsarsetsecret_rqst,
+		lsa_dissect_lsarsetsecret_reply },
+	{ LSA_LSARQUERYSECRET, "LsarQuerySecret",
+		lsa_dissect_lsarquerysecret_rqst,
+		lsa_dissect_lsarquerysecret_reply },
+	{ LSA_LSARLOOKUPPRIVILEGEVALUE, "LsarLookupPrivilegeValue",
+		lsa_dissect_lsarlookupprivilegevalue_rqst,
+		lsa_dissect_lsarlookupprivilegevalue_reply },
+	{ LSA_LSARLOOKUPPRIVILEGENAME, "LsarLookupPrivilegeName",
+		lsa_dissect_lsarlookupprivilegename_rqst,
+		lsa_dissect_lsarlookupprivilegename_reply },
+	{ LSA_LSARLOOKUPPRIVILEGEDISPLAYNAME, "LsarLookupPrivilegeDisplayName",
+		lsa_dissect_lsarlookupprivilegedisplayname_rqst,
+		lsa_dissect_lsarlookupprivilegedisplayname_reply },
+	{ LSA_LSARDELETEOBJECT, "LsarDeleteObject",
+		lsa_dissect_lsardeleteobject_rqst,
+		lsa_dissect_lsardeleteobject_reply },
+	{ LSA_LSARENUMERATEACCOUNTSWITHUSERRIGHT, "LsarEnumerateAccountsWithUserRight",
+		lsa_dissect_lsarenumerateaccountswithuserright_rqst,
+		lsa_dissect_lsarenumerateaccountswithuserright_reply },
+	{ LSA_LSARENUMERATEACCOUNTRIGHTS, "LsarEnumerateAccountRights",
+		lsa_dissect_lsarenumerateaccountrights_rqst,
+		lsa_dissect_lsarenumerateaccountrights_reply },
+	{ LSA_LSARADDACCOUNTRIGHTS, "LsarAddAccountRights",
+		lsa_dissect_lsaraddaccountrights_rqst,
+		lsa_dissect_lsaraddaccountrights_reply },
+	{ LSA_LSARREMOVEACCOUNTRIGHTS, "LsarRemoveAccountRights",
+		lsa_dissect_lsarremoveaccountrights_rqst,
+		lsa_dissect_lsarremoveaccountrights_reply },
+	{ LSA_LSARQUERYTRUSTEDDOMAININFO, "LsarQueryTrustedDomainInfo",
+		lsa_dissect_lsarquerytrusteddomaininfo_rqst,
+		lsa_dissect_lsarquerytrusteddomaininfo_reply },
+	{ LSA_LSARSETTRUSTEDDOMAININFO, "LsarSetTrustedDomainInfo",
+		lsa_dissect_lsarsettrusteddomaininfo_rqst,
+		lsa_dissect_lsarsettrusteddomaininfo_reply },
+	{ LSA_LSARDELETETRUSTEDDOMAIN, "LsarDeleteTrustedDomain",
+		lsa_dissect_lsardeletetrusteddomain_rqst,
+		lsa_dissect_lsardeletetrusteddomain_reply },
+	{ LSA_LSARSTOREPRIVATEDATA, "LsarStorePrivateData",
+		lsa_dissect_lsarstoreprivatedata_rqst,
+		lsa_dissect_lsarstoreprivatedata_reply },
+	{ LSA_LSARRETRIEVEPRIVATEDATA, "LsarRetrievePrivateData",
+		lsa_dissect_lsarretrieveprivatedata_rqst,
+		lsa_dissect_lsarretrieveprivatedata_reply },
+	{ LSA_LSAROPENPOLICY2, "LsarOpenPolicy2",
+		lsa_dissect_lsaropenpolicy2_rqst,
+		lsa_dissect_lsaropenpolicy2_reply },
+	{ LSA_LSARGETUSERNAME, "LsarGetUserName",
+		lsa_dissect_lsargetusername_rqst,
+		lsa_dissect_lsargetusername_reply },
+	{ LSA_LSARQUERYINFORMATIONPOLICY2, "LsarQueryInformationPolicy2",
+		lsa_dissect_lsarqueryinformationpolicy2_rqst,
+		lsa_dissect_lsarqueryinformationpolicy2_reply },
+	{ LSA_LSARSETINFORMATIONPOLICY2, "LsarSetInformationPolicy2",
+		lsa_dissect_lsarsetinformationpolicy2_rqst,
+		lsa_dissect_lsarsetinformationpolicy2_reply },
+	{ LSA_LSARQUERYTRUSTEDDOMAININFOBYNAME, "LsarQueryTrustedDomainInfoByName",
