From df3141cb779951d99fa70a6e9ee8e05a79cda603 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Fri, 23 Aug 2019 16:18:43 +0200
Subject: DCERPC: update mdssvc DCERPC dissector from upstream Samba

Change-Id: I13871e093b294a1865be6c47cb86275165002855
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-on: https://code.wireshark.org/review/34365
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 epan/dissectors/packet-dcerpc-mdssvc.c | 345 ++++++++++++++++++++++++---------
 epan/dissectors/pidl/mdssvc/mdssvc.idl |  32 +--
 2 files changed, 278 insertions(+), 99 deletions(-)

diff --git a/epan/dissectors/packet-dcerpc-mdssvc.c b/epan/dissectors/packet-dcerpc-mdssvc.c
index 9b511fc3cf..dd9bad17fa 100644
--- a/epan/dissectors/packet-dcerpc-mdssvc.c
+++ b/epan/dissectors/packet-dcerpc-mdssvc.c
@@ -30,14 +30,21 @@ static gint ett_mdssvc_mdssvc_blob = -1;
 static gint hf_mdssvc_mdssvc_blob_length = -1;
 static gint hf_mdssvc_mdssvc_blob_size = -1;
 static gint hf_mdssvc_mdssvc_blob_spotlight_blob = -1;
+static gint hf_mdssvc_mdssvc_close_device_id = -1;
+static gint hf_mdssvc_mdssvc_close_in_handle = -1;
+static gint hf_mdssvc_mdssvc_close_out_handle = -1;
+static gint hf_mdssvc_mdssvc_close_status = -1;
+static gint hf_mdssvc_mdssvc_close_unkn1 = -1;
+static gint hf_mdssvc_mdssvc_close_unkn2 = -1;
+static gint hf_mdssvc_mdssvc_close_unkn3 = -1;
 static gint hf_mdssvc_mdssvc_cmd_device_id = -1;
 static gint hf_mdssvc_mdssvc_cmd_flags = -1;
+static gint hf_mdssvc_mdssvc_cmd_fragment = -1;
+static gint hf_mdssvc_mdssvc_cmd_handle = -1;
 static gint hf_mdssvc_mdssvc_cmd_max_fragment_size1 = -1;
 static gint hf_mdssvc_mdssvc_cmd_max_fragment_size2 = -1;
 static gint hf_mdssvc_mdssvc_cmd_request_blob = -1;
 static gint hf_mdssvc_mdssvc_cmd_response_blob = -1;
-static gint hf_mdssvc_mdssvc_cmd_share_handle = -1;
-static gint hf_mdssvc_mdssvc_cmd_status = -1;
 static gint hf_mdssvc_mdssvc_cmd_unkn1 = -1;
 static gint hf_mdssvc_mdssvc_cmd_unkn3 = -1;
 static gint hf_mdssvc_mdssvc_cmd_unkn4 = -1;
@@ -47,7 +54,7 @@ static gint hf_mdssvc_mdssvc_cmd_unkn7 = -1;
 static gint hf_mdssvc_mdssvc_cmd_unkn8 = -1;
 static gint hf_mdssvc_mdssvc_cmd_unkn9 = -1;
 static gint hf_mdssvc_mdssvc_open_device_id = -1;
-static gint hf_mdssvc_mdssvc_open_share_handle = -1;
+static gint hf_mdssvc_mdssvc_open_handle = -1;
 static gint hf_mdssvc_mdssvc_open_share_mount_path = -1;
 static gint hf_mdssvc_mdssvc_open_share_name = -1;
 static gint hf_mdssvc_mdssvc_open_share_path = -1;
@@ -55,13 +62,13 @@ static gint hf_mdssvc_mdssvc_open_unkn2 = -1;
 static gint hf_mdssvc_mdssvc_open_unkn3 = -1;
 static gint hf_mdssvc_mdssvc_unknown1_device_id = -1;
 static gint hf_mdssvc_mdssvc_unknown1_flags = -1;
-static gint hf_mdssvc_mdssvc_unknown1_share_handle = -1;
+static gint hf_mdssvc_mdssvc_unknown1_gid = -1;
+static gint hf_mdssvc_mdssvc_unknown1_handle = -1;
 static gint hf_mdssvc_mdssvc_unknown1_status = -1;
+static gint hf_mdssvc_mdssvc_unknown1_uid = -1;
 static gint hf_mdssvc_mdssvc_unknown1_unkn1 = -1;
 static gint hf_mdssvc_mdssvc_unknown1_unkn3 = -1;
 static gint hf_mdssvc_mdssvc_unknown1_unkn4 = -1;
-static gint hf_mdssvc_mdssvc_unknown1_unkn5 = -1;
-static gint hf_mdssvc_mdssvc_unknown1_unkn6 = -1;
 static gint hf_mdssvc_mdssvc_unknown1_unkn7 = -1;
 static gint hf_mdssvc_opnum = -1;
 
