1/*
2 * Copyright (c) 2000-2001 Boris Popov
3 * All rights reserved.
4 *
5 * Portions Copyright (C) 2001 - 2010 Apple Inc. All rights reserved.
6 *
7 * Now many of these defines are from samba4 code, by Andrew Tridgell.
8 * (Permission given to Conrad Minshall at CIFS plugfest Aug 13 2003.)
9 * (Note the main decision was whether to use defines found in MS includes
10 * and web pages, versus Samba, and the deciding factor is which developers
11 * are more likely to be looking at this code base.)
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 *    notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 *    notice, this list of conditions and the following disclaimer in the
20 *    documentation and/or other materials provided with the distribution.
21 * 3. All advertising materials mentioning features or use of this software
22 *    must display the following acknowledgement:
23 *    This product includes software developed by Boris Popov.
24 * 4. Neither the name of the author nor the names of any co-contributors
25 *    may be used to endorse or promote products derived from this software
26 *    without specific prior written permission.
27 *
28 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * SUCH DAMAGE.
39 *
40 */
41
42/*
43 * Common definintions and structures for SMB/CIFS protocol
44 */
45
46#ifndef _NETSMB_SMB_H_
47#define _NETSMB_SMB_H_
48
49#define	NBNS_UDP_PORT_137	137
50#define	NBSS_TCP_PORT_139	139
51#define	SMB_TCP_PORT_445	445
52
53/*
54 * Formats of data/string buffers
55 */
56#define	SMB_DT_DATA		1
57#define	SMB_DT_DIALECT		2
58#define	SMB_DT_PATHNAME		3
59#define	SMB_DT_ASCII		4
60#define	SMB_DT_VARIABLE		5
61
62/* We require a mux of ten to support remote notifcations */
63#define SMB_NOTIFY_MIN_MUX	10
64/*
65 * SMB header
66 */
67#define	SMB_SIGNATURE			"\xFFSMB"
68#define	SMB_SIGLEN				4
69#define	SMB_HDRCMD(p)			(*((u_char*)(p) + SMB_SIGLEN))
70#define	SMB_HDRPIDHIGH(p)		(letohs(*(uint16_t*)((u_char*)(p) + 12)))
71#define	SMB_HDRTID(p)			(letohs(*(uint16_t*)((u_char*)(p) + 24)))
72#define	SMB_HDRPIDLOW(p)		(letohs(*(uint16_t*)((u_char*)(p) + 26)))
73#define	SMB_HDRUID(p)			(letohs(*(uint16_t*)((u_char*)(p) + 28)))
74#define	SMB_HDRMID(p)			(letohs(*(uint16_t*)((u_char*)(p) + 30)))
75#define	SMB_HDRLEN				32
76#define	SMB_WRITEANDX_HDRLEN	32
77#define	SMB_READANDX_HDRLEN		30
78#define SMB_MAX_SETUPCOUNT_LEN	255
79#define SMB_COM_NT_TRANS_LEN	48
80
81/*
82 * bits in the smb_flags field
83 */
84#define SMB_FLAGS_SUPPORT_LOCKREAD      0x01
85#define SMB_FLAGS_CLIENT_BUF_AVAIL      0x02
86#define	SMB_FLAGS_CASELESS		0x08
87#define SMB_FLAGS_CANONICAL_PATHNAMES	0x10
88#define SMB_FLAGS_REQUEST_OPLOCK        0x20
89#define SMB_FLAGS_REQUEST_BATCH_OPLOCK  0x40
90#define SMB_FLAGS_SERVER_RESP		0x80
91
92/*
93 * bits in the smb_flags2 field
94 */
95#define	SMB_FLAGS2_KNOWS_LONG_NAMES	0x0001
96#define	SMB_FLAGS2_KNOWS_EAS		0x0002	/* client know about EAs */
97#define	SMB_FLAGS2_SECURITY_SIGNATURE	0x0004	/* check SMB integrity */
98#define	SMB_FLAGS2_IS_LONG_NAME		0x0040	/* any path name is long name */
99#define	SMB_FLAGS2_EXT_SEC		0x0800	/* client aware of Extended
100						 * Security negotiation */
101#define	SMB_FLAGS2_DFS			0x1000	/* resolve paths in DFS */
102#define	SMB_FLAGS2_PAGING_IO		0x2000	/* for exec */
103#define	SMB_FLAGS2_ERR_STATUS		0x4000	/* 1 - status.status */
104#define	SMB_FLAGS2_UNICODE		0x8000	/* use Unicode for all strings */
105
106#define	SMB_UID_UNKNOWN		0xffff
107#define	SMB_TID_UNKNOWN		0xffff
108
109/*
110 * Security mode bits
111 */
112#define SMB_SM_USER		0x01	/* server in the user security mode */
113#define	SMB_SM_ENCRYPT	0x02	/* use challenge/responce */
114#define	SMB_SM_SIGS		0x04
115#define	SMB_SM_SIGS_REQ 0x08
116
117/*
118 * Action bits in session setup reply
119 */
120#define SMB_ACT_GUEST		0x01
121
122/*
123 * NTLM capabilities
124 */
125#define	SMB_CAP_RAW_MODE		0x0001
126#define	SMB_CAP_MPX_MODE		0x0002
127#define	SMB_CAP_UNICODE			0x0004
128#define	SMB_CAP_LARGE_FILES		0x0008	/* 64 bit offsets supported */
129#define	SMB_CAP_NT_SMBS			0x0010
130#define	SMB_CAP_RPC_REMOTE_APIS		0x0020
131#define	SMB_CAP_STATUS32		0x0040
132#define	SMB_CAP_LEVEL_II_OPLOCKS	0x0080
133#define	SMB_CAP_LOCK_AND_READ		0x0100
134#define	SMB_CAP_NT_FIND			0x0200
135#define	SMB_CAP_DFS			0x1000
136#define	SMB_CAP_INFOLEVEL_PASSTHRU	0x2000
137#define	SMB_CAP_LARGE_READX		0x4000
138#define	SMB_CAP_LARGE_WRITEX		0x8000
139#define	SMB_CAP_UNIX			0x00800000
140#define	SMB_CAP_BULK_TRANSFER		0x20000000
141#define	SMB_CAP_COMPRESSED_DATA		0x40000000
142#define	SMB_CAP_EXT_SECURITY		0x80000000
143/* Used for checking to see if we are connecting to a NT4 server */
144#define SMB_CAP_LARGE_RDWRX	(SMB_CAP_LARGE_WRITEX | SMB_CAP_LARGE_READX)
145
146/* UNIX CAPS */
147#define CIFS_UNIX_MAJOR_VERSION 1
148#define CIFS_UNIX_MINOR_VERSION 0
149
150/* UNIX PROTOCOL EXTENSIONS CAP */
151#define CIFS_UNIX_FCNTL_LOCKS_CAP           	0x1
152#define CIFS_UNIX_POSIX_ACLS_CAP            	0x2
153#define CIFS_UNIX_XATTTR_CAP	            	0x4 /* for support of other xattr namespaces such as system, security and trusted */
154#define CIFS_UNIX_EXTATTR_CAP					0x8 /* for support of chattr (chflags) and lsattr */
155#define CIFS_UNIX_POSIX_PATHNAMES_CAP			0x10 /* Use POSIX pathnames on the wire. */
156#define CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP		0x20 /* Support new info */
157
158/*
159 * INTERNAL UNIX EXTENSIONS CAP
160 *
161 * Define which unix call we can make to the server
162 */
163#define UNIX_QFS_UNIX_INFO_CAP				0x01
164#define UNIX_QFS_POSIX_WHOAMI_CAP			0x02
165#define UNIX_QFS_POSIX_WHOAMI_SID_CAP		0x04
166#define UNIX_QFILEINFO_UNIX_LINK_CAP		0x08
167#define UNIX_SFILEINFO_UNIX_LINK_CAP		0x10
168#define UNIX_QFILEINFO_UNIX_INFO2_CAP		0x20
169#define UNIX_FIND_FILE_UNIX_INFO2_CAP		UNIX_QFILEINFO_UNIX_INFO2_CAP
170#define UNIX_SFILEINFO_UNIX_INFO2_CAP		0x40
171#define UNIX_SFILEINFO_POSIX_UNLINK_CAP		0x80
172
173/* Use by the client to say we are using posix names, not sure about are client */
174#define SMB_QUERY_POSIX_FS_INFO     0x201
175
176
177/* SMB_COM_TREE_CONNECT_ANDX reply word count */
178#define TREE_CONNECT_NORMAL_WDCNT		3
179#define TREE_CONNECT_EXTENDED_WDCNT		7
180
181/* SMB_COM_TREE_CONNECT_ANDX  flags. See [MS-SMB] for a complete description. */
182#define TREE_CONNECT_ANDX_DISCONNECT_TID		0x0001
183#define TREE_CONNECT_ANDX_EXTENDED_SIGNATURES	0x0004
184#define TREE_CONNECT_ANDX_EXTENDED_RESPONSE		0x0008
185
186/*
187 * SMB_COM_TREE_CONNECT_ANDX  optional support flags. See [MS-SMB] for a complete
188 * description.
