diff options
author | guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-05-09 02:55:31 +0000 |
---|---|---|
committer | guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-05-09 02:55:31 +0000 |
commit | f9627df7e372995fd382d62740db410b8bb96ad3 (patch) | |
tree | 17b4df6e11e0c569bf880c5044ce02e86405821d | |
parent | 77876124cfeb4d4e879816d13bcb5ce56ebb130d (diff) |
Support SMB_FIND_FILE_UNIX_INFO2.
Don't use "link destination" for file names in SMB_FIND_FILE_UNIX.
Link to the page for Microsoft's public protocol specifications and to
the Samba Wiki page for the UNIX extensions.
Fix a typo in a variable name.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@37023 f5534014-38df-0310-8fa8-9805f1628bb7
-rw-r--r-- | epan/dissectors/packet-smb.c | 306 |
1 files changed, 298 insertions, 8 deletions
diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c index efe9f937a4..9241a2fb52 100644 --- a/epan/dissectors/packet-smb.c +++ b/epan/dissectors/packet-smb.c @@ -87,6 +87,15 @@ * directory as well. * * Beware - these specs may have errors. + * + * Microsoft's public protocol specifications, including MS-CIFS and + * other SMB-related specifications, can be found at + * + * http://msdn.microsoft.com/en-us/library/cc216513.aspx + * + * See also + * + * https://wiki.samba.org/index.php/UNIX_Extensions */ /* DFS referral entry flags */ @@ -649,11 +658,13 @@ static int hf_smb_unix_major_version = -1; static int hf_smb_unix_minor_version = -1; static int hf_smb_unix_capability_fcntl = -1; static int hf_smb_unix_capability_posix_acl = -1; +static int hf_smb_unix_file_link_dest = -1; static int hf_smb_unix_file_size = -1; static int hf_smb_unix_file_num_bytes = -1; static int hf_smb_unix_file_last_status = -1; static int hf_smb_unix_file_last_access = -1; static int hf_smb_unix_file_last_change = -1; +static int hf_smb_unix_file_creation_time = -1; static int hf_smb_unix_file_uid = -1; static int hf_smb_unix_file_gid = -1; static int hf_smb_unix_file_type = -1; @@ -662,7 +673,18 @@ static int hf_smb_unix_file_dev_minor = -1; static int hf_smb_unix_file_unique_id = -1; static int hf_smb_unix_file_permissions = -1; static int hf_smb_unix_file_nlinks = -1; -static int hf_smb_unix_file_link_dest = -1; +static int hf_smb_unix_info2_file_flags = -1; +static int hf_smb_unix_info2_file_flags_mask = -1; +static int hf_smb_unix_info2_file_flags_secure_delete = -1; +static int hf_smb_unix_info2_file_flags_enable_undelete = -1; +static int hf_smb_unix_info2_file_flags_synchronous = -1; +static int hf_smb_unix_info2_file_flags_immutable = -1; +static int hf_smb_unix_info2_file_flags_append_only = -1; +static int hf_smb_unix_info2_file_flags_do_not_backup = -1; +static int hf_smb_unix_info2_file_flags_no_update_atime = -1; +static int hf_smb_unix_info2_file_flags_hidden = -1; +static int hf_smb_unix_file_name_length = -1; +static int hf_smb_unix_file_name = -1; static int hf_smb_unix_find_file_nextoffset = -1; static int hf_smb_unix_find_file_resumekey = -1; static int hf_smb_network_unknown = -1; @@ -764,8 +786,9 @@ static gint ett_smb_secblob = -1; static gint ett_smb_unicode_password = -1; static gint ett_smb_ea = -1; static gint ett_smb_unix_capabilities = -1; -static gint ett_smb_posic_ace = -1; +static gint ett_smb_posix_ace = -1; static gint ett_smb_posix_ace_perms = -1; +static gint ett_smb_info2_file_flags = -1; static int smb_tap = -1; static int smb_eo_tap = -1; @@ -10342,6 +10365,7 @@ static const value_string ff2_il_vals[] = { { 0x0105, "Find File Full Directory Info"}, { 0x0106, "Find File Id Both Directory Info"}, { 0x0202, "Find File UNIX"}, + { 0x020B, "Find