diff options
author | Guy Harris <guy@alum.mit.edu> | 2000-02-14 04:02:21 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2000-02-14 04:02:21 +0000 |
commit | 12df8af4e3703a7cffd38486ec09a3789c22fbf2 (patch) | |
tree | 0ce261d8450317177091fbc9b5b1e73da238c6ef /packet-smb.c | |
parent | 0fa3ae9df0e8afadb6dfcebc9818a9858aa8e6a1 (diff) |
Jeff Foster's SMB Mailslot and Netlogin dissectors; he split
"packet-smb.c" up into several files.
svn path=/trunk/; revision=1629
Diffstat (limited to 'packet-smb.c')
-rw-r--r-- | packet-smb.c | 1765 |
1 files changed, 39 insertions, 1726 deletions
diff --git a/packet-smb.c b/packet-smb.c index 8d821a4b69..827ce78894 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -2,7 +2,7 @@ * Routines for smb packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-smb.c,v 1.60 2000/01/22 02:00:24 guy Exp $ + * $Id: packet-smb.c,v 1.61 2000/02/14 04:02:11 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -48,6 +48,11 @@ #include "smb.h" #include "alignment.h" +guint32 dissect_mailslot_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int); + +guint32 dissect_pipe_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int); + + static int proto_smb = -1; static gint ett_smb = -1; @@ -68,21 +73,7 @@ static gint ett_smb_action = -1; static gint ett_smb_writemode = -1; static gint ett_smb_lock_type = -1; -static int proto_browse = -1; - -static gint ett_browse = -1; -static gint ett_browse_flags = -1; -static gint ett_browse_election_criteria = -1; -static gint ett_browse_election_os = -1; -static gint ett_browse_election_desire = -1; -static int proto_lanman = -1; - -static gint ett_lanman = -1; -static gint ett_lanman_servers = -1; -static gint ett_lanman_server = -1; -static gint ett_lanman_shares = -1; -static gint ett_lanman_share = -1; /* * Struct passed to each SMB decode routine of info it may need @@ -97,23 +88,6 @@ struct smb_request_key { guint16 mid; }; -struct smb_request_val { - guint16 last_transact2_command; - gchar *last_transact_command; - guint16 mid; - guint16 last_lanman_cmd; - gchar *last_param_descrip; /* Keep these descriptors around */ - gchar *last_data_descrip; - guint16 trans_response_seen; - guint16 last_level; /* Last level in request */ -}; - -struct smb_info { - int tid, uid, mid, pid; /* Any more? */ - conversation_t *conversation; - struct smb_request_val *request_val; - int unicode; -}; GHashTable *smb_request_hash = NULL; GMemChunk *smb_request_keys = NULL; @@ -8248,9 +8222,6 @@ char *decode_trans2_name(int code) } -guint32 dissect_mailslot_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int); - -guint32 dissect_pipe_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int); void dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn) @@ -8887,341 +8858,9 @@ dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree * } -static char *p_desc = NULL, *d_desc = NULL, *data = NULL, *params = NULL; -static int p_count, d_count, p_offset, d_offset, d_current = 0, p_current = 0; -static int pd_p_current = 0, pd_d_current = 0, in_params = 0, need_data = 0; -static int lm_ent_count = 0, lm_act_count = 0; -/* Initialize the various data structure */ void -dissect_transact_engine_init(const u_char *pd, const char *param_desc, const char *data_desc, int SMB_offset, int ParameterOffset, int ParameterCount, int DataOffset, int DataCount) -{ - - d_count = DataCount; - p_count = ParameterCount; - d_offset = 0; - p_offset = 0; - d_current = 0; - p_current = 0; - lm_ent_count = lm_act_count = 0; - pd_d_current = DataOffset; - pd_p_current = ParameterOffset; - in_params = need_data = 0; - - if (p_desc) g_free(p_desc); - p_desc = g_malloc(strlen(param_desc) + 1); - strcpy(p_desc, param_desc); - - if (d_desc) g_free(d_desc); - d_desc= g_malloc(strlen(data_desc) + 1); - strcpy(d_desc, data_desc); - - if (params) g_free(params); - params = g_malloc(p_count); - memcpy(params, pd + ParameterOffset, ParameterCount); - - if (data) g_free(data); - data = g_malloc(d_count); - memcpy(data, pd + DataOffset, DataCount); - -} - -int get_ent_count() -{ - - return lm_ent_count; - -} - -int get_act_count() -{ - - return lm_act_count; - -} - -int get_byte_count(const u_char *p_data) - -{ - int count = 0, off = 0; - - while (p_data[off] && isdigit(p_data[off])) { - - count = (count * 10) + (int)p_data[off++] - (int)'0'; - - } - - return count; -} - -/* Dissect the next item, if Name is null, call it by its data type */ -/* We pull out the next item in the appropriate place and display it */ -/* We display the parameters first, then the data, then any auxilliary data */ - -int dissect_transact_next(const u_char *pd, char *Name, int dirn, proto_tree *tree) -{ - /* guint8 BParam; */ - guint16 WParam = 0; - guint32 LParam = 0; - const char /**Bytes,*/ *AsciiZ = NULL; - int bc; - - while (1) { - - if (p_desc[p_offset] == 0) return 0; /* No more ... */ - - switch (in_params) { - - case 0: /* We are in the params area ... */ - - switch (p_desc[p_offset++]) { - - case 'r': - - if (dirn == 0) { /* We need to process the data ... */ - - need_data = 1; - - } - - break; - - case 'h': /* A WORD parameter received */ - - if (dirn == 0) { - - WParam = GSHORT(pd, pd_p_current); - - proto_tree_add_text(tree, pd_p_current, 2, "%s: %u (%04X)", (Name) ? Name : "Returned Word", WParam, WParam); - - pd_p_current += 2; - - lm_act_count = WParam; - - return 1; - - } - - break; - - case 'e': /* An ent count .. */ - - if (dirn == 0) { /* Only relevant in a response */ - - WParam = GSHORT(pd, pd_p_current); - - proto_tree_add_text(tree, pd_p_current, 2, "%s: (%04X)", (Name) ? Name : "Entry Count", WParam, WParam); - - pd_p_current += 2; - - lm_ent_count = WParam; /* Save this for later retrieval */ - - return 1; - - } - - break; - - case 'W': /* Word Parameter */ - - if (dirn == 1) { /* A request ... */ - - /* Insert a word param */ - - WParam = GSHORT(pd, pd_p_current); - - proto_tree_add_text(tree, pd_p_current, 2, "%s: %u (%04X)", (Name) ? Name : "Word Param", WParam, WParam); - - pd_p_current += 2; - - return 1; /* That's it