* Defines for smb packet dissection
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
*
- * $Id: smb.h,v 1.46 2002/08/31 00:12:14 sharpe Exp $
+ * $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
#ifndef _SMB_H
#define _SMB_H
-/* SMB command codes, from the SNIA CIFS spec. */
+ETH_VAR_IMPORT gboolean sid_name_snooping;
+
+/* SMB command codes, from the SNIA CIFS spec. With MSVC and a
+ * libethereal.dll, we need a special declaration.
+ */
+ETH_VAR_IMPORT const value_string smb_cmd_vals[];
+ETH_VAR_IMPORT const value_string trans2_cmd_vals[];
+ETH_VAR_IMPORT const value_string nt_cmd_vals[];
+
#define SMB_COM_CREATE_DIRECTORY 0x00
#define SMB_COM_DELETE_DIRECTORY 0x01
#define SMB_ERRHRD 0x03 /* Hardware style error */
#define SMB_ERRCMD 0x04 /* Not an SMB format command */
-/* SMB X/Open error codes for the ERRDOS error class */
-#define SMBE_badfunc 1 /* Invalid function (or system call) */
-#define SMBE_badfile 2 /* File not found (pathname error) */
-#define SMBE_badpath 3 /* Directory not found */
-#define SMBE_nofids 4 /* Too many open files */
-#define SMBE_noaccess 5 /* Access denied */
-#define SMBE_badfid 6 /* Invalid fid */
-#define SMBE_badmcb 7 /* Memory control blocks destroyed */
-#define SMBE_nomem 8 /* Out of memory */
-#define SMBE_badmem 9 /* Invalid memory block address */
-#define SMBE_badenv 10 /* Invalid environment */
-#define SMBE_badformat 11 /* Invalid format */
-#define SMBE_badaccess 12 /* Invalid open mode */
-#define SMBE_baddata 13 /* Invalid data (only from ioctl call) */
-#define SMBE_res 14
-#define SMBE_baddrive 15 /* Invalid drive */
-#define SMBE_remcd 16 /* Attempt to delete current directory */
-#define SMBE_diffdevice 17 /* rename/move across different filesystems */
-#define SMBE_nofiles 18 /* no more files found in file search */
-#define SMBE_badshare 32 /* Share mode on file conflict with open mode */
-#define SMBE_lock 33 /* Lock request conflicts with existing lock */
-#define SMBE_unsup 50 /* Request unsupported, returned by Win 95, RJS 20Jun98 */
-#define SMBE_nosuchshare 67 /* Share does not exits */
-#define SMBE_filexists 80 /* File in operation already exists */
-#define SMBE_invalidparam 87 /* Invalid parameter */
-#define SMBE_cannotopen 110 /* Cannot open the file specified */
-#define SMBE_insufficientbuffer 122/* Insufficient buffer size */
-#define SMBE_invalidname 123 /* Invalid name */
-#define SMBE_unknownlevel 124 /* Unknown info level */
-#define SMBE_alreadyexists 183 /* File already exists */
-#define SMBE_badpipe 230 /* Named pipe invalid */
-#define SMBE_pipebusy 231 /* All instances of pipe are busy */
-#define SMBE_pipeclosing 232 /* named pipe close in progress */
-#define SMBE_notconnected 233 /* No process on other end of named pipe */
-#define SMBE_moredata 234 /* More data to be returned */
-#define SMBE_nomoreitems 259 /* No more items */
-#define SMBE_baddirectory 267 /* Invalid directory name in a path. */
-#define SMBE_eas_didnt_fit 275 /* Extended attributes didn't fit */
-#define SMBE_eas_nsup 282 /* Extended attributes not supported */
-#define SMBE_notify_buf_small 1022 /* Buffer too small to return change notify. */
-#define SMBE_unknownipc 2142
-#define SMBE_noipc 66 /* don't support ipc */
-
-/* These errors seem to be only returned by the NT printer driver system */
-
-#define SMBE_invalidowner 1307 /* Invalid security descriptor owner */
-#define SMBE_invalidsecuritydescriptor 1338 /* Invalid security descriptor */
-#define SMBE_unknownprinterdriver 1797 /* Unknown printer driver */
-#define SMBE_invalidprintername 1801 /* Invalid printer name */
-#define SMBE_printeralreadyexists 1802 /* Printer already exists */
-#define SMBE_invaliddatatype 1804 /* Invalid datatype */
-#define SMBE_invalidenvironment 1805 /* Invalid environment */
-#define SMBE_invalidformsize 1903 /* Invalid form size */
-#define SMBE_printerdriverinuse 3001 /* Printer driver in use */
-
/* Error codes for the ERRSRV class */
#define SMBE_error 1 /* Non specific error code */
#define SMBE_sharebufexc 36 /* A sharing buffer has been exceeded */
#define SMBE_diskfull 39
+/* the information we need to keep around for NT transatcion commands */
+typedef struct {
+ int subcmd;
+} smb_nt_transact_info_t;
+
+/* the information we need to keep around for transaction2 commands */
+typedef struct {
+ int subcmd;
+ int info_level;
+ gboolean resume_keys; /* if "return resume" keys set in T2 FIND_FIRST request */
+} smb_transact2_info_t;
+
/*
* The information we need to save about a request in order to show the
* frame number of the request in the dissection of the reply.
