1 /* 2 * This file and its contents are supplied under the terms of the 3 * Common Development and Distribution License ("CDDL"), version 1.0. 4 * You may only use this file in accordance with the terms of version 5 * 1.0 of the CDDL. 6 * 7 * A full copy of the text of the CDDL should have accompanied this 8 * source. A copy of the CDDL is also available via the Internet at 9 * http://www.illumos.org/license/CDDL. 10 */ 11 12 /* 13 * Copyright 2018 Nexenta Systems, Inc. All rights reserved. 14 * Copyright 2021 RackTop Systems, Inc. 15 */ 16 17 #ifndef _SMB_SMB2_H 18 #define _SMB_SMB2_H 19 20 #ifdef __cplusplus 21 extern "C" { 22 #endif 23 24 #define SMB2_PROTOCOL_ID { 0xFE, 'S', 'M', 'B' } 25 #define SMB2_HDR_SIZE 64 26 #define SMB3_TFORM_HDR_SIZE 52 27 28 /* 29 * Protocol ID as a 32-bit little-endian integer. 30 */ 31 #define SMB2_PROTOCOL_MAGIC 0x424d53fe 32 #define SMB3_ENCRYPTED_MAGIC 0x424d53fd 33 34 /* 35 * SMB2 header command codes. 36 * These are uint16_t on the wire. 37 */ 38 typedef enum { 39 SMB2_NEGOTIATE = 0, 40 SMB2_SESSION_SETUP, 41 SMB2_LOGOFF, 42 SMB2_TREE_CONNECT, 43 SMB2_TREE_DISCONNECT, 44 SMB2_CREATE, 45 SMB2_CLOSE, 46 SMB2_FLUSH, 47 SMB2_READ, 48 SMB2_WRITE, 49 SMB2_LOCK, 50 SMB2_IOCTL, 51 SMB2_CANCEL, 52 SMB2_ECHO, 53 SMB2_QUERY_DIRECTORY, 54 SMB2_CHANGE_NOTIFY, 55 SMB2_QUERY_INFO, 56 SMB2_SET_INFO, 57 SMB2_OPLOCK_BREAK, 58 /* 59 * The above (oplock break) is the last real SMB2 op-code. 60 * We use one more slot to represent invalid commands, and 61 * the final enum value is used for array sizes. Keep last! 62 */ 63 SMB2_INVALID_CMD, 64 SMB2__NCMDS 65 } SMB2_cmd_code; 66 67 /* 68 * SMB2 header flags. 69 */ 70 71 /* 72 * SERVER_TO_REDIR 73 * When set, indicates the message is a response rather than 74 * a request. This MUST be set on responses sent from the 75 * server to the client, and MUST NOT be set on requests 76 * sent from the client to the server. 77 */ 78 #define SMB2_FLAGS_SERVER_TO_REDIR 0x00000001 79 80 /* 81 * ASYNC_COMMAND 82 * When set, indicates that this is an ASYNC SMB2 header. 83 * Always set for headers of the form described in this 84 * section. 85 */ 86 #define SMB2_FLAGS_ASYNC_COMMAND 0x00000002 87 88 /* 89 * RELATED_OPERATIONS 90 * When set in an SMB2 request, indicates that this request 91 * is a related operation in a compounded request chain. 92 * [MS-SMB2 sec. 3.2.4.1.4] 93 * 94 * When set in an SMB2 compound response, indicates that 95 * the request corresponding to this response was part of a 96 * related operation in a compounded request chain. 97 * [MS-SMB2 sec. 3.3.5.2.7.2] 98 */ 99 #define SMB2_FLAGS_RELATED_OPERATIONS 0x00000004 100 101 /* 102 * SIGNED 103 * When set, indicates that this packet has been signed. 104 * [MS-SMB2 3.1.5.1] 105 */ 106 #define SMB2_FLAGS_SIGNED 0x00000008 107 108 /* 109 * [MS-SMB2] 3.2.5.3.1 The SessionKey MUST be set to the 110 * first 16 bytes of the cryptographic key from GSSAPI. 111 * (Padded with zeros if the GSSAPI key is shorter.) 112 */ 113 #define SMB2_SESSION_KEY_LEN 16 114 115 /* 116 * DFS_OPERATIONS 117 * When set, indicates that this command is a Distributed 118 * File System (DFS) operation. [MS-SMB2 3.3.5.9] 119 */ 120 #define SMB2_FLAGS_DFS_OPERATIONS 0x10000000 121 122 /* 123 * REPLAY_OPERATION 124 * This flag is only valid for the SMB 3.0 dialect. When set, 125 * it indicates that this command is a replay operation. 