aboutsummaryrefslogtreecommitdiffstats
path: root/packet-smb-pipe.c
diff options
context:
space:
mode:
authorGuy Harris <guy@alum.mit.edu>2002-01-27 22:25:48 +0000
committerGuy Harris <guy@alum.mit.edu>2002-01-27 22:25:48 +0000
commiteb0f5ed538fe26284c8a5b0d8ccb2aae0d114fbc (patch)
tree086a33707b2686c8e873446adeafdfc14d1d5d71 /packet-smb-pipe.c
parenta765213629a48cbb02b6de571cd4dafd3487c58e (diff)
Not all pointers in RAP packets point to null-terminated strings; add
support for the "b" descriptor item in data, for pointers that point to arrays of bytes - the descriptor item includes a byte count giving the number of bytes in the array. Handle the "logon hours" bitmask in that fashion. Sometimes it appears that -1 means "unknown", and sometimes it appears that 0 means "unknown", for the last logoff date/time; interpret both of them as "unknown" (or "never"). svn path=/trunk/; revision=4612
Diffstat (limited to 'packet-smb-pipe.c')
-rw-r--r--packet-smb-pipe.c168
1 files changed, 132 insertions, 36 deletions
diff --git a/packet-smb-pipe.c b/packet-smb-pipe.c
index cee13a1e1b..c3b513e401 100644
--- a/packet-smb-pipe.c
+++ b/packet-smb-pipe.c
@@ -8,7 +8,7 @@ XXX Fixme : shouldnt show [malformed frame] for long packets
* significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and
* Guy Harris 2001
*
- * $Id: packet-smb-pipe.c,v 1.67 2002/01/27 03:04:30 guy Exp $
+ * $Id: packet-smb-pipe.c,v 1.68 2002/01/27 22:25:48 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@@ -334,7 +334,8 @@ add_string_param(tvbuff_t *tvb, int offset, int count, packet_info *pinfo,
}
static const char *
-get_pointer_value(tvbuff_t *tvb, int offset, int convert, int *cptrp, int *lenp)
+get_stringz_pointer_value(tvbuff_t *tvb, int offset, int convert, int *cptrp,
+ int *lenp)
{
int cptr;
gint string_len;
@@ -354,14 +355,15 @@ get_pointer_value(tvbuff_t *tvb, int offset, int convert, int *cptrp, int *lenp)
}
static int
-add_pointer_param(tvbuff_t *tvb, int offset, int count, packet_info *pinfo,
- proto_tree *tree, int convert, int hf_index)
+add_stringz_pointer_param(tvbuff_t *tvb, int offset, int count,
+ packet_info *pinfo, proto_tree *tree, int convert, int hf_index)
{
int cptr;
const char *string;
gint string_len;
- string = get_pointer_value(tvb, offset, convert, &cptr, &string_len);
+ string = get_stringz_pointer_value(tvb, offset, convert, &cptr,
+ &string_len);
offset += 4;
/* string */
@@ -388,6 +390,40 @@ add_pointer_param(tvbuff_t *tvb, int offset, int count, packet_info *pinfo,
}
static int
+add_bytes_pointer_param(tvbuff_t *tvb, int offset, int count,
+ packet_info *pinfo, proto_tree *tree, int convert, int hf_index)
+{
+ int cptr;
+
+ /* pointer to byte array */
+ cptr = (tvb_get_letohl(tvb, offset)&0xffff)-convert;
+ offset += 4;
+
+ /* bytes */
+ if (tvb_bytes_exist(tvb, cptr, count)) {
+ if (hf_index != -1) {
+ proto_tree_add_item(tree, hf_index, tvb, cptr,
+ count, TRUE);
+ } else {
+ proto_tree_add_text(tree, tvb, cptr, count,
+ "Byte Param: %s",
+ tvb_bytes_to_str(tvb, cptr, count));
+ }
+ } else {
+ if (hf_index != -1) {
+ proto_tree_add_text(tree, tvb, 0, 0,
+ "%s: <Bytes go past end of frame>",
+ proto_registrar_get_name(hf_index));
+ } else {
+ proto_tree_add_text(tree, tvb, 0, 0,
+ "Byte Param: <Bytes goes past end of frame>");
+ }
+ }
+
+ return offset;
+}
+
+static int
add_detail_level(tvbuff_t *tvb, int offset, int count, packet_info *pinfo,
proto_tree *tree, int convert, int hf_index)
{
@@ -470,7 +506,12 @@ add_abstime_common(tvbuff_t *tvb, int offset, int count,
nstime.secs = tvb_get_letohl(tvb, offset);
nstime.nsecs = 0;
- if (nstime.secs == -1) {
+ /*
+ * Sigh. Sometimes it appears that -1 means "unknown", and
+ * sometimes it appears that 0 means "unknown", for the last
+ * logoff date/time.