+		lsa_dissect_lsarquerytrusteddomaininfobyname_rqst,
+		lsa_dissect_lsarquerytrusteddomaininfobyname_reply },
+	{ LSA_LSARSETTRUSTEDDOMAININFOBYNAME, "LsarSetTrustedDomainInfoByName",
+		lsa_dissect_lsarsettrusteddomaininfobyname_rqst,
+		lsa_dissect_lsarsettrusteddomaininfobyname_reply },
+	{ LSA_LSARENUMERATETRUSTEDDOMAINSEX, "LsarEnumerateTrustedDomainsEx",
+		lsa_dissect_lsarenumeratetrusteddomainsex_rqst,
+		lsa_dissect_lsarenumeratetrusteddomainsex_reply },
+	{ LSA_LSARCREATETRUSTEDDOMAINEX, "LsarCreateTrustedDomainEx",
+		lsa_dissect_lsarcreatetrusteddomainex_rqst,
+		lsa_dissect_lsarcreatetrusteddomainex_reply },
+	{ LSA_LSARCLOSETRUSTEDDOMAINEX, "LsarCloseTrustedDomainEx",
+		lsa_dissect_lsarclosetrusteddomainex_rqst,
+		lsa_dissect_lsarclosetrusteddomainex_reply },
+	{ LSA_LSARQUERYDOMAININFORMATIONPOLICY, "LsarQueryDomainInformationPolicy",
+		lsa_dissect_lsarquerydomaininformationpolicy_rqst,
+		lsa_dissect_lsarquerydomaininformationpolicy_reply },
+	{ LSA_LSARSETDOMAININFORMATIONPOLICY, "LsarSetDomainInformationPolicy",
+		lsa_dissect_lsarsetdomaininformationpolicy_rqst,
+		lsa_dissect_lsarsetdomaininformationpolicy_reply },
+	{ LSA_LSAROPENTRUSTEDDOMAINBYNAME, "LsarOpenTrustedDomainByName",
+		lsa_dissect_lsaropentrusteddomainbyname_rqst,
+		lsa_dissect_lsaropentrusteddomainbyname_reply },
+	{ LSA_LSARTESTCALL, "LsarTestCall",
+		lsa_dissect_lsartestcall_rqst,
+		lsa_dissect_lsartestcall_reply },
+	{ LSA_LSARLOOKUPSIDS2, "LsarLookupSids2",
+		lsa_dissect_lsarlookupsids2_rqst,
+		lsa_dissect_lsarlookupsids2_reply },
+	{ LSA_LSARLOOKUPNAMES2, "LsarLookupNames2",
+		lsa_dissect_lsarlookupnames2_rqst,
+		lsa_dissect_lsarlookupnames2_reply },
+	{ LSA_LSARCREATETRUSTEDDOMAINEX2, "LsarCreateTrustedDomainEx2",
+		lsa_dissect_lsarcreatetrusteddomainex2_rqst,
+		lsa_dissect_lsarcreatetrusteddomainex2_reply },
+	{ LSA_CREDRWRITE, "CredrWrite", NULL, NULL },
+	{ LSA_CREDRREAD, "CredrRead", NULL, NULL },
+	{ LSA_CREDRENUMERATE, "CredrEnumerate", NULL, NULL },
+	{ LSA_CREDRWRITEDOMAINCREDENTIALS, "CredrWriteDomainCredentials", 
+	  NULL, NULL },
+	{ LSA_CREDRREADDOMAINCREDENTIALS, "CredrReadDomainCredentials", 
+	  NULL, NULL },
+	{ LSA_CREDRDELETE, "CredrDelete", NULL, NULL },
+	{ LSA_CREDRGETTARGETINFO, "CredrGetTargetInfo", NULL, NULL },
+	{ LSA_CREDRPROFILELOADED, "CredrProfileLoaded", NULL, NULL },
+	{ LSA_LSARLOOKUPNAMES3, "LsarLookupNames3", NULL, NULL },
+	{ LSA_CREDRGETSESSIONTYPES, "CredrGetSessionTypes", NULL, NULL },
+	{ LSA_LSARREGISTERAUDITEVENT, "LsarRegisterAuditEvent", NULL, NULL },
+	{ LSA_LSARGENAUDITEVENT, "LsarGenAuditEvent", NULL, NULL },
+	{ LSA_LSARUNREGISTERAUDITEVENT, "LsarUnregisterAuditEvent", NULL, NULL},
+	{ LSA_LSARQUERYFORESTTRUSTINFORMATION,
+	  "LsarQueryForestTrustInformation", NULL, NULL },
+	{ LSA_LSARSETFORESTTRUSTINFORMATION, "LsarSetForestTrustInformation",
