Print this page
NEX-17289 Minimal SMB 3.0.2 support
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-5273 SMB 3 Encryption
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-3553 SMB2/3 durable handles
Reviewed by: Gordon Ross <gwr@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
NEX-3733 Want SMB2 Apple extensions
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-3610 CLONE NEX-3591 SMB3 signing
Reviewed by: Gordon Ross <gwr@nexenta.com>
Reviewed by: Dan Fields <dan.fields@nexenta.com>
NEX-3080 SMB1 signing problem with Kerberos auth.
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-1734 SMB2 oplock break request missing a flag
SMB-79 Codenomicon: SMB2 TC: 4978 - Panic in smb_latency_add_sample
SMB-11 SMB2 message parse & dispatch
SMB-12 SMB2 Negotiate Protocol
SMB-13 SMB2 Session Setup
SMB-14 SMB2 Logoff
SMB-15 SMB2 Tree Connect
SMB-16 SMB2 Tree Disconnect
SMB-17 SMB2 Create
SMB-18 SMB2 Close
SMB-19 SMB2 Flush
SMB-20 SMB2 Read
SMB-21 SMB2 Write
SMB-22 SMB2 Lock/Unlock
SMB-23 SMB2 Ioctl
SMB-24 SMB2 Cancel
SMB-25 SMB2 Echo
SMB-26 SMB2 Query Dir
SMB-27 SMB2 Change Notify
SMB-28 SMB2 Query Info
SMB-29 SMB2 Set Info
SMB-30 SMB2 Oplocks
SMB-53 SMB2 Create Context options
(SMB2 code review cleanup 1, 2, 3)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/smbsrv/smb2.h
+++ new/usr/src/uts/common/smbsrv/smb2.h
1 1 /*
2 2 * This file and its contents are supplied under the terms of the
|
↓ open down ↓ |
2 lines elided |
↑ open up ↑ |
3 3 * Common Development and Distribution License ("CDDL"), version 1.0.
4 4 * You may only use this file in accordance with the terms of version
5 5 * 1.0 of the CDDL.
6 6 *
7 7 * A full copy of the text of the CDDL should have accompanied this
8 8 * source. A copy of the CDDL is also available via the Internet at
9 9 * http://www.illumos.org/license/CDDL.
10 10 */
11 11
12 12 /*
13 - * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
13 + * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
14 14 */
15 15
16 16 #ifndef _SMB_SMB2_H
17 17 #define _SMB_SMB2_H
18 18
19 19 #ifdef __cplusplus
20 20 extern "C" {
21 21 #endif
22 22
23 23 #define SMB2_PROTOCOL_ID { 0xFE, 'S', 'M', 'B' }
24 24 #define SMB2_HDR_SIZE 64
25 +#define SMB3_TFORM_HDR_SIZE 52
25 26
26 27 /*
28 + * Protocol ID as a 32-bit little-endian integer.
29 + */
30 +#define SMB2_PROTOCOL_MAGIC 0x424d53fe
31 +#define SMB3_ENCRYPTED_MAGIC 0x424d53fd
32 +
33 +/*
27 34 * SMB2 header command codes.
28 35 * These are uint16_t on the wire.
29 36 */
30 37 typedef enum {
31 38 SMB2_NEGOTIATE = 0,
32 39 SMB2_SESSION_SETUP,
33 40 SMB2_LOGOFF,
34 41 SMB2_TREE_CONNECT,
35 42 SMB2_TREE_DISCONNECT,
36 43 SMB2_CREATE,
37 44 SMB2_CLOSE,
38 45 SMB2_FLUSH,
39 46 SMB2_READ,
40 47 SMB2_WRITE,
41 48 SMB2_LOCK,
42 49 SMB2_IOCTL,
43 50 SMB2_CANCEL,
44 51 SMB2_ECHO,
45 52 SMB2_QUERY_DIRECTORY,
46 53 SMB2_CHANGE_NOTIFY,
47 54 SMB2_QUERY_INFO,
48 55 SMB2_SET_INFO,
49 56 SMB2_OPLOCK_BREAK,
50 57 /*
51 58 * The above (oplock break) is the last real SMB2 op-code.
52 59 * We use one more slot to represent invalid commands, and
53 60 * the final enum value is used for array sizes. Keep last!
