Hi,
I saw that Richard had unfortunately already checked in your patch.
I am pretty sure the dissection is wrong in the patch.
For example, lsa_ds_dissect_role_get_dom_info_reply() just must be wrong,
In the patch, this function only has one single parameter : a unique
pointer to a union.
This type of call does not make sense since it would be impossible for the
receiver of such
a packet to determine WHICH arm of the union that is encoded in the union.
Yes, the DCERPC layer would know which arm, but the application would just
receive
a pointer to a union without ever knowing which arm of the union is encoded.
All NDR encoded unions MUST also be accompanied by a separate parameter,
field encoding the
choosen arm of the union for the application to use.
I.e. in NDR, unions always get their "level" encoded twice. Once as a int
parameter for the application
and once in the datastream for the NDR [un]marshaller to use.
Also in lsa_ds_dissect_DS_DOMINFO_CTR()
the union (which we now know is NOT a union) seems to have a structure and
not a pointer to a structure
embedded in its arm. That is uncommon for MS interfaces. They usually
put either scalars or unique pointers to aggregates in their union arms, not
aggregates themself.
Since the union switch seemed to be 0x00000001 I can almost bet a large
amount of money that it is a
conformant array and not a union.
You may consider sending me captures containing this DCERPC call and I can
look at it.
----- Original Message -----
From: "Jim McDonough"
Sent: Thursday, November 14, 2002 2:47 PM
Subject: [Ethereal-dev] DCERPC LSA_DS patch
> This patch adds dissection of DsRoleGetPrimaryDomainInfo to the
> dcerpc-lsa-ds dissector.
>
> (See attached file: lsa-ds.patch)
>