Merge branch 'smb3-negotiate-response' of https://github.com/mauropalumbo75/zeek

* 'smb3-negotiate-response' of https://github.com/mauropalumbo75/zeek: added test and pcap files for smb 3.1.1 negotiate-response smb3.1.1 additions to negotiate-response command I made several modifications: - Code format, style, naming changes - For completeness/correctness, I added parsing support for the remaining context type structures. - Moved the optional padding before the NegotiateContextList field to also require the 0x0311 dialect version (some failures in pre-existing unit tests pointed this out as an issue)
2025-10-15 21:18:20 +00:00 · 2019-03-21 14:10:44 -07:00 · 2019-03-21 14:10:44 -07:00 · 1b76d92e97
commit 1b76d92e97
parent 9eb5449ecb c9cc1a55b9
11 changed files with 264 additions and 26 deletions
--- a/testing/btest/Baseline/scripts.base.protocols.smb.smb311/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.smb.smb311/.stdout
@ -0,0 +1 @@
+smb2_negotiate_response 192.168.100.168 -> 10.160.67.244:445 [dialect_revision=785, security_mode=3, server_guid=[persistent=5167561042355431755, volatile=7583560952700542861], system_time=1547145849.626981, server_start_time=1540586308.948775, negotiate_context_count=2, negotiate_context_values=[[context_type=1, data_length=38, preauth_info=[hash_alg_count=1, salt_length=32, hash_alg=[1], salt=\x17\xa3\x95(\x0d\x0dt\xecZ\xe5\x0e\x1a\xef\x85\x07]U\x99\x86B\xd0\xeb\xc8\x08\xe0\x0a\xad\x01p\x9a/\xb7], encryption_info=<uninitialized>, compression_info=<uninitialized>, netname=<uninitialized>], [context_type=2, data_length=4, preauth_info=<uninitialized>, encryption_info=[cipher_count=1, ciphers=[1]], compression_info=<uninitialized>, netname=<uninitialized>]]]
				`@ -0,0 +1 @@`
				smb2_negotiate_response 192.168.100.168 -> 10.160.67.244:445 [dialect_revision=785, security_mode=3, server_guid=[persistent=5167561042355431755, volatile=7583560952700542861], system_time=1547145849.626981, server_start_time=1540586308.948775, negotiate_context_count=2, negotiate_context_values=[[context_type=1, data_length=38, preauth_info=[hash_alg_count=1, salt_length=32, hash_alg=[1], salt=\x17\xa3\x95(\x0d\x0dt\xecZ\xe5\x0e\x1a\xef\x85\x07]U\x99\x86B\xd0\xeb\xc8\x08\xe0\x0a\xad\x01p\x9a/\xb7], encryption_info=<uninitialized>, compression_info=<uninitialized>, netname=<uninitialized>], [context_type=2, data_length=4, preauth_info=<uninitialized>, encryption_info=[cipher_count=1, ciphers=[1]], compression_info=<uninitialized>, netname=<uninitialized>]]]