+	  NULL, NULL },
+	{ LSA_CREDRRENAME, "CredrRename", NULL, NULL },
+	{ LSA_LSARLOOKUPSIDS3, "LsarLookupSids3", NULL, NULL },
+	{ LSA_LSARLOOKUPNAMES4, "LsarLookupNames4", NULL, NULL },
+	{ LSA_LSAROPENPOLICYSCE, "LsarOpenPolicySce", NULL, NULL },
+	{ LSA_LSARADTREGISTERSECURITYEVENTSOURCE,
+            "LsarAdtRegisterSecurityEventSource", NULL, NULL },
+	{ LSA_LSARADTUNREGISTERSECURITYEVENTSOURCE, 
+	   "LsarAdtUnregisterSecurityEventSource", NULL, NULL },
+	{ LSA_LSARADTREPORTSECURITYEVENT, "LsarAdtReportSecurityEvent",
+	  NULL, NULL },
+	{0, NULL, NULL, NULL}
+};
+
+void
+proto_register_dcerpc_lsa(void)
+{
+        static hf_register_info hf[] = {
+
+        { &hf_lsa_opnum,
+	  { "Operation", "lsa.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "Operation", HFILL }},
+
+	{ &hf_lsa_unknown_string,
+		{ "Unknown string", "lsa.unknown_string", FT_STRING, BASE_NONE,
+		NULL, 0, "Unknown string. If you know what this is, contact ethereal developers.", HFILL }},
+
+	{ &hf_lsa_hnd,
+		{ "Context Handle", "lsa.hnd", FT_BYTES, BASE_NONE,
+		NULL, 0x0, "LSA policy handle", HFILL }},
+
+	{ &hf_lsa_server,
+		{ "Server", "lsa.server", FT_STRING, BASE_NONE,
+		NULL, 0, "Name of Server", HFILL }},
+
+	{ &hf_lsa_controller,
+		{ "Controller", "lsa.controller", FT_STRING, BASE_NONE,
+		NULL, 0, "Name of Domain Controller", HFILL }},
+
+	{ &hf_lsa_unknown_hyper,
+		{ "Unknown hyper", "lsa.unknown.hyper", FT_UINT64, BASE_HEX,
+		NULL, 0x0, "Unknown hyper. If you know what this is, contact ethereal developers.", HFILL }},
+
+	{ &hf_lsa_unknown_long,
+		{ "Unknown long", "lsa.unknown.long", FT_UINT32, BASE_HEX,
+		NULL, 0x0, "Unknown long. If you know what this is, contact ethereal developers.", HFILL }},
+
+	{ &hf_lsa_unknown_short,
+		{ "Unknown short", "lsa.unknown.short", FT_UINT16, BASE_HEX,
+		NULL, 0x0, "Unknown short. If you know what this is, contact ethereal developers.", HFILL }},
+
+	{ &hf_lsa_unknown_char,
+		{ "Unknown char", "lsa.unknown.char", FT_UINT8, BASE_HEX,
+		NULL, 0x0, "Unknown char. If you know what this is, contact ethereal developers.", HFILL }},
+
+	{ &hf_lsa_rc,
+		{ "Return code", "lsa.rc", FT_UINT32, BASE_HEX,
+		VALS (NT_errors), 0x0, "LSA return status code", HFILL }},
+
+	{ &hf_lsa_obj_attr,
+		{ "Attributes", "lsa.obj_attr", FT_UINT32, BASE_HEX,
+		NULL, 0x0, "LSA Attributes", HFILL }},
+
+	{ &hf_lsa_obj_attr_len,
+		{ "Length", "lsa.obj_attr.len", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Length of object attribute structure", HFILL }},
+
+	{ &hf_lsa_obj_attr_name,
+		{ "Name", "lsa.obj_attr.name", FT_STRING, BASE_NONE,
+		NULL, 0x0, "Name of object attribute", HFILL }},
+
+	{ &hf_lsa_access_mask,
+		{ "Access Mask", "lsa.access_mask", FT_UINT32, BASE_HEX,
+		NULL, 0x0, "LSA Access Mask", HFILL }},
+
+	{ &hf_lsa_info_level,
