smb.h

snort2.8.4版本

 * Write AndX :: smb_com = SMB_COM_WRITE_ANDX
 *
 ********************************************************************/
typedef struct _SmbLm10_WriteAndXReq   /* smb_wct = 12 */
{
    uint8_t  smb_wct;        /* count of 16-bit words that follow */
    uint8_t  smb_com2;       /* secondary (X) command, 0xFF = none */
    uint8_t  smb_reh2;       /* reserved (must be zero) */
    uint16_t smb_off2;       /* offset (from SMB hdr start) to next cmd (@smb_wct) */
    uint16_t smb_fid;        /* file handle */
    uint32_t smb_offset;     /* offset in file to begin write */
    uint32_t smb_timeout;    /* number of milliseconds to wait for completion */
    uint16_t smb_wmode;      /* write mode:
                                bit0 - complete write before return (write through)
                                bit1 - return smb_remaining (pipes/devices only)
                                bit2 - use WriteRawNamedPipe (pipes only)
                                bit3 - this is the start of a message (pipes only) */
    uint16_t smb_countleft;  /* bytes remaining to write to satisfy user’s request */
    uint16_t smb_rsvd;       /* reserved */
    uint16_t smb_dsize;      /* number of data bytes in buffer (min value = 0) */
    uint16_t smb_doff;       /* offset (from start of SMB hdr) to data bytes */
    uint16_t smb_bcc;        /* total bytes (including pad bytes) following */
#if 0
    uint8_t  smb_pad[];      /* (optional) to pad to word or dword boundary */
    uint8_t  smb_data[*];    /* data bytes (* = value of smb_dsize) */
#endif
} SmbLm10_WriteAndXReq;

typedef struct _SmbLm10_WriteAndXResp   /* smb_wct = 6 */
{
    uint8_t  smb_wct;        /* count of 16-bit words that follow */
    uint8_t  smb_com2;       /* secondary (X) command, 0xFF = none */
    uint8_t  smb_res2;       /* reserved (pad to word) */
    uint16_t smb_off2;       /* offset (from SMB hdr start) to next cmd (@smb_wct) */
    uint16_t smb_count;      /* number of bytes written */
    uint16_t smb_remaining;  /* bytes remaining to be read (pipes/devices only) */
    uint32_t smb_rsvd;       /* reserved */
    uint16_t smb_bcc;        /* value = 0 */

} SmbLm10_WriteAndXResp;

typedef struct _SmbNt10_WriteAndXReq   /* smb_wct = 14 */
{
    uint8_t  smb_wct;        /* count of 16-bit words that follow */
    uint8_t  smb_com2;       /* secondary (X) command, 0xFF = none */
    uint8_t  smb_reh2;       /* reserved (must be zero) */
    uint16_t smb_off2;       /* offset (from SMB hdr start) to next cmd (@smb_wct) */
    uint16_t smb_fid;        /* file handle */
    uint32_t smb_off_low;    /* low offset in file to begin write */
    uint32_t smb_timeout;    /* number of milliseconds to wait for completion */
    uint16_t smb_wmode;      /* write mode:
                                bit0 - complete write before return (write through)
                                bit1 - return smb_remaining (pipes/devices only)
                                bit2 - use WriteRawNamedPipe (pipes only)
                                bit3 - this is the start of a message (pipes only) */
    uint16_t smb_countleft;  /* bytes remaining to write to satisfy user’s request */
    uint16_t smb_rsvd;       /* reserved */
    uint16_t smb_dsize;      /* number of data bytes in buffer (min value = 0) */
    uint16_t smb_doff;       /* offset (from start of SMB hdr) to data bytes */
    uint32_t smb_off_high;   /* high offset in file to begin write */
    uint16_t smb_bcc;        /* total bytes (including pad bytes) following */
#if 0
    uint8_t  smb_pad[];      /* (optional) to pad to word or dword boundary */
    uint8_t  smb_data[*];    /* data bytes (* = value of smb_dsize) */
#endif
} SmbNt10_WriteAndXReq;


