xref: /illumos-gate/usr/src/uts/common/smbsrv/smb2.h (revision 4224cf35431a1b80d14862409ecf0beeaa49e0d8)
1 /*
2  * This file and its contents are supplied under the terms of the
3  * Common Development and Distribution License ("CDDL"), version 1.0.
4  * You may only use this file in accordance with the terms of version
5  * 1.0 of the CDDL.
6  *
7  * A full copy of the text of the CDDL should have accompanied this
8  * source.  A copy of the CDDL is also available via the Internet at
9  * http://www.illumos.org/license/CDDL.
10  */
11 
12 /*
13  * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
14  */
15 
16 #ifndef _SMB_SMB2_H
17 #define	_SMB_SMB2_H
18 
19 #ifdef __cplusplus
20 extern "C" {
21 #endif
22 
23 #define	SMB2_PROTOCOL_ID	{ 0xFE, 'S', 'M', 'B' }
24 #define	SMB2_HDR_SIZE	64
25 #define	SMB3_TFORM_HDR_SIZE	52
26 
27 /*
28  * Protocol ID as a 32-bit little-endian integer.
29  */
30 #define	SMB2_PROTOCOL_MAGIC	0x424d53fe
31 #define	SMB3_ENCRYPTED_MAGIC	0x424d53fd
32 
33 /*
34  * SMB2 header command codes.
35  * These are uint16_t on the wire.
36  */
37 typedef enum {
38 	SMB2_NEGOTIATE = 0,
39 	SMB2_SESSION_SETUP,
40 	SMB2_LOGOFF,
41 	SMB2_TREE_CONNECT,
42 	SMB2_TREE_DISCONNECT,
43 	SMB2_CREATE,
44 	SMB2_CLOSE,
45 	SMB2_FLUSH,
46 	SMB2_READ,
47 	SMB2_WRITE,
48 	SMB2_LOCK,
49 	SMB2_IOCTL,
50 	SMB2_CANCEL,
51 	SMB2_ECHO,
52 	SMB2_QUERY_DIRECTORY,
53 	SMB2_CHANGE_NOTIFY,
54 	SMB2_QUERY_INFO,
55 	SMB2_SET_INFO,
56 	SMB2_OPLOCK_BREAK,
57 	/*
58 	 * The above (oplock break) is the last real SMB2 op-code.
59 	 * We use one more slot to represent invalid commands, and
60 	 * the final enum value is used for array sizes. Keep last!
61 	 */
62 	SMB2_INVALID_CMD,
63 	SMB2__NCMDS
64 } SMB2_cmd_code;
65 
66 /*
67  * SMB2 header flags.
68  */
69 
70 /*
71  * SERVER_TO_REDIR
72  * When set, indicates the message is a response rather than
73  * a request. This MUST be set on responses sent from the
74  * server to the client, and MUST NOT be set on requests
75  * sent from the client to the server.
76  */
77 #define	SMB2_FLAGS_SERVER_TO_REDIR	0x00000001
78 
79 /*
80  * ASYNC_COMMAND
81  * When set, indicates that this is an ASYNC SMB2 header.
82  * Always set for headers of the form described in this
83  * section.
84  */
85 #define	SMB2_FLAGS_ASYNC_COMMAND	0x00000002
86 
87 /*
88  * RELATED_OPERATIONS
89  * When set in an SMB2 request, indicates that this request
90  * is a related operation in a compounded request chain.
91  * [MS-SMB2 sec. 3.2.4.1.4]
92  *
93  * When set in an SMB2 compound response, indicates that
94  * the request corresponding to this response was part of a
95  * related operation in a compounded request chain.
96  * [MS-SMB2 sec. 3.3.5.2.7.2]
97  */
98 #define	SMB2_FLAGS_RELATED_OPERATIONS	0x00000004
99 
100 /*
101  * SIGNED
102  * When set, indicates that this packet has been signed.
103  * [MS-SMB2 3.1.5.1]
104  */
105 #define	SMB2_FLAGS_SIGNED	0x00000008
106 
107 /*
108  * [MS-SMB2] 3.2.5.3.1 The SessionKey MUST be set to the
109  * first 16 bytes of the cryptographic key from GSSAPI.
110  * (Padded with zeros if the GSSAPI key is shorter.)
