2 * Routines for smb packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb.c,v 1.16 1999/07/10 14:01:52 sharpe Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@unicom.net>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
47 #include "alignment.h"
49 extern packet_info pi;
51 char *decode_smb_name(unsigned char);
52 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, int, int);
54 char *SMB_names[256] = {
104 "SMBcloseandtreedisc",
106 "SMBtrans2secondary",
108 "SMBfindnotifyclose",
216 "SMBnttransactsecondary",
314 dissect_unknown_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
319 proto_tree_add_item(tree, offset, END_OF_FRAME, "Data (%u bytes)",
327 * Dissect a DOS-format date.
330 dissect_dos_date(guint16 date)
332 static char datebuf[4+2+2+1];
334 sprintf(datebuf, "%04d-%02d-%02d",
335 ((date>>9)&0x7F) + 1980, (date>>5)&0x0F, date&0x1F);
340 * Dissect a DOS-format time.
343 dissect_dos_time(guint16 time)
345 static char timebuf[2+2+2+1];
347 sprintf(timebuf, "%02d:%02d:%02d",
348 (time>>11)&0x1F, (time>>5)&0x3F, (time&0x1F)*2);
352 /* Max string length for displaying Unicode strings. */
353 #define MAX_UNICODE_STR_LEN 256
355 /* Turn a little-endian Unicode '\0'-terminated string into a string we
357 XXX - for now, we just handle the ISO 8859-1 characters. */
359 unicode_to_str(const guint8 *us, int *us_lenp) {
360 static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
367 if (cur == &str[0][0]) {
369 } else if (cur == &str[1][0]) {
375 len = MAX_UNICODE_STR_LEN;
377 while (*us != 0 || *(us + 1) != 0) {
387 /* Note that we're not showing the full string. */
398 * Each dissect routine is passed an offset to wct and works from there
402 dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
406 guint8 BufferFormat3;
407 guint8 BufferFormat2;
408 guint8 BufferFormat1;
410 guint16 MaxBufferSize;
412 const char *SharePath;
414 const char *Password;
416 if (dirn == 1) { /* Request(s) dissect code */
418 /* Build display for: Word Count (WCT) */
420 WordCount = GBYTE(pd, offset);
424 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
428 offset += 1; /* Skip Word Count (WCT) */
430 /* Build display for: Byte Count (BCC) */
432 ByteCount = GSHORT(pd, offset);
436 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
440 offset += 2; /* Skip Byte Count (BCC) */
442 /* Build display for: BufferFormat1 */
444 BufferFormat1 = GBYTE(pd, offset);
448 proto_tree_add_item(tree, offset, 1, "BufferFormat1: %u", BufferFormat1);
452 offset += 1; /* Skip BufferFormat1 */
454 /* Build display for: Share Path */
456 SharePath = pd + offset;
460 proto_tree_add_item(tree, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath);
464 offset += strlen(SharePath) + 1; /* Skip Share Path */
466 /* Build display for: BufferFormat2 */
468 BufferFormat2 = GBYTE(pd, offset);
472 proto_tree_add_item(tree, offset, 1, "BufferFormat2: %u", BufferFormat2);
476 offset += 1; /* Skip BufferFormat2 */
478 /* Build display for: Password */
480 Password = pd + offset;
484 proto_tree_add_item(tree, offset, strlen(Password) + 1, "Password: %s", Password);
488 offset += strlen(Password) + 1; /* Skip Password */
490 /* Build display for: BufferFormat3 */
492 BufferFormat3 = GBYTE(pd, offset);
496 proto_tree_add_item(tree, offset, 1, "BufferFormat3: %u", BufferFormat3);
500 offset += 1; /* Skip BufferFormat3 */
502 /* Build display for: Service */
504 Service = pd + offset;
508 proto_tree_add_item(tree, offset, strlen(Service) + 1, "Service: %s", Service);
512 offset += strlen(Service) + 1; /* Skip Service */
516 if (dirn == 0) { /* Response(s) dissect code */
518 /* Build display for: Word Count (WCT) */
520 WordCount = GBYTE(pd, offset);
524 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
528 offset += 1; /* Skip Word Count (WCT) */
530 /* Build display for: Max Buffer Size */
532 MaxBufferSize = GSHORT(pd, offset);
536 proto_tree_add_item(tree, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
540 offset += 2; /* Skip Max Buffer Size */
542 /* Build display for: TID */
544 TID = GSHORT(pd, offset);
548 proto_tree_add_item(tree, offset, 2, "TID: %u", TID);
552 offset += 2; /* Skip TID */
554 /* Build display for: Byte Count (BCC) */
556 ByteCount = GSHORT(pd, offset);
560 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
564 offset += 2; /* Skip Byte Count (BCC) */
570 /* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
572 dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
575 proto_tree *Capabilities_tree;
583 guint32 Capabilities;
585 guint16 UNICODEAccountPasswordLength;
588 guint16 MaxBufferSize;
592 guint16 ANSIAccountPasswordLength;
593 const char *UNICODEPassword;
594 const char *PrimaryDomain;
595 const char *NativeOS;
596 const char *NativeLanManType;
597 const char *NativeLanMan;
598 const char *AccountName;
599 const char *ANSIPassword;
601 if (dirn == 1) { /* Request(s) dissect code */
603 WordCount = GBYTE(pd, offset);
609 /* Build display for: Word Count (WCT) */
611 WordCount = GBYTE(pd, offset);
615 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
619 offset += 1; /* Skip Word Count (WCT) */
621 /* Build display for: AndXCommand */
623 AndXCommand = GBYTE(pd, offset);
624 AndXCmdOffset = offset;
628 proto_tree_add_item(tree, offset, 1, "AndXCommand: %u", AndXCommand);
632 offset += 1; /* Skip AndXCommand */
634 /* Build display for: AndXReserved */
636 AndXReserved = GBYTE(pd, offset);
640 proto_tree_add_item(tree, offset, 1, "AndXReserved: %u", AndXReserved);
644 offset += 1; /* Skip AndXReserved */
646 /* Build display for: AndXOffset */
648 AndXOffset = GSHORT(pd, offset);
652 proto_tree_add_item(tree, offset, 2, "AndXOffset: %u", AndXOffset);
656 offset += 2; /* Skip AndXOffset */
658 /* Build display for: MaxBufferSize */
660 MaxBufferSize = GSHORT(pd, offset);
664 proto_tree_add_item(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
668 offset += 2; /* Skip MaxBufferSize */
670 /* Build display for: MaxMpxCount */
672 MaxMpxCount = GSHORT(pd, offset);
676 proto_tree_add_item(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
680 offset += 2; /* Skip MaxMpxCount */
682 /* Build display for: VcNumber */
684 VcNumber = GSHORT(pd, offset);
688 proto_tree_add_item(tree, offset, 2, "VcNumber: %u", VcNumber);
692 offset += 2; /* Skip VcNumber */
694 /* Build display for: SessionKey */
696 SessionKey = GWORD(pd, offset);
700 proto_tree_add_item(tree, offset, 4, "SessionKey: %u", SessionKey);
704 offset += 4; /* Skip SessionKey */
706 /* Build display for: PasswordLen */
708 PasswordLen = GSHORT(pd, offset);
712 proto_tree_add_item(tree, offset, 2, "PasswordLen: %u", PasswordLen);
716 offset += 2; /* Skip PasswordLen */
718 /* Build display for: Reserved */
720 Reserved = GWORD(pd, offset);
724 proto_tree_add_item(tree, offset, 4, "Reserved: %u", Reserved);
728 offset += 4; /* Skip Reserved */
730 /* Build display for: Byte Count (BCC) */
732 ByteCount = GSHORT(pd, offset);
736 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
740 offset += 2; /* Skip Byte Count (BCC) */
742 /* Build display for: AccountName */
744 AccountName = pd + offset;
748 proto_tree_add_item(tree, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
752 offset += strlen(AccountName) + 1; /* Skip AccountName */
754 /* Build display for: PrimaryDomain */
756 PrimaryDomain = pd + offset;
760 proto_tree_add_item(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
764 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
766 /* Build display for: NativeOS */
768 NativeOS = pd + offset;
772 proto_tree_add_item(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
776 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
782 /* Build display for: Word Count (WCT) */
784 WordCount = GBYTE(pd, offset);
788 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
792 offset += 1; /* Skip Word Count (WCT) */
794 /* Build display for: AndXCommand */
796 AndXCommand = GBYTE(pd, offset);
797 AndXCmdOffset = offset;
801 proto_tree_add_item(tree, offset, 1, "AndXCommand: %u", AndXCommand);
805 offset += 1; /* Skip AndXCommand */
807 /* Build display for: AndXReserved */
809 AndXReserved = GBYTE(pd, offset);
813 proto_tree_add_item(tree, offset, 1, "AndXReserved: %u", AndXReserved);
817 offset += 1; /* Skip AndXReserved */
819 /* Build display for: AndXOffset */
821 AndXOffset = GSHORT(pd, offset);
825 proto_tree_add_item(tree, offset, 2, "AndXOffset: %u", AndXOffset);
829 offset += 2; /* Skip AndXOffset */
831 /* Build display for: MaxBufferSize */