+ */
+ if (nstime.secs == -1 || nstime.secs == 0) {
proto_tree_add_time_format(tree, hf_index, tvb, offset, 4,
&nstime, "%s: %s", proto_registrar_get_name(hf_index),
absent_name);
@@ -548,13 +589,33 @@ add_logon_hours(tvbuff_t *tvb, int offset, int count, packet_info *pinfo,
{
int cptr;
- /* pointer to string */
+ /* pointer to byte array */
cptr = (tvb_get_letohl(tvb, offset)&0xffff)-convert;
offset += 4;
- /* string */
- /* XXX - should actually carve up the bits */
- proto_tree_add_item(tree, hf_index, tvb, cptr, 21, TRUE);
+ /* bytes */
+ if (tvb_bytes_exist(tvb, cptr, count)) {
+ if (count == 21) {
+ /*
+ * The logon hours should be exactly 21 bytes long.
+ *
+ * XXX - should actually carve up the bits;
+ * we need the units per week to do that, though.
+ */
+ proto_tree_add_item(tree, hf_index, tvb, cptr, count,
+ TRUE);
+ } else {
+ proto_tree_add_bytes_format(tree, hf_index, tvb,
+ cptr, count, tvb_get_ptr(tvb, cptr, count),
+ "%s: %s (wrong length, should be 21, is %d",
+ proto_registrar_get_name(hf_index),
+ tvb_bytes_to_str(tvb, cptr, count), count);
+ }
+ } else {
+ proto_tree_add_text(tree, tvb, 0, 0,
+ "%s: <Bytes go past end of frame>",
+ proto_registrar_get_name(hf_index));
+ }
return offset;
}
@@ -737,7 +798,7 @@ static const item_t lm_data_resp_netshareenum_1[] = {
{ &hf_share_name, add_byte_param, PARAM_BYTES },
{ &no_hf, add_pad_param, PARAM_BYTES },
{ &hf_share_type, add_word_param, PARAM_WORD },
- { &hf_share_comment, add_pointer_param, PARAM_STRINGZ },
+ { &hf_share_comment, add_stringz_pointer_param, PARAM_STRINGZ },
{ NULL, NULL, PARAM_NONE }
};
@@ -766,7 +827,7 @@ static const item_t lm_data_resp_netsharegetinfo_1[] = {
{ &hf_share_name, add_byte_param, PARAM_BYTES },
{ &no_hf, add_pad_param, PARAM_BYTES },
{ &hf_share_type, add_word_param, PARAM_WORD },
- { &hf_share_comment, add_pointer_param, PARAM_STRINGZ },
+ { &hf_share_comment, add_stringz_pointer_param, PARAM_STRINGZ },
{ NULL, NULL, PARAM_NONE }
};
@@ -774,11 +835,11 @@ static const item_t lm_data_resp_netsharegetinfo_2[] = {
{ &hf_share_name, add_byte_param, PARAM_BYTES },
{ &no_hf, add_pad_param, PARAM_BYTES },
{ &hf_share_type, add_word_param, PARAM_WORD },
- { &hf_share_comment, add_pointer_param, PARAM_STRINGZ },
+ { &hf_share_comment, add_stringz_pointer_param, PARAM_STRINGZ },
{ &hf_share_permissions, add_word_param, PARAM_WORD }, /* XXX - do as bit fields */
{ &hf_share_max_uses, add_max_uses, PARAM_WORD },
{ &hf_share_current_uses, add_word_param, PARAM_WORD },
- { &hf_share_path, add_pointer_param, PARAM_STRINGZ },
+ { &hf_share_path, add_stringz_pointer_param, PARAM_STRINGZ },
{ &hf_share_password, add_byte_param, PARAM_BYTES },
{ NULL, NULL, PARAM_NONE }
};
@@ -810,7 +871,7 @@ static const item_t lm_data_serverinfo_1[] = {
{ &hf_server_major, add_byte_param, PARAM_BYTES },
{ &hf_server_minor, add_byte_param, PARAM_BYTES },
{ &no_hf, add_server_type, PARAM_DWORD },