189 */
190#define SMB_SUPPORT_SEARCH_BITS		0x0001	/* Server supports SearchAttributes */
191#define SMB_SHARE_IS_IN_DFS			0x0002	/* This share is managed by DFS */
192#define SMB_CSC_MASK				0x000C	/* Offline-caching bits for this share. */
193#define	SMB_UNIQUE_FILE_NAME		0x0010	/* Long file names only */
194#define SMB_EXTENDED_SIGNATURES		0x0020	/* Signing key protection is on. */
195/* See [MS-SMB] for a complete description of SMB_CSC_MASK bits. */
196#define SMB_CSC_CACHE_MANUAL_REINT	0x0000
197#define SMB_CSC_CACHE_AUTO_REINT	0x0004
198#define SMB_CSC_CACHE_VDO			0x0008
199
200/*
201 * Resource Types
202 */
203#define kFileTypeDisk				0x0000
204#define kFileTypeByteModePipe		0x0001
205#define kFileTypeMessageModePipe	0x0002
206#define kFileTypePrinter			0x0003
207#define kFileTypeUnknown			0xffff
208
209/*
210 * If the ResourceType field is FileTypeDisk, then this field MUST be the
211 * FileStatusFlags field:
212 *
213 * FileStatusFlags (2 bytes): A 16-bit field that shows extra information about
214 * the opened file or directory. Any combination of the following flags is valid.
215 * Unused bit fields SHOULD be set to zero by the server and MUST be ignored by the client.
216 */
217#define kNO_EAS			0x0001	/* The file or directory has no extended attributes. */
218#define kNO_SUBSTREAMS	0x0002	/* The file or directory has no data streams other than the main data stream. */
219#define kNO_REPARSETAG	0x0004	/* The file or directory is not a reparse point. */
220
221/*
222 * Extended file attributes
223 */
224#define SMB_EFA_RDONLY          0x0001
225#define SMB_EFA_HIDDEN          0x0002
226#define SMB_EFA_SYSTEM          0x0004
227#define SMB_EFA_VOLUME          0x0008
228#define SMB_EFA_DIRECTORY       0x0010
229#define SMB_EFA_ARCHIVE         0x0020
230#define SMB_EFA_DEVICE          0x0040
231#define SMB_EFA_NORMAL          0x0080
232#define SMB_EFA_TEMPORARY       0x0100
233#define SMB_EFA_SPARSE          0x0200
234#define SMB_EFA_REPARSE_POINT   0x0400
235#define SMB_EFA_COMPRESSED      0x0800
236#define SMB_EFA_OFFLINE         0x1000
237#define SMB_EFA_NONINDEXED      0x2000
238#define SMB_EFA_ENCRYPTED       0x4000
239#define SMB_EFA_POSIX_SEMANTICS 0x01000000
240#define SMB_EFA_BACKUP_SEMANTICS 0x02000000
241#define SMB_EFA_DELETE_ON_CLOSE 0x04000000
242#define SMB_EFA_SEQUENTIAL_SCAN 0x08000000
243#define SMB_EFA_RANDOM_ACCESS   0x10000000
244#define SMB_EFA_NO_BUFFERING    0x20000000
245#define SMB_EFA_WRITE_THROUGH   0x80000000
246
247
248/*
249 * Access Mode Encoding
250 */
251#define	SMB_AM_OPENREAD		0x0000
252#define	SMB_AM_OPENWRITE	0x0001
253#define	SMB_AM_OPENRW		0x0002
254#define	SMB_AM_OPENEXEC		0x0003
255#define	SMB_AM_OPENMODE		0x0003	/* mask for access mode bits */
256#define	SMB_SM_COMPAT		0x0000
257#define	SMB_SM_EXCLUSIVE	0x0010
258#define	SMB_SM_DENYWRITE	0x0020
259#define	SMB_SM_DENYREADEXEC	0x0030
260#define	SMB_SM_DENYNONE		0x0040
261
262/* NT_CREATE_ANDX reply word count */
263#define NTCREATEX_NORMAL_WDCNT		34
264#define NTCREATEX_EXTENDED_WDCNT	42
265#define NTCREATEX_BRKEN_SPEC_26_WDCNT	26
266
267/* NT_CREATE_ANDX flags */
268#define NTCREATEX_FLAGS_REQUEST_OPLOCK          0x02
269#define NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK    0x04
270#define NTCREATEX_FLAGS_OPEN_DIRECTORY          0x08
271#define NTCREATEX_FLAGS_EXTENDED                0x10
272
273/* NT_CREATE_ANDX share_access (share mode) */
274#define NTCREATEX_SHARE_ACCESS_NONE     0
275#define NTCREATEX_SHARE_ACCESS_READ     1
276#define NTCREATEX_SHARE_ACCESS_WRITE    2
277#define NTCREATEX_SHARE_ACCESS_DELETE   4
278#define NTCREATEX_SHARE_ACCESS_ALL      7
279
280/*
281 * CreateDisposition
282 * Specifies the action to perform if the file does or does not exist.
283 * CreateDisposition can be one of the values in the following table.
284 *
285 * CreateDisposition value	Action if file exists			Action if file does not exist
286 * FILE_SUPERSEDE			Replace the file.					Create the file.
287 * FILE_OPEN				Open the file.						Return an error.
288 * FILE_CREATE				Return an error.					Create the file.
289 * FILE_OPEN_IF				Open the file.						Create the file.
290 * FILE_OVERWRITE			Open the file, and overwrite it.	Return an error.
291 * FILE_OVERWRITE_IF		Open the file, and overwrite it.	Create the file.
292 *
293 * See [MS-CIFS].pdf for complete description
294 */
295#define FILE_SUPERSEDE        0
296#define FILE_OPEN             1
297#define FILE_CREATE           2
298#define FILE_OPEN_IF          3
299#define FILE_OVERWRITE        4
300#define FILE_OVERWRITE_IF     5
301
302/* NT_CREATE_ANDX create_options */
303#define NTCREATEX_OPTIONS_DIRECTORY             0x0001
304#define NTCREATEX_OPTIONS_WRITE_THROUGH         0x0002
305#define NTCREATEX_OPTIONS_SEQUENTIAL_ONLY       0x0004
306#define NTCREATEX_OPTIONS_SYNC_ALERT            0x0010
307#define NTCREATEX_OPTIONS_ASYNC_ALERT           0x0020
308#define NTCREATEX_OPTIONS_NON_DIRECTORY_FILE    0x0040
309#define NTCREATEX_OPTIONS_NO_EA_KNOWLEDGE       0x0200
310#define NTCREATEX_OPTIONS_EIGHT_DOT_THREE_ONLY  0x0400
311#define NTCREATEX_OPTIONS_RANDOM_ACCESS         0x0800
312#define NTCREATEX_OPTIONS_DELETE_ON_CLOSE       0x1000
313#define NTCREATEX_OPTIONS_OPEN_BY_FILE_ID		0x2000
314/*
315 * If the CreateOptions parameter specifies the FILE_OPEN_REPARSE_POINT flag and
316 * NtCreateFile opens a file with a reparse point, normal reparse processing does
317 * not occur and NtCreateFile attempts to directly open the reparse point file.
318 * If the FILE_OPEN_REPARSE_POINT flag is not specified, normal reparse point
319 * processing occurs for the file. In either case, if the open operation was
320 * successful, NtCreateFile returns STATUS_SUCCESS; otherwise, an error code.
321 * The NtCreateFile function never returns STATUS_REPARSE, if FILE_OPEN_REPARSE_POINT
322 * is set.
323 */
324#define NTCREATEX_OPTIONS_OPEN_REPARSE_POINT	0x00200000
325
326/* NT_CREATE_ANDX "impersonation" */
327#define NTCREATEX_IMPERSONATION_ANONYMOUS       0
328#define NTCREATEX_IMPERSONATION_IDENTIFICATION  1
329#define NTCREATEX_IMPERSONATION_IMPERSONATION   2
330#define NTCREATEX_IMPERSONATION_DELEGATION      3
331
332/* NT_CREATE_ANDX security flags */
333#define NTCREATEX_SECURITY_DYNAMIC      1
334#define NTCREATEX_SECURITY_ALL          2
335
336/* SMB_TRANS2_FIND_FIRST2/SMB_TRANS2_FIND_NEXT2 flags */
337#define FIND2_CLOSE_AFTER_REQUEST	0x0001
338#define FIND2_CLOSE_ON_EOS		0x0002
339#define FIND2_RETURN_RESUME_KEYS	0x0004
340#define FIND2_CONTINUE_SEARCH		0x0008
341#define FIND2_BACKUP_INTENT		0x0010
342
343/*
344 * SMB commands
345 */
346#define	SMB_COM_CREATE_DIRECTORY        0x00
347#define	SMB_COM_DELETE_DIRECTORY        0x01
348#define	SMB_COM_OPEN                    0x02
349#define	SMB_COM_CREATE                  0x03
350#define	SMB_COM_CLOSE                   0x04
351#define	SMB_COM_FLUSH                   0x05
352#define	SMB_COM_DELETE                  0x06
353#define	SMB_COM_RENAME                  0x07
354#define	SMB_COM_QUERY_INFORMATION       0x08
355#define	SMB_COM_SET_INFORMATION         0x09
356#define	SMB_COM_READ                    0x0A
357#define	SMB_COM_WRITE                   0x0B
358#define	SMB_COM_LOCK_BYTE_RANGE         0x0C
359#define	SMB_COM_UNLOCK_BYTE_RANGE       0x0D
360#define	SMB_COM_CREATE_TEMPORARY        0x0E
361#define	SMB_COM_CREATE_NEW              0x0F
362#define	SMB_COM_CHECK_DIRECTORY         0x10
363#define	SMB_COM_PROCESS_EXIT            0x11
364#define	SMB_COM_SEEK                    0x12
365#define	SMB_COM_LOCK_AND_READ           0x13
366#define	SMB_COM_WRITE_AND_UNLOCK        0x14
367#define	SMB_COM_READ_RAW                0x1A
368#define	SMB_COM_READ_MPX                0x1B
369#define	SMB_COM_READ_MPX_SECONDARY      0x1C
370#define	SMB_COM_WRITE_RAW               0x1D
371#define	SMB_COM_WRITE_MPX               0x1E
372#define	SMB_COM_WRITE_COMPLETE          0x20
373#define	SMB_COM_SET_INFORMATION2        0x22
374#define	SMB_COM_QUERY_INFORMATION2      0x23
375#define	SMB_COM_LOCKING_ANDX            0x24
376#define	SMB_COM_TRANSACTION             0x25
377#define	SMB_COM_TRANSACTION_SECONDARY   0x26
378#define	SMB_COM_IOCTL                   0x27
379#define	SMB_COM_IOCTL_SECONDARY         0x28
380#define	SMB_COM_COPY                    0x29
381#define	SMB_COM_MOVE                    0x2A
382#define	SMB_COM_ECHO                    0x2B
383#define	SMB_COM_WRITE_AND_CLOSE         0x2C
384#define	SMB_COM_OPEN_ANDX               0x2D
385#define	SMB_COM_READ_ANDX               0x2E
386#define	SMB_COM_WRITE_ANDX              0x2F
387#define	SMB_COM_CLOSE_AND_TREE_DISC     0x31
388#define	SMB_COM_TRANSACTION2            0x32
389#define	SMB_COM_TRANSACTION2_SECONDARY  0x33
390#define	SMB_COM_FIND_CLOSE2             0x34
391#define	SMB_COM_FIND_NOTIFY_CLOSE       0x35
392#define	SMB_COM_TREE_CONNECT			0x70
393#define	SMB_COM_TREE_DISCONNECT         0x71
394#define	SMB_COM_NEGOTIATE               0x72
395#define	SMB_COM_SESSION_SETUP_ANDX      0x73
396#define	SMB_COM_LOGOFF_ANDX             0x74
397#define	SMB_COM_TREE_CONNECT_ANDX       0x75
398#define	SMB_COM_QUERY_INFORMATION_DISK  0x80
399#define	SMB_COM_SEARCH                  0x81
400#define	SMB_COM_FIND                    0x82
401#define	SMB_COM_FIND_UNIQUE             0x83
402#define	SMB_COM_NT_TRANSACT             0xA0
403#define	SMB_COM_NT_TRANSACT_SECONDARY   0xA1
404#define	SMB_COM_NT_CREATE_ANDX          0xA2
405#define	SMB_COM_NT_CANCEL               0xA4
406#define	SMB_COM_OPEN_PRINT_FILE         0xC0
407#define	SMB_COM_WRITE_PRINT_FILE        0xC1
408#define	SMB_COM_CLOSE_PRINT_FILE        0xC2
409#define	SMB_COM_GET_PRINT_QUEUE         0xC3
410#define	SMB_COM_READ_BULK               0xD8
411#define	SMB_COM_WRITE_BULK              0xD9
412#define	SMB_COM_WRITE_BULK_DATA         0xDA
413
414/*
415 * Used internally to identify async SMB_COM_NT_TRANSACT requests
416 * Actual command gets set to SMB_COM_NT_TRANSACT
417 */
418#define	SMB_COM_NT_TRANSACT_ASYNC       0xE0
419
420/*
421 * SMB_COM_TRANSACTION2 subcommands
422 */
423#define	SMB_TRANS2_OPEN2			0x00
424#define	SMB_TRANS2_FIND_FIRST2			0x01
425#define	SMB_TRANS2_FIND_NEXT2			0x02
426#define	SMB_TRANS2_QUERY_FS_INFORMATION		0x03
427#define SMB_TRANS2_SETFSINFO                    0x04
428#define	SMB_TRANS2_QUERY_PATH_INFORMATION	0x05
429#define	SMB_TRANS2_SET_PATH_INFORMATION		0x06
430#define	SMB_TRANS2_QUERY_FILE_INFORMATION	0x07
431#define	SMB_TRANS2_SET_FILE_INFORMATION		0x08
432#define	SMB_TRANS2_FSCTL			0x09
433#define	SMB_TRANS2_IOCTL2			0x0A
434#define	SMB_TRANS2_FIND_NOTIFY_FIRST		0x0B
435#define	SMB_TRANS2_FIND_NOTIFY_NEXT		0x0C
436#define	SMB_TRANS2_CREATE_DIRECTORY		0x0D
437#define	SMB_TRANS2_SESSION_SETUP		0x0E
438#define	SMB_TRANS2_GET_DFS_REFERRAL		0x10
439#define	SMB_TRANS2_REPORT_DFS_INCONSISTENCY	0x11
440
441/*
442 * SMB_COM_NT_TRANSACT subcommands
443 */
444#define NT_TRANSACT_CREATE		0x01
445#define NT_TRANSACT_IOCTL		0x02
446#define NT_TRANSACT_SET_SECURITY_DESC	0x03
447#define NT_TRANSACT_NOTIFY_CHANGE	0x04
448#define NT_TRANSACT_RENAME		0x05
449#define NT_TRANSACT_QUERY_SECURITY_DESC	0x06
450#define NT_TRANSACT_GET_USER_QUOTA	0x07
451#define NT_TRANSACT_SET_USER_QUOTA	0x08
452
453/*
454 * SMB_TRANS2_QUERY_FS_INFORMATION levels
455 */
456#define SMB_QFS_ALLOCATION              1
457#define SMB_QFS_VOLUME                  2
458#define SMB_QFS_LABEL_INFO		0x101
459#define SMB_QFS_VOLUME_INFO             0x102
460#define SMB_QFS_SIZE_INFO               0x103
461#define SMB_QFS_DEVICE_INFO             0x104
462#define SMB_QFS_ATTRIBUTE_INFO          0x105
463#define SMB_QFS_UNIX_INFO               0x200
464#define SMB_QFS_POSIX_WHOAMI     	0x202
465#define SMB_QFS_MAC_FS_INFO             0x301
466#define SMB_QFS_VOLUME_INFORMATION      1001
467#define SMB_QFS_SIZE_INFORMATION        1003
468#define SMB_QFS_DEVICE_INFORMATION      1004
469#define SMB_QFS_ATTRIBUTE_INFORMATION   1005
470#define SMB_QFS_QUOTA_INFORMATION       1006
471#define SMB_QFS_FULL_SIZE_INFORMATION   1007
472#define SMB_QFS_OBJECTID_INFORMATION    1008
473
474/*
475 * NT Notify Change Compeletion Filter
476*/
477#define FILE_NOTIFY_CHANGE_FILE_NAME	0x00000001
478#define FILE_NOTIFY_CHANGE_DIR_NAME		0x00000002
479#define FILE_NOTIFY_CHANGE_ATTRIBUTES	0x00000004
480#define FILE_NOTIFY_CHANGE_SIZE			0x00000008
481#define FILE_NOTIFY_CHANGE_LAST_WRITE	0x00000010
482#define FILE_NOTIFY_CHANGE_LAST_ACCESS	0x00000020
483#define FILE_NOTIFY_CHANGE_CREATION		0x00000040
484#define FILE_NOTIFY_CHANGE_EA			0x00000080
485#define FILE_NOTIFY_CHANGE_SECURITY		0x00000100
486#define FILE_NOTIFY_CHANGE_STREAM_NAME	0x00000200
487#define FILE_NOTIFY_CHANGE_STREAM_SIZE	0x00000400
488#define FILE_NOTIFY_CHANGE_STREAM_WRITE	0x00000800
489
490/*
491 * NT Notify Actions
492 */
493#define FILE_ACTION_ADDED				0x00000001
494#define FILE_ACTION_REMOVED				0x00000002
495#define FILE_ACTION_MODIFIED			0x00000003
496#define FILE_ACTION_RENAMED_OLD_NAME	0x00000004
497#define FILE_ACTION_RENAMED_NEW_NAME	0x00000005
498#define FILE_ACTION_ADDED_STREAM		0x00000006
499#define FILE_ACTION_REMOVED_STREAM		0x00000007
500#define FILE_ACTION_MODIFIED_STREAM		0x00000008
501
502/*
503 * Server Message Notify actions
504 */
505#define SVRMSG_SHUTDOWN_START           FILE_ACTION_REMOVED
506#define SVRMSG_SHUTDOWN_CANCELLED       FILE_ACTION_ADDED
507
508/*
509 * SMB_QFS_ATTRIBUTE_INFO bits.
510 */
511#define FILE_CASE_SENSITIVE_SEARCH      0x00000001
512#define FILE_CASE_PRESERVED_NAMES       0x00000002
513#define FILE_UNICODE_ON_DISK			0x00000004
514#define FILE_PERSISTENT_ACLS            0x00000008
515#define FILE_FILE_COMPRESSION           0x00000010
516#define FILE_VOLUME_QUOTAS              0x00000020
517#define FILE_SUPPORTS_SPARSE_FILES      0x00000040
518#define FILE_SUPPORTS_REPARSE_POINTS    0x00000080
519#define FILE_SUPPORTS_REMOTE_STORAGE    0x00000100
520#define FILE_SUPPORTS_LONG_NAMES		0x00004000
521#define FILE_VOLUME_IS_COMPRESSED       0x00008000
522#define FILE_SUPPORTS_OBJECT_IDS        0x00010000
523#define FILE_SUPPORTS_ENCRYPTION        0x00020000
524#define FILE_NAMED_STREAMS              0x00040000
525#define FILE_READ_ONLY_VOLUME           0x00080000
526
527/*
528 * Mask of which WHOAMI bits are valid. This should make it easier for clients
529 * to cope with servers that have different sets of WHOAMI flags (as more get added).
530 */
531#define SMB_WHOAMI_MASK 0x00000001
532
533/*
534 * SMBWhoami - Query the user mapping performed by the server for the
535 * connected tree. This is a subcommand of the TRANS2_QFSINFO.
536 *
537 * Returns:
538 *          4 bytes unsigned -      mapping flags (smb_whoami_flags)
539 *          4 bytes unsigned -      flags mask
540 *
541 *          8 bytes unsigned -      primary UID
542 *          8 bytes unsigned -      primary GID
543 *          4 bytes unsigned -      number of supplementary GIDs
544 *          4 bytes unsigned -      number of SIDs
545 *          4 bytes unsigned -      SID list byte count
546 *          4 bytes -               pad / reserved (must be zero)
547 *
548 *          8 bytes unsigned[] -    list of GIDs (may be empty)
549 *          DOM_SID[] -             list of SIDs (may be empty)
550 */
551
552/*
553 * SMB_TRANS2_QUERY_PATH levels
554 */
555#define SMB_QFILEINFO_STANDARD                  1
556#define SMB_QFILEINFO_EA_SIZE                   2
557#define SMB_QFILEINFO_EAS_FROM_LIST             3
558#define SMB_QFILEINFO_ALL_EAS                   4
559#define SMB_QFILEINFO_IS_NAME_VALID             6       /* QPATHINFO only? */
560#define SMB_QFILEINFO_BASIC_INFO                0x101
561#define SMB_QFILEINFO_STANDARD_INFO             0x102
562#define SMB_QFILEINFO_EA_INFO                   0x103
563#define SMB_QFILEINFO_NAME_INFO                 0x104
564#define SMB_QFILEINFO_ALLOCATION_INFO			0x105
565#define SMB_QFILEINFO_END_OF_FILE_INFO			0x106
566#define SMB_QFILEINFO_ALL_INFO                  0x107
567#define SMB_QFILEINFO_ALT_NAME_INFO             0x108
568#define SMB_QFILEINFO_STREAM_INFO               0x109
569#define SMB_QFILEINFO_COMPRESSION_INFO          0x10b
570#define SMB_QFILEINFO_UNIX_BASIC                0x200
571#define SMB_QFILEINFO_UNIX_LINK                 0x201
572#define SMB_QFILEINFO_POSIX_ACL					0x204
573#define SMB_QFILEINFO_UNIX_INFO2				0x20B   /* UNIX File Info*/
574#define SMB_QFILEINFO_MAC_DT_GET_APPL           0x306
575#define SMB_QFILEINFO_MAC_DT_GET_ICON           0x307
576#define SMB_QFILEINFO_MAC_DT_GET_ICON_INFO      0x308
577#define SMB_QFILEINFO_MAC_SPOTLIGHT				0x310
578#define SMB_QFILEINFO_BASIC_INFORMATION         1004
579#define SMB_QFILEINFO_STANDARD_INFORMATION      1005
580#define SMB_QFILEINFO_INTERNAL_INFORMATION      1006
581#define SMB_QFILEINFO_EA_INFORMATION            1007
582#define SMB_QFILEINFO_ACCESS_INFORMATION        1008
583#define SMB_QFILEINFO_NAME_INFORMATION          1009
584#define SMB_QFILEINFO_POSITION_INFORMATION      1014
585#define SMB_QFILEINFO_MODE_INFORMATION          1016
586#define SMB_QFILEINFO_ALIGNMENT_INFORMATION     1017
587#define SMB_QFILEINFO_ALL_INFORMATION           1018
588#define SMB_QFILEINFO_ALT_NAME_INFORMATION      1021
589#define SMB_QFILEINFO_STREAM_INFORMATION        1022
590#define SMB_QFILEINFO_COMPRESSION_INFORMATION   1028
591#define SMB_QFILEINFO_NETWORK_OPEN_INFORMATION  1034
592#define SMB_QFILEINFO_ATTRIBUTE_TAG_INFORMATION 1035
593
594/*
595 * SMB_TRANS2_FIND_FIRST2 information levels
596 */
597#define SMB_FIND_STANDARD               1
598#define SMB_FIND_EA_SIZE                2
599#define SMB_FIND_EAS_FROM_LIST          3
600#define SMB_FIND_DIRECTORY_INFO         0x101
601#define SMB_FIND_FULL_DIRECTORY_INFO    0x102
602#define SMB_FIND_NAME_INFO              0x103
603#define SMB_FIND_BOTH_DIRECTORY_INFO    0x104
604#define SMB_FIND_UNIX_INFO              0x200
605/* Transact 2 Find First levels */
606#define SMB_FIND_FILE_UNIX             0x202
607#define SMB_FIND_FILE_UNIX_INFO2       0x20B /* UNIX File Info2 */
608
609/*
610 * These are used by findfrist/next to determine the number of max search
611 * elements the client should be requesting. These values are the number of
612 * bytes each structure takes up in the packet if the associated name was empty.
