1 /* 2 Copyright (C) Andrew Tridgell 1995-1999 3 4 This software may be distributed either under the terms of the 5 BSD-style license that accompanies tcpdump or the GNU GPL version 2 6 or later */ 7 8 #ifdef HAVE_CONFIG_H 9 #include "config.h" 10 #endif 11 12 #ifndef lint 13 static const char rcsid[] = 14 "@(#) $Header: /tcpdump/master/tcpdump/print-smb.c,v 1.3.2.1 2000/01/11 06:58:27 fenner Exp $"; 15 #endif 16 17 #include <stdio.h> 18 #include <string.h> 19 #include <sys/types.h> 20 21 #include "interface.h" 22 #include "smb.h" 23 24 static int request=0; 25 26 const uchar *startbuf=NULL; 27 28 struct smbdescript 29 { 30 char *req_f1; 31 char *req_f2; 32 char *rep_f1; 33 char *rep_f2; 34 void (*fn)(); /* sometimes (u_char *, u_char *, u_char *, u_char *) 35 and sometimes (u_char *, u_char *, int, int) */ 36 }; 37 38 struct smbfns 39 { 40 int id; 41 char *name; 42 int flags; 43 struct smbdescript descript; 44 }; 45 46 #define DEFDESCRIPT {NULL,NULL,NULL,NULL,NULL} 47 48 #define FLG_CHAIN (1<<0) 49 50 static struct smbfns *smbfind(int id,struct smbfns *list) 51 { 52 int sindex; 53 54 for (sindex=0;list[sindex].name;sindex++) 55 if (list[sindex].id == id) return(&list[sindex]); 56 57 return(&list[0]); 58 } 59 60 static void trans2_findfirst(uchar *param,uchar *data,int pcnt,int dcnt) 61 { 62 char *fmt; 63 64 if (request) { 65 fmt = "Attribute=[A]\nSearchCount=[d]\nFlags=[w]\nLevel=[dP5]\nFile=[S]\n"; 66 } else { 67 fmt = "Handle=[w]\nCount=[d]\nEOS=[w]\nEoffset=[d]\nLastNameOfs=[w]\n"; 68 } 69 70 fdata(param,fmt,param+pcnt); 71 if (dcnt) { 72 printf("data:\n"); 73 print_data(data,dcnt); 74 } 75 } 76 77 static void trans2_qfsinfo(uchar *param,uchar *data,int pcnt,int dcnt) 78 { 79 static int level=0; 80 char *fmt=""; 81 82 if (request) { 83 level = SVAL(param,0); 84 fmt = "InfoLevel=[d]\n"; 85 fdata(param,fmt,param+pcnt); 86 } else { 87 switch (level) { 88 case 1: 89 fmt = "idFileSystem=[W]\nSectorUnit=[D]\nUnit=[D]\nAvail=[D]\nSectorSize=[d]\n"; 90 break; 91 case 2: 92 fmt = "CreationTime=[T2]VolNameLength=[B]\nVolumeLabel=[s12]\n"; 93 break; 94 case 0x105: 95 fmt = "Capabilities=[W]\nMaxFileLen=[D]\nVolNameLen=[D]\nVolume=[S]\n"; 96 break; 97 default: 98 fmt = "UnknownLevel\n"; 99 } 100 fdata(data,fmt,data+dcnt); 101 } 102 if (dcnt) { 103 printf("data:\n"); 104 print_data(data,dcnt); 105 } 106 } 107 108 struct smbfns trans2_fns[] = { 109 {0,"TRANSACT2_OPEN",0, 110 {"Flags2=[w]\nMode=[w]\nSearchAttrib=[A]\nAttrib=[A]\nTime=[T2]\nOFun=[w]\nSize=[D]\nRes=([w,w,w,w,w])\nPath=[S]",NULL, 111 "Handle=[d]\nAttrib=[A]\nTime=[T2]\nSize=[D]\nAccess=[w]\nType=[w]\nState=[w]\nAction=[w]\nInode=[W]\nOffErr=[d]\n|EALength=[d]\n",NULL,NULL}}, 112 113 {1,"TRANSACT2_FINDFIRST",0, 114 {NULL,NULL,NULL,NULL,trans2_findfirst}}, 115 116 {2,"TRANSACT2_FINDNEXT",0,DEFDESCRIPT}, 117 118 {3,"TRANSACT2_QFSINFO",0, 119 {NULL,NULL,NULL,NULL,trans2_qfsinfo}}, 120 121 {4,"TRANSACT2_SETFSINFO",0,DEFDESCRIPT}, 122 {5,"TRANSACT2_QPATHINFO",0,DEFDESCRIPT}, 123 {6,"TRANSACT2_SETPATHINFO",0,DEFDESCRIPT}, 124 {7,"TRANSACT2_QFILEINFO",0,DEFDESCRIPT}, 125 {8,"TRANSACT2_SETFILEINFO",0,DEFDESCRIPT}, 126 {9,"TRANSACT2_FSCTL",0,DEFDESCRIPT}, 127 {10,"TRANSACT2_IOCTL",0,DEFDESCRIPT}, 128 {11,"TRANSACT2_FINDNOTIFYFIRST",0,DEFDESCRIPT}, 129 {12,"TRANSACT2_FINDNOTIFYNEXT",0,DEFDESCRIPT}, 130 {13,"TRANSACT2_MKDIR",0,DEFDESCRIPT}, 131 {-1,NULL,0,DEFDESCRIPT}}; 132 133 134 static void print_trans2(uchar *words,uchar *dat,uchar *buf,uchar *maxbuf) 135 { 136 static struct smbfns *fn = &trans2_fns[0]; 137 uchar *data,*param; 138 uchar *f1=NULL,*f2=NULL; 139 int pcnt,dcnt; 140 141 if (request) { 142 fn = smbfind(SVAL(words+1,14*2),trans2_fns); 143 data = buf+SVAL(words+1,12*2); 144 param = buf+SVAL(words+1,10*2); 145 pcnt = SVAL(words+1,9*2); 146 dcnt = SVAL(words+1,11*2); 147 } else { 148 data = buf+SVAL(words+1,7*2); 149 param = buf+SVAL(words+1,4*2); 150 pcnt = SVAL(words+1,3*2); 151 dcnt = SVAL(words+1,6*2); 152 } 153 154 printf("%s param_length=%d data_length=%d\n", 155 fn->name,pcnt,dcnt); 156 157 if (request) { 158 if (CVAL(words,0) == 8) { 159 fdata(words+1,"Trans2Secondary\nTotParam=[d]\nTotData=[d]\nParamCnt=[d]\nParamOff=[d]\nParamDisp=[d]\nDataCnt=[d]\nDataOff=[d]\nDataDisp=[d]\nHandle=[d]\n",maxbuf); 160 return; 161 } else { 162 fdata(words+1,"TotParam=[d]\nTotData=[d]\nMaxParam=[d]\nMaxData=[d]\nMaxSetup=[d]\nFlags=[w]\nTimeOut=[D]\nRes1=[w]\nParamCnt=[d]\nParamOff=[d]\nDataCnt=[d]\nDataOff=[d]\nSetupCnt=[d]\n",words+1+14*2); 163 fdata(data+1,"TransactionName=[S]\n%",maxbuf); 164 } 165 f1 = fn->descript.req_f1; 166 f2 = fn->descript.req_f2; 167 } else { 168 if (CVAL(words,0) == 0) { 169 printf("Trans2Interim\n"); 170 return; 171 } else { 172 fdata(words+1,"TotParam=[d]\nTotData=[d]\nRes1=[w]\nParamCnt=[d]\nParamOff=[d]\nParamDisp[d]\nDataCnt=[d]\nDataOff=[d]\nDataDisp=[d]\nSetupCnt=[d]\n",words+1+10*2); 173 } 174 f1 = fn->descript.rep_f1; 175 f2 = fn->descript.rep_f2; 176 } 177 178 if (fn->descript.fn) { 179 fn->descript.fn(param,data,pcnt,dcnt); 180 } else { 181 fdata(param,f1?f1:(uchar*)"Paramaters=\n",param+pcnt); 182 fdata(data,f2?f2:(uchar*)"Data=\n",data+dcnt); 183 } 184 } 185 186 187 static void print_browse(uchar *param,int paramlen,const uchar *data,int datalen) 188 { 189 const uchar *maxbuf = data + datalen; 190 int command = CVAL(data,0); 191 192 fdata(param,"BROWSE PACKET\n|Param ",param+paramlen); 193 194 switch (command) { 195 case 0xF: 196 data = fdata(data,"BROWSE PACKET:\nType=[B] (LocalMasterAnnouncement)\nUpdateCount=[w]\nRes1=[B]\nAnnounceInterval=[d]\nName=[n2]\nMajorVersion=[B]\nMinorVersion=[B]\nServerType=[W]\nElectionVersion=[w]\nBrowserConstant=[w]\n",maxbuf); 197 break; 198 199 case 0x1: 200 data = fdata(data,"BROWSE PACKET:\nType=[B] (HostAnnouncement)\nUpdateCount=[w]\nRes1=[B]\nAnnounceInterval=[d]\nName=[n2]\nMajorVersion=[B]\nMinorVersion=[B]\nServerType=[W]\nElectionVersion=[w]\nBrowserConstant=[w]\n",maxbuf); 201 break; 202 203 case 0x2: 204 data = fdata(data,"BROWSE PACKET:\nType=[B] (AnnouncementRequest)\nFlags=[B]\nReplySystemName=[S]\n",maxbuf); 205 break; 206 207 case 0xc: 208 data = fdata(data,"BROWSE PACKET:\nType=[B] (WorkgroupAnnouncement)\nUpdateCount=[w]\nRes1=[B]\nAnnounceInterval=[d]\nName=[n2]\nMajorVersion=[B]\nMinorVersion=[B]\nServerType=[W]\nCommentPointer=[W]\nServerName=[S]\n",maxbuf); 209 break; 210 211 case 0x8: 212 data = fdata(data,"BROWSE PACKET:\nType=[B] (ElectionFrame)\nElectionVersion=[B]\nOSSummary=[W]\nUptime=[(W,W)]\nServerName=[S]\n",maxbuf); 213 break; 214 215 case 0xb: 216 data = fdata(data,"BROWSE PACKET:\nType=[B] (BecomeBackupBrowser)\nName=[S]\n",maxbuf); 217 break; 218 219 case 0x9: 220 data = fdata(data,"BROWSE PACKET:\nType=[B] (GetBackupList)\nListCount?=[B]\nToken?=[B]\n",maxbuf); 221 break; 222 223 case 0xa: 224 data = fdata(data,"BROWSE PACKET:\nType=[B] (BackupListResponse)\nServerCount?=[B]\nToken?=[B]*Name=[S]\n",maxbuf); 225 break; 226 227 case 0xd: 228 data = fdata(data,"BROWSE PACKET:\nType=[B] (MasterAnnouncement)\nMasterName=[S]\n",maxbuf); 229 break; 230 231 case 0xe: 232 data = fdata(data,"BROWSE PACKET:\nType=[B] (ResetBrowser)\nOptions=[B]\n",maxbuf); 233 break; 234 235 default: 236 data = fdata(data,"Unknown Browser Frame ",maxbuf); 237 break; 238 } 239 } 240 241 242 static void print_ipc(uchar *param,int paramlen,uchar *data,int datalen) 243 { 244 if (paramlen) 245 fdata(param,"Command=[w]\nStr1=[S]\nStr2=[S]\n",param+paramlen); 246 if (datalen) 247 fdata(data,"IPC ",data+datalen); 248 } 249 250 251 static void print_trans(uchar *words,uchar *data1,uchar *buf,uchar *maxbuf) 252 { 253 uchar *f1,*f2,*f3,*f4; 254 uchar *data,*param; 255 int datalen,paramlen; 256 257 if (request) { 258 paramlen = SVAL(words+1,9*2); 259 param = buf + SVAL(words+1,10*2); 260 datalen = SVAL(words+1,11*2); 261 data = buf + SVAL(words+1,12*2); 262 f1 = "TotParamCnt=[d] \nTotDataCnt=[d] \nMaxParmCnt=[d] \nMaxDataCnt=[d]\nMaxSCnt=[d] \nTransFlags=[w] \nRes1=[w] \nRes2=[w] \nRes3=[w]\nParamCnt=[d] \nParamOff=[d] \nDataCnt=[d] \nDataOff=[d] \nSUCnt=[d]\n"; 263 f2 = "|Name=[S]\n"; 264 f3 = "|Param "; 265 f4 = "|Data "; 266 } else { 267 paramlen = SVAL(words+1,3*2); 268 param = buf + SVAL(words+1,4*2); 269 datalen = SVAL(words+1,6*2); 270 data = buf + SVAL(words+1,7*2); 271 f1 = "TotParamCnt=[d] \nTotDataCnt=[d] \nRes1=[d]\nParamCnt=[d] \nParamOff=[d] \nRes2=[d] \nDataCnt=[d] \nDataOff=[d] \nRes3=[d]\nLsetup=[d]\n"; 272 f2 = "|Unknown "; 273 f3 = "|Param "; 274 f4 = "|Data "; 275 } 276 277 fdata(words+1,f1,MIN(words+1+2*CVAL(words,0),maxbuf)); 278 fdata(data1+2,f2,maxbuf - (paramlen + datalen)); 279 280 if (!strcmp(data1+2,"\\MAILSLOT\\BROWSE")) { 281 print_browse(param,paramlen,data,datalen); 282 return; 283 } 284 285 if (!strcmp(data1+2,"\\PIPE\\LANMAN")) { 286 print_ipc(param,paramlen,data,datalen); 287 return; 288 } 289 290 if (paramlen) fdata(param,f3,MIN(param+paramlen,maxbuf)); 291 if (datalen) fdata(data,f4,MIN(data+datalen,maxbuf)); 292 } 293 294 295 296 static void print_negprot(uchar *words,uchar *data,uchar *buf,uchar *maxbuf) 297 { 298 uchar *f1=NULL,*f2=NULL; 299 300 if (request) { 301 f2 = "*|Dialect=[Z]\n"; 302 } else { 303 if (CVAL(words,0) == 1) { 304 f1 = "Core Protocol\nDialectIndex=[d]"; 305 } else if (CVAL(words,0) == 17) { 306 f1 = "NT1 Protocol\nDialectIndex=[d]\nSecMode=[B]\nMaxMux=[d]\nNumVcs=[d]\nMaxBuffer=[D]\nRawSize=[D]\nSessionKey=[W]\nCapabilities=[W]\nServerTime=[T3]TimeZone=[d]\nCryptKey="; 307 } else if (CVAL(words,0) == 13) { 308 f1 = "Coreplus/Lanman1/Lanman2 Protocol\nDialectIndex=[d]\nSecMode=[w]\nMaxXMit=[d]\nMaxMux=[d]\nMaxVcs=[d]\nBlkMode=[w]\nSessionKey=[W]\nServerTime=[T1]TimeZone=[d]\nRes=[W]\nCryptKey="; 309 } 310 } 311 312 if (f1) 313 fdata(words+1,f1,MIN(words + 1 + CVAL(words,0)*2,maxbuf)); 314 else 315 print_data(words+1,MIN(CVAL(words,0)*2,PTR_DIFF(maxbuf,words+1))); 316 317 if (f2) 318 fdata(data+2,f2,MIN(data + 2 + SVAL(data,0),maxbuf)); 319 else 320 print_data(data+2,MIN(SVAL(data,0),PTR_DIFF(maxbuf,data+2))); 321 322 } 323 324 static void print_sesssetup(uchar *words,uchar *data,uchar *buf,uchar *maxbuf) 325 { 326 int wcnt = CVAL(words,0); 327 uchar *f1=NULL,*f2=NULL; 328 329 if (request) { 330 if (wcnt==10) { 331 f1 = "Com2=[w]\nOff2=[d]\nBufSize=[d]\nMpxMax=[d]\nVcNum=[d]\nSessionKey=[W]\nPassLen=[d]\nCryptLen=[d]\nCryptOff=[d]\nPass&Name=\n"; 332 } else { 333 f1 = "Com2=[B]\nRes1=[B]\nOff2=[d]\nMaxBuffer=[d]\nMaxMpx=[d]\nVcNumber=[d]\nSessionKey=[W]\nCaseInsensitivePasswordLength=[d]\nCaseSensitivePasswordLength=[d]\nRes=[W]\nCapabilities=[W]\nPass1&Pass2&Account&Domain&OS&LanMan=\n"; 334 } 335 } else { 336 if (CVAL(words,0) == 3) { 337 f1 = "Com2=[w]\nOff2=[d]\nAction=[w]\n"; 338 } else if (CVAL(words,0) == 13) { 339 f1 = "Com2=[B]\nRes=[B]\nOff2=[d]\nAction=[w]\n"; 340 f2 = "NativeOS=[S]\nNativeLanMan=[S]\nPrimaryDomain=[S]\n"; 341 } 342 } 343 344 if (f1) 345 fdata(words+1,f1,MIN(words + 1 + CVAL(words,0)*2,maxbuf)); 346 else 347 print_data(words+1,MIN(CVAL(words,0)*2,PTR_DIFF(maxbuf,words+1))); 348 349 if (f2) 350 fdata(data+2,f2,MIN(data + 2 + SVAL(data,0),maxbuf)); 351 else 352 print_data(data+2,MIN(SVAL(data,0),PTR_DIFF(maxbuf,data+2))); 353 } 354 355 356 static struct smbfns smb_fns[] = 357 { 358 {-1,"SMBunknown",0,DEFDESCRIPT}, 359 360 {SMBtcon,"SMBtcon",0, 361 {NULL,"Path=[Z]\nPassword=[Z]\nDevice=[Z]\n", 362 "MaxXmit=[d]\nTreeId=[d]\n",NULL, 363 NULL}}, 364 365 366 {SMBtdis,"SMBtdis",0,DEFDESCRIPT}, 367 {SMBexit,"SMBexit",0,DEFDESCRIPT}, 368 {SMBioctl,"SMBioctl",0,DEFDESCRIPT}, 369 370 {SMBecho,"SMBecho",0, 371 {"ReverbCount=[d]\n",NULL, 372 "SequenceNum=[d]\n",NULL, 373 NULL}}, 374 375 {SMBulogoffX, "SMBulogoffX",FLG_CHAIN,DEFDESCRIPT}, 376 377 {SMBgetatr,"SMBgetatr",0, 378 {NULL,"Path=[Z]\n", 379 "Attribute=[A]\nTime=[T2]Size=[D]\nRes=([w,w,w,w,w])\n",NULL, 