Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 03:28:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Migrate SMB analyzer to use IntrusivePtr

Browse source 
Deprecates the utf16_bytestring_to_utf8_val() function with replacement
being utf16_to_utf8_val().
This commit is contained in:
Jon Siwek 2020-05-05 22:56:38 -07:00
parent ad6dbada71
commit a60e5e9582
28 changed files with 377 additions and 344 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac
View file

@ -13,7 +13,6 @@ refine connection SMB_Conn += {
if ( smb1_session_setup_andx_request )
{
auto request = make_intrusive<RecordVal>(BifType::Record::SMB1::SessionSetupAndXRequest);
RecordVal* capabilities;
request->Assign(0, val_mgr->Count(${val.word_count}));
switch ( ${val.word_count} ) {
@ -31,7 +30,8 @@ refine connection SMB_Conn += {
break;
case 12: // NT LM 0.12 with extended security
capabilities = new RecordVal(BifType::Record::SMB1::SessionSetupAndXCapabilities);
{
auto capabilities = make_intrusive<RecordVal>(BifType::Record::SMB1::SessionSetupAndXCapabilities);
capabilities->Assign(0, val_mgr->Bool(${val.ntlm_extended_security.capabilities.unicode}));
capabilities->Assign(1, val_mgr->Bool(${val.ntlm_extended_security.capabilities.large_files}));
capabilities->Assign(2, val_mgr->Bool(${val.ntlm_extended_security.capabilities.nt_smbs}));
@ -47,11 +47,13 @@ refine connection SMB_Conn += {
request->Assign(5, smb_string2stringval(${val.ntlm_extended_security.native_os}));
request->Assign(6, smb_string2stringval(${val.ntlm_extended_security.native_lanman}));
request->Assign(13, capabilities);
request->Assign(13, std::move(capabilities));
}
break;
case 13: // NT LM 0.12 without extended security
capabilities = new RecordVal(BifType::Record::SMB1::SessionSetupAndXCapabilities);
{
auto capabilities = make_intrusive<RecordVal>(BifType::Record::SMB1::SessionSetupAndXCapabilities);
capabilities->Assign(0, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.unicode}));
capabilities->Assign(1, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.large_files}));
capabilities->Assign(2, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.nt_smbs}));
@ -71,7 +73,8 @@ refine connection SMB_Conn += {
request->Assign(10, to_stringval(${val.ntlm_nonextended_security.case_insensitive_password}));
request->Assign(11, to_stringval(${val.ntlm_nonextended_security.case_sensitive_password}));
request->Assign(13, capabilities);
request->Assign(13, std::move(capabilities));
}
break;
}
@ -94,9 +97,9 @@ refine connection SMB_Conn += {
{
case 3: // pre NT LM 0.12
response->Assign(1, val_mgr->Bool(${val.lanman.is_guest}));
response->Assign(2, ${val.lanman.byte_count} == 0 ? val_mgr->EmptyString()->Ref()->AsStringVal() : smb_string2stringval(${val.lanman.native_os[0]}));
response->Assign(3, ${val.lanman.byte_count} == 0 ? val_mgr->EmptyString()->Ref()->AsStringVal() : smb_string2stringval(${val.lanman.native_lanman[0]}));
response->Assign(4, ${val.lanman.byte_count} == 0 ? val_mgr->EmptyString()->Ref()->AsStringVal() : smb_string2stringval(${val.lanman.primary_domain[0]}));
response->Assign(2, ${val.lanman.byte_count} == 0 ? val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_os[0]}));
response->Assign(3, ${val.lanman.byte_count} == 0 ? val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_lanman[0]}));
response->Assign(4, ${val.lanman.byte_count} == 0 ? val_mgr->EmptyString() : smb_string2stringval(${val.lanman.primary_domain[0]}));
break;
case 4: // NT LM 0.12
response->Assign(1, val_mgr->Bool(${val.ntlm.is_guest}));