xref: /illumos-gate/usr/src/uts/common/smbsrv/smb2.h (revision b51a7e2003caa1eee7cfd998a535231eb646bb8d)
1 /*
2  * This file and its contents are supplied under the terms of the
3  * Common Development and Distribution License ("CDDL"), version 1.0.
4  * You may only use this file in accordance with the terms of version
5  * 1.0 of the CDDL.
6  *
7  * A full copy of the text of the CDDL should have accompanied this
8  * source.  A copy of the CDDL is also available via the Internet at
9  * http://www.illumos.org/license/CDDL.
10  */
11 
12 /*
13  * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
14  * Copyright 2021 RackTop Systems, Inc.
15  */
16 
17 #ifndef _SMB_SMB2_H
18 #define	_SMB_SMB2_H
19 
20 #ifdef __cplusplus
21 extern "C" {
22 #endif
23 
24 #define	SMB2_PROTOCOL_ID	{ 0xFE, 'S', 'M', 'B' }
25 #define	SMB2_HDR_SIZE	64
26 #define	SMB3_TFORM_HDR_SIZE	52
27 
28 /*
29  * Protocol ID as a 32-bit little-endian integer.
30  */
31 #define	SMB2_PROTOCOL_MAGIC	0x424d53fe
32 #define	SMB3_ENCRYPTED_MAGIC	0x424d53fd
33 
34 /*
35  * SMB2 header command codes.
36  * These are uint16_t on the wire.
37  */
38 typedef enum {
39 	SMB2_NEGOTIATE = 0,
40 	SMB2_SESSION_SETUP,
41 	SMB2_LOGOFF,
42 	SMB2_TREE_CONNECT,
43 	SMB2_TREE_DISCONNECT,
44 	SMB2_CREATE,
45 	SMB2_CLOSE,
46 	SMB2_FLUSH,
47 	SMB2_READ,
48 	SMB2_WRITE,
49 	SMB2_LOCK,
50 	SMB2_IOCTL,
51 	SMB2_CANCEL,
52 	SMB2_ECHO,
53 	SMB2_QUERY_DIRECTORY,
54 	SMB2_CHANGE_NOTIFY,
55 	SMB2_QUERY_INFO,
56 	SMB2_SET_INFO,
57 	SMB2_OPLOCK_BREAK,
58 	/*
59 	 * The above (oplock break) is the last real SMB2 op-code.
60 	 * We use one more slot to represent invalid commands, and
61 	 * the final enum value is used for array sizes. Keep last!
62 	 */
63 	SMB2_INVALID_CMD,
64 	SMB2__NCMDS
65 } SMB2_cmd_code;
66 
67 /*
68  * SMB2 header flags.
69  */
70 
71 /*
72  * SERVER_TO_REDIR
73  * When set, indicates the message is a response rather than
74  * a request. This MUST be set on responses sent from the
75  * server to the client, and MUST NOT be set on requests
76  * sent from the client to the server.
77  */
78 #define	SMB2_FLAGS_SERVER_TO_REDIR	0x00000001
79 
80 /*
81  * ASYNC_COMMAND
82  * When set, indicates that this is an ASYNC SMB2 header.
83  * Always set for headers of the form described in this
84  * section.
85  */
86 #define	SMB2_FLAGS_ASYNC_COMMAND	0x00000002
87 
88 /*
89  * RELATED_OPERATIONS
90  * When set in an SMB2 request, indicates that this request
91  * is a related operation in a compounded request chain.
92  * [MS-SMB2 sec. 3.2.4.1.4]
93  *
94  * When set in an SMB2 compound response, indicates that
95  * the request corresponding to this response was part of a
96  * related operation in a compounded request chain.
97  * [MS-SMB2 sec. 3.3.5.2.7.2]
98  */
99 #define	SMB2_FLAGS_RELATED_OPERATIONS	0x00000004
100 
101 /*
102  * SIGNED
103  * When set, indicates that this packet has been signed.
104  * [MS-SMB2 3.1.5.1]
105  */
106 #define	SMB2_FLAGS_SIGNED	0x00000008
107 
108 /*
109  * [MS-SMB2] 3.2.5.3.1 The SessionKey MUST be set to the
110  * first 16 bytes of the cryptographic key from GSSAPI.
111  * (Padded with zeros if the GSSAPI key is shorter.)