833 MaxBufferSize = GSHORT(pd, offset);
837 proto_tree_add_item(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
841 offset += 2; /* Skip MaxBufferSize */
843 /* Build display for: MaxMpxCount */
845 MaxMpxCount = GSHORT(pd, offset);
849 proto_tree_add_item(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
853 offset += 2; /* Skip MaxMpxCount */
855 /* Build display for: VcNumber */
857 VcNumber = GSHORT(pd, offset);
861 proto_tree_add_item(tree, offset, 2, "VcNumber: %u", VcNumber);
865 offset += 2; /* Skip VcNumber */
867 /* Build display for: SessionKey */
869 SessionKey = GWORD(pd, offset);
873 proto_tree_add_item(tree, offset, 4, "SessionKey: %u", SessionKey);
877 offset += 4; /* Skip SessionKey */
879 /* Build display for: ANSI Account Password Length */
881 ANSIAccountPasswordLength = GSHORT(pd, offset);
885 proto_tree_add_item(tree, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
889 offset += 2; /* Skip ANSI Account Password Length */
891 /* Build display for: UNICODE Account Password Length */
893 UNICODEAccountPasswordLength = GSHORT(pd, offset);
897 proto_tree_add_item(tree, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
901 offset += 2; /* Skip UNICODE Account Password Length */
903 /* Build display for: Reserved */
905 Reserved = GWORD(pd, offset);
909 proto_tree_add_item(tree, offset, 4, "Reserved: %u", Reserved);
913 offset += 4; /* Skip Reserved */
915 /* Build display for: Capabilities */
917 Capabilities = GWORD(pd, offset);
921 ti = proto_tree_add_item(tree, offset, 4, "Capabilities: 0x%04x", Capabilities);
922 Capabilities_tree = proto_tree_new();
923 proto_item_add_subtree(ti, Capabilities_tree, ETT_SMB_CAPABILITIES);
924 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
925 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
926 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
927 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
928 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
929 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
930 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
931 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
932 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
933 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
934 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
935 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
936 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
937 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
938 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
939 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
940 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
941 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
942 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
943 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
944 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
945 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
946 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
947 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
948 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
949 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
950 proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
951 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
955 offset += 4; /* Skip Capabilities */
957 /* Build display for: Byte Count */
959 ByteCount = GSHORT(pd, offset);
963 proto_tree_add_item(tree, offset, 2, "Byte Count: %u", ByteCount);
967 offset += 2; /* Skip Byte Count */
969 /* Build display for: ANSI Password */
971 ANSIPassword = pd + offset;
975 proto_tree_add_item(tree, offset, strlen(ANSIPassword) + 1, "ANSI Password: %s", ANSIPassword);
979 offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
981 /* Build display for: UNICODE Password */
983 UNICODEPassword = pd + offset;
985 if (UNICODEAccountPasswordLength > 0) {
989 proto_tree_add_item(tree, offset, strlen(UNICODEPassword) + 1, "UNICODE Password: %s", UNICODEPassword);
993 offset += strlen(UNICODEPassword) + 1; /* Skip UNICODE Password */
997 /* Build display for: Account Name */
999 AccountName = pd + offset;
1003 proto_tree_add_item(tree, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName);
1007 offset += strlen(AccountName) + 1; /* Skip Account Name */
1009 /* Build display for: Primary Domain */
1011 PrimaryDomain = pd + offset;
1015 proto_tree_add_item(tree, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain);
1019 offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */
1021 /* Build display for: Native OS */
1023 NativeOS = pd + offset;
1027 proto_tree_add_item(tree, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
1031 offset += strlen(NativeOS) + 1; /* Skip Native OS */
1033 /* Build display for: Native LanMan Type */
1035 NativeLanManType = pd + offset;
1039 proto_tree_add_item(tree, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType);
1043 offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */
1050 if (AndXCommand != 0xFF) {
1054 proto_tree_add_item(tree, AndXCmdOffset, 1, "Command: %s", decode_smb_name(AndXCommand));
1058 (dissect[AndXCommand])(pd, offset, fd, tree, max_data, dirn);
1064 if (dirn == 0) { /* Response(s) dissect code */
1066 /* Build display for: Word Count (WCT) */
1068 WordCount = GBYTE(pd, offset);
1072 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1076 offset += 1; /* Skip Word Count (WCT) */
1078 /* Build display for: AndXCommand */
1080 AndXCommand = GBYTE(pd, offset);
1084 proto_tree_add_item(tree, offset, 1, "AndXCommand: %u", AndXCommand);
1088 offset += 1; /* Skip AndXCommand */
1090 /* Build display for: AndXReserved */
1092 AndXReserved = GBYTE(pd, offset);
1096 proto_tree_add_item(tree, offset, 1, "AndXReserved: %u", AndXReserved);
1100 offset += 1; /* Skip AndXReserved */
1102 /* Build display for: AndXOffset */
1104 AndXOffset = GSHORT(pd, offset);
1108 proto_tree_add_item(tree, offset, 2, "AndXOffset: %u", AndXOffset);
1112 offset += 2; /* Skip AndXOffset */
1114 /* Build display for: Action */
1116 Action = GSHORT(pd, offset);
1120 proto_tree_add_item(tree, offset, 2, "Action: %u", Action);
1124 offset += 2; /* Skip Action */
1126 /* Build display for: Byte Count (BCC) */
1128 ByteCount = GSHORT(pd, offset);
1132 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1136 offset += 2; /* Skip Byte Count (BCC) */
1138 /* Build display for: NativeOS */
1140 NativeOS = pd + offset;
1144 proto_tree_add_item(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
1148 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
1150 /* Build display for: NativeLanMan */
1152 NativeLanMan = pd + offset;
1156 proto_tree_add_item(tree, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan);
1160 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
1162 /* Build display for: PrimaryDomain */
1164 PrimaryDomain = pd + offset;
1168 proto_tree_add_item(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
1172 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
1175 if (AndXCommand != 0xFF) {
1177 (dissect[AndXCommand])(pd, offset, fd, tree, max_data, dirn);
1186 dissect_open_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
1190 guint8 BufferFormat;
1192 guint16 SearchAttributes;
1193 guint16 LastWriteTime;
1194 guint16 LastWriteDate;
1195 guint16 FileAttributes;
1197 guint16 DesiredAccess;
1199 guint16 AccessGranted;
1200 const char *FileName;
1202 if (dirn == 1) { /* Request(s) dissect code */
1204 /* Build display for: Desired Access (Mode) */
1206 DesiredAccess = GSHORT(pd, offset);
1210 proto_tree_add_item(tree, offset, 2, "Desired Access (Mode): %u", DesiredAccess);
1214 offset += 2; /* Skip Desired Access (Mode) */
1216 /* Build display for: Search Attributes */
1218 SearchAttributes = GSHORT(pd, offset);
1222 proto_tree_add_item(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
1226 offset += 2; /* Skip Search Attributes */
1228 /* Build display for: Byte Count (BCC) */
1230 ByteCount = GSHORT(pd, offset);
1234 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1238 offset += 2; /* Skip Byte Count (BCC) */
1240 /* Build display for: Buffer Format */
1242 BufferFormat = GBYTE(pd, offset);
1246 proto_tree_add_item(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1250 offset += 1; /* Skip Buffer Format */
1252 /* Build display for: File Name */
1254 FileName = pd + offset;
1258 proto_tree_add_item(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1262 offset += strlen(FileName) + 1; /* Skip File Name */
