Ethereal-dev: Re: [Ethereal-dev] [patch] fix for dissect_nt_sid

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Ronnie Sahlberg" <sahlberg@xxxxxxxxxxxxxxxx>
Date: Mon, 28 Jan 2002 14:19:57 +1100
Hi Guy, Tim

Two things:
1, I do not think SMB mandates the same alignment rules as DCERPC , thus
the 4byte alignment may break SMB use of this function.
2, DCERPC representation of the SID is slightly different from the SMB one,
As I am sure you have noted, the DCERPC representation of the SID is
prepended
with an extra 32bit quantity which is the size of the conformant array
inside the SID.

So, I think it would be best to do the following changes:
1,  remove the 4byte forced alignment from dissect_nt_sid again.
2, create a dissect_dcerpc_nt_SID()
which looks something like :
dissect_dcerpc_nt_SID()
{
     force-4byte-alignment
    dissect-long-integer-which-is-array-length-of-subauthorities
    offset = dissect_nt_sid()
   return offset;
}



----- Original Message -----
From: "Guy Harris"
To: "Tim Potter"
Sent: Friday, January 25, 2002 7:02 PM
Subject: Re: [Ethereal-dev] [patch] fix for dissect_nt_sid


> On Fri, Jan 25, 2002 at 01:56:26PM +1100, Tim Potter wrote:
> > On Fri, Jan 25, 2002 at 01:47:57PM +1100, Tim Potter wrote:
> >
> > > Hi everyone.  Here is a small patch to do with NT SID dissection:
> >
> > Doh - this time I will actually attach it.
>
> Checked in.
>
> > + /* Align to four byte boundary */
> > +
> > + offset += 4 - (offset % 4);
>
> You meant something such as
>
> offset = ((offset + 3)/4)*4;
>
> as
>
> offset += 4 - (offset % 4);
>
> increments "offset" by 4, not 0, if it's already aligned on a 4-byte
> boundary.
>
> > +// proto_tree_add_item(tree, hf_domain_sid, tvb, offset,
> > +//     domain_sid_size, TRUE);
> > +// offset += domain_sid_size;
>
> Some C compilers do not, by default, like C++ comments (IBM's C compiler
> for AIX doesn't); use C comments in C code.  (I just removed the code
> completely, rather than changing the way it was commented out.)
>
> I also changed the other place in the NETLOGON dissector that had a SID
> - the dissector for "Announce change to UAS or SAM" - to do the same
> thing as was done for a SAM logon request.
>
> >      /* XXX should not be letohl but native byteorder according to
> >         samba header files. considering that all non-x86 NT ports
> >         are dead we can (?) assume that non le byte encodings
> >         will be "uncommon"?*/
>
> All non-x86 NT ports were to little-endian platforms (PowerPC, MIPS, and
> Alpha all ran in little-endian mode).
>
> The upcoming non-x86 port (IA-64) is also presumably little-endian.
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev