} else {
js.set_string("share", &share_name);
}
+
+ // handle services
+ if tx.vercmd.get_version() == 1 {
+ let jsd = Json::object();
+
+ if let Some(ref s) = x.req_service {
+ let serv = String::from_utf8_lossy(&s);
+ jsd.set_string("request", &serv);
+ }
+ if let Some(ref s) = x.res_service {
+ let serv = String::from_utf8_lossy(&s);
+ jsd.set_string("response", &serv);
+ }
+ js.set("service", jsd);
+ }
},
Some(SMBTransactionTypeData::FILE(ref x)) => {
let file_name = String::from_utf8_lossy(&x.file_name);
pub is_pipe: bool,
pub tree_id: u32,
pub share_name: Vec<u8>,
+
+ /// SMB1 service strings
+ pub req_service: Option<Vec<u8>>,
+ pub res_service: Option<Vec<u8>>,
}
impl SMBTransactionTreeConnect {
is_pipe:false,
tree_id:0,
share_name:share_name,
+ req_service: None,
+ res_service: None,
}
}
}
SMB1_COMMAND_TREE_CONNECT_ANDX => {
SCLogDebug!("SMB1_COMMAND_TREE_CONNECT_ANDX");
match parse_smb_connect_tree_andx_record(r.data, r) {
- IResult::Done(_, create_record) => {
+ IResult::Done(_, tr) => {
let name_key = SMBCommonHdr::from1(r, SMBHDR_TYPE_TREE);
- let mut name_val = create_record.path;
+ let mut name_val = tr.path;
if name_val.len() > 1 {
name_val = name_val[1..].to_vec();
}
// store hdr as SMBHDR_TYPE_TREE, so with tree id 0
// when the response finds this we update it
let tx = state.new_treeconnect_tx(name_key, name_val);
+ if let Some(SMBTransactionTypeData::TREECONNECT(ref mut tdn)) = tx.type_data {
+ tdn.req_service = Some(tr.service.to_vec());
+ }
tx.request_done = true;
tx.vercmd.set_smb1_cmd(SMB1_COMMAND_TREE_CONNECT_ANDX);
true
tdn.is_pipe = is_pipe;
tdn.tree_id = r.tree_id as u32;
share_name = tdn.share_name.to_vec();
+ tdn.res_service = Some(tr.service.to_vec());
}
tx.hdr = SMBCommonHdr::from1(r, SMBHDR_TYPE_HEADER);
tx.set_status(r.nt_status, r.is_dos_error);
projects / thirdparty / suricata.git / commitdiff
