* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
* 2001 Rewrite by Ronnie Sahlberg and Guy Harris
*
- * $Id: packet-smb.c,v 1.200 2002/01/28 00:58:46 guy Exp $
+ * $Id: packet-smb.c,v 1.299 2002/12/05 22:15:54 sahlberg Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* Copied from packet-pop.c
- *
+ *
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
-
#include <time.h>
#include <string.h>
#include <glib.h>
#include "prefs.h"
#include "reassemble.h"
+#include "packet-smb-common.h"
#include "packet-smb-mailslot.h"
#include "packet-smb-pipe.h"
*
* ftp://ftp.microsoft.com/developr/drg/CIFS/
*
- * and a CIFS draft from the Storage Networking Industry Association
+ * and a CIFS specification from the Storage Networking Industry Association
* can be found on a link from the page at
*
- * http://www.snia.org/English/Work_Groups/NAS/CIFS/WG_CIFS_Docs.html
+ * http://www.snia.org/English/Collaterals/Work_Group_Docs/NAS/CIFS/CIFS_Technical_Reference.pdf
*
* (it supercedes the document at
*
static int hf_smb_uid = -1;
static int hf_smb_mid = -1;
static int hf_smb_response_to = -1;
+static int hf_smb_time = -1;
static int hf_smb_response_in = -1;
static int hf_smb_continuation_to = -1;
static int hf_smb_nt_status = -1;
static int hf_smb_encryption_key_length = -1;
static int hf_smb_encryption_key = -1;
static int hf_smb_primary_domain = -1;
+static int hf_smb_server = -1;
static int hf_smb_max_raw_buf_size = -1;
static int hf_smb_server_guid = -1;
static int hf_smb_security_blob_len = -1;
static int hf_smb_move_flags_file = -1;
static int hf_smb_move_flags_dir = -1;
static int hf_smb_move_flags_verify = -1;
-static int hf_smb_move_files_moved = -1;
+static int hf_smb_files_moved = -1;
+static int hf_smb_copy_flags_file = -1;
+static int hf_smb_copy_flags_dir = -1;
+static int hf_smb_copy_flags_dest_mode = -1;
+static int hf_smb_copy_flags_source_mode = -1;
+static int hf_smb_copy_flags_verify = -1;
+static int hf_smb_copy_flags_tree_copy = -1;
+static int hf_smb_copy_flags_ea_action = -1;
static int hf_smb_count = -1;
static int hf_smb_file_name = -1;
static int hf_smb_open_function_open = -1;
static int hf_smb_access_caching = -1;
static int hf_smb_access_writetru = -1;
static int hf_smb_create_time = -1;
+static int hf_smb_modify_time = -1;
+static int hf_smb_backup_time = -1;
+static int hf_smb_mac_alloc_block_count = -1;
+static int hf_smb_mac_alloc_block_size = -1;
+static int hf_smb_mac_free_block_count = -1;
+static int hf_smb_mac_fndrinfo = -1;
+static int hf_smb_mac_root_file_count = -1;
+static int hf_smb_mac_root_dir_count = -1;
+static int hf_smb_mac_file_count = -1;
+static int hf_smb_mac_dir_count = -1;
+static int hf_smb_mac_support_flags = -1;
+static int hf_smb_mac_sup_access_ctrl = -1;
+static int hf_smb_mac_sup_getset_comments = -1;
+static int hf_smb_mac_sup_desktopdb_calls = -1;
+static int hf_smb_mac_sup_unique_ids = -1;
+static int hf_smb_mac_sup_streams = -1;
static int hf_smb_create_dos_date = -1;
static int hf_smb_create_dos_time = -1;
static int hf_smb_last_write_time = -1;
static int hf_smb_write_mode_message_start = -1;
static int hf_smb_write_mode_connectionless = -1;
static int hf_smb_resume_key_len = -1;
+static int hf_smb_resume_find_id = -1;
static int hf_smb_resume_server_cookie = -1;
static int hf_smb_resume_client_cookie = -1;
static int hf_smb_andxoffset = -1;
static int hf_smb_nt_ioctl_isfsctl = -1;
static int hf_smb_nt_ioctl_flags_root_handle = -1;
static int hf_smb_nt_ioctl_data = -1;
+#ifdef SMB_UNUSED_HANDLES
static int hf_smb_nt_security_information = -1;
+#endif
static int hf_smb_nt_notify_action = -1;
static int hf_smb_nt_notify_watch_tree = -1;
static int hf_smb_nt_notify_stream_write = -1;
static int hf_smb_file_eattr_offline = -1;
static int hf_smb_file_eattr_not_content_indexed = -1;
static int hf_smb_file_eattr_encrypted = -1;
-static int hf_smb_file_eattr_write_through = -1;
-static int hf_smb_file_eattr_no_buffering = -1;
-static int hf_smb_file_eattr_random_access = -1;
-static int hf_smb_file_eattr_sequential_scan = -1;
-static int hf_smb_file_eattr_delete_on_close = -1;
-static int hf_smb_file_eattr_backup_semantics = -1;
-static int hf_smb_file_eattr_posix_semantics = -1;
static int hf_smb_sec_desc_len = -1;
static int hf_smb_sec_desc_revision = -1;
static int hf_smb_sec_desc_type_owner_defaulted = -1;
static int hf_smb_extended_attributes = -1;
static int hf_smb_oplock_level = -1;
static int hf_smb_create_action = -1;
+static int hf_smb_file_id = -1;
static int hf_smb_ea_error_offset = -1;
static int hf_smb_end_of_file = -1;
static int hf_smb_device_type = -1;
static int hf_smb_print_spool_file_size = -1;
static int hf_smb_print_spool_file_name = -1;
static int hf_smb_start_index = -1;
+static int hf_smb_originator_name = -1;
+static int hf_smb_destination_name = -1;
+static int hf_smb_message_len = -1;
+static int hf_smb_message = -1;
+static int hf_smb_mgid = -1;
+static int hf_smb_forwarded_name = -1;
+static int hf_smb_machine_name = -1;
static int hf_smb_cancel_to = -1;
static int hf_smb_trans2_subcmd = -1;
static int hf_smb_trans_name = -1;
static int hf_smb_ff2_close = -1;
static int hf_smb_ff2_information_level = -1;
static int hf_smb_qpi_loi = -1;
+#if 0
+static int hf_smb_sfi_writetru = -1;
+static int hf_smb_sfi_caching = -1;
+#endif
static int hf_smb_storage_type = -1;
static int hf_smb_resume = -1;
static int hf_smb_max_referral_level = -1;
static int hf_smb_dfs_referral_alt_path = -1;
static int hf_smb_end_of_search = -1;
static int hf_smb_last_name_offset = -1;
+static int hf_smb_fn_information_level = -1;
+static int hf_smb_monitor_handle = -1;
+static int hf_smb_change_count = -1;
static int hf_smb_file_index = -1;
static int hf_smb_short_file_name = -1;
static int hf_smb_short_file_name_len = -1;
static int hf_smb_volume_label_len = -1;
static int hf_smb_volume_label = -1;
static int hf_smb_free_alloc_units64 = -1;
+static int hf_smb_caller_free_alloc_units64 = -1;
+static int hf_smb_actual_free_alloc_units64 = -1;
static int hf_smb_max_name_len = -1;
static int hf_smb_fs_name_len = -1;
static int hf_smb_fs_name = -1;
static int hf_smb_fs_attr_vq = -1;
static int hf_smb_fs_attr_dim = -1;
static int hf_smb_fs_attr_vic = -1;
+static int hf_smb_quota_flags_enabled = -1;
+static int hf_smb_quota_flags_deny_disk = -1;
+static int hf_smb_quota_flags_log_limit = -1;
+static int hf_smb_quota_flags_log_warning = -1;
+static int hf_smb_soft_quota_limit = -1;
+static int hf_smb_hard_quota_limit = -1;
+static int hf_smb_user_quota_used = -1;
+static int hf_smb_user_quota_offset = -1;
+static int hf_smb_nt_rename_level = -1;
+static int hf_smb_cluster_count = -1;
+static int hf_smb_segments = -1;
+static int hf_smb_segment = -1;
+static int hf_smb_segment_overlap = -1;
+static int hf_smb_segment_overlap_conflict = -1;
+static int hf_smb_segment_multiple_tails = -1;
+static int hf_smb_segment_too_long_fragment = -1;
+static int hf_smb_segment_error = -1;
static gint ett_smb = -1;
static gint ett_smb_hdr = -1;
static gint ett_smb_ssetupandxaction = -1;
static gint ett_smb_optionsup = -1;
static gint ett_smb_time_date = -1;
-static gint ett_smb_move_flags = -1;
+static gint ett_smb_move_copy_flags = -1;
static gint ett_smb_file_attributes = -1;
static gint ett_smb_search_resume_key = -1;
static gint ett_smb_search_dir_info = -1;
static gint ett_smb_nt_share_access = -1;
static gint ett_smb_nt_security_flags = -1;
static gint ett_smb_nt_trans_setup = -1;
+static gint ett_smb_nt_trans_data = -1;
+static gint ett_smb_nt_trans_param = -1;
static gint ett_smb_nt_notify_completion_filter = -1;
static gint ett_smb_nt_ioctl_flags = -1;
static gint ett_smb_security_information_mask = -1;
static gint ett_smb_transaction_flags = -1;
static gint ett_smb_transaction_params = -1;
static gint ett_smb_find_first2_flags = -1;
+static gint ett_smb_mac_support_flags = -1;
+#if 0
+static gint ett_smb_ioflag = -1;
+#endif
static gint ett_smb_transaction_data = -1;
static gint ett_smb_stream_info = -1;
static gint ett_smb_dfs_referrals = -1;
static gint ett_smb_device_characteristics = -1;
static gint ett_smb_fs_attributes = -1;
static gint ett_smb_segments = -1;
+static gint ett_smb_segment = -1;
static gint ett_smb_sec_desc = -1;
static gint ett_smb_sid = -1;
static gint ett_smb_acl = -1;
static gint ett_smb_ace = -1;
static gint ett_smb_ace_flags = -1;
static gint ett_smb_sec_desc_type = -1;
+static gint ett_smb_quotaflags = -1;
+static gint ett_smb_secblob = -1;
+
+static dissector_handle_t gssapi_handle = NULL;
+static dissector_handle_t ntlmssp_handle = NULL;
+
+static const fragment_items smb_frag_items = {
+ &ett_smb_segment,
+ &ett_smb_segments,
+
+ &hf_smb_segments,
+ &hf_smb_segment,
+ &hf_smb_segment_overlap,
+ &hf_smb_segment_overlap_conflict,
+ &hf_smb_segment_multiple_tails,
+ &hf_smb_segment_too_long_fragment,
+ &hf_smb_segment_error,
+
+ "segments"
+};
proto_tree *top_tree=NULL; /* ugly */
static char *decode_smb_name(unsigned char);
-static int dissect_smb_command(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree, guint8 cmd);
-static const gchar *get_unicode_or_ascii_string(tvbuff_t *tvb,
- int *offsetp, packet_info *pinfo, int *len, gboolean nopad,
- gboolean exactlen, guint16 *bcp);
+static int dissect_smb_command(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *smb_tree, guint8 cmd, gboolean first_pdu);
/*
* Macros for use in the main dissector routines for an SMB.
static fragment_data *
-smb_trans_defragment(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb,
+smb_trans_defragment(proto_tree *tree _U_, packet_info *pinfo, tvbuff_t *tvb,
int offset, int count, int pos, int totlen)
{
fragment_data *fd_head=NULL;
* at one time?
*
* It is probably not much point in even trying to do something here
- * if we have never seen the initial request. Without the initial
+ * if we have never seen the initial request. Without the initial
* request we probably miss all parameters and the begining of data
* so we cant even call a subdissector since we can not determine
* which type of transaction call this is.
or else we might end up with dissecting one HUGE transaction PDU
a LOT of times. (first fragment is the only one containing the setup
bytes)
- I have seen ONE Transaction PDU that is ~60kb, spanning many Transaction
+ I have seen ONE Transaction PDU that is ~60kb, spanning many Transaction
SMBs. Takes a LOT of time dissecting and is not fun.
*/
if( (pos==0) && fd_head && fd_head->flags&FD_DEFRAGMENTED){
return NULL;
}
}
-
+
typedef struct {
int subcmd;
int info_level;
+ gboolean resume_keys; /* if "return resume" keys set in T2 FIND_FIRST request */
} smb_transact2_info_t;
static GMemChunk *smb_transact2_info_chunk = NULL;
/*
* Return the same value as TimeZone, but it should be more efficient.
*
- * We keep a table of DST offsets to prevent calling localtime() on each
+ * We keep a table of DST offsets to prevent calling localtime() on each
* call of this function. This saves a LOT of time on many unixes.
*
* Updated by Paul Eggert <eggert@twinsun.com>
} else {
dst_table = tdt;
table_size++;
-
- dst_table[i].zone = zone;
+
+ dst_table[i].zone = zone;
dst_table[i].start = dst_table[i].end = t;
-
+
/* no entry will cover more than 6 months */
low = t - MAX_DST_WIDTH/2;
if (t < low)
low = TIME_T_MIN;
-
+
high = t + MAX_DST_WIDTH/2;
if (high < t)
high = TIME_T_MAX;
-
+
/*
* Widen the new entry using two bisection searches.
*/
}
static int
-dissect_smb_UTIME(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int hf_date)
+dissect_smb_UTIME(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date)
{
guint32 timeval;
nstime_t ts;
-
+
timeval = tvb_get_letohl(tvb, offset);
if (timeval == 0xffffffff) {
proto_tree_add_text(tree, tvb, offset, 4,
proto_tree_add_time(tree, hf_date, tvb, offset, 4, &ts);
offset += 4;
-
+
return offset;
}
nt_time_to_nstime(guint32 filetime_high, guint32 filetime_low, nstime_t *tv)
{
double d;
- /* The next two lines are a fix needed for the
+ /* The next two lines are a fix needed for the
broken SCO compiler. JRA. */
time_t l_time_min = TIME_T_MIN;
time_t l_time_max = TIME_T_MAX;
d = ((double)filetime_high)*4.0*(double)(1<<30);
d += filetime_low;
d *= 1.0e-7;
-
+
/* Now adjust by 369 years, to make the seconds since 1970. */
d -= TIME_FIXUP_CONSTANT;
}
int
-dissect_smb_64bit_time(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int hf_date)
+dissect_smb_64bit_time(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date)
{
guint32 filetime_high, filetime_low;
nstime_t ts;
+ /* XXX there seems also to be another special time value which is fairly common :
+ 0x40000000 00000000
+ the meaning of this one is yet unknown
+ */
if (tree) {
filetime_low = tvb_get_letohl(tvb, offset);
filetime_high = tvb_get_letohl(tvb, offset + 4);
proto_tree_add_text(tree, tvb, offset, 8,
"%s: No time specified (0)",
proto_registrar_get_name(hf_date));
+ } else if(filetime_low==0 && filetime_high==0x80000000){
+ proto_tree_add_text(tree, tvb, offset, 8,
+ "%s: Infinity (relative time)",
+ proto_registrar_get_name(hf_date));
+ } else if(filetime_low==0xffffffff && filetime_high==0x7fffffff){
+ proto_tree_add_text(tree, tvb, offset, 8,
+ "%s: Infinity (absolute time)",
+ proto_registrar_get_name(hf_date));
} else {
if (nt_time_to_nstime(filetime_high, filetime_low, &ts)) {
proto_tree_add_time(tree, hf_date, tvb,
}
static int
-dissect_smb_datetime(tvbuff_t *tvb, packet_info *pinfo,
- proto_tree *parent_tree, int offset, int hf_date, int hf_dos_date,
- int hf_dos_time, gboolean time_first)
+dissect_smb_datetime(tvbuff_t *tvb, proto_tree *parent_tree, int offset,
+ int hf_date, int hf_dos_date, int hf_dos_time, gboolean time_first)
{
guint16 dos_time, dos_date;
proto_item *item = NULL;
dos_time = tvb_get_letohs(tvb, offset+2);
}
- if ((dos_time == 0xffff && dos_time == 0xffff) ||
- (dos_time == 0 && dos_time == 0)) {
+ if ((dos_date == 0xffff && dos_time == 0xffff) ||
+ (dos_date == 0 && dos_time == 0)) {
/*
* No date/time specified.
*/
"Write through disabled"
};
static int
-dissect_access(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, char *type)
+dissect_access(tvbuff_t *tvb, proto_tree *parent_tree, int offset, char *type)
{
guint16 mask;
proto_item *item = NULL;
return offset;
}
-#define FILE_ATTRIBUTE_READ_ONLY 0x00000001
-#define FILE_ATTRIBUTE_HIDDEN 0x00000002
-#define FILE_ATTRIBUTE_SYSTEM 0x00000004
-#define FILE_ATTRIBUTE_VOLUME 0x00000008
-#define FILE_ATTRIBUTE_DIRECTORY 0x00000010
-#define FILE_ATTRIBUTE_ARCHIVE 0x00000020
-#define FILE_ATTRIBUTE_DEVICE 0x00000040
-#define FILE_ATTRIBUTE_NORMAL 0x00000080
-#define FILE_ATTRIBUTE_TEMPORARY 0x00000100
-#define FILE_ATTRIBUTE_SPARSE 0x00000200
-#define FILE_ATTRIBUTE_REPARSE 0x00000400
-#define FILE_ATTRIBUTE_COMPRESSED 0x00000800
-#define FILE_ATTRIBUTE_OFFLINE 0x00001000
-#define FILE_ATTRIBUTE_NOT_CONTENT_INDEXED 0x00002000
-#define FILE_ATTRIBUTE_ENCRYPTED 0x00004000
+#define SMB_FILE_ATTRIBUTE_READ_ONLY 0x00000001
+#define SMB_FILE_ATTRIBUTE_HIDDEN 0x00000002
+#define SMB_FILE_ATTRIBUTE_SYSTEM 0x00000004
+#define SMB_FILE_ATTRIBUTE_VOLUME 0x00000008
+#define SMB_FILE_ATTRIBUTE_DIRECTORY 0x00000010
+#define SMB_FILE_ATTRIBUTE_ARCHIVE 0x00000020
+#define SMB_FILE_ATTRIBUTE_DEVICE 0x00000040
+#define SMB_FILE_ATTRIBUTE_NORMAL 0x00000080
+#define SMB_FILE_ATTRIBUTE_TEMPORARY 0x00000100
+#define SMB_FILE_ATTRIBUTE_SPARSE 0x00000200
+#define SMB_FILE_ATTRIBUTE_REPARSE 0x00000400
+#define SMB_FILE_ATTRIBUTE_COMPRESSED 0x00000800
+#define SMB_FILE_ATTRIBUTE_OFFLINE 0x00001000
+#define SMB_FILE_ATTRIBUTE_NOT_CONTENT_INDEXED 0x00002000
+#define SMB_FILE_ATTRIBUTE_ENCRYPTED 0x00004000
-/*
- * These are flags to be used in NT Create operations.
- */
-#define FILE_ATTRIBUTE_WRITE_THROUGH 0x80000000
-#define FILE_ATTRIBUTE_NO_BUFFERING 0x20000000
-#define FILE_ATTRIBUTE_RANDOM_ACCESS 0x10000000
-#define FILE_ATTRIBUTE_SEQUENTIAL_SCAN 0x08000000
-#define FILE_ATTRIBUTE_DELETE_ON_CLOSE 0x04000000
-#define FILE_ATTRIBUTE_BACKUP_SEMANTICS 0x02000000
-#define FILE_ATTRIBUTE_POSIX_SEMANTICS 0x01000000
-
-static const true_false_string tfs_file_attribute_write_through = {
- "This object requires WRITE THROUGH",
- "This object does NOT require write through",
-};
-static const true_false_string tfs_file_attribute_no_buffering = {
- "This object requires NO BUFFERING",
- "This object can be buffered",
-};
-static const true_false_string tfs_file_attribute_random_access = {
- "This object will be RANDOM ACCESSed",
- "Random access is NOT requested",
-};
-static const true_false_string tfs_file_attribute_sequential_scan = {
- "This object is optimized for SEQUENTIAL SCAN",
- "This object is NOT optimized for sequential scan",
-};
-static const true_false_string tfs_file_attribute_delete_on_close = {
- "This object will be DELETED ON CLOSE",
- "This object will not be deleted on close",
-};
-static const true_false_string tfs_file_attribute_backup_semantics = {
- "This object supports BACKUP SEMANTICS",
- "This object does NOT support backup semantics",
-};
-static const true_false_string tfs_file_attribute_posix_semantics = {
- "This object supports POSIX SEMANTICS",
- "This object does NOT support POSIX semantics",
-};
static const true_false_string tfs_file_attribute_read_only = {
"This file is READ ONLY",
"This file is NOT read only",
"This is NOT an encrypted file"
};
+/*
+ * In some places in the CIFS_TR_1p00.pdf, from SNIA, file attributes are
+ * listed as USHORT, and seem to be in packets in the wild, while in other
+ * places they are listed as ULONG, and also seem to be.
+ *
+ * So, I (Richard Sharpe), added a parameter to allow us to specify how many
+ * bytes to consume.
+ */
+
static int
-dissect_file_attributes(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_file_attributes(tvbuff_t *tvb, proto_tree *parent_tree, int offset,
+ int bytes)
{
guint16 mask;
proto_item *item = NULL;
proto_tree *tree = NULL;
+ if (bytes != 2 && bytes != 4) {
+
+ fprintf(stderr, "Incorrect number of bytes passed to dissect_file_attributes.\nMust be 2 or 4, was %d\n", bytes);
+ exit(1);
+
+ }
+
+ /*
+ * The actual bits of interest appear to only be a USHORT
+ */
+ /* FIXME if this ever changes! */
mask = tvb_get_letohs(tvb, offset);
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, 2,
- "File Attributes: 0x%04x", mask);
+ item = proto_tree_add_text(parent_tree, tvb, offset, bytes,
+ "File Attributes: 0x%08x", mask);
tree = proto_item_add_subtree(item, ett_smb_file_attributes);
}
- proto_tree_add_boolean(tree, hf_smb_file_attr_read_only_16bit,
- tvb, offset, 2, mask);
- proto_tree_add_boolean(tree, hf_smb_file_attr_hidden_16bit,
- tvb, offset, 2, mask);
- proto_tree_add_boolean(tree, hf_smb_file_attr_system_16bit,
- tvb, offset, 2, mask);
- proto_tree_add_boolean(tree, hf_smb_file_attr_volume_16bit,
- tvb, offset, 2, mask);
- proto_tree_add_boolean(tree, hf_smb_file_attr_directory_16bit,
- tvb, offset, 2, mask);
proto_tree_add_boolean(tree, hf_smb_file_attr_archive_16bit,
- tvb, offset, 2, mask);
+ tvb, offset, bytes, mask);
+ proto_tree_add_boolean(tree, hf_smb_file_attr_directory_16bit,
+ tvb, offset, bytes, mask);
+ proto_tree_add_boolean(tree, hf_smb_file_attr_volume_16bit,
+ tvb, offset, bytes, mask);
+ proto_tree_add_boolean(tree, hf_smb_file_attr_system_16bit,
+ tvb, offset, bytes, mask);
+ proto_tree_add_boolean(tree, hf_smb_file_attr_hidden_16bit,
+ tvb, offset, bytes, mask);
+ proto_tree_add_boolean(tree, hf_smb_file_attr_read_only_16bit,
+ tvb, offset, bytes, mask);
- offset += 2;
+ offset += bytes;
return offset;
}
/* 3.11 */
static int
-dissect_file_ext_attr(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_file_ext_attr(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint32 mask;
proto_item *item = NULL;
* Does the Win32 API documentation, or the NT Native API book,
* suggest anything?
*/
- proto_tree_add_boolean(tree, hf_smb_file_eattr_write_through,
- tvb, offset, 4, mask);
- proto_tree_add_boolean(tree, hf_smb_file_eattr_no_buffering,
- tvb, offset, 4, mask);
- proto_tree_add_boolean(tree, hf_smb_file_eattr_random_access,
- tvb, offset, 4, mask);
- proto_tree_add_boolean(tree, hf_smb_file_eattr_sequential_scan,
- tvb, offset, 4, mask);
- proto_tree_add_boolean(tree, hf_smb_file_eattr_delete_on_close,
- tvb, offset, 4, mask);
- proto_tree_add_boolean(tree, hf_smb_file_eattr_backup_semantics,
- tvb, offset, 4, mask);
- proto_tree_add_boolean(tree, hf_smb_file_eattr_posix_semantics,
- tvb, offset, 4, mask);
proto_tree_add_boolean(tree, hf_smb_file_eattr_encrypted,
tvb, offset, 4, mask);
proto_tree_add_boolean(tree, hf_smb_file_eattr_not_content_indexed,
}
static int
-dissect_dir_info_file_attributes(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_dir_info_file_attributes(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint8 mask;
proto_item *item = NULL;
};
static int
-dissect_search_attributes(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_search_attributes(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint16 mask;
proto_item *item = NULL;
proto_tree_add_boolean(tree, hf_smb_search_attribute_hidden,
tvb, offset, 2, mask);
proto_tree_add_boolean(tree, hf_smb_search_attribute_system,
- tvb, offset, 2, mask);
+ tvb, offset, 2, mask);
proto_tree_add_boolean(tree, hf_smb_search_attribute_volume,
tvb, offset, 2, mask);
proto_tree_add_boolean(tree, hf_smb_search_attribute_directory,
"Extended security exchanges are not supported"
};
static int
-dissect_negprot_capabilities(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_negprot_capabilities(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint32 mask;
proto_item *item = NULL;
};
static int
-dissect_negprot_rawmode(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_negprot_rawmode(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint16 mask;
proto_item *item = NULL;
};
static int
-dissect_negprot_security_mode(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, int wc)
+dissect_negprot_security_mode(tvbuff_t *tvb, proto_tree *parent_tree, int offset, int wc)
{
guint16 mask = 0;
proto_item *item = NULL;
}
static int
-dissect_negprot_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_negprot_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
proto_item *it = NULL;
proto_tree *tr = NULL;
}
static int
-dissect_negprot_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_negprot_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
guint8 wc;
guint16 dialect;
const char *dn;
switch(wc){
case 13:
/* Security Mode */
- offset = dissect_negprot_security_mode(tvb, pinfo, tree, offset,
- wc);
+ offset = dissect_negprot_security_mode(tvb, tree, offset, wc);
/* Maximum Transmit Buffer Size */
proto_tree_add_item(tree, hf_smb_max_trans_buf_size,
offset += 2;
/* raw mode */
- offset = dissect_negprot_rawmode(tvb, pinfo, tree, offset);
+ offset = dissect_negprot_rawmode(tvb, tree, offset);
/* session key */
proto_tree_add_item(tree, hf_smb_session_key,
offset += 4;
/* current time and date at server */
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset, hf_smb_server_date_time, hf_smb_server_smb_date, hf_smb_server_smb_time,
+ offset = dissect_smb_datetime(tvb, tree, offset, hf_smb_server_date_time, hf_smb_server_smb_date, hf_smb_server_smb_time,
TRUE);
/* time zone */
case 17:
/* Security Mode */
- offset = dissect_negprot_security_mode(tvb, pinfo, tree, offset, wc);
+ offset = dissect_negprot_security_mode(tvb, tree, offset, wc);
/* Maximum Multiplex Count */
proto_tree_add_item(tree, hf_smb_max_mpx_count,
offset += 4;
/* server capabilities */
- caps = dissect_negprot_capabilities(tvb, pinfo, tree, offset);
+ caps = dissect_negprot_capabilities(tvb, tree, offset);
offset += 4;
/* system time */
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
+ offset = dissect_smb_64bit_time(tvb, tree, offset,
hf_smb_system_time);
/* time zone */
COUNT_BYTES(ekl);
}
- /* domain */
+ /*
+ * Primary domain.
+ *
+ * XXX - not present if negotiated dialect isn't
+ * "DOS LANMAN 2.1" or "LANMAN2.1", but we'd either
+ * have to see the request, or assume what dialect strings
+ * were sent, to determine that.
+ *
+ * Is this something other than a primary domain if the
+ * negotiated dialect is Windows for Workgroups 3.1a?
+ * It appears to be 8 bytes of binary data in at least
+ * one capture - is that an encryption key or something
+ * such as that?
+ */
dn = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &dn_len, FALSE, FALSE, &bc);
+ si->unicode, &dn_len, FALSE, FALSE, &bc);
if (dn == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_primary_domain, tvb,
case 17:
if(!(caps&SERVER_CAP_EXTENDED_SECURITY)){
- smb_info_t *si;
-
/* challenge/response encryption key */
/* XXX - is this aligned on an even boundary? */
if(ekl){
/* domain */
/* this string is special, unicode is flagged in caps */
- /* This string is NOT padded to be 16bit aligned. (seen in actual capture) */
- si = pinfo->private_data;
+ /* This string is NOT padded to be 16bit aligned.
+ (seen in actual capture)
+ XXX - I've seen a capture where it appears to be
+ so aligned, but I've also seen captures where
+ it is. The captures where it appeared to be
+ aligned may have been from buggy servers. */
si->unicode = (caps&SERVER_CAP_UNICODE);
dn = get_unicode_or_ascii_string(tvb,
- &offset, pinfo, &dn_len, TRUE, FALSE,
+ &offset, si->unicode, &dn_len, TRUE, FALSE,
&bc);
if (dn == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_primary_domain,
tvb, offset, dn_len, dn);
COUNT_BYTES(dn_len);
+
+ /* server name, seen in w2k pro capture */
+ dn = get_unicode_or_ascii_string(tvb,
+ &offset, si->unicode, &dn_len, TRUE, FALSE,
+ &bc);
+ if (dn == NULL)
+ goto endofcommand;
+ proto_tree_add_string(tree, hf_smb_server,
+ tvb, offset, dn_len, dn);
+ COUNT_BYTES(dn_len);
+
} else {
+ proto_item *blob_item;
+
/* guid */
/* XXX - show it in the standard Microsoft format
for GUIDs? */
tvb, offset, 16, TRUE);
COUNT_BYTES(16);
+ blob_item = proto_tree_add_item(
+ tree, hf_smb_security_blob,
+ tvb, offset, bc, TRUE);
+
/* security blob */
- /* XXX - is this ASN.1-encoded? Is it a Kerberos
- data structure, at least in NT 5.0-and-later
- server replies? */
+ /*
+ * If Extended security and BCC == 16, then raw
+ * NTLMSSP is in use. We need to save this info
+ */
+
if(bc){
- proto_tree_add_item(tree, hf_smb_security_blob,
- tvb, offset, bc, TRUE);
+ tvbuff_t *gssapi_tvb;
+ proto_tree *gssapi_tree;
+
+ gssapi_tree = proto_item_add_subtree(
+ blob_item, ett_smb_secblob);
+
+ gssapi_tvb = tvb_new_subset(
+ tvb, offset, bc, bc);
+
+ call_dissector(
+ gssapi_handle, gssapi_tvb, pinfo,
+ gssapi_tree);
+
+ if (si->ct)
+ si->ct->raw_ntlmssp = 0;
+
COUNT_BYTES(bc);
}
+ else {
+
+ /*
+ * There is no blob. We just have to make sure
+ * that subsequent routines know to call the
+ * right things ...
