From Tan Kean Siong:

Dissect the SMB Tree_Connect_Andx Request and Response properly with extension request and response which are documented in [MS-SMB] — v20100711 git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@33726 f5534014-38df-0310-8fa8-9805f1628bb7
author: jake <jake@f5534014-38df-0310-8fa8-9805f1628bb7> 2010-08-06 17:46:27 +0000
committer: jake <jake@f5534014-38df-0310-8fa8-9805f1628bb7> 2010-08-06 17:46:27 +0000
commit: 7d84c31ffc7341c7b53c757a927e56a88911f551 (patch)
tree: 1d78d8c648d89e178f072e67ae28a318bfac7e53 /epan/dissectors/packet-smb.c
parent: 93145fe095c1da2aa29624a18fd13109b977aad0 (diff)
1 files changed, 89 insertions, 5 deletions
diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c
index b1d7705656..65bf319e97 100644
--- a/epan/dissectors/packet-smb.c
+++ b/epan/dissectors/packet-smb.c
@@ -365,8 +365,13 @@ static int hf_smb_lanman = -1;
 static int hf_smb_setup_action_guest = -1;
 static int hf_smb_fs = -1;
 static int hf_smb_connect_flags_dtid = -1;
+static int hf_smb_connect_flags_ext_sig = -1;
+static int hf_smb_connect_flags_ext_resp = -1;
 static int hf_smb_connect_support_search = -1;
 static int hf_smb_connect_support_in_dfs = -1;
+static int hf_smb_connect_support_csc_mask_vals = -1;
+static int hf_smb_connect_support_uniquefilename = -1;
+static int hf_smb_connect_support_extended_signature = -1;
 static int hf_smb_max_setup_count = -1;
 static int hf_smb_total_param_count = -1;
 static int hf_smb_total_data_count = -1;
@@ -7497,6 +7502,11 @@ dissect_empty_andx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offs
 	return offset;
 }
 
+	/*
+	 * From [MS-SMB] - v20100711 Server Message Block (SMB) Protocol Specification
+	 * http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-SMB%5D.pdf
+	 * 2.2.4.7 SMB_COM_TREE_CONNECT_ANDX (0x75)
+	 */
 
 static const true_false_string tfs_connect_support_search = {
 	"Exclusive search bits supported",
@@ -7506,6 +7516,21 @@ static const true_false_string tfs_connect_support_in_dfs = {
 	"Share is in Dfs",
 	"Share isn't in Dfs"
 };
+static const value_string connect_support_csc_mask_vals[] = {
+	{ 0,	"Automatic file-to-file reintegration NOT permitted"},
+	{ 1,	"Automatic file-to-file reintegration permitted"},
+	{ 2,	"Offline caching allow for the share"},
+	{ 3,	"Offline caching NOT allow for the share"},
+	{0, NULL}
+};
+static const true_false_string tfs_connect_support_uniquefilename = {
+	"Client allow to cache share namespaces",
+	"Client NOT allow to cache share namespaces"
+};
+static const true_false_string tfs_connect_support_extended_signature = {
+	"Extended signature",
+	"NOT extended signature"
+};
 
 static int
 dissect_connect_support_bits(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
@@ -7525,6 +7550,12 @@ dissect_connect_support_bits(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
 			tvb, offset, 2, mask);
 		proto_tree_add_boolean(tree, hf_smb_connect_support_in_dfs,
 			tvb, offset, 2, mask);
+		proto_tree_add_uint(tree, hf_smb_connect_support_csc_mask_vals,
+			tvb, offset, 2, mask);
+		proto_tree_add_boolean(tree, hf_smb_connect_support_uniquefilename,
+			tvb, offset, 2, mask);
+		proto_tree_add_boolean(tree, hf_smb_connect_support_extended_signature,
+			tvb, offset, 2, mask);
 	}
 
 	offset += 2;
@@ -7537,6 +7568,16 @@ static const true_false_string tfs_disconnect_tid = {
 	"Do NOT disconnect TID"
 };
 
+static const true_false_string tfs_extended_signature = {
+	"Extended Signature",
+	"NOT Extended Signature"
+};
+
+static const true_false_string tfs_extended_response = {
+	"Extended Response",
+	"NOT Extended Response"
+};
+
 static int
 dissect_connect_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
 {
@@ -7553,6 +7594,10 @@ dissect_connect_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
 
 		proto_tree_add_boolean(tree, hf_smb_connect_flags_dtid,
 			tvb, offset, 2, mask);
+		proto_tree_add_boolean(tree, hf_smb_connect_flags_ext_sig,
+			tvb, offset, 2, mask);
+		proto_tree_add_boolean(tree, hf_smb_connect_flags_ext_resp,
+			tvb, offset, 2, mask);
 	}
 
 	offset += 2;
@@ -7664,6 +7709,9 @@ dissect_tree_connect_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree
 	guint16 andxoffset=0;
 	guint16 bc;
 	int an_len;
+	int count = 0;
+	proto_item *it = NULL;
+	proto_tree *tr = NULL;
 	const char *an;
 	smb_info_t *si = pinfo->private_data;
 