@@ -87,22 +94,24 @@ static int mdssvc_dissect_element_open_unkn3_(tvbuff_t *tvb _U_, int offset _U_,
 static int mdssvc_dissect_element_open_share_mount_path(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_open_share_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_open_share_path(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
-static int mdssvc_dissect_element_open_share_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
-static int mdssvc_dissect_element_open_share_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
-static int mdssvc_dissect_element_unknown1_share_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_open_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_open_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_unknown1_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_unknown1_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_unknown1_unkn1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_unknown1_device_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_unknown1_unkn3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_unknown1_unkn4(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
-static int mdssvc_dissect_element_unknown1_unkn5(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
-static int mdssvc_dissect_element_unknown1_unkn6(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_unknown1_uid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_unknown1_gid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_unknown1_status(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_unknown1_status_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_unknown1_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_unknown1_flags_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_unknown1_unkn7(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_unknown1_unkn7_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
-static int mdssvc_dissect_element_cmd_share_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_cmd_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_cmd_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_cmd_unkn1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_cmd_device_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_cmd_unkn3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
@@ -115,12 +124,22 @@ static int mdssvc_dissect_element_cmd_unkn6(tvbuff_t *tvb _U_, int offset _U_, p
 static int mdssvc_dissect_element_cmd_max_fragment_size2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_cmd_unkn7(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_cmd_unkn8(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
-static int mdssvc_dissect_element_cmd_status(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
-static int mdssvc_dissect_element_cmd_status_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_cmd_fragment(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_cmd_fragment_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_cmd_response_blob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_cmd_response_blob_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_cmd_unkn9(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int mdssvc_dissect_element_cmd_unkn9_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_close_in_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_close_in_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_close_unkn1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_close_device_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_close_unkn2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_close_unkn3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_close_out_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_close_out_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_close_status(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
+static int mdssvc_dissect_element_close_status_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
 static int
 mdssvc_dissect_element_blob_spotlight_blob(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep _U_)
 {
@@ -276,17 +295,17 @@ mdssvc_dissect_element_open_share_path(tvbuff_t *tvb _U_, int offset _U_, packet
 }
 
 static int
-mdssvc_dissect_element_open_share_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+mdssvc_dissect_element_open_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
 {
-	offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_open_share_handle_, NDR_POINTER_REF, "Pointer to Share Handle (policy_handle)",hf_mdssvc_mdssvc_open_share_handle);
+	offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_open_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_mdssvc_mdssvc_open_handle);
 
 	return offset;
 }
 
 static int
-mdssvc_dissect_element_open_share_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+mdssvc_dissect_element_open_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_open_share_handle, 0);
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_open_handle, 0);
 