+		{ "Level", "lsa.info.level", FT_UINT16, BASE_DEC,
+		NULL, 0x0, "Information level of requested data", HFILL }},
+
+	{ &hf_lsa_trusted_info_level,
+		{ "Info Level", "lsa.trusted.info_level", FT_UINT16, BASE_DEC,
+		VALS(trusted_info_level_vals), 0x0, "Information level of requested Trusted Domain Information", HFILL }},
+
+	{ &hf_lsa_sd_size,
+		{ "Size", "lsa.sd_size", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Size of lsa security descriptor", HFILL }},
+
+	{ &hf_lsa_qos_len,
+		{ "Length", "lsa.qos.len", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Length of quality of service structure", HFILL }},
+
+	{ &hf_lsa_qos_impersonation_level,
+		{ "Impersonation level", "lsa.qos.imp_lev", FT_UINT16, BASE_DEC,
+		VALS(lsa_impersonation_level_vals), 0x0, "QOS Impersonation Level", HFILL }},
+
+	{ &hf_lsa_qos_track_context,
+		{ "Context Tracking", "lsa.qos.track_ctx", FT_UINT8, BASE_DEC,
+		NULL, 0x0, "QOS Context Tracking Mode", HFILL }},
+
+	{ &hf_lsa_qos_effective_only,
+		{ "Effective only", "lsa.qos.effective_only", FT_UINT8, BASE_DEC,
+		NULL, 0x0, "QOS Flag whether this is Effective Only or not", HFILL }},
+
+	{ &hf_lsa_pali_percent_full,
+		{ "Percent Full", "lsa.pali.percent_full", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "How full audit log is in percentage", HFILL }},
+
+	{ &hf_lsa_pali_log_size,
+		{ "Log Size", "lsa.pali.log_size", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Size of audit log", HFILL }},
+
+	{ &hf_lsa_pali_retention_period,
+		{ "Retention Period", "lsa.pali.retention_period", FT_RELATIVE_TIME, BASE_NONE,
+		NULL, 0x0, "", HFILL }},
+
+	{ &hf_lsa_pali_time_to_shutdown,
+		{ "Time to shutdown", "lsa.pali.time_to_shutdown", FT_RELATIVE_TIME, BASE_NONE,
+		NULL, 0x0, "Time to shutdown", HFILL }},
+
+	{ &hf_lsa_pali_shutdown_in_progress,
+		{ "Shutdown in progress", "lsa.pali.shutdown_in_progress", FT_UINT8, BASE_DEC,
+		NULL, 0x0, "Flag whether shutdown is in progress or not", HFILL }},
+
+	{ &hf_lsa_pali_next_audit_record,
+		{ "Next Audit Record", "lsa.pali.next_audit_record", FT_UINT32, BASE_HEX,
+		NULL, 0x0, "Next audit record", HFILL }},
+
+	{ &hf_lsa_paei_enabled,
+		{ "Auditing enabled", "lsa.paei.enabled", FT_UINT8, BASE_DEC,
+		NULL, 0x0, "If Security auditing is enabled or not", HFILL }},
+
+	{ &hf_lsa_paei_settings,
+		{ "Settings", "lsa.paei.settings", FT_UINT32, BASE_HEX,
+		NULL, 0x0, "Audit Events Information settings", HFILL }},
+
+	{ &hf_lsa_count,
+		{ "Count", "lsa.count", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Count of objects", HFILL }},
+
+	{ &hf_lsa_max_count,
+		{ "Max Count", "lsa.max_count", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "", HFILL }},
+
+	{ &hf_lsa_fqdomain,
+		{ "FQDN", "lsa.fqdn_domain", FT_STRING, BASE_NONE,
+		NULL, 0x0, "Fully Qualified Domain Name", HFILL }},
+
+	{ &hf_lsa_domain,