+ */
+
+ if (si->ct)
+ si->ct->raw_ntlmssp = 1;
+
+ }
}
break;
}
static int
-dissect_old_dir_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_old_dir_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int dn_len;
const char *dn;
guint8 wc;
guint16 bc;
WORD_COUNT;
-
+
BYTE_COUNT;
/* buffer format */
COUNT_BYTES(1);
/* dir name */
- dn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &dn_len,
+ dn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &dn_len,
FALSE, FALSE, &bc);
if (dn == NULL)
goto endofcommand;
}
static int
-dissect_empty(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_empty(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
-
+
WORD_COUNT;
-
+
BYTE_COUNT;
END_OF_SMB
}
static int
-dissect_echo_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_echo_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint16 ec, bc;
guint8 wc;
}
static int
-dissect_echo_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_echo_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint16 bc;
guint8 wc;
}
static int
-dissect_tree_connect_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_tree_connect_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int an_len, pwlen;
const char *an;
guint8 wc;
guint16 bc;
WORD_COUNT;
-
+
BYTE_COUNT;
/* buffer format */
/* Path */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_path, tvb,
/* Service */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_service, tvb,
}
static int
-dissect_tree_connect_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_tree_connect_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
WORD_COUNT;
-
+
/* Maximum Buffer Size */
proto_tree_add_item(tree, hf_smb_max_buf_size, tvb, offset, 2, TRUE);
offset += 2;
return offset;
}
-
+
static const true_false_string tfs_of_create = {
"Create file if it does not exist",
{0, NULL}
};
static int
-dissect_open_function(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_open_function(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint16 mask;
proto_item *item = NULL;
static const true_false_string tfs_mf_file = {
"Target must be a file",
"Target needn't be a file"
- };
+};
static const true_false_string tfs_mf_dir = {
"Target must be a directory",
"Target needn't be a directory"
"Don't have to verify writes"
};
static int
-dissect_move_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_move_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint16 mask;
proto_item *item = NULL;
if(parent_tree){
item = proto_tree_add_text(parent_tree, tvb, offset, 2,
"Flags: 0x%04x", mask);
- tree = proto_item_add_subtree(item, ett_smb_move_flags);
+ tree = proto_item_add_subtree(item, ett_smb_move_copy_flags);
}
-
+
proto_tree_add_boolean(tree, hf_smb_move_flags_verify,
tvb, offset, 2, mask);
proto_tree_add_boolean(tree, hf_smb_move_flags_dir,
return offset;
}
+static const true_false_string tfs_cf_mode = {
+ "ASCII",
+ "Binary"
+};
+static const true_false_string tfs_cf_tree_copy = {
+ "Copy is a tree copy",
+ "Copy is a file copy"
+};
+static const true_false_string tfs_cf_ea_action = {
+ "Fail copy",
+ "Discard EAs"
+};
+static int
+dissect_copy_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
+{
+ guint16 mask;
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+
+ mask = tvb_get_letohs(tvb, offset);
+
+ if(parent_tree){
+ item = proto_tree_add_text(parent_tree, tvb, offset, 2,
+ "Flags: 0x%04x", mask);
+ tree = proto_item_add_subtree(item, ett_smb_move_copy_flags);
+ }
+
+ proto_tree_add_boolean(tree, hf_smb_copy_flags_ea_action,
+ tvb, offset, 2, mask);
+ proto_tree_add_boolean(tree, hf_smb_copy_flags_tree_copy,
+ tvb, offset, 2, mask);
+ proto_tree_add_boolean(tree, hf_smb_copy_flags_verify,
+ tvb, offset, 2, mask);
+ proto_tree_add_boolean(tree, hf_smb_copy_flags_source_mode,
+ tvb, offset, 2, mask);
+ proto_tree_add_boolean(tree, hf_smb_copy_flags_dest_mode,
+ tvb, offset, 2, mask);
+ proto_tree_add_boolean(tree, hf_smb_copy_flags_dir,
+ tvb, offset, 2, mask);
+ proto_tree_add_boolean(tree, hf_smb_copy_flags_file,
+ tvb, offset, 2, mask);
+
+ offset += 2;
+
+ return offset;
+}
+
static int
-dissect_move_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_move_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
guint16 tid;
guint16 bc;
offset += 2;
/* open function */
- offset = dissect_open_function(tvb, pinfo, tree, offset);
+ offset = dissect_open_function(tvb, tree, offset);
/* move flags */
- offset = dissect_move_flags(tvb, pinfo, tree, offset);
+ offset = dissect_move_flags(tvb, tree, offset);
BYTE_COUNT;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_move_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_copy_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ smb_info_t *si = pinfo->private_data;
+ int fn_len;
+ guint16 tid;
+ guint16 bc;
+ guint8 wc;
+ const char *fn;
+
+ WORD_COUNT;
+
+ /* tid */
+ tid = tvb_get_letohs(tvb, offset);
+ proto_tree_add_uint_format(tree, hf_smb_tid, tvb, offset, 2, tid,
+ "TID (target): 0x%04x", tid);
+ offset += 2;
+
+ /* open function */
+ offset = dissect_open_function(tvb, tree, offset);
+
+ /* copy flags */
+ offset = dissect_copy_flags(tvb, tree, offset);
+
+ BYTE_COUNT;
+
+ /* buffer format */
+ CHECK_BYTE_COUNT(1);
+ proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
+ COUNT_BYTES(1);
+
+ /* file name */
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
+ FALSE, FALSE, &bc);
+ if (fn == NULL)
+ goto endofcommand;
+ proto_tree_add_string_format(tree, hf_smb_file_name, tvb, offset,
+ fn_len, fn, "Source File Name: %s", fn);
+ COUNT_BYTES(fn_len);
+
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_append_fstr(pinfo->cinfo, COL_INFO, ", Source Name: %s", fn);
+ }
+
+ /* buffer format */
+ CHECK_BYTE_COUNT(1);
+ proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
+ COUNT_BYTES(1);
+
+ /* file name */
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
+ FALSE, FALSE, &bc);
+ if (fn == NULL)
+ goto endofcommand;
+ proto_tree_add_string_format(tree, hf_smb_file_name, tvb, offset,
+ fn_len, fn, "Destination File Name: %s", fn);
+ COUNT_BYTES(fn_len);
+
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_append_fstr(pinfo->cinfo, COL_INFO, ", Destination Name: %s", fn);
+ }
+
+ END_OF_SMB
+
+ return offset;
+}
+
+static int
+dissect_move_copy_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
WORD_COUNT;
/* # of files moved */
- proto_tree_add_item(tree, hf_smb_move_files_moved, tvb, offset, 2, TRUE);
+ proto_tree_add_item(tree, hf_smb_files_moved, tvb, offset, 2, TRUE);
offset += 2;
BYTE_COUNT;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_open_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_open_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
WORD_COUNT;
/* desired access */
- offset = dissect_access(tvb, pinfo, tree, offset, "Desired");
+ offset = dissect_access(tvb, tree, offset, "Desired");
/* Search Attributes */
- offset = dissect_search_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_search_attributes(tvb, tree, offset);
BYTE_COUNT;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_open_file_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_open_file_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
offset += 2;
/* File Attributes */
- offset = dissect_file_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_file_attributes(tvb, tree, offset, 2);
/* last write time */
- offset = dissect_smb_UTIME(tvb, pinfo, tree, offset, hf_smb_last_write_time);
-
+ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_last_write_time);
+
/* File Size */
proto_tree_add_item(tree, hf_smb_file_size, tvb, offset, 4, TRUE);
offset += 4;
/* granted access */
- offset = dissect_access(tvb, pinfo, tree, offset, "Granted");
+ offset = dissect_access(tvb, tree, offset, "Granted");
BYTE_COUNT;
}
static int
-dissect_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_fid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
}
static int
-dissect_create_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_create_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
WORD_COUNT;
/* file attributes */
- offset = dissect_file_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_file_attributes(tvb, tree, offset, 2);
/* creation time */
- offset = dissect_smb_UTIME(tvb, pinfo, tree, offset, hf_smb_create_time);
+ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_create_time);
BYTE_COUNT;
COUNT_BYTES(1);
/* File Name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_close_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_close_file_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
- guint16 bc;
+ guint16 bc, fid;
WORD_COUNT;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* last write time */
- offset = dissect_smb_UTIME(tvb, pinfo, tree, offset, hf_smb_last_write_time);
+ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_last_write_time);
BYTE_COUNT;
}
static int
-dissect_delete_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_delete_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
WORD_COUNT;
/* search attributes */
- offset = dissect_search_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_search_attributes(tvb, tree, offset);
BYTE_COUNT;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_rename_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_rename_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
WORD_COUNT;
/* search attributes */
- offset = dissect_search_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_search_attributes(tvb, tree, offset);
BYTE_COUNT;
COUNT_BYTES(1);
/* old file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_query_information_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_nt_rename_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
- guint16 bc;
- guint8 wc;
- const char *fn;
+ smb_info_t *si = pinfo->private_data;
int fn_len;
+ const char *fn;
+ guint8 wc;
+ guint16 bc;
WORD_COUNT;
+ /* search attributes */
+ offset = dissect_search_attributes(tvb, tree, offset);
+
+ proto_tree_add_uint(tree, hf_smb_nt_rename_level, tvb, offset, 2, tvb_get_letohs(tvb, offset));
+ offset += 2;
+
+ proto_tree_add_item(tree, hf_smb_cluster_count, tvb, offset, 4, TRUE);
+ offset += 4;
+
BYTE_COUNT;
- /* Buffer Format */
+ /* buffer format */
CHECK_BYTE_COUNT(1);
proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
COUNT_BYTES(1);
- /* File Name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ /* old file name */
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
+ FALSE, FALSE, &bc);
+ if (fn == NULL)
+ goto endofcommand;
+ proto_tree_add_string(tree, hf_smb_old_file_name, tvb, offset, fn_len,
+ fn);
+ COUNT_BYTES(fn_len);
+
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_append_fstr(pinfo->cinfo, COL_INFO, ", Old Name: %s", fn);
+ }
+
+ /* buffer format */
+ CHECK_BYTE_COUNT(1);
+ proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
+ COUNT_BYTES(1);
+
+ /* file name */
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
COUNT_BYTES(fn_len);
if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, ", Path: %s", fn);
+ col_append_fstr(pinfo->cinfo, COL_INFO, ", New Name: %s", fn);
}
END_OF_SMB
return offset;
}
-
+
+
static int
-dissect_query_information_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_query_information_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
guint16 bc;
guint8 wc;
+ const char *fn;
+ int fn_len;
WORD_COUNT;
- /* File Attributes */
- offset = dissect_file_attributes(tvb, pinfo, tree, offset);
-
- /* Last Write Time */
- offset = dissect_smb_UTIME(tvb, pinfo, tree, offset, hf_smb_last_write_time);
-
- /* File Size */
- proto_tree_add_item(tree, hf_smb_file_size, tvb, offset, 4, TRUE);
- offset += 4;
-
- /* 10 reserved bytes */
- proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 10, TRUE);
- offset += 10;
-
BYTE_COUNT;
- END_OF_SMB
+ /* Buffer Format */
+ CHECK_BYTE_COUNT(1);
+ proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
+ COUNT_BYTES(1);
+
+ /* File Name */
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
+ FALSE, FALSE, &bc);
+ if (fn == NULL)
+ goto endofcommand;
+ proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
+ fn);
+ COUNT_BYTES(fn_len);
+
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_append_fstr(pinfo->cinfo, COL_INFO, ", Path: %s", fn);
+ }
+
+ END_OF_SMB
+
+ return offset;
+}
+
+static int
+dissect_query_information_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ guint16 bc;
+ guint8 wc;
+
+ WORD_COUNT;
+
+ /* File Attributes */
+ offset = dissect_file_attributes(tvb, tree, offset, 2);
+
+ /* Last Write Time */
+ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_last_write_time);
+
+ /* File Size */
+ proto_tree_add_item(tree, hf_smb_file_size, tvb, offset, 4, TRUE);
+ offset += 4;
+
+ /* 10 reserved bytes */
+ proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 10, TRUE);
+ offset += 10;
+
+ BYTE_COUNT;
+
+ END_OF_SMB
return offset;
}
static int
-dissect_set_information_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_set_information_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
WORD_COUNT;
/* file attributes */
- offset = dissect_file_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_file_attributes(tvb, tree, offset, 2);
/* last write time */
- offset = dissect_smb_UTIME(tvb, pinfo, tree, offset, hf_smb_last_write_time);
+ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_last_write_time);
/* 10 reserved bytes */
proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 10, TRUE);
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_read_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_read_file_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
- guint16 bc;
+ guint16 cnt=0, bc;
+ guint32 ofs=0;
+ smb_info_t *si;
+ unsigned int fid;
WORD_COUNT;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
+ if (!pinfo->fd->flags.visited) {
+ /* remember the FID for the processing of the response */
+ si = (smb_info_t *)pinfo->private_data;
+ si->sip->extra_info=(void *)fid;
+ }
/* read count */
+ cnt = tvb_get_letohs(tvb, offset);
proto_tree_add_item(tree, hf_smb_count, tvb, offset, 2, TRUE);
offset += 2;
/* offset */
+ ofs = tvb_get_letohl(tvb, offset);
proto_tree_add_item(tree, hf_smb_offset, tvb, offset, 4, TRUE);
offset += 4;
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ ", %u byte%s at offset %u", cnt,
+ (cnt == 1) ? "" : "s", ofs);
+
/* remaining */
proto_tree_add_item(tree, hf_smb_remaining, tvb, offset, 2, TRUE);
offset += 2;
}
int
-dissect_file_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 bc, guint16 datalen)
+dissect_file_data(tvbuff_t *tvb, proto_tree *tree, int offset, guint16 bc, guint16 datalen)
{
int tvblen;
}
static int
-dissect_read_file_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_file_data_dcerpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ proto_tree *top_tree, int offset, guint16 bc, guint16 datalen, guint16 fid)
+{
+ int tvblen;
+ tvbuff_t *dcerpc_tvb;
+
+ if(bc>datalen){
+ /* We have some initial padding bytes. */
+ /* XXX - use the data offset here instead? */
+ proto_tree_add_item(tree, hf_smb_padding, tvb, offset, bc-datalen,
+ TRUE);
+ offset += bc-datalen;
+ bc = datalen;
+ }
+ tvblen = tvb_length_remaining(tvb, offset);
+ dcerpc_tvb = tvb_new_subset(tvb, offset, tvblen, bc);
+ dissect_pipe_dcerpc(dcerpc_tvb, pinfo, top_tree, tree, fid);
+ if(bc>tvblen)
+ offset += tvblen;
+ else
+ offset += bc;
+ return offset;
+}
+
+static int
+dissect_read_file_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint16 cnt=0, bc;
guint8 wc;
+ smb_info_t *si = (smb_info_t *)pinfo->private_data;
+ int fid=0;
WORD_COUNT;
proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 8, TRUE);
offset += 8;
+ /* If we have seen the request, then print which FID this refers to */
+ /* first check if we have seen the request */
+ if(si->sip != NULL && si->sip->frame_req>0){
+ fid=(int)si->sip->extra_info;
+ add_fid(tvb, pinfo, tree, 0, 0, fid);
+ }
+
BYTE_COUNT;
/* buffer format */
proto_tree_add_item(tree, hf_smb_data_len, tvb, offset, 2, TRUE);
COUNT_BYTES(2);
- if (bc != 0) {
- /* file data */
- offset = dissect_file_data(tvb, pinfo, tree, offset, bc, bc);
+ /* another way to transport DCERPC over SMB is to skip Transaction completely and just
+ read write */
+ if(bc){
+ if(si->sip != NULL && si->sip->flags&SMB_SIF_TID_IS_IPC){
+ /* dcerpc call */
+ offset = dissect_file_data_dcerpc(tvb, pinfo, tree,
+ top_tree, offset, bc, bc, fid);
+ } else {
+ /* ordinary file data, or we didn't see the request,
+ so we don't know whether this is a DCERPC call
+ or not */
+ offset = dissect_file_data(tvb, tree, offset, bc, bc);
+ }
bc = 0;
}
}
static int
-dissect_lock_and_read_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_lock_and_read_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint16 cnt, bc;
guint8 wc;
static int
-dissect_write_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_write_file_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
- guint16 cnt=0, bc;
+ guint32 ofs=0;
+ guint16 cnt=0, bc, fid=0;
guint8 wc;
+ smb_info_t *si = (smb_info_t *)pinfo->private_data;
WORD_COUNT;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* write count */
offset += 2;
/* offset */
+ ofs = tvb_get_letohl(tvb, offset);
proto_tree_add_item(tree, hf_smb_offset, tvb, offset, 4, TRUE);
offset += 4;
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ ", %u byte%s at offset %u", cnt,
+ (cnt == 1) ? "" : "s", ofs);
+
/* remaining */
proto_tree_add_item(tree, hf_smb_remaining, tvb, offset, 2, TRUE);
offset += 2;
COUNT_BYTES(2);
if (bc != 0) {
- /* file data */
- offset = dissect_file_data(tvb, pinfo, tree, offset, bc, bc);
+ if( (si->sip && si->sip->flags&SMB_SIF_TID_IS_IPC) && (ofs==0) ){
+ /* dcerpc call */
+ offset = dissect_file_data_dcerpc(tvb, pinfo, tree,
+ top_tree, offset, bc, bc, fid);
+ } else {
+ /* ordinary file data */
+ offset = dissect_file_data(tvb, tree, offset, bc, bc);
+ }
bc = 0;
}
return offset;
}
-
+
static int
-dissect_write_file_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_write_file_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
- guint16 bc;
+ guint16 bc, cnt;
WORD_COUNT;
/* write count */
+ cnt = tvb_get_letohs(tvb, offset);
proto_tree_add_item(tree, hf_smb_count, tvb, offset, 2, TRUE);
offset += 2;
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ ", %u byte%s", cnt, (cnt == 1) ? "" : "s");
+
BYTE_COUNT;
END_OF_SMB
}
static int
-dissect_lock_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_lock_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
- guint16 bc;
+ guint16 bc, fid;
WORD_COUNT;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* lock count */
}
static int
-dissect_create_temporary_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_create_temporary_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
offset += 2;
/* Creation time */
- offset = dissect_smb_UTIME(tvb, pinfo, tree, offset, hf_smb_create_time);
+ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_create_time);
BYTE_COUNT;
COUNT_BYTES(1);
/* directory name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_create_temporary_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_create_temporary_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
- guint16 bc;
- guint16 fid;
+ guint16 bc, fid;
WORD_COUNT;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
};
static int
-dissect_seek_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_seek_file_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
- guint16 bc;
+ guint16 bc, fid;
WORD_COUNT;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* Seek Mode */
}
static int
-dissect_seek_file_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_seek_file_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
return offset;
}
-
+
static int
-dissect_set_information2_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_set_information2_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
- guint16 bc;
+ guint16 bc, fid;
WORD_COUNT;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* create time */
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_create_time,
hf_smb_create_dos_date, hf_smb_create_dos_time, FALSE);
/* access time */
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_access_time,
hf_smb_access_dos_date, hf_smb_access_dos_time, FALSE);
/* last write time */
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_last_write_time,
hf_smb_last_write_dos_date, hf_smb_last_write_dos_time, FALSE);
}
static int
-dissect_query_information2_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_query_information2_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
WORD_COUNT;
/* create time */
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_create_time,
hf_smb_create_dos_date, hf_smb_create_dos_time, FALSE);
/* access time */
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_access_time,
hf_smb_access_dos_date, hf_smb_access_dos_time, FALSE);
/* last write time */
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_last_write_time,
hf_smb_last_write_dos_date, hf_smb_last_write_dos_time, FALSE);
offset += 4;
/* File Attributes */
- offset = dissect_file_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_file_attributes(tvb, tree, offset, 2);
BYTE_COUNT;
}
static int
-dissect_write_and_close_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_write_and_close_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 cnt=0;
- guint16 bc;
+ guint16 bc, fid;
WORD_COUNT;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* write count */
offset += 4;
/* last write time */
- offset = dissect_smb_UTIME(tvb, pinfo, tree, offset, hf_smb_last_write_time);
-
+ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_last_write_time);
+
if(wc==12){
/* 12 reserved bytes */
proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 12, TRUE);
CHECK_BYTE_COUNT(1);
proto_tree_add_item(tree, hf_smb_padding, tvb, offset, 1, TRUE);
COUNT_BYTES(1);
-
- offset = dissect_file_data(tvb, pinfo, tree, offset, cnt, cnt);
+
+ offset = dissect_file_data(tvb, tree, offset, cnt, cnt);
bc = 0; /* XXX */
END_OF_SMB
return offset;
}
-
+
static int
-dissect_write_and_close_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_write_and_close_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
}
static int
-dissect_read_raw_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_read_raw_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
- guint16 bc;
+ guint16 bc, fid;
guint32 to;
WORD_COUNT;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* offset */
}
static int
-dissect_query_information_disk_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_query_information_disk_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
}
static int
-dissect_read_mpx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_read_mpx_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
- guint16 bc;
+ guint16 bc, fid;
WORD_COUNT;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* offset */
}
static int
-dissect_read_mpx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_read_mpx_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint16 datalen=0, bc;
guint8 wc;
BYTE_COUNT;
/* file data */
- offset = dissect_file_data(tvb, pinfo, tree, offset, bc, datalen);
+ offset = dissect_file_data(tvb, tree, offset, bc, datalen);
bc = 0;
END_OF_SMB
"Connectionless mode NOT requested"
};
static int
-dissect_write_mode(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, int bm)
+dissect_write_mode(tvbuff_t *tvb, proto_tree *parent_tree, int offset, int bm)
{
guint16 mask;
proto_item *item = NULL;
}
static int
-dissect_write_raw_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_write_raw_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint32 to;
- guint16 datalen=0, bc;
+ guint16 datalen=0, bc, fid;
guint8 wc;
WORD_COUNT;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* total data length */
offset += 4;
/* mode */
- offset = dissect_write_mode(tvb, pinfo, tree, offset, 0x0003);
+ offset = dissect_write_mode(tvb, tree, offset, 0x0003);
/* 4 reserved bytes */
proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 4, TRUE);
/* file data */
/* XXX - use the data offset to determine where the data starts? */
- offset = dissect_file_data(tvb, pinfo, tree, offset, bc, datalen);
+ offset = dissect_file_data(tvb, tree, offset, bc, datalen);
bc = 0;
END_OF_SMB
return offset;
}
-
+
static int
-dissect_write_raw_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_write_raw_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
}
static int
-dissect_write_mpx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_write_mpx_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint32 to;
- guint16 datalen=0, bc;
+ guint16 datalen=0, bc, fid;
guint8 wc;
WORD_COUNT;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* total data length */
offset += 4;
/* mode */
- offset = dissect_write_mode(tvb, pinfo, tree, offset, 0x0083);
+ offset = dissect_write_mode(tvb, tree, offset, 0x0083);
/* request mask */
proto_tree_add_item(tree, hf_smb_request_mask, tvb, offset, 4, TRUE);
offset += 4;
-
+
/* data len */
datalen = tvb_get_letohs(tvb, offset);
proto_tree_add_uint(tree, hf_smb_data_len, tvb, offset, 2, datalen);
/* file data */
/* XXX - use the data offset to determine where the data starts? */
- offset = dissect_file_data(tvb, pinfo, tree, offset, bc, datalen);
+ offset = dissect_file_data(tvb, tree, offset, bc, datalen);
bc = 0;
END_OF_SMB
return offset;
}
-
+
static int
-dissect_write_mpx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_write_mpx_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
/* response mask */
proto_tree_add_item(tree, hf_smb_response_mask, tvb, offset, 4, TRUE);
offset += 4;
-
+
BYTE_COUNT;
END_OF_SMB
}
static int
-dissect_sid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_sid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
static int
dissect_search_resume_key(tvbuff_t *tvb, packet_info *pinfo,
- proto_tree *parent_tree, int offset, guint16 *bcp, gboolean *trunc)
+ proto_tree *parent_tree, int offset, guint16 *bcp, gboolean *trunc,
+ gboolean has_find_id)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
char fname[11+1];
/* file name */
fn_len = 11;
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
TRUE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
/* ensure that it's null-terminated */
fname);
COUNT_BYTES_SUBR(fn_len);
- /* server cookie */
- CHECK_BYTE_COUNT_SUBR(5);
- proto_tree_add_item(tree, hf_smb_resume_server_cookie, tvb, offset, 5, TRUE);
- COUNT_BYTES_SUBR(5);
+ if (has_find_id) {
+ CHECK_BYTE_COUNT_SUBR(1);
+ proto_tree_add_item(tree, hf_smb_resume_find_id, tvb, offset, 1, TRUE);
+ COUNT_BYTES_SUBR(1);
+
+ /* server cookie */
+ CHECK_BYTE_COUNT_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_resume_server_cookie, tvb, offset, 4, TRUE);
+ COUNT_BYTES_SUBR(4);
+ } else {
+ /* server cookie */
+ CHECK_BYTE_COUNT_SUBR(5);
+ proto_tree_add_item(tree, hf_smb_resume_server_cookie, tvb, offset, 5, TRUE);
+ COUNT_BYTES_SUBR(5);
+ }
/* client cookie */
CHECK_BYTE_COUNT_SUBR(4);
static int
dissect_search_dir_info(tvbuff_t *tvb, packet_info *pinfo,
- proto_tree *parent_tree, int offset, guint16 *bcp, gboolean *trunc)
+ proto_tree *parent_tree, int offset, guint16 *bcp, gboolean *trunc,
+ gboolean has_find_id)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
char fname[13+1];
}
/* resume key */
- offset = dissect_search_resume_key(tvb, pinfo, tree, offset, bcp, trunc);
+ offset = dissect_search_resume_key(tvb, pinfo, tree, offset, bcp,
+ trunc, has_find_id);
if (*trunc)
return offset;
/* File Attributes */
CHECK_BYTE_COUNT_SUBR(1);
- offset = dissect_dir_info_file_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_dir_info_file_attributes(tvb, tree, offset);
*bcp -= 1;
/* last write time */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_last_write_time,
hf_smb_last_write_dos_date, hf_smb_last_write_dos_time,
TRUE);
/* file name */
fn_len = 13;
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
TRUE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
/* ensure that it's null-terminated */
static int
-dissect_search_dir_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_search_find_request(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, int offset, proto_tree *smb_tree _U_,
+ gboolean has_find_id)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint16 rkl;
offset += 2;
/* Search Attributes */
- offset = dissect_search_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_search_attributes(tvb, tree, offset);
BYTE_COUNT;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
TRUE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
/* resume key */
if(rkl){
offset = dissect_search_resume_key(tvb, pinfo, tree, offset,
- &bc, &trunc);
+ &bc, &trunc, has_find_id);
if (trunc)
goto endofcommand;
}
}
static int
-dissect_search_dir_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_search_dir_request(tvbuff_t *tvb, packet_info *pinfo _U_,
+ proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ return dissect_search_find_request(tvb, pinfo, tree, offset,
+ smb_tree, FALSE);
+}
+
+static int
+dissect_find_request(tvbuff_t *tvb, packet_info *pinfo _U_,
+ proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ return dissect_search_find_request(tvb, pinfo, tree, offset,
+ smb_tree, TRUE);
+}
+
+static int
+dissect_find_close_request(tvbuff_t *tvb, packet_info *pinfo _U_,
+ proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ return dissect_search_find_request(tvb, pinfo, tree, offset,
+ smb_tree, TRUE);
+}
+
+static int
+dissect_search_find_response(tvbuff_t *tvb, packet_info *pinfo _U_,
+ proto_tree *tree, int offset, proto_tree *smb_tree _U_,
+ gboolean has_find_id)
{
guint16 count=0;
guint8 wc;
while(count--){
offset = dissect_search_dir_info(tvb, pinfo, tree, offset,
- &bc, &trunc);
+ &bc, &trunc, has_find_id);
if (trunc)
goto endofcommand;
}
return offset;
}
+static int
+dissect_search_dir_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ return dissect_search_find_response(tvb, pinfo, tree, offset, smb_tree,
+ FALSE);
+}
+
+static int
+dissect_find_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ return dissect_search_find_response(tvb, pinfo, tree, offset, smb_tree,
+ TRUE);
+}
+
+static int
+dissect_find_close_response(tvbuff_t *tvb, packet_info *pinfo _U_,
+ proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ guint8 wc;
+ guint16 bc;
+ guint16 data_len;
+
+ WORD_COUNT;
+
+ /* reserved */
+ proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 2, TRUE);
+ offset += 2;
+
+ BYTE_COUNT;
+
+ /* buffer format */
+ CHECK_BYTE_COUNT(1);
+ proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
+ COUNT_BYTES(1);
+
+ /* data len */
+ CHECK_BYTE_COUNT(2);
+ data_len = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_uint(tree, hf_smb_data_len, tvb, offset, 2, data_len);
+ COUNT_BYTES(2);
+
+ if (data_len != 0) {
+ CHECK_BYTE_COUNT(data_len);
+ proto_tree_add_item(tree, hf_smb_reserved, tvb, offset,
+ data_len, TRUE);
+ COUNT_BYTES(data_len);
+ }
+
+ END_OF_SMB
+
+ return offset;
+}
+
static const value_string locking_ol_vals[] = {
{0, "Client is not holding oplock on this file"},
{1, "Level 2 oplock currently held by client"},
"This is an exclusive lock"
};
static int
-dissect_locking_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_locking_andx_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree)
{
guint8 wc, cmd=0xff, lt=0;
- guint16 andxoffset=0, un=0, ln=0, bc;
+ guint16 andxoffset=0, un=0, ln=0, bc, fid;
guint32 to;
proto_item *litem = NULL;
proto_tree *ltree = NULL;
offset += 2;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* lock type */
litem = proto_tree_add_text(tr, tvb, offset, 20,
"Unlock");
ltree = proto_item_add_subtree(litem, ett_smb_unlock);
-
+
/* PID */
CHECK_BYTE_COUNT(2);
proto_tree_add_item(ltree, hf_smb_pid, tvb, offset, 2, TRUE);
litem = proto_tree_add_text(tr, tvb, offset, 10,
"Unlock");
ltree = proto_item_add_subtree(litem, ett_smb_unlock);
-
+
/* PID */
CHECK_BYTE_COUNT(2);
proto_tree_add_item(ltree, hf_smb_pid, tvb, offset, 2, TRUE);
litem = proto_tree_add_text(tr, tvb, offset, 20,
"Lock");
ltree = proto_item_add_subtree(litem, ett_smb_lock);
-
+
/* PID */
CHECK_BYTE_COUNT(2);
proto_tree_add_item(ltree, hf_smb_pid, tvb, offset, 2, TRUE);
litem = proto_tree_add_text(tr, tvb, offset, 10,
"Unlock");
ltree = proto_item_add_subtree(litem, ett_smb_unlock);
-
+
/* PID */
CHECK_BYTE_COUNT(2);
proto_tree_add_item(ltree, hf_smb_pid, tvb, offset, 2, TRUE);
}
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
static int
-dissect_locking_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_locking_andx_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree)
{
guint8 wc, cmd=0xff;
guint16 andxoffset=0;
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
"File is opened by another user (or mode not supported by server)"
};
static int
-dissect_open_action(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_open_action(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint16 mask;
proto_item *item = NULL;
"Total length of EAs not requested"
};
static int
-dissect_open_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, int bm)
+dissect_open_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset, int bm)
{
guint16 mask;
proto_item *item = NULL;
{
guint8 wc, cmd=0xff;
guint16 andxoffset=0, bc;
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
offset += 2;
/* open flags */
- offset = dissect_open_flags(tvb, pinfo, tree, offset, 0x0007);
+ offset = dissect_open_flags(tvb, tree, offset, 0x0007);
/* desired access */
- offset = dissect_access(tvb, pinfo, tree, offset, "Desired");
+ offset = dissect_access(tvb, tree, offset, "Desired");
/* Search Attributes */
- offset = dissect_search_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_search_attributes(tvb, tree, offset);
/* File Attributes */
- offset = dissect_file_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_file_attributes(tvb, tree, offset, 2);
/* creation time */
- offset = dissect_smb_UTIME(tvb, pinfo, tree, offset, hf_smb_create_time);
-
+ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_create_time);
+
/* open function */
- offset = dissect_open_function(tvb, pinfo, tree, offset);
+ offset = dissect_open_function(tvb, tree, offset);
/* allocation size */
proto_tree_add_item(tree, hf_smb_alloc_size, tvb, offset, 4, TRUE);
BYTE_COUNT;
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
};
int
-dissect_ipc_state(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
- int offset, gboolean setstate)
+dissect_ipc_state(tvbuff_t *tvb, proto_tree *parent_tree, int offset,
+ gboolean setstate)
{
guint16 mask;
proto_item *item = NULL;
offset += 2;
/* File Attributes */
- offset = dissect_file_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_file_attributes(tvb, tree, offset, 2);
/* last write time */
- offset = dissect_smb_UTIME(tvb, pinfo, tree, offset, hf_smb_last_write_time);
-
+ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_last_write_time);
+
/* File Size */
proto_tree_add_item(tree, hf_smb_file_size, tvb, offset, 4, TRUE);
offset += 4;
/* granted access */
- offset = dissect_access(tvb, pinfo, tree, offset, "Granted");
+ offset = dissect_access(tvb, tree, offset, "Granted");
/* File Type */
proto_tree_add_item(tree, hf_smb_file_type, tvb, offset, 2, TRUE);
offset += 2;
/* IPC State */
- offset = dissect_ipc_state(tvb, pinfo, tree, offset, FALSE);
+ offset = dissect_ipc_state(tvb, tree, offset, FALSE);
/* open_action */
- offset = dissect_open_action(tvb, pinfo, tree, offset);
+ offset = dissect_open_action(tvb, tree, offset);
/* server fid */
proto_tree_add_item(tree, hf_smb_server_fid, tvb, offset, 4, TRUE);
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
dissect_read_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
{
guint8 wc, cmd=0xff;
- guint16 andxoffset=0, bc;
+ guint16 andxoffset=0, bc, maxcnt = 0;
+ guint32 ofs = 0;
smb_info_t *si;
unsigned int fid;
}
/* offset */
+ ofs = tvb_get_letohl(tvb, offset);
proto_tree_add_item(tree, hf_smb_offset, tvb, offset, 4, TRUE);
offset += 4;
/* max count */
+ maxcnt = tvb_get_letohs(tvb, offset);
proto_tree_add_item(tree, hf_smb_max_count, tvb, offset, 2, TRUE);
offset += 2;
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ ", %u byte%s at offset %u", maxcnt,
+ (maxcnt == 1) ? "" : "s", ofs);
+
/* min count */
proto_tree_add_item(tree, hf_smb_min_count, tvb, offset, 2, TRUE);
offset += 2;
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
guint8 wc, cmd=0xff;
guint16 andxoffset=0, bc, datalen=0, dataoffset=0;
smb_info_t *si = (smb_info_t *)pinfo->private_data;
+ int fid=0;
WORD_COUNT;
proto_tree_add_uint_format(tree, hf_smb_cmd, tvb, offset, 1, cmd, "AndXCommand: No further commands (0xff)");
}
offset += 1;
-
+
/* reserved byte */
proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 1, TRUE);
offset += 1;
/* If we have seen the request, then print which FID this refers to */
/* first check if we have seen the request */
if(si->sip != NULL && si->sip->frame_req>0){
- add_fid(tvb, pinfo, tree, 0, 0, (int)si->sip->extra_info);
+ fid=(int)si->sip->extra_info;
+ add_fid(tvb, pinfo, tree, 0, 0, fid);
}
/* remaining */
proto_tree_add_uint(tree, hf_smb_data_len, tvb, offset, 2, datalen);
offset += 2;
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ ", %u byte%s", datalen,
+ (datalen == 1) ? "" : "s");
+
/* data offset */
dataoffset=tvb_get_letohs(tvb, offset);
proto_tree_add_uint(tree, hf_smb_data_offset, tvb, offset, 2, dataoffset);
/* is this part of DCERPC over SMB reassembly?*/
if(smb_dcerpc_reassembly && !pinfo->fd->flags.visited
&& (bc<=tvb_length_remaining(tvb, offset)) ){
- guint32 frame;
- if (si->sip != NULL && (frame=(guint32)g_hash_table_lookup(
+ gpointer hash_value;
+ if (si->sip != NULL && (hash_value = g_hash_table_lookup(
si->ct->dcerpc_fid_to_frame,
si->sip->extra_info)) != NULL) {
fragment_data *fd_head;
+ guint32 frame = GPOINTER_TO_UINT(hash_value);
+
/* first fragment is always from a SMB Trans command and
offset 0 of the following read/write SMB commands start
BEYOND the first Trans SMB payload. Look for offset
}
fd_head=fragment_add(tvb, dataoffset, pinfo,
frame, dcerpc_fragment_table,
- fd_head->offset+fd_head->len,
+ fd_head->offset+fd_head->len,
datalen, TRUE);
- /* we completed reassembly, abort searching for more
+ /* we completed reassembly, abort searching for more
fragments*/
if(fd_head){
g_hash_table_remove(si->ct->dcerpc_fid_to_frame,
- si->sip->extra_info);
+ si->sip->extra_info);
}
}
}
}
- /* file data */
- offset = dissect_file_data(tvb, pinfo, tree, offset, bc, datalen);
- bc = 0;
+ /* another way to transport DCERPC over SMB is to skip Transaction completely and just
+ read write */
+ if(bc){
+ if(si->sip != NULL && si->sip->flags&SMB_SIF_TID_IS_IPC){
+ /* dcerpc call */
+ offset = dissect_file_data_dcerpc(tvb, pinfo, tree,
+ top_tree, offset, bc, datalen, fid);
+ } else {
+ /* ordinary file data, or we didn't see the request,
+ so we don't know whether this is a DCERPC call
+ or not */
+ offset = dissect_file_data(tvb, tree, offset, bc, datalen);
+ }
+ bc = 0;
+ }
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
static int
dissect_write_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
{
+ guint32 ofs=0;
guint8 wc, cmd=0xff;
guint16 andxoffset=0, bc, datalen=0, dataoffset=0;
smb_info_t *si = (smb_info_t *)pinfo->private_data;
- unsigned int fid;
+ unsigned int fid=0;
WORD_COUNT;
}
/* offset */
+ ofs = tvb_get_letohl(tvb, offset);
proto_tree_add_item(tree, hf_smb_offset, tvb, offset, 4, TRUE);
offset += 4;
offset += 4;
/* mode */
- offset = dissect_write_mode(tvb, pinfo, tree, offset, 0x000f);
+ offset = dissect_write_mode(tvb, tree, offset, 0x000f);
/* remaining */
proto_tree_add_item(tree, hf_smb_remaining, tvb, offset, 2, TRUE);
proto_tree_add_uint(tree, hf_smb_data_offset, tvb, offset, 2, dataoffset);
offset += 2;
+ /* FIXME: handle Large (48-bit) byte/offset to COL_INFO */
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ ", %u byte%s at offset %u", datalen,
+ (datalen == 1) ? "" : "s", ofs);
+
if(wc==14){
/* high offset */
proto_tree_add_item(tree, hf_smb_high_offset, tvb, offset, 4, TRUE);
/* is this part of DCERPC over SMB reassembly?*/
if(smb_dcerpc_reassembly && !pinfo->fd->flags.visited && (bc<=tvb_length_remaining(tvb, offset)) ){
- guint32 frame;
- frame=(guint32)g_hash_table_lookup(si->ct->dcerpc_fid_to_frame,
+ gpointer hash_value;
+ hash_value = g_hash_table_lookup(si->ct->dcerpc_fid_to_frame,
si->sip->extra_info);
- if(frame){
+ if(hash_value){
fragment_data *fd_head;
+ guint32 frame = GPOINTER_TO_UINT(hash_value);
+
/* first fragment is always from a SMB Trans command and
offset 0 of the following read/write SMB commands start
BEYOND the first Trans SMB payload. Look for offset
}
fd_head=fragment_add(tvb, dataoffset, pinfo,
frame, dcerpc_fragment_table,
- fd_head->offset+fd_head->len,
+ fd_head->offset+fd_head->len,
datalen, TRUE);
- /* we completed reassembly, abort searching for more
+ /* we completed reassembly, abort searching for more
fragments*/
if(fd_head){
g_hash_table_remove(si->ct->dcerpc_fid_to_frame,
- si->sip->extra_info);
+ si->sip->extra_info);
}
}
}
}
/* file data */
- offset = dissect_file_data(tvb, pinfo, tree, offset, bc, datalen);
- bc = 0;
+ if (bc != 0) {
+ if( (si->sip && si->sip->flags&SMB_SIF_TID_IS_IPC) && (ofs==0) ){
+ /* dcerpc call */
+ offset = dissect_file_data_dcerpc(tvb, pinfo, tree,
+ top_tree, offset, bc, datalen, fid);
+ } else {
+ /* ordinary file data */
+ offset = dissect_file_data(tvb, tree, offset,
+ bc, datalen);
+ }
+ bc = 0;
+ }
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
dissect_write_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
{
guint8 wc, cmd=0xff;
- guint16 andxoffset=0, bc;
+ guint16 andxoffset=0, bc, datalen=0;
smb_info_t *si;
WORD_COUNT;
proto_tree_add_uint_format(tree, hf_smb_cmd, tvb, offset, 1, cmd, "AndXCommand: No further commands (0xff)");
}
offset += 1;
-
+
/* reserved byte */
proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 1, TRUE);
offset += 1;
}
/* write count */
+ datalen = tvb_get_letohs(tvb, offset);
proto_tree_add_item(tree, hf_smb_count, tvb, offset, 2, TRUE);
offset += 2;
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ ", %u byte%s", datalen,
+ (datalen == 1) ? "" : "s");
+
/* remaining */
proto_tree_add_item(tree, hf_smb_remaining, tvb, offset, 2, TRUE);
offset += 2;
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
"Not logged in as GUEST"
};
static int
-dissect_setup_action(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_setup_action(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint16 mask;
proto_item *item = NULL;
return offset;
}
-
+
static int
dissect_session_setup_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
guint8 wc, cmd=0xff;
guint16 bc;
guint16 andxoffset=0;
+ smb_info_t *si = pinfo->private_data;
int an_len;
const char *an;
int dn_len;
offset += 4;
/* capabilities */
- dissect_negprot_capabilities(tvb, pinfo, tree, offset);
+ dissect_negprot_capabilities(tvb, tree, offset);
offset += 4;
break;
offset += 4;
/* capabilities */
- dissect_negprot_capabilities(tvb, pinfo, tree, offset);
+ dissect_negprot_capabilities(tvb, tree, offset);
offset += 4;
break;
BYTE_COUNT;
if (wc==12) {
+ proto_item *blob_item;
+
/* security blob */
- /* XXX - is this ASN.1-encoded? Is it a Kerberos
- data structure, at least in NT 5.0-and-later
- server replies? */
+
+ blob_item = proto_tree_add_item(tree, hf_smb_security_blob,
+ tvb, offset, sbloblen, TRUE);
+
+ /* As an optimization, because Windows is perverse,
+ we check to see if NTLMSSP is the first part of the
+ blob, and if so, call the NTLMSSP dissector,
+ otherwise we call the GSS-API dissector. This is because
+ Windows can request RAW NTLMSSP, but will happily handle
+ a client that wraps NTLMSSP in SPNEGO
+ */
+
if(sbloblen){
- CHECK_BYTE_COUNT(sbloblen);
- proto_tree_add_item(tree, hf_smb_security_blob,
- tvb, offset, sbloblen, TRUE);
+ tvbuff_t *blob_tvb;
+ proto_tree *blob_tree;
+
+ blob_tree = proto_item_add_subtree(blob_item,
+ ett_smb_secblob);
+ CHECK_BYTE_COUNT(sbloblen);
+
+ blob_tvb = tvb_new_subset(tvb, offset, sbloblen,
+ sbloblen);
+
+ if (si && si->ct && si->ct->raw_ntlmssp &&
+ !strncmp("NTLMSSP",
+ tvb_get_ptr(tvb, offset, 7), 7)) {
+ call_dissector(ntlmssp_handle, blob_tvb, pinfo,
+ blob_tree);
+
+ }
+ else {
+ call_dissector(gssapi_handle, blob_tvb,
+ pinfo, blob_tree);
+ }
+
COUNT_BYTES(sbloblen);
}
/* OS */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_os, tvb,
* because the bug didn't appear to get fixed until NT 5.0....
*/
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_lanman, tvb,
* ASCII and the account name is empty. Another bug?
*/
dn = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &dn_len, FALSE, FALSE, &bc);
+ si->unicode, &dn_len, FALSE, FALSE, &bc);
if (dn == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_primary_domain, tvb,
if(pwlen){
/* password, ASCII */
CHECK_BYTE_COUNT(pwlen);
- proto_tree_add_item(tree, hf_smb_password,
+ proto_tree_add_item(tree, hf_smb_password,
tvb, offset, pwlen, TRUE);
COUNT_BYTES(pwlen);
}
if(apwlen){
/* password, ANSI */
CHECK_BYTE_COUNT(apwlen);
- proto_tree_add_item(tree, hf_smb_ansi_password,
+ proto_tree_add_item(tree, hf_smb_ansi_password,
tvb, offset, apwlen, TRUE);
COUNT_BYTES(apwlen);
}
if(upwlen){
/* password, Unicode */
CHECK_BYTE_COUNT(upwlen);
- proto_tree_add_item(tree, hf_smb_unicode_password,
+ proto_tree_add_item(tree, hf_smb_unicode_password,
tvb, offset, upwlen, TRUE);
COUNT_BYTES(upwlen);
}
/* Account Name */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_account, tvb, offset, an_len,
* ASCII and the account name is empty. Another bug?
*/
dn = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &dn_len, FALSE, FALSE, &bc);
+ si->unicode, &dn_len, FALSE, FALSE, &bc);
if (dn == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_primary_domain, tvb,
COUNT_BYTES(dn_len);
if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, ", User: %s@%s",
- an,dn);
+ col_append_fstr(pinfo->cinfo, COL_INFO, ", User: ");
+
+ if (!dn[0] && !an[0])
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ "anonymous");
+ else
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ "%s\\%s", dn,an);
}
/* OS */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_os, tvb,
* because the bug didn't appear to get fixed until NT 5.0....
*/
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_lanman, tvb,
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
guint8 wc, cmd=0xff;
guint16 andxoffset=0, bc;
guint16 sbloblen=0;
+ smb_info_t *si = pinfo->private_data;
int an_len;
const char *an;
offset += 2;
/* flags */
- offset = dissect_setup_action(tvb, pinfo, tree, offset);
+ offset = dissect_setup_action(tvb, tree, offset);
if(wc==4){
/* security blob length */
BYTE_COUNT;
if(wc==4) {
+ proto_item *blob_item;
+
/* security blob */
- /* XXX - is this ASN.1-encoded? Is it a Kerberos
- data structure, at least in NT 5.0-and-later
- server replies? */
+
+ blob_item = proto_tree_add_item(tree, hf_smb_security_blob,
+ tvb, offset, sbloblen, TRUE);
+
if(sbloblen){
- CHECK_BYTE_COUNT(sbloblen);
- proto_tree_add_item(tree, hf_smb_security_blob,
- tvb, offset, sbloblen, TRUE);
- COUNT_BYTES(sbloblen);
- }
- }
+ tvbuff_t *blob_tvb;
+ proto_tree *blob_tree;
- /* OS */
+ blob_tree = proto_item_add_subtree(blob_item,
+ ett_smb_secblob);
+ CHECK_BYTE_COUNT(sbloblen);
+
+ blob_tvb = tvb_new_subset(tvb, offset, sbloblen,
+ sbloblen);
+
+ if (si && si->ct && si->ct->raw_ntlmssp &&
+ !strncmp("NTLMSSP",
+ tvb_get_ptr(tvb, offset, 7), 7)) {
+ call_dissector(ntlmssp_handle, blob_tvb, pinfo,
+ blob_tree);
+
+ }
+ else {
+ call_dissector(gssapi_handle, blob_tvb, pinfo,
+ blob_tree);
+
+ }
+
+ COUNT_BYTES(sbloblen);
+ }
+ }
+
+ /* OS */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_os, tvb,
/* LANMAN */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_lanman, tvb,
if(wc==3) {
/* Primary domain */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_primary_domain, tvb,
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
-
+
static int
dissect_empty_andx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
{
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
-
+
static const true_false_string tfs_connect_support_search = {
"Exclusive search bits supported",
"Exclusive search bits not supported"
};
static int
-dissect_connect_support_bits(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_connect_support_bits(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint16 mask;
proto_item *item = NULL;
};
static int
-dissect_connect_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_connect_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint16 mask;
proto_item *item = NULL;
guint8 wc, cmd=0xff;
guint16 bc;
guint16 andxoffset=0, pwlen=0;
+ smb_info_t *si = pinfo->private_data;
int an_len;
const char *an;
offset += 2;
/* flags */
- offset = dissect_connect_flags(tvb, pinfo, tree, offset);
+ offset = dissect_connect_flags(tvb, tree, offset);
/* password length*/
pwlen = tvb_get_letohs(tvb, offset);
/* password */
CHECK_BYTE_COUNT(pwlen);
- proto_tree_add_item(tree, hf_smb_password,
+ proto_tree_add_item(tree, hf_smb_password,
tvb, offset, pwlen, TRUE);
COUNT_BYTES(pwlen);
/* Path */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_path, tvb,
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
guint16 bc;
int an_len;
const char *an;
+ smb_info_t *si = pinfo->private_data;
WORD_COUNT;
goto bytecount;
/* flags */
- offset = dissect_connect_support_bits(tvb, pinfo, tree, offset);
+ offset = dissect_connect_support_bits(tvb, tree, offset);
wleft--;
/* XXX - I've seen captures where this is 7, but I have no
offset, an_len, an);
COUNT_BYTES(an_len);
+ /* Now when we know the service type, store it so that we know it for later commands down
+ this tree */
+ if(!pinfo->fd->flags.visited){
+ /* Remove any previous entry for this TID */
+ if(g_hash_table_lookup(si->ct->tid_service, (void *)si->tid)){
+ g_hash_table_remove(si->ct->tid_service, (void *)si->tid);
+ }
+ if(strcmp(an,"IPC") == 0){
+ g_hash_table_insert(si->ct->tid_service, (void *)si->tid, (void *)TID_IPC);
+ } else {
+ g_hash_table_insert(si->ct->tid_service, (void *)si->tid, (void *)TID_NORMAL);
+ }
+ }
+
+
if(wc==3){
if (bc != 0) {
/*
/* Native FS */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, /*TRUE*/FALSE, FALSE, &bc);
+ si->unicode, &an_len, /*TRUE*/FALSE, FALSE,
+ &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_fs, tvb,
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
#define NT_TRANS_NOTIFY 4
#define NT_TRANS_RENAME 5
#define NT_TRANS_QSD 6
+#define NT_TRANS_GET_USER_QUOTA 7
+#define NT_TRANS_SET_USER_QUOTA 8
static const value_string nt_cmd_vals[] = {
- {NT_TRANS_CREATE, "NT CREATE"},
- {NT_TRANS_IOCTL, "NT IOCTL"},
- {NT_TRANS_SSD, "NT SET SECURITY DESC"},
- {NT_TRANS_NOTIFY, "NT NOTIFY"},
- {NT_TRANS_RENAME, "NT RENAME"},
- {NT_TRANS_QSD, "NT QUERY SECURITY DESC"},
+ {NT_TRANS_CREATE, "NT CREATE"},
+ {NT_TRANS_IOCTL, "NT IOCTL"},
+ {NT_TRANS_SSD, "NT SET SECURITY DESC"},
+ {NT_TRANS_NOTIFY, "NT NOTIFY"},
+ {NT_TRANS_RENAME, "NT RENAME"},
+ {NT_TRANS_QSD, "NT QUERY SECURITY DESC"},
+ {NT_TRANS_GET_USER_QUOTA, "NT GET USER QUOTA"},
+ {NT_TRANS_SET_USER_QUOTA, "NT SET USER QUOTA"},
{0, NULL}
};
};
static const true_false_string tfs_nt_share_access_read = {
"Object can be shared for READ",
- "Object can NOT be shared for delete"
+ "Object can NOT be shared for read"
};
static const value_string oplock_level_vals[] = {
static int
-dissect_nt_security_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_nt_security_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint8 mask;
proto_item *item = NULL;
}
static int
-dissect_nt_share_access(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_nt_share_access(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint32 mask;
proto_item *item = NULL;
static int
-dissect_nt_access_mask(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_nt_access_mask(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint32 mask;
proto_item *item = NULL;
}
/*
- * Some of these bits come from
+ * Some of these bits come from
*
* http://www.samba.org/samba/ftp/specs/smb-nt01.doc
*
}
static int
-dissect_nt_create_bits(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_nt_create_bits(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint32 mask;
proto_item *item = NULL;
};
static int
-dissect_nt_create_options(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_nt_create_options(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint32 mask;
proto_item *item = NULL;
return offset;
}
-
+
static int
-dissect_nt_notify_completion_filter(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_nt_notify_completion_filter(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint32 mask;
proto_item *item = NULL;
"Completion Filter: 0x%08x", mask);
tree = proto_item_add_subtree(item, ett_smb_nt_notify_completion_filter);
}
-
+
proto_tree_add_boolean(tree, hf_smb_nt_notify_stream_write,
tvb, offset, 4, mask);
proto_tree_add_boolean(tree, hf_smb_nt_notify_stream_size,
offset += 4;
return offset;
}
-
+
static int
-dissect_nt_ioctl_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_nt_ioctl_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint8 mask;
proto_item *item = NULL;
#define NT_QSD_SACL 0x00000008
static int
-dissect_security_information_mask(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_security_information_mask(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint32 mask;
proto_item *item = NULL;
return offset;
}
+static void
+free_g_string(void *arg)
+{
+ g_string_free(arg, TRUE);
+}
+
int
-dissect_nt_sid(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, char *name)
+dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, char *name)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
- int old_offset = offset;
+ int old_offset = offset, sa_offset = offset;
+ guint rid;
guint8 revision;
guint8 num_auth;
+ guint auth = 0; /* FIXME: What if it is larger than 32-bits */
int i;
- char str[256], *strp;
+ GString *gstr;
if(parent_tree){
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
offset += 1;
switch(revision){
- case 1: /*only revision of SOD we will se ?*/
+ case 1:
+ case 2: /* Not sure what the different revision numbers mean */
/* number of authorities*/
num_auth = tvb_get_guint8(tvb, offset);
proto_tree_add_item(tree, hf_smb_sid_num_auth, tvb, offset, 1, TRUE);
/* XXX perhaps we should have these thing searchable?
a new FT_xxx thingie? SMB is quite common!*/
/* identifier authorities */
- strp=str;
- strcpy(strp, "S-1-");
-
- proto_tree_add_text(tree, tvb, offset, 6, "Authorities");
for(i=0;i<6;i++){
- guint8 auth = tvb_get_guint8(tvb, offset);
+ auth = (auth << 8) + tvb_get_guint8(tvb, offset);
- if (auth > 0)
- sprintf(strp,"%s%d-",strp, auth);
offset++;
}
- proto_tree_add_text(tree, tvb, offset, num_auth * 4, "Sub-authorities");
+ proto_tree_add_text(tree, tvb, offset - 6, 6, "Authority: %u", auth);
+
+ sa_offset = offset;
+
+ gstr = g_string_new("");
+
+ CLEANUP_PUSH(free_g_string, gstr);
+
+ /* sub authorities, leave RID to last */
+ for(i=0; i < (num_auth > 4?(num_auth - 1):num_auth); i++){
+ /*
+ * XXX should not be letohl but native byteorder according to
+ * Samba header files.
+ *
+ * However, considering that there were never any NT ports
+ * to big-endian platforms (PowerPC and MIPS ran little-endian,
+ * and IA-64 runs little-endian, as does x86-64), we can (?)
+ * assume that non le byte encodings will be "uncommon"?
+ */
+ g_string_sprintfa(gstr, (i>0 ? "-%u" : "%u"),
+ tvb_get_letohl(tvb, offset));
+ offset+=4;
+ }
+
+ proto_tree_add_text(tree, tvb, sa_offset, num_auth * 4, "Sub-authorities: %s", gstr->str);
- /* sub authorities */
- for(i=0;i<num_auth;i++){
- /* XXX should not be letohl but native byteorder according to
- samba header files. considering that all non-x86 NT ports
- are dead we can (?) assume that non le byte encodings
- will be "uncommon"?*/
- sprintf(strp,"%s%d-",strp,tvb_get_letohl(tvb, offset));
+ if (num_auth > 4) {
+ rid = tvb_get_letohl(tvb, offset);
+ proto_tree_add_text(tree, tvb, offset, 4, "RID: %u", rid);
+ proto_item_append_text(item, ": S-1-%u-%s-%u", auth, gstr->str, rid);
offset+=4;
}
- /* strip trailing '-'*/
- str[strlen(str)-1]=0;
+ else {
+ proto_item_append_text(item, ": S-1-%u-%s", auth, gstr->str);
+ }
+
+ CLEANUP_CALL_AND_POP;
- proto_item_append_text(item, ": %s", str);
}
proto_item_set_len(item, offset-old_offset);
};
#define APPEND_ACE_TEXT(flag, item, string) \
- if(item && flag){ \
- proto_item_append_text(item, string); \
- }
+ if(flag){ \
+ if(item) \
+ proto_item_append_text(item, string, sep); \
+ sep = ", "; \
+ }
static int
-dissect_nt_v2_ace_flags(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree)
+dissect_nt_v2_ace_flags(tvbuff_t *tvb, int offset, proto_tree *parent_tree)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
guint8 mask;
+ char *sep = " ";
mask = tvb_get_guint8(tvb, offset);
if(parent_tree){
item = proto_tree_add_text(parent_tree, tvb, offset, 1,
- "NT ACE Flags:0x%02x", mask);
+ "NT ACE Flags: 0x%02x", mask);
tree = proto_item_add_subtree(item, ett_smb_ace_flags);
}
proto_tree_add_boolean(tree, hf_smb_ace_flags_failed_access,
tvb, offset, 1, mask);
- APPEND_ACE_TEXT(mask&0x80, item, " Failed Access,");
+ APPEND_ACE_TEXT(mask&0x80, item, "%sFailed Access");
proto_tree_add_boolean(tree, hf_smb_ace_flags_successful_access,
tvb, offset, 1, mask);
- APPEND_ACE_TEXT(mask&0x40, item, " Successful Access,");
+ APPEND_ACE_TEXT(mask&0x40, item, "%sSuccessful Access");
proto_tree_add_boolean(tree, hf_smb_ace_flags_inherited_ace,
tvb, offset, 1, mask);
- APPEND_ACE_TEXT(mask&0x10, item, " Inherited ACE,");
+ APPEND_ACE_TEXT(mask&0x10, item, "%sInherited ACE");
proto_tree_add_boolean(tree, hf_smb_ace_flags_inherit_only,
tvb, offset, 1, mask);
- APPEND_ACE_TEXT(mask&0x08, item, " Inherit Only,");
+ APPEND_ACE_TEXT(mask&0x08, item, "%sInherit Only");
proto_tree_add_boolean(tree, hf_smb_ace_flags_non_propagate_inherit,
tvb, offset, 1, mask);
- APPEND_ACE_TEXT(mask&0x04, item, " No Propagate Inherit,");
+ APPEND_ACE_TEXT(mask&0x04, item, "%sNo Propagate Inherit");
proto_tree_add_boolean(tree, hf_smb_ace_flags_container_inherit,
tvb, offset, 1, mask);
- APPEND_ACE_TEXT(mask&0x02, item, " Container Inherit,");
+ APPEND_ACE_TEXT(mask&0x02, item, "%sContainer Inherit");
proto_tree_add_boolean(tree, hf_smb_ace_flags_object_inherit,
tvb, offset, 1, mask);
- APPEND_ACE_TEXT(mask&0x01, item, " Object Inherit,");
+ APPEND_ACE_TEXT(mask&0x01, item, "%sObject Inherit");
offset += 1;
}
static int
-dissect_nt_v2_ace(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree)
+dissect_nt_v2_ace(tvbuff_t *tvb, int offset, proto_tree *parent_tree)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset = offset;
-
+ guint16 size;
+
if(parent_tree){
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
"NT ACE: ");
offset += 1;
/* flags */
- offset = dissect_nt_v2_ace_flags(tvb, pinfo, offset, tree);
+ offset = dissect_nt_v2_ace_flags(tvb, offset, tree);
/* size */
- proto_tree_add_item(tree, hf_smb_ace_size, tvb, offset, 2, TRUE);
+ size = tvb_get_letohs(tvb, offset);
+ proto_tree_add_uint(tree, hf_smb_ace_size, tvb, offset, 2, size);
offset += 2;
/* access mask */
- offset = dissect_nt_access_mask(tvb, pinfo, tree, offset);
+ offset = dissect_nt_access_mask(tvb, tree, offset);
/* SID */
- offset = dissect_nt_sid(tvb, pinfo, offset, tree, "ACE");
+ offset = dissect_nt_sid(tvb, offset, tree, "ACE");
proto_item_set_len(item, offset-old_offset);
- return offset;
+
+ /* Sometimes there is some spare space at the end of the ACE so use
+ the size field to work out where the end is. */
+
+ return old_offset + size;
}
static int
-dissect_nt_acl(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, char *name)
+dissect_nt_acl(tvbuff_t *tvb, int offset, proto_tree *parent_tree, char *name)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset = offset;
- guint16 revision, size;
+ guint16 revision;
guint32 num_aces;
if(parent_tree){
switch(revision){
case 2: /* only version we will ever see of this structure?*/
+ case 3:
/* size */
proto_tree_add_item(tree, hf_smb_acl_size, tvb, offset, 2, TRUE);
offset += 2;
offset += 4;
while(num_aces--){
- offset=dissect_nt_v2_ace(tvb, pinfo, offset, tree);
+ offset=dissect_nt_v2_ace(tvb, offset, tree);
}
}
static int
-dissect_nt_sec_desc_type(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree)
+dissect_nt_sec_desc_type(tvbuff_t *tvb, int offset, proto_tree *parent_tree)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
return offset;
}
-
-static int
-dissect_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, int len)
+int
+dissect_nt_sec_desc(tvbuff_t *tvb, int offset, proto_tree *parent_tree, int len)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
switch(revision){
case 1: /* only version we will ever see of this structure?*/
/* type */
- offset = dissect_nt_sec_desc_type(tvb, pinfo, offset, tree);
+ offset = dissect_nt_sec_desc_type(tvb, offset, tree);
/* offset to owner sid */
owner_sid_offset = tvb_get_letohl(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 4, "Offset to owner SID : %d", owner_sid_offset);
+ proto_tree_add_text(tree, tvb, offset, 4, "Offset to owner SID: %d", owner_sid_offset);
offset += 4;
/* offset to group sid */
group_sid_offset = tvb_get_letohl(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 4, "Offset to group SID : %d", group_sid_offset);
+ proto_tree_add_text(tree, tvb, offset, 4, "Offset to group SID: %d", group_sid_offset);
offset += 4;
/* offset to sacl */
sacl_offset = tvb_get_letohl(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 4, "Offset to SACL : %d", sacl_offset);
+ proto_tree_add_text(tree, tvb, offset, 4, "Offset to SACL: %d", sacl_offset);
offset += 4;
/* offset to dacl */
dacl_offset = tvb_get_letohl(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 4, "Offset to DACL : %d", dacl_offset);
+ proto_tree_add_text(tree, tvb, offset, 4, "Offset to DACL: %d", dacl_offset);
offset += 4;
/*owner SID*/
if(owner_sid_offset){
- dissect_nt_sid(tvb, pinfo, old_offset+owner_sid_offset, tree, "Owner");
+ if (len == -1)
+ offset = dissect_nt_sid(tvb, offset, tree, "Owner");
+ else
+ dissect_nt_sid(tvb, old_offset+owner_sid_offset, tree, "Owner");
}
/*group SID*/
if(group_sid_offset){
- dissect_nt_sid(tvb, pinfo, old_offset+group_sid_offset, tree, "Group");
+ dissect_nt_sid(tvb, old_offset+group_sid_offset, tree, "Group");
}
/* sacl */
if(sacl_offset){
- dissect_nt_acl(tvb, pinfo, old_offset+sacl_offset, tree, "System (SACL)");
+ dissect_nt_acl(tvb, old_offset+sacl_offset, tree, "System (SACL)");
}
/* dacl */
if(dacl_offset){
- dissect_nt_acl(tvb, pinfo, old_offset+dacl_offset, tree, "User (DACL)");
+ dissect_nt_acl(tvb, old_offset+dacl_offset, tree, "User (DACL)");
}
}
}
static int
-dissect_nt_trans_data_request(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, int len, nt_trans_data *ntd)
+dissect_nt_user_quota(tvbuff_t *tvb, proto_tree *tree, int offset, guint16 *bcp)
+{
+ int old_offset, old_sid_offset;
+ guint32 qsize;
+
+ do {
+ old_offset=offset;
+
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ qsize=tvb_get_letohl(tvb, offset);
+ proto_tree_add_uint(tree, hf_smb_user_quota_offset, tvb, offset, 4, qsize);
+ COUNT_BYTES_TRANS_SUBR(4);
+
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ /* length of SID */
+ proto_tree_add_text(tree, tvb, offset, 4, "Length of SID: %d", tvb_get_letohl(tvb, offset));
+ COUNT_BYTES_TRANS_SUBR(4);
+
+ /* 16 unknown bytes */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ proto_tree_add_item(tree, hf_smb_unknown, tvb,
+ offset, 8, TRUE);
+ COUNT_BYTES_TRANS_SUBR(8);
+
+ /* number of bytes for used quota */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ proto_tree_add_item(tree, hf_smb_user_quota_used, tvb, offset, 8, TRUE);
+ COUNT_BYTES_TRANS_SUBR(8);
+
+ /* number of bytes for quota warning */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ proto_tree_add_item(tree, hf_smb_soft_quota_limit, tvb, offset, 8, TRUE);
+ COUNT_BYTES_TRANS_SUBR(8);
+
+ /* number of bytes for quota limit */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ proto_tree_add_item(tree, hf_smb_hard_quota_limit, tvb, offset, 8, TRUE);
+ COUNT_BYTES_TRANS_SUBR(8);
+
+ /* SID of the user */
+ old_sid_offset=offset;
+ offset = dissect_nt_sid(tvb, offset, tree, "Quota");
+ *bcp -= (offset-old_sid_offset);
+
+ if(qsize){
+ offset = old_offset+qsize;
+ }
+ }while(qsize);
+
+
+ return offset;
+}
+
+
+static int
+dissect_nt_trans_data_request(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, int bc, nt_trans_data *ntd)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
smb_info_t *si;
+ int old_offset = offset;
+ guint16 bcp=bc; /* XXX fixme */
si = (smb_info_t *)pinfo->private_data;
if(parent_tree){
- item = proto_tree_add_text(parent_tree, tvb, offset, len,
+ item = proto_tree_add_text(parent_tree, tvb, offset, bc,
"%s Data",
val_to_str(ntd->subcmd, nt_cmd_vals, "Unknown NT transaction (%u)"));
- tree = proto_item_add_subtree(item, ett_smb_nt_trans_setup);
+ tree = proto_item_add_subtree(item, ett_smb_nt_trans_data);
}
switch(ntd->subcmd){
case NT_TRANS_CREATE:
/* security descriptor */
if(ntd->sd_len){
- offset = dissect_nt_sec_desc(tvb, pinfo, offset, tree, ntd->sd_len);
+ offset = dissect_nt_sec_desc(tvb, offset, tree, ntd->sd_len);
}
/* extended attributes */
break;
case NT_TRANS_IOCTL:
/* ioctl data */
- proto_tree_add_item(tree, hf_smb_nt_ioctl_data, tvb, offset, len, TRUE);
- offset += len;
+ proto_tree_add_item(tree, hf_smb_nt_ioctl_data, tvb, offset, bc, TRUE);
+ offset += bc;
break;
case NT_TRANS_SSD:
- offset = dissect_nt_sec_desc(tvb, pinfo, offset, tree, len);
+ offset = dissect_nt_sec_desc(tvb, offset, tree, bc);
break;
case NT_TRANS_NOTIFY:
break;
break;
case NT_TRANS_QSD:
break;
+ case NT_TRANS_GET_USER_QUOTA:
+ /* unknown 4 bytes */
+ proto_tree_add_item(tree, hf_smb_unknown, tvb,
+ offset, 4, TRUE);
+ offset += 4;
+
+ /* length of SID */
+ proto_tree_add_text(tree, tvb, offset, 4, "Length of SID: %d", tvb_get_letohl(tvb, offset));
+ offset +=4;
+
+ offset = dissect_nt_sid(tvb, offset, tree, "Quota");
+ break;
+ case NT_TRANS_SET_USER_QUOTA:
+ offset = dissect_nt_user_quota(tvb, tree, offset, &bcp);
+ break;
+ }
+
+ /* ooops there were data we didnt know how to process */
+ if((offset-old_offset) < bc){
+ proto_tree_add_item(tree, hf_smb_unknown, tvb, offset,
+ bc - (offset-old_offset), TRUE);
+ offset += bc - (offset-old_offset);
}
return offset;
item = proto_tree_add_text(parent_tree, tvb, offset, len,
"%s Parameters",
val_to_str(ntd->subcmd, nt_cmd_vals, "Unknown NT transaction (%u)"));
- tree = proto_item_add_subtree(item, ett_smb_nt_trans_setup);
+ tree = proto_item_add_subtree(item, ett_smb_nt_trans_param);
}
switch(ntd->subcmd){
case NT_TRANS_CREATE:
/* Create flags */
- offset = dissect_nt_create_bits(tvb, pinfo, tree, offset);
+ offset = dissect_nt_create_bits(tvb, tree, offset);
bc -= 4;
/* root directory fid */
COUNT_BYTES(4);
/* nt access mask */
- offset = dissect_nt_access_mask(tvb, pinfo, tree, offset);
+ offset = dissect_nt_access_mask(tvb, tree, offset);
bc -= 4;
-
+
/* allocation size */
proto_tree_add_item(tree, hf_smb_alloc_size64, tvb, offset, 8, TRUE);
COUNT_BYTES(8);
-
+
/* Extended File Attributes */
- offset = dissect_file_ext_attr(tvb, pinfo, tree, offset);
+ offset = dissect_file_ext_attr(tvb, tree, offset);
bc -= 4;
/* share access */
- offset = dissect_nt_share_access(tvb, pinfo, tree, offset);
+ offset = dissect_nt_share_access(tvb, tree, offset);
bc -= 4;
-
+
/* create disposition */
proto_tree_add_item(tree, hf_smb_nt_create_disposition, tvb, offset, 4, TRUE);
COUNT_BYTES(4);
/* create options */
- offset = dissect_nt_create_options(tvb, pinfo, tree, offset);
+ offset = dissect_nt_create_options(tvb, tree, offset);
bc -= 4;
/* sd length */
/* impersonation level */
proto_tree_add_item(tree, hf_smb_nt_impersonation_level, tvb, offset, 4, TRUE);
COUNT_BYTES(4);
-
+
/* security flags */
- offset = dissect_nt_security_flags(tvb, pinfo, tree, offset);
+ offset = dissect_nt_security_flags(tvb, tree, offset);
bc -= 1;
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, TRUE, TRUE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, TRUE, TRUE, &bc);
if (fn != NULL) {
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
break;
case NT_TRANS_IOCTL:
break;
- case NT_TRANS_SSD:
+ case NT_TRANS_SSD: {
+ guint16 fid;
+
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* 2 reserved bytes */
offset += 2;
/* security information */
- offset = dissect_security_information_mask(tvb, pinfo, tree, offset);
+ offset = dissect_security_information_mask(tvb, tree, offset);
break;
+ }
case NT_TRANS_NOTIFY:
break;
case NT_TRANS_RENAME:
/* XXX not documented */
break;
- case NT_TRANS_QSD:
+ case NT_TRANS_QSD: {
+ guint16 fid;
+
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* 2 reserved bytes */
offset += 2;
/* security information */
- offset = dissect_security_information_mask(tvb, pinfo, tree, offset);
+ offset = dissect_security_information_mask(tvb, tree, offset);
+ break;
+ }
+ case NT_TRANS_GET_USER_QUOTA:
+ /* not decoded yet */
+ break;
+ case NT_TRANS_SET_USER_QUOTA:
+ /* not decoded yet */
break;
}
val_to_str(ntd->subcmd, nt_cmd_vals, "Unknown NT transaction (%u)"));
tree = proto_item_add_subtree(item, ett_smb_nt_trans_setup);
}
-
+
switch(ntd->subcmd){
case NT_TRANS_CREATE:
break;
- case NT_TRANS_IOCTL:
+ case NT_TRANS_IOCTL: {
+ guint16 fid;
+
/* function code */
proto_tree_add_item(tree, hf_smb_nt_ioctl_function_code, tvb, offset, 4, TRUE);
offset += 4;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* isfsctl */
offset += 1;
/* isflags */
- offset = dissect_nt_ioctl_flags(tvb, pinfo, tree, offset);
+ offset = dissect_nt_ioctl_flags(tvb, tree, offset);
break;
+ }
case NT_TRANS_SSD:
break;
- case NT_TRANS_NOTIFY:
+ case NT_TRANS_NOTIFY: {
+ guint16 fid;
+
/* completion filter */
- offset = dissect_nt_notify_completion_filter(tvb, pinfo, tree, offset);
+ offset = dissect_nt_notify_completion_filter(tvb, tree, offset);
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
/* watch tree */
offset += 1;
break;
+ }
case NT_TRANS_RENAME:
/* XXX not documented */
break;
case NT_TRANS_QSD:
break;
+ case NT_TRANS_GET_USER_QUOTA:
+ /* not decoded yet */
+ break;
+ case NT_TRANS_SET_USER_QUOTA:
+ /* not decoded yet */
+ break;
}
-
+
return old_offset+len;
}
static int
-dissect_nt_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_nt_transaction_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc, sc;
guint32 pc=0, po=0, pd, dc=0, od=0, dd;
/* total param count */
proto_tree_add_item(tree, hf_smb_total_param_count, tvb, offset, 4, TRUE);
offset += 4;
-
+
/* total data count */
proto_tree_add_item(tree, hf_smb_total_data_count, tvb, offset, 4, TRUE);
offset += 4;
pc = tvb_get_letohl(tvb, offset);
proto_tree_add_uint(tree, hf_smb_param_count32, tvb, offset, 4, pc);
offset += 4;
-
+
/* param offset */
po = tvb_get_letohl(tvb, offset);
proto_tree_add_uint(tree, hf_smb_param_offset32, tvb, offset, 4, po);
ntd.subcmd = subcmd;
if (!si->unidir) {
if(!pinfo->fd->flags.visited){
- /*
+ /*
* Allocate a new smb_nt_transact_info_t
* structure.
