packet-smb2: maintain a smb2_fid_info per open file
[metze/wireshark/wip.git] / epan / dissectors / packet-smb2.h
1 /* packet-smb2.h
2  * Defines for SMB2 packet dissection
3  *
4  * Wireshark - Network traffic analyzer
5  * By Gerald Combs <gerald@wireshark.org>
6  * Copyright 1998, 1999 Gerald Combs
7  *
8  * This program is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU General Public License
10  * as published by the Free Software Foundation; either version 2
11  * of the License, or (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the Free Software
20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21  */
22
23 #ifndef __PACKET_SMB2_H__
24 #define __PACKET_SMB2_H__
25
26 #include "packet-dcerpc.h"
27 #include "packet-smb.h"
28
29 /* SMB2 command codes. With MSVC and a
30  * libwireshark.dll, we need a special declaration.
31  */
32 WS_DLL_PUBLIC value_string_ext smb2_cmd_vals_ext;
33
34 /* Structure to keep track of information specific to a single
35  * SMB2 transaction. Here we store things we need to remember between
36  * a specific request and a specific response.
37  *
38  * There is no guarantee we will have this structure available for all
39  * SMB2 packets so a dissector must check this pointer for NULL
40  * before dereferencing it.
41  *
42  * private data is set to NULL when the structure is created.  It is used
43  * for communications between the Request and the Response packets.
44  */
45
46 /* extra info needed by export object smb */
47 typedef struct _smb2_eo_file_info_t {
48         guint32 attr_mask;
49         gint64  end_of_file;
50 } smb2_eo_file_info_t;
51
52 typedef struct _smb2_fid_info_t {
53         guint64 fid_persistent;
54         guint64 fid_volatile;
55         guint64 sesid;
56         guint32 tid;
57         guint32 open_frame;
58         char *name;
59 } smb2_fid_info_t;
60
61 typedef enum {
62         SMB2_EI_NONE,           /* Unassigned / NULL */
63         SMB2_EI_TREENAME,       /* tid tracking  char * */
64         SMB2_EI_FILENAME,       /* fid tracking  char * */
65         SMB2_EI_FINDPATTERN     /* find tracking  char * */
66 } smb2_extra_info_t;
67 typedef struct _smb2_saved_info_t {
68         guint8 smb2_class;
69         guint8 infolevel;
70         guint64 msg_id;
71         guint32 frame_req, frame_res;
72         nstime_t req_time;
73         smb2_fid_info_t *file;
74         e_ctx_hnd policy_hnd;           /* for eo_smb tracking */
75         smb_eo_t        *eo_info_t;     /* for storing eo_smb infos */
76         guint64         file_offset;    /* needed file_offset for eo_smb */
77         guint32         bytes_moved;    /* needed for eo_smb */
78         void *extra_info;
79         smb2_extra_info_t extra_info_type;
80 } smb2_saved_info_t;
81
82 typedef struct _smb2_tid_info_t {
83         guint32 tid;
84         guint32 connect_frame;
85         guint16 share_type;
86         char *name;
87 } smb2_tid_info_t;
88
89 typedef struct _smb2_sesid_info_t {
90         guint64 sesid;
91         guint32 auth_frame;
92         char *acct_name;
93         char *domain_name;
94         char *host_name;
95         guint16 server_port;
96         guint8 client_decryption_key[16];
97         guint8 server_decryption_key[16];
98         GHashTable *tids;
99 } smb2_sesid_info_t;
100
101 /* Structure to keep track of conversations and the hash tables.
102  * There is one such structure for each conversation.
103  */
104 typedef struct _smb2_conv_info_t {
105         /* these two tables are used to match requests with responses */
106         GHashTable *unmatched;
107         GHashTable *matched;
108         GHashTable *sesids;
109         GHashTable *fids;
110         /* table to store some infos for smb export object */
111         GHashTable *files;
112 } smb2_conv_info_t;
113
114
115 /* This structure contains information from the SMB2 header
116  * as well as pointers to the conversation and the transaction specific
117  * structures.
