Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix some whitespace issues

Browse source
This commit is contained in:
Seth Hall 2019-07-29 16:00:34 -04:00
parent e2596b1c64
commit 9931b07fae
2 changed files with 106 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

12
scripts/base/init-bare.zeek
View file

@ -3295,17 +3295,17 @@ export {
## ##
type SMB2::Fscontrol: record { type SMB2::Fscontrol: record {
## minimum amount of free disk space required to begin document filtering ## minimum amount of free disk space required to begin document filtering
free_space_start_filtering : int; free_space_start_filtering : int;
## minimum amount of free disk space required to continue document filtering ## minimum amount of free disk space required to continue document filtering
free_space_threshold : int; free_space_threshold : int;
## minimum amount of free disk space required to continue document filtering ## minimum amount of free disk space required to continue document filtering
free_space_threshold : int; free_space_threshold : int;
## default per-user disk quota ## default per-user disk quota
delete_quota_threshold : count; delete_quota_threshold : count;
## default per-user disk limit ## default per-user disk limit
default_quota_limit : count; default_quota_limit : count;
## file systems control flags passed as unsigned int ## file systems control flags passed as unsigned int
fs_control_flags : count; fs_control_flags : count;
}; };
## This information class is used to query or set extended attribute (EA) information for a file. ## This information class is used to query or set extended attribute (EA) information for a file.

202
src/analyzer/protocol/smb/smb2-com-set-info.pac
View file

@ -7,20 +7,20 @@ enum smb2_set_info_type {
# taken from MS-FSCC 2.4 and 2.5 # taken from MS-FSCC 2.4 and 2.5
enum smb_file_info_type { enum smb_file_info_type {
SMB2_FILE_BASIC_INFO = 0x04, SMB2_FILE_BASIC_INFO = 0x04,
SMB2_FILE_RENAME_INFO = 0x0a, SMB2_FILE_RENAME_INFO = 0x0a,
SMB2_FILE_DISPOSITION_INFO = 0x0d, SMB2_FILE_DISPOSITION_INFO = 0x0d,
SMB2_FILE_ALLOCATION_INFO = 0x13, SMB2_FILE_ALLOCATION_INFO = 0x13,
SMB2_FILE_ENDOFFILE_INFO = 0x14, SMB2_FILE_ENDOFFILE_INFO = 0x14,
SMB2_FILE_FULLEA_INFO = 0x0f, SMB2_FILE_FULLEA_INFO = 0x0f,
SMB2_FILE_LINK_INFO = 0x0b, SMB2_FILE_LINK_INFO = 0x0b,
SMB2_FILE_MODE_INFO = 0x10, SMB2_FILE_MODE_INFO = 0x10,
SMB2_FILE_PIPE_INFO = 0x18, SMB2_FILE_PIPE_INFO = 0x18,
SMB2_FILE_POSITION_INFO = 0x0e, SMB2_FILE_POSITION_INFO = 0x0e,
SMB2_FILE_SHORTNAME_INFO = 0x28, SMB2_FILE_SHORTNAME_INFO = 0x28,
SMB2_FILE_VALIDDATALENGTH_INFO = 0x27, SMB2_FILE_VALIDDATALENGTH_INFO = 0x27,
SMB2_FILE_FSCONTROL_INFO = 0x06, SMB2_FILE_FSCONTROL_INFO = 0x06,
SMB2_FILE_FSOBJECTID_INFO = 0x08, SMB2_FILE_FSOBJECTID_INFO = 0x08,
} }
refine connection SMB_Conn += { refine connection SMB_Conn += {
@ -69,10 +69,10 @@ refine connection SMB_Conn += {
%{ %{
if ( smb2_file_allocation ) if ( smb2_file_allocation )
BifEvent::generate_smb2_file_allocation(bro_analyzer(), BifEvent::generate_smb2_file_allocation(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
(${val.allocation_size})); (${val.allocation_size}));
return true; return true;
%} %}
@ -81,34 +81,35 @@ refine connection SMB_Conn += {
%{ %{
if ( smb2_file_endoffile ) if ( smb2_file_endoffile )
BifEvent::generate_smb2_file_endoffile(bro_analyzer(), BifEvent::generate_smb2_file_endoffile(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
${val.endoffile}); ${val.endoffile});
return true; return true;
%} %}
function proc_smb2_set_info_request_file_fullea(val: SMB2_file_fullea_info): bool function proc_smb2_set_info_request_file_fullea(val: SMB2_file_fullea_info): bool
%{ %{
if ( smb2_file_fullea ) { if ( smb2_file_fullea )
{
VectorVal* eas = new VectorVal(BifType::Vector::SMB2::FileEAs); VectorVal* eas = new VectorVal(BifType::Vector::SMB2::FileEAs);
for ( auto i = 0u; i < ${val.ea_vector}->size(); ++i ) { for ( auto i = 0u; i < ${val.ea_vector}->size(); ++i )
