diff options
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | packet-smb-common.h | 4 | ||||
| -rw-r--r-- | packet-smb-logon.c | 34 | ||||
| -rw-r--r-- | packet-smb.c | 23 |
4 files changed, 28 insertions, 34 deletions
@@ -938,6 +938,7 @@ Tim Potter <tpot[AT]samba.org> { Use the FID, for DCE RPC-over-SMB, as part of the conversation matching Assorted SMB fixes + NT SID dissection } Raghu Angadi <rangadi[AT]inktomi.com> { diff --git a/packet-smb-common.h b/packet-smb-common.h index 7a96327b99..b9430ac69f 100644 --- a/packet-smb-common.h +++ b/packet-smb-common.h @@ -2,7 +2,7 @@ * Routines for smb packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-smb-common.h,v 1.5 2002/01/21 07:36:42 guy Exp $ + * $Id: packet-smb-common.h,v 1.6 2002/01/25 08:02:01 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -58,4 +58,6 @@ int display_unicode_string(tvbuff_t *tvb, packet_info *pinfo, int display_ms_string(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int hf_index); +int dissect_nt_sid(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, char *name); + #endif diff --git a/packet-smb-logon.c b/packet-smb-logon.c index ebd77d4e58..4e01d04b97 100644 --- a/packet-smb-logon.c +++ b/packet-smb-logon.c @@ -2,7 +2,7 @@ * Routines for SMB net logon packet dissection * Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com> * - * $Id: packet-smb-logon.c,v 1.22 2002/01/24 09:20:51 guy Exp $ + * $Id: packet-smb-logon.c,v 1.23 2002/01/25 08:02:01 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -60,7 +60,6 @@ static int hf_flags_password_required = -1; static int hf_flags_homedir_required = -1; static int hf_flags_enabled = -1; static int hf_domain_sid_size = -1; -static int hf_domain_sid = -1; static int hf_low_serial = -1; static int hf_pulse = -1; static int hf_random = -1; @@ -483,10 +482,11 @@ dissect_announce_change(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset += 4; if (domain_sid_size != 0) { + /* Align to four-byte boundary */ + offset = ((offset + 3)/4)*4; + /* Domain SID */ - proto_tree_add_item(tree, hf_domain_sid, tvb, offset, - domain_sid_size, TRUE); - offset += domain_sid_size; + offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Domain"); } /* NT version */ @@ -534,23 +534,11 @@ dissect_smb_sam_logon_req(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i offset += 4; if (domain_sid_size != 0) { - /* Domain SID */ - proto_tree_add_item(tree, hf_domain_sid, tvb, offset, - domain_sid_size, TRUE); - offset += domain_sid_size; - - /* XXX - at least one packet appears to put the NT version on - a 4-byte boundary, with padding after the domain SID, at - least according to Network Monitor. - - However, another frame, with a zero-length domain SID, - doesn't do any padding, and other packets don't appear - to put the NT version of a 4-byte boundary, so maybe - the padding comes *before* the domain SID, and NetMon - is just confused? (NetMon has been known to misdissect - SMB packets, even though, err, umm, NetMon comes from - the people who are adding all this stuff to SMB....) */ + /* Align to four-byte boundary */ offset = ((offset + 3)/4)*4; + + /* Domain SID */ + offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Domain"); } /* NT version */ @@ -971,10 +959,6 @@ proto_register_smb_logon( void) { "Domain SID Size", "netlogon.domain_sid_size", FT_UINT32, BASE_DEC, NULL, 0, "NETLOGON Domain SID Size", HFILL }}, - { &hf_domain_sid, - { "Domain SID", "netlogon.domain_sid", FT_BYTES, BASE_NONE, - NULL, 0, "NETLOGON Domain SID", HFILL }}, - { &hf_low_serial, { "Low Serial Number", "netlogon.low_serial", FT_UINT32, BASE_DEC, NULL, 0, "NETLOGON Low Serial Number", HFILL }}, diff --git a/packet-smb.c b/packet-smb.c index 00e49d688d..6e0bfab950 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -3,7 +3,7 @@ * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * 2001 Rewrite by Ronnie Sahlberg and Guy Harris * - * $Id: packet-smb.c,v 1.197 2002/01/21 07:36:42 guy Exp $ + * $Id: packet-smb.c,v 1.198 2002/01/25 08:02:01 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -6318,7 +6318,7 @@ dissect_security_information_mask(tvbuff_t *tvb, packet_info *pinfo, proto_tree return offset; } -static int +int dissect_nt_sid(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, char *name) { proto_item *item = NULL; @@ -6351,11 +6351,20 @@ dissect_nt_sid(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent a new FT_xxx thingie? SMB is quite common!*/ /* identifier authorities */ strp=str; - *strp=0; + strcpy(strp, "S-1-"); + + proto_tree_add_text(tree, tvb, offset, 6, "Authorities"); + for(i=0;i<6;i++){ - sprintf(strp,"%s%d-",strp,tvb_get_guint8(tvb, offset)); + guint8 auth = tvb_get_guint8(tvb, offset); + + if (auth > 0) + sprintf(strp,"%s%d-",strp, auth); offset++; } + + proto_tree_add_text(tree, tvb, offset, num_auth * 4, "Sub-authorities"); + /* sub authorities */ for(i=0;i<num_auth;i++){ /* XXX should not be letohl but native byteorder according to @@ -6368,9 +6377,7 @@ dissect_nt_sid(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent /* strip trailing '-'*/ str[strlen(str)-1]=0; - proto_tree_add_text(tree, tvb, offset-6-num_auth*4, 6+num_auth*4, "SID: %s", str); - proto_item_append_text(item, ": %s", str); - + proto_item_append_text(item, ": %s", str); } proto_item_set_len(item, offset-old_offset); @@ -6497,7 +6504,7 @@ dissect_nt_v2_ace(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *par offset = dissect_nt_access_mask(tvb, pinfo, tree, offset); /* SID */ - offset = dissect_nt_sid(tvb, pinfo, offset, tree, "SID"); + offset = dissect_nt_sid(tvb, pinfo, offset, tree, "ACE"); proto_item_set_len(item, offset-old_offset); return offset; |