111  */
112 #define	SMB2_SESSION_KEY_LEN	16
113 
114 /*
115  * DFS_OPERATIONS
116  * When set, indicates that this command is a Distributed
117  * File System (DFS) operation.  [MS-SMB2 3.3.5.9]
118  */
119 #define	SMB2_FLAGS_DFS_OPERATIONS	0x10000000
120 
121 /*
122  * REPLAY_OPERATION
123  * This flag is only valid for the SMB 3.0 dialect. When set,
124  * it indicates that this command is a replay operation.
125  * The client MUST ignore this bit on receipt.
126  */
127 #define	SMB2_FLAGS_REPLAY_OPERATION	0x20000000
128 
129 /*
130  * SMB2 Netgotiate [MS-SMB2 2.2.3]
131  */
132 
133 #define	SMB2_NEGOTIATE_SIGNING_ENABLED   0x01
134 #define	SMB2_NEGOTIATE_SIGNING_REQUIRED  0x02
135 
136 #define	SMB2_CAP_DFS			0x00000001
137 
138 /* Added with SMB2.1 */
139 #define	SMB2_CAP_DFS			0x00000001
140 #define	SMB2_CAP_LEASING		0x00000002
141 /*
142  * LARGE_MTU:
143  * When set, indicates that the client supports multi-credit operations.
144  */
145 #define	SMB2_CAP_LARGE_MTU		0x00000004
146 
147 /* Added with SMB3.0 */
148 #define	SMB2_CAP_MULTI_CHANNEL		0x00000008
149 #define	SMB2_CAP_PERSISTENT_HANDLES	0x00000010
150 #define	SMB2_CAP_DIRECTORY_LEASING	0x00000020
151 #define	SMB2_CAP_ENCRYPTION		0x00000040
152 
153 /* SMB2 session flags */
154 #define	SMB2_SESSION_FLAG_IS_GUEST	0x0001
155 #define	SMB2_SESSION_FLAG_IS_NULL	0x0002
156 #define	SMB2_SESSION_FLAG_ENCRYPT_DATA	0x0004
157 
158 /*
159  * Client wants to bind an existing session to a new connection
160  */
161 #define	SMB2_SESSION_FLAG_BINDING	0x01
162 
163 /*
164  * SMB2 Tree connect, disconnect
165  */
166 
167 /* SMB2 sharetype flags */
168 #define	SMB2_SHARE_TYPE_DISK		0x1
169 #define	SMB2_SHARE_TYPE_PIPE		0x2
170 #define	SMB2_SHARE_TYPE_PRINT		0x3
171 
172 /* SMB2 share flags */
173 #define	SMB2_SHAREFLAG_MANUAL_CACHING			0x00000000
174 #define	SMB2_SHAREFLAG_AUTO_CACHING			0x00000010
175 #define	SMB2_SHAREFLAG_VDO_CACHING			0x00000020
176 #define	SMB2_SHAREFLAG_NO_CACHING			0x00000030
177 #define	SMB2_SHAREFLAG_DFS				0x00000001
178 #define	SMB2_SHAREFLAG_DFS_ROOT				0x00000002
179 #define	SMB2_SHAREFLAG_RESTRICT_EXCLUSIVE_OPENS		0x00000100
180 #define	SMB2_SHAREFLAG_FORCE_SHARED_DELETE		0x00000200
181 #define	SMB2_SHAREFLAG_ALLOW_NAMESPACE_CACHING		0x00000400
182 #define	SMB2_SHAREFLAG_ACCESS_BASED_DIRECTORY_ENUM	0x00000800
183 #define	SMB2_SHAREFLAG_FORCE_LEVELII_OPLOCK		0x00001000
184 /* SMB 3.0 */
185 #define	SMB2_SHAREFLAG_ENABLE_HASH_V1			0x00002000
186 #define	SMB2_SHAREFLAG_ENABLE_HASH_V2			0x00004000
187 #define	SMB2_SHAREFLAG_ENCRYPT_DATA			0x00008000
188 
189 /* SMB2 share capabilities */
190 #define	SMB2_SHARE_CAP_DFS				0x00000008
191 /* SMB 3.0 */
192 #define	SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY		0x00000010
193 #define	SMB2_SHARE_CAP_SCALEOUT				0x00000020
194 #define	SMB2_SHARE_CAP_CLUSTER				0x00000040
195 
196 /*
197  * SMB2 Create (open)
198  */
199 
200 /*
201  * SMB2 requested oplock levels
202  * Corresponds to ntifs.h OPLOCK_LEVEL_... but NOT the same!