*/
}
BYTE_COUNT;
-
+
/* parameters */
if(po>(guint32)offset){
/* We have some initial padding bytes.
static int
-dissect_nt_trans_data_response(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, int len, nt_trans_data *ntd)
+dissect_nt_trans_data_response(tvbuff_t *tvb, packet_info *pinfo,
+ int offset, proto_tree *parent_tree, int len,
+ nt_trans_data *ntd _U_)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
smb_info_t *si;
smb_nt_transact_info_t *nti;
+ guint16 bcp;
si = (smb_info_t *)pinfo->private_data;
if (si->sip != NULL)
item = proto_tree_add_text(parent_tree, tvb, offset, len,
"Unknown NT Transaction Data (matching request not seen)");
}
- tree = proto_item_add_subtree(item, ett_smb_nt_trans_setup);
+ tree = proto_item_add_subtree(item, ett_smb_nt_trans_data);
}
if (nti == NULL) {
* which may be documented in the Win32 documentation
* somewhere.
*/
- offset = dissect_nt_sec_desc(tvb, pinfo, offset, tree, len);
+ offset = dissect_nt_sec_desc(tvb, offset, tree, len);
+ break;
+ case NT_TRANS_GET_USER_QUOTA:
+ bcp=len;
+ offset = dissect_nt_user_quota(tvb, tree, offset, &bcp);
+ break;
+ case NT_TRANS_SET_USER_QUOTA:
+ /* not decoded yet */
break;
}
return offset;
}
-
+
static int
-dissect_nt_trans_param_response(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, int len, nt_trans_data *ntd, guint16 bc)
+dissect_nt_trans_param_response(tvbuff_t *tvb, packet_info *pinfo,
+ int offset, proto_tree *parent_tree,
+ int len, nt_trans_data *ntd _U_, guint16 bc)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
smb_info_t *si;
smb_nt_transact_info_t *nti;
guint16 fid;
+ int old_offset;
+ guint32 neo;
+ int padcnt;
si = (smb_info_t *)pinfo->private_data;
if (si->sip != NULL)
item = proto_tree_add_text(parent_tree, tvb, offset, len,
"Unknown NT Transaction Parameters (matching request not seen)");
}
- tree = proto_item_add_subtree(item, ett_smb_nt_trans_setup);
+ tree = proto_item_add_subtree(item, ett_smb_nt_trans_param);
}
if (nti == NULL) {
/* reserved byte */
proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 1, TRUE);
offset += 1;
-
+
/* fid */
fid = tvb_get_letohs(tvb, offset);
add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 4;
/* create time */
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
+ offset = dissect_smb_64bit_time(tvb, tree, offset,
hf_smb_create_time);
-
+
/* access time */
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
+ offset = dissect_smb_64bit_time(tvb, tree, offset,
hf_smb_access_time);
-
+
/* last write time */
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
+ offset = dissect_smb_64bit_time(tvb, tree, offset,
hf_smb_last_write_time);
-
+
/* last change time */
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
+ offset = dissect_smb_64bit_time(tvb, tree, offset,
hf_smb_change_time);
-
+
/* Extended File Attributes */
- offset = dissect_file_ext_attr(tvb, pinfo, tree, offset);
+ offset = dissect_file_ext_attr(tvb, tree, offset);
/* allocation size */
proto_tree_add_item(tree, hf_smb_alloc_size64, tvb, offset, 8, TRUE);
offset += 2;
/* device state */
- offset = dissect_ipc_state(tvb, pinfo, tree, offset, FALSE);
+ offset = dissect_ipc_state(tvb, tree, offset, FALSE);
/* is directory */
proto_tree_add_item(tree, hf_smb_is_directory, tvb, offset, 1, TRUE);
break;
case NT_TRANS_NOTIFY:
while(len){
+ old_offset = offset;
+
/* next entry offset */
- proto_tree_add_item(tree, hf_smb_next_entry_offset, tvb, offset, 4, TRUE);
+ neo = tvb_get_letohl(tvb, offset);
+ proto_tree_add_uint(tree, hf_smb_next_entry_offset, tvb, offset, 4, neo);
COUNT_BYTES(4);
len -= 4;
/* broken implementations */
if(len<0)break;
-
+
/* action */
proto_tree_add_item(tree, hf_smb_nt_notify_action, tvb, offset, 4, TRUE);
COUNT_BYTES(4);
if(len<0)break;
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, TRUE, TRUE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, TRUE, TRUE, &bc);
if (fn == NULL)
break;
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
/* broken implementations */
if(len<0)break;
+ if (neo == 0)
+ break; /* no more structures */
+
+ /* skip to next structure */
+ padcnt = (old_offset + neo) - offset;
+ if (padcnt < 0) {
+ /*
+ * XXX - this is bogus; flag it?
+ */
+ padcnt = 0;
+ }
+ if (padcnt != 0) {
+ COUNT_BYTES(padcnt);
+ len -= padcnt;
+ /* broken implementations */
+ if(len<0)break;
+ }
}
break;
case NT_TRANS_RENAME:
proto_tree_add_item(tree, hf_smb_sec_desc_len, tvb, offset, 4, TRUE);
offset += 4;
break;
+ case NT_TRANS_GET_USER_QUOTA:
+ proto_tree_add_text(tree, tvb, offset, 4, "Size of returned Quota data: %d",
+ tvb_get_letohl(tvb, offset));
+ offset += 4;
+ break;
+ case NT_TRANS_SET_USER_QUOTA:
+ /* not decoded yet */
+ break;
}
return offset;
}
-
+
static int
-dissect_nt_trans_setup_response(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, int len, nt_trans_data *ntd)
+dissect_nt_trans_setup_response(tvbuff_t *tvb, packet_info *pinfo,
+ int offset, proto_tree *parent_tree,
+ int len, nt_trans_data *ntd _U_)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
break;
case NT_TRANS_QSD:
break;
+ case NT_TRANS_GET_USER_QUOTA:
+ /* not decoded yet */
+ break;
+ case NT_TRANS_SET_USER_QUOTA:
+ /* not decoded yet */
+ break;
}
return offset;
}
static int
-dissect_nt_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_nt_transaction_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc, sc;
guint32 pc=0, po=0, pd=0, dc=0, od=0, dd=0;
tp = tvb_get_letohl(tvb, offset);
proto_tree_add_uint(tree, hf_smb_total_param_count, tvb, offset, 4, tp);
offset += 4;
-
+
/* total data count */
td = tvb_get_letohl(tvb, offset);
proto_tree_add_uint(tree, hf_smb_total_data_count, tvb, offset, 4, td);
pc = tvb_get_letohl(tvb, offset);
proto_tree_add_uint(tree, hf_smb_param_count32, tvb, offset, 4, pc);
offset += 4;
-
+
/* param offset */
po = tvb_get_letohl(tvb, offset);
proto_tree_add_uint(tree, hf_smb_param_offset32, tvb, offset, 4, po);
proto_tree_add_uint(tree, hf_smb_setup_count, tvb, offset, 1, sc);
offset += 1;
- /* setup data */
+ /* setup data */
if(sc){
dissect_nt_trans_setup_response(tvb, pinfo, offset, tree, sc*2, &ntd);
offset += sc*2;
save_fragmented = pinfo->fragmented;
/* do we need reassembly? */
if( (td&&(td!=dc)) || (tp&&(tp!=pc)) ){
- /* oh yeah, either data or parameter section needs
+ /* oh yeah, either data or parameter section needs
reassembly...
*/
pinfo->fragmented = TRUE;
if(smb_trans_reassembly){
/* ...and we were told to do reassembly */
if(pc && ((unsigned int)tvb_length_remaining(tvb, po)>=pc) ){
- r_fd = smb_trans_defragment(tree, pinfo, tvb,
+ r_fd = smb_trans_defragment(tree, pinfo, tvb,
po, pc, pd, td+tp);
-
+
}
if((r_fd==NULL) && dc && ((unsigned int)tvb_length_remaining(tvb, od)>=dc) ){
- r_fd = smb_trans_defragment(tree, pinfo, tvb,
+ r_fd = smb_trans_defragment(tree, pinfo, tvb,
od, dc, dd+tp, td+tp);
}
}
}
/* if we got a reassembled fd structure from the reassembly routine we
- must create pd_tvb from it
+ must create pd_tvb from it
*/
if(r_fd){
- proto_tree *tr;
- proto_item *it;
- fragment_data *fd;
-
- it = proto_tree_add_text(tree, tvb, 0, 0, "Fragments");
- tr = proto_item_add_subtree(it, ett_smb_segments);
- for(fd=r_fd->next;fd;fd=fd->next){
- proto_tree_add_text(tr, tvb, 0, 0, "Frame:%u Data:%u-%u",
- fd->frame, fd->offset, fd->offset+fd->len-1);
- }
-
pd_tvb = tvb_new_real_data(r_fd->data, r_fd->datalen,
- r_fd->datalen, "Reassembled SMB");
+ r_fd->datalen);
tvb_set_child_real_data_tvbuff(tvb, pd_tvb);
- pinfo->fd->data_src = g_slist_append(pinfo->fd->data_src, pd_tvb);
- pinfo->fragmented = FALSE;
+ add_new_data_source(pinfo, pd_tvb, "Reassembled SMB");
+
+ show_fragment_tree(r_fd, &smb_frag_items, tree, pinfo, pd_tvb);
}
&ntd, tvb_length(pd_tvb));
dissect_nt_trans_data_response(pd_tvb, pinfo, tp, tree, td, &ntd);
} else {
- /* we do not have reassembled data, just use what we have in the
+ /* we do not have reassembled data, just use what we have in the
packet as well as we can */
/* parameters */
if(po>(guint32)offset){
dissect_nt_trans_param_response(tvb, pinfo, offset, tree, pc, &ntd, bc);
COUNT_BYTES(pc);
}
-
+
/* data */
if(od>(guint32)offset){
/* We have some initial padding bytes.
{1, "Graphics Mode"},
{0, NULL}
};
-
+
static int
-dissect_open_print_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_open_print_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
COUNT_BYTES(1);
/* print identifier */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, TRUE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, TRUE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_print_identifier, tvb, offset, fn_len,
static int
-dissect_write_print_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_write_print_file_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
int cnt;
guint8 wc;
- guint16 bc;
+ guint16 bc, fid;
WORD_COUNT;
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
BYTE_COUNT;
COUNT_BYTES(2);
/* file data */
- offset = dissect_file_data(tvb, pinfo, tree, offset, cnt, cnt);
+ offset = dissect_file_data(tvb, tree, offset, cnt, cnt);
END_OF_SMB
{6, "Printer error"},
{0, NULL}
};
-
+
static int
-dissect_get_print_queue_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_get_print_queue_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
{
proto_item *item = NULL;
proto_tree *tree = NULL;
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
/* queued time */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_print_queue_date,
hf_smb_print_queue_dos_date, hf_smb_print_queue_dos_time, FALSE);
*bcp -= 4;
/* file name */
fn_len = 16;
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, TRUE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, TRUE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_print_spool_file_name, tvb, offset, 16,
fn);
}
static int
-dissect_get_print_queue_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_get_print_queue_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint16 cnt=0, len;
guint8 wc;
static int
-dissect_nt_create_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_send_single_block_message_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
- guint8 wc, cmd=0xff;
- guint16 andxoffset=0;
+ int name_len;
guint16 bc;
- int fn_len;
- const char *fn;
+ guint8 wc;
+ guint16 message_len;
WORD_COUNT;
- /* next smb command */
- cmd = tvb_get_guint8(tvb, offset);
- if(cmd!=0xff){
- proto_tree_add_uint_format(tree, hf_smb_cmd, tvb, offset, 1, cmd, "AndXCommand: %s (0x%02x)", decode_smb_name(cmd), cmd);
- } else {
- proto_tree_add_uint_format(tree, hf_smb_cmd, tvb, offset, 1, cmd, "AndXCommand: No further commands (0xff)");
- }
- offset += 1;
-
- /* reserved byte */
- proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 1, TRUE);
- offset += 1;
+ BYTE_COUNT;
- /* andxoffset */
- andxoffset = tvb_get_letohs(tvb, offset);
- proto_tree_add_uint(tree, hf_smb_andxoffset, tvb, offset, 2, andxoffset);
- offset += 2;
+ /* buffer format */
+ CHECK_BYTE_COUNT(1);
+ proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
+ COUNT_BYTES(1);
- /* reserved byte */
- proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 1, TRUE);
- offset += 1;
+ /* originator name */
+ /* XXX - what if this runs past bc? */
+ name_len = tvb_strsize(tvb, offset);
+ CHECK_BYTE_COUNT(name_len);
+ proto_tree_add_item(tree, hf_smb_originator_name, tvb, offset,
+ name_len, TRUE);
+ COUNT_BYTES(name_len);
- /* file name len */
- fn_len = tvb_get_letohs(tvb, offset);
- proto_tree_add_uint(tree, hf_smb_file_name_len, tvb, offset, 2, fn_len);
- offset += 2;
+ /* buffer format */
+ CHECK_BYTE_COUNT(1);
+ proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
+ COUNT_BYTES(1);
- /* Create flags */
- offset = dissect_nt_create_bits(tvb, pinfo, tree, offset);
+ /* destination name */
+ /* XXX - what if this runs past bc? */
+ name_len = tvb_strsize(tvb, offset);
+ CHECK_BYTE_COUNT(name_len);
+ proto_tree_add_item(tree, hf_smb_destination_name, tvb, offset,
+ name_len, TRUE);
+ COUNT_BYTES(name_len);
- /* root directory fid */
- proto_tree_add_item(tree, hf_smb_root_dir_fid, tvb, offset, 4, TRUE);
- offset += 4;
+ /* buffer format */
+ CHECK_BYTE_COUNT(1);
+ proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
+ COUNT_BYTES(1);
- /* nt access mask */
- offset = dissect_nt_access_mask(tvb, pinfo, tree, offset);
+ /* message len */
+ CHECK_BYTE_COUNT(2);
+ message_len = tvb_get_letohs(tvb, offset);
+ proto_tree_add_uint(tree, hf_smb_message_len, tvb, offset, 2,
+ message_len);
+ COUNT_BYTES(2);
- /* allocation size */
- proto_tree_add_item(tree, hf_smb_alloc_size64, tvb, offset, 8, TRUE);
- offset += 8;
+ /* message */
+ CHECK_BYTE_COUNT(message_len);
+ proto_tree_add_item(tree, hf_smb_message, tvb, offset, message_len,
+ TRUE);
+ COUNT_BYTES(message_len);
- /* Extended File Attributes */
- offset = dissect_file_ext_attr(tvb, pinfo, tree, offset);
+ END_OF_SMB
- /* share access */
- offset = dissect_nt_share_access(tvb, pinfo, tree, offset);
+ return offset;
+}
- /* create disposition */
- proto_tree_add_item(tree, hf_smb_nt_create_disposition, tvb, offset, 4, TRUE);
- offset += 4;
+static int
+dissect_send_multi_block_message_start_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ int name_len;
+ guint16 bc;
+ guint8 wc;
- /* create options */
- offset = dissect_nt_create_options(tvb, pinfo, tree, offset);
+ WORD_COUNT;
- /* impersonation level */
- proto_tree_add_item(tree, hf_smb_nt_impersonation_level, tvb, offset, 4, TRUE);
- offset += 4;
+ BYTE_COUNT;
+
+ /* buffer format */
+ CHECK_BYTE_COUNT(1);
+ proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
+ COUNT_BYTES(1);
+
+ /* originator name */
+ /* XXX - what if this runs past bc? */
+ name_len = tvb_strsize(tvb, offset);
+ CHECK_BYTE_COUNT(name_len);
+ proto_tree_add_item(tree, hf_smb_originator_name, tvb, offset,
+ name_len, TRUE);
+ COUNT_BYTES(name_len);
+
+ /* buffer format */
+ CHECK_BYTE_COUNT(1);
+ proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
+ COUNT_BYTES(1);
+
+ /* destination name */
+ /* XXX - what if this runs past bc? */
+ name_len = tvb_strsize(tvb, offset);
+ CHECK_BYTE_COUNT(name_len);
+ proto_tree_add_item(tree, hf_smb_destination_name, tvb, offset,
+ name_len, TRUE);
+ COUNT_BYTES(name_len);
+
+ END_OF_SMB
+
+ return offset;
+}
+
+static int
+dissect_message_group_id(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ guint16 bc;
+ guint8 wc;
+
+ WORD_COUNT;
+
+ /* message group ID */
+ proto_tree_add_item(tree, hf_smb_mgid, tvb, offset, 2, TRUE);
+ offset += 2;
+
+ BYTE_COUNT;
+
+ END_OF_SMB
+
+ return offset;
+}
+
+static int
+dissect_send_multi_block_message_text_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ guint16 bc;
+ guint8 wc;
+ guint16 message_len;
+
+ WORD_COUNT;
+
+ BYTE_COUNT;
+
+ /* buffer format */
+ CHECK_BYTE_COUNT(1);
+ proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
+ COUNT_BYTES(1);
+
+ /* message len */
+ CHECK_BYTE_COUNT(2);
+ message_len = tvb_get_letohs(tvb, offset);
+ proto_tree_add_uint(tree, hf_smb_message_len, tvb, offset, 2,
+ message_len);
+ COUNT_BYTES(2);
+
+ /* message */
+ CHECK_BYTE_COUNT(message_len);
+ proto_tree_add_item(tree, hf_smb_message, tvb, offset, message_len,
+ TRUE);
+ COUNT_BYTES(message_len);
+
+ END_OF_SMB
+
+ return offset;
+}
+
+static int
+dissect_forwarded_name(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ int name_len;
+ guint16 bc;
+ guint8 wc;
+
+ WORD_COUNT;
+
+ BYTE_COUNT;
+
+ /* buffer format */
+ CHECK_BYTE_COUNT(1);
+ proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
+ COUNT_BYTES(1);
+
+ /* forwarded name */
+ /* XXX - what if this runs past bc? */
+ name_len = tvb_strsize(tvb, offset);
+ CHECK_BYTE_COUNT(name_len);
+ proto_tree_add_item(tree, hf_smb_forwarded_name, tvb, offset,
+ name_len, TRUE);
+ COUNT_BYTES(name_len);
+
+ END_OF_SMB
+
+ return offset;
+}
+
+static int
+dissect_get_machine_name_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ int name_len;
+ guint16 bc;
+ guint8 wc;
+
+ WORD_COUNT;
+
+ BYTE_COUNT;
+
+ /* buffer format */
+ CHECK_BYTE_COUNT(1);
+ proto_tree_add_item(tree, hf_smb_buffer_format, tvb, offset, 1, TRUE);
+ COUNT_BYTES(1);
+
+ /* machine name */
+ /* XXX - what if this runs past bc? */
+ name_len = tvb_strsize(tvb, offset);
+ CHECK_BYTE_COUNT(name_len);
+ proto_tree_add_item(tree, hf_smb_machine_name, tvb, offset,
+ name_len, TRUE);
+ COUNT_BYTES(name_len);
+
+ END_OF_SMB
+
+ return offset;
+}
+
+
+static int
+dissect_nt_create_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+{
+ guint8 wc, cmd=0xff;
+ guint16 andxoffset=0;
+ guint16 bc;
+ smb_info_t *si = pinfo->private_data;
+ int fn_len;
+ const char *fn;
+
+ WORD_COUNT;
+
+ /* next smb command */
+ cmd = tvb_get_guint8(tvb, offset);
+ if(cmd!=0xff){
+ proto_tree_add_uint_format(tree, hf_smb_cmd, tvb, offset, 1, cmd, "AndXCommand: %s (0x%02x)", decode_smb_name(cmd), cmd);
+ } else {
+ proto_tree_add_uint_format(tree, hf_smb_cmd, tvb, offset, 1, cmd, "AndXCommand: No further commands (0xff)");
+ }
+ offset += 1;
+
+ /* reserved byte */
+ proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 1, TRUE);
+ offset += 1;
+
+ /* andxoffset */
+ andxoffset = tvb_get_letohs(tvb, offset);
+ proto_tree_add_uint(tree, hf_smb_andxoffset, tvb, offset, 2, andxoffset);
+ offset += 2;
+
+ /* reserved byte */
+ proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 1, TRUE);
+ offset += 1;
+
+ /* file name len */
+ fn_len = tvb_get_letohs(tvb, offset);
+ proto_tree_add_uint(tree, hf_smb_file_name_len, tvb, offset, 2, fn_len);
+ offset += 2;
+
+ /* Create flags */
+ offset = dissect_nt_create_bits(tvb, tree, offset);
+
+ /* root directory fid */
+ proto_tree_add_item(tree, hf_smb_root_dir_fid, tvb, offset, 4, TRUE);
+ offset += 4;
+
+ /* nt access mask */
+ offset = dissect_nt_access_mask(tvb, tree, offset);
+
+ /* allocation size */
+ proto_tree_add_item(tree, hf_smb_alloc_size64, tvb, offset, 8, TRUE);
+ offset += 8;
+
+ /* Extended File Attributes */
+ offset = dissect_file_ext_attr(tvb, tree, offset);
+
+ /* share access */
+ offset = dissect_nt_share_access(tvb, tree, offset);
+
+ /* create disposition */
+ proto_tree_add_item(tree, hf_smb_nt_create_disposition, tvb, offset, 4, TRUE);
+ offset += 4;
+
+ /* create options */
+ offset = dissect_nt_create_options(tvb, tree, offset);
+
+ /* impersonation level */
+ proto_tree_add_item(tree, hf_smb_nt_impersonation_level, tvb, offset, 4, TRUE);
+ offset += 4;
/* security flags */
- offset = dissect_nt_security_flags(tvb, pinfo, tree, offset);
+ offset = dissect_nt_security_flags(tvb, tree, offset);
BYTE_COUNT;
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
-
+
static int
dissect_nt_create_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
offset += 4;
/* create time */
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_create_time);
-
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time);
+
/* access time */
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_access_time);
-
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_access_time);
+
/* last write time */
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
+ offset = dissect_smb_64bit_time(tvb, tree, offset,
hf_smb_last_write_time);
/* last change time */
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_change_time);
-
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_change_time);
+
/* Extended File Attributes */
- offset = dissect_file_ext_attr(tvb, pinfo, tree, offset);
+ offset = dissect_file_ext_attr(tvb, tree, offset);
/* allocation size */
proto_tree_add_item(tree, hf_smb_alloc_size64, tvb, offset, 8, TRUE);
offset += 2;
/* IPC State */
- offset = dissect_ipc_state(tvb, pinfo, tree, offset, FALSE);
+ offset = dissect_ipc_state(tvb, tree, offset, FALSE);
/* is directory */
proto_tree_add_item(tree, hf_smb_is_directory, tvb, offset, 1, TRUE);
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, tree, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
static int
-dissect_nt_cancel_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_nt_cancel_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
WORD_COUNT;
-
+
BYTE_COUNT;
END_OF_SMB
{ 0x01, "FIND_FIRST2" },
{ 0x02, "FIND_NEXT2" },
{ 0x03, "QUERY_FS_INFORMATION" },
+ { 0x04, "SET_FS_QUOTA" },
{ 0x05, "QUERY_PATH_INFORMATION" },
{ 0x06, "SET_PATH_INFORMATION" },
{ 0x07, "QUERY_FILE_INFORMATION" },
{ 0x0103, "Query File EA Info (4.2.14.6)"},
{ 0x0104, "Query File Name Info (4.2.14.7)"},
{ 0x0107, "Query File All Info (4.2.14.8)"},
- { 0x0108, "Query File Alt File Info (4.2.14.7)"},
+ { 0x0108, "Query File Alt Name Info (4.2.14.7)"},
{ 0x0109, "Query File Stream Info (4.2.14.10)"},
{ 0x010b, "Query File Compression Info (4.2.14.11)"},
{ 0x0200, "Set File Unix Basic"},
{ 0x0201, "Set File Unix Link"},
{ 0x0202, "Set File Unix HardLink"},
+ { 1004, "Query File Basic Info (4.2.14.4)"},
+ { 1005, "Query File Standard Info (4.2.14.5)"},
+ { 1006, "Query File Internal Info (4.2.14.?)"},
+ { 1007, "Query File EA Info (4.2.14.6)"},
+ { 1009, "Query File Name Info (4.2.14.7)"},
+ { 1010, "Query File Rename Info (4.2.14.?)"},
+ { 1011, "Query File Link Info (4.2.14.?)"},
+ { 1012, "Query File Names Info (4.2.14.?)"},
+ { 1013, "Query File Disposition Info (4.2.14.?)"},
+ { 1014, "Query File Position Info (4.2.14.?)"},
+ { 1015, "Query File Full EA Info (4.2.14.?)"},
+ { 1016, "Query File Mode Info (4.2.14.?)"},
+ { 1017, "Query File Alignment Info (4.2.14.?)"},
+ { 1018, "Query File All Info (4.2.14.8)"},
+ { 1019, "Query File Allocation Info (4.2.14.?)"},
+ { 1020, "Query File End of File Info (4.2.14.?)"},
+ { 1021, "Query File Alt Name Info (4.2.14.7)"},
+ { 1022, "Query File Stream Info (4.2.14.10)"},
+ { 1023, "Query File Pipe Info (4.2.14.?)"},
+ { 1024, "Query File Pipe Local Info (4.2.14.?)"},
+ { 1025, "Query File Pipe Remote Info (4.2.14.?)"},
+ { 1026, "Query File Mailslot Query Info (4.2.14.?)"},
+ { 1027, "Query File Mailslot Set Info (4.2.14.?)"},
+ { 1028, "Query File Compression Info (4.2.14.11)"},
+ { 1029, "Query File ObjectID Info (4.2.14.?)"},
+ { 1030, "Query File Completion Info (4.2.14.?)"},
+ { 1031, "Query File Move Cluster Info (4.2.14.?)"},
+ { 1032, "Query File Quota Info (4.2.14.?)"},
+ { 1033, "Query File Reparsepoint Info (4.2.14.?)"},
+ { 1034, "Query File Network Open Info (4.2.14.?)"},
+ { 1035, "Query File Attribute Tag Info (4.2.14.?)"},
+ { 1036, "Query File Tracking Info (4.2.14.?)"},
+ { 1037, "Query File Maximum Info (4.2.14.?)"},
{0, NULL}
};
static const value_string qfsi_vals[] = {
{ 1, "Info Allocation"},
{ 2, "Info Volume"},
+ { 0x0101, "Query FS Label Info"},
{ 0x0102, "Query FS Volume Info"},
{ 0x0103, "Query FS Size Info"},
{ 0x0104, "Query FS Device Info"},
{ 0x0105, "Query FS Attribute Info"},
+ { 0x0301, "Mac Query FS INFO"},
+ { 1001, "Query FS Label Info"},
+ { 1002, "Query FS Volume Info"},
+ { 1003, "Query FS Size Info"},
+ { 1004, "Query FS Device Info"},
+ { 1005, "Query FS Attribute Info"},
+ { 1006, "Query FS Quota Info"},
+ { 1007, "Query Full FS Size Info"},
{0, NULL}
};
+static const value_string nt_rename_vals[] = {
+ { 0x0103, "Create Hard Link"},
+ {0, NULL}
+};
+
+
static const value_string delete_pending_vals[] = {
{0, "Normal, no pending delete"},
{1, "This object has DELETE PENDING"},
"This FS is NOT on a compressed volume"
};
-
+#define FF2_RESUME 0x0004
static int
dissect_ff2_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
guint16 mask;
proto_item *item = NULL;
proto_tree *tree = NULL;
+ smb_info_t *si;
+ smb_transact2_info_t *t2i;
mask = tvb_get_letohs(tvb, offset);
+ si = (smb_info_t *)pinfo->private_data;
+ if (si->sip != NULL) {
+ t2i = si->sip->extra_info;
+ if (t2i != NULL) {
+ if (!pinfo->fd->flags.visited)
+ t2i->resume_keys = (mask & FF2_RESUME);
+ }
+ }
+
if(parent_tree){
item = proto_tree_add_text(parent_tree, tvb, offset, 2,
"Flags: 0x%04x", mask);
return offset;
}
+#if 0
+static int
+dissect_sfi_ioflag(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
+{
+ guint16 mask;
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+
+ mask = tvb_get_letohs(tvb, offset);
+
+ if(parent_tree){
+ item = proto_tree_add_text(parent_tree, tvb, offset, 2,
+ "IO Flag: 0x%04x", mask);
+ tree = proto_item_add_subtree(item, ett_smb_ioflag);
+ }
+
+ proto_tree_add_boolean(tree, hf_smb_sfi_writetru,
+ tvb, offset, 2, mask);
+ proto_tree_add_boolean(tree, hf_smb_sfi_caching,
+ tvb, offset, 2, mask);
+
+ offset += 2;
+
+ return offset;
+}
+#endif
+
static int
dissect_transaction2_request_parameters(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *parent_tree, int offset, int subcmd, guint16 bc)
if(parent_tree){
item = proto_tree_add_text(parent_tree, tvb, offset, bc,
"%s Parameters",
- val_to_str(subcmd, trans2_cmd_vals,
+ val_to_str(subcmd, trans2_cmd_vals,
"Unknown (0x%02x)"));
tree = proto_item_add_subtree(item, ett_smb_transaction_params);
}
case 0x00: /*TRANS2_OPEN2*/
/* open flags */
CHECK_BYTE_COUNT_TRANS(2);
- offset = dissect_open_flags(tvb, pinfo, tree, offset, 0x000f);
+ offset = dissect_open_flags(tvb, tree, offset, 0x000f);
bc -= 2;
/* desired access */
CHECK_BYTE_COUNT_TRANS(2);
- offset = dissect_access(tvb, pinfo, tree, offset, "Desired");
+ offset = dissect_access(tvb, tree, offset, "Desired");
bc -= 2;
- /* 2 reserved bytes */
+ /* Search Attributes */
CHECK_BYTE_COUNT_TRANS(2);
- proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 2, TRUE);
- COUNT_BYTES_TRANS(2);
+ offset = dissect_search_attributes(tvb, tree, offset);
+ bc -= 2;
/* File Attributes */
CHECK_BYTE_COUNT_TRANS(2);
- offset = dissect_file_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_file_attributes(tvb, tree, offset, 2);
bc -= 2;
/* create time */
CHECK_BYTE_COUNT_TRANS(4);
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_create_time,
hf_smb_create_dos_date, hf_smb_create_dos_time,
TRUE);
/* open function */
CHECK_BYTE_COUNT_TRANS(2);
- offset = dissect_open_function(tvb, pinfo, tree, offset);
+ offset = dissect_open_function(tvb, tree, offset);
bc -= 2;
/* allocation size */
COUNT_BYTES_TRANS(10);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
col_append_fstr(pinfo->cinfo, COL_INFO, ", Path: %s",
fn);
}
-
- /* XXX dont know how to decode FEAList */
break;
case 0x01: /*TRANS2_FIND_FIRST2*/
/* Search Attributes */
CHECK_BYTE_COUNT_TRANS(2);
- offset = dissect_search_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_search_attributes(tvb, tree, offset);
bc -= 2;
/* search count */
COUNT_BYTES_TRANS(4);
/* search pattern */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_search_pattern, tvb, offset, fn_len,
fn);
fn);
}
- /* XXX dont know how to decode FEAList */
-
break;
case 0x02: /*TRANS2_FIND_NEXT2*/
/* sid */
bc -= 2;
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
t2i->info_level = si->info_level;
proto_tree_add_uint(tree, hf_smb_qpi_loi, tvb, offset, 2, si->info_level);
COUNT_BYTES_TRANS(2);
-
+
/* 4 reserved bytes */
CHECK_BYTE_COUNT_TRANS(4);
proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 4, TRUE);
COUNT_BYTES_TRANS(4);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
t2i->info_level = si->info_level;
proto_tree_add_uint(tree, hf_smb_qpi_loi, tvb, offset, 2, si->info_level);
COUNT_BYTES_TRANS(2);
-
+
/* 4 reserved bytes */
CHECK_BYTE_COUNT_TRANS(4);
proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 4, TRUE);
COUNT_BYTES_TRANS(4);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
}
break;
- case 0x07: /*TRANS2_QUERY_FILE_INFORMATION*/
+ case 0x07: { /*TRANS2_QUERY_FILE_INFORMATION*/
+ guint16 fid;
+
/* fid */
CHECK_BYTE_COUNT_TRANS(2);
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
COUNT_BYTES_TRANS(2);
/* level of interest */
t2i->info_level = si->info_level;
proto_tree_add_uint(tree, hf_smb_qpi_loi, tvb, offset, 2, si->info_level);
COUNT_BYTES_TRANS(2);
-
+
break;
- case 0x08: /*TRANS2_SET_FILE_INFORMATION*/
+ }
+ case 0x08: { /*TRANS2_SET_FILE_INFORMATION*/
+ guint16 fid;
+
/* fid */
CHECK_BYTE_COUNT_TRANS(2);
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
COUNT_BYTES_TRANS(2);
/* level of interest */
t2i->info_level = si->info_level;
proto_tree_add_uint(tree, hf_smb_qpi_loi, tvb, offset, 2, si->info_level);
COUNT_BYTES_TRANS(2);
-
+
+#if 0
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says this is I/O flags, but it's
+ * reserved in the SNIA spec, and some clients appear
+ * to leave junk in it.
