From Tim Potter: NT SID dissection.
Don't label the SID in an ACE as an "NT SID SID", label it as an "NT ACE SID". svn path=/trunk/; revision=4607
This commit is contained in:
parent
886b4994ec
commit
7f0ef5ec87
1
AUTHORS
1
AUTHORS
|
@ -938,6 +938,7 @@ Tim Potter <tpot[AT]samba.org> {
|
|||
Use the FID, for DCE RPC-over-SMB, as part of the conversation
|
||||
matching
|
||||
Assorted SMB fixes
|
||||
NT SID dissection
|
||||
}
|
||||
|
||||
Raghu Angadi <rangadi[AT]inktomi.com> {
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* Routines for smb packet dissection
|
||||
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
|
||||
*
|
||||
* $Id: packet-smb-common.h,v 1.5 2002/01/21 07:36:42 guy Exp $
|
||||
* $Id: packet-smb-common.h,v 1.6 2002/01/25 08:02:01 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
@ -58,4 +58,6 @@ int display_unicode_string(tvbuff_t *tvb, packet_info *pinfo,
|
|||
|
||||
int display_ms_string(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int hf_index);
|
||||
|
||||
int dissect_nt_sid(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, char *name);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* Routines for SMB net logon packet dissection
|
||||
* Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com>
|
||||
*
|
||||
* $Id: packet-smb-logon.c,v 1.22 2002/01/24 09:20:51 guy Exp $
|
||||
* $Id: packet-smb-logon.c,v 1.23 2002/01/25 08:02:01 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
@ -60,7 +60,6 @@ static int hf_flags_password_required = -1;
|
|||
static int hf_flags_homedir_required = -1;
|
||||
static int hf_flags_enabled = -1;
|
||||
static int hf_domain_sid_size = -1;
|
||||
static int hf_domain_sid = -1;
|
||||
static int hf_low_serial = -1;
|
||||
static int hf_pulse = -1;
|
||||
static int hf_random = -1;
|
||||
|
@ -483,10 +482,11 @@ dissect_announce_change(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int
|
|||
offset += 4;
|
||||
|
||||
if (domain_sid_size != 0) {
|
||||
/* Align to four-byte boundary */
|
||||
offset = ((offset + 3)/4)*4;
|
||||
|
||||
/* Domain SID */
|
||||
proto_tree_add_item(tree, hf_domain_sid, tvb, offset,
|
||||
domain_sid_size, TRUE);
|
||||
offset += domain_sid_size;
|
||||
offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Domain");
|
||||
}
|
||||
|
||||
/* NT version */
|
||||
|
@ -534,23 +534,11 @@ dissect_smb_sam_logon_req(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i
|
|||
offset += 4;
|
||||
|
||||
if (domain_sid_size != 0) {
|
||||
/* Domain SID */
|
||||
proto_tree_add_item(tree, hf_domain_sid, tvb, offset,
|
||||
domain_sid_size, TRUE);
|
||||
offset += domain_sid_size;
|
||||
|
||||
/* XXX - at least one packet appears to put the NT version on
|
||||
a 4-byte boundary, with padding after the domain SID, at
|
||||
least according to Network Monitor.
|
||||
|
||||
However, another frame, with a zero-length domain SID,
|
||||
doesn't do any padding, and other packets don't appear
|
||||
to put the NT version of a 4-byte boundary, so maybe
|
||||
the padding comes *before* the domain SID, and NetMon
|
||||
is just confused? (NetMon has been known to misdissect
|
||||
SMB packets, even though, err, umm, NetMon comes from
|
||||
the people who are adding all this stuff to SMB....) */
|
||||
/* Align to four-byte boundary */
|
||||
offset = ((offset + 3)/4)*4;
|
||||
|
||||
/* Domain SID */
|
||||
offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Domain");
|
||||
}
|
||||
|
||||
/* NT version */
|
||||
|
@ -971,10 +959,6 @@ proto_register_smb_logon( void)
|
|||
{ "Domain SID Size", "netlogon.domain_sid_size", FT_UINT32, BASE_DEC,
|
||||
NULL, 0, "NETLOGON Domain SID Size", HFILL }},
|
||||
|
||||
{ &hf_domain_sid,
|
||||
{ "Domain SID", "netlogon.domain_sid", FT_BYTES, BASE_NONE,
|
||||
NULL, 0, "NETLOGON Domain SID", HFILL }},
|
||||
|
||||
{ &hf_low_serial,
|
||||
{ "Low Serial Number", "netlogon.low_serial", FT_UINT32, BASE_DEC,
|
||||
NULL, 0, "NETLOGON Low Serial Number", HFILL }},
|
||||
|
|
23
packet-smb.c
23
packet-smb.c
|
@ -3,7 +3,7 @@
|
|||
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
|
||||
* 2001 Rewrite by Ronnie Sahlberg and Guy Harris
|
||||
*
|
||||
* $Id: packet-smb.c,v 1.197 2002/01/21 07:36:42 guy Exp $
|
||||
* $Id: packet-smb.c,v 1.198 2002/01/25 08:02:01 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
@ -6318,7 +6318,7 @@ dissect_security_information_mask(tvbuff_t *tvb, packet_info *pinfo, proto_tree
|
|||
return offset;
|
||||
}
|
||||
|
||||
static int
|
||||
int
|
||||
dissect_nt_sid(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, char *name)
|
||||
{
|
||||
proto_item *item = NULL;
|
||||
|
@ -6351,11 +6351,20 @@ dissect_nt_sid(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent
|
|||
a new FT_xxx thingie? SMB is quite common!*/
|
||||
/* identifier authorities */
|
||||
strp=str;
|
||||
*strp=0;
|
||||
strcpy(strp, "S-1-");
|
||||
|
||||
proto_tree_add_text(tree, tvb, offset, 6, "Authorities");
|
||||
|
||||
for(i=0;i<6;i++){
|
||||
sprintf(strp,"%s%d-",strp,tvb_get_guint8(tvb, offset));
|
||||
guint8 auth = tvb_get_guint8(tvb, offset);
|
||||
|
||||
if (auth > 0)
|
||||
sprintf(strp,"%s%d-",strp, auth);
|
||||
offset++;
|
||||
}
|
||||
|
||||
proto_tree_add_text(tree, tvb, offset, num_auth * 4, "Sub-authorities");
|
||||
|
||||
/* sub authorities */
|
||||
for(i=0;i<num_auth;i++){
|
||||
/* XXX should not be letohl but native byteorder according to
|
||||
|
@ -6368,9 +6377,7 @@ dissect_nt_sid(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent
|
|||
/* strip trailing '-'*/
|
||||
str[strlen(str)-1]=0;
|
||||
|
||||
proto_tree_add_text(tree, tvb, offset-6-num_auth*4, 6+num_auth*4, "SID: %s", str);
|
||||
proto_item_append_text(item, ": %s", str);
|
||||
|
||||
proto_item_append_text(item, ": %s", str);
|
||||
}
|
||||
|
||||
proto_item_set_len(item, offset-old_offset);
|
||||
|
@ -6497,7 +6504,7 @@ dissect_nt_v2_ace(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *par
|
|||
offset = dissect_nt_access_mask(tvb, pinfo, tree, offset);
|
||||
|
||||
/* SID */
|
||||
offset = dissect_nt_sid(tvb, pinfo, offset, tree, "SID");
|
||||
offset = dissect_nt_sid(tvb, pinfo, offset, tree, "ACE");
|
||||
|
||||
proto_item_set_len(item, offset-old_offset);
|
||||
return offset;
|
||||
|
|
Loading…
Reference in New Issue