1266 if (dirn == 0) { /* Response(s) dissect code */
1268 /* Build display for: Word Count (WCT) */
1270 WordCount = GBYTE(pd, offset);
1274 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1278 offset += 1; /* Skip Word Count (WCT) */
1280 /* Build display for: FID (File Handle) */
1282 FID = GSHORT(pd, offset);
1286 proto_tree_add_item(tree, offset, 2, "FID (File Handle): %u", FID);
1290 offset += 2; /* Skip FID (File Handle) */
1292 /* Build display for: File Attributes */
1294 FileAttributes = GSHORT(pd, offset);
1298 proto_tree_add_item(tree, offset, 2, "File Attributes: %u", FileAttributes);
1302 offset += 2; /* Skip File Attributes */
1304 /* Build display for: Last Write Date */
1306 LastWriteDate = GSHORT(pd, offset);
1310 proto_tree_add_item(tree, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
1314 offset += 2; /* Skip Last Write Date */
1316 /* Build display for: Last Write Time */
1318 LastWriteTime = GSHORT(pd, offset);
1322 proto_tree_add_item(tree, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
1326 offset += 2; /* Skip Last Write Time */
1328 /* Build display for: Data Size */
1330 DataSize = GWORD(pd, offset);
1334 proto_tree_add_item(tree, offset, 4, "Data Size: %u", DataSize);
1338 offset += 4; /* Skip Data Size */
1340 /* Build display for: Access Granted */
1342 AccessGranted = GSHORT(pd, offset);
1346 proto_tree_add_item(tree, offset, 2, "Access Granted: %u", AccessGranted);
1350 offset += 2; /* Skip Access Granted */
1352 /* Build display for: Byte Count (BCC) */
1354 ByteCount = GSHORT(pd, offset);
1358 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1362 offset += 2; /* Skip Byte Count (BCC) */
1369 dissect_open_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
1373 proto_tree *Flags_tree;
1374 proto_tree *OpenFunction_tree;
1377 guint8 BufferFormat;
1378 guint8 AndXReserved;
1383 static const value_string OpenFunction_0x10[] = {
1384 { 0, " Fail if file does not exist"},
1385 { 1, " Create file if it does not exist"},
1389 static const value_string OpenFunction_0x03[] = {
1390 { 0, " Fail if file exists"},
1391 { 1, " Open file if it exists"},
1392 { 2, " Truncate File if it exists"},
1396 guint32 AllocatedSize;
1397 guint16 SearchAttributes;
1399 guint16 OpenFunction;
1400 guint16 LastWriteTime;
1401 guint16 LastWriteDate;
1402 guint16 GrantedAccess;
1405 guint16 FileAttributes;
1407 guint16 DeviceState;
1408 guint16 DesiredAccess;
1409 guint16 CreationTime;
1410 guint16 CreationDate;
1415 const char *FileName;
1417 if (dirn == 1) { /* Request(s) dissect code */
1419 /* Build display for: Word Count (WCT) */
1421 WordCount = GBYTE(pd, offset);
1425 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1429 offset += 1; /* Skip Word Count (WCT) */
1431 /* Build display for: AndXCommand */
1433 AndXCommand = GBYTE(pd, offset);
1437 proto_tree_add_item(tree, offset, 1, "AndXCommand: %u", AndXCommand);
1441 offset += 1; /* Skip AndXCommand */
1443 /* Build display for: AndXReserved */
1445 AndXReserved = GBYTE(pd, offset);
1449 proto_tree_add_item(tree, offset, 1, "AndXReserved: %u", AndXReserved);
1453 offset += 1; /* Skip AndXReserved */
1455 /* Build display for: AndXOffset */
1457 AndXOffset = GSHORT(pd, offset);
1461 proto_tree_add_item(tree, offset, 2, "AndXOffset: %u", AndXOffset);
1465 offset += 2; /* Skip AndXOffset */
1467 /* Build display for: Flags */
1469 Flags = GSHORT(pd, offset);
1473 ti = proto_tree_add_item(tree, offset, 2, "Flags: 0x%02x", Flags);
1474 Flags_tree = proto_tree_new();
1475 proto_item_add_subtree(ti, Flags_tree, ETT_SMB_FLAGS);
1476 proto_tree_add_item(Flags_tree, offset, 2, "%s",
1477 decode_boolean_bitfield(Flags, 0x01, 16, " Dont Return Additional Info", " Return Additional Info"));
1478 proto_tree_add_item(Flags_tree, offset, 2, "%s",
1479 decode_boolean_bitfield(Flags, 0x02, 16, " Exclusive OpLock not Requested", " Exclusive OpLock Requested"));
1480 proto_tree_add_item(Flags_tree, offset, 2, "%s",
1481 decode_boolean_bitfield(Flags, 0x04, 16, " Batch OpLock not Requested", " Batch OpLock Requested"));
1485 offset += 2; /* Skip Flags */
1487 /* Build display for: Desired Access */
1489 DesiredAccess = GSHORT(pd, offset);
1493 proto_tree_add_item(tree, offset, 2, "Desired Access: %u", DesiredAccess);
1497 offset += 2; /* Skip Desired Access */
1499 /* Build display for: Search Attributes */
1501 SearchAttributes = GSHORT(pd, offset);
1505 proto_tree_add_item(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
1509 offset += 2; /* Skip Search Attributes */
1511 /* Build display for: File Attributes */
1513 FileAttributes = GSHORT(pd, offset);
1517 proto_tree_add_item(tree, offset, 2, "File Attributes: %u", FileAttributes);
1521 offset += 2; /* Skip File Attributes */
1523 /* Build display for: Creation Time */
1525 CreationTime = GSHORT(pd, offset);
1529 proto_tree_add_item(tree, offset, 2, "Creation Time: %s", dissect_dos_date(CreationTime));
1533 offset += 2; /* Skip Creation Time */
1535 /* Build display for: Creation Date */
1537 CreationDate = GSHORT(pd, offset);
1541 proto_tree_add_item(tree, offset, 2, "Creation Date: %s", dissect_dos_time(CreationDate));
1545 offset += 2; /* Skip Creation Date */
1547 /* Build display for: Open Function */
1549 OpenFunction = GSHORT(pd, offset);
1553 ti = proto_tree_add_item(tree, offset, 2, "Open Function: 0x%02x", OpenFunction);
1554 OpenFunction_tree = proto_tree_new();
1555 proto_item_add_subtree(ti, OpenFunction_tree, ETT_SMB_OPENFUNCTION);
1556 proto_tree_add_item(OpenFunction_tree, offset, 2, "%s",
1557 decode_enumerated_bitfield(OpenFunction, 0x10, 16, OpenFunction_0x10, "%s"));
1558 proto_tree_add_item(OpenFunction_tree, offset, 2, "%s",
1559 decode_enumerated_bitfield(OpenFunction, 0x03, 16, OpenFunction_0x03, "%s"));
1563 offset += 2; /* Skip Open Function */
1565 /* Build display for: Allocated Size */
1567 AllocatedSize = GWORD(pd, offset);
1571 proto_tree_add_item(tree, offset, 4, "Allocated Size: %u", AllocatedSize);
1575 offset += 4; /* Skip Allocated Size */
1577 /* Build display for: Reserved1 */
1579 Reserved1 = GWORD(pd, offset);
1583 proto_tree_add_item(tree, offset, 4, "Reserved1: %u", Reserved1);
1587 offset += 4; /* Skip Reserved1 */
1589 /* Build display for: Reserved2 */
1591 Reserved2 = GWORD(pd, offset);
1595 proto_tree_add_item(tree, offset, 4, "Reserved2: %u", Reserved2);
1599 offset += 4; /* Skip Reserved2 */
1601 /* Build display for: Byte Count */
1603 ByteCount = GSHORT(pd, offset);
1607 proto_tree_add_item(tree, offset, 2, "Byte Count: %u", ByteCount);
1611 offset += 2; /* Skip Byte Count */
1613 /* Build display for: Buffer Format */
1615 /* BufferFormat = GBYTE(pd, offset);
1619 proto_tree_add_item(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1623 offset += 1;*/ /* Skip Buffer Format */
1625 /* Build display for: File Name */
1627 FileName = pd + offset;
1631 proto_tree_add_item(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1635 offset += strlen(FileName) + 1; /* Skip File Name */
1638 if (AndXCommand != 0xFF) {
1640 (dissect[AndXCommand])(pd, offset, fd, tree, max_data, dirn);
1646 if (dirn == 0) { /* Response(s) dissect code */
1648 /* Build display for: Word Count (WCT) */
1650 WordCount = GBYTE(pd, offset);
1654 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1658 offset += 1; /* Skip Word Count (WCT) */
1660 /* Build display for: AndXCommand */
1662 AndXCommand = GBYTE(pd, offset);
1666 proto_tree_add_item(tree, offset, 1, "AndXCommand: %u", AndXCommand);
1670 offset += 1; /* Skip AndXCommand */
1672 /* Build display for: AndXReserved */
1674 AndXReserved = GBYTE(pd, offset);
1678 proto_tree_add_item(tree, offset, 1, "AndXReserved: %u", AndXReserved);
1682 offset += 1; /* Skip AndXReserved */
1684 /* Build display for: AndXOffset */
1686 AndXOffset = GSHORT(pd, offset);
1690 proto_tree_add_item(tree, offset, 2, "AndXOffset: %u", AndXOffset);
1694 offset += 2; /* Skip AndXOffset */
1696 /* Build display for: FID */
1698 FID = GSHORT(pd, offset);
1702 proto_tree_add_item(tree, offset, 2, "FID: %u", FID);
1706 offset += 2; /* Skip FID */
1708 /* Build display for: Attributed */
1710 Attributed = GSHORT(pd, offset);
1714 proto_tree_add_item(tree, offset, 2, "Attributed: %u", Attributed);
1718 offset += 2; /* Skip Attributed */
1720 /* Build display for: Last Write Time */
1722 LastWriteTime = GSHORT(pd, offset);
1726 proto_tree_add_item(tree, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