+ *
+ * Is this some field used only if a particular
+ * dialect was negotiated, so that clients can feel
+ * safe not setting it if they haven't negotiated that
+ * dialect? Or do the (non-OS/2) clients simply not care
+ * about that particular OS/2-oriented dialect?
+ */
+
+ /* IO Flag */
+ CHECK_BYTE_COUNT_TRANS(2);
+ offset = dissect_sfi_ioflag(tvb, tree, offset);
+ bc -= 2;
+#else
/* 2 reserved bytes */
CHECK_BYTE_COUNT_TRANS(2);
proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 2, TRUE);
COUNT_BYTES_TRANS(2);
+#endif
break;
+ }
case 0x09: /*TRANS2_FSCTL*/
+ /* this call has no parameter block in the request */
+
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says this this contains a
+ * "File system specific parameter block". (That means
+ * we may not be able to dissect it in any case.)
+ */
+ break;
case 0x0a: /*TRANS2_IOCTL2*/
- /* these calls have no parameter block in the request */
+ /* this call has no parameter block in the request */
+
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says this this contains a
+ * "Device/function specific parameter block". (That
+ * means we may not be able to dissect it in any case.)
+ */
break;
- case 0x0b: /*TRANS2_FIND_NOTIFY_FIRST*/
- case 0x0c: /*TRANS2_FIND_NOTIFY_NEXT*/
- /* XXX unknown structure*/
+ case 0x0b: { /*TRANS2_FIND_NOTIFY_FIRST*/
+ /* Search Attributes */
+ CHECK_BYTE_COUNT_TRANS(2);
+ offset = dissect_search_attributes(tvb, tree, offset);
+ bc -= 2;
+
+ /* Number of changes to wait for */
+ CHECK_BYTE_COUNT_TRANS(2);
+ proto_tree_add_item(tree, hf_smb_change_count, tvb, offset, 2, TRUE);
+ COUNT_BYTES_TRANS(2);
+
+ /* Find Notify information level */
+ CHECK_BYTE_COUNT_TRANS(2);
+ si->info_level = tvb_get_letohs(tvb, offset);
+ if (!pinfo->fd->flags.visited)
+ t2i->info_level = si->info_level;
+ proto_tree_add_uint(tree, hf_smb_fn_information_level, tvb, offset, 2, si->info_level);
+ COUNT_BYTES_TRANS(2);
+
+ /* 4 reserved bytes */
+ CHECK_BYTE_COUNT_TRANS(4);
+ proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 4, TRUE);
+ COUNT_BYTES_TRANS(4);
+
+ /* file name */
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
+ CHECK_STRING_TRANS(fn);
+ proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
+ fn);
+ COUNT_BYTES_TRANS(fn_len);
+
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_append_fstr(pinfo->cinfo, COL_INFO, ", Path: %s",
+ fn);
+ }
+
break;
+ }
+ case 0x0c: { /*TRANS2_FIND_NOTIFY_NEXT*/
+ /* Monitor handle */
+ CHECK_BYTE_COUNT_TRANS(2);
+ proto_tree_add_item(tree, hf_smb_monitor_handle, tvb, offset, 2, TRUE);
+ COUNT_BYTES_TRANS(2);
+
+ /* Number of changes to wait for */
+ CHECK_BYTE_COUNT_TRANS(2);
+ proto_tree_add_item(tree, hf_smb_change_count, tvb, offset, 2, TRUE);
+ COUNT_BYTES_TRANS(2);
+
+ break;
+ }
case 0x0d: /*TRANS2_CREATE_DIRECTORY*/
/* 4 reserved bytes */
CHECK_BYTE_COUNT_TRANS(4);
COUNT_BYTES_TRANS(4);
/* dir name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_dir_name, tvb, offset, fn_len,
col_append_fstr(pinfo->cinfo, COL_INFO, ", Dir: %s",
fn);
}
-
- /* XXX optional FEAList, unknown what FEAList looks like*/
break;
case 0x0e: /*TRANS2_SESSION_SETUP*/
/* XXX unknown structure*/
CHECK_BYTE_COUNT_TRANS(2);
proto_tree_add_item(tree, hf_smb_max_referral_level, tvb, offset, 2, TRUE);
COUNT_BYTES_TRANS(2);
-
+
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
break;
case 0x11: /*TRANS2_REPORT_DFS_INCONSISTENCY*/
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
* XXX - just use "dissect_connect_flags()" here?
*/
static guint16
-dissect_transaction_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_transaction_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint16 mask;
proto_item *item = NULL;
return mask;
}
-
+
static int
-dissect_get_dfs_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_get_dfs_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint16 mask;
proto_item *item = NULL;
}
static int
-dissect_dfs_referral_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_dfs_referral_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint16 mask;
proto_item *item = NULL;
dissect_dfs_inconsistency_data(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, int offset, guint16 *bcp)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
/* referral flags */
CHECK_BYTE_COUNT_TRANS_SUBR(2);
- offset = dissect_dfs_referral_flags(tvb, pinfo, tree, offset);
+ offset = dissect_dfs_referral_flags(tvb, tree, offset);
*bcp -= 2;
/* node name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(tree, hf_smb_dfs_referral_node, tvb, offset, fn_len,
fn);
dissect_get_dfs_referral_data(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, int offset, guint16 *bcp)
{
+ smb_info_t *si = pinfo->private_data;
guint16 numref;
guint16 refsize;
guint16 pathoffset;
/* get dfs flags */
CHECK_BYTE_COUNT_TRANS_SUBR(2);
- offset = dissect_get_dfs_flags(tvb, pinfo, tree, offset);
+ offset = dissect_get_dfs_flags(tvb, tree, offset);
*bcp -= 2;
/* XXX - in at least one capture there appears to be 2 bytes
rt = proto_item_add_subtree(ri,
ett_smb_dfs_referral);
}
-
+
/* referral version */
CHECK_BYTE_COUNT_TRANS_SUBR(2);
version = tvb_get_letohs(tvb, offset);
/* referral flags */
CHECK_BYTE_COUNT_TRANS_SUBR(2);
- offset = dissect_dfs_referral_flags(tvb, pinfo, rt, offset);
+ offset = dissect_dfs_referral_flags(tvb, rt, offset);
*bcp -= 2;
switch(version){
case 1:
/* node name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(rt, hf_smb_dfs_referral_node, tvb, offset, fn_len,
fn);
*bcp > offsetoffset) {
save_bc = *bcp;
*bcp -= offsetoffset;
- fn = get_unicode_or_ascii_string(tvb, &stroffset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &stroffset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(rt, hf_smb_dfs_referral_path, tvb, stroffset, fn_len,
fn);
*bcp = save_bc;
}
}
-
+
/* alt path */
if (altpathoffset != 0) {
stroffset = old_offset + altpathoffset;
*bcp > offsetoffset) {
save_bc = *bcp;
*bcp -= offsetoffset;
- fn = get_unicode_or_ascii_string(tvb, &stroffset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &stroffset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(rt, hf_smb_dfs_referral_alt_path, tvb, stroffset, fn_len,
fn);
*bcp = save_bc;
}
}
-
+
/* node */
if (nodeoffset != 0) {
stroffset = old_offset + nodeoffset;
*bcp > offsetoffset) {
save_bc = *bcp;
*bcp -= offsetoffset;
- fn = get_unicode_or_ascii_string(tvb, &stroffset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &stroffset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(rt, hf_smb_dfs_referral_node, tvb, stroffset, fn_len,
fn);
as described in 4.2.14.1
*/
static int
-dissect_4_2_14_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+dissect_4_2_14_1(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
int offset, guint16 *bcp, gboolean *trunc)
{
/* create time */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_create_time, hf_smb_create_dos_date, hf_smb_create_dos_time,
FALSE);
*bcp -= 4;
/* access time */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_access_time, hf_smb_access_dos_date, hf_smb_access_dos_time,
FALSE);
*bcp -= 4;
/* last write time */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_last_write_time, hf_smb_last_write_dos_date, hf_smb_last_write_dos_time,
FALSE);
*bcp -= 4;
/* File Attributes */
CHECK_BYTE_COUNT_SUBR(2);
- offset = dissect_file_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_file_attributes(tvb, tree, offset, 2);
*bcp -= 2;
/* ea size */
as described in 4.2.14.2
*/
static int
-dissect_4_2_14_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+dissect_4_2_14_2(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
int offset, guint16 *bcp, gboolean *trunc)
{
/* list length */
dissect_4_2_14_3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
int offset, guint16 *bcp, gboolean *trunc)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
as described in 4.2.14.4
*/
static int
-dissect_4_2_14_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+dissect_4_2_14_4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
int offset, guint16 *bcp, gboolean *trunc)
{
/* create time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_create_time);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time);
*bcp -= 8;
-
+
/* access time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_access_time);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_access_time);
*bcp -= 8;
-
+
/* last write time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
+ offset = dissect_smb_64bit_time(tvb, tree, offset,
hf_smb_last_write_time);
*bcp -= 8;
-
+
/* last change time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_change_time);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_change_time);
*bcp -= 8;
-
+
/* File Attributes */
- CHECK_BYTE_COUNT_SUBR(2);
- offset = dissect_file_attributes(tvb, pinfo, tree, offset);
- *bcp -= 2;
+ CHECK_BYTE_COUNT_SUBR(4);
+ offset = dissect_file_attributes(tvb, tree, offset, 4);
+ *bcp -= 4;
*trunc = FALSE;
return offset;
as described in 4.2.14.5
*/
static int
-dissect_4_2_14_5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+dissect_4_2_14_5(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
int offset, guint16 *bcp, gboolean *trunc)
{
/* allocation size */
as described in 4.2.14.6
*/
static int
-dissect_4_2_14_6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+dissect_4_2_14_6(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
int offset, guint16 *bcp, gboolean *trunc)
{
/* ea size */
dissect_4_2_14_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
int offset, guint16 *bcp, gboolean *trunc)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
COUNT_BYTES_SUBR(4);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
{
offset = dissect_4_2_14_4(tvb, pinfo, tree, offset, bcp, trunc);
- if (trunc)
+ if (*trunc) {
return offset;
+ }
offset = dissect_4_2_14_5(tvb, pinfo, tree, offset, bcp, trunc);
- if (trunc)
+ if (*trunc) {
return offset;
+ }
/* index number */
CHECK_BYTE_COUNT_SUBR(8);
COUNT_BYTES_SUBR(8);
offset = dissect_4_2_14_6(tvb, pinfo, tree, offset, bcp, trunc);
- if (trunc)
+ if (*trunc)
return offset;
/* access flags */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_nt_access_mask(tvb, pinfo, tree, offset);
+ offset = dissect_nt_access_mask(tvb, tree, offset);
COUNT_BYTES_SUBR(4);
/* index number */
/* mode */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_nt_create_options(tvb, pinfo, tree, offset);
+ offset = dissect_nt_create_options(tvb, tree, offset);
*bcp -= 4;
/* alignment */
CHECK_BYTE_COUNT_SUBR(4);
proto_tree_add_item(tree, hf_smb_t2_alignment, tvb, offset, 4, TRUE);
COUNT_BYTES_SUBR(4);
-
+
offset = dissect_4_2_14_6(tvb, pinfo, tree, offset, bcp, trunc);
return offset;
proto_tree *tree;
int old_offset;
guint32 neo;
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
int padcnt;
neo = tvb_get_letohl(tvb, offset);
proto_tree_add_uint(tree, hf_smb_next_entry_offset, tvb, offset, 4, neo);
COUNT_BYTES_SUBR(4);
-
+
/* stream name len */
CHECK_BYTE_COUNT_SUBR(4);
fn_len = tvb_get_letohl(tvb, offset);
proto_tree_add_uint(tree, hf_smb_t2_stream_name_length, tvb, offset, 4, fn_len);
COUNT_BYTES_SUBR(4);
-
+
/* stream size */
CHECK_BYTE_COUNT_SUBR(8);
proto_tree_add_item(tree, hf_smb_t2_stream_size, tvb, offset, 8, TRUE);
COUNT_BYTES_SUBR(8);
/* stream name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_t2_stream_name, tvb, offset, fn_len,
fn);
COUNT_BYTES_SUBR(fn_len);
-
+
proto_item_append_text(item, ": %s", fn);
proto_item_set_len(item, offset-old_offset);
as described in 4.2.14.11
*/
static int
-dissect_4_2_14_11(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+dissect_4_2_14_11(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
int offset, guint16 *bcp, gboolean *trunc)
{
/* compressed file size */
CHECK_BYTE_COUNT_SUBR(2);
proto_tree_add_item(tree, hf_smb_t2_compressed_format, tvb, offset, 2, TRUE);
COUNT_BYTES_SUBR(2);
-
+
/* compression unit shift */
CHECK_BYTE_COUNT_SUBR(1);
proto_tree_add_item(tree, hf_smb_t2_compressed_unit_shift,tvb, offset, 1, TRUE);
COUNT_BYTES_SUBR(1);
-
+
/* compression chunk shift */
CHECK_BYTE_COUNT_SUBR(1);
proto_tree_add_item(tree, hf_smb_t2_compressed_chunk_shift, tvb, offset, 1, TRUE);
COUNT_BYTES_SUBR(1);
-
+
/* compression cluster shift */
CHECK_BYTE_COUNT_SUBR(1);
proto_tree_add_item(tree, hf_smb_t2_compressed_cluster_shift, tvb, offset, 1, TRUE);
COUNT_BYTES_SUBR(1);
-
+
/* 3 reserved bytes */
CHECK_BYTE_COUNT_SUBR(3);
proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 3, TRUE);
if(!*bcp){
return offset;
}
-
+
si = (smb_info_t *)pinfo->private_data;
switch(si->info_level){
case 1: /*Info Standard*/
&trunc);
break;
case 0x0101: /*Query File Basic Info*/
+ case 1004: /* SMB_FILE_BASIC_INFORMATION */
offset = dissect_4_2_14_4(tvb, pinfo, tree, offset, bcp,
&trunc);
break;
case 0x0102: /*Query File Standard Info*/
+ case 1005: /* SMB_FILE_STANDARD_INFORMATION */
offset = dissect_4_2_14_5(tvb, pinfo, tree, offset, bcp,
&trunc);
break;
case 0x0103: /*Query File EA Info*/
+ case 1007: /* SMB_FILE_EA_INFORMATION */
offset = dissect_4_2_14_6(tvb, pinfo, tree, offset, bcp,
&trunc);
break;
case 0x0104: /*Query File Name Info*/
+ case 1009: /* SMB_FILE_NAME_INFORMATION */
offset = dissect_4_2_14_7(tvb, pinfo, tree, offset, bcp,
&trunc);
break;
case 0x0107: /*Query File All Info*/
+ case 1018: /* SMB_FILE_ALL_INFORMATION */
offset = dissect_4_2_14_8(tvb, pinfo, tree, offset, bcp,
&trunc);
break;
case 0x0108: /*Query File Alt File Info*/
+ case 1021: /* SMB_FILE_ALTERNATE_NAME_INFORMATION */
offset = dissect_4_2_14_7(tvb, pinfo, tree, offset, bcp,
&trunc);
break;
+ case 1022: /* SMB_FILE_STREAM_INFORMATION */
+ ((smb_info_t *)(pinfo->private_data))->unicode = TRUE;
case 0x0109: /*Query File Stream Info*/
offset = dissect_4_2_14_10(tvb, pinfo, tree, offset, bcp,
&trunc);
break;
case 0x010b: /*Query File Compression Info*/
+ case 1028: /* SMB_FILE_COMPRESSION_INFORMATION */
offset = dissect_4_2_14_11(tvb, pinfo, tree, offset, bcp,
&trunc);
break;
/* XXX add this from the SNIA doc */
break;
}
-
+
return offset;
}
+static const true_false_string tfs_quota_flags_deny_disk = {
+ "DENY DISK SPACE for users exceeding quota limit",
+ "Do NOT deny disk space for users exceeding quota limit"
+};
+static const true_false_string tfs_quota_flags_log_limit = {
+ "LOG EVENT when a user exceeds their QUOTA LIMIT",
+ "Do NOT log event when a user exceeds their quota limit"
+};
+static const true_false_string tfs_quota_flags_log_warning = {
+ "LOG EVENT when a user exceeds their WARNING LEVEL",
+ "Do NOT log event when a user exceeds their warning level"
+};
+static const true_false_string tfs_quota_flags_enabled = {
+ "Quotas are ENABLED of this fs",
+ "Quotas are NOT enabled on this fs"
+};
+static void
+dissect_quota_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
+{
+ guint8 mask;
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+
+ mask = tvb_get_guint8(tvb, offset);
+
+ if(parent_tree){
+ item = proto_tree_add_text(parent_tree, tvb, offset, 1,
+ "Quota Flags: 0x%02x %s", mask,
+ mask?"Enabled":"Disabled");
+ tree = proto_item_add_subtree(item, ett_smb_quotaflags);
+ }
+
+ proto_tree_add_boolean(tree, hf_smb_quota_flags_log_limit,
+ tvb, offset, 1, mask);
+ proto_tree_add_boolean(tree, hf_smb_quota_flags_log_warning,
+ tvb, offset, 1, mask);
+ proto_tree_add_boolean(tree, hf_smb_quota_flags_deny_disk,
+ tvb, offset, 1, mask);
+
+ if(mask && (!(mask&0x01))){
+ proto_tree_add_boolean_hidden(tree, hf_smb_quota_flags_enabled,
+ tvb, offset, 1, 0x01);
+ } else {
+ proto_tree_add_boolean(tree, hf_smb_quota_flags_enabled,
+ tvb, offset, 1, mask);
+ }
+
+}
+
+static int
+dissect_nt_quota(tvbuff_t *tvb, proto_tree *tree, int offset, guint16 *bcp)
+{
+ /* first 24 bytes are unknown */
+ CHECK_BYTE_COUNT_TRANS_SUBR(24);
+ proto_tree_add_item(tree, hf_smb_unknown, tvb,
+ offset, 24, TRUE);
+ COUNT_BYTES_TRANS_SUBR(24);
+
+ /* number of bytes for quota warning */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ proto_tree_add_item(tree, hf_smb_soft_quota_limit, tvb, offset, 8, TRUE);
+ COUNT_BYTES_TRANS_SUBR(8);
+
+ /* number of bytes for quota limit */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ proto_tree_add_item(tree, hf_smb_hard_quota_limit, tvb, offset, 8, TRUE);
+ COUNT_BYTES_TRANS_SUBR(8);
+
+ /* one byte of quota flags */
+ CHECK_BYTE_COUNT_TRANS_SUBR(1);
+ dissect_quota_flags(tvb, tree, offset);
+ COUNT_BYTES_TRANS_SUBR(1);
+
+ /* these 7 bytes are unknown */
+ CHECK_BYTE_COUNT_TRANS_SUBR(7);
+ proto_tree_add_item(tree, hf_smb_unknown, tvb,
+ offset, 7, TRUE);
+ COUNT_BYTES_TRANS_SUBR(7);
+
+ return offset;
+}
+
static int
dissect_transaction2_request_data(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *parent_tree, int offset, int subcmd, guint16 dc)
if(parent_tree){
item = proto_tree_add_text(parent_tree, tvb, offset, dc,
"%s Data",
- val_to_str(subcmd, trans2_cmd_vals,
+ val_to_str(subcmd, trans2_cmd_vals,
"Unknown (0x%02x)"));
tree = proto_item_add_subtree(item, ett_smb_transaction_data);
}
switch(subcmd){
case 0x00: /*TRANS2_OPEN2*/
- /* XXX FAEList here?*/
+ /* XXX dont know how to decode FEAList */
break;
case 0x01: /*TRANS2_FIND_FIRST2*/
- /* XXX FAEList here?*/
+ /* XXX dont know how to decode FEAList */
break;
case 0x02: /*TRANS2_FIND_NEXT2*/
- /* no data field in this request */
+ /* XXX dont know how to decode FEAList */
break;
case 0x03: /*TRANS2_QUERY_FS_INFORMATION*/
/* no data field in this request */
break;
+ case 0x04: /* TRANS2_SET_QUOTA */
+ offset = dissect_nt_quota(tvb, tree, offset, &dc);
+ break;
case 0x05: /*TRANS2_QUERY_PATH_INFORMATION*/
/* no data field in this request */
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says there may be "Additional
+ * FileInfoLevel dependent information" here.
+ *
+ * Was that just a cut-and-pasteo?
+ * TRANS2_SET_PATH_INFORMATION *does* have that information
+ * here.
+ */
break;
case 0x06: /*TRANS2_SET_PATH_INFORMATION*/
offset = dissect_qpi_loi_vals(tvb, pinfo, tree, offset, &dc);
break;
case 0x07: /*TRANS2_QUERY_FILE_INFORMATION*/
/* no data field in this request */
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says there may be "Additional
+ * FileInfoLevel dependent information" here.
+ *
+ * Was that just a cut-and-pasteo?
+ * TRANS2_SET_FILE_INFORMATION *does* have that information
+ * here.
+ */
break;
case 0x08: /*TRANS2_SET_FILE_INFORMATION*/
offset = dissect_qpi_loi_vals(tvb, pinfo, tree, offset, &dc);
break;
case 0x09: /*TRANS2_FSCTL*/
/*XXX dont know how to decode this yet */
+
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says this this contains a
+ * "File system specific data block". (That means we
+ * may not be able to dissect it in any case.)
+ */
break;
case 0x0a: /*TRANS2_IOCTL2*/
/*XXX dont know how to decode this yet */
+
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says this this contains a
+ * "Device/function specific data block". (That
+ * means we may not be able to dissect it in any case.)
+ */
break;
case 0x0b: /*TRANS2_FIND_NOTIFY_FIRST*/
/*XXX dont know how to decode this yet */
+
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says this this contains "additional
+ * level dependent match data".
+ */
break;
case 0x0c: /*TRANS2_FIND_NOTIFY_NEXT*/
/*XXX dont know how to decode this yet */
+
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says this this contains "additional
+ * level dependent monitor information".
+ */
break;
case 0x0d: /*TRANS2_CREATE_DIRECTORY*/
- /* no data block for this one */
+ /* XXX optional FEAList, unknown what FEAList looks like*/
break;
case 0x0e: /*TRANS2_SESSION_SETUP*/
/*XXX dont know how to decode this yet */
static void
dissect_trans_data(tvbuff_t *s_tvb, tvbuff_t *p_tvb, tvbuff_t *d_tvb,
- packet_info *pinfo, proto_tree *tree)
+ proto_tree *tree)
{
int i;
int offset;
Transaction2 Secondary 0x33
*/
static int
-dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc, sc=0;
int so=offset;
/* total param count, only a 16bit integer here*/
proto_tree_add_uint(tree, hf_smb_total_param_count, tvb, offset, 2, tvb_get_letohs(tvb, offset));
offset += 2;
-
+
/* total data count , only 16bit integer here*/
proto_tree_add_uint(tree, hf_smb_total_data_count, tvb, offset, 2, tvb_get_letohs(tvb, offset));
offset += 2;
pd = tvb_get_letohs(tvb, offset);
proto_tree_add_uint(tree, hf_smb_param_disp16, tvb, offset, 2, pd);
offset += 2;
-
+
/* data count */
dc = tvb_get_letohs(tvb, offset);
proto_tree_add_uint(tree, hf_smb_data_count16, tvb, offset, 2, dc);
od = tvb_get_letohs(tvb, offset);
proto_tree_add_uint(tree, hf_smb_data_offset16, tvb, offset, 2, od);
offset += 2;
-
+
/* data disp */
dd = tvb_get_letohs(tvb, offset);
proto_tree_add_uint(tree, hf_smb_data_disp16, tvb, offset, 2, dd);
offset += 2;
if(si->cmd==SMB_COM_TRANSACTION2){
+ guint16 fid;
+
/* fid */
- proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+ fid = tvb_get_letohs(tvb, offset);
+ add_fid(tvb, pinfo, tree, offset, 2, fid);
+
offset += 2;
}
offset += 1;
/* transaction flags */
- tf = dissect_transaction_flags(tvb, pinfo, tree, offset);
+ tf = dissect_transaction_flags(tvb, tree, offset);
offset += 2;
/* timeout */
pc = tvb_get_letohs(tvb, offset);
proto_tree_add_uint(tree, hf_smb_param_count16, tvb, offset, 2, pc);
offset += 2;
-
+
/* param offset */
po = tvb_get_letohs(tvb, offset);
proto_tree_add_uint(tree, hf_smb_param_offset16, tvb, offset, 2, po);
/* reserved byte */
proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 1, TRUE);
offset += 1;
-
- /* this is where the setup bytes, if any start */
+
+ /* this is where the setup bytes, if any start */
so = offset;
sl = sc*2;
case SMB_COM_TRANSACTION2:
/* TRANSACTION2 only has one setup word and
- that is the subcommand code. */
+ that is the subcommand code.
+
+ XXX - except for TRANS2_FSCTL
+ and TRANS2_IOCTL. */
subcmd = tvb_get_letohs(tvb, offset);
proto_tree_add_uint(tree, hf_smb_trans2_subcmd,
tvb, offset, 2, subcmd);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " %s",
- val_to_str(subcmd, trans2_cmd_vals,
+ val_to_str(subcmd, trans2_cmd_vals,
"Unknown (0x%02x)"));
}
if (!si->unidir) {
if(!pinfo->fd->flags.visited){
- /*
+ /*
* Allocate a new
* smb_transact2_info_t
* structure.
t2i = g_mem_chunk_alloc(smb_transact2_info_chunk);
t2i->subcmd = subcmd;
t2i->info_level = -1;
+ t2i->resume_keys = FALSE;
si->sip->extra_info = t2i;
}
- }
+ }
+
+ /*
+ * XXX - process TRANS2_FSCTL and
+ * TRANS2_IOCTL setup words here.
+ */
break;
case SMB_COM_TRANSACTION:
}
BYTE_COUNT;
-
+
if(wc!=8){
/* primary request */
/* name is NULL if transaction2 */
if(si->cmd == SMB_COM_TRANSACTION){
/* Transaction Name */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_trans_name, tvb,
/*TRANSACTION request parameters */
if(si->cmd==SMB_COM_TRANSACTION){
- /*XXX replace this block with a function and use that one
+ /*XXX replace this block with a function and use that one
for both requests/responses*/
if(dd==0){
tvbuff_t *p_tvb, *d_tvb, *s_tvb;
if (!si->unidir) {
if(!pinfo->fd->flags.visited){
- /*
+ /*
* Allocate a new smb_transact_info_t
* structure.
*/
dissected_trans = dissect_pipe_smb(sp_tvb,
s_tvb, pd_tvb, p_tvb, d_tvb, an+6, pinfo,
top_tree);
+
+ /* In case we did not see the TreeConnect call,
+ store this TID here as well as a IPC TID
+ so we know that future Read/Writes to this
+ TID is (probably) DCERPC.
+ */
+ if(g_hash_table_lookup(si->ct->tid_service, (void *)si->tid)){
+ g_hash_table_remove(si->ct->tid_service, (void *)si->tid);
+ }
+ g_hash_table_insert(si->ct->tid_service, (void *)si->tid, (void *)TID_IPC);
} else if(strncmp("\\MAILSLOT\\", an, 10) == 0){
if (tri != NULL)
tri->subcmd=TRANSACTION_MAILSLOT;
dissected_trans = dissect_mailslot_smb(sp_tvb,
s_tvb, d_tvb, an+10, pinfo, top_tree);
}
- if (!dissected_trans) {
- dissect_trans_data(s_tvb, p_tvb, d_tvb,
- pinfo, tree);
- }
+ if (!dissected_trans)
+ dissect_trans_data(s_tvb, p_tvb, d_tvb, tree);
} else {
if(check_col(pinfo->cinfo, COL_INFO)){
col_append_str(pinfo->cinfo, COL_INFO,
return offset;
}
-
+
static int
dissect_4_3_4_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
proto_item *item = NULL;
proto_tree *tree = NULL;
smb_info_t *si;
+ smb_transact2_info_t *t2i;
+ gboolean resume_keys = FALSE;
si = (smb_info_t *)pinfo->private_data;
+ if (si->sip != NULL) {
+ t2i = si->sip->extra_info;
+ if (t2i != NULL)
+ resume_keys = t2i->resume_keys;
+ }
if(parent_tree){
item = proto_tree_add_text(parent_tree, tvb, offset, *bcp, "%s",
tree = proto_item_add_subtree(item, ett_smb_ff2_data);
}
+ if (resume_keys) {
+ /* resume key */
+ CHECK_BYTE_COUNT_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_resume, tvb, offset, 4, TRUE);
+ COUNT_BYTES_SUBR(4);
+ }
+
/* create time */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_create_time,
hf_smb_create_dos_date, hf_smb_create_dos_time, FALSE);
*bcp -= 4;
/* access time */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_access_time,
hf_smb_access_dos_date, hf_smb_access_dos_time, FALSE);
*bcp -= 4;
/* last write time */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_last_write_time,
hf_smb_last_write_dos_date, hf_smb_last_write_dos_time, FALSE);
*bcp -= 4;
/* File Attributes */
CHECK_BYTE_COUNT_SUBR(2);
- offset = dissect_file_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_file_attributes(tvb, tree, offset, 2);
*bcp -= 2;
/* file name len */
fn_len = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(tree, hf_smb_file_name_len, tvb, offset, 1, fn_len);
COUNT_BYTES_SUBR(1);
+ if (si->unicode)
+ fn_len += 2; /* include terminating '\0' */
+ else
+ fn_len++; /* include terminating '\0' */
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
col_append_fstr(pinfo->cinfo, COL_INFO, " %s",
fn);
}
-
+
proto_item_append_text(item, " File: %s", fn);
proto_item_set_len(item, offset-old_offset);
proto_item *item = NULL;
proto_tree *tree = NULL;
smb_info_t *si;
+ smb_transact2_info_t *t2i;
+ gboolean resume_keys = FALSE;
si = (smb_info_t *)pinfo->private_data;
+ if (si->sip != NULL) {
+ t2i = si->sip->extra_info;
+ if (t2i != NULL)
+ resume_keys = t2i->resume_keys;
+ }
if(parent_tree){
item = proto_tree_add_text(parent_tree, tvb, offset, *bcp, "%s",
val_to_str(si->info_level, ff2_il_vals, "Unknown (0x%02x)"));
tree = proto_item_add_subtree(item, ett_smb_ff2_data);
}
-
+
+ if (resume_keys) {
+ /* resume key */
+ CHECK_BYTE_COUNT_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_resume, tvb, offset, 4, TRUE);
+ COUNT_BYTES_SUBR(4);
+ }
+
/* create time */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_create_time,
hf_smb_create_dos_date, hf_smb_create_dos_time, FALSE);
*bcp -= 4;
/* access time */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_access_time,
hf_smb_access_dos_date, hf_smb_access_dos_time, FALSE);
*bcp -= 4;
/* last write time */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
+ offset = dissect_smb_datetime(tvb, tree, offset,
hf_smb_last_write_time,
hf_smb_last_write_dos_date, hf_smb_last_write_dos_time, FALSE);
*bcp -= 4;
/* File Attributes */
CHECK_BYTE_COUNT_SUBR(2);
- offset = dissect_file_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_file_attributes(tvb, tree, offset, 2);
*bcp -= 2;
/* ea size */
COUNT_BYTES_SUBR(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
COUNT_BYTES_SUBR(fn_len);
+ if (si->unicode)
+ fn_len += 2; /* include terminating '\0' */
+ else
+ fn_len++; /* include terminating '\0' */
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " %s",
tree = proto_item_add_subtree(item, ett_smb_ff2_data);
}
+ /*
+ * We assume that the presence of a next entry offset implies the
+ * absence of a resume key, as appears to be the case for 4.3.4.6.
+ */
+
/* next entry offset */
CHECK_BYTE_COUNT_SUBR(4);
neo = tvb_get_letohl(tvb, offset);
proto_tree_add_uint(tree, hf_smb_next_entry_offset, tvb, offset, 4, neo);
COUNT_BYTES_SUBR(4);
-
+
/* file index */
CHECK_BYTE_COUNT_SUBR(4);
proto_tree_add_item(tree, hf_smb_file_index, tvb, offset, 4, TRUE);
/* create time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_create_time);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time);
*bcp -= 8;
-
+
/* access time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_access_time);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_access_time);
*bcp -= 8;
-
+
/* last write time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
+ offset = dissect_smb_64bit_time(tvb, tree, offset,
hf_smb_last_write_time);
*bcp -= 8;
-
+
/* last change time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_change_time);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_change_time);
*bcp -= 8;
-
+
/* end of file */
CHECK_BYTE_COUNT_SUBR(8);
proto_tree_add_item(tree, hf_smb_end_of_file, tvb, offset, 8, TRUE);
/* Extended File Attributes */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_file_ext_attr(tvb, pinfo, tree, offset);
+ offset = dissect_file_ext_attr(tvb, tree, offset);
*bcp -= 4;
/* file name len */
COUNT_BYTES_SUBR(4);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
tree = proto_item_add_subtree(item, ett_smb_ff2_data);
}
+ /*
+ * We assume that the presence of a next entry offset implies the
+ * absence of a resume key, as appears to be the case for 4.3.4.6.
+ */
+
/* next entry offset */
CHECK_BYTE_COUNT_SUBR(4);
neo = tvb_get_letohl(tvb, offset);
proto_tree_add_uint(tree, hf_smb_next_entry_offset, tvb, offset, 4, neo);
COUNT_BYTES_SUBR(4);
-
+
/* file index */
CHECK_BYTE_COUNT_SUBR(4);
proto_tree_add_item(tree, hf_smb_file_index, tvb, offset, 4, TRUE);
/* create time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_create_time);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time);
*bcp -= 8;
-
+
/* access time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_access_time);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_access_time);
*bcp -= 8;
-
+
/* last write time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
+ offset = dissect_smb_64bit_time(tvb, tree, offset,
hf_smb_last_write_time);
*bcp -= 8;
-
+
/* last change time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_change_time);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_change_time);
*bcp -= 8;
-
+
/* end of file */
CHECK_BYTE_COUNT_SUBR(8);
proto_tree_add_item(tree, hf_smb_end_of_file, tvb, offset, 8, TRUE);
/* Extended File Attributes */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_file_ext_attr(tvb, pinfo, tree, offset);
+ offset = dissect_file_ext_attr(tvb, tree, offset);
*bcp -= 4;
/* file name len */
COUNT_BYTES_SUBR(4);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
tree = proto_item_add_subtree(item, ett_smb_ff2_data);
}
+ /*
+ * XXX - I have not seen any of these that contain a resume
+ * key, even though some of the requests had the "return resume
+ * key" flag set.
