Microsoft Networks SMB File Sharing Protocol Extensions Version
2.0, Document Version 3.3, November 7, 1988;
Microsoft Networks SMB File Sharing Protocol Extensions Version
3.0, Document Version 1.11, July 19, 1990.
svn path=/trunk/; revision=5566
Remove the declaration of "dissect_nt_sid()" from
"packet-dcerpc-samr.c"; get it by including "packet-smb-common.h",
instead.
svn path=/trunk/; revision=5313
I have captures with w2k speaking DCERPC without using the normal
Transaction named pipes SMBs.
Instead DCERPC is just implemented ontop of ordinary read/write calls.
The smb dissector now examines TreeConnectAndX and stores the conversation/tid/type-of-share in a table for later access.
All SMB requests examine that hash table to find out if TID in the header refers
to a normal share or an IPC$ share.
Initial support in read/write SMB calls to detect if the operations are for an
IPC share and thus it assumes it must be DCERPC commands in the payload.
Desegmentation/Reassembly of these types of calls are not implemented yet.
svn path=/trunk/; revision=4952
remembers SMBs for request/response matching, and make sure the request
and the response have the same type (or that the response has a
different type but is a valid response to the request).
svn path=/trunk/; revision=4763
CIFS draft spec speaks of both being used:
The multiplex ID (Mid) is used along with the Pid to allow
multiplexing the single client and server connection among the
client's multiple processes, threads, and requests per thread.
Clients may have many outstanding requests (up to the negotiated
number, MaxMpxCount) at one time. Servers MAY respond to
requests in any order, but a response message MUST always
contain the same Mid and Pid values as the corresponding request
message. The client MUST NOT have multiple outstanding requests
to a server with the same Mid and Pid.
and I have seen a capture where more than one PID is used on a given
connection and where the same MID is used with two different PIDs.
Get rid of the "mid" field in the "smb_info_t" structure - the MID is
not used outside "dissect_smb()".
svn path=/trunk/; revision=4495
DOS error codes to the table of them, and exporting that table to other
dissectors for protocols using DOS error codes.
svn path=/trunk/; revision=4470
add "dissect_ndr_ctx_hnd()" for dissecting context handles, and
use it in various DCERPC dissectors;
beef up the MS Security Account Manager dissector.
Also, export "NT_errors[]" for use by that dissector.
svn path=/trunk/; revision=4350
"smb_saved_info_t" in the table of requests whose replies have been
found, don't look it up in the table of requests whose replies have not
been found - if the request in question has no reply in the capture,
that may find some later frame in the same conversation with the same
MID, and we don't need that information anyway - the only reason we
*need* that structure is to save information in it for use when
processing its reply, and we already did that the first time we
processed the request. (The information for the later frame may be bad,
e.g. having a null "extra_info" pointer, or having one that points to
information for another request.)
Arrange that we don't use the pointer to the "smb_saved_info_t" when
processing a request except to save information if the request hasn't
already been processed, as that pointer may not be valid if the request
has already been processed, as per the above.
svn path=/trunk/; revision=4292
#defines for SMB commands with ones that use the names from the SNIA
CIFS spec.
Use those #define values rather than hardcoded values in various places
that check for specific commands.
svn path=/trunk/; revision=4244
routines used for that.
Rename some named pipe functions as per the SNIA CIFS spec.
Label the "number of files moved" field of the reply to a Move SMB as
such, rather than as an unspecified "Count".
svn path=/trunk/; revision=4229
"dissect_pipe_smb()", a tvbuff containing the setup words and the
pipe/mailslot pathname, as those are arguably the part of the packet
that contains the "mailslot protocol" and the "pipe protocol", as
opposed to the protocol running atop mailslots or pipes.
Pass a setup tvbuff to "dissect_pipe_smb()" for it to pass on to the
MSRPC-over-named-pipe dissector, and have the setup tvbuff passed to it
and "dissect_mailslot_smb()" contain *only* the setup words; don't
extract anything other than the setup words from it.
Declare "register_proto_smb_mailslot()" in "packet-smb-mailslot.h"
rather than "packet-smb.c", and declare "register_proto_smb_pipe()" in
"packet-smb-pipe.h" rather than "packet-smb.c".
Add a protocol for MSRPC-over-named-pipes.
Move the stuff to handle the FID in the setup words of
MSRPC-over-named-pipe transactions out of the SMB Transaction dissector
into the MSRPC dissector. Add a routine to "packet-smb.c", callable
from outside "packet-smb.c", to put an "smb.fid" field into the protocol
tree, and to add ", FID: XXXX" to the Info column, for use by the
MSRPC-over-named-pipe dissector; use it in the SMB dissector as well, in
all the places where we put a FID into the protocol tree.