118  */
119 #define SMB2_FLAGS_RESPONSE     0x00000001
120 #define SMB2_FLAGS_ASYNC_CMD    0x00000002
121 #define SMB2_FLAGS_CHAINED      0x00000004
122 #define SMB2_FLAGS_SIGNATURE    0x00000008
123 #define SMB2_FLAGS_DFS_OP       0x10000000
124 #define SMB2_FLAGS_REPLAY_OPERATION     0x20000000
125
126 /* SMB2 FLAG MASKS */
127 #define SMB2_FLAGS_ATTR_ENCRYPTED       0x00004000
128 #define SMB2_FLAGS_ATTR_INDEXED         0x00002000
129 #define SMB2_FLAGS_ATTR_OFFLINE         0x00001000
130 #define SMB2_FLAGS_ATTR_COMPRESSED      0x00000800
131 #define SMB2_FLAGS_ATTR_REPARSEPOINT    0x00000400
132 #define SMB2_FLAGS_ATTR_SPARSE          0x00000200
133 #define SMB2_FLAGS_ATTR_TEMPORARY       0x00000100
134 #define SMB2_FLAGS_ATTR_NORMAL          0x00000080
135 #define SMB2_FLAGS_ATTR_DEVICE          0x00000040
136 #define SMB2_FLAGS_ATTR_ARCHIVE         0x00000020
137 #define SMB2_FLAGS_ATTR_DIRECTORY       0x00000010
138 #define SMB2_FLAGS_ATTR_VOLUMEID        0x00000008
139 #define SMB2_FLAGS_ATTR_SYSTEM          0x00000004
140 #define SMB2_FLAGS_ATTR_HIDDEN          0x00000002
141 #define SMB2_FLAGS_ATTR_READONLY        0x00000001
142
143 /* SMB2 FILE TYPES ASIGNED TO EXPORT OBJECTS */
144 #define SMB2_FID_TYPE_UNKNOWN                   0
145 #define SMB2_FID_TYPE_FILE                      1
146 #define SMB2_FID_TYPE_DIR                       2
147 #define SMB2_FID_TYPE_PIPE                      3
148 #define SMB2_FID_TYPE_OTHER                     4
149
150 /* SMB2 COMMAND CODES */
151 #define SMB2_COM_NEGOTIATE_PROTOCOL     0x00
152 #define SMB2_COM_SESSION_SETUP          0x01
153 #define SMB2_COM_SESSION_LOGOFF         0x02
154 #define SMB2_COM_TREE_CONNECT           0x03
155 #define SMB2_COM_TREE_DISCONNECT        0x04
156 #define SMB2_COM_CREATE                 0x05
157 #define SMB2_COM_CLOSE                  0x06
158 #define SMB2_COM_FLUSH                  0x07
159 #define SMB2_COM_READ                   0x08
160 #define SMB2_COM_WRITE                  0x09
161 #define SMB2_COM_LOCK                   0x0A
162 #define SMB2_COM_IOCTL                  0x0B
163 #define SMB2_COM_CANCEL                 0x0C
164 #define SMB2_COM_KEEPALIVE              0x0D
165 #define SMB2_COM_FIND                   0x0E
166 #define SMB2_COM_NOTIFY                 0x0F
167 #define SMB2_COM_GETINFO                0x10
168 #define SMB2_COM_SETINFO                0x11
169 #define SMB2_COM_BREAK                  0x12
170
171 typedef struct _smb2_info_t {
172         guint16 opcode;
173         guint32 ioctl_function;
174         guint32 status;
175         guint32 tid;
176         guint64 sesid;
177         gint64  msg_id;
178         guint32 flags;
179         smb2_eo_file_info_t     *eo_file_info; /* eo_smb extra info */
180         smb2_conv_info_t        *conv;
181         smb2_saved_info_t       *saved;
182         smb2_tid_info_t         *tree;
183         smb2_sesid_info_t       *session;
184         smb2_fid_info_t         *file;
185         proto_tree *top_tree;
186 } smb2_info_t;
187
188 /* for transform content information */
189
190 typedef struct _smb2_transform_info_t {
191         guint8  nonce[16];
192         guint32 size;
193         guint16 alg;
194         guint64 sesid;
195         smb2_conv_info_t *conv;
196         smb2_sesid_info_t *session;
197 } smb2_transform_info_t;
198
199
200 int dissect_smb2_FILE_OBJECTID_BUFFER(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset);
201 int dissect_smb2_ioctl_function(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, guint32 *ioctl_function);
202 void dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *top_tree, guint32 ioctl_function, gboolean data_in, void *private_data);
203
204 #endif