17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
54bb0471cSblu * Common Development and Distribution License (the "License").
64bb0471cSblu * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
22*741913f0SGordon Ross * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
234bb0471cSblu * Use is subject to license terms.
24*741913f0SGordon Ross *
25*741913f0SGordon Ross * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
267c478bd9Sstevel@tonic-gate */
277c478bd9Sstevel@tonic-gate
287c478bd9Sstevel@tonic-gate /*
297c478bd9Sstevel@tonic-gate * References used throughout this code:
307c478bd9Sstevel@tonic-gate *
317c478bd9Sstevel@tonic-gate * [CIFS/1.0] : A Common Internet File System (CIFS/1.0) Protocol
327c478bd9Sstevel@tonic-gate * Internet Engineering Task Force (IETF) draft
337c478bd9Sstevel@tonic-gate * Paul J. Leach, Microsoft, Dec. 1997
347c478bd9Sstevel@tonic-gate *
357c478bd9Sstevel@tonic-gate * [X/Open-SMB] : X/Open CAE Specification;
367c478bd9Sstevel@tonic-gate * Protocols for X/Open PC Interworking: SMB, Version 2
377c478bd9Sstevel@tonic-gate * X/Open Document Number: C209
387c478bd9Sstevel@tonic-gate */
397c478bd9Sstevel@tonic-gate
407c478bd9Sstevel@tonic-gate #include <fcntl.h>
41*741913f0SGordon Ross #include <stdarg.h>
427c478bd9Sstevel@tonic-gate #include <stdio.h>
437c478bd9Sstevel@tonic-gate #include <stdlib.h>
447c478bd9Sstevel@tonic-gate #include <string.h>
457c478bd9Sstevel@tonic-gate
467c478bd9Sstevel@tonic-gate #include "snoop.h"
477c478bd9Sstevel@tonic-gate
487c478bd9Sstevel@tonic-gate /*
497c478bd9Sstevel@tonic-gate * SMB Format (header)
507c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 5.1]
517c478bd9Sstevel@tonic-gate */
527c478bd9Sstevel@tonic-gate struct smb {
537c478bd9Sstevel@tonic-gate uchar_t idf[4]; /* identifier, contains 0xff, 'SMB' */
547c478bd9Sstevel@tonic-gate uchar_t com; /* command code */
55*741913f0SGordon Ross uchar_t err[4]; /* NT Status, or error class+code */
567c478bd9Sstevel@tonic-gate uchar_t flags;
577c478bd9Sstevel@tonic-gate uchar_t flags2[2];
587c478bd9Sstevel@tonic-gate uchar_t re[12];
597c478bd9Sstevel@tonic-gate uchar_t tid[2];
607c478bd9Sstevel@tonic-gate uchar_t pid[2];
617c478bd9Sstevel@tonic-gate uchar_t uid[2];
627c478bd9Sstevel@tonic-gate uchar_t mid[2];
637c478bd9Sstevel@tonic-gate /*
647c478bd9Sstevel@tonic-gate * immediately after the above 32 byte header:
657c478bd9Sstevel@tonic-gate * unsigned char WordCount;
667c478bd9Sstevel@tonic-gate * unsigned short ParameterWords[ WordCount ];
677c478bd9Sstevel@tonic-gate * unsigned short ByteCount;
687c478bd9Sstevel@tonic-gate * unsigned char ParameterBytes[ ByteCount ];
697c478bd9Sstevel@tonic-gate */
707c478bd9Sstevel@tonic-gate };
717c478bd9Sstevel@tonic-gate
727c478bd9Sstevel@tonic-gate /* smb flags */
737c478bd9Sstevel@tonic-gate #define SERVER_RESPONSE 0x80
747c478bd9Sstevel@tonic-gate
75*741913f0SGordon Ross /* smb flags2 */
76*741913f0SGordon Ross #define FLAGS2_EXT_SEC 0x0800 /* Extended security */
77*741913f0SGordon Ross #define FLAGS2_NT_STATUS 0x4000 /* NT status codes */
78*741913f0SGordon Ross #define FLAGS2_UNICODE 0x8000 /* String are Unicode */
79*741913f0SGordon Ross
80*741913f0SGordon Ross static void interpret_sesssetupX(int, uchar_t *, int, char *, int);
81*741913f0SGordon Ross static void interpret_tconX(int, uchar_t *, int, char *, int);
82*741913f0SGordon Ross static void interpret_trans(int, uchar_t *, int, char *, int);
83*741913f0SGordon Ross static void interpret_trans2(int, uchar_t *, int, char *, int);
84*741913f0SGordon Ross static void interpret_negprot(int, uchar_t *, int, char *, int);
85*741913f0SGordon Ross static void interpret_default(int, uchar_t *, int, char *, int);
867c478bd9Sstevel@tonic-gate
877c478bd9Sstevel@tonic-gate /*
887c478bd9Sstevel@tonic-gate * Trans2 subcommand codes
897c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 16.1.7]
907c478bd9Sstevel@tonic-gate */
917c478bd9Sstevel@tonic-gate #define TRANS2_OPEN 0x00
927c478bd9Sstevel@tonic-gate #define TRANS2_FIND_FIRST 0x01
937c478bd9Sstevel@tonic-gate #define TRANS2_FIND_NEXT2 0x02
947c478bd9Sstevel@tonic-gate #define TRANS2_QUERY_FS_INFORMATION 0x03
957c478bd9Sstevel@tonic-gate #define TRANS2_QUERY_PATH_INFORMATION 0x05
967c478bd9Sstevel@tonic-gate #define TRANS2_SET_PATH_INFORMATION 0x06
977c478bd9Sstevel@tonic-gate #define TRANS2_QUERY_FILE_INFORMATION 0x07
987c478bd9Sstevel@tonic-gate #define TRANS2_SET_FILE_INFORMATION 0x08
997c478bd9Sstevel@tonic-gate #define TRANS2_CREATE_DIRECTORY 0x0D
1007c478bd9Sstevel@tonic-gate
1017c478bd9Sstevel@tonic-gate
1027c478bd9Sstevel@tonic-gate struct decode {
1037c478bd9Sstevel@tonic-gate char *name;
104*741913f0SGordon Ross void (*func)(int, uchar_t *, int, char *, int);
1057c478bd9Sstevel@tonic-gate char *callfmt;
1067c478bd9Sstevel@tonic-gate char *replyfmt;
1077c478bd9Sstevel@tonic-gate };
1087c478bd9Sstevel@tonic-gate
1097c478bd9Sstevel@tonic-gate /*
1107c478bd9Sstevel@tonic-gate * SMB command codes (function names)
1117c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 5.2]
1127c478bd9Sstevel@tonic-gate */
1137c478bd9Sstevel@tonic-gate static struct decode SMBtable[256] = {
1147c478bd9Sstevel@tonic-gate /* 0x00 */
1157c478bd9Sstevel@tonic-gate { "mkdir", 0, 0, 0 },
1167c478bd9Sstevel@tonic-gate { "rmdir", 0, 0, 0 },
1177c478bd9Sstevel@tonic-gate { "open", 0, 0, 0 },
1187c478bd9Sstevel@tonic-gate { "create", 0, 0, 0 },
1197c478bd9Sstevel@tonic-gate
1207c478bd9Sstevel@tonic-gate {
1217c478bd9Sstevel@tonic-gate "close", 0,
1227c478bd9Sstevel@tonic-gate /* [X/Open-SMB, Sec. 7.10] */
123*741913f0SGordon Ross "WFileID\0"
124*741913f0SGordon Ross "lLastModTime\0"
125*741913f0SGordon Ross "dByteCount\0\0",
126*741913f0SGordon Ross "dByteCount\0\0"
1277c478bd9Sstevel@tonic-gate },
1287c478bd9Sstevel@tonic-gate
1297c478bd9Sstevel@tonic-gate { "flush", 0, 0, 0 },
1307c478bd9Sstevel@tonic-gate { "unlink", 0, 0, 0 },
1317c478bd9Sstevel@tonic-gate
1327c478bd9Sstevel@tonic-gate {
133*741913f0SGordon Ross "move", 0,
1347c478bd9Sstevel@tonic-gate /* [X/Open-SMB, Sec. 7.11] */
135*741913f0SGordon Ross "wFileAttributes\0"
136*741913f0SGordon Ross "dByteCount\0r\0"
137*741913f0SGordon Ross "UFileName\0r\0"
138*741913f0SGordon Ross "UNewPath\0\0",
139*741913f0SGordon Ross "dByteCount\0\0"
1407c478bd9Sstevel@tonic-gate },
1417c478bd9Sstevel@tonic-gate
1427c478bd9Sstevel@tonic-gate {
1437c478bd9Sstevel@tonic-gate "getatr", 0,
1447c478bd9Sstevel@tonic-gate /* [X/Open-SMB, Sec. 8.4] */
145*741913f0SGordon Ross "dBytecount\0r\0"
146*741913f0SGordon Ross "UFileName\0\0",
147*741913f0SGordon Ross "wFileAttributes\0"
148*741913f0SGordon Ross "lTime\0"
149*741913f0SGordon Ross "lSize\0"
150*741913f0SGordon Ross "R\0R\0R\0R\0R\0"
151*741913f0SGordon Ross "dByteCount\0\0"
1527c478bd9Sstevel@tonic-gate },
1537c478bd9Sstevel@tonic-gate
1547c478bd9Sstevel@tonic-gate { "setatr", 0, 0, 0 },
1557c478bd9Sstevel@tonic-gate
1567c478bd9Sstevel@tonic-gate {
1577c478bd9Sstevel@tonic-gate "read", 0,
1587c478bd9Sstevel@tonic-gate /* [X/Open-SMB, Sec. 7.4] */
159*741913f0SGordon Ross "WFileID\0"
160*741913f0SGordon Ross "wI/0 Bytes\0"
161*741913f0SGordon Ross "LFileOffset\0"
162*741913f0SGordon Ross "WBytesLeft\0"
163*741913f0SGordon Ross "dByteCount\0\0",
164*741913f0SGordon Ross "WDataLength\0"
165*741913f0SGordon Ross "R\0R\0R\0R\0"
166*741913f0SGordon Ross "dByteCount\0\0"
1677c478bd9Sstevel@tonic-gate },
1687c478bd9Sstevel@tonic-gate
1697c478bd9Sstevel@tonic-gate {
1707c478bd9Sstevel@tonic-gate "write", 0,
1717c478bd9Sstevel@tonic-gate /* [X/Open-SMB, Sec. 7.5] */
172*741913f0SGordon Ross "WFileID\0"
173*741913f0SGordon Ross "wI/0 Bytes\0"
174*741913f0SGordon Ross "LFileOffset\0"
175*741913f0SGordon Ross "WBytesLeft\0"
176*741913f0SGordon Ross "dByteCount\0\0",
177*741913f0SGordon Ross "WDataLength\0"
178*741913f0SGordon Ross "dByteCount\0\0"
1797c478bd9Sstevel@tonic-gate },
1807c478bd9Sstevel@tonic-gate
1817c478bd9Sstevel@tonic-gate { "lock", 0, 0, 0 },
1827c478bd9Sstevel@tonic-gate { "unlock", 0, 0, 0 },
1837c478bd9Sstevel@tonic-gate { "ctemp", 0, 0, 0 },
1847c478bd9Sstevel@tonic-gate { "mknew", 0, 0, 0 },
1857c478bd9Sstevel@tonic-gate
1867c478bd9Sstevel@tonic-gate /* 0x10 */
1877c478bd9Sstevel@tonic-gate {
1887c478bd9Sstevel@tonic-gate "chkpth", 0,
1897c478bd9Sstevel@tonic-gate /* [X/Open-SMB, Sec. 8.7] */
190*741913f0SGordon Ross "dByteCount\0r\0"
191*741913f0SGordon Ross "UFile\0\0",
192*741913f0SGordon Ross "dByteCount\0\0"
1937c478bd9Sstevel@tonic-gate },
1947c478bd9Sstevel@tonic-gate
1957c478bd9Sstevel@tonic-gate { "exit", 0, 0, 0 },
1967c478bd9Sstevel@tonic-gate { "lseek", 0, 0, 0 },
1977c478bd9Sstevel@tonic-gate { "lockread", 0, 0, 0 },
1987c478bd9Sstevel@tonic-gate { "writeunlock", 0, 0, 0 },
1997c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
2007c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
2017c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
2027c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
2037c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
2047c478bd9Sstevel@tonic-gate
2057c478bd9Sstevel@tonic-gate {
2067c478bd9Sstevel@tonic-gate "readbraw", 0,
2077c478bd9Sstevel@tonic-gate /* [X/Open-SMB, Sec. 10.1] */
208*741913f0SGordon Ross "WFileID\0"
209*741913f0SGordon Ross "LFileOffset\0"
210*741913f0SGordon Ross "wMaxCount\0"
211*741913f0SGordon Ross "wMinCount\0"
212*741913f0SGordon Ross "lTimeout\0R\0"
213*741913f0SGordon Ross "dByteCount\0\0", 0
2147c478bd9Sstevel@tonic-gate },
2157c478bd9Sstevel@tonic-gate
2167c478bd9Sstevel@tonic-gate { "readbmpx", 0, 0, 0 },
2177c478bd9Sstevel@tonic-gate { "readbs", 0, 0, 0 },
2187c478bd9Sstevel@tonic-gate { "writebraw", 0, 0, 0 },
2197c478bd9Sstevel@tonic-gate { "writebmpx", 0, 0, 0 },
2207c478bd9Sstevel@tonic-gate { "writebs", 0, 0, 0 },
2217c478bd9Sstevel@tonic-gate
2227c478bd9Sstevel@tonic-gate /* 0x20 */
2237c478bd9Sstevel@tonic-gate { "writec", 0, 0, 0 },
2247c478bd9Sstevel@tonic-gate { "qrysrv", 0, 0, 0 },
2257c478bd9Sstevel@tonic-gate { "setattrE", 0, 0, 0 },
2267c478bd9Sstevel@tonic-gate { "getattrE", 0, 0, 0 },
2277c478bd9Sstevel@tonic-gate
2287c478bd9Sstevel@tonic-gate {
2297c478bd9Sstevel@tonic-gate "lockingX", 0,
2307c478bd9Sstevel@tonic-gate /* [X/Open-SMB, Sec. 12.2] */
231*741913f0SGordon Ross "wChainedCommand\0"
232*741913f0SGordon Ross "wNextOffset\0"
233*741913f0SGordon Ross "WFileID\0"
234*741913f0SGordon Ross "wLockType\0"
235*741913f0SGordon Ross "lOpenTimeout\0"
236*741913f0SGordon Ross "W#Unlocks\0"
237*741913f0SGordon Ross "W#Locks\0"
238*741913f0SGordon Ross "dByteCount\0\0", 0
2397c478bd9Sstevel@tonic-gate },
2407c478bd9Sstevel@tonic-gate
2417c478bd9Sstevel@tonic-gate { "trans", interpret_trans, 0, 0 },
2427c478bd9Sstevel@tonic-gate { "transs", 0, 0, 0 },
2437c478bd9Sstevel@tonic-gate { "ioctl", 0, 0, 0 },
2447c478bd9Sstevel@tonic-gate { "ioctls", 0, 0, 0 },
2457c478bd9Sstevel@tonic-gate { "copy", 0, 0, 0 },
2467c478bd9Sstevel@tonic-gate { "move", 0, 0, 0 },
2477c478bd9Sstevel@tonic-gate { "echo", 0, 0, 0 },
2487c478bd9Sstevel@tonic-gate { "writeclose", 0, 0, 0 },
2497c478bd9Sstevel@tonic-gate
2507c478bd9Sstevel@tonic-gate {
2517c478bd9Sstevel@tonic-gate /* [X/Open-SMB, Sec. 12.1] */
252*741913f0SGordon Ross "openX", 0,
253*741913f0SGordon Ross /* call */
254*741913f0SGordon Ross "wChainedCommand\0"
255*741913f0SGordon Ross "wNextOffset\0"
256*741913f0SGordon Ross "wFlags\0"
257*741913f0SGordon Ross "wMode\0"
258*741913f0SGordon Ross "wSearchAttributes\0"
259*741913f0SGordon Ross "wFileAttributes\0"
260*741913f0SGordon Ross "lTime\0"
261*741913f0SGordon Ross "wOpenFunction\0"
262*741913f0SGordon Ross "lFileSize\0"
263*741913f0SGordon Ross "lOpenTimeout\0R\0R\0"
264*741913f0SGordon Ross "dByteCount\0r\0"
265*741913f0SGordon Ross "UFileName\0\0",
266*741913f0SGordon Ross /* reply */
267*741913f0SGordon Ross "wChainedCommand\0"
268*741913f0SGordon Ross "wNextOffset\0"
269*741913f0SGordon Ross "WFileID\0"
270*741913f0SGordon Ross "wAttributes\0"
271*741913f0SGordon Ross "lTime\0"
272*741913f0SGordon Ross "LSize\0"
273*741913f0SGordon Ross "wOpenMode\0"
274*741913f0SGordon Ross "wFileType\0"
275*741913f0SGordon Ross "wDeviceState\0"
276*741913f0SGordon Ross "wActionTaken\0"
277*741913f0SGordon Ross "lUniqueFileID\0R\0"
278*741913f0SGordon Ross "wBytecount\0\0"
2797c478bd9Sstevel@tonic-gate },
2807c478bd9Sstevel@tonic-gate
281*741913f0SGordon Ross {
282*741913f0SGordon Ross /* [CIFS 4.2.4] */
283*741913f0SGordon Ross "readX", 0,
284*741913f0SGordon Ross /* call */
285*741913f0SGordon Ross "wChainedCommand\0"
286*741913f0SGordon Ross "wNextOffset\0"
287*741913f0SGordon Ross "WFileID\0"
288*741913f0SGordon Ross "LOffset\0"
289*741913f0SGordon Ross "DMaxCount\0"
290*741913f0SGordon Ross "dMinCount\0"
291*741913f0SGordon Ross "dMaxCountHigh\0"
292*741913f0SGordon Ross "R\0"
293*741913f0SGordon Ross "wRemaining\0"
294*741913f0SGordon Ross "lOffsetHigh\0"
295*741913f0SGordon Ross "dByteCount\0\0",
296*741913f0SGordon Ross /* reply */
297*741913f0SGordon Ross "wChainedCommand\0"
298*741913f0SGordon Ross "wNextOffset\0"
299*741913f0SGordon Ross "dRemaining\0R\0R\0"
300*741913f0SGordon Ross "DCount\0"
301*741913f0SGordon Ross "dDataOffset\0"
302*741913f0SGordon Ross "dCountHigh\0"
303*741913f0SGordon Ross "R\0R\0R\0R\0"
304*741913f0SGordon Ross "dByteCount\0\0"
305*741913f0SGordon Ross },
306*741913f0SGordon Ross
307*741913f0SGordon Ross {
308*741913f0SGordon Ross /* [CIFS 4.2.5] */
309*741913f0SGordon Ross "writeX", 0,
310*741913f0SGordon Ross /* call */
311*741913f0SGordon Ross "wChainedCommand\0"
312*741913f0SGordon Ross "wNextOffset\0"
313*741913f0SGordon Ross "WFileID\0"
314*741913f0SGordon Ross "LOffset\0R\0R\0"
315*741913f0SGordon Ross "wWriteMode\0"
316*741913f0SGordon Ross "wRemaining\0"
317*741913f0SGordon Ross "dDataLenHigh\0"
318*741913f0SGordon Ross "DDataLen\0"
319*741913f0SGordon Ross "dDataOffset\0"
320*741913f0SGordon Ross "lOffsetHigh\0\0",
321*741913f0SGordon Ross /* reply */
322*741913f0SGordon Ross "wChainedCommand\0"
323*741913f0SGordon Ross "wNextOffset\0"
324*741913f0SGordon Ross "DCount\0"
325*741913f0SGordon Ross "wRemaining\0"
326*741913f0SGordon Ross "wCountHigh\0\0"
327*741913f0SGordon Ross },
3287c478bd9Sstevel@tonic-gate
3297c478bd9Sstevel@tonic-gate /* 0x30 */
3307c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3317c478bd9Sstevel@tonic-gate { "closeTD", 0, 0, 0 },
3327c478bd9Sstevel@tonic-gate { "trans2", interpret_trans2, 0, 0 },
3337c478bd9Sstevel@tonic-gate { "trans2s", 0, 0, 0 },
3347c478bd9Sstevel@tonic-gate {
3357c478bd9Sstevel@tonic-gate "findclose", 0,
3367c478bd9Sstevel@tonic-gate /* [X/Open-SMB, Sec. 15.4 ] */
337*741913f0SGordon Ross "WFileID\0"
338*741913f0SGordon Ross "dByteCount\0\0",
339*741913f0SGordon Ross "dByteCount\0\0"
3407c478bd9Sstevel@tonic-gate },
3417c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3427c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3437c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3447c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3457c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3467c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3477c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3487c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3497c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3507c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3517c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3527c478bd9Sstevel@tonic-gate
3537c478bd9Sstevel@tonic-gate /* 0x40 */