1730 offset += 2; /* Skip Last Write Time */
1732 /* Build display for: Last Write Date */
1734 LastWriteDate = GSHORT(pd, offset);
1738 proto_tree_add_item(tree, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
1742 offset += 2; /* Skip Last Write Date */
1744 /* Build display for: Data Size */
1746 DataSize = GWORD(pd, offset);
1750 proto_tree_add_item(tree, offset, 4, "Data Size: %u", DataSize);
1754 offset += 4; /* Skip Data Size */
1756 /* Build display for: Granted Access */
1758 GrantedAccess = GSHORT(pd, offset);
1762 proto_tree_add_item(tree, offset, 2, "Granted Access: %u", GrantedAccess);
1766 offset += 2; /* Skip Granted Access */
1768 /* Build display for: File Type */
1770 FileType = GSHORT(pd, offset);
1774 proto_tree_add_item(tree, offset, 2, "File Type: %u", FileType);
1778 offset += 2; /* Skip File Type */
1780 /* Build display for: Device State */
1782 DeviceState = GSHORT(pd, offset);
1786 proto_tree_add_item(tree, offset, 2, "Device State: %u", DeviceState);
1790 offset += 2; /* Skip Device State */
1792 /* Build display for: Action */
1794 Action = GSHORT(pd, offset);
1798 proto_tree_add_item(tree, offset, 2, "Action: %u", Action);
1802 offset += 2; /* Skip Action */
1804 /* Build display for: Server FID */
1806 ServerFID = GWORD(pd, offset);
1810 proto_tree_add_item(tree, offset, 4, "Server FID: %u", ServerFID);
1814 offset += 4; /* Skip Server FID */
1816 /* Build display for: Reserved */
1818 Reserved = GSHORT(pd, offset);
1822 proto_tree_add_item(tree, offset, 2, "Reserved: %u", Reserved);
1826 offset += 2; /* Skip Reserved */
1828 /* Build display for: Byte Count */
1830 ByteCount = GSHORT(pd, offset);
1834 proto_tree_add_item(tree, offset, 2, "Byte Count: %u", ByteCount);
1838 offset += 2; /* Skip Byte Count */
1841 if (AndXCommand != 0xFF) {
1843 (dissect[AndXCommand])(pd, offset, fd, tree, max_data, dirn);
1852 dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
1855 guint8 wct, andxcmd;
1856 guint16 andxoffs, flags, passwdlen, bcc, optionsup;
1858 proto_tree *flags_tree;
1863 /* Now figure out what format we are talking about, 2, 3, or 4 response
1867 if (!((dirn == 1) && (wct == 4)) && !((dirn == 0) && (wct == 2)) &&
1868 !((dirn == 0) && (wct == 3))) {
1872 proto_tree_add_item(tree, offset, 1, "Invalid TCON_ANDX format. WCT should be 2, 3, or 4 ..., not %u", wct);
1874 proto_tree_add_item(tree, offset, END_OF_FRAME, "Data");
1884 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", wct);
1890 andxcmd = pd[offset];
1894 proto_tree_add_item(tree, offset, 1, "Next Command: %s",
1895 (andxcmd == 0xFF) ? "No further commands":
1896 decode_smb_name(andxcmd));
1898 proto_tree_add_item(tree, offset + 1, 1, "Reserved (MBZ): %u", pd[offset+1]);
1904 andxoffs = GSHORT(pd, offset);
1908 proto_tree_add_item(tree, offset, 2, "Offset to next command: %u", andxoffs);
1918 flags = GSHORT(pd, offset);
1922 ti = proto_tree_add_item(tree, offset, 2, "Additional Flags: 0x%02x", flags);
1923 flags_tree = proto_tree_new();
1924 proto_item_add_subtree(ti, flags_tree, ETT_SMB_AFLAGS);
1925 proto_tree_add_item(flags_tree, offset, 2, "%s",
1926 decode_boolean_bitfield(flags, 0x01, 16,
1928 "Don't disconnect TID"));
1934 passwdlen = GSHORT(pd, offset);
1938 proto_tree_add_item(tree, offset, 2, "Password Length: %u", passwdlen);
1944 bcc = GSHORT(pd, offset);
1948 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", bcc);
1958 proto_tree_add_item(tree, offset, strlen(str) + 1, "Password: %s", str);
1962 offset += strlen(str) + 1;
1968 proto_tree_add_item(tree, offset, strlen(str) + 1, "Path: %s", str);
1972 offset += strlen(str) + 1;
1978 proto_tree_add_item(tree, offset, strlen(str) + 1, "Service: %s", str);
1988 bcc = GSHORT(pd, offset);
1992 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2002 proto_tree_add_item(tree, offset, strlen(str) + 1, "Service Type: %s",
2007 offset += strlen(str) + 1;
2013 optionsup = GSHORT(pd, offset);
2015 if (tree) { /* Should break out the bits */
2017 proto_tree_add_item(tree, offset, 2, "Optional Support: 0x%04x",
2024 bcc = GSHORT(pd, offset);
2028 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2038 proto_tree_add_item(tree, offset, strlen(str) + 1, "Service: %s", str);
2042 offset += strlen(str) + 1;
2048 proto_tree_add_item(tree, offset, strlen(str) + 1, "Native File System: %s", str);
2052 offset += strlen(str) + 1;
2061 if (andxcmd != 0xFF) /* Process that next command ... ??? */
2063 (dissect[andxcmd])(pd, offset, fd, tree, max_data - offset, dirn);
2068 dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
2070 guint8 wct, enckeylen;
2071 guint16 bcc, mode, rawmode, dialect;
2073 proto_tree *dialects = NULL, *mode_tree, *caps_tree, *rawmode_tree;
2079 wct = pd[offset]; /* Should be 0, 1 or 13 or 17, I think */
2081 if (!((wct == 0) && (dirn == 1)) && !((wct == 1) && (dirn == 0)) &&
2082 !((wct == 13) && (dirn == 0)) && !((wct == 17) && (dirn == 0))) {
2085 proto_tree_add_item(tree, offset, 1, "Invalid Negotiate Protocol format. WCT should be zero or 1 or 13 or 17 ..., not %u", wct);
2087 proto_tree_add_item(tree, offset, END_OF_FRAME, "Data");
2095 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %d", wct);
2101 /* Now decode the various formats ... */
2105 case 0: /* A request */
2107 bcc = GSHORT(pd, offset);
2111 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2119 ti = proto_tree_add_item(tree, offset, END_OF_FRAME, "Dialects");
2120 dialects = proto_tree_new();
2121 proto_item_add_subtree(ti, dialects, ETT_SMB_DIALECTS);
2125 while (fd->cap_len > offset) {
2130 proto_tree_add_item(dialects, offset, 1, "Dialect Marker: %d", pd[offset]);
2140 proto_tree_add_item(dialects, offset, strlen(str)+1, "Dialect: %s", str);
2144 offset += strlen(str) + 1;
2149 case 1: /* PC NETWORK PROGRAM 1.0 */
2151 dialect = GSHORT(pd, offset);
2153 if (tree) { /* Hmmmm, what if none of the dialects is recognized */
2155 if (dialect == 0xFFFF) { /* Server didn't like them dialects */
2157 proto_tree_add_item(tree, offset, 2, "Supplied dialects not recognized");
2162 proto_tree_add_item(tree, offset, 2, "Dialect Index: %u, PC NETWORK PROTGRAM 1.0", dialect);
2170 bcc = GSHORT(pd, offset);
2174 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2180 case 13: /* Greater than Core and up to and incl LANMAN2.1 */
2184 proto_tree_add_item(tree, offset, 2, "Dialect Index: %u, Greater than CORE PROTOCOL and up to LANMAN2.1", GSHORT(pd, offset));
2188 /* Much of this is similar to response 17 below */
2192 mode = GSHORT(pd, offset);
2196 ti = proto_tree_add_item(tree, offset, 2, "Security Mode: 0x%04x", mode);
2197 mode_tree = proto_tree_new();
2198 proto_item_add_subtree(ti, mode_tree, ETT_SMB_MODE);
2199 proto_tree_add_item(mode_tree, offset, 2, "%s",
2200 decode_boolean_bitfield(mode, 0x0001, 16,
2202 "Security = Share"));
2203 proto_tree_add_item(mode_tree, offset, 2, "%s",
2204 decode_boolean_bitfield(mode, 0x0002, 16,
2205 "Passwords = Encrypted",
2206 "Passwords = Plaintext"));
2214 proto_tree_add_item(tree, offset, 2, "Max buffer size: %u", GSHORT(pd, offset));
2222 proto_tree_add_item(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
2230 proto_tree_add_item(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
2236 rawmode = GSHORT(pd, offset);
2240 ti = proto_tree_add_item(tree, offset, 2, "Raw Mode: 0x%04x", rawmode);
2241 rawmode_tree = proto_tree_new();
2242 proto_item_add_subtree(ti, rawmode_tree, ETT_SMB_RAWMODE);
2243 proto_tree_add_item(rawmode_tree, offset, 2, "%s",
2244 decode_boolean_bitfield(rawmode, 0x01, 16,
2245 "Read Raw supported",
2246 "Read Raw not supported"));
2247 proto_tree_add_item(rawmode_tree, offset, 2, "%s",
2248 decode_boolean_bitfield(rawmode, 0x02, 16,
2249 "Write Raw supported",
2250 "Write Raw not supported"));
2258 proto_tree_add_item(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
2264 /* Now the server time, two short parameters ... */
2268 proto_tree_add_item(tree, offset, 2, "Server Time: %s",
2269 dissect_dos_time(GSHORT(pd, offset)));
2270 proto_tree_add_item(tree, offset + 2, 2, "Server Date: %s",
2271 dissect_dos_date(GSHORT(pd, offset + 2)));
2277 /* Server Time Zone, SHORT */
2281 proto_tree_add_item(tree, offset, 2, "Server time zone: %i min from UTC",
2282 (signed)GSSHORT(pd, offset));
2288 /* Challenge Length */
2290 enckeylen = GSHORT(pd, offset);
2294 proto_tree_add_item(tree, offset, 2, "Challenge Length: %u", enckeylen);
2302 proto_tree_add_item(tree, offset, 2, "Reserved: %u (MBZ)", GSHORT(pd, offset));
