smb/server/ksmbd_netlink.h

/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
 *   Copyright (C) 2018 Samsung Electronics Co., Ltd.
 *
 *   linux-ksmbd-devel@lists.sourceforge.net
 */

#ifndef _LINUX_KSMBD_SERVER_H
#define _LINUX_KSMBD_SERVER_H

#include <linux/types.h>

/*
 * This is a userspace ABI to communicate data between ksmbd and user IPC
 * daemon using netlink. This is added to track and cache user account DB
 * and share configuration info from userspace.
 *
 *  - KSMBD_EVENT_HEARTBEAT_REQUEST(ksmbd_heartbeat)
 *    This event is to check whether user IPC daemon is alive. If user IPC
 *    daemon is dead, ksmbd keep existing connection till disconnecting and
 *    new connection will be denied.
 *
 *  - KSMBD_EVENT_STARTING_UP(ksmbd_startup_request)
 *    This event is to receive the information that initializes the ksmbd
 *    server from the user IPC daemon and to start the server. The global
 *    section parameters are given from smb.conf as initialization
 *    information.
 *
 *  - KSMBD_EVENT_SHUTTING_DOWN(ksmbd_shutdown_request)
 *    This event is to shutdown ksmbd server.
 *
 *  - KSMBD_EVENT_LOGIN_REQUEST/RESPONSE(ksmbd_login_request/response)
 *    This event is to get user account info to user IPC daemon.
 *
 *  - KSMBD_EVENT_SHARE_CONFIG_REQUEST/RESPONSE(ksmbd_share_config_request/response)
 *    This event is to get net share configuration info.
 *
 *  - KSMBD_EVENT_TREE_CONNECT_REQUEST/RESPONSE(ksmbd_tree_connect_request/response)
 *    This event is to get session and tree connect info.
 *
 *  - KSMBD_EVENT_TREE_DISCONNECT_REQUEST(ksmbd_tree_disconnect_request)
 *    This event is to send tree disconnect info to user IPC daemon.
 *
 *  - KSMBD_EVENT_LOGOUT_REQUEST(ksmbd_logout_request)
 *    This event is to send logout request to user IPC daemon.
 *
 *  - KSMBD_EVENT_RPC_REQUEST/RESPONSE(ksmbd_rpc_command)
 *    This event is to make DCE/RPC request like srvsvc, wkssvc, lsarpc,
 *    samr to be processed in userspace.
 *
 *  - KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST/RESPONSE(ksmbd_spnego_authen_request/response)
 *    This event is to make kerberos authentication to be processed in
 *    userspace.
 *
 *  - KSMBD_EVENT_LOGIN_REQUEST_EXT/RESPONSE_EXT(ksmbd_login_request_ext/response_ext)
 *    This event is to get user account extension info to user IPC daemon.
 */

#define KSMBD_GENL_NAME		"SMBD_GENL"
#define KSMBD_GENL_VERSION		0x01

#define KSMBD_REQ_MAX_ACCOUNT_NAME_SZ	48
#define KSMBD_REQ_MAX_HASH_SZ		18
#define KSMBD_REQ_MAX_SHARE_NAME	64

/*
 * IPC heartbeat frame to check whether user IPC daemon is alive.
 */
struct ksmbd_heartbeat {
	__u32	handle;
};

/*
 * Global config flags.
 */
#define KSMBD_GLOBAL_FLAG_INVALID		(0)
#define KSMBD_GLOBAL_FLAG_SMB2_LEASES		BIT(0)
#define KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION	BIT(1)
#define KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL	BIT(2)
#define KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION_OFF	BIT(3)
#define KSMBD_GLOBAL_FLAG_DURABLE_HANDLE	BIT(4)

/*
 * IPC request for ksmbd server startup
 */
struct ksmbd_startup_request {
	__u32	flags;			/* Flags for global config */
	__s32	signing;		/* Signing enabled */
	__s8	min_prot[16];		/* The minimum SMB protocol version */
	__s8	max_prot[16];		/* The maximum SMB protocol version */
	__s8	netbios_name[16];
	__s8	work_group[64];		/* Workgroup */
	__s8	server_string[64];	/* Server string */
	__u16	tcp_port;		/* tcp port */
	__u16	ipc_timeout;		/*
					 * specifies the number of seconds
					 * server will wait for the userspace to
					 * reply to heartbeat frames.
					 */
	__u32	deadtime;		/* Number of minutes of inactivity */
	__u32	file_max;		/* Limits the maximum number of open files */
	__u32	smb2_max_write;		/* MAX write size */
	__u32	smb2_max_read;		/* MAX read size */
	__u32	smb2_max_trans;		/* MAX trans size */
	__u32	share_fake_fscaps;	/*
					 * Support some special application that
					 * makes QFSINFO calls to check whether
					 * we set the SPARSE_FILES bit (0x40).
					 */
	__u32	sub_auth[3];		/* Subauth value for Security ID */
	__u32	smb2_max_credits;	/* MAX credits */
	__u32	smbd_max_io_size;	/* smbd read write size */
	__u32	max_connections;	/* Number of maximum simultaneous connections */
	__s8	bind_interfaces_only;
	__u32	max_ip_connections;	/* Number of maximum connection per ip address */
	__s8	reserved[499];		/* Reserved room */
	__u32	ifc_list_sz;		/* interfaces list size */
	__s8	____payload[];
} __packed;

