1/* 2 * Copyright (c) 2000-2001 Boris Popov 3 * All rights reserved. 4 * 5 * Portions Copyright (C) 2001 - 2010 Apple Inc. All rights reserved. 6 * 7 * Now many of these defines are from samba4 code, by Andrew Tridgell. 8 * (Permission given to Conrad Minshall at CIFS plugfest Aug 13 2003.) 9 * (Note the main decision was whether to use defines found in MS includes 10 * and web pages, versus Samba, and the deciding factor is which developers 11 * are more likely to be looking at this code base.) 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. All advertising materials mentioning features or use of this software 22 * must display the following acknowledgement: 23 * This product includes software developed by Boris Popov. 24 * 4. Neither the name of the author nor the names of any co-contributors 25 * may be used to endorse or promote products derived from this software 26 * without specific prior written permission. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 31 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 * 40 */ 41 42/* 43 * Common definintions and structures for SMB/CIFS protocol 44 */ 45 46#ifndef _NETSMB_SMB_H_ 47#define _NETSMB_SMB_H_ 48 49#define NBNS_UDP_PORT_137 137 50#define NBSS_TCP_PORT_139 139 51#define SMB_TCP_PORT_445 445 52 53/* 54 * Formats of data/string buffers 55 */ 56#define SMB_DT_DATA 1 57#define SMB_DT_DIALECT 2 58#define SMB_DT_PATHNAME 3 59#define SMB_DT_ASCII 4 60#define SMB_DT_VARIABLE 5 61 62/* We require a mux of ten to support remote notifcations */ 63#define SMB_NOTIFY_MIN_MUX 10 64/* 65 * SMB header 66 */ 67#define SMB_SIGNATURE "\xFFSMB" 68#define SMB_SIGLEN 4 69#define SMB_HDRCMD(p) (*((u_char*)(p) + SMB_SIGLEN)) 70#define SMB_HDRPIDHIGH(p) (letohs(*(uint16_t*)((u_char*)(p) + 12))) 71#define SMB_HDRTID(p) (letohs(*(uint16_t*)((u_char*)(p) + 24))) 72#define SMB_HDRPIDLOW(p) (letohs(*(uint16_t*)((u_char*)(p) + 26))) 73#define SMB_HDRUID(p) (letohs(*(uint16_t*)((u_char*)(p) + 28))) 74#define SMB_HDRMID(p) (letohs(*(uint16_t*)((u_char*)(p) + 30))) 75#define SMB_HDRLEN 32 76#define SMB_WRITEANDX_HDRLEN 32 77#define SMB_READANDX_HDRLEN 30 78#define SMB_MAX_SETUPCOUNT_LEN 255 79#define SMB_COM_NT_TRANS_LEN 48 80 81/* 82 * bits in the smb_flags field 83 */ 84#define SMB_FLAGS_SUPPORT_LOCKREAD 0x01 85#define SMB_FLAGS_CLIENT_BUF_AVAIL 0x02 86#define SMB_FLAGS_CASELESS 0x08 87#define SMB_FLAGS_CANONICAL_PATHNAMES 0x10 88#define SMB_FLAGS_REQUEST_OPLOCK 0x20 89#define SMB_FLAGS_REQUEST_BATCH_OPLOCK 0x40 90#define SMB_FLAGS_SERVER_RESP 0x80 91 92/* 93 * bits in the smb_flags2 field 94 */ 95#define SMB_FLAGS2_KNOWS_LONG_NAMES 0x0001 96#define SMB_FLAGS2_KNOWS_EAS 0x0002 /* client know about EAs */ 97#define SMB_FLAGS2_SECURITY_SIGNATURE 0x0004 /* check SMB integrity */ 98#define SMB_FLAGS2_IS_LONG_NAME 0x0040 /* any path name is long name */ 99#define SMB_FLAGS2_EXT_SEC 0x0800 /* client aware of Extended 100 * Security negotiation */ 101#define SMB_FLAGS2_DFS 0x1000 /* resolve paths in DFS */ 102#define SMB_FLAGS2_PAGING_IO 0x2000 /* for exec */ 103#define SMB_FLAGS2_ERR_STATUS 0x4000 /* 1 - status.status */ 104#define SMB_FLAGS2_UNICODE 0x8000 /* use Unicode for all strings */ 105 106#define SMB_UID_UNKNOWN 0xffff 107#define SMB_TID_UNKNOWN 0xffff 108 109/* 110 * Security mode bits 111 */ 112#define SMB_SM_USER 0x01 /* server in the user security mode */ 113#define SMB_SM_ENCRYPT 0x02 /* use challenge/responce */ 114#define SMB_SM_SIGS 0x04 115#define SMB_SM_SIGS_REQ 0x08 116 117/* 118 * Action bits in session setup reply 119 */ 120#define SMB_ACT_GUEST 0x01 121 122/* 123 * NTLM capabilities 124 */ 125#define SMB_CAP_RAW_MODE 0x0001 126#define SMB_CAP_MPX_MODE 0x0002 127#define SMB_CAP_UNICODE 0x0004 128#define SMB_CAP_LARGE_FILES 0x0008 /* 64 bit offsets supported */ 129#define SMB_CAP_NT_SMBS 0x0010 130#define SMB_CAP_RPC_REMOTE_APIS 0x0020 131#define SMB_CAP_STATUS32 0x0040 132#define SMB_CAP_LEVEL_II_OPLOCKS 0x0080 133#define SMB_CAP_LOCK_AND_READ 0x0100 134#define SMB_CAP_NT_FIND 0x0200 135#define SMB_CAP_DFS 0x1000 136#define SMB_CAP_INFOLEVEL_PASSTHRU 0x2000 137#define SMB_CAP_LARGE_READX 0x4000 138#define SMB_CAP_LARGE_WRITEX 0x8000 139#define SMB_CAP_UNIX 0x00800000 140#define SMB_CAP_BULK_TRANSFER 0x20000000 141#define SMB_CAP_COMPRESSED_DATA 0x40000000 142#define SMB_CAP_EXT_SECURITY 0x80000000 143/* Used for checking to see if we are connecting to a NT4 server */ 144#define SMB_CAP_LARGE_RDWRX (SMB_CAP_LARGE_WRITEX | SMB_CAP_LARGE_READX) 145 146/* UNIX CAPS */ 147#define CIFS_UNIX_MAJOR_VERSION 1 148#define CIFS_UNIX_MINOR_VERSION 0 149 150/* UNIX PROTOCOL EXTENSIONS CAP */ 151#define CIFS_UNIX_FCNTL_LOCKS_CAP 0x1 152#define CIFS_UNIX_POSIX_ACLS_CAP 0x2 153#define CIFS_UNIX_XATTTR_CAP 0x4 /* for support of other xattr namespaces such as system, security and trusted */ 154#define CIFS_UNIX_EXTATTR_CAP 0x8 /* for support of chattr (chflags) and lsattr */ 155#define CIFS_UNIX_POSIX_PATHNAMES_CAP 0x10 /* Use POSIX pathnames on the wire. */ 156#define CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP 0x20 /* Support new info */ 157 158/* 159 * INTERNAL UNIX EXTENSIONS CAP 160 * 161 * Define which unix call we can make to the server 162 */ 163#define UNIX_QFS_UNIX_INFO_CAP 0x01 164#define UNIX_QFS_POSIX_WHOAMI_CAP 0x02 165#define UNIX_QFS_POSIX_WHOAMI_SID_CAP 0x04 166#define UNIX_QFILEINFO_UNIX_LINK_CAP 0x08 167#define UNIX_SFILEINFO_UNIX_LINK_CAP 0x10 168#define UNIX_QFILEINFO_UNIX_INFO2_CAP 0x20 169#define UNIX_FIND_FILE_UNIX_INFO2_CAP UNIX_QFILEINFO_UNIX_INFO2_CAP 170#define UNIX_SFILEINFO_UNIX_INFO2_CAP 0x40 171#define UNIX_SFILEINFO_POSIX_UNLINK_CAP 0x80 172 173/* Use by the client to say we are using posix names, not sure about are client */ 174#define SMB_QUERY_POSIX_FS_INFO 0x201 175 176 177/* SMB_COM_TREE_CONNECT_ANDX reply word count */ 178#define TREE_CONNECT_NORMAL_WDCNT 3 179#define TREE_CONNECT_EXTENDED_WDCNT 7 180 181/* SMB_COM_TREE_CONNECT_ANDX flags. See [MS-SMB] for a complete description. */ 182#define TREE_CONNECT_ANDX_DISCONNECT_TID 0x0001 183#define TREE_CONNECT_ANDX_EXTENDED_SIGNATURES 0x0004 184#define TREE_CONNECT_ANDX_EXTENDED_RESPONSE 0x0008 185 186/* 187 * SMB_COM_TREE_CONNECT_ANDX optional support flags. See [MS-SMB] for a complete 188 * description. 189 */ 190#define SMB_SUPPORT_SEARCH_BITS 0x0001 /* Server supports SearchAttributes */ 191#define SMB_SHARE_IS_IN_DFS 0x0002 /* This share is managed by DFS */ 192#define SMB_CSC_MASK 0x000C /* Offline-caching bits for this share. */ 193#define SMB_UNIQUE_FILE_NAME 0x0010 /* Long file names only */ 194#define SMB_EXTENDED_SIGNATURES 0x0020 /* Signing key protection is on. */ 195/* See [MS-SMB] for a complete description of SMB_CSC_MASK bits. */ 196#define SMB_CSC_CACHE_MANUAL_REINT 0x0000 197#define SMB_CSC_CACHE_AUTO_REINT 0x0004 198#define SMB_CSC_CACHE_VDO 0x0008 199 200/* 201 * Resource Types 202 */ 203#define kFileTypeDisk 0x0000 204#define kFileTypeByteModePipe 0x0001 205#define kFileTypeMessageModePipe 0x0002 206#define kFileTypePrinter 0x0003 207#define kFileTypeUnknown 0xffff 208 209/* 210 * If the ResourceType field is FileTypeDisk, then this field MUST be the 211 * FileStatusFlags field: 212 * 213 * FileStatusFlags (2 bytes): A 16-bit field that shows extra information about 214 * the opened file or directory. Any combination of the following flags is valid. 215 * Unused bit fields SHOULD be set to zero by the server and MUST be ignored by the client. 216 */ 217#define kNO_EAS 0x0001 /* The file or directory has no extended attributes. */ 218#define kNO_SUBSTREAMS 0x0002 /* The file or directory has no data streams other than the main data stream. */ 219#define kNO_REPARSETAG 0x0004 /* The file or directory is not a reparse point. */ 220 221/* 222 * Extended file attributes 223 */ 224#define SMB_EFA_RDONLY 0x0001 225#define SMB_EFA_HIDDEN 0x0002 226#define SMB_EFA_SYSTEM 0x0004 227#define SMB_EFA_VOLUME 0x0008 228#define SMB_EFA_DIRECTORY 0x0010 229#define SMB_EFA_ARCHIVE 0x0020 230#define SMB_EFA_DEVICE 0x0040 231#define SMB_EFA_NORMAL 0x0080 232#define SMB_EFA_TEMPORARY 0x0100 233#define SMB_EFA_SPARSE 0x0200 234#define SMB_EFA_REPARSE_POINT 0x0400 235#define SMB_EFA_COMPRESSED 0x0800 236#define SMB_EFA_OFFLINE 0x1000 237#define SMB_EFA_NONINDEXED 0x2000 238#define SMB_EFA_ENCRYPTED 0x4000 239#define SMB_EFA_POSIX_SEMANTICS 0x01000000 240#define SMB_EFA_BACKUP_SEMANTICS 0x02000000 241#define SMB_EFA_DELETE_ON_CLOSE 0x04000000 242#define SMB_EFA_SEQUENTIAL_SCAN 0x08000000 243#define SMB_EFA_RANDOM_ACCESS 0x10000000 244#define SMB_EFA_NO_BUFFERING 0x20000000 245#define SMB_EFA_WRITE_THROUGH 0x80000000 246 247 248/* 249 * Access Mode Encoding 250 */ 251#define SMB_AM_OPENREAD 0x0000 252#define SMB_AM_OPENWRITE 0x0001 253#define SMB_AM_OPENRW 0x0002 254#define SMB_AM_OPENEXEC 0x0003 255#define SMB_AM_OPENMODE 0x0003 /* mask for access mode bits */ 256#define SMB_SM_COMPAT 0x0000 257#define SMB_SM_EXCLUSIVE 0x0010 258#define SMB_SM_DENYWRITE 0x0020 259#define SMB_SM_DENYREADEXEC 0x0030 260#define SMB_SM_DENYNONE 0x0040 261 262/* NT_CREATE_ANDX reply word count */ 263#define NTCREATEX_NORMAL_WDCNT 34 264#define NTCREATEX_EXTENDED_WDCNT 42 265#define NTCREATEX_BRKEN_SPEC_26_WDCNT 26 266 267/* NT_CREATE_ANDX flags */ 268#define NTCREATEX_FLAGS_REQUEST_OPLOCK 0x02 269#define NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK 0x04 270#define NTCREATEX_FLAGS_OPEN_DIRECTORY 0x08 271#define NTCREATEX_FLAGS_EXTENDED 0x10 272 273/* NT_CREATE_ANDX share_access (share mode) */ 274#define NTCREATEX_SHARE_ACCESS_NONE 0 275#define NTCREATEX_SHARE_ACCESS_READ 1 276#define NTCREATEX_SHARE_ACCESS_WRITE 2 277#define NTCREATEX_SHARE_ACCESS_DELETE 4 278#define NTCREATEX_SHARE_ACCESS_ALL 7 279 280/* 281 * CreateDisposition 282 * Specifies the action to perform if the file does or does not exist. 283 * CreateDisposition can be one of the values in the following table. 284 * 285 * CreateDisposition value Action if file exists Action if file does not exist 286 * FILE_SUPERSEDE Replace the file. Create the file. 287 * FILE_OPEN Open the file. Return an error. 288 * FILE_CREATE Return an error. Create the file. 289 * FILE_OPEN_IF Open the file. Create the file. 290 * FILE_OVERWRITE Open the file, and overwrite it. Return an error. 291 * FILE_OVERWRITE_IF Open the file, and overwrite it. Create the file. 292 * 293 * See [MS-CIFS].pdf for complete description 294 */ 295#define FILE_SUPERSEDE 0 296#define FILE_OPEN 1 297#define FILE_CREATE 2 298#define FILE_OPEN_IF 3 299#define FILE_OVERWRITE 4 300#define FILE_OVERWRITE_IF 5 301 302/* NT_CREATE_ANDX create_options */ 303#define NTCREATEX_OPTIONS_DIRECTORY 0x0001 304#define NTCREATEX_OPTIONS_WRITE_THROUGH 0x0002 305#define NTCREATEX_OPTIONS_SEQUENTIAL_ONLY 0x0004 306#define NTCREATEX_OPTIONS_SYNC_ALERT 0x0010 307#define NTCREATEX_OPTIONS_ASYNC_ALERT 0x0020 308#define NTCREATEX_OPTIONS_NON_DIRECTORY_FILE 0x0040 309#define NTCREATEX_OPTIONS_NO_EA_KNOWLEDGE 0x0200 310#define NTCREATEX_OPTIONS_EIGHT_DOT_THREE_ONLY 0x0400 311#define NTCREATEX_OPTIONS_RANDOM_ACCESS 0x0800 312#define NTCREATEX_OPTIONS_DELETE_ON_CLOSE 0x1000 313#define NTCREATEX_OPTIONS_OPEN_BY_FILE_ID 0x2000 314/* 315 * If the CreateOptions parameter specifies the FILE_OPEN_REPARSE_POINT flag and 316 * NtCreateFile opens a file with a reparse point, normal reparse processing does 317 * not occur and NtCreateFile attempts to directly open the reparse point file. 318 * If the FILE_OPEN_REPARSE_POINT flag is not specified, normal reparse point 319 * processing occurs for the file. In either case, if the open operation was 320 * successful, NtCreateFile returns STATUS_SUCCESS; otherwise, an error code. 321 * The NtCreateFile function never returns STATUS_REPARSE, if FILE_OPEN_REPARSE_POINT 322 * is set. 323 */ 324#define NTCREATEX_OPTIONS_OPEN_REPARSE_POINT 0x00200000 325 326/* NT_CREATE_ANDX "impersonation" */ 327#define NTCREATEX_IMPERSONATION_ANONYMOUS 0 328#define NTCREATEX_IMPERSONATION_IDENTIFICATION 1 329#define NTCREATEX_IMPERSONATION_IMPERSONATION 2 330#define NTCREATEX_IMPERSONATION_DELEGATION 3 331 332/* NT_CREATE_ANDX security flags */ 333#define NTCREATEX_SECURITY_DYNAMIC 1 334#define NTCREATEX_SECURITY_ALL 2 335 336/* SMB_TRANS2_FIND_FIRST2/SMB_TRANS2_FIND_NEXT2 flags */ 337#define FIND2_CLOSE_AFTER_REQUEST 0x0001 338#define FIND2_CLOSE_ON_EOS 0x0002 339#define FIND2_RETURN_RESUME_KEYS 0x0004 340#define FIND2_CONTINUE_SEARCH 0x0008 341#define FIND2_BACKUP_INTENT 0x0010 342 343/* 344 * SMB commands 345 */ 346#define SMB_COM_CREATE_DIRECTORY 0x00 347#define SMB_COM_DELETE_DIRECTORY 0x01 348#define SMB_COM_OPEN 0x02 349#define SMB_COM_CREATE 0x03 350#define SMB_COM_CLOSE 0x04 351#define SMB_COM_FLUSH 0x05 352#define SMB_COM_DELETE 0x06 353#define SMB_COM_RENAME 0x07 354#define SMB_COM_QUERY_INFORMATION 0x08 355#define SMB_COM_SET_INFORMATION 0x09 356#define SMB_COM_READ 0x0A 357#define SMB_COM_WRITE 0x0B 358#define SMB_COM_LOCK_BYTE_RANGE 0x0C 359#define SMB_COM_UNLOCK_BYTE_RANGE 0x0D 360#define SMB_COM_CREATE_TEMPORARY 0x0E 361#define SMB_COM_CREATE_NEW 0x0F 362#define SMB_COM_CHECK_DIRECTORY 0x10 363#define SMB_COM_PROCESS_EXIT 0x11 364#define SMB_COM_SEEK 0x12 365#define SMB_COM_LOCK_AND_READ 0x13 366#define SMB_COM_WRITE_AND_UNLOCK 0x14 367#define SMB_COM_READ_RAW 0x1A 368#define SMB_COM_READ_MPX 0x1B 369#define SMB_COM_READ_MPX_SECONDARY 0x1C 370#define SMB_COM_WRITE_RAW 0x1D 371#define SMB_COM_WRITE_MPX 0x1E 372#define SMB_COM_WRITE_COMPLETE 0x20 373#define SMB_COM_SET_INFORMATION2 0x22 374#define SMB_COM_QUERY_INFORMATION2 0x23 375#define SMB_COM_LOCKING_ANDX 0x24 376#define SMB_COM_TRANSACTION 0x25 377#define SMB_COM_TRANSACTION_SECONDARY 0x26 378#define SMB_COM_IOCTL 0x27 379#define SMB_COM_IOCTL_SECONDARY 0x28 380#define SMB_COM_COPY 0x29 381#define SMB_COM_MOVE 0x2A 382#define SMB_COM_ECHO 0x2B 383#define SMB_COM_WRITE_AND_CLOSE 0x2C 384#define SMB_COM_OPEN_ANDX 0x2D 385#define SMB_COM_READ_ANDX 0x2E 386#define SMB_COM_WRITE_ANDX 0x2F 387#define SMB_COM_CLOSE_AND_TREE_DISC 0x31 388#define SMB_COM_TRANSACTION2 0x32 389#define SMB_COM_TRANSACTION2_SECONDARY 0x33 390#define SMB_COM_FIND_CLOSE2 0x34 391#define SMB_COM_FIND_NOTIFY_CLOSE 0x35 392#define SMB_COM_TREE_CONNECT 0x70 393#define SMB_COM_TREE_DISCONNECT 0x71 394#define SMB_COM_NEGOTIATE 0x72 395#define SMB_COM_SESSION_SETUP_ANDX 0x73 396#define SMB_COM_LOGOFF_ANDX 0x74 397#define SMB_COM_TREE_CONNECT_ANDX 0x75 398#define SMB_COM_QUERY_INFORMATION_DISK 0x80 399#define SMB_COM_SEARCH 0x81 400#define SMB_COM_FIND 0x82 401#define SMB_COM_FIND_UNIQUE 0x83 402#define SMB_COM_NT_TRANSACT 0xA0 403#define SMB_COM_NT_TRANSACT_SECONDARY 0xA1 404#define SMB_COM_NT_CREATE_ANDX 0xA2 405#define SMB_COM_NT_CANCEL 0xA4 406#define SMB_COM_OPEN_PRINT_FILE 0xC0 407#define SMB_COM_WRITE_PRINT_FILE 0xC1 408#define SMB_COM_CLOSE_PRINT_FILE 0xC2 409#define SMB_COM_GET_PRINT_QUEUE 0xC3 410#define SMB_COM_READ_BULK 0xD8 411#define SMB_COM_WRITE_BULK 0xD9 412#define SMB_COM_WRITE_BULK_DATA 0xDA 413 414/* 415 * Used internally to identify async SMB_COM_NT_TRANSACT requests 416 * Actual command gets set to SMB_COM_NT_TRANSACT 417 */ 418#define SMB_COM_NT_TRANSACT_ASYNC 0xE0 419 420/* 421 * SMB_COM_TRANSACTION2 subcommands 422 */ 423#define SMB_TRANS2_OPEN2 0x00 424#define SMB_TRANS2_FIND_FIRST2 0x01 425#define SMB_TRANS2_FIND_NEXT2 0x02 426#define SMB_TRANS2_QUERY_FS_INFORMATION 0x03 427#define SMB_TRANS2_SETFSINFO 0x04 428#define SMB_TRANS2_QUERY_PATH_INFORMATION 0x05 429#define SMB_TRANS2_SET_PATH_INFORMATION 0x06 430#define SMB_TRANS2_QUERY_FILE_INFORMATION 0x07 431#define SMB_TRANS2_SET_FILE_INFORMATION 0x08 432#define SMB_TRANS2_FSCTL 0x09 433#define SMB_TRANS2_IOCTL2 0x0A 434#define SMB_TRANS2_FIND_NOTIFY_FIRST 0x0B 435#define SMB_TRANS2_FIND_NOTIFY_NEXT 0x0C 436#define SMB_TRANS2_CREATE_DIRECTORY 0x0D 437#define SMB_TRANS2_SESSION_SETUP 0x0E 438#define SMB_TRANS2_GET_DFS_REFERRAL 0x10 439#define SMB_TRANS2_REPORT_DFS_INCONSISTENCY 0x11 440 441/* 442 * SMB_COM_NT_TRANSACT subcommands 443 */ 444#define NT_TRANSACT_CREATE 0x01 445#define NT_TRANSACT_IOCTL 0x02 446#define NT_TRANSACT_SET_SECURITY_DESC 0x03 447#define NT_TRANSACT_NOTIFY_CHANGE 0x04 448#define NT_TRANSACT_RENAME 0x05 449#define NT_TRANSACT_QUERY_SECURITY_DESC 0x06 450#define NT_TRANSACT_GET_USER_QUOTA 0x07 451#define NT_TRANSACT_SET_USER_QUOTA 0x08 452 453/* 454 * SMB_TRANS2_QUERY_FS_INFORMATION levels 455 */ 456#define SMB_QFS_ALLOCATION 1 457#define SMB_QFS_VOLUME 2 458#define SMB_QFS_LABEL_INFO 0x101 459#define SMB_QFS_VOLUME_INFO 0x102 460#define SMB_QFS_SIZE_INFO 0x103 461#define SMB_QFS_DEVICE_INFO 0x104 462#define SMB_QFS_ATTRIBUTE_INFO 0x105 463#define SMB_QFS_UNIX_INFO 0x200 464#define SMB_QFS_POSIX_WHOAMI 0x202 465#define SMB_QFS_MAC_FS_INFO 0x301 466#define SMB_QFS_VOLUME_INFORMATION 1001 467#define SMB_QFS_SIZE_INFORMATION 1003 468#define SMB_QFS_DEVICE_INFORMATION 1004 469#define SMB_QFS_ATTRIBUTE_INFORMATION 1005 470#define SMB_QFS_QUOTA_INFORMATION 1006 471#define SMB_QFS_FULL_SIZE_INFORMATION 1007 472#define SMB_QFS_OBJECTID_INFORMATION 1008 473 474/* 475 * NT Notify Change Compeletion Filter 476*/ 477#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 478#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 479#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 480#define FILE_NOTIFY_CHANGE_SIZE 0x00000008 481#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 482#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020 483#define FILE_NOTIFY_CHANGE_CREATION 0x00000040 484#define FILE_NOTIFY_CHANGE_EA 0x00000080 485#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100 486#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200 487#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400 488#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800 489 490/* 