Microsoft Word 6.0 Document MSWordDoc Word.Document.6 C:\WINWORD6\TEMPLATE\NORMAL.DOT NT SMB specification NT SMB protocol Dan Perry Dan Perry Portable Systems Group NT LAN Manager SMB File Sharing Protocol Extensions August 24, 1992 Microsoft Corporation This document is currently formatted for an HP LaserJetIII. Be sure to re-insert the Table of Contents after setting up for another printer, as the page breaks move. .Begin Table C. 1. Overview 1 1.1 Related Documents 1 2. Requirements 2 3. Differences from Existing Protocols 2 3.1 Negotiation of Additional Capabilities 2 3.1.1 NT Status Codes 2 3.1.2 Unicode Strings 3 3.1.3 Large File Support 3 3.1.4 Multiple-Reader Opportunistic Locks 3 3.2 NT Transact SMB 3 3.3 Extended Create and Open Semantics 3 3.4 Handle-Based Delete and Rename 4 3.5 Extended I/O Control Functions 4 3.6 Directory Change Notification 4 3.7 Extended File Information 4 3.8 Command Cancellation 4 3.9 Querying and Setting Security Descriptors on Files 4 4. Protocol Messages 4 4.1 Type Definitions 4 4.2 Symbolic Constants 7 4.3 Header Format 12 4.4 Modified SMBs 14 4.4.1 Negotiate 14 4.4.2 Session Setup And X 17 4.4.3 Find First2 20 4.4.4 Query File Information 22 4.4.5 Set File Information 25 4.4.6 Query Path Information 26 4.4.7 Set Path Information 27 4.4.8 Query File System Information 28 4.4.9 Read And X 29 4.4.10 Write And X 30 4.4.11 Read Block Raw 31 4.4.12 Write Block Raw 32 4.4.13 Locking And X 33 4.5 New SMBs 36 4.5.1 NT Transact 36 4.5.2 NT Create And X 41 4.5.3 NT Create With Security Descriptor Or EAs 49 4.5.4 NT I/O Control 55 4.5.5 NT Notify Directory Change 56 4.5.6 NT Cancel 59 4.5.7 NT Query Security Descriptor 60 4.5.8 NT Set Security Descriptor 62 4.5.9 NT Rename 63 5. Outstanding Issues 64 5.1 Network Code Page 64 5.2 FileLinkInformation 64 5.3 Flags2 vs. NT Create CreateOptions 64 5.4 Querying EAs 64 6. Revision History 65 .End Table C. 1. Overview This document describes NT LAN Manager extensions to the SMB File Sharing Protocol, the protocol that LAN Manager clients (redirectors) and servers use to communicate. (SMB stands for Server Message Block. The full term is very rarely used.) The extensions allow NT I/O system semantics to be expressed between NT systems. This document is not intended to provide a full description of the various levels of SMB protocol that have been defined, although a single document that did so would certainly be useful. It assumes a working knowledge of the existing SMB protocol, and describes where the NT SMB protocol differs from that protocol. 1.1 Related Documents The following documents describe the original SMB protocol and subsequent extensions to the protocol: o Microsoft Networks/OpenNET File Sharing Protocol, Document Version 1.9, April 21, 1987; Microsoft Corporation, Intel Corporation the MS-NET or "core" protocol. o OpenNET/Microsoft Networks File Sharing Protocol Extensions, Document Version 1.9, September 5, 1986; Intel Corporation, Microsoft Corporation the core protocol, adapted for Unix. o Microsoft Networks SMB File Sharing Protocol Extensions Version 2.0, Document Version 3.3, November 7, 1988; Microsoft Corporation extensions for LAN Manager 1.0. o Microsoft Networks SMB File Sharing Protocol Extensions Version 3.0, Document Version 1.11, June 19, 1990; Microsoft Corporation extensions for LAN Manager 2.0. o Microsoft Networks SMB File Sharing Protocol Extensions, Document Version 3.4; Microsoft Corporation extensions for LAN Manager 2.1. The following documents describe relevant portions of the NT operating system: o NT I/O System Specification. o NT Named Pipe Specification. o NT Mailslot Specification. o NT Status Code Specification o NT Opportunistic Locking Design Note o Distributed System Architecture, Object Security Architecture o Distributed System Architecture, Security IDentifier Architecture Specification o Distributed System Architecture, Access Control List Architecture Specification o Distributed System Architecture, Subject Security Context Specification 2. Requirements The NT SMB protocol extensions must meet the following requirements: o The protocol must allow expression of NT I/O system semantics between NT systems. Note the absence of the word "full" in the previous sentence: the protocol implements only a subset of the full NT I/O system semantics. o The protocol must address internationalization (NLS) concerns. (Basically, this means that the protocol will pass Unicode strings.) o The protocol must support 64-bit file offsets. o The changes to the existing protocol must be minimized, in order to reduce the implementation time. o Subsets of the protocol must be available and usable from DOS clients. For example, a DOS client must be able to use Unicode without implementing an entirely new protocol. The following is not a requirement on the NT SMB protocol: o The protocol need not address NT security issues. NT security will be addressed in a subsequent extension to the protocol. 3. Differences from Existing Protocols This section describes, at a high level, the differences between the NT SMB protocol and previous versions of the SMB protocol. 3.1 Negotiation of Additional Capabilities When a virtual circuit is established between a client and a server, a negotiation of protocol level and capabilities takes place. When the NT SMB protocol is negotiated, additional, optional capabilities can be negotiated. These capabilities are described in the following subsections. 3.1.1 NT Status Codes When passing of NT status codes is negotiated, the one-byte error class field and the two-byte error code field in the standard SMB header are replaced by a four-byte status field. The extra space for this status field was obtained by using reserved space in the header. NT status values are returned in this field. These status values have an architected format that incorporates the information included in the separate error class and error code fields. The NT Status Code Specification describes this format. When passing of NT status codes is negotiated, the SMB_FLAGS2_NT_STATUS flag should be set in the Flags2 field of every SMB. 3.1.2 Unicode Strings When Unicode is negotiated, most strings are passed in Unicode format. This includes file names, resource names, and user names. This applies to null-terminated strings, length specified strings and the type-prefixed strings found in old SMBs. In all cases where a string is passed in Unicode format, the Unicode string must be word-aligned with respect to the beginning of the SMB. Should the string not naturally fall on a two-byte boundary, a null byte of padding will be inserted, and the Unicode string will begin at the next address. For type-prefixed Unicode strings, the padding byte is found after the type byte. The type byte is 0x04 (indicating SMB_FORMAT_ASCII) independent of whether the string is Ascii or Unicode. For strings whose start addresses are found using offsets within the fixed part of the SMB (as opposed to simply being found at the byte following the preceding field,) it is guaranteed that the offset will be properly alighned. Strings that are never passed in Unicode are: o The protocol strings in the Negotiate SMB request. o The service name string in the Tree Connect And X SMB. When Unicode is negotiated, the SMB_FLAGS2_UNICODE flag should be set in the Flags2 field of every SMB. 3.1.3 Large File Support When large file support is negotiated, certain existing SMBs are modified to allow 64-bit file offsets to be passed. The SMBs affected are Read And X, Write And X, Read Block Raw, Write Block Raw, Locking And X, the create/open SMBs, and the query/set directory/file SMBs. 3.1.4 Multiple-Reader Opportunistic Locks When multiple-reader opportunistic locks (referred to as level II oplocks) are negotiated, multiple readers of the same file can buffer read data; it is only when a write to the file is attempted that the oplock is fully broken. The NT Opportunistic Locking Design Note describes this feature in detail. 3.2 NT Transact SMB The NT Transact SMB is identical to the existing Transact SMB, except that it allows data blocks of greater than 64KB to be transferred. This SMB is used to transfer the NT Create with SD or EAs, NT Set and NT Query Security Descriptor, NT I/O Control and NT Rename commands. 3.3 Extended Create and Open Semantics The NT SMB protocol supports extended semantics on Create and Open by implementing two new commands: the NT Create And X command and the NT Transact function NT Create With SD Or EAs. These SMBs allow, for example, specification of more types of desired access and share access; opening of directories; and specification of additional options. 3.4 Handle-Based Delete and Rename The NT SMB protocol allows open files to be deleted or renamed, as is done in the NT I/O system. This is accomplished by adding information levels/classes to the Set File Information SMB. 3.5 Extended I/O Control Functions The protocol allows NT device and file system control functions to be passed transparently between NT clients and NT servers. These functions are transferred using the new NT Transact SMB. 3.6 Directory Change Notification The NT Directory Change Notification SMB allows remoting of the NtNotifyDirectoryChangeFile service. 3.7 Extended File Information The protocol supports extended file information classes in directory and file queries. This allows more accurate and complete information to be returned from an NT server to an NT client. 3.8 Command Cancellation The NT SMB protocol allows active commands to be canceled. This is necessary in order to support the NtCancelIoFile service. An example of where this capability might be used is to cancel a pending lock request. 3.9 Querying and Setting Security Descriptors on Files The NT SMB protocol supports querying and changing the security descriptor on a file. This is accomplished using the NT Transact functions NT Query Security Descriptor and NT Set Security Descriptor respectively. 4. Protocol Messages This section describes the messages sent between the client and the server, when the NT SMB protocol is negotiated. 4.1 Type Definitions The structure definitions presented in this specification are in the C language format. Where necessary for clarity and ease of presentation, the C syntax rules have been loosened. The following basic type definitions are used in this specification: typedef signed char CHAR; typedef unsigned char UCHAR; typedef signed short SHORT; typedef unsigned short USHORT; typedef signed long LONG; typedef unsigned long ULONG; typedef UCHAR ASCII; typedef UCHAR ASCIIZ; ASCII indicates a string of eight-bit characters whose length is specified externally. ASCIIZ indicates a string of eight-bit characters in which the end of the string is indicated by a byte equal to zero. typedef SHORT WCHAR; typedef WCHAR UNICODE; typedef WCHAR UNICODEZ; WCHAR denotes a single 16-bit character in Unicode format. UNICODE is a string of Unicode characters whose length (in bytes, not characters) is specified externally. UNICODEZ is a string of Unicode character in which the end of the string is indicated by a 16-bit character equal to zero. typedef UCHAR ASCII_OR_UNICODE; ASCII_OR_UNICODE denotes a string of ASCII or UNICODE characters. Which type of character is present is determined by negotiation between the client and the server. typedef UCHAR BOOLEAN; BOOLEAN indicates a one-byte field in which a value of zero means FALSE and a value of one means TRUE. All other values are invalid. typedef struct { ULONG LowPart; LONG HighPart; } LARGE_INTEGER; LARGE_INTEGER indicates a signed 64-bit integer. typedef struct { ULONG LowTime; LONG HighTime; } TIME; TIME indicates a signed 64-bit integer representing either an absolute time or a time interval. Times are specified in units of 100ns. A positive value expresses an absolute time, where the base time (the 64-bit integer with value 0) is the beginning of the year 1601 AD in the Gregorian calendar. A negative value expresses a time interval relative to some base time, usually the current time. ACCESS_MASK indicates a longword sized structure which can be considered simply as a ULONG containing multiple single rights ORed together. The possible rights are listed in the following section. typedef ULONG SECURITY_INFORMATION; SECURITY_INFORMATION is used to reference the security information associated with an object. typedef USHORT SECURITY_DESCRIPTOR_CONTROL; SECURITY_DESCRIPTOR_CONTROL is used to specify fields containing security descriptor control flags. typedef ULONG DEVICE_TYPE; DEVICE_TYPE is used to contain NT device type values. 4.2 Symbolic Constants The following symbolic constants are used in this specification: // SMB command codes #define SMB_COM_NT_TRANSACT 0xA0 #define SMB_COM_NT_TRANSACT_SECONDARY 0xA1 #define SMB_COM_NT_CREATE_ANDX 0xA2 #define SMB_COM_NT_CANCEL 0xA4 #define SMB_COM_NO_ANDX_COMMAND 0xFF // NT Transaction function codes #define NT_TRANSACT_CREATE 1 #define NT_TRANSACT_IOCTL 2 #define NT_TRANSACT_SET_SECURITY_DESC 3 #define NT_TRANSACT_NOTIFY_CHANGE 4 #define NT_TRANSACT_RENAME 5 #define NT_TRANSACT_QUERY_SECURITY_DESC 6 // SMB Header Flags2 field bits #define SMB_FLAGS2_KNOWS_LONG_NAMES 0x0001 #define SMB_FLAGS2_KNOWS_EAS 0x0002 #define SMB_FLAGS2_IS_LONG_NAME 0x0040 #define SMB_FLAGS2_PAGING_IO 0x2000 #define SMB_FLAGS2_NT_STATUS 0x4000 #define SMB_FLAGS2_UNICODE 0x8000 // NT extensions to file info levels #define SMB_FIND_FILE_DIRECTORY_INFO 0x101 #define SMB_FIND_FILE_FULL_DIRECTORY_INFO 0x102 #define SMB_FIND_FILE_NAMES_INFO 0x103 #define SMB_FIND_FILE_BOTH_DIRECTORY_INFO 0x104 #define SMB_QUERY_FILE_BASIC_INFO 0x101 #define SMB_QUERY_FILE_STANDARD_INFO 0x102 #define SMB_QUERY_FILE_EA_INFO 0x103 #define SMB_QUERY_FILE_NAME_INFO 0x104 #define SMB_QUERY_FILE_ALLOCATION_INFO 0x105 #define SMB_QUERY_FILE_END_OF_FILEINFO 0x106 #define SMB_QUERY_FILE_ALL_INFO 0x107 #define SMB_QUERY_FILE_ALT_NAME_INFO 0x108 #define SMB_QUERY_FILE_STREAM_INFO 0x109 #define SMB_SET_FILE_BASIC_INFO 0x101 #define SMB_SET_FILE_DISPOSITION_INFO 0x102 #define SMB_SET_FILE_ALLOCATION_INFO 0x103 #define SMB_SET_FILE_END_OF_FILE_INFO 0x104 #define SMB_QUERY_FS_LABEL_INFO 0x101 #define SMB_QUERY_FS_VOLUME_INFO 0x102 #define SMB_QUERY_FS_SIZE_INFO 0x103 #define SMB_QUERY_FS_DEVICE_INFO 0x104 #define SMB_QUERY_FS_ATTRIBUTE_INFO 0x105 // Server/workstation capabilities #define CAP_RAW_MODE 0x0001 #define CAP_MPX_MODE 0x0002 #define CAP_UNICODE 0x0004 #define CAP_LARGE_FILES 0x0008 #define CAP_NT_SMBS 0x0010 #define CAP_RPC_REMOTE_APIS 0x0020 #define CAP_NT_STATUS 0x0040 #define CAP_LEVEL_II_OPLOCKS 0x0080 #define CAP_LOCK_AND_READ 0x0100 // Negotiate response SecurityMode field bits #define NEGOTIATE_USER_SECURITY 0x01 #define NEGOTIATE_ENCRYPT_PASSWORDS 0x02 // (NT) Locking AndX request LockType field bits #define LOCKING_ANDX_SHARED_LOCK 0x01 #define LOCKING_ANDX_OPLOCK_RELEASE 0x02 #define LOCKING_ANDX_CHANGE_LOCKTYPE 0x04 #define LOCKING_ANDX_CANCEL_LOCK 0x08 #define LOCKING_ANDX_LARGE_FILES 0x10 // (NT) Locking AndX request OplockLevel field values #define OPLOCK_BROKEN_TO_NONE 0 #define OPLOCK_BROKEN_TO_II 1 // NT Create Flags bits #define NT_CREATE_REQUEST_OPLOCK 0x02 #define NT_CREATE_REQUEST_OPBATCH 0x04 #define NT_CREATE_OPEN_TARGET_DIR 0x08 // NT Create DesiredAccess (ACCESS_MASK) field bits #define DELETE 0x00010000 #define READ_CONTROL 0x00020000 #define WRITE_DAC 0x00040000 #define WRITE_OWNER 0x00080000 // NT Create DesiredAccess (ACCESS_MASK) field bits #define FILE_READ_DATA 0x0001 #define FILE_LIST_DIRECTORY 0x0001 #define FILE_WRITE_DATA 0x0002 #define FILE_APPEND_DATA 0x0004 #define FILE_READ_EA 0x0008 #define FILE_WRITE_EA 0x0010 #define FILE_EXECUTE 0x0020 #define FILE_TRAVERSE 0x0020 #define FILE_READ_ATTRIBUTES 0x0080 #define FILE_WRITE_ATTRIBUTES 0x0100 // file attribute bits #define FILE_ATTRIBUTE_READONLY 0x01 #define FILE_ATTRIBUTE_HIDDEN 0x02 #define FILE_ATTRIBUTE_SYSTEM 0x04 #define FILE_ATTRIBUTE_VOLUME 0x08 #define FILE_ATTRIBUTE_DIRECTORY 0x10 #define FILE_ATTRIBUTE_ARCHIVE 0x20 #define FILE_ATTRIBUTE_NORMAL 0x80 // file and directory share access rights #define FILE_SHARE_READ 0x01 #define FILE_SHARE_WRITE 0x02 #define FILE_SHARE_DELETE 0x04 // NT Create CreateDisposition values #define FILE_SUPERSEDE 0 #define FILE_OPEN 1 #define FILE_CREATE 2 #define FILE_OPEN_IF 3 #define FILE_OVERWRITE 4 #define FILE_OVERWRITE_IF 5 // NT Create CreateOptions bits #define FILE_DIRECTORY_FILE 0x00000001 #define FILE_WRITE_THROUGH 0x00000002 #define FILE_SEQUENTIAL_ONLY 0x00000004 #define FILE_NON_DIRECTORY_FILE 0x00000040 #define FILE_NO_EA_KNOWLEDGE 0x00000200 #define FILE_EIGHT_DOT_THREE_ONLY 0x00000400 #define FILE_RANDOM_ACCESS 0x00000800 #define FILE_DELETE_ON_CLOSE 0x00001000 // NT Create SecurityFlags bits #define SMB_SECURITY_DYNAMIC_TRACKING 0x01 #define SMB_SECURITY_EFFECTIVE_ONLY 0x02 // NT Create CreateAction return values #define FILE_SUPERSEDED 0 #define FILE_OPENED 1 #define FILE_CREATED 2 #define FILE_OVERWRITTEN 3 #define FILE_EXISTS 4 #define FILE_DOES_NOT_EXIST 5 // NT Create response FileType values typedef enum { FileTypeDisk = 0, FileTypeByteModePipe = 1, FileTypeMessageModePipe = 2, FileTypePrinter = 3, FileTypeCommDevice = 4, FileTypeUnknown = 0xFFFF } FILE_TYPE; // NT Create response DeviceState bits #define DeviceStateBlocking 0x8000 #define DeviceStateEndPoint 0x4000 #define DeviceStatePipeType 0x0C00 #define DeviceStateReadMode 0x0300 #define DeviceStateIcount 0x00FF // NT Notify Directory Change CompletionFilter bits #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040 #define FILE_NOTIFY_CHANGE_EA 0x00000080 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100 // NT Notify Directory Change return Action values #define FILE_ACTION_ADDED 0x00000001 #define FILE_ACTION_REMOVED 0x00000002 #define FILE_ACTION_MODIFIED 0x00000003 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005 // NT Notify Directory Change additional status/error codes #define STATUS_NOTIFY_ENUM_DIR (0x0000010CL) #define ERROR_NOTIFY_ENUM_DIR 1022 // NT RenameFlags bits #define SMB_RENAME_REPLACE_IF_EXISTS 0x01 // NT Set/Query SD Security Information bits #define OWNER_SECURITY_INFORMATION (0X00000001L) #define GROUP_SECURITY_INFORMATION (0X00000002L) #define DACL_SECURITY_INFORMATION (0X00000004L) #define SACL_SECURITY_INFORMATION (0X00000008L) // NT Create ImpersonationLevel values typedef enum { SecurityAnonymous = 0, SecurityIdentification = 1, SecurityImpersonation = 2, SecurityDelegation = 3 } SECURITY_IMPERSONATION_LEVEL; 4.3 Header Format All SMBs start with a standard header. This is the definition for the header: UCHAR Protocol[4]; UCHAR Command; union { struct { UCHAR ErrorClass; UCHAR Reserved; USHORT Error; } DosError; ULONG NtStatus; } Status; UCHAR Flags; USHORT Flags2; USHORT Reserved2[6]; USHORT Tid; USHORT Pid; USHORT Uid; USHORT Mid; Protocol Specifies a "signature" indicating that the message is in the SMB protocol format. The signature value is "0xffSMB". Command Specifies the command code for the first (or only) command in the SMB. Status Specifies, in a response SMB, the status of the last (or only) command in the SMB that was processed by the server. When flag SMB_FLAGS2_NT_STATUS of Flags2 is clear, the DosError part of this union is used, and ErrorClass and Error are as specified in previous versions of the protocol. When flag SMB_FLAGS2_NT_STATUS of Flags2 is set, NtStatus is valid, and is a status code in the standard NT format. Flags Specifies flags. Its usage is the same as in previous versions of the protocol. Flags2 Specifies flags. Its usage is the same as in previous versions of the protocol, with the following additions: SMB_FLAGS2_PAGING_IO When set, indicates that a read will be permitted if the client does not have read permission but does have execute permission. This flag is only useful on a read request. SMB_FLAGS2_NT_STATUS When clear, specifies that the Status field is in DOS format. When set, specifies that the Status field is in NT format. SMB_FLAGS2_UNICODE When clear, specifies that any ASCII_OR_UNICODE strings in this message contain ASCII characters. When set, any such strings contain Unicode characters. Tid, Pid, Uid, Mid Specify the tree, process, user, and multiplex identifiers. Their usage is the same as in previous versions of the protocol. In the command-specific descriptions below, the header portion of the messages is not repeated. Where necessary, specific information about header fields is given. 4.4 Modified SMBs This section defines extensions to existing SMBs. We don't currently list SMBs that change only to allow Unicode strings (essentially all strings in all SMBs except the protocol strings in Negotiate request and the service name string in Tree Connect AndX are Unicode). There should be a list of all such changes, albeit without full descriptions. Note the details concerning Unicode strings in section 3.1.2. 