 	return offset;
 }
@@ -295,10 +314,10 @@ mdssvc_dissect_element_open_share_handle_(tvbuff_t *tvb _U_, int offset _U_, pac
 /* IDL: [in] [out] [ref] uint32 *device_id, */
 /* IDL: [in] [out] [ref] uint32 *unkn2, */
 /* IDL: [in] [out] [ref] uint32 *unkn3, */
-/* IDL: [charset(UTF8)] [in] uint8 share_mount_path[*], */
-/* IDL: [charset(UTF8)] [in] uint8 share_name[*], */
+/* IDL: [charset(UTF8)] [in] [size_is(1025)] uint8 share_mount_path[*], */
+/* IDL: [charset(UTF8)] [in] [size_is(1025)] uint8 share_name[*], */
 /* IDL: [charset(UTF8)] [out] [size_is(1025)] uint8 share_path[*], */
-/* IDL: [out] [ref] policy_handle *share_handle */
+/* IDL: [out] [ref] policy_handle *handle */
 /* IDL: ); */
 
 static int
@@ -317,7 +336,7 @@ mdssvc_dissect_open_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pin
 	offset = mdssvc_dissect_element_open_share_path(tvb, offset, pinfo, tree, di, drep);
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 
-	offset = mdssvc_dissect_element_open_share_handle(tvb, offset, pinfo, tree, di, drep);
+	offset = mdssvc_dissect_element_open_handle(tvb, offset, pinfo, tree, di, drep);
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 
 	return offset;
@@ -341,9 +360,17 @@ mdssvc_dissect_open_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinf
 }
 
 static int
-mdssvc_dissect_element_unknown1_share_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+mdssvc_dissect_element_unknown1_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_share_handle, 0);
+	offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_unknown1_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_mdssvc_mdssvc_unknown1_handle);
+
+	return offset;
+}
+
+static int
+mdssvc_dissect_element_unknown1_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_handle, 0);
 
 	return offset;
 }
@@ -381,17 +408,17 @@ mdssvc_dissect_element_unknown1_unkn4(tvbuff_t *tvb _U_, int offset _U_, packet_
 }
 
 static int
-mdssvc_dissect_element_unknown1_unkn5(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+mdssvc_dissect_element_unknown1_uid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_unkn5, 0);
+	offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_uid, 0);
 
 	return offset;
 }
 
 static int
-mdssvc_dissect_element_unknown1_unkn6(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+mdssvc_dissect_element_unknown1_gid(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_unkn6, 0);
+	offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_gid, 0);
 
 	return offset;
 }
@@ -445,13 +472,13 @@ mdssvc_dissect_element_unknown1_unkn7_(tvbuff_t *tvb _U_, int offset _U_, packet
 }
 
 /* IDL: void mdssvc_unknown1( */
-/* IDL: [in] policy_handle share_handle, */
+/* IDL: [in] [ref] policy_handle *handle, */
 /* IDL: [in] uint32 unkn1, */
 /* IDL: [in] uint32 device_id, */
 /* IDL: [in] uint32 unkn3, */
 /* IDL: [in] uint32 unkn4, */
-/* IDL: [in] uint32 unkn5, */
-/* IDL: [in] uint32 unkn6, */
+/* IDL: [in] uint32 uid, */
+/* IDL: [in] uint32 gid, */
 /* IDL: [out] [ref] uint32 *status, */
 /* IDL: [out] [ref] uint32 *flags, */
 /* IDL: [out] [ref] uint32 *unkn7 */
@@ -477,7 +504,7 @@ static int
 mdssvc_dissect_unknown1_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
 {
 	di->dcerpc_procedure_name="unknown1";
-	offset = mdssvc_dissect_element_unknown1_share_handle(tvb, offset, pinfo, tree, di, drep);
+	offset = mdssvc_dissect_element_unknown1_handle(tvb, offset, pinfo, tree, di, drep);
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 	offset = mdssvc_dissect_element_unknown1_unkn1(tvb, offset, pinfo, tree, di, drep);
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
@@ -487,17 +514,25 @@ mdssvc_dissect_unknown1_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 	offset = mdssvc_dissect_element_unknown1_unkn4(tvb, offset, pinfo, tree, di, drep);
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
-	offset = mdssvc_dissect_element_unknown1_unkn5(tvb, offset, pinfo, tree, di, drep);
+	offset = mdssvc_dissect_element_unknown1_uid(tvb, offset, pinfo, tree, di, drep);
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
-	offset = mdssvc_dissect_element_unknown1_unkn6(tvb, offset, pinfo, tree, di, drep);
+	offset = mdssvc_dissect_element_unknown1_gid(tvb, offset, pinfo, tree, di, drep);
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 	return offset;
 }
 