613 * So we divided transaction buffer size by this number and that gives us the
614 * max search count to request. In each case we counted up the number of uint32_t
615 * that each structure contained, so a uint64_t counts as two uint32_t. In both
616 * cases we add 2 bytes to represent the empty UTF8 name. So SMB_FIND_BOTH_DIRECTORY_INFO
617 * has 16 uint32_t fields plus 30 bytes of other data and the SMB_FIND_FILE_UNIX_INFO2
618 * has 32 uint32_t fields.
619 */
620#define SMB_FIND_BOTH_DIRECTORY_INFO_MIN_LEN ((4 * 16) + 30 + 2)
621#define SMB_FIND_FILE_UNIX_INFO2_MIN_LEN ((4 * 32) + 2)
622
623/*
624 * SMB_QUERY_FILE_UNIX_INFO2 is SMB_QUERY_FILE_UNIX_BASIC with create
625 * time and file flags appended. The corresponding info level for
626 * findfirst/findnext is SMB_FIND_FILE_UNIX_UNIX2.
627 *     Size    Offset  Value
628 *     ---------------------
629 *      0      LARGE_INTEGER EndOfFile  File size
630 *      8      LARGE_INTEGER Blocks     Number of blocks used on disk
631 *      16     LARGE_INTEGER ChangeTime Attribute change time
632 *      24     LARGE_INTEGER LastAccessTime           Last access time
633 *      32     LARGE_INTEGER LastModificationTime     Last modification time
634 *      40     LARGE_INTEGER Uid        Numeric user id for the owner
635 *      48     LARGE_INTEGER Gid        Numeric group id of owner
636 *      56     ULONG Type               Enumeration specifying the file type
637 *      60     LARGE_INTEGER devmajor   Major device number if type is device
638 *      68     LARGE_INTEGER devminor   Minor device number if type is device
639 *      76     LARGE_INTEGER uniqueid   This is a server-assigned unique id
640 *      84     LARGE_INTEGER permissions             Standard UNIX permissions
641 *      92     LARGE_INTEGER nlinks     Number of hard link)
642 *      100    LARGE_INTEGER CreationTime             Create/birth time
643 *      108    ULONG FileFlags          File flags enumeration
644 *      112    ULONG FileFlagsMask      Mask of valid flags
645 */
646
647#define SMB_DEFAULT_NO_CHANGE	-1
648#define SMB_MODE_NO_CHANGE	(uint64_t)-1
649#define SMB_UID_NO_CHANGE	-1
650#define SMB_GID_NO_CHANGE	-1
651#define SMB_SIZE_NO_CHANGE	(uint64_t)-1
652#define SMB_FLAGS_NO_CHANGE	0
653
654/*
655 * Flags for chflags (CIFS_UNIX_EXTATTR_CAP capability) and
656 * SMB_QUERY_FILE_UNIX_BASIC2 (or whatever)
657 */
658#define EXT_SECURE_DELETE		0x00000001
659#define EXT_ENABLE_UNDELETE		0x00000002
660#define EXT_SYNCHRONOUS			0x00000004
661#define EXT_IMMUTABLE			0x00000008
662#define EXT_OPEN_APPEND_ONLY	0x00000010
663#define EXT_DO_NOT_BACKUP		0x00000020
664#define EXT_NO_UPDATE_ATIME		0x00000040
665#define EXT_HIDDEN				0x00000080
666/* The minimum set that is required by the Mac Client */
667#define EXT_REQUIRED_BY_MAC		(EXT_IMMUTABLE | EXT_HIDDEN | EXT_DO_NOT_BACKUP)
668
669/* Still expected to only contain 12 bits (little endian): */
670#define EXT_UNIX_S_ISUID    0004000   /* set UID bit */
671#define EXT_UNIX_S_ISGID    0002000   /* set-group-ID bit (see below) */
672#define EXT_UNIX_S_ISVTX    0001000   /* sticky bit (see below) */
673#define EXT_UNIX_S_IRUSR    00400     /* owner has read permission */
674#define EXT_UNIX_S_IWUSR    00200     /* owner has write permission */
675#define EXT_UNIX_S_IXUSR    00100     /* owner has execute permission */
676#define EXT_UNIX_S_IRGRP    00040     /* group has read permission */
677#define EXT_UNIX_S_IWGRP    00020     /* group has write permission */
678#define EXT_UNIX_S_IXGRP    00010     /* group has execute permission */
679#define EXT_UNIX_S_IROTH    00004     /* others have read permission */
680#define EXT_UNIX_S_IWOTH    00002     /* others have write permission */
681#define EXT_UNIX_S_IXOTH    00001     /* others have execute permission */
682
683
684/* File type is still the same enumeration (little endian) as: */
685#define EXT_UNIX_FILE      0
686#define EXT_UNIX_DIR       1
687#define EXT_UNIX_SYMLINK   2
688#define EXT_UNIX_CHARDEV   3
689#define EXT_UNIX_BLOCKDEV  4
690#define EXT_UNIX_FIFO      5
691#define EXT_UNIX_SOCKET    6
692
693/*
694 * Selectors for NT_TRANSACT_QUERY_SECURITY_DESC and
695 * NT_TRANSACT_SET_SECURITY_DESC.  Details found in the MSDN
696 * library by searching on security_information.
697 * Note the protected/unprotected bits did not exist in NT.
698 */
699
700#define OWNER_SECURITY_INFORMATION		0x00000001
701#define GROUP_SECURITY_INFORMATION		0x00000002
702#define DACL_SECURITY_INFORMATION		0x00000004
703#define SACL_SECURITY_INFORMATION		0x00000008
704#define UNPROTECTED_SACL_SECURITY_INFORMATION	0x10000000
705#define UNPROTECTED_DACL_SECURITY_INFORMATION	0x20000000
706#define PROTECTED_SACL_SECURITY_INFORMATION	0x40000000
707#define PROTECTED_DACL_SECURITY_INFORMATION	0x80000000
708
709/*
710 * The SECURITY_DESCRIPTOR structure defines an object's security attributes.
711 * These attributes specify who owns the object, who can access the object and
712 * what they can do with it, what level of audit logging should be applied to
713 * the object, and what kind of restrictions apply to the use of the security
714 * descriptor.
715 *
716 * See [MS-DTYP].pdf for more details.
717 */
718struct ntsecdesc {
719	uint8_t	Revision;		/* This field MUST be set to one. */
720	uint8_t	Sbz1;			/* In our case this field is reserved and MUST be set to zero. */
721	uint16_t	ControlFlags;	/* This specifies control access bit flags. The Self Relative bit MUST be set. */
722	uint32_t	OffsetOwner;	/* offset to owner SID */
723	uint32_t	OffsetGroup;	/* offset to group SID */
724	uint32_t	OffsetSacl;		/* offset to system/audit ACL */
725	uint32_t	OffsetDacl;		/* offset to discretionary ACL */
726} __attribute__((__packed__));
727
728
729
730/*
731 * ControlFlags - Control bits
732 */
733#define SE_OWNER_DEFAULTED		0x0001	/* Set when the owner was established by default means. */
734#define SE_GROUP_DEFAULTED		0x0002	/* Set when the group was established by default means. */
735#define SE_DACL_PRESENT			0x0004	/* Set when the DACL is present on the object. */
736#define SE_DACL_DEFAULTED		0x0008	/* Set when the DACL was established by default means. */
737#define SE_SACL_PRESENT			0x0010	/* Set when the SACL is present on the object. */
738#define SD_SACL_DEFAULTED		0x0020	/* Set when the SACL was established by default means. */
739#define SE_SERVER_SECURITY		0x0040	/*
740										 * Set when the caller wants the system to create a Server ACL based
741										 * on the input ACL, regardless of its source (explicit or defaulting).