203  */
204 #define	SMB2_OPLOCK_LEVEL_NONE				0x00
205 #define	SMB2_OPLOCK_LEVEL_II				0x01
206 #define	SMB2_OPLOCK_LEVEL_EXCLUSIVE			0x08
207 #define	SMB2_OPLOCK_LEVEL_BATCH				0x09
208 #define	SMB2_OPLOCK_LEVEL_LEASE				0xFF
209 
210 /*
211  * SMB2 create request lease "type"
212  * Note: Same as ntifs.h OPLOCK_LEVEL_CACHE...
213  */
214 #define	SMB2_LEASE_NONE					0x00
215 #define	SMB2_LEASE_READ_CACHING				0x01
216 #define	SMB2_LEASE_HANDLE_CACHING			0x02
217 #define	SMB2_LEASE_WRITE_CACHING			0x04
218 
219 /* SMB2 create lease flags */
220 #define	SMB2_LEASE_FLAG_BREAK_IN_PROGRESS		0x00000002
221 #define	SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET		0x00000004
222 
223 /* SMB2 impersonation levels */
224 #define	SMB2_IMPERSONATION_ANONYMOUS			0x00
225 #define	SMB2_IMPERSONATION_IDENTIFICATION		0x01
226 #define	SMB2_IMPERSONATION_IMPERSONATION		0x02
227 #define	SMB2_IMPERSONATION_DELEGATE			0x03
228 
229 /*
230  * Note: ShareAccess, CreateDispositon, CreateOptions,
231  * all use the same definitions as SMB1 (from MS-FSA).
232  * Ditto FileAccess flags (as with ACLs)
233  */
234 
235 /* SMB2 Create Context tags */
236 
237 #define	SMB2_CREATE_EA_BUFFER			0x45787441 /* ("ExtA") */
238 /*
239  * The data contains the extended attributes
240  * that MUST be stored on the created file.
241  * This value MUST NOT be set for named
242  * pipes and print files.
243  */
244 
245 #define	SMB2_CREATE_SD_BUFFER			0x53656344 /* ("SecD") */
246 /*
247  * The data contains a security descriptor that
248  * MUST be stored on the created file.
249  * This value MUST NOT be set for named
250  * pipes and print files.
251  */
252 
253 #define	SMB2_CREATE_DURABLE_HANDLE_REQUEST	0x44486e51 /* ("DHnQ") */
254 /* The client is requesting the open to be durable */
255 
256 #define	SMB2_CREATE_DURABLE_HANDLE_RECONNECT	0x44486e43 /* ("DHnC") */
257 /*
258  * The client is requesting to reconnect to a
259  * durable open after being disconnected
260  */
261 
262 #define	SMB2_CREATE_ALLOCATION_SIZE		0x416c5369 /* ("AISi") */
263 /*
264  * The data contains the required allocation
265  * size of the newly created file.
266  */
267 
268 #define	SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQ	0x4d784163 /* ("MxAc") */
269 /*
270  * The client is requesting that the server
271  * return maximal access information.
272  */
273 
274 #define	SMB2_CREATE_TIMEWARP_TOKEN		0x54577270 /* ("TWrp") */
275 /*
276  * The client is requesting that the server
277  * open an earlier version of the file identified
278  * by the provided time stamp.
279  */
280 
281 #define	SMB2_CREATE_QUERY_ON_DISK_ID		0x51466964 /* ("QFid") */
282 /*
283  * The client is requesting that the server return a 32-byte
284  * opaque BLOB that uniquely identifies the file being opened
285  * on disk. No data is passed to the server by the client.
286  */
287 
288 #define	SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2	0x44483251 /* ("DH2Q") */
289 /*
290  * The client is requesting the open to be durable.
291  * This value is only supported for the SMB 3.x dialect family.
292  */
293 
294 #define	SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2	0x44483243 /* ("DH2C") */
295 /*
296  * The client is requesting to reconnect to a
297  * durable open after being disconnected.
298  * This value is only supported for the SMB 3.x dialect family.
299  */
300 
301 #define	SMB2_DHANDLE_FLAG_PERSISTENT	0x00000002
302 /* A persistent handle is requested. */
303 
304 #define	SMB2_CREATE_REQUEST_LEASE		0x52714c73 /* ("RqLs") */
305 /*
306  * The client is requesting that the server return a lease.