here ... we have dissected a param */ - - } - - break; - - case 'i': /* A long word is returned */ - - if (dirn == 0) { - - LParam = GWORD(pd, pd_p_current); - - proto_tree_add_text(tree, pd_p_current, 4, "%s: %u (0x%08X)", (Name) ? Name : "Returned Long Word", LParam, LParam); - - pd_p_current += 2; - - return 1; - - } - - break; - - case 'D': /* Double Word parameter */ - - if (dirn == 1) { - - LParam = GWORD(pd, pd_p_current); - - proto_tree_add_text(tree, pd_p_current, 4, "%s: %u (0x%08X)", (Name) ? Name : "DWord Param", LParam, LParam); - - pd_p_current += 4; - - return 1; /* That's it here */ - - } - - break; - - case 'g': /* A byte or series of bytes is returned */ - - if (dirn == 0) { - - bc = get_byte_count(p_desc + p_offset); - - proto_tree_add_text(tree, pd_p_current, bc, "%s%u: %s", (Name) ? Name : "B", (bc) ? bc : 1, format_text( pd + pd_p_current, (bc) ? bc : 1)); - - pd_p_current += (bc) ? bc : 1; - - return 1; - - } - - break; - - case 'b': /* A byte or series of bytes */ - - if (dirn == 1) { - - bc = get_byte_count(p_desc + p_offset); /* This is not clean */ - - /*Bytes = g_malloc(bc + 1); / * Is this needed ? */ - - proto_tree_add_text(tree, pd_p_current, bc, "%s%u: %s", (Name) ? Name : "B", (bc) ? bc : 1, format_text(pd + pd_p_current, (bc) ? bc : 1)); - - pd_p_current += (bc) ? bc : 1; - - return 1; /* That's it here ... */ - - } - - break; - - case 'O': /* A null pointer */ - - if (dirn == 1) { - - proto_tree_add_text(tree, pd_p_current, 0, "%s: Null Pointer", (Name) ? Name : "Unknown"); - - return 1; /* That's it here */ - - } - - break; - - case 'z': /* An AsciiZ string */ - - if (dirn == 1) { - - AsciiZ = pd + pd_p_current; - - proto_tree_add_text(tree, pd_p_current, strlen(AsciiZ) + 1, "%s: %s", (Name) ? Name : "AsciiZ", AsciiZ); - - pd_p_current += strlen(AsciiZ) + 1; - - return 1; /* That's it here ... */ - - } - - break; - - case 'F': /* One or more pad bytes */ - - if (dirn == 1) { - - bc = get_byte_count(pd); - - proto_tree_add_text(tree, pd_p_current, bc, "%s%u: %s", (Name) ? Name : "Pad", bc, format_text(pd + pd_p_current, bc)); - - pd_p_current += bc; - - return 1; /* That's it here */ - - } - - break; - - case 'L': /* Receive buffer len: Short */ - - if (dirn == 1) { - - WParam = GSHORT(pd, pd_p_current); - - proto_tree_add_text(tree, pd_p_current, 2, "%s: %u (0x%04X)", (Name) ? Name : "Receive Buffer Len", WParam, WParam); - - pd_p_current += 2; - - return 1; /* That's it here ... */ - - } - - break; - - case 's': /* Send buf ... */ - - if (dirn == 1) { - - need_data = 1; - - LParam = GWORD(pd, pd_p_current); - - proto_tree_add_text(tree, pd_p_current, 4, "%s: %u", (Name) ? Name : "Send Buffer Ptr", LParam); - - pd_p_current += 4; - - return 1; /* That's it here ... */ - - } - - break; - - case 'T': - - if (dirn == 1) { - - WParam = GSHORT(pd, pd_p_current); - - proto_tree_add_text(tree, pd_p_current, 2, "%s: %u", (Name) ? Name : "Send Buffer Len", WParam); - - pd_p_current += 2; - - return 1; - - } - - break; - - default: - - break; - - } - - break; - - case 1: /* We are in the data area ... */ - - - break; - - } - } - - return 0; - -} - -void -dissect_transact_params(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount, const char *TransactName) +dissect_transact_params(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount, int SetupAreaOffset, int SetupCount, const char *TransactName) { char *TransactNameCopy; char *trans_type = NULL, *trans_cmd, *loc_of_slash = NULL; @@ -9252,7 +8891,7 @@ dissect_transact_params(const u_char *pd, int offset, frame_data *fd, proto_tree if ((trans_cmd == NULL) || (((strcmp(trans_type, "MAILSLOT") != 0) || - !dissect_mailslot_smb(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, SMB_offset + DataOffset, DataCount, SMB_offset + ParameterOffset, ParameterCount)) && + !dissect_mailslot_smb(pd, SetupAreaOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, SMB_offset + DataOffset, DataCount, SMB_offset + ParameterOffset, ParameterCount)) && ((strcmp(trans_type, "PIPE") != 0) || !dissect_pipe_smb(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, DataOffset, DataCount, ParameterOffset, ParameterCount)))) { @@ -9337,6 +8976,9 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *p conversation_t *conversation; struct smb_request_key request_key, *new_request_key; struct smb_request_val *request_val; + + guint16 SetupAreaOffset; + /* * Find out what conversation this packet is part of @@ -9574,10 +9216,11 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *p if (tree) { proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3); - } offset += 1; /* Skip Reserved3 */ + + SetupAreaOffset = offset; /* Build display for: Setup */ @@ -9672,7 +9315,7 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *p /* Let's see if we can decode this */ - dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, TransactName); + dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, SetupAreaOffset, SetupCount, TransactName); } @@ -9816,6 +9459,7 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *p offset += 1; /* Skip Setup Count */ + /* Build display for: Reserved3 */ Reserved3 = GBYTE(pd, offset); @@ -9826,7 +9470,10 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *p } + offset += 1; /* Skip Reserved3 */ + + SetupAreaOffset = offset; /* Build display for: Setup */ @@ -9874,1356 +9521,15 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *p } - dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, si.request_val -> last_transact_command); - - } - -} - -/* - * The routines for mailslot and pipe dissecting should be migrated to another - * file soon? - */ - -#define NETSHAREENUM 0x00 /* 00 */ -#define NETSERVERENUM2 0x68 /* 104 */ - -void dissect_server_flags(proto_tree *tree, int offset, int length, int flags) -{ - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x0001, length*8, "Workstation", "Not Workstation")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x0002, length*8, "Server", "Not Server")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x0004, length*8, "SQL