112  */
113 #define	SMB2_SESSION_KEY_LEN	16
114 
115 /*
116  * DFS_OPERATIONS
117  * When set, indicates that this command is a Distributed
118  * File System (DFS) operation.  [MS-SMB2 3.3.5.9]
119  */
120 #define	SMB2_FLAGS_DFS_OPERATIONS	0x10000000
121 
122 /*
123  * REPLAY_OPERATION
124  * This flag is only valid for the SMB 3.0 dialect. When set,
125  * it indicates that this command is a replay operation.
126  * The client MUST ignore this bit on receipt.
127  */
128 #define	SMB2_FLAGS_REPLAY_OPERATION	0x20000000
129 
130 /*
131  * SMB2 Netgotiate [MS-SMB2 2.2.3]
132  */
133 
134 #define	SMB2_NEGOTIATE_SIGNING_ENABLED   0x01
135 #define	SMB2_NEGOTIATE_SIGNING_REQUIRED  0x02
136 
137 #define	SMB2_CAP_DFS			0x00000001
138 
139 /* Added with SMB2.1 */
140 #define	SMB2_CAP_DFS			0x00000001
141 #define	SMB2_CAP_LEASING		0x00000002
142 /*
143  * LARGE_MTU:
144  * When set, indicates that the client supports multi-credit operations.
145  */
146 #define	SMB2_CAP_LARGE_MTU		0x00000004
147 
148 /* Added with SMB3.0 */
149 #define	SMB2_CAP_MULTI_CHANNEL		0x00000008
150 #define	SMB2_CAP_PERSISTENT_HANDLES	0x00000010
151 #define	SMB2_CAP_DIRECTORY_LEASING	0x00000020
152 #define	SMB2_CAP_ENCRYPTION		0x00000040
153 
154 /* SMB2 session flags */
155 #define	SMB2_SESSION_FLAG_IS_GUEST	0x0001
156 #define	SMB2_SESSION_FLAG_IS_NULL	0x0002
157 #define	SMB2_SESSION_FLAG_ENCRYPT_DATA	0x0004
158 
159 /*
160  * Client wants to bind an existing session to a new connection
161  */
162 #define	SMB2_SESSION_FLAG_BINDING	0x01
163 
164 /*
165  * SMB2 Tree connect, disconnect
166  */
167 
168 /* SMB2 sharetype flags */
169 #define	SMB2_SHARE_TYPE_DISK		0x1
170 #define	SMB2_SHARE_TYPE_PIPE		0x2
171 #define	SMB2_SHARE_TYPE_PRINT		0x3
172 
173 /* SMB2 share flags */
174 #define	SMB2_SHAREFLAG_MANUAL_CACHING			0x00000000
175 #define	SMB2_SHAREFLAG_AUTO_CACHING			0x00000010
176 #define	SMB2_SHAREFLAG_VDO_CACHING			0x00000020
177 #define	SMB2_SHAREFLAG_NO_CACHING			0x00000030
178 #define	SMB2_SHAREFLAG_DFS				0x00000001
179 #define	SMB2_SHAREFLAG_DFS_ROOT				0x00000002
180 #define	SMB2_SHAREFLAG_RESTRICT_EXCLUSIVE_OPENS		0x00000100
181 #define	SMB2_SHAREFLAG_FORCE_SHARED_DELETE		0x00000200
182 #define	SMB2_SHAREFLAG_ALLOW_NAMESPACE_CACHING		0x00000400
183 #define	SMB2_SHAREFLAG_ACCESS_BASED_DIRECTORY_ENUM	0x00000800
184 #define	SMB2_SHAREFLAG_FORCE_LEVELII_OPLOCK		0x00001000
185 /* SMB 3.0 */
186 #define	SMB2_SHAREFLAG_ENABLE_HASH_V1			0x00002000
187 #define	SMB2_SHAREFLAG_ENABLE_HASH_V2			0x00004000
188 #define	SMB2_SHAREFLAG_ENCRYPT_DATA			0x00008000
189 
190 /* SMB2 share capabilities */
191 #define	SMB2_SHARE_CAP_DFS				0x00000008
192 /* SMB 3.0 */
193 #define	SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY		0x00000010
194 #define	SMB2_SHARE_CAP_SCALEOUT				0x00000020
195 #define	SMB2_SHARE_CAP_CLUSTER				0x00000040
196 
197 /*
198  * SMB2 Create (open)
199  */
200 
201 /*
202  * SMB2 requested oplock levels
203  * Corresponds to ntifs.h OPLOCK_LEVEL_... but NOT the same!
