Commit Graph

49 Commits (7bdbe7ed32d220abae62c0fc6ed8fcbeba886454)

Author SHA1 Message Date
Jason Ish 7bdbe7ed32 rust: remove unnecessary lifetimes
Fix provided by cargo clippy --fix.
9 months ago
Philippe Antoine 668501c225 rust: remove unused 2 years ago
Lancer Cheng abc76e27de smb: fix data padding logic in writeAndX parser
Bug: #6008
2 years ago
Lancer Cheng 000eb91078 smb: fix wrong data offset when wct = 12
Bug: #6008
2 years ago
Jason Ish 7080ecbb76 rust: remove explicit lifetimes where not needed 3 years ago
Philippe Antoine bc287018e5 rust: cargo clippy --all-features --fix --allow-no-vcs 3 years ago
Jason Ish c4034dafa1 rust: fix clippy lints for clippy::derive_partial_eq_without_eq 3 years ago
Jason Ish 105d9a5f02 rust: fix clippy lint for unnecessary_unwrap
Avoid check if not none followed by unwrap.
3 years ago
Jason Ish f60e1b30f6 rust: fix clippy lint for partialeq_to_none
Use .is_some() and .is_none() instead of comparing against None.
Comparing against None requires a value to impl PartialEq, is_none() and
is_some() do not and are more idiomatic.
3 years ago
Philippe Antoine 817a5001a5 smb: check on param parsing
Ticket: 5246

so as not to overflow u16
3 years ago
Victor Julien b9cd502249 smb: convert 'close' parser to function 3 years ago
Jason Ish 09e2d3b216 smb: expose smb1 request/reply flags with a method
Adds `.is_request()` and `.is_reply()` to check if a SMB record flags
say the message is a request or a reply.
4 years ago
Pierre Chifflier d67f8f9196 rust/smb: convert parser to nom7 functions (SMB1) 4 years ago
Philippe Antoine 3e5f59e2cb smb: fix parsing of file deletion over SMB1 4 years ago
Jason Ish 5bf5de3350 rust(lint): don't use unwrap_or for function calls
Calling a function in unwrap_or causes that function to always
be called even when not needed. Instead use unwrap_or_else with
a closure which will only be called when needed.
4 years ago
Jason Ish 69cf5c9eea rust(lint): remove needless borrows
These are needless borrows (references) as the item is already
a reference.
4 years ago
Philippe Antoine 2d14606224 smb: andx support
Add AndX support for SMB1. Finishes #3475.

[Updated by Victor Julien to split functions]
5 years ago
Philippe Antoine aaa69fe3c5 smb: resistance against padding evasions
Scenario is use of dummy padding in write AndX request
or other similar commands using a data offset.

Parsing skips now these dummy bytes, and generates one event
5 years ago
Jason Ish ac93ab281d rust/logging: allow log macros to be used by plugins
Fix plugin macros so they can be used by external Rust crates
such as plugins.
5 years ago
Pierre Chifflier 442500678b rust: use the streaming version of combinators to fix incomplete reads 6 years ago
Pierre Chifflier d1bf34a427 rust/smb: add custom error handling 6 years ago
Pierre Chifflier 5b809f77f1 rust: upgrade all parsers to nom 5 6 years ago
Victor Julien f5b33a070a smb1: allow empty trans records 6 years ago
Jason Ish 42e5065ab8 rust: update to Rust 2018 with cargo fix
Migrate to Rust 2018 edition.

Credit to Danny Browning for first demontrating this:
https://github.com/OISF/suricata/pull/3604/commits
6 years ago
Victor Julien f7a41412d6 smb1: fix NT create andx records filename parsing
Use file name parsing routines that take unicode into account
and consider padding bytes as well.
7 years ago
Wesley van der Ree cc50908f8d smb: fix NT create filename parsing
parse_smb_create_andx_request_record skipped 1 byte too much before
the filename.

Fixes: #2894
7 years ago
Pierre Chifflier f22695130b rust: nom4 requires to add complete!() when using many! combinators 7 years ago
Pierre Chifflier 8c0cde36c6 rust: fix warnings for unused variables (add _) 7 years ago
Pierre Chifflier 13b7399790 rust: upgrade all parsers to nom4 7 years ago
Victor Julien 2b581cd6db smb: log trans2 that enable delete on close 7 years ago
Victor Julien eefac0ef95 smb1: add support for trans2 set_path_info rename 7 years ago
Victor Julien 7c8a078a2c smb1: improve NT Create response record parsing 7 years ago
Pierre Chifflier 576b8ef722 SMB: simplify code 8 years ago
Victor Julien 0dfb3f0e7f smb1: extract rename info from TRANS2
Exclude TRANS2 from generic TX lookup bypass.
8 years ago
Victor Julien 8eeda113c8 smb1: add parsing for RENAME command 8 years ago
Victor Julien 816bd022a6 smb1: improve non nt-status handling
Support SRV error, with a couple of codes.
Rename statux field to status_code.
8 years ago
Victor Julien eed492547c smb1: extract server guid from negotiate 8 years ago
Victor Julien 90e2abaac4 smb1: use generic string parsing for trans 8 years ago
Victor Julien 76917a8732 smb1: generic smb string parse func 8 years ago
Victor Julien 668c747aee smb1: more exact tree connect record parsing 8 years ago
Victor Julien 0ed00cf104 smb: move common parsing funcs into own file 8 years ago
Victor Julien caf29e92b3 smb1: parse and log timestamps in CREATE 8 years ago
Victor Julien be615c9fbc smb: small cleanups, fixes and optimizations 8 years ago
Victor Julien 7114d5d25b smb1: parser cleanups 8 years ago
Victor Julien d9e43d3e63 smb: cleaner server component parsing 8 years ago
Victor Julien 170edf7c44 smb1: improve error handling 8 years ago
Victor Julien 98b926bf72 smb1: implement WRITE_AND_CLOSE 8 years ago
Victor Julien 8bef120898 smb: session setup improvements
Improve ntlmssp version extraction and logging, make its data structures
optional. Extract native os/lm from smb1 ssn setup.

Move session setup handling into their own files.

Only log auth data for the session setup tx.
8 years ago
Victor Julien 75d7c9d64a rust/smb: initial support
Implement SMB app-layer parser for SMB1/2/3. Features:
- file extraction
- eve logging
- existing dce keyword support
- smb_share/smb_named_pipe keyword support (stickybuffers)
- auth meta data extraction (ntlmssp, kerberos5)
8 years ago