 static int
-mdssvc_dissect_element_cmd_share_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+mdssvc_dissect_element_cmd_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_share_handle, 0);
+	offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_cmd_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_mdssvc_mdssvc_cmd_handle);
+
+	return offset;
+}
+
+static int
+mdssvc_dissect_element_cmd_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_handle, 0);
 
 	return offset;
 }
@@ -599,17 +634,17 @@ mdssvc_dissect_element_cmd_unkn8(tvbuff_t *tvb _U_, int offset _U_, packet_info
 }
 
 static int
-mdssvc_dissect_element_cmd_status(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+mdssvc_dissect_element_cmd_fragment(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
 {
-	offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_cmd_status_, NDR_POINTER_REF, "Pointer to Status (uint32)",hf_mdssvc_mdssvc_cmd_status);
+	offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_cmd_fragment_, NDR_POINTER_REF, "Pointer to Fragment (uint32)",hf_mdssvc_mdssvc_cmd_fragment);
 
 	return offset;
 }
 
 static int
-mdssvc_dissect_element_cmd_status_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+mdssvc_dissect_element_cmd_fragment_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
 {
-	offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_status, 0);
+	offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_fragment, 0);
 
 	return offset;
 }
@@ -647,7 +682,7 @@ mdssvc_dissect_element_cmd_unkn9_(tvbuff_t *tvb _U_, int offset _U_, packet_info
 }
 
 /* IDL: void mdssvc_cmd( */
-/* IDL: [in] policy_handle share_handle, */
+/* IDL: [in] [ref] policy_handle *handle, */
 /* IDL: [in] uint32 unkn1, */
 /* IDL: [in] uint32 device_id, */
 /* IDL: [in] uint32 unkn3, */
@@ -660,7 +695,7 @@ mdssvc_dissect_element_cmd_unkn9_(tvbuff_t *tvb _U_, int offset _U_, packet_info
 /* IDL: [in] uint32 max_fragment_size2, */
 /* IDL: [in] uint32 unkn7, */
 /* IDL: [in] uint32 unkn8, */
-/* IDL: [out] [ref] uint32 *status, */
+/* IDL: [out] [ref] uint32 *fragment, */
 /* IDL: [out] [ref] mdssvc_blob *response_blob, */
 /* IDL: [out] [ref] uint32 *unkn9 */
 /* IDL: ); */
@@ -669,7 +704,7 @@ static int
 mdssvc_dissect_cmd_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
 {
 	di->dcerpc_procedure_name="cmd";
-	offset = mdssvc_dissect_element_cmd_status(tvb, offset, pinfo, tree, di, drep);
+	offset = mdssvc_dissect_element_cmd_fragment(tvb, offset, pinfo, tree, di, drep);
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 
 	offset = mdssvc_dissect_element_cmd_response_blob(tvb, offset, pinfo, tree, di, drep);
@@ -685,7 +720,7 @@ static int
 mdssvc_dissect_cmd_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
 {
 	di->dcerpc_procedure_name="cmd";
-	offset = mdssvc_dissect_element_cmd_share_handle(tvb, offset, pinfo, tree, di, drep);
+	offset = mdssvc_dissect_element_cmd_handle(tvb, offset, pinfo, tree, di, drep);
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 	offset = mdssvc_dissect_element_cmd_unkn1(tvb, offset, pinfo, tree, di, drep);
 	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
@@ -714,6 +749,126 @@ mdssvc_dissect_cmd_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo
 	return offset;
 }
 