File UNIX Info2"}, {0, NULL} }; @@ -12383,7 +12407,7 @@ dissect_qpi_unix_acl(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, guint8 ace_type; it = proto_tree_add_text(tree, tvb, offset, 0, "ACE"); - tr = proto_item_add_subtree(it, ett_smb_posic_ace); + tr = proto_item_add_subtree(it, ett_smb_posix_ace); /* ace type */ CHECK_BYTE_COUNT_SUBR(1); @@ -14622,7 +14646,216 @@ dissect_4_3_4_8(tvbuff_t *tvb _U_, packet_info *pinfo _U_, CHECK_STRING_SUBR(fn); proto_tree_add_string( - tree, hf_smb_unix_file_link_dest, tvb, offset, fn_len, fn); + tree, hf_smb_unix_file_name, tvb, offset, fn_len, fn); + COUNT_BYTES_SUBR(fn_len); + + /* Pad to 4 bytes */ + + if (offset % 4) { + pad = 4 - (offset % 4); + COUNT_BYTES_SUBR(pad); + } + + *trunc = FALSE; + return offset; +} + +/* SMB_FIND_FILE_UNIX_INFO2 */ + +static const true_false_string tfs_i2f_secure_delete = { + "File should be erased such that the data is not recoverable", + "File need not be erased such that the data is not recoverable" +}; +static const true_false_string tfs_i2f_enable_undelete = { + "File should opt-in to a server-specific deletion recovery scheme", + "File should not opt-in to a server-specific deletion recovery scheme" +}; +static const true_false_string tfs_i2f_synchronous = { + "I/O to this file should be performed synchronously", + "I/O to this file need not be performed synchronously" +}; +static const true_false_string tfs_i2f_immutable = { + "NO changes can be made to this file", + "Changes can be made to this file if permissions allow it" +}; +static const true_false_string tfs_i2f_append_only = { + "Only appends can be made to this file", + "Writes can be made atop existing data in this file" +}; +static const true_false_string tfs_i2f_do_not_backup = { + "Backup programs should ignore this file", + "Backup programs should not ignore this file" +}; +static const true_false_string tfs_i2f_no_update_atime = { + "The server is not required to update the last access time on this file", + "The server is required to update the last access time on this file" +}; +static const true_false_string tfs_i2f_hidden = { + "User interface programs may ignore this file", + "User interface programs should not ignore this file based solely on this flag" +}; +static int +dissect_unix_info2_file_flags(tvbuff_t *tvb, proto_tree *parent_tree, int offset, int hf) +{ + guint32 flags; + proto_item *item = NULL; + proto_tree *tree = NULL; + + flags = tvb_get_letohl(tvb, offset); + + if(parent_tree){ + item = proto_tree_add_uint(parent_tree, hf, tvb, offset, 4, + flags); + tree = proto_item_add_subtree(item, ett_smb_info2_file_flags); + } + + proto_tree_add_boolean(tree, hf_smb_unix_info2_file_flags_secure_delete, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_smb_unix_info2_file_flags_enable_undelete, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_smb_unix_info2_file_flags_synchronous, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_smb_unix_info2_file_flags_immutable, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_smb_unix_info2_file_flags_append_only, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_smb_unix_info2_file_flags_do_not_backup, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_smb_unix_info2_file_flags_no_update_atime, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_smb_unix_info2_file_flags_hidden, + tvb, offset, 4, flags); + + offset += 4; + + return offset; +} + +static int +dissect_find_file_unix_info2(tvbuff_t *tvb _U_, packet_info *pinfo _U_, + proto_tree *tree, int offset, guint16 *bcp, + gboolean *trunc) +{ + smb_info_t *si = pinfo->private_data; + const