@@ -7706,12 +7754,28 @@ dissect_tree_connect_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree
 	   idea how to dissect it.  I'm guessing the third word
 	   contains connect support bits, which looks plausible
 	   from the values I've seen. */
-
+	
+	/* MaximalShareAccessRights and GuestMaximalShareAccessRights */
 	while (wleft != 0) {
-		proto_tree_add_text(tree, tvb, offset, 2,
-		    "Word parameter: 0x%04x", tvb_get_letohs(tvb, offset));
-		offset += 2;
-		wleft--;
+		/*
+		 * Refer to [MS-SMB] - v20100711
+		 * When a server returns extended information, the response
+		 * takes the following format, with WordCount = 7.
+		 * MaximalShareAccessRights, and GuestMaximalShareAccessRights fields
+		 * has added.
+		 */
+		if (count == 0) {
+			it = proto_tree_add_text(tree, tvb, offset, 4,
+				"Maximal Share Access Rights");
+		} else {
+			it = proto_tree_add_text(tree, tvb, offset, 4,
+				"Guest Maximal Share Access Rights");
+		}
+		tr = proto_item_add_subtree(it, ett_smb_nt_access_mask);
+		
+		offset = dissect_smb_access_mask(tvb, tr, offset);
+		wleft -= 2;
+		count++;
 	}
 
 	BYTE_COUNT;
@@ -18422,6 +18486,14 @@ proto_register_smb(void)
 		{ "Disconnect TID", "smb.connect.flags.dtid", FT_BOOLEAN, 16,
 		TFS(&tfs_disconnect_tid), 0x0001, "Disconnect TID?", HFILL }},
 
+	{ &hf_smb_connect_flags_ext_sig,
+		{ "Extended Signature", "smb.connect.flags.extendedsig", FT_BOOLEAN, 16,
+		TFS(&tfs_extended_signature), 0x0004, "Extended signature?", HFILL }},
+
+	{ &hf_smb_connect_flags_ext_resp,
+		{ "Extended Response", "smb.connect.flags.extendedresp", FT_BOOLEAN, 16,
+		TFS(&tfs_extended_response), 0x0008, "Extended response?", HFILL }},
+
 	{ &hf_smb_connect_support_search,
 		{ "Search Bits", "smb.connect.support.search", FT_BOOLEAN, 16,
 		TFS(&tfs_connect_support_search), 0x0001, "Exclusive Search Bits supported?", HFILL }},
@@ -18430,6 +18502,18 @@ proto_register_smb(void)
 		{ "In Dfs", "smb.connect.support.dfs", FT_BOOLEAN, 16,
 		TFS(&tfs_connect_support_in_dfs), 0x0002, "Is this in a Dfs tree?", HFILL }},
 
+	{ &hf_smb_connect_support_csc_mask_vals,
+		{ "CSC Mask", "smb.connect.support.cscmask", FT_UINT16, BASE_DEC,
+		VALS(connect_support_csc_mask_vals), 0x000c, "CSC mask?", HFILL }},
+
+	{ &hf_smb_connect_support_uniquefilename,
+		{ "Unique File Name", "smb.connect.support.uniqfilename", FT_BOOLEAN, 16,
+		TFS(&tfs_connect_support_uniquefilename), 0x0010, "Unique file name supported?", HFILL }},
+
+	{ &hf_smb_connect_support_extended_signature,
+		{ "Extended Signatures", "smb.connect.support.extendedsig", FT_BOOLEAN, 16,
+		TFS(&tfs_connect_support_extended_signature), 0x0020, "Extended signatures?", HFILL }},
+
 	{ &hf_smb_max_setup_count,
 		{ "Max Setup Count", "smb.msc", FT_UINT8, BASE_DEC,
 		NULL, 0, "Maximum number of setup words to return", HFILL }},
author	jake <jake@f5534014-38df-0310-8fa8-9805f1628bb7>	2010-08-06 17:46:27 +0000
committer	jake <jake@f5534014-38df-0310-8fa8-9805f1628bb7>	2010-08-06 17:46:27 +0000
commit	7d84c31ffc7341c7b53c757a927e56a88911f551 (patch)
tree	1d78d8c648d89e178f072e67ae28a318bfac7e53 /epan/dissectors/packet-smb.c
parent	93145fe095c1da2aa29624a18fd13109b977aad0 (diff)