126 * The client MUST ignore this bit on receipt. 127 */ 128 #define SMB2_FLAGS_REPLAY_OPERATION 0x20000000 129 130 /* 131 * SMB2 Netgotiate [MS-SMB2 2.2.3] 132 */ 133 134 #define SMB2_NEGOTIATE_SIGNING_ENABLED 0x01 135 #define SMB2_NEGOTIATE_SIGNING_REQUIRED 0x02 136 137 #define SMB2_CAP_DFS 0x00000001 138 139 /* Added with SMB2.1 */ 140 #define SMB2_CAP_DFS 0x00000001 141 #define SMB2_CAP_LEASING 0x00000002 142 /* 143 * LARGE_MTU: 144 * When set, indicates that the client supports multi-credit operations. 145 */ 146 #define SMB2_CAP_LARGE_MTU 0x00000004 147 148 /* Added with SMB3.0 */ 149 #define SMB2_CAP_MULTI_CHANNEL 0x00000008 150 #define SMB2_CAP_PERSISTENT_HANDLES 0x00000010 151 #define SMB2_CAP_DIRECTORY_LEASING 0x00000020 152 #define SMB2_CAP_ENCRYPTION 0x00000040 153 154 /* SMB2 session flags */ 155 #define SMB2_SESSION_FLAG_IS_GUEST 0x0001 156 #define SMB2_SESSION_FLAG_IS_NULL 0x0002 157 #define SMB2_SESSION_FLAG_ENCRYPT_DATA 0x0004 158 159 /* 160 * Client wants to bind an existing session to a new connection 161 */ 162 #define SMB2_SESSION_FLAG_BINDING 0x01 163 164 /* 165 * SMB2 Tree connect, disconnect 166 */ 167 168 /* SMB2 sharetype flags */ 169 #define SMB2_SHARE_TYPE_DISK 0x1 170 #define SMB2_SHARE_TYPE_PIPE 0x2 171 #define SMB2_SHARE_TYPE_PRINT 0x3 172 173 /* SMB2 share flags */ 174 #define SMB2_SHAREFLAG_MANUAL_CACHING 0x00000000 175 #define SMB2_SHAREFLAG_AUTO_CACHING 0x00000010 176 #define SMB2_SHAREFLAG_VDO_CACHING 0x00000020 177 #define SMB2_SHAREFLAG_NO_CACHING 0x00000030 178 #define SMB2_SHAREFLAG_DFS 0x00000001 179 #define SMB2_SHAREFLAG_DFS_ROOT 0x00000002 180 #define SMB2_SHAREFLAG_RESTRICT_EXCLUSIVE_OPENS 0x00000100 181 #define SMB2_SHAREFLAG_FORCE_SHARED_DELETE 0x00000200 182 #define SMB2_SHAREFLAG_ALLOW_NAMESPACE_CACHING 0x00000400 183 #define SMB2_SHAREFLAG_ACCESS_BASED_DIRECTORY_ENUM 0x00000800 184 #define SMB2_SHAREFLAG_FORCE_LEVELII_OPLOCK 0x00001000 185 /* SMB 3.0 */ 186 #define SMB2_SHAREFLAG_ENABLE_HASH_V1 0x00002000 187 #define SMB2_SHAREFLAG_ENABLE_HASH_V2 0x00004000 188 #define SMB2_SHAREFLAG_ENCRYPT_DATA 0x00008000 189 190 /* SMB2 share capabilities */ 191 #define SMB2_SHARE_CAP_DFS 0x00000008 192 /* SMB 3.0 */ 193 #define SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY 0x00000010 194 #define SMB2_SHARE_CAP_SCALEOUT 0x00000020 195 #define SMB2_SHARE_CAP_CLUSTER 0x00000040 196 197 /* 198 * SMB2 Create (open) 199 */ 200 201 /* 202 * SMB2 requested oplock levels 203 * Corresponds to ntifs.h OPLOCK_LEVEL_... but NOT the same! 204 */ 205 #define SMB2_OPLOCK_LEVEL_NONE 0x00 206 #define SMB2_OPLOCK_LEVEL_II 0x01 207 #define SMB2_OPLOCK_LEVEL_EXCLUSIVE 0x08 208 #define SMB2_OPLOCK_LEVEL_BATCH 0x09 209 #define SMB2_OPLOCK_LEVEL_LEASE 0xFF 210 211 /* 212 * SMB2 create request lease "type" 213 * Note: Same as ntifs.h OPLOCK_LEVEL_CACHE... 