204  */
205 #define	SMB2_OPLOCK_LEVEL_NONE				0x00
206 #define	SMB2_OPLOCK_LEVEL_II				0x01
207 #define	SMB2_OPLOCK_LEVEL_EXCLUSIVE			0x08
208 #define	SMB2_OPLOCK_LEVEL_BATCH				0x09
209 #define	SMB2_OPLOCK_LEVEL_LEASE				0xFF
210 
211 /*
212  * SMB2 create request lease "type"
213  * Note: Same as ntifs.h OPLOCK_LEVEL_CACHE...
214  */
215 #define	SMB2_LEASE_NONE					0x00
216 #define	SMB2_LEASE_READ_CACHING				0x01
217 #define	SMB2_LEASE_HANDLE_CACHING			0x02
218 #define	SMB2_LEASE_WRITE_CACHING			0x04
219 
220 /* SMB2 create lease flags */
221 #define	SMB2_LEASE_FLAG_BREAK_IN_PROGRESS		0x00000002
222 #define	SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET		0x00000004
223 
224 /* SMB2 impersonation levels */
225 #define	SMB2_IMPERSONATION_ANONYMOUS			0x00
226 #define	SMB2_IMPERSONATION_IDENTIFICATION		0x01
227 #define	SMB2_IMPERSONATION_IMPERSONATION		0x02
228 #define	SMB2_IMPERSONATION_DELEGATE			0x03
229 
230 /*
231  * Note: ShareAccess, CreateDispositon, CreateOptions,
232  * all use the same definitions as SMB1 (from MS-FSA).
233  * Ditto FileAccess flags (as with ACLs)
234  */
235 
236 /* SMB2 Create Context tags */
237 
238 #define	SMB2_CREATE_EA_BUFFER			0x45787441 /* ("ExtA") */
239 /*
240  * The data contains the extended attributes
241  * that MUST be stored on the created file.
242  * This value MUST NOT be set for named
243  * pipes and print files.
244  */
245 
246 #define	SMB2_CREATE_SD_BUFFER			0x53656344 /* ("SecD") */
247 /*
248  * The data contains a security descriptor that
249  * MUST be stored on the created file.
250  * This value MUST NOT be set for named
251  * pipes and print files.
252  */
253 
254 #define	SMB2_CREATE_DURABLE_HANDLE_REQUEST	0x44486e51 /* ("DHnQ") */
255 /* The client is requesting the open to be durable */
256 
257 #define	SMB2_CREATE_DURABLE_HANDLE_RECONNECT	0x44486e43 /* ("DHnC") */
258 /*
259  * The client is requesting to reconnect to a
260  * durable open after being disconnected
261  */
262 
263 #define	SMB2_CREATE_ALLOCATION_SIZE		0x416c5369 /* ("AISi") */
264 /*
265  * The data contains the required allocation
266  * size of the newly created file.
267  */
268 
269 #define	SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQ	0x4d784163 /* ("MxAc") */
270 /*
271  * The client is requesting that the server
272  * return maximal access information.
273  */
274 
275 #define	SMB2_CREATE_TIMEWARP_TOKEN		0x54577270 /* ("TWrp") */
276 /*
277  * The client is requesting that the server
278  * open an earlier version of the file identified
279  * by the provided time stamp.
280  */
281 
282 #define	SMB2_CREATE_QUERY_ON_DISK_ID		0x51466964 /* ("QFid") */
283 /*
284  * The client is requesting that the server return a 32-byte
285  * opaque BLOB that uniquely identifies the file being opened
286  * on disk. No data is passed to the server by the client.
287  */
288 
289 #define	SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2	0x44483251 /* ("DH2Q") */
290 /*
291  * The client is requesting the open to be durable.
292  * This value is only supported for the SMB 3.x dialect family.
293  */
294 
295 #define	SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2	0x44483243 /* ("DH2C") */
296 /*
297  * The client is requesting to reconnect to a
298  * durable open after being disconnected.
299  * This value is only supported for the SMB 3.x dialect family.
300  */
301 
302 #define	SMB2_DHANDLE_FLAG_PERSISTENT	0x00000002
303 /* A persistent handle is requested. */
304 
305 #define	SMB2_CREATE_REQUEST_LEASE		0x52714c73 /* ("RqLs") */
306 /*
307  * The client is requesting that the server return a lease.
308  * This value is only supported for the SMB 2.1 and 3.0 dialects.