#define KSMBD_STARTUP_CONFIG_INTERFACES(s)	((s)->____payload)

/*
 * IPC request to shutdown ksmbd server.
 */
struct ksmbd_shutdown_request {
	__s32	reserved[16];
};

/*
 * IPC user login request.
 */
struct ksmbd_login_request {
	__u32	handle;
	__s8	account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; /* user account name */
	__u32	reserved[16];				/* Reserved room */
};

/*
 * IPC user login response.
 */
struct ksmbd_login_response {
	__u32	handle;
	__u32	gid;					/* group id */
	__u32	uid;					/* user id */
	__s8	account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; /* user account name */
	__u16	status;
	__u16	hash_sz;			/* hash size */
	__s8	hash[KSMBD_REQ_MAX_HASH_SZ];	/* password hash */
	__u32	reserved[16];			/* Reserved room */
};

/*
 * IPC user login response extension.
 */
struct ksmbd_login_response_ext {
	__u32	handle;
	__s32	ngroups;			/* supplementary group count */
	__s8	reserved[128];			/* Reserved room */
	__s8	____payload[];
};

/*
 * IPC request to fetch net share config.
 */
struct ksmbd_share_config_request {
	__u32	handle;
	__s8	share_name[KSMBD_REQ_MAX_SHARE_NAME]; /* share name */
	__u32	reserved[16];		/* Reserved room */
};

/*
 * IPC response to the net share config request.
 */
struct ksmbd_share_config_response {
	__u32	handle;
	__u32	flags;
	__u16	create_mask;
	__u16	directory_mask;
	__u16	force_create_mode;
	__u16	force_directory_mode;
	__u16	force_uid;
	__u16	force_gid;
	__s8	share_name[KSMBD_REQ_MAX_SHARE_NAME];
	__u32	reserved[111];		/* Reserved room */
	__u32	payload_sz;
	__u32	veto_list_sz;
	__s8	____payload[];
};

#define KSMBD_SHARE_CONFIG_VETO_LIST(s)	((s)->____payload)

static inline char *
ksmbd_share_config_path(struct ksmbd_share_config_response *sc)
{
	char *p = sc->____payload;

	if (sc->veto_list_sz)
		p += sc->veto_list_sz + 1;

	return p;
}

/*
 * IPC request for tree connection. This request include session and tree
 * connect info from client.
 */
struct ksmbd_tree_connect_request {
	__u32	handle;
	__u16	account_flags;
	__u16	flags;
	__u64	session_id;
	__u64	connect_id;
	__s8	account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ];
	__s8	share[KSMBD_REQ_MAX_SHARE_NAME];
	__s8	peer_addr[64];
	__u32	reserved[16];		/* Reserved room */
};

/*
 * IPC Response structure for tree connection.
 */
struct ksmbd_tree_connect_response {
	__u32	handle;
	__u16	status;
	__u16	connection_flags;
	__u32	reserved[16];		/* Reserved room */
};

/*
 * IPC Request structure to disconnect tree connection.
 */
struct ksmbd_tree_disconnect_request {
	__u64	session_id;	/* session id */
	__u64	connect_id;	/* tree connection id */
	__u32	reserved[16];	/* Reserved room */
};

/*
 * IPC Response structure to logout user account.
 */
struct ksmbd_logout_request {
	__s8	account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; /* user account name */
	__u32	account_flags;
	__u32	reserved[16];				/* Reserved room */
};

/*
 * RPC command structure to send rpc request like srvsvc or wkssvc to
 * IPC user daemon.
 */
struct ksmbd_rpc_command {
	__u32	handle;
	__u32	flags;
	__u32	payload_sz;
	__u8	payload[];
};

/*
 * IPC Request Kerberos authentication
 */
struct ksmbd_spnego_authen_request {
	__u32	handle;
	__u16	spnego_blob_len;	/* the length of spnego_blob */
	__u8	spnego_blob[];		/*
					 * the GSS token from SecurityBuffer of
					 * SMB2 SESSION SETUP request
					 */
};