2308 bcc = GSHORT(pd, offset);
2312 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2318 if (enckeylen) { /* only if non-zero key len */
2324 proto_tree_add_item(tree, offset, enckeylen, "Challenge: %s",
2325 bytes_to_str(str, enckeylen));
2328 offset += enckeylen;
2332 /* Primary Domain ... */
2338 proto_tree_add_item(tree, offset, strlen(str)+1, "Primary Domain: %s", str);
2344 case 17: /* Greater than LANMAN2.1 */
2348 proto_tree_add_item(tree, offset, 2, "Dialect Index: %u, Greater than LANMAN2.1", GSHORT(pd, offset));
2354 mode = GBYTE(pd, offset);
2358 ti = proto_tree_add_item(tree, offset, 1, "Security Mode: 0x%02x", mode);
2359 mode_tree = proto_tree_new();
2360 proto_item_add_subtree(ti, mode_tree, ETT_SMB_MODE);
2361 proto_tree_add_item(mode_tree, offset, 1, "%s",
2362 decode_boolean_bitfield(mode, 0x01, 8,
2364 "Security = Share"));
2365 proto_tree_add_item(mode_tree, offset, 1, "%s",
2366 decode_boolean_bitfield(mode, 0x02, 8,
2367 "Passwords = Encrypted",
2368 "Passwords = Plaintext"));
2369 proto_tree_add_item(mode_tree, offset, 1, "%s",
2370 decode_boolean_bitfield(mode, 0x04, 8,
2371 "Security signatures enabled",
2372 "Security signatures not enabled"));
2373 proto_tree_add_item(mode_tree, offset, 1, "%s",
2374 decode_boolean_bitfield(mode, 0x08, 8,
2375 "Security signatures required",
2376 "Security signatures not required"));
2384 proto_tree_add_item(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
2392 proto_tree_add_item(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
2400 proto_tree_add_item(tree, offset, 2, "Max buffer size: %u", GWORD(pd, offset));
2408 proto_tree_add_item(tree, offset, 4, "Max raw size: %u", GWORD(pd, offset));
2416 proto_tree_add_item(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
2422 caps = GWORD(pd, offset);
2426 ti = proto_tree_add_item(tree, offset, 4, "Capabilities: 0x%04x", caps);
2427 caps_tree = proto_tree_new();
2428 proto_item_add_subtree(ti, caps_tree, ETT_SMB_CAPS);
2429 proto_tree_add_item(caps_tree, offset, 4, "%s",
2430 decode_boolean_bitfield(caps, 0x0001, 32,
2431 "Raw Mode supported",
2432 "Raw Mode not supported"));
2433 proto_tree_add_item(caps_tree, offset, 4, "%s",
2434 decode_boolean_bitfield(caps, 0x0002, 32,
2435 "MPX Mode supported",
2436 "MPX Mode not supported"));
2437 proto_tree_add_item(caps_tree, offset, 4, "%s",
2438 decode_boolean_bitfield(caps, 0x0004, 32,
2439 "Unicode supported",
2440 "Unicode not supported"));
2441 proto_tree_add_item(caps_tree, offset, 4, "%s",
2442 decode_boolean_bitfield(caps, 0x0008, 32,
2443 "Large files supported",
2444 "Large files not supported"));
2445 proto_tree_add_item(caps_tree, offset, 4, "%s",
2446 decode_boolean_bitfield(caps, 0x0010, 32,
2447 "NT LM 0.12 SMBs supported",
2448 "NT LM 0.12 SMBs not supported"));
2449 proto_tree_add_item(caps_tree, offset, 4, "%s",
2450 decode_boolean_bitfield(caps, 0x0020, 32,
2451 "RPC remote APIs supported",
2452 "RPC remote APIs not supported"));
2453 proto_tree_add_item(caps_tree, offset, 4, "%s",
2454 decode_boolean_bitfield(caps, 0x0040, 32,
2455 "NT status codes supported",
2456 "NT status codes not supported"));
2457 proto_tree_add_item(caps_tree, offset, 4, "%s",
2458 decode_boolean_bitfield(caps, 0x0080, 32,
2459 "Level 2 OpLocks supported",
2460 "Level 2 OpLocks not supported"));
2461 proto_tree_add_item(caps_tree, offset, 4, "%s",
2462 decode_boolean_bitfield(caps, 0x0100, 32,
2463 "Lock&Read supported",
2464 "Lock&Read not supported"));
2465 proto_tree_add_item(caps_tree, offset, 4, "%s",
2466 decode_boolean_bitfield(caps, 0x0200, 32,
2467 "NT Find supported",
2468 "NT Find not supported"));
2469 proto_tree_add_item(caps_tree, offset, 4, "%s",
2470 decode_boolean_bitfield(caps, 0x1000, 32,
2472 "DFS not supported"));
2473 proto_tree_add_item(caps_tree, offset, 4, "%s",
2474 decode_boolean_bitfield(caps, 0x4000, 32,
2475 "Large READX supported",
2476 "Large READX not supported"));
2477 proto_tree_add_item(caps_tree, offset, 4, "%s",
2478 decode_boolean_bitfield(caps, 0x8000, 32,
2479 "Large WRITEX supported",
2480 "Large WRITEX not supported"));
2481 proto_tree_add_item(caps_tree, offset, 4, "%s",
2482 decode_boolean_bitfield(caps, 0x80000000, 32,
2483 "Extended security exchanges supported",
2484 "Extended security exchanges not supported"));
2489 /* Server time, 2 WORDS */
2493 proto_tree_add_item(tree, offset, 4, "System Time Low: 0x%08x", GWORD(pd, offset));
2494 proto_tree_add_item(tree, offset + 4, 4, "System Time High: 0x%08x", GWORD(pd, offset + 4));
2500 /* Server Time Zone, SHORT */
2504 proto_tree_add_item(tree, offset, 2, "Server time zone: %i min from UTC",
2505 (signed)GSSHORT(pd, offset));
2511 /* Encryption key len */
2513 enckeylen = pd[offset];
2517 proto_tree_add_item(tree, offset, 1, "Encryption key len: %u", enckeylen);
2523 bcc = GSHORT(pd, offset);
2527 proto_tree_add_item(tree, offset, 2, "Byte count (BCC): %u", bcc);
2533 if (enckeylen) { /* only if non-zero key len */
2535 /* Encryption challenge key */
2541 proto_tree_add_item(tree, offset, enckeylen, "Challenge encryption key: %s",
2542 bytes_to_str(str, enckeylen));
2546 offset += enckeylen;
2550 /* The domain, a null terminated string; Unicode if "caps" has
2551 the 0x0004 bit set, ASCII (OEM character set) otherwise.
2552 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
2558 if (caps & 0x0004) {
2559 ustr = unicode_to_str(str, &ustr_len);
2560 proto_tree_add_item(tree, offset, ustr_len+2, "OEM domain name: %s", ustr);
2562 proto_tree_add_item(tree, offset, strlen(str)+1, "OEM domain name: %s", str);
2569 default: /* Baddd */
2572 proto_tree_add_item(tree, offset, 1, "Bad format, should never get here");
2580 dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
2584 guint8 BufferFormat;
2586 const char *DirectoryName;
2588 if (dirn == 1) { /* Request(s) dissect code */
2590 /* Build display for: Word Count (WCT) */
2592 WordCount = GBYTE(pd, offset);
2596 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2600 offset += 1; /* Skip Word Count (WCT) */
2602 /* Build display for: Byte Count (BCC) */
2604 ByteCount = GSHORT(pd, offset);
2608 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2612 offset += 2; /* Skip Byte Count (BCC) */
2614 /* Build display for: Buffer Format */
2616 BufferFormat = GBYTE(pd, offset);
2620 proto_tree_add_item(tree, offset, 1, "Buffer Format: %u", BufferFormat);
2624 offset += 1; /* Skip Buffer Format */
2626 /* Build display for: Directory Name */
2628 DirectoryName = pd + offset;
2632 proto_tree_add_item(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
2636 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
2640 if (dirn == 0) { /* Response(s) dissect code */
2642 /* Build display for: Word Count (WCT) */
2644 WordCount = GBYTE(pd, offset);
2648 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2652 offset += 1; /* Skip Word Count (WCT) */
2654 /* Build display for: Byte Count (BCC) */
2656 ByteCount = GSHORT(pd, offset);
2660 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2664 offset += 2; /* Skip Byte Count (BCC) */
2671 dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
2675 guint8 BufferFormat;
2677 const char *DirectoryName;
2679 if (dirn == 1) { /* Request(s) dissect code */
2681 /* Build display for: Word Count (WCT) */
2683 WordCount = GBYTE(pd, offset);
2687 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2691 offset += 1; /* Skip Word Count (WCT) */
2693 /* Build display for: Byte Count (BCC) */
2695 ByteCount = GSHORT(pd, offset);
2699 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2703 offset += 2; /* Skip Byte Count (BCC) */
2705 /* Build display for: Buffer Format */
2707 BufferFormat = GBYTE(pd, offset);
2711 proto_tree_add_item(tree, offset, 1, "Buffer Format: %u", BufferFormat);
2715 offset += 1; /* Skip Buffer Format */
2717 /* Build display for: Directory Name */
2719 DirectoryName = pd + offset;
2723 proto_tree_add_item(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
2727 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
2731 if (dirn == 0) { /* Response(s) dissect code */
2733 /* Build display for: Word Count (WCT) */
2735 WordCount = GBYTE(pd, offset);
2739 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2743 offset += 1; /* Skip Word Count (WCT) */
2745 /* Build display for: Byte Count (BCC) */
2747 ByteCount = GSHORT(pd, offset);
2751 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2755 offset += 2; /* Skip Byte Count (BCC) */
