1 /* $OpenBSD: smbutil.c,v 1.2 2001/01/03 18:41:00 mickey Exp $ */ 2 3 /* 4 Copyright (C) Andrew Tridgell 1995-1999 5 6 This software may be distributed either under the terms of the 7 BSD-style license that accompanies tcpdump or the GNU GPL version 2 8 or later */ 9 10 #ifdef HAVE_CONFIG_H 11 #include "config.h" 12 #endif 13 14 #ifndef lint 15 static const char rcsid[] = 16 "@(#) $Header: /home/cvs/src/usr.sbin/tcpdump/smbutil.c,v 1.2 2001/01/03 18:41:00 mickey Exp $"; 17 #endif 18 19 #include <sys/param.h> 20 #include <sys/time.h> 21 #include <sys/types.h> 22 #include <sys/socket.h> 23 24 25 #include <netinet/in.h> 26 27 #include <ctype.h> 28 #include <stdio.h> 29 #include <stdlib.h> 30 #include <string.h> 31 #include <time.h> 32 33 #include "interface.h" 34 #include "smb.h" 35 36 extern const uchar *startbuf; 37 38 /******************************************************************* 39 interpret a 32 bit dos packed date/time to some parameters 40 ********************************************************************/ 41 static void interpret_dos_date(uint32 date,int *year,int *month,int *day,int *hour,int *minute,int *second) 42 { 43 uint32 p0,p1,p2,p3; 44 45 p0=date&0xFF; p1=((date&0xFF00)>>8)&0xFF; 46 p2=((date&0xFF0000)>>16)&0xFF; p3=((date&0xFF000000)>>24)&0xFF; 47 48 *second = 2*(p0 & 0x1F); 49 *minute = ((p0>>5)&0xFF) + ((p1&0x7)<<3); 50 *hour = (p1>>3)&0xFF; 51 *day = (p2&0x1F); 52 *month = ((p2>>5)&0xFF) + ((p3&0x1)<<3) - 1; 53 *year = ((p3>>1)&0xFF) + 80; 54 } 55 56 /******************************************************************* 57 create a unix date from a dos date 58 ********************************************************************/ 59 static time_t make_unix_date(const void *date_ptr) 60 { 61 uint32 dos_date=0; 62 struct tm t; 63 64 dos_date = IVAL(date_ptr,0); 65 66 if (dos_date == 0) return(0); 67 68 interpret_dos_date(dos_date,&t.tm_year,&t.tm_mon, 69 &t.tm_mday,&t.tm_hour,&t.tm_min,&t.tm_sec); 70 t.tm_wday = 1; 71 t.tm_yday = 1; 72 t.tm_isdst = 0; 73 74 return (mktime(&t)); 75 } 76 77 /******************************************************************* 78 create a unix date from a dos date 79 ********************************************************************/ 80 static time_t make_unix_date2(const void *date_ptr) 81 { 82 uint32 x,x2; 83 84 x = IVAL(date_ptr,0); 85 x2 = ((x&0xFFFF)<<16) | ((x&0xFFFF0000)>>16); 86 SIVAL(&x,0,x2); 87 88 return(make_unix_date((void *)&x)); 89 } 90 91 /**************************************************************************** 92 interpret an 8 byte "filetime" structure to a time_t 93 It's originally in "100ns units since jan 1st 1601" 94 ****************************************************************************/ 95 static time_t interpret_long_date(const char *p) 96 { 97 double d; 98 time_t ret; 99 100 /* this gives us seconds since jan 1st 1601 (approx) */ 101 d = (IVAL(p,4)*256.0 + CVAL(p,3)) * (1.0e-7 * (1<<24)); 102 103 /* now adjust by 369 years to make the secs since 1970 */ 104 d -= 369.0*365.25*24*60*60; 105 106 /* and a fudge factor as we got it wrong by a few days */ 107 d += (3*24*60*60 + 6*60*60 + 2); 108 109 if (d<0) 110 return(0); 111 112 ret = (time_t)d; 113 114 return(ret); 115 } 116 117 118 /**************************************************************************** 