/*
 * Response data which includes the GSS token and the session key generated by
 * user daemon.
 */
struct ksmbd_spnego_authen_response {
	__u32	handle;
	struct ksmbd_login_response login_response; /*
						     * the login response with
						     * a user identified by the
						     * GSS token from a client
						     */
	__u16	session_key_len; /* the length of the session key */
	__u16	spnego_blob_len; /*
				  * the length of  the GSS token which will be
				  * stored in SecurityBuffer of SMB2 SESSION
				  * SETUP response
				  */
	__u8	payload[]; /* session key + AP_REP */
};

/*
 * This also used as NETLINK attribute type value.
 *
 * NOTE:
 * Response message type value should be equal to
 * request message type value + 1.
 */
enum ksmbd_event {
	KSMBD_EVENT_UNSPEC			= 0,
	KSMBD_EVENT_HEARTBEAT_REQUEST,

	KSMBD_EVENT_STARTING_UP,
	KSMBD_EVENT_SHUTTING_DOWN,

	KSMBD_EVENT_LOGIN_REQUEST,
	KSMBD_EVENT_LOGIN_RESPONSE		= 5,

	KSMBD_EVENT_SHARE_CONFIG_REQUEST,
	KSMBD_EVENT_SHARE_CONFIG_RESPONSE,

	KSMBD_EVENT_TREE_CONNECT_REQUEST,
	KSMBD_EVENT_TREE_CONNECT_RESPONSE,

	KSMBD_EVENT_TREE_DISCONNECT_REQUEST	= 10,

	KSMBD_EVENT_LOGOUT_REQUEST,

	KSMBD_EVENT_RPC_REQUEST,
	KSMBD_EVENT_RPC_RESPONSE,

	KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST,
	KSMBD_EVENT_SPNEGO_AUTHEN_RESPONSE	= 15,

	KSMBD_EVENT_LOGIN_REQUEST_EXT,
	KSMBD_EVENT_LOGIN_RESPONSE_EXT,

	__KSMBD_EVENT_MAX,
	KSMBD_EVENT_MAX = __KSMBD_EVENT_MAX - 1
};

/*
 * Enumeration for IPC tree connect status.
 */
enum KSMBD_TREE_CONN_STATUS {
	KSMBD_TREE_CONN_STATUS_OK		= 0,
	KSMBD_TREE_CONN_STATUS_NOMEM,
	KSMBD_TREE_CONN_STATUS_NO_SHARE,
	KSMBD_TREE_CONN_STATUS_NO_USER,
	KSMBD_TREE_CONN_STATUS_INVALID_USER,
	KSMBD_TREE_CONN_STATUS_HOST_DENIED	= 5,
	KSMBD_TREE_CONN_STATUS_CONN_EXIST,
	KSMBD_TREE_CONN_STATUS_TOO_MANY_CONNS,
	KSMBD_TREE_CONN_STATUS_TOO_MANY_SESSIONS,
	KSMBD_TREE_CONN_STATUS_ERROR,
};

/*
 * User config flags.
 */
#define KSMBD_USER_FLAG_INVALID		(0)
#define KSMBD_USER_FLAG_OK		BIT(0)
#define KSMBD_USER_FLAG_BAD_PASSWORD	BIT(1)
#define KSMBD_USER_FLAG_BAD_UID		BIT(2)
#define KSMBD_USER_FLAG_BAD_USER	BIT(3)
#define KSMBD_USER_FLAG_GUEST_ACCOUNT	BIT(4)
#define KSMBD_USER_FLAG_DELAY_SESSION	BIT(5)
#define KSMBD_USER_FLAG_EXTENSION	BIT(6)

/*
 * Share config flags.
 */
#define KSMBD_SHARE_FLAG_INVALID			(0)
#define KSMBD_SHARE_FLAG_AVAILABLE			BIT(0)
#define KSMBD_SHARE_FLAG_BROWSEABLE			BIT(1)
#define KSMBD_SHARE_FLAG_WRITEABLE			BIT(2)
#define KSMBD_SHARE_FLAG_READONLY			BIT(3)
#define KSMBD_SHARE_FLAG_GUEST_OK			BIT(4)
#define KSMBD_SHARE_FLAG_GUEST_ONLY			BIT(5)
#define KSMBD_SHARE_FLAG_STORE_DOS_ATTRS		BIT(6)
#define KSMBD_SHARE_FLAG_OPLOCKS			BIT(7)
#define KSMBD_SHARE_FLAG_PIPE				BIT(8)
#define KSMBD_SHARE_FLAG_HIDE_DOT_FILES			BIT(9)
#define KSMBD_SHARE_FLAG_INHERIT_OWNER			BIT(10)
#define KSMBD_SHARE_FLAG_STREAMS			BIT(11)
#define KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS		BIT(12)
#define KSMBD_SHARE_FLAG_ACL_XATTR			BIT(13)
#define KSMBD_SHARE_FLAG_UPDATE				BIT(14)
#define KSMBD_SHARE_FLAG_CROSSMNT			BIT(15)
#define KSMBD_SHARE_FLAG_CONTINUOUS_AVAILABILITY	BIT(16)