214 */ 215 #define SMB2_LEASE_NONE 0x00 216 #define SMB2_LEASE_READ_CACHING 0x01 217 #define SMB2_LEASE_HANDLE_CACHING 0x02 218 #define SMB2_LEASE_WRITE_CACHING 0x04 219 220 /* SMB2 create lease flags */ 221 #define SMB2_LEASE_FLAG_BREAK_IN_PROGRESS 0x00000002 222 #define SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET 0x00000004 223 224 /* SMB2 impersonation levels */ 225 #define SMB2_IMPERSONATION_ANONYMOUS 0x00 226 #define SMB2_IMPERSONATION_IDENTIFICATION 0x01 227 #define SMB2_IMPERSONATION_IMPERSONATION 0x02 228 #define SMB2_IMPERSONATION_DELEGATE 0x03 229 230 /* 231 * Note: ShareAccess, CreateDispositon, CreateOptions, 232 * all use the same definitions as SMB1 (from MS-FSA). 233 * Ditto FileAccess flags (as with ACLs) 234 */ 235 236 /* SMB2 Create Context tags */ 237 238 #define SMB2_CREATE_EA_BUFFER 0x45787441 /* ("ExtA") */ 239 /* 240 * The data contains the extended attributes 241 * that MUST be stored on the created file. 242 * This value MUST NOT be set for named 243 * pipes and print files. 244 */ 245 246 #define SMB2_CREATE_SD_BUFFER 0x53656344 /* ("SecD") */ 247 /* 248 * The data contains a security descriptor that 249 * MUST be stored on the created file. 250 * This value MUST NOT be set for named 251 * pipes and print files. 252 */ 253 254 #define SMB2_CREATE_DURABLE_HANDLE_REQUEST 0x44486e51 /* ("DHnQ") */ 255 /* The client is requesting the open to be durable */ 256 257 #define SMB2_CREATE_DURABLE_HANDLE_RECONNECT 0x44486e43 /* ("DHnC") */ 258 /* 259 * The client is requesting to reconnect to a 260 * durable open after being disconnected 261 */ 262 263 #define SMB2_CREATE_ALLOCATION_SIZE 0x416c5369 /* ("AISi") */ 264 /* 265 * The data contains the required allocation 266 * size of the newly created file. 267 */ 268 269 #define SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQ 0x4d784163 /* ("MxAc") */ 270 /* 271 * The client is requesting that the server 272 * return maximal access information. 273 */ 274 275 #define SMB2_CREATE_TIMEWARP_TOKEN 0x54577270 /* ("TWrp") */ 276 /* 277 * The client is requesting that the server 278 * open an earlier version of the file identified 279 * by the provided time stamp. 280 */ 281 282 #define SMB2_CREATE_QUERY_ON_DISK_ID 0x51466964 /* ("QFid") */ 283 /* 284 * The client is requesting that the server return a 32-byte 285 * opaque BLOB that uniquely identifies the file being opened 286 * on disk. No data is passed to the server by the client. 287 */ 288 289 #define SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 0x44483251 /* ("DH2Q") */ 290 /* 291 * The client is requesting the open to be durable. 292 * This value is only supported for the SMB 3.x dialect family. 293 */ 294 295 #define SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 0x44483243 /* ("DH2C") */ 296 /* 297 * The client is requesting to reconnect to a 298 * durable open after being disconnected. 299 * This value is only supported for the SMB 3.x dialect family. 300 */ 301 302 #define SMB2_DHANDLE_FLAG_PERSISTENT 0x00000002 303 /* A persistent handle is requested. */ 304 305 #define SMB2_CREATE_REQUEST_LEASE 0x52714c73 /* ("RqLs") */ 306 /* 307 * The client is requesting that the server return a lease. 308 * This value is only supported for the SMB 2.1 and 3.0 dialects. 309 */ 310 311 #define SMB2_CREATE_CTX_AAPL 0x4141504c /* ("AAPL") */ 312 /* 313 * Client is MacOS X looking for MacOS-specific extensions. 