tcpdump/smbutil.c

/*
 * Copyright (C) Andrew Tridgell 1995-1999
 *
 * This software may be distributed either under the terms of the
 * BSD-style license that accompanies tcpdump or the GNU GPL version 2
 * or later
 */

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#ifndef lint
static const char rcsid[] _U_ =
     "@(#) $Header: /tcpdump/master/tcpdump/smbutil.c,v 1.28 2003-11-16 09:36:43 guy Exp $";
#endif

#include <tcpdump-stdinc.h>

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "interface.h"
#include "extract.h"
#include "smb.h"

extern const u_char *startbuf;

/*
 * interpret a 32 bit dos packed date/time to some parameters
 */
static void
interpret_dos_date(u_int32_t date, struct tm *tp)
{
    u_int32_t p0, p1, p2, p3;

    p0 = date & 0xFF;
    p1 = ((date & 0xFF00) >> 8) & 0xFF;
    p2 = ((date & 0xFF0000) >> 16) & 0xFF;
    p3 = ((date & 0xFF000000) >> 24) & 0xFF;

    tp->tm_sec = 2 * (p0 & 0x1F);
    tp->tm_min = ((p0 >> 5) & 0xFF) + ((p1 & 0x7) << 3);
    tp->tm_hour = (p1 >> 3) & 0xFF;
    tp->tm_mday = (p2 & 0x1F);
    tp->tm_mon = ((p2 >> 5) & 0xFF) + ((p3 & 0x1) << 3) - 1;
    tp->tm_year = ((p3 >> 1) & 0xFF) + 80;
}

/*
 * common portion:
 * create a unix date from a dos date
 */
static time_t
int_unix_date(u_int32_t dos_date)
{
    struct tm t;

    if (dos_date == 0)
	return(0);

    interpret_dos_date(dos_date, &t);
    t.tm_wday = 1;
    t.tm_yday = 1;
    t.tm_isdst = 0;

    return (mktime(&t));
}

/*
 * create a unix date from a dos date
 * in network byte order
 */
static time_t
make_unix_date(const u_char *date_ptr)
{
    u_int32_t dos_date = 0;

    dos_date = EXTRACT_LE_32BITS(date_ptr);

    return int_unix_date(dos_date);
}

/*
 * create a unix date from a dos date
 * in halfword-swapped network byte order!
 */
static time_t
make_unix_date2(const u_char *date_ptr)
{
    u_int32_t x, x2;

    x = EXTRACT_LE_32BITS(date_ptr);
    x2 = ((x & 0xFFFF) << 16) | ((x & 0xFFFF0000) >> 16);
    return int_unix_date(x2);
}

/*
 * interpret an 8 byte "filetime" structure to a time_t
 * It's originally in "100ns units since jan 1st 1601"
 */
static time_t
interpret_long_date(const u_char *p)
{
    double d;
    time_t ret;

    TCHECK2(p[4], 4);

    /* this gives us seconds since jan 1st 1601 (approx) */
    d = (EXTRACT_LE_32BITS(p + 4) * 256.0 + p[3]) * (1.0e-7 * (1 << 24));

    /* now adjust by 369 years to make the secs since 1970 */
    d -= 369.0 * 365.25 * 24 * 60 * 60;

    /* and a fudge factor as we got it wrong by a few days */
    d += (3 * 24 * 60 * 60 + 6 * 60 * 60 + 2);

    if (d < 0)
	return(0);

    ret = (time_t)d;

    return(ret);
trunc:
    return(0);
}

/*
 * interpret the weird netbios "name". Return the name type, or -1 if
 * we run past the end of the buffer
 */
static int
name_interpret(const u_char *in, const u_char *maxbuf, char *out)
{
    int ret;
    int len;

    if (in >= maxbuf)
	return(-1);	/* name goes past the end of the buffer */
    TCHECK2(*in, 1);
    len = (*in++) / 2;