Move the stuff to check whether the LANMAN protocol is enabled, and to
set "pinfo->current_proto" to "LANMAN" if it is, into the LANMAN
API-over-named-pipe dissector out of the named pipe protocol dissector.
If we didn't dissect a Transaction request or reply as a named pipe or
mailslot message, put any setup words, parameters, and data it has into
the protocol tree as separate items.
Don't put a "Response in" item into the protocol tree for an NT Cancel
request, as there are no responses to NT Cancel requests.
svn path=/trunk/; revision=4221
structure, so that it can be updated by subdissectors; this way the
updates affect the structure immediately, and don't get lost if the
subdissector later throws an exception.
Use "tvb_reported_length()" to check for an interim mailslot reply;
"tvb_length()" could give the wrong answer if a short snapshot length
was given in the capture.
svn path=/trunk/; revision=4218
"smb_saved_info_t". Put all the information needed to dissect NT
Transaction replies, Transaction2 replies, or Transaction replies into
separate data structures, allocated separately, and put a pointer to
that data structure in the "void *" in question.
Use the return value of "dissect_pipe_smb()" and
"dissect_mailslot_smb()" to control whether to display as data the stuff
those routines were asked to dissect.
If we've seen a request before, but its "smb_saved_info_t" isn't in the
"matched" hash table, look in the "unmatched" hash table - perhaps we
haven't seen the reply yet.
svn path=/trunk/; revision=4216
Get rid of "Response to" stuff in the LANMAN dissector, as that's now
done in the SMB dissector.
Add a routine for dissecting unknown SMBs (gets the word and byte
counts, and just adds text entries for the word and byte parameters, if
any), and replace null pointers in the dissector table with pointers to
that routine. Get rid of the check for a null dissector pointer.
svn path=/trunk/; revision=4212
places) dissector tvbuffified, from Ronnie Sahlberg and me.
Additional "are we past the end of the buffer" checks added, so that we
don't hand random junk to the transaction and transact2 dissectors.
svn path=/trunk/; revision=3824
that rather than passing another copy of that flag to dissectors of
particular messages.
Pass that structure to the pipe subdissector by making "pi.private"
point to it, rather than by passing it as an explicit argument.
Change more of the
if (dirn == 1) {
...
}
if (dirn == 0) {
...
}
stuff to
if (dirn == 1) {
...
} else {
...
}
and then, as per the first paragraph, check the "request" flag in the
"smb_info" structure rather than checking a "dirn" flag.
Set "last_transact2_command" to -1 in the "smb_request_val" structures
for TRANSACTION requests, as it doesn't apply to those requests.
As "dissect_transact_params()" doesn't do any work if the "TransactName"
argument is null, don't bother calling it for a reply if we don't have an
"smb_request_val" for the corresponding request, as that means we can't
find out the value to pass as the "TransactName" argument.
svn path=/trunk/; revision=3822
(This fixes an incorrect string for TRANS2_GET_DFS_REFERRAL, which has
the code 0x10 according to the current SNIA CIFS draft spec; I've seen
those in packet captures.)
Create entries in the transaction hash tables only for requests, not for
replies; this means a reply might not have an entry in the table, if the
request didn't appear in the capture, so handle that case.
Make the "last_transact2_command" field of a "smb_request_val" structure
an "int", so it can be given the value -1, which is different from all
the valid 16-bit unsigned values, to indicate that we couldn't get the
transaction code from the request (e.g., because it's too short).
Show the first Setup word in a TRANSACT2 request as the transaction
code, as that's what it is.
"dirn" is a Boolean, so
if (dirn == 1) {
...
}
if (dirn == 0) {
...
}
is equivalent to
if (dirn == 1) {
...
} else {
...
}
and the latter is a bit clearer, so use it.
Distinguish between a TRANSACTION or TRANSACT2 reply where we didn't see
the request and one where we saw the request but didn't see the request
path for TRANSACTION or the request code for TRANSACT2.
Use "g_strdup()" rather than "g_malloc()" followed by "strcpy()".
svn path=/trunk/; revision=3819
but does not link. Perhaps someone who understands the MS tools can help
out. I made it link a few months ago, but with different version of glib/gtk+.
I can't remember how I made it link.
Most of the compatibility issues were resolved with adding
#ifdef HAVE_UNISTD_H the the source code. Please be sure to add this to all
future code.
svn path=/trunk/; revision=359
Jörg Mayer