2762 dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
2766 guint8 BufferFormat;
2768 const char *DirectoryName;
2770 if (dirn == 1) { /* Request(s) dissect code */
2772 /* Build display for: Word Count (WCT) */
2774 WordCount = GBYTE(pd, offset);
2778 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2782 offset += 1; /* Skip Word Count (WCT) */
2784 /* Build display for: Byte Count (BCC) */
2786 ByteCount = GSHORT(pd, offset);
2790 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2794 offset += 2; /* Skip Byte Count (BCC) */
2796 /* Build display for: Buffer Format */
2798 BufferFormat = GBYTE(pd, offset);
2802 proto_tree_add_item(tree, offset, 1, "Buffer Format: %u", BufferFormat);
2806 offset += 1; /* Skip Buffer Format */
2808 /* Build display for: Directory Name */
2810 DirectoryName = pd + offset;
2814 proto_tree_add_item(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
2818 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
2822 if (dirn == 0) { /* Response(s) dissect code */
2824 /* Build display for: Word Count (WCT) */
2826 WordCount = GBYTE(pd, offset);
2830 proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2834 offset += 1; /* Skip Word Count (WCT) */
2836 /* Build display for: Byte Count (BCC) */
2838 ByteCount = GSHORT(pd, offset);
2842 proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2846 offset += 2; /* Skip Byte Count (BCC) */
2852 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, int, int) = {
2854 dissect_unknown_smb, /* unknown SMB 0x00 */
2855 dissect_unknown_smb, /* unknown SMB 0x01 */
2856 dissect_unknown_smb, /* SMBopen open a file */
2857 dissect_unknown_smb, /* SMBcreate create a file */
2858 dissect_unknown_smb, /* SMBclose close a file */
2859 dissect_unknown_smb, /* SMBflush flush a file */
2860 dissect_unknown_smb, /* SMBunlink delete a file */
2861 dissect_unknown_smb, /* SMBmv rename a file */
2862 dissect_unknown_smb, /* SMBgetatr get file attributes */
2863 dissect_unknown_smb, /* SMBsetatr set file attributes */
2864 dissect_unknown_smb, /* SMBread read from a file */
2865 dissect_unknown_smb, /* SMBwrite write to a file */
2866 dissect_unknown_smb, /* SMBlock lock a byte range */
2867 dissect_unknown_smb, /* SMBunlock unlock a byte range */
2868 dissect_unknown_smb, /* SMBctemp create a temporary file */
2869 dissect_unknown_smb, /* SMBmknew make a new file */
2870 dissect_unknown_smb, /* SMBchkpth check a directory path */
2871 dissect_unknown_smb, /* SMBexit process exit */
2872 dissect_unknown_smb, /* SMBlseek seek */
2873 dissect_unknown_smb, /* SMBlockread Lock a range and read it */
2874 dissect_unknown_smb, /* SMBwriteunlock Unlock a range and then write */
2875 dissect_unknown_smb, /* unknown SMB 0x15 */
2876 dissect_unknown_smb, /* unknown SMB 0x16 */
2877 dissect_unknown_smb, /* unknown SMB 0x17 */
2878 dissect_unknown_smb, /* unknown SMB 0x18 */
2879 dissect_unknown_smb, /* unknown SMB 0x19 */
2880 dissect_unknown_smb, /* SMBreadBraw read block raw */
2881 dissect_unknown_smb, /* SMBreadBmpx read block multiplexed */
2882 dissect_unknown_smb, /* SMBreadBs read block (secondary response) */
2883 dissect_unknown_smb, /* SMBwriteBraw write block raw */
2884 dissect_unknown_smb, /* SMBwriteBmpx write block multiplexed */
2885 dissect_unknown_smb, /* SMBwriteBs write block (secondary request) */
2886 dissect_unknown_smb, /* SMBwriteC write complete response */
2887 dissect_unknown_smb, /* unknown SMB 0x21 */
2888 dissect_unknown_smb, /* SMBsetattrE set file attributes expanded */
2889 dissect_unknown_smb, /* SMBgetattrE get file attributes expanded */
2890 dissect_unknown_smb, /* SMBlockingX lock/unlock byte ranges and X */
2891 dissect_unknown_smb, /* SMBtrans transaction - name, bytes in/out */
2892 dissect_unknown_smb, /* SMBtranss transaction (secondary request/response) */
2893 dissect_unknown_smb, /* SMBioctl IOCTL */
2894 dissect_unknown_smb, /* SMBioctls IOCTL (secondary request/response) */
2895 dissect_unknown_smb, /* SMBcopy copy */
2896 dissect_unknown_smb, /* SMBmove move */
2897 dissect_unknown_smb, /* SMBecho echo */
2898 dissect_unknown_smb, /* SMBwriteclose write a file and then close it */
2899 dissect_open_andx_smb, /* SMBopenX open and X */
2900 dissect_unknown_smb, /* SMBreadX read and X */
2901 dissect_unknown_smb, /* SMBwriteX write and X */
2902 dissect_unknown_smb, /* unknown SMB 0x30 */
2903 dissect_unknown_smb, /* unknown SMB 0x31 */
2904 dissect_unknown_smb, /* unknown SMB 0x32 */
2905 dissect_unknown_smb, /* unknown SMB 0x33 */
2906 dissect_unknown_smb, /* unknown SMB 0x34 */
2907 dissect_unknown_smb, /* unknown SMB 0x35 */
2908 dissect_unknown_smb, /* unknown SMB 0x36 */
2909 dissect_unknown_smb, /* unknown SMB 0x37 */
2910 dissect_unknown_smb, /* unknown SMB 0x38 */
2911 dissect_unknown_smb, /* unknown SMB 0x39 */
2912 dissect_unknown_smb, /* unknown SMB 0x3a */
2913 dissect_unknown_smb, /* unknown SMB 0x3b */
2914 dissect_unknown_smb, /* unknown SMB 0x3c */
2915 dissect_unknown_smb, /* unknown SMB 0x3d */
2916 dissect_unknown_smb, /* unknown SMB 0x3e */
2917 dissect_unknown_smb, /* unknown SMB 0x3f */
2918 dissect_unknown_smb, /* unknown SMB 0x40 */
2919 dissect_unknown_smb, /* unknown SMB 0x41 */
2920 dissect_unknown_smb, /* unknown SMB 0x42 */
2921 dissect_unknown_smb, /* unknown SMB 0x43 */
2922 dissect_unknown_smb, /* unknown SMB 0x44 */
2923 dissect_unknown_smb, /* unknown SMB 0x45 */
2924 dissect_unknown_smb, /* unknown SMB 0x46 */
2925 dissect_unknown_smb, /* unknown SMB 0x47 */
2926 dissect_unknown_smb, /* unknown SMB 0x48 */
2927 dissect_unknown_smb, /* unknown SMB 0x49 */
2928 dissect_unknown_smb, /* unknown SMB 0x4a */
2929 dissect_unknown_smb, /* unknown SMB 0x4b */
2930 dissect_unknown_smb, /* unknown SMB 0x4c */
2931 dissect_unknown_smb, /* unknown SMB 0x4d */
2932 dissect_unknown_smb, /* unknown SMB 0x4e */
2933 dissect_unknown_smb, /* unknown SMB 0x4f */
2934 dissect_unknown_smb, /* unknown SMB 0x50 */
2935 dissect_unknown_smb, /* unknown SMB 0x51 */
2936 dissect_unknown_smb, /* unknown SMB 0x52 */
2937 dissect_unknown_smb, /* unknown SMB 0x53 */
2938 dissect_unknown_smb, /* unknown SMB 0x54 */
2939 dissect_unknown_smb, /* unknown SMB 0x55 */
2940 dissect_unknown_smb, /* unknown SMB 0x56 */
2941 dissect_unknown_smb, /* unknown SMB 0x57 */
2942 dissect_unknown_smb, /* unknown SMB 0x58 */
2943 dissect_unknown_smb, /* unknown SMB 0x59 */
2944 dissect_unknown_smb, /* unknown SMB 0x5a */
2945 dissect_unknown_smb, /* unknown SMB 0x5b */
2946 dissect_unknown_smb, /* unknown SMB 0x5c */
2947 dissect_unknown_smb, /* unknown SMB 0x5d */
2948 dissect_unknown_smb, /* unknown SMB 0x5e */
2949 dissect_unknown_smb, /* unknown SMB 0x5f */
2950 dissect_unknown_smb, /* unknown SMB 0x60 */
2951 dissect_unknown_smb, /* unknown SMB 0x61 */
2952 dissect_unknown_smb, /* unknown SMB 0x62 */
2953 dissect_unknown_smb, /* unknown SMB 0x63 */
2954 dissect_unknown_smb, /* unknown SMB 0x64 */
2955 dissect_unknown_smb, /* unknown SMB 0x65 */
2956 dissect_unknown_smb, /* unknown SMB 0x66 */
2957 dissect_unknown_smb, /* unknown SMB 0x67 */
2958 dissect_unknown_smb, /* unknown SMB 0x68 */
2959 dissect_unknown_smb, /* unknown SMB 0x69 */
2960 dissect_unknown_smb, /* unknown SMB 0x6a */
2961 dissect_unknown_smb, /* unknown SMB 0x6b */
2962 dissect_unknown_smb, /* unknown SMB 0x6c */
2963 dissect_unknown_smb, /* unknown SMB 0x6d */
2964 dissect_unknown_smb, /* unknown SMB 0x6e */
2965 dissect_unknown_smb, /* unknown SMB 0x6f */
2966 dissect_treecon_smb, /* SMBtcon tree connect */
2967 dissect_unknown_smb, /* SMBtdis tree disconnect */
2968 dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
2969 dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
2970 dissect_unknown_smb, /* unknown SMB 0x74 */
2971 dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
2972 dissect_unknown_smb, /* unknown SMB 0x76 */
2973 dissect_unknown_smb, /* unknown SMB 0x77 */
2974 dissect_unknown_smb, /* unknown SMB 0x78 */
2975 dissect_unknown_smb, /* unknown SMB 0x79 */
2976 dissect_unknown_smb, /* unknown SMB 0x7a */
2977 dissect_unknown_smb, /* unknown SMB 0x7b */
2978 dissect_unknown_smb, /* unknown SMB 0x7c */
2979 dissect_unknown_smb, /* unknown SMB 0x7d */
2980 dissect_unknown_smb, /* unknown SMB 0x7e */
2981 dissect_unknown_smb, /* unknown SMB 0x7f */
2982 dissect_unknown_smb, /* SMBdskattr get disk attributes */
2983 dissect_unknown_smb, /* SMBsearch search a directory */
2984 dissect_unknown_smb, /* SMBffirst find first */
2985 dissect_unknown_smb, /* SMBfunique find unique */