+static int
+mdssvc_dissect_element_close_in_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_close_in_handle_, NDR_POINTER_REF, "Pointer to In Handle (policy_handle)",hf_mdssvc_mdssvc_close_in_handle);
+
+	return offset;
+}
+
+static int
+mdssvc_dissect_element_close_in_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_close_in_handle, 0);
+
+	return offset;
+}
+
+static int
+mdssvc_dissect_element_close_unkn1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_close_unkn1, 0);
+
+	return offset;
+}
+
+static int
+mdssvc_dissect_element_close_device_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_close_device_id, 0);
+
+	return offset;
+}
+
+static int
+mdssvc_dissect_element_close_unkn2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_close_unkn2, 0);
+
+	return offset;
+}
+
+static int
+mdssvc_dissect_element_close_unkn3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_close_unkn3, 0);
+
+	return offset;
+}
+
+static int
+mdssvc_dissect_element_close_out_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_close_out_handle_, NDR_POINTER_REF, "Pointer to Out Handle (policy_handle)",hf_mdssvc_mdssvc_close_out_handle);
+
+	return offset;
+}
+
+static int
+mdssvc_dissect_element_close_out_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_close_out_handle, 0);
+
+	return offset;
+}
+
+static int
+mdssvc_dissect_element_close_status(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_close_status_, NDR_POINTER_REF, "Pointer to Status (uint32)",hf_mdssvc_mdssvc_close_status);
+
+	return offset;
+}
+
+static int
+mdssvc_dissect_element_close_status_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_close_status, 0);
+
+	return offset;
+}
+
+/* IDL: void mdssvc_close( */
+/* IDL: [in] [ref] policy_handle *in_handle, */
+/* IDL: [in] uint32 unkn1, */
+/* IDL: [in] uint32 device_id, */
+/* IDL: [in] uint32 unkn2, */
+/* IDL: [in] uint32 unkn3, */
+/* IDL: [out] [ref] policy_handle *out_handle, */
+/* IDL: [out] [ref] uint32 *status */
+/* IDL: ); */
+
+static int
+mdssvc_dissect_close_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	di->dcerpc_procedure_name="close";
+	offset = mdssvc_dissect_element_close_out_handle(tvb, offset, pinfo, tree, di, drep);
+	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
+
+	offset = mdssvc_dissect_element_close_status(tvb, offset, pinfo, tree, di, drep);
+	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
+
+	return offset;
+}
+
+static int
+mdssvc_dissect_close_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+	di->dcerpc_procedure_name="close";
+	offset = mdssvc_dissect_element_close_in_handle(tvb, offset, pinfo, tree, di, drep);
+	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
+	offset = mdssvc_dissect_element_close_unkn1(tvb, offset, pinfo, tree, di, drep);
+	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
+	offset = mdssvc_dissect_element_close_device_id(tvb, offset, pinfo, tree, di, drep);
+	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
+	offset = mdssvc_dissect_element_close_unkn2(tvb, offset, pinfo, tree, di, drep);
+	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
+	offset = mdssvc_dissect_element_close_unkn3(tvb, offset, pinfo, tree, di, drep);
+	offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
+	return offset;
+}
+
 
 static dcerpc_sub_dissector mdssvc_dissectors[] = {
 	{ 0, "open",
@@ -722,6 +877,8 @@ static dcerpc_sub_dissector mdssvc_dissectors[] = {
 	   mdssvc_dissect_unknown1_request, mdssvc_dissect_unknown1_response},
 	{ 2, "cmd",
 	   mdssvc_dissect_cmd_request, mdssvc_dissect_cmd_response},
+	{ 3, "close",
+	   mdssvc_dissect_close_request, mdssvc_dissect_close_response},
 	{ 0, NULL, NULL, NULL }
 };
 