- { &hf_server_comment, add_pointer_param, PARAM_STRINGZ },
+ { &hf_server_comment, add_stringz_pointer_param, PARAM_STRINGZ },
{ NULL, NULL, PARAM_NONE }
};
@@ -834,23 +895,24 @@ static const item_t lm_params_resp_netusergetinfo[] = {
static const item_t lm_data_resp_netusergetinfo_11[] = {
{ &hf_user_name, add_byte_param, PARAM_BYTES },
{ &no_hf, add_pad_param, PARAM_BYTES },
- { &hf_comment, add_pointer_param, PARAM_STRINGZ },
- { &hf_user_comment, add_pointer_param, PARAM_STRINGZ },
- { &hf_full_name, add_pointer_param, PARAM_STRINGZ },
+ { &hf_comment, add_stringz_pointer_param, PARAM_STRINGZ },
+ { &hf_user_comment, add_stringz_pointer_param, PARAM_STRINGZ },
+ { &hf_full_name, add_stringz_pointer_param, PARAM_STRINGZ },
{ &hf_privilege_level, add_word_param, PARAM_WORD },
{ &hf_operator_privileges, add_dword_param, PARAM_DWORD },
{ &hf_password_age, add_reltime, PARAM_DWORD },
- { &hf_homedir, add_pointer_param, PARAM_STRINGZ },
- { &hf_parameters, add_pointer_param, PARAM_STRINGZ },
+ { &hf_homedir, add_stringz_pointer_param, PARAM_STRINGZ },
+ { &hf_parameters, add_stringz_pointer_param, PARAM_STRINGZ },
{ &hf_last_logon, add_abstime_absent_unknown, PARAM_DWORD },
{ &hf_last_logoff, add_abstime_absent_unknown, PARAM_DWORD },
{ &hf_bad_pw_count, add_word_param, PARAM_WORD },
{ &hf_num_logons, add_nlogons, PARAM_WORD },
- { &hf_logon_server, add_pointer_param, PARAM_STRINGZ },
+ { &hf_logon_server, add_stringz_pointer_param, PARAM_STRINGZ },
{ &hf_country_code, add_word_param, PARAM_WORD },
- { &hf_workstations, add_pointer_param, PARAM_STRINGZ },
+ { &hf_workstations, add_stringz_pointer_param, PARAM_STRINGZ },
{ &hf_max_storage, add_max_storage, PARAM_DWORD },
- { &hf_logon_hours, add_logon_hours, PARAM_DWORD },
+ { &hf_units_per_week, add_word_param, PARAM_WORD },
+ { &hf_logon_hours, add_logon_hours, PARAM_BYTES },
{ &hf_code_page, add_word_param, PARAM_WORD },
{ NULL, NULL, PARAM_NONE }
};
@@ -941,13 +1003,13 @@ static const item_t lm_params_resp_netwkstagetinfo[] = {
};
static const item_t lm_data_resp_netwkstagetinfo_10[] = {
- { &hf_computer_name, add_pointer_param, PARAM_STRINGZ },
- { &hf_user_name, add_pointer_param, PARAM_STRINGZ },
- { &hf_workstation_domain, add_pointer_param, PARAM_STRINGZ },
+ { &hf_computer_name, add_stringz_pointer_param, PARAM_STRINGZ },
+ { &hf_user_name, add_stringz_pointer_param, PARAM_STRINGZ },
+ { &hf_workstation_domain, add_stringz_pointer_param, PARAM_STRINGZ },
{ &hf_workstation_major, add_byte_param, PARAM_BYTES },
{ &hf_workstation_minor, add_byte_param, PARAM_BYTES },
- { &hf_logon_domain, add_pointer_param, PARAM_STRINGZ },
- { &hf_other_domains, add_pointer_param, PARAM_STRINGZ },
+ { &hf_logon_domain, add_stringz_pointer_param, PARAM_STRINGZ },
+ { &hf_other_domains, add_stringz_pointer_param, PARAM_STRINGZ },
{ NULL, NULL, PARAM_NONE }
};
@@ -957,8 +1019,8 @@ static const item_list_t lm_data_resp_netwkstagetinfo[] = {
};