380 NULL}}, 381 382 {SMBsetatr,"SMBsetatr",0, 383 {"Attribute=[A]\nTime=[T2]Res=([w,w,w,w,w])\n","Path=[Z]\n", 384 NULL,NULL,NULL}}, 385 386 {SMBchkpth,"SMBchkpth",0, 387 {NULL,"Path=[Z]\n",NULL,NULL,NULL}}, 388 389 {SMBsearch,"SMBsearch",0, 390 {"Count=[d]\nAttrib=[A]\n","Path=[Z]\nBlkType=[B]\nBlkLen=[d]\n|Res1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\n", 391 "Count=[d]\n","BlkType=[B]\nBlkLen=[d]\n*\nRes1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\nAttrib=[a]\nTime=[T1]Size=[D]\nName=[s13]\n",NULL}}, 392 393 394 {SMBopen,"SMBopen",0, 395 {"Mode=[w]\nAttribute=[A]\n","Path=[Z]\n", 396 "Handle=[d]\nOAttrib=[A]\nTime=[T2]Size=[D]\nAccess=[w]\n",NULL, 397 NULL}}, 398 399 {SMBcreate,"SMBcreate",0, 400 {"Attrib=[A]\nTime=[T2]","Path=[Z]\n", 401 "Handle=[d]\n",NULL, 402 NULL}}, 403 404 {SMBmknew,"SMBmknew",0, 405 {"Attrib=[A]\nTime=[T2]","Path=[Z]\n", 406 "Handle=[d]\n",NULL, 407 NULL}}, 408 409 {SMBunlink,"SMBunlink",0, 410 {"Attrib=[A]\n","Path=[Z]\n",NULL,NULL,NULL}}, 411 412 {SMBread,"SMBread",0, 413 {"Handle=[d]\nByteCount=[d]\nOffset=[D]\nCountLeft=[d]\n",NULL, 414 "Count=[d]\nRes=([w,w,w,w])\n",NULL,NULL}}, 415 416 {SMBwrite,"SMBwrite",0, 417 {"Handle=[d]\nByteCount=[d]\nOffset=[D]\nCountLeft=[d]\n",NULL, 418 "Count=[d]\n",NULL,NULL}}, 419 420 {SMBclose,"SMBclose",0, 421 {"Handle=[d]\nTime=[T2]",NULL,NULL,NULL,NULL}}, 422 423 {SMBmkdir,"SMBmkdir",0, 424 {NULL,"Path=[Z]\n",NULL,NULL,NULL}}, 425 426 {SMBrmdir,"SMBrmdir",0, 427 {NULL,"Path=[Z]\n",NULL,NULL,NULL}}, 428 429 {SMBdskattr,"SMBdskattr",0, 430 {NULL,NULL, 431 "TotalUnits=[d]\nBlocksPerUnit=[d]\nBlockSize=[d]\nFreeUnits=[d]\nMedia=[w]\n", 432 NULL,NULL}}, 433 434 {SMBmv,"SMBmv",0, 435 {"Attrib=[A]\n","OldPath=[Z]\nNewPath=[Z]\n",NULL,NULL,NULL}}, 436 437 /* this is a Pathworks specific call, allowing the 438 changing of the root path */ 439 {pSETDIR,"SMBsetdir",0, 440 {NULL,"Path=[Z]\n",NULL,NULL,NULL}}, 441 442 {SMBlseek,"SMBlseek",0, 443 {"Handle=[d]\nMode=[w]\nOffset=[D]\n","Offset=[D]\n",NULL,NULL}}, 444 445 {SMBflush,"SMBflush",0, 446 {"Handle=[d]\n",NULL,NULL,NULL,NULL}}, 447 448 {SMBsplopen,"SMBsplopen",0, 449 {"SetupLen=[d]\nMode=[w]\n","Ident=[Z]\n","Handle=[d]\n",NULL,NULL}}, 450 451 {SMBsplclose,"SMBsplclose",0, 452 {"Handle=[d]\n",NULL,NULL,NULL,NULL}}, 453 454 {SMBsplretq,"SMBsplretq",0, 455 {"MaxCount=[d]\nStartIndex=[d]\n",NULL, 456 "Count=[d]\nIndex=[d]\n", 457 "*Time=[T2]Status=[B]\nJobID=[d]\nSize=[D]\nRes=[B]Name=[s16]\n", 458 NULL}}, 459 460 {SMBsplwr,"SMBsplwr",0, 461 {"Handle=[d]\n",NULL,NULL,NULL,NULL}}, 462 463 {SMBlock,"SMBlock",0, 464 {"Handle=[d]\nCount=[D]\nOffset=[D]\n",NULL,NULL,NULL,NULL}}, 465 466 {SMBunlock,"SMBunlock",0, 467 {"Handle=[d]\nCount=[D]\nOffset=[D]\n",NULL,NULL,NULL,NULL}}, 468 469 /* CORE+ PROTOCOL FOLLOWS */ 470 471 {SMBreadbraw,"SMBreadbraw",0, 472 {"Handle=[d]\nOffset=[D]\nMaxCount=[d]\nMinCount=[d]\nTimeOut=[D]\nRes=[d]\n", 473 NULL,NULL,NULL,NULL}}, 474 475 {SMBwritebraw,"SMBwritebraw",0, 476 {"Handle=[d]\nTotalCount=[d]\nRes=[w]\nOffset=[D]\nTimeOut=[D]\nWMode=[w]\nRes2=[W]\n|DataSize=[d]\nDataOff=[d]\n", 477 NULL,"WriteRawAck",NULL,NULL}}, 478 479 {SMBwritec,"SMBwritec",0, 480 {NULL,NULL,"Count=[d]\n",NULL,NULL}}, 481 482 {SMBwriteclose,"SMBwriteclose",0, 483 {"Handle=[d]\nCount=[d]\nOffset=[D]\nTime=[T2]Res=([w,w,w,w,w,w])",NULL, 484 "Count=[d]\n",NULL,NULL}}, 485 486 {SMBlockread,"SMBlockread",0, 487 {"Handle=[d]\nByteCount=[d]\nOffset=[D]\nCountLeft=[d]\n",NULL, 488 "Count=[d]\nRes=([w,w,w,w])\n",NULL,NULL}}, 489 490 {SMBwriteunlock,"SMBwriteunlock",0, 491 {"Handle=[d]\nByteCount=[d]\nOffset=[D]\nCountLeft=[d]\n",NULL, 492 "Count=[d]\n",NULL,NULL}}, 493 494 {SMBreadBmpx,"SMBreadBmpx",0, 495 {"Handle=[d]\nOffset=[D]\nMaxCount=[d]\nMinCount=[d]\nTimeOut=[D]\nRes=[w]\n", 496 NULL, 497 "Offset=[D]\nTotCount=[d]\nRemaining=[d]\nRes=([w,w])\nDataSize=[d]\nDataOff=[d]\n", 498 NULL,NULL}}, 