From 9931b07fae7ce0e7fe03df836fe2904c9c1bd7e5 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Mon, 29 Jul 2019 16:00:34 -0400 Subject: [PATCH] Fix some whitespace issues --- scripts/base/init-bare.zeek | 12 +- .../protocol/smb/smb2-com-set-info.pac | 202 +++++++++--------- 2 files changed, 106 insertions(+), 108 deletions(-) diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index fe761b15ed..f4bd799a66 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -3295,17 +3295,17 @@ export { ## type SMB2::Fscontrol: record { ## minimum amount of free disk space required to begin document filtering - free_space_start_filtering : int; + free_space_start_filtering : int; ## minimum amount of free disk space required to continue document filtering - free_space_threshold : int; + free_space_threshold : int; ## minimum amount of free disk space required to continue document filtering - free_space_threshold : int; + free_space_threshold : int; ## default per-user disk quota - delete_quota_threshold : count; + delete_quota_threshold : count; ## default per-user disk limit - default_quota_limit : count; + default_quota_limit : count; ## file systems control flags passed as unsigned int - fs_control_flags : count; + fs_control_flags : count; }; ## This information class is used to query or set extended attribute (EA) information for a file. diff --git a/src/analyzer/protocol/smb/smb2-com-set-info.pac b/src/analyzer/protocol/smb/smb2-com-set-info.pac index d06cd1ad4e..699fb5f089 100644 --- a/src/analyzer/protocol/smb/smb2-com-set-info.pac +++ b/src/analyzer/protocol/smb/smb2-com-set-info.pac @@ -7,20 +7,20 @@ enum smb2_set_info_type { # taken from MS-FSCC 2.4 and 2.5 enum smb_file_info_type { - SMB2_FILE_BASIC_INFO = 0x04, - SMB2_FILE_RENAME_INFO = 0x0a, - SMB2_FILE_DISPOSITION_INFO = 0x0d, - SMB2_FILE_ALLOCATION_INFO = 0x13, - SMB2_FILE_ENDOFFILE_INFO = 0x14, - SMB2_FILE_FULLEA_INFO = 0x0f, - SMB2_FILE_LINK_INFO = 0x0b, - SMB2_FILE_MODE_INFO = 0x10, - SMB2_FILE_PIPE_INFO = 0x18, - SMB2_FILE_POSITION_INFO = 0x0e, - SMB2_FILE_SHORTNAME_INFO = 0x28, + SMB2_FILE_BASIC_INFO = 0x04, + SMB2_FILE_RENAME_INFO = 0x0a, + SMB2_FILE_DISPOSITION_INFO = 0x0d, + SMB2_FILE_ALLOCATION_INFO = 0x13, + SMB2_FILE_ENDOFFILE_INFO = 0x14, + SMB2_FILE_FULLEA_INFO = 0x0f, + SMB2_FILE_LINK_INFO = 0x0b, + SMB2_FILE_MODE_INFO = 0x10, + SMB2_FILE_PIPE_INFO = 0x18, + SMB2_FILE_POSITION_INFO = 0x0e, + SMB2_FILE_SHORTNAME_INFO = 0x28, SMB2_FILE_VALIDDATALENGTH_INFO = 0x27, - SMB2_FILE_FSCONTROL_INFO = 0x06, - SMB2_FILE_FSOBJECTID_INFO = 0x08, + SMB2_FILE_FSCONTROL_INFO = 0x06, + SMB2_FILE_FSOBJECTID_INFO = 0x08, } refine connection SMB_Conn += { @@ -69,10 +69,10 @@ refine connection SMB_Conn += { %{ if ( smb2_file_allocation ) BifEvent::generate_smb2_file_allocation(bro_analyzer(), - bro_analyzer()->Conn(), - BuildSMB2HeaderVal(${val.sir.header}), - BuildSMB2GUID(${val.sir.file_id}), - (${val.allocation_size})); + bro_analyzer()->Conn(), + BuildSMB2HeaderVal(${val.sir.header}), + BuildSMB2GUID(${val.sir.file_id}), + (${val.allocation_size})); return true; %} @@ -81,34 +81,35 @@ refine connection SMB_Conn += { %{ if ( smb2_file_endoffile ) BifEvent::generate_smb2_file_endoffile(bro_analyzer(), - bro_analyzer()->Conn(), - BuildSMB2HeaderVal(${val.sir.header}), - BuildSMB2GUID(${val.sir.file_id}), - ${val.endoffile}); + bro_analyzer()->Conn(), + BuildSMB2HeaderVal(${val.sir.header}), + BuildSMB2GUID(${val.sir.file_id}), + ${val.endoffile}); return true; %} function