search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-smb.h
blob41d479ce76a9315559466bc10ea08a231e0b3a39
1 /* packet-smb.h
2 * Defines for SMB packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998, 1999 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 #ifndef __PACKET_SMB_H__
13 #define __PACKET_SMB_H__
14
15 #include "ws_symbol_export.h"
16
17 #include <epan/proto.h>
18 #include <epan/wmem_scopes.h>
19
20 WS_DLL_PUBLIC bool sid_name_snooping;
21
22 /* SMB command codes, from the SNIA CIFS spec. With MSVC and a
23 * libwireshark.dll, we need a special declaration.
24 */
25 WS_DLL_PUBLIC value_string_ext smb_cmd_vals_ext;
26 WS_DLL_PUBLIC value_string_ext trans2_cmd_vals_ext;
27 WS_DLL_PUBLIC value_string_ext nt_cmd_vals_ext;
28
29 #define SMB_COM_CREATE_DIRECTORY 0x00
30 #define SMB_COM_DELETE_DIRECTORY 0x01
31 #define SMB_COM_OPEN 0x02
32 #define SMB_COM_CREATE 0x03
33 #define SMB_COM_CLOSE 0x04
34 #define SMB_COM_FLUSH 0x05
35 #define SMB_COM_DELETE 0x06
36 #define SMB_COM_RENAME 0x07
37 #define SMB_COM_QUERY_INFORMATION 0x08
38 #define SMB_COM_SET_INFORMATION 0x09
39 #define SMB_COM_READ 0x0A
40 #define SMB_COM_WRITE 0x0B
41 #define SMB_COM_LOCK_BYTE_RANGE 0x0C
42 #define SMB_COM_UNLOCK_BYTE_RANGE 0x0D
43 #define SMB_COM_CREATE_TEMPORARY 0x0E
44 #define SMB_COM_CREATE_NEW 0x0F
45 #define SMB_COM_CHECK_DIRECTORY 0x10
46 #define SMB_COM_PROCESS_EXIT 0x11
47 #define SMB_COM_SEEK 0x12
48 #define SMB_COM_LOCK_AND_READ 0x13
49 #define SMB_COM_WRITE_AND_UNLOCK 0x14
50 #define SMB_COM_READ_RAW 0x1A
51 #define SMB_COM_READ_MPX 0x1B
52 #define SMB_COM_READ_MPX_SECONDARY 0x1C
53 #define SMB_COM_WRITE_RAW 0x1D
54 #define SMB_COM_WRITE_MPX 0x1E
55 #define SMB_COM_WRITE_MPX_SECONDARY 0x1F
56 #define SMB_COM_WRITE_COMPLETE 0x20
57 #define SMB_COM_QUERY_SERVER 0x21
58 #define SMB_COM_SET_INFORMATION2 0x22
59 #define SMB_COM_QUERY_INFORMATION2 0x23
60 #define SMB_COM_LOCKING_ANDX 0x24
61 #define SMB_COM_TRANSACTION 0x25
62 #define SMB_COM_TRANSACTION_SECONDARY 0x26
63 #define SMB_COM_IOCTL 0x27
64 #define SMB_COM_IOCTL_SECONDARY 0x28
65 #define SMB_COM_COPY 0x29
66 #define SMB_COM_MOVE 0x2A
67 #define SMB_COM_ECHO 0x2B
68 #define SMB_COM_WRITE_AND_CLOSE 0x2C
69 #define SMB_COM_OPEN_ANDX 0x2D
70 #define SMB_COM_READ_ANDX 0x2E
71 #define SMB_COM_WRITE_ANDX 0x2F
72 #define SMB_COM_NEW_FILE_SIZE 0x30
73 #define SMB_COM_CLOSE_AND_TREE_DISC 0x31
74 #define SMB_COM_TRANSACTION2 0x32
75 #define SMB_COM_TRANSACTION2_SECONDARY 0x33
76 #define SMB_COM_FIND_CLOSE2 0x34
77 #define SMB_COM_FIND_NOTIFY_CLOSE 0x35
78 /* Used by Xenix/Unix 0x60-0x6E */
79 #define SMB_COM_TREE_CONNECT 0x70
80 #define SMB_COM_TREE_DISCONNECT 0x71
81 #define SMB_COM_NEGOTIATE 0x72
82 #define SMB_COM_SESSION_SETUP_ANDX 0x73
83 #define SMB_COM_LOGOFF_ANDX 0x74
84 #define SMB_COM_TREE_CONNECT_ANDX 0x75
85 #define SMB_COM_QUERY_INFORMATION_DISK 0x80
86 #define SMB_COM_SEARCH 0x81
87 #define SMB_COM_FIND 0x82
88 #define SMB_COM_FIND_UNIQUE 0x83
89 #define SMB_COM_FIND_CLOSE 0x84
90 #define SMB_COM_NT_TRANSACT 0xA0
91 #define SMB_COM_NT_TRANSACT_SECONDARY 0xA1
92 #define SMB_COM_NT_CREATE_ANDX 0xA2