499 500 {SMBwriteBmpx,"SMBwriteBmpx",0, 501 {"Handle=[d]\nTotCount=[d]\nRes=[w]\nOffset=[D]\nTimeOut=[D]\nWMode=[w]\nRes2=[W]\nDataSize=[d]\nDataOff=[d]\n",NULL, 502 "Remaining=[d]\n",NULL,NULL}}, 503 504 {SMBwriteBs,"SMBwriteBs",0, 505 {"Handle=[d]\nTotCount=[d]\nOffset=[D]\nRes=[W]\nDataSize=[d]\nDataOff=[d]\n",NULL, 506 "Count=[d]\n",NULL,NULL}}, 507 508 {SMBsetattrE,"SMBsetattrE",0, 509 {"Handle=[d]\nCreationTime=[T2]AccessTime=[T2]ModifyTime=[T2]",NULL, 510 NULL,NULL,NULL}}, 511 512 {SMBgetattrE,"SMBgetattrE",0, 513 {"Handle=[d]\n",NULL, 514 "CreationTime=[T2]AccessTime=[T2]ModifyTime=[T2]Size=[D]\nAllocSize=[D]\nAttribute=[A]\n",NULL,NULL}}, 515 516 {SMBtranss,"SMBtranss",0,DEFDESCRIPT}, 517 {SMBioctls,"SMBioctls",0,DEFDESCRIPT}, 518 519 {SMBcopy,"SMBcopy",0, 520 {"TreeID2=[d]\nOFun=[w]\nFlags=[w]\n","Path=[S]\nNewPath=[S]\n", 521 "CopyCount=[d]\n","|ErrStr=[S]\n",NULL}}, 522 523 {SMBmove,"SMBmove",0, 524 {"TreeID2=[d]\nOFun=[w]\nFlags=[w]\n","Path=[S]\nNewPath=[S]\n", 525 "MoveCount=[d]\n","|ErrStr=[S]\n",NULL}}, 526 527 {SMBopenX,"SMBopenX",FLG_CHAIN, 528 {"Com2=[w]\nOff2=[d]\nFlags=[w]\nMode=[w]\nSearchAttrib=[A]\nAttrib=[A]\nTime=[T2]OFun=[w]\nSize=[D]\nTimeOut=[D]\nRes=[W]\n","Path=[S]\n", 529 "Com2=[w]\nOff2=[d]\nHandle=[d]\nAttrib=[A]\nTime=[T2]Size=[D]\nAccess=[w]\nType=[w]\nState=[w]\nAction=[w]\nFileID=[W]\nRes=[w]\n",NULL,NULL}}, 530 531 {SMBreadX,"SMBreadX",FLG_CHAIN, 532 {"Com2=[w]\nOff2=[d]\nHandle=[d]\nOffset=[D]\nMaxCount=[d]\nMinCount=[d]\nTimeOut=[D]\nCountLeft=[d]\n",NULL, 533 "Com2=[w]\nOff2=[d]\nRemaining=[d]\nRes=[W]\nDataSize=[d]\nDataOff=[d]\nRes=([w,w,w,w])\n",NULL,NULL}}, 534 535 {SMBwriteX,"SMBwriteX",FLG_CHAIN, 536 {"Com2=[w]\nOff2=[d]\nHandle=[d]\nOffset=[D]\nTimeOut=[D]\nWMode=[w]\nCountLeft=[d]\nRes=[w]\nDataSize=[d]\nDataOff=[d]\n",NULL, 537 "Com2=[w]\nOff2=[d]\nCount=[d]\nRemaining=[d]\nRes=[W]\n",NULL,NULL}}, 538 539 {SMBlockingX,"SMBlockingX",FLG_CHAIN, 540 {"Com2=[w]\nOff2=[d]\nHandle=[d]\nLockType=[w]\nTimeOut=[D]\nUnlockCount=[d]\nLockCount=[d]\n", 541 "*Process=[d]\nOffset=[D]\nLength=[D]\n", 542 "Com2=[w]\nOff2=[d]\n"}}, 543 544 {SMBffirst,"SMBffirst",0, 545 {"Count=[d]\nAttrib=[A]\n","Path=[Z]\nBlkType=[B]\nBlkLen=[d]\n|Res1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\n", 546 "Count=[d]\n","BlkType=[B]\nBlkLen=[d]\n*\nRes1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\nAttrib=[a]\nTime=[T1]Size=[D]\nName=[s13]\n",NULL}}, 547 548 {SMBfunique,"SMBfunique",0, 549 {"Count=[d]\nAttrib=[A]\n","Path=[Z]\nBlkType=[B]\nBlkLen=[d]\n|Res1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\n", 550 "Count=[d]\n","BlkType=[B]\nBlkLen=[d]\n*\nRes1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\nAttrib=[a]\nTime=[T1]Size=[D]\nName=[s13]\n",NULL}}, 551 552 {SMBfclose,"SMBfclose",0, 553 {"Count=[d]\nAttrib=[A]\n","Path=[Z]\nBlkType=[B]\nBlkLen=[d]\n|Res1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\n", 554 "Count=[d]\n","BlkType=[B]\nBlkLen=[d]\n*\nRes1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\nAttrib=[a]\nTime=[T1]Size=[D]\nName=[s13]\n",NULL}}, 555 556 {SMBfindnclose, "SMBfindnclose", 0, 557 {"Handle=[d]\n",NULL,NULL,NULL,NULL}}, 558 559 {SMBfindclose, "SMBfindclose", 0, 560 {"Handle=[d]\n",NULL,NULL,NULL,NULL}}, 561 562 {SMBsends,"SMBsends",0, 563 {NULL,"Source=[Z]\nDest=[Z]\n",NULL,NULL,NULL}}, 564 565 {SMBsendstrt,"SMBsendstrt",0, 566 {NULL,"Source=[Z]\nDest=[Z]\n","GroupID=[d]\n",NULL,NULL}}, 567 568 {SMBsendend,"SMBsendend",0, 569 {"GroupID=[d]\n",NULL,NULL,NULL,NULL}}, 570 571 {SMBsendtxt,"SMBsendtxt",0, 572 {"GroupID=[d]\n",NULL,NULL,NULL,NULL}}, 573 574 {SMBsendb,"SMBsendb",0, 575 {NULL,"Source=[Z]\nDest=[Z]\n",NULL,NULL,NULL}}, 576 577 {SMBfwdname,"SMBfwdname",0,DEFDESCRIPT}, 578 {SMBcancelf,"SMBcancelf",0,DEFDESCRIPT}, 579 {SMBgetmac,"SMBgetmac",0,DEFDESCRIPT}, 580 581 {SMBnegprot,"SMBnegprot",0, 582 {NULL,NULL,NULL,NULL,print_negprot}}, 583 584 {SMBsesssetupX,"SMBsesssetupX",FLG_CHAIN, 585 {NULL,NULL,NULL,NULL,print_sesssetup}}, 586 587 {SMBtconX,"SMBtconX",FLG_CHAIN, 588 {"Com2=[w]\nOff2=[d]\nFlags=[w]\nPassLen=[d]\nPasswd&Path&Device=\n",NULL, 589 "Com2=[w]\nOff2=[d]\n","ServiceType=[S]\n",NULL}}, 590 591 {SMBtrans2, "SMBtrans2",0,{NULL,NULL,NULL,NULL,print_trans2}}, 592 593 {SMBtranss2, "SMBtranss2", 0,DEFDESCRIPT}, 594 {SMBctemp,"SMBctemp",0,DEFDESCRIPT}, 595 {SMBreadBs,"SMBreadBs",0,DEFDESCRIPT}, 596 {SMBtrans,"SMBtrans",0,{NULL,NULL,NULL,NULL,print_trans}}, 597 598 {SMBnttrans,"SMBnttrans", 0, DEFDESCRIPT}, 599 {SMBnttranss,"SMBnttranss", 0, DEFDESCRIPT}, 600 601 {SMBntcreateX,"SMBntcreateX", FLG_CHAIN, 602 {"Com2=[w]\nOff2=[d]\nRes=[b]\nNameLen=[d]\nFlags=[W]\nRootDirectoryFid=[D]\nAccessMask=[W]\nAllocationSize=[L]\nExtFileAttributes=[W]\nShareAccess=[W]\nCreateDisposition=[W]\nCreateOptions=[W]\nImpersonationLevel=[W]\nSecurityFlags=[b]\n","Path=[S]\n", 603 "Com2=[w]\nOff2=[d]\nOplockLevel=[b]\nFid=[d]\nCreateAction=[W]\nCreateTime=[T3]LastAccessTime=[T3]LastWriteTime=[T3]ChangeTime=[T3]ExtFileAttributes=[W]\nAllocationSize=[L]\nEndOfFile=[L]\nFileType=[w]\nDeviceState=[w]\nDirectory=[b]\n", NULL}}, 604 605 {SMBntcancel,"SMBntcancel", 0, DEFDESCRIPT}, 606 607 {-1,NULL,0,DEFDESCRIPT}}; 608 609 610 /******************************************************************* 611 print a SMB message 612 ********************************************************************/ 613 static void print_smb(const uchar *buf, const uchar *maxbuf) 614 { 615 int command; 616 const uchar *words, *data; 617 struct smbfns *fn; 618 char *fmt_smbheader = 619 "[P4]SMB Command = [B]\nError class = [BP1]\nError code = [d]\nFlags1 = [B]\nFlags2 = [B][P13]\nTree ID = [d]\nProc ID = [d]\nUID = [d]\nMID = [d]\nWord Count = [b]\n"; 620 621 request = (CVAL(buf,9)&0x80)?0:1; 622 623 command = CVAL(buf,4); 624 625 fn = smbfind(command,smb_fns); 626 627 printf("\nSMB PACKET: %s (%s)\n",fn->name,request?"REQUEST":"REPLY"); 628 629 if (vflag == 0) return; 630 631 /* print out the header */ 632 fdata(buf,fmt_smbheader,buf+33); 633 634 if (CVAL(buf,5)) { 635 int class = CVAL(buf,5); 636 int num = SVAL(buf,7); 637 printf("SMBError = %s\n",smb_errstr(class,num)); 638 } 639 640 words = buf+32; 641 data = words + 1 + CVAL(words,0)*2; 642 643 644 while (words && data) 645 { 646 char *f1,*f2; 647 int wct = CVAL(words,0); 648 649 if (request) { 650 f1 = fn->descript.req_f1; 651 f2 = fn->descript.req_f2; 652 } else { 653 f1 = fn->descript.rep_f1; 654 f2 = fn->descript.rep_f2; 655 } 656 657 if (fn->descript.fn) { 658 fn->descript.fn(words,data,buf,maxbuf); 659 } else { 660 if (f1) { 661 printf("smbvwv[]=\n"); 662 fdata(words+1,f1,words + 1 + wct*2); 663 } else if (wct) { 664 int i; 665 int v; 666 printf("smbvwv[]=\n"); 667 for (i=0;i<wct;i++) { 668 v = SVAL(words+1,2*i); 669 printf("smb_vwv[%d]=%d (0x%X)\n",i,v,v); 670 } 671 } 672 673 if (f2) { 674 printf("smbbuf[]=\n"); 675 fdata(data+2,f2,maxbuf); 676 } else { 677 int bcc = SVAL(data,0); 678 printf("smb_bcc=%d\n",bcc); 679 if (bcc>0) { 680 printf("smb_buf[]=\n"); 681 print_data(data + 2, MIN(bcc,PTR_DIFF(maxbuf,data+2))); 682 } 683 } 684 } 685 686 if ((fn->flags & FLG_CHAIN) && CVAL(words,0) && SVAL(words,1)!=0xFF) { 687 command = SVAL(words,1); 688 words = buf + SVAL(words,3); 689 data = words + 1 + CVAL(words,0)*2; 690 691 fn = smbfind(command,smb_fns); 692 693 printf("\nSMB PACKET: %s (%s) (CHAINED)\n",fn->name,request?"REQUEST":"REPLY"); 694 } else { 695 words = data = NULL; 696 } 697 } 698 699 printf("\n"); 700 } 701 702 703 /* 704 print a NBT packet received across tcp on port 139 705 */ 706 void nbt_tcp_print(const uchar *data,int length) 707 { 708 const uchar *maxbuf = data + length; 709 int flags = CVAL(data,0); 710 int nbt_len = RSVAL(data,2); 711 712 startbuf = data; 713 if (maxbuf <= data) return; 714 715 printf("\n>>> NBT Packet\n"); 716 717 switch (flags) { 718 case 1: 719 printf("flags=0x%x\n", flags); 720 case 0: 721 data = fdata(data,"NBT Session Packet\nFlags=[rw]\nLength=[rd]\n",data+4); 722 if (memcmp(data,"\377SMB",4)==0) { 723 if (nbt_len>PTR_DIFF(maxbuf,data)) 724 printf("WARNING: Short packet. Try increasing the snap length (%ld)\n", 725 PTR_DIFF(maxbuf,data)); 726 print_smb(data,maxbuf>data+nbt_len?data+nbt_len:maxbuf); 727 } else { 728 printf("Session packet:(raw data?)