119 interpret the weird netbios "name". Return the name type, or -1 if 120 we run past the end of the buffer 121 ****************************************************************************/ 122 static int name_interpret(const uchar *in,const uchar *maxbuf,char *out) 123 { 124 char *ob = out; 125 int ret; 126 int len; 127 128 if (in >= maxbuf) 129 return(-1); /* name goes past the end of the buffer */ 130 TCHECK2(*in, 1); 131 len = (*in++) / 2; 132 133 *out=0; 134 135 if (len > 30 || len<1) return(0); 136 137 while (len--) 138 { 139 if (in + 1 >= maxbuf) 140 return(-1); /* name goes past the end of the buffer */ 141 TCHECK2(*in, 2); 142 if (in[0] < 'A' || in[0] > 'P' || in[1] < 'A' || in[1] > 'P') { 143 *out++ = 0; 144 break; 145 } 146 *out = ((in[0]-'A')<<4) + (in[1]-'A'); 147 in += 2; 148 out++; 149 } 150 ret = out[-1]; 151 out--; 152 while (out[-1] == ' ') 153 out--; 154 *out = '\0'; 155 for (; *ob; ob++) 156 if (!isprint(*ob)) 157 *ob = 'X'; 158 159 return(ret); 160 161 trunc: 162 return(-1); 163 } 164 165 /**************************************************************************** 166 find a pointer to a netbios name 167 ****************************************************************************/ 168 static const uchar *name_ptr(const uchar *buf,int ofs,const uchar *maxbuf) 169 { 170 const uchar *p; 171 uchar c; 172 173 p = buf+ofs; 174 if (p >= maxbuf) 175 return(NULL); /* name goes past the end of the buffer */ 176 TCHECK2(*p, 1); 177 178 c = *p; 179 180 /* XXX - this should use the same code that the DNS dissector does */ 181 if ((c & 0xC0) == 0xC0) 182 { 183 uint16 l = RSVAL(buf, ofs) & 0x3FFF; 184 if (l == 0) 185 { 186 /* We have a pointer that points to itself. */ 187 return(NULL); 188 } 189 p = buf + l; 190 if (p >= maxbuf) 191 return(NULL); /* name goes past the end of the buffer */ 192 TCHECK2(*p, 1); 193 return(buf + l); 194 } 195 else 196 return(buf+ofs); 197 198 trunc: 199 return(NULL); /* name goes past the end of the buffer */ 200 } 201 202 /**************************************************************************** 203 extract a netbios name from a buf 204 ****************************************************************************/ 205 static int name_extract(const uchar *buf,int ofs,const uchar *maxbuf,char *name) 206 { 207 const uchar *p = name_ptr(buf,ofs,maxbuf); 208 if (p == NULL) 209 return(-1); /* error (probably name going past end of buffer) */ 210 *name = '\0'; 211 return(name_interpret(p,maxbuf,name)); 212 } 213 214 215 /**************************************************************************** 216 return the total storage length of a mangled name 217 ****************************************************************************/ 218 static int name_len(const unsigned char *s, const unsigned char *maxbuf) 219 { 220 const unsigned char *s0 = s; 221 unsigned char c; 222 223 if (s >= maxbuf) 224 return(-1); /* name goes past the end of the buffer */ 225 TCHECK2(*s, 1); 226 c = *s; 227 if ((c & 0xC0) == 0xC0) 228 return(2); 229 while (*s) 230 { 231 if (s >= maxbuf) 232 return(-1); /* name goes past the end of the buffer */ 233 TCHECK2(*s, 1); 234 s += (*s)+1; 235 } 236 return(PTR_DIFF(s,s0)+1); 237 238 trunc: 239 return(-1); /* name goes past the end of the buffer */ 240 } 241 242 