/********************************************************************
 * Read :: smb_com = SMB_COM_READ
 *
 ********************************************************************/
typedef struct _SmbCore_ReadReq   /* smb_wct = 5 */
{
    uint8_t  smb_wct;     /* count of 16-bit words that follow */
    uint16_t smb_fid;     /* file handle */
    uint16_t smb_cnt;     /* count of bytes */
    uint16_t smb_olow;    /* offset low */
    uint16_t smb_ohigh;   /* offset high */
    uint16_t smb_left;    /* count left */
    uint16_t smb_bcc;     /* must be 0 */

} SmbCore_ReadReq;

typedef struct _SmbCore_ReadResp   /* smb_wct = 5 */
{
    uint8_t  smb_wct;     /* count of 16-bit words that follow */
    uint16_t smb_cnt;     /* count */
    uint16_t smb_res[4];  /* reserved (MBZ) */
    uint16_t smb_bcc;     /* length of data + 3 */

#if 0
    uint8_t  smb_fmt;     /* Data Block -- 01 */
    uint16_t smb_dlen;    /* length of data */
    uint8_t  smb_buf[];   /* data */
#endif
} SmbCore_ReadResp;

/********************************************************************
 * Read Block Raw :: smb_com = SMB_COM_READ_BLOCK_RAW
 *
 ********************************************************************/
typedef struct _SmbLm10_ReadBlockRawReq   /* smb_wct = 8 */
{
    uint8_t  smb_wct;        /* count of 16-bit words that follow */
    uint16_t smb_fid;        /* file handle */
    uint32_t smb_offset;     /* offset in file to begin read */
    uint16_t smb_maxcnt;     /* max number of bytes to return (max 65,535) */
    uint16_t smb_mincnt;     /* min number of bytes to return (normally 0) */
    uint32_t smb_timeout;    /* number of milliseconds to wait for completion */
    uint16_t smb_rsvd;       /* reserved */
    uint16_t smb_bcc;        /* value = 0 */

} SmbLm10_ReadBlockRawReq;

typedef struct _SmbNt10_ReadBlockRawReq   /* smb_wct = 10 */
{
    uint8_t  smb_wct;        /* count of 16-bit words that follow */
    uint16_t smb_fid;        /* file handle */
    uint32_t smb_offset;     /* offset in file to begin read */
    uint16_t smb_maxcnt;     /* max number of bytes to return (max 65,535) */
    uint16_t smb_mincnt;     /* min number of bytes to return (normally 0) */
    uint32_t smb_timeout;    /* number of milliseconds to wait for completion */
    uint16_t smb_rsvd;       /* reserved */
    uint32_t smb_off_high;   /* high offset in file to begin write */
    uint16_t smb_bcc;        /* value = 0 */

} SmbNt10_ReadBlockRawReq;

/* Read block raw response is raw data wrapped in NetBIOS header */

/********************************************************************
 * Read AndX :: smb_com = SMB_COM_READ_ANDX
 *
 ********************************************************************/
typedef struct _SmbLm10_ReadAndXReq   /* smb_wct = 10 */
{
    uint8_t  smb_wct;        /* count of 16-bit words that follow */
    uint8_t  smb_com2;       /* secondary (X) command, 0xFF = none */
    uint8_t  smb_reh2;       /* reserved (must be zero) */
    uint16_t smb_off2;       /* offset (from SMB hdr start) to next cmd (@smb_wct) */
    uint16_t smb_fid;        /* file handle */
    uint32_t smb_offset;     /* offset in file to begin read */
    uint16_t smb_maxcnt;     /* max number of bytes to return */
    uint16_t smb_mincnt;     /* min number of bytes to return */
    uint32_t smb_timeout;    /* number of milliseconds to wait for completion */
    uint16_t smb_countleft;  /* bytes remaining to satisfy user’s request */
    uint16_t smb_bcc;        /* value = 0 */

} SmbLm10_ReadAndXReq;

typedef struct _SmbLm10_ReadAndXResp    /* smb_wct = 12 */
{
    uint8_t  smb_wct;        /* count of 16-bit words that follow */
    uint8_t  smb_com2;       /* secondary (X) command, 0xFF = none */
    uint8_t  smb_res2;       /* reserved (pad to word) */
    uint16_t smb_off2;       /* offset (from SMB hdr start) to next cmd (@smb_wct) */
    uint16_t smb_remaining;  /* bytes remaining to be read (pipes/devices only) */
    uint32_t smb_rsvd;       /* reserved */
    uint16_t smb_dsize;      /* number of data bytes (minimum value = 0) */
    uint16_t smb_doff;       /* offset (from start of SMB hdr) to data bytes */
    uint16_t smb_rsvd1;      /* reserved (These last 5 words are reserved in */
    uint32_t smb_rsvd2;      /* reserved order to make the ReadandX response */
    uint32_t smb_rsvd3;      /* reserved the same size as the WriteandX request) */
    uint16_t smb_bcc;        /* total bytes (including pad bytes) following */
#if 0
    uint8_t  smb_pad[];      /* (optional) to pad to word or dword boundary */
    uint8_t  smb_data[*];    /* data bytes (* = value of smb_dsize) */
#endif
} SmbLm10_ReadAndXResp;

typedef struct _SmbNt10_ReadAndXReq   /* smb_wct = 12 */
{
    uint8_t  smb_wct;        /* count of 16-bit words that follow */
    uint8_t  smb_com2;       /* secondary (X) command, 0xFF = none */
    uint8_t  smb_reh2;       /* reserved (must be zero) */
    uint16_t smb_off2;       /* offset (from SMB hdr start) to next cmd (@smb_wct) */
    uint16_t smb_fid;        /* file handle */
    uint32_t smb_off_low;    /* low offset in file to begin read */
    uint16_t smb_maxcnt;     /* max number of bytes to return */
    uint16_t smb_mincnt;     /* min number of bytes to return */
    uint32_t smb_timeout;    /* number of milliseconds to wait for completion */
    uint16_t smb_countleft;  /* bytes remaining to satisfy user’s request */
    uint32_t smb_off_high;   /* high offset in file to begin read */
    uint16_t smb_bcc;        /* value = 0 */

} SmbNt10_ReadAndXReq;

/********************************************************************
 * Rename File :: smb_com = SMB_COM_RENAME
 *
 ********************************************************************/
typedef struct _SmbCore_RenameReq  /* smb_wct = 1 */
{
    uint8_t  smb_wct;
    uint16_t smb_attrs;
    uint16_t smb_bcc;
#if 0
    uint8_t  smb_fmt;       /* ASCII -- 04 */
    uint8_t  smb_buf[];     /* old filename */
    uint8_t  smb_fmt2;      /* ASCII -- 04 */
    uint8_t  smb_buf2[];    /* new filename */
#endif
} SmbCore_RenameReq;

typedef struct _SmbCore_RenameResp  /* smb_wct = 0 */
{
    uint8_t  smb_wct;
    uint16_t smb_bcc;

} SmbCore_RenameResp;

#ifdef WIN32
#pragma pack(pop,smb_hdrs)
#else
#pragma pack()
#endif

/********************************************************************
 * Inline functions prototypes
 ********************************************************************/
static INLINE uint32_t NbssLen(const NbssHdr *);
static INLINE uint8_t NbssType(const NbssHdr *);
static INLINE uint16_t SmbNtohs(const uint16_t);
static INLINE uint32_t SmbNtohl(const uint32_t);
static INLINE uint16_t SmbHtons(const uint16_t);
static INLINE uint32_t SmbHtonl(const uint32_t);

