xref: /illumos-gate/usr/src/uts/common/smbsrv/smb2.h (revision f2dbfd322ec9cd157a6e2cd8a53569e718a4b0af)
1 /*
2  * This file and its contents are supplied under the terms of the
3  * Common Development and Distribution License ("CDDL"), version 1.0.
4  * You may only use this file in accordance with the terms of version
5  * 1.0 of the CDDL.
6  *
7  * A full copy of the text of the CDDL should have accompanied this
8  * source.  A copy of the CDDL is also available via the Internet at
9  * http://www.illumos.org/license/CDDL.
10  */
11 
12 /*
13  * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
14  */
15 
16 #ifndef _SMB_SMB2_H
17 #define	_SMB_SMB2_H
18 
19 #ifdef __cplusplus
20 extern "C" {
21 #endif
22 
23 #define	SMB2_PROTOCOL_ID	{ 0xFE, 'S', 'M', 'B' }
24 #define	SMB2_HDR_SIZE	64
25 #define	SMB3_TFORM_HDR_SIZE	52
26 
27 /*
28  * Protocol ID as a 32-bit little-endian integer.
29  */
30 #define	SMB2_PROTOCOL_MAGIC	0x424d53fe
31 #define	SMB3_ENCRYPTED_MAGIC	0x424d53fd
32 
33 /*
34  * SMB2 header command codes.
35  * These are uint16_t on the wire.
36  */
37 typedef enum {
38 	SMB2_NEGOTIATE = 0,
39 	SMB2_SESSION_SETUP,
40 	SMB2_LOGOFF,
41 	SMB2_TREE_CONNECT,
42 	SMB2_TREE_DISCONNECT,
43 	SMB2_CREATE,
44 	SMB2_CLOSE,
45 	SMB2_FLUSH,
46 	SMB2_READ,
47 	SMB2_WRITE,
48 	SMB2_LOCK,
49 	SMB2_IOCTL,
50 	SMB2_CANCEL,
51 	SMB2_ECHO,
52 	SMB2_QUERY_DIRECTORY,
53 	SMB2_CHANGE_NOTIFY,
54 	SMB2_QUERY_INFO,
55 	SMB2_SET_INFO,
56 	SMB2_OPLOCK_BREAK,
57 	/*
58 	 * The above (oplock break) is the last real SMB2 op-code.
59 	 * We use one more slot to represent invalid commands, and
60 	 * the final enum value is used for array sizes. Keep last!
61 	 */
62 	SMB2_INVALID_CMD,
63 	SMB2__NCMDS
64 } SMB2_cmd_code;
65 
66 /*
67  * SMB2 header flags.
68  */
69 
70 /*
71  * SERVER_TO_REDIR
72  * When set, indicates the message is a response rather than
73  * a request. This MUST be set on responses sent from the
74  * server to the client, and MUST NOT be set on requests
75  * sent from the client to the server.
76  */
77 #define	SMB2_FLAGS_SERVER_TO_REDIR	0x00000001
78 
79 /*
80  * ASYNC_COMMAND
81  * When set, indicates that this is an ASYNC SMB2 header.
82  * Always set for headers of the form described in this
83  * section.
84  */
85 #define	SMB2_FLAGS_ASYNC_COMMAND	0x00000002
86 
87 /*
88  * RELATED_OPERATIONS
89  * When set in an SMB2 request, indicates that this request
90  * is a related operation in a compounded request chain.
91  * [MS-SMB2 sec. 3.2.4.1.4]
92  *
93  * When set in an SMB2 compound response, indicates that
94  * the request corresponding to this response was part of a
95  * related operation in a compounded request chain.
96  * [MS-SMB2 sec. 3.3.5.2.7.2]
97  */
98 #define	SMB2_FLAGS_RELATED_OPERATIONS	0x00000004
99 
100 /*
101  * SIGNED
102  * When set, indicates that this packet has been signed.
103  * [MS-SMB2 3.1.5.1]
104  */
105 #define	SMB2_FLAGS_SIGNED	0x00000008
106 
107 /*
108  * [MS-SMB2] 3.2.5.3.1 The SessionKey MUST be set to the
109  * first 16 bytes of the cryptographic key from GSSAPI.
110  * (Padded with zeros if the GSSAPI key is shorter.)