93 #define SMB_COM_NT_CANCEL 0xA4
94 #define SMB_COM_NT_RENAME 0xA5
95 #define SMB_COM_OPEN_PRINT_FILE 0xC0
96 #define SMB_COM_WRITE_PRINT_FILE 0xC1
97 #define SMB_COM_CLOSE_PRINT_FILE 0xC2
98 #define SMB_COM_GET_PRINT_QUEUE 0xC3
99 #define SMB_COM_READ_BULK 0xD8
100 #define SMB_COM_WRITE_BULK 0xD9
101 #define SMB_COM_WRITE_BULK_DATA 0xDA
102
103 /* Error codes */
104
105 #define SMB_SUCCESS 0x00 /* All OK */
106 #define SMB_ERRDOS 0x01 /* DOS based error */
107 #define SMB_ERRSRV 0x02 /* server error, network file manager */
108 #define SMB_ERRHRD 0x03 /* Hardware style error */
109 #define SMB_ERRCMD 0x04 /* Not an SMB format command */
110
111 /* used for SMB export object functionality */
112 typedef struct _smb_eo_t {
113 unsigned smbversion;
114 uint16_t cmd;
115 int tid,uid;
116 unsigned fid;
117 uint32_t pkt_num;
118 char *hostname;
119 char *filename;
120 int fid_type;
121 int64_t end_of_file;
122 char *content_type;
123 uint32_t payload_len;
124 const uint8_t *payload_data;
125 uint64_t smb_file_offset;
126 uint32_t smb_chunk_len;
127 } smb_eo_t;
128
129 /* the information we need to keep around for NT transaction commands */
130 typedef struct {
131 int subcmd;
132 int fid_type;
133 uint32_t ioctl_function;
134 } smb_nt_transact_info_t;
135
136 /* the information we need to keep around for transaction2 commands
137 * t2i and st2i */
138 typedef struct {
139 int subcmd;
140 int info_level;
141 bool resume_keys; /* if "return resume" keys set in T2 FIND_FIRST request */
142 const char *name;
143 } smb_transact2_info_t;
144
145 /*
146 * The information we need to save about a request in order to show the
147 * frame number of the request in the dissection of the reply.
148 */
149 #define SMB_SIF_TID_IS_IPC 0x0001
150 #define SMB_SIF_IS_CONTINUED 0x0002
151 typedef enum {
152 SMB_EI_NONE, /* Unassigned / NULL */
153 SMB_EI_FID, /* FID */
154 SMB_EI_NTI, /* smb_nt_transact_info_t * */
155 SMB_EI_TRI, /* smb_transact_info_t * */
156 SMB_EI_T2I, /* smb_transact2_info_t * */
157 SMB_EI_TIDNAME, /* tid tracking char * */
158 SMB_EI_FILEDATA, /* fid tracking */
159 SMB_EI_FILENAME, /* filename tracking */
160 SMB_EI_UID, /* smb_uid_t */
161 SMB_EI_RWINFO, /* read/write offset/count info */
162 SMB_EI_LOCKDATA, /* locking and x data */
163 SMB_EI_RENAMEDATA, /* rename data */
164 SMB_EI_DIALECTS /* negprot dialects */
165 } smb_extra_info_t;
166
167 typedef struct _smb_fid_into_t smb_fid_info_t;
168
169 /* sip */
170 typedef struct {
171 uint32_t frame_req, frame_res;
172 nstime_t req_time;
173 uint16_t flags;
174 uint8_t cmd;
175 void *extra_info;
176 smb_extra_info_t extra_info_type;
177 /* we save the fid in each transaction so that we can get fid filters
178 to match both request and response */
179 bool fid_seen_in_request;
180 uint16_t fid;
181 } smb_saved_info_t;
182
183 /*
184 * The information we need to save about a Transaction request in order
185 * to dissect the reply; this includes information for use by the
186 * Remote API and Mailslot dissectors.
187 * XXX - have an additional data structure hung off of this by the
188 * subdissectors?