    *out=0;

    if (len > 30 || len < 1)
	return(0);

    while (len--) {
	TCHECK2(*in, 2);
	if (in + 1 >= maxbuf)
	    return(-1);	/* name goes past the end of the buffer */
	if (in[0] < 'A' || in[0] > 'P' || in[1] < 'A' || in[1] > 'P') {
	    *out = 0;
	    return(0);
	}
	*out = ((in[0] - 'A') << 4) + (in[1] - 'A');
	in += 2;
	out++;
    }
    *out = 0;
    ret = out[-1];

    return(ret);

trunc:
    return(-1);
}

/*
 * find a pointer to a netbios name
 */
static const u_char *
name_ptr(const u_char *buf, int ofs, const u_char *maxbuf)
{
    const u_char *p;
    u_char c;

    p = buf + ofs;
    if (p >= maxbuf)
	return(NULL);	/* name goes past the end of the buffer */
    TCHECK2(*p, 1);

    c = *p;

    /* XXX - this should use the same code that the DNS dissector does */
    if ((c & 0xC0) == 0xC0) {
	u_int16_t l = EXTRACT_16BITS(buf + ofs) & 0x3FFF;
	if (l == 0) {
	    /* We have a pointer that points to itself. */
	    return(NULL);
	}
	p = buf + l;
	if (p >= maxbuf)
	    return(NULL);	/* name goes past the end of the buffer */
	TCHECK2(*p, 1);
	return(buf + l);
    } else
	return(buf + ofs);

trunc:
    return(NULL);	/* name goes past the end of the buffer */
}

/*
 * extract a netbios name from a buf
 */
static int
name_extract(const u_char *buf, int ofs, const u_char *maxbuf, char *name)
{
    const u_char *p = name_ptr(buf, ofs, maxbuf);
    if (p == NULL)
	return(-1);	/* error (probably name going past end of buffer) */
    name[0] = '\0';
    return(name_interpret(p, maxbuf, name));
}


/*
 * return the total storage length of a mangled name
 */
static int
name_len(const unsigned char *s, const unsigned char *maxbuf)
{
    const unsigned char *s0 = s;
    unsigned char c;

    if (s >= maxbuf)
	return(-1);	/* name goes past the end of the buffer */
    TCHECK2(*s, 1);
    c = *s;
    if ((c & 0xC0) == 0xC0)
	return(2);
    while (*s) {
	if (s >= maxbuf)
	    return(-1);	/* name goes past the end of the buffer */
	TCHECK2(*s, 1);
	s += (*s) + 1;
    }
    return(PTR_DIFF(s, s0) + 1);

trunc:
    return(-1);	/* name goes past the end of the buffer */
}

static void
print_asc(const unsigned char *buf, int len)
{
    int i;
    for (i = 0; i < len; i++)
	safeputchar(buf[i]);
}

static const char *
name_type_str(int name_type)
{
    const char *f = NULL;

    switch (name_type) {
    case 0:    f = "Workstation"; break;
    case 0x03: f = "Client?"; break;
    case 0x20: f = "Server"; break;
    case 0x1d: f = "Master Browser"; break;
    case 0x1b: f = "Domain Controller"; break;
    case 0x1e: f = "Browser Server"; break;
    default:   f = "Unknown"; break;
    }
    return(f);
}

void
print_data(const unsigned char *buf, int len)
{
    int i = 0;

    if (len <= 0)
	return;
    printf("[%03X] ", i);
    for (i = 0; i < len; /*nothing*/) {
	printf("%02X ", buf[i] & 0xff);
	i++;
	if (i%8 == 0)
	    printf(" ");
	if (i % 16 == 0) {
	    print_asc(&buf[i - 16], 8);
	    printf(" ");
	    print_asc(&buf[i - 8], 8);
	    printf("\n");
	    if (i < len)
		printf("[%03X] ", i);
	}
    }
    if (i % 16) {
	int n;

	n = 16 - (i % 16);
	printf(" ");
	if (n>8)
	    printf(" ");
	while (n--)
	    printf("   ");

	n = SMBMIN(8, i % 16);
	print_asc(&buf[i - (i % 16)], n);
	printf(" ");
	n = (i % 16) - n;
	if (n > 0)
	    print_asc(&buf[i - n], n);
	printf("\n");
    }
}


static void
write_bits(unsigned int val, const char *fmt)
{
    const char *p = fmt;
    int i = 0;

    while ((p = strchr(fmt, '|'))) {
	size_t l = PTR_DIFF(p, fmt);
	if (l && (val & (1 << i)))
	    printf("%.*s ", (int)l, fmt);
	fmt = p + 1;
	i++;
    }
}