4.4.1 Negotiate The Negotiate command is the first SMB sent on a newly established virtual circuit. It is used to negotiate a protocol level. In the response to the command, the server sends information indicating which optional capabilities it supports. The final step in the negotiation occurs when the client sends a Session Setup And X command. The request format for Negotiate is unchanged from previous versions of the protocol. The response format is changed when the NT SMB protocol is negotiated. The command code for Negotiate is 0x72. The protocol string identifying the NT SMB protocol is "NT LANMAN 1.0". Request Format (not extended) UCHAR WordCount; USHORT ByteCount; struct { UCHAR Format; UCHAR DialectName[]; } Dialects[]; Extended Response Format UCHAR WordCount; 37 USHORT DialectIndex; 39 UCHAR SecurityMode; 40 USHORT MaxMpxCount; 42 USHORT MaxNumberVcs; 44 ULONG MaxBufferSize; 48 ULONG MaxRawSize; 52 ULONG SessionKey; 56 ULONG Capabilities; 60 TIME ServerTime; 68 USHORT ServerTimeZone; 70 UCHAR Reserved; USHORT ByteCount; UCHAR PasswordEncryptionKey[]; WordCount Must contain the value 17. DialectIndex Specifies the array index (within the Dialects array in the request) of the dialect selected by the server. The first entry is index 0. SecurityMode Specifies the following flags: NEGOTIATE_USER_SECURITY When clear, indicates that the server is operating under share-level security. When set, indicates that the server is operating under user-level security. (NT servers always negotiate user-level security.) NEGOTIATE_ENCRYPT_PASSWORDS When clear, indicates that the client should not encrypt passwords. When set, indicates that the client should encrypt passwords. (NT servers always negotiate password encryption.) (Note that the fields from SecurityMode to Reserved are all naturally aligned.) MaxMpxCount Specifies the maximum number of requests the server will allow the client to have active simultaneously. MaxNumberVcs Specifies the maximum number of virtual circuits the server will allow the client to have active to the server. MaxBufferSize Specifies the maximum message size the server can send or receive in a normal SMB. MaxRawSize Specifies the maximum message size the server can send or receive in a raw mode data buffer. SessionKey Specifies the unique identifier for the session assigned by the server. Capabilities Specifies the following flags: CAP_RAW_MODE When set, indicates that the server supports the Read Block Raw and Write Block Raw commands. CAP_MPX_MODE When set, indicates that the server supports the Read Block Multiplexed and Write Block Multiplexed commands. CAP_UNICODE When set, indicates that the server recognizes Unicode strings. CAP_LARGE_FILES When set, indicates that the server supports large files and 64-bit file offsets. CAP_NT_SMBS When set, indicates that the server supports the new SMBs added in this version of the protocol. CAP_RPC_REMOTE_APIS When set, indicates that the server supports remote APIs via RPC. CAP_NT_STATUS When set, indicates that the server recognizes NT-style status codes. CAP_LEVEL_II_OPLOCKS When set, indicates that the server supports level II oplocks. CAP_LOCK_AND_READ When set, indicates that the server can process the LockAndRead and WriteAndUnlock SMBs. This capability is present in older versions of the protocol as a bit in the Flags field in the Negotiate response. In the NT Negotiate response, the old bit is ignored. ServerTime System time of the server. ServerTimeZone Time zone of the server, expressed as minutes from UTC. Reserved Is a reserved field and should be zero. ByteCount Specifies the total length, in bytes, of PasswordEncryptionKey. PasswordEncryptionKey Specifies the password encryption key assigned by the server. 4.4.2 Session Setup And X The Session Setup And X command is the second command sent by the client on a newly established virtual circuit. Although multiple sessions may be set up on a circuit, the first Session Setup And X command carries the final negotiated parameters for the circuit. In the request, there are now two password encodings and their lengths, as well as a new Capabilities field. In the response, there is a new PrimaryDomain field. The command code for Session Setup And X is 0x73. Extended Request Format UCHAR WordCount; UCHAR AndXCommand; UCHAR AndXReserved; USHORT AndXOffset; USHORT MaxBufferSize; USHORT MaxMpxCount; USHORT VcNumber; ULONG SessionKey; USHORT CaseInsensitivePasswordLength; USHORT CaseSensitivePasswordLength; ULONG Reserved; ULONG Capabilities; USHORT ByteCount; UCHAR CaseInsensitivePassword[]; UCHAR CaseSensitivePassword[]; ASCII_OR_UNICODE Accountname[]; ASCII_OR_UNICODE PrimaryDomain[]; ASCII_OR_UNICODE NativeOS[]; ASCII_OR_UNICODE NativeLanMan[]; WordCount Must contain the value 13. AndXCommand Specifies the command code for the next command in the chain, if any. AndXReserved Is a reserved field and should be zero. AndXOffset Specifies the offset to the next command in the chain. MaxBufferSize Specifies the maximum message size the client can receive in a normal SMB. MaxMpxCount Specifies the maximum number of requests the client will have active simultaneously. VcNumber Specifies the virtual circuit number assigned by the client. SessionKey Specifies the unique identifier for the session assigned by the server in the Negotiate response. CaseInsensitivePasswordLength Specifies the length of CaseInsensitivePassword in bytes. CaseSensitivePasswordLength Specifies the length of CaseSensitivePassword in bytes. Reserved Is a reserved field and should be zero. Capabilities Specifies the following flags: CAP_NT_STATUS When set, indicates that the client recognizes NT-style status codes. CAP_LEVEL_II_OPLOCKS When set, indicates that the client supports level II oplocks. CAP_UNICODE When set, indicates that the client recognizes Unicode strings. CAP_LARGE_FILES When set, indicates that the client supports large files and 64-bit file offsets. CAP_NT_SMBS When set, indicates that the client supports the new SMBs added in this version of the protocol. ByteCount Specifies the total length, in bytes, of CaseInsensitivePassword, CaseSensitivePassword, Accountname, PrimaryDomain, NativeOS and NativeLanMan. CaseInsensitivePassword Contains an encrypted representation of the case-insensitive password for the account that is being set up. The plain-text form of the password is in OEM characters. CaseSensitivePassword Contains an encrypted representation of the case-sensitive password for the account that is being set up. The plain-text form of the password is always in Unicode characters. Accountname Specifies the username for the account that is being set up. The string is NUL terminated. PrimaryDomain Specifies the logon domain of the user. This string is NUL terminated. NativeOS Specifies the client operating system. This string is NUL terminated. NativeLanMan Specifies the client LAN Manager type. This string is NUL terminated. Extended Response Format UCHAR WordCount; UCHAR AndXCommand; UCHAR AndXReserved; USHORT AndXOffset; USHORT Action; USHORT ByteCount; ASCII_OR_UNICODE NativeOS[]; ASCII_OR_UNICODE NativeLanMan[]; ASCII_OR_UNICODE PrimaryDomain[]; WordCount Must contain the value 13. AndXCommand Specifies the command code for the next command in the chain, if any. AndXReserved Is a reserved field and should be zero. AndXOffset Specifies the offset to the next command in the chain. Action Request mode. Bit 0 indicates that logon was successful, but as guest. ByteCount Specifies the total length, in bytes of NativeOS, NativeLanMan and PrimaryDomain. NativeOS Specifies the server operating system. This string is NUL terminated. NativeLanMan Specifies the server LAN Manager type. This string is NUL terminated. PrimaryDomain Specifies the logon domain of the user. This string is NUL terminated. 4.4.3 Find First2 When the NT SMB protocol has been negotiated, the Find First2 Transact2 function supports the following additional information classes: o SMB_FIND_FILE_DIRECTORY_INFO Equivalent to FileDirectoryInformation in the NT I/O system. Uses the following response data format. ULONG NextEntryOffset; ULONG FileIndex; LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; LARGE_INTEGER EndOfFile; LARGE_INTEGER AllocationSize; ULONG FileAttributes; ULONG FileNameLength; UNICODE FileName[]; o SMB_FIND_FILE_FULL_DIRECTORY_INFO Equivalent to FileFullDirectoryInformation in the NT I/O system. Uses the following response data format. ULONG NextEntryOffset; ULONG FileIndex; LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; LARGE_INTEGER EndOfFile; LARGE_INTEGER AllocationSize; ULONG FileAttributes; ULONG FileNameLength; ULONG EaSize; UNICODE FileName[]; o SMB_FIND_FILE_NAMES_INFO Equivalent to FileNamesInformation in the NT I/O system. Uses the following response data format. ULONG NextEntryOffset; ULONG FileIndex; ULONG FileNameLength; UNICODE FileName[]; o SMB_FIND_FILE_BOTH_DIRECTORY_INFO Equivalent to FileBothDirectoryInformation in the NT I/O system. Uses the following response data format. ULONG NextEntryOffset; ULONG FileIndex; LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; LARGE_INTEGER EndOfFile; LARGE_INTEGER AllocationSize; ULONG FileAttributes; ULONG FileNameLength; ULONG EaSize; CHAR ShortNameLength; UNICODE ShortName[12]; UNICODE FileName[]; Note that the FileName and ShortName fields in each of these additional information levels are always in Unicode format, even if Unicode is not a negotiated capability for the session. 4.4.4 Query File Information When the NT SMB protocol has been negotiated, the Query File Information Transact2 function supports the following additional information classes: o SMB_QUERY_FILE_BASIC_INFO Equivalent to FileBasicInformation in the NT I/O system. Uses the following response data format. typedef struct { LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; ULONG FileAttributes; } FILE_BASIC_INFORMATION; o SMB_QUERY_FILE_STANDARD_INFO Equivalent to FileStandardInformation in the NT I/O system. Uses the following response data format. typedef struct { LARGE_INTEGER AllocationSize; LARGE_INTEGER EndOfFile; ULONG NumberOfLinks; BOOLEAN DeletePending; BOOLEAN Directory; } FILE_STANDARD_INFORMATION; o SMB_QUERY_FILE_EA_INFO Equivalent to FileEaInformation in the NT I/O system. Uses the following response data format. typedef struct { ULONG EaSize; } FILE_EA_INFORMATION; o SMB_QUERY_FILE_NAME_INFO Equivalent to FileNameInformation in the NT I/O system. Uses the following response data format. typedef struct { ULONG FileNameLength; UNICODE FileName[]; } FILE_NAME_INFORMATION; o SMB_QUERY_FILE_ALLOCATION_INFO Equivalent to FileAllocationInformation in the NT I/O system. Uses the following response data format. typedef struct { LARGE_INTEGER AllocationSize; } FILE_ALLOCATION_INFORMATION; o SMB_QUERY_FILE_END_OF_FILEINFO Equivalent to FileEndOfFileInformation in the NT I/O system. Uses the following response data format. typedef struct { LARGE_INTEGER EndOfFile; } FILE_END_OF_FILE_INFORMATION; o SMB_QUERY_FILE_ALL_INFO Roughly equivalent to FileAllInformation in the NT I/O system. Uses the following response data format. typedef struct { FILE_BASIC_INFORMATION BasicInformation; FILE_STANDARD_INFORMATION StandardInformation; FILE_INTERNAL_INFORMATION InternalInformation; FILE_EA_INFORMATION EaInformation; FILE_ACCESS_INFORMATION AccessInformation; FILE_POSITION_INFORMATION PositionInformation; FILE_MODE_INFORMATION ModeInformation; FILE_ALIGNMENT_INFORMATION AlignmentInformation; FILE_NAME_INFORMATION NameInformation; } FILE_ALL_INFORMATION; where FILE_BASIC_INFORMATION, FILE_STANDARD_INFORMATION, FILE_EA_INFORMATION and FILE_EA_NAME_INFORMATION are as described above, and the remaining types are as follows: typedef struct { LARGE_INTEGER IndexNumber; } FILE_INTERNAL_INFORMATION; typedef struct { ACCESS_MASK AccessFlags; } FILE_ACCESS_INFORMATION; typedef struct { LARGE_INTEGER CurrentByteOffset; } FILE_POSITION_INFORMATION; typedef struct { ULONG Mode; } FILE_MODE_INFORMATION; typedef struct { ULONG AlignmentRequirement; } FILE_ALIGNMENT_INFORMATION; o SMB_QUERY_FILE_ALT_NAME_INFO Equivalent to FileAlternateNameInformation in the NT I/O system. Uses the same response data format as SMB_QUERY_FILE_NAME_INFO above. o SMB_QUERY_FILE_STREAM_INFO Equivalent to FileStreamInformation in the NT I/O system. Uses the following response data format. typedef struct { ULONG NextEntryOffset; LARGE_INTEGER StreamSize; LARGE_INTEGER StreamAllocationSize; ULONG StreamNameLength; UNICODE StreamName[]; } FILE_STREAM_INFORMATION; Note that the FileName field in FILE_NAME_INFORMATION and StreamName field in FILE_STREAM_INFORMATION are always in Unicode format, even if Unicode is not a negotiated capability for the session. 