111  */
112 #define	SMB2_SESSION_KEY_LEN	16
113 
114 /*
115  * DFS_OPERATIONS
116  * When set, indicates that this command is a Distributed
117  * File System (DFS) operation.  [MS-SMB2 3.3.5.9]
118  */
119 #define	SMB2_FLAGS_DFS_OPERATIONS	0x10000000
120 
121 /*
122  * REPLAY_OPERATION
123  * This flag is only valid for the SMB 3.0 dialect. When set,
124  * it indicates that this command is a replay operation.
125  * The client MUST ignore this bit on receipt.
126  */
127 #define	SMB2_FLAGS_REPLAY_OPERATION	0x20000000
128 
129 /*
130  * SMB2 Netgotiate [MS-SMB2 2.2.3]
131  */
132 
133 #define	SMB2_NEGOTIATE_SIGNING_ENABLED   0x01
134 #define	SMB2_NEGOTIATE_SIGNING_REQUIRED  0x02
135 
136 #define	SMB2_CAP_DFS			0x00000001
137 
138 /* Added with SMB2.1 */
139 #define	SMB2_CAP_DFS			0x00000001
140 #define	SMB2_CAP_LEASING		0x00000002
141 /*
142  * LARGE_MTU:
143  * When set, indicates that the client supports multi-credit operations.
144  */
145 #define	SMB2_CAP_LARGE_MTU		0x00000004
146 
147 /* Added with SMB3.0 */
148 #define	SMB2_CAP_MULTI_CHANNEL		0x00000008
149 #define	SMB2_CAP_PERSISTENT_HANDLES	0x00000010
150 #define	SMB2_CAP_DIRECTORY_LEASING	0x00000020
151 #define	SMB2_CAP_ENCRYPTION		0x00000040
152 
153 /* SMB2 session flags */
154 #define	SMB2_SESSION_FLAG_IS_GUEST	0x0001
155 #define	SMB2_SESSION_FLAG_IS_NULL	0x0002
156 #define	SMB2_SESSION_FLAG_ENCRYPT_DATA	0x0004
157 
158 /*
159  * Client wants to bind an existing session to a new connection
160  */
161 #define	SMB2_SESSION_FLAG_BINDING	0x01
162 
163 /*
164  * SMB2 Tree connect, disconnect
165  */
166 
167 /* SMB2 sharetype flags */
168 #define	SMB2_SHARE_TYPE_DISK		0x1
169 #define	SMB2_SHARE_TYPE_PIPE		0x2
170 #define	SMB2_SHARE_TYPE_PRINT		0x3
171 
172 /* SMB2 share flags */
173 #define	SMB2_SHAREFLAG_MANUAL_CACHING			0x00000000
174 #define	SMB2_SHAREFLAG_AUTO_CACHING			0x00000010
175 #define	SMB2_SHAREFLAG_VDO_CACHING			0x00000020
176 #define	SMB2_SHAREFLAG_NO_CACHING			0x00000030
177 #define	SMB2_SHAREFLAG_DFS				0x00000001
178 #define	SMB2_SHAREFLAG_DFS_ROOT				0x00000002
179 #define	SMB2_SHAREFLAG_RESTRICT_EXCLUSIVE_OPENS		0x00000100
180 #define	SMB2_SHAREFLAG_FORCE_SHARED_DELETE		0x00000200
181 #define	SMB2_SHAREFLAG_ALLOW_NAMESPACE_CACHING		0x00000400
182 #define	SMB2_SHAREFLAG_ACCESS_BASED_DIRECTORY_ENUM	0x00000800
183 #define	SMB2_SHAREFLAG_FORCE_LEVELII_OPLOCK		0x00001000
184 /* SMB 3.0 */
185 #define	SMB2_SHAREFLAG_ENABLE_HASH_V1			0x00002000
186 #define	SMB2_SHAREFLAG_ENABLE_HASH_V2			0x00004000
187 #define	SMB2_SHAREFLAG_ENCRYPT_DATA			0x00008000
188 
189 /* SMB2 share capabilities */
190 #define	SMB2_SHARE_CAP_DFS				0x00000008
191 /* SMB 3.0 */
192 #define	SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY		0x00000010
193 #define	SMB2_SHARE_CAP_SCALEOUT				0x00000020
194 #define	SMB2_SHARE_CAP_CLUSTER				0x00000040
195 
196 /*
197  * SMB2 Create (open)
198  */
199 
200 /*
201  * SMB2 requested oplock levels
202  * Corresponds to ntifs.h OPLOCK_LEVEL_... but NOT the same!
