2 * Defines for SMB packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998, 1999 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 #ifndef __PACKET_SMB_H__
27 #define __PACKET_SMB_H__
30 WS_VAR_IMPORT gboolean sid_name_snooping;
32 /* SMB command codes, from the SNIA CIFS spec. With MSVC and a
33 * libwireshark.dll, we need a special declaration.
35 WS_VAR_IMPORT const value_string smb_cmd_vals[];
36 WS_VAR_IMPORT const value_string trans2_cmd_vals[];
37 WS_VAR_IMPORT const value_string nt_cmd_vals[];
40 #define SMB_COM_CREATE_DIRECTORY 0x00
41 #define SMB_COM_DELETE_DIRECTORY 0x01
42 #define SMB_COM_OPEN 0x02
43 #define SMB_COM_CREATE 0x03
44 #define SMB_COM_CLOSE 0x04
45 #define SMB_COM_FLUSH 0x05
46 #define SMB_COM_DELETE 0x06
47 #define SMB_COM_RENAME 0x07
48 #define SMB_COM_QUERY_INFORMATION 0x08
49 #define SMB_COM_SET_INFORMATION 0x09
50 #define SMB_COM_READ 0x0A
51 #define SMB_COM_WRITE 0x0B
52 #define SMB_COM_LOCK_BYTE_RANGE 0x0C
53 #define SMB_COM_UNLOCK_BYTE_RANGE 0x0D
54 #define SMB_COM_CREATE_TEMPORARY 0x0E
55 #define SMB_COM_CREATE_NEW 0x0F
56 #define SMB_COM_CHECK_DIRECTORY 0x10
57 #define SMB_COM_PROCESS_EXIT 0x11
58 #define SMB_COM_SEEK 0x12
59 #define SMB_COM_LOCK_AND_READ 0x13
60 #define SMB_COM_WRITE_AND_UNLOCK 0x14
61 #define SMB_COM_READ_RAW 0x1A
62 #define SMB_COM_READ_MPX 0x1B
63 #define SMB_COM_READ_MPX_SECONDARY 0x1C
64 #define SMB_COM_WRITE_RAW 0x1D
65 #define SMB_COM_WRITE_MPX 0x1E
66 #define SMB_COM_WRITE_MPX_SECONDARY 0x1F
67 #define SMB_COM_WRITE_COMPLETE 0x20
68 #define SMB_COM_QUERY_SERVER 0x21
69 #define SMB_COM_SET_INFORMATION2 0x22
70 #define SMB_COM_QUERY_INFORMATION2 0x23
71 #define SMB_COM_LOCKING_ANDX 0x24
72 #define SMB_COM_TRANSACTION 0x25
73 #define SMB_COM_TRANSACTION_SECONDARY 0x26
74 #define SMB_COM_IOCTL 0x27
75 #define SMB_COM_IOCTL_SECONDARY 0x28
76 #define SMB_COM_COPY 0x29
77 #define SMB_COM_MOVE 0x2A
78 #define SMB_COM_ECHO 0x2B
79 #define SMB_COM_WRITE_AND_CLOSE 0x2C
80 #define SMB_COM_OPEN_ANDX 0x2D
81 #define SMB_COM_READ_ANDX 0x2E
82 #define SMB_COM_WRITE_ANDX 0x2F
83 #define SMB_COM_NEW_FILE_SIZE 0x30
84 #define SMB_COM_CLOSE_AND_TREE_DISC 0x31
85 #define SMB_COM_TRANSACTION2 0x32
86 #define SMB_COM_TRANSACTION2_SECONDARY 0x33
87 #define SMB_COM_FIND_CLOSE2 0x34
88 #define SMB_COM_FIND_NOTIFY_CLOSE 0x35
89 /* Used by Xenix/Unix 0x60-0x6E */
90 #define SMB_COM_TREE_CONNECT 0x70
91 #define SMB_COM_TREE_DISCONNECT 0x71
92 #define SMB_COM_NEGOTIATE 0x72
93 #define SMB_COM_SESSION_SETUP_ANDX 0x73
94 #define SMB_COM_LOGOFF_ANDX 0x74
95 #define SMB_COM_TREE_CONNECT_ANDX 0x75
96 #define SMB_COM_QUERY_INFORMATION_DISK 0x80
97 #define SMB_COM_SEARCH 0x81
98 #define SMB_COM_FIND 0x82
99 #define SMB_COM_FIND_UNIQUE 0x83
100 #define SMB_COM_FIND_CLOSE 0x84
101 #define SMB_COM_NT_TRANSACT 0xA0
102 #define SMB_COM_NT_TRANSACT_SECONDARY 0xA1
103 #define SMB_COM_NT_CREATE_ANDX 0xA2
104 #define SMB_COM_NT_CANCEL 0xA4
105 #define SMB_COM_NT_RENAME 0xA5
106 #define SMB_COM_OPEN_PRINT_FILE 0xC0
107 #define SMB_COM_WRITE_PRINT_FILE 0xC1
108 #define SMB_COM_CLOSE_PRINT_FILE 0xC2
109 #define SMB_COM_GET_PRINT_QUEUE 0xC3
110 #define SMB_COM_READ_BULK 0xD8
111 #define SMB_COM_WRITE_BULK 0xD9
112 #define SMB_COM_WRITE_BULK_DATA 0xDA
116 #define SMB_SUCCESS 0x00 /* All OK */
117 #define SMB_ERRDOS 0x01 /* DOS based error */
118 #define SMB_ERRSRV 0x02 /* server error, network file manager */
119 #define SMB_ERRHRD 0x03 /* Hardware style error */