+ */
+
/* next entry offset */
CHECK_BYTE_COUNT_SUBR(4);
neo = tvb_get_letohl(tvb, offset);
proto_tree_add_uint(tree, hf_smb_next_entry_offset, tvb, offset, 4, neo);
COUNT_BYTES_SUBR(4);
-
+
/* file index */
CHECK_BYTE_COUNT_SUBR(4);
proto_tree_add_item(tree, hf_smb_file_index, tvb, offset, 4, TRUE);
/* create time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_create_time);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time);
*bcp -= 8;
-
+
/* access time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_access_time);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_access_time);
*bcp -= 8;
-
+
/* last write time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
+ offset = dissect_smb_64bit_time(tvb, tree, offset,
hf_smb_last_write_time);
*bcp -= 8;
-
+
/* last change time */
CHECK_BYTE_COUNT_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
- hf_smb_change_time);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_change_time);
*bcp -= 8;
-
+
/* end of file */
CHECK_BYTE_COUNT_SUBR(8);
proto_tree_add_item(tree, hf_smb_end_of_file, tvb, offset, 8, TRUE);
/* Extended File Attributes */
CHECK_BYTE_COUNT_SUBR(4);
- offset = dissect_file_ext_attr(tvb, pinfo, tree, offset);
+ offset = dissect_file_ext_attr(tvb, tree, offset);
*bcp -= 4;
/* file name len */
CHECK_BYTE_COUNT_SUBR(1);
proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 1, TRUE);
COUNT_BYTES_SUBR(1);
-
+
/* short file name */
- sfn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &sfn_len, FALSE, TRUE, bcp);
+ sfn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &sfn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(sfn);
proto_tree_add_string(tree, hf_smb_short_file_name, tvb, offset, 24,
sfn);
COUNT_BYTES_SUBR(24);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
val_to_str(si->info_level, ff2_il_vals, "Unknown (0x%02x)"));
tree = proto_item_add_subtree(item, ett_smb_ff2_data);
}
-
+
+ /*
+ * We assume that the presence of a next entry offset implies the
+ * absence of a resume key, as appears to be the case for 4.3.4.6.
+ */
+
/* next entry offset */
CHECK_BYTE_COUNT_SUBR(4);
neo = tvb_get_letohl(tvb, offset);
proto_tree_add_uint(tree, hf_smb_next_entry_offset, tvb, offset, 4, neo);
COUNT_BYTES_SUBR(4);
-
+
/* file index */
CHECK_BYTE_COUNT_SUBR(4);
proto_tree_add_item(tree, hf_smb_file_index, tvb, offset, 4, TRUE);
COUNT_BYTES_SUBR(4);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
*trunc = FALSE;
return offset;
}
-
+
static int
-dissect_4_3_4_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
- int offset, guint16 *bcp, gboolean *trunc)
+dissect_4_3_4_8(tvbuff_t *tvb _U_, packet_info *pinfo _U_,
+ proto_tree *parent_tree _U_, int offset, guint16 *bcp,
+ gboolean *trunc)
{
/*XXX im lazy. i havnt implemented this */
offset += *bcp;
if(!*bcp){
return offset;
}
-
+
si = (smb_info_t *)pinfo->private_data;
switch(si->info_level){
case 1: /*Info Standard*/
offset = dissect_4_3_4_2(tvb, pinfo, tree, offset, bcp,
trunc);
break;
- case 3: /*Info Query EAs From List same as
+ case 3: /*Info Query EAs From List same as
InfoQueryEASize*/
offset = dissect_4_3_4_2(tvb, pinfo, tree, offset, bcp,
trunc);
static int
-dissect_fs_attributes(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_fs_attributes(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint32 mask;
proto_item *item = NULL;
offset += 4;
return offset;
}
-
+
static int
-dissect_device_characteristics(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_device_characteristics(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint32 mask;
proto_item *item = NULL;
return offset;
}
-
/*dissect the data block for TRANS2_QUERY_FS_INFORMATION*/
+
+static const true_false_string tfs_smb_mac_access_ctrl = {
+ "Macintosh Access Control Supported",
+ "Macintosh Access Control Not Supported"
+};
+
+static const true_false_string tfs_smb_mac_getset_comments = {
+ "Macintosh Get & Set Comments Supported",
+ "Macintosh Get & Set Comments Not Supported"
+};
+
+static const true_false_string tfs_smb_mac_desktopdb_calls = {
+ "Macintosh Get & Set Desktop Database Info Supported",
+ "Macintosh Get & Set Desktop Database Info Supported"
+};
+
+static const true_false_string tfs_smb_mac_unique_ids = {
+ "Macintosh Unique IDs Supported",
+ "Macintosh Unique IDs Not Supported"
+};
+
+static const true_false_string tfs_smb_mac_streams = {
+ "Macintosh and Streams Extensions Not Supported",
+ "Macintosh and Streams Extensions Supported"
+};
+
static int
dissect_qfsi_vals(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree,
int offset, guint16 *bcp)
smb_info_t *si;
int fn_len, vll, fnl;
const char *fn;
+ guint support = 0;
+ proto_item *item = NULL;
+ proto_tree *ti = NULL;
if(!*bcp){
return offset;
}
-
+
si = (smb_info_t *)pinfo->private_data;
switch(si->info_level){
case 1: /* SMB_INFO_ALLOCATION */
COUNT_BYTES_TRANS_SUBR(1);
/* label */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, bcp);
+ CHECK_STRING_TRANS_SUBR(fn);
+ proto_tree_add_string(tree, hf_smb_volume_label, tvb, offset, fn_len,
+ fn);
+ COUNT_BYTES_TRANS_SUBR(fn_len);
+
+ break;
+ case 0x0101: /* SMB_QUERY_FS_LABEL_INFO */
+ case 1001: /* SMB_FS_LABEL_INFORMATION */
+ /* volume label length */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ vll = tvb_get_letohl(tvb, offset);
+ proto_tree_add_uint(tree, hf_smb_volume_label_len, tvb, offset, 4, vll);
+ COUNT_BYTES_TRANS_SUBR(4);
+
+ /* label */
+ fn_len = vll;
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(tree, hf_smb_volume_label, tvb, offset, fn_len,
fn);
break;
case 0x0102: /* SMB_QUERY_FS_VOLUME_INFO */
+ case 1002: /* SMB_FS_VOLUME_INFORMATION */
/* create time */
CHECK_BYTE_COUNT_TRANS_SUBR(8);
- offset = dissect_smb_64bit_time(tvb, pinfo, tree, offset,
+ offset = dissect_smb_64bit_time(tvb, tree, offset,
hf_smb_create_time);
*bcp -= 8;
-
+
/* volume serial number */
CHECK_BYTE_COUNT_TRANS_SUBR(4);
proto_tree_add_item(tree, hf_smb_volume_serial_num, tvb, offset, 4, TRUE);
/* label */
fn_len = vll;
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(tree, hf_smb_volume_label, tvb, offset, fn_len,
fn);
break;
case 0x0103: /* SMB_QUERY_FS_SIZE_INFO */
+ case 1003: /* SMB_FS_SIZE_INFORMATION */
+ /* allocation size */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ proto_tree_add_item(tree, hf_smb_alloc_size64, tvb, offset, 8, TRUE);
+ COUNT_BYTES_TRANS_SUBR(8);
+
+ /* free allocation units */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ proto_tree_add_item(tree, hf_smb_free_alloc_units64, tvb, offset, 8, TRUE);
+ COUNT_BYTES_TRANS_SUBR(8);
+
+ /* sectors per unit */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_sector_unit, tvb, offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+
+ /* bytes per sector */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_fs_sector, tvb, offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+
+ break;
+ case 0x0104: /* SMB_QUERY_FS_DEVICE_INFO */
+ case 1004: /* SMB_FS_DEVICE_INFORMATION */
+ /* device type */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_device_type, tvb, offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+
+ /* device characteristics */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ offset = dissect_device_characteristics(tvb, tree, offset);
+ *bcp -= 4;
+
+ break;
+ case 0x0105: /* SMB_QUERY_FS_ATTRIBUTE_INFO */
+ case 1005: /* SMB_FS_ATTRIBUTE_INFORMATION */
+ /* FS attributes */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ offset = dissect_fs_attributes(tvb, tree, offset);
+ *bcp -= 4;
+
+ /* max name len */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_max_name_len, tvb, offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+
+ /* fs name length */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ fnl = tvb_get_letohl(tvb, offset);
+ proto_tree_add_uint(tree, hf_smb_fs_name_len, tvb, offset, 4, fnl);
+ COUNT_BYTES_TRANS_SUBR(4);
+
+ /* label */
+ fn_len = fnl;
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
+ CHECK_STRING_TRANS_SUBR(fn);
+ proto_tree_add_string(tree, hf_smb_fs_name, tvb, offset, fn_len,
+ fn);
+ COUNT_BYTES_TRANS_SUBR(fn_len);
+
+ break;
+ case 0x301: /* MAC_QUERY_FS_INFO */
+ /* Create time */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time);
+ *bcp -= 8;
+ /* Modify Time */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_modify_time);
+ *bcp -= 8;
+ /* Backup Time */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_backup_time);
+ *bcp -= 8;
+ /* Allocation blocks */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_alloc_block_count, tvb,
+ offset,
+ 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Allocation Block Size */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_alloc_block_size, tvb,
+ offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Free Block Count */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_free_block_count, tvb,
+ offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Finder Info ... */
+ CHECK_BYTE_COUNT_TRANS_SUBR(32);
+ proto_tree_add_bytes_format(tree, hf_smb_mac_fndrinfo, tvb,
+ offset, 32,
+ tvb_get_ptr(tvb, offset,32),
+ "Finder Info: %s",
+ tvb_format_text(tvb, offset, 32));
+ COUNT_BYTES_TRANS_SUBR(32);
+ /* Number Files */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_root_file_count, tvb,
+ offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Number of Root Directories */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_root_dir_count, tvb,
+ offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Number of files */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_file_count, tvb,
+ offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Dir Count */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_dir_count, tvb,
+ offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Mac Support Flags */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ support = tvb_get_ntohl(tvb, offset);
+ item = proto_tree_add_text(tree, tvb, offset, 4,
+ "Mac Support Flags: 0x%08x", support);
+ ti = proto_item_add_subtree(item, ett_smb_mac_support_flags);
+ proto_tree_add_boolean(ti, hf_smb_mac_sup_access_ctrl,
+ tvb, offset, 4, support);
+ proto_tree_add_boolean(ti, hf_smb_mac_sup_getset_comments,
+ tvb, offset, 4, support);
+ proto_tree_add_boolean(ti, hf_smb_mac_sup_desktopdb_calls,
+ tvb, offset, 4, support);
+ proto_tree_add_boolean(ti, hf_smb_mac_sup_unique_ids,
+ tvb, offset, 4, support);
+ proto_tree_add_boolean(ti, hf_smb_mac_sup_streams,
+ tvb, offset, 4, support);
+ COUNT_BYTES_TRANS_SUBR(4);
+ break;
+ case 1006: /* QUERY_FS_QUOTA_INFO */
+ offset = dissect_nt_quota(tvb, tree, offset, bcp);
+ break;
+ case 1007: /* SMB_FS_FULL_SIZE_INFORMATION */
/* allocation size */
CHECK_BYTE_COUNT_TRANS_SUBR(8);
proto_tree_add_item(tree, hf_smb_alloc_size64, tvb, offset, 8, TRUE);
COUNT_BYTES_TRANS_SUBR(8);
- /* free allocation units */
+ /* caller free allocation units */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ proto_tree_add_item(tree, hf_smb_caller_free_alloc_units64, tvb, offset, 8, TRUE);
+ COUNT_BYTES_TRANS_SUBR(8);
+
+ /* actual free allocation units */
CHECK_BYTE_COUNT_TRANS_SUBR(8);
- proto_tree_add_item(tree, hf_smb_free_alloc_units64, tvb, offset, 8, TRUE);
+ proto_tree_add_item(tree, hf_smb_actual_free_alloc_units64, tvb, offset, 8, TRUE);
COUNT_BYTES_TRANS_SUBR(8);
/* sectors per unit */
CHECK_BYTE_COUNT_TRANS_SUBR(4);
proto_tree_add_item(tree, hf_smb_fs_sector, tvb, offset, 4, TRUE);
COUNT_BYTES_TRANS_SUBR(4);
-
- break;
- case 0x0104: /* SMB_QUERY_FS_DEVICE_INFO */
- /* device type */
- CHECK_BYTE_COUNT_TRANS_SUBR(4);
- proto_tree_add_item(tree, hf_smb_device_type, tvb, offset, 4, TRUE);
- COUNT_BYTES_TRANS_SUBR(4);
-
- /* device characteristics */
- CHECK_BYTE_COUNT_TRANS_SUBR(4);
- offset = dissect_device_characteristics(tvb, pinfo, tree, offset);
- *bcp -= 4;
-
- break;
- case 0x0105: /* SMB_QUERY_FS_ATTRIBUTE_INFO */
- /* FS attributes */
- CHECK_BYTE_COUNT_TRANS_SUBR(4);
- offset = dissect_fs_attributes(tvb, pinfo, tree, offset);
- *bcp -= 4;
-
- /* max name len */
- CHECK_BYTE_COUNT_TRANS_SUBR(4);
- proto_tree_add_item(tree, hf_smb_max_name_len, tvb, offset, 4, TRUE);
- COUNT_BYTES_TRANS_SUBR(4);
-
- /* fs name length */
- CHECK_BYTE_COUNT_TRANS_SUBR(4);
- fnl = tvb_get_letohl(tvb, offset);
- proto_tree_add_uint(tree, hf_smb_fs_name_len, tvb, offset, 4, fnl);
- COUNT_BYTES_TRANS_SUBR(4);
-
- /* label */
- fn_len = fnl;
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
- CHECK_STRING_TRANS_SUBR(fn);
- proto_tree_add_string(tree, hf_smb_fs_name, tvb, offset, fn_len,
- fn);
- COUNT_BYTES_TRANS_SUBR(fn_len);
-
break;
}
-
+
return offset;
}
-
+
static int
dissect_transaction2_response_data(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *parent_tree)
if (t2i != NULL && t2i->subcmd != -1) {
item = proto_tree_add_text(parent_tree, tvb, offset, dc,
"%s Data",
- val_to_str(t2i->subcmd, trans2_cmd_vals,
+ val_to_str(t2i->subcmd, trans2_cmd_vals,
"Unknown (0x%02x)"));
tree = proto_item_add_subtree(item, ett_smb_transaction_data);
} else {
break;
case 0x09: /*TRANS2_FSCTL*/
/* XXX dont know how to dissect this one (yet)*/
+
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says this this contains a
+ * "File system specific return data block".
+ * (That means we may not be able to dissect it in any
+ * case.)
+ */
break;
case 0x0a: /*TRANS2_IOCTL2*/
/* XXX dont know how to dissect this one (yet)*/
+
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says this this contains a
+ * "Device/function specific return data block".
+ * (That means we may not be able to dissect it in any
+ * case.)
+ */
break;
case 0x0b: /*TRANS2_FIND_NOTIFY_FIRST*/
/* XXX dont know how to dissect this one (yet)*/
+
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says this this contains "the level
+ * dependent information about the changes which
+ * occurred".
+ */
break;
case 0x0c: /*TRANS2_FIND_NOTIFY_NEXT*/
/* XXX dont know how to dissect this one (yet)*/
+
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says this this contains "the level
+ * dependent information about the changes which
+ * occurred".
+ */
break;
case 0x0d: /*TRANS2_CREATE_DIRECTORY*/
/* no data in this response */
if (t2i != NULL && t2i->subcmd != -1) {
item = proto_tree_add_text(parent_tree, tvb, offset, pc,
"%s Parameters",
- val_to_str(t2i->subcmd, trans2_cmd_vals,
+ val_to_str(t2i->subcmd, trans2_cmd_vals,
"Unknown (0x%02x)"));
tree = proto_item_add_subtree(item, ett_smb_transaction_params);
} else {
add_fid(tvb, pinfo, tree, offset, 2, fid);
offset += 2;
+ /*
+ * XXX - Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990 says that the file attributes, create
+ * time (which it says is the last modification time),
+ * data size, granted access, file type, and IPC state
+ * are returned only if bit 0 is set in the open flags,
+ * and that the EA length is returned only if bit 3
+ * is set in the open flags. Does that mean that,
+ * at least in that SMB dialect, those fields are not
+ * present in the reply parameters if the bits in
+ * question aren't set?
+ */
+
/* File Attributes */
- offset = dissect_file_attributes(tvb, pinfo, tree, offset);
+ offset = dissect_file_attributes(tvb, tree, offset, 2);
/* create time */
- offset = dissect_smb_datetime(tvb, pinfo, tree, offset,
- hf_smb_create_time,
+ offset = dissect_smb_datetime(tvb, tree, offset,
+ hf_smb_create_time,
hf_smb_create_dos_date, hf_smb_create_dos_time, TRUE);
/* data size */
offset += 4;
/* granted access */
- offset = dissect_access(tvb, pinfo, tree, offset, "Granted");
+ offset = dissect_access(tvb, tree, offset, "Granted");
/* File Type */
proto_tree_add_item(tree, hf_smb_file_type, tvb, offset, 2, TRUE);
offset += 2;
/* IPC State */
- offset = dissect_ipc_state(tvb, pinfo, tree, offset, FALSE);
+ offset = dissect_ipc_state(tvb, tree, offset, FALSE);
/* open_action */
- offset = dissect_open_action(tvb, pinfo, tree, offset);
+ offset = dissect_open_action(tvb, tree, offset);
- /* 4 reserved bytes */
- proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 4, TRUE);
+ /* server unique file ID */
+ proto_tree_add_item(tree, hf_smb_file_id, tvb, offset, 4, TRUE);
offset += 4;
/* ea error offset, only a 16 bit integer here */
proto_tree_add_item(tree, hf_smb_end_of_search, tvb, offset, 2, TRUE);
offset += 2;
- /* ea error offset , only a 16 bit integer here*/
+ /* ea_error_offset, only a 16 bit integer here*/
proto_tree_add_uint(tree, hf_smb_ea_error_offset, tvb, offset, 2, tvb_get_letohs(tvb, offset));
offset += 2;
/* no parameter block here */
break;
case 0x05: /*TRANS2_QUERY_PATH_INFORMATION*/
- /* no parameter block here */
+ /* ea_error_offset, only a 16 bit integer here*/
+ proto_tree_add_uint(tree, hf_smb_ea_error_offset, tvb, offset, 2, tvb_get_letohs(tvb, offset));
+ offset += 2;
+
break;
case 0x06: /*TRANS2_SET_PATH_INFORMATION*/
- /* no parameter block here */
+ /* ea_error_offset, only a 16 bit integer here*/
+ proto_tree_add_uint(tree, hf_smb_ea_error_offset, tvb, offset, 2, tvb_get_letohs(tvb, offset));
+ offset += 2;
+
break;
case 0x07: /*TRANS2_QUERY_FILE_INFORMATION*/
- /* no parameter block here */
+ /* ea_error_offset, only a 16 bit integer here*/
+ proto_tree_add_uint(tree, hf_smb_ea_error_offset, tvb, offset, 2, tvb_get_letohs(tvb, offset));
+ offset += 2;
+
break;
case 0x08: /*TRANS2_SET_FILE_INFORMATION*/
- /* no parameter block here */
+ /* ea_error_offset, only a 16 bit integer here*/
+ proto_tree_add_uint(tree, hf_smb_ea_error_offset, tvb, offset, 2, tvb_get_letohs(tvb, offset));
+ offset += 2;
+
break;
case 0x09: /*TRANS2_FSCTL*/
/* XXX dont know how to dissect this one (yet)*/
+
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says this this contains a
+ * "File system specific return parameter block".
+ * (That means we may not be able to dissect it in any
+ * case.)
+ */
break;
case 0x0a: /*TRANS2_IOCTL2*/
/* XXX dont know how to dissect this one (yet)*/
+
+ /*
+ * XXX - "Microsoft Networks SMB File Sharing Protocol
+ * Extensions Version 3.0, Document Version 1.11,
+ * July 19, 1990" says this this contains a
+ * "Device/function specific return parameter block".
+ * (That means we may not be able to dissect it in any
+ * case.)
+ */
break;
case 0x0b: /*TRANS2_FIND_NOTIFY_FIRST*/
- /* XXX dont know how to dissect this one (yet)*/
+ /* Find Notify information level */
+ proto_tree_add_uint(tree, hf_smb_fn_information_level, tvb, 0, 0, si->info_level);
+
+ /* Monitor handle */
+ proto_tree_add_item(tree, hf_smb_monitor_handle, tvb, offset, 2, TRUE);
+ offset += 2;
+
+ /* Change count */
+ si->info_count = tvb_get_letohs(tvb, offset);
+ proto_tree_add_uint(tree, hf_smb_change_count, tvb, offset, 2, si->info_count);
+ offset += 2;
+
+ /* ea_error_offset, only a 16 bit integer here*/
+ proto_tree_add_uint(tree, hf_smb_ea_error_offset, tvb, offset, 2, tvb_get_letohs(tvb, offset));
+ offset += 2;
+
break;
case 0x0c: /*TRANS2_FIND_NOTIFY_NEXT*/
- /* XXX dont know how to dissect this one (yet)*/
+ /* Find Notify information level */
+ proto_tree_add_uint(tree, hf_smb_fn_information_level, tvb, 0, 0, si->info_level);
+
+ /* Change count */
+ si->info_count = tvb_get_letohs(tvb, offset);
+ proto_tree_add_uint(tree, hf_smb_change_count, tvb, offset, 2, si->info_count);
+ offset += 2;
+
+ /* ea_error_offset, only a 16 bit integer here*/
+ proto_tree_add_uint(tree, hf_smb_ea_error_offset, tvb, offset, 2, tvb_get_letohs(tvb, offset));
+ offset += 2;
+
break;
case 0x0d: /*TRANS2_CREATE_DIRECTORY*/
/* ea error offset, only a 16 bit integer here */
static int
-dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 sc, wc;
guint16 od=0, po=0, pc=0, pd=0, dc=0, dd=0, td=0, tp=0;
- gboolean reassembled = FALSE;
smb_info_t *si;
smb_transact2_info_t *t2i = NULL;
guint16 bc;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " %s",
val_to_str(t2i->subcmd,
- trans2_cmd_vals,
+ trans2_cmd_vals,
"<unknown (0x%02x)>"));
}
}
save_fragmented = pinfo->fragmented;
/* do we need reassembly? */
if( (td!=dc) || (tp!=pc) ){
- /* oh yeah, either data or parameter section needs
+ /* oh yeah, either data or parameter section needs
reassembly
*/
pinfo->fragmented = TRUE;
if(smb_trans_reassembly){
/* ...and we were told to do reassembly */
if(pc && (tvb_length_remaining(tvb, po)>=pc) ){
- r_fd = smb_trans_defragment(tree, pinfo, tvb,
+ r_fd = smb_trans_defragment(tree, pinfo, tvb,
po, pc, pd, td+tp);
-
+
}
if((r_fd==NULL) && dc && (tvb_length_remaining(tvb, od)>=dc) ){
- r_fd = smb_trans_defragment(tree, pinfo, tvb,
+ r_fd = smb_trans_defragment(tree, pinfo, tvb,
od, dc, dd+tp, td+tp);
}
}
}
/* if we got a reassembled fd structure from the reassembly routine we must
- create pd_tvb from it
+ create pd_tvb from it
*/
if(r_fd){
- proto_tree *tr;
- proto_item *it;
- fragment_data *fd;
-
- it = proto_tree_add_text(tree, tvb, 0, 0, "Fragments");
- tr = proto_item_add_subtree(it, ett_smb_segments);
- for(fd=r_fd->next;fd;fd=fd->next){
- proto_tree_add_text(tr, tvb, 0, 0, "Frame:%u Data:%u-%u",
- fd->frame, fd->offset, fd->offset+fd->len-1);
- }
-
pd_tvb = tvb_new_real_data(r_fd->data, r_fd->datalen,
- r_fd->datalen, "Reassembled SMB");
+ r_fd->datalen);
tvb_set_child_real_data_tvbuff(tvb, pd_tvb);
- pinfo->fd->data_src = g_slist_append(pinfo->fd->data_src, pd_tvb);
- pinfo->fragmented = FALSE;
+ add_new_data_source(pinfo, pd_tvb, "Reassembled SMB");
+ show_fragment_tree(r_fd, &smb_frag_items, tree, pinfo, pd_tvb);
}
}
} else {
/* It was not reassembled. Do as best as we can.
- * in this case we always try to dissect the stuff if
+ * in this case we always try to dissect the stuff if
* data and param displacement is 0. i.e. for the first
* (and maybe only) packet.
*/
switch(tri->subcmd){
case TRANSACTION_PIPE:
- /* This function is safe to call for
+ /* This function is safe to call for
s_tvb==sp_tvb==NULL, i.e. if we don't
know them at this point.
It's also safe to call if "p_tvb"
d_tvb, NULL, pinfo, top_tree);
}
break;
-
+
case TRANSACTION_MAILSLOT:
/* This one should be safe to call
even if s_tvb and sp_tvb is NULL
}
if (!dissected_trans) {
/* This one is safe to call for s_tvb==p_tvb==d_tvb==NULL */
- dissect_trans_data(s_tvb, p_tvb, d_tvb,
- pinfo, tree);
+ dissect_trans_data(s_tvb, p_tvb, d_tvb, tree);
}
}
}
+static int
+dissect_find_notify_close(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+{
+ guint8 wc;
+ guint16 bc;
+
+ WORD_COUNT;
+
+ /* Monitor handle */
+ proto_tree_add_item(tree, hf_smb_monitor_handle, tvb, offset, 2, TRUE);
+ offset += 2;
+
+ BYTE_COUNT;
+
+ END_OF_SMB
+
+ return offset;
+}
+
/* XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
END Transaction/Transaction2 Primary and secondary requests
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX */
static int
-dissect_unknown(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
+dissect_unknown(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
guint8 wc;
guint16 bc;
WORD_COUNT;
-
- if (wc != 0)
+
+ if (wc != 0) {
proto_tree_add_text(tree, tvb, offset, wc*2, "Word parameters");
+ offset += wc*2;
+ }
BYTE_COUNT;
- if (bc != 0)
+ if (bc != 0) {
proto_tree_add_text(tree, tvb, offset, bc, "Byte parameters");
+ offset += bc;
+ bc = 0;
+ }
END_OF_SMB
int (*response)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree);
} smb_function;
-smb_function smb_dissector[256] = {
+static smb_function smb_dissector[256] = {
/* 0x00 Create Dir*/ {dissect_old_dir_request, dissect_empty},
/* 0x01 Delete Dir*/ {dissect_old_dir_request, dissect_empty},
/* 0x02 Open File*/ {dissect_open_file_request, dissect_open_file_response},
/* 0x19 */ {dissect_unknown, dissect_unknown},
/* 0x1a Read Raw*/ {dissect_read_raw_request, dissect_unknown},
/* 0x1b Read MPX*/ {dissect_read_mpx_request, dissect_read_mpx_response},
- /* 0x1c */ {dissect_unknown, dissect_unknown},
+ /* 0x1c Read MPX Secondary*/ {dissect_unknown, dissect_unknown},
/* 0x1d Write Raw*/ {dissect_write_raw_request, dissect_write_raw_response},
/* 0x1e Write MPX*/ {dissect_write_mpx_request, dissect_write_mpx_response},
- /* 0x1f */ {dissect_unknown, dissect_unknown},
+ /* 0x1f Write MPX Secondary*/ {dissect_unknown, dissect_unknown},
/* 0x20 Write Complete*/ {dissect_unknown, dissect_write_and_close_response},
/* 0x21 */ {dissect_unknown, dissect_unknown},
/* 0x23 Query Info2*/ {dissect_fid, dissect_query_information2_response},
/* 0x24 Locking And X*/ {dissect_locking_andx_request, dissect_locking_andx_response},
/* 0x25 Transaction*/ {dissect_transaction_request, dissect_transaction_response},
- /* 0x26 Transaction Secondary */ {dissect_transaction_request, dissect_unknown}, /*This SMB has no response */
- /* 0x27 */ {dissect_unknown, dissect_unknown},
- /* 0x28 */ {dissect_unknown, dissect_unknown},
- /* 0x29 */ {dissect_unknown, dissect_unknown},
- /* 0x2a Move File*/ {dissect_move_request, dissect_move_response},
+ /* 0x26 Transaction Secondary*/ {dissect_transaction_request, dissect_unknown}, /*This SMB has no response */
+ /* 0x27 IOCTL*/ {dissect_unknown, dissect_unknown},
+ /* 0x28 IOCTL Secondary*/ {dissect_unknown, dissect_unknown},
+ /* 0x29 Copy File*/ {dissect_copy_request, dissect_move_copy_response},
+ /* 0x2a Move File*/ {dissect_move_request, dissect_move_copy_response},
/* 0x2b Echo*/ {dissect_echo_request, dissect_echo_response},
/* 0x2c Write And Close*/ {dissect_write_and_close_request, dissect_write_and_close_response},
/* 0x2d Open And X*/ {dissect_open_andx_request, dissect_open_andx_response},
/* 0x2f Write And X*/ {dissect_write_andx_request, dissect_write_andx_response},
/* 0x30 */ {dissect_unknown, dissect_unknown},
- /* 0x31 */ {dissect_unknown, dissect_unknown},
+ /* 0x31 Close And Tree Disconnect */ {dissect_close_file_request, dissect_empty},
/* 0x32 Transaction2*/ {dissect_transaction_request, dissect_transaction_response},
/* 0x33 Transaction2 Secondary*/ {dissect_transaction_request, dissect_unknown}, /*This SMB has no response */
/* 0x34 Find Close2*/ {dissect_sid, dissect_empty},
- /* 0x35 */ {dissect_unknown, dissect_unknown},
+ /* 0x35 Find Notify Close*/ {dissect_find_notify_close, dissect_empty},
/* 0x36 */ {dissect_unknown, dissect_unknown},
/* 0x37 */ {dissect_unknown, dissect_unknown},
/* 0x38 */ {dissect_unknown, dissect_unknown},
/* 0x80 Query Info Disk*/ {dissect_empty, dissect_query_information_disk_response},
/* 0x81 Search Dir*/ {dissect_search_dir_request, dissect_search_dir_response},
- /* 0x82 */ {dissect_unknown, dissect_unknown},
- /* 0x83 */ {dissect_unknown, dissect_unknown},
- /* 0x84 */ {dissect_unknown, dissect_unknown},
+ /* 0x82 Find*/ {dissect_find_request, dissect_find_response},
+ /* 0x83 Find Unique*/ {dissect_find_request, dissect_find_response},
+ /* 0x84 Find Close*/ {dissect_find_close_request, dissect_find_close_response},
/* 0x85 */ {dissect_unknown, dissect_unknown},
/* 0x86 */ {dissect_unknown, dissect_unknown},
/* 0x87 */ {dissect_unknown, dissect_unknown},
/* 0x9d */ {dissect_unknown, dissect_unknown},
/* 0x9e */ {dissect_unknown, dissect_unknown},
/* 0x9f */ {dissect_unknown, dissect_unknown},
+
/* 0xa0 NT Transaction*/ {dissect_nt_transaction_request, dissect_nt_transaction_response},
/* 0xa1 NT Trans secondary*/ {dissect_nt_transaction_request, dissect_nt_transaction_response},
/* 0xa2 NT CreateAndX*/ {dissect_nt_create_andx_request, dissect_nt_create_andx_response},
/* 0xa3 */ {dissect_unknown, dissect_unknown},
/* 0xa4 NT Cancel*/ {dissect_nt_cancel_request, dissect_unknown}, /*no response to this one*/
- /* 0xa5 */ {dissect_unknown, dissect_unknown},
+ /* 0xa5 NT Rename*/ {dissect_nt_rename_file_request, dissect_empty},
/* 0xa6 */ {dissect_unknown, dissect_unknown},
/* 0xa7 */ {dissect_unknown, dissect_unknown},
/* 0xa8 */ {dissect_unknown, dissect_unknown},
/* 0xbd */ {dissect_unknown, dissect_unknown},
/* 0xbe */ {dissect_unknown, dissect_unknown},
/* 0xbf */ {dissect_unknown, dissect_unknown},
+
/* 0xc0 Open Print File*/ {dissect_open_print_file_request, dissect_fid},
/* 0xc1 Write Print File*/ {dissect_write_print_file_request, dissect_empty},
/* 0xc2 Close Print File*/ {dissect_fid, dissect_empty},
/* 0xce */ {dissect_unknown, dissect_unknown},
/* 0xcf */ {dissect_unknown, dissect_unknown},
- /* 0xd0 */ {dissect_unknown, dissect_unknown},
- /* 0xd1 */ {dissect_unknown, dissect_unknown},
- /* 0xd2 */ {dissect_unknown, dissect_unknown},
- /* 0xd3 */ {dissect_unknown, dissect_unknown},
- /* 0xd4 */ {dissect_unknown, dissect_unknown},
- /* 0xd5 */ {dissect_unknown, dissect_unknown},
- /* 0xd6 */ {dissect_unknown, dissect_unknown},
- /* 0xd7 */ {dissect_unknown, dissect_unknown},
- /* 0xd8 */ {dissect_unknown, dissect_unknown},
- /* 0xd9 */ {dissect_unknown, dissect_unknown},
- /* 0xda */ {dissect_unknown, dissect_unknown},
+ /* 0xd0 Send Single Block Message*/ {dissect_send_single_block_message_request, dissect_empty},
+ /* 0xd1 Send Broadcast Message*/ {dissect_send_single_block_message_request, dissect_empty},
+ /* 0xd2 Forward User Name*/ {dissect_forwarded_name, dissect_empty},
+ /* 0xd3 Cancel Forward*/ {dissect_forwarded_name, dissect_empty},
+ /* 0xd4 Get Machine Name*/ {dissect_empty, dissect_get_machine_name_response},
+ /* 0xd5 Send Start of Multi-block Message*/ {dissect_send_multi_block_message_start_request, dissect_message_group_id},
+ /* 0xd6 Send End of Multi-block Message*/ {dissect_message_group_id, dissect_empty},
+ /* 0xd7 Send Text of Multi-block Message*/ {dissect_send_multi_block_message_text_request, dissect_empty},
+ /* 0xd8 SMBreadbulk*/ {dissect_unknown, dissect_unknown},
+ /* 0xd9 SMBwritebulk*/ {dissect_unknown, dissect_unknown},
+ /* 0xda SMBwritebulkdata*/ {dissect_unknown, dissect_unknown},
/* 0xdb */ {dissect_unknown, dissect_unknown},
/* 0xdc */ {dissect_unknown, dissect_unknown},
/* 0xdd */ {dissect_unknown, dissect_unknown},
};
static int
-dissect_smb_command(tvbuff_t *tvb, packet_info *pinfo, proto_tree *top_tree, int offset, proto_tree *smb_tree, guint8 cmd)
+dissect_smb_command(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *smb_tree, guint8 cmd, gboolean first_pdu)
{
int old_offset = offset;
smb_info_t *si;
-
+
si = pinfo->private_data;
if(cmd!=0xff){
proto_item *cmd_item;
int (*dissector)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree);
if (check_col(pinfo->cinfo, COL_INFO)) {
- col_add_fstr(pinfo->cinfo, COL_INFO, "%s %s",
- decode_smb_name(cmd),
- (si->request)? "Request" : "Response");
+ if(first_pdu){
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ "%s %s",
+ decode_smb_name(cmd),
+ (si->request)? "Request" : "Response");
+ } else {
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ "; %s",
+ decode_smb_name(cmd));
+ }
+
}
cmd_item = proto_tree_add_text(smb_tree, tvb, offset, -1,
"%s %s (0x%02x)",
- decode_smb_name(cmd),
+ decode_smb_name(cmd),
(si->request)?"Request":"Response",
cmd);
/* NOTE: this value_string array will also be used to access data directly by
- * index instead of val_to_str() since
+ * index instead of val_to_str() since
* 1, the array will always span every value from 0x00 to 0xff and
* 2, smb_cmd_vals[i].strptr is much cheaper than val_to_str(i, smb_cmd_vals,)
* This means that this value_string array MUST always
{ 0x1C, "Read MPX Secondary" },
{ 0x1D, "Write Raw" },
{ 0x1E, "Write MPX" },
- { 0x1F, "SMBwriteBs" },
+ { 0x1F, "Write MPX Secondary" },
{ 0x20, "Write Complete" },
{ 0x21, "unknown-0x21" },
{ 0x22, "Set Information2" },
{ 0x2E, "Read AndX" },
{ 0x2F, "Write AndX" },
{ 0x30, "unknown-0x30" },
- { 0x31, "Close And Tree Discover" },
+ { 0x31, "Close And Tree Disconnect" },
{ 0x32, "Transaction2" },
{ 0x33, "Transaction2 Secondary" },
{ 0x34, "Find Close2" },
{ 0x81, "Search" },
{ 0x82, "Find" },
{ 0x83, "Find Unique" },
- { 0x84, "SMBfclose" },
+ { 0x84, "Find Close" },
{ 0x85, "unknown-0x85" },
{ 0x86, "unknown-0x86" },
{ 0x87, "unknown-0x87" },
{ 0xA2, "NT Create AndX" },
{ 0xA3, "unknown-0xA3" },
{ 0xA4, "NT Cancel" },
- { 0xA5, "unknown-0xA5" },
+ { 0xA5, "NT Rename" },
{ 0xA6, "unknown-0xA6" },
{ 0xA7, "unknown-0xA7" },
{ 0xA8, "unknown-0xA8" },
{ 0xCD, "unknown-0xCD" },
{ 0xCE, "unknown-0xCE" },
{ 0xCF, "unknown-0xCF" },
- { 0xD0, "SMBsends" },
- { 0xD1, "SMBsendb" },
- { 0xD2, "SMBfwdname" },
- { 0xD3, "SMBcancelf" },
- { 0xD4, "SMBgetmac" },
- { 0xD5, "SMBsendstrt" },
- { 0xD6, "SMBsendend" },
- { 0xD7, "SMBsendtxt" },
+ { 0xD0, "Send Single Block Message" },
+ { 0xD1, "Send Broadcast Message" },
+ { 0xD2, "Forward User Name" },
+ { 0xD3, "Cancel Forward" },
+ { 0xD4, "Get Machine Name" },
+ { 0xD5, "Send Start of Multi-block Message" },
+ { 0xD6, "Send End of Multi-block Message" },
+ { 0xD7, "Send Text of Multi-block Message" },
{ 0xD8, "SMBreadbulk" },
{ 0xD9, "SMBwritebulk" },
{ 0xDA, "SMBwritebulkdata" },
{
return(smb_cmd_vals[cmd].strptr);
}
-
+
/* XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
static void
-free_hash_tables(gpointer ctarg, gpointer user_data)
+free_hash_tables(gpointer ctarg, gpointer user_data _U_)
{
conv_tables_t *ct = ctarg;
g_hash_table_destroy(ct->matched);
if (ct->dcerpc_fid_to_frame)
g_hash_table_destroy(ct->dcerpc_fid_to_frame);
+ if (ct->tid_service)
+ g_hash_table_destroy(ct->tid_service);
}
static void
G_ALLOC_ONLY);
}
-/* Max string length for displaying Unicode strings. */
-#define MAX_UNICODE_STR_LEN 256
-
-
-/* Turn a little-endian Unicode '\0'-terminated string into a string we
- can display.