static char *name_type_str(int name_type) 243 { 244 static char *f = NULL; 245 switch (name_type) { 246 case 0: f = "Workstation"; break; 247 case 0x03: f = "Client?"; break; 248 case 0x20: f = "Server"; break; 249 case 0x1d: f = "Master Browser"; break; 250 case 0x1b: f = "Domain Controller"; break; 251 case 0x1e: f = "Browser Server"; break; 252 default: f = "Unknown"; break; 253 } 254 return(f); 255 } 256 257 static void write_bits(unsigned int val,char *fmt) 258 { 259 char *p = fmt; 260 int i=0; 261 262 while ((p=strchr(fmt,'|'))) { 263 int l = PTR_DIFF(p,fmt); 264 if (l && (val & (1<<i))) 265 printf("%.*s ",l,fmt); 266 fmt = p+1; 267 i++; 268 } 269 } 270 271 /* convert a unicode string */ 272 static const char *unistr(const char *s, int *len) 273 { 274 static char buf[1000]; 275 int l=0; 276 static int use_unicode = -1; 277 278 if (use_unicode == -1) { 279 char *p = getenv("USE_UNICODE"); 280 if (p && (atoi(p) == 1)) 281 use_unicode = 1; 282 else 283 use_unicode = 0; 284 } 285 286 /* maybe it isn't unicode - a cheap trick */ 287 if (!use_unicode || (s[0] && s[1])) { 288 *len = strlen(s)+1; 289 return s; 290 } 291 292 *len = 0; 293 294 if (s[0] == 0 && s[1] != 0) { 295 s++; 296 *len = 1; 297 } 298 299 while (l < (sizeof(buf)-1) && s[0] && s[1] == 0) { 300 buf[l] = s[0]; 301 s += 2; l++; 302 *len += 2; 303 } 304 buf[l] = 0; 305 *len += 2; 306 return buf; 307 } 308 309 static const uchar *fdata1(const uchar *buf, const char *fmt, const uchar *maxbuf) 310 { 311 int reverse=0; 312 char *attrib_fmt = "READONLY|HIDDEN|SYSTEM|VOLUME|DIR|ARCHIVE|"; 313 int len; 314 315 while (*fmt && buf<maxbuf) { 316 switch (*fmt) { 317 case 'a': 318 write_bits(CVAL(buf,0),attrib_fmt); 319 buf++; fmt++; 320 break; 321 322 case 'A': 323 write_bits(SVAL(buf,0),attrib_fmt); 324 buf+=2; fmt++; 325 break; 326 327 case '{': 328 { 329 char bitfmt[128]; 330 char *p = strchr(++fmt,'}'); 331 int l = PTR_DIFF(p,fmt); 332 strncpy(bitfmt,fmt,l); 333 bitfmt[l]=0; 334 fmt = p+1; 335 write_bits(CVAL(buf,0),bitfmt); 336 buf++; 337 break; 338 } 339 340 case 'P': 341 { 342 int l = atoi(fmt+1); 343 buf += l; 344 fmt++; 345 while (isdigit(*fmt)) fmt++; 346 break; 347 } 348 case 'r': 349 reverse = !reverse; 350 fmt++; 351 break; 352 case 'D': 353 { 354 unsigned int x = reverse?RIVAL(buf,0):IVAL(buf,0); 355 printf("%d (0x%x)",x, x); 356 buf += 4; 357 fmt++; 358 break; 359 } 360 case 'L': 361 { 362 unsigned int x1 = reverse?RIVAL(buf,0):IVAL(buf,0); 363 unsigned int x2 = reverse?RIVAL(buf,4):IVAL(buf,4); 364 if (x2) { 365 printf("0x%08x:%08x",x2, x1); 366 } else { 367 printf("%d (0x%08x%08x)",x1, x2, x1); 368 } 369 buf += 8; 370 fmt++; 371 break; 372 } 373 case 'd': 374 { 375 unsigned int x = reverse?RSVAL(buf,0):SVAL(buf,0); 376 printf("%d",x); 377 buf += 2; 378 fmt++; 379 break; 380 } 381 case 'W': 382 { 383 unsigned int x = reverse?RIVAL(buf,0):IVAL(buf,0); 384 printf("0x%X",x); 385 buf += 4; 386 fmt++; 387 break; 388 } 389 case 'w': 390 { 391 unsigned int x = reverse?RSVAL(buf,0):SVAL(buf,0); 392 printf("0x%X",x); 393 buf += 2; 394 fmt++; 395 break; 396 } 397 case 'B': 398 { 399 unsigned int x = CVAL(buf,0); 400 printf("0x%X",x); 401 buf += 1; 402 fmt++; 403 break; 404 } 405 case 'b': 406 { 407 unsigned int x = CVAL(buf,0); 408 printf("%d",x); /* EMF - jesus, use B if you want hex */ 409 buf += 1; 410 fmt++; 411 break; 412 } 413 case 'S': 414 { 415 printf("%.