static const item_t lm_params_req_netwkstauserlogon[] = {
- { &no_hf, add_pointer_param, PARAM_STRINGZ },
- { &no_hf, add_pointer_param, PARAM_STRINGZ },
+ { &no_hf, add_stringz_pointer_param, PARAM_STRINGZ },
+ { &no_hf, add_stringz_pointer_param, PARAM_STRINGZ },
{ &hf_detail_level, add_detail_level, PARAM_WORD },
{ &no_hf, add_logon_args, PARAM_BYTES },
{ &hf_ustruct_size, add_word_param, PARAM_WORD },
@@ -985,9 +1047,9 @@ static const item_t lm_data_resp_netwkstauserlogon_1[] = {
{ &hf_password_age, add_reltime, PARAM_DWORD },
{ &hf_password_can_change, add_abstime_absent_never, PARAM_DWORD },
{ &hf_password_must_change, add_abstime_absent_never, PARAM_DWORD },
- { &hf_server_name, add_pointer_param, PARAM_STRINGZ },
- { &hf_logon_domain, add_pointer_param, PARAM_STRINGZ },
- { &hf_script_path, add_pointer_param, PARAM_STRINGZ },
+ { &hf_server_name, add_stringz_pointer_param, PARAM_STRINGZ },
+ { &hf_logon_domain, add_stringz_pointer_param, PARAM_STRINGZ },
+ { &hf_script_path, add_stringz_pointer_param, PARAM_STRINGZ },
{ &hf_reserved, add_dword_param, PARAM_DWORD },
{ NULL, NULL, PARAM_NONE }
};
@@ -1889,6 +1951,7 @@ dissect_transact_data(tvbuff_t *tvb, int offset, int convert,
int cptr;
const char *string;
gint string_len;
+ const guint8 *bytes;
if (aux_count_p != NULL)
*aux_count_p = 0;
@@ -2032,14 +2095,14 @@ dissect_transact_data(tvbuff_t *tvb, int offset, int convert,
* We've run out of items in the table;
* fall back on the default.
*/
- offset = add_pointer_param(tvb, offset, 0,
- pinfo, tree, convert, -1);
+ offset = add_stringz_pointer_param(tvb, offset,
+ 0, pinfo, tree, convert, -1);
} else if (items->type != PARAM_STRINGZ) {
/*
* Descriptor character is 'z', but this
* isn't a string parameter.
*/
- string = get_pointer_value(tvb, offset,
+ string = get_stringz_pointer_value(tvb, offset,
convert, &cptr, &string_len);
offset += 4;
proto_tree_add_text(tree, tvb, cptr, string_len,
@@ -2056,6 +2119,39 @@ dissect_transact_data(tvbuff_t *tvb, int offset, int convert,
}
break;
+ case 'b':
+ /*
+ * A pointer to a byte or multi-byte value.
+ */
+ desc = get_count(desc, &count);
+ if (items->func == NULL) {
+ /*
+ * We've run out of items in the table;
+ * fall back on the default.
+ */
+ offset = add_bytes_pointer_param(tvb, offset,
+ count, pinfo, tree, convert, -1);
+ } else if (items->type != PARAM_BYTES) {
+ /*
+ * Descriptor character is 'b', but this
+ * isn't a byte/bytes parameter.
+ */
+ cptr = (tvb_get_letohl(tvb, offset)&0xffff)-convert;
+ offset += 4;
+ proto_tree_add_text(tree, tvb, offset, count,
+ "%s: Value is %s, type is wrong (b)",
+ (*items->hf_index == -1) ?
+ "Byte Param" :
+ proto_registrar_get_name(*items->hf_index),
+ tvb_bytes_to_str(tvb, cptr, count));
+ items++;
+ } else {
+ offset = (*items->func)(tvb, offset, count,
+ pinfo, tree, convert, *items->hf_index);
+ items++;
+ }
+ break;
+
case 'N':
/*
* 16-bit auxiliary data structure count.