203  */
204 #define	SMB2_OPLOCK_LEVEL_NONE				0x00
205 #define	SMB2_OPLOCK_LEVEL_II				0x01
206 #define	SMB2_OPLOCK_LEVEL_EXCLUSIVE			0x08
207 #define	SMB2_OPLOCK_LEVEL_BATCH				0x09
208 #define	SMB2_OPLOCK_LEVEL_LEASE				0xFF
209 
210 /*
211  * SMB2 create request lease "type"
212  * Note: Same as ntifs.h OPLOCK_LEVEL_CACHE...
213  */
214 #define	SMB2_LEASE_NONE					0x00
215 #define	SMB2_LEASE_READ_CACHING				0x01
216 #define	SMB2_LEASE_HANDLE_CACHING			0x02
217 #define	SMB2_LEASE_WRITE_CACHING			0x04
218 
219 /* SMB2 create lease flags */
220 #define	SMB2_LEASE_FLAG_BREAK_IN_PROGRESS		0x00000002
221 #define	SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET		0x00000004
222 
223 /* SMB2 impersonation levels */
224 #define	SMB2_IMPERSONATION_ANONYMOUS			0x00
225 #define	SMB2_IMPERSONATION_IDENTIFICATION		0x01
226 #define	SMB2_IMPERSONATION_IMPERSONATION		0x02
227 #define	SMB2_IMPERSONATION_DELEGATE			0x03
228 
229 /*
230  * Note: ShareAccess, CreateDispositon, CreateOptions,
231  * all use the same definitions as SMB1 (from MS-FSA).
232  * Ditto FileAccess flags (as with ACLs)
233  */
234 
235 /* SMB2 Create Context tags */
236 
237 #define	SMB2_CREATE_EA_BUFFER			0x45787441 /* ("ExtA") */
238 /*
239  * The data contains the extended attributes
240  * that MUST be stored on the created file.
241  * This value MUST NOT be set for named
242  * pipes and print files.
243  */
244 
245 #define	SMB2_CREATE_SD_BUFFER			0x53656344 /* ("SecD") */
246 /*
247  * The data contains a security descriptor that
248  * MUST be stored on the created file.
249  * This value MUST NOT be set for named
250  * pipes and print files.
251  */
252 
253 #define	SMB2_CREATE_DURABLE_HANDLE_REQUEST	0x44486e51 /* ("DHnQ") */
254 /* The client is requesting the open to be durable */
255 
256 #define	SMB2_CREATE_DURABLE_HANDLE_RECONNECT	0x44486e43 /* ("DHnC") */
257 /*
258  * The client is requesting to reconnect to a
259  * durable open after being disconnected
260  */
261 
262 #define	SMB2_CREATE_ALLOCATION_SIZE		0x416c5369 /* ("AISi") */
263 /*
264  * The data contains the required allocation
265  * size of the newly created file.
266  */
267 
268 #define	SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQ	0x4d784163 /* ("MxAc") */
269 /*
270  * The client is requesting that the server
271  * return maximal access information.
272  */
273 
274 #define	SMB2_CREATE_TIMEWARP_TOKEN		0x54577270 /* ("TWrp") */
275 /*
276  * The client is requesting that the server
277  * open an earlier version of the file identified
278  * by the provided time stamp.
279  */
280 
281 #define	SMB2_CREATE_QUERY_ON_DISK_ID		0x51466964 /* ("QFid") */
282 /*
283  * The client is requesting that the server return a 32-byte
284  * opaque BLOB that uniquely identifies the file being opened
285  * on disk. No data is passed to the server by the client.
286  */
287 
288 #define	SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2	0x44483251 /* ("DH2Q") */
289 /*
290  * The client is requesting the open to be durable.
291  * This value is only supported for the SMB 3.x dialect family.
292  */
293 
294 #define	SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2	0x44483243 /* ("DH2C") */
295 /*
296  * The client is requesting to reconnect to a
297  * durable open after being disconnected.
298  * This value is only supported for the SMB 3.x dialect family.