/* convert a UCS2 string into iso-8859-1 string */
static const char *
unistr(const u_char *s, int *len)
{
    static char buf[1000];
    int l=0;
    static int use_unicode = -1;

    if (use_unicode == -1) {
	char *p = getenv("USE_UNICODE");
	if (p && (atoi(p) == 1))
	    use_unicode = 1;
	else
	    use_unicode = 0;
    }

    /* maybe it isn't unicode - a cheap trick */
    if (!use_unicode || (s[0] && s[1])) {
	*len = strlen((const char *)s) + 1;
	return (const char *)s;
    }

    *len = 0;

    if (s[0] == 0 && s[1] != 0) {
	s++;
	*len = 1;
    }

    while (l < (int)(sizeof(buf) - 1) && s[0] && s[1] == 0) {
	buf[l] = s[0];
	s += 2;
	l++;
	*len += 2;
    }
    buf[l] = 0;
    *len += 2;
    return buf;
}

static const u_char *
smb_fdata1(const u_char *buf, const char *fmt, const u_char *maxbuf)
{
    int reverse = 0;
    const char *attrib_fmt = "READONLY|HIDDEN|SYSTEM|VOLUME|DIR|ARCHIVE|";
    int len;

    while (*fmt && buf<maxbuf) {
	switch (*fmt) {
	case 'a':
	    write_bits(buf[0], attrib_fmt);
	    buf++;
	    fmt++;
	    break;

	case 'A':
	    write_bits(EXTRACT_LE_16BITS(buf), attrib_fmt);
	    buf += 2;
	    fmt++;
	    break;

	case '{':
	  {
	    char bitfmt[128];
	    char *p;
	    int l;

	    p = strchr(++fmt, '}');
	    l = PTR_DIFF(p, fmt);

	    if ((unsigned int)l > sizeof(bitfmt) - 1)
		    l = sizeof(bitfmt)-1;

	    strncpy(bitfmt, fmt, l);
	    bitfmt[l] = '\0';
	    fmt = p + 1;
	    write_bits(buf[0], bitfmt);
	    buf++;
	    break;
	  }

	case 'P':
	  {
	    int l = atoi(fmt + 1);
	    buf += l;
	    fmt++;
	    while (isdigit((unsigned char)*fmt))
		fmt++;
	    break;
	  }
	case 'r':
	    reverse = !reverse;
	    fmt++;
	    break;
	case 'D':
	  {
	    unsigned int x;

	    TCHECK2(buf[0], 4);
	    x = reverse ? EXTRACT_32BITS(buf) : EXTRACT_LE_32BITS(buf);
	    printf("%d (0x%x)", x, x);
	    buf += 4;
	    fmt++;
	    break;
	  }
	case 'L':
	  {
	    unsigned int x1, x2;

	    TCHECK2(buf[4], 4);
	    x1 = reverse ? EXTRACT_32BITS(buf) :
			   EXTRACT_LE_32BITS(buf);
	    x2 = reverse ? EXTRACT_32BITS(buf + 4) :
			   EXTRACT_LE_32BITS(buf + 4);
	    if (x2)
		printf("0x%08x:%08x", x2, x1);
	    else
		printf("%d (0x%08x%08x)", x1, x2, x1);
	    buf += 8;
	    fmt++;
	    break;
	  }
	case 'd':
	  {
	    unsigned int x;
	    TCHECK2(buf[0], 2);
	    x = reverse ? EXTRACT_16BITS(buf) :
			  EXTRACT_LE_16BITS(buf);
	    printf("%d (0x%x)", x, x);
	    buf += 2;
	    fmt++;
	    break;
	  }
	case 'W':
	  {
	    unsigned int x;
	    TCHECK2(buf[0], 4);
	    x = reverse ? EXTRACT_32BITS(buf) :
			  EXTRACT_LE_32BITS(buf);
	    printf("0x%X", x);
	    buf += 4;
	    fmt++;
	    break;
	  }
	case 'w':
	  {
	    unsigned int x;
	    TCHECK2(buf[0], 2);
	    x = reverse ? EXTRACT_16BITS(buf) :
			  EXTRACT_LE_16BITS(buf);
	    printf("0x%X", x);
	    buf += 2;
	    fmt++;
	    break;
	  }
	case 'B':
	  {
	    unsigned int x;
	    TCHECK(buf[0]);
	    x = buf[0];
	    printf("0x%X", x);
	    buf += 1;
	    fmt++;
	    break;
	  }
	case 'b':
	  {
	    unsigned int x;
	    TCHECK(buf[0]);
	    x = buf[0];
	    printf("%u (0x%x)", x, x);
	    buf += 1;
	    fmt++;
	    break;
	  }
	case 'S':
	  {
	    /*XXX unistr() */
	    printf("%.*s", (int)PTR_DIFF(maxbuf, buf), unistr(buf, &len));
	    buf += len;
	    fmt++;
	    break;
	  }
	case 'Z':
	  {
	    if (*buf != 4 && *buf != 2)
		printf("Error! ASCIIZ buffer of type %u (safety=%lu)\n", *buf,
		    (unsigned long)PTR_DIFF(maxbuf, buf));
	    printf("%.*s", (int)PTR_DIFF(maxbuf, buf + 1),
		unistr(buf + 1, &len));
	    buf += len + 1;
	    fmt++;
	    break;
	  }
	case 's':
	  {
	    int l = atoi(fmt + 1);
	    printf("%-*.*s", l, l, buf);
	    buf += l;
	    fmt++;
	    while (isdigit((unsigned char)*fmt))
		fmt++;
	    break;
	  }
	case 'h':
	  {
	    int l = atoi(fmt + 1);
	    while (l--)
		printf("%02x", *buf++);
	    fmt++;
	    while (isdigit((unsigned char)*fmt))
		fmt++;
	    break;
	  }
	case 'n':
	  {
	    int t = atoi(fmt+1);
	    char nbuf[255];
	    int name_type;
	    int len;