491 * NT Notify Actions 492 */ 493#define FILE_ACTION_ADDED 0x00000001 494#define FILE_ACTION_REMOVED 0x00000002 495#define FILE_ACTION_MODIFIED 0x00000003 496#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004 497#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005 498#define FILE_ACTION_ADDED_STREAM 0x00000006 499#define FILE_ACTION_REMOVED_STREAM 0x00000007 500#define FILE_ACTION_MODIFIED_STREAM 0x00000008 501 502/* 503 * Server Message Notify actions 504 */ 505#define SVRMSG_SHUTDOWN_START FILE_ACTION_REMOVED 506#define SVRMSG_SHUTDOWN_CANCELLED FILE_ACTION_ADDED 507 508/* 509 * SMB_QFS_ATTRIBUTE_INFO bits. 510 */ 511#define FILE_CASE_SENSITIVE_SEARCH 0x00000001 512#define FILE_CASE_PRESERVED_NAMES 0x00000002 513#define FILE_UNICODE_ON_DISK 0x00000004 514#define FILE_PERSISTENT_ACLS 0x00000008 515#define FILE_FILE_COMPRESSION 0x00000010 516#define FILE_VOLUME_QUOTAS 0x00000020 517#define FILE_SUPPORTS_SPARSE_FILES 0x00000040 518#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080 519#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100 520#define FILE_SUPPORTS_LONG_NAMES 0x00004000 521#define FILE_VOLUME_IS_COMPRESSED 0x00008000 522#define FILE_SUPPORTS_OBJECT_IDS 0x00010000 523#define FILE_SUPPORTS_ENCRYPTION 0x00020000 524#define FILE_NAMED_STREAMS 0x00040000 525#define FILE_READ_ONLY_VOLUME 0x00080000 526 527/* 528 * Mask of which WHOAMI bits are valid. This should make it easier for clients 529 * to cope with servers that have different sets of WHOAMI flags (as more get added). 530 */ 531#define SMB_WHOAMI_MASK 0x00000001 532 533/* 534 * SMBWhoami - Query the user mapping performed by the server for the 535 * connected tree. This is a subcommand of the TRANS2_QFSINFO. 536 * 537 * Returns: 538 * 4 bytes unsigned - mapping flags (smb_whoami_flags) 539 * 4 bytes unsigned - flags mask 540 * 541 * 8 bytes unsigned - primary UID 542 * 8 bytes unsigned - primary GID 543 * 4 bytes unsigned - number of supplementary GIDs 544 * 4 bytes unsigned - number of SIDs 545 * 4 bytes unsigned - SID list byte count 546 * 4 bytes - pad / reserved (must be zero) 547 * 548 * 8 bytes unsigned[] - list of GIDs (may be empty) 549 * DOM_SID[] - list of SIDs (may be empty) 550 */ 551 552/* 553 * SMB_TRANS2_QUERY_PATH levels 554 */ 555#define SMB_QFILEINFO_STANDARD 1 556#define SMB_QFILEINFO_EA_SIZE 2 557#define SMB_QFILEINFO_EAS_FROM_LIST 3 558#define SMB_QFILEINFO_ALL_EAS 4 559#define SMB_QFILEINFO_IS_NAME_VALID 6 /* QPATHINFO only? */ 560#define SMB_QFILEINFO_BASIC_INFO 0x101 561#define SMB_QFILEINFO_STANDARD_INFO 0x102 562#define SMB_QFILEINFO_EA_INFO 0x103 563#define SMB_QFILEINFO_NAME_INFO 0x104 564#define SMB_QFILEINFO_ALLOCATION_INFO 0x105 565#define SMB_QFILEINFO_END_OF_FILE_INFO 0x106 566#define SMB_QFILEINFO_ALL_INFO 0x107 567#define SMB_QFILEINFO_ALT_NAME_INFO 0x108 568#define SMB_QFILEINFO_STREAM_INFO 0x109 569#define SMB_QFILEINFO_COMPRESSION_INFO 0x10b 570#define SMB_QFILEINFO_UNIX_BASIC 0x200 571#define SMB_QFILEINFO_UNIX_LINK 0x201 572#define SMB_QFILEINFO_POSIX_ACL 0x204 573#define SMB_QFILEINFO_UNIX_INFO2 0x20B /* UNIX File Info*/ 574#define SMB_QFILEINFO_MAC_DT_GET_APPL 0x306 575#define SMB_QFILEINFO_MAC_DT_GET_ICON 0x307 576#define SMB_QFILEINFO_MAC_DT_GET_ICON_INFO 0x308 577#define SMB_QFILEINFO_MAC_SPOTLIGHT 0x310 578#define SMB_QFILEINFO_BASIC_INFORMATION 1004 579#define SMB_QFILEINFO_STANDARD_INFORMATION 1005 580#define SMB_QFILEINFO_INTERNAL_INFORMATION 1006 581#define SMB_QFILEINFO_EA_INFORMATION 1007 582#define SMB_QFILEINFO_ACCESS_INFORMATION 1008 583#define SMB_QFILEINFO_NAME_INFORMATION 1009 584#define SMB_QFILEINFO_POSITION_INFORMATION 1014 585#define SMB_QFILEINFO_MODE_INFORMATION 1016 586#define SMB_QFILEINFO_ALIGNMENT_INFORMATION 1017 587#define SMB_QFILEINFO_ALL_INFORMATION 1018 588#define SMB_QFILEINFO_ALT_NAME_INFORMATION 1021 589#define SMB_QFILEINFO_STREAM_INFORMATION 1022 590#define SMB_QFILEINFO_COMPRESSION_INFORMATION 1028 591#define SMB_QFILEINFO_NETWORK_OPEN_INFORMATION 1034 592#define SMB_QFILEINFO_ATTRIBUTE_TAG_INFORMATION 1035 593 594/* 595 * SMB_TRANS2_FIND_FIRST2 information levels 596 */ 597#define SMB_FIND_STANDARD 1 598#define SMB_FIND_EA_SIZE 2 599#define SMB_FIND_EAS_FROM_LIST 3 600#define SMB_FIND_DIRECTORY_INFO 0x101 601#define SMB_FIND_FULL_DIRECTORY_INFO 0x102 602#define SMB_FIND_NAME_INFO 0x103 603#define SMB_FIND_BOTH_DIRECTORY_INFO 0x104 604#define SMB_FIND_UNIX_INFO 0x200 605/* Transact 2 Find First levels */ 606#define SMB_FIND_FILE_UNIX 0x202 607#define SMB_FIND_FILE_UNIX_INFO2 0x20B /* UNIX File Info2 */ 608 609/* 610 * These are used by findfrist/next to determine the number of max search 611 * elements the client should be requesting. These values are the number of 612 * bytes each structure takes up in the packet if the associated name was empty. 613 * So we divided transaction buffer size by this number and that gives us the 614 * max search count to request. In each case we counted up the number of uint32_t 615 * that each structure contained, so a uint64_t counts as two uint32_t. In both 616 * cases we add 2 bytes to represent the empty UTF8 name. So SMB_FIND_BOTH_DIRECTORY_INFO 617 * has 16 uint32_t fields plus 30 bytes of other data and the SMB_FIND_FILE_UNIX_INFO2 618 * has 32 uint32_t fields. 619 */ 620#define SMB_FIND_BOTH_DIRECTORY_INFO_MIN_LEN ((4 * 16) + 30 + 2) 621#define SMB_FIND_FILE_UNIX_INFO2_MIN_LEN ((4 * 32) + 2) 622 623/* 624 * SMB_QUERY_FILE_UNIX_INFO2 is SMB_QUERY_FILE_UNIX_BASIC with create 625 * time and file flags appended. The corresponding info level for 626 * findfirst/findnext is SMB_FIND_FILE_UNIX_UNIX2. 