307  * This value is only supported for the SMB 2.1 and 3.0 dialects.
308  */
309 
310 #define	SMB2_CREATE_CTX_AAPL			0x4141504c /* ("AAPL") */
311 /*
312  * Client is MacOS X looking for MacOS-specific extensions.
313  */
314 
315 /*
316  * SMB2 Close
317  */
318 #define	SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB	0x0001
319 
320 /*
321  * SMB2 Read
322  */
323 #define	SMB2_READFLAG_READ_UNBUFFERED		0x00000001
324 
325 /*
326  * SMB2 Write
327  */
328 #define	SMB2_WRITEFLAG_WRITE_THROUGH		0x00000001
329 #define	SMB2_WRITEFLAG_WRITE_UNBUFFERED		0x00000002
330 
331 /*
332  * SMB2 Lock Request
333  */
334 
335 /* SMB2 lock flags */
336 
337 /*
338  * SMB2_LOCKFLAG_SHARED_LOCK
339  * The range MUST be locked shared, allowing other opens
340  * to read from or take a shared lock on the range. All opens
341  * MUST NOT be allowed to write within the range. Other
342  * locks can be requested and taken on this range.
343  */
344 #define	SMB2_LOCKFLAG_SHARED_LOCK	0x00000001
345 
346 /*
347  * SMB2_LOCKFLAG_EXCLUSIVE_LOCK
348  * The range MUST be locked exclusive, not allowing other
349  * opens to read, write, or lock within the range.
350  */
351 #define	SMB2_LOCKFLAG_EXCLUSIVE_LOCK	0x00000002
352 
353 /*
354  * SMB2_LOCKFLAG_UNLOCK
355  * The range MUST be unlocked from a previous lock taken
356  * on this range. The unlock range MUST be identical to the
357  * lock range. Sub-ranges cannot be unlocked.
358  */
359 #define	SMB2_LOCKFLAG_UNLOCK		0x00000004
360 
361 /*
362  * SMB2_LOCKFLAG_FAIL_IMMEDIATELY
363  * The lock operation MUST fail immediately if it conflicts
364  * with an existing lock, instead of waiting for the range to
365  * become available.  This can be OR'ed with either of
366  * shared_lock, exclusive_lock (nothing else).
367  */
368 #define	SMB2_LOCKFLAG_FAIL_IMMEDIATELY	0x00000010
369 
370 /*
371  * SMB2 Ioctl Request
372  */
373 #define	SMB2_0_IOCTL_IS_FSCTL		0x00000001
374 
375 
376 /*
377  * SMB2 Query Directory
378  */
379 
380 /*
381  * SMB2 query directory info levels
382  * Same as SMB1 (see ntifs.h)
383  */
384 
385 /*
386  * SMB2 Query Directory Flags
387  * (our own names for these - spec. used poor names)
388  */
389 #define	SMB2_QDIR_FLAG_RESTART		0x01 /* SMB2_RESTART_SCANS */
390 #define	SMB2_QDIR_FLAG_SINGLE		0x02 /* SMB2_RETURN_SINGLE_ENTRY */
391 #define	SMB2_QDIR_FLAG_INDEX		0x04 /* SMB2_INDEX_SPECIFIED */
392 #define	SMB2_QDIR_FLAG_REOPEN		0x10 /* SMB2_REOPEN */
393 
394 /*
395  * SMB2 Query Info Request
396  */
397 
398 /* info type */
399 #define	SMB2_0_INFO_FILE		0x01
400 /* The file information is requested. */
401 #define	SMB2_0_INFO_FILESYSTEM		0x02
402 /* The underlying object store information is requested. */
403 #define	SMB2_0_INFO_SECURITY		0x03
404 /* The security information is requested. */
405 #define	SMB2_0_INFO_QUOTA		0x04
406 /* The underlying object store quota information is requested. */
407 
408 /*
409  * SMB2 Change Nofity Request
410  */
411 #define	SMB2_WATCH_TREE			0x00000001
412 
413 /* SMB2 Oplock Break: lease break notification flags */
414 #define	SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED  0x01
415 
416 #ifdef __cplusplus
417 }
418 #endif
419 
420 #endif /* _SMB_SMB2_H */
421