	    switch (t) {
	    case 1:
		name_type = name_extract(startbuf, PTR_DIFF(buf, startbuf),
		    maxbuf, nbuf);
		if (name_type < 0)
		    goto trunc;
		len = name_len(buf, maxbuf);
		if (len < 0)
		    goto trunc;
		buf += len;
		printf("%-15.15s NameType=0x%02X (%s)", nbuf, name_type,
		    name_type_str(name_type));
		break;
	    case 2:
		name_type = buf[15];
		printf("%-15.15s NameType=0x%02X (%s)", buf, name_type,
		    name_type_str(name_type));
		buf += 16;
		break;
	    }
	    fmt++;
	    while (isdigit((unsigned char)*fmt))
		fmt++;
	    break;
	  }
	case 'T':
	  {
	    time_t t;
	    struct tm *lt;
	    const char *tstring;
	    u_int32_t x;
	    x = EXTRACT_LE_32BITS(buf);

	    switch (atoi(fmt + 1)) {
	    case 1:
		if (x == 0 || x == 0xFFFFFFFF)
		    t = 0;
		else
		    t = make_unix_date(buf);
		buf += 4;
		break;
	    case 2:
		if (x == 0 || x == 0xFFFFFFFF)
		    t = 0;
		else
		    t = make_unix_date2(buf);
		buf += 4;
		break;
	    case 3:
		t = interpret_long_date(buf);
		buf += 8;
		break;
	    }
	    if (t != 0) {
		lt = localtime(&t);
		if (lt != NULL)
		    tstring = asctime(lt);
		else
		    tstring = "(Can't convert time)\n";
	    } else
		tstring = "NULL\n";
	    printf("%s", tstring);
	    fmt++;
	    while (isdigit((unsigned char)*fmt))
		fmt++;
	    break;
	  }
	default:
	    putchar(*fmt);
	    fmt++;
	    break;
	}
    }

    if (buf >= maxbuf && *fmt)
	printf("END OF BUFFER\n");

    return(buf);

trunc:
    printf("\n");
    printf("WARNING: Short packet. Try increasing the snap length\n");
    return(NULL);
}

const u_char *
smb_fdata(const u_char *buf, const char *fmt, const u_char *maxbuf)
{
    static int depth = 0;
    char s[128];
    char *p;

    while (*fmt) {
	switch (*fmt) {
	case '*':
	    fmt++;
	    while (buf < maxbuf) {
		const u_char *buf2;
		depth++;
		buf2 = smb_fdata(buf, fmt, maxbuf);
		depth--;
		if (buf2 == NULL)
		    return(NULL);
		if (buf2 == buf)
		    return(buf);
		buf = buf2;
	    }
	    return(buf);

	case '|':
	    fmt++;
	    if (buf >= maxbuf)
		return(buf);
	    break;