Server", "Not SQL Server")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x0008, length*8, "Domain Controller", "Not Domain Controller")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x0010, length*8, "Backup Controller", "Not Backup Controller")); - proto_tree_add_text(tree, offset, 4, "%s", - decode_boolean_bitfield(flags, 0x0020, length*8, "Time Source", "Not Time Source")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x0040, length*8, "Apple Server", "Not Apple Server")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x0080, length*8, "Novell Server", "Not Novell Server")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x0100, length*8, "Domain Member Server", "Not Domain Member Server")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x0200, length*8, "Print Queue Server", "Not Print Queue Server")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x0400, length*8, "Dialin Server", "Not Dialin Server")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x0800, length*8, "Xenix Server", "Not Xenix Server")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x1000, length*8, "NT Workstation", "Not NT Workstation")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x2000, length*8, "Windows for Workgroups", "Not Windows for Workgroups")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x8000, length*8, "NT Server", "Not NT Server")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x10000, length*8, "Potential Browser", "Not Potential Browser")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x20000, length*8, "Backup Browser", "Not Backup Browser")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x40000, length*8, "Master Browser", "Not Master Browser")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x80000, length*8, "Domain Master Browser", "Not Domain Master Browser")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x100000, length*8, "OSF", "Not OSF")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x200000, length*8, "VMS", "Not VMS")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x400000, length*8, "Windows 95 or above", "Not Windows 95 or above")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x40000000, length*8, "Local List Only", "Not Local List Only")); - proto_tree_add_text(tree, offset, length, "%s", - decode_boolean_bitfield(flags, 0x80000000, length*8, "Domain Enum", "Not Domain Enum")); - -} - -/* - * The following data structure describes the LANMAN requests we understand - * - * Simply fill in the number, name, and parameter names if you know them - * Try to keep them in order - * - * We will extend this data structure as we try to decode more ... - */ - -struct lanman_desc { - int lanman_num; - char *lanman_name; - char **req; - char **req_data; /* Hmmm, not flexible enough */ - char **resp; - char **resp_data; -}; - -static char *lm_params_req_0[] = {"Detail Level", "Return Buffer Size", NULL}; -static char *lm_params_req_1[] = {"Share Name", "Detail Level", "Receive Buffer Size", NULL}; -static char *lm_params_resp_1[] = {"Returned Data Len", NULL}; -static char *lm_params_req_13[] = {"Detail Level", "Receive Buffer Size", NULL}; -static char *lm_params_req_56[] = {"User Name", "Detail Level", "Receive Buffer Size", NULL}; -static char *lm_params_req_104[] = {"Detail Level", "Return Buffer Size", "Server Type", "Domain", NULL}; -static char *lm_params_req_132[] = {"Reserved1", "Reserved2", "Detail Level", "UserInfoStruct?", "Length of UStruct", "Receive Buffer Size", NULL}; -static char *lm_params_req_133[] = {"Reserved1", "Reserved2", "Detail Level", "UserInfoStruct?", "Length of UStruct", "Receive Buffer Size", NULL}; - -static char *lm_null_params[] = {NULL}; - -struct lanman_desc lmd[] = { - {0, "NetShareEnum", lm_params_req_0, lm_null_params, lm_null_params, lm_null_params}, - {1, "NetShareGetInfo", lm_params_req_1, lm_null_params, lm_params_resp_1, lm_null_params}, - {13, "NetServerGetInfo", lm_params_req_13, lm_null_params, lm_null_params, lm_null_params}, - {56, "NetGroupGetUser", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {56, "NetUserGetInfo", lm_params_req_56, lm_null_params, lm_null_params, lm_null_params}, - {59, "NetUserGetGroups", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {63, "NetWkstaGetInfo", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {69, "DOSPrintQEnum", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {70, "DOSPrintQGetInfo", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {74, "WPrintQueuePause", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {75, "WPrintQueueResume", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {76, "WPrintJobEnumerate", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {77, "WPrintJobGetInfo", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {81, "RDOSPrintJobDel", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {82, "RDOSPrintJobPause", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {83, "RDOSPrintJobResume", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {84, "WPrintDestEnum", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {85, "WPrintDestGetInfo", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {91, "NetRemoteTOD", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {103, "WPrintQueuePurge", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {104, "NetServerEnum2", lm_params_req_104, lm_null_params, lm_null_params, lm_null_params}, - {105, "WAccessGetUserPerms", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {115, "SetUserPassword", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {132, "NetWkstaUserLogon", lm_params_req_132, lm_null_params, lm_null_params, lm_null_params}, - {133, "NetWkstaUserLogoff", lm_params_req_133, lm_null_params, lm_null_params, lm_null_params}, - {147, "PrintJobInfo", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {205, "WPrintDriverEnum", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {206, "WPrintQProcEnum", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {207, "WPrintPortEnum", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {214, "SamOEMChangePassword", lm_null_params, lm_null_params, lm_null_params, lm_null_params}, - {-1, NULL, NULL,NULL, NULL, NULL} -}; - -struct