Wireshark-dev: [Wireshark-dev] [PATCH 7/8] SMB: Dissect all NT/SMB/Windows access mask bits

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Pali Rohár <pali@xxxxxxxxxx>
Date: Fri, 13 Sep 2024 22:58:33 +0200
---
 epan/dissectors/packet-windows-common.c | 35 +++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/epan/dissectors/packet-windows-common.c b/epan/dissectors/packet-windows-common.c
index c5ce1a7fbc40..f2eef2a3c292 100644
--- a/epan/dissectors/packet-windows-common.c
+++ b/epan/dissectors/packet-windows-common.c
@@ -2204,7 +2204,12 @@ static int hf_access_generic_read;
 static int hf_access_generic_write;
 static int hf_access_generic_execute;
 static int hf_access_generic_all;
+static int hf_access_other_3;
+static int hf_access_other_2;
 static int hf_access_system_security;
+static int hf_access_standard_7;
+static int hf_access_standard_6;
+static int hf_access_standard_5;
 static int hf_access_standard_delete;
 static int hf_access_standard_read_control;
 static int hf_access_standard_synchronise;
@@ -2290,12 +2295,17 @@ dissect_nt_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo,
 	};
 
 	static int * const other_access_flags[] = {
+		&hf_access_other_3,
+		&hf_access_other_2,
 		&hf_access_maximum_allowed,
 		&hf_access_system_security,
 		NULL
 	};
 
 	static int * const standard_access_flags[] = {
+		&hf_access_standard_7,
+		&hf_access_standard_6,
+		&hf_access_standard_5,
 		&hf_access_standard_synchronise,
 		&hf_access_standard_write_owner,
 		&hf_access_standard_write_dac,
@@ -3371,6 +3381,16 @@ proto_do_register_windows_common(int proto_smb)
 		    FT_BOOLEAN, 32, TFS(&tfs_set_notset),
 		    GENERIC_ALL_ACCESS, NULL, HFILL }},
 
+		{ &hf_access_other_3,
+		  { "Other access, bit 3", "nt.access_mask.other_3",
+		    FT_BOOLEAN, 32, TFS(&tfs_set_notset),
+		    0x08000000, NULL, HFILL }},
+
+		{ &hf_access_other_2,
+		  { "Other access, bit 2", "nt.access_mask.other_2",
+		    FT_BOOLEAN, 32, TFS(&tfs_set_notset),
+		    0x04000000, NULL, HFILL }},
+
 		{ &hf_access_maximum_allowed,
 		  { "Maximum allowed", "nt.access_mask.maximum_allowed",
 		    FT_BOOLEAN, 32, TFS(&tfs_set_notset),
@@ -3381,6 +3401,21 @@ proto_do_register_windows_common(int proto_smb)
 		    FT_BOOLEAN, 32, TFS(&tfs_set_notset),
 		    SYSTEM_SECURITY_ACCESS, NULL, HFILL }},
 
+		{ &hf_access_standard_7,
+		  { "Standard access, bit 7", "nt.access_mask.standard_7",
+		    FT_BOOLEAN, 32, TFS(&tfs_set_notset),
+		    0x00800000, NULL, HFILL }},
+
+		{ &hf_access_standard_6,
+		  { "Standard access, bit 6", "nt.access_mask.standard_6",
+		    FT_BOOLEAN, 32, TFS(&tfs_set_notset),
+		    0x00400000, NULL, HFILL }},
+
+		{ &hf_access_standard_5,
+		  { "Standard access, bit 5", "nt.access_mask.standard_5",
+		    FT_BOOLEAN, 32, TFS(&tfs_set_notset),
+		    0x00200000, NULL, HFILL }},
+
 		{ &hf_access_standard_read_control,
 		  { "Read control", "nt.access_mask.read_control",
 		    FT_BOOLEAN, 32, TFS(&tfs_set_notset),
-- 
2.20.1