	case '%':
	    fmt++;
	    buf = maxbuf;
	    break;

	case '#':
	    fmt++;
	    return(buf);
	    break;

	case '[':
	    fmt++;
	    if (buf >= maxbuf)
		return(buf);
	    memset(s, 0, sizeof(s));
	    p = strchr(fmt, ']');
	    if ((size_t)(p - fmt + 1) > sizeof(s)) {
		/* overrun */
		return(buf);
	    }
	    strncpy(s, fmt, p - fmt);
	    s[p - fmt] = '\0';
	    fmt = p + 1;
	    buf = smb_fdata1(buf, s, maxbuf);
	    if (buf == NULL)
		return(NULL);
	    break;

	default:
	    putchar(*fmt);
	    fmt++;
	    fflush(stdout);
	    break;
	}
    }
    if (!depth && buf < maxbuf) {
	size_t len = PTR_DIFF(maxbuf, buf);
	printf("Data: (%lu bytes)\n", (unsigned long)len);
	print_data(buf, len);
	return(buf + len);
    }
    return(buf);
}

typedef struct {
    const char *name;
    int code;
    const char *message;
} err_code_struct;

/* Dos Error Messages */
static err_code_struct dos_msgs[] = {
    { "ERRbadfunc", 1, "Invalid function." },
    { "ERRbadfile", 2, "File not found." },
    { "ERRbadpath", 3, "Directory invalid." },
    { "ERRnofids", 4, "No file descriptors available" },
    { "ERRnoaccess", 5, "Access denied." },
    { "ERRbadfid", 6, "Invalid file handle." },
    { "ERRbadmcb", 7, "Memory control blocks destroyed." },
    { "ERRnomem", 8, "Insufficient server memory to perform the requested function." },
    { "ERRbadmem", 9, "Invalid memory block address." },
    { "ERRbadenv", 10, "Invalid environment." },
    { "ERRbadformat", 11, "Invalid format." },
    { "ERRbadaccess", 12, "Invalid open mode." },
    { "ERRbaddata", 13, "Invalid data." },
    { "ERR", 14, "reserved." },
    { "ERRbaddrive", 15, "Invalid drive specified." },
    { "ERRremcd", 16, "A Delete Directory request attempted  to  remove  the  server's  current directory." },
    { "ERRdiffdevice", 17, "Not same device." },
    { "ERRnofiles", 18, "A File Search command can find no more files matching the specified criteria." },
    { "ERRbadshare", 32, "The sharing mode specified for an Open conflicts with existing  FIDs  on the file." },
    { "ERRlock", 33, "A Lock request conflicted with an existing lock or specified an  invalid mode,   or an Unlock requested attempted to remove a lock held by another process." },
    { "ERRfilexists", 80, "The file named in a Create Directory,  Make  New  File  or  Link  request already exists." },
    { "ERRbadpipe", 230, "Pipe invalid." },
    { "ERRpipebusy", 231, "All instances of the requested pipe are busy." },
    { "ERRpipeclosing", 232, "Pipe close in progress." },
    { "ERRnotconnected", 233, "No process on other end of pipe." },
    { "ERRmoredata", 234, "There is more data to be returned." },
    { NULL, -1, NULL }
 };