+		{ "Domain", "lsa.domain", FT_STRING, BASE_NONE,
+		NULL, 0x0, "Domain", HFILL }},
+
+	{ &hf_lsa_acct,
+		{ "Account", "lsa.acct", FT_STRING, BASE_NONE,
+		NULL, 0x0, "Account", HFILL }},
+
+	{ &hf_lsa_source,
+		{ "Source", "lsa.source", FT_STRING, BASE_NONE,
+		NULL, 0x0, "Replica Source", HFILL }},
+
+	{ &hf_lsa_server_role,
+		{ "Role", "lsa.server_role", FT_UINT16, BASE_DEC,
+		VALS(server_role_vals), 0x0, "LSA Server Role", HFILL }},
+
+	{ &hf_lsa_quota_paged_pool,
+		{ "Paged Pool", "lsa.quota.paged_pool", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Size of Quota Paged Pool", HFILL }},
+
+	{ &hf_lsa_quota_non_paged_pool,
+		{ "Non Paged Pool", "lsa.quota.non_paged_pool", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Size of Quota non-Paged Pool", HFILL }},
+
+	{ &hf_lsa_quota_min_wss,
+		{ "Min WSS", "lsa.quota.min_wss", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Size of Quota Min WSS", HFILL }},
+
+	{ &hf_lsa_quota_max_wss,
+		{ "Max WSS", "lsa.quota.max_wss", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Size of Quota Max WSS", HFILL }},
+
+	{ &hf_lsa_quota_pagefile,
+		{ "Pagefile", "lsa.quota.pagefile", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Size of quota pagefile usage", HFILL }},
+
+	{ &hf_lsa_mod_seq_no,
+		{ "Seq No", "lsa.mod.seq_no", FT_UINT64, BASE_DEC,
+		NULL, 0x0, "Sequence number for this modification", HFILL }},
+
+	{ &hf_lsa_mod_mtime,
+		{ "MTime", "lsa.mod.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
+		NULL, 0x0, "Time when this modification occured", HFILL }},
+
+	{ &hf_lsa_cur_mtime,
+		{ "Current MTime", "lsa.cur.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
+		NULL, 0x0, "Current MTime to set", HFILL }},
+
+	{ &hf_lsa_old_mtime,
+		{ "Old MTime", "lsa.old.mtime", FT_ABSOLUTE_TIME, BASE_NONE,
+		NULL, 0x0, "Old MTime for this object", HFILL }},
+
+	{ &hf_lsa_name,
+		{ "Name", "lsa.name", FT_STRING, BASE_NONE,
+		NULL, 0x0, "", HFILL }},
+
+	{ &hf_lsa_key,
+		{ "Key", "lsa.key", FT_STRING, BASE_NONE,
+		NULL, 0x0, "", HFILL }},
+
+	{ &hf_lsa_flat_name,
+		{ "Flat Name", "lsa.flat_name", FT_STRING, BASE_NONE,
+		NULL, 0x0, "", HFILL }},
+
+	{ &hf_lsa_forest,
+		{ "Forest", "lsa.forest", FT_STRING, BASE_NONE,
+		NULL, 0x0, "", HFILL }},
+
+	{ &hf_lsa_info_type,
+		{ "Info Type", "lsa.info_type", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "", HFILL }},
+
+	{ &hf_lsa_new_pwd,
+		{ "New Password", "lsa.new_pwd", FT_BYTES, BASE_HEX,
+		NULL, 0x0, "New password", HFILL }},
+
+	{ &hf_lsa_old_pwd,
+		{ "Old Password", "lsa.old_pwd", FT_BYTES, BASE_HEX,
+		NULL, 0x0, "Old password", HFILL }},
+
+	{ &hf_lsa_sid_type,
+		{ "SID Type", "lsa.sid_type", FT_UINT16, BASE_DEC,
+		VALS(sid_type_vals), 0x0, "Type of SID", HFILL }},
+
+	{ &hf_lsa_rid,
+		{ "RID", "lsa.rid", FT_UINT32, BASE_HEX,
+		NULL, 0x0, "RID", HFILL }},
+
+	{ &hf_lsa_rid_offset,