189 * tri */
190 typedef struct {
191 int subcmd;
192 int trans_subcmd;
193 int function;
194 /* Unification of fid variable type (was int) */
195 uint16_t fid;
196 uint16_t lanman_cmd;
197 unsigned char *param_descrip; /* Keep these descriptors around */
198 unsigned char *data_descrip;
199 unsigned char *aux_data_descrip;
200 int info_level;
201 } smb_transact_info_t;
202
203 /*
204 * Subcommand type.
205 */
206 #define TRANSACTION_PIPE 0
207 #define TRANSACTION_MAILSLOT 1
208
209 /* these are defines used to represent different types of TIDs.
210 don't use the value 0 for any of these */
211 #define TID_NORMAL 1
212 #define TID_IPC 2
213
214 /* this is the structure which is associated with each conversation */
215 typedef struct conv_tables {
216 /* these two tables are used to match requests with responses */
217 GHashTable *unmatched;
218 GHashTable *matched;
219 /* This table keeps primary transact requests so secondaries can find
220 them */
221 GHashTable *primaries;
222
223 /* This table is used to track TID->services for a conversation */
224 GHashTable *tid_service;
225 bool raw_ntlmssp; /* Do extended security exc use raw ntlmssp */
226
227 /* track fid to fidstruct (filename/openframe/closeframe */
228 wmem_tree_t *fid_tree;
229 /* We'll use a GSL list instead */
230 GSList *GSL_fid_info;
231
232 /* track tid to fidstruct (sharename/shareframe/unshareframe */
233 wmem_tree_t *tid_tree;
234
235 /* track uid to username mappings */
236 wmem_tree_t *uid_tree;
237 } conv_tables_t;
238
239 /* si */
240 typedef struct smb_info {
241 uint8_t cmd;
242 int tid, pid, uid, mid;
243 uint32_t nt_status;
244 bool unicode; /* Are strings in this SMB Unicode? */
245 bool request; /* Is this a request? */
246 bool unidir;
247 int info_level;
248 int info_count;
249 smb_saved_info_t *sip; /* smb_saved_info_t, if any, for this */
250 conv_tables_t *ct;
251 } smb_info_t;
252
253 /*
254 * Show file data for a read or write.
255 */
256 extern int dissect_file_data(tvbuff_t *tvb, proto_tree *tree, int offset,
257 uint16_t bc, int dataoffset, uint16_t datalen);
258
259
260 #define SMB_FID_TYPE_UNKNOWN 0
261 #define SMB_FID_TYPE_FILE 1
262 #define SMB_FID_TYPE_DIR 2
263 #define SMB_FID_TYPE_PIPE 3
264
265 /* used for tracking filenames from rename request to response */
266 typedef struct _smb_rename_saved_info_t {
267 char *old_name;
268 char *new_name;
269 } smb_rename_saved_info_t;
270
271 /* used for tracking lock data between lock request/response */
272 typedef struct _smb_lock_info_t {
273 struct _smb_lock_info_t *next;
274 uint16_t pid;
275 uint64_t offset;
276 uint64_t length;
277 } smb_lock_info_t;
278
279 typedef struct _smb_locking_saved_info_t {
280 uint8_t type;
281 uint8_t oplock_level;
282 uint16_t num_lock;
283 uint16_t num_unlock;
284 smb_lock_info_t *locks;
285 smb_lock_info_t *unlocks;
286 } smb_locking_saved_info_t;
287
288 /* used for tracking fid/tid to filename/sharename openedframe closedframe */
289 typedef struct _smb_fid_saved_info_t {
290 char *filename;
291 uint32_t create_flags;
292 uint32_t access_mask;
293 uint32_t file_attributes;
294 uint32_t share_access;
295 uint32_t create_options;
296 uint32_t create_disposition;
297 } smb_fid_saved_info_t;
298
299 struct _smb_fid_into_t {
300 uint16_t tid,fid;
301 /* The end_of_file will store the last registered offset or
302 the reported end_of_file from the SMB protocol */
303 int64_t end_of_file;
304 /* These two were int */
305 unsigned opened_in;
306 unsigned closed_in;
307 int type;
308 smb_fid_saved_info_t *fsi;
309 };
310
311 /* used for tracking tid to sharename openedframe closedframe */
312 typedef struct _smb_tid_into_t {
313 int opened_in;
314 int closed_in;
315 char *filename;
316 int type;
317 } smb_tid_info_t;
318
319
320 /*
321 * Dissect an smb FID
322 */
323 extern smb_fid_info_t *dissect_smb_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
324 int offset, int len, uint16_t fid, bool is_created, bool is_closed, bool is_generated, smb_info_t* si);
325
326 /*
327 * Dissect named pipe state information.