4.4.5 Set File Information When the NT SMB protocol has been negotiated, the Set File Information Transact2 function supports the following additional information classes: o SMB_SET_FILE_BASIC_INFO Equivalent to FileBasicInformation in the NT I/O system. Uses the following request data format. LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; ULONG FileAttributes; o SMB_SET_FILE_DISPOSITION_INFO Equivalent to FileDispositionInformation in the NT I/O system. Uses the following request data format. BOOLEAN DeleteFile; o SMB_SET_FILE_ALLOCATION_INFO Equivalent to FileAllocationInformation in the NT I/O system. Uses the following request data format. LARGE_INTEGER AllocationSize; o SMB_SET_FILE_END_OF_FILE_INFO Equivalent to FileEndOfFileInformation in the NT I/O system. Uses the following request data format. LARGE_INTEGER EndOfFile; 4.4.6 Query Path Information When the NT SMB protocol has been negotiated, the Query Path Information Transact2 function supports the same additional information classes as Query File Information, namely: o SMB_QUERY_FILE_BASIC_INFO o SMB_QUERY_FILE_STANDARD_INFO o SMB_QUERY_FILE_EA_INFO o SMB_QUERY_FILE_NAME_INFO o SMB_QUERY_FILE_ALLOCATION_INFO o SMB_QUERY_FILE_END_OF_FILEINFO o SMB_QUERY_FILE_ALLINFO See the description of Query File Information for the data formats. 4.4.7 Set Path Information When the NT SMB protocol has been negotiated, the Set Path Information Transact2 function supports the same additional information classes as Set File Information, namely: o SMB_SET_FILE_BASIC_INFO o SMB_SET_FILE_DISPOSITION_INFO o SMB_SET_FILE_ALLOCATION_INFO o SMB_SET_FILE_END_OF_FILE_INFO See the description of Set File Information for the data formats. 4.4.8 Query File System Information When the NT SMB protocol has been negotiated, the Query File System Information Transact2 function supports the following additional information classes: o SMB_QUERY_FS_LABEL_INFO Equivalent to FileFsLabelInformation in the NT I/O system. Uses the following response data format. ULONG VolumeLabelLength; UNICODE VolumeLabel[]; o SMB_QUERY_FS_VOLUME_INFO Equivalent to FileFsVolumeInformation in the NT I/O system. Uses the following response data format. LARGE_INTEGER VolumeCreationTime; ULONG VolumeSerialNumber; ULONG VolumeLabelLength; BOOLEAN SupportsObjects; UNICODE VolumeLabel[]; o SMB_QUERY_FS_SIZE_INFO Equivalent to FileFsSizeInformation in the NT I/O system. Uses the following response data format. LARGE_INTEGER TotalAllocationUnits; LARGE_INTEGER AvailableAllocationUnits ULONG SectorsPerAllocationUnit; ULONG BytesPerSector; o SMB_QUERY_FS_DEVICE_INFO Equivalent to FileFsDeviceInformation in the NT I/O system. Uses the following response data format. DEVICE_TYPE DeviceType; ULONG Characteristics; o SMB_QUERY_FS_ATTRIBUTE_INFO Equivalent to FileFsAttributeInformation in the NT I/O system. Uses the following response data format. ULONG FileSystemAttributes; LONG MaximumComponentNameLength; ULONG FileSystemNameLength; UNICODE FileSystemName[]; Note that the VolumeLabel and FileSystemName fields in these additional information levels are always in Unicode format, even if Unicode is not a negotiated capability for the session. 4.4.9 Read And X When the NT SMB protocol has been negotiated, the Read And X command supports the specification of a 64-bit file offset. This is accomplished by allowing the client to increase the WordCount field by two (from 10 to 12) and place the high four bytes of the file offset between the Remaining and ByteCount fields. The server uses the value of WordCount to determine whether a 32-bit or 64-bit offset is present. The response format is not extended. 4.4.10 Write And X When the NT SMB protocol has been negotiated, the Write And X command supports the specification of a 64-bit file offset. This is accomplished by allowing the client to increase the WordCount field by two (from 12 to 14) and place the high four bytes of the file offset between the DataOffset and ByteCount fields. The server uses the value of WordCount to determine whether a 32-bit or 64-bit offset is present. The response format is not extended. 4.4.11 Read Block Raw When the NT SMB protocol has been negotiated, the Read Block Raw command supports the specification of a 64-bit file offset. This is accomplished by allowing the client to increase the WordCount field by two (from 8 to 10) and place the high four bytes of the file offset between the Reserved and ByteCount fields. The server uses the value of WordCount to determine whether a 32-bit or 64-bit offset is present. The response format is not extended. 4.4.12 Write Block Raw When the NT SMB protocol has been negotiated, the Write Block Raw command supports the specification of a 64-bit file offset. This is accomplished by allowing the client to increase the WordCount field by two (from 12 to 14) and place the high four bytes of the file offset between the DataOffset and ByteCount fields. The server uses the value of WordCount to determine whether a 32-bit or 64-bit offset is present. The response format is not extended. 4.4.13 Locking And X This SMB is used to lock and unlock byte ranges. When the NT SMB protocol has been negotiated, the client may specify byte ranges using 64-bit offsets. The Locking And X SMB is also used in breaking oplocks. The server sends a Locking And X SMB with a special bit set to indicate that an oplock is being broken, and the client sends a Locking And X SMB with the same bit set to release the oplock. When the NT SMB protocol has been negotiated, this SMB is extended to allow the server to specify oplock levels, by appropriating the upper byte of LockType for the new OplockLevel field. Extended Request Format UCHAR WordCount; UCHAR AndXCommand; UCHAR AndXReserved; USHORT AndXOffset; USHORT Fid; UCHAR LockType; UCHAR OplockLevel; ULONG Timeout; USHORT NumberOfUnlocks; USHORT NumberOfLocks; USHORT ByteCount; LOCK_RANGE Unlocks[]; LOCK_RANGE Locks[]; WordCount Must contain the value 8. AndXCommand Specifies the command code for the next command in the chain, if any. AndXReserved Is a reserved field and should be zero. AndXOffset Specifies the offset to the next command in the chain. Fid Specifies the identifier for the open file instance. LockType Specifies the following flags: LOCKING_ANDX_SHARED_LOCK When clear, indicates that an exclusive lock is being requested. When set, indicates that a shared lock is being requested. LOCKING_ANDX_OPLOCK_RELEASE When set in an unsolicited message from the server, indicates that the oplock previously granted to the client for this file is being broken. The OplockLevel field indicates the new granted oplock level. When this bit is set in a message from the client, it indicates that the client is acknowledging the oplock level change. LOCKING_ANDX_CHANGE_LOCKTYPE When set, indicates that the client wishes to unlock the specified region, and relock it according to the mode specified by the LOCKING_ANDX_SHARED_LOCK bit, atomically. Currently, the NT LAN Manager server does not support this operation. LOCKING_ANDX_CANCEL_LOCK When set, indicatates that the client wishes to cancel the outstanding lock request. This is used to support cancelling of lock request for client which do not support the Cancel SMB. The cancel SMB is the preferred method for cancelling requests. LOCKING_ANDX_LARGEFILES When clear, indicates that the lock ranges are specified using 32-bit offsets. When set, indicates that the lock ranges are specified using 64-bit offsets. OplockLevel Indicates the new oplock level when an existing oplock is being broken. The legal values are OPLOCK_BROKEN_TO_NONE and OPLOCK_BROKEN_TO_II, where OPLOCK_BROKEN_TO_NONE means that the client no longer has an oplock on the file, and OPLOCK_BROKEN_TO_II means that the client now has a multiple-reader oplock. If the client has indicated that it does not understand level II oplocks, the server will always specify OPLOCK_BROKEN_TO_NONE in this field when breaking an oplock. Timeout Specifies the amount of time to wait for the specified locks to be granted. NumberOfUnlocks Specifies the number of unlock ranges that are specified in UnlockRanges. NumberOfLocks Specifies the number of lock ranges that are specified in LockRanges. ByteCount Specifies the total size, in bytes, of the UnlockRanges and LockRanges fields. UnlockRanges Supplies zero or more ranges of existing locks that are to be released. When LOCKING_ANDX_LARGE_FILES is clear, the ranges are specified in the 32-bit lock range format given below. When LOCKING_ANDX_LARGE_FILES is set, the ranges are specified in the 64-bit lock range format given below. LockRanges Supplies zero or more ranges of locks that are to be obtained. When LOCKING_ANDX_LARGE_FILES is clear, the ranges are specified in the 32-bit lock range format given below. When LOCKING_ANDX_LARGE_FILES is set, the ranges are specified in the 64-bit lock range format given below. Response Format (not extended) UCHAR WordCount; UCHAR AndXCommand; UCHAR AndXReserved; USHORT AndXOffset; USHORT ByteCount; 32-bit Lock Range Format (not extended) USHORT Pid; ULONG Offset; ULONG Length; 64-bit Lock Range Format (new) USHORT Pid; USHORT Pad; LARGE_INTEGER Offset; ULONG Length; 4.5 New SMBs This section defines SMBs that are new in this version of the protocol. Clients are allowed to send these SMBs only if the server indicates that it supports them in the Negotiate response. 