742										 */
743#define SE_DACL_TRUSTED			0x0080	/*
744										 * Set when ACL pointed to by the DACL field was provided by a
745										 * trusted source and does not require any editing of compound ACEs.
746										 */
747#define SE_DACL_AUTO_INHERIT_REQ 0x0100	/* Set when the DACL should be computed through inheritance. */
748#define SE_SACL_AUTO_INHERIT_REQ 0x0200	/* Set when the SACL should be computed through inheritance. */
749#define SE_DACL_AUTO_INHERITED	0x0400	/* Set when the DACL was created through inheritance. */
750#define SE_SACL_AUTO_INHERITED	0x0800	/* Set when the SACL was created through inheritance. */
751#define SE_DACL_PROTECTED		0x1000	/* Set when the DACL should be protected from inherit operations. */
752#define SE_SACL_PROTECTED		0x2000	/* Set when the SACL should be protected from inherit operations. */
753#define SE_RM_CONTROL_VALID		0x4000	/*
754										 * Set when the resource manager control bits are valid. For more
755										 * information about resource managers, see [MS-SECO] section 4.1.
756										 */
757#define SE_SELF_RELATIVE		0x8000	/*
758										 * Set when the security descriptor is in self-relative format.
759										 * Cleared when the security descriptor is in absolute format.
760										 */
761
762/*
763 * access control list header
764 * it is followed by the ACEs
765 * note this is "raw", ie little-endian
766 */
767struct ntacl {
768	uint8_t	acl_revision;	/* 0x02 observed with W2K */
769	uint8_t	acl_pad1;
770	uint16_t	acl_len; /* bytes; includes this header */
771	uint16_t	acl_acecount;
772	uint16_t	acl_pad2;
773} __attribute__((__packed__));
774
775#define acllen(a) (letohs((a)->acl_len))
776#define wset_acllen(a, l) ((a)->acl_len = htoles(l))
777#define wset_aclacecount(a, c) ((a)->acl_acecount = htoles(c))
778#define aclace(a) ((struct ntace *)((char *)(a) + sizeof(struct ntacl)))
779
780/*
781 * access control entry header
782 * it is followed by type-specific ace data,
783 * which for the simple types is just a SID
784 * note this is "raw", ie little-endian
785 */
786struct ntace {
787	uint8_t	ace_type;
788	uint8_t	ace_flags;
789	uint16_t	ace_len; /* bytes; includes this header */
790	uint32_t	ace_rights; /* generic, standard, specific, etc */
791} __attribute__((__packed__));
792
793#define acetype(a) ((a)->ace_type)
794#define wset_acetype(a, t) ((a)->ace_type = (t))
795#define aceflags(a) ((a)->ace_flags)
796#define wset_aceflags(a, f) ((a)->ace_flags = (f))
797#define acelen(a) (letohs((a)->ace_len))
798#define wset_acelen(a, l) ((a)->ace_len = htoles(l))
799#define acerights(a) (letohl((a)->ace_rights))
800#define wset_acerights(a, r) ((a)->ace_rights = htolel(r))
801#define aceace(a) ((struct ntace *)((char *)(a) + acelen(a)))
802#define acesid(a) ((struct ntsid *)((char *)(a) + sizeof(struct ntace)))
803
804/*
805 * We take the Windows SMB2 define access modes and add a SMB2 in front to protect
806 * us from namespace collisions. May want to move these to a more general include
807 * file in the future. Would have been nice if the kauth.h file had used the same
808 * number scheme as Windows.
809 */
810#define SMB2_FILE_READ_DATA			0x00000001	/* Indicates the right to read data from the file, directory or named pipe. */
811#define SMB2_FILE_WRITE_DATA		0x00000002	/* Indicates the right to write data into the file or named pipe beyond the end of the file. */
812#define SMB2_FILE_APPEND_DATA		0x00000004	/* Indicates the right to append data into the file or named pipe. */
813#define SMB2_FILE_READ_EA			0x00000008	/* Indicates the right to read the extended attributes of the file, directory or named pipe. */
814#define SMB2_FILE_WRITE_EA			0x00000010	/* Indicates the right to write or change the extended attributes to the file, directory or named pipe. */
815#define SMB2_FILE_EXECUTE			0x00000020	/* Indicates the right to execute the file. */
816#define SMB2_FILE_DELETE_CHILD		0x00000040	/* Indicates the right to delete the files and directories within this directory. */
817#define SMB2_FILE_READ_ATTRIBUTES	0x00000080	/* Indicates the right to read the attributes of the file or directory. */
818#define SMB2_FILE_WRITE_ATTRIBUTES	0x00000100	/* Indicates the right to change the attributes of the file or directory. */
819
820#define SMB2_DELETE					0x00010000	/* Indicates the right to delete the file or directory */
821#define SMB2_READ_CONTROL			0x00020000	/* Indicates the right to read the security descriptor for the file, directory or named pipe. */
822#define SMB2_WRITE_DAC				0x00040000	/* Indicates the right to change the discretionary access control list (DACL) in the security descriptor for the file directory or named pipe. */
823#define SMB2_WRITE_OWNER			0x00080000	/* Indicates the right to change the owner in the security descriptor for the file, directory or named pipe. */
824#define SMB2_SYNCHRONIZE			0x00100000	/* SMB 2/3 clients set this flag to any value. SMB 2/3 servers MUST ignore this flag. */
825
826#define	SMB2_ACCESS_SYSTEM_SECURITY	0x01000000	/* Indicates the right to read or change the system access control list (SACL) in the security descriptor for the file, directory or named pipe.  */
827#define	SMB2_MAXIMAL_ACCESS			0x02000000	/* Indicates that the client is requesting an open to the file with the highest level of access the client has on this file. If no access is granted for the client on this file, the server MUST fail the open with STATUS_ACCESS_DENIED. */
828
829#define SMB2_FILE_LIST_DIRECTORY	SMB2_FILE_READ_DATA		/* Indicates the right to enumerate the contents of the directory. */
830#define SMB2_FILE_ADD_FILE			SMB2_FILE_WRITE_DATA	/* Indicates the right to create a file under the directory. */
831#define SMB2_FILE_ADD_SUBDIRECTORY	SMB2_FILE_APPEND_DATA	/* Indicates the right to add a sub-directory under the directory. */
832#define SMB2_FILE_TRAVERSE			SMB2_FILE_EXECUTE		/* Indicates the right to traverse this directory if the server enforces traversal checking. */
833
834#define SA_RIGHT_FILE_ALL_ACCESS	0x000001FF
835#define STD_RIGHT_ALL_ACCESS		0x001F0000
836
837#define SMB2_GENERIC_ALL			0x10000000	/* Indicates a request for all the access flags that are previously listed except MAXIMAL_ACCESS and ACCESS_SYSTEM_SECURITY. */
838#define SMB2_GENERIC_EXECUTE		0x20000000	/* Indicates a request for the following combination of access flags listed above: FILE_READ_ATTRIBUTES| FILE_EXECUTE| SYNCHRONIZE| READ_CONTROL. */
839#define SMB2_GENERIC_WRITE			0x40000000	/* Indicates a request for the following combination of access flags listed above: FILE_WRITE_DATA| FILE_APPEND_DATA| FILE_WRITE_ATTRIBUTES| FILE_WRITE_EA| SYNCHRONIZE| READ_CONTROL. */
840#define SMB2_GENERIC_READ			0x80000000	/* Indicates a request for the following combination of access flags listed above: FILE_READ_DATA| FILE_READ_ATTRIBUTES| FILE_READ_EA| SYNCHRONIZE| READ_CONTROL. */
841
842/*
843 * This is an internal define, this value is not part of any Windows Documentation.
844 * The is used to decide if the share ACL doesn't allow any type of write access.
845 * In that case we set the mount point to be read only.
846 */
847#define FILE_FULL_WRITE_ACCESS	(SMB2_FILE_WRITE_DATA | SMB2_FILE_APPEND_DATA | \
848								SMB2_FILE_WRITE_EA | SMB2_FILE_WRITE_ATTRIBUTES | \
849								SMB2_DELETE | SMB2_WRITE_DAC | SMB2_WRITE_OWNER)
850
851/*
852 * security identifier header
853 * it is followed by sid_numauth sub-authorities,
854 * which are 32 bits each.