627 * Size Offset Value 628 * --------------------- 629 * 0 LARGE_INTEGER EndOfFile File size 630 * 8 LARGE_INTEGER Blocks Number of blocks used on disk 631 * 16 LARGE_INTEGER ChangeTime Attribute change time 632 * 24 LARGE_INTEGER LastAccessTime Last access time 633 * 32 LARGE_INTEGER LastModificationTime Last modification time 634 * 40 LARGE_INTEGER Uid Numeric user id for the owner 635 * 48 LARGE_INTEGER Gid Numeric group id of owner 636 * 56 ULONG Type Enumeration specifying the file type 637 * 60 LARGE_INTEGER devmajor Major device number if type is device 638 * 68 LARGE_INTEGER devminor Minor device number if type is device 639 * 76 LARGE_INTEGER uniqueid This is a server-assigned unique id 640 * 84 LARGE_INTEGER permissions Standard UNIX permissions 641 * 92 LARGE_INTEGER nlinks Number of hard link) 642 * 100 LARGE_INTEGER CreationTime Create/birth time 643 * 108 ULONG FileFlags File flags enumeration 644 * 112 ULONG FileFlagsMask Mask of valid flags 645 */ 646 647#define SMB_DEFAULT_NO_CHANGE -1 648#define SMB_MODE_NO_CHANGE (uint64_t)-1 649#define SMB_UID_NO_CHANGE -1 650#define SMB_GID_NO_CHANGE -1 651#define SMB_SIZE_NO_CHANGE (uint64_t)-1 652#define SMB_FLAGS_NO_CHANGE 0 653 654/* 655 * Flags for chflags (CIFS_UNIX_EXTATTR_CAP capability) and 656 * SMB_QUERY_FILE_UNIX_BASIC2 (or whatever) 657 */ 658#define EXT_SECURE_DELETE 0x00000001 659#define EXT_ENABLE_UNDELETE 0x00000002 660#define EXT_SYNCHRONOUS 0x00000004 661#define EXT_IMMUTABLE 0x00000008 662#define EXT_OPEN_APPEND_ONLY 0x00000010 663#define EXT_DO_NOT_BACKUP 0x00000020 664#define EXT_NO_UPDATE_ATIME 0x00000040 665#define EXT_HIDDEN 0x00000080 666/* The minimum set that is required by the Mac Client */ 667#define EXT_REQUIRED_BY_MAC (EXT_IMMUTABLE | EXT_HIDDEN | EXT_DO_NOT_BACKUP) 668 669/* Still expected to only contain 12 bits (little endian): */ 670#define EXT_UNIX_S_ISUID 0004000 /* set UID bit */ 671#define EXT_UNIX_S_ISGID 0002000 /* set-group-ID bit (see below) */ 672#define EXT_UNIX_S_ISVTX 0001000 /* sticky bit (see below) */ 673#define EXT_UNIX_S_IRUSR 00400 /* owner has read permission */ 674#define EXT_UNIX_S_IWUSR 00200 /* owner has write permission */ 675#define EXT_UNIX_S_IXUSR 00100 /* owner has execute permission */ 676#define EXT_UNIX_S_IRGRP 00040 /* group has read permission */ 677#define EXT_UNIX_S_IWGRP 00020 /* group has write permission */ 678#define EXT_UNIX_S_IXGRP 00010 /* group has execute permission */ 679#define EXT_UNIX_S_IROTH 00004 /* others have read permission */ 680#define EXT_UNIX_S_IWOTH 00002 /* others have write permission */ 681#define EXT_UNIX_S_IXOTH 00001 /* others have execute permission */ 682 683 684/* File type is still the same enumeration (little endian) as: */ 685#define EXT_UNIX_FILE 0 686#define EXT_UNIX_DIR 1 687#define EXT_UNIX_SYMLINK 2 688#define EXT_UNIX_CHARDEV 3 689#define EXT_UNIX_BLOCKDEV 4 690#define EXT_UNIX_FIFO 5 691#define EXT_UNIX_SOCKET 6 692 693/* 694 * Selectors for NT_TRANSACT_QUERY_SECURITY_DESC and 695 * NT_TRANSACT_SET_SECURITY_DESC. Details found in the MSDN 696 * library by searching on security_information. 697 * Note the protected/unprotected bits did not exist in NT. 698 */ 699 700#define OWNER_SECURITY_INFORMATION 0x00000001 701#define GROUP_SECURITY_INFORMATION 0x00000002 702#define DACL_SECURITY_INFORMATION 0x00000004 703#define SACL_SECURITY_INFORMATION 0x00000008 704#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000 705#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000 706#define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000 707#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000 708 709/* 710 * The SECURITY_DESCRIPTOR structure defines an object's security attributes. 711 * These attributes specify who owns the object, who can access the object and 712 * what they can do with it, what level of audit logging should be applied to 713 * the object, and what kind of restrictions apply to the use of the security 714 * descriptor. 715 * 716 * See [MS-DTYP].pdf for more details. 717 */ 718struct ntsecdesc { 719 uint8_t Revision; /* This field MUST be set to one. */ 720 uint8_t Sbz1; /* In our case this field is reserved and MUST be set to zero. */ 721 uint16_t ControlFlags; /* This specifies control access bit flags. The Self Relative bit MUST be set. */ 722 uint32_t OffsetOwner; /* offset to owner SID */ 723 uint32_t OffsetGroup; /* offset to group SID */ 724 uint32_t OffsetSacl; /* offset to system/audit ACL */ 725 uint32_t OffsetDacl; /* offset to discretionary ACL */ 726} __attribute__((__packed__)); 727 728 729 730/* 731 * ControlFlags - Control bits 732 */ 733#define SE_OWNER_DEFAULTED 0x0001 /* Set when the owner was established by default means. */ 734#define SE_GROUP_DEFAULTED 0x0002 /* Set when the group was established by default means. */ 735#define SE_DACL_PRESENT 0x0004 /* Set when the DACL is present on the object. */ 736#define SE_DACL_DEFAULTED 0x0008 /* Set when the DACL was established by default means. */ 737#define SE_SACL_PRESENT 0x0010 /* Set when the SACL is present on the object. */ 738#define SD_SACL_DEFAULTED 0x0020 /* Set when the SACL was established by default means. */ 739#define SE_SERVER_SECURITY 0x0040 /* 740 * Set when the caller wants the system to create a Server ACL based 741 * on the input ACL, regardless of its source (explicit or defaulting). 742 */ 743#define SE_DACL_TRUSTED 0x0080 /* 744 * Set when ACL pointed to by the DACL field was provided by a 745 * trusted source and does not require any editing of compound ACEs. 746 */ 747#define SE_DACL_AUTO_INHERIT_REQ 0x0100 /* Set when the DACL should be computed through inheritance. */ 748#define SE_SACL_AUTO_INHERIT_REQ 0x0200 /* Set when the SACL should be computed through inheritance. */ 749#define SE_DACL_AUTO_INHERITED 0x0400 /* Set when the DACL was created through inheritance. */ 750#define SE_SACL_AUTO_INHERITED 0x0800 /* Set when the SACL was created through inheritance. */ 751#define SE_DACL_PROTECTED 0x1000 /* Set when the DACL should be protected from inherit operations. */ 752#define SE_SACL_PROTECTED 0x2000 /* Set when the SACL should be protected from inherit operations. */ 753#define SE_RM_CONTROL_VALID 0x4000 /* 754 * Set when the resource manager control bits are valid. For more 755 * information about resource managers, see [MS-SECO] section 4.1. 