328 */
329 extern int dissect_ipc_state(tvbuff_t *tvb, proto_tree *parent_tree,
330 int offset, bool setstate);
331
332 extern bool smb_dcerpc_reassembly;
333
334 extern const value_string create_disposition_vals[];
335
336 extern int dissect_nt_create_options(tvbuff_t *tvb, proto_tree *parent_tree, int offset);
337
338 extern int dissect_nt_share_access(tvbuff_t *tvb, proto_tree *parent_tree, int offset);
339
340 extern int dissect_smb_access_mask(tvbuff_t *tvb, proto_tree *parent_tree, int offset);
341
342 extern const value_string oa_open_vals[];
343 extern const value_string impersonation_level_vals[];
344
345 extern bool sid_display_hex;
346
347 extern int dissect_security_information_mask(tvbuff_t *tvb, proto_tree *parent_tree, int offset);
348
349 extern int dissect_qfsi_FS_VOLUME_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, uint16_t *bcp, int unicode);
350 extern int dissect_qfsi_FS_SIZE_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, uint16_t *bcp);
351 extern int dissect_qfsi_FS_DEVICE_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, uint16_t *bcp);
352 extern int dissect_qfsi_FS_ATTRIBUTE_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, uint16_t *bcp);
353 extern int dissect_nt_quota(tvbuff_t *tvb, proto_tree *tree, int offset, uint16_t *bcp);
354 extern int dissect_nt_user_quota(tvbuff_t *tvb, proto_tree *tree, int offset, uint16_t *bcp);
355 extern int dissect_nt_get_user_quota(tvbuff_t *tvb, proto_tree *tree, int offset, uint32_t *bcp);
356 extern int dissect_qfsi_FS_OBJECTID_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, uint16_t *bcp);
357 extern int dissect_qfsi_FS_FULL_SIZE_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, uint16_t *bcp);
358 extern int dissect_qfi_SMB_FILE_EA_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, uint16_t *bcp, bool *trunc);
359 extern int dissect_qfi_SMB_FILE_STREAM_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, uint16_t *bcp, bool *trunc, int unicode);
360 extern int dissect_qfi_SMB_FILE_NAME_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t *bcp, bool *trunc, bool unicode);
361 extern int dissect_qfi_SMB_FILE_STANDARD_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t *bcp, bool *trunc);
362 extern int dissect_qfi_SMB_FILE_INTERNAL_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t *bcp, bool *trunc);
363 extern int dissect_qsfi_SMB_FILE_POSITION_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t *bcp, bool *trunc);
364 extern int dissect_qsfi_SMB_FILE_MODE_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t *bcp, bool *trunc);
365 extern int dissect_qfi_SMB_FILE_ALIGNMENT_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t *bcp, bool *trunc);
366 extern int dissect_qfi_SMB_FILE_COMPRESSION_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t *bcp, bool *trunc);
367 extern int dissect_qfi_SMB_FILE_NETWORK_OPEN_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t *bcp, bool *trunc);
368 extern int dissect_qfi_SMB_FILE_ATTRIBUTE_TAG_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t *bcp, bool *trunc);
369 extern int dissect_qsfi_SMB_FILE_ALLOCATION_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t *bcp, bool *trunc);
370 extern int dissect_qsfi_SMB_FILE_ENDOFFILE_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t *bcp, bool *trunc);
371 extern int dissect_nt_notify_completion_filter(tvbuff_t *tvb, proto_tree *parent_tree, int offset);
372 extern int dissect_sfi_SMB_FILE_PIPE_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, uint16_t *bcp, bool *trunc);
373 extern int dissect_get_dfs_request_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t *bcp, bool unicode);
374 extern int dissect_get_dfs_referral_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t *bcp, bool unicode);
375
376 /* Returns an IP (v4 or v6) of the server in a SMB/SMB2 conversation */
377 extern const char *tree_ip_str(packet_info *pinfo, uint16_t cmd);
378
379 #endif
380
381 /*
382 * Editor modelines - https://www.wireshark.org/tools/modelines.html
383 *
384 * Local variables:
385 * c-basic-offset: 8
386 * tab-width: 8
387 * indent-tabs-mode: t
388 * End:
389 *
390 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
391 * :indentSize=8:tabSize=8:noTabs=false:
392 */
Metzes wireshark repo