855 * note the subauths are little-endian on the wire, but
856 * need to be big-endian for memberd/DS
857 */
858#define SIDAUTHSIZE 6
859struct ntsid {
860	uint8_t	sid_revision;
861	uint8_t	sid_subauthcount;
862	uint8_t	sid_authority[SIDAUTHSIZE]; /* ie not little endian */
863} __attribute__((__packed__));
864
865#define sidlen(s) (sizeof(struct ntsid) + (sizeof(uint32_t) * (s)->sid_subauthcount))
866#define MAXSIDLEN (sizeof(struct ntsid) + (sizeof(uint32_t) * KAUTH_NTSID_MAX_AUTHORITIES))
867
868/*
869 * MS' defined values for ace_type
870 */
871#define ACCESS_ALLOWED_ACE_TYPE                 0x0
872#define ACCESS_DENIED_ACE_TYPE                  0x1
873#define SYSTEM_AUDIT_ACE_TYPE                   0x2
874#define SYSTEM_ALARM_ACE_TYPE                   0x3
875#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE        0x4
876#define ACCESS_ALLOWED_OBJECT_ACE_TYPE          0x5
877#define ACCESS_DENIED_OBJECT_ACE_TYPE           0x6
878#define SYSTEM_AUDIT_OBJECT_ACE_TYPE            0x7
879#define SYSTEM_ALARM_OBJECT_ACE_TYPE            0x8
880#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE        0x9
881#define ACCESS_DENIED_CALLBACK_ACE_TYPE         0xA
882#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE 0xB
883#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE  0xC
884#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE          0xD
885#define SYSTEM_ALARM_CALLBACK_ACE_TYPE          0xE
886#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE   0xF
887#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE   0x10
888
889/*
890 * MS' defined values for ace_flags
891 */
892#define OBJECT_INHERIT_ACE_FLAG          0x01
893#define CONTAINER_INHERIT_ACE_FLAG       0x02
894#define NO_PROPAGATE_INHERIT_ACE_FLAG    0x04
895#define INHERIT_ONLY_ACE_FLAG            0x08
896#define INHERITED_ACE_FLAG               0x10
897#define UNDEF_ACE_FLAG                   0x20 /* MS doesn't define it?! */
898#define VALID_INHERIT_ACE_FLAGS          0x1F
899#define SUCCESSFUL_ACCESS_ACE_FLAG       0x40
900#define FAILED_ACCESS_ACE_FLAG           0x80
901
902/*
903 * Set PATH/FILE information levels
904 */
905#define SMB_SFILEINFO_STANDARD                  1
906#define SMB_SFILEINFO_EA_SET                    2
907#define SMB_SFILEINFO_BASIC_INFO                0x101
908#define SMB_SFILEINFO_DISPOSITION_INFO          0x102
909#define SMB_SFILEINFO_ALLOCATION_INFO           0x103
910#define SMB_SFILEINFO_END_OF_FILE_INFO          0x104
911#define SMB_SFILEINFO_UNIX_BASIC                0x200
912#define SMB_SFILEINFO_UNIX_LINK                 0x201
913#define SMB_SFILEINFO_UNIX_HLINK                0x203
914#define SMB_SFILEINFO_POSIX_ACL					0x204
915#define SMB_SFILEINFO_POSIX_UNLINK				0x20A
916#define SMB_SFILEINFO_UNIX_INFO2				0x20B
917#define SMB_SFILEINFO_DIRECTORY_INFORMATION     1001
918#define SMB_SFILEINFO_FULL_DIRECTORY_INFORMATION 1002
919#define SMB_SFILEINFO_BOTH_DIRECTORY_INFORMATION 1003
920#define SMB_SFILEINFO_BASIC_INFORMATION         1004
921#define SMB_SFILEINFO_STANDARD_INFORMATION      1005
922#define SMB_SFILEINFO_INTERNAL_INFORMATION      1006
923#define SMB_SFILEINFO_EA_INFORMATION            1007
924#define SMB_SFILEINFO_ACCESS_INFORMATION        1008
925#define SMB_SFILEINFO_NAME_INFORMATION          1009
926#define SMB_SFILEINFO_RENAME_INFORMATION        1010
927#define SMB_SFILEINFO_LINK_INFORMATION          1011
928#define SMB_SFILEINFO_NAMES_INFORMATION         1012
929#define SMB_SFILEINFO_DISPOSITION_INFORMATION   1013
930#define SMB_SFILEINFO_POSITION_INFORMATION      1014
931#define SMB_SFILEINFO_1015                      1015 /* ? */
932#define SMB_SFILEINFO_MODE_INFORMATION          1016
933#define SMB_SFILEINFO_ALIGNMENT_INFORMATION     1017
934#define SMB_SFILEINFO_ALL_INFORMATION           1018
935#define SMB_SFILEINFO_ALLOCATION_INFORMATION    1019
936#define SMB_SFILEINFO_END_OF_FILE_INFORMATION   1020
937#define SMB_SFILEINFO_ALT_NAME_INFORMATION      1021
938#define SMB_SFILEINFO_STREAM_INFORMATION        1022
939#define SMB_SFILEINFO_PIPE_INFORMATION          1023
940#define SMB_SFILEINFO_PIPE_LOCAL_INFORMATION    1024
941#define SMB_SFILEINFO_PIPE_REMOTE_INFORMATION   1025
942#define SMB_SFILEINFO_MAILSLOT_QUERY_INFORMATION 1026
943#define SMB_SFILEINFO_MAILSLOT_SET_INFORMATION  1027
944#define SMB_SFILEINFO_COMPRESSION_INFORMATION   1028
945#define SMB_SFILEINFO_OBJECT_ID_INFORMATION     1029
946#define SMB_SFILEINFO_COMPLETION_INFORMATION    1030
947#define SMB_SFILEINFO_MOVE_CLUSTER_INFORMATION  1031
948#define SMB_SFILEINFO_QUOTA_INFORMATION         1032
949#define SMB_SFILEINFO_REPARSE_POINT_INFORMATION 1033
950#define SMB_SFILEINFO_NETWORK_OPEN_INFORMATION  1034
951#define SMB_SFILEINFO_ATTRIBUTE_TAG_INFORMATION 1035
952#define SMB_SFILEINFO_TRACKING_INFORMATION      1036
953#define SMB_SFILEINFO_MAXIMUM_INFORMATION	1037
954
955/*
956 * LOCKING_ANDX LockType flags
957 */
958#define SMB_LOCKING_ANDX_SHARED_LOCK	0x01
959#define SMB_LOCKING_ANDX_OPLOCK_RELEASE	0x02
960#define SMB_LOCKING_ANDX_CHANGE_LOCKTYPE 0x04
961#define SMB_LOCKING_ANDX_CANCEL_LOCK	0x08
962#define SMB_LOCKING_ANDX_LARGE_FILES	0x10
963
964/*
965 * Definition of parameter block of SMB_SET_POSIX_LOCK
966 *
967 *   [2 bytes] lock_type - 0 = Read, 1 = Write, 2 = Unlock
968 *   [2 bytes] lock_flags - 1 = Wait (only valid for setlock)
969 *   [4 bytes] pid = locking context.
970 *   [8 bytes] start = unsigned 64 bits.
971 *   [8 bytes] length = unsigned 64 bits.
972 */
973
974#define POSIX_LOCK_TYPE_OFFSET 0
975#define POSIX_LOCK_FLAGS_OFFSET 2
976#define POSIX_LOCK_PID_OFFSET 4
977#define POSIX_LOCK_START_OFFSET 8
978#define POSIX_LOCK_LEN_OFFSET 16
979#define POSIX_LOCK_DATA_SIZE 24
980
981#define POSIX_LOCK_FLAG_NOWAIT 0
982#define POSIX_LOCK_FLAG_WAIT 1
983
984#define POSIX_LOCK_TYPE_READ 0
985#define POSIX_LOCK_TYPE_WRITE 1
986#define POSIX_LOCK_TYPE_UNLOCK 2
987
988/* SMB_POSIX_PATH_OPEN "open_mode" definitions. */
989#define SMB_O_RDONLY                      0x1
990#define SMB_O_WRONLY                      0x2
991#define SMB_O_RDWR                        0x4
992
993#define SMB_ACCMODE                       0x7
994
995#define SMB_O_CREAT                      0x10
996#define SMB_O_EXCL                       0x20
997#define SMB_O_TRUNC                      0x40
998#define SMB_O_APPEND                     0x80
999#define SMB_O_SYNC                      0x100
1000#define SMB_O_DIRECTORY                 0x200
1001#define SMB_O_NOFOLLOW                  0x400
1002#define SMB_O_DIRECT                    0x800
1003
1004/*
1005 * Some names length limitations. Some of them aren't declared by specs,
1006 * but we need reasonable limits.
