[jcifs] SamOEMChangePassword works (sort of)

Michael B. Allen miallen at eskimo.com
Tue Jun 18 05:16:58 EST 2002 

On Mon, 17 Jun 2002 11:30:14 -0500
"Tony Thompson" <tony.thompson at stone-ware.com> wrote:

> >     abstract int writeParameterWordsWireFormat( byte[] dst, int dstIndex );
> >     abstract int writeBytesWireFormat( byte[] dst, int dstIndex );
> >     abstract int readParameterWordsWireFormat( byte[] buffer, 
> >                                         int bufferIndex )
> >                                         throws IOException;
> >     abstract int readBytesWireFormat( byte[] buffer, 
> >                                         int bufferIndex )
> >                                         throws IOException;
> > 
> > To  implement  any  SMB  message you just have to fill in these methods and
> > give that object to send or sendTransaction. The top level writeWriteFormat
> > method  will  call writeParameterWordsWireFormat and write the return value
> > of   that   into  the  ParameterCount  field.  It  will  do  the  same  for
> > writeBytesWireFormat  writing the return value from that into the DataCount
> > field.     Same     principle    for    readParameterWordsWireFormat    and
> > readBytesWireFormat.  In  other  words,  that  22 is being returned by your
> > writeParameterWordsWireFormat implementation. Have it return 20 instead. If
> > the  accounting  doesn't  add  up,  that might be a further clue as to what
> > constitutes a valid message and help to reverse engineer the precise format.
> 
> The methods that I am using are writeParametersWireFormat() and writeDataWireFormat() not writeParameterWordsWireFormat() and writeBytesWireFormat().  I also can't write 20 instead of 22 and get anything in a pcap that makes sense.  I am using a NG Sniffer instead of Ethereal to look at the traces (the decodes are much better) and I am still having a hard time figuring out where my issues are coming from.

Oh,  right. I forgot you're using Transactions. The same principle applies.
You  want  to return 20 instead of 22. If the pcap says the ByteCount is 20
then  I  don't  see how you can have 22 bytes of stuff in there. I've never
seen  that.  Check  your accounting again and take into consideration there
might  be a padding (although that could only add to the offset and not the
ByteCount I think). 

> One thing that I can't easily reconcile is the fact that the parameter descriptor string that I am sending is "zsT" but the only parameters that I send are:
> 
> - a null terminated string for the user ID (this is the "z" part)
> - a word with a value of 532 that represents the size of the data buffer (this is the "T" part)
> 
> Where did the "s" part go?  The pcap from the Win 98 machines doesn't have any extra bytes in there that would correspond to the "s" part either but, the word is not 532, it is 814.  The Sniffer reports that word as a 2 byte pad in the Win98 trace.

Donno. I'd have to look at the pcap again.

> There is a "parameter words" field in the transaction header that is partially wrong in the jCIFS trace as well.  I don't have a clue where any of that information came from but, it is wrong.

Partially  wrong  how?  Again, some of those fields are calculated based on
what you return from writeParametersWireFormat and writeDataWireFormat. 

Mike

-- 
http://www.eskimo.com/~miallen/c/jus.c

More information about the jcifs mailing list