4.5.1 NT Transact The NT Transact SMB is used for commands that potentially need to transfer a large amount of data (greater than the negotiated buffer size). NT Transact operates in the same way as the original Transact. See Microsoft Networks SMB File Sharing Protocol Extensions Version 2.0 for a detailed description of Transact. The command code for the NT Transact primary SMB is SMB_COM_NT_TRANSACT. The command code for the NT Transact secondary SMB is SMB_COM_NT_TRANSACT_SECONDARY. The interim response format has command code SMB_COM_NT_TRANSACT and is only ever returned in response to a primary request. The response format can have either SMB_COM_NT_TRANSACT or SMB_COM_NT_TRANSACT_SECONDARY as its command code and is returned in reponse to either a primary or secondary request. Interim responses and primary responses are distinguished by the value of the WordCount field. Primary Request Format UCHAR WordCount; UCHAR MaxSetupCount; USHORT Flags; ULONG TotalParameterCount; ULONG TotalDataCount; ULONG MaxParameterCount; ULONG MaxDataCount; ULONG ParameterCount; ULONG ParameterOffset; ULONG DataCount; ULONG DataOffset; UCHAR SetupCount; USHORT Function; USHORT Setup[]; USHORT ByteCount; UCHAR Pad1[]; UCHAR Parameters[]; UCHAR Pad2[]; UCHAR Data[]; WordCount The number of words following. Must be equal to 19 + SetupCount. MaxSetupCount Specifies the maximum number of setup words that the server may return in the response. Flags Specifies flags. None are currently defined. TotalParameterCount Specifies the total number of parameter bytes that are being sent in the request. TotalDataCount Specifies the total number of data bytes that are being sent in the request. MaxParameterCount Specifies the maximum number of parameter bytes that the server may return in the response. MaxDataCount Specifies the maximum number of data bytes that the server may return in the response. ParameterCount Specifies the number of parameter bytes that are present in this SMB. ParameterOffset Specifies the offset from the start of the SMB header to the parameter bytes. DataCount Specifies the number of data bytes that are present in this SMB. DataOffset Specifies the offset from the start of the SMB header to the data bytes. SetupCount Specifies the number of setup words in the request. Function Specifies the transaction function code. Setup Supplies setup words, the contents of which are interpreted based on the function code. ByteCount The number of bytes following. Pad1 Zero to three pad bytes to align Parameters on a four-byte boundary. The pad bytes should be zero. If ParameterCount is zero, Pad1 is not present. Parameters ParameterCount parameter bytes. Pad2 Zero to three pad bytes to align Data on a four-byte boundary. The pad bytes should be zero. If DataCount is zero, Pad2 is not present. Data DataCount data bytes. Interim Response Format UCHAR WordCount; USHORT ByteCount; WordCount Must contain the value 0. ByteCount Must contain the value 0. Secondary Request Format UCHAR WordCount; UCHAR Reserved1; USHORT Reserved2; ULONG TotalParameterCount; ULONG TotalDataCount; ULONG ParameterCount; ULONG ParameterOffset; ULONG ParameterDisplacement; ULONG DataCount; ULONG DataOffset; ULONG DataDisplacement; UCHAR Reserved3; USHORT ByteCount; UCHAR Pad1[]; UCHAR Parameters[]; UCHAR Pad2[]; UCHAR Data[]; WordCount Must contain the value 18. Reserved1 Is a reserved field and should be zero. Reserved2 Is a reserved field and should be zero. TotalParameterCount Specifies the total number of parameter bytes that are being sent in the request. TotalDataCount Specifies the total number of data bytes that are being sent in the request. ParameterCount Specifies the number of parameter bytes that are present in this SMB. ParameterOffset Specifies the offset from the start of the SMB header to the parameter bytes. ParameterDisplacement Specifies the offset from the start of the overall parameter block to the parameter bytes that are contained in this message. DataCount Specifies the number of data bytes that are present in this SMB. DataOffset Specifies the offset from the start of the SMB header to the data bytes. DataDisplacement Specifies the offset from the start of the overall data block to the data bytes that are contained in this message. Reserved3 Is a reserved field and should be zero. ByteCount The number of bytes following. Pad1 Zero to three pad bytes to align Parameters on a four-byte boundary. The pad bytes should be zero. If ParameterCount is zero, Pad1 is not present. Parameters ParameterCount parameter bytes. Pad2 Zero to three pad bytes to align Data on a four-byte boundary. The pad bytes should be zero. If DataCount is zero, Pad2 is not present. Data DataCount data bytes. Response Format UCHAR WordCount; UCHAR Reserved1; USHORT Reserved2; ULONG TotalParameterCount; ULONG TotalDataCount; ULONG ParameterCount; ULONG ParameterOffset; ULONG ParameterDisplacement; ULONG DataCount; ULONG DataOffset; ULONG DataDisplacement; UCHAR SetupCount; USHORT Setup[]; USHORT ByteCount; UCHAR Pad1[]; UCHAR Parameters[]; UCHAR Pad2[]; UCHAR Data[]; WordCount Must contain the value 18 + SetupCount. Reserved1 Is a reserved field and should be zero. Reserved2 Is a reserved field and should be zero. TotalParameterCount Specifies the total number of parameter bytes that are being sent in the response. TotalDataCount Specifies the total number of data bytes that are being sent in the response. ParameterCount Specifies the number of parameter bytes that are present in this SMB. ParameterOffset Specifies the offset from the start of the SMB header to the parameter bytes. ParameterDisplacement Specifies the offset from the start of the overall parameter block to the parameter bytes that are contained in this message. DataCount Specifies the number of data bytes that are present in this SMB. DataOffset Specifies the offset from the start of the SMB header to the data bytes. DataDisplacement Specifies the offset from the start of the overall data block to the data bytes that are contained in this message. SetupCount Specifies the number of setup words in the response. Setup Supplies setup words, the contents of which are interpreted based on the function code. ByteCount The number of bytes following. Pad1 Zero to three pad bytes to align Parameters on a four-byte boundary. The pad bytes should be zero. If ParameterCount is zero, Pad1 is not present. Parameters ParameterCount parameter bytes. Pad2 Zero to three pad bytes to align Data on a four-byte boundary. The pad bytes should be zero. If DataCount is zero, Pad2 is not present. Data DataCount data bytes. 4.5.2 NT Create And X The NT Create And X command is used to create or open a file or a directory. When EAs or an SD must be applied to the file, the NT Transact function Create With SD Or EAs is used. The command code for NT Create And X is SMB_COM_NT_CREATE_ANDX. Request Format UCHAR WordCount; UCHAR AndXCommand; UCHAR AndXReserved; USHORT AndXOffset; UCHAR Reserved1; USHORT NameLength; ULONG Flags; ULONG RootDirectoryFid; ACCESS_MASK DesiredAccess; LARGE_INTEGER AllocationSize; ULONG FileAttributes; ULONG ShareAccess; ULONG CreateDisposition; ULONG CreateOptions; ULONG ImpersonationLevel; UCHAR SecurityFlags; USHORT ByteCount; ASCII_OR_UNICODE Name[]; WordCount Must contain the value 24. AndXCommand Specifies the command code for the next command in the chain, if any. AndXReserved Is a reserved field and should be zero. AndXOffset Specifies the offset to the next command in the chain. Reserved1 Is a reserved field, and should be zero. Its purpose is to align the following fields on natural boundaries. NameLength Specifies the length of the Name field, in bytes. Note that this structure can't handle very long file names (approaching 4K), because we don't allow the name to be sent as data. The NT Create With SD Or EAs transaction must be used for very long names. Flags Specifies the following flags: NT_CREATE_REQUEST_OPLOCK When set, the client is requesting an oplock. NT_CREATE_REQUEST_OPBATCH When set, the client is requesting a batch mode oplock. NT_CREATE_OPEN_TARGET_DIR Equivalent to IO_OPEN_TARGET_DIRECTORY in the NT I/O system. RootDirectoryFid Specifies the FID for a previously opened directory. If this field is not zero, the file name specified in Name is interpreted relative to the specified root directory. If this field is zero, the file name is interpreted relative to the root of the shared resource. Note that RootDirectoryFid is subject to change format. While currently 32 bits, it may be changed to a 16 bit field (consistent with Fid fields in other SMBs) and a 16 bit reserved field. DesiredAccess Specifies the type of access that the caller requires to the file. The following access types are defined: DELETE The file may be deleted. READ_CONTROL The SD and ownership information associated with the file may be read. WRITE_DAC The discretionary SD associated with the file may be written. WRITE_OWNER Ownership information associated with the file may be written. FILE_READ_DATA Data may be read from the file. FILE_WRITE_DATA Data may be written to the file. FILE_EXECUTE Data may be faulted into memory from the file via paging I/O. FILE_APPEND_DATA Data may only be appended to the file. FILE_READ_ATTRIBUTES File attributes flags may be read. FILE_WRITE_ATTRIBUTES File attributes flags may be written. FILE_READ_EA Extended attributes associated with the file may be read. FILE_WRITE_EA Extended attributes associated with the file may be written. If the file being created or opened is a directory file, as specified in the CreateOptions field, then the following additional types of access may be requested: FILE_LIST_DIRECTORY Files in the directory may be listed. FILE_TRAVERSE The directory may be traversed. That is, it may be in the pathname of a file. FILE_READ_DATA, FILE_WRITE_DATA, FILE_EXECUTE, and FILE_APPEND_DATA accesses are not valid when creating or opening a directory file. AllocationSize Specifies the initial allocation size of the file, in bytes. This field is ignored unless the file is created, overwritten, or superseded. FileAttributes Specifies the file attributes for the file. Any combination of flags is acceptable except that all other flags override the normal file attribute, FILE_ATTRIBUTE_NORMAL. File attributes are only applied to the file if it is created, superseded, or, in some cases, overwritten. See the description in the text below for more details. The following attribute flags are defined: FILE_ATTRIBUTE_NORMAL A normal file should be created. FILE_ATTRIBUTE_READONLY A read-only file should be created. FILE_ATTRIBUTE_HIDDEN A hidden file should be created. FILE_ATTRIBUTE_SYSTEM A system file should be created. FILE_ATTRIBUTE_ARCHIVE The file should be marked so that it will be archived. FILE_ATTRIBUTE_CONTROL A control file should be created. ShareAccess Specifies the type of share access that the caller would like to the file. The following share access flags are defined: FILE_SHARE_READ Other open operations may be performed on the file for read access. FILE_SHARE_WRITE Other open operations may be performed on the file for write access. FILE_SHARE_DELETE Other open