@@ -729,79 +886,93 @@ void proto_register_dcerpc_mdssvc(void)
 {
 	static hf_register_info hf[] = {
 	{ &hf_mdssvc_mdssvc_blob_length,
-		{ "Length", "mdssvc.mdssvc_blob.length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Length", "mdssvc.mdssvc_blob.length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_blob_size,
-		{ "Size", "mdssvc.mdssvc_blob.size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Size", "mdssvc.mdssvc_blob.size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_blob_spotlight_blob,
-		{ "Spotlight Blob", "mdssvc.mdssvc_blob.spotlight_blob", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Spotlight Blob", "mdssvc.mdssvc_blob.spotlight_blob", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_mdssvc_mdssvc_close_device_id,
+	  { "Device Id", "mdssvc.mdssvc_close.device_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_mdssvc_mdssvc_close_in_handle,
+	  { "In Handle", "mdssvc.mdssvc_close.in_handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_mdssvc_mdssvc_close_out_handle,
+	  { "Out Handle", "mdssvc.mdssvc_close.out_handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
+	{ &hf_mdssvc_mdssvc_close_status,
+	  { "Status", "mdssvc.mdssvc_close.status", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_mdssvc_mdssvc_close_unkn1,
+	  { "Unkn1", "mdssvc.mdssvc_close.unkn1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_mdssvc_mdssvc_close_unkn2,
+	  { "Unkn2", "mdssvc.mdssvc_close.unkn2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_mdssvc_mdssvc_close_unkn3,
+	  { "Unkn3", "mdssvc.mdssvc_close.unkn3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_device_id,
-		{ "Device Id", "mdssvc.mdssvc_cmd.device_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Device Id", "mdssvc.mdssvc_cmd.device_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_flags,
-		{ "Flags", "mdssvc.mdssvc_cmd.flags", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Flags", "mdssvc.mdssvc_cmd.flags", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_mdssvc_mdssvc_cmd_fragment,
+	  { "Fragment", "mdssvc.mdssvc_cmd.fragment", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_mdssvc_mdssvc_cmd_handle,
+	  { "Handle", "mdssvc.mdssvc_cmd.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_max_fragment_size1,
-		{ "Max Fragment Size1", "mdssvc.mdssvc_cmd.max_fragment_size1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Max Fragment Size1", "mdssvc.mdssvc_cmd.max_fragment_size1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_max_fragment_size2,
-		{ "Max Fragment Size2", "mdssvc.mdssvc_cmd.max_fragment_size2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Max Fragment Size2", "mdssvc.mdssvc_cmd.max_fragment_size2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_request_blob,
-		{ "Request Blob", "mdssvc.mdssvc_cmd.request_blob", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
+	  { "Request Blob", "mdssvc.mdssvc_cmd.request_blob", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_response_blob,
-		{ "Response Blob", "mdssvc.mdssvc_cmd.response_blob", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_mdssvc_mdssvc_cmd_share_handle,
-		{ "Share Handle", "mdssvc.mdssvc_cmd.share_handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
-	{ &hf_mdssvc_mdssvc_cmd_status,
-		{ "Status", "mdssvc.mdssvc_cmd.status", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Response Blob", "mdssvc.mdssvc_cmd.response_blob", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_unkn1,
-		{ "Unkn1", "mdssvc.mdssvc_cmd.unkn1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn1", "mdssvc.mdssvc_cmd.unkn1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_unkn3,
-		{ "Unkn3", "mdssvc.mdssvc_cmd.unkn3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn3", "mdssvc.mdssvc_cmd.unkn3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_unkn4,
-		{ "Unkn4", "mdssvc.mdssvc_cmd.unkn4", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn4", "mdssvc.mdssvc_cmd.unkn4", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_unkn5,
-		{ "Unkn5", "mdssvc.mdssvc_cmd.unkn5", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn5", "mdssvc.mdssvc_cmd.unkn5", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_unkn6,
-		{ "Unkn6", "mdssvc.mdssvc_cmd.unkn6", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn6", "mdssvc.mdssvc_cmd.unkn6", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_unkn7,