1007 */
1008#define SMB_MAXNetBIOSNAMELEN	15	/* NetBIOS limit */
1009#define SMB_MAX_DNS_SRVNAMELEN	255
1010#define SMB_MAXUSERNAMELEN	128
1011#define SMB_MAXPASSWORDLEN	128
1012#define SMB_MAX_NTLM_NAME	(SMB_MAX_DNS_SRVNAMELEN + 1 + SMB_MAXUSERNAMELEN)
1013/* Max Kerberos principal name length we support */
1014#define SMB_MAX_KERB_PN		1024
1015#define SMB_MAX_NATIVE_OS_STRING		256
1016#define SMB_MAX_NATIVE_LANMAN_STRING	256
1017
1018/*
1019 * XP will only allow 80 characters in a share name, the SMB 2/3
1020 * Spec confirms this in the tree connect section. Since UTF8
1021 * can have 3 * 80(characters) bytes then lets make SMB_MAXSHARENAMELEN
1022 * 240 bytes.
1023 */
1024#define	SMB_MAXSHARENAMELEN		240
1025#define	SMB_MAXPKTLEN			0x0001FFFF
1026#define	SMB_LARGE_MAXPKTLEN		0x00FFFFFF	/* Non NetBIOS connections */
1027#define	SMB_MAXCHALLENGELEN		8
1028#define	SMB_MAXFNAMELEN			255	/* Max pathname component length */
1029
1030#define	SMB_RCNDELAY		2	/* seconds between reconnect attempts */
1031/*
1032 * leave this zero - we can't ssecond guess server side effects of
1033 * duplicate ops, this isn't nfs!
1034 */
1035#define SMB_MAXSETUPWORDS	3	/* max # of setup words in trans/t2 */
1036
1037/*
1038 * Error classes
1039 */
1040#define SMBSUCCESS	0x00
1041#define ERRDOS		0x01
1042#define ERRSRV		0x02
1043#define ERRHRD		0x03	/* Error is an hardware error. */
1044#define ERRCMD		0xFF	/* Command was not in the "SMB" format. */
1045
1046/*
1047 * size of the GUID returned in an extended security negotiate response
1048 */
1049#define SMB_GUIDLEN	16
1050
1051typedef uint16_t	smbfh;
1052
1053#define SMB_NTLM_LEN	21
1054#define SMB_NTLMV2_LEN	16
1055#define SMB_LMV2_LEN	24
1056
1057/*
1058 * NTLMv2 blob header structure.
1059 */
1060struct ntlmv2_blobhdr {
1061	uint32_t	header;
1062	uint32_t	reserved;
1063	uint64_t	timestamp;
1064	uint64_t	client_nonce;
1065	uint32_t	unknown1;
1066};
1067
1068/*
1069 * NTLMv2 name header structure, for names in a blob.
1070 */
1071struct ntlmv2_namehdr {
1072	uint16_t	type;
1073	uint16_t	len;
1074};
1075
1076#define NAMETYPE_EOL		0x0000	/* end of list of names */
1077#define NAMETYPE_MACHINE_NB	0x0001	/* NetBIOS machine name */
1078#define NAMETYPE_DOMAIN_NB	0x0002	/* NetBIOS domain name */
1079#define NAMETYPE_MACHINE_DNS	0x0003	/* DNS machine name */
1080#define NAMETYPE_DOMAIN_DNS	0x0004	/* DNS Active Directory domain name */
1081
1082/*
1083 * Named pipe commands.
1084 */
1085#define TRANS_CALL_NAMED_PIPE		0x54	/* open/write/read/close pipe */
1086#define TRANS_WAIT_NAMED_PIPE		0x53	/* wait for pipe to be nonbusy */
1087#define TRANS_PEEK_NAMED_PIPE		0x23	/* read but don't remove data */
1088#define TRANS_Q_NAMED_PIPE_HAND_STATE	0x21	/* query pipe handle modes */
1089#define TRANS_SET_NAMED_PIPE_HAND_STATE	0x01	/* set pipe handle modes */
1090#define TRANS_Q_NAMED_PIPE_INFO		0x22	/* query pipe attributes */
1091#define TRANS_TRANSACT_NAMED_PIPE	0x26	/* write/read operation on pipe */
1092#define TRANS_READ_NAMED_PIPE		0x11	/* read pipe in "raw" (non message mode) */
1093#define TRANS_WRITE_NAMED_PIPE		0x31	/* write pipe "raw" (non message mode) */
1094
1095/*
1096 * [MS-CIFS]
1097 * WriteMode (2 bytes): A 16-bit field containing flags defined as follows:
1098 * WritethroughMode 0x0001
1099 *		If set the server MUST NOT respond to the client before the data is
1100 *		written to disk (write-through).
1101 * ReadBytesAvailable 0x0002
1102 *		If set the server SHOULD set the Response.SMB_Parameters.Available
1103 *		field correctly for writes to named pipes or I/O devices.
1104 * RAW_MODE 0x0004
1105 *		Applicable to named pipes only. If set, the named pipe MUST be written
1106 *		to in raw mode (no translation).
1107 * MSG_START 0x0008
1108 *		Applicable to named pipes only. If set, this data is the start of a message.
1109 */
1110#define WritethroughMode	0x0001
1111#define ReadBytesAvailable	0x0002
1112#define RAW_MODE			0x0004
1113#define MSG_START			0x0008
1114
1115
1116#define SFM_RESOURCEFORK_NAME	"AFP_Resource"
1117#define SFM_FINDERINFO_NAME		"AFP_AfpInfo"
1118#define SFM_DESKTOP_NAME		"AFP_DeskTop"
1119#define SFM_IDINDEX_NAME		"AFP_IdIndex"
1120
1121#ifndef XATTR_RESOURCEFORK_NAME
1122#define XATTR_RESOURCEFORK_NAME		"com.apple.ResourceFork"
1123#endif
1124#ifndef XATTR_FINDERINFO_NAME
1125#define XATTR_FINDERINFO_NAME		"com.apple.FinderInfo"
1126#endif
1127#ifndef FINDERINFOSIZE
1128#define FINDERINFOSIZE 32
1129#endif
1130#define SMB_DATASTREAM		":$DATA"
1131
1132/*
1133 * Used in the open/read chain messages
1134 *		CreateAndX response is 68 bytes long plus 1 bytes for the word count field
1135 *		Two more bytes for the createandx byte count field
1136 *		ReadAndX response is 24 bytes long plus 1 bytes for the word count field
1137 *		Two more bytes for the readandx byte count field
1138 *		Eight bytes for pad data between create and read and read and the data buffer
1139 */
1140#define SMB_CREATEXRLEN 68 + 1
1141#define SMB_READXRLEN 24 +1
1142#define SMB_BCOUNT_LEN 2
1143#define SMB_CHAIN_PAD 8
1144#define SMB_MAX_CHAIN_READ SMB_CREATEXRLEN + SMB_BCOUNT_LEN + SMB_READXRLEN + SMB_BCOUNT_LEN + SMB_CHAIN_PAD
1145#define SMB_SETUPXRLEN 280	/* This is what Windows 2003 uses not sure why, but better safe than sorry */
1146
1147#define AFP_INFO_SIZE		60
1148#define AFP_INFO_FINDER_OFFSET	16
1149
1150enum stream_types {
1151	kNoStream = 0,
1152	kResourceFrk = 1,
1153	kFinderInfo = 2,
1154	kExtendedAttr = 4,
1155	kMsStream = 8
1156};
1157
1158#endif /* _NETSMB_SMB_H_ */
1159