char *fn; + guint32 namelen; + int fn_len; + int pad; + + DISSECTOR_ASSERT(si); + + /* NextEntryOffset */ + CHECK_BYTE_COUNT_SUBR(4); + proto_tree_add_item(tree, hf_smb_unix_find_file_nextoffset, tvb, offset, 4, TRUE); + COUNT_BYTES_SUBR(4); + + /* ResumeKey */ + CHECK_BYTE_COUNT_SUBR(4); + proto_tree_add_item(tree, hf_smb_unix_find_file_resumekey, tvb, offset, 4, TRUE); + COUNT_BYTES_SUBR(4); + + /* End of file (file size) */ + CHECK_BYTE_COUNT_SUBR(8); + proto_tree_add_item(tree, hf_smb_unix_file_size, tvb, offset, 8, TRUE); + COUNT_BYTES_SUBR(8); + + /* Number of bytes (or blocks? The SNIA spec for UNIX basic + info says "bytes", the Samba page for this says "blocks") */ + CHECK_BYTE_COUNT_SUBR(8); + proto_tree_add_item(tree, hf_smb_unix_file_num_bytes, tvb, offset, 8, TRUE); + COUNT_BYTES_SUBR(8); + + /* Last status change */ + CHECK_BYTE_COUNT_SUBR(8); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_status); + *bcp -= 8; + + /* Last access time */ + CHECK_BYTE_COUNT_SUBR(8); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_access); + *bcp -= 8; + + /* Last modification time */ + CHECK_BYTE_COUNT_SUBR(8); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_change); + *bcp -= 8; + + /* File owner uid */ + CHECK_BYTE_COUNT_SUBR(8); + proto_tree_add_item(tree, hf_smb_unix_file_uid, tvb, offset, 8, TRUE); + COUNT_BYTES_SUBR(8); + + /* File group gid */ + CHECK_BYTE_COUNT_SUBR(8); + proto_tree_add_item(tree, hf_smb_unix_file_gid, tvb, offset, 8, TRUE); + COUNT_BYTES_SUBR(8); + + /* File type */ + CHECK_BYTE_COUNT_SUBR(4); + proto_tree_add_item(tree, hf_smb_unix_file_type, tvb, offset, 4, TRUE); + COUNT_BYTES_SUBR(4); + + /* Major device number */ + CHECK_BYTE_COUNT_SUBR(8); + proto_tree_add_item(tree, hf_smb_unix_file_dev_major, tvb, offset, 8, TRUE); + COUNT_BYTES_SUBR(8); + + /* Minor device number */ + CHECK_BYTE_COUNT_SUBR(8); + proto_tree_add_item(tree, hf_smb_unix_file_dev_minor, tvb, offset, 8, TRUE); + COUNT_BYTES_SUBR(8); + + /* Unique id */ + CHECK_BYTE_COUNT_SUBR(8); + proto_tree_add_item(tree, hf_smb_unix_file_unique_id, tvb, offset, 8, TRUE); + COUNT_BYTES_SUBR(8); + + /* Permissions */ + CHECK_BYTE_COUNT_SUBR(8); + proto_tree_add_item(tree, hf_smb_unix_file_permissions, tvb, offset, 8, TRUE); + COUNT_BYTES_SUBR(8); + + /* Nlinks */ + CHECK_BYTE_COUNT_SUBR(8); + proto_tree_add_item(tree, hf_smb_unix_file_nlinks, tvb, offset, 8, TRUE); + COUNT_BYTES_SUBR(8); + + /* Creation time */ + CHECK_BYTE_COUNT_SUBR(8); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_unix_file_creation_time); + *bcp -= 8; + + /* File flags */ + CHECK_BYTE_COUNT_SUBR(4); + offset = dissect_unix_info2_file_flags(tvb, tree, offset, hf_smb_unix_info2_file_flags); + *bcp -= 4; + + /* File flags mask */ + CHECK_BYTE_COUNT_SUBR(4); + offset = dissect_unix_info2_file_flags(tvb, tree, offset, hf_smb_unix_info2_file_flags_mask); + *bcp -= 4; + + /* Name length */ + CHECK_BYTE_COUNT_SUBR(4); + namelen = tvb_get_letohl(tvb, offset); + proto_tree_add_uint(tree, hf_smb_unix_file_name_length, tvb, offset, 4, namelen); + COUNT_BYTES_SUBR(4); + + /* Name */ + + /* + * namelen could be > 2^31-1; this will catch that. + * The length argument to get_unicode_or_ascii_string() is an + * int, not an unsigned int, so we have to worry about that. + */ + tvb_ensure_bytes_exist(tvb, offset, namelen); + fn_len = namelen; + fn = get_unicode_or_ascii_string( + tvb, &offset, si->unicode, &fn_len, TRUE, TRUE, bcp); + + CHECK_STRING_SUBR(fn); + proto_tree_add_string( + tree, hf_smb_unix_file_name, tvb, offset, fn_len, fn); COUNT_BYTES_SUBR(fn_len); /* Pad to 4 bytes */ @@ -14692,6 +14925,10 @@ dissect_ff2_response_data(tvbuff_t * tvb, packet_info * pinfo, offset = dissect_4_3_4_8(tvb, pinfo, tree, offset, bcp, trunc); break; + case 0x020B: /*Find File UNIX Info2*/ + offset = dissect_find_file_unix_info2(tvb, pinfo, tree, offset, bcp, + trunc); + break; default: /* unknown info level */ *trunc = FALSE; break; @@ -19697,6 +19934,10 @@ proto_register_smb(void) { "Write Attribute", "smb.dir.accessmask.write_attribute", FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000100, NULL, HFILL }}, + { &hf_smb_unix_file_link_dest, + { "Link destination", "smb.unix.file.link_dest", FT_STRING, + BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_smb_unix_file_size, { "File size", "smb.unix.file.size", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL }}, @@ -19717,6 +19958,10 @@ proto_register_smb(void) { "Last modification", "smb.unix.file.mtime", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, NULL, HFILL }}, + { &hf_smb_unix_file_creation_time, + { "Creation time", "smb.unix.file.crtime", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, + NULL, 0, NULL, HFILL }}, + { &hf_smb_unix_file_uid, { "UID", "smb.unix.file.uid", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL }}, @@ -19749,8 +19994,52 @@ proto_register_smb(void) { "Num links", "smb.unix.file.num_links", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL }}, - { &hf_smb_unix_file_link_dest, - { "Link destination", "smb.unix.file.link_dest", FT_STRING, + { &hf_smb_unix_info2_file_flags, + { "Flags", "smb.unix_info2.file.flags", FT_UINT32, BASE_HEX, + NULL, 0, NULL, HFILL }}, + + { &hf_smb_unix_info2_file_flags_mask, + { "Flags mask", "smb.unix_info2.file.flags_mask", FT_UINT32, BASE_HEX, + NULL, 0, NULL, HFILL }}, + + { &hf_smb_unix_info2_file_flags_secure_delete, + { "Secure delete", "smb.unix_info2.file.flags.secure_delete", FT_BOOLEAN, 32, + NULL, 0x00000001, NULL, HFILL }}, + + { &hf_smb_unix_info2_file_flags_enable_undelete, + { "Enable undelete", "smb.unix_info2.file.flags.enable_undelete", FT_BOOLEAN, 32, + NULL, 0x00000002, NULL, HFILL }}, + + { &hf_smb_unix_info2_file_flags_synchronous, + { "Synchronous", "smb.unix_info2.file.flags.synchronous", FT_BOOLEAN, 32, + NULL, 0x00000004, NULL, HFILL }}, + + { &hf_smb_unix_info2_file_flags_immutable, + { "Immutable", "smb.unix_info2.file.flags.immutable", FT_BOOLEAN, 32, + NULL, 0x00000008, NULL, HFILL }}, + + { &hf_smb_unix_info2_file_flags_append_only, + { "Append-only", "smb.unix_info2.file.flags.append_only", FT_BOOLEAN, 32, + NULL, 0x00000010, NULL, HFILL }}, + + { &hf_smb_unix_info2_file_flags_do_not_backup, + { "Do not backup", "smb.unix_info2.file.flags.do_not_backup", FT_BOOLEAN, 32, + NULL, 0x00000020, NULL, HFILL }}, + + { &hf_smb_unix_info2_file_flags_no_update_atime, + { "Don't update atime", "smb.unix_info2.file.flags.no_update_atime", FT_BOOLEAN, 32, + NULL, 0x00000040, NULL, HFILL }}, + + { &hf_smb_unix_info2_file_flags_hidden, + { "Hidden", "smb.unix_info2.file.flags.hidden", FT_BOOLEAN, 32, + NULL, 0x00000080, NULL, HFILL }}, + + { &hf_smb_unix_file_name_length, + { "File name length", "smb.unix.file.name_length", FT_UINT32, BASE_DEC, + NULL, 0, NULL, HFILL }}, + + { &hf_smb_unix_file_name, + { "File name", "smb.unix.file.name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, { &hf_smb_unix_find_file_nextoffset, @@ -19944,8 +20233,9 @@ proto_register_smb(void) &ett_smb_unicode_password, &ett_smb_ea, &ett_smb_unix_capabilities, - &ett_smb_posic_ace, - &ett_smb_posix_ace_perms + &ett_smb_posix_ace, + &ett_smb_posix_ace_perms, + &ett_smb_info2_file_flags }; module_t *smb_module; |