lanman_desc * -find_lanman(int lanman_num) -{ - int i = 0; - - /* FIXME, This could be more efficient */ - - while (lmd[i].lanman_num != -1) { - - if (lmd[i].lanman_num == lanman_num) { - - return &lmd[i]; - - } - - i++; - - } - - return NULL; - -} - -guint32 -dissect_pipe_lanman(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount) -{ - guint32 loc_offset = SMB_offset + ParameterOffset; - guint16 FunctionCode; - guint16 Level; - guint16 RecvBufLen; - guint16 Flags; - const char *ParameterDescriptor; - const char *ReturnDescriptor; - proto_tree *lanman_tree = NULL, *flags_tree = NULL; - proto_item *ti; - struct lanman_desc *lanman; - - if (check_col(fd, COL_PROTOCOL)) - col_add_fstr(fd, COL_PROTOCOL, "LANMAN"); - - if (dirn == 1) { /* The request side */ - - FunctionCode = GSHORT(pd, loc_offset); - - si.request_val -> last_lanman_cmd = FunctionCode; - - switch (FunctionCode) { - - case NETSHAREENUM: /* Never decode this at the moment ... */ - - if (check_col(fd, COL_INFO)) { - - col_add_fstr(fd, COL_INFO, "NetShareEnum Request"); - - } - - if (tree) { - - ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, ParameterCount, NULL); - lanman_tree = proto_item_add_subtree(ti, ett_lanman); - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Function Code: NetShareEnum"); - - } - - loc_offset += 2; - - ParameterDescriptor = pd + loc_offset; - - si.request_val -> trans_response_seen = 0; - - if (si.request_val -> last_param_descrip) g_free(si.request_val -> last_param_descrip); - si.request_val -> last_param_descrip = g_malloc(strlen(ParameterDescriptor) + 1); - if (si.request_val -> last_param_descrip) - strcpy(si.request_val -> last_param_descrip, ParameterDescriptor); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, strlen(ParameterDescriptor) + 1, "Parameter Descriptor: %s", ParameterDescriptor); - - } - - loc_offset += strlen(ParameterDescriptor) + 1; - - ReturnDescriptor = pd + loc_offset; - - if (si.request_val -> last_data_descrip) g_free(si.request_val -> last_data_descrip); - si.request_val -> last_data_descrip = g_malloc(strlen(ReturnDescriptor) + 1); - if (si.request_val -> last_data_descrip) - strcpy(si.request_val -> last_data_descrip, ReturnDescriptor); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, strlen(ReturnDescriptor) + 1, "Return Descriptor: %s", ReturnDescriptor); - - } - - loc_offset += strlen(ReturnDescriptor) + 1; - - Level = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Detail Level: %u", Level); - - } - - loc_offset += 2; - - RecvBufLen = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Receive Buffer Length: %u", RecvBufLen); - - } - - loc_offset += 2; - - break; - - case NETSERVERENUM2: /* Process a NetServerEnum2 */ - - if (check_col(fd, COL_INFO)) { - - col_add_fstr(fd, COL_INFO, "NetServerEnum2 %s", dirn ? "Request" : "Response"); - - } - - if (tree) { - - ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, ParameterCount, NULL); - lanman_tree = proto_item_add_subtree(ti, ett_lanman); - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Function Code: NetServerEnum2"); - - } - - loc_offset += 2; - - ParameterDescriptor = pd + loc_offset; - - /* Now, save these for later */ - - si.request_val -> trans_response_seen = 0; - - if (si.request_val -> last_param_descrip) g_free(si.request_val -> last_param_descrip); - si.request_val -> last_param_descrip = g_malloc(strlen(ParameterDescriptor) + 1); - if (si.request_val -> last_param_descrip) - strcpy(si.request_val -> last_param_descrip, ParameterDescriptor); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, strlen(ParameterDescriptor) + 1, "Parameter Descriptor: %s", ParameterDescriptor); - - } - - loc_offset += strlen(ParameterDescriptor) + 1; - - ReturnDescriptor = pd + loc_offset; - - if (si.request_val -> last_data_descrip) g_free(si.request_val -> last_data_descrip); - - si.request_val -> last_data_descrip = g_malloc(strlen(ReturnDescriptor) + 1); - if (si.request_val -> last_data_descrip) - strcpy(si.request_val -> last_data_descrip, ReturnDescriptor); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, strlen(ReturnDescriptor) + 1, "Return Descriptor: %s", ReturnDescriptor); - - } - - loc_offset += strlen(ReturnDescriptor) + 1; - - Level = GSHORT(pd, loc_offset); - si.request_val -> last_level = Level; - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Info Detail Level: %u", Level); - - } - - loc_offset += 2; - - RecvBufLen = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Receive Buffer Length: %u", RecvBufLen); - - } - - loc_offset += 2; - - Flags = GWORD(pd, loc_offset); - - if (tree) { - - ti = proto_tree_add_text(lanman_tree, loc_offset, 4, "Server Types Required: 0x%08X", Flags); - flags_tree = proto_item_add_subtree(ti, ett_browse_flags); - dissect_server_flags(flags_tree, loc_offset, 4, Flags); - - } - - loc_offset += 4; - - return 1; - break; - - default: /* Just try to handle what is there ... */ - - lanman = find_lanman(FunctionCode); - - if (check_col(fd, COL_INFO)) { - - if (lanman) { - col_add_fstr(fd, COL_INFO, "%s Request", lanman -> lanman_name); - } - else { - col_add_fstr(fd, COL_INFO, "Unknown LANMAN Request: %u", FunctionCode); - } - } - - if (tree) { - - ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, ParameterCount, NULL); - lanman_tree = proto_item_add_subtree(ti, ett_lanman); - - if (lanman) { - proto_tree_add_text(lanman_tree, loc_offset, 2, "%s Request", lanman -> lanman_name); - } - else { - proto_tree_add_text(lanman_tree, loc_offset, 2, "Function Code: Unknown LANMAN Request: %u", FunctionCode); - } - - } - - loc_offset += 2; - - ParameterDescriptor = pd + loc_offset; - - si.request_val -> trans_response_seen = 0; - - if (si.request_val -> last_param_descrip) g_free(si.request_val -> last_param_descrip); - si.request_val -> last_param_descrip = g_malloc(strlen(ParameterDescriptor) + 1); - if (si.request_val -> last_param_descrip) - strcpy(si.request_val -> last_param_descrip, ParameterDescriptor); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, strlen(ParameterDescriptor) + 1, "Parameter Descriptor: %s", ParameterDescriptor); - - } - - loc_offset += strlen(ParameterDescriptor) + 1; - - ReturnDescriptor = pd + loc_offset; - - if (si.request_val -> last_data_descrip) g_free(si.request_val -> last_data_descrip); - si.request_val -> last_data_descrip = g_malloc(strlen(ReturnDescriptor) + 1); - if (si.request_val -> last_data_descrip) - strcpy(si.request_val -> last_data_descrip, ReturnDescriptor); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, strlen(ReturnDescriptor) + 1, "Return Descriptor: %s", ReturnDescriptor); - - } - - loc_offset += strlen(ReturnDescriptor) + 1; - - if (tree) { - - int i = 0; /* Counter for names below */ - char *name = NULL; - - dissect_transact_engine_init(pd, ParameterDescriptor, ReturnDescriptor,SMB_offset, loc_offset, ParameterCount, DataOffset, DataCount); - - if (lanman) name = lanman -> req[i]; /* Must be OK ... */ - - while (dissect_transact_next(pd, name, dirn, lanman_tree)) - if (name) name = lanman -> req[++i]; - } - - break; - - } - } - else { /* Dirn == 0, response */ - guint16 Status; - guint16 Convert; - guint16 EntCount; - guint16 AvailCount; - guint32 loc_offset = 0; - int i; - proto_tree *server_tree = NULL, *flags_tree = NULL, *share_tree = NULL; - - FunctionCode = si.request_val -> last_lanman_cmd; - - /* - * If we have already seen the response to this transact, simply - * record it as a continuation ... - */ - - printf("TransResponseSeen = %u\n", si.request_val -> trans_response_seen); - - if (si.request_val -> trans_response_seen == 1) { - - if (check_col(fd, COL_INFO)) { - col_add_fstr(fd, COL_INFO, "Transact Continuation"); - } - - if (tree) { - - ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + DataOffset, END_OF_FRAME, NULL); - - lanman_tree = proto_item_add_subtree(ti, ett_lanman); - - proto_tree_add_text(lanman_tree, loc_offset, END_OF_FRAME, "Payload: %s", format_text(pd + SMB_offset + DataOffset, END_OF_FRAME)); - - } - - return 1; - - - } - - si.request_val -> trans_response_seen = 1; - - switch (FunctionCode) { - - case NETSHAREENUM: - - if (check_col(fd, COL_INFO)) { - - col_add_fstr(fd, COL_INFO, "NetShareEnum Response"); - - } - - if (tree) { - - ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, END_OF_FRAME, NULL); - lanman_tree = proto_item_add_subtree(ti, ett_lanman); - - proto_tree_add_text(lanman_tree, loc_offset, 0, "Function Code: NetShareEnum"); - - } - - si.request_val -> trans_response_seen = 1; - - loc_offset = SMB_offset + ParameterOffset; - - Status = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Status: %u", Status); - - } - - loc_offset += 2; - - Convert = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Convert: %u", Convert); - - } - - loc_offset += 2; - - EntCount = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Entry Count: %u", EntCount); - - } - - loc_offset += 2; - - AvailCount = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Available Entries: %u", AvailCount); - - } - - loc_offset += 2; - - if (tree) { - - ti = proto_tree_add_text(lanman_tree, loc_offset, AvailCount * 20, "Available Shares", NULL); - - share_tree = proto_item_add_subtree(ti, ett_lanman_shares); - - } - - for (i = 1; i <= EntCount; i++) { - const gchar *Share = pd + loc_offset; - guint32 Flags; - const gchar *Comment; - proto_tree *share = NULL; - proto_item *ti = NULL; - - if (tree) { - - ti = proto_tree_add_text(share_tree, loc_offset, 20, "Share %s", Share); - share = proto_item_add_subtree(ti, ett_lanman_share); - - - } - - if (tree) { - - proto_tree_add_text(share, loc_offset, 13, "Share Name: %s", Share); - - } - - loc_offset += 13; - - while (loc_offset % 4) - loc_offset += 1; /* Align to a word boundary ... */ - - Flags = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(share, loc_offset, 2, "Share Type: %u", Flags); - - } - - loc_offset += 2; - - Comment = pd + SMB_offset + DataOffset + (GWORD(pd, loc_offset) & 0xFFFF) - Convert; - - if (tree) { - - proto_tree_add_text(share, loc_offset, 4, "Share Comment: %s", Comment); - - } - - loc_offset += 4; - - } - - break; - - case NETSERVERENUM2: - - if (check_col(fd, COL_INFO)) { - - col_add_fstr(fd, COL_INFO, "NetServerEnum2 %s", dirn ? "Request" : "Response"); - - } - - if (tree) { - - ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, END_OF_FRAME, NULL); - lanman_tree = proto_item_add_subtree(ti, ett_lanman); - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Function Code: NetServerEnum2"); - - } - - loc_offset = SMB_offset + ParameterOffset; - Status = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Status: %u", Status); - - } - - loc_offset += 2; - - Convert = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Convert: %u", Convert); - - } - - loc_offset += 2; - - EntCount = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Entry Count: %u", EntCount); - - } - - loc_offset += 2; - - AvailCount = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Available Entries: %u", AvailCount); - - } - - loc_offset += 2; - - if (tree) { - - ti = proto_tree_add_text(lanman_tree, loc_offset, 26 * AvailCount, "Servers"); - if (ti == NULL) { - - printf("Null value returned from proto_tree_add_text\n"); - exit(1); - - } - - server_tree = proto_item_add_subtree(ti, ett_lanman_servers); - - } - - /* Make sure we don't go past the end of the capture buffer */ - - for (i = 1; (i <= EntCount) && ((pi.captured_len - loc_offset) > 16); i++) { - const gchar *Server = pd + loc_offset; - gint8 ServerMajor; - guint ServerMinor; - guint32 ServerFlags; - const gchar *Comment; - proto_tree *server = NULL; - proto_item *ti; - - if (tree) { - - ti = proto_tree_add_text(server_tree, loc_offset, - (si.request_val -> last_level) ? 26 : 16, - "Server %s", Server); - server = proto_item_add_subtree(ti, ett_lanman_server); - - - } - - if (tree) { - - proto_tree_add_text(server, loc_offset, 16, "Server Name: %s", Server); - - } - - loc_offset += 16; - - if (si.request_val -> last_level) { /* Print out the rest of the info */ - - ServerMajor = GBYTE(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(server, loc_offset, 1, "Major Version: %u", ServerMajor); - - } - - loc_offset += 1; - - ServerMinor = GBYTE(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(server, loc_offset, 1, "Minor Version: %u", ServerMinor); - - } - - loc_offset += 1; - - ServerFlags = GWORD(pd, loc_offset); - - if (tree) { - - ti = proto_tree_add_text(server, loc_offset, 4, "Server Type: 0x%08X", ServerFlags); - flags_tree = proto_item_add_subtree(ti, ett_browse_flags); - dissect_server_flags(flags_tree, loc_offset, 4, ServerFlags); - - } - - loc_offset += 4; - - Comment = pd + SMB_offset + DataOffset + (GWORD(pd, loc_offset) & 0xFFFF) - Convert; - - if (tree) { - - proto_tree_add_text(server, loc_offset, 4, "Server Comment: %s", Comment); - - } - - loc_offset += 4; - - } - - } - - break; - - default: - - lanman = find_lanman(si.request_val -> last_lanman_cmd); - - if (check_col(fd, COL_INFO)) { - - if (lanman) { - col_add_fstr(fd, COL_INFO, "%s Response", lanman -> lanman_name); - } - else { - col_add_fstr(fd, COL_INFO, "Unknown LANMAN Response: %u", FunctionCode); - } - } - - if (tree) { - - ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, END_OF_FRAME, NULL); - lanman_tree = proto_item_add_subtree(ti, ett_lanman); - if (lanman) { - proto_tree_add_text(lanman_tree, 0, 0, "%s Response", lanman -> lanman_name); - } - else { - proto_tree_add_text(lanman_tree, loc_offset, 0, "Function Code: Unknown LANMAN Response: %u", FunctionCode); - } - } - - loc_offset = SMB_offset + ParameterOffset; - - Status = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Status: %u", Status); - - } - - loc_offset += 2; - - Convert = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(lanman_tree, loc_offset, 2, "Convert: %u", Convert); - - } - - loc_offset += 2; - - if (tree) { - - int i = 0; - char *name = NULL; - - dissect_transact_engine_init(pd, si.request_val -> last_param_descrip, si.request_val -> last_data_descrip, SMB_offset, loc_offset, ParameterCount, DataOffset, DataCount); - - if (lanman) name = lanman -> resp[i]; - - while (dissect_transact_next(pd, name, dirn, lanman_tree)) - if (name) name = lanman -> resp[++i]; - - } - - return 1; - break; - - } - - } - - return 0; - -} - -guint32 -dissect_pipe_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount) -{ - - if (strcmp(command, "LANMAN") == 0) { /* Try to decode a LANMAN */ - - return dissect_pipe_lanman(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, command, DataOffset, DataCount, ParameterOffset, ParameterCount); - - } - - return 0; - -} - -char *browse_commands[] = -{ "Error, No such command!", /* Value 0 */ - "Host Announcement", /* Value 1 */ - "Request Announcement", /* Value 2 */ - "Error, No such command!", /* Value 3 */ - "Error, No such command!", /* Value 4 */ - "Error, No such command!", /* Value 5 */ - "Error, No such command!", /* Value 6 */ - "Error, No such command!", /* Value 7 */ - "Browser Election Request", /* Value 8 */ - "Get Backup List Request", /* Value 9 */ - "Get Backup List Response", /* Value 10 */ - "Become Backup Browser", /* Value 11 */ - "Domain/Workgroup Announcement", /* Value 12 */ - "Master Announcement", /* Value 13 */ - "Error! No such command", /* Value 14 */ - "Local Master Announcement" /* Value 15 */ -}; - -#define HOST_ANNOUNCE 1 -#define REQUEST_ANNOUNCE 2 -#define BROWSER_ELECTION 8 -#define GETBACKUPLISTREQ 9 -#define GETBACKUPLISTRESP 10 -#define BECOMEBACKUPBROWSER 11 -#define DOMAINANNOUNCEMENT 12 -#define MASTERANNOUNCEMENT 13 -#define LOCALMASTERANNOUNC 15 - -char *svr_types[32] = { - "Workstation", - "Server", - "SQL Server", - "Domain Controller", - "Backup Controller", - "Time Source", - "Apple Server", - "Novell Server", - "Domain Member Server", - "Print Queue Server", - "Dialin Server", - "Xenix Server", - "NT Workstation", - "Windows for Workgroups", - "Unknown Server - FIXME", - "NT Server", - "Potential Browser", - "Backup Browser", - "Master Browser", - "Domain Master Browser", - "OSF", - "VMS", - "Windows 95 or above", - "Unused", - "Unused", - "Unused", - "Unused", - "Unused", - "Unused", - "Unused", - "Local List Only", - "Domain Enum" -}; - -guint32 -dissect_mailslot_browse(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount) -{ - guint8 OpCode; - guint8 UpdateCount; - guint8 VersionMajor; - guint8 VersionMinor; - guint32 Periodicity; - guint32 ServerType; - guint16 SigConstant; - guint32 Token; - guint8 BackupServerCount; - guint8 Flags; - guint32 MBZ; - guint8 ElectionVersion; - guint32 ElectionCriteria; - guint8 ElectionOS; - guint8 ElectionDesire; - guint16 ElectionRevision; - guint32 ServerUpTime; - const char *ServerName; - const char *ServerComment; - proto_tree *browse_tree = NULL, *flags_tree = NULL, - *OSflags = NULL, *DesireFlags = NULL; - proto_item *ti, *ec; - guint32 loc_offset = DataOffset, count = 0; - int i; - - if (check_col(fd, COL_PROTOCOL)) - col_add_str(fd, COL_PROTOCOL, "BROWSER"); - - if (check_col(fd, COL_INFO)) /* Put in something, and replace it later */ - col_add_str(fd, COL_INFO, "Browse Announcement"); - - /* - * Now, decode the browse request - */ - - OpCode = GBYTE(pd, loc_offset); - - if (check_col(fd, COL_INFO)) - col_add_fstr(fd, COL_INFO, (OpCode > (sizeof(browse_commands)/sizeof(char *))) ? "Error, No Such Command:%u" : browse_commands[OpCode], OpCode); - - if (tree) { /* Add the browse tree */ - - ti = proto_tree_add_item(parent, proto_browse, DataOffset, DataCount, NULL); - browse_tree = proto_item_add_subtree(ti, ett_browse); - - proto_tree_add_text(browse_tree, loc_offset, 1, "OpCode: %s", (OpCode > (sizeof(browse_commands)/sizeof(char *))) ? "Error, No Such Command" : browse_commands[OpCode]); - - } - - loc_offset += 1; /* Skip the OpCode */ - - switch (OpCode) { - - case DOMAINANNOUNCEMENT: - case LOCALMASTERANNOUNC: - case HOST_ANNOUNCE: - - UpdateCount = GBYTE(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 1, "Update Count: %u", UpdateCount); - - } - - loc_offset += 1; /* Skip the Update Count */ - - Periodicity = GWORD(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 4, "Update Periodicity: %u Sec", Periodicity/1000 ); - - } - - loc_offset += 4; - - ServerName = pd + loc_offset; - - if (check_col(fd, COL_INFO)) { - - col_append_fstr(fd, COL_INFO, " %s", ServerName); - - } - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 16, (OpCode == DOMAINANNOUNCEMENT) ? "Domain/WorkGroup: %s": "Host Name: %s", ServerName); - - } - - loc_offset += 16; - - VersionMajor = GBYTE(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 1, "Major Version: %u", VersionMajor); - - } - - loc_offset += 1; - - VersionMinor = GBYTE(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 1, "Minor Version: %u", VersionMinor); - - } - - loc_offset += 1; - - ServerType = GWORD(pd, loc_offset); - - if (check_col(fd, COL_INFO)) { - - /* Append the type(s) of the system to the COL_INFO line ... */ - - for (i = 1; i <= 32; i++) { - - if (ServerType & (1 << (i - 1)) && (strcmp("Unused", svr_types[i]) != 0)) - col_append_fstr(fd, COL_INFO, ", %s", svr_types[i - 1]); - - } - - } - - if (tree) { - - ti = proto_tree_add_text(browse_tree, loc_offset, 4, "Server Type: 0x%04x", ServerType); - flags_tree = proto_item_add_subtree(ti, ett_browse_flags); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x0001, 32, "Workstation", "Not Workstation")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x0002, 32, "Server", "Not Server")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x0004, 32, "SQL Server", "Not SQL Server")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x0008, 32, "Domain Controller", "Not Domain Controller")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x0010, 32, "Backup Controller", "Not Backup Controller")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x0020, 32, "Time Source", "Not Time Source")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x0040, 32, "Apple Server", "Not Apple Server")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x0080, 32, "Novell Server", "Not Novell Server")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x0100, 32, "Domain Member Server", "Not Domain Member Server")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x0200, 32, "Print Queue Server", "Not Print Queue Server")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x0400, 32, "Dialin Server", "Not Dialin Server")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x0800, 32, "Xenix Server", "Not Xenix Server")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x1000, 32, "NT Workstation", "Not NT Workstation")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x2000, 32, "Windows for Workgroups", "Not Windows for Workgroups")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x8000, 32, "NT Server", "Not NT Server")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x10000, 32, "Potential Browser", "Not Potential Browser")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x20000, 32, "Backup Browser", "Not Backup Browser")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x40000, 32, "Master Browser", "Not Master Browser")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x80000, 32, "Domain Master Browser", "Not Domain Master Browser")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x100000, 32, "OSF", "Not OSF")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x200000, 32, "VMS", "Not VMS")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x400000, 32, "Windows 95 or above", "Not Windows 95 or above")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x40000000, 32, "Local List Only", "Not Local List Only")); - proto_tree_add_text(flags_tree, loc_offset, 4, "%s", - decode_boolean_bitfield(ServerType, 0x80000000, 32, "Domain Enum", "Not Domain Enum")); - } - loc_offset += 4; - - ElectionVersion = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 2, "Election Version: %u", ElectionVersion); - - } - - loc_offset += 2; - - SigConstant = GSHORT(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 2, "Signature: %u (0x%04X)", SigConstant, SigConstant); - - } - - loc_offset += 2; - - ServerComment = pd + loc_offset; - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, strlen(ServerComment) + 1, "Host Comment: %s", ServerComment); - - } - - break; - - case REQUEST_ANNOUNCE: - - Flags = GBYTE(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 1, "Unused Flags: %u", Flags); - - } - - loc_offset += 1; - - ServerName = pd + loc_offset; - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Send List To: %s", ServerName); - - } - - break; - - case BROWSER_ELECTION: - - ElectionVersion = GBYTE(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 1, "Election Version = %u", ElectionVersion); - - } - - loc_offset += 1; - - ElectionCriteria = GWORD(pd, loc_offset); - ElectionOS = GBYTE(pd, loc_offset + 3); - ElectionRevision = GSHORT(pd, loc_offset + 1); - ElectionDesire = GBYTE(pd, loc_offset); - - if (tree) { - - ti = proto_tree_add_text(browse_tree, loc_offset, 4, "Election Criteria = %u (0x%08X)", ElectionCriteria, ElectionCriteria); - - ec = proto_item_add_subtree(ti, ett_browse_election_criteria); - - ti = proto_tree_add_text(ec, loc_offset + 3, 1, "Election OS Summary: %u (0x%02X)", ElectionOS, ElectionOS); - - OSflags = proto_item_add_subtree(ti, ett_browse_election_os); - - proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s", - decode_boolean_bitfield(ElectionOS, 0x01, 8, "Windows for Workgroups", "Not Windows for Workgroups")); - - proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s", - decode_boolean_bitfield(ElectionOS, 0x02, 8, "Unknown", "Not used")); - - proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s", - decode_boolean_bitfield(ElectionOS, 0x04, 8, "Unknown", "Not used")); - - proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s", - decode_boolean_bitfield(ElectionOS, 0x08, 8, "Unknown", "Not used")); - - proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s", - decode_boolean_bitfield(ElectionOS, 0x10, 8, "Windows NT Workstation", "Not Windows NT Workstation")); - - proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s", - decode_boolean_bitfield(ElectionOS, 0x20, 8, "Windows NT Server", "Not Windows NT Server")); - - proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s", - decode_boolean_bitfield(ElectionOS, 0x40, 8, "Unknown", "Not used")); - - proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s", - decode_boolean_bitfield(ElectionOS, 0x80, 8, "Unknown", "Not used")); - - proto_tree_add_text(ec, loc_offset + 1, 2, "Election Revision: %u (0x%04X)", ElectionRevision, ElectionRevision); - - ti = proto_tree_add_text(ec, loc_offset, 1, "Election Desire Summary: %u (0x%02X)", ElectionDesire, ElectionDesire); - - DesireFlags = proto_item_add_subtree(ti, ett_browse_election_desire); - - proto_tree_add_text(DesireFlags, loc_offset, 1, "%s", - decode_boolean_bitfield(ElectionDesire, 0x01, 8, "Backup Browse Server", "Not Backup Browse Server")); - - proto_tree_add_text(DesireFlags, loc_offset, 1, "%s", - decode_boolean_bitfield(ElectionDesire, 0x02, 8, "Standby Browse Server", "Not Standby Browse Server")); - - proto_tree_add_text(DesireFlags, loc_offset, 1, "%s", - decode_boolean_bitfield(ElectionDesire, 0x04, 8, "Master Browser", "Not Master Browser")); + dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, SetupAreaOffset, SetupCount, si.request_val -> last_transact_command); - proto_tree_add_text(DesireFlags, loc_offset, 1, "%s", - decode_boolean_bitfield(ElectionDesire, 0x08, 8, "Domain Master Browse Server", "Not Domain Master Browse Server")); - - proto_tree_add_text(DesireFlags, loc_offset, 1, "%s", - decode_boolean_bitfield(ElectionDesire, 0x10, 8, "Unknown", "Not used")); - - proto_tree_add_text(DesireFlags, loc_offset, 1, "%s", - decode_boolean_bitfield(ElectionDesire, 0x20, 8, "WINS Client", "Not WINS Client")); - - proto_tree_add_text(DesireFlags, loc_offset, 1, "%s", - decode_boolean_bitfield(ElectionDesire, 0x40, 8, "Unknown", "Not used")); - - proto_tree_add_text(DesireFlags, loc_offset, 1, "%s", - decode_boolean_bitfield(ElectionDesire, 0x80, 8, "Windows NT Advanced Server", "Not Windows NT Advanced Server")); - - } - - loc_offset += 4; - - ServerUpTime = GWORD(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 4, "Server Up Time: %u Sec", ServerUpTime/1000); - - } - - loc_offset += 4; - - MBZ = GWORD(pd, loc_offset); - - loc_offset += 4; - - ServerName = pd + loc_offset; - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Election Server Name: %s", ServerName); - - } - - break; - - case GETBACKUPLISTREQ: - - BackupServerCount = GBYTE(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 1, "Backup List Requested Count: %u", BackupServerCount); - - } - - loc_offset += 1; - - Token = GWORD(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 4, "Backup Request Token: %u", Token); - - } - - break; - - case GETBACKUPLISTRESP: - - BackupServerCount = GBYTE(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 1, "Backup Server Count: %u", BackupServerCount); - - } - - loc_offset += 1; - - Token = GWORD(pd, loc_offset); - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, 4, "Backup Response Token: %u", Token); - - } - - loc_offset += 4; - - ServerName = pd + loc_offset; - - for (count = 1; count <= BackupServerCount; count++) { - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Backup Server: %s", ServerName); - - } - - loc_offset += strlen(ServerName) + 1; - - ServerName = pd + loc_offset; - - } - - break; - - case BECOMEBACKUPBROWSER: - - ServerName = pd + loc_offset; - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Browser to Promote: %s", ServerName); - - } - - break; - - case MASTERANNOUNCEMENT: - - ServerName = pd + loc_offset; - - if (tree) { - - proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Server Name: %s", ServerName); - - } - - break; - - default: - break; } - - return 1; /* Success */ - -} - -guint32 -dissect_mailslot_net(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount) -{ - - return 0; } -guint32 -dissect_mailslot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount) -{ - - if (strcmp(command, "BROWSE") == 0) { /* Decode a browse */ - - return dissect_mailslot_browse(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, command, DataOffset, DataCount); - } - else if (strcmp(command, "LANMAN") == 0) { - return dissect_pipe_lanman(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, command, DataOffset, DataCount, ParameterOffset, ParameterCount); - } - - return 0; -} void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int) = { @@ -11877,6 +10183,15 @@ dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int } +/*** External routines called during the registration process */ + +extern void register_proto_smb_browse( void); +extern void register_proto_smb_logon( void); +extern void register_proto_smb_mailslot( void); +extern void register_proto_smb_pipe( void); +extern void register_proto_smb_mailslot( void); + + void proto_register_smb(void) { @@ -11902,22 +10217,20 @@ proto_register_smb(void) &ett_smb_action, &ett_smb_writemode, &ett_smb_lock_type, - &ett_browse, - &ett_browse_flags, - &ett_browse_election_criteria, - &ett_browse_election_os, - &ett_browse_election_desire, - &ett_lanman, - &ett_lanman_servers, - &ett_lanman_server, - &ett_lanman_shares, - &ett_lanman_share }; proto_smb = proto_register_protocol("Server Message Block Protocol", "smb"); - proto_browse = proto_register_protocol("Microsoft Windows Browser Protocol", "browser"); - proto_lanman = proto_register_protocol("Microsoft Windows LanMan Protocol", "lanman"); - /* proto_register_field_array(proto_smb, hf, array_length(hf));*/ + proto_register_subtree_array(ett, array_length(ett)); register_init_routine(&smb_init_protocol); + + + register_proto_smb_browse(); + register_proto_smb_logon( ); + register_proto_smb_mailslot(); + register_proto_smb_pipe(); + register_proto_smb_mailslot(); + } + + |