operations may be performed on the file for delete access. CreateDisposition - Specifies the actions to be taken if the file does or does not already exist. The following disposition values are defined: FILE_SUPERSEDE Indicates that if the file already exists then it should be superseded by the specified file. If it does not already exist then it should be created. FILE_CREATE Indicates that if the file already exists then the operation should fail. If the file does not already exist then it should be created. FILE_OPEN Indicates that if the file already exists it should be opened rather than creating a new file. If the file does not already exist then the operation should fail. FILE_OPEN_IF Indicates that if the file already exists, it should be opened. If the file does not already exist then it should be created. FILE_OVERWRITE Indicates that if the file already exists it should be opened and overwritten. If the file does not already exist then the operation should fail. FILE_OVERWRITE_IF Indicates that if the file already exists it should be opened and overwritten. If the file does not already exist then it should be created. CreateOptions Specifies the options that should be used when creating or opening the file. The following options are defined: FILE_DIRECTORY_FILE On a create operation, indicates that the file being created is a directory file. On an open operation, indicates that the file being opened must be a directory file. FILE_NON_DIRECTORY_FILE On a create operation, indicates that the file being created is not a directory file. On an open operation, indicates that the file being opened must not be a directory file. FILE_WRITE_THROUGH Indicates that services that write data to the file must actually write the data to the file before the operation is considered to be complete. Note that the FILE_NO_INTERMEDIATE_BUFFERING option is not exported via the SMB protocol. The NT redirector should convert this option to FILE_WRITE_THROUGH. FILE_SEQUENTIAL_ONLY Indicates that the file will only be accessed sequentially. FILE_OPEN_LINK Indicates that if the last component of the file name is a symbolic link that the link should be opened rather than chased. FILE_OPEN_UNKNOWN_OBJECT Indicates that if an object that is unknown to the file system is encountered, that it should be opened rather than skipped over. FILE_NO_EA_KNOWLEDGE Indicates that the client does not understand extended attributes. FILE_EIGHT_DOT_THREE_ONLY Indicates that the client understands only 8.3 style filenames. FILE_RANDOM_ACCESS Hints that the file is going to be accessed randomly, permitting the server to optimize its behaviour for that case. FILE_DELETE_ON_CLOSE Indicates that the file is to be deleted when closed. ImpersonationLevel Specifies the security impersonation level. Must be one of the following values. See the Distributed System Architecture, Subject Security Context Specification for a description of their meanings. SecurityAnonymous SecurityIdentification SecurityImpersonation SecurityDelegation SecurityFlags Specifies the following security flags. See the Distributed System Architecture, Subject Security Context Specification for a detailed description of their meanings. The following flag values are defined: SMB_SECURITY_DYNAMIC_TRACKING SMB_SECURITY_EFFECTIVE_ONLY ByteCount Specifies the length of the byte parameters for the request. Name Supplies the name of the file to be created or opened. The name is in either ASCII format or Unicode format, depending on the state of flag SMB_FLAGS2_UNICODE of Flags2 in the SMB header. The client may use Unicode only if the server indicates in the Negotiate response that it supports Unicode. Note that the name string is not NUL-terminated. Response Format UCHAR WordCount; UCHAR AndXCommand; UCHAR AndXReserved; USHORT AndXOffset; UCHAR OplockLevel; USHORT Fid; ULONG CreateAction; TIME CreationTime; TIME LastAccessTime; TIME LastWriteTime; TIME ChangeTime; ULONG FileAttributes; LARGE_INTEGER AllocationSize; LARGE_INTEGER EndOfFile; USHORT FileType; USHORT DeviceState; BOOLEAN Directory; USHORT ByteCount; WordCount Must contain the value 34. AndXCommand Specifies the command code for the next command in the chain, if any. AndXReserved Is a reserved field and should be zero. AndXOffset Specifies the offset to the next command in the chain. OplockLevel Specifies the level of opportunistic lock granted to the opener. Fid Specifies the identifier for the open file instance. CreateAction Specifies the action taken with respect to creating or opening the file. This field is valid only if the operation was successful. The following action codes are defined: FILE_SUPERSEDED The file existed and was superseded. FILE_CREATED The file did not exist and was created. FILE_OPENED The file existed and was opened. FILE_OVERWRITTEN The file existed and was overwritten. FILE_EXISTS The file existed. FILE_DOES_NOT_EXIST The file does not exist. CreationTime Specifies the time the file was created. LastAccessTime Specifies the time the file was last accessed. LastWriteTime Specifies the time the file was last written. ChangeTime Specifies the time the file was last changed. FileAttributes Specifies the file's attributes. For a description of this field, see the description of FileAttributes in the request format above. AllocationSize Specifies the number of bytes allocated to the file. EndOfFile Specifies the end-of-file offset for the file. FileType Specifies the type of the file. Possible values are the same as for the like-named field in the SMB Open And X command response format: FileTypeDisk Indicates a disk file or directory as defined in the FileAttributes field. FileTypeByteModePipe Indicates a named pipe. FileTypeMessageModePipe Indicates a named pipe in message mode. FileTypePrinter Indicates a printer device. FileTypeCommDevice Indicates a communications device. DeviceState If FileType is FileTypeByteModePipe or FileTypeMessageModePipe, this field indicates the state of the IPC device. Otherwise, this field contains garbage. When valid, possible flag values are the same as for the like-named field in the SMB Open And X command response format: DeviceStateBlocking If set, indicates that reads and writes return immediately if no data is available. If clear, reads and writes block if no data is available. DeviceStateEndPoint If set, indicates the server end of the pipe. If clear, indicates the consumer end of the pipe. DeviceStatePipeType This is a two-bit field. 00 indicates a byte stream pipe. 01 indicates a message pipe. Other values are undefined. DeviceStateReadMode This is a two-bit field. 00 indicates that the pipe is to be read as a byte stream. 01 indicates that messages are to be read from the pipe. Other values are undefined. DeviceStateIcount This is an eight-bit count to control pipe instancing, and is currently not applicable. Directory Indicates whether the file is a directory. Detailed Description The NT Create And X command service either causes a new file (or directory) to be created, or it opens an existing file or device. The action taken is dependent on the name of the object being opened, whether the object already existed, and the specified create disposition value. A file handle is returned that can be used by subsequent service calls to manipulate the file itself or the data within the file. If FILE_APPEND_DATA is the only desired-access flag specified, then the caller can only write to the end of the file. Any offset information on writes to the file is ignored. The file will automatically be extended as necessary for these types of write operations. Specifying the FILE_WRITE_DATA desired-access flag for a file also allows writes beyond the end of the file to occur. The file is also automatically extended for these types of writes as well. Access to a file may be shared among separate cooperating processes or threads by requesting that the file system open the file for shared access. This is accomplished through the flags in the ShareAccess field. Provided that both file openers have the privilege to access the file in the specified manner, the file can be successfully opened and shared. If the caller does not specify FILE_SHARE_READ, FILE_SHARE_WRITE, or FILE_SHARE_DELETE, then no other open operations may be performed on the file. In order for the file to be successfully opened, the requested access mode to the file must be compatible with the way in which other opens to the file have been made. That is, the desired access mode to the file must not conflict with the accesses that other openers of the file have disallowed. The FILE_SUPERSEDE disposition value specifies that if the file does not already exist, it is to be created. If the file already exists, then it should be superseded. Superseding a file requires that the accessor have delete access to the existing file. That is, the existing file is effectively deleted and then recreated. This implies that if someone else already has the file open, they have specified that the file may be deleted by another file opener. This is done by specifying ShareAccess with the FILE_SHARE_DELETE flag set. The FILE_OVERWRITE_IF disposition value is much like the FILE_SUPERSEDE disposition value. If the file exists, then it will be overwritten; if it does not already exist then it will be created. Overwriting a file is semantically equivalent to a supersede operation except that it requires write access to the file rather than delete access. That is, the requestor must have write access to the file and if someone else already has the file open, they must have specified that the file may be written by another file opener. This is done by specifying a ShareAccess parameter with the FILE_SHARE_WRITE flag set. Another difference between an overwrite and a supersede is that the specified file attributes are logically OR'd with those already on the file. That is, the caller may not turn off any flags already set in the attributes but may turn others on. The FILE_OVERWRITE disposition value performs exactly the same operation as a FILE_OVERWRITE_IF, except that if the file does not already exist the operation will fail. The FILE_OPEN_LINK option specifies that if the last component of a pathname is a symbolic link, then the link file itself should be opened rather than chasing it. A symbolic link is a file identified by the following characteristics: o The file's FILE_ATTRIBUTE_CONTROL attribute flag is set. o The file has an EA whose name is ".FAMILY_IDS" and whose value has a type of EAT_FAMILY, a family count of one, and a family ID of 42. o The file has an EA whose name is "SYMBOLIC_LINK_VALUE" and whose value is the fully qualified pathname to the target file. The FILE_OPEN_LINK option may be used to open a file that represents a DFS exit path as well, provided that the file is the last component of the pathname. A DFS exit path is a file identified by the following characteristics: o The file's FILE_ATTRIBUTE_CONTROL attribute flag is set. o The file has an EA whose name is ".FAMILY_IDS" and whose value has a type of EAT_FAMILY, a family count of one, and a family ID of 69. The FILE_OPEN_UNKNOWN_OBJECT option specifies that if the file system encounters a file in the file name path that has its FILE_ATTRIBUTE_CONTROL attribute flag set, but whose other characteristics do not match one of the symbolic link or DFS exit path descriptions above, then the file should be opened rather than continuing the pathname search. If this type of file is encountered and the option is specified, then the response field CreateAction is set to FILE_OPENED_UNKNOWN_OBJECT. The Query File Information command may be used to obtain the remainder of the unparsed file name string. When opening a named pipe file, the Name field of the request should contain only the name of the relative name of the pipe. This contrasts the Open AndX and Open2 SMBs in which the pipe name is prepended by the string "\PIPE\". 