{
RecordVal* r = new RecordVal(BifType::Record::SMB2::FileEA); RecordVal* r = new RecordVal(BifType::Record::SMB2::FileEA);
r->Assign(0, smb2_string2stringval(${val.ea_vector[i].ea_name})); r->Assign(0, smb2_string2stringval(${val.ea_vector[i].ea_name}));
r->Assign(1, smb2_string2stringval(${val.ea_vector[i].ea_value})); r->Assign(1, smb2_string2stringval(${val.ea_vector[i].ea_value}));
eas->Assign(i, r); eas->Assign(i, r);
} }
BifEvent::generate_smb2_file_fullea(bro_analyzer(), BifEvent::generate_smb2_file_fullea(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
eas); eas);
} }
return true; return true;
%} %}
@ -117,11 +118,11 @@ refine connection SMB_Conn += {
%{ %{
if ( smb2_file_link ) if ( smb2_file_link )
BifEvent::generate_smb2_file_link(bro_analyzer(), BifEvent::generate_smb2_file_link(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
${val.root_directory}, ${val.root_directory},
smb2_string2stringval(${val.file_name})); smb2_string2stringval(${val.file_name}));
return true; return true;
%} %}
@ -146,7 +147,7 @@ refine connection SMB_Conn += {
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
${val.read_mode}, ${val.read_mode},
${val.completion_mode}); ${val.completion_mode});
return true; return true;
%} %}
@ -155,10 +156,10 @@ refine connection SMB_Conn += {
%{ %{
if ( smb2_file_position ) if ( smb2_file_position )
BifEvent::generate_smb2_file_position(bro_analyzer(), BifEvent::generate_smb2_file_position(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
${val.current_byte_offset}); ${val.current_byte_offset});
return true; return true;
%} %}
@ -167,10 +168,10 @@ refine connection SMB_Conn += {
%{ %{
if ( smb2_file_shortname ) if ( smb2_file_shortname )
BifEvent::generate_smb2_file_shortname(bro_analyzer(), BifEvent::generate_smb2_file_shortname(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
smb2_string2stringval(${val.filename})); smb2_string2stringval(${val.filename}));
return true; return true;
%} %}
@ -179,21 +180,19 @@ refine connection SMB_Conn += {
%{ %{
if ( smb2_file_validdatalength ) if ( smb2_file_validdatalength )
BifEvent::generate_smb2_file_validdatalength(bro_analyzer(), BifEvent::generate_smb2_file_validdatalength(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
${val.validdatalength}); ${val.validdatalength});
return true; return true;
%} %}
function proc_smb2_set_info_request_file_fscontrol(val: SMB2_file_fscontrol_info): bool function proc_smb2_set_info_request_file_fscontrol(val: SMB2_file_fscontrol_info): bool
%{ %{
if ( smb2_file_fscontrol )
if ( smb2_file_fscontrol ) { {
RecordVal* r = new RecordVal(BifType::Record::SMB2::Fscontrol); RecordVal* r = new RecordVal(BifType::Record::SMB2::Fscontrol);
r->Assign(0, val_mgr->GetInt(${val.free_space_start_filtering})); r->Assign(0, val_mgr->GetInt(${val.free_space_start_filtering}));
r->Assign(1, val_mgr->GetInt(${val.free_space_start_threshold})); r->Assign(1, val_mgr->GetInt(${val.free_space_start_threshold}));
r->Assign(2, val_mgr->GetInt(${val.free_space_stop_filtering})); r->Assign(2, val_mgr->GetInt(${val.free_space_stop_filtering}));
@ -202,11 +201,11 @@ refine connection SMB_Conn += {
r->Assign(5, val_mgr->GetCount(${val.file_system_control_flags})); r->Assign(5, val_mgr->GetCount(${val.file_system_control_flags}));
BifEvent::generate_smb2_file_fscontrol(bro_analyzer(), BifEvent::generate_smb2_file_fscontrol(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
r); r);
} }
return true; return true;
%} %}
@ -215,15 +214,14 @@ refine connection SMB_Conn += {
%{ %{
if ( smb2_file_fsobjectid ) if ( smb2_file_fsobjectid )
BifEvent::generate_smb2_file_fsobjectid(bro_analyzer(), BifEvent::generate_smb2_file_fsobjectid(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
BuildSMB2GUID(${val.object_id}), BuildSMB2GUID(${val.object_id}),
smb2_string2stringval(${val.extended_info})); smb2_string2stringval(${val.extended_info}));
return true; return true;
%} %}
} }
@ -267,28 +265,28 @@ type SMB2_file_endoffile_info(sir: SMB2_set_info_request) = record {
type SMB2_file_fullea_info_element = record { type SMB2_file_fullea_info_element = record {
next_entry_offset : uint32; next_entry_offset : uint32;
flags : uint8; flags : uint8;
ea_name_length : uint8; ea_name_length : uint8;
ea_value_length : uint16; ea_value_length : uint16;
ea_name : SMB2_string(ea_name_length); ea_name : SMB2_string(ea_name_length);
ea_value : SMB2_string(ea_value_length); ea_value : SMB2_string(ea_value_length);
pad_to_next : padding to next_entry_offset; pad_to_next : padding to next_entry_offset;
} &let { } &let {
next_offset: int = next_entry_offset; next_offset: int = next_entry_offset;
}; };
type SMB2_file_fullea_info(sir: SMB2_set_info_request) = record { type SMB2_file_fullea_info(sir: SMB2_set_info_request) = record {
ea_vector : SMB2_file_fullea_info_element[] &until($element.next_offset == 0); ea_vector : SMB2_file_fullea_info_element[] &until($element.next_offset == 0);
} &let { } &let {
proc: bool = $context.connection.proc_smb2_set_info_request_file_fullea(this); proc: bool = $context.connection.proc_smb2_set_info_request_file_fullea(this);
}; };
type SMB2_file_link_info(sir: SMB2_set_info_request) = record { type SMB2_file_link_info(sir: SMB2_set_info_request) = record {
replace_if_exists : uint8; replace_if_exists : uint8;
reserved : uint8[7]; reserved : uint8[7];
root_directory : uint64; root_directory : uint64;
file_name_length : uint32; file_name_length : uint32;
file_name : SMB2_string(file_name_length); file_name : SMB2_string(file_name_length);
} &let { } &let {
proc: bool = $context.connection.proc_smb2_set_info_request_file_link(this); proc: bool = $context.connection.proc_smb2_set_info_request_file_link(this);
}; };
@ -300,70 +298,70 @@ type SMB2_file_mode_info(sir: SMB2_set_info_request) = record {
}; };
type SMB2_file_pipe_info(sir: SMB2_set_info_request) = record { type SMB2_file_pipe_info(sir: SMB2_set_info_request) = record {
read_mode : uint32; read_mode : uint32;
completion_mode : uint32; completion_mode : uint32;
} &let { } &let {
proc: bool = $context.connection.proc_smb2_set_info_request_file_pipe(this); proc: bool = $context.connection.proc_smb2_set_info_request_file_pipe(this);
}; };
type SMB2_file_position_info(sir: SMB2_set_info_request) = record { type SMB2_file_position_info(sir: SMB2_set_info_request) = record {
current_byte_offset : int64; current_byte_offset : int64;
} &let { } &let {
proc: bool = $context.connection.proc_smb2_set_info_request_file_position(this); proc: bool = $context.connection.proc_smb2_set_info_request_file_position(this);
}; };
type SMB2_file_shortname_info(sir: SMB2_set_info_request) = record { type SMB2_file_shortname_info(sir: SMB2_set_info_request) = record {
filename_length : uint32; filename_length : uint32;
filename : SMB2_string(filename_length); filename : SMB2_string(filename_length);
} &let { } &let {
proc: bool = $context.connection.proc_smb2_set_info_request_file_shortname(this); proc: bool = $context.connection.proc_smb2_set_info_request_file_shortname(this);
}; };
type SMB2_file_validdatalength_info(sir: SMB2_set_info_request) = record { type SMB2_file_validdatalength_info(sir: SMB2_set_info_request) = record {
validdatalength : int64; validdatalength : int64;
} &let { } &let {
proc: bool = $context.connection.proc_smb2_set_info_request_file_validdatalength(this); proc: bool = $context.connection.proc_smb2_set_info_request_file_validdatalength(this);
}; };
type SMB2_file_fscontrol_info(sir: SMB2_set_info_request) = record { type SMB2_file_fscontrol_info(sir: SMB2_set_info_request) = record {
free_space_start_filtering : int64; free_space_start_filtering : int64;
free_space_start_threshold : int64; free_space_start_threshold : int64;
free_space_stop_filtering : int64; free_space_stop_filtering : int64;
default_quota_threshold : uint64; default_quota_threshold : uint64;
default_quota_limit : uint64; default_quota_limit : uint64;
file_system_control_flags : uint32; file_system_control_flags : uint32;
pad : padding[4]; pad : padding[4];
} &let { } &let {
proc: bool = $context.connection.proc_smb2_set_info_request_file_fscontrol(this); proc: bool = $context.connection.proc_smb2_set_info_request_file_fscontrol(this);
}; };
type SMB2_file_fsobjectid_info(sir: SMB2_set_info_request) = record { type SMB2_file_fsobjectid_info(sir: SMB2_set_info_request) = record {
object_id : SMB2_guid; object_id : SMB2_guid;
extended_info : SMB2_string(48); extended_info : SMB2_string(48);
} &let { } &let {
proc: bool = $context.connection.proc_smb2_set_info_request_file_fsobjectid(this); proc: bool = $context.connection.proc_smb2_set_info_request_file_fsobjectid(this);
}; };
type SMB2_set_info_file_class(sir: SMB2_set_info_request) = case sir.info_level of { type SMB2_set_info_file_class(sir: SMB2_set_info_request) = case sir.info_level of {
SMB2_FILE_BASIC_INFO -> file_basic : SMB2_file_basic_info(sir); SMB2_FILE_BASIC_INFO -> file_basic : SMB2_file_basic_info(sir);
SMB2_FILE_RENAME_INFO -> file_rename : SMB2_file_rename_info(sir); SMB2_FILE_RENAME_INFO -> file_rename : SMB2_file_rename_info(sir);
SMB2_FILE_DISPOSITION_INFO -> file_disposition : SMB2_file_disposition_info(sir); SMB2_FILE_DISPOSITION_INFO -> file_disposition : SMB2_file_disposition_info(sir);
SMB2_FILE_ALLOCATION_INFO -> file_allocation : SMB2_file_allocation_info(sir); SMB2_FILE_ALLOCATION_INFO -> file_allocation : SMB2_file_allocation_info(sir);
SMB2_FILE_ENDOFFILE_INFO -> file_endoffile : SMB2_file_endoffile_info(sir); SMB2_FILE_ENDOFFILE_INFO -> file_endoffile : SMB2_file_endoffile_info(sir);
SMB2_FILE_FULLEA_INFO -> file_fullea : SMB2_file_fullea_info(sir); SMB2_FILE_FULLEA_INFO -> file_fullea : SMB2_file_fullea_info(sir);
SMB2_FILE_LINK_INFO -> file_link : SMB2_file_link_info(sir); SMB2_FILE_LINK_INFO -> file_link : SMB2_file_link_info(sir);
SMB2_FILE_MODE_INFO -> file_mode : SMB2_file_mode_info(sir); SMB2_FILE_MODE_INFO -> file_mode : SMB2_file_mode_info(sir);
SMB2_FILE_PIPE_INFO -> file_pipe : SMB2_file_pipe_info(sir); SMB2_FILE_PIPE_INFO -> file_pipe : SMB2_file_pipe_info(sir);
SMB2_FILE_POSITION_INFO -> file_position : SMB2_file_position_info(sir); SMB2_FILE_POSITION_INFO -> file_position : SMB2_file_position_info(sir);
SMB2_FILE_SHORTNAME_INFO -> file_shortname : SMB2_file_shortname_info(sir); SMB2_FILE_SHORTNAME_INFO -> file_shortname : SMB2_file_shortname_info(sir);
SMB2_FILE_VALIDDATALENGTH_INFO -> file_validdatalength : SMB2_file_validdatalength_info(sir); SMB2_FILE_VALIDDATALENGTH_INFO -> file_validdatalength : SMB2_file_validdatalength_info(sir);
default -> info_file_unhandled : empty; default -> info_file_unhandled : empty;
}; };
type SMB2_set_info_filesystem_class(sir: SMB2_set_info_request) = case sir.info_level of { type SMB2_set_info_filesystem_class(sir: SMB2_set_info_request) = case sir.info_level of {
SMB2_FILE_FSCONTROL_INFO -> file_fscontrol : SMB2_file_fscontrol_info(sir); SMB2_FILE_FSCONTROL_INFO -> file_fscontrol : SMB2_file_fscontrol_info(sir);
SMB2_FILE_FSOBJECTID_INFO -> file_fsobjectid : SMB2_file_fsobjectid_info(sir); SMB2_FILE_FSOBJECTID_INFO -> file_fsobjectid : SMB2_file_fsobjectid_info(sir);
default -> info_file_unhandled : empty; default -> info_file_unhandled : empty;
}; };
@ -379,10 +377,10 @@ type SMB2_set_info_request(header: SMB2_Header) = record {
pad : padding to buffer_offset - header.head_length; pad : padding to buffer_offset - header.head_length;
data : case info_class of { data : case info_class of {
SMB2_0_INFO_FILE -> file_info : SMB2_set_info_file_class(this); SMB2_0_INFO_FILE -> file_info : SMB2_set_info_file_class(this);
SMB2_0_INFO_FILESYSTEM -> filesystem_info : SMB2_set_info_filesystem_class(this); SMB2_0_INFO_FILESYSTEM -> filesystem_info : SMB2_set_info_filesystem_class(this);
# TODO: SMB2_0_INFO_SECURITY, SMB2_0_INFO_QUOTA # TODO: SMB2_0_INFO_SECURITY, SMB2_0_INFO_QUOTA
default -> class_unhandled : empty; default -> class_unhandled : empty;
}; };
}; };