/* Server Error Messages */
err_code_struct server_msgs[] = {
    { "ERRerror", 1, "Non-specific error code." },
    { "ERRbadpw", 2, "Bad password - name/password pair in a Tree Connect or Session Setup are invalid." },
    { "ERRbadtype", 3, "reserved." },
    { "ERRaccess", 4, "The requester does not have  the  necessary  access  rights  within  the specified  context for the requested function. The context is defined by the TID or the UID." },
    { "ERRinvnid", 5, "The tree ID (TID) specified in a command was invalid." },
    { "ERRinvnetname", 6, "Invalid network name in tree connect." },
    { "ERRinvdevice", 7, "Invalid device - printer request made to non-printer connection or  non-printer request made to printer connection." },
    { "ERRqfull", 49, "Print queue full (files) -- returned by open print file." },
    { "ERRqtoobig", 50, "Print queue full -- no space." },
    { "ERRqeof", 51, "EOF on print queue dump." },
    { "ERRinvpfid", 52, "Invalid print file FID." },
    { "ERRsmbcmd", 64, "The server did not recognize the command received." },
    { "ERRsrverror", 65, "The server encountered an internal error,  e.g.,  system file unavailable." },
    { "ERRfilespecs", 67, "The file handle (FID) and pathname parameters contained an invalid  combination of values." },
    { "ERRreserved", 68, "reserved." },
    { "ERRbadpermits", 69, "The access permissions specified for a file or directory are not a valid combination.  The server cannot set the requested attribute." },
    { "ERRreserved", 70, "reserved." },
    { "ERRsetattrmode", 71, "The attribute mode in the Set File Attribute request is invalid." },
    { "ERRpaused", 81, "Server is paused." },
    { "ERRmsgoff", 82, "Not receiving messages." },
    { "ERRnoroom", 83, "No room to buffer message." },
    { "ERRrmuns", 87, "Too many remote user names." },
    { "ERRtimeout", 88, "Operation timed out." },
    { "ERRnoresource", 89, "No resources currently available for request." },
    { "ERRtoomanyuids", 90, "Too many UIDs active on this session." },
    { "ERRbaduid", 91, "The UID is not known as a valid ID on this session." },
    { "ERRusempx", 250, "Temp unable to support Raw,  use MPX mode." },
    { "ERRusestd", 251, "Temp unable to support Raw,  use standard read/write." },
    { "ERRcontmpx", 252, "Continue in MPX mode." },
    { "ERRreserved", 253, "reserved." },
    { "ERRreserved", 254, "reserved." },
    { "ERRnosupport", 0xFFFF, "Function not supported." },
    { NULL, -1, NULL }
};

/* Hard Error Messages */
err_code_struct hard_msgs[] = {
    { "ERRnowrite", 19, "Attempt to write on write-protected diskette." },
    { "ERRbadunit", 20, "Unknown unit." },
    { "ERRnotready", 21, "Drive not ready." },
    { "ERRbadcmd", 22, "Unknown command." },
    { "ERRdata", 23, "Data error (CRC)." },
    { "ERRbadreq", 24, "Bad request structure length." },
    { "ERRseek", 25 , "Seek error." },
    { "ERRbadmedia", 26, "Unknown media type." },
    { "ERRbadsector", 27, "Sector not found." },
    { "ERRnopaper", 28, "Printer out of paper." },
    { "ERRwrite", 29, "Write fault." },
    { "ERRread", 30, "Read fault." },
    { "ERRgeneral", 31, "General failure." },
    { "ERRbadshare", 32, "A open conflicts with an existing open." },
    { "ERRlock", 33, "A Lock request conflicted with an existing lock or specified an invalid mode,  or an Unlock requested attempted to remove a lock held by another process." },
    { "ERRwrongdisk", 34, "The wrong disk was found in a drive." },
    { "ERRFCBUnavail", 35, "No FCBs are available to process request." },
    { "ERRsharebufexc", 36, "A sharing buffer has been exceeded." },
    { NULL, -1, NULL }
};

static struct {
    int code;
    const char *class;
    err_code_struct *err_msgs;
} err_classes[] = {
    { 0, "SUCCESS", NULL },
    { 0x01, "ERRDOS", dos_msgs },
    { 0x02, "ERRSRV", server_msgs },
    { 0x03, "ERRHRD", hard_msgs },
    { 0x04, "ERRXOS", NULL },
    { 0xE1, "ERRRMX1", NULL },
    { 0xE2, "ERRRMX2", NULL },
    { 0xE3, "ERRRMX3", NULL },
    { 0xFF, "ERRCMD", NULL },
    { -1, NULL, NULL }
};

/*
 * return a SMB error string from a SMB buffer
 */
char *
smb_errstr(int class, int num)
{
    static char ret[128];
    int i, j;

    ret[0] = 0;

    for (i = 0; err_classes[i].class; i++)
	if (err_classes[i].code == class) {
	    if (err_classes[i].err_msgs) {
		err_code_struct *err = err_classes[i].err_msgs;
		for (j = 0; err[j].name; j++)
		    if (num == err[j].code) {
			snprintf(ret, sizeof(ret), "%s - %s (%s)",
			    err_classes[i].class, err[j].name, err[j].message);
			return ret;
		    }
	    }

	    snprintf(ret, sizeof(ret), "%s - %d", err_classes[i].class, num);
	    return ret;
	}

    snprintf(ret, sizeof(ret), "ERROR: Unknown error (%d,%d)", class, num);
    return(ret);
}