3547c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3557c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3567c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3577c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3587c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3597c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3607c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3617c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3627c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3637c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3647c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3657c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3667c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3677c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3687c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3697c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3707c478bd9Sstevel@tonic-gate
3717c478bd9Sstevel@tonic-gate /* 0x50 */
3727c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3737c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3747c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3757c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3767c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3777c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3787c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3797c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3807c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3817c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3827c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3837c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3847c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3857c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3867c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3877c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3887c478bd9Sstevel@tonic-gate
3897c478bd9Sstevel@tonic-gate /* 0x60 */
3907c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3917c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3927c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3937c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3947c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3957c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3967c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3977c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3987c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
3997c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4007c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4017c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4027c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4037c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4047c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4057c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4067c478bd9Sstevel@tonic-gate
4077c478bd9Sstevel@tonic-gate /* 0x70 */
4087c478bd9Sstevel@tonic-gate { "tcon", 0, 0, 0 },
4097c478bd9Sstevel@tonic-gate {
4107c478bd9Sstevel@tonic-gate "tdis", 0,
4117c478bd9Sstevel@tonic-gate /* [X/Open-SMB, Sec. 6.3] */
412*741913f0SGordon Ross "dByteCount\0\0",
413*741913f0SGordon Ross "dByteCount\0\0"
4147c478bd9Sstevel@tonic-gate },
4157c478bd9Sstevel@tonic-gate { "negprot", interpret_negprot, 0, 0 },
4167c478bd9Sstevel@tonic-gate { "sesssetupX", interpret_sesssetupX, 0, 0 },
4177c478bd9Sstevel@tonic-gate {
4187c478bd9Sstevel@tonic-gate "uloggoffX", 0,
4197c478bd9Sstevel@tonic-gate /* [X/Open-SMB, Sec. 15.5] */
420*741913f0SGordon Ross "wChainedCommand\0"
421*741913f0SGordon Ross "wNextOffset\0\0",
422*741913f0SGordon Ross "wChainedCommnad\0"
423*741913f0SGordon Ross "wNextOffset\0\0" },
4247c478bd9Sstevel@tonic-gate { "tconX", interpret_tconX, 0, 0 },
4257c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4267c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4277c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4287c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4297c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4307c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4317c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4327c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4337c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4347c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4357c478bd9Sstevel@tonic-gate
4367c478bd9Sstevel@tonic-gate /* 0x80 */
4377c478bd9Sstevel@tonic-gate { "dskattr", 0, 0, 0 },
4387c478bd9Sstevel@tonic-gate { "search", 0, 0, 0 },
4397c478bd9Sstevel@tonic-gate { "ffirst", 0, 0, 0 },
4407c478bd9Sstevel@tonic-gate { "funique", 0, 0, 0 },
4417c478bd9Sstevel@tonic-gate { "fclose", 0, 0, 0 },
4427c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4437c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4447c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4457c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4467c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4477c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4487c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4497c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4507c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4517c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4527c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4537c478bd9Sstevel@tonic-gate
4547c478bd9Sstevel@tonic-gate /* 0x90 */
4557c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4567c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4577c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4587c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4597c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4607c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4617c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4627c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4637c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4647c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4657c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4667c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4677c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4687c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4697c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4707c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
4717c478bd9Sstevel@tonic-gate
4727c478bd9Sstevel@tonic-gate /* 0xa0 */
4737c478bd9Sstevel@tonic-gate /*
4747c478bd9Sstevel@tonic-gate * Command codes 0xa0 to 0xa7 are from
4757c478bd9Sstevel@tonic-gate * [CIFS/1.0, Sec. 5.1]
4767c478bd9Sstevel@tonic-gate */
477*741913f0SGordon Ross { "_NT_Trans", 0, 0, 0 },
478*741913f0SGordon Ross { "_NT_Trans2", 0, 0, 0 },
4797c478bd9Sstevel@tonic-gate {
4807c478bd9Sstevel@tonic-gate /* [CIFS/1.0, Sec. 4.2.1] */
481*741913f0SGordon Ross "_NT_CreateX", 0,
482*741913f0SGordon Ross /* Call */
483*741913f0SGordon Ross "wChainedCommand\0"
484*741913f0SGordon Ross "wNextOffset\0r\0"
485*741913f0SGordon Ross "dNameLength\0"
486*741913f0SGordon Ross "lCreateFlags\0"
487*741913f0SGordon Ross "lRootDirFID\0"
488*741913f0SGordon Ross "lDesiredAccess\0"
489*741913f0SGordon Ross "lAllocSizeLow\0"
490*741913f0SGordon Ross "lAllocSizeHigh\0"
491*741913f0SGordon Ross "lNTFileAttributes\0"
492*741913f0SGordon Ross "lShareAccess\0"
493*741913f0SGordon Ross "lOpenDisposition\0"
494*741913f0SGordon Ross "lCreateOption\0"
495*741913f0SGordon Ross "lImpersonationLevel\0"
496*741913f0SGordon Ross "bSecurityFlags\0"
497*741913f0SGordon Ross "dByteCount\0r\0"
4987c478bd9Sstevel@tonic-gate "UFileName\0\0",
499*741913f0SGordon Ross /* Reply */
500*741913f0SGordon Ross "wChainedCommand\0"
501*741913f0SGordon Ross "wNextOffset\0"
502*741913f0SGordon Ross "bOplockLevel\0"
503*741913f0SGordon Ross "WFileID\0"
504*741913f0SGordon Ross "lCreateAction\0\0"
5057c478bd9Sstevel@tonic-gate },
5067c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5077c478bd9Sstevel@tonic-gate {
508*741913f0SGordon Ross "_NT_Cancel", 0,
5097c478bd9Sstevel@tonic-gate /* [CIFS/1.0, Sec. 4.1.8] */
510*741913f0SGordon Ross "dByteCount\0", 0
5117c478bd9Sstevel@tonic-gate },
5127c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5137c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5147c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5157c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5167c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5177c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5187c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5197c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5207c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5217c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5227c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5237c478bd9Sstevel@tonic-gate
5247c478bd9Sstevel@tonic-gate /* 0xb0 */
5257c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5267c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5277c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5287c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5297c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5307c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5317c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5327c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5337c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5347c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5357c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5367c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5377c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5387c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5397c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5407c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5417c478bd9Sstevel@tonic-gate
5427c478bd9Sstevel@tonic-gate /* 0xc0 */
5437c478bd9Sstevel@tonic-gate { "splopen", 0, 0, 0 },
5447c478bd9Sstevel@tonic-gate { "splwr", 0, 0, 0 },
5457c478bd9Sstevel@tonic-gate { "splclose", 0, 0, 0 },
5467c478bd9Sstevel@tonic-gate { "splretq", 0, 0, 0 },
5477c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5487c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5497c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5507c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5517c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5527c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5537c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5547c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5557c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5567c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5577c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5587c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5597c478bd9Sstevel@tonic-gate
5607c478bd9Sstevel@tonic-gate /* 0xd0 */
5617c478bd9Sstevel@tonic-gate { "sends", 0, 0, 0 },
5627c478bd9Sstevel@tonic-gate { "sendb", 0, 0, 0 },
5637c478bd9Sstevel@tonic-gate { "fwdname", 0, 0, 0 },
5647c478bd9Sstevel@tonic-gate { "cancelf", 0, 0, 0 },
5657c478bd9Sstevel@tonic-gate { "getmac", 0, 0, 0 },
5667c478bd9Sstevel@tonic-gate { "sendstrt", 0, 0, 0 },
5677c478bd9Sstevel@tonic-gate { "sendend", 0, 0, 0 },
5687c478bd9Sstevel@tonic-gate { "sendtxt", 0, 0, 0 },
5697c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5707c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5717c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5727c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5737c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5747c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5757c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5767c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5777c478bd9Sstevel@tonic-gate
5787c478bd9Sstevel@tonic-gate /* 0xe0 */
5797c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5807c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5817c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5827c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5837c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5847c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5857c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5867c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5877c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5887c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5897c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5907c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5917c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5927c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5937c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5947c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5957c478bd9Sstevel@tonic-gate
5967c478bd9Sstevel@tonic-gate /* 0xf0 */
5977c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5987c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
5997c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
6007c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
6017c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
6027c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
6037c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
6047c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
6057c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
6067c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
6077c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
6087c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
6097c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
6107c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
6117c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 },
6127c478bd9Sstevel@tonic-gate { 0, 0, 0, 0 }
6137c478bd9Sstevel@tonic-gate };
6147c478bd9Sstevel@tonic-gate
615*741913f0SGordon Ross /* Helpers to get values in Intel order (often mis-aligned). */
616*741913f0SGordon Ross static uint16_t
get2(uchar_t * p)6177c478bd9Sstevel@tonic-gate get2(uchar_t *p) {
6187c478bd9Sstevel@tonic-gate return (p[0] + (p[1]<<8));
6197c478bd9Sstevel@tonic-gate }
620*741913f0SGordon Ross static uint32_t
get4(uchar_t * p)6217c478bd9Sstevel@tonic-gate get4(uchar_t *p) {
6227c478bd9Sstevel@tonic-gate return (p[0] + (p[1]<<8) + (p[2]<<16) + (p[3]<<24));
6237c478bd9Sstevel@tonic-gate }
624*741913f0SGordon Ross static uint64_t
get8(uchar_t * p)625*741913f0SGordon Ross get8(uchar_t *p) {
626*741913f0SGordon Ross return (get4(p) | ((uint64_t)get4(p+4) << 32));
627*741913f0SGordon Ross }
628*741913f0SGordon Ross
629*741913f0SGordon Ross /*
630*741913f0SGordon Ross * Support displaying NT times.
631*741913f0SGordon Ross * Number of seconds between 1970 and 1601 year
632*741913f0SGordon Ross * (134774 days)
633*741913f0SGordon Ross */
634*741913f0SGordon Ross static const uint64_t DIFF1970TO1601 = 11644473600ULL;
635*741913f0SGordon Ross static const uint32_t TEN_MIL = 10000000UL;
636*741913f0SGordon Ross static char *
format_nttime(uint64_t nt_time)637*741913f0SGordon Ross format_nttime(uint64_t nt_time)
638*741913f0SGordon Ross {
639*741913f0SGordon Ross uint64_t nt_sec; /* seconds */
640*741913f0SGordon Ross uint64_t nt_tus; /* tenths of uSec. */
641*741913f0SGordon Ross uint32_t ux_nsec;
642*741913f0SGordon Ross int64_t ux_sec;
643*741913f0SGordon Ross
644*741913f0SGordon Ross /* Optimize time zero. */
645*741913f0SGordon Ross if (nt_time == 0) {
646*741913f0SGordon Ross ux_sec = 0;
647*741913f0SGordon Ross ux_nsec = 0;
648*741913f0SGordon Ross goto out;
649*741913f0SGordon Ross }
650*741913f0SGordon Ross
651*741913f0SGordon Ross nt_sec = nt_time / TEN_MIL;
652*741913f0SGordon Ross nt_tus = nt_time % TEN_MIL;
653*741913f0SGordon Ross
654*741913f0SGordon Ross if (nt_sec <= DIFF1970TO1601) {
655*741913f0SGordon Ross ux_sec = 0;
656*741913f0SGordon Ross ux_nsec = 0;
657*741913f0SGordon Ross goto out;
658*741913f0SGordon Ross }
659*741913f0SGordon Ross ux_sec = nt_sec - DIFF1970TO1601;
660*741913f0SGordon Ross ux_nsec = nt_tus * 100;
661*741913f0SGordon Ross
662*741913f0SGordon Ross out:
663*741913f0SGordon Ross return (format_time(ux_sec, ux_nsec));
664*741913f0SGordon Ross }
6657c478bd9Sstevel@tonic-gate
6667c478bd9Sstevel@tonic-gate /*
6677c478bd9Sstevel@tonic-gate * This is called by snoop_netbios.c.
6687c478bd9Sstevel@tonic-gate * This is the external entry point.
