X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/3b8eb6c73024c35643be55c96d0a1b90010daf28..61fdd1dc2d7b48b87c7122c6e01a4fd90f426bf9:/print-smb.c diff --git a/print-smb.c b/print-smb.c index fb53dc2e..74d58b38 100644 --- a/print-smb.c +++ b/print-smb.c @@ -11,13 +11,14 @@ #endif #ifndef lint -static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-smb.c,v 1.20 2002-01-17 04:38:29 guy Exp $"; +static const char rcsid[] _U_ = + "@(#) $Header: /tcpdump/master/tcpdump/print-smb.c,v 1.32 2004-05-31 02:08:27 guy Exp $"; #endif +#include + #include #include -#include #include "interface.h" #include "extract.h" @@ -168,12 +169,12 @@ struct smbfnsint trans2_fns[] = { static void -print_trans2(const u_char *words, const u_char *dat, const u_char *buf, const u_char *maxbuf) +print_trans2(const u_char *words, const u_char *dat _U_, const u_char *buf, const u_char *maxbuf) { static struct smbfnsint *fn = &trans2_fns[0]; const u_char *data, *param; const u_char *w = words + 1; - const u_char *f1 = NULL, *f2 = NULL; + const char *f1 = NULL, *f2 = NULL; int pcnt, dcnt; TCHECK(words[0]); @@ -224,8 +225,8 @@ print_trans2(const u_char *words, const u_char *dat, const u_char *buf, const u_ if (fn->descript.fn) (*fn->descript.fn)(param, data, pcnt, dcnt); else { - smb_fdata(param, f1 ? f1 : (u_char *)"Paramaters=\n", param + pcnt); - smb_fdata(data, f2 ? f2 : (u_char *)"Data=\n", data + dcnt); + smb_fdata(param, f1 ? f1 : "Parameters=\n", param + pcnt); + smb_fdata(data, f2 ? f2 : "Data=\n", data + dcnt); } return; trunc: @@ -329,7 +330,7 @@ print_ipc(const u_char *param, int paramlen, const u_char *data, int datalen) static void print_trans(const u_char *words, const u_char *data1, const u_char *buf, const u_char *maxbuf) { - const u_char *f1, *f2, *f3, *f4; + const char *f1, *f2, *f3, *f4; const u_char *data, *param; const u_char *w = words + 1; int datalen, paramlen; @@ -359,12 +360,12 @@ print_trans(const u_char *words, const u_char *data1, const u_char *buf, const u smb_fdata(words + 1, f1, SMBMIN(words + 1 + 2 * words[0], maxbuf)); smb_fdata(data1 + 2, f2, maxbuf - (paramlen + datalen)); - if (!strcmp(data1 + 2, "\\MAILSLOT\\BROWSE")) { + if (strcmp((const char *)(data1 + 2), "\\MAILSLOT\\BROWSE") == 0) { print_browse(param, paramlen, data, datalen); return; } - if (!strcmp(data1 + 2, "\\PIPE\\LANMAN")) { + if (strcmp((const char *)(data1 + 2), "\\PIPE\\LANMAN") == 0) { print_ipc(param, paramlen, data, datalen); return; } @@ -381,27 +382,28 @@ trunc: static void -print_negprot(const u_char *words, const u_char *data, const u_char *buf, const u_char *maxbuf) +print_negprot(const u_char *words, const u_char *data, const u_char *buf _U_, const u_char *maxbuf) { - u_char *f1 = NULL, *f2 = NULL; + u_int wcnt; + const char *f1 = NULL, *f2 = NULL; TCHECK(words[0]); + wcnt = words[0]; if (request) f2 = "*|Dialect=[Z]\n"; else { - if (words[0] == 1) + if (wcnt == 1) f1 = "Core Protocol\nDialectIndex=[d]"; - else if (words[0] == 17) + else if (wcnt == 17) f1 = "NT1 Protocol\nDialectIndex=[d]\nSecMode=[B]\nMaxMux=[d]\nNumVcs=[d]\nMaxBuffer=[D]\nRawSize=[D]\nSessionKey=[W]\nCapabilities=[W]\nServerTime=[T3]TimeZone=[d]\nCryptKey="; - else if (words[0] == 13) + else if (wcnt == 13) f1 = "Coreplus/Lanman1/Lanman2 Protocol\nDialectIndex=[d]\nSecMode=[w]\nMaxXMit=[d]\nMaxMux=[d]\nMaxVcs=[d]\nBlkMode=[w]\nSessionKey=[W]\nServerTime=[T1]TimeZone=[d]\nRes=[W]\nCryptKey="; } if (f1) - smb_fdata(words + 1, f1, SMBMIN(words + 1 + words[0] * 2, maxbuf)); + smb_fdata(words + 1, f1, SMBMIN(words + 1 + wcnt * 2, maxbuf)); else - print_data(words + 1, SMBMIN(words[0] * 2, - PTR_DIFF(maxbuf, words + 1))); + print_data(words + 1, SMBMIN(wcnt * 2, PTR_DIFF(maxbuf, words + 1))); TCHECK2(*data, 2); if (f2) @@ -415,10 +417,10 @@ trunc: } static void -print_sesssetup(const u_char *words, const u_char *data, const u_char *buf, const u_char *maxbuf) +print_sesssetup(const u_char *words, const u_char *data, const u_char *buf _U_, const u_char *maxbuf) { - int wcnt; - u_char *f1 = NULL, *f2 = NULL; + u_int wcnt; + const char *f1 = NULL, *f2 = NULL; TCHECK(words[0]); wcnt = words[0]; @@ -428,19 +430,18 @@ print_sesssetup(const u_char *words, const u_char *data, const u_char *buf, cons else f1 = "Com2=[B]\nRes1=[B]\nOff2=[d]\nMaxBuffer=[d]\nMaxMpx=[d]\nVcNumber=[d]\nSessionKey=[W]\nCaseInsensitivePasswordLength=[d]\nCaseSensitivePasswordLength=[d]\nRes=[W]\nCapabilities=[W]\nPass1&Pass2&Account&Domain&OS&LanMan=\n"; } else { - if (words[0] == 3) { + if (wcnt == 3) { f1 = "Com2=[w]\nOff2=[d]\nAction=[w]\n"; - } else if (words[0] == 13) { + } else if (wcnt == 13) { f1 = "Com2=[B]\nRes=[B]\nOff2=[d]\nAction=[w]\n"; f2 = "NativeOS=[S]\nNativeLanMan=[S]\nPrimaryDomain=[S]\n"; } } if (f1) - smb_fdata(words + 1, f1, SMBMIN(words + 1 + words[0] * 2, maxbuf)); + smb_fdata(words + 1, f1, SMBMIN(words + 1 + wcnt * 2, maxbuf)); else - print_data(words + 1, SMBMIN(words[0] * 2, - PTR_DIFF(maxbuf, words + 1))); + print_data(words + 1, SMBMIN(wcnt * 2, PTR_DIFF(maxbuf, words + 1))); TCHECK2(*data, 2); if (f2) @@ -538,7 +539,7 @@ static struct smbfns smb_fns[] = { { pSETDIR, "SMBsetdir", 0, { NULL, "Path=[Z]\n", NULL, NULL, NULL } }, { SMBlseek, "SMBlseek", 0, - { "Handle=[d]\nMode=[w]\nOffset=[D]\n", "Offset=[D]\n", NULL, NULL } }, + { "Handle=[d]\nMode=[w]\nOffset=[D]\n", "Offset=[D]\n", NULL, NULL, NULL } }, { SMBflush, "SMBflush", 0, { "Handle=[d]\n", NULL, NULL, NULL, NULL } }, @@ -716,7 +717,7 @@ static struct smbfns smb_fns[] = { { "Com2=[w]\nOff2=[d]\nRes=[b]\nNameLen=[d]\nFlags=[W]\nRootDirectoryFid=[D]\nAccessMask=[W]\nAllocationSize=[L]\nExtFileAttributes=[W]\nShareAccess=[W]\nCreateDisposition=[W]\nCreateOptions=[W]\nImpersonationLevel=[W]\nSecurityFlags=[b]\n", "Path=[S]\n", "Com2=[w]\nOff2=[d]\nOplockLevel=[b]\nFid=[d]\nCreateAction=[W]\nCreateTime=[T3]LastAccessTime=[T3]LastWriteTime=[T3]ChangeTime=[T3]ExtFileAttributes=[W]\nAllocationSize=[L]\nEndOfFile=[L]\nFileType=[w]\nDeviceState=[w]\nDirectory=[b]\n", - NULL } }, + NULL, NULL } }, { SMBntcancel, "SMBntcancel", 0, DEFDESCRIPT }, @@ -733,7 +734,7 @@ print_smb(const u_char *buf, const u_char *maxbuf) int command; const u_char *words, *data; struct smbfns *fn; - char *fmt_smbheader = + const char *fmt_smbheader = "[P4]SMB Command = [B]\nError class = [BP1]\nError code = [d]\nFlags1 = [B]\nFlags2 = [B][P13]\nTree ID = [d]\nProc ID = [d]\nUID = [d]\nMID = [d]\nWord Count = [b]\n"; @@ -762,9 +763,9 @@ print_smb(const u_char *buf, const u_char *maxbuf) TCHECK(words[0]); for (;;) { - const u_char *f1, *f2; + const char *f1, *f2; int wct; - int bcc; + u_int bcc; TCHECK(words[0]); wct = words[0]; @@ -805,7 +806,7 @@ print_smb(const u_char *buf, const u_char *maxbuf) smb_fdata(data + 2, f2, data + 2 + bcc); } } else { - printf("smb_bcc=%d\n", bcc); + printf("smb_bcc=%u\n", bcc); if (bcc > 0) { printf("smb_buf[]=\n"); print_data(data + 2, SMBMIN(bcc, PTR_DIFF(maxbuf, data + 2))); @@ -845,52 +846,93 @@ void nbt_tcp_print(const u_char *data, int length) { const u_char *maxbuf = data + length; - int flags; - int nbt_len; + int type; + u_int nbt_len; TCHECK2(data[2], 2); - flags = data[0]; + type = data[0]; nbt_len = EXTRACT_16BITS(data + 2); startbuf = data; if (maxbuf <= data) return; - if (vflag > 1) - printf ("\n>>> "); + if (vflag < 2) { + printf(" NBT Session Packet: "); + switch (type) { + case 0x00: + printf("Session Message"); + break; - printf("NBT Packet"); + case 0x81: + printf("Session Request"); + break; - if (vflag < 2) - return; + case 0x82: + printf("Session Granted"); + break; - printf("\n"); + case 0x83: + { + int ecode; + + TCHECK(data[4]); + ecode = data[4]; + + printf("Session Reject, "); + switch (ecode) { + case 0x80: + printf("Not listening on called name"); + break; + case 0x81: + printf("Not listening for calling name"); + break; + case 0x82: + printf("Called name not present"); + break; + case 0x83: + printf("Called name present, but insufficient resources"); + break; + default: + printf("Unspecified error 0x%X", ecode); + break; + } + } + break; - switch (flags) { - case 1: - printf("flags=0x%x\n", flags); - case 0: - data = smb_fdata(data, "NBT Session Packet\nFlags=[rw]\nLength=[rd]\n", - data + 4); - if (data == NULL) + case 0x85: + printf("Session Keepalive"); + break; + + default: + data = smb_fdata(data, "Unknown packet type [rB]", maxbuf); + break; + } + } else { + printf ("\n>>> NBT Session Packet\n"); + switch (type) { + case 0x00: + data = smb_fdata(data, "[P1]NBT Session Message\nFlags=[B]\nLength=[rd]\n", + data + 4); + if (data == NULL) + break; + if (memcmp(data,"\377SMB",4) == 0) { + if (nbt_len > PTR_DIFF(maxbuf, data)) + printf("WARNING: Short packet. Try increasing the snap length (%lu)\n", + (unsigned long)PTR_DIFF(maxbuf, data)); + print_smb(data, maxbuf > data + nbt_len ? data + nbt_len : maxbuf); + } else + printf("Session packet:(raw data?)\n"); break; - if (memcmp(data,"\377SMB",4) == 0) { - if (nbt_len > PTR_DIFF(maxbuf, data)) - printf("WARNING: Short packet. Try increasing the snap length (%lu)\n", - (unsigned long)PTR_DIFF(maxbuf, data)); - print_smb(data, maxbuf > data + nbt_len ? data + nbt_len : maxbuf); - } else - printf("Session packet:(raw data?)\n"); - break; case 0x81: data = smb_fdata(data, - "NBT Session Request\nFlags=[rW]\nDestination=[n1]\nSource=[n1]\n", + "[P1]NBT Session Request\nFlags=[B]\nLength=[rd]\nDestination=[n1]\nSource=[n1]\n", maxbuf); break; case 0x82: - data = smb_fdata(data, "NBT Session Granted\nFlags=[rW]\n", maxbuf); + data = smb_fdata(data, "[P1]NBT Session Granted\nFlags=[B]\nLength=[rd]\n", maxbuf); break; case 0x83: @@ -900,7 +942,7 @@ nbt_tcp_print(const u_char *data, int length) TCHECK(data[4]); ecode = data[4]; - data = smb_fdata(data, "NBT SessionReject\nFlags=[rW]\nReason=[B]\n", + data = smb_fdata(data, "[P1]NBT SessionReject\nFlags=[B]\nLength=[rd]\nReason=[B]\n", maxbuf); switch (ecode) { case 0x80: @@ -923,15 +965,16 @@ nbt_tcp_print(const u_char *data, int length) break; case 0x85: - data = smb_fdata(data, "NBT Session Keepalive\nFlags=[rW]\n", maxbuf); + data = smb_fdata(data, "[P1]NBT Session Keepalive\nFlags=[B]\nLength=[rd]\n", maxbuf); break; default: - printf("flags=0x%x\n", flags); - data = smb_fdata(data, "NBT - Unknown packet type\nType=[rW]\n", maxbuf); + data = smb_fdata(data, "NBT - Unknown packet type\nType=[B]\n", maxbuf); + break; + } + printf("\n"); + fflush(stdout); } - printf("\n"); - fflush(stdout); return; trunc: printf("[|SMB]"); @@ -948,8 +991,8 @@ nbt_udp137_print(const u_char *data, int length) const u_char *maxbuf = data + length; int name_trn_id, response, opcode, nm_flags, rcode; int qdcount, ancount, nscount, arcount; - char *opcodestr; - const char *p; + const char *opcodestr; + const u_char *p; int total, i; TCHECK2(data[10], 2); @@ -1078,14 +1121,14 @@ nbt_udp137_print(const u_char *data, int length) p += 2; } } else { - print_data(p, min(rdlen, length - ((const u_char *)p - data))); + print_data(p, min(rdlen, length - (p - data))); p += rdlen; } } } } - if ((u_char*)p < maxbuf) + if (p < maxbuf) smb_fdata(p, "AdditionalData:\n", maxbuf); out: @@ -1139,6 +1182,61 @@ out: /* print netbeui frames */ +struct nbf_strings { + const char *name; + const char *nonverbose; + const char *verbose; +} nbf_strings[0x20] = { + { "Add Group Name Query", ", [P23]Name to add=[n2]#", + "[P5]ResponseCorrelator=[w]\n[P16]Name to add=[n2]\n" }, + { "Add Name Query", ", [P23]Name to add=[n2]#", + "[P5]ResponseCorrelator=[w]\n[P16]Name to add=[n2]\n" }, + { "Name In Conflict", NULL, NULL }, + { "Status Query", NULL, NULL }, + { NULL, NULL, NULL }, /* not used */ + { NULL, NULL, NULL }, /* not used */ + { NULL, NULL, NULL }, /* not used */ + { "Terminate Trace", NULL, NULL }, + { "Datagram", NULL, + "[P7]Destination=[n2]\nSource=[n2]\n" }, + { "Broadcast Datagram", NULL, + "[P7]Destination=[n2]\nSource=[n2]\n" }, + { "Name Query", ", [P7]Name=[n2]#", + "[P1]SessionNumber=[B]\nNameType=[B][P2]\nResponseCorrelator=[w]\nName=[n2]\nName of sender=[n2]\n" }, + { NULL, NULL, NULL }, /* not used */ + { NULL, NULL, NULL }, /* not used */ + { "Add Name Response", ", [P1]GroupName=[w] [P4]Destination=[n2] Source=[n2]#", + "AddNameInProcess=[B]\nGroupName=[w]\nTransmitCorrelator=[w][P2]\nDestination=[n2]\nSource=[n2]\n" }, + { "Name Recognized", NULL, + "[P1]Data2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nDestination=[n2]\nSource=[n2]\n" }, + { "Status Response", NULL, NULL }, + { NULL, NULL, NULL }, /* not used */ + { NULL, NULL, NULL }, /* not used */ + { NULL, NULL, NULL }, /* not used */ + { "Terminate Trace", NULL, NULL }, + { "Data Ack", NULL, + "[P3]TransmitCorrelator=[w][P2]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, + { "Data First/Middle", NULL, + "Flags=[{RECEIVE_CONTINUE|NO_ACK||PIGGYBACK_ACK_INCLUDED|}]\nResyncIndicator=[w][P2]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, + { "Data Only/Last", NULL, + "Flags=[{|NO_ACK|PIGGYBACK_ACK_ALLOWED|PIGGYBACK_ACK_INCLUDED|}]\nResyncIndicator=[w][P2]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, + { "Session Confirm", NULL, + "Data1=[B]\nData2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, + { "Session End", NULL, + "[P1]Data2=[w][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, + { "Session Initialize", NULL, + "Data1=[B]\nData2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, + { "No Receive", NULL, + "Flags=[{|SEND_NO_ACK}]\nDataBytesAccepted=[b][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, + { "Receive Outstanding", NULL, + "[P1]DataBytesAccepted=[b][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, + { "Receive Continue", NULL, + "[P2]TransmitCorrelator=[w]\n[P2]RemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, + { NULL, NULL, NULL }, /* not used */ + { NULL, NULL, NULL }, /* not used */ + { "Session Alive", NULL, NULL } +}; + void netbeui_print(u_short control, const u_char *data, int length) { @@ -1162,69 +1260,37 @@ netbeui_print(u_short control, const u_char *data, int length) startbuf = data; if (vflag < 2) { - printf("NetBeui Packet"); - return; + printf("NBF Packet: "); + data = smb_fdata(data, "[P5]#", maxbuf); + } else { + printf("\n>>> NBF Packet\nType=0x%X ", control); + data = smb_fdata(data, "Length=[d] Signature=[w] Command=[B]\n#", maxbuf); } - - printf("\n>>> NetBeui Packet\nType=0x%X ", control); - data = smb_fdata(data, "Length=[d] Signature=[w] Command=[B]\n#", maxbuf); if (data == NULL) goto out; - switch (command) { - case 0xA: - data = smb_fdata(data, "NameQuery:[P1]\nSessionNumber=[B]\nNameType=[B][P2]\nResponseCorrelator=[w]\nDestination=[n2]\nSource=[n2]\n", data2); - break; - - case 0x8: - data = smb_fdata(data, - "NetbiosDataGram:[P7]\nDestination=[n2]\nSource=[n2]\n", data2); - break; - - case 0xE: - data = smb_fdata(data, - "NameRecognise:\n[P1]\nData2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nDestination=[n2]\nSource=[n2]\n", - data2); - break; - - case 0x19: - data = smb_fdata(data, - "SessionInitialise:\nData1=[B]\nData2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n", - data2); - break; - - case 0x17: - data = smb_fdata(data, - "SessionConfirm:\nData1=[B]\nData2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n", - data2); - break; - - case 0x16: - data = smb_fdata(data, - "NetbiosDataOnlyLast:\nFlags=[{|NO_ACK|PIGGYBACK_ACK_ALLOWED|PIGGYBACK_ACK_INCLUDED|}]\nResyncIndicator=[w][P2]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n", - data2); - break; - - case 0x14: - data = smb_fdata(data, - "NetbiosDataAck:\n[P3]TransmitCorrelator=[w][P2]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n", - data2); - break; - - case 0x18: - data = smb_fdata(data, - "SessionEnd:\n[P1]Data2=[w][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n", - data2); - break; + if (command > 0x1f || nbf_strings[command].name == NULL) { + if (vflag < 2) + data = smb_fdata(data, "Unknown NBF Command#", data2); + else + data = smb_fdata(data, "Unknown NBF Command\n", data2); + } else { + if (vflag < 2) { + printf("%s", nbf_strings[command].name); + if (nbf_strings[command].nonverbose != NULL) + data = smb_fdata(data, nbf_strings[command].nonverbose, data2); + } else { + printf("%s:\n", nbf_strings[command].name); + if (nbf_strings[command].verbose != NULL) + data = smb_fdata(data, nbf_strings[command].verbose, data2); + else + printf("\n"); + } + } - case 0x1f: - data = smb_fdata(data, "SessionAlive\n", data2); - break; + if (vflag < 2) + return; - default: - data = smb_fdata(data, "Unknown Netbios Command ", data2); - break; - } if (data == NULL) goto out; @@ -1233,6 +1299,11 @@ netbeui_print(u_short control, const u_char *data, int length) goto out; } + /* If this isn't a command that would contain an SMB message, quit. */ + if (command != 0x08 && command != 0x09 && command != 0x15 && + command != 0x16) + goto out; + /* If there isn't enough data for "\377SMB", don't look for it. */ if (&data2[3] >= maxbuf) goto out;