\n"); 729 } 730 break; 731 732 case 0x81: 733 data = fdata(data,"NBT Session Request\nFlags=[rW]\nDestination=[n1]\nSource=[n1]\n",maxbuf); 734 break; 735 736 case 0x82: 737 data = fdata(data,"NBT Session Granted\nFlags=[rW]\n",maxbuf); 738 break; 739 740 case 0x83: 741 { 742 int ecode = CVAL(data,4); 743 data = fdata(data,"NBT SessionReject\nFlags=[rW]\nReason=[B]\n",maxbuf); 744 switch (ecode) { 745 case 0x80: 746 printf("Not listening on called name\n"); 747 break; 748 case 0x81: 749 printf("Not listening for calling name\n"); 750 break; 751 case 0x82: 752 printf("Called name not present\n"); 753 break; 754 case 0x83: 755 printf("Called name present, but insufficient resources\n"); 756 break; 757 default: 758 printf("Unspecified error 0x%X\n",ecode); 759 break; 760 } 761 } 762 break; 763 764 case 0x85: 765 data = fdata(data,"NBT Session Keepalive\nFlags=[rW]\n",maxbuf); 766 break; 767 768 default: 769 printf("flags=0x%x\n", flags); 770 data = fdata(data,"NBT - Unknown packet type\nType=[rW]\n",maxbuf); 771 } 772 printf("\n"); 773 fflush(stdout); 774 } 775 776 777 /* 778 print a NBT packet received across udp on port 137 779 */ 780 void nbt_udp137_print(const uchar *data, int length) 781 { 782 const uchar *maxbuf = data + length; 783 int name_trn_id = RSVAL(data,0); 784 int response = (CVAL(data,2)>>7); 785 int opcode = (CVAL(data,2) >> 3) & 0xF; 786 int nm_flags = ((CVAL(data,2) & 0x7) << 4) + (CVAL(data,3)>>4); 787 int rcode = CVAL(data,3) & 0xF; 788 int qdcount = RSVAL(data,4); 789 int ancount = RSVAL(data,6); 790 int nscount = RSVAL(data,8); 791 int arcount = RSVAL(data,10); 792 char des[1024]; 793 char *opcodestr="OPUNKNOWN"; 794 const char *p; 795 796 startbuf = data; 797 798 if (maxbuf <= data) return; 799 800 strcpy(des,"\n>>> NBT UDP PACKET(137): "); 801 802 switch (opcode) { 803 case 0: opcodestr = "QUERY"; break; 804 case 5: opcodestr = "REGISTRATION"; break; 805 case 6: opcodestr = "RELEASE"; break; 806 case 7: opcodestr = "WACK"; break; 807 case 8: opcodestr = "REFRESH(8)"; break; 808 case 9: opcodestr = "REFRESH"; break; 809 } 810 strcat(des,opcodestr); 811 if (response) { 812 if (rcode) 813 strcat(des,"; NEGATIVE"); 814 else 815 strcat(des,"; POSITIVE"); 816 } 817 818 if (response) 819 strcat(des,"; RESPONSE"); 820 else 821 strcat(des,"; REQUEST"); 822 823 if (nm_flags&1) 824 strcat(des,"; BROADCAST"); 825 else 826 strcat(des,"; UNICAST"); 827 828 printf("%s", des); 829 830 if (vflag == 0) return; 831 832 printf("\nTrnID=0x%X\nOpCode=%d\nNmFlags=0x%X\nRcode=%d\nQueryCount=%d\nAnswerCount=%d\nAuthorityCount=%d\nAddressRecCount=%d\n", 833 name_trn_id,opcode,nm_flags,rcode,qdcount,ancount,nscount,arcount); 834 835 p = data + 12; 836 837 { 838 int total = ancount+nscount+arcount; 839 int i; 840 841 if (qdcount>100 || total>100) { 842 printf("Corrupt packet??\n"); 843 return; 844 } 845 846 if (qdcount) { 847 printf("QuestionRecords:\n"); 848 for (i=0;i<qdcount;i++) 849 p = fdata(p,"|Name=[n1]\nQuestionType=[rw]\nQuestionClass=[rw]\n#",maxbuf); 850 } 851 852 if (total) { 853 printf("\nResourceRecords:\n"); 854 for (i=0;i<total;i++) { 855 int rdlen; 856 int restype; 857 p = fdata(p,"Name=[n1]\n#",maxbuf); 858 restype = RSVAL(p,0); 859 p = fdata(p,"ResType=[rw]\nResClass=[rw]\nTTL=[rD]\n",p+8); 860 rdlen = RSVAL(p,0); 861 printf("ResourceLength=%d\nResourceData=\n",rdlen); 862 p += 2; 863 if (rdlen == 6) { 864 p = fdata(p,"AddrType=[rw]\nAddress=[b.b.b.b]\n",p+rdlen); 865 } else { 866 if (restype == 0x21) { 867 int numnames = CVAL(p,0); 868 p = fdata(p,"NumNames=[B]\n",p+1); 869 while (numnames--) { 870 char flags[128]=""; 871 p = fdata(p,"Name=[n2]\t#",maxbuf); 872 if (p[0] & 0x80) strcat(flags,"<GROUP> "); 873 if ((p[0] & 0x60) == 0x00) strcat(flags,"B "); 874 if ((p[0] & 0x60) == 0x20) strcat(flags,"P "); 875 if ((p[0] & 0x60) == 0x40) strcat(flags,"M "); 876 if ((p[0] & 0x60) == 0x60) strcat(flags,"_ "); 877 if (p[0] & 0x10) strcat(flags,"<DEREGISTERING> "); 878 if (p[0] & 0x08) strcat(flags,"<CONFLICT> "); 879 if (p[0] & 0x04) strcat(flags,"<ACTIVE> "); 880 if (p[0] & 0x02) strcat(flags,"<PERMANENT> "); 881 printf("%s\n",flags); 882 p += 2; 883 } 884 } else { 885 print_data(p,rdlen); 886 p += rdlen; 887 } 888 } 889 } 890 } 891 } 892 893 if ((uchar*)p < maxbuf) { 894 fdata(p,"AdditionalData:\n",maxbuf); 895 } 896 897 printf("\n"); 898 fflush(stdout); 899 } 900 901 902 903 /* 904 print a NBT packet received across udp on port 138 905 */ 906 void nbt_udp138_print(const uchar *data, int length) 907 { 908 const uchar *maxbuf = data + length; 909 startbuf = data; 910 if (maxbuf <= data) return; 911 912 data = fdata(data,"\n>>> NBT UDP PACKET(138) Res=[rw] ID=[rw] IP=[b.b.b.b] Port=[rd] Length=[rd] Res2=[rw]\nSourceName=[n1]\nDestName=[n1]\n#",maxbuf); 913 914 print_smb(data,maxbuf); 915 916 printf("\n"); 917 fflush(stdout); 918 } 919 920 921 922 /* 923 print netbeui frames 924 */ 925 void netbeui_print(const uchar *data, const uchar *maxbuf) 926 { 927 int len = SVAL(data,1); 928 int command = CVAL(data,5); 929 const uchar *data2 = data + 1 + len; 930 931 startbuf = data; 932 933 data = fdata(data,"\n>>> NetBeui Packet\nType=[B] Length=[d] Signature=[w] Command=[B]\n#",maxbuf); 934 935 switch (command) { 936 case 0xA: 937 data = fdata(data,"NameQuery:[P1]\nSessionNumber=[B]\nNameType=[B][P2]\nResponseCorrelator=[w]\nDestination=[n2]\nSource=[n2]\n",data2); 938 break; 939 940 case 0x8: 941 data = fdata(data,"NetbiosDataGram:[P7]\nDestination=[n2]\nSource=[n2]\n",data2); 942 break; 943 944 case 0xE: 945 data = fdata(data,"NameRecognise:\n[P1]\nData2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nDestination=[n2]\nSource=[n2]\n",data2); 946 break; 947 948 case 0x19: 949 data = fdata(data,"SessionInitialise:\nData1=[B]\nData2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n",data2); 950 break; 951 952 case 0x17: 953 data = fdata(data,"SessionConfirm:\nData1=[B]\nData2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n",data2); 954 break; 955 956 case 0x16: 957 data = fdata(data,"NetbiosDataOnlyLast:\nFlags=[{|NO_ACK|PIGGYBACK_ACK_ALLOWED|PIGGYBACK_ACK_INCLUDED|}]\nResyncIndicator=[w][P2]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n",data2); 958 break; 959 960 case 0x14: 961 data = fdata(data,"NetbiosDataAck:\n[P3]TransmitCorrelator=[w][P2]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n",data2); 962 break; 963 964 case 0x18: 965 data = fdata(data,"SessionEnd:\n[P1]Data2=[w][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n",data2); 966 break; 967 968 default: 969 data = fdata(data,"Unknown Netbios Command ",data2); 970 break; 971 } 972 973 if (memcmp(data2,"\377SMB",4)==0) { 974 print_smb(data2,maxbuf); 975 } else { 976 int i; 977 for (i=0;i<128;i++) { 978 if (memcmp(&data2[i],"\377SMB",4)==0) { 979 printf("found SMB packet at %d\n", i); 980 print_smb(&data2[i],maxbuf); 981 break; 982 } 983 } 984 } 985 986 printf("\n"); 987 } 988 989 990 /* 991 print IPX-Netbios frames 992 */ 993 void ipx_netbios_print(const uchar *data, const uchar *maxbuf) 994 { 995 /* this is a hack till I work out how to parse the rest of the IPX stuff */ 996 int i; 997 startbuf = data; 998 for (i=0;i<128;i++) 999 if (memcmp(&data[i],"\377SMB",4)==0) { 1000 fdata(data,"\n>>> IPX transport ",&data[i]); 1001 print_smb(&data[i],maxbuf); 1002 printf("\n"); 1003 fflush(stdout); 1004 break; 1005 } 1006 if (i==128) 1007 fdata(data,"\n>>> Unknown IPX ",maxbuf); 1008 } 1009