120 #define SMB_ERRCMD 0x04 /* Not an SMB format command */
122 /* Error codes for the ERRSRV class */
124 #define SMBE_error 1 /* Non specific error code */
125 #define SMBE_badpw 2 /* Bad password */
126 #define SMBE_badtype 3 /* reserved */
127 #define SMBE_access 4 /* No permissions to do the requested operation */
128 #define SMBE_invnid 5 /* tid invalid */
129 #define SMBE_invnetname 6 /* Invalid servername */
130 #define SMBE_invdevice 7 /* Invalid device */
131 #define SMBE_qfull 49 /* Print queue full */
132 #define SMBE_qtoobig 50 /* Queued item too big */
133 #define SMBE_qeof 51 /* EOF in print queue dump */
134 #define SMBE_invpfid 52 /* Invalid print file in smb_fid */
135 #define SMBE_smbcmd 64 /* Unrecognised command */
136 #define SMBE_srverror 65 /* smb server internal error */
137 #define SMBE_filespecs 67 /* fid and pathname invalid combination */
138 #define SMBE_badlink 68
139 #define SMBE_badpermits 69 /* Access specified for a file is not valid */
140 #define SMBE_badpid 70
141 #define SMBE_setattrmode 71 /* attribute mode invalid */
142 #define SMBE_paused 81 /* Message server paused */
143 #define SMBE_msgoff 82 /* Not receiving messages */
144 #define SMBE_noroom 83 /* No room for message */
145 #define SMBE_rmuns 87 /* too many remote usernames */
146 #define SMBE_timeout 88 /* operation timed out */
147 #define SMBE_noresource 89 /* No resources currently available for request. */
148 #define SMBE_toomanyuids 90 /* too many userids */
149 #define SMBE_baduid 91 /* bad userid */
150 #define SMBE_useMPX 250 /* temporarily unable to use raw mode, use MPX mode */
151 #define SMBE_useSTD 251 /* temporarily unable to use raw mode, use standard mode */
152 #define SMBE_contMPX 252 /* resume MPX mode */
153 #define SMBE_badPW 253 /* Check this out ... */
154 #define SMBE_nosupport 0xFFFF
155 #define SMBE_unknownsmb 22 /* from NT 3.5 response */
157 /* Error codes for the ERRHRD class */
159 #define SMBE_nowrite 19 /* read only media */
160 #define SMBE_badunit 20 /* Unknown device */
161 #define SMBE_notready 21 /* Drive not ready */
162 #define SMBE_badcmd 22 /* Unknown command */
163 #define SMBE_data 23 /* Data (CRC) error */
164 #define SMBE_badreq 24 /* Bad request structure length */
165 #define SMBE_seek 25 /* Seek error */
166 #define SMBE_badmedia 26 /* Unknown media type */
167 #define SMBE_badsector 27 /* Sector not found */
168 #define SMBE_nopaper 28 /* Printer out of paper */
169 #define SMBE_write 29 /* Write fault */
170 #define SMBE_read 30 /* Read fault */
171 #define SMBE_general 31 /* General failure */
172 #define SMBE_badshare 32 /* An open conflicts with an existing open */
173 #define SMBE_lock 33 /* Lock conflict or invalid mode, or unlock of
174 lock held by another process */
175 #define SMBE_wrongdisk 34 /* The wrong disk was found in a drive */
176 #define SMBE_FCBunavail 35 /* No FCBs are available to process request */
177 #define SMBE_sharebufexc 36 /* A sharing buffer has been exceeded */
178 #define SMBE_diskfull 39
180 /* the information we need to keep around for NT transatcion commands */
184 guint32 ioctl_function;
185 } smb_nt_transact_info_t;
187 /* the information we need to keep around for transaction2 commands */
191 gboolean resume_keys; /* if "return resume" keys set in T2 FIND_FIRST request */
193 } smb_transact2_info_t;
196 * The information we need to save about a request in order to show the
197 * frame number of the request in the dissection of the reply.