*s",(int)PTR_DIFF(maxbuf,buf),unistr(buf, &len)); 416 buf += len; 417 fmt++; 418 break; 419 } 420 case 'Z': 421 { 422 if (*buf != 4 && *buf != 2) 423 printf("Error! ASCIIZ buffer of type %d (safety=%d) ", 424 *buf,(int)PTR_DIFF(maxbuf,buf)); 425 printf("%.*s",(int)PTR_DIFF(maxbuf,buf+1),unistr(buf+1, &len)); 426 buf += len+1; 427 fmt++; 428 break; 429 } 430 case 's': 431 { 432 int l = atoi(fmt+1); 433 printf("%-*.*s",l,l,buf); 434 buf += l; 435 fmt++; while (isdigit(*fmt)) fmt++; 436 break; 437 } 438 case 'h': 439 { 440 int l = atoi(fmt+1); 441 while (l--) printf("%02x",*buf++); 442 fmt++; while (isdigit(*fmt)) fmt++; 443 break; 444 } 445 case 'n': 446 { 447 int t = atoi(fmt+1); 448 char nbuf[255]; 449 int name_type; 450 int len; 451 switch (t) { 452 case 1: 453 name_type = name_extract(startbuf,PTR_DIFF(buf,startbuf),maxbuf, 454 nbuf); 455 if (name_type < 0) 456 goto trunc; 457 len = name_len(buf,maxbuf); 458 if (len < 0) 459 goto trunc; 460 buf += len; 461 printf("%.15s type 0x%02X (%s)", 462 nbuf,name_type,name_type_str(name_type)); 463 break; 464 case 2: 465 name_type = buf[15]; 466 printf("%.15s type 0x%02X (%s)", 467 buf,name_type,name_type_str(name_type)); 468 buf += 16; 469 break; 470 } 471 fmt++; while (isdigit(*fmt)) fmt++; 472 break; 473 } 474 case 'T': 475 { 476 time_t t; 477 int x = IVAL(buf,0); 478 switch (atoi(fmt+1)) { 479 case 1: 480 if (x==0 || x==-1 || x==0xFFFFFFFF) 481 t = 0; 482 else 483 t = make_unix_date(buf); 484 buf+=4; 485 break; 486 case 2: 487 if (x==0 || x==-1 || x==0xFFFFFFFF) 488 t = 0; 489 else 490 t = make_unix_date2(buf); 491 buf+=4; 492 break; 493 case 3: 494 t = interpret_long_date(buf); 495 buf+=8; 496 break; 497 } 498 printf("%s",t?asctime(localtime(&t)):"NULL "); 499 fmt++; while (isdigit(*fmt)) fmt++; 500 break; 501 } 502 default: 503 putchar(*fmt); 504 fmt++; 505 break; 506 } 507 } 508 509 if (buf>=maxbuf && *fmt) 510 printf("END OF BUFFER "); 511 512 return(buf); 513 514 trunc: 515 printf("WARNING: Short packet. Try increasing the snap length "); 516 return(NULL); 517 } 518 519 const uchar *fdata(const uchar *buf, const char *fmt, const uchar *maxbuf) 520 { 521 static int depth=0; 522 char s[128]; 523 char *p; 524 525 while (*fmt) { 526 switch (*fmt) { 527 case '*': 528 fmt++; 529 while (buf < maxbuf) { 530 const uchar *buf2; 531 depth++; 532 buf2 = fdata(buf,fmt,maxbuf); 533 depth--; 534 if (buf2 == buf) return(buf); 535 buf = buf2; 536 } 537 break; 538 539 case '|': 540 fmt++; 541 if (buf>=maxbuf) return(buf); 542 break; 543 544 case '%': 545 fmt++; 546 buf=maxbuf; 547 break; 548 549 case '#': 550 fmt++; 551 return(buf); 552 break; 553 554 case '[': 555 fmt++; 556 if (buf>=maxbuf) return(buf); 557 memset(s, 0, sizeof(s)); 558 p = strchr(fmt,']'); 559 strncpy(s,fmt,p-fmt); 560 fmt = p+1; 561 buf = fdata1(buf,s,maxbuf); 562 if (buf == NULL) 563 return(NULL); 564 break; 565 566 default: 567 putchar(*fmt); fmt++; 568 fflush(stdout); 569 break; 570 } 571 } 572 if (!depth && buf<maxbuf) { 573 int len = PTR_DIFF(maxbuf,buf); 574 printf("(%d data bytes)",len); 575 /* EMF - use -X flag if you want this verbosity 576 * print_data(buf,len); 577 */ 578 return(buf+len); 579 } 580 return(buf); 581 } 582 583 typedef struct 584 { 585 char *name; 586 int code; 587 char *message; 588 } err_code_struct; 589 590 /* Dos Error Messages */ 591 static err_code_struct dos_msgs[] = { 592 {"ERRbadfunc",1,"Invalid function."