54 61 */
55 62 SMB2_INVALID_CMD,
56 63 SMB2__NCMDS
57 64 } SMB2_cmd_code;
58 65
59 66 /*
60 67 * SMB2 header flags.
61 68 */
62 69
63 70 /*
64 71 * SERVER_TO_REDIR
65 72 * When set, indicates the message is a response rather than
66 73 * a request. This MUST be set on responses sent from the
67 74 * server to the client, and MUST NOT be set on requests
68 75 * sent from the client to the server.
69 76 */
70 77 #define SMB2_FLAGS_SERVER_TO_REDIR 0x00000001
71 78
72 79 /*
73 80 * ASYNC_COMMAND
74 81 * When set, indicates that this is an ASYNC SMB2 header.
75 82 * Always set for headers of the form described in this
76 83 * section.
77 84 */
78 85 #define SMB2_FLAGS_ASYNC_COMMAND 0x00000002
79 86
80 87 /*
81 88 * RELATED_OPERATIONS
82 89 * When set in an SMB2 request, indicates that this request
83 90 * is a related operation in a compounded request chain.
84 91 * [MS-SMB2 sec. 3.2.4.1.4]
85 92 *
86 93 * When set in an SMB2 compound response, indicates that
87 94 * the request corresponding to this response was part of a
88 95 * related operation in a compounded request chain.
89 96 * [MS-SMB2 sec. 3.3.5.2.7.2]
90 97 */
91 98 #define SMB2_FLAGS_RELATED_OPERATIONS 0x00000004
92 99
93 100 /*
94 101 * SIGNED
95 102 * When set, indicates that this packet has been signed.
96 103 * [MS-SMB2 3.1.5.1]
97 104 */
98 105 #define SMB2_FLAGS_SIGNED 0x00000008
99 106
100 107 /*
101 108 * [MS-SMB2] 3.2.5.3.1 The SessionKey MUST be set to the
102 109 * first 16 bytes of the cryptographic key from GSSAPI.
103 110 * (Padded with zeros if the GSSAPI key is shorter.)
104 111 */
105 112 #define SMB2_SESSION_KEY_LEN 16
106 113
107 114 /*
108 115 * DFS_OPERATIONS
109 116 * When set, indicates that this command is a Distributed
110 117 * File System (DFS) operation. [MS-SMB2 3.3.5.9]
111 118 */
112 119 #define SMB2_FLAGS_DFS_OPERATIONS 0x10000000
113 120
114 121 /*
115 122 * REPLAY_OPERATION
116 123 * This flag is only valid for the SMB 3.0 dialect. When set,
117 124 * it indicates that this command is a replay operation.
118 125 * The client MUST ignore this bit on receipt.
119 126 */
120 127 #define SMB2_FLAGS_REPLAY_OPERATION 0x20000000
121 128
122 129 /*
123 130 * SMB2 Netgotiate [MS-SMB2 2.2.3]
124 131 */
125 132
126 133 #define SMB2_NEGOTIATE_SIGNING_ENABLED 0x01
127 134 #define SMB2_NEGOTIATE_SIGNING_REQUIRED 0x02
128 135
129 136 #define SMB2_CAP_DFS 0x00000001
130 137
131 138 /* Added with SMB2.1 */
132 139 #define SMB2_CAP_DFS 0x00000001
133 140 #define SMB2_CAP_LEASING 0x00000002
134 141 /*
135 142 * LARGE_MTU:
136 143 * When set, indicates that the client supports multi-credit operations.