756 */ 757#define SE_SELF_RELATIVE 0x8000 /* 758 * Set when the security descriptor is in self-relative format. 759 * Cleared when the security descriptor is in absolute format. 760 */ 761 762/* 763 * access control list header 764 * it is followed by the ACEs 765 * note this is "raw", ie little-endian 766 */ 767struct ntacl { 768 uint8_t acl_revision; /* 0x02 observed with W2K */ 769 uint8_t acl_pad1; 770 uint16_t acl_len; /* bytes; includes this header */ 771 uint16_t acl_acecount; 772 uint16_t acl_pad2; 773} __attribute__((__packed__)); 774 775#define acllen(a) (letohs((a)->acl_len)) 776#define wset_acllen(a, l) ((a)->acl_len = htoles(l)) 777#define wset_aclacecount(a, c) ((a)->acl_acecount = htoles(c)) 778#define aclace(a) ((struct ntace *)((char *)(a) + sizeof(struct ntacl))) 779 780/* 781 * access control entry header 782 * it is followed by type-specific ace data, 783 * which for the simple types is just a SID 784 * note this is "raw", ie little-endian 785 */ 786struct ntace { 787 uint8_t ace_type; 788 uint8_t ace_flags; 789 uint16_t ace_len; /* bytes; includes this header */ 790 uint32_t ace_rights; /* generic, standard, specific, etc */ 791} __attribute__((__packed__)); 792 793#define acetype(a) ((a)->ace_type) 794#define wset_acetype(a, t) ((a)->ace_type = (t)) 795#define aceflags(a) ((a)->ace_flags) 796#define wset_aceflags(a, f) ((a)->ace_flags = (f)) 797#define acelen(a) (letohs((a)->ace_len)) 798#define wset_acelen(a, l) ((a)->ace_len = htoles(l)) 799#define acerights(a) (letohl((a)->ace_rights)) 800#define wset_acerights(a, r) ((a)->ace_rights = htolel(r)) 801#define aceace(a) ((struct ntace *)((char *)(a) + acelen(a))) 802#define acesid(a) ((struct ntsid *)((char *)(a) + sizeof(struct ntace))) 803 804/* 805 * We take the Windows SMB2 define access modes and add a SMB2 in front to protect 806 * us from namespace collisions. May want to move these to a more general include 807 * file in the future. Would have been nice if the kauth.h file had used the same 808 * number scheme as Windows. 809 */ 810#define SMB2_FILE_READ_DATA 0x00000001 /* Indicates the right to read data from the file, directory or named pipe. */ 811#define SMB2_FILE_WRITE_DATA 0x00000002 /* Indicates the right to write data into the file or named pipe beyond the end of the file. */ 812#define SMB2_FILE_APPEND_DATA 0x00000004 /* Indicates the right to append data into the file or named pipe. */ 813#define SMB2_FILE_READ_EA 0x00000008 /* Indicates the right to read the extended attributes of the file, directory or named pipe. */ 814#define SMB2_FILE_WRITE_EA 0x00000010 /* Indicates the right to write or change the extended attributes to the file, directory or named pipe. */ 815#define SMB2_FILE_EXECUTE 0x00000020 /* Indicates the right to execute the file. */ 816#define SMB2_FILE_DELETE_CHILD 0x00000040 /* Indicates the right to delete the files and directories within this directory. */ 817#define SMB2_FILE_READ_ATTRIBUTES 0x00000080 /* Indicates the right to read the attributes of the file or directory. */ 818#define SMB2_FILE_WRITE_ATTRIBUTES 0x00000100 /* Indicates the right to change the attributes of the file or directory. */ 819 820#define SMB2_DELETE 0x00010000 /* Indicates the right to delete the file or directory */ 821#define SMB2_READ_CONTROL 0x00020000 /* Indicates the right to read the security descriptor for the file, directory or named pipe. */ 822#define SMB2_WRITE_DAC 0x00040000 /* Indicates the right to change the discretionary access control list (DACL) in the security descriptor for the file directory or named pipe. */ 823#define SMB2_WRITE_OWNER 0x00080000 /* Indicates the right to change the owner in the security descriptor for the file, directory or named pipe. */ 824#define SMB2_SYNCHRONIZE 0x00100000 /* SMB 2/3 clients set this flag to any value. SMB 2/3 servers MUST ignore this flag. */ 825 826#define SMB2_ACCESS_SYSTEM_SECURITY 0x01000000 /* Indicates the right to read or change the system access control list (SACL) in the security descriptor for the file, directory or named pipe. */ 827#define SMB2_MAXIMAL_ACCESS 0x02000000 /* Indicates that the client is requesting an open to the file with the highest level of access the client has on this file. If no access is granted for the client on this file, the server MUST fail the open with STATUS_ACCESS_DENIED. */ 828 829#define SMB2_FILE_LIST_DIRECTORY SMB2_FILE_READ_DATA /* Indicates the right to enumerate the contents of the directory. */ 830#define SMB2_FILE_ADD_FILE SMB2_FILE_WRITE_DATA /* Indicates the right to create a file under the directory. */ 831#define SMB2_FILE_ADD_SUBDIRECTORY SMB2_FILE_APPEND_DATA /* Indicates the right to add a sub-directory under the directory. */ 832#define SMB2_FILE_TRAVERSE SMB2_FILE_EXECUTE /* Indicates the right to traverse this directory if the server enforces traversal checking. */ 833 834#define SA_RIGHT_FILE_ALL_ACCESS 0x000001FF 835#define STD_RIGHT_ALL_ACCESS 0x001F0000 836 837#define SMB2_GENERIC_ALL 0x10000000 /* Indicates a request for all the access flags that are previously listed except MAXIMAL_ACCESS and ACCESS_SYSTEM_SECURITY. */ 838#define SMB2_GENERIC_EXECUTE 0x20000000 /* Indicates a request for the following combination of access flags listed above: FILE_READ_ATTRIBUTES| FILE_EXECUTE| SYNCHRONIZE| READ_CONTROL. */ 839#define SMB2_GENERIC_WRITE 0x40000000 /* Indicates a request for the following combination of access flags listed above: FILE_WRITE_DATA| FILE_APPEND_DATA| FILE_WRITE_ATTRIBUTES| FILE_WRITE_EA| SYNCHRONIZE| READ_CONTROL. */ 840#define SMB2_GENERIC_READ 0x80000000 /* Indicates a request for the following combination of access flags listed above: FILE_READ_DATA| FILE_READ_ATTRIBUTES| FILE_READ_EA| SYNCHRONIZE| READ_CONTROL. */ 841 842/* 843 * This is an internal define, this value is not part of any Windows Documentation. 