+		{ "RID Offset", "lsa.rid.offset", FT_UINT32, BASE_HEX,
+		NULL, 0x0, "RID Offset", HFILL }},
+
+	{ &hf_lsa_index,
+		{ "Index", "lsa.index", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "", HFILL }},
+
+	{ &hf_lsa_num_mapped,
+		{ "Num Mapped", "lsa.num_mapped", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "", HFILL }},
+
+	{ &hf_lsa_policy_information_class,
+		{ "Info Class", "lsa.policy.info", FT_UINT16, BASE_DEC,
+		VALS(policy_information_class_vals), 0x0, "Policy information class", HFILL }},
+
+	{ &hf_lsa_secret,
+		{ "LSA Secret", "lsa.secret", FT_BYTES, BASE_HEX,
+		NULL, 0, "", HFILL }},
+
+	{ &hf_lsa_auth_blob,
+		{ "Auth blob", "lsa.auth.blob", FT_BYTES, BASE_HEX,
+		NULL, 0, "", HFILL }},
+
+	{ &hf_nt_luid_high,
+		{ "High", "nt.luid.high", FT_UINT32, BASE_HEX,
+		NULL, 0x0, "LUID High component", HFILL }},
+
+	{ &hf_nt_luid_low,
+		{ "Low", "nt.luid.low", FT_UINT32, BASE_HEX,
+		NULL, 0x0, "LUID Low component", HFILL }},
+
+	{ &hf_lsa_size,
+		{ "Size", "lsa.size", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "", HFILL }},
+
+	{ &hf_lsa_size16,
+		{ "Size", "lsa.size", FT_UINT16, BASE_DEC,
+		NULL, 0x0, "", HFILL }},
+
+	{ &hf_lsa_privilege_display_name_size,
+		{ "Size Needed", "lsa.privilege.display__name.size", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Number of characters in the privilege display name", HFILL }},
+
+	{ &hf_lsa_privilege_name,
+		{ "Name", "lsa.privilege.name", FT_STRING, BASE_NONE,
+		NULL, 0x0, "LSA Privilege Name", HFILL }},
+
+	{ &hf_lsa_privilege_display_name,
+		{ "Display Name", "lsa.privilege.display_name", FT_STRING, BASE_NONE,
+		NULL, 0x0, "LSA Privilege Display Name", HFILL }},
+
+	{ &hf_lsa_rights,
+		{ "Rights", "lsa.rights", FT_STRING, BASE_NONE,
+		NULL, 0x0, "Account Rights", HFILL }},
+
+	{ &hf_lsa_policy_information,
+		{ "POLICY INFO", "lsa.policy_information", FT_NONE, BASE_NONE,
+		NULL, 0x0, "Policy Information union", HFILL }},
+
+	{ &hf_lsa_attr,
+		{ "Attr", "lsa.attr", FT_UINT64, BASE_HEX,
+		NULL, 0x0, "LSA Attributes", HFILL }},
+
+	{ &hf_lsa_auth_update,
+		{ "Update", "lsa.auth.update", FT_UINT64, BASE_HEX,
+		NULL, 0x0, "LSA Auth Info update", HFILL }},
+
+	{ &hf_lsa_resume_handle,
+		{ "Resume Handle", "lsa.resume_handle", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Resume Handle", HFILL }},
+
+	{ &hf_lsa_trust_direction,
+		{ "Trust Direction", "lsa.trust.direction", FT_UINT32, BASE_DEC,
+		VALS(trusted_direction_vals), 0x0, "Trust direction", HFILL }},
+
+	{ &hf_lsa_trust_type,
+		{ "Trust Type", "lsa.trust.type", FT_UINT32, BASE_DEC,
+		VALS(trusted_type_vals), 0x0, "Trust type", HFILL }},
+
+	{ &hf_lsa_trust_attr,
+		{ "Trust Attr", "lsa.trust.attr", FT_UINT32, BASE_HEX,
+		NULL, 0x0, "Trust attributes", HFILL }},
+
+	{ &hf_lsa_trust_attr_non_trans,
+		{ "Non Transitive", "lsa.trust.attr.non_trans", FT_BOOLEAN, 32,
+		TFS(&tfs_trust_attr_non_trans), 0x00000001, "Non Transitive trust", HFILL }},
+
+	{ &hf_lsa_trust_attr_uplevel_only,
+		{ "Upleve only", "lsa.trust.attr.uplevel_only", FT_BOOLEAN, 32,
+		TFS(&tfs_trust_attr_uplevel_only), 0x00000002, "Uplevel only trust", HFILL }},
+
+	{ &hf_lsa_trust_attr_tree_parent,
+		{ "Tree Parent", "lsa.trust.attr.tree_parent", FT_BOOLEAN, 32,
+		TFS(&tfs_trust_attr_tree_parent), 0x00400000, "Tree Parent trust", HFILL }},
+
+	{ &hf_lsa_trust_attr_tree_root,
+		{ "Tree Root", "lsa.trust.attr.tree_root", FT_BOOLEAN, 32,
+		TFS(&tfs_trust_attr_tree_root), 0x00800000, "Tree Root trust", HFILL }},
+
+	{ &hf_lsa_auth_type,
+		{ "Auth Type", "lsa.auth.type", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Auth Info type", HFILL }},
+
+	{ &hf_lsa_auth_len,
+		{ "Auth Len", "lsa.auth.len", FT_UINT32, BASE_DEC,
+		NULL, 0x0, "Auth Info len", HFILL }},
+
+	{ &hf_lsa_remove_all,
+		{ "Remove All", "lsa.remove_all", FT_UINT8, BASE_DEC,
+		NULL, 0x0, "Flag whether all rights should be removed or only the specified ones", HFILL }},
+
+	{ &hf_view_local_info,
+	        { "View non-sensitive policy information", "lsa.access_mask.view_local_info",
+		  FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_LOCAL_INFORMATION,
+		  "View non-sensitive policy information", HFILL }},
+
+	{ &hf_view_audit_info,
+	        { "View system audit requirements", "lsa.access_mask.view_audit_info",
+		  FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_VIEW_AUDIT_INFORMATION,
+		  "View system audit requirements", HFILL }},
+
+	{ &hf_get_private_info,
+	        { "Get sensitive policy information", "lsa.access_mask.get_privateinfo",
+		  FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_GET_PRIVATE_INFORMATION,
+		  "Get sensitive policy information", HFILL }},
+
+	{ &hf_trust_admin,
+	        { "Modify domain trust relationships", "lsa.access_mask.trust_admin",
+		  FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_TRUST_ADMIN,
+		  "Modify domain trust relationships", HFILL }},
+
+	{ &hf_create_account,
+	        { "Create special accounts (for assignment of user rights)", "lsa.access_mask.create_account",
+		  FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_ACCOUNT,
+		  "Create special accounts (for assignment of user rights)", HFILL }},
+
+	{ &hf_create_secret,
+	        { "Create a secret object", "lsa.access_mask.create_secret",
+		  FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_SECRET,
+		  "Create a secret object", HFILL }},
+
+	{ &hf_create_priv,
+	        { "Create a privilege", "lsa.access_mask.create_priv",
+		  FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_CREATE_PRIVILEGE,
+		  "Create a privilege", HFILL }},
+
+	{ &hf_set_default_quota_limits,
+	        { "Set default quota limits", "lsa.access_mask.set_default_quota_limits",