4.5.3 NT Create With Security Descriptor Or EAs The NT Create With SD Or EAs command is used to create or open a file or a directory, when EAs or an SD must be applied to the file. NT Create With SD Or EAs is implemented as an NT Transact function. The function code for NT Create With SD Or EAs is NT_TRANSACT_CREATE. Request Setup Format None. Request Parameters Format ULONG Flags; ULONG RootDirectoryFid; ACCESS_MASK DesiredAccess; LARGE_INTEGER AllocationSize; ULONG FileAttributes; ULONG ShareAccess; ULONG CreateDisposition; ULONG CreateOptions; ULONG SecurityDescriptorLength; ULONG EaLength; ULONG NameLength; ULONG ImpersonationLevel; UCHAR SecurityFlags; ASCII_OR_UNICODE Name[]; Flags Specifies flags. See the description of the like-named field in NT Create And X for the list of valid flags. RootDirectoryFid Specifies the FID for a previously opened directory. If this field is not zero, the file name specified in Name is interpreted relative to the specified root directory. If this field is zero, the file name is interpreted relative to the root of the shared resource. Note that RootDirectoryFid is subject to change format. While currently 32 bits, it may be changed to a 16 bit field (consistent with Fid fields in other SMBs) and a 16 bit reserved field. DesiredAccess Specifies the type of access that the caller requires to the file. See the description of NT Create And X for the list of valid access types. AllocationSize Specifies the initial allocation size of the file, in bytes. This field is ignored unless the file is created, overwritten, or superseded. FileAttributes Specifies the file attributes for the file. See the description of NT Create And X for the list of valid file attributes. ShareAccess Specifies the type of share access that the caller would like to the file. See the description of NT Create And X for the list of valid share access types. CreateDisposition - Specifies the actions to be taken if the file does or does not already exist. See the description of NT Create And X for the list of valid actions. CreateOptions Specifies the options that should be used when creating or opening the file. See the description of NT Create And X for the list of valid options. SecurityDescriptorLength Specifies the total length in bytes of the security descriptor that should be set on the file, if it is created. The setting of the SD is done as an atomic operation with the creation of the file. EaLength Specifies the total length in bytes of the list of EAs that should be set on the file if it is created. The setting of the EAs is done as an atomic operation with the creation of the file. NameLength Specifies the length of the Name field, in bytes. ImpersonationLevel Specifies the security impersonation level. See the description of NT Create And X for the list of valid values. SecurityFlags Specifies flags. See the description of NT Create And X for the list of valid flags. Name Supplies the name of the file to be created or opened. The name is in either ASCII format or Unicode format, depending on the state of flag SMB_FLAGS2_UNICODE of Flags2 in the SMB header. The client may use Unicode only if the server indicates in the Negotiate response that it supports Unicode. Note that the name string is not NUL-terminated. Request Data Format UCHAR SecurityDescriptor[]; UCHAR Padding[]; UCHAR EaList[]; SecurityDescriptor The security descriptor to be applied to the file, if it is created. The length of the SD is indicated by the SecurityDescriptorLength parameter. If SecurityDescriptorLength is zero, the SecurityDescriptor and Padding fields are not present. The format of SecurityDescriptor is the self-relative format described in the Distributed System Architecture, Object Security Architecture specification. Padding Zero to three bytes of padding, to align the EaList field on a four-byte boundary. If either of SecurityDescriptorLength or EaLength is zero, this field is not present. EaList The list of EAs to be applied to the file, if it is created. The length of the EA list is indicated by the EaLength parameter. If EaLength is zero, the Padding and EaList fields are not present. The format of EaList is the same as that for FileFullEaInformation in the NT I/O system. Response Setup Format None. Response Parameters Format UCHAR OplockLevel; UCHAR Reserved; USHORT Fid; ULONG CreateAction; ULONG EaErrorOffset; TIME CreationTime; TIME LastAccessTime; TIME LastWriteTime; TIME ChangeTime; ULONG FileAttributes; LARGE_INTEGER AllocationSize; LARGE_INTEGER EndOfFile; USHORT FileType; USHORT DeviceState; BOOLEAN Directory; OplockLevel Specifies the level of opportunistic lock granted to the opener. Reserved Is a reserved field, and should be zero. Fid Specifies the identifier for the open file instance. CreateAction Specifies the action taken with respect to creating or opening the file. This field is valid only if the operation was successful. See the description of NT Create And X for the list of valid actions. EaErrorOffset Specifies the offset in bytes into the input EA list of the EA that was invalid. This field is valid only when the input EA list is invalid. Need to define which status codes imply that EaErrorOffset is valid. CreationTime Specifies the time the file was created. LastAccessTime Specifies the time the file was last accessed. LastWriteTime Specifies the time the file was last written. ChangeTime Specifies the time the file was last changed. FileAttributes Specifies the file's attributes. For a description of this field, see the description of FileAttributes in the NT Create And X request format above. AllocationSize Specifies the number of bytes allocated to the file. EndOfFile Specifies the end-of-file offset for the file. FileType Specifies the type of the file. See the description of NT Create And X for the list of valid file types. DeviceState Indicates the state of an IPC device. See the description of NT Create And X for the details of this field. Directory Indicates whether the file is a directory. Response Data Format None. Detailed Description The NT Create With SD Or EAs command is semantically identical to the NT Create And X command, with the following additions: If a security descriptor is supplied, then the SD is applied to the file as an atomic operation. Note that the SD is only set on the file if the file is created, superseded, or overwritten. If setting the SD on the file incurs an error, then the file is not created and an appropriate error is returned. The security descriptor is a structure of type SECURITY_DESCRIPTOR: typedef struct { UCHAR Revision; UCHAR Reserved; SECURITY_DESCRIPTOR_CONTROL Control; PSID Owner; PSID Group; PACL Sacl; PACL Dacl; } SECURITY_DESCRIPTOR; Revision Contains the revision level of the security descriptor. This allows this structure to be passed between systems or stored on disk even though it is expected to change in the future. The current revision is 1. Reserved Should be zero. Control A set of flags which qualify the meaning of the security descriptor or individual fields of the security descriptor. SE_OWNER_DEFAULTED This boolean flag, when set, indicates that the SID pointed to by the Owner field was provided by a defaulting mechanism rather than explicitly provided by the original provider of the security descriptor. This may affect the treatment of the SID with respect to inheritence of an owner. SE_GROUP_DEFAULTED This boolean flag, when set, indicates that the SID in the Group field was provided by a defaulting mechanism rather than explicitly provided by the original provider of the security descriptor. This may affect the treatment of the SID with respect to inheritence of a primary group. SE_DACL_PRESENT This boolean flag, when set, indicates that the security descriptor contains a discretionary ACL. If this flag is set and the Dacl field of the security descriptor is null, then a null ACL is explicitly being specified. SE_DACL_DEFAULTED This boolean flag, when set, indicates that the ACL pointed to by the Dacl field was provided by a defaulting mechanism rather than explicitly provided by the original provider of the security descriptor. This may affect the treatment of the ACL with respect to inheritence of an ACL. This flag is ignored if the SE_DACL_PRESENT flag is not set. SE_SACL_PRESENT This boolean flag, when set, indicates that the security descriptor contains a system ACL pointed to by the Sacl field. If this flag is set and the Sacl field of the security descriptor is null, then an empty (but present) ACL is being specified. SE_SACL_DEFAULTED This boolean flag, when set, indicates that the ACL pointed to by the Sacl field was provided by a defaulting mechanism rather than explicitly provided by the original provider of the security descriptor. This may affect the treatment of the ACL with respect to inheritence of an ACL. This flag is ignored if the SE_SACL_PRESENT flag is not set. SE_SELF_RELATIVE This boolean flag, when set, indicates that the security descriptor is in self-relative form. In this form, all fields of the security descriptor are contiguous in memory and all pointer fields are expressed as offsets from the beginning of the security descriptor. This flag should always be set in security descriptors within SMBs. Owner is an offset to a SID representing an object's owner. If this field is null, then no owner SID is present in the security descriptor. Group is an offset to a SID representing an object's primary group. If this field is null, then no primary group SID is present in the security descriptor. Sacl is an offset to a system ACL. This field value is only valid if the SE_SACL_PRESENT control flag is set. If the SE_SACL_PRESENT flag is set and this field is null, then a null ACL is specified. Dacl is