844 * The is used to decide if the share ACL doesn't allow any type of write access. 845 * In that case we set the mount point to be read only. 846 */ 847#define FILE_FULL_WRITE_ACCESS (SMB2_FILE_WRITE_DATA | SMB2_FILE_APPEND_DATA | \ 848 SMB2_FILE_WRITE_EA | SMB2_FILE_WRITE_ATTRIBUTES | \ 849 SMB2_DELETE | SMB2_WRITE_DAC | SMB2_WRITE_OWNER) 850 851/* 852 * security identifier header 853 * it is followed by sid_numauth sub-authorities, 854 * which are 32 bits each. 855 * note the subauths are little-endian on the wire, but 856 * need to be big-endian for memberd/DS 857 */ 858#define SIDAUTHSIZE 6 859struct ntsid { 860 uint8_t sid_revision; 861 uint8_t sid_subauthcount; 862 uint8_t sid_authority[SIDAUTHSIZE]; /* ie not little endian */ 863} __attribute__((__packed__)); 864 865#define sidlen(s) (sizeof(struct ntsid) + (sizeof(uint32_t) * (s)->sid_subauthcount)) 866#define MAXSIDLEN (sizeof(struct ntsid) + (sizeof(uint32_t) * KAUTH_NTSID_MAX_AUTHORITIES)) 867 868/* 869 * MS' defined values for ace_type 870 */ 871#define ACCESS_ALLOWED_ACE_TYPE 0x0 872#define ACCESS_DENIED_ACE_TYPE 0x1 873#define SYSTEM_AUDIT_ACE_TYPE 0x2 874#define SYSTEM_ALARM_ACE_TYPE 0x3 875#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE 0x4 876#define ACCESS_ALLOWED_OBJECT_ACE_TYPE 0x5 877#define ACCESS_DENIED_OBJECT_ACE_TYPE 0x6 878#define SYSTEM_AUDIT_OBJECT_ACE_TYPE 0x7 879#define SYSTEM_ALARM_OBJECT_ACE_TYPE 0x8 880#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE 0x9 881#define ACCESS_DENIED_CALLBACK_ACE_TYPE 0xA 882#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE 0xB 883#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE 0xC 884#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE 0xD 885#define SYSTEM_ALARM_CALLBACK_ACE_TYPE 0xE 886#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE 0xF 887#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE 0x10 888 889/* 890 * MS' defined values for ace_flags 891 */ 892#define OBJECT_INHERIT_ACE_FLAG 0x01 893#define CONTAINER_INHERIT_ACE_FLAG 0x02 894#define NO_PROPAGATE_INHERIT_ACE_FLAG 0x04 895#define INHERIT_ONLY_ACE_FLAG 0x08 896#define INHERITED_ACE_FLAG 0x10 897#define UNDEF_ACE_FLAG 0x20 /* MS doesn't define it?! */ 898#define VALID_INHERIT_ACE_FLAGS 0x1F 899#define SUCCESSFUL_ACCESS_ACE_FLAG 0x40 900#define FAILED_ACCESS_ACE_FLAG 0x80 901 902/* 903 * Set PATH/FILE information levels 904 */ 905#define SMB_SFILEINFO_STANDARD 1 906#define SMB_SFILEINFO_EA_SET 2 907#define SMB_SFILEINFO_BASIC_INFO 0x101 908#define SMB_SFILEINFO_DISPOSITION_INFO 0x102 909#define SMB_SFILEINFO_ALLOCATION_INFO 0x103 910#define SMB_SFILEINFO_END_OF_FILE_INFO 0x104 911#define SMB_SFILEINFO_UNIX_BASIC 0x200 912#define SMB_SFILEINFO_UNIX_LINK 0x201 913#define SMB_SFILEINFO_UNIX_HLINK 0x203 914#define SMB_SFILEINFO_POSIX_ACL 0x204 915#define SMB_SFILEINFO_POSIX_UNLINK 0x20A 916#define SMB_SFILEINFO_UNIX_INFO2 0x20B 917#define SMB_SFILEINFO_DIRECTORY_INFORMATION 1001 918#define SMB_SFILEINFO_FULL_DIRECTORY_INFORMATION 1002 919#define SMB_SFILEINFO_BOTH_DIRECTORY_INFORMATION 1003 920#define SMB_SFILEINFO_BASIC_INFORMATION 1004 921#define SMB_SFILEINFO_STANDARD_INFORMATION 1005 922#define SMB_SFILEINFO_INTERNAL_INFORMATION 1006 923#define SMB_SFILEINFO_EA_INFORMATION 1007 924#define SMB_SFILEINFO_ACCESS_INFORMATION 1008 925#define SMB_SFILEINFO_NAME_INFORMATION 1009 926#define SMB_SFILEINFO_RENAME_INFORMATION 1010 927#define SMB_SFILEINFO_LINK_INFORMATION 1011 928#define SMB_SFILEINFO_NAMES_INFORMATION 1012 929#define SMB_SFILEINFO_DISPOSITION_INFORMATION 1013 930#define SMB_SFILEINFO_POSITION_INFORMATION 1014 931#define SMB_SFILEINFO_1015 1015 /* ? */ 932#define SMB_SFILEINFO_MODE_INFORMATION 1016 933#define SMB_SFILEINFO_ALIGNMENT_INFORMATION 1017 934#define SMB_SFILEINFO_ALL_INFORMATION 1018 935#define SMB_SFILEINFO_ALLOCATION_INFORMATION 1019 936#define SMB_SFILEINFO_END_OF_FILE_INFORMATION 1020 937#define SMB_SFILEINFO_ALT_NAME_INFORMATION 1021 938#define SMB_SFILEINFO_STREAM_INFORMATION 1022 939#define SMB_SFILEINFO_PIPE_INFORMATION 1023 940#define SMB_SFILEINFO_PIPE_LOCAL_INFORMATION 1024 941#define SMB_SFILEINFO_PIPE_REMOTE_INFORMATION 1025 942#define SMB_SFILEINFO_MAILSLOT_QUERY_INFORMATION 1026 943#define SMB_SFILEINFO_MAILSLOT_SET_INFORMATION 1027 944#define SMB_SFILEINFO_COMPRESSION_INFORMATION 1028 945#define SMB_SFILEINFO_OBJECT_ID_INFORMATION 1029 946#define SMB_SFILEINFO_COMPLETION_INFORMATION 1030 947#define SMB_SFILEINFO_MOVE_CLUSTER_INFORMATION 1031 948#define SMB_SFILEINFO_QUOTA_INFORMATION 1032 949#define SMB_SFILEINFO_REPARSE_POINT_INFORMATION 1033 950#define SMB_SFILEINFO_NETWORK_OPEN_INFORMATION 1034 951#define SMB_SFILEINFO_ATTRIBUTE_TAG_INFORMATION 1035 952#define SMB_SFILEINFO_TRACKING_INFORMATION 1036 953#define SMB_SFILEINFO_MAXIMUM_INFORMATION 1037 954 955/* 956 * LOCKING_ANDX LockType flags 957 */ 958#define SMB_LOCKING_ANDX_SHARED_LOCK 0x01 959#define SMB_LOCKING_ANDX_OPLOCK_RELEASE 0x02 960#define SMB_LOCKING_ANDX_CHANGE_LOCKTYPE 0x04 961#define SMB_LOCKING_ANDX_CANCEL_LOCK 0x08 962#define SMB_LOCKING_ANDX_LARGE_FILES 0x10 963 964/* 965 * Definition of parameter block of SMB_SET_POSIX_LOCK 966 * 967 * [2 bytes] lock_type - 0 = Read, 1 = Write, 2 = Unlock 968 * [2 bytes] lock_flags - 1 = Wait (only valid for setlock) 969 * [4 bytes] pid = locking context. 970 * [8 bytes] start = unsigned 64 bits. 971 * [8 bytes] length = unsigned 64 bits. 972 */ 973 974#define POSIX_LOCK_TYPE_OFFSET 0 975#define POSIX_LOCK_FLAGS_OFFSET 2 976#define POSIX_LOCK_PID_OFFSET 4 977#define POSIX_LOCK_START_OFFSET 8 978#define POSIX_LOCK_LEN_OFFSET 16 979#define POSIX_LOCK_DATA_SIZE 24 980 981#define POSIX_LOCK_FLAG_NOWAIT 0 982#define POSIX_LOCK_FLAG_WAIT 1 983 984#define POSIX_LOCK_TYPE_READ 0 985#define POSIX_LOCK_TYPE_WRITE 1 986#define POSIX_LOCK_TYPE_UNLOCK 2 987 988/* SMB_POSIX_PATH_OPEN "open_mode" definitions. */ 989#define SMB_O_RDONLY 0x1 990#define SMB_O_WRONLY 0x2 991#define SMB_O_RDWR 0x4 992 993#define SMB_ACCMODE 0x7 994 995#define SMB_O_CREAT 0x10 996#define SMB_O_EXCL 0x20 997#define SMB_O_TRUNC 0x40 998#define SMB_O_APPEND 0x80 999#define SMB_O_SYNC 0x100 1000#define SMB_O_DIRECTORY 0x200 1001#define SMB_O_NOFOLLOW 0x400 1002#define SMB_O_DIRECT 0x800 1003 1004/* 1005 * Some names length limitations. Some of them aren't declared by specs, 1006 * but we need reasonable limits. 