+		  FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_DEFAULT_QUOTA_LIMITS,
+		  "Set default quota limits", HFILL }},
+
+	{ &hf_set_audit_requirements,
+	        { "Change system audit requirements", "lsa.access_mask.set_audit_requirements",
+		  FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SET_AUDIT_REQUIREMENTS,
+		  "Change system audit requirements", HFILL }},
+
+	{ &hf_audit_log_admin,
+		{ "Administer audit log attributes", "lsa.access_mask.audit_log_admin",
+		  FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_AUDIT_LOG_ADMIN,
+		  "Administer audit log attributes", HFILL }},
+
+	{ &hf_server_admin,
+	        { "Enable/Disable LSA", "lsa.access_mask.server_admin",
+		  FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_SERVER_ADMIN,
+		  "Enable/Disable LSA", HFILL }},
+
+	{ &hf_lookup_names,
+	        { "Lookup Names/SIDs", "lsa.access_mask.lookup_names",
+		  FT_BOOLEAN, 32, TFS(&flags_set_truth), POLICY_LOOKUP_NAMES,
+		  "Lookup Names/SIDs", HFILL }}
+};
+
+        static gint *ett[] = {
+		&ett_dcerpc_lsa,
+		&ett_lsa_OBJECT_ATTRIBUTES,
+		&ett_LSA_SECURITY_DESCRIPTOR,
+		&ett_lsa_policy_info,
+		&ett_lsa_policy_audit_log_info,
+		&ett_lsa_policy_audit_events_info,
+		&ett_lsa_policy_primary_domain_info,
+		&ett_lsa_policy_primary_account_info,
+		&ett_lsa_policy_server_role_info,
+		&ett_lsa_policy_replica_source_info,
+		&ett_lsa_policy_default_quota_info,
+		&ett_lsa_policy_modification_info,
+		&ett_lsa_policy_audit_full_set_info,
+		&ett_lsa_policy_audit_full_query_info,
+		&ett_lsa_policy_dns_domain_info,
+		&ett_lsa_translated_names,
+		&ett_lsa_translated_name,
+		&ett_lsa_referenced_domain_list,
+		&ett_lsa_trust_information,
+		&ett_lsa_trust_information_ex,
+		&ett_LUID,
+		&ett_LSA_PRIVILEGES,
+		&ett_LSA_PRIVILEGE,
+		&ett_LSA_LUID_AND_ATTRIBUTES_ARRAY,
+		&ett_LSA_LUID_AND_ATTRIBUTES,
+		&ett_LSA_TRUSTED_DOMAIN_LIST,
+		&ett_LSA_TRUSTED_DOMAIN,
+		&ett_LSA_TRANSLATED_SIDS,
+		&ett_lsa_trusted_domain_info,
+		&ett_lsa_trust_attr,
+		&ett_lsa_trusted_domain_auth_information,
+		&ett_lsa_auth_information
+        };
+
+        proto_dcerpc_lsa = proto_register_protocol(
+                "Microsoft Local Security Architecture", "LSA", "lsa");
+
+        proto_register_field_array (proto_dcerpc_lsa, hf, array_length (hf));
+        proto_register_subtree_array(ett, array_length(ett));
+}
+
+/* Protocol handoff */
+
+static e_uuid_t uuid_dcerpc_lsa = {
+        0x12345778, 0x1234, 0xabcd,
+        { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
+};
+
+static guint16 ver_dcerpc_lsa = 0;
+
+void
+proto_reg_handoff_dcerpc_lsa(void)
+{
+        /* Register protocol as dcerpc */
+
+        dcerpc_init_uuid(proto_dcerpc_lsa, ett_dcerpc_lsa, &uuid_dcerpc_lsa,
+                         ver_dcerpc_lsa, dcerpc_lsa_dissectors, hf_lsa_opnum);
+}