- XXX - for now, we just handle the ISO 8859-1 characters.
- If exactlen==TRUE then us_lenp contains the exact len of the string in
- bytes. It might not be null terminated !
- bc specifies the number of bytes in the byte parameters; Windows 2000,
- at least, appears, in some cases, to put only 1 byte of 0 at the end
- of a Unicode string if the byte count
-*/
-static gchar *
-unicode_to_str(tvbuff_t *tvb, int offset, int *us_lenp, gboolean exactlen,
- guint16 bc)
-{
- static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
- static gchar *cur;
- gchar *p;
- guint16 uchar;
- int len;
- int us_len;
- int overflow = 0;
-
- if (cur == &str[0][0]) {
- cur = &str[1][0];
- } else if (cur == &str[1][0]) {
- cur = &str[2][0];
- } else {
- cur = &str[0][0];
- }
- p = cur;
- len = MAX_UNICODE_STR_LEN;
- us_len = 0;
- for (;;) {
- if (bc == 0)
- break;
- if (bc == 1) {
- /* XXX - explain this */
- if (!exactlen)
- us_len += 1; /* this is a one-byte null terminator */
- break;
- }
- uchar = tvb_get_letohs(tvb, offset);
- if (uchar == 0) {
- us_len += 2; /* this is a two-byte null terminator */
- break;
- }
- if (len > 0) {
- if ((uchar & 0xFF00) == 0)
- *p++ = uchar; /* ISO 8859-1 */
- else
- *p++ = '?'; /* not 8859-1 */
- len--;
- } else
- overflow = 1;
- offset += 2;
- bc -= 2;
- us_len += 2;
- if(exactlen){
- if(us_len>= *us_lenp){
- break;
- }
- }
- }
- if (overflow) {
- /* Note that we're not showing the full string. */
- *p++ = '.';
- *p++ = '.';
- *p++ = '.';
- }
- *p = '\0';
- *us_lenp = us_len;
- return cur;
-}
-
-
-/* nopad == TRUE : Do not add any padding before this string
- * exactlen == TRUE : len contains the exact len of the string in bytes.
- * bc: pointer to variable with amount of data left in the byte parameters
- * region
- */
-static const gchar *
-get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp,
- packet_info *pinfo, int *len, gboolean nopad, gboolean exactlen,
- guint16 *bcp)
-{
- static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
- static gchar *cur;
- const gchar *string;
- int string_len;
- smb_info_t *si;
- int copylen;
-
- if (*bcp == 0) {
- /* Not enough data in buffer */
- return NULL;
- }
- si = pinfo->private_data;
- if (si->unicode) {
- if ((!nopad) && (*offsetp % 2)) {
- /*
- * XXX - this should be an offset relative to the beginning of the SMB,
- * not an offset relative to the beginning of the frame; if the stuff
- * before the SMB has an odd number of bytes, an offset relative to
- * the beginning of the frame will give the wrong answer.
- */
- (*offsetp)++; /* Looks like a pad byte there sometimes */
- (*bcp)--;
- if (*bcp == 0) {
- /* Not enough data in buffer */
- return NULL;
- }
- }
- if(exactlen){
- string_len = *len;
- string = unicode_to_str(tvb, *offsetp, &string_len, exactlen, *bcp);
- } else {
- string = unicode_to_str(tvb, *offsetp, &string_len, exactlen, *bcp);
- }
- } else {
- if(exactlen){
- /*
- * The string we return must be null-terminated.
- */
- if (cur == &str[0][0]) {
- cur = &str[1][0];
- } else if (cur == &str[1][0]) {
- cur = &str[2][0];
- } else {
- cur = &str[0][0];
- }
- copylen = *len;
- if (copylen > MAX_UNICODE_STR_LEN)
- copylen = MAX_UNICODE_STR_LEN;
- tvb_memcpy(tvb, (guint8 *)cur, *offsetp, copylen);
- cur[copylen] = '\0';
- if (copylen > MAX_UNICODE_STR_LEN)
- strcat(cur, "...");
- string_len = *len;
- string = cur;
- } else {
- string_len = tvb_strsize(tvb, *offsetp);
- string = tvb_get_ptr(tvb, *offsetp, string_len);
- }
- }
- *len = string_len;
- return string;
-}
-
-
-
static const value_string errcls_types[] = {
{ SMB_SUCCESS, "Success"},
{ SMB_ERRDOS, "DOS Error"},
{SMBE_badenv, "Invalid environment"},
{SMBE_badaccess, "Invalid open mode"},
{SMBE_baddata, "Invalid data (only from ioctl call)"},
- {SMBE_res, "Reserved error code?"},
+ {SMBE_res, "Reserved error code?"},
{SMBE_baddrive, "Invalid drive"},
{SMBE_remcd, "Attempt to delete current directory"},
{SMBE_diffdevice, "Rename/move across different filesystems"},
{SMBE_nosuchshare, "Requested share does not exist"},
{SMBE_filexists, "File in operation already exists"},
{SMBE_cannotopen, "Cannot open the file specified"},
- {SMBE_unknownlevel, "Unknown level??"},
+ {SMBE_unknownlevel, "Unknown info level"},
+ {SMBE_invalidname, "Invalid name"},
{SMBE_badpipe, "Named pipe invalid"},
{SMBE_pipebusy, "All instances of pipe are busy"},
{SMBE_pipeclosing, "Named pipe close in progress"},
{SMBE_invalidenvironment, "Invalid environment"},
{SMBE_printerdriverinuse, "Printer driver in use"},
{SMBE_invalidparam, "Invalid parameter"},
+ {SMBE_invalidformsize, "Invalid form size"},
+ {SMBE_invalidsecuritydescriptor, "Invalid security descriptor"},
+ {SMBE_invalidowner, "Invalid owner"},
+ {SMBE_nomoreitems, "No more items"},
{0, NULL}
};
{SMBE_badcmd, "Unknown command"},
{SMBE_data, "Data (CRC) error"},
{SMBE_badreq, "Bad request structure length"},
- {SMBE_seek, "Seek error???"},
- {SMBE_badmedia, "Bad media???"},
- {SMBE_badsector, "Bad sector???"},
- {SMBE_nopaper, "No paper in printer???"},
- {SMBE_write, "Write error???"},
- {SMBE_read, "Read error???"},
- {SMBE_general, "General error???"},
+ {SMBE_seek, "Seek error"},
+ {SMBE_badmedia, "Unknown media type"},
+ {SMBE_badsector, "Sector not found"},
+ {SMBE_nopaper, "Printer out of paper"},
+ {SMBE_write, "Write fault"},
+ {SMBE_read, "Read fault"},
+ {SMBE_general, "General failure"},
{SMBE_badshare, "A open conflicts with an existing open"},
- {SMBE_lock, "Lock/unlock error"},
- {SMBE_wrongdisk, "Wrong disk???"},
- {SMBE_FCBunavail, "FCB unavailable???"},
- {SMBE_sharebufexc, "Share buffer excluded???"},
+ {SMBE_lock, "Lock conflict/invalid mode, or unlock of another process's lock"},
+ {SMBE_wrongdisk, "The wrong disk was found in a drive"},
+ {SMBE_FCBunavail, "No FCBs are available to process request"},
+ {SMBE_sharebufexc, "A sharing buffer has been exceeded"},
{SMBE_diskfull, "Disk full???"},
{0, NULL}
};
}
+
+/* These are the MS country codes from
+
+ http://www.unicode.org/unicode/onlinedat/countries.html
+
+ For countries that share the same number, I choose to use only the
+ name of the largest country. Apologies for this. If this offends you,
+ here is the table to change that.
+
+ This also includes the code of 0 for "Default", which isn't in
+ that list, but is in Microsoft's SDKs and the Cygnus "winnls.h"
+ header file. Presumably it means "don't override the setting
+ on the user's machine".
+
+ Future versions of Microsoft's "winnls.h" header file might include
+ additional codes; the current version matches the Unicode Consortium's
+ table.
+*/
+const value_string ms_country_codes[] = {
+ { 0, "Default"},
+ { 1, "USA"},
+ { 2, "Canada"},
+ { 7, "Russia"},
+ { 20, "Egypt"},
+ { 27, "South Africa"},
+ { 30, "Greece"},
+ { 31, "Netherlands"},
+ { 32, "Belgium"},
+ { 33, "France"},
+ { 34, "Spain"},
+ { 36, "Hungary"},
+ { 39, "Italy"},
+ { 40, "Romania"},
+ { 41, "Switzerland"},
+ { 43, "Austria"},
+ { 44, "United Kingdom"},
+ { 45, "Denmark"},
+ { 46, "Sweden"},
+ { 47, "Norway"},
+ { 48, "Poland"},
+ { 49, "Germany"},
+ { 51, "Peru"},
+ { 52, "Mexico"},
+ { 54, "Argentina"},
+ { 55, "Brazil"},
+ { 56, "Chile"},
+ { 57, "Colombia"},
+ { 58, "Venezuela"},
+ { 60, "Malaysia"},
+ { 61, "Australia"},
+ { 62, "Indonesia"},
+ { 63, "Philippines"},
+ { 64, "New Zealand"},
+ { 65, "Singapore"},
+ { 66, "Thailand"},
+ { 81, "Japan"},
+ { 82, "South Korea"},
+ { 84, "Viet Nam"},
+ { 86, "China"},
+ { 90, "Turkey"},
+ { 91, "India"},
+ { 92, "Pakistan"},
+ {212, "Morocco"},
+ {213, "Algeria"},
+ {216, "Tunisia"},
+ {218, "Libya"},
+ {254, "Kenya"},
+ {263, "Zimbabwe"},
+ {298, "Faroe Islands"},
+ {351, "Portugal"},
+ {352, "Luxembourg"},
+ {353, "Ireland"},
+ {354, "Iceland"},
+ {355, "Albania"},
+ {358, "Finland"},
+ {359, "Bulgaria"},
+ {370, "Lithuania"},
+ {371, "Latvia"},
+ {372, "Estonia"},
+ {374, "Armenia"},
+ {375, "Belarus"},
+ {380, "Ukraine"},
+ {381, "Serbia"},
+ {385, "Croatia"},
+ {386, "Slovenia"},
+ {389, "Macedonia"},
+ {420, "Czech Republic"},
+ {421, "Slovak Republic"},
+ {501, "Belize"},
+ {502, "Guatemala"},
+ {503, "El Salvador"},
+ {504, "Honduras"},
+ {505, "Nicaragua"},
+ {506, "Costa Rica"},
+ {507, "Panama"},
+ {591, "Bolivia"},
+ {593, "Ecuador"},
+ {595, "Paraguay"},
+ {598, "Uruguay"},
+ {673, "Brunei Darussalam"},
+ {852, "Hong Kong"},
+ {853, "Macau"},
+ {886, "Taiwan"},
+ {960, "Maldives"},
+ {961, "Lebanon"},
+ {962, "Jordan"},
+ {963, "Syria"},
+ {964, "Iraq"},
+ {965, "Kuwait"},
+ {966, "Saudi Arabia"},
+ {967, "Yemen"},
+ {968, "Oman"},
+ {971, "United Arab Emirates"},
+ {972, "Israel"},
+ {973, "Bahrain"},
+ {974, "Qatar"},
+ {976, "Mongolia"},
+ {981, "Iran"},
+ {994, "Azerbaijan"},
+ {995, "Georgia"},
+ {996, "Kyrgyzstan"},
+
+ {0, NULL}
+};
+
/*
* NT error codes.
*
{ 0x80000024, "STATUS_SERVER_HAS_OPEN_HANDLES" },
{ 0x80000025, "STATUS_ALREADY_DISCONNECTED" },
{ 0x80000026, "STATUS_LONGJUMP" },
+ { 0x80040111, "MAPI_E_LOGON_FAILED" },
{ 0x80090300, "SEC_E_INSUFFICIENT_MEMORY" },
{ 0x80090301, "SEC_E_INVALID_HANDLE" },
{ 0x80090302, "SEC_E_UNSUPPORTED_FUNCTION" },
};
static int
-dissect_smb_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_smb_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint8 mask;
proto_item *item = NULL;
}
-
+
static const true_false_string tfs_smb_flags2_long_names_allowed = {
"Long file names are allowed in the response",
"Long file names are not allowed in the response"
"Strings are ASCII"
};
static int
-dissect_smb_flags2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+dissect_smb_flags2(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
guint16 mask;
proto_item *item = NULL;
smb_saved_info_t *sip = NULL;
smb_saved_info_key_t key;
smb_saved_info_key_t *new_key;
- guint32 nt_status = 0;
- guint8 errclass = 0;
- guint16 errcode = 0;
- guint16 uid, pid, tid, mid;
+ guint32 nt_status = 0;
+ guint8 errclass = 0;
+ guint16 errcode = 0;
guint32 pid_mid;
conversation_t *conversation;
+ nstime_t ns;
top_tree=parent_tree;
|| (tvb_get_guint8(tvb, 3) != 'B') ){
return FALSE;
}
-
+
if (check_col(pinfo->cinfo, COL_PROTOCOL)){
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMB");
}
} else {
si.unicode = FALSE;
}
- tid = tvb_get_letohs(tvb, offset+24);
- pid = tvb_get_letohs(tvb, offset+26);
- uid = tvb_get_letohs(tvb, offset+28);
- mid = tvb_get_letohs(tvb, offset+30);
- pid_mid = (pid << 16) | mid;
+ si.tid = tvb_get_letohs(tvb, offset+24);
+ si.pid = tvb_get_letohs(tvb, offset+26);
+ si.uid = tvb_get_letohs(tvb, offset+28);
+ si.mid = tvb_get_letohs(tvb, offset+30);
+ pid_mid = (si.pid << 16) | si.mid;
si.info_level = -1;
si.info_count = -1;
if (parent_tree) {
- item = proto_tree_add_item(parent_tree, proto_smb, tvb, offset,
+ item = proto_tree_add_item(parent_tree, proto_smb, tvb, offset,
-1, FALSE);
tree = proto_item_add_subtree(item, ett_smb);
- hitem = proto_tree_add_text(tree, tvb, offset, 32,
+ hitem = proto_tree_add_text(tree, tvb, offset, 32,
"SMB Header");
htree = proto_item_add_subtree(hitem, ett_smb_hdr);
proto_tree_add_text(htree, tvb, offset, 4, "Server Component: SMB");
offset += 4; /* Skip the marker */
- /* find which conversation we are part of and get the tables for that
+ /* find which conversation we are part of and get the tables for that
conversation*/
conversation = find_conversation(&pinfo->src, &pinfo->dst,
pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
- if(conversation){
- si.ct=conversation_get_proto_data(conversation, proto_smb);
- } else {
- /* OK this is a new conversation, we must create it
- and attach appropriate data (matched and unmatched
- table for this conversation)
- */
- conversation = conversation_new(&pinfo->src, &pinfo->dst,
+ if(!conversation){
+ /* OK this is a new conversation so lets create it */
+ conversation = conversation_new(&pinfo->src, &pinfo->dst,
pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
+ }
+ /* see if we already have the smb data for this conversation */
+ si.ct=conversation_get_proto_data(conversation, proto_smb);
+ if(!si.ct){
+ /* No, not yet. create it and attach it to the conversation */
si.ct = g_mem_chunk_alloc(conv_tables_chunk);
conv_tables = g_slist_prepend(conv_tables, si.ct);
- si.ct->matched= g_hash_table_new(smb_saved_info_hash_matched,
+ si.ct->matched= g_hash_table_new(smb_saved_info_hash_matched,
smb_saved_info_equal_matched);
- si.ct->unmatched= g_hash_table_new(smb_saved_info_hash_unmatched,
+ si.ct->unmatched= g_hash_table_new(smb_saved_info_hash_unmatched,
smb_saved_info_equal_unmatched);
si.ct->dcerpc_fid_to_frame=g_hash_table_new(
- smb_saved_info_hash_unmatched,
+ smb_saved_info_hash_unmatched,
+ smb_saved_info_equal_unmatched);
+ si.ct->tid_service=g_hash_table_new(
+ smb_saved_info_hash_unmatched,
smb_saved_info_equal_unmatched);
conversation_add_proto_data(conversation, proto_smb, si.ct);
}
if( (si.request)
- && (mid==0)
- && (uid==0)
- && (pid==0)
- && (tid==0) ){
+ && (si.mid==0)
+ && (si.uid==0)
+ && (si.pid==0)
+ && (si.tid==0) ){
/* this is a broadcast SMB packet, there will not be a reply.
- We dont need to do anything
+ We dont need to do anything
*/
si.unidir = TRUE;
} else if( (si.cmd==SMB_COM_NT_CANCEL) /* NT Cancel */
request/response matching to get messed up.
The only thing we do in this case is trying to find which original
- request we match with and insert an entry for this "special"
+ request we match with and insert an entry for this "special"
request for later reference. We continue to reference the original
requests smb_saved_info_t but we dont touch it or change anything
in it.
si.unidir = TRUE; /*we dont expect an answer to this one*/
if(!pinfo->fd->flags.visited){
- /* try to find which original call we match and if we
+ /* try to find which original call we match and if we
find it add us to the matched table. Dont touch
anything else since we dont want this one to mess
up the request/response matching. We still consider
if(sip && sip->frame_req){
switch(si.cmd){
case SMB_COM_NT_CANCEL:
- proto_tree_add_uint(htree, hf_smb_cancel_to,
+ proto_tree_add_uint(htree, hf_smb_cancel_to,
tvb, 0, 0, sip->frame_req);
break;
case SMB_COM_TRANSACTION_SECONDARY:
case SMB_COM_TRANSACTION2_SECONDARY:
case SMB_COM_NT_TRANSACT_SECONDARY:
- proto_tree_add_uint(htree, hf_smb_continuation_to,
+ proto_tree_add_uint(htree, hf_smb_continuation_to,
tvb, 0, 0, sip->frame_req);
break;
}
si.unidir = FALSE;
if(!pinfo->fd->flags.visited){
- /* first see if we find an unmatched smb "equal" to
- the current one
+ /* first see if we find an unmatched smb "equal" to
+ the current one
*/
sip=g_hash_table_lookup(si.ct->unmatched, (void *)pid_mid);
if(sip!=NULL){
- if(si.request){
- /* ok, we are processing an SMB
- request but there was already
- another "identical" smb resuest
- we had not matched yet.
- This must mean that either we have
- a retransmission or that the
- response to the previous one was
- lost and the client has reused
- the MID for this conversation.
- In either case it's not much more
- we can do than forget the old
- request and concentrate on the
+ gboolean cmd_match=FALSE;
+
+ /*
+ * Make sure the SMB we found was the
+ * same command, or a different command
+ * that's another valid type of reply
+ * to that command.
+ */
+ if(si.cmd==sip->cmd){
+ cmd_match=TRUE;
+ }
+ else if(si.cmd==SMB_COM_NT_CANCEL){
+ cmd_match=TRUE;
+ }
+ else if((si.cmd==SMB_COM_TRANSACTION_SECONDARY)
+ && (sip->cmd==SMB_COM_TRANSACTION)){
+ cmd_match=TRUE;
+ }
+ else if((si.cmd==SMB_COM_TRANSACTION2_SECONDARY)
+ && (sip->cmd==SMB_COM_TRANSACTION2)){
+ cmd_match=TRUE;
+ }
+ else if((si.cmd==SMB_COM_NT_TRANSACT_SECONDARY)
+ && (sip->cmd==SMB_COM_NT_TRANSACT)){
+ cmd_match=TRUE;
+ }
+
+ if( (si.request) || (!cmd_match) ) {
+ /* If we are processing an SMB request but there was already
+ another "identical" smb resuest we had not matched yet.
+ This must mean that either we have a retransmission or that the
+ response to the previous one was lost and the client has reused
+ the MID for this conversation. In either case it's not much more
+ we can do than forget the old request and concentrate on the
present one instead.
+
+ We also do this cleanup if we see that the cmd in the original
+ request in sip->cmd is not compatible with the current cmd.
+ This is to prevent matching errors such as if there were two
+ SMBs of different cmds but with identical MID and PID values and
+ if ethereal lost the first reply and the second request.
*/
g_hash_table_remove(si.ct->unmatched, (void *)pid_mid);
+ sip=NULL; /* XXX should free it as well */
} else {
/* we have found a response to some request we have seen earlier.
What we do now depends on whether this is the first response
- to that request we see (id frame_res==0) or not.
+ to that request we see (id frame_res==0) or not.
*/
if(sip->frame_res==0){
/* ok it is the first response we have seen to this packet */
sip->frame_res = pinfo->fd->num;
new_key = g_mem_chunk_alloc(smb_saved_info_key_chunk);
- new_key->frame = sip->frame_req;
- new_key->pid_mid = pid_mid;
- g_hash_table_insert(si.ct->matched, new_key, sip);
- new_key = g_mem_chunk_alloc(smb_saved_info_key_chunk);
new_key->frame = sip->frame_res;
new_key->pid_mid = pid_mid;
g_hash_table_insert(si.ct->matched, new_key, sip);
} else {
/* we have already seen another response to this one, but
- register it anyway so we see which request it matches
+ register it anyway so we see which request it matches
*/
new_key = g_mem_chunk_alloc(smb_saved_info_key_chunk);
new_key->frame = pinfo->fd->num;
sip = g_mem_chunk_alloc(smb_saved_info_chunk);
sip->frame_req = pinfo->fd->num;
sip->frame_res = 0;
+ sip->req_time.secs=pinfo->fd->abs_secs;
+ sip->req_time.nsecs=pinfo->fd->abs_usecs*1000;
+ sip->flags = 0;
+ if(g_hash_table_lookup(si.ct->tid_service, (void *)si.tid)
+ == (void *)TID_IPC) {
+ sip->flags |= SMB_SIF_TID_IS_IPC;
+ }
+ sip->cmd = si.cmd;
sip->extra_info = NULL;
g_hash_table_insert(si.ct->unmatched, (void *)pid_mid, sip);
+ new_key = g_mem_chunk_alloc(smb_saved_info_key_chunk);
+ new_key->frame = sip->frame_req;
+ new_key->pid_mid = pid_mid;
+ g_hash_table_insert(si.ct->matched, new_key, sip);
}
} else {
/* we have seen this packet before; check the
if (sip->frame_res != 0)
proto_tree_add_uint(htree, hf_smb_response_in, tvb, 0, 0, sip->frame_res);
} else {
- if (sip->frame_req != 0)
+ if (sip->frame_req != 0) {
proto_tree_add_uint(htree, hf_smb_response_to, tvb, 0, 0, sip->frame_req);
+ ns.secs = pinfo->fd->abs_secs - sip->req_time.secs;
+ ns.nsecs = pinfo->fd->abs_usecs*1000 - sip->req_time.nsecs;
+ if(ns.nsecs<0){
+ ns.nsecs+=1000000000;
+ ns.secs--;
+ }
+ proto_tree_add_time(htree, hf_smb_time, tvb,
+ 0, 0, &ns);
+ }
}
}
}
/* flags */
- offset = dissect_smb_flags(tvb, pinfo, htree, offset);
+ offset = dissect_smb_flags(tvb, htree, offset);
/* flags2 */
- offset = dissect_smb_flags2(tvb, pinfo, htree, offset);
+ offset = dissect_smb_flags2(tvb, htree, offset);
/*
* The document at
offset += 12;
/* TID */
- proto_tree_add_uint(htree, hf_smb_tid, tvb, offset, 2, tid);
+ proto_tree_add_uint(htree, hf_smb_tid, tvb, offset, 2, si.tid);
offset += 2;
/* PID */
- proto_tree_add_uint(htree, hf_smb_pid, tvb, offset, 2, pid);
+ proto_tree_add_uint(htree, hf_smb_pid, tvb, offset, 2, si.pid);
offset += 2;
/* UID */
- proto_tree_add_uint(htree, hf_smb_uid, tvb, offset, 2, uid);
+ proto_tree_add_uint(htree, hf_smb_uid, tvb, offset, 2, si.uid);
offset += 2;
/* MID */
- proto_tree_add_uint(htree, hf_smb_mid, tvb, offset, 2, mid);
+ proto_tree_add_uint(htree, hf_smb_mid, tvb, offset, 2, si.mid);
offset += 2;
pinfo->private_data = &si;
- dissect_smb_command(tvb, pinfo, parent_tree, offset, tree, si.cmd);
+ dissect_smb_command(tvb, pinfo, offset, tree, si.cmd, TRUE);
/* Append error info from this packet to info string. */
if (!si.request && check_col(pinfo->cinfo, COL_INFO)) {
* The status is an NT status code; was there
* an error?
*/
- if (nt_status != 0) {
+ if ((nt_status & 0xC0000000) == 0xC0000000) {
/*
* Yes.