314 */ 315 316 /* 317 * SMB2 Close 318 */ 319 #define SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB 0x0001 320 321 /* 322 * SMB2 Read 323 */ 324 #define SMB2_READFLAG_READ_UNBUFFERED 0x00000001 325 326 /* 327 * SMB2 Write 328 */ 329 #define SMB2_WRITEFLAG_WRITE_THROUGH 0x00000001 330 #define SMB2_WRITEFLAG_WRITE_UNBUFFERED 0x00000002 331 332 /* 333 * SMB2 Lock Request 334 */ 335 336 /* SMB2 lock flags */ 337 338 /* 339 * SMB2_LOCKFLAG_SHARED_LOCK 340 * The range MUST be locked shared, allowing other opens 341 * to read from or take a shared lock on the range. All opens 342 * MUST NOT be allowed to write within the range. Other 343 * locks can be requested and taken on this range. 344 */ 345 #define SMB2_LOCKFLAG_SHARED_LOCK 0x00000001 346 347 /* 348 * SMB2_LOCKFLAG_EXCLUSIVE_LOCK 349 * The range MUST be locked exclusive, not allowing other 350 * opens to read, write, or lock within the range. 351 */ 352 #define SMB2_LOCKFLAG_EXCLUSIVE_LOCK 0x00000002 353 354 /* 355 * SMB2_LOCKFLAG_UNLOCK 356 * The range MUST be unlocked from a previous lock taken 357 * on this range. The unlock range MUST be identical to the 358 * lock range. Sub-ranges cannot be unlocked. 359 */ 360 #define SMB2_LOCKFLAG_UNLOCK 0x00000004 361 362 /* 363 * SMB2_LOCKFLAG_FAIL_IMMEDIATELY 364 * The lock operation MUST fail immediately if it conflicts 365 * with an existing lock, instead of waiting for the range to 366 * become available. This can be OR'ed with either of 367 * shared_lock, exclusive_lock (nothing else). 368 */ 369 #define SMB2_LOCKFLAG_FAIL_IMMEDIATELY 0x00000010 370 371 /* 372 * SMB2 Ioctl Request 373 */ 374 #define SMB2_0_IOCTL_IS_FSCTL 0x00000001 375 376 377 /* 378 * SMB2 Query Directory 379 */ 380 381 /* 382 * SMB2 query directory info levels 383 * Same as SMB1 (see ntifs.h) 384 */ 385 386 /* 387 * SMB2 Query Directory Flags 388 * (our own names for these - spec. used poor names) 389 */ 390 #define SMB2_QDIR_FLAG_RESTART 0x01 /* SMB2_RESTART_SCANS */ 391 #define SMB2_QDIR_FLAG_SINGLE 0x02 /* SMB2_RETURN_SINGLE_ENTRY */ 392 #define SMB2_QDIR_FLAG_INDEX 0x04 /* SMB2_INDEX_SPECIFIED */ 393 #define SMB2_QDIR_FLAG_REOPEN 0x10 /* SMB2_REOPEN */ 394 395 /* 396 * SMB2 Query Info Request 397 */ 398 399 /* info type */ 400 #define SMB2_0_INFO_FILE 0x01 401 /* The file information is requested. */ 402 #define SMB2_0_INFO_FILESYSTEM 0x02 403 /* The underlying object store information is requested. */ 404 #define SMB2_0_INFO_SECURITY 0x03 405 /* The security information is requested. */ 406 #define SMB2_0_INFO_QUOTA 0x04 407 /* The underlying object store quota information is requested. */ 408 409 /* 410 * SMB2 Change Nofity Request 411 */ 412 #define SMB2_WATCH_TREE 0x00000001 413 414 /* SMB2 Oplock Break: lease break notification flags */ 415 #define SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED 0x01 416 417 /* SMB3.1.1 the only pre-authentication hash */ 418 #define SMB3_HASH_SHA512 1 419 420 /* SMB3.x encryption ciphers */ 421 #define SMB3_CIPHER_AES128_CCM 1 /* 3.0 */ 422 #define SMB3_CIPHER_AES128_GCM 2 /* 3.1.1 */ 423 424 #ifdef __cplusplus 425 } 426 #endif 427 428 #endif /* _SMB_SMB2_H */ 429