1007 */ 1008#define SMB_MAXNetBIOSNAMELEN 15 /* NetBIOS limit */ 1009#define SMB_MAX_DNS_SRVNAMELEN 255 1010#define SMB_MAXUSERNAMELEN 128 1011#define SMB_MAXPASSWORDLEN 128 1012#define SMB_MAX_NTLM_NAME (SMB_MAX_DNS_SRVNAMELEN + 1 + SMB_MAXUSERNAMELEN) 1013/* Max Kerberos principal name length we support */ 1014#define SMB_MAX_KERB_PN 1024 1015#define SMB_MAX_NATIVE_OS_STRING 256 1016#define SMB_MAX_NATIVE_LANMAN_STRING 256 1017 1018/* 1019 * XP will only allow 80 characters in a share name, the SMB 2/3 1020 * Spec confirms this in the tree connect section. Since UTF8 1021 * can have 3 * 80(characters) bytes then lets make SMB_MAXSHARENAMELEN 1022 * 240 bytes. 1023 */ 1024#define SMB_MAXSHARENAMELEN 240 1025#define SMB_MAXPKTLEN 0x0001FFFF 1026#define SMB_LARGE_MAXPKTLEN 0x00FFFFFF /* Non NetBIOS connections */ 1027#define SMB_MAXCHALLENGELEN 8 1028#define SMB_MAXFNAMELEN 255 /* Max pathname component length */ 1029 1030#define SMB_RCNDELAY 2 /* seconds between reconnect attempts */ 1031/* 1032 * leave this zero - we can't ssecond guess server side effects of 1033 * duplicate ops, this isn't nfs! 1034 */ 1035#define SMB_MAXSETUPWORDS 3 /* max # of setup words in trans/t2 */ 1036 1037/* 1038 * Error classes 1039 */ 1040#define SMBSUCCESS 0x00 1041#define ERRDOS 0x01 1042#define ERRSRV 0x02 1043#define ERRHRD 0x03 /* Error is an hardware error. */ 1044#define ERRCMD 0xFF /* Command was not in the "SMB" format. */ 1045 1046/* 1047 * size of the GUID returned in an extended security negotiate response 1048 */ 1049#define SMB_GUIDLEN 16 1050 1051typedef uint16_t smbfh; 1052 1053#define SMB_NTLM_LEN 21 1054#define SMB_NTLMV2_LEN 16 1055#define SMB_LMV2_LEN 24 1056 1057/* 1058 * NTLMv2 blob header structure. 1059 */ 1060struct ntlmv2_blobhdr { 1061 uint32_t header; 1062 uint32_t reserved; 1063 uint64_t timestamp; 1064 uint64_t client_nonce; 1065 uint32_t unknown1; 1066}; 1067 1068/* 1069 * NTLMv2 name header structure, for names in a blob. 1070 */ 1071struct ntlmv2_namehdr { 1072 uint16_t type; 1073 uint16_t len; 1074}; 1075 1076#define NAMETYPE_EOL 0x0000 /* end of list of names */ 1077#define NAMETYPE_MACHINE_NB 0x0001 /* NetBIOS machine name */ 1078#define NAMETYPE_DOMAIN_NB 0x0002 /* NetBIOS domain name */ 1079#define NAMETYPE_MACHINE_DNS 0x0003 /* DNS machine name */ 1080#define NAMETYPE_DOMAIN_DNS 0x0004 /* DNS Active Directory domain name */ 1081 1082/* 1083 * Named pipe commands. 1084 */ 1085#define TRANS_CALL_NAMED_PIPE 0x54 /* open/write/read/close pipe */ 1086#define TRANS_WAIT_NAMED_PIPE 0x53 /* wait for pipe to be nonbusy */ 1087#define TRANS_PEEK_NAMED_PIPE 0x23 /* read but don't remove data */ 1088#define TRANS_Q_NAMED_PIPE_HAND_STATE 0x21 /* query pipe handle modes */ 1089#define TRANS_SET_NAMED_PIPE_HAND_STATE 0x01 /* set pipe handle modes */ 1090#define TRANS_Q_NAMED_PIPE_INFO 0x22 /* query pipe attributes */ 1091#define TRANS_TRANSACT_NAMED_PIPE 0x26 /* write/read operation on pipe */ 1092#define TRANS_READ_NAMED_PIPE 0x11 /* read pipe in "raw" (non message mode) */ 1093#define TRANS_WRITE_NAMED_PIPE 0x31 /* write pipe "raw" (non message mode) */ 1094 1095/* 1096 * [MS-CIFS] 1097 * WriteMode (2 bytes): A 16-bit field containing flags defined as follows: 1098 * WritethroughMode 0x0001 1099 * If set the server MUST NOT respond to the client before the data is 1100 * written to disk (write-through). 1101 * ReadBytesAvailable 0x0002 1102 * If set the server SHOULD set the Response.SMB_Parameters.Available 1103 * field correctly for writes to named pipes or I/O devices. 1104 * RAW_MODE 0x0004 1105 * Applicable to named pipes only. If set, the named pipe MUST be written 1106 * to in raw mode (no translation). 1107 * MSG_START 0x0008 1108 * Applicable to named pipes only. If set, this data is the start of a message. 1109 */ 1110#define WritethroughMode 0x0001 1111#define ReadBytesAvailable 0x0002 1112#define RAW_MODE 0x0004 1113#define MSG_START 0x0008 1114 1115 1116#define SFM_RESOURCEFORK_NAME "AFP_Resource" 1117#define SFM_FINDERINFO_NAME "AFP_AfpInfo" 1118#define SFM_DESKTOP_NAME "AFP_DeskTop" 1119#define SFM_IDINDEX_NAME "AFP_IdIndex" 1120 1121#ifndef XATTR_RESOURCEFORK_NAME 1122#define XATTR_RESOURCEFORK_NAME "com.apple.ResourceFork" 1123#endif 1124#ifndef XATTR_FINDERINFO_NAME 1125#define XATTR_FINDERINFO_NAME "com.apple.FinderInfo" 1126#endif 1127#ifndef FINDERINFOSIZE 1128#define FINDERINFOSIZE 32 1129#endif 1130#define SMB_DATASTREAM ":$DATA" 1131 1132/* 1133 * Used in the open/read chain messages 1134 * CreateAndX response is 68 bytes long plus 1 bytes for the word count field 1135 * Two more bytes for the createandx byte count field 1136 * ReadAndX response is 24 bytes long plus 1 bytes for the word count field 1137 * Two more bytes for the readandx byte count field 1138 * Eight bytes for pad data between create and read and read and the data buffer 1139 */ 1140#define SMB_CREATEXRLEN 68 + 1 1141#define SMB_READXRLEN 24 +1 1142#define SMB_BCOUNT_LEN 2 1143#define SMB_CHAIN_PAD 8 1144#define SMB_MAX_CHAIN_READ SMB_CREATEXRLEN + SMB_BCOUNT_LEN + SMB_READXRLEN + SMB_BCOUNT_LEN + SMB_CHAIN_PAD 1145#define SMB_SETUPXRLEN 280 /* This is what Windows 2003 uses not sure why, but better safe than sorry */ 1146 1147#define AFP_INFO_SIZE 60 1148#define AFP_INFO_FINDER_OFFSET 16 1149 1150enum stream_types { 1151 kNoStream = 0, 1152 kResourceFrk = 1, 1153 kFinderInfo = 2, 1154 kExtendedAttr = 4, 1155 kMsStream = 8 1156}; 1157 1158#endif /* _NETSMB_SMB_H_ */ 1159