6697c478bd9Sstevel@tonic-gate */
6707c478bd9Sstevel@tonic-gate void
interpret_smb(int flags,uchar_t * data,int len)6717c478bd9Sstevel@tonic-gate interpret_smb(int flags, uchar_t *data, int len)
6727c478bd9Sstevel@tonic-gate {
6737c478bd9Sstevel@tonic-gate struct smb *smb;
6747c478bd9Sstevel@tonic-gate struct decode *decoder;
675*741913f0SGordon Ross char xtra[MAXLINE];
676*741913f0SGordon Ross ushort_t smb_flags2;
677*741913f0SGordon Ross void (*func)(int, uchar_t *, int, char *, int);
678*741913f0SGordon Ross
679*741913f0SGordon Ross if (len < sizeof (struct smb))
680*741913f0SGordon Ross return;
6817c478bd9Sstevel@tonic-gate
6827c478bd9Sstevel@tonic-gate smb = (struct smb *)data;
6837c478bd9Sstevel@tonic-gate decoder = &SMBtable[smb->com & 255];
684*741913f0SGordon Ross smb_flags2 = get2(smb->flags2);
6857c478bd9Sstevel@tonic-gate xtra[0] = '\0';
6867c478bd9Sstevel@tonic-gate
6877c478bd9Sstevel@tonic-gate /*
6887c478bd9Sstevel@tonic-gate * SMB Header description
6897c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 5.1]
6907c478bd9Sstevel@tonic-gate */
6917c478bd9Sstevel@tonic-gate if (flags & F_DTAIL) {
6927c478bd9Sstevel@tonic-gate show_header("SMB: ", "SMB Header", len);
6937c478bd9Sstevel@tonic-gate show_space();
6947c478bd9Sstevel@tonic-gate
695*741913f0SGordon Ross if (smb->flags & SERVER_RESPONSE)
696*741913f0SGordon Ross show_line("SERVER RESPONSE");
6977c478bd9Sstevel@tonic-gate else
698*741913f0SGordon Ross show_line("CLIENT REQUEST");
699*741913f0SGordon Ross
700*741913f0SGordon Ross if (decoder->name)
701*741913f0SGordon Ross show_printf("Command code = 0x%x (SMB%s)",
702*741913f0SGordon Ross smb->com, decoder->name);
703*741913f0SGordon Ross else
704*741913f0SGordon Ross show_printf("Command code = 0x%x", smb->com);
705*741913f0SGordon Ross
706*741913f0SGordon Ross /*
707*741913f0SGordon Ross * NT status or error class/code
708*741913f0SGordon Ross * [X/Open-SMB, Sec. 5.6]
709*741913f0SGordon Ross */
710*741913f0SGordon Ross if (smb_flags2 & FLAGS2_NT_STATUS) {
711*741913f0SGordon Ross show_printf("NT Status = %x", get4(smb->err));
712*741913f0SGordon Ross } else {
713*741913f0SGordon Ross /* Error classes [X/Open-SMB, Sec. 5.6] */
714*741913f0SGordon Ross show_printf("Error class/code = %d/%d",
715*741913f0SGordon Ross smb->err[0], get2(&smb->err[2]));
716*741913f0SGordon Ross }
717*741913f0SGordon Ross
718*741913f0SGordon Ross show_printf("Flags summary = 0x%.2x", smb->flags);
719*741913f0SGordon Ross show_printf("Flags2 summary = 0x%.4x", smb_flags2);
720*741913f0SGordon Ross show_printf("Tree ID (TID) = 0x%.4x", get2(smb->tid));
721*741913f0SGordon Ross show_printf("Proc. ID (PID) = 0x%.4x", get2(smb->pid));
722*741913f0SGordon Ross show_printf("User ID (UID) = 0x%.4x", get2(smb->uid));
723*741913f0SGordon Ross show_printf("Mux. ID (MID) = 0x%.4x", get2(smb->mid));
724*741913f0SGordon Ross show_space();
725*741913f0SGordon Ross }
726*741913f0SGordon Ross
727*741913f0SGordon Ross if ((func = decoder->func) == NULL)
728*741913f0SGordon Ross func = interpret_default;
729*741913f0SGordon Ross (*func)(flags, (uchar_t *)data, len, xtra, sizeof (xtra));
7307c478bd9Sstevel@tonic-gate
7317c478bd9Sstevel@tonic-gate if (flags & F_SUM) {
732*741913f0SGordon Ross char *p;
733*741913f0SGordon Ross int sz, tl;
7347c478bd9Sstevel@tonic-gate
735*741913f0SGordon Ross /* Will advance p and decr. sz */
736*741913f0SGordon Ross p = get_sum_line();
737*741913f0SGordon Ross sz = MAXLINE;
7387c478bd9Sstevel@tonic-gate
739*741913f0SGordon Ross /* Call or Reply */
740*741913f0SGordon Ross if (smb->flags & SERVER_RESPONSE)
741*741913f0SGordon Ross tl = snprintf(p, sz, "SMB R");
742*741913f0SGordon Ross else
743*741913f0SGordon Ross tl = snprintf(p, sz, "SMB C");
744*741913f0SGordon Ross p += tl;
745*741913f0SGordon Ross sz -= tl;
746*741913f0SGordon Ross
747*741913f0SGordon Ross /* The name, if known, else the cmd code */
748*741913f0SGordon Ross if (decoder->name) {
749*741913f0SGordon Ross tl = snprintf(p, sz, " Cmd=SMB%s", decoder->name);
750*741913f0SGordon Ross } else {
751*741913f0SGordon Ross tl = snprintf(p, sz, " Cmd=0x%02X", smb->com);
752*741913f0SGordon Ross }
753*741913f0SGordon Ross p += tl;
754*741913f0SGordon Ross sz -= tl;
755*741913f0SGordon Ross
756*741913f0SGordon Ross /*
757*741913f0SGordon Ross * The "extra" (cmd-specific summary).
758*741913f0SGordon Ross * If non-null, has leading blank.
759*741913f0SGordon Ross */
760*741913f0SGordon Ross if (xtra[0] != '\0') {
761*741913f0SGordon Ross tl = snprintf(p, sz, "%s", xtra);
762*741913f0SGordon Ross p += tl;
763*741913f0SGordon Ross sz -= tl;
764*741913f0SGordon Ross }
765*741913f0SGordon Ross
766*741913f0SGordon Ross /*
767*741913f0SGordon Ross * NT status or error class/code
768*741913f0SGordon Ross * [X/Open-SMB, Sec. 5.6]
769*741913f0SGordon Ross *
770*741913f0SGordon Ross * Only show for response, not call.
771*741913f0SGordon Ross */
772*741913f0SGordon Ross if (smb->flags & SERVER_RESPONSE) {
773*741913f0SGordon Ross if (smb_flags2 & FLAGS2_NT_STATUS) {
774*741913f0SGordon Ross uint_t status = get4(smb->err);
775*741913f0SGordon Ross snprintf(p, sz, " Status=0x%x", status);
776*741913f0SGordon Ross } else {
777*741913f0SGordon Ross uchar_t errcl = smb->err[0];
778*741913f0SGordon Ross ushort_t code = get2(&smb->err[2]);
779*741913f0SGordon Ross snprintf(p, sz, " Error=%d/%d", errcl, code);
780*741913f0SGordon Ross }
781*741913f0SGordon Ross }
7827c478bd9Sstevel@tonic-gate }
7837c478bd9Sstevel@tonic-gate
7847c478bd9Sstevel@tonic-gate if (flags & F_DTAIL)
7857c478bd9Sstevel@tonic-gate show_trailer();
7867c478bd9Sstevel@tonic-gate }
7877c478bd9Sstevel@tonic-gate
7887c478bd9Sstevel@tonic-gate static void
output_bytes(uchar_t * data,int bytecount)7897c478bd9Sstevel@tonic-gate output_bytes(uchar_t *data, int bytecount)
7907c478bd9Sstevel@tonic-gate {
7917c478bd9Sstevel@tonic-gate int i;
7927c478bd9Sstevel@tonic-gate char buff[80];
7937c478bd9Sstevel@tonic-gate char word[10];
7947c478bd9Sstevel@tonic-gate
795*741913f0SGordon Ross (void) strlcpy(buff, " ", sizeof (buff));
7967c478bd9Sstevel@tonic-gate for (i = 0; i < bytecount; i++) {
797*741913f0SGordon Ross snprintf(word, sizeof (word), "%.2x ", data[i]);
798*741913f0SGordon Ross (void) strlcat(buff, word, sizeof (buff));
7997c478bd9Sstevel@tonic-gate if ((i+1)%16 == 0 || i == (bytecount-1)) {
800*741913f0SGordon Ross show_line(buff);
801*741913f0SGordon Ross (void) strlcpy(buff, " ", sizeof (buff));
8027c478bd9Sstevel@tonic-gate }
8037c478bd9Sstevel@tonic-gate }
8047c478bd9Sstevel@tonic-gate }
8057c478bd9Sstevel@tonic-gate
8067c478bd9Sstevel@tonic-gate /*
8077c478bd9Sstevel@tonic-gate * Based on the Unicode Standard, http://www.unicode.org/
8087c478bd9Sstevel@tonic-gate * "The Unicode Standard: A Technical Introduction", June 1998
8097c478bd9Sstevel@tonic-gate */
8107c478bd9Sstevel@tonic-gate static int
unicode2ascii(char * outstr,int outlen,uchar_t * instr,int inlen)8117c478bd9Sstevel@tonic-gate unicode2ascii(char *outstr, int outlen, uchar_t *instr, int inlen)
8127c478bd9Sstevel@tonic-gate {
8137c478bd9Sstevel@tonic-gate int i = 0, j = 0;
8147c478bd9Sstevel@tonic-gate char c;
8157c478bd9Sstevel@tonic-gate
8167c478bd9Sstevel@tonic-gate while (i < inlen && j < (outlen-1)) {
8177c478bd9Sstevel@tonic-gate /* Show unicode chars >= 256 as '?' */
8187c478bd9Sstevel@tonic-gate if (instr[i+1])
8197c478bd9Sstevel@tonic-gate c = '?';
8207c478bd9Sstevel@tonic-gate else
8217c478bd9Sstevel@tonic-gate c = instr[i];
8227c478bd9Sstevel@tonic-gate if (c == '\0')
8237c478bd9Sstevel@tonic-gate break;
8247c478bd9Sstevel@tonic-gate outstr[j] = c;
8257c478bd9Sstevel@tonic-gate i += 2;
8267c478bd9Sstevel@tonic-gate j++;
8277c478bd9Sstevel@tonic-gate }
8287c478bd9Sstevel@tonic-gate outstr[j] = '\0';
8297c478bd9Sstevel@tonic-gate return (j);
8307c478bd9Sstevel@tonic-gate }
8317c478bd9Sstevel@tonic-gate
8327c478bd9Sstevel@tonic-gate /*
833*741913f0SGordon Ross * Convenience macro to copy a string from the data,
834*741913f0SGordon Ross * either in UCS-2 or ASCII as indicated by UCS.
835*741913f0SGordon Ross * OBUF must be an array type (see sizeof) and
836*741913f0SGordon Ross * DP must be an L-value (this increments it).
837*741913f0SGordon Ross */
838*741913f0SGordon Ross #define GET_STRING(OBUF, DP, UCS) \
839*741913f0SGordon Ross { \
840*741913f0SGordon Ross int _len, _sz = sizeof (OBUF); \
841*741913f0SGordon Ross if (UCS) { \
842*741913f0SGordon Ross if (((uintptr_t)DP) & 1) \
843*741913f0SGordon Ross DP++; \
844*741913f0SGordon Ross _len = unicode2ascii(OBUF, _sz, DP, 2 * _sz); \
845*741913f0SGordon Ross DP += 2 * (_len + 1); \
846*741913f0SGordon Ross } else { \
847*741913f0SGordon Ross _len = strlcpy(OBUF, (char *)DP, _sz); \
848*741913f0SGordon Ross DP += (_len + 1); \
849*741913f0SGordon Ross } \
850*741913f0SGordon Ross }
851*741913f0SGordon Ross
852*741913f0SGordon Ross /*
8537c478bd9Sstevel@tonic-gate * TRANS2 information levels
8547c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 16.1.6]
8557c478bd9Sstevel@tonic-gate */
8567c478bd9Sstevel@tonic-gate static void
get_info_level(char * outstr,int outsz,int value)857*741913f0SGordon Ross get_info_level(char *outstr, int outsz, int value)
8587c478bd9Sstevel@tonic-gate {
8597c478bd9Sstevel@tonic-gate
8607c478bd9Sstevel@tonic-gate switch (value) {
8617c478bd9Sstevel@tonic-gate case 1:
862*741913f0SGordon Ross snprintf(outstr, outsz, "Standard");
863*741913f0SGordon Ross break;
8647c478bd9Sstevel@tonic-gate case 2:
865*741913f0SGordon Ross snprintf(outstr, outsz, "Query EA Size");
866*741913f0SGordon Ross break;
8677c478bd9Sstevel@tonic-gate case 3:
868*741913f0SGordon Ross snprintf(outstr, outsz, "Query EAS from List");
869*741913f0SGordon Ross break;
8707c478bd9Sstevel@tonic-gate case 0x101:
871*741913f0SGordon Ross snprintf(outstr, outsz, "Directory Info");
872*741913f0SGordon Ross break;
8737c478bd9Sstevel@tonic-gate case 0x102:
874*741913f0SGordon Ross snprintf(outstr, outsz, "Full Directory Info");
875*741913f0SGordon Ross break;
8767c478bd9Sstevel@tonic-gate case 0x103:
877*741913f0SGordon Ross snprintf(outstr, outsz, "Names Info");
878*741913f0SGordon Ross break;
8797c478bd9Sstevel@tonic-gate case 0x104:
880*741913f0SGordon Ross snprintf(outstr, outsz, "Both Directory Info");
881*741913f0SGordon Ross break;
8827c478bd9Sstevel@tonic-gate default:
883*741913f0SGordon Ross snprintf(outstr, outsz, "Unknown");
884*741913f0SGordon Ross break;
8857c478bd9Sstevel@tonic-gate }
8867c478bd9Sstevel@tonic-gate }
8877c478bd9Sstevel@tonic-gate
8887c478bd9Sstevel@tonic-gate /*
8897c478bd9Sstevel@tonic-gate * Interpret TRANS2_QUERY_PATH subcommand
8907c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 16.7]
8917c478bd9Sstevel@tonic-gate */
8927c478bd9Sstevel@tonic-gate /* ARGSUSED */
8937c478bd9Sstevel@tonic-gate static void
output_trans2_querypath(int flags,uchar_t * data,char * xtra,int xsz)894*741913f0SGordon Ross output_trans2_querypath(int flags, uchar_t *data, char *xtra, int xsz)
8957c478bd9Sstevel@tonic-gate {
8967c478bd9Sstevel@tonic-gate int length;
8977c478bd9Sstevel@tonic-gate char filename[256];
8987c478bd9Sstevel@tonic-gate
8997c478bd9Sstevel@tonic-gate if (flags & F_SUM) {
900*741913f0SGordon Ross length = snprintf(xtra, xsz, " QueryPathInfo");
9017c478bd9Sstevel@tonic-gate xtra += length;
902*741913f0SGordon Ross xsz -= length;
9037c478bd9Sstevel@tonic-gate data += 6;
9047c478bd9Sstevel@tonic-gate (void) unicode2ascii(filename, 256, data, 512);
905*741913f0SGordon Ross snprintf(xtra, xsz, " File=%s", filename);
9067c478bd9Sstevel@tonic-gate }
9077c478bd9Sstevel@tonic-gate
9087c478bd9Sstevel@tonic-gate if (flags & F_DTAIL) {
909*741913f0SGordon Ross show_line("FunctionName = QueryPathInfo");
910*741913f0SGordon Ross show_printf("InfoLevel = 0x%.4x", get2(data));
9117c478bd9Sstevel@tonic-gate data += 6;
9127c478bd9Sstevel@tonic-gate (void) unicode2ascii(filename, 256, data, 512);
913*741913f0SGordon Ross show_printf("FileName = %s", filename);
9147c478bd9Sstevel@tonic-gate }
9157c478bd9Sstevel@tonic-gate }
9167c478bd9Sstevel@tonic-gate
9177c478bd9Sstevel@tonic-gate /*
9187c478bd9Sstevel@tonic-gate * Interpret TRANS2_QUERY_FILE subcommand
9197c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 16.9]
9207c478bd9Sstevel@tonic-gate */
9217c478bd9Sstevel@tonic-gate /* ARGSUSED */
9227c478bd9Sstevel@tonic-gate static void
output_trans2_queryfile(int flags,uchar_t * data,char * xtra,int xsz)923*741913f0SGordon Ross output_trans2_queryfile(int flags, uchar_t *data, char *xtra, int xsz)
