add a type field for the fid tracking structure and initialize it to UNKNOWN

when files are opened using NTCreateAndX  and if we recognize the type   set the type field to either FILE, DIR or PIPE

This is useful to know when dissecting things like security descriptors since it tells us how to dissect the specific bits of the access mask.


Only do this for NTCreateAndX for now.   It is trivial to add similar tracking to some of the older   obsolete   calls used to open fids    but no clients ever use those old calls any more.





svn path=/trunk/; revision=18922

1 files changed, 15 insertions, 1 deletions

diff --git a/epan/dissectors/packet-smb.h b/epan/dissectors/packet-smb.h
index a3adf2e477..94501bf9c8 100644
--- a/epan/dissectors/packet-smb.h
+++ b/epan/dissectors/packet-smb.h
@@ -276,10 +276,24 @@ typedef struct smb_info {
 extern int dissect_file_data(tvbuff_t *tvb, proto_tree *tree, int offset,
     guint16 bc, guint16 datalen);
 
+
+#define SMB_FID_TYPE_UNKNOWN	0
+#define SMB_FID_TYPE_FILE	1
+#define SMB_FID_TYPE_DIR	2
+#define SMB_FID_TYPE_PIPE	3
+/* used for tracking fid/tid to filename/sharename openedframe closedframe */
+typedef struct _smb_fid_into_t {
+	int opened_in;
+	int closed_in;
+	char *filename;
+	int type;
+} smb_fid_info_t;
+
+
 /*
  * Dissect an smb FID
  */
-extern void dissect_smb_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+extern smb_fid_info_t *dissect_smb_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
     int offset, int len, guint16 fid, gboolean is_created, gboolean is_closed);
 
 /*