-		{ "Unkn7", "mdssvc.mdssvc_cmd.unkn7", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn7", "mdssvc.mdssvc_cmd.unkn7", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_unkn8,
-		{ "Unkn8", "mdssvc.mdssvc_cmd.unkn8", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn8", "mdssvc.mdssvc_cmd.unkn8", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_cmd_unkn9,
-		{ "Unkn9", "mdssvc.mdssvc_cmd.unkn9", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn9", "mdssvc.mdssvc_cmd.unkn9", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_open_device_id,
-		{ "Device Id", "mdssvc.mdssvc_open.device_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
-	{ &hf_mdssvc_mdssvc_open_share_handle,
-		{ "Share Handle", "mdssvc.mdssvc_open.share_handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
+	  { "Device Id", "mdssvc.mdssvc_open.device_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_mdssvc_mdssvc_open_handle,
+	  { "Handle", "mdssvc.mdssvc_open.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_open_share_mount_path,
-		{ "Share Mount Path", "mdssvc.mdssvc_open.share_mount_path", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
+	  { "Share Mount Path", "mdssvc.mdssvc_open.share_mount_path", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_open_share_name,
-		{ "Share Name", "mdssvc.mdssvc_open.share_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
+	  { "Share Name", "mdssvc.mdssvc_open.share_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_open_share_path,
-		{ "Share Path", "mdssvc.mdssvc_open.share_path", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
+	  { "Share Path", "mdssvc.mdssvc_open.share_path", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_open_unkn2,
-		{ "Unkn2", "mdssvc.mdssvc_open.unkn2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn2", "mdssvc.mdssvc_open.unkn2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_open_unkn3,
-		{ "Unkn3", "mdssvc.mdssvc_open.unkn3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn3", "mdssvc.mdssvc_open.unkn3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_unknown1_device_id,
-		{ "Device Id", "mdssvc.mdssvc_unknown1.device_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Device Id", "mdssvc.mdssvc_unknown1.device_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_unknown1_flags,
-		{ "Flags", "mdssvc.mdssvc_unknown1.flags", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
-	{ &hf_mdssvc_mdssvc_unknown1_share_handle,
-		{ "Share Handle", "mdssvc.mdssvc_unknown1.share_handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
+	  { "Flags", "mdssvc.mdssvc_unknown1.flags", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_mdssvc_mdssvc_unknown1_gid,
+	  { "Gid", "mdssvc.mdssvc_unknown1.gid", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_mdssvc_mdssvc_unknown1_handle,
+	  { "Handle", "mdssvc.mdssvc_unknown1.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_unknown1_status,
-		{ "Status", "mdssvc.mdssvc_unknown1.status", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Status", "mdssvc.mdssvc_unknown1.status", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	{ &hf_mdssvc_mdssvc_unknown1_uid,
+	  { "Uid", "mdssvc.mdssvc_unknown1.uid", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_unknown1_unkn1,
-		{ "Unkn1", "mdssvc.mdssvc_unknown1.unkn1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn1", "mdssvc.mdssvc_unknown1.unkn1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_unknown1_unkn3,
-		{ "Unkn3", "mdssvc.mdssvc_unknown1.unkn3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn3", "mdssvc.mdssvc_unknown1.unkn3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_unknown1_unkn4,
-		{ "Unkn4", "mdssvc.mdssvc_unknown1.unkn4", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
-	{ &hf_mdssvc_mdssvc_unknown1_unkn5,
-		{ "Unkn5", "mdssvc.mdssvc_unknown1.unkn5", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
-	{ &hf_mdssvc_mdssvc_unknown1_unkn6,
-		{ "Unkn6", "mdssvc.mdssvc_unknown1.unkn6", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn4", "mdssvc.mdssvc_unknown1.unkn4", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_mdssvc_unknown1_unkn7,
-		{ "Unkn7", "mdssvc.mdssvc_unknown1.unkn7", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Unkn7", "mdssvc.mdssvc_unknown1.unkn7", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
 	{ &hf_mdssvc_opnum,
-		{ "Operation", "mdssvc.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
+	  { "Operation", "mdssvc.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
 	};
 