199 #define SMB_SIF_TID_IS_IPC 0x0001
200 #define SMB_SIF_IS_CONTINUED 0x0002
202 SMB_EI_NONE, /* Unassigned / NULL */
203 SMB_EI_FID, /* FID */
204 SMB_EI_NTI, /* smb_nt_transact_info_t * */
205 SMB_EI_TRI, /* smb_transact_info_t * */
206 SMB_EI_T2I, /* smb_transact2_info_t * */
207 SMB_EI_TIDNAME, /* tid tracking char * */
208 SMB_EI_FILEDATA, /* fid tracking */
209 SMB_EI_FILENAME, /* filename tracking */
210 SMB_EI_UID, /* smb_uid_t */
211 SMB_EI_RWINFO, /* read/write offset/count info */
212 SMB_EI_LOCKDATA, /* locking and x data */
213 SMB_EI_RENAMEDATA, /* rename data */
214 SMB_EI_DIALECTS /* negprot dialects */
216 typedef struct _smb_fid_into_t smb_fid_info_t;
218 guint32 frame_req, frame_res;
223 smb_extra_info_t extra_info_type;
224 /* we save the fid in each transaction so that we can get fid filters
225 to match both request and response */
226 gboolean fid_seen_in_request;
231 * The information we need to save about a Transaction request in order
232 * to dissect the reply; this includes information for use by the
233 * Remote API and Mailslot dissectors.
234 * XXX - have an additional data structure hung off of this by the
243 guchar *param_descrip; /* Keep these descriptors around */
244 guchar *data_descrip;
245 guchar *aux_data_descrip;
247 } smb_transact_info_t;
252 #define TRANSACTION_PIPE 0
253 #define TRANSACTION_MAILSLOT 1
255 /* these are defines used to represent different types of TIDs.
256 dont use the value 0 for any of these */
260 /* this is the structure which is associated with each conversation */
261 typedef struct conv_tables {
262 /* these two tables are used to match requests with responses */
263 GHashTable *unmatched;
266 /* This table is used to track TID->services for a conversation */
267 GHashTable *tid_service;
268 gboolean raw_ntlmssp; /* Do extended security exc use raw ntlmssp */
270 /* track fid to fidstruct (filename/openframe/closeframe */
271 emem_tree_t *fid_tree;
273 /* track tid to fidstruct (sharename/shareframe/unshareframe */
274 emem_tree_t *tid_tree;
276 /* track uid to username mappings */
277 emem_tree_t *uid_tree;
280 typedef struct smb_info {
282 int tid, pid, uid, mid;
284 gboolean unicode; /* Are strings in this SMB Unicode? */
285 gboolean request; /* Is this a request? */
289 smb_saved_info_t *sip; /* smb_saved_info_t, if any, for this */
294 * Show file data for a read or write.
296 extern int dissect_file_data(tvbuff_t *tvb, proto_tree *tree, int offset,
297 guint16 bc, guint16 datalen);
300 #define SMB_FID_TYPE_UNKNOWN 0
301 #define SMB_FID_TYPE_FILE 1
302 #define SMB_FID_TYPE_DIR 2
303 #define SMB_FID_TYPE_PIPE 3
305 /* used for tracking filenames from rename request to response */
306 typedef struct _smb_rename_saved_info_t {
309 } smb_rename_saved_info_t;
311 /* used for tracking lock data between lock request/response */
312 typedef struct _smb_lock_info_t {
313 struct _smb_lock_info_t *next;
318 typedef struct _smb_locking_saved_info_t {
323 smb_lock_info_t *locks;
324 smb_lock_info_t *unlocks;
325 } smb_locking_saved_info_t;
326 /* used for tracking fid/tid to filename/sharename openedframe closedframe */
327 typedef struct _smb_fid_saved_info_t {
329 guint32 create_flags;
331 guint32 file_attributes;
332 guint32 share_access;
333 guint32 create_options;
334 guint32 create_disposition;
335 } smb_fid_saved_info_t;
336 struct _smb_fid_into_t {
340 smb_fid_saved_info_t *fsi;
343 /* used for tracking tid to sharename openedframe closedframe */
344 typedef struct _smb_tid_into_t {
355 extern smb_fid_info_t *dissect_smb_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
356 int offset, int len, guint16 fid, gboolean is_created, gboolean is_closed, gboolean is_generated);
359 * Dissect named pipe state information.
361 extern int dissect_ipc_state(tvbuff_t *tvb, proto_tree *parent_tree,
362 int offset, gboolean setstate);
364 extern gboolean smb_dcerpc_reassembly;
366 extern int dissect_file_attributes(tvbuff_t *tvb, proto_tree *parent_tree, int offset, int bytes);
368 extern const value_string create_disposition_vals[];
370 extern int dissect_nt_create_options(tvbuff_t *tvb, proto_tree *parent_tree, int offset);
372 extern int dissect_nt_share_access(tvbuff_t *tvb, proto_tree *parent_tree, int offset);
374 extern int dissect_smb_access_mask(tvbuff_t *tvb, proto_tree *parent_tree, int offset);
376 extern const value_string oa_open_vals[];
377 extern const value_string impersonation_level_vals[];
379 extern int dissect_security_information_mask(tvbuff_t *tvb, proto_tree *parent_tree, int offset);
381 extern int dissect_qfsi_FS_VOLUME_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, guint16 *bcp, int unicode);
382 extern int dissect_qfsi_FS_SIZE_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, guint16 *bcp);
383 extern int dissect_qfsi_FS_DEVICE_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, guint16 *bcp);
384 extern int dissect_qfsi_FS_ATTRIBUTE_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, guint16 *bcp, int unicode);
385 extern int dissect_nt_quota(tvbuff_t *tvb, proto_tree *tree, int offset, guint16 *bcp);
386 extern int dissect_qfsi_FS_OBJECTID_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, guint16 *bcp);
387 extern int dissect_qfsi_FS_FULL_SIZE_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, guint16 *bcp);
388 extern int dissect_qfi_SMB_FILE_EA_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
389 extern int dissect_qfi_SMB_FILE_STREAM_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, guint16 *bcp, gboolean *trunc, int unicode);
390 extern int dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
391 extern int dissect_qfi_SMB_FILE_STANDARD_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
392 extern int dissect_qfi_SMB_FILE_INTERNAL_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
393 extern int dissect_qfi_SMB_FILE_POSITION_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
394 extern int dissect_qfi_SMB_FILE_MODE_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
395 extern int dissect_qfi_SMB_FILE_ALIGNMENT_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
396 extern int dissect_qfi_SMB_FILE_COMPRESSION_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
397 extern int dissect_qfi_SMB_FILE_NETWORK_OPEN_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
398 extern int dissect_qfi_SMB_FILE_ATTRIBUTE_TAG_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
399 extern int dissect_qfi_SMB_FILE_ALLOCATION_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
400 extern int dissect_qfi_SMB_FILE_ENDOFFILE_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
401 extern int dissect_nt_notify_completion_filter(tvbuff_t *tvb, proto_tree *parent_tree, int offset);
402 extern int dissect_sfi_SMB_FILE_PIPE_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);