137 144 */
138 145 #define SMB2_CAP_LARGE_MTU 0x00000004
139 146
140 147 /* Added with SMB3.0 */
141 148 #define SMB2_CAP_MULTI_CHANNEL 0x00000008
|
↓ open down ↓ |
105 lines elided |
↑ open up ↑ |
142 149 #define SMB2_CAP_PERSISTENT_HANDLES 0x00000010
143 150 #define SMB2_CAP_DIRECTORY_LEASING 0x00000020
144 151 #define SMB2_CAP_ENCRYPTION 0x00000040
145 152
146 153 /* SMB2 session flags */
147 154 #define SMB2_SESSION_FLAG_IS_GUEST 0x0001
148 155 #define SMB2_SESSION_FLAG_IS_NULL 0x0002
149 156 #define SMB2_SESSION_FLAG_ENCRYPT_DATA 0x0004
150 157
151 158 /*
159 + * Client wants to bind an existing session to a new connection
160 + */
161 +#define SMB2_SESSION_FLAG_BINDING 0x01
162 +
163 +/*
152 164 * SMB2 Tree connect, disconnect
153 165 */
154 166
155 167 /* SMB2 sharetype flags */
156 168 #define SMB2_SHARE_TYPE_DISK 0x1
157 169 #define SMB2_SHARE_TYPE_PIPE 0x2
158 170 #define SMB2_SHARE_TYPE_PRINT 0x3
159 171
160 172 /* SMB2 share flags */
161 173 #define SMB2_SHAREFLAG_MANUAL_CACHING 0x00000000
162 174 #define SMB2_SHAREFLAG_AUTO_CACHING 0x00000010
163 175 #define SMB2_SHAREFLAG_VDO_CACHING 0x00000020
164 176 #define SMB2_SHAREFLAG_NO_CACHING 0x00000030
165 177 #define SMB2_SHAREFLAG_DFS 0x00000001
166 178 #define SMB2_SHAREFLAG_DFS_ROOT 0x00000002
167 179 #define SMB2_SHAREFLAG_RESTRICT_EXCLUSIVE_OPENS 0x00000100
168 180 #define SMB2_SHAREFLAG_FORCE_SHARED_DELETE 0x00000200
169 181 #define SMB2_SHAREFLAG_ALLOW_NAMESPACE_CACHING 0x00000400
170 182 #define SMB2_SHAREFLAG_ACCESS_BASED_DIRECTORY_ENUM 0x00000800
171 183 #define SMB2_SHAREFLAG_FORCE_LEVELII_OPLOCK 0x00001000
172 184 /* SMB 3.0 */
173 185 #define SMB2_SHAREFLAG_ENABLE_HASH_V1 0x00002000
174 186 #define SMB2_SHAREFLAG_ENABLE_HASH_V2 0x00004000
175 187 #define SMB2_SHAREFLAG_ENCRYPT_DATA 0x00008000
176 188
177 189 /* SMB2 share capabilities */
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
178 190 #define SMB2_SHARE_CAP_DFS 0x00000008
179 191 /* SMB 3.0 */
180 192 #define SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY 0x00000010
181 193 #define SMB2_SHARE_CAP_SCALEOUT 0x00000020
182 194 #define SMB2_SHARE_CAP_CLUSTER 0x00000040
183 195
184 196 /*
185 197 * SMB2 Create (open)
186 198 */
187 199
188 -/* SMB2 requested oplock levels */
200 +/*
201 + * SMB2 requested oplock levels
202 + * Corresponds to ntifs.h OPLOCK_LEVEL_... but NOT the same!
203 + */
189 204 #define SMB2_OPLOCK_LEVEL_NONE 0x00
190 205 #define SMB2_OPLOCK_LEVEL_II 0x01
191 206 #define SMB2_OPLOCK_LEVEL_EXCLUSIVE 0x08
192 207 #define SMB2_OPLOCK_LEVEL_BATCH 0x09
193 208 #define SMB2_OPLOCK_LEVEL_LEASE 0xFF
194 209
210 +/*
211 + * SMB2 create request lease "type"
212 + * Note: Same as ntifs.h OPLOCK_LEVEL_CACHE...
213 + */
214 +#define SMB2_LEASE_NONE 0x00
215 +#define SMB2_LEASE_READ_CACHING 0x01
216 +#define SMB2_LEASE_HANDLE_CACHING 0x02
217 +#define SMB2_LEASE_WRITE_CACHING 0x04
218 +
219 +/* SMB2 create lease flags */
220 +#define SMB2_LEASE_FLAG_BREAK_IN_PROGRESS 0x00000002
221 +#define SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET 0x00000004
222 +
195 223 /* SMB2 impersonation levels */
196 224 #define SMB2_IMPERSONATION_ANONYMOUS 0x00
197 225 #define SMB2_IMPERSONATION_IDENTIFICATION 0x01
198 226 #define SMB2_IMPERSONATION_IMPERSONATION 0x02
199 227 #define SMB2_IMPERSONATION_DELEGATE 0x03
200 228
201 229 /*
202 230 * Note: ShareAccess, CreateDispositon, CreateOptions,
203 231 * all use the same definitions as SMB1 (from MS-FSA).