299  */
300 
301 #define	SMB2_DHANDLE_FLAG_PERSISTENT	0x00000002
302 /* A persistent handle is requested. */
303 
304 #define	SMB2_CREATE_REQUEST_LEASE		0x52714c73 /* ("RqLs") */
305 /*
306  * The client is requesting that the server return a lease.
307  * This value is only supported for the SMB 2.1 and 3.0 dialects.
308  */
309 
310 #define	SMB2_CREATE_CTX_AAPL			0x4141504c /* ("AAPL") */
311 /*
312  * Client is MacOS X looking for MacOS-specific extensions.
313  */
314 
315 /*
316  * SMB2 Close
317  */
318 #define	SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB	0x0001
319 
320 /*
321  * SMB2 Write
322  */
323 #define	SMB2_WRITEFLAG_WRITE_THROUGH		0x00000001
324 
325 /*
326  * SMB2 Lock Request
327  */
328 
329 /* SMB2 lock flags */
330 
331 /*
332  * SMB2_LOCKFLAG_SHARED_LOCK
333  * The range MUST be locked shared, allowing other opens
334  * to read from or take a shared lock on the range. All opens
335  * MUST NOT be allowed to write within the range. Other
336  * locks can be requested and taken on this range.
337  */
338 #define	SMB2_LOCKFLAG_SHARED_LOCK	0x00000001
339 
340 /*
341  * SMB2_LOCKFLAG_EXCLUSIVE_LOCK
342  * The range MUST be locked exclusive, not allowing other
343  * opens to read, write, or lock within the range.
344  */
345 #define	SMB2_LOCKFLAG_EXCLUSIVE_LOCK	0x00000002
346 
347 /*
348  * SMB2_LOCKFLAG_UNLOCK
349  * The range MUST be unlocked from a previous lock taken
350  * on this range. The unlock range MUST be identical to the
351  * lock range. Sub-ranges cannot be unlocked.
352  */
353 #define	SMB2_LOCKFLAG_UNLOCK		0x00000004
354 
355 /*
356  * SMB2_LOCKFLAG_FAIL_IMMEDIATELY
357  * The lock operation MUST fail immediately if it conflicts
358  * with an existing lock, instead of waiting for the range to
359  * become available.  This can be OR'ed with either of
360  * shared_lock, exclusive_lock (nothing else).
361  */
362 #define	SMB2_LOCKFLAG_FAIL_IMMEDIATELY	0x00000010
363 
364 /*
365  * SMB2 Ioctl Request
366  */
367 #define	SMB2_0_IOCTL_IS_FSCTL		0x00000001
368 
369 
370 /*
371  * SMB2 Query Directory
372  */
373 
374 /*
375  * SMB2 query directory info levels
376  * Same as SMB1 (see ntifs.h)
377  */
378 
379 /*
380  * SMB2 Query Directory Flags
381  * (our own names for these - spec. used poor names)
382  */
383 #define	SMB2_QDIR_FLAG_RESTART		0x01 /* SMB2_RESTART_SCANS */
384 #define	SMB2_QDIR_FLAG_SINGLE		0x02 /* SMB2_RETURN_SINGLE_ENTRY */
385 #define	SMB2_QDIR_FLAG_INDEX		0x04 /* SMB2_INDEX_SPECIFIED */
386 #define	SMB2_QDIR_FLAG_REOPEN		0x10 /* SMB2_REOPEN */
387 
388 /*
389  * SMB2 Query Info Request
390  */
391 
392 /* info type */
393 #define	SMB2_0_INFO_FILE		0x01
394 /* The file information is requested. */
395 #define	SMB2_0_INFO_FILESYSTEM		0x02
396 /* The underlying object store information is requested. */
397 #define	SMB2_0_INFO_SECURITY		0x03
398 /* The security information is requested. */
399 #define	SMB2_0_INFO_QUOTA		0x04
400 /* The underlying object store quota information is requested. */
401 
402 /*
403  * SMB2 Change Nofity Request
404  */
405 #define	SMB2_WATCH_TREE			0x00000001
406 
407 /* SMB2 Oplock Break: lease break notification flags */
408 #define	SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED  0x01
409 
410 #ifdef __cplusplus
411 }
412 #endif
413 
414 #endif /* _SMB_SMB2_H */
415