2986 dissect_unknown_smb, /* SMBfclose find close */
2987 dissect_unknown_smb, /* unknown SMB 0x85 */
2988 dissect_unknown_smb, /* unknown SMB 0x86 */
2989 dissect_unknown_smb, /* unknown SMB 0x87 */
2990 dissect_unknown_smb, /* unknown SMB 0x88 */
2991 dissect_unknown_smb, /* unknown SMB 0x89 */
2992 dissect_unknown_smb, /* unknown SMB 0x8a */
2993 dissect_unknown_smb, /* unknown SMB 0x8b */
2994 dissect_unknown_smb, /* unknown SMB 0x8c */
2995 dissect_unknown_smb, /* unknown SMB 0x8d */
2996 dissect_unknown_smb, /* unknown SMB 0x8e */
2997 dissect_unknown_smb, /* unknown SMB 0x8f */
2998 dissect_unknown_smb, /* unknown SMB 0x90 */
2999 dissect_unknown_smb, /* unknown SMB 0x91 */
3000 dissect_unknown_smb, /* unknown SMB 0x92 */
3001 dissect_unknown_smb, /* unknown SMB 0x93 */
3002 dissect_unknown_smb, /* unknown SMB 0x94 */
3003 dissect_unknown_smb, /* unknown SMB 0x95 */
3004 dissect_unknown_smb, /* unknown SMB 0x96 */
3005 dissect_unknown_smb, /* unknown SMB 0x97 */
3006 dissect_unknown_smb, /* unknown SMB 0x98 */
3007 dissect_unknown_smb, /* unknown SMB 0x99 */
3008 dissect_unknown_smb, /* unknown SMB 0x9a */
3009 dissect_unknown_smb, /* unknown SMB 0x9b */
3010 dissect_unknown_smb, /* unknown SMB 0x9c */
3011 dissect_unknown_smb, /* unknown SMB 0x9d */
3012 dissect_unknown_smb, /* unknown SMB 0x9e */
3013 dissect_unknown_smb, /* unknown SMB 0x9f */
3014 dissect_unknown_smb, /* unknown SMB 0xa0 */
3015 dissect_unknown_smb, /* unknown SMB 0xa1 */
3016 dissect_unknown_smb, /* unknown SMB 0xa2 */
3017 dissect_unknown_smb, /* unknown SMB 0xa3 */
3018 dissect_unknown_smb, /* unknown SMB 0xa4 */
3019 dissect_unknown_smb, /* unknown SMB 0xa5 */
3020 dissect_unknown_smb, /* unknown SMB 0xa6 */
3021 dissect_unknown_smb, /* unknown SMB 0xa7 */
3022 dissect_unknown_smb, /* unknown SMB 0xa8 */
3023 dissect_unknown_smb, /* unknown SMB 0xa9 */
3024 dissect_unknown_smb, /* unknown SMB 0xaa */
3025 dissect_unknown_smb, /* unknown SMB 0xab */
3026 dissect_unknown_smb, /* unknown SMB 0xac */
3027 dissect_unknown_smb, /* unknown SMB 0xad */
3028 dissect_unknown_smb, /* unknown SMB 0xae */
3029 dissect_unknown_smb, /* unknown SMB 0xaf */
3030 dissect_unknown_smb, /* unknown SMB 0xb0 */
3031 dissect_unknown_smb, /* unknown SMB 0xb1 */
3032 dissect_unknown_smb, /* unknown SMB 0xb2 */
3033 dissect_unknown_smb, /* unknown SMB 0xb3 */
3034 dissect_unknown_smb, /* unknown SMB 0xb4 */
3035 dissect_unknown_smb, /* unknown SMB 0xb5 */
3036 dissect_unknown_smb, /* unknown SMB 0xb6 */
3037 dissect_unknown_smb, /* unknown SMB 0xb7 */
3038 dissect_unknown_smb, /* unknown SMB 0xb8 */
3039 dissect_unknown_smb, /* unknown SMB 0xb9 */
3040 dissect_unknown_smb, /* unknown SMB 0xba */
3041 dissect_unknown_smb, /* unknown SMB 0xbb */
3042 dissect_unknown_smb, /* unknown SMB 0xbc */
3043 dissect_unknown_smb, /* unknown SMB 0xbd */
3044 dissect_unknown_smb, /* unknown SMB 0xbe */
3045 dissect_unknown_smb, /* unknown SMB 0xbf */
3046 dissect_unknown_smb, /* SMBsplopen open a print spool file */
3047 dissect_unknown_smb, /* SMBsplwr write to a print spool file */
3048 dissect_unknown_smb, /* SMBsplclose close a print spool file */
3049 dissect_unknown_smb, /* SMBsplretq return print queue */
3050 dissect_unknown_smb, /* unknown SMB 0xc4 */
3051 dissect_unknown_smb, /* unknown SMB 0xc5 */
3052 dissect_unknown_smb, /* unknown SMB 0xc6 */
3053 dissect_unknown_smb, /* unknown SMB 0xc7 */
3054 dissect_unknown_smb, /* unknown SMB 0xc8 */
3055 dissect_unknown_smb, /* unknown SMB 0xc9 */
3056 dissect_unknown_smb, /* unknown SMB 0xca */
3057 dissect_unknown_smb, /* unknown SMB 0xcb */
3058 dissect_unknown_smb, /* unknown SMB 0xcc */
3059 dissect_unknown_smb, /* unknown SMB 0xcd */
3060 dissect_unknown_smb, /* unknown SMB 0xce */
3061 dissect_unknown_smb, /* unknown SMB 0xcf */
3062 dissect_unknown_smb, /* SMBsends send a single block message */
3063 dissect_unknown_smb, /* SMBsendb send a broadcast message */
3064 dissect_unknown_smb, /* SMBfwdname forward user name */
3065 dissect_unknown_smb, /* SMBcancelf cancel forward */
3066 dissect_unknown_smb, /* SMBgetmac get a machine name */
3067 dissect_unknown_smb, /* SMBsendstrt send start of multi-block message */
3068 dissect_unknown_smb, /* SMBsendend send end of multi-block message */
3069 dissect_unknown_smb, /* SMBsendtxt send text of multi-block message */
3070 dissect_unknown_smb, /* unknown SMB 0xd8 */
3071 dissect_unknown_smb, /* unknown SMB 0xd9 */
3072 dissect_unknown_smb, /* unknown SMB 0xda */
3073 dissect_unknown_smb, /* unknown SMB 0xdb */
3074 dissect_unknown_smb, /* unknown SMB 0xdc */
3075 dissect_unknown_smb, /* unknown SMB 0xdd */
3076 dissect_unknown_smb, /* unknown SMB 0xde */
3077 dissect_unknown_smb, /* unknown SMB 0xdf */
3078 dissect_unknown_smb, /* unknown SMB 0xe0 */
3079 dissect_unknown_smb, /* unknown SMB 0xe1 */
3080 dissect_unknown_smb, /* unknown SMB 0xe2 */
3081 dissect_unknown_smb, /* unknown SMB 0xe3 */
3082 dissect_unknown_smb, /* unknown SMB 0xe4 */
3083 dissect_unknown_smb, /* unknown SMB 0xe5 */
3084 dissect_unknown_smb, /* unknown SMB 0xe6 */
3085 dissect_unknown_smb, /* unknown SMB 0xe7 */
3086 dissect_unknown_smb, /* unknown SMB 0xe8 */
3087 dissect_unknown_smb, /* unknown SMB 0xe9 */
3088 dissect_unknown_smb, /* unknown SMB 0xea */
3089 dissect_unknown_smb, /* unknown SMB 0xeb */
3090 dissect_unknown_smb, /* unknown SMB 0xec */
3091 dissect_unknown_smb, /* unknown SMB 0xed */
3092 dissect_unknown_smb, /* unknown SMB 0xee */
3093 dissect_unknown_smb, /* unknown SMB 0xef */
3094 dissect_unknown_smb, /* unknown SMB 0xf0 */
3095 dissect_unknown_smb, /* unknown SMB 0xf1 */
3096 dissect_unknown_smb, /* unknown SMB 0xf2 */
3097 dissect_unknown_smb, /* unknown SMB 0xf3 */
3098 dissect_unknown_smb, /* unknown SMB 0xf4 */
3099 dissect_unknown_smb, /* unknown SMB 0xf5 */
3100 dissect_unknown_smb, /* unknown SMB 0xf6 */
3101 dissect_unknown_smb, /* unknown SMB 0xf7 */
3102 dissect_unknown_smb, /* unknown SMB 0xf8 */
3103 dissect_unknown_smb, /* unknown SMB 0xf9 */
3104 dissect_unknown_smb, /* unknown SMB 0xfa */
3105 dissect_unknown_smb, /* unknown SMB 0xfb */
3106 dissect_unknown_smb, /* unknown SMB 0xfc */
3107 dissect_unknown_smb, /* unknown SMB 0xfd */
3108 dissect_unknown_smb, /* SMBinvalid invalid command */
3109 dissect_unknown_smb /* unknown SMB 0xff */
3113 static const value_string errcls_types[] = {
3114 { SMB_SUCCESS, "Success"},
3115 { SMB_ERRDOS, "DOS Error"},
3116 { SMB_ERRSRV, "Server Error"},
3117 { SMB_ERRHRD, "Hardware Error"},
3118 { SMB_ERRCMD, "Command Error - Not an SMB format command"},
3122 char *decode_smb_name(unsigned char cmd)
3125 return(SMB_names[cmd]);
3129 static const value_string DOS_errors[] = {
3130 {SMBE_badfunc, "Invalid function (or system call)"},
3131 {SMBE_badfile, "File not found (pathname error)"},
3132 {SMBE_badpath, "Directory not found"},
3133 {SMBE_nofids, "Too many open files"},
3134 {SMBE_noaccess, "Access denied"},
3135 {SMBE_badfid, "Invalid fid"},
3136 {SMBE_nomem, "Out of memory"},
3137 {SMBE_badmem, "Invalid memory block address"},
3138 {SMBE_badenv, "Invalid environment"},
3139 {SMBE_badaccess, "Invalid open mode"},
3140 {SMBE_baddata, "Invalid data (only from ioctl call)"},
3141 {SMBE_res, "Reserved error code?"},
3142 {SMBE_baddrive, "Invalid drive"},
3143 {SMBE_remcd, "Attempt to delete current directory"},
3144 {SMBE_diffdevice, "Rename/move across different filesystems"},
3145 {SMBE_nofiles, "no more files found in file search"},
3146 {SMBE_badshare, "Share mode on file conflict with open mode"},
3147 {SMBE_lock, "Lock request conflicts with existing lock"},
3148 {SMBE_unsup, "Request unsupported, returned by Win 95"},
3149 {SMBE_filexists, "File in operation already exists"},
3150 {SMBE_cannotopen, "Cannot open the file specified"},
3151 {SMBE_unknownlevel, "Unknown level??"},
3152 {SMBE_badpipe, "Named pipe invalid"},
3153 {SMBE_pipebusy, "All instances of pipe are busy"},
3154 {SMBE_pipeclosing, "Named pipe close in progress"},
3155 {SMBE_notconnected, "No process on other end of named pipe"},
3156 {SMBE_moredata, "More data to be returned"},
3157 {SMBE_baddirectory, "Invalid directory name in a path."},
3158 {SMBE_eas_didnt_fit, "Extended attributes didn't fit"},
3159 {SMBE_eas_nsup, "Extended attributes not supported"},
3160 {SMBE_notify_buf_small, "Buffer too small to return change notify."},
3161 {SMBE_unknownipc, "Unknown IPC Operation"},
3162 {SMBE_noipc, "Don't support ipc"},
3166 /* Error codes for the ERRSRV class */
