From e511c1af985a3dc3294631950b5190266d0b659b Mon Sep 17 00:00:00 2001 From: guy Date: Tue, 10 Aug 2010 07:04:20 +0000 Subject: Dissect SMB_FILE_ATTRIBUTES, when used as file attributes rather than search attributes, as a 16-bit quantity, with only the bits specified by section 2.2.1.2.4 of [MS-CIFS]. Use dissect_file_ext_attr() in all cases where we're dissecting SMB_EXT_FILE_ATTR, as specified by section 2.2.1.2.3 of [MS-CIFS]. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@33753 f5534014-38df-0310-8fa8-9805f1628bb7 --- epan/dissectors/packet-smb.c | 107 +++++++++++++++++-------------------------- 1 file changed, 41 insertions(+), 66 deletions(-) (limited to 'epan/dissectors/packet-smb.c') diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c index 65bf319e97..04d0eee57f 100644 --- a/epan/dissectors/packet-smb.c +++ b/epan/dissectors/packet-smb.c @@ -1589,75 +1589,47 @@ static const true_false_string tfs_file_attribute_encrypted = { }; /* - * In some places in the CIFS_TR_1p00.pdf, from SNIA, file attributes are - * listed as USHORT, and seem to be in packets in the wild, while in other - * places they are listed as ULONG, and also seem to be. - * - * So, I (Richard Sharpe), added a parameter to allow us to specify how many - * bytes to consume. + * Dissects an SMB_FILE_ATTRIBUTES, to use the term given to it by + * section 2.2.1.2.4 of [MS-CIFS], in cases where it's just file attributes, + * not search attributes. */ - -int -dissect_file_attributes(tvbuff_t *tvb, proto_tree *parent_tree, int offset, - int bytes) +static int +dissect_file_attributes(tvbuff_t *tvb, proto_tree *parent_tree, int offset) { guint16 mask; proto_item *item; proto_tree *tree; - if (bytes != 2 && bytes != 4) { - THROW(ReportedBoundsError); - } - - /* - * The actual bits of interest appear to only be a USHORT - */ - /* FIXME if this ever changes! */ mask = tvb_get_letohs(tvb, offset); if(parent_tree){ - item = proto_tree_add_text(parent_tree, tvb, offset, bytes, - "File Attributes: 0x%08x", mask); + item = proto_tree_add_text(parent_tree, tvb, offset, 2, + "File Attributes: 0x%04x", mask); tree = proto_item_add_subtree(item, ett_smb_file_attributes); - proto_tree_add_boolean(tree, hf_smb_file_attr_encrypted, - tvb, offset, bytes, mask); - proto_tree_add_boolean(tree, hf_smb_file_attr_not_content_indexed, - tvb, offset, bytes, mask); - proto_tree_add_boolean(tree, hf_smb_file_attr_offline, - tvb, offset, bytes, mask); - proto_tree_add_boolean(tree, hf_smb_file_attr_compressed, - tvb, offset, bytes, mask); - proto_tree_add_boolean(tree, hf_smb_file_attr_reparse, - tvb, offset, bytes, mask); - proto_tree_add_boolean(tree, hf_smb_file_attr_sparse, - tvb, offset, bytes, mask); - proto_tree_add_boolean(tree, hf_smb_file_attr_temporary, - tvb, offset, bytes, mask); - proto_tree_add_boolean(tree, hf_smb_file_attr_normal, - tvb, offset, bytes, mask); - proto_tree_add_boolean(tree, hf_smb_file_attr_device, - tvb, offset, bytes, mask); proto_tree_add_boolean(tree, hf_smb_file_attr_archive_16bit, - tvb, offset, bytes, mask); + tvb, offset, 2, mask); proto_tree_add_boolean(tree, hf_smb_file_attr_directory_16bit, - tvb, offset, bytes, mask); + tvb, offset, 2, mask); proto_tree_add_boolean(tree, hf_smb_file_attr_volume_16bit, - tvb, offset, bytes, mask); + tvb, offset, 2, mask); proto_tree_add_boolean(tree, hf_smb_file_attr_system_16bit, - tvb, offset, bytes, mask); + tvb, offset, 2, mask); proto_tree_add_boolean(tree, hf_smb_file_attr_hidden_16bit, - tvb, offset, bytes, mask); + tvb, offset, 2, mask); proto_tree_add_boolean(tree, hf_smb_file_attr_read_only_16bit, - tvb, offset, bytes, mask); + tvb, offset, 2, mask); } - offset += bytes; + offset += 2; return offset; } -/* 3.11 */ +/* + * 3.11 in the SNIA CIFS spec + * SMB_EXT_FILE_ATTR, section 2.2.1.2.3 in the [MS-CIFS] spec + */ static int dissect_file_ext_attr_bits(tvbuff_t *tvb, proto_tree *parent_tree, int offset, int len, guint32 mask) @@ -1717,7 +1689,7 @@ dissect_file_ext_attr_bits(tvbuff_t *tvb, proto_tree *parent_tree, int offset, } /* 3.11 */ -static int +int dissect_file_ext_attr(tvbuff_t *tvb, proto_tree *parent_tree, int offset) { guint32 mask; @@ -1787,6 +1759,10 @@ static const true_false_string tfs_search_attribute_archive = { "Do NOT include archive files in search results" }; +/* + * Dissects an SMB_FILE_ATTRIBUTES, to use the term given to it by + * section 2.2.1.2.4 of [MS-CIFS], in cases where it's search attributes. + */ static int dissect_search_attributes(tvbuff_t *tvb, proto_tree *parent_tree, int offset) { @@ -3574,7 +3550,7 @@ dissect_open_file_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tr offset += 2; /* File Attributes */ - offset = dissect_file_attributes(tvb, tree, offset, 2); + offset = dissect_file_attributes(tvb, tree, offset); /* last write time */ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_last_write_time); @@ -3733,7 +3709,7 @@ dissect_create_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, WORD_COUNT; /* file attributes */ - offset = dissect_file_attributes(tvb, tree, offset, 2); + offset = dissect_file_attributes(tvb, tree, offset); /* creation time */ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_create_time); @@ -4025,7 +4001,7 @@ dissect_query_information_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_ WORD_COUNT; /* File Attributes */ - offset = dissect_file_attributes(tvb, tree, offset, 2); + offset = dissect_file_attributes(tvb, tree, offset); /* Last Write Time */ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_last_write_time); @@ -4059,7 +4035,7 @@ dissect_set_information_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t WORD_COUNT; /* file attributes */ - offset = dissect_file_attributes(tvb, tree, offset, 2); + offset = dissect_file_attributes(tvb, tree, offset); /* last write time */ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_last_write_time); @@ -4655,7 +4631,7 @@ dissect_query_information2_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto offset += 4; /* File Attributes */ - offset = dissect_file_attributes(tvb, tree, offset, 2); + offset = dissect_file_attributes(tvb, tree, offset); BYTE_COUNT; @@ -6020,7 +5996,7 @@ dissect_open_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i offset = dissect_search_attributes(tvb, tree, offset); /* File Attributes */ - offset = dissect_file_attributes(tvb, tree, offset, 2); + offset = dissect_file_attributes(tvb, tree, offset); /* creation time */ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_create_time); @@ -6176,8 +6152,8 @@ dissect_open_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* File Attributes */ fattr = tvb_get_letohs(tvb, offset); - isdir = fattr & 0x10; - offset = dissect_file_attributes(tvb, tree, offset, 2); + isdir = fattr & SMB_FILE_ATTRIBUTE_DIRECTORY; + offset = dissect_file_attributes(tvb, tree, offset); /* last write time */ offset = dissect_smb_UTIME(tvb, tree, offset, hf_smb_last_write_time); @@ -8591,7 +8567,7 @@ dissect_nt_trans_param_request(tvbuff_t *tvb, packet_info *pinfo, int offset, pr proto_item *item = NULL; proto_tree *tree = NULL; smb_info_t *si; - guint32 fn_len, create_flags, access_mask, file_attributes, share_access, create_options, create_disposition; + guint32 fn_len, create_flags, access_mask, share_access, create_options, create_disposition; const char *fn; si = (smb_info_t *)pinfo->private_data; @@ -8626,8 +8602,7 @@ dissect_nt_trans_param_request(tvbuff_t *tvb, packet_info *pinfo, int offset, pr COUNT_BYTES(8); /* Extended File Attributes */ - file_attributes=tvb_get_letohl(tvb, offset); - offset = dissect_file_ext_attr_bits(tvb, tree, offset, 4, file_attributes); + offset = dissect_file_ext_attr(tvb, tree, offset); bc -= 4; /* share access */ @@ -10755,7 +10730,7 @@ dissect_transaction2_request_parameters(tvbuff_t *tvb, packet_info *pinfo, /* File Attributes */ CHECK_BYTE_COUNT_TRANS(2); - offset = dissect_file_attributes(tvb, tree, offset, 2); + offset = dissect_file_attributes(tvb, tree, offset); bc -= 2; /* create time */ @@ -11730,7 +11705,7 @@ dissect_4_2_16_1(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, /* File Attributes */ CHECK_BYTE_COUNT_SUBR(2); - offset = dissect_file_attributes(tvb, tree, offset, 2); + offset = dissect_file_attributes(tvb, tree, offset); *bcp -= 2; /* ea length */ @@ -11856,7 +11831,7 @@ dissect_4_2_16_4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, /* File Attributes */ CHECK_BYTE_COUNT_SUBR(4); - offset = dissect_file_attributes(tvb, tree, offset, 4); + offset = dissect_file_ext_attr(tvb, tree, offset); *bcp -= 4; *trunc = FALSE; @@ -12058,7 +12033,7 @@ dissect_qfi_SMB_FILE_ALL_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tre /* File Attributes */ CHECK_BYTE_COUNT_SUBR(4); - offset = dissect_file_attributes(tvb, tree, offset, 4); + offset = dissect_file_ext_attr(tvb, tree, offset); *bcp -= 4; /* 4 pad bytes */ @@ -12549,7 +12524,7 @@ dissect_qfi_SMB_FILE_NETWORK_OPEN_INFO(tvbuff_t *tvb, /* File Attributes */ CHECK_BYTE_COUNT_SUBR(4); - offset = dissect_file_attributes(tvb, tree, offset, 4); + offset = dissect_file_ext_attr(tvb, tree, offset); *bcp -= 4; /* Unknown, possibly count of network accessors ... */ @@ -13732,7 +13707,7 @@ dissect_4_3_4_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, /* File Attributes */ CHECK_BYTE_COUNT_SUBR(2); - offset = dissect_file_attributes(tvb, tree, offset, 2); + offset = dissect_file_attributes(tvb, tree, offset); *bcp -= 2; /* file name len */ @@ -13833,7 +13808,7 @@ dissect_4_3_4_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, /* File Attributes */ CHECK_BYTE_COUNT_SUBR(2); - offset = dissect_file_attributes(tvb, tree, offset, 2); + offset = dissect_file_attributes(tvb, tree, offset); *bcp -= 2; /* ea length */ @@ -15468,7 +15443,7 @@ dissect_transaction2_response_parameters(tvbuff_t *tvb, packet_info *pinfo, prot */ /* File Attributes */ - offset = dissect_file_attributes(tvb, tree, offset, 2); + offset = dissect_file_attributes(tvb, tree, offset); /* create time */ offset = dissect_smb_datetime(tvb, tree, offset, -- cgit v1.2.3