diff options
| author | Guy Harris <guy@alum.mit.edu> | 2002-04-22 01:07:19 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2002-04-22 01:07:19 +0000 |
| commit | 677ad9ee25e5a95dad23db94e9133bb5222eada9 (patch) | |
| tree | a5528a77c259a08c509f51fc708e37a618a55a0b /packet-smb.c | |
| parent | 2233aa8f3e422889208de4ed7fb43ca4e6683170 (diff) | |
| download | wireshark-677ad9ee25e5a95dad23db94e9133bb5222eada9.tar.gz wireshark-677ad9ee25e5a95dad23db94e9133bb5222eada9.tar.bz2 wireshark-677ad9ee25e5a95dad23db94e9133bb5222eada9.zip | |
Correctly dissect LSA security descriptors, at least as they appear
inside a Netlogon security descriptor.
Correctly dissect NT security descriptors as they appear inside an LSA
security descriptor (at least as those appear inside a Netlogon security
descriptor) - they get sent over the wire, apparently, as an opaque blob
from the point of view of DCE RPC, at least from one capture I've seen,
they do *not* get sent over the wire in DCE RPC NDR syntax.
svn path=/trunk/; revision=5212
Diffstat (limited to 'packet-smb.c')
| -rw-r--r-- | packet-smb.c | 46 |
1 files changed, 33 insertions, 13 deletions
diff --git a/packet-smb.c b/packet-smb.c index f647836db2..dfeb6bbd3c 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -3,7 +3,7 @@ * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * 2001 Rewrite by Ronnie Sahlberg and Guy Harris * - * $Id: packet-smb.c,v 1.243 2002/04/17 15:11:30 sahlberg Exp $ + * $Id: packet-smb.c,v 1.244 2002/04/22 01:07:19 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -6928,12 +6928,19 @@ dissect_nt_sec_desc_type(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tr return offset; } -/* this function is also called from DCREPC services and then the NDR syntax must be followed. - we assume that owner SID , group SID, SACL DACL objects are always stored in order (when present) - and that all of them are aligned on a 4 byte boundary. - We no longer use the xxx_offset other than to check that they are non-NULL to be compatible with - DCERPC NDR Unique pointer handling. - len is no longer used and should be removed */ +/* This function is also called from DCREPC services; it may be that, in + some cases, the NDR syntax must be followed, but that's not the case, + for example, for the security descriptor inside an LSA Security + Descriptor structure. + + A "len" of -1 means that the NDR syntax must be followed. + In that case, we assume that owner SID, group SID, SACL, and DACL objects + are always stored in order (when present) and that all of them are aligned + on a 4 byte boundary, and we no longer use the xxx_offset other than to + check that they are non-NULL to be compatible with DCERPC NDR Unique. + + Otherwise, we use the offsets to see where the owner SID, group SID, + SACL, and DACL are stored. */ int dissect_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, int len) { @@ -6947,7 +6954,7 @@ dissect_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *p guint32 dacl_offset; if(parent_tree){ - item = proto_tree_add_text(parent_tree, tvb, offset, 0, + item = proto_tree_add_text(parent_tree, tvb, offset, len, "NT Security Descriptor"); tree = proto_item_add_subtree(item, ett_smb_sec_desc); } @@ -6985,27 +6992,40 @@ dissect_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *p /*owner SID*/ if(owner_sid_offset){ - offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Owner"); + if (len == -1) + offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Owner"); + else + dissect_nt_sid(tvb, pinfo, old_offset+owner_sid_offset, tree, "Owner"); } /*group SID*/ if(group_sid_offset){ - offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Group"); + if (len == -1) + offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Group"); + else + dissect_nt_sid(tvb, pinfo, old_offset+group_sid_offset, tree, "Group"); } /* sacl */ if(sacl_offset){ - offset = dissect_nt_acl(tvb, pinfo, offset, tree, "System (SACL)"); + if (len == -1) + offset = dissect_nt_acl(tvb, pinfo, offset, tree, "System (SACL)"); + else + dissect_nt_acl(tvb, pinfo, old_offset+sacl_offset, tree, "System (SACL)"); } /* dacl */ if(dacl_offset){ - offset = dissect_nt_acl(tvb, pinfo, offset, tree, "User (DACL)"); + if (len == -1) + offset = dissect_nt_acl(tvb, pinfo, offset, tree, "User (DACL)"); + else + dissect_nt_acl(tvb, pinfo, old_offset+dacl_offset, tree, "User (DACL)"); } } - proto_item_set_len(item, offset-old_offset); + if (len == -1) + proto_item_set_len(item, offset-old_offset); return offset; } |