*/
#define SMB_SIF_TID_IS_IPC 0x0001
+#define SMB_SIF_IS_CONTINUED 0x0002
+typedef enum {
+ SMB_EI_NONE, /* Unassigned / NULL */
+ SMB_EI_FID, /* FID */
+ SMB_EI_NTI, /* smb_nt_transact_info_t * */
+ SMB_EI_TRI, /* smb_transact_info_t * */
+ SMB_EI_T2I /* smb_transact2_info_t * */
+} smb_extra_info_t;
typedef struct {
guint32 frame_req, frame_res;
nstime_t req_time;
guint16 flags;
- int cmd;
- gboolean raw_ntlmssp; /* Do extended security exc use raw ntlmssp */
+ guint8 cmd;
void *extra_info;
+ smb_extra_info_t extra_info_type;
} smb_saved_info_t;
/*
/* these two tables are used to match requests with responses */
GHashTable *unmatched;
GHashTable *matched;
- /* this tables is used by DCERPC over SMB reassembly*/
- GHashTable *dcerpc_fid_to_frame;
+
/* This table is used to track TID->services for a conversation */
GHashTable *tid_service;
+ gboolean raw_ntlmssp; /* Do extended security exc use raw ntlmssp */
} conv_tables_t;
typedef struct smb_info {
- int cmd;
+ guint8 cmd;
int tid, pid, uid, mid;
gboolean unicode; /* Are strings in this SMB Unicode? */
gboolean request; /* Is this a request? */
int offset, gboolean setstate);
extern gboolean smb_dcerpc_reassembly;
-extern GHashTable *dcerpc_fragment_table;
-
-/*
- * NT and DOS error codes used by other dissectors.
- */
-extern const value_string NT_errors[];
-extern const value_string DOS_errors[];
-extern const value_string ms_country_codes[];
-
-/*
- * Access mask values
- */
-
-/* Generic rights */
-
-#define GENERIC_RIGHTS_MASK 0xF0000000
-
-#define GENERIC_ALL_ACCESS 0x10000000
-#define GENERIC_EXECUTE_ACCESS 0x20000000
-#define GENERIC_WRITE_ACCESS 0x40000000
-#define GENERIC_READ_ACCESS 0x80000000
-
-/* Misc/reserved */
-
-#define ACCESS_SACL_ACCESS 0x00800000
-#define SYSTEM_SECURITY_ACCESS 0x01000000
-#define MAXIMUM_ALLOWED_ACCESS 0x02000000
-
-/* Standard rights */
-
-#define STANDARD_RIGHTS_MASK 0x00FF0000
-
-#define DELETE_ACCESS 0x00010000
-#define READ_CONTROL_ACCESS 0x00020000
-#define WRITE_DAC_ACCESS 0x00040000
-#define WRITE_OWNER_ACCESS 0x00080000
-#define SYNCHRONIZE_ACCESS 0x00100000
-
-/* Specific rights */
-
-#define SPECIFIC_RIGHTS_MASK 0x0000FFFF /* Specific rights defined per-object */
#endif