},
SMB1_COMMAND_TREE_CONNECT_ANDX => {
SCLogDebug!("SMB1_COMMAND_TREE_CONNECT_ANDX");
- match parse_smb_connect_tree_andx_record(r.data) {
+ match parse_smb_connect_tree_andx_record(r.data, r) {
IResult::Done(_, create_record) => {
let name_key = SMBCommonHdr::from1(r, SMBHDR_TYPE_TREE);
- let mut name_val = create_record.share.to_vec();
- name_val.retain(|&i|i != 0x00);
+ let mut name_val = create_record.path;
if name_val.len() > 1 {
name_val = name_val[1..].to_vec();
}
- //state.ssn2vec_map.insert(name_key, name_val);
// store hdr as SMBHDR_TYPE_TREE, so with tree id 0
// when the response finds this we update it
>> cond!(wct == 7, take!(8)) // access masks
>> bcc: le_u16
>> service: take_until_and_consume!("\x00")
- >> nativefs: rest
+ >> nativefs: take_until_and_consume!("\x00")
>> (Smb1ResponseRecordTreeConnectAndX {
service:service,
nativefs:nativefs,
#[derive(Debug,PartialEq)]
pub struct SmbRecordTreeConnectAndX<'a> {
- pub share: &'a[u8],
+ pub path: Vec<u8>,
+ pub service: &'a[u8],
}
-named!(pub parse_smb_connect_tree_andx_record<SmbRecordTreeConnectAndX>,
- do_parse!(
- skip1: take!(7)
+pub fn parse_smb_connect_tree_andx_record<'a>(i: &'a[u8], r: &SmbRecord) -> IResult<&'a[u8], SmbRecordTreeConnectAndX<'a>> {
+ do_parse!(i,
+ _skip1: take!(7)
>> pwlen: le_u16
- >> bcc: le_u16
- >> pw: take!(pwlen)
- >> share: cond!(bcc >= (6 + pwlen), take!(bcc - (6 + pwlen)))
- >> service: take!(6)
+ >> _bcc: le_u16
+ >> _pw: take!(pwlen)
+ >> unicode: value!(r.has_unicode_support())
+ >> path: switch!(value!(unicode), true => call!(smb_get_unicode_string) | false => call!(smb_get_ascii_string))
+ >> service: take_until_and_consume!("\x00")
>> (SmbRecordTreeConnectAndX {
- share: share.unwrap_or(&[]),
+ path: path,
+ service: service,
}))
-);
+}
#[derive(Debug,PartialEq)]
pub struct SmbRecordTransRequest<'a> {
projects / thirdparty / suricata.git / commitdiff