3168 static const value_string SRV_errors[] = {
3169 {SMBE_error, "Non specific error code"},
3170 {SMBE_badpw, "Bad password"},
3171 {SMBE_badtype, "Reserved"},
3172 {SMBE_access, "No permissions to perform the requested operation"},
3173 {SMBE_invnid, "TID invalid"},
3174 {SMBE_invnetname, "Invalid servername"},
3175 {SMBE_invdevice, "Invalid device"},
3176 {SMBE_unknownsmb, "Unknown SMB, from NT 3.5 response"},
3177 {SMBE_qfull, "Print queue full"},
3178 {SMBE_qtoobig, "Queued item too big"},
3179 {SMBE_qeof, "EOF on print queue dump"},
3180 {SMBE_invpfid, "Invalid print file in smb_fid"},
3181 {SMBE_smbcmd, "Unrecognised command"},
3182 {SMBE_srverror, "SMB server internal error"},
3183 {SMBE_filespecs, "Fid and pathname invalid combination"},
3184 {SMBE_badlink, "Bad link in request ???"},
3185 {SMBE_badpermits, "Access specified for a file is not valid"},
3186 {SMBE_badpid, "Bad process id in request"},
3187 {SMBE_setattrmode, "Attribute mode invalid"},
3188 {SMBE_paused, "Message server paused"},
3189 {SMBE_msgoff, "Not receiving messages"},
3190 {SMBE_noroom, "No room for message"},
3191 {SMBE_rmuns, "Too many remote usernames"},
3192 {SMBE_timeout, "Operation timed out"},
3193 {SMBE_noresource, "No resources currently available for request."},
3194 {SMBE_toomanyuids, "Too many userids"},
3195 {SMBE_baduid, "Bad userid"},
3196 {SMBE_useMPX, "Temporarily unable to use raw mode, use MPX mode"},
3197 {SMBE_useSTD, "Temporarily unable to use raw mode, use standard mode"},
3198 {SMBE_contMPX, "Resume MPX mode"},
3199 {SMBE_badPW, "Bad Password???"},
3200 {SMBE_nosupport, "Operation not supported???"},
3204 /* Error codes for the ERRHRD class */
3206 static const value_string HRD_errors[] = {
3207 {SMBE_nowrite, "read only media"},
3208 {SMBE_badunit, "Unknown device"},
3209 {SMBE_notready, "Drive not ready"},
3210 {SMBE_badcmd, "Unknown command"},
3211 {SMBE_data, "Data (CRC) error"},
3212 {SMBE_badreq, "Bad request structure length"},
3213 {SMBE_seek, "Seek error???"},
3214 {SMBE_badmedia, "Bad media???"},
3215 {SMBE_badsector, "Bad sector???"},
3216 {SMBE_nopaper, "No paper in printer???"},
3217 {SMBE_write, "Write error???"},
3218 {SMBE_read, "Read error???"},
3219 {SMBE_general, "General error???"},
3220 {SMBE_badshare, "A open conflicts with an existing open"},
3221 {SMBE_lock, "Lock/unlock error"},
3222 {SMBE_wrongdisk, "Wrong disk???"},
3223 {SMBE_FCBunavail, "FCB unavailable???"},
3224 {SMBE_sharebufexc, "Share buffer excluded???"},
3225 {SMBE_diskfull, "Disk full???"},
3229 char *decode_smb_error(guint8 errcls, guint8 errcode)
3236 return("No Error"); /* No error ??? */
3241 return(val_to_str(errcode, DOS_errors, "Unknown DOS error (%x)"));
3246 return(val_to_str(errcode, SRV_errors, "Unknown SRV error (%x)"));
3251 return(val_to_str(errcode, HRD_errors, "Unknown HRD error (%x)"));
3256 return("Unknown error class!");
3262 #define SMB_FLAGS_DIRN 0x80
3265 dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data)
3267 proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
3268 proto_item *ti, *tf;
3269 guint8 cmd, errcls, errcode1, flags;
3270 guint16 flags2, errcode, tid, pid, uid, mid;
3272 cmd = pd[offset + SMB_hdr_com_offset];
3274 if (check_col(fd, COL_PROTOCOL))
3275 col_add_str(fd, COL_PROTOCOL, "SMB");
3277 /* Hmmm, poor coding here ... Also, should check the type */
3279 if (check_col(fd, COL_INFO)) {
3281 col_add_fstr(fd, COL_INFO, "%s %s", decode_smb_name(cmd), (pi.match_port == pi.destport)? "Request" : "Response");
3287 ti = proto_tree_add_item(tree, offset, END_OF_FRAME,
3288 "Server Message Block Protocol");
3289 smb_tree = proto_tree_new();
3290 proto_item_add_subtree(ti, smb_tree, ETT_SMB);
3292 /* 0xFFSMB is actually a 1 byte msg type and 3 byte server
3293 * component ... SMB is only one used
3296 proto_tree_add_item(smb_tree, offset, 1, "Message Type: 0xFF");
3297 proto_tree_add_item(smb_tree, offset+1, 3, "Server Component: SMB");
3301 offset += 4; /* Skip the marker */
3305 proto_tree_add_item(smb_tree, offset, 1, "Command: %s", decode_smb_name(cmd));
3311 /* Next, look at the error class, SMB_RETCLASS */
3313 errcls = pd[offset];
3317 proto_tree_add_item(smb_tree, offset, 1, "Error Class: %s",
3318 val_to_str((guint8)pd[offset], errcls_types, "Unknown Error Class (%x)"));
3323 /* Error code, SMB_HEINFO ... */
3325 errcode1 = pd[offset];
3329 proto_tree_add_item(smb_tree, offset, 1, "Reserved: %i", errcode1);
3335 errcode = GSHORT(pd, offset);
3339 proto_tree_add_item(smb_tree, offset, 2, "Error Code: %s",
3340 decode_smb_error(errcls, errcode));
3346 /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */
3352 tf = proto_tree_add_item(smb_tree, offset, 1, "Flags: 0x%02x", flags);
3354 flags_tree = proto_tree_new();
3355 proto_item_add_subtree(tf, flags_tree, ETT_SMB_FLAGS);
3356 proto_tree_add_item(flags_tree, offset, 1, "%s",
3357 decode_boolean_bitfield(flags, 0x01, 8,
3358 "Lock&Read, Write&Unlock supported",
3359 "Lock&Read, Write&Unlock not supported"));
3360 proto_tree_add_item(flags_tree, offset, 1, "%s",
3361 decode_boolean_bitfield(flags, 0x02, 8,
3362 "Receive buffer posted",
3363 "Receive buffer not posted"));
3364 proto_tree_add_item(flags_tree, offset, 1, "%s",
3365 decode_boolean_bitfield(flags, 0x08, 8,
3366 "Path names caseless",
3367 "Path names case sensitive"));
3368 proto_tree_add_item(flags_tree, offset, 1, "%s",
3369 decode_boolean_bitfield(flags, 0x10, 8,
3370 "Pathnames canonicalized",
3371 "Pathnames not canonicalized"));
3372 proto_tree_add_item(flags_tree, offset, 1, "%s",
3373 decode_boolean_bitfield(flags, 0x20, 8,
3374 "OpLocks requested/granted",
3375 "OpLocks not requested/granted"));
3376 proto_tree_add_item(flags_tree, offset, 1, "%s",
3377 decode_boolean_bitfield(flags, 0x40, 8,
3379 "Notify open only"));
3381 proto_tree_add_item(flags_tree, offset, 1, "%s",
3382 decode_boolean_bitfield(flags, SMB_FLAGS_DIRN,
3383 8, "Response to client/redirector", "Request to server"));
3389 flags2 = GSHORT(pd, offset);
3393 tf = proto_tree_add_item(smb_tree, offset, 1, "Flags2: 0x%04x", flags2);
3395 flags2_tree = proto_tree_new();
3396 proto_item_add_subtree(tf, flags2_tree, ETT_SMB_FLAGS2);
3397 proto_tree_add_item(flags2_tree, offset, 1, "%s",
3398 decode_boolean_bitfield(flags2, 0x0001, 16,
3399 "Long file names supported",
3400 "Long file names not supported"));
3401 proto_tree_add_item(flags2_tree, offset, 1, "%s",
3402 decode_boolean_bitfield(flags2, 0x0002, 16,
3403 "Extended attributes supported",
3404 "Extended attributes not supported"));
3405 proto_tree_add_item(flags2_tree, offset, 1, "%s",
3406 decode_boolean_bitfield(flags2, 0x0004, 16,
3407 "Security signatures supported",
3408 "Security signatures not supported"));
3409 proto_tree_add_item(flags2_tree, offset, 1, "%s",
3410 decode_boolean_bitfield(flags2, 0x0800, 16,
3411 "Extended security negotiation supported",
3412 "Extended security negotiation not supported"));
3413 proto_tree_add_item(flags2_tree, offset, 1, "%s",
3414 decode_boolean_bitfield(flags2, 0x1000, 16,
3415 "Resolve pathnames with DFS",
3416 "Don't resolve pathnames with DFS"));
3417 proto_tree_add_item(flags2_tree, offset, 1, "%s",
3418 decode_boolean_bitfield(flags2, 0x2000, 16,
3419 "Permit reads if execute-only",
3420 "Don't permit reads if execute-only"));
3421 proto_tree_add_item(flags2_tree, offset, 1, "%s",
3422 decode_boolean_bitfield(flags2, 0x4000, 16,
3423 "Error codes are NT error codes",
3424 "Error codes are DOS error codes"));
3425 proto_tree_add_item(flags2_tree, offset, 1, "%s",
3426 decode_boolean_bitfield(flags2, 0x8000, 16,
3427 "Strings are Unicode",
3428 "Strings are ASCII"));
3436 proto_tree_add_item(smb_tree, offset, 12, "Reserved: 6 WORDS");
3442 /* Now the TID, tree ID */
3444 tid = GSHORT(pd, offset);
3448 proto_tree_add_item(smb_tree, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid);
3454 /* Now the PID, Process ID */
3456 pid = GSHORT(pd, offset);
3460 proto_tree_add_item(smb_tree, offset, 2, "Process ID (PID): %i (%04x)", pid, pid);
3466 /* Now the UID, User ID */
3468 uid = GSHORT(pd, offset);
3472 proto_tree_add_item(smb_tree, offset, 2, "User ID (UID): %i (%04x)", uid, uid);
3478 /* Now the MID, Multiplex ID */
3480 mid = GSHORT(pd, offset);
3484 proto_tree_add_item(smb_tree, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid);
3490 /* Now vector through the table to dissect them */
3492 (dissect[cmd])(pd, offset, fd, smb_tree, max_data,
3493 ((flags & 0x80) == 0));