*/
col_append_fstr(
pinfo->cinfo, COL_INFO, ", Error: %s",
- val_to_str(nt_status, NT_errors, "%s"));
+ val_to_str(nt_status, NT_errors,
+ "Unknown (0x%08X)"));
}
} else {
/*
{ "Response to", "smb.response_to", FT_UINT32, BASE_DEC,
NULL, 0, "This packet is a response to the packet in this frame", HFILL }},
+ { &hf_smb_time,
+ { "Time from request", "smb.time", FT_RELATIVE_TIME, BASE_NONE,
+ NULL, 0, "Time between Request and Response for SMB cmds", HFILL }},
+
{ &hf_smb_response_in,
{ "Response in", "smb.response_in", FT_UINT32, BASE_DEC,
NULL, 0, "The response to this packet is in this packet", HFILL }},
{ "Primary Domain", "smb.primary_domain", FT_STRING, BASE_NONE,
NULL, 0, "The server's primary domain", HFILL }},
+ { &hf_smb_server,
+ { "Server", "smb.server", FT_STRING, BASE_NONE,
+ NULL, 0, "The name of the DC/server", HFILL }},
+
{ &hf_smb_max_raw_buf_size,
{ "Max Raw Buffer", "smb.max_raw", FT_UINT32, BASE_DEC,
NULL, 0, "Maximum raw buffer size", HFILL }},
{ "Verify writes", "smb.move.flags.verify", FT_BOOLEAN, 16,
TFS(&tfs_mf_verify), 0x0010, "Verify all writes?", HFILL }},
- { &hf_smb_move_files_moved,
- { "Files Moved", "smb.move.files_moved", FT_UINT16, BASE_DEC,
+ { &hf_smb_files_moved,
+ { "Files Moved", "smb.files_moved", FT_UINT16, BASE_DEC,
NULL, 0, "Number of files moved", HFILL }},
+ { &hf_smb_copy_flags_file,
+ { "Must be file", "smb.copy.flags.file", FT_BOOLEAN, 16,
+ TFS(&tfs_mf_file), 0x0001, "Must target be a file?", HFILL }},
+
+ { &hf_smb_copy_flags_dir,
+ { "Must be directory", "smb.copy.flags.dir", FT_BOOLEAN, 16,
+ TFS(&tfs_mf_dir), 0x0002, "Must target be a directory?", HFILL }},
+
+ { &hf_smb_copy_flags_dest_mode,
+ { "Destination mode", "smb.copy.flags.dest_mode", FT_BOOLEAN, 16,
+ TFS(&tfs_cf_mode), 0x0004, "Is destination in ASCII?", HFILL }},
+
+ { &hf_smb_copy_flags_source_mode,
+ { "Source mode", "smb.copy.flags.source_mode", FT_BOOLEAN, 16,
+ TFS(&tfs_cf_mode), 0x0008, "Is source in ASCII?", HFILL }},
+
+ { &hf_smb_copy_flags_verify,
+ { "Verify writes", "smb.copy.flags.verify", FT_BOOLEAN, 16,
+ TFS(&tfs_mf_verify), 0x0010, "Verify all writes?", HFILL }},
+
+ { &hf_smb_copy_flags_tree_copy,
+ { "Tree copy", "smb.copy.flags.tree_copy", FT_BOOLEAN, 16,
+ TFS(&tfs_cf_tree_copy), 0x0010, "Is copy a tree copy?", HFILL }},
+
+ { &hf_smb_copy_flags_ea_action,
+ { "EA action if EAs not supported on dest", "smb.copy.flags.ea_action", FT_BOOLEAN, 16,
+ TFS(&tfs_cf_ea_action), 0x0010, "Fail copy if source file has EAs and dest doesn't support EAs?", HFILL }},
+
{ &hf_smb_count,
{ "Count", "smb.count", FT_UINT32, BASE_DEC,
NULL, 0, "Count number of items/bytes", HFILL }},
{ &hf_smb_file_attr_read_only_16bit,
{ "Read Only", "smb.file_attribute.read_only", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_read_only), FILE_ATTRIBUTE_READ_ONLY, "READ ONLY file attribute", HFILL }},
+ TFS(&tfs_file_attribute_read_only), SMB_FILE_ATTRIBUTE_READ_ONLY, "READ ONLY file attribute", HFILL }},
{ &hf_smb_file_attr_read_only_8bit,
{ "Read Only", "smb.file_attribute.read_only", FT_BOOLEAN, 8,
- TFS(&tfs_file_attribute_read_only), FILE_ATTRIBUTE_READ_ONLY, "READ ONLY file attribute", HFILL }},
+ TFS(&tfs_file_attribute_read_only), SMB_FILE_ATTRIBUTE_READ_ONLY, "READ ONLY file attribute", HFILL }},
{ &hf_smb_file_attr_hidden_16bit,
{ "Hidden", "smb.file_attribute.hidden", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_hidden), FILE_ATTRIBUTE_HIDDEN, "HIDDEN file attribute", HFILL }},
+ TFS(&tfs_file_attribute_hidden), SMB_FILE_ATTRIBUTE_HIDDEN, "HIDDEN file attribute", HFILL }},
{ &hf_smb_file_attr_hidden_8bit,
{ "Hidden", "smb.file_attribute.hidden", FT_BOOLEAN, 8,
- TFS(&tfs_file_attribute_hidden), FILE_ATTRIBUTE_HIDDEN, "HIDDEN file attribute", HFILL }},
+ TFS(&tfs_file_attribute_hidden), SMB_FILE_ATTRIBUTE_HIDDEN, "HIDDEN file attribute", HFILL }},
{ &hf_smb_file_attr_system_16bit,
{ "System", "smb.file_attribute.system", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_system), FILE_ATTRIBUTE_SYSTEM, "SYSTEM file attribute", HFILL }},
+ TFS(&tfs_file_attribute_system), SMB_FILE_ATTRIBUTE_SYSTEM, "SYSTEM file attribute", HFILL }},
{ &hf_smb_file_attr_system_8bit,
{ "System", "smb.file_attribute.system", FT_BOOLEAN, 8,
- TFS(&tfs_file_attribute_system), FILE_ATTRIBUTE_SYSTEM, "SYSTEM file attribute", HFILL }},
+ TFS(&tfs_file_attribute_system), SMB_FILE_ATTRIBUTE_SYSTEM, "SYSTEM file attribute", HFILL }},
{ &hf_smb_file_attr_volume_16bit,
{ "Volume ID", "smb.file_attribute.volume", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_volume), FILE_ATTRIBUTE_VOLUME, "VOLUME file attribute", HFILL }},
+ TFS(&tfs_file_attribute_volume), SMB_FILE_ATTRIBUTE_VOLUME, "VOLUME file attribute", HFILL }},
{ &hf_smb_file_attr_volume_8bit,
{ "Volume ID", "smb.file_attribute.volume", FT_BOOLEAN, 8,
- TFS(&tfs_file_attribute_volume), FILE_ATTRIBUTE_VOLUME, "VOLUME ID file attribute", HFILL }},
+ TFS(&tfs_file_attribute_volume), SMB_FILE_ATTRIBUTE_VOLUME, "VOLUME ID file attribute", HFILL }},
{ &hf_smb_file_attr_directory_16bit,
{ "Directory", "smb.file_attribute.directory", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_directory), FILE_ATTRIBUTE_DIRECTORY, "DIRECTORY file attribute", HFILL }},
+ TFS(&tfs_file_attribute_directory), SMB_FILE_ATTRIBUTE_DIRECTORY, "DIRECTORY file attribute", HFILL }},
{ &hf_smb_file_attr_directory_8bit,
{ "Directory", "smb.file_attribute.directory", FT_BOOLEAN, 8,
- TFS(&tfs_file_attribute_directory), FILE_ATTRIBUTE_DIRECTORY, "DIRECTORY file attribute", HFILL }},
+ TFS(&tfs_file_attribute_directory), SMB_FILE_ATTRIBUTE_DIRECTORY, "DIRECTORY file attribute", HFILL }},
{ &hf_smb_file_attr_archive_16bit,
{ "Archive", "smb.file_attribute.archive", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_archive), FILE_ATTRIBUTE_ARCHIVE, "ARCHIVE file attribute", HFILL }},
+ TFS(&tfs_file_attribute_archive), SMB_FILE_ATTRIBUTE_ARCHIVE, "ARCHIVE file attribute", HFILL }},
{ &hf_smb_file_attr_archive_8bit,
{ "Archive", "smb.file_attribute.archive", FT_BOOLEAN, 8,
- TFS(&tfs_file_attribute_archive), FILE_ATTRIBUTE_ARCHIVE, "ARCHIVE file attribute", HFILL }},
+ TFS(&tfs_file_attribute_archive), SMB_FILE_ATTRIBUTE_ARCHIVE, "ARCHIVE file attribute", HFILL }},
{ &hf_smb_file_attr_device,
{ "Device", "smb.file_attribute.device", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_device), FILE_ATTRIBUTE_DEVICE, "Is this file a device?", HFILL }},
+ TFS(&tfs_file_attribute_device), SMB_FILE_ATTRIBUTE_DEVICE, "Is this file a device?", HFILL }},
{ &hf_smb_file_attr_normal,
{ "Normal", "smb.file_attribute.normal", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_normal), FILE_ATTRIBUTE_NORMAL, "Is this a normal file?", HFILL }},
+ TFS(&tfs_file_attribute_normal), SMB_FILE_ATTRIBUTE_NORMAL, "Is this a normal file?", HFILL }},
{ &hf_smb_file_attr_temporary,
{ "Temporary", "smb.file_attribute.temporary", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_temporary), FILE_ATTRIBUTE_TEMPORARY, "Is this a temporary file?", HFILL }},
+ TFS(&tfs_file_attribute_temporary), SMB_FILE_ATTRIBUTE_TEMPORARY, "Is this a temporary file?", HFILL }},
{ &hf_smb_file_attr_sparse,
{ "Sparse", "smb.file_attribute.sparse", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_sparse), FILE_ATTRIBUTE_SPARSE, "Is this a sparse file?", HFILL }},
+ TFS(&tfs_file_attribute_sparse), SMB_FILE_ATTRIBUTE_SPARSE, "Is this a sparse file?", HFILL }},
{ &hf_smb_file_attr_reparse,
{ "Reparse Point", "smb.file_attribute.reparse", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_reparse), FILE_ATTRIBUTE_REPARSE, "Does this file have an associated reparse point?", HFILL }},
+ TFS(&tfs_file_attribute_reparse), SMB_FILE_ATTRIBUTE_REPARSE, "Does this file have an associated reparse point?", HFILL }},
{ &hf_smb_file_attr_compressed,
{ "Compressed", "smb.file_attribute.compressed", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_compressed), FILE_ATTRIBUTE_COMPRESSED, "Is this file compressed?", HFILL }},
+ TFS(&tfs_file_attribute_compressed), SMB_FILE_ATTRIBUTE_COMPRESSED, "Is this file compressed?", HFILL }},
{ &hf_smb_file_attr_offline,
{ "Offline", "smb.file_attribute.offline", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_offline), FILE_ATTRIBUTE_OFFLINE, "Is this file offline?", HFILL }},
+ TFS(&tfs_file_attribute_offline), SMB_FILE_ATTRIBUTE_OFFLINE, "Is this file offline?", HFILL }},
{ &hf_smb_file_attr_not_content_indexed,
{ "Content Indexed", "smb.file_attribute.not_content_indexed", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_not_content_indexed), FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, "May this file be indexed by the content indexing service", HFILL }},
+ TFS(&tfs_file_attribute_not_content_indexed), SMB_FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, "May this file be indexed by the content indexing service", HFILL }},
{ &hf_smb_file_attr_encrypted,
{ "Encrypted", "smb.file_attribute.encrypted", FT_BOOLEAN, 16,
- TFS(&tfs_file_attribute_encrypted), FILE_ATTRIBUTE_ENCRYPTED, "Is this file encrypted?", HFILL }},
+ TFS(&tfs_file_attribute_encrypted), SMB_FILE_ATTRIBUTE_ENCRYPTED, "Is this file encrypted?", HFILL }},
{ &hf_smb_file_size,
{ "File Size", "smb.file_size", FT_UINT32, BASE_DEC,
{ &hf_smb_search_attribute_read_only,
{ "Read Only", "smb.search.attribute.read_only", FT_BOOLEAN, 16,
- TFS(&tfs_search_attribute_read_only), FILE_ATTRIBUTE_READ_ONLY, "READ ONLY search attribute", HFILL }},
+ TFS(&tfs_search_attribute_read_only), SMB_FILE_ATTRIBUTE_READ_ONLY, "READ ONLY search attribute", HFILL }},
{ &hf_smb_search_attribute_hidden,
{ "Hidden", "smb.search.attribute.hidden", FT_BOOLEAN, 16,
- TFS(&tfs_search_attribute_hidden), FILE_ATTRIBUTE_HIDDEN, "HIDDEN search attribute", HFILL }},
+ TFS(&tfs_search_attribute_hidden), SMB_FILE_ATTRIBUTE_HIDDEN, "HIDDEN search attribute", HFILL }},
{ &hf_smb_search_attribute_system,
{ "System", "smb.search.attribute.system", FT_BOOLEAN, 16,
- TFS(&tfs_search_attribute_system), FILE_ATTRIBUTE_SYSTEM, "SYSTEM search attribute", HFILL }},
+ TFS(&tfs_search_attribute_system), SMB_FILE_ATTRIBUTE_SYSTEM, "SYSTEM search attribute", HFILL }},
{ &hf_smb_search_attribute_volume,
{ "Volume ID", "smb.search.attribute.volume", FT_BOOLEAN, 16,
- TFS(&tfs_search_attribute_volume), FILE_ATTRIBUTE_VOLUME, "VOLUME ID search attribute", HFILL }},
+ TFS(&tfs_search_attribute_volume), SMB_FILE_ATTRIBUTE_VOLUME, "VOLUME ID search attribute", HFILL }},
{ &hf_smb_search_attribute_directory,
{ "Directory", "smb.search.attribute.directory", FT_BOOLEAN, 16,
- TFS(&tfs_search_attribute_directory), FILE_ATTRIBUTE_DIRECTORY, "DIRECTORY search attribute", HFILL }},
+ TFS(&tfs_search_attribute_directory), SMB_FILE_ATTRIBUTE_DIRECTORY, "DIRECTORY search attribute", HFILL }},
{ &hf_smb_search_attribute_archive,
{ "Archive", "smb.search.attribute.archive", FT_BOOLEAN, 16,
- TFS(&tfs_search_attribute_archive), FILE_ATTRIBUTE_ARCHIVE, "ARCHIVE search attribute", HFILL }},
+ TFS(&tfs_search_attribute_archive), SMB_FILE_ATTRIBUTE_ARCHIVE, "ARCHIVE search attribute", HFILL }},
{ &hf_smb_access_mode,
{ "Access Mode", "smb.access.mode", FT_UINT16, BASE_DEC,
{ "Created", "smb.create.time", FT_ABSOLUTE_TIME, BASE_NONE,
NULL, 0, "Creation Time", HFILL }},
+ { &hf_smb_modify_time,
+ { "Modified", "smb.modify.time", FT_ABSOLUTE_TIME, BASE_NONE,
+ NULL, 0, "Modification Time", HFILL }},
+
+ { &hf_smb_backup_time,
+ { "Backed-up", "smb.backup.time", FT_ABSOLUTE_TIME, BASE_NONE,
+ NULL, 0, "Backup time", HFILL}},
+
+ { &hf_smb_mac_alloc_block_count,
+ { "Allocation Block Count", "smb.alloc.count", FT_UINT32, BASE_DEC,
+ NULL, 0, "Allocation Block Count", HFILL}},
+
+ { &hf_smb_mac_alloc_block_size,
+ { "Allocation Block Count", "smb.alloc.size", FT_UINT32, BASE_DEC,
+ NULL, 0, "Allocation Block Size", HFILL}},
+
+ { &hf_smb_mac_free_block_count,
+ { "Free Block Count", "smb.free_block.count", FT_UINT32, BASE_DEC,
+ NULL, 0, "Free Block Count", HFILL}},
+
+ { &hf_smb_mac_root_file_count,
+ { "Root File Count", "smb.root.file.count", FT_UINT32, BASE_DEC,
+ NULL, 0, "Root File Count", HFILL}},
+
+ { &hf_smb_mac_root_dir_count,
+ { "Root Directory Count", "smb.root.dir.count", FT_UINT32, BASE_DEC,
+ NULL, 0, "Root Directory Count", HFILL}},
+
+ { &hf_smb_mac_file_count,
+ { "Root File Count", "smb.file.count", FT_UINT32, BASE_DEC,
+ NULL, 0, "File Count", HFILL}},
+
+ { &hf_smb_mac_dir_count,
+ { "Root Directory Count", "smb.dir.count", FT_UINT32, BASE_DEC,
+ NULL, 0, "Directory Count", HFILL}},
+
+ { &hf_smb_mac_support_flags,
+ { "Mac Support Flags", "smb.mac.support.flags", FT_UINT32, BASE_DEC,
+ NULL, 0, "Mac Support Flags", HFILL}},
+
+ { &hf_smb_mac_sup_access_ctrl,
+ { "Mac Access Control", "smb.mac.access_control", FT_BOOLEAN, 32,
+ TFS(&tfs_smb_mac_access_ctrl), 0x0010, "Are Mac Access Control Supported", HFILL }},
+
+ { &hf_smb_mac_sup_getset_comments,
+ { "Get Set Comments", "smb.mac.get_set_comments", FT_BOOLEAN, 32,
+ TFS(&tfs_smb_mac_getset_comments), 0x0020, "Are Mac Get Set Comments supported?", HFILL }},
+
+ { &hf_smb_mac_sup_desktopdb_calls,
+ { "Desktop DB Calls", "smb.mac.desktop_db_calls", FT_BOOLEAN, 32,
+ TFS(&tfs_smb_mac_desktopdb_calls), 0x0040, "Are Macintosh Desktop DB Calls Supported?", HFILL }},
+
+ { &hf_smb_mac_sup_unique_ids,
+ { "Macintosh Unique IDs", "smb.mac.uids", FT_BOOLEAN, 32,
+ TFS(&tfs_smb_mac_unique_ids), 0x0080, "Are Unique IDs supported", HFILL }},
+
+ { &hf_smb_mac_sup_streams,
+ { "Mac Streams", "smb.mac.streams_support", FT_BOOLEAN, 32,
+ TFS(&tfs_smb_mac_streams), 0x0100, "Are Mac Extensions and streams supported?", HFILL }},
+
{ &hf_smb_create_dos_date,
{ "Create Date", "smb.create.smb.date", FT_UINT16, BASE_HEX,
NULL, 0, "Create Date, SMB_DATE format", HFILL }},
{ "File Data", "smb.file_data", FT_BYTES, BASE_HEX,
NULL, 0, "Data read/written to the file", HFILL }},
+ { &hf_smb_mac_fndrinfo,
+ { "Finder Info", "smb.mac.finderinfo", FT_BYTES, BASE_HEX,
+ NULL, 0, "Finder Info", HFILL}},
+
{ &hf_smb_total_data_len,
{ "Total Data Length", "smb.total_data_len", FT_UINT16, BASE_DEC,
NULL, 0, "Total length of data", HFILL }},
{ "Resume Key Length", "smb.resume.key_len", FT_UINT16, BASE_DEC,
NULL, 0, "Resume Key length", HFILL }},
+ { &hf_smb_resume_find_id,
+ { "Find ID", "smb.resume.find_id", FT_UINT8, BASE_HEX,
+ NULL, 0, "Handle for Find operation", HFILL }},
+
{ &hf_smb_resume_server_cookie,
{ "Server Cookie", "smb.resume.server.cookie", FT_BYTES, BASE_HEX,
NULL, 0, "Cookie, must not be modified by the client", HFILL }},
{ &hf_smb_file_eattr_read_only,
{ "Read Only", "smb.file_attribute.read_only", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_read_only), FILE_ATTRIBUTE_READ_ONLY, "READ ONLY file attribute", HFILL }},
+ TFS(&tfs_file_attribute_read_only), SMB_FILE_ATTRIBUTE_READ_ONLY, "READ ONLY file attribute", HFILL }},
{ &hf_smb_file_eattr_hidden,
{ "Hidden", "smb.file_attribute.hidden", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_hidden), FILE_ATTRIBUTE_HIDDEN, "HIDDEN file attribute", HFILL }},
+ TFS(&tfs_file_attribute_hidden), SMB_FILE_ATTRIBUTE_HIDDEN, "HIDDEN file attribute", HFILL }},
{ &hf_smb_file_eattr_system,
{ "System", "smb.file_attribute.system", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_system), FILE_ATTRIBUTE_SYSTEM, "SYSTEM file attribute", HFILL }},
+ TFS(&tfs_file_attribute_system), SMB_FILE_ATTRIBUTE_SYSTEM, "SYSTEM file attribute", HFILL }},
{ &hf_smb_file_eattr_volume,
{ "Volume ID", "smb.file_attribute.volume", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_volume), FILE_ATTRIBUTE_VOLUME, "VOLUME file attribute", HFILL }},
+ TFS(&tfs_file_attribute_volume), SMB_FILE_ATTRIBUTE_VOLUME, "VOLUME file attribute", HFILL }},
{ &hf_smb_file_eattr_directory,
{ "Directory", "smb.file_attribute.directory", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_directory), FILE_ATTRIBUTE_DIRECTORY, "DIRECTORY file attribute", HFILL }},
+ TFS(&tfs_file_attribute_directory), SMB_FILE_ATTRIBUTE_DIRECTORY, "DIRECTORY file attribute", HFILL }},
{ &hf_smb_file_eattr_archive,
{ "Archive", "smb.file_attribute.archive", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_archive), FILE_ATTRIBUTE_ARCHIVE, "ARCHIVE file attribute", HFILL }},
+ TFS(&tfs_file_attribute_archive), SMB_FILE_ATTRIBUTE_ARCHIVE, "ARCHIVE file attribute", HFILL }},
{ &hf_smb_file_eattr_device,
{ "Device", "smb.file_attribute.device", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_device), FILE_ATTRIBUTE_DEVICE, "Is this file a device?", HFILL }},
+ TFS(&tfs_file_attribute_device), SMB_FILE_ATTRIBUTE_DEVICE, "Is this file a device?", HFILL }},
{ &hf_smb_file_eattr_normal,
{ "Normal", "smb.file_attribute.normal", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_normal), FILE_ATTRIBUTE_NORMAL, "Is this a normal file?", HFILL }},
+ TFS(&tfs_file_attribute_normal), SMB_FILE_ATTRIBUTE_NORMAL, "Is this a normal file?", HFILL }},
{ &hf_smb_file_eattr_temporary,
{ "Temporary", "smb.file_attribute.temporary", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_temporary), FILE_ATTRIBUTE_TEMPORARY, "Is this a temporary file?", HFILL }},
+ TFS(&tfs_file_attribute_temporary), SMB_FILE_ATTRIBUTE_TEMPORARY, "Is this a temporary file?", HFILL }},
{ &hf_smb_file_eattr_sparse,
{ "Sparse", "smb.file_attribute.sparse", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_sparse), FILE_ATTRIBUTE_SPARSE, "Is this a sparse file?", HFILL }},
+ TFS(&tfs_file_attribute_sparse), SMB_FILE_ATTRIBUTE_SPARSE, "Is this a sparse file?", HFILL }},
{ &hf_smb_file_eattr_reparse,
{ "Reparse Point", "smb.file_attribute.reparse", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_reparse), FILE_ATTRIBUTE_REPARSE, "Does this file have an associated reparse point?", HFILL }},
+ TFS(&tfs_file_attribute_reparse), SMB_FILE_ATTRIBUTE_REPARSE, "Does this file have an associated reparse point?", HFILL }},
{ &hf_smb_file_eattr_compressed,
{ "Compressed", "smb.file_attribute.compressed", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_compressed), FILE_ATTRIBUTE_COMPRESSED, "Is this file compressed?", HFILL }},
+ TFS(&tfs_file_attribute_compressed), SMB_FILE_ATTRIBUTE_COMPRESSED, "Is this file compressed?", HFILL }},
{ &hf_smb_file_eattr_offline,
{ "Offline", "smb.file_attribute.offline", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_offline), FILE_ATTRIBUTE_OFFLINE, "Is this file offline?", HFILL }},
+ TFS(&tfs_file_attribute_offline), SMB_FILE_ATTRIBUTE_OFFLINE, "Is this file offline?", HFILL }},
{ &hf_smb_file_eattr_not_content_indexed,
{ "Content Indexed", "smb.file_attribute.not_content_indexed", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_not_content_indexed), FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, "May this file be indexed by the content indexing service", HFILL }},
+ TFS(&tfs_file_attribute_not_content_indexed), SMB_FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, "May this file be indexed by the content indexing service", HFILL }},
{ &hf_smb_file_eattr_encrypted,
{ "Encrypted", "smb.file_attribute.encrypted", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_encrypted), FILE_ATTRIBUTE_ENCRYPTED, "Is this file encrypted?", HFILL }},
-
- { &hf_smb_file_eattr_write_through,
- { "Write Through", "smb.file_attribute.write_through", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_write_through), FILE_ATTRIBUTE_WRITE_THROUGH, "Does this object need write through?", HFILL }},
-
- { &hf_smb_file_eattr_no_buffering,
- { "No Buffering", "smb.file_attribute.no_buffering", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_no_buffering), FILE_ATTRIBUTE_NO_BUFFERING, "May the server buffer this object?", HFILL }},
-
- { &hf_smb_file_eattr_random_access,
- { "Random Access", "smb.file_attribute.random_access", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_random_access), FILE_ATTRIBUTE_RANDOM_ACCESS, "Optimize for random access", HFILL }},
-
- { &hf_smb_file_eattr_sequential_scan,
- { "Sequential Scan", "smb.file_attribute.sequential_scan", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_sequential_scan), FILE_ATTRIBUTE_SEQUENTIAL_SCAN, "Optimize for sequential scan", HFILL }},
-
- { &hf_smb_file_eattr_delete_on_close,
- { "Delete on Close", "smb.file_attribute.delete_on_close", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_delete_on_close), FILE_ATTRIBUTE_DELETE_ON_CLOSE, "Should this object be deleted on close?", HFILL }},
-
- { &hf_smb_file_eattr_backup_semantics,
- { "Backup", "smb.file_attribute.backup_semantics", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_backup_semantics), FILE_ATTRIBUTE_BACKUP_SEMANTICS, "Does this object need/support backup semantics", HFILL }},
-
- { &hf_smb_file_eattr_posix_semantics,
- { "Posix", "smb.file_attribute.posix_semantics", FT_BOOLEAN, 32,
- TFS(&tfs_file_attribute_posix_semantics), FILE_ATTRIBUTE_POSIX_SEMANTICS, "Does this object need/support POSIX semantics?", HFILL }},
+ TFS(&tfs_file_attribute_encrypted), SMB_FILE_ATTRIBUTE_ENCRYPTED, "Is this file encrypted?", HFILL }},
{ &hf_smb_sec_desc_len,
{ "NT Security Descriptor Length", "smb.sec_desc_len", FT_UINT32, BASE_DEC,
{ "Create action", "smb.create.action", FT_UINT32, BASE_DEC,
VALS(create_disposition_vals), 0, "Type of action taken", HFILL }},
+ { &hf_smb_file_id,
+ { "Server unique file ID", "smb.create.file_id", FT_UINT32, BASE_HEX,
+ NULL, 0, "Server unique file ID", HFILL }},
+
{ &hf_smb_ea_error_offset,
{ "EA Error offset", "smb.ea.error_offset", FT_UINT32, BASE_DEC,
NULL, 0, "Offset into EA list if EA error", HFILL }},
{ &hf_smb_setup_len,
{ "Setup Len", "smb.print.setup.len", FT_UINT16, BASE_DEC,
- NULL, 0, "Length of prionter setup data", HFILL }},
+ NULL, 0, "Length of printer setup data", HFILL }},
{ &hf_smb_print_mode,
{ "Mode", "smb.print.mode", FT_UINT16, BASE_DEC,
{ "Start Index", "smb.print.start_index", FT_UINT16, BASE_DEC,
NULL, 0, "First queue entry to return", HFILL }},
+ { &hf_smb_originator_name,
+ { "Originator Name", "smb.originator_name", FT_STRINGZ, BASE_NONE,
+ NULL, 0, "Name of sender of message", HFILL }},
+
+ { &hf_smb_destination_name,
+ { "Destination Name", "smb.destination_name", FT_STRINGZ, BASE_NONE,
+ NULL, 0, "Name of recipient of message", HFILL }},
+
+ { &hf_smb_message_len,
+ { "Message Len", "smb.message.len", FT_UINT16, BASE_DEC,
+ NULL, 0, "Length of message", HFILL }},
+
+ { &hf_smb_message,
+ { "Message", "smb.message", FT_STRING, BASE_NONE,
+ NULL, 0, "Message text", HFILL }},
+
+ { &hf_smb_mgid,
+ { "Message Group ID", "smb.mgid", FT_UINT16, BASE_DEC,
+ NULL, 0, "Message group ID for multi-block messages", HFILL }},
+
+ { &hf_smb_forwarded_name,
+ { "Forwarded Name", "smb.forwarded_name", FT_STRINGZ, BASE_NONE,
+ NULL, 0, "Recipient name being forwarded", HFILL }},
+
+ { &hf_smb_machine_name,
+ { "Machine Name", "smb.machine_name", FT_STRINGZ, BASE_NONE,
+ NULL, 0, "Name of target machine", HFILL }},
+
{ &hf_smb_cancel_to,
{ "Cancel to", "smb.cancel_to", FT_UINT32, BASE_DEC,
NULL, 0, "This packet is a cancellation of the packet in this frame", HFILL }},
{ &hf_smb_ff2_resume,
{ "Resume", "smb.find_first2.flags.resume", FT_BOOLEAN, 16,
- TFS(&tfs_ff2_resume), 0x0004, "Return resume keys for each entry found", HFILL }},
+ TFS(&tfs_ff2_resume), FF2_RESUME, "Return resume keys for each entry found", HFILL }},
{ &hf_smb_ff2_close_eos,
{ "Close on EOS", "smb.find_first2.flags.eos", FT_BOOLEAN, 16,
{ "Level of Interest", "smb.loi", FT_UINT16, BASE_DEC,
VALS(qpi_loi_vals), 0, "Level of interest for TRANSACTION[2] commands", HFILL }},
+#if 0
+ { &hf_smb_sfi_writetru,
+ { "Writethrough", "smb.sfi_writethrough", FT_BOOLEAN, 16,
+ TFS(&tfs_da_writetru), 0x0010, "Writethrough mode?", HFILL }},
+
+ { &hf_smb_sfi_caching,
+ { "Caching", "smb.sfi_caching", FT_BOOLEAN, 16,
+ TFS(&tfs_da_caching), 0x0020, "Caching mode?", HFILL }},
+#endif
+
{ &hf_smb_storage_type,
{ "Storage Type", "smb.storage_type", FT_UINT32, BASE_DEC,
NULL, 0, "Type of storage", HFILL }},
NULL, 0, "Latest referral version number understood", HFILL }},
{ &hf_smb_qfsi_information_level,
- { "Level of Interest", "smb.qfi_loi", FT_UINT16, BASE_DEC,
+ { "Level of Interest", "smb.qfi_loi", FT_UINT16, BASE_HEX,
VALS(qfsi_vals), 0, "Level of interest for QUERY_FS_INFORMATION2 command", HFILL }},
+ { &hf_smb_nt_rename_level,
+ { "Level of Interest", "smb.ntr_loi", FT_UINT16, BASE_DEC,
+ VALS(nt_rename_vals), 0, "NT Rename level", HFILL }},
+
+ { &hf_smb_cluster_count,
+ { "Cluster count", "smb.ntr_clu", FT_UINT32, BASE_DEC,
+ NULL, 0, "Number of clusters", HFILL }},
+
{ &hf_smb_ea_size,
{ "EA Size", "smb.ea_size", FT_UINT32, BASE_DEC,
NULL, 0, "Size of file's EA information", HFILL }},
{ "Last Name Offset", "smb.last_name_offset", FT_UINT16, BASE_DEC,
NULL, 0, "If non-0 this is the offset into the datablock for the file name of the last entry", HFILL }},
+ { &hf_smb_fn_information_level,
+ { "Level of Interest", "smb.fn_loi", FT_UINT16, BASE_DEC,
+ NULL, 0, "Level of interest for FIND_NOTIFY command", HFILL }},
+
+ { &hf_smb_monitor_handle,
+ { "Monitor Handle", "smb.monitor_handle", FT_UINT16, BASE_HEX,
+ NULL, 0, "Handle for Find Notify operations", HFILL }},
+
+ { &hf_smb_change_count,
+ { "Change Count", "smb.change_count", FT_UINT16, BASE_DEC,
+ NULL, 0, "Number of changes to wait for", HFILL }},
+
{ &hf_smb_file_index,
{ "File Index", "smb.file_index", FT_UINT32, BASE_DEC,
NULL, 0, "File index", HFILL }},
{ "Free Units", "smb.free_alloc_units", FT_UINT64, BASE_DEC,
NULL, 0, "Number of free allocation units", HFILL }},
+ { &hf_smb_caller_free_alloc_units64,
+ { "Caller Free Units", "smb.caller_free_alloc_units", FT_UINT64, BASE_DEC,
+ NULL, 0, "Number of caller free allocation units", HFILL }},
+
+ { &hf_smb_actual_free_alloc_units64,
+ { "Actual Free Units", "smb.actual_free_alloc_units", FT_UINT64, BASE_DEC,
+ NULL, 0, "Number of actual free allocation units", HFILL }},
+
+ { &hf_smb_soft_quota_limit,
+ { "(Soft) Quota Treshold", "smb.quota.soft.default", FT_UINT64, BASE_DEC,
+ NULL, 0, "Soft Quota treshold", HFILL }},
+
+ { &hf_smb_hard_quota_limit,
+ { "(Hard) Quota Limit", "smb.quota.hard.default", FT_UINT64, BASE_DEC,
+ NULL, 0, "Hard Quota limit", HFILL }},
+
+ { &hf_smb_user_quota_used,
+ { "Quota Used", "smb.quota.used", FT_UINT64, BASE_DEC,
+ NULL, 0, "How much Quota is used by this user", HFILL }},
+
{ &hf_smb_max_name_len,
{ "Max name length", "smb.fs_max_name_len", FT_UINT32, BASE_DEC,
NULL, 0, "Maximum length of each file name component in number of bytes", HFILL }},
{ "Num ACEs", "smb.acl.num_aces", FT_UINT32, BASE_DEC,
NULL, 0, "Number of ACE structures for this ACL", HFILL }},
+ { &hf_smb_user_quota_offset,
+ { "Next Offset", "smb.quota.user.offset", FT_UINT32, BASE_DEC,
+ NULL, 0, "Relative offset to next user quota structure", HFILL }},
+
{ &hf_smb_ace_type,
{ "Type", "smb.ace.type", FT_UINT8, BASE_DEC,
VALS(ace_type_vals), 0, "Type of ACE", HFILL }},
TFS(&tfs_ace_flags_failed_access), 0x80, "Should failed accesses be audited?", HFILL }},
{ &hf_smb_sec_desc_type_owner_defaulted,
- { "Onwer Defaulted", "smb.sec_desc.type.owner_defaulted", FT_BOOLEAN, 16,
+ { "Owner Defaulted", "smb.sec_desc.type.owner_defaulted", FT_BOOLEAN, 16,
TFS(&tfs_sec_desc_type_owner_defaulted), 0x0001, "Is Owner Defaulted set?", HFILL }},
{ &hf_smb_sec_desc_type_group_defaulted,
{ "Self Relative", "smb.sec_desc.type.self_relative", FT_BOOLEAN, 16,
TFS(&tfs_sec_desc_type_self_relative), 0x8000, "Is this SecDesc self relative?", HFILL }},
+ { &hf_smb_quota_flags_deny_disk,
+ { "Deny Disk", "smb.quota.flags.deny_disk", FT_BOOLEAN, 8,
+ TFS(&tfs_quota_flags_deny_disk), 0x02, "Is the default quota limit enforced?", HFILL }},
+
+ { &hf_smb_quota_flags_log_limit,
+ { "Log Limit", "smb.quota.flags.log_limit", FT_BOOLEAN, 8,
+ TFS(&tfs_quota_flags_log_limit), 0x20, "Should the server log an event when the limit is exceeded?", HFILL }},
+
+ { &hf_smb_quota_flags_log_warning,
+ { "Log Warning", "smb.quota.flags.log_warning", FT_BOOLEAN, 8,
+ TFS(&tfs_quota_flags_log_warning), 0x10, "Should the server log an event when the warning level is exceeded?", HFILL }},
+
+ { &hf_smb_quota_flags_enabled,
+ { "Enabled", "smb.quota.flags.enabled", FT_BOOLEAN, 8,
+ TFS(&tfs_quota_flags_enabled), 0x01, "Is quotas enabled of this FS?", HFILL }},
+
+ { &hf_smb_segment_overlap,
+ { "Fragment overlap", "smb.segment.overlap", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
+ "Fragment overlaps with other fragments", HFILL }},
+
+ { &hf_smb_segment_overlap_conflict,
+ { "Conflicting data in fragment overlap", "smb.segment.overlap.conflict", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
+ "Overlapping fragments contained conflicting data", HFILL }},
+
+ { &hf_smb_segment_multiple_tails,
+ { "Multiple tail fragments found", "smb.segment.multipletails", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
+ "Several tails were found when defragmenting the packet", HFILL }},
+
+ { &hf_smb_segment_too_long_fragment,
+ { "Fragment too long", "smb.segment.toolongfragment", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
+ "Fragment contained data past end of packet", HFILL }},
+
+ { &hf_smb_segment_error,
+ { "Defragmentation error", "smb.segment.error", FT_NONE, BASE_NONE, NULL, 0x0,
+ "Defragmentation error due to illegal fragments", HFILL }},
+
+ { &hf_smb_segment,
+ { "SMB Segment", "smb.segment", FT_NONE, BASE_NONE, NULL, 0x0,
+ "SMB Segment", HFILL }},
+
+ { &hf_smb_segments,
+ { "SMB Segments", "smb.segment.segments", FT_NONE, BASE_NONE, NULL, 0x0,
+ "SMB Segments", HFILL }},
};
static gint *ett[] = {
&ett_smb,
&ett_smb_ssetupandxaction,
&ett_smb_optionsup,
&ett_smb_time_date,
- &ett_smb_move_flags,
+ &ett_smb_move_copy_flags,
&ett_smb_file_attributes,
&ett_smb_search_resume_key,
&ett_smb_search_dir_info,
&ett_smb_nt_share_access,
&ett_smb_nt_security_flags,
&ett_smb_nt_trans_setup,
+ &ett_smb_nt_trans_data,
+ &ett_smb_nt_trans_param,
&ett_smb_nt_notify_completion_filter,
&ett_smb_nt_ioctl_flags,
&ett_smb_security_information_mask,
&ett_smb_transaction_flags,
&ett_smb_transaction_params,
&ett_smb_find_first2_flags,
+#if 0
+ &ett_smb_ioflag,
+#endif
&ett_smb_transaction_data,
&ett_smb_stream_info,
&ett_smb_dfs_referrals,
&ett_smb_device_characteristics,
&ett_smb_fs_attributes,
&ett_smb_segments,
+ &ett_smb_segment,
&ett_smb_sec_desc,
&ett_smb_sid,
&ett_smb_acl,
&ett_smb_ace,
&ett_smb_ace_flags,
&ett_smb_sec_desc_type,
+ &ett_smb_quotaflags,
+ &ett_smb_secblob,
+ &ett_smb_mac_support_flags,
};
module_t *smb_module;
smb_module = prefs_register_protocol(proto_smb, NULL);
prefs_register_bool_preference(smb_module, "trans_reassembly",
"Reassemble SMB Transaction payload",
- "Whether the dissector should do reassembly the payload of SMB Transaction commands spanning multiple SMB PDUs",
+ "Whether the dissector should reassemble the payload of SMB Transaction commands spanning multiple SMB PDUs",
&smb_trans_reassembly);
prefs_register_bool_preference(smb_module, "dcerpc_reassembly",
"Reassemble DCERPC over SMB",
- "Whether the dissector should do reassembly of DCERPC over SMB commands",
+ "Whether the dissector should reassemble DCERPC over SMB commands",
&smb_dcerpc_reassembly);
register_init_routine(smb_trans_reassembly_init);
register_init_routine(smb_dcerpc_reassembly_init);
proto_reg_handoff_smb(void)
{
heur_dissector_add("netbios", dissect_smb, proto_smb);
+ gssapi_handle = find_dissector("gssapi");
+ ntlmssp_handle = find_dissector("ntlmssp");
}
git.samba.org / obnox / wireshark / wip.git / blobdiff