proc_smb2_set_info_request_file_fullea(val: SMB2_file_fullea_info): bool %{ - if ( smb2_file_fullea ) { + if ( smb2_file_fullea ) + { VectorVal* eas = new VectorVal(BifType::Vector::SMB2::FileEAs); - for ( auto i = 0u; i < ${val.ea_vector}->size(); ++i ) { - + for ( auto i = 0u; i < ${val.ea_vector}->size(); ++i ) + { RecordVal* r = new RecordVal(BifType::Record::SMB2::FileEA); r->Assign(0, smb2_string2stringval(${val.ea_vector[i].ea_name})); r->Assign(1, smb2_string2stringval(${val.ea_vector[i].ea_value})); eas->Assign(i, r); - } + } BifEvent::generate_smb2_file_fullea(bro_analyzer(), bro_analyzer()->Conn(), BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2GUID(${val.sir.file_id}), - eas); - } + eas); + } return true; %} @@ -117,11 +118,11 @@ refine connection SMB_Conn += { %{ if ( smb2_file_link ) BifEvent::generate_smb2_file_link(bro_analyzer(), - bro_analyzer()->Conn(), - BuildSMB2HeaderVal(${val.sir.header}), - BuildSMB2GUID(${val.sir.file_id}), - ${val.root_directory}, - smb2_string2stringval(${val.file_name})); + bro_analyzer()->Conn(), + BuildSMB2HeaderVal(${val.sir.header}), + BuildSMB2GUID(${val.sir.file_id}), + ${val.root_directory}, + smb2_string2stringval(${val.file_name})); return true; %} @@ -146,7 +147,7 @@ refine connection SMB_Conn += { BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2GUID(${val.sir.file_id}), ${val.read_mode}, - ${val.completion_mode}); + ${val.completion_mode}); return true; %} @@ -155,10 +156,10 @@ refine connection SMB_Conn += { %{ if ( smb2_file_position ) BifEvent::generate_smb2_file_position(bro_analyzer(), - bro_analyzer()->Conn(), - BuildSMB2HeaderVal(${val.sir.header}), - BuildSMB2GUID(${val.sir.file_id}), - ${val.current_byte_offset}); + bro_analyzer()->Conn(), + BuildSMB2HeaderVal(${val.sir.header}), + BuildSMB2GUID(${val.sir.file_id}), + ${val.current_byte_offset}); return true; %} @@ -167,10 +168,10 @@ refine connection SMB_Conn += { %{ if ( smb2_file_shortname ) BifEvent::generate_smb2_file_shortname(bro_analyzer(), - bro_analyzer()->Conn(), - BuildSMB2HeaderVal(${val.sir.header}), - BuildSMB2GUID(${val.sir.file_id}), - smb2_string2stringval(${val.filename})); + bro_analyzer()->Conn(), + BuildSMB2HeaderVal(${val.sir.header}), + BuildSMB2GUID(${val.sir.file_id}), + smb2_string2stringval(${val.filename})); return true; %} @@ -179,21 +180,19 @@ refine connection SMB_Conn += { %{ if ( smb2_file_validdatalength ) BifEvent::generate_smb2_file_validdatalength(bro_analyzer(), - bro_analyzer()->Conn(), - BuildSMB2HeaderVal(${val.sir.header}), - BuildSMB2GUID(${val.sir.file_id}), - ${val.validdatalength}); + bro_analyzer()->Conn(), + BuildSMB2HeaderVal(${val.sir.header}), + BuildSMB2GUID(${val.sir.file_id}), + ${val.validdatalength}); return true; %} function proc_smb2_set_info_request_file_fscontrol(val: SMB2_file_fscontrol_info): bool %{ - - if ( smb2_file_fscontrol ) { - + if ( smb2_file_fscontrol ) + { RecordVal* r = new RecordVal(BifType::Record::SMB2::Fscontrol); - r->Assign(0, val_mgr->GetInt(${val.free_space_start_filtering})); r->Assign(1, val_mgr->GetInt(${val.free_space_start_threshold})); r->Assign(2, val_mgr->GetInt(${val.free_space_stop_filtering})); @@ -202,11 +201,11 @@ refine connection SMB_Conn += { r->Assign(5, val_mgr->GetCount(${val.file_system_control_flags})); BifEvent::generate_smb2_file_fscontrol(bro_analyzer(), - bro_analyzer()->Conn(), - BuildSMB2HeaderVal(${val.sir.header}), - BuildSMB2GUID(${val.sir.file_id}), - r); - } + bro_analyzer()->Conn(), + BuildSMB2HeaderVal(${val.sir.header}), + BuildSMB2GUID(${val.sir.file_id}), + r); + } return true; %} @@ -215,15 +214,14 @@ refine connection SMB_Conn += { %{ if ( smb2_file_fsobjectid ) BifEvent::generate_smb2_file_fsobjectid(bro_analyzer(), - bro_analyzer()->Conn(), - BuildSMB2HeaderVal(${val.sir.header}), - BuildSMB2GUID(${val.sir.file_id}), - BuildSMB2GUID(${val.object_id}), - smb2_string2stringval(${val.extended_info})); + bro_analyzer()->Conn(), + BuildSMB2HeaderVal(${val.sir.header}), + BuildSMB2GUID(${val.sir.file_id}), + BuildSMB2GUID(${val.object_id}), + smb2_string2stringval(${val.extended_info})); return true; %} - } @@ -267,28 +265,28 @@ type SMB2_file_endoffile_info(sir: SMB2_set_info_request) = record { type SMB2_file_fullea_info_element = record { next_entry_offset : uint32; - flags : uint8; + flags : uint8; ea_name_length : uint8; - ea_value_length : uint16; - ea_name : SMB2_string(ea_name_length); - ea_value : SMB2_string(ea_value_length); - pad_to_next : padding to next_entry_offset; + ea_value_length : uint16; + ea_name : SMB2_string(ea_name_length); + ea_value : SMB2_string(ea_value_length); + pad_to_next : padding to next_entry_offset; } &let { next_offset: int = next_entry_offset; }; type SMB2_file_fullea_info(sir: SMB2_set_info_request) = record { - ea_vector : SMB2_file_fullea_info_element[] &until($element.next_offset == 0); + ea_vector : SMB2_file_fullea_info_element[] &until($element.next_offset == 0); } &let { proc: bool = $context.connection.proc_smb2_set_info_request_file_fullea(this); }; type SMB2_file_link_info(sir: SMB2_set_info_request) = record { replace_if_exists : uint8; - reserved : uint8[7]; - root_directory : uint64; + reserved : uint8[7]; + root_directory : uint64; file_name_length : uint32; - file_name : SMB2_string(file_name_length); + file_name : SMB2_string(file_name_length); } &let { proc: bool = $context.connection.proc_smb2_set_info_request_file_link(this); }; @@ -300,70 +298,70 @@ type SMB2_file_mode_info(sir: SMB2_set_info_request) = record { }; type SMB2_file_pipe_info(sir: SMB2_set_info_request) = record { - read_mode : uint32; + read_mode : uint32; completion_mode : uint32; } &let { proc: bool = $context.connection.proc_smb2_set_info_request_file_pipe(this); }; type SMB2_file_position_info(sir: SMB2_set_info_request) = record { - current_byte_offset : int64; + current_byte_offset : int64; } &let { proc: bool = $context.connection.proc_smb2_set_info_request_file_position(this); }; type SMB2_file_shortname_info(sir: SMB2_set_info_request) = record { - filename_length : uint32; - filename : SMB2_string(filename_length); + filename_length : uint32; + filename : SMB2_string(filename_length); } &let { proc: bool = $context.connection.proc_smb2_set_info_request_file_shortname(this); }; type SMB2_file_validdatalength_info(sir: SMB2_set_info_request) = record { - validdatalength : int64; + validdatalength : int64; } &let { proc: bool = $context.connection.proc_smb2_set_info_request_file_validdatalength(this); }; type SMB2_file_fscontrol_info(sir: SMB2_set_info_request) = record { - free_space_start_filtering : int64; - free_space_start_threshold : int64; - free_space_stop_filtering : int64; - default_quota_threshold : uint64; - default_quota_limit : uint64; - file_system_control_flags : uint32; - pad : padding[4]; + free_space_start_filtering : int64; + free_space_start_threshold : int64; + free_space_stop_filtering : int64; + default_quota_threshold : uint64; + default_quota_limit : uint64; + file_system_control_flags : uint32; + pad : padding[4]; } &let { proc: bool = $context.connection.proc_smb2_set_info_request_file_fscontrol(this); }; type SMB2_file_fsobjectid_info(sir: SMB2_set_info_request) = record { - object_id : SMB2_guid; - extended_info : SMB2_string(48); + object_id : SMB2_guid; + extended_info : SMB2_string(48); } &let { proc: bool = $context.connection.proc_smb2_set_info_request_file_fsobjectid(this); }; type SMB2_set_info_file_class(sir: SMB2_set_info_request) = case sir.info_level of { - SMB2_FILE_BASIC_INFO -> file_basic : SMB2_file_basic_info(sir); - SMB2_FILE_RENAME_INFO -> file_rename : SMB2_file_rename_info(sir); - SMB2_FILE_DISPOSITION_INFO -> file_disposition : SMB2_file_disposition_info(sir); - SMB2_FILE_ALLOCATION_INFO -> file_allocation : SMB2_file_allocation_info(sir); - SMB2_FILE_ENDOFFILE_INFO -> file_endoffile : SMB2_file_endoffile_info(sir); - SMB2_FILE_FULLEA_INFO -> file_fullea : SMB2_file_fullea_info(sir); - SMB2_FILE_LINK_INFO -> file_link : SMB2_file_link_info(sir); - SMB2_FILE_MODE_INFO -> file_mode : SMB2_file_mode_info(sir); - SMB2_FILE_PIPE_INFO -> file_pipe : SMB2_file_pipe_info(sir); - SMB2_FILE_POSITION_INFO -> file_position : SMB2_file_position_info(sir); - SMB2_FILE_SHORTNAME_INFO -> file_shortname : SMB2_file_shortname_info(sir); - SMB2_FILE_VALIDDATALENGTH_INFO -> file_validdatalength : SMB2_file_validdatalength_info(sir); - default -> info_file_unhandled : empty; + SMB2_FILE_BASIC_INFO -> file_basic : SMB2_file_basic_info(sir); + SMB2_FILE_RENAME_INFO -> file_rename : SMB2_file_rename_info(sir); + SMB2_FILE_DISPOSITION_INFO -> file_disposition : SMB2_file_disposition_info(sir); + SMB2_FILE_ALLOCATION_INFO -> file_allocation : SMB2_file_allocation_info(sir); + SMB2_FILE_ENDOFFILE_INFO -> file_endoffile : SMB2_file_endoffile_info(sir); + SMB2_FILE_FULLEA_INFO -> file_fullea : SMB2_file_fullea_info(sir); + SMB2_FILE_LINK_INFO -> file_link : SMB2_file_link_info(sir); + SMB2_FILE_MODE_INFO -> file_mode : SMB2_file_mode_info(sir); + SMB2_FILE_PIPE_INFO -> file_pipe : SMB2_file_pipe_info(sir); + SMB2_FILE_POSITION_INFO -> file_position : SMB2_file_position_info(sir); + SMB2_FILE_SHORTNAME_INFO -> file_shortname : SMB2_file_shortname_info(sir); + SMB2_FILE_VALIDDATALENGTH_INFO -> file_validdatalength : SMB2_file_validdatalength_info(sir); + default -> info_file_unhandled : empty; }; type SMB2_set_info_filesystem_class(sir: SMB2_set_info_request) = case sir.info_level of { - SMB2_FILE_FSCONTROL_INFO -> file_fscontrol : SMB2_file_fscontrol_info(sir); - SMB2_FILE_FSOBJECTID_INFO -> file_fsobjectid : SMB2_file_fsobjectid_info(sir); - default -> info_file_unhandled : empty; + SMB2_FILE_FSCONTROL_INFO -> file_fscontrol : SMB2_file_fscontrol_info(sir); + SMB2_FILE_FSOBJECTID_INFO -> file_fsobjectid : SMB2_file_fsobjectid_info(sir); + default -> info_file_unhandled : empty; }; @@ -379,10 +377,10 @@ type SMB2_set_info_request(header: SMB2_Header) = record { pad : padding to buffer_offset - header.head_length; data : case info_class of { - SMB2_0_INFO_FILE -> file_info : SMB2_set_info_file_class(this); - SMB2_0_INFO_FILESYSTEM -> filesystem_info : SMB2_set_info_filesystem_class(this); + SMB2_0_INFO_FILE -> file_info : SMB2_set_info_file_class(this); + SMB2_0_INFO_FILESYSTEM -> filesystem_info : SMB2_set_info_filesystem_class(this); # TODO: SMB2_0_INFO_SECURITY, SMB2_0_INFO_QUOTA - default -> class_unhandled : empty; + default -> class_unhandled : empty; }; };