Smb2-protocol: Re: [Smb2-protocol] smb qfi level 1018

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: tridge@xxxxxxxxx
Date: Fri, 18 Nov 2005 22:59:12 +1100
Ronnie,

 > would anyone have a link to where i can find a current description of
 > qfi level 1018  SMB_FILE_ALL_INFO.

The parse code is as follows:

	case RAW_FILEINFO_ALL_INFORMATION:
		FINFO_CHECK_MIN_SIZE(72);
		parms->all_info.out.create_time =           smbcli_pull_nttime(blob->data, 0);
		parms->all_info.out.access_time =           smbcli_pull_nttime(blob->data, 8);
		parms->all_info.out.write_time =            smbcli_pull_nttime(blob->data, 16);
		parms->all_info.out.change_time =           smbcli_pull_nttime(blob->data, 24);
		parms->all_info.out.attrib =                IVAL(blob->data, 32);
		parms->all_info.out.alloc_size =            BVAL(blob->data, 40);
		parms->all_info.out.size =                  BVAL(blob->data, 48);
		parms->all_info.out.nlink =                 IVAL(blob->data, 56);
		parms->all_info.out.delete_pending =        CVAL(blob->data, 60);
		parms->all_info.out.directory =             CVAL(blob->data, 61);
#if 1
		parms->all_info.out.ea_size =               IVAL(blob->data, 64);
		smbcli_blob_pull_string(NULL, mem_ctx, blob,
					&parms->all_info.out.fname, 68, 72, STR_UNICODE);

there 68 is the offset of the string length, and 72 is the offset of
the string.

 > It appears the ethereal implementation of this infolevel is completely broken

yep, the leach spec is wrong for this level. 

Also note that I was wrong about this level being the same in SMB and
SMB2. My test code had a bug. The SMB2 ALL_INFORMATION level looks
like this:

		FINFO_CHECK_MIN_SIZE(0x64);
		parms->all_info2.out.create_time    = smbcli_pull_nttime(blob->data, 0x00);
		parms->all_info2.out.access_time    = smbcli_pull_nttime(blob->data, 0x08);
		parms->all_info2.out.write_time     = smbcli_pull_nttime(blob->data, 0x10);
		parms->all_info2.out.change_time    = smbcli_pull_nttime(blob->data, 0x18);
		parms->all_info2.out.attrib         = IVAL(blob->data, 0x20);
		parms->all_info2.out.unknown1       = IVAL(blob->data, 0x24);
		parms->all_info2.out.alloc_size     = BVAL(blob->data, 0x28);
		parms->all_info2.out.size           = BVAL(blob->data, 0x30);
		parms->all_info2.out.nlink          = IVAL(blob->data, 0x38);
		parms->all_info2.out.delete_pending = CVAL(blob->data, 0x3C);
		parms->all_info2.out.directory      = CVAL(blob->data, 0x3D);
		parms->all_info2.out.file_id        = BVAL(blob->data, 0x40);
		parms->all_info2.out.ea_size        = IVAL(blob->data, 0x48);
		parms->all_info2.out.access_mask    = IVAL(blob->data, 0x4C);
		parms->all_info2.out.unknown2       = BVAL(blob->data, 0x50);
		parms->all_info2.out.unknown3       = BVAL(blob->data, 0x58);
		smbcli_blob_pull_string(NULL, mem_ctx, blob,
					&parms->all_info2.out.fname, 0x60, 0x64, STR_UNICODE);


It seems that this is the only level where the SMB and SMB2 structures
don't match?