 
diff --git a/epan/dissectors/pidl/mdssvc/mdssvc.idl b/epan/dissectors/pidl/mdssvc/mdssvc.idl
index cb629e1d99..3f63e7cd08 100644
--- a/epan/dissectors/pidl/mdssvc/mdssvc.idl
+++ b/epan/dissectors/pidl/mdssvc/mdssvc.idl
@@ -11,20 +11,20 @@ interface mdssvc
 		[in,out,ref]                             uint32         *device_id,
 		[in,out,ref]                             uint32         *unkn2, /* always 0x17 ? */
 		[in,out,ref]                             uint32         *unkn3, /* always 0 ? */
-		[in][string,charset(UTF8)]               uint8           share_mount_path[],
-		[in][string,charset(UTF8)]               uint8           share_name[],
+		[in][string,charset(UTF8),size_is(1025)] uint8           share_mount_path[],
+		[in][string,charset(UTF8),size_is(1025)] uint8           share_name[],
 		[out,string,charset(UTF8),size_is(1025)] uint8           share_path[],
-		[out,ref]                                policy_handle  *share_handle
+		[out,ref]                                policy_handle  *handle
 	);
 
 	void mdssvc_unknown1(
-		[in]        policy_handle   share_handle,
+		[in]        policy_handle   *handle,
 		[in]        uint32          unkn1, /* always 0, some status ? */
 		[in]        uint32          device_id,
 		[in]        uint32          unkn3, /* = mdssvc_open.unkn2 ? */
 		[in]        uint32          unkn4, /* always 0, some status ? */
-		[in]        uint32          unkn5, /* 0x01f5*/
-		[in]        uint32          unkn6, /* 0x14 */
+		[in]        uint32          uid,
+		[in]        uint32          gid,
 		[out,ref]   uint32         *status,
 		[out,ref]   uint32         *flags, /* always 0x6b000001 ? */
 		[out,ref]   uint32         *unkn7  /* always 0 ? */
@@ -37,24 +37,32 @@ interface mdssvc
 	} mdssvc_blob;
 
 	void mdssvc_cmd(
-		[in]        policy_handle   share_handle,
+		[in]        policy_handle   *handle,
 		[in]        uint32          unkn1, /* always 0, status ? */
 		[in]        uint32          device_id,
 		[in]        uint32          unkn3, /* = mdssvc_open.unkn2 ? */
 		[in]        uint32          unkn4, /* always 0 ? */
 		[in]        uint32          flags, /* always 0x6b000001 ? */
 		[in]        mdssvc_blob     request_blob,
-
 		[in]        uint32          unkn5, /* always 0 ? */
 		[in]        uint32          max_fragment_size1,
 		[in]        uint32          unkn6, /* always 1 ? */
-		[in]        uint32          max_fragment_size2, /* always max_fragment_size1 = max_fragment_size2 ? */
+		/* always max_fragment_size1 = max_fragment_size2 ? */
+		[in]        uint32          max_fragment_size2,
 		[in]        uint32          unkn7, /* always 0 ? */
 		[in]        uint32          unkn8, /* always 0 ? */
-
-
-		[out,ref]   uint32         *status,
+		[out,ref]   uint32         *fragment,
 		[out,ref]   mdssvc_blob    *response_blob,
 		[out,ref]   uint32         *unkn9  /* always 0 ? */
 	);
+
+	void mdssvc_close(
+		[in]        policy_handle   *in_handle,
+		[in]        uint32          unkn1, /* always 0, some status ? */
+		[in]        uint32          device_id,
+		[in]        uint32          unkn2, /* = mdssvc_open.unkn2 ? */
+		[in]        uint32          unkn3, /* always 0, some status ? */
+		[out,ref]   policy_handle  *out_handle,
+		[out,ref]   uint32         *status
+	);
 }
-- 
cgit v1.2.3