204 232 * Ditto FileAccess flags (as with ACLs)
205 233 */
206 234
207 235 /* SMB2 Create Context tags */
208 236
209 237 #define SMB2_CREATE_EA_BUFFER 0x45787441 /* ("ExtA") */
210 238 /*
211 239 * The data contains the extended attributes
212 240 * that MUST be stored on the created file.
213 241 * This value MUST NOT be set for named
214 242 * pipes and print files.
215 243 */
216 244
217 245 #define SMB2_CREATE_SD_BUFFER 0x53656344 /* ("SecD") */
218 246 /*
219 247 * The data contains a security descriptor that
220 248 * MUST be stored on the created file.
221 249 * This value MUST NOT be set for named
222 250 * pipes and print files.
223 251 */
224 252
225 253 #define SMB2_CREATE_DURABLE_HANDLE_REQUEST 0x44486e51 /* ("DHnQ") */
226 254 /* The client is requesting the open to be durable */
227 255
228 256 #define SMB2_CREATE_DURABLE_HANDLE_RECONNECT 0x44486e43 /* ("DHnC") */
229 257 /*
230 258 * The client is requesting to reconnect to a
231 259 * durable open after being disconnected
232 260 */
233 261
234 262 #define SMB2_CREATE_ALLOCATION_SIZE 0x416c5369 /* ("AISi") */
235 263 /*
236 264 * The data contains the required allocation
237 265 * size of the newly created file.
238 266 */
239 267
240 268 #define SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQ 0x4d784163 /* ("MxAc") */
241 269 /*
242 270 * The client is requesting that the server
243 271 * return maximal access information.
244 272 */
245 273
246 274 #define SMB2_CREATE_TIMEWARP_TOKEN 0x54577270 /* ("TWrp") */
247 275 /*
248 276 * The client is requesting that the server
249 277 * open an earlier version of the file identified
|
↓ open down ↓ |
45 lines elided |
↑ open up ↑ |
250 278 * by the provided time stamp.
251 279 */
252 280
253 281 #define SMB2_CREATE_QUERY_ON_DISK_ID 0x51466964 /* ("QFid") */
254 282 /*
255 283 * The client is requesting that the server return a 32-byte
256 284 * opaque BLOB that uniquely identifies the file being opened
257 285 * on disk. No data is passed to the server by the client.
258 286 */
259 287
288 +#define SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 0x44483251 /* ("DH2Q") */
289 +/*
290 + * The client is requesting the open to be durable.
291 + * This value is only supported for the SMB 3.x dialect family.
292 + */
293 +
294 +#define SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 0x44483243 /* ("DH2C") */
295 +/*
296 + * The client is requesting to reconnect to a
297 + * durable open after being disconnected.
298 + * This value is only supported for the SMB 3.x dialect family.
299 + */
300 +
301 +#define SMB2_DHANDLE_FLAG_PERSISTENT 0x00000002
302 +/* A persistent handle is requested. */
303 +
260 304 #define SMB2_CREATE_REQUEST_LEASE 0x52714c73 /* ("RqLs") */
261 305 /*
262 306 * The client is requesting that the server return a lease.
263 307 * This value is only supported for the SMB 2.1 and 3.0 dialects.
264 308 */
265 309
266 -/* SMB2 create request lease */
267 -#define SMB2_LEASE_NONE 0x00
268 -#define SMB2_LEASE_READ_CACHING 0x01
269 -#define SMB2_LEASE_HANDLE_CACHING 0x02
270 -#define SMB2_LEASE_WRITE_CACHING 0x04
310 +#define SMB2_CREATE_CTX_AAPL 0x4141504c /* ("AAPL") */
311 +/*
312 + * Client is MacOS X looking for MacOS-specific extensions.