9247c478bd9Sstevel@tonic-gate {
9257c478bd9Sstevel@tonic-gate int length;
9267c478bd9Sstevel@tonic-gate
9277c478bd9Sstevel@tonic-gate if (flags & F_SUM) {
928*741913f0SGordon Ross length = snprintf(xtra, xsz, " QueryFileInfo");
9297c478bd9Sstevel@tonic-gate xtra += length;
930*741913f0SGordon Ross xsz -= length;
931*741913f0SGordon Ross snprintf(xtra, xsz, " FileID=0x%x", get2(data));
9327c478bd9Sstevel@tonic-gate }
9337c478bd9Sstevel@tonic-gate
9347c478bd9Sstevel@tonic-gate if (flags & F_DTAIL) {
935*741913f0SGordon Ross show_line("FunctionName = QueryFileInfo");
936*741913f0SGordon Ross show_printf("FileID = 0x%.4x", get2(data));
9377c478bd9Sstevel@tonic-gate data += 2;
938*741913f0SGordon Ross show_printf("InfoLevel = 0x%.4x", get2(data));
9397c478bd9Sstevel@tonic-gate }
9407c478bd9Sstevel@tonic-gate }
9417c478bd9Sstevel@tonic-gate
9427c478bd9Sstevel@tonic-gate /*
9437c478bd9Sstevel@tonic-gate * Interpret TRANS2_SET_FILE subcommand
9447c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 16.10]
9457c478bd9Sstevel@tonic-gate */
9467c478bd9Sstevel@tonic-gate /* ARGSUSED */
9477c478bd9Sstevel@tonic-gate static void
output_trans2_setfile(int flags,uchar_t * data,char * xtra,int xsz)948*741913f0SGordon Ross output_trans2_setfile(int flags, uchar_t *data, char *xtra, int xsz)
9497c478bd9Sstevel@tonic-gate {
9507c478bd9Sstevel@tonic-gate int length;
9517c478bd9Sstevel@tonic-gate
9527c478bd9Sstevel@tonic-gate if (flags & F_SUM) {
953*741913f0SGordon Ross length = snprintf(xtra, xsz, " SetFileInfo");
9547c478bd9Sstevel@tonic-gate xtra += length;
955*741913f0SGordon Ross xsz -= length;
956*741913f0SGordon Ross snprintf(xtra, xsz, " FileID=0x%x", get2(data));
9577c478bd9Sstevel@tonic-gate }
9587c478bd9Sstevel@tonic-gate
9597c478bd9Sstevel@tonic-gate if (flags & F_DTAIL) {
960*741913f0SGordon Ross show_line("FunctionName = SetFileInfo");
961*741913f0SGordon Ross show_printf("FileID = 0x%.4x", get2(data));
9627c478bd9Sstevel@tonic-gate data += 2;
963*741913f0SGordon Ross show_printf("InfoLevel = 0x%.4x", get2(data));
9647c478bd9Sstevel@tonic-gate }
9657c478bd9Sstevel@tonic-gate }
9667c478bd9Sstevel@tonic-gate
9677c478bd9Sstevel@tonic-gate /*
9687c478bd9Sstevel@tonic-gate * Interpret TRANS2_FIND_FIRST subcommand
9697c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 16.3]
9707c478bd9Sstevel@tonic-gate */
9717c478bd9Sstevel@tonic-gate /* ARGSUSED */
9727c478bd9Sstevel@tonic-gate static void
output_trans2_findfirst(int flags,uchar_t * data,char * xtra,int xsz)973*741913f0SGordon Ross output_trans2_findfirst(int flags, uchar_t *data, char *xtra, int xsz)
9747c478bd9Sstevel@tonic-gate {
9757c478bd9Sstevel@tonic-gate int length;
9767c478bd9Sstevel@tonic-gate char filename[256];
9777c478bd9Sstevel@tonic-gate char infolevel[100];
9787c478bd9Sstevel@tonic-gate
9797c478bd9Sstevel@tonic-gate if (flags & F_SUM) {
980*741913f0SGordon Ross length = snprintf(xtra, xsz, " Findfirst");
9817c478bd9Sstevel@tonic-gate xtra += length;
982*741913f0SGordon Ross xsz -= length;
9837c478bd9Sstevel@tonic-gate data += 12;
9847c478bd9Sstevel@tonic-gate (void) unicode2ascii(filename, 256, data, 512);
985*741913f0SGordon Ross snprintf(xtra, xsz, " File=%s", filename);
9867c478bd9Sstevel@tonic-gate }
9877c478bd9Sstevel@tonic-gate
9887c478bd9Sstevel@tonic-gate if (flags & F_DTAIL) {
989*741913f0SGordon Ross show_line("FunctionName = Findfirst");
990*741913f0SGordon Ross show_printf("SearchAttributes = 0x%.4x", get2(data));
9917c478bd9Sstevel@tonic-gate data += 2;
992*741913f0SGordon Ross show_printf("FindCount = 0x%.4x", get2(data));
9937c478bd9Sstevel@tonic-gate data += 2;
994*741913f0SGordon Ross show_printf("FindFlags = 0x%.4x", get2(data));
9957c478bd9Sstevel@tonic-gate data += 2;
996*741913f0SGordon Ross get_info_level(infolevel, sizeof (infolevel), get2(data));
997*741913f0SGordon Ross show_printf("InfoLevel = %s", infolevel);
9987c478bd9Sstevel@tonic-gate data += 6;
9997c478bd9Sstevel@tonic-gate (void) unicode2ascii(filename, 256, data, 512);
1000*741913f0SGordon Ross show_printf("FileName = %s", filename);
10017c478bd9Sstevel@tonic-gate }
10027c478bd9Sstevel@tonic-gate }
10037c478bd9Sstevel@tonic-gate
10047c478bd9Sstevel@tonic-gate
10057c478bd9Sstevel@tonic-gate /*
10067c478bd9Sstevel@tonic-gate * Interpret TRANS2_FIND_NEXT subcommand
10077c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 16.4]
10087c478bd9Sstevel@tonic-gate */
10097c478bd9Sstevel@tonic-gate /* ARGSUSED */
10107c478bd9Sstevel@tonic-gate static void
output_trans2_findnext(int flags,uchar_t * data,char * xtra,int xsz)1011*741913f0SGordon Ross output_trans2_findnext(int flags, uchar_t *data, char *xtra, int xsz)
10127c478bd9Sstevel@tonic-gate {
10137c478bd9Sstevel@tonic-gate int length;
10147c478bd9Sstevel@tonic-gate char filename[256];
10157c478bd9Sstevel@tonic-gate char infolevel[100];
10167c478bd9Sstevel@tonic-gate
10177c478bd9Sstevel@tonic-gate if (flags & F_SUM) {
1018*741913f0SGordon Ross length = snprintf(xtra, xsz, " Findnext");
10197c478bd9Sstevel@tonic-gate xtra += length;
1020*741913f0SGordon Ross xsz -= length;
10217c478bd9Sstevel@tonic-gate data += 12;
10227c478bd9Sstevel@tonic-gate (void) unicode2ascii(filename, 256, data, 512);
1023*741913f0SGordon Ross snprintf(xtra, xsz, " File=%s", filename);
10247c478bd9Sstevel@tonic-gate }
10257c478bd9Sstevel@tonic-gate
10267c478bd9Sstevel@tonic-gate if (flags & F_DTAIL) {
1027*741913f0SGordon Ross show_line("FunctionName = Findnext");
1028*741913f0SGordon Ross show_printf("FileID = 0x%.4x", get2(data));
10297c478bd9Sstevel@tonic-gate data += 2;
1030*741913f0SGordon Ross show_printf("FindCount = 0x%.4x", get2(data));
10317c478bd9Sstevel@tonic-gate data += 2;
1032*741913f0SGordon Ross get_info_level(infolevel, sizeof (infolevel), get2(data));
1033*741913f0SGordon Ross show_printf("InfoLevel = %s", infolevel);
10347c478bd9Sstevel@tonic-gate data += 2;
1035*741913f0SGordon Ross show_printf("FindKey = 0x%.8x", get4(data));
10367c478bd9Sstevel@tonic-gate data += 4;
1037*741913f0SGordon Ross show_printf("FindFlags = 0x%.4x", get2(data));
10387c478bd9Sstevel@tonic-gate data += 2;
10397c478bd9Sstevel@tonic-gate (void) unicode2ascii(filename, 256, data, 512);
1040*741913f0SGordon Ross show_printf("FileName = %s", filename);
10417c478bd9Sstevel@tonic-gate }
10427c478bd9Sstevel@tonic-gate }
10437c478bd9Sstevel@tonic-gate
10447c478bd9Sstevel@tonic-gate /*
10457c478bd9Sstevel@tonic-gate * Interpret a "Negprot" SMB
10467c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 6.1]
10477c478bd9Sstevel@tonic-gate */
10487c478bd9Sstevel@tonic-gate /* ARGSUSED */
10497c478bd9Sstevel@tonic-gate static void
interpret_negprot(int flags,uchar_t * data,int len,char * xtra,int xsz)1050*741913f0SGordon Ross interpret_negprot(int flags, uchar_t *data, int len, char *xtra, int xsz)
10517c478bd9Sstevel@tonic-gate {
1052*741913f0SGordon Ross int i, last, length;
10537c478bd9Sstevel@tonic-gate int bytecount;
1054*741913f0SGordon Ross int key_len;
1055*741913f0SGordon Ross int wordcount;
1056*741913f0SGordon Ross char tbuf[256];
10577c478bd9Sstevel@tonic-gate struct smb *smbdata;
10587c478bd9Sstevel@tonic-gate uchar_t *protodata;
1059*741913f0SGordon Ross uchar_t *byte0;
1060*741913f0SGordon Ross uint64_t nttime;
1061*741913f0SGordon Ross uint32_t caps;
1062*741913f0SGordon Ross ushort_t smb_flags2;
10637c478bd9Sstevel@tonic-gate
10647c478bd9Sstevel@tonic-gate smbdata = (struct smb *)data;
1065*741913f0SGordon Ross smb_flags2 = get2(smbdata->flags2);
10667c478bd9Sstevel@tonic-gate protodata = (uchar_t *)data + sizeof (struct smb);
1067*741913f0SGordon Ross wordcount = *protodata++;
10687c478bd9Sstevel@tonic-gate
1069*741913f0SGordon Ross if ((smbdata->flags & SERVER_RESPONSE) == 0) {
10707c478bd9Sstevel@tonic-gate /*
10717c478bd9Sstevel@tonic-gate * request packet:
10727c478bd9Sstevel@tonic-gate * short bytecount;
10737c478bd9Sstevel@tonic-gate * struct { char fmt; char name[]; } dialects
10747c478bd9Sstevel@tonic-gate */
10757c478bd9Sstevel@tonic-gate bytecount = get2(protodata);
10767c478bd9Sstevel@tonic-gate protodata += 2;
1077*741913f0SGordon Ross byte0 = protodata;
1078*741913f0SGordon Ross
1079*741913f0SGordon Ross if (flags & F_DTAIL)
1080*741913f0SGordon Ross show_printf("ByteCount = %d", bytecount);
1081*741913f0SGordon Ross if (bytecount > len)
1082*741913f0SGordon Ross bytecount = len;
1083*741913f0SGordon Ross
1084*741913f0SGordon Ross /* Walk the list of dialects. */
1085*741913f0SGordon Ross i = last = 0;
1086*741913f0SGordon Ross tbuf[0] = '\0';
1087*741913f0SGordon Ross while (protodata < (byte0 + bytecount - 2)) {
1088*741913f0SGordon Ross if (*protodata++ != 2) /* format code */
10894bb0471cSblu break;
1090*741913f0SGordon Ross length = strlcpy(tbuf, (char *)protodata,
1091*741913f0SGordon Ross sizeof (tbuf));
1092*741913f0SGordon Ross protodata += (length + 1);
10937c478bd9Sstevel@tonic-gate if (flags & F_DTAIL) {
1094*741913f0SGordon Ross show_printf("Dialect[%d] = %s",
1095*741913f0SGordon Ross i, tbuf);
10967c478bd9Sstevel@tonic-gate }
1097*741913f0SGordon Ross last = i++;
1098*741913f0SGordon Ross }
1099*741913f0SGordon Ross if (flags & F_SUM) {
1100*741913f0SGordon Ross /*
1101*741913f0SGordon Ross * Just print the last dialect, which is
1102*741913f0SGordon Ross * normally the interesting one.
1103*741913f0SGordon Ross */
1104*741913f0SGordon Ross snprintf(xtra, xsz, " Dialect[%d]=%s", last, tbuf);
1105*741913f0SGordon Ross }
1106*741913f0SGordon Ross } else {
1107*741913f0SGordon Ross /* Parse reply */
1108*741913f0SGordon Ross if (flags & F_SUM) {
1109*741913f0SGordon Ross snprintf(xtra, xsz, " Dialect#=%d", protodata[0]);
1110*741913f0SGordon Ross }
1111*741913f0SGordon Ross if ((flags & F_DTAIL) == 0)
1112*741913f0SGordon Ross return;
1113*741913f0SGordon Ross if (wordcount < 13)
1114*741913f0SGordon Ross return;
1115*741913f0SGordon Ross show_printf("WordCount = %d", wordcount);
1116*741913f0SGordon Ross show_printf("Dialect Index = %d", protodata[0]);
1117*741913f0SGordon Ross protodata += 2;
1118*741913f0SGordon Ross show_printf("Security Mode = 0x%x", protodata[0]);
1119*741913f0SGordon Ross protodata++;
1120*741913f0SGordon Ross show_printf("MaxMPXRequests = %d", get2(protodata));
1121*741913f0SGordon Ross protodata += 2;
1122*741913f0SGordon Ross show_printf("MaxVCs = %d", get2(protodata));
1123*741913f0SGordon Ross protodata += 2;
1124*741913f0SGordon Ross show_printf("MaxBufferSize = %d", get4(protodata));
1125*741913f0SGordon Ross protodata += 4;
1126*741913f0SGordon Ross show_printf("MaxRawBuffer = %d", get4(protodata));
1127*741913f0SGordon Ross protodata += 4;
1128*741913f0SGordon Ross show_printf("SessionKey = 0x%.8x", get4(protodata));
1129*741913f0SGordon Ross protodata += 4;
1130*741913f0SGordon Ross
1131*741913f0SGordon Ross caps = get4(protodata);
1132*741913f0SGordon Ross protodata += 4;
1133*741913f0SGordon Ross show_printf("Capabilities = 0x%.8x", caps);
1134*741913f0SGordon Ross
1135*741913f0SGordon Ross /* Server Time */
1136*741913f0SGordon Ross nttime = get8(protodata);
1137*741913f0SGordon Ross protodata += 8;
1138*741913f0SGordon Ross show_printf("Server Time = %s", format_nttime(nttime));
1139*741913f0SGordon Ross
1140*741913f0SGordon Ross show_printf("Server TZ = %d", get2(protodata));
1141*741913f0SGordon Ross protodata += 2;
1142*741913f0SGordon Ross
1143*741913f0SGordon Ross key_len = *protodata++;
1144*741913f0SGordon Ross show_printf("KeyLength = %d", key_len);
1145*741913f0SGordon Ross bytecount = get2(protodata);
1146*741913f0SGordon Ross protodata += 2;
1147*741913f0SGordon Ross show_printf("ByteCount = %d", bytecount);
1148*741913f0SGordon Ross
1149*741913f0SGordon Ross if (smb_flags2 & FLAGS2_EXT_SEC) {
1150*741913f0SGordon Ross show_printf("Server GUID (16)");
1151*741913f0SGordon Ross output_bytes(protodata, 16);
1152*741913f0SGordon Ross protodata += 16;
1153*741913f0SGordon Ross show_printf("Security Blob (SPNEGO)");
1154*741913f0SGordon Ross output_bytes(protodata, bytecount - 16);
1155*741913f0SGordon Ross } else {
1156*741913f0SGordon Ross show_printf("NTLM Challenge: (%d)", key_len);
1157*741913f0SGordon Ross output_bytes(protodata, key_len);
1158*741913f0SGordon Ross protodata += key_len;
1159*741913f0SGordon Ross /*
1160*741913f0SGordon Ross * Get Unicode from capabilities here,
1161*741913f0SGordon Ross * as flags2 typically doesn't have it.
1162*741913f0SGordon Ross * Also, this one is NOT aligned!
1163*741913f0SGordon Ross */
1164*741913f0SGordon Ross tbuf[0] = '\0';
1165*741913f0SGordon Ross if (caps & 4) {
1166*741913f0SGordon Ross (void) unicode2ascii(tbuf, sizeof (tbuf),
1167*741913f0SGordon Ross protodata, 2 * sizeof (tbuf));
1168*741913f0SGordon Ross } else {
1169*741913f0SGordon Ross (void) strlcpy(tbuf, (char *)protodata,
1170*741913f0SGordon Ross sizeof (tbuf));
1171*741913f0SGordon Ross }
1172*741913f0SGordon Ross show_printf("Server Domain = %s", tbuf);
11737c478bd9Sstevel@tonic-gate }
11747c478bd9Sstevel@tonic-gate }
11757c478bd9Sstevel@tonic-gate }
11767c478bd9Sstevel@tonic-gate
11777c478bd9Sstevel@tonic-gate /*
11787c478bd9Sstevel@tonic-gate * LAN Manager remote admin function names.
11797c478bd9Sstevel@tonic-gate * [X/Open-SMB, Appendix B.8]
11807c478bd9Sstevel@tonic-gate */
1181*741913f0SGordon Ross static const char *apiname_table[] = {
11827c478bd9Sstevel@tonic-gate "RNetShareEnum",
11837c478bd9Sstevel@tonic-gate "RNetShareGetInfo",
11847c478bd9Sstevel@tonic-gate "NetShareSetInfo",
11857c478bd9Sstevel@tonic-gate "NetShareAdd",
11867c478bd9Sstevel@tonic-gate "NetShareDel",
11877c478bd9Sstevel@tonic-gate "NetShareCheck",
11887c478bd9Sstevel@tonic-gate "NetSessionEnum",
11897c478bd9Sstevel@tonic-gate "NetSessionGetInfo",
11907c478bd9Sstevel@tonic-gate "NetSessionDel",
11917c478bd9Sstevel@tonic-gate "NetConnectionEnum",
11927c478bd9Sstevel@tonic-gate "NetFileEnum",
11937c478bd9Sstevel@tonic-gate "NetFileGetInfo",
11947c478bd9Sstevel@tonic-gate "NetFileClose",
11957c478bd9Sstevel@tonic-gate "RNetServerGetInfo",
11967c478bd9Sstevel@tonic-gate "NetServerSetInfo",
11977c478bd9Sstevel@tonic-gate "NetServerDiskEnum",
11987c478bd9Sstevel@tonic-gate "NetServerAdminCommand",
11997c478bd9Sstevel@tonic-gate "NetAuditOpen",
12007c478bd9Sstevel@tonic-gate "NetAuditClear",
12017c478bd9Sstevel@tonic-gate "NetErrorLogOpen",
12027c478bd9Sstevel@tonic-gate "NetErrorLogClear",
12037c478bd9Sstevel@tonic-gate "NetCharDevEnum",
12047c478bd9Sstevel@tonic-gate "NetCharDevGetInfo",
12057c478bd9Sstevel@tonic-gate "NetCharDevControl",
12067c478bd9Sstevel@tonic-gate "NetCharDevQEnum",
12077c478bd9Sstevel@tonic-gate "NetCharDevQGetInfo",
12087c478bd9Sstevel@tonic-gate "NetCharDevQSetInfo",
12097c478bd9Sstevel@tonic-gate "NetCharDevQPurge",
12107c478bd9Sstevel@tonic-gate "RNetCharDevQPurgeSelf",
12117c478bd9Sstevel@tonic-gate "NetMessageNameEnum",
12127c478bd9Sstevel@tonic-gate "NetMessageNameGetInfo",
12137c478bd9Sstevel@tonic-gate "NetMessageNameAdd",
12147c478bd9Sstevel@tonic-gate "NetMessageNameDel",
12157c478bd9Sstevel@tonic-gate "NetMessageNameFwd",
12167c478bd9Sstevel@tonic-gate "NetMessageNameUnFwd",
12177c478bd9Sstevel@tonic-gate "NetMessageBufferSend",
12187c478bd9Sstevel@tonic-gate "NetMessageFileSend",
12197c478bd9Sstevel@tonic-gate "NetMessageLogFileSet",
12207c478bd9Sstevel@tonic-gate "NetMessageLogFileGet",
12217c478bd9Sstevel@tonic-gate "NetServiceEnum",
12227c478bd9Sstevel@tonic-gate "RNetServiceInstall",
12237c478bd9Sstevel@tonic-gate "RNetServiceControl",
12247c478bd9Sstevel@tonic-gate "RNetAccessEnum",
12257c478bd9Sstevel@tonic-gate "RNetAccessGetInfo",
12267c478bd9Sstevel@tonic-gate "RNetAccessSetInfo",
12277c478bd9Sstevel@tonic-gate "RNetAccessAdd",
12287c478bd9Sstevel@tonic-gate "RNetAccessDel",
12297c478bd9Sstevel@tonic-gate "NetGroupEnum",
12307c478bd9Sstevel@tonic-gate "NetGroupAdd",
12317c478bd9Sstevel@tonic-gate "NetGroupDel",
12327c478bd9Sstevel@tonic-gate "NetGroupAddUser",
12337c478bd9Sstevel@tonic-gate "NetGroupDelUser",
12347c478bd9Sstevel@tonic-gate "NetGroupGetUsers",
12357c478bd9Sstevel@tonic-gate "NetUserEnum",
12367c478bd9Sstevel@tonic-gate "RNetUserAdd",
12377c478bd9Sstevel@tonic-gate "NetUserDel",
12387c478bd9Sstevel@tonic-gate "NetUserGetInfo",
12397c478bd9Sstevel@tonic-gate "RNetUserSetInfo",
12407c478bd9Sstevel@tonic-gate "RNetUserPasswordSet",
12417c478bd9Sstevel@tonic-gate "NetUserGetGroups",
12427c478bd9Sstevel@tonic-gate "NetWkstaLogon",
12437c478bd9Sstevel@tonic-gate "NetWkstaLogoff",
12447c478bd9Sstevel@tonic-gate "NetWkstaSetUID",
12457c478bd9Sstevel@tonic-gate "NetWkstaGetInfo",
12467c478bd9Sstevel@tonic-gate "NetWkstaSetInfo",
12477c478bd9Sstevel@tonic-gate "NetUseEnum",
12487c478bd9Sstevel@tonic-gate "NetUseAdd",
12497c478bd9Sstevel@tonic-gate "NetUseDel",
12507c478bd9Sstevel@tonic-gate "NetUseGetInfo",
12517c478bd9Sstevel@tonic-gate "DosPrintQEnum",
12527c478bd9Sstevel@tonic-gate "DosPrintQGetInfo",
12537c478bd9Sstevel@tonic-gate "DosPrintQSetInfo",
12547c478bd9Sstevel@tonic-gate "DosPrintQAdd",
12557c478bd9Sstevel@tonic-gate "DosPrintQDel",
12567c478bd9Sstevel@tonic-gate "DosPrintQPause",
12577c478bd9Sstevel@tonic-gate "DosPrintQContinue",
12587c478bd9Sstevel@tonic-gate "DosPrintJobEnum",
12597c478bd9Sstevel@tonic-gate "DosPrintJobGetInfo",
12607c478bd9Sstevel@tonic-gate "RDosPrintJobSetInfo",
12617c478bd9Sstevel@tonic-gate "DosPrintJobAdd",
12627c478bd9Sstevel@tonic-gate "DosPrintJobSchedule",
12637c478bd9Sstevel@tonic-gate "RDosPrintJobDel",
12647c478bd9Sstevel@tonic-gate "RDosPrintJobPause",
12657c478bd9Sstevel@tonic-gate "RDosPrintJobContinue",
12667c478bd9Sstevel@tonic-gate "DosPrintDestEnum",
12677c478bd9Sstevel@tonic-gate "DosPrintDestGetInfo",
12687c478bd9Sstevel@tonic-gate "DosPrintDestControl",
12697c478bd9Sstevel@tonic-gate "NetProfileSave",
12707c478bd9Sstevel@tonic-gate "NetProfileLoad",
12717c478bd9Sstevel@tonic-gate "NetStatisticsGet",
12727c478bd9Sstevel@tonic-gate "NetStatisticsClear",
12737c478bd9Sstevel@tonic-gate "NetRemoteTOD",
12747c478bd9Sstevel@tonic-gate "NetBiosEnum",
12757c478bd9Sstevel@tonic-gate "NetBiosGetInfo",
12767c478bd9Sstevel@tonic-gate "NetServerEnum",
12777c478bd9Sstevel@tonic-gate "I_NetServerEnum",
12787c478bd9Sstevel@tonic-gate "NetServiceGetInfo",
12797c478bd9Sstevel@tonic-gate "NetSplQmAbort",
12807c478bd9Sstevel@tonic-gate "NetSplQmClose",
12817c478bd9Sstevel@tonic-gate "NetSplQmEndDoc",
12827c478bd9Sstevel@tonic-gate "NetSplQmOpen",
12837c478bd9Sstevel@tonic-gate "NetSplQmStartDoc",
12847c478bd9Sstevel@tonic-gate "NetSplQmWrite",
12857c478bd9Sstevel@tonic-gate "DosPrintQPurge",
12867c478bd9Sstevel@tonic-gate "NetServerEnum2"
12877c478bd9Sstevel@tonic-gate };
1288*741913f0SGordon Ross static const int apinum_max = (
1289*741913f0SGordon Ross sizeof (apiname_table) /
1290*741913f0SGordon Ross sizeof (apiname_table[0]));
1291*741913f0SGordon Ross
1292*741913f0SGordon Ross static const char *
pipeapi_name(int code)1293*741913f0SGordon Ross pipeapi_name(int code)
1294*741913f0SGordon Ross {
1295*741913f0SGordon Ross char *name;
1296*741913f0SGordon Ross
1297*741913f0SGordon Ross switch (code) {
1298*741913f0SGordon Ross case 0x01:
1299*741913f0SGordon Ross name = "SetNmPipeState";
1300*741913f0SGordon Ross break;
1301*741913f0SGordon Ross case 0x11:
1302*741913f0SGordon Ross name = "RawReadNmPipe";
1303*741913f0SGordon Ross break;
1304*741913f0SGordon Ross case 0x21:
1305*741913f0SGordon Ross name = "QueryNmPipeState";
1306*741913f0SGordon Ross break;
1307*741913f0SGordon Ross case 0x22:
1308*741913f0SGordon Ross name = "QueryNmPipeInfo";
1309*741913f0SGordon Ross break;
1310*741913f0SGordon Ross case 0x23:
1311*741913f0SGordon Ross name = "PeekNmPipe";
1312*741913f0SGordon Ross break;
1313*741913f0SGordon Ross case 0x26:
1314*741913f0SGordon Ross name = "XactNmPipe";
1315*741913f0SGordon Ross break;
1316*741913f0SGordon Ross case 0x31:
1317*741913f0SGordon Ross name = "RawWriteNmPipe";
1318*741913f0SGordon Ross break;
1319*741913f0SGordon Ross case 0x36:
1320*741913f0SGordon Ross name = "ReadNmPipe";
1321*741913f0SGordon Ross break;
1322*741913f0SGordon Ross case 0x37:
1323*741913f0SGordon Ross name = "WriteNmPipe";
1324*741913f0SGordon Ross break;
1325*741913f0SGordon Ross case 0x53:
1326*741913f0SGordon Ross name = "WaitNmPipe";
1327*741913f0SGordon Ross break;
1328*741913f0SGordon Ross case 0x54:
1329*741913f0SGordon Ross name = "CallNmPipe";
1330*741913f0SGordon Ross break;
1331*741913f0SGordon Ross default:
1332*741913f0SGordon Ross name = "?";
1333*741913f0SGordon Ross break;
1334*741913f0SGordon Ross }
1335*741913f0SGordon Ross return (name);
1336*741913f0SGordon Ross }
13377c478bd9Sstevel@tonic-gate
13387c478bd9Sstevel@tonic-gate /*
13397c478bd9Sstevel@tonic-gate * Interpret a "trans" SMB
13407c478bd9Sstevel@tonic-gate * [X/Open-SMB, Appendix B]
13417c478bd9Sstevel@tonic-gate *
13427c478bd9Sstevel@tonic-gate * This is very much like "trans2" below.
13437c478bd9Sstevel@tonic-gate */
13447c478bd9Sstevel@tonic-gate /* ARGSUSED */
13457c478bd9Sstevel@tonic-gate static void
interpret_trans(int flags,uchar_t * data,int len,char * xtra,int xsz)1346*741913f0SGordon Ross interpret_trans(int flags, uchar_t *data, int len, char *xtra, int xsz)
13477c478bd9Sstevel@tonic-gate {
13487c478bd9Sstevel@tonic-gate struct smb *smb;
13497c478bd9Sstevel@tonic-gate uchar_t *vwv; /* word parameters */
13507c478bd9Sstevel@tonic-gate int wordcount;
13517c478bd9Sstevel@tonic-gate uchar_t *byteparms;
13527c478bd9Sstevel@tonic-gate int bytecount;
13537c478bd9Sstevel@tonic-gate int parambytes;
13547c478bd9Sstevel@tonic-gate int paramoffset;
13557c478bd9Sstevel@tonic-gate int setupcount;
13567c478bd9Sstevel@tonic-gate int subcode;
13577c478bd9Sstevel@tonic-gate uchar_t *setupdata;
13587c478bd9Sstevel@tonic-gate uchar_t *params;
13597c478bd9Sstevel@tonic-gate int apinum;
13607c478bd9Sstevel@tonic-gate int isunicode;
13617c478bd9Sstevel@tonic-gate char filename[256];
1362*741913f0SGordon Ross const char *apiname;
1363*741913f0SGordon Ross const char *subcname;
1364*741913f0SGordon Ross ushort_t smb_flags2;
13657c478bd9Sstevel@tonic-gate
13667c478bd9Sstevel@tonic-gate smb = (struct smb *)data;
1367*741913f0SGordon Ross smb_flags2 = get2(smb->flags2);
13687c478bd9Sstevel@tonic-gate vwv = (uchar_t *)data + sizeof (struct smb);
13697c478bd9Sstevel@tonic-gate wordcount = *vwv++;
13707c478bd9Sstevel@tonic-gate
1371*741913f0SGordon Ross /* Is the pathname in unicode? */
1372*741913f0SGordon Ross isunicode = smb_flags2 & FLAGS2_UNICODE;
1373*741913f0SGordon Ross
13747c478bd9Sstevel@tonic-gate byteparms = vwv + (2 * wordcount);
13757c478bd9Sstevel@tonic-gate bytecount = get2(byteparms);
13767c478bd9Sstevel@tonic-gate byteparms += 2;
13777c478bd9Sstevel@tonic-gate
13787c478bd9Sstevel@tonic-gate /*
13797c478bd9Sstevel@tonic-gate * Print the lengths before we (potentially) bail out
13807c478bd9Sstevel@tonic-gate * due to lack of data (so the user knows why we did).
13817c478bd9Sstevel@tonic-gate */
1382*741913f0SGordon Ross if (flags & F_DTAIL)
1383*741913f0SGordon Ross show_printf("WordCount = %d", wordcount);
13847c478bd9Sstevel@tonic-gate
13857c478bd9Sstevel@tonic-gate /* Get length and location of params and setup data. */
13867c478bd9Sstevel@tonic-gate if (!(smb->flags & SERVER_RESPONSE)) {
13877c478bd9Sstevel@tonic-gate /* CALL */
13887c478bd9Sstevel@tonic-gate if (wordcount < 14)
13897c478bd9Sstevel@tonic-gate return;
13907c478bd9Sstevel@tonic-gate parambytes = get2(vwv + (2 * 9));
13917c478bd9Sstevel@tonic-gate paramoffset = get2(vwv + (2 * 10));
13927c478bd9Sstevel@tonic-gate setupcount = *(vwv + (2 * 13));
13937c478bd9Sstevel@tonic-gate setupdata = vwv + (2 * 14);
13947c478bd9Sstevel@tonic-gate } else {
13957c478bd9Sstevel@tonic-gate /* REPLY */
13967c478bd9Sstevel@tonic-gate if (wordcount < 10)
13977c478bd9Sstevel@tonic-gate return;
13987c478bd9Sstevel@tonic-gate parambytes = get2(vwv + (2 * 3));
13997c478bd9Sstevel@tonic-gate paramoffset = get2(vwv + (2 * 4));
14007c478bd9Sstevel@tonic-gate setupcount = *(vwv + (2 * 9));
14017c478bd9Sstevel@tonic-gate setupdata = vwv + (2 * 10);
14027c478bd9Sstevel@tonic-gate }
1403*741913f0SGordon Ross
1404*741913f0SGordon Ross /* The parameters are offset from the SMB header. */
1405*741913f0SGordon Ross params = data + paramoffset;
1406*741913f0SGordon Ross
1407*741913f0SGordon Ross if ((smb->flags & SERVER_RESPONSE) == 0) {
1408*741913f0SGordon Ross /* This is a CALL. */
1409*741913f0SGordon Ross
14107c478bd9Sstevel@tonic-gate if (setupcount > 0)
14117c478bd9Sstevel@tonic-gate subcode = get2(setupdata);
14127c478bd9Sstevel@tonic-gate else
14137c478bd9Sstevel@tonic-gate subcode = -1; /* invalid */
1414*741913f0SGordon Ross subcname = pipeapi_name(subcode);
14157c478bd9Sstevel@tonic-gate
14167c478bd9Sstevel@tonic-gate if (parambytes > 0)
14177c478bd9Sstevel@tonic-gate apinum = params[0];
14187c478bd9Sstevel@tonic-gate else
14197c478bd9Sstevel@tonic-gate apinum = -1; /* invalid */
1420*741913f0SGordon Ross if (0 <= apinum && apinum < apinum_max)
1421*741913f0SGordon Ross apiname = apiname_table[apinum];
1422*741913f0SGordon Ross else
1423*741913f0SGordon Ross apiname = "?";
14247c478bd9Sstevel@tonic-gate
1425*741913f0SGordon Ross if (flags & F_SUM) {
1426*741913f0SGordon Ross int tl;
1427*741913f0SGordon Ross /* Only get one or the other */
1428*741913f0SGordon Ross if (*subcname != '?') {
1429*741913f0SGordon Ross tl = snprintf(xtra, xsz,
1430*741913f0SGordon Ross " Func=%s", subcname);
1431*741913f0SGordon Ross xtra += tl;
1432*741913f0SGordon Ross xsz -= tl;
1433*741913f0SGordon Ross }
1434*741913f0SGordon Ross if (*apiname != '?')
1435*741913f0SGordon Ross snprintf(xtra, xsz,
1436*741913f0SGordon Ross " Func=%s", apiname);
1437*741913f0SGordon Ross return;
1438*741913f0SGordon Ross }
1439*741913f0SGordon Ross if ((flags & F_DTAIL) == 0)
1440*741913f0SGordon Ross return;
14417c478bd9Sstevel@tonic-gate
14427c478bd9Sstevel@tonic-gate /* print the word parameters */
1443*741913f0SGordon Ross show_printf("TotalParamBytes = %d", get2(vwv));
1444*741913f0SGordon Ross show_printf("TotalDataBytes = %d", get2(vwv+2));
1445*741913f0SGordon Ross show_printf("MaxParamBytes = %d", get2(vwv+4));
1446*741913f0SGordon Ross show_printf("MaxDataBytes = %d", get2(vwv+6));
1447*741913f0SGordon Ross show_printf("MaxSetupWords = %d", vwv[8]);
1448*741913f0SGordon Ross show_printf("TransFlags = 0x%.4x", get2(vwv+10));
1449*741913f0SGordon Ross show_printf("Timeout = 0x%.8x", get4(vwv+12));
14507c478bd9Sstevel@tonic-gate /* skip Reserved2 */
1451*741913f0SGordon Ross show_printf("ParamBytes = %d", parambytes);
1452*741913f0SGordon Ross show_printf("ParamOffset = %d", paramoffset);
1453*741913f0SGordon Ross show_printf("DataBytes = %d", get2(vwv+22));
1454*741913f0SGordon Ross show_printf("DataOffset = %d", get2(vwv+24));
1455*741913f0SGordon Ross show_printf("SetupWords = %d", setupcount);
1456*741913f0SGordon Ross show_printf("ByteCount = %d", bytecount);
14577c478bd9Sstevel@tonic-gate
14587c478bd9Sstevel@tonic-gate /* That finishes the VWV, now the misc. stuff. */
1459*741913f0SGordon Ross if (setupcount > 0)
1460*741913f0SGordon Ross show_printf("NmPipeFunc = 0x%x (%s)",
1461*741913f0SGordon Ross subcode, subcname);
1462*741913f0SGordon Ross if (parambytes > 0)
1463*741913f0SGordon Ross show_printf("RAP_Func = %d (%s)",
1464*741913f0SGordon Ross apinum, apiname);
14657c478bd9Sstevel@tonic-gate
14667c478bd9Sstevel@tonic-gate /* Finally, print the byte parameters. */
1467*741913f0SGordon Ross GET_STRING(filename, byteparms, isunicode);
1468*741913f0SGordon Ross show_printf("FileName = %s", filename);
14697c478bd9Sstevel@tonic-gate } else {
14707c478bd9Sstevel@tonic-gate /* This is a REPLY. */
1471*741913f0SGordon Ross if (flags & F_SUM)
1472*741913f0SGordon Ross return;
1473*741913f0SGordon Ross if ((flags & F_DTAIL) == 0)
1474*741913f0SGordon Ross return;
14757c478bd9Sstevel@tonic-gate /* print the word parameters */
1476*741913f0SGordon Ross show_printf("TotalParamBytes = %d", get2(vwv));
1477*741913f0SGordon Ross show_printf("TotalDataBytes = %d", get2(vwv+2));
14787c478bd9Sstevel@tonic-gate /* skip Reserved */
1479*741913f0SGordon Ross show_printf("ParamBytes = 0x%.4x", parambytes);
1480*741913f0SGordon Ross show_printf("ParamOffset = 0x%.4x", paramoffset);
1481*741913f0SGordon Ross show_printf("ParamDispl. = 0x%.4x", get2(vwv+10));
1482*741913f0SGordon Ross show_printf("DataBytes = 0x%.4x", get2(vwv+12));
1483*741913f0SGordon Ross show_printf("DataOffset = 0x%.4x", get2(vwv+14));
1484*741913f0SGordon Ross show_printf("DataDispl. = 0x%.4x", get2(vwv+16));
1485*741913f0SGordon Ross show_printf("SetupWords = %d", setupcount);
1486*741913f0SGordon Ross show_printf("ByteCount = %d", bytecount);
14877c478bd9Sstevel@tonic-gate
1488*741913f0SGordon Ross show_printf("ParamVec (%d)", parambytes);
1489*741913f0SGordon Ross output_bytes(params, parambytes);
14907c478bd9Sstevel@tonic-gate }
14917c478bd9Sstevel@tonic-gate }
14927c478bd9Sstevel@tonic-gate
14937c478bd9Sstevel@tonic-gate /*
14947c478bd9Sstevel@tonic-gate * Interpret a "TconX" SMB
14957c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 11.4]
14967c478bd9Sstevel@tonic-gate */
14977c478bd9Sstevel@tonic-gate /* ARGSUSED */
14987c478bd9Sstevel@tonic-gate static void
interpret_tconX(int flags,uchar_t * data,int len,char * xtra,int xsz)1499*741913f0SGordon Ross interpret_tconX(int flags, uchar_t *data, int len, char *xtra, int xsz)
15007c478bd9Sstevel@tonic-gate {
15017c478bd9Sstevel@tonic-gate int length;
1502*741913f0SGordon Ross int isunicode;
15037c478bd9Sstevel@tonic-gate int bytecount;
15047c478bd9Sstevel@tonic-gate int wordcount;
1505*741913f0SGordon Ross int andxcmd;
1506*741913f0SGordon Ross int andxoffset;
1507*741913f0SGordon Ross int tconflags;
1508*741913f0SGordon Ross int pw_len;
1509*741913f0SGordon Ross char path[256];
1510*741913f0SGordon Ross char tbuf[256];
1511*741913f0SGordon Ross char svc[8];
15127c478bd9Sstevel@tonic-gate struct smb *smbdata;
15137c478bd9Sstevel@tonic-gate uchar_t *tcondata;
1514*741913f0SGordon Ross ushort_t smb_flags2;
15157c478bd9Sstevel@tonic-gate
15167c478bd9Sstevel@tonic-gate smbdata = (struct smb *)data;
1517*741913f0SGordon Ross smb_flags2 = get2(smbdata->flags2);
15187c478bd9Sstevel@tonic-gate tcondata = (uchar_t *)data + sizeof (struct smb);
15197c478bd9Sstevel@tonic-gate wordcount = *tcondata++;
15207c478bd9Sstevel@tonic-gate
1521*741913f0SGordon Ross isunicode = smb_flags2 & FLAGS2_UNICODE;
15227c478bd9Sstevel@tonic-gate
1523*741913f0SGordon Ross if ((smbdata->flags & SERVER_RESPONSE) == 0) {
1524*741913f0SGordon Ross /* Request */
1525*741913f0SGordon Ross if (wordcount < 4)
1526*741913f0SGordon Ross return;
1527*741913f0SGordon Ross andxcmd = get2(tcondata);
15287c478bd9Sstevel@tonic-gate tcondata += 2;
1529*741913f0SGordon Ross andxoffset = get2(tcondata);
15307c478bd9Sstevel@tonic-gate tcondata += 2;
1531*741913f0SGordon Ross tconflags = get2(tcondata);
15327c478bd9Sstevel@tonic-gate tcondata += 2;
1533*741913f0SGordon Ross pw_len = get2(tcondata);
15347c478bd9Sstevel@tonic-gate tcondata += 2;
15357c478bd9Sstevel@tonic-gate bytecount = get2(tcondata);
1536*741913f0SGordon Ross tcondata += 2;
1537*741913f0SGordon Ross
1538*741913f0SGordon Ross /* skip password */
1539*741913f0SGordon Ross if (pw_len > len)
1540*741913f0SGordon Ross pw_len = len;
1541*741913f0SGordon Ross tcondata += pw_len;
1542*741913f0SGordon Ross
1543*741913f0SGordon Ross GET_STRING(path, tcondata, isunicode);
1544*741913f0SGordon Ross (void) strlcpy(svc, (char *)tcondata, sizeof (svc));
1545*741913f0SGordon Ross
1546*741913f0SGordon Ross if (flags & F_SUM) {
1547*741913f0SGordon Ross snprintf(xtra, xsz, " Share=%s", path);
1548*741913f0SGordon Ross return;
15497c478bd9Sstevel@tonic-gate }
15507c478bd9Sstevel@tonic-gate
1551*741913f0SGordon Ross if ((flags & F_DTAIL) == 0)
1552*741913f0SGordon Ross return;
1553*741913f0SGordon Ross
1554*741913f0SGordon Ross show_printf("WordCount = %d", wordcount);
1555*741913f0SGordon Ross show_printf("ChainedCommand = 0x%.2x", andxcmd);
1556*741913f0SGordon Ross show_printf("NextOffset = 0x%.4x", andxoffset);
1557*741913f0SGordon Ross show_printf("TconFlags = 0x%.4x", tconflags);
1558*741913f0SGordon Ross show_printf("PasswordLength = 0x%.4x", pw_len);
1559*741913f0SGordon Ross show_printf("ByteCount = %d", bytecount);
1560*741913f0SGordon Ross show_printf("SharePath = %s", path);
1561*741913f0SGordon Ross show_printf("ServiceType = %s", svc);
1562*741913f0SGordon Ross } else {
1563*741913f0SGordon Ross /* response */
1564*741913f0SGordon Ross if (wordcount < 3)
1565*741913f0SGordon Ross return;
1566*741913f0SGordon Ross andxcmd = get2(tcondata);
15677c478bd9Sstevel@tonic-gate tcondata += 2;
1568*741913f0SGordon Ross andxoffset = get2(tcondata);
15697c478bd9Sstevel@tonic-gate tcondata += 2;
1570*741913f0SGordon Ross tconflags = get2(tcondata);
15717c478bd9Sstevel@tonic-gate tcondata += 2;
15727c478bd9Sstevel@tonic-gate bytecount = get2(tcondata);
15737c478bd9Sstevel@tonic-gate tcondata += 2;
1574*741913f0SGordon Ross
1575*741913f0SGordon Ross length = strlcpy(svc, (char *)tcondata, sizeof (svc));
15767c478bd9Sstevel@tonic-gate tcondata += (length + 1);
1577*741913f0SGordon Ross
1578*741913f0SGordon Ross if (flags & F_SUM) {
1579*741913f0SGordon Ross snprintf(xtra, xsz, " Type=%s", svc);
1580*741913f0SGordon Ross return;
1581*741913f0SGordon Ross }
1582*741913f0SGordon Ross if ((flags & F_DTAIL) == 0)
1583*741913f0SGordon Ross return;
1584*741913f0SGordon Ross
1585*741913f0SGordon Ross show_printf("WordCount = %d", wordcount);
1586*741913f0SGordon Ross show_printf("ChainedCommand = 0x%.2x", andxcmd);
1587*741913f0SGordon Ross show_printf("NextOffset = 0x%.4x", andxoffset);
1588*741913f0SGordon Ross show_printf("OptionalSupport = 0x%.4x", tconflags);
1589*741913f0SGordon Ross show_printf("ByteCount = %d", bytecount);
1590*741913f0SGordon Ross show_printf("ServiceType = %s", svc);
1591*741913f0SGordon Ross GET_STRING(tbuf, tcondata, isunicode);
1592*741913f0SGordon Ross show_printf("NativeFS = %s", tbuf);
15937c478bd9Sstevel@tonic-gate }
15947c478bd9Sstevel@tonic-gate }
15957c478bd9Sstevel@tonic-gate
15967c478bd9Sstevel@tonic-gate /*
15977c478bd9Sstevel@tonic-gate * Interpret a "SesssetupX" SMB
15987c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 11.3]
15997c478bd9Sstevel@tonic-gate */
16007c478bd9Sstevel@tonic-gate /* ARGSUSED */
16017c478bd9Sstevel@tonic-gate static void
interpret_sesssetupX(int flags,uchar_t * data,int len,char * xtra,int xsz)1602*741913f0SGordon Ross interpret_sesssetupX(int flags, uchar_t *data, int len, char *xtra, int xsz)
16037c478bd9Sstevel@tonic-gate {
16047c478bd9Sstevel@tonic-gate int bytecount;
1605*741913f0SGordon Ross int lm_pw_len;
1606*741913f0SGordon Ross int ext_security;
1607*741913f0SGordon Ross int sec_blob_len;
16087c478bd9Sstevel@tonic-gate int isunicode;
1609*741913f0SGordon Ross int nt_pw_len;
16107c478bd9Sstevel@tonic-gate int wordcount;
16117c478bd9Sstevel@tonic-gate int cap;
1612*741913f0SGordon Ross char tbuf[256];
16137c478bd9Sstevel@tonic-gate struct smb *smbdata;
16147c478bd9Sstevel@tonic-gate uchar_t *setupdata;
1615*741913f0SGordon Ross ushort_t smb_flags2;
16167c478bd9Sstevel@tonic-gate
16177c478bd9Sstevel@tonic-gate smbdata = (struct smb *)data;
1618*741913f0SGordon Ross smb_flags2 = get2(smbdata->flags2);
16197c478bd9Sstevel@tonic-gate setupdata = (uchar_t *)data + sizeof (struct smb);
16207c478bd9Sstevel@tonic-gate wordcount = *setupdata++;
16217c478bd9Sstevel@tonic-gate
1622*741913f0SGordon Ross isunicode = smb_flags2 & FLAGS2_UNICODE;
1623*741913f0SGordon Ross ext_security = smb_flags2 & FLAGS2_EXT_SEC;
16247c478bd9Sstevel@tonic-gate
1625*741913f0SGordon Ross if ((smbdata->flags & SERVER_RESPONSE) == 0) {
1626*741913f0SGordon Ross /* request summary */
1627*741913f0SGordon Ross if (flags & F_SUM) {
1628*741913f0SGordon Ross if (ext_security) {
1629*741913f0SGordon Ross /* No decoder for SPNEGO */
1630*741913f0SGordon Ross snprintf(xtra, xsz, " (SPNEGO)");
1631*741913f0SGordon Ross return;
1632*741913f0SGordon Ross }
16337c478bd9Sstevel@tonic-gate if (wordcount != 13)
16347c478bd9Sstevel@tonic-gate return;
16357c478bd9Sstevel@tonic-gate setupdata += 14;
1636*741913f0SGordon Ross lm_pw_len = get2(setupdata);
16377c478bd9Sstevel@tonic-gate setupdata += 2;
1638*741913f0SGordon Ross nt_pw_len = get2(setupdata);
16397c478bd9Sstevel@tonic-gate setupdata += 6;
16407c478bd9Sstevel@tonic-gate cap = get4(setupdata);
1641*741913f0SGordon Ross setupdata += 6 + lm_pw_len + nt_pw_len;
1642*741913f0SGordon Ross
1643*741913f0SGordon Ross GET_STRING(tbuf, setupdata, isunicode);
1644*741913f0SGordon Ross snprintf(xtra, xsz, " Username=%s", tbuf);
16457c478bd9Sstevel@tonic-gate }
16467c478bd9Sstevel@tonic-gate
1647*741913f0SGordon Ross if ((flags & F_DTAIL) == 0)
1648*741913f0SGordon Ross return;
1649*741913f0SGordon Ross
1650*741913f0SGordon Ross /* request detail */
1651*741913f0SGordon Ross show_printf("WordCount = %d", wordcount);
1652*741913f0SGordon Ross if (wordcount < 7)
1653*741913f0SGordon Ross return;
1654*741913f0SGordon Ross /* words 0 - 6 */
1655*741913f0SGordon Ross show_printf("ChainedCommand = 0x%.2x", setupdata[0]);
1656*741913f0SGordon Ross setupdata += 2;
1657*741913f0SGordon Ross show_printf("NextOffset = 0x%.4x", get2(setupdata));
1658*741913f0SGordon Ross setupdata += 2;
1659*741913f0SGordon Ross show_printf("MaxBufferSize = %d", get2(setupdata));
1660*741913f0SGordon Ross setupdata += 2;
1661*741913f0SGordon Ross show_printf("MaxMPXRequests = %d", get2(setupdata));
1662*741913f0SGordon Ross setupdata += 2;
1663*741913f0SGordon Ross show_printf("VCNumber = %d", get2(setupdata));
1664*741913f0SGordon Ross setupdata += 2;
1665*741913f0SGordon Ross show_printf("SessionKey = 0x%.8x", get4(setupdata));
1666*741913f0SGordon Ross setupdata += 4;
1667*741913f0SGordon Ross
1668*741913f0SGordon Ross if (ext_security) {
1669*741913f0SGordon Ross if (wordcount != 12)
1670*741913f0SGordon Ross return;
1671*741913f0SGordon Ross /* word 7 */
1672*741913f0SGordon Ross sec_blob_len = get2(setupdata);
1673*741913f0SGordon Ross setupdata += 2;
1674*741913f0SGordon Ross show_printf("Sec. blob len = %d", sec_blob_len);
1675*741913f0SGordon Ross /* words 8, 9 (reserved) */
1676*741913f0SGordon Ross setupdata += 4;
1677*741913f0SGordon Ross } else {
16787c478bd9Sstevel@tonic-gate if (wordcount != 13)
16797c478bd9Sstevel@tonic-gate return;
1680*741913f0SGordon Ross /* word 7 */
1681*741913f0SGordon Ross lm_pw_len = get2(setupdata);
16827c478bd9Sstevel@tonic-gate setupdata += 2;
1683*741913f0SGordon Ross show_printf("LM_Hash_Len = %d", lm_pw_len);
1684*741913f0SGordon Ross /* word 8 */
1685*741913f0SGordon Ross nt_pw_len = get2(setupdata);
16867c478bd9Sstevel@tonic-gate setupdata += 2;
1687*741913f0SGordon Ross show_printf("NT_Hash_Len = %d", nt_pw_len);
1688*741913f0SGordon Ross /* words 9, 10 (reserved) */
16897c478bd9Sstevel@tonic-gate setupdata += 4;
16907c478bd9Sstevel@tonic-gate }
16917c478bd9Sstevel@tonic-gate
1692*741913f0SGordon Ross cap = get4(setupdata);
1693*741913f0SGordon Ross show_printf("Capabilities = 0x%.8x", cap);
1694*741913f0SGordon Ross setupdata += 4;
1695*741913f0SGordon Ross
1696*741913f0SGordon Ross bytecount = get2(setupdata);
1697*741913f0SGordon Ross setupdata += 2;
1698*741913f0SGordon Ross show_printf("ByteCount = %d", bytecount);
1699*741913f0SGordon Ross
1700*741913f0SGordon Ross if (ext_security) {
1701*741913f0SGordon Ross /* No decoder for SPNEGO. Just dump hex. */
1702*741913f0SGordon Ross show_printf("Security blob: (SPNEGO)");
1703*741913f0SGordon Ross output_bytes(setupdata, sec_blob_len);
1704*741913f0SGordon Ross setupdata += sec_blob_len;
1705*741913f0SGordon Ross } else {
1706*741913f0SGordon Ross /* Dump password hashes */
1707*741913f0SGordon Ross if (lm_pw_len > 0) {
1708*741913f0SGordon Ross show_printf("LM Hash (%d bytes)", lm_pw_len);
1709*741913f0SGordon Ross output_bytes(setupdata, lm_pw_len);
1710*741913f0SGordon Ross setupdata += lm_pw_len;
1711*741913f0SGordon Ross }
1712*741913f0SGordon Ross if (nt_pw_len > 0) {
1713*741913f0SGordon Ross show_printf("NT Hash (%d bytes)", nt_pw_len);
1714*741913f0SGordon Ross output_bytes(setupdata, nt_pw_len);
1715*741913f0SGordon Ross setupdata += nt_pw_len;
1716*741913f0SGordon Ross }
1717*741913f0SGordon Ross
1718*741913f0SGordon Ross /* User */
1719*741913f0SGordon Ross GET_STRING(tbuf, setupdata, isunicode);
1720*741913f0SGordon Ross show_printf("AccountName = %s", tbuf);
1721*741913f0SGordon Ross
1722*741913f0SGordon Ross /* Domain */
1723*741913f0SGordon Ross GET_STRING(tbuf, setupdata, isunicode);
1724*741913f0SGordon Ross show_printf("DomainName = %s", tbuf);
1725*741913f0SGordon Ross }
1726*741913f0SGordon Ross
1727*741913f0SGordon Ross /*
1728*741913f0SGordon Ross * Remainder is the same for etc. sec. or not
1729*741913f0SGordon Ross * Native OS, Native LanMan
1730*741913f0SGordon Ross */
1731*741913f0SGordon Ross GET_STRING(tbuf, setupdata, isunicode);
1732*741913f0SGordon Ross show_printf("NativeOS = %s", tbuf);
1733*741913f0SGordon Ross
1734*741913f0SGordon Ross GET_STRING(tbuf, setupdata, isunicode);
1735*741913f0SGordon Ross show_printf("NativeLanman = %s", tbuf);
1736*741913f0SGordon Ross } else {
1737*741913f0SGordon Ross /* response summary */
1738*741913f0SGordon Ross if (flags & F_SUM) {
1739*741913f0SGordon Ross if (ext_security) {
1740*741913f0SGordon Ross /* No decoder for SPNEGO */
1741*741913f0SGordon Ross snprintf(xtra, xsz, " (SPNEGO)");
1742*741913f0SGordon Ross }
1743*741913f0SGordon Ross return;
1744*741913f0SGordon Ross }
1745*741913f0SGordon Ross
1746*741913f0SGordon Ross if ((flags & F_DTAIL) == 0)
1747*741913f0SGordon Ross return;
1748*741913f0SGordon Ross
1749*741913f0SGordon Ross /* response detail */
1750*741913f0SGordon Ross show_printf("WordCount = %d", wordcount);
1751*741913f0SGordon Ross if (wordcount < 3)
1752*741913f0SGordon Ross return;
1753*741913f0SGordon Ross
1754*741913f0SGordon Ross show_printf("ChainedCommand = 0x%.2x", setupdata[0]);
1755*741913f0SGordon Ross setupdata += 2;
1756*741913f0SGordon Ross show_printf("NextOffset = 0x%.4x", get2(setupdata));
1757*741913f0SGordon Ross setupdata += 2;
1758*741913f0SGordon Ross show_printf("SetupAction = 0x%.4x", get2(setupdata));
1759*741913f0SGordon Ross setupdata += 2;
1760*741913f0SGordon Ross
1761*741913f0SGordon Ross if (ext_security) {
1762*741913f0SGordon Ross if (wordcount != 4)
1763*741913f0SGordon Ross return;
1764*741913f0SGordon Ross sec_blob_len = get2(setupdata);
1765*741913f0SGordon Ross setupdata += 2;
1766*741913f0SGordon Ross show_printf("Sec. blob len = %d", sec_blob_len);
1767*741913f0SGordon Ross } else {
17687c478bd9Sstevel@tonic-gate if (wordcount != 3)
17697c478bd9Sstevel@tonic-gate return;
1770*741913f0SGordon Ross }
1771*741913f0SGordon Ross
17727c478bd9Sstevel@tonic-gate bytecount = get2(setupdata);
17737c478bd9Sstevel@tonic-gate setupdata += 2;
1774*741913f0SGordon Ross show_printf("ByteCount = %d", bytecount);
1775*741913f0SGordon Ross
1776*741913f0SGordon Ross if (ext_security) {
1777*741913f0SGordon Ross /* No decoder for SPNEGO. Just dump hex. */
1778*741913f0SGordon Ross show_line("Security blob: (SPNEGO)");
1779*741913f0SGordon Ross output_bytes(setupdata, sec_blob_len);
1780*741913f0SGordon Ross setupdata += sec_blob_len;
1781*741913f0SGordon Ross }
1782*741913f0SGordon Ross
1783*741913f0SGordon Ross /*
1784*741913f0SGordon Ross * Native OS, Native LanMan
1785*741913f0SGordon Ross */
1786*741913f0SGordon Ross GET_STRING(tbuf, setupdata, isunicode);
1787*741913f0SGordon Ross show_printf("NativeOS = %s", tbuf);
1788*741913f0SGordon Ross
1789*741913f0SGordon Ross GET_STRING(tbuf, setupdata, isunicode);
1790*741913f0SGordon Ross show_printf("NativeLanman = %s", tbuf);
1791*741913f0SGordon Ross
1792*741913f0SGordon Ross if (ext_security == 0) {
1793*741913f0SGordon Ross GET_STRING(tbuf, setupdata, isunicode);
1794*741913f0SGordon Ross show_printf("DomainName = %s", tbuf);
1795*741913f0SGordon Ross }
17967c478bd9Sstevel@tonic-gate }
17977c478bd9Sstevel@tonic-gate }
17987c478bd9Sstevel@tonic-gate
17997c478bd9Sstevel@tonic-gate /*
18007c478bd9Sstevel@tonic-gate * Interpret "Trans2" SMB
18017c478bd9Sstevel@tonic-gate * [X/Open-SMB, Sec. 16]
18027c478bd9Sstevel@tonic-gate *
18037c478bd9Sstevel@tonic-gate * This is very much like "trans" above.
18047c478bd9Sstevel@tonic-gate */
18057c478bd9Sstevel@tonic-gate /* ARGSUSED */
18067c478bd9Sstevel@tonic-gate static void
interpret_trans2(int flags,uchar_t * data,int len,char * xtra,int xsz)1807*741913f0SGordon Ross interpret_trans2(int flags, uchar_t *data, int len, char *xtra, int xsz)
18087c478bd9Sstevel@tonic-gate {
18097c478bd9Sstevel@tonic-gate struct smb *smb;
18107c478bd9Sstevel@tonic-gate uchar_t *vwv; /* word parameters */
18117c478bd9Sstevel@tonic-gate int wordcount;
18127c478bd9Sstevel@tonic-gate uchar_t *byteparms;
18137c478bd9Sstevel@tonic-gate int bytecount;
18147c478bd9Sstevel@tonic-gate int parambytes;
18157c478bd9Sstevel@tonic-gate int paramoffset;
18167c478bd9Sstevel@tonic-gate int setupcount;
18177c478bd9Sstevel@tonic-gate int subcode;
18187c478bd9Sstevel@tonic-gate uchar_t *setupdata;
18197c478bd9Sstevel@tonic-gate uchar_t *params;
18207c478bd9Sstevel@tonic-gate char *name;
18217c478bd9Sstevel@tonic-gate
18227c478bd9Sstevel@tonic-gate smb = (struct smb *)data;
18237c478bd9Sstevel@tonic-gate vwv = (uchar_t *)data + sizeof (struct smb);
18247c478bd9Sstevel@tonic-gate wordcount = *vwv++;
18257c478bd9Sstevel@tonic-gate
18267c478bd9Sstevel@tonic-gate byteparms = vwv + (2 * wordcount);
18277c478bd9Sstevel@tonic-gate bytecount = get2(byteparms);
18287c478bd9Sstevel@tonic-gate byteparms += 2;
18297c478bd9Sstevel@tonic-gate
18307c478bd9Sstevel@tonic-gate /*
18317c478bd9Sstevel@tonic-gate * Print the lengths before we (potentially) bail out
18327c478bd9Sstevel@tonic-gate * due to lack of data (so the user knows why we did).
18337c478bd9Sstevel@tonic-gate */
18347c478bd9Sstevel@tonic-gate if (flags & F_DTAIL) {
1835*741913f0SGordon Ross show_printf("WordCount = %d", wordcount);
1836*741913f0SGordon Ross show_printf("ByteCount = %d", bytecount);
18377c478bd9Sstevel@tonic-gate }
18387c478bd9Sstevel@tonic-gate
18397c478bd9Sstevel@tonic-gate /* Get length and location of params and setup data. */
18407c478bd9Sstevel@tonic-gate if (!(smb->flags & SERVER_RESPONSE)) {
18417c478bd9Sstevel@tonic-gate /* CALL */
18427c478bd9Sstevel@tonic-gate if (wordcount < 14)
18437c478bd9Sstevel@tonic-gate return;
18447c478bd9Sstevel@tonic-gate parambytes = get2(vwv + (2 * 9));
18457c478bd9Sstevel@tonic-gate paramoffset = get2(vwv + (2 * 10));
18467c478bd9Sstevel@tonic-gate setupcount = *(vwv + (2 * 13));
18477c478bd9Sstevel@tonic-gate setupdata = vwv + (2 * 14);
18487c478bd9Sstevel@tonic-gate } else {
18497c478bd9Sstevel@tonic-gate /* REPLY */
18507c478bd9Sstevel@tonic-gate if (wordcount < 10)
18517c478bd9Sstevel@tonic-gate return;
18527c478bd9Sstevel@tonic-gate parambytes = get2(vwv + (2 * 3));
18537c478bd9Sstevel@tonic-gate paramoffset = get2(vwv + (2 * 4));
18547c478bd9Sstevel@tonic-gate setupcount = *(vwv + (2 * 9));
18557c478bd9Sstevel@tonic-gate setupdata = vwv + (2 * 10);
18567c478bd9Sstevel@tonic-gate }
18577c478bd9Sstevel@tonic-gate if (setupcount > 0)
18587c478bd9Sstevel@tonic-gate subcode = get2(setupdata);
18597c478bd9Sstevel@tonic-gate else
18607c478bd9Sstevel@tonic-gate subcode = -1; /* invalid */
18617c478bd9Sstevel@tonic-gate
18627c478bd9Sstevel@tonic-gate /* The parameters are offset from the SMB header. */
18637c478bd9Sstevel@tonic-gate params = data + paramoffset;
18647c478bd9Sstevel@tonic-gate
18657c478bd9Sstevel@tonic-gate if (flags & F_DTAIL && !(smb->flags & SERVER_RESPONSE)) {
18667c478bd9Sstevel@tonic-gate /* This is a CALL. */
18677c478bd9Sstevel@tonic-gate /* print the word parameters */
1868*741913f0SGordon Ross show_printf("TotalParamBytes = %d", get2(vwv));
1869*741913f0SGordon Ross show_printf("TotalDataBytes = %d", get2(vwv+2));
1870*741913f0SGordon Ross show_printf("MaxParamBytes = %d", get2(vwv+4));
1871*741913f0SGordon Ross show_printf("MaxDataBytes = %d", get2(vwv+6));
1872*741913f0SGordon Ross show_printf("MaxSetupWords = %d", vwv[8]);
1873*741913f0SGordon Ross show_printf("TransFlags = 0x%.4x", get2(vwv+10));
1874*741913f0SGordon Ross show_printf("Timeout = 0x%.8x", get4(vwv+12));
18757c478bd9Sstevel@tonic-gate /* skip Reserved2 */
1876*741913f0SGordon Ross show_printf("ParamBytes = 0x%.4x", parambytes);
1877*741913f0SGordon Ross show_printf("ParamOffset = 0x%.4x", paramoffset);
1878*741913f0SGordon Ross show_printf("DataBytes = 0x%.4x", get2(vwv+22));
1879*741913f0SGordon Ross show_printf("DataOffset = 0x%.4x", get2(vwv+24));
1880*741913f0SGordon Ross show_printf("SetupWords = %d", setupcount);
18817c478bd9Sstevel@tonic-gate
18827c478bd9Sstevel@tonic-gate /* That finishes the VWV, now the misc. stuff. */
1883*741913f0SGordon Ross show_printf("FunctionCode = %d", subcode);
18847c478bd9Sstevel@tonic-gate }
18857c478bd9Sstevel@tonic-gate
18867c478bd9Sstevel@tonic-gate if (!(smb->flags & SERVER_RESPONSE)) {
18877c478bd9Sstevel@tonic-gate /* This is a CALL. Do sub-function. */
18887c478bd9Sstevel@tonic-gate switch (subcode) {
18897c478bd9Sstevel@tonic-gate case TRANS2_OPEN:
18907c478bd9Sstevel@tonic-gate name = "Open";
18917c478bd9Sstevel@tonic-gate goto name_only;
18927c478bd9Sstevel@tonic-gate case TRANS2_FIND_FIRST:
1893*741913f0SGordon Ross output_trans2_findfirst(flags, params, xtra, xsz);
18947c478bd9Sstevel@tonic-gate break;
18957c478bd9Sstevel@tonic-gate case TRANS2_FIND_NEXT2:
1896*741913f0SGordon Ross output_trans2_findnext(flags, params, xtra, xsz);
18977c478bd9Sstevel@tonic-gate break;
18987c478bd9Sstevel@tonic-gate case TRANS2_QUERY_FS_INFORMATION:
18997c478bd9Sstevel@tonic-gate name = "QueryFSInfo";
19007c478bd9Sstevel@tonic-gate goto name_only;
19017c478bd9Sstevel@tonic-gate case TRANS2_QUERY_PATH_INFORMATION:
1902*741913f0SGordon Ross output_trans2_querypath(flags, params, xtra, xsz);
19037c478bd9Sstevel@tonic-gate break;
19047c478bd9Sstevel@tonic-gate case TRANS2_SET_PATH_INFORMATION:
19057c478bd9Sstevel@tonic-gate name = "SetPathInfo";
19067c478bd9Sstevel@tonic-gate goto name_only;
19077c478bd9Sstevel@tonic-gate case TRANS2_QUERY_FILE_INFORMATION:
1908*741913f0SGordon Ross output_trans2_queryfile(flags, params, xtra, xsz);
19097c478bd9Sstevel@tonic-gate break;
19107c478bd9Sstevel@tonic-gate case TRANS2_SET_FILE_INFORMATION:
1911*741913f0SGordon Ross output_trans2_setfile(flags, params, xtra, xsz);
19127c478bd9Sstevel@tonic-gate break;
19137c478bd9Sstevel@tonic-gate case TRANS2_CREATE_DIRECTORY:
19147c478bd9Sstevel@tonic-gate name = "CreateDir";
19157c478bd9Sstevel@tonic-gate goto name_only;
19167c478bd9Sstevel@tonic-gate
19177c478bd9Sstevel@tonic-gate default:
19187c478bd9Sstevel@tonic-gate name = "Unknown";
19197c478bd9Sstevel@tonic-gate /* fall through */
19207c478bd9Sstevel@tonic-gate name_only:
19217c478bd9Sstevel@tonic-gate if (flags & F_SUM)
1922*741913f0SGordon Ross snprintf(xtra, xsz, " %s", name);
19237c478bd9Sstevel@tonic-gate if (flags & F_DTAIL)
1924*741913f0SGordon Ross show_printf("FunctionName = %s", name);
19257c478bd9Sstevel@tonic-gate break;
19267c478bd9Sstevel@tonic-gate }
19277c478bd9Sstevel@tonic-gate }
19287c478bd9Sstevel@tonic-gate
19297c478bd9Sstevel@tonic-gate if (flags & F_DTAIL && smb->flags & SERVER_RESPONSE) {
19307c478bd9Sstevel@tonic-gate /* This is a REPLY. */
19317c478bd9Sstevel@tonic-gate /* print the word parameters */
1932*741913f0SGordon Ross show_printf("TotalParamBytes = %d", get2(vwv));
1933*741913f0SGordon Ross show_printf("TotalDataBytes = %d", get2(vwv+2));
19347c478bd9Sstevel@tonic-gate /* skip Reserved */
1935*741913f0SGordon Ross show_printf("ParamBytes = 0x%.4x", parambytes);
1936*741913f0SGordon Ross show_printf("ParamOffset = 0x%.4x", paramoffset);
1937*741913f0SGordon Ross show_printf("ParamDispl. = 0x%.4x", get2(vwv+10));
1938*741913f0SGordon Ross show_printf("DataBytes = 0x%.4x", get2(vwv+12));
1939*741913f0SGordon Ross show_printf("DataOffset = 0x%.4x", get2(vwv+14));
1940*741913f0SGordon Ross show_printf("DataDispl. = 0x%.4x", get2(vwv+16));
1941*741913f0SGordon Ross show_printf("SetupWords = %d", setupcount);
19427c478bd9Sstevel@tonic-gate
19437c478bd9Sstevel@tonic-gate output_bytes(byteparms, bytecount);
19447c478bd9Sstevel@tonic-gate }
19457c478bd9Sstevel@tonic-gate }
19467c478bd9Sstevel@tonic-gate
19477c478bd9Sstevel@tonic-gate
19487c478bd9Sstevel@tonic-gate static void
interpret_default(int flags,uchar_t * data,int len,char * xtra,int xsz)1949*741913f0SGordon Ross interpret_default(int flags, uchar_t *data, int len, char *xtra, int xsz)
19507c478bd9Sstevel@tonic-gate {
19517c478bd9Sstevel@tonic-gate int slength;
1952*741913f0SGordon Ross int i, tl;
1953*741913f0SGordon Ross int isunicode;
19547c478bd9Sstevel@tonic-gate int printit;
19557c478bd9Sstevel@tonic-gate int wordcount;
1956*741913f0SGordon Ross int outsz;
19577c478bd9Sstevel@tonic-gate char *outstr;
19587c478bd9Sstevel@tonic-gate char *format;
19597c478bd9Sstevel@tonic-gate char valuetype;
19607c478bd9Sstevel@tonic-gate char word[10];
19617c478bd9Sstevel@tonic-gate char *label;
1962*741913f0SGordon Ross char tempstr[256];
19637c478bd9Sstevel@tonic-gate uchar_t *comdata, *limit;
19647c478bd9Sstevel@tonic-gate char buff[80];
19657c478bd9Sstevel@tonic-gate struct smb *smbdata;
19667c478bd9Sstevel@tonic-gate struct decode *decoder;
1967*741913f0SGordon Ross uchar_t bval;
1968*741913f0SGordon Ross ushort_t wval;
1969*741913f0SGordon Ross ushort_t smb_flags2;
1970*741913f0SGordon Ross uint_t lval;
19717c478bd9Sstevel@tonic-gate
19727c478bd9Sstevel@tonic-gate smbdata = (struct smb *)data;
1973*741913f0SGordon Ross smb_flags2 = get2(smbdata->flags2);
19747c478bd9Sstevel@tonic-gate comdata = (uchar_t *)data + sizeof (struct smb);
19757c478bd9Sstevel@tonic-gate wordcount = *comdata++;
19767c478bd9Sstevel@tonic-gate limit = data + len;
19777c478bd9Sstevel@tonic-gate
1978*741913f0SGordon Ross isunicode = smb_flags2 & FLAGS2_UNICODE;
19797c478bd9Sstevel@tonic-gate decoder = &SMBtable[smbdata->com & 255];
19807c478bd9Sstevel@tonic-gate
19817c478bd9Sstevel@tonic-gate if (smbdata->flags & SERVER_RESPONSE)
19827c478bd9Sstevel@tonic-gate format = decoder->replyfmt;
19837c478bd9Sstevel@tonic-gate else
19847c478bd9Sstevel@tonic-gate format = decoder->callfmt;
19857c478bd9Sstevel@tonic-gate
19867c478bd9Sstevel@tonic-gate if (!format || strlen(format) == 0) {
1987*741913f0SGordon Ross if (flags & F_SUM)
19887c478bd9Sstevel@tonic-gate return;
1989*741913f0SGordon Ross show_printf("WordCount = %d", wordcount);
1990*741913f0SGordon Ross if (wordcount == 0)
1991*741913f0SGordon Ross return;
1992*741913f0SGordon Ross show_line("Word values (in hex):");
1993*741913f0SGordon Ross buff[0] = '\0';
19947c478bd9Sstevel@tonic-gate for (i = 0; i < wordcount; i++) {
1995*741913f0SGordon Ross snprintf(word, sizeof (word), "%.4x ", get2(comdata));
19967c478bd9Sstevel@tonic-gate comdata += 2;
19977c478bd9Sstevel@tonic-gate if (comdata >= limit)
19987c478bd9Sstevel@tonic-gate wordcount = i+1; /* terminate */
1999*741913f0SGordon Ross (void) strlcat(buff, word, sizeof (buff));
20007c478bd9Sstevel@tonic-gate if (((i+1) & 7) == 0 || i == (wordcount-1)) {
2001*741913f0SGordon Ross show_line(buff);
20027c478bd9Sstevel@tonic-gate strcpy(buff, "");
20037c478bd9Sstevel@tonic-gate }
20047c478bd9Sstevel@tonic-gate }
20057c478bd9Sstevel@tonic-gate return;
20067c478bd9Sstevel@tonic-gate }
20077c478bd9Sstevel@tonic-gate
2008*741913f0SGordon Ross if (flags & F_DTAIL)
2009*741913f0SGordon Ross show_printf("WordCount = %d", wordcount);
2010*741913f0SGordon Ross
2011*741913f0SGordon Ross outstr = xtra;
2012*741913f0SGordon Ross outsz = xsz;
20137c478bd9Sstevel@tonic-gate
20147c478bd9Sstevel@tonic-gate valuetype = format[0];
20157c478bd9Sstevel@tonic-gate while (valuetype != '\0') {
20167c478bd9Sstevel@tonic-gate if (comdata >= limit)
20177c478bd9Sstevel@tonic-gate break;
20187c478bd9Sstevel@tonic-gate label = format+1;
20197c478bd9Sstevel@tonic-gate printit = (flags & F_DTAIL) || (valuetype <= 'Z');
20207c478bd9Sstevel@tonic-gate
20217c478bd9Sstevel@tonic-gate switch (valuetype) {
20227c478bd9Sstevel@tonic-gate case 'W':
20237c478bd9Sstevel@tonic-gate case 'w':
2024*741913f0SGordon Ross wval = get2(comdata);
20257c478bd9Sstevel@tonic-gate comdata += 2;
2026*741913f0SGordon Ross if (!printit)
20277c478bd9Sstevel@tonic-gate break;
2028*741913f0SGordon Ross if (flags & F_DTAIL)
2029*741913f0SGordon Ross show_printf(
2030*741913f0SGordon Ross "%s = 0x%.4x", label, wval);
2031*741913f0SGordon Ross else {
2032*741913f0SGordon Ross tl = snprintf(outstr, outsz,
2033*741913f0SGordon Ross " %s=0x%x", label, wval);
2034*741913f0SGordon Ross outstr += tl;
2035*741913f0SGordon Ross outsz -= tl;
2036*741913f0SGordon Ross }
2037*741913f0SGordon Ross break;
2038*741913f0SGordon Ross
20397c478bd9Sstevel@tonic-gate case 'D':
20407c478bd9Sstevel@tonic-gate case 'd':
2041*741913f0SGordon Ross wval = get2(comdata);
20427c478bd9Sstevel@tonic-gate comdata += 2;
2043*741913f0SGordon Ross if (!printit)
20447c478bd9Sstevel@tonic-gate break;
2045*741913f0SGordon Ross if (flags & F_DTAIL)
2046*741913f0SGordon Ross show_printf(
2047*741913f0SGordon Ross "%s = %d", label, wval);
2048*741913f0SGordon Ross else {
2049*741913f0SGordon Ross tl = snprintf(outstr, outsz,
2050*741913f0SGordon Ross " %s=%d", label, wval);
2051*741913f0SGordon Ross outstr += tl;
2052*741913f0SGordon Ross outsz -= tl;
2053*741913f0SGordon Ross }
2054*741913f0SGordon Ross break;
2055*741913f0SGordon Ross
20567c478bd9Sstevel@tonic-gate case 'L':
20577c478bd9Sstevel@tonic-gate case 'l':
2058*741913f0SGordon Ross lval = get4(comdata);
20597c478bd9Sstevel@tonic-gate comdata += 4;
2060*741913f0SGordon Ross if (!printit)
20617c478bd9Sstevel@tonic-gate break;
2062*741913f0SGordon Ross if (flags & F_DTAIL)
2063*741913f0SGordon Ross show_printf(
2064*741913f0SGordon Ross "%s = 0x%.8x", label, lval);
2065*741913f0SGordon Ross else {
2066*741913f0SGordon Ross tl = snprintf(outstr, outsz,
2067*741913f0SGordon Ross " %s=0x%x", label, lval);
2068*741913f0SGordon Ross outstr += tl;
2069*741913f0SGordon Ross outsz -= tl;
2070*741913f0SGordon Ross }
2071*741913f0SGordon Ross break;
2072*741913f0SGordon Ross
20737c478bd9Sstevel@tonic-gate case 'B':
20747c478bd9Sstevel@tonic-gate case 'b':
2075*741913f0SGordon Ross bval = comdata[0];
20767c478bd9Sstevel@tonic-gate comdata += 1;
2077*741913f0SGordon Ross if (!printit)
20787c478bd9Sstevel@tonic-gate break;
2079*741913f0SGordon Ross if (flags & F_DTAIL)
2080*741913f0SGordon Ross show_printf(
2081*741913f0SGordon Ross "%s = 0x%.2x", label, bval);
2082*741913f0SGordon Ross else {
2083*741913f0SGordon Ross tl = snprintf(outstr, outsz,
2084*741913f0SGordon Ross " %s=0x%x", label, bval);
2085*741913f0SGordon Ross outstr += tl;
2086*741913f0SGordon Ross outsz -= tl;
2087*741913f0SGordon Ross }
2088*741913f0SGordon Ross break;
2089*741913f0SGordon Ross
20907c478bd9Sstevel@tonic-gate case 'r':
20917c478bd9Sstevel@tonic-gate comdata++;
20927c478bd9Sstevel@tonic-gate break;
2093*741913f0SGordon Ross
20947c478bd9Sstevel@tonic-gate case 'R':
20957c478bd9Sstevel@tonic-gate comdata += 2;
20967c478bd9Sstevel@tonic-gate break;
2097*741913f0SGordon Ross
20987c478bd9Sstevel@tonic-gate case 'U':
20997c478bd9Sstevel@tonic-gate case 'u':
2100*741913f0SGordon Ross /* Unicode or ASCII string. */
2101*741913f0SGordon Ross GET_STRING(tempstr, comdata, isunicode);
2102*741913f0SGordon Ross if (!printit)
21037c478bd9Sstevel@tonic-gate break;
2104*741913f0SGordon Ross if (flags & F_DTAIL)
2105*741913f0SGordon Ross show_printf(
2106*741913f0SGordon Ross "%s = %s", label, tempstr);
2107*741913f0SGordon Ross else {
2108*741913f0SGordon Ross tl = snprintf(outstr, outsz,
2109*741913f0SGordon Ross " %s=%s", label, tempstr);
2110*741913f0SGordon Ross outstr += tl;
2111*741913f0SGordon Ross outsz -= tl;
2112*741913f0SGordon Ross }
2113*741913f0SGordon Ross break;
2114*741913f0SGordon Ross
21157c478bd9Sstevel@tonic-gate case 'S':
21167c478bd9Sstevel@tonic-gate case 's':
2117*741913f0SGordon Ross slength = strlcpy(tempstr, (char *)comdata,
2118*741913f0SGordon Ross sizeof (tempstr));
21197c478bd9Sstevel@tonic-gate comdata += (slength+1);
2120*741913f0SGordon Ross if (!printit)
2121*741913f0SGordon Ross break;
2122*741913f0SGordon Ross if (flags & F_DTAIL)
2123*741913f0SGordon Ross show_printf(
2124*741913f0SGordon Ross "%s = %s", label, tempstr);
2125*741913f0SGordon Ross else {
2126*741913f0SGordon Ross tl = snprintf(outstr, outsz,
2127*741913f0SGordon Ross " %s=%s", label, tempstr);
2128*741913f0SGordon Ross outstr += tl;
2129*741913f0SGordon Ross outsz -= tl;
2130*741913f0SGordon Ross }
21317c478bd9Sstevel@tonic-gate break;
21327c478bd9Sstevel@tonic-gate }
21337c478bd9Sstevel@tonic-gate format += (strlen(format) + 1);
21347c478bd9Sstevel@tonic-gate valuetype = format[0];
21357c478bd9Sstevel@tonic-gate }
21367c478bd9Sstevel@tonic-gate }
2137