}, 593 {"ERRbadfile",2,"File not found."}, 594 {"ERRbadpath",3,"Directory invalid."}, 595 {"ERRnofids",4,"No file descriptors available"}, 596 {"ERRnoaccess",5,"Access denied."}, 597 {"ERRbadfid",6,"Invalid file handle."}, 598 {"ERRbadmcb",7,"Memory control blocks destroyed."}, 599 {"ERRnomem",8,"Insufficient server memory to perform the requested function."}, 600 {"ERRbadmem",9,"Invalid memory block address."}, 601 {"ERRbadenv",10,"Invalid environment."}, 602 {"ERRbadformat",11,"Invalid format."}, 603 {"ERRbadaccess",12,"Invalid open mode."}, 604 {"ERRbaddata",13,"Invalid data."}, 605 {"ERR",14,"reserved."}, 606 {"ERRbaddrive",15,"Invalid drive specified."}, 607 {"ERRremcd",16,"A Delete Directory request attempted to remove the server's current directory."}, 608 {"ERRdiffdevice",17,"Not same device."}, 609 {"ERRnofiles",18,"A File Search command can find no more files matching the specified criteria."}, 610 {"ERRbadshare",32,"The sharing mode specified for an Open conflicts with existing FIDs on the file."}, 611 {"ERRlock",33,"A Lock request conflicted with an existing lock or specified an invalid mode, or an Unlock requested attempted to remove a lock held by another process."}, 612 {"ERRfilexists",80,"The file named in a Create Directory, Make New File or Link request already exists."}, 613 {"ERRbadpipe",230,"Pipe invalid."}, 614 {"ERRpipebusy",231,"All instances of the requested pipe are busy."}, 615 {"ERRpipeclosing",232,"Pipe close in progress."}, 616 {"ERRnotconnected",233,"No process on other end of pipe."}, 617 {"ERRmoredata",234,"There is more data to be returned."}, 618 {NULL,-1,NULL}}; 619 620 /* Server Error Messages */ 621 err_code_struct server_msgs[] = { 622 {"ERRerror",1,"Non-specific error code."}, 623 {"ERRbadpw",2,"Bad password - name/password pair in a Tree Connect or Session Setup are invalid."}, 624 {"ERRbadtype",3,"reserved."}, 625 {"ERRaccess",4,"The requester does not have the necessary access rights within the specified context for the requested function. The context is defined by the TID or the UID."}, 626 {"ERRinvnid",5,"The tree ID (TID) specified in a command was invalid."}, 627 {"ERRinvnetname",6,"Invalid network name in tree connect."}, 628 {"ERRinvdevice",7,"Invalid device - printer request made to non-printer connection or non-printer request made to printer connection."}, 629 {"ERRqfull",49,"Print queue full (files) -- returned by open print file."}, 630 {"ERRqtoobig",50,"Print queue full -- no space."}, 631 {"ERRqeof",51,"EOF on print queue dump."}, 632 {"ERRinvpfid",52,"Invalid print file FID."}, 633 {"ERRsmbcmd",64,"The server did not recognize the command received."}, 634 {"ERRsrverror",65,"The server encountered an internal error, e.g., system file unavailable."}, 635 {"ERRfilespecs",67,"The file handle (FID) and pathname parameters contained an invalid combination of values."}, 636 {"ERRreserved",68,"reserved."}, 637 {"ERRbadpermits",69,"The access permissions specified for a file or directory are not a valid combination. The server cannot set the requested attribute."}, 638 {"ERRreserved",70,"reserved."