313 + */
271 314
272 -/* SMB2 lease break notification flags */
273 -#define SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED 0x01
274 -
275 315 /*
276 316 * SMB2 Close
277 317 */
278 318 #define SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB 0x0001
279 319
280 320 /*
321 + * SMB2 Read
322 + */
323 +#define SMB2_READFLAG_READ_UNBUFFERED 0x00000001
324 +
325 +/*
281 326 * SMB2 Write
282 327 */
283 328 #define SMB2_WRITEFLAG_WRITE_THROUGH 0x00000001
329 +#define SMB2_WRITEFLAG_WRITE_UNBUFFERED 0x00000002
284 330
285 331 /*
286 332 * SMB2 Lock Request
287 333 */
288 334
289 335 /* SMB2 lock flags */
290 336
291 337 /*
292 338 * SMB2_LOCKFLAG_SHARED_LOCK
293 339 * The range MUST be locked shared, allowing other opens
294 340 * to read from or take a shared lock on the range. All opens
295 341 * MUST NOT be allowed to write within the range. Other
296 342 * locks can be requested and taken on this range.
297 343 */
298 344 #define SMB2_LOCKFLAG_SHARED_LOCK 0x00000001
299 345
300 346 /*
301 347 * SMB2_LOCKFLAG_EXCLUSIVE_LOCK
302 348 * The range MUST be locked exclusive, not allowing other
303 349 * opens to read, write, or lock within the range.
304 350 */
305 351 #define SMB2_LOCKFLAG_EXCLUSIVE_LOCK 0x00000002
306 352
307 353 /*
308 354 * SMB2_LOCKFLAG_UNLOCK
309 355 * The range MUST be unlocked from a previous lock taken
310 356 * on this range. The unlock range MUST be identical to the
311 357 * lock range. Sub-ranges cannot be unlocked.
312 358 */
313 359 #define SMB2_LOCKFLAG_UNLOCK 0x00000004
314 360
315 361 /*
316 362 * SMB2_LOCKFLAG_FAIL_IMMEDIATELY
317 363 * The lock operation MUST fail immediately if it conflicts
318 364 * with an existing lock, instead of waiting for the range to
319 365 * become available. This can be OR'ed with either of
320 366 * shared_lock, exclusive_lock (nothing else).
321 367 */
322 368 #define SMB2_LOCKFLAG_FAIL_IMMEDIATELY 0x00000010
323 369
324 370 /*
325 371 * SMB2 Ioctl Request
326 372 */
327 373 #define SMB2_0_IOCTL_IS_FSCTL 0x00000001
328 374
329 375
330 376 /*
331 377 * SMB2 Query Directory
332 378 */
333 379
334 380 /*
335 381 * SMB2 query directory info levels
336 382 * Same as SMB1 (see ntifs.h)
337 383 */
338 384
339 385 /*
340 386 * SMB2 Query Directory Flags
341 387 * (our own names for these - spec. used poor names)
342 388 */
343 389 #define SMB2_QDIR_FLAG_RESTART 0x01 /* SMB2_RESTART_SCANS */
344 390 #define SMB2_QDIR_FLAG_SINGLE 0x02 /* SMB2_RETURN_SINGLE_ENTRY */
345 391 #define SMB2_QDIR_FLAG_INDEX 0x04 /* SMB2_INDEX_SPECIFIED */
346 392 #define SMB2_QDIR_FLAG_REOPEN 0x10 /* SMB2_REOPEN */
347 393
348 394 /*
349 395 * SMB2 Query Info Request
350 396 */
351 397
352 398 /* info type */
353 399 #define SMB2_0_INFO_FILE 0x01
354 400 /* The file information is requested. */
355 401 #define SMB2_0_INFO_FILESYSTEM 0x02
356 402 /* The underlying object store information is requested. */
|
↓ open down ↓ |
63 lines elided |
↑ open up ↑ |
357 403 #define SMB2_0_INFO_SECURITY 0x03
358 404 /* The security information is requested. */
359 405 #define SMB2_0_INFO_QUOTA 0x04
360 406 /* The underlying object store quota information is requested. */
361 407
362 408 /*
363 409 * SMB2 Change Nofity Request
364 410 */
365 411 #define SMB2_WATCH_TREE 0x00000001
366 412
413 +/* SMB2 Oplock Break: lease break notification flags */
414 +#define SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED 0x01
415 +
367 416 #ifdef __cplusplus
368 417 }
369 418 #endif
370 419
371 420 #endif /* _SMB_SMB2_H */
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX