smb.h

snort2.8.4版本

/****************************************************************************
 * Copyright (C) 2008-2008 Sourcefire,Inc
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License Version 2 as
 * published by the Free Software Foundation.  You may not use, modify or
 * distribute this program under any other version of the GNU General
 * Public License.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 **************************************************************************** 
 *
 ****************************************************************************/

#ifndef _SMB_H_
#define _SMB_H_

#ifdef HAVE_CONFIG_H
#include "config.h"  /* For WORDS_BIGENDIAN */
#endif

#include "debug.h"   /* For INLINE */
#include "sf_types.h"

/********************************************************************
 * Macros
 ********************************************************************/
#define NBSS_SESSION_TYPE__MESSAGE            0x00
#define NBSS_SESSION_TYPE__REQUEST            0x81
#define NBSS_SESSION_TYPE__POS_RESPONSE       0x82
#define NBSS_SESSION_TYPE__NEG_RESPONSE       0x83
#define NBSS_SESSION_TYPE__RETARGET_RESPONSE  0x84
#define NBSS_SESSION_TYPE__KEEP_ALIVE         0x85

/* Case insensitive */
#define SMB_CORE_PROTOCOL  "PC NETWORK PROGRAM 1.0"
#define SMB_LANMAN10       "LANMAN1.0"
#define SMB_LANMAN20       "LM1.2X002"
#define SMB_LANMAN20_DOS   "DOS LM1.2X002"  /* For machines running MS-DOS */
#define SMB_LANMAN21       "LANMAN2.1"
#define SMB_LANMAN21_DOS   "DOS LANMAN2.1"  /* For machines running MS-DOS */
#define SMB_NT_LANMAN10    "NT LANMAN 1.0"
/* Not sure about these dialects, i.e which protocol they conjure.
 * They are mentioned in the LM2.0 document as being previously
 * mentioned elsewhere.
 *
 * "PCLAN1.0"
 * "MICROSOFT NETWORKS 1.03"
 * "MICROSOFT NETWORKS 3.0"
 */

#define SMB_FLG__TYPE  0x80
#define SMB_TYPE__REQUEST   0
#define SMB_TYPE__RESPONSE  1

#define SMB_FLG2__UNICODE      0x8000
#define SMB_FLG2__NT_CODES     0x4000

#define SMB_NT_STATUS_SEVERITY__SUCCESS        0
#define SMB_NT_STATUS_SEVERITY__INFORMATIONAL  1
#define SMB_NT_STATUS_SEVERITY__WARNING        2
#define SMB_NT_STATUS_SEVERITY__ERROR          3

#define SMB_NT_STATUS__SUCCESS  0x00000000

#define SMB_ERROR_CLASS__SUCCESS  0x00
#define SMB_ERROR_CLASS__ERRDOS   0x01
#define SMB_ERROR_CLASS__ERRSRV   0x02
#define SMB_ERROR_CLASS__ERRHRD   0x03
#define SMB_ERROR_CLASS__ERRXOS   0x04
#define SMB_ERROR_CLASS__ERRMX1   0xe1
#define SMB_ERROR_CLASS__ERRMX2   0xe2
#define SMB_ERROR_CLASS__ERRMX3   0xe3
#define SMB_ERROR_CLASS__ERRCMD   0xff

#define SMB_ERRDOS__MORE_DATA  234

/* SMB formats (smb_fmt) Dialect, Pathname and ASCII are all
 * NULL terminated ASCII strings unless Unicode is specified
 * in the NT LM 1.0 SMB header in which case they are NULL
 * terminated unicode strings
 */ 
#define SMB_FMT__DATA_BLOCK  1
#define SMB_FMT__ASCII       4

/* smb_com (command) codes */
#define SMB_COM_OPEN              0x02   /* open file */
#define SMB_COM_CLOSE             0x04   /* close file */
#define SMB_COM_RENAME            0x07   /* rename file */
#define SMB_COM_READ              0x0a   /* read from file*/
#define SMB_COM_WRITE             0x0b   /* write to file */
#define SMB_COM_READ_BLOCK_RAW    0x1a   /* read block raw */
#define SMB_COM_WRITE_BLOCK_RAW   0x1d   /* write block raw */
#define SMB_COM_WRITE_COMPLETE    0x20   /* write complete response */
#define SMB_COM_TRANS             0x25   /* transaction - name, bytes in/out */
#define SMB_COM_TRANS_SEC         0x26   /* transaction (secondary request/response) */
#define SMB_COM_WRITE_AND_CLOSE   0x2c   /* Write and Close */
#define SMB_COM_OPEN_ANDX         0x2d   /* open and X */
#define SMB_COM_READ_ANDX         0x2e   /* read and X */
#define SMB_COM_WRITE_ANDX        0x2f   /* write and X */
#define SMB_COM_NT_CREATE_ANDX    0xa2   /* nt create and X */
#define SMB_COM_TREE_CON          0x70   /* tree connect */
#define SMB_COM_TREE_DIS          0x71   /* tree disconnect */
#define SMB_COM_NEGPROT           0x72   /* negotiate protocol */
#define SMB_COM_SESS_SETUP_ANDX   0x73   /* Session Set Up & X (including User Logon) */
#define SMB_COM_LOGOFF_ANDX       0x74   /* User logoff and X */
#define SMB_COM_TREE_CON_ANDX     0x75   /* tree connect and X */
#define SMB_COM_NO_ANDX_COMMAND   0xff   /* no next and X command */

/* Size of word count field + Word count * 2 bytes + Size of byte count field */
#define SMB_COM_SIZE(wct)  (sizeof(uint8_t) + ((wct) * sizeof(uint16_t)) + sizeof(uint16_t))

#define SMB_TRANS_FUNC__SET_NM_P_HAND_STATE  0x01
#define SMB_TRANS_FUNC__RAW_READ_NM_PIPE     0x11
#define SMB_TRANS_FUNC__Q_NM_P_HAND_STATE    0x21
#define SMB_TRANS_FUNC__Q_NM_PIPE_INFO       0x22
#define SMB_TRANS_FUNC__PEEK_NM_PIPE         0x23
#define SMB_TRANS_FUNC__TRANSACT_NM_PIPE     0x26
#define SMB_TRANS_FUNC__RAW_WRITE_NM_PIPE    0x31
#define SMB_TRANS_FUNC__WAIT_NM_PIPE         0x53
#define SMB_TRANS_FUNC__CALL_NM_PIPE         0x54

/********************************************************************
 * Structures
 ********************************************************************/
/* Pack the structs since we'll be laying them on top of packet data */
#ifdef WIN32
#pragma pack(push,smb_hdrs,1)
#else
#pragma pack(1)
#endif

/* Treat flags as the upper byte to length */
typedef struct _NbssHdr
{
    uint8_t  type;
    uint8_t  flags;
    uint16_t length;

} NbssHdr;

typedef struct _SmbCoreHdr
{
    uint8_t  smb_idf[4];  /* contains 0xFF, 'SMB' */
    uint8_t  smb_com;     /* command code */
    uint8_t  smb_rcls;    /* error code class */
    uint8_t  smb_reh;     /* reserved (contains AH if DOS INT-24 ERR) */
    uint16_t smb_err;     /* error code */
    uint8_t  smb_reb;     /* reserved */
    uint16_t smb_res[7];  /* reserved */
    uint16_t smb_tid;     /* tree id # */
    uint16_t smb_pid;     /* caller's process id # */
    uint16_t smb_uid;     /* user id # */
    uint16_t smb_mid;     /* multiplex id # */
#if 0
    uint8_t  smb_wct;     /* count of parameter words */
    uint16_t smb_vwv[];   /* variable # words of params */
    uint16_t smb_bcc;     /* # bytes of data following */
    uint8_t  smb_data[];  /* data bytes */
#endif
} SmbCoreHdr;

typedef struct _SmbLm10Hdr
{
    uint8_t  smb_idf[4];    /* contains 0xFF, 'SMB' */
    uint8_t  smb_com;       /* command code */
    uint8_t  smb_rcls;      /* error class */
    uint8_t  smb_reh;       /* reserved for future */
    uint16_t smb_err;       /* error code */
    uint8_t  smb_flg;       /* flags */
    uint16_t smb_res[7];    /* reserved for future */
    uint16_t smb_tid;       /* authenticated resource identifier */
    uint16_t smb_pid;       /* caller's process id */
    uint16_t smb_uid;       /* unauthenticated user id */
    uint16_t smb_mid;       /* multiplex id */
#if 0
    uint8_t  smb_wct;       /* count of 16-bit words that follow */
    uint16_t smb_vwv[];     /* variable number of 16-bit words */
    uint16_t smb_bcc;       /* count of bytes that follow */
    uint8_t  smb_buf[];     /* variable number of bytes */
#endif
} SmbLm10Hdr;

typedef struct _SmbLm20Hdr
{
    uint8_t  smb_idf[4];    /* contains 0xFF,’SMB’ */
    uint8_t  smb_com;       /* command code */
    uint8_t  smb_rcls;      /* error class */
    uint8_t  smb_reh;       /* reserved for future */
    uint16_t smb_err;       /* error code */
    uint8_t  smb_flg;       /* flags */
    uint16_t smb_flg2;      /* flags */
    uint16_t smb_res[6];    /* reserved for future */
    uint16_t smb_tid;       /* authenticated resource identifier */
    uint16_t smb_pid;       /* caller’s process id */
    uint16_t smb_uid;       /* authenticated user id */
    uint16_t smb_mid;       /* multiplex id */
#if 0
    uint8_t  smb_wct;       /* count of 16-bit words that follow */
    uint16_t smb_vwv[];     /* variable number of 16-bit words */
    uint16_t smb_bcc;       /* count of bytes that follow */
    uint8_t  smb_buf[];     /* variable number of bytes */
#endif
} SmbLm20Hdr;

typedef struct _SmbNtHdr
{
    uint8_t  smb_idf[4];            /* contains 0xFF, 'SMB' */
    uint8_t  smb_com;               /* command code */
    union {
        struct {
            uint8_t  smb_rcls;      /* dos error class */
            uint8_t  smb_reh;       /* reserved for future */
            uint16_t smb_err;       /* dos error code */
        } smb_doserr;
        uint32_t smb_nt_status;     /* nt status */
    } smb_status;
    uint8_t  smb_flg;               /* flags */
    uint16_t smb_flg2;              /* flags */
    uint16_t smb_res[6];            /* reserved for future */
    uint16_t smb_tid;               /* tree id */
    uint16_t smb_pid;               /* caller's process id */
    uint16_t smb_uid;               /* authenticated user id */
    uint16_t smb_mid;               /* multiplex id */
#if 0
    uint8_t  smb_wct;       /* count of 16-bit words that follow */
    uint16_t smb_vwv[];     /* variable number of 16-bit words */
    uint16_t smb_bcc;       /* count of bytes that follow */
    uint8_t  smb_buf[];     /* variable number of bytes */
#endif
} SmbNtHdr;

/* Common fields to all commands */
typedef struct _SmbCommon
{
    uint8_t smb_wct;

} SmbCommon;

/* Common fields to all AndX commands */
typedef struct _SmbAndXCommon
{
    uint8_t  smb_wct;
    uint8_t  smb_com2;     /* secondary (X) command, 0xFF = none */
    uint8_t  smb_reh2;     /* reserved (must be zero) */
    uint16_t smb_off2;     /* offset (from SMB hdr start) to next cmd (@smb_wct) */

} SmbAndXCommon;

/* For server empty respones indicating client error */
typedef struct _SmbEmptyCom
{
    uint8_t  smb_wct;    /* value = 0 */
    uint16_t smb_bcc;    /* value = 0 */

} SmbEmptyCom;

/********************************************************************
 * Negotiate Protocol :: smb_com = SMB_COM_NEGPROT
 *
 ********************************************************************/
typedef struct _SmbCore_NegotiateProtocolReq   /* smb_wct = 0 */
{
    uint8_t  smb_wct;     /* count of 16-bit words that follow */
    uint16_t smb_bcc;     /* min = 2 */

#if 0
    uint8_t  smb_fmt;     /* Dialect -- 02 */
    uint8_t  smb_buf[];   /* dialect0 */
            .
            .
            .
    uint8_t  smb_fmt;     /* Dialect -- 02 */
    uint8_t  smb_bufn[];  /* dialectn*/
#endif
} SmbCore_NegotiateProtocolReq;

/* This is the Core Protocol response */