static INLINE uint32_t SmbId(const SmbNtHdr *);
static INLINE uint32_t SmbNtStatus(const SmbNtHdr *);
static INLINE int SmbError(const SmbNtHdr *);
static INLINE int SmbType(const SmbNtHdr *);
static INLINE uint8_t SmbCom(const SmbNtHdr *);
static INLINE int SmbUnicode(const SmbNtHdr *);
static INLINE uint16_t SmbUid(const SmbNtHdr *);
static INLINE uint16_t SmbTid(const SmbNtHdr *);
static INLINE uint16_t SmbPid(const SmbNtHdr *);
static INLINE uint16_t SmbMid(const SmbNtHdr *);

static INLINE uint8_t SmbWct(const SmbCommon *);
static INLINE uint16_t SmbBcc(const uint8_t *, uint16_t);
static INLINE uint8_t SmbAndXCom2(const SmbAndXCommon *);
static INLINE uint16_t SmbAndXOff2(const SmbAndXCommon *);
static INLINE uint8_t SmbEmptyComWct(const SmbEmptyCom *);
static INLINE uint16_t SmbEmptyComBcc(const SmbEmptyCom *);

static INLINE uint16_t SmbGet16(const uint8_t *);
static INLINE uint32_t SmbGet32(const uint8_t *);

static INLINE uint16_t SmbLm10_TreeConAndXReqPassLen(const SmbLm10_TreeConnectAndXReq *);

static INLINE uint16_t SmbCore_OpenRespFid(const SmbCore_OpenResp *);
static INLINE uint16_t SmbLm10_OpenAndXRespFid(const SmbLm10_OpenAndXResp *);

static INLINE uint16_t SmbNt10_NtCreateAndXRespFid(const SmbNt10_NtCreateAndXResp *);

static INLINE uint16_t SmbCore_CloseReqFid(const SmbCore_CloseReq *);

static INLINE uint16_t SmbCore_WriteReqFid(const SmbCore_WriteReq *);

static INLINE uint16_t SmbLm10_WriteAndCloseReqFid(const SmbLm10_WriteAndCloseReq6 *);
static INLINE uint16_t SmbLm10_WriteAndCloseReqCount(const SmbLm10_WriteAndCloseReq6 *);

static INLINE uint16_t SmbLm10_WriteAndXReqFid(const SmbLm10_WriteAndXReq *);
static INLINE uint16_t SmbLm10_WriteAndXReqDoff(const SmbLm10_WriteAndXReq *);
static INLINE uint16_t SmbLm10_WriteAndXReqDsize(const SmbLm10_WriteAndXReq *);

static INLINE uint16_t SmbLm10_TransactNamedPipeReqFunc(const SmbLm10_TransactNamedPipeReq *);
static INLINE uint16_t SmbLm10_TransactNamedPipeReqFid(const SmbLm10_TransactNamedPipeReq *);
static INLINE uint16_t SmbLm10_TransactNamedPipeReqDoff(const SmbLm10_TransactNamedPipeReq *);
static INLINE uint16_t SmbLm10_TransactNamedPipeReqTotalDcnt(const SmbLm10_TransactNamedPipeReq *);
static INLINE uint16_t SmbLm10_TransactNamedPipeReqDcnt(const SmbLm10_TransactNamedPipeReq *);

static INLINE uint16_t SmbLm10_TransactSecReqDoff(const SmbLm10_TransactionSecondaryReq *);
static INLINE uint16_t SmbLm10_TransactSecReqTotalDcnt(const SmbLm10_TransactionSecondaryReq *);
static INLINE uint16_t SmbLm10_TransactSecReqDcnt(const SmbLm10_TransactionSecondaryReq *);
static INLINE uint16_t SmbLm10_TransactSecReqTotalDdisp(const SmbLm10_TransactionSecondaryReq *);

static INLINE uint16_t SmbLm10_TransactNamedPipeRespDoff(const SmbLm10_TransactNamedPipeResp *);
static INLINE uint16_t SmbLm10_TransactNamedPipeRespTotalDcnt(const SmbLm10_TransactNamedPipeResp *);
static INLINE uint16_t SmbLm10_TransactNamedPipeRespDcnt(const SmbLm10_TransactNamedPipeResp *);
static INLINE uint16_t SmbLm10_TransactNamedPipe