Samba Transaction Implementation

Derrell Lipman derrell.lipman at unwireduniverse.com
Tue Dec 23 15:09:32 GMT 2008 

On Tue, Dec 23, 2008 at 9:38 AM, Mahendran <shmahendran at gmail.com> wrote:

> ...
> It first sends Trans2_Request, FIND_FIRST2 command with the level of
> interest as SMB_INFO_QUERY_EA_SIZE. I send the response for this request. I
> have totally 3 files (for implementation purpose I have only 3 files) in
> the
> shared drive. I could form the packet and send response for this request. I
> am sending all 3 files in the same packet. I am also sending 2 directories,
> one for root and one for parent.
>
> While forming the data block I set 2 bytes each for CreationDate,
> CreationTime, LastAccessDate, LastAccessTime, LastWriteDate and
> LastWriteTime. I set the values as 0 for now.
>

Your FIND_FIRST2 response is malformed, as indicated by wireshark (formerly
ethereal).  If you look at the attached dump of your response, you'll see
that the file name lengths are zero for the first two files, the allocation
size is garbage, etc.  Furthermore, when file names do show up in the packet
data, they are in the wrong place.  The file bootrom.sys, for example, is in
the data area expected of Allocation Size, File Attributes, EA List Length,
and File Name Len.

I suspect that much of your problem is that the times are expected to be
four bytes, not two, so you're throwing off the entire remainder of the
packet with your two-byte timestamps.

Here's the parse, but you can get this same info from wireshark.  Try
clicking on the Allocation Size for the third file (indicated as 1868696576)
and you'll see it highlight the range of packet bytes from which it's
retrieving that data.

Derrell

No.     Time        Source                Destination           Protocol
Info
     26 1.305777    10.255.105.150        10.255.104.103        SMB
Trans2 Response, FIND_FIRST2, Files:  [Malformed Packet]

Frame 26 (293 bytes on wire, 293 bytes captured)
Ethernet II, Src: GrassVal_00:41:bf (00:b0:09:00:41:bf), Dst: Dell_b3:69:b9
(00:1a:a0:b3:69:b9)
Internet Protocol, Src: 10.255.105.150 (10.255.105.150), Dst: 10.255.104.103
(10.255.104.103)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
tr-rsrb-p2 (1988), Seq: 314, Ack: 686, Len: 239
[Reassembled TCP Segments (243 bytes): #24(4), #26(239)]
NetBIOS Session Service
SMB (Server Message Block Protocol)
    SMB Header
    Trans2 Response (0x32)
        Subcommand: FIND_FIRST2 (0x0001)
        [Level of Interest: Info Query EA Size (2)]
        [Search Pattern: \*.*]
        Word Count (WCT): 10
        Total Parameter Count: 10
        Total Data Count: 171
        Reserved: 0000
        Parameter Count: 10
        Parameter Offset: 56
        Parameter Displacement: 0
        Data Count: 171
        Data Offset: 68
        Data Displacement: 0
        Setup Count: 0
        Reserved: 00
        Byte Count (BCC): 184
        Padding: 00
        FIND_FIRST2 Parameters
            Level of Interest: Info Query EA Size (2)
            Search ID: 0x1000
            Search Count: 5
            End Of Search: 1
            EA Error offset: 0
            Last Name Offset: 160
        Padding: 0000
        FIND_FIRST2 Data
            Info Query EA Size File:
                Resume Key: 0
                Created: No time specified (0x00000000)
                Last Access: No time specified (0x00000000)
                Last Write: No time specified (0x00000000)
                Data Size: 0
                Allocation Size: 16
                File Attributes: 0x00000000
                EA List Length: 11778
                File Name Len: 0
                File Name:
            Info Query EA Size File:
                Resume Key: 0
                Created: No time specified (0x00000000)
                Last Access: No time specified (0x00000000)
                Last Write: No time specified (0x00000000)
                Data Size: 4096
                Allocation Size: 50331648
                File Attributes: 0x00002e2e
                EA List Length: 0
                File Name Len: 0
                File Name:
            Info Query EA Size
                Resume Key: 0
                Created: Invalid time
                Last Access: No time specified (0x00000000)
                Last Write: Invalid time
                Data Size: 0
                Allocation Size: 1868696576
                File Attributes: 0x0000746f
                EA List Length: 778923890
                File Name Len: 115
[Malformed Packet: SMB]

Frame (293 bytes):

0000  00 1a a0 b3 69 b9 00 b0 09 00 41 bf 08 00 45 00   ....i.....A...E.
0010  01 17 00 48 40 00 40 06 51 9e 0a ff 69 96 0a ff   ...H at .@.Q...i...
0020  68 67 00 8b 07 c4 80 9f 2b 0f d5 06 9d 52 50 18   hg......+....RP.
0030  80 00 61 ff 00 00 ff 53 4d 42 32 00 00 00 00 98   ..a....SMB2.....
0040  07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02   ................
0050  ff fe 00 00 42 01 0a 0a 00 ab 00 00 00 0a 00 38   ....B..........8
0060  00 00 00 ab 00 44 00 00 00 00 00 b8 00 00 00 10   .....D..........
0070  05 00 01 00 00 00 a0 00 00 00 00 00 00 00 00 00   ................
0080  00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00   ................
0090  00 00 00 00 02 2e 00 00 00 00 00 00 00 00 00 00   ................
00a0  00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00   ................
00b0  00 03 2e 2e 00 00 00 00 00 00 00 00 00 00 00 00   ................
00c0  00 1a 00 00 00 00 00 00 00 20 00 00 00 00 00 0c   ......... ......
00d0  62 6f 6f 74 72 6f 6d 2e 73 79 73 00 00 00 00 00   bootrom.sys.....
00e0  00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00   ................
00f0  20 00 00 00 00 00 08 76 78 57 6f 72 6b 73 00 00    ......vxWorks..
0100  00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00   ................
0110  00 00 00 20 00 00 00 00 00 0b 6c 6f 67 63 66 67   ... ......logcfg
0120  2e 65 6c 63 00                                    .elc.

Reassembled TCP (243 bytes):

0000  00 00 00 ef ff 53 4d 42 32 00 00 00 00 98 07 00   .....SMB2.......
0010  00 00 00 00 00 00 00 00 00 00 00 00 00 02 ff fe   ................
0020  00 00 42 01 0a 0a 00 ab 00 00 00 0a 00 38 00 00   ..B..........8..
0030  00 ab 00 44 00 00 00 00 00 b8 00 00 00 10 05 00   ...D............
0040  01 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 00   ................
0050  00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00   ................
0060  00 00 02 2e 00 00 00 00 00 00 00 00 00 00 00 00   ................
0070  00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 03   ................
0080  2e 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 1a   ................
0090  00 00 00 00 00 00 00 20 00 00 00 00 00 0c 62 6f   ....... ......bo
00a0  6f 74 72 6f 6d 2e 73 79 73 00 00 00 00 00 00 00   otrom.sys.......
00b0  00 00 00 00 00 00 1a 00 00 00 00 00 00 00 20 00   .............. .
00c0  00 00 00 00 08 76 78 57 6f 72 6b 73 00 00 00 00   .....vxWorks....
00d0  00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00   ................
00e0  00 20 00 00 00 00 00 0b 6c 6f 67 63 66 67 2e 65   . ......logcfg.e
00f0  6c 63 00                                          lc.

More information about the samba-technical mailing list