/*
 * Tree connect request flags.
 */
#define KSMBD_TREE_CONN_FLAG_REQUEST_SMB1	(0)
#define KSMBD_TREE_CONN_FLAG_REQUEST_IPV6	BIT(0)
#define KSMBD_TREE_CONN_FLAG_REQUEST_SMB2	BIT(1)

/*
 * Tree connect flags.
 */
#define KSMBD_TREE_CONN_FLAG_GUEST_ACCOUNT	BIT(0)
#define KSMBD_TREE_CONN_FLAG_READ_ONLY		BIT(1)
#define KSMBD_TREE_CONN_FLAG_WRITABLE		BIT(2)
#define KSMBD_TREE_CONN_FLAG_ADMIN_ACCOUNT	BIT(3)
#define KSMBD_TREE_CONN_FLAG_UPDATE		BIT(4)

/*
 * RPC over IPC.
 */
#define KSMBD_RPC_METHOD_RETURN		BIT(0)
#define KSMBD_RPC_SRVSVC_METHOD_INVOKE	BIT(1)
#define KSMBD_RPC_SRVSVC_METHOD_RETURN	(KSMBD_RPC_SRVSVC_METHOD_INVOKE | KSMBD_RPC_METHOD_RETURN)
#define KSMBD_RPC_WKSSVC_METHOD_INVOKE	BIT(2)
#define KSMBD_RPC_WKSSVC_METHOD_RETURN	(KSMBD_RPC_WKSSVC_METHOD_INVOKE | KSMBD_RPC_METHOD_RETURN)
#define KSMBD_RPC_IOCTL_METHOD		(BIT(3) | KSMBD_RPC_METHOD_RETURN)
#define KSMBD_RPC_OPEN_METHOD		BIT(4)
#define KSMBD_RPC_WRITE_METHOD		BIT(5)
#define KSMBD_RPC_READ_METHOD		(BIT(6) | KSMBD_RPC_METHOD_RETURN)
#define KSMBD_RPC_CLOSE_METHOD		BIT(7)
#define KSMBD_RPC_RAP_METHOD		(BIT(8) | KSMBD_RPC_METHOD_RETURN)
#define KSMBD_RPC_RESTRICTED_CONTEXT	BIT(9)
#define KSMBD_RPC_SAMR_METHOD_INVOKE	BIT(10)
#define KSMBD_RPC_SAMR_METHOD_RETURN	(KSMBD_RPC_SAMR_METHOD_INVOKE | KSMBD_RPC_METHOD_RETURN)
#define KSMBD_RPC_LSARPC_METHOD_INVOKE	BIT(11)
#define KSMBD_RPC_LSARPC_METHOD_RETURN	(KSMBD_RPC_LSARPC_METHOD_INVOKE | KSMBD_RPC_METHOD_RETURN)

/*
 * RPC status definitions.
 */
#define KSMBD_RPC_OK			0
#define KSMBD_RPC_EBAD_FUNC		0x00000001
#define KSMBD_RPC_EACCESS_DENIED	0x00000005
#define KSMBD_RPC_EBAD_FID		0x00000006
#define KSMBD_RPC_ENOMEM		0x00000008
#define KSMBD_RPC_EBAD_DATA		0x0000000D
#define KSMBD_RPC_ENOTIMPLEMENTED	0x00000040
#define KSMBD_RPC_EINVALID_PARAMETER	0x00000057
#define KSMBD_RPC_EMORE_DATA		0x000000EA
#define KSMBD_RPC_EINVALID_LEVEL	0x0000007C
#define KSMBD_RPC_SOME_NOT_MAPPED	0x00000107

#define KSMBD_CONFIG_OPT_DISABLED	0
#define KSMBD_CONFIG_OPT_ENABLED	1
#define KSMBD_CONFIG_OPT_AUTO		2
#define KSMBD_CONFIG_OPT_MANDATORY	3

#endif /* _LINUX_KSMBD_SERVER_H */