}, 639 {"ERRsetattrmode",71,"The attribute mode in the Set File Attribute request is invalid."}, 640 {"ERRpaused",81,"Server is paused."}, 641 {"ERRmsgoff",82,"Not receiving messages."}, 642 {"ERRnoroom",83,"No room to buffer message."}, 643 {"ERRrmuns",87,"Too many remote user names."}, 644 {"ERRtimeout",88,"Operation timed out."}, 645 {"ERRnoresource",89,"No resources currently available for request."}, 646 {"ERRtoomanyuids",90,"Too many UIDs active on this session."}, 647 {"ERRbaduid",91,"The UID is not known as a valid ID on this session."}, 648 {"ERRusempx",250,"Temp unable to support Raw, use MPX mode."}, 649 {"ERRusestd",251,"Temp unable to support Raw, use standard read/write."}, 650 {"ERRcontmpx",252,"Continue in MPX mode."}, 651 {"ERRreserved",253,"reserved."}, 652 {"ERRreserved",254,"reserved."}, 653 {"ERRnosupport",0xFFFF,"Function not supported."}, 654 {NULL,-1,NULL}}; 655 656 /* Hard Error Messages */ 657 err_code_struct hard_msgs[] = { 658 {"ERRnowrite",19,"Attempt to write on write-protected diskette."}, 659 {"ERRbadunit",20,"Unknown unit."}, 660 {"ERRnotready",21,"Drive not ready."}, 661 {"ERRbadcmd",22,"Unknown command."}, 662 {"ERRdata",23,"Data error (CRC)."}, 663 {"ERRbadreq",24,"Bad request structure length."}, 664 {"ERRseek",25 ,"Seek error."}, 665 {"ERRbadmedia",26,"Unknown media type."}, 666 {"ERRbadsector",27,"Sector not found."}, 667 {"ERRnopaper",28,"Printer out of paper."}, 668 {"ERRwrite",29,"Write fault."}, 669 {"ERRread",30,"Read fault."}, 670 {"ERRgeneral",31,"General failure."}, 671 {"ERRbadshare",32,"A open conflicts with an existing open."}, 672 {"ERRlock",33,"A Lock request conflicted with an existing lock or specified an invalid mode, or an Unlock requested attempted to remove a lock held by another process."}, 673 {"ERRwrongdisk",34,"The wrong disk was found in a drive."}, 674 {"ERRFCBUnavail",35,"No FCBs are available to process request."}, 675 {"ERRsharebufexc",36,"A sharing buffer has been exceeded."}, 676 {NULL,-1,NULL}}; 677 678 679 static struct 680 { 681 int code; 682 char *class; 683 err_code_struct *err_msgs; 684 } err_classes[] = { 685 {0,"SUCCESS",NULL}, 686 {0x01,"ERRDOS",dos_msgs}, 687 {0x02,"ERRSRV",server_msgs}, 688 {0x03,"ERRHRD",hard_msgs}, 689 {0x04,"ERRXOS",NULL}, 690 {0xE1,"ERRRMX1",NULL}, 691 {0xE2,"ERRRMX2",NULL}, 692 {0xE3,"ERRRMX3",NULL}, 693 {0xFF,"ERRCMD",NULL}, 694 {-1,NULL,NULL}}; 695 696 697 /**************************************************************************** 698 return a SMB error string from a SMB buffer 699 ****************************************************************************/ 700 char *smb_errstr(int class,int num) 701 { 702 static char ret[128]; 703 int i,j; 704 705 ret[0]=0; 706 707 for (i=0;err_classes[i].class;i++) 708 if (err_classes[i].code == class) 709 { 710 if (err_classes[i].err_msgs) 711 { 712 err_code_struct *err = err_classes[i].err_msgs; 713 for (j=0;err[j].name;j++) 714 if (num == err[j].code) 715 { 716 snprintf(ret,sizeof(ret),"%s - %s (%s)",err_classes[i].class, 717 err[j].name,err[j].message); 718 return ret; 719 } 720 } 721 722 snprintf(ret,sizeof(ret),"%s - %d",err_classes[i].class,num); 723 return ret; 724 } 725 726 snprintf(ret,sizeof(ret),"ERROR: Unknown error (%d,%d)",class,num); 727 return(ret); 728 } 729