309  */
310 
311 #define	SMB2_CREATE_CTX_AAPL			0x4141504c /* ("AAPL") */
312 /*
313  * Client is MacOS X looking for MacOS-specific extensions.
314  */
315 
316 /*
317  * SMB2 Close
318  */
319 #define	SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB	0x0001
320 
321 /*
322  * SMB2 Read
323  */
324 #define	SMB2_READFLAG_READ_UNBUFFERED		0x00000001
325 
326 /*
327  * SMB2 Write
328  */
329 #define	SMB2_WRITEFLAG_WRITE_THROUGH		0x00000001
330 #define	SMB2_WRITEFLAG_WRITE_UNBUFFERED		0x00000002
331 
332 /*
333  * SMB2 Lock Request
334  */
335 
336 /* SMB2 lock flags */
337 
338 /*
339  * SMB2_LOCKFLAG_SHARED_LOCK
340  * The range MUST be locked shared, allowing other opens
341  * to read from or take a shared lock on the range. All opens
342  * MUST NOT be allowed to write within the range. Other
343  * locks can be requested and taken on this range.
344  */
345 #define	SMB2_LOCKFLAG_SHARED_LOCK	0x00000001
346 
347 /*
348  * SMB2_LOCKFLAG_EXCLUSIVE_LOCK
349  * The range MUST be locked exclusive, not allowing other
350  * opens to read, write, or lock within the range.
351  */
352 #define	SMB2_LOCKFLAG_EXCLUSIVE_LOCK	0x00000002
353 
354 /*
355  * SMB2_LOCKFLAG_UNLOCK
356  * The range MUST be unlocked from a previous lock taken
357  * on this range. The unlock range MUST be identical to the
358  * lock range. Sub-ranges cannot be unlocked.
359  */
360 #define	SMB2_LOCKFLAG_UNLOCK		0x00000004
361 
362 /*
363  * SMB2_LOCKFLAG_FAIL_IMMEDIATELY
364  * The lock operation MUST fail immediately if it conflicts
365  * with an existing lock, instead of waiting for the range to
366  * become available.  This can be OR'ed with either of
367  * shared_lock, exclusive_lock (nothing else).
368  */
369 #define	SMB2_LOCKFLAG_FAIL_IMMEDIATELY	0x00000010
370 
371 /*
372  * SMB2 Ioctl Request
373  */
374 #define	SMB2_0_IOCTL_IS_FSCTL		0x00000001
375 
376 
377 /*
378  * SMB2 Query Directory
379  */
380 
381 /*
382  * SMB2 query directory info levels
383  * Same as SMB1 (see ntifs.h)
384  */
385 
386 /*
387  * SMB2 Query Directory Flags
388  * (our own names for these - spec. used poor names)
389  */
390 #define	SMB2_QDIR_FLAG_RESTART		0x01 /* SMB2_RESTART_SCANS */
391 #define	SMB2_QDIR_FLAG_SINGLE		0x02 /* SMB2_RETURN_SINGLE_ENTRY */
392 #define	SMB2_QDIR_FLAG_INDEX		0x04 /* SMB2_INDEX_SPECIFIED */
393 #define	SMB2_QDIR_FLAG_REOPEN		0x10 /* SMB2_REOPEN */
394 
395 /*
396  * SMB2 Query Info Request
397  */
398 
399 /* info type */
400 #define	SMB2_0_INFO_FILE		0x01
401 /* The file information is requested. */
402 #define	SMB2_0_INFO_FILESYSTEM		0x02
403 /* The underlying object store information is requested. */
404 #define	SMB2_0_INFO_SECURITY		0x03
405 /* The security information is requested. */
406 #define	SMB2_0_INFO_QUOTA		0x04
407 /* The underlying object store quota information is requested. */
408 
409 /*
410  * SMB2 Change Nofity Request
411  */
412 #define	SMB2_WATCH_TREE			0x00000001
413 
414 /* SMB2 Oplock Break: lease break notification flags */
415 #define	SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED  0x01
416 
417 /* SMB3.1.1 the only pre-authentication hash */
418 #define	SMB3_HASH_SHA512	1
419 
420 /* SMB3.x encryption ciphers */
421 #define	SMB3_CIPHER_AES128_CCM	1	/* 3.0 */
422 #define	SMB3_CIPHER_AES128_GCM	2	/* 3.1.1 */
423 
424 #ifdef __cplusplus
425 }
426 #endif
427 
428 #endif /* _SMB_SMB2_H */
429