Ethereal-dev: Re: [Ethereal-dev] [patch] fix for dissect_nt_sid

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Ronnie Sahlberg" <sahlberg@xxxxxxxxxxxxxxxx>
Date: Mon, 28 Jan 2002 14:19:57 +1100
Hi Guy, Tim

Two things:
1, I do not think SMB mandates the same alignment rules as DCERPC , thus
the 4byte alignment may break SMB use of this function.
2, DCERPC representation of the SID is slightly different from the SMB one,
As I am sure you have noted, the DCERPC representation of the SID is
prepended
with an extra 32bit quantity which is the size of the conformant array
inside the SID.

So, I think it would be best to do the following changes:
1,  remove the 4byte forced alignment from dissect_nt_sid again.
2, create a dissect_dcerpc_nt_SID()
which looks something like :
dissect_dcerpc_nt_SID()
{
     force-4byte-alignment
    dissect-long-integer-which-is-array-length-of-subauthorities
    offset = dissect_nt_sid()
   return offset;
}



----- Original Message -----
From: "Guy Harris"
To: "Tim Potter"
Sent: Friday, January 25, 2002 7:02 PM
Subject: Re: [Ethereal-dev] [patch] fix for dissect_nt_sid


> On Fri, Jan 25, 2002 at 01:56:26PM +1100, Tim Potter wrote:
> > On Fri, Jan 25, 2002 at 01:47:57PM +1100, Tim Potter wrote:
> >
> > > Hi everyone.  Here is a small patch to do with NT SID dissection:
> >
> > Doh - this time I will actually attach it.
>
> Checked in.
>
> > + /* Align to four byte boundary */
> > +
> > + offset += 4 - (offset % 4);
>
> You meant something such as
>
> offset = ((offset + 3)/4)*4;
>
> as
>
> offset += 4 - (offset % 4);
>
> increments "offset" by 4, not 0, if it's already aligned on a 4-byte
> boundary.
>
> > +// proto_tree_add_item(tree, hf_domain_sid, tvb, offset,
> > +//     domain_sid_size, TRUE);
> > +// offset += domain_sid_size;
>
> Some C compilers do not, by default, like C++ comments (IBM's C compiler
> for AIX doesn't); use C comments in C code.  (I just removed the code
> completely, rather than changing the way it was commented out.)
>
> I also changed the other place in the NETLOGON dissector that had a SID
> - the dissector for "Announce change to UAS or SAM" - to do the same
> thing as was done for a SAM logon request.
>
> >      /* XXX should not be letohl but native byteorder according to
> >         samba header files. considering that all non-x86 NT ports
> >         are dead we can (?) assume that non le byte encodings
> >         will be "uncommon"?*/
>
> All non-x86 NT ports were to little-endian platforms (PowerPC, MIPS, and
> Alpha all ran in little-endian mode).
>
> The upcoming non-x86 port (IA-64) is also presumably little-endian.
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev