Change smb2_create_request event arguments to single request struct.

Added disposition and create_option fields.

scripts/base/init-bare.bro

@@ -3054,6 +3054,20 @@ export {
 		## The type of share being accessed. Physical disk, named pipe, or printer.
 		share_type: count;
 	};
+
+	## The request sent by the client to request either creation of or access to a file.
+	##
+	## For more information, see MS-SMB2:2.2.13
+	##
+	## .. bro:see:: smb2_create_request
+	type SMB2::CreateRequest: record {
+		## Name of the file
+		filename       : string;
+		## Defines the action the server MUST take if the file that is specified already exists.
+		disposition    : count;
+		## Specifies the options to be applied when creating or opening the file.
+		create_options : count;
+	};
 }
 
 module GLOBAL;

scripts/policy/protocols/smb/smb2-main.bro

@@ -129,12 +129,12 @@ event smb2_tree_disconnect_request(c: connection, hdr: SMB2::Header) &priority=5
 		}
 	}
 
-event smb2_create_request(c: connection, hdr: SMB2::Header, name: string) &priority=5
+event smb2_create_request(c: connection, hdr: SMB2::Header, request: SMB2::CreateRequest) &priority=5
 	{
-	if ( name == "")
+	if ( request$filename == "")
-		name = "<share_root>";
+		request$filename = "<share_root>";
 
-	c$smb_state$current_file$name = name;
+	c$smb_state$current_file$name = request$filename;
 
 	switch ( c$smb_state$current_tree$share_type )
 		{

src/analyzer/protocol/smb/smb2-com-create.pac

@@ -13,10 +13,14 @@ refine connection SMB_Conn += {
 
 		if ( smb2_create_request )
 			{
+			RecordVal* requestinfo = new RecordVal(BifType::Record::SMB2::CreateRequest);
+			requestinfo->Assign(0, filename);
+			requestinfo->Assign(1, new Val(${val.disposition}, TYPE_COUNT));
+			requestinfo->Assign(2, new Val(${val.create_options}, TYPE_COUNT));
 			BifEvent::generate_smb2_create_request(bro_analyzer(),
 			                                       bro_analyzer()->Conn(),
 			                                       BuildSMB2HeaderVal(h),
-			                                       filename);
+			                                       requestinfo);
 			}
 		else
 			{

src/analyzer/protocol/smb/smb2_com_create.bif

@@ -8,10 +8,10 @@
 ##
 ## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 2 message.
 ##
-## file_name: The name of the file being requested.
+## request: A record with more information related to the request.
 ##
 ## .. bro:see:: smb2_message smb2_create_response
-event smb2_create_request%(c: connection, hdr: SMB2::Header, file_name: string%);
+event smb2_create_request%(c: connection, hdr: SMB2::Header, request: SMB2::CreateRequest%);
 
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 responses of type *create*. This is sent by the server to notify the client of
@@ -33,3 +33,7 @@ event smb2_create_request%(c: connection, hdr: SMB2::Header, file_name: string%)
 ##
 ## .. bro:see:: smb2_message smb2_create_request
 event smb2_create_response%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, size: count, times: SMB::MACTimes, attrs: SMB2::FileAttrs%);
+
+#### Types
+
+type SMB2::CreateRequest: record;