an offset to a discretionary ACL. This field value is only valid if the SE_DACL_PRESENT control flag is set. If the SE_DACL_PRESENT flag is set and this field is null, then a null ACL (unconditionally granting access) is specified. See Distributed System Architecture, Security IDentifier Architecture Specification and Distributed System Architecture, Access Control List Architecture Specification for the structure of SIDs and ACLs respectively. If a list of EAs is supplied, then those EAs are applied to the file as an atomic operation. Note that the EAs are only set on the file if the file is created, superseded, or overwritten. If setting the EAs on the file incurs an error, then the file is not created, an appropriate error is returned, and the response field EaErrorOffset is set to the offset into the EA buffer of the EA that caused the error. The EA list is a sequence of elements of type FILE_FULL_EA_INFORMATION: typedef struct { ULONG NextEntryOffset; UCHAR Flags; UCHAR EaNameLength; USHORT EaValueLength; ASCIIZ EaName[]; CHAR EaValue[]; } FILE_FULL_EA_INFORMATION; NextEntryOffset Specifies the offset, in bytes, from the start of the current entry to the next entry in the list. If this is the last entry in the list, this field is zero. Each entry in the list must be longword aligned, so NextEntryOffset must be a multiple of four. Flags Specifies flags to be associated with the EA. FILE_NEED_EA is the only flag currently defined. All other flags should be zero. EaNameLength Specifies the length of the EA's name field, excluding the NUL termination character. EaValueLength Specifies the length of the EA's value field. EaName Specifies the name of the EA in ASCII characters. The name is never in Unicode characters. This field is NUL-terminated. EaValue Specifies the value of the EA. Note that this field begins immediately after the name field's NUL termination character, without padding for alignment. 4.5.4 NT I/O Control The NT I/O Control command allows device and file system control functions to be transferred transparently from client to server. This command is implemented as an NT Transact function. The function code for NT I/O Control is NT_TRANSACT_IOCTL. Request Setup Format ULONG FunctionCode; USHORT Fid; BOOLEAN IsFsctl; FunctionCode Specifies the device or file system control code. Fid Specifies the identifier for the open file instance. IsFsctl Indicates whether the command is a device control (FALSE) or a file system control (TRUE). Request Parameters Format The request parameters buffer is the first buffer. Request Data Format The request data buffer is the second buffer. Response Setup Format None. Response Parameters Format The response parameters buffer is the first buffer. Response Data Format The response data buffer is the second buffer. 4.5.5 NT Notify Directory Change The NT Notify Directory Change command is used to monitor changes to a directory. The command completes when a change of the specified type is made in the specified directory. FILE_LIST_DIRECTORY access to the target directory is required. The NT Notify Directory Change command is implemented as an NT Transact function. The function code for NT Notify Directory Change is NT_TRANSACT_NOTIFY_CHANGE. Request Setup Format ULONG CompletionFilter; USHORT Fid; BOOLEAN WatchTree; UCHAR Reserved; CompletionFilter Specifies a set of flags that indicate the types of operations on the directory or on files in the directory that cause the command to complete. The following flags are defined (all undefined flags should be zero): FILE_NOTIFY_CHANGE_FILE_NAME Specifies that the command should complete if a file is added, deleted, or renamed. FILE_NOTIFY_CHANGE_DIR_NAME Specifies that the command should complete if a subdirectory is added, deleted, or renamed. FILE_NOTIFY_CHANGE_ATTRIBUTES Specifies that the command should complete if the attributes of a file or subdirectory are changed. FILE_NOTIFY_CHANGE_SIZE Specifies that the command should complete if the allocation size or the end of file marker for a file are changed. FILE_NOTIFY_CHANGE_LAST_WRITE Specifies that the command should complete if the last write time for a file or subdirectory is changed. FILE_NOTIFY_CHANGE_LAST_ACCESS Specifies that the command should complete if the last access time for a file or subdirectory is changed. FILE_NOTIFY_CHANGE_CREATION Specifies that the command should complete if the creation time for a file or subdirectory is changed. FILE_NOTIFY_CHANGE_EA Specifies that the command should complete if the EAs for a file or subdirectory are changed. FILE_NOTIFY_CHANGE_SECURITY Specifies that the command should complete if the security information for a file or subdirectory is changed Fid Specifies the identifier for the open file instance. The open file must be a directory. WatchTree Specifies whether all changes to files below the directory should also be reported. Reserved Is a reserved field and should be zero. Request Parameters Format None. Request Data Format None. Response Setup Format None. Response Parameters Format The response parameters buffer is the change data. Response Data Format None. Detailed Description The NT Notify Directory Change command notifies the client when the directory specified by Fid is modified. It also returns the name(s) of the file(s) that changed. The command completes once the directory has been modified based on the supplied CompletionFilter. The command is a "single shot" and therefore needs to be reissued to watch for more directory changes. A directory file must be opened before this command may be used. Once the directory is open, this command may be used to begin watching files and subdirectories in the specified directory for changes. The first time the command is issued, the MaxParameterCount field in the NT Transact header determines the size of the buffer that will be used at the server to buffer directory change information between issuances of the NT Notify Directory Change command. When a change that is in the CompletionFilter is made to the directory, the command completes. The names of the files that have changed since the last time the command was issued are returned to the client. The ParameterCount field of the NT Transact response indicates the number of bytes that are being returned. If too many files have changed since the last time the command was issued, then zero bytes are returned and an alternate status code is returned in the Status field of the response. If NT status codes were negotiated, then Status will contain STATUS_NOTIFY_ENUM_DIR. If NT status codes were not negotitated, then ErrorClass will be 1 and Error will be ERROR_NOTIFY_ENUM_DIR, which is a new Win32 error code. The format of the returned data is defined by the following structure: typedef struct { ULONG NextEntryOffset; ULONG Action; ULONG FileNameLength; ASCII_OR_UNICODE FileName[]; } FILE_NOTIFY_INFORMATION; NextEntryOffset Specifies the offset, in bytes, from the start of the current entry to the next entry in the list. If this is the last entry in the list, this field is zero. Each entry in the list must be longword aligned, so NextEntryOffset must be a multiple of four. Action Specifies what happened to cause this entry to be inserted. The following values are possible: FILE_ACTION_ADDED The file was added to the directory. FILE_ACTION_REMOVED The file was removed from the directory. FILE_ACTION_MODIFIED The file was modified. FILE_ACTION_RENAMED_OLD_NAME The file was renamed; this entry supplies the old name. FILE_ACTION_RENAMED_NEW_NAME The file was renamed; this entry supplies the new name. FileNameLength Specifies the length, in bytes, of the name of the file that changed. FileName Specifies the name of the file that changed. The name is in either ASCII format or Unicode format, depending on the state of flag SMB_FLAGS2_UNICODE of Flags2 in the SMB header. The client may use Unicode only if the server indicates in the Negotiate response that it supports Unicode. Note that the name is not null-terminated. If a file is renamed within a single directory, two entries are returned: one specifying the old name of the file and one specifying the new name of the file. If a file is renamed from the directory being monitored to another directory, only a single entry with an Action of FILE_ACTION_REMOVED is returned. If a file is renamed from another directory to the directory being monitored, only a single entry with an Action of FILE_ACTION_ADDED is returned. 4.5.6 NT Cancel The NT Cancel command allows a client to cancel an in-progress request. The request to be canceled is identified by matching the UID/TID/PID/MID combination in the header of the original SMB with those in the Cancel SMB. If the specified request is still in progress at the server when the Cancel request is received, the server cancels the request and sends a response to that request with a distinguished status code. The server does not send a response to the cancel SMB. The command code for NT Cancel is SMB_COM_NT_CANCEL. Request Format UCHAR WordCount; USHORT ByteCount; WordCount Must contain the value 0. ByteCount Must contain the value 0. Response Format UCHAR WordCount; USHORT ByteCount; WordCount Must contain the value 0. ByteCount Must contain the value 0. 4.5.7 NT Query Security Descriptor The NT Query Security Descriptor command allows the client to retrieve the security descriptor on a file. This command is implemented as an NT Transact function. The function code for NT Query Security Descriptor is NT_TRANSACT_QUERY_SECURITY_DESC. Request Setup Format None. Request Parameters Format USHORT Fid; USHORT Reserved; SECURITY_INFORMATION SecurityInformation; Fid Specifies the identifier of the open file instance. Reserved Must contain the value 0. SecurityInformation Flags indicating which security descriptor components are being referenced. OWNER_SECURITY_INFORMATION When set, indicates the owner ID of the object is being referenced. GROUP_SECURITY_INFORMATION When set, indicates the primary group ID of the object is being referenced. DACL_SECURITY_INFORMATION When set, indicates the discretionary ACL of the object is being referenced. SACL_SECURITY_INFORMATION When set, indicates the system ACL of the object is being referenced. Request Data Format None. Response Setup Format None. Response Parameters Format ULONG LengthNeeded; LengthNeeded Specifies the size of the data buffer needed to hold the descriptor data. Response Data Format The response data buffer is the security descriptor. See the description of NT Create with Security Descriptor or EAs for the data format. 4.5.8 NT Set Security Descriptor The NT Set Security Descriptor command allows the client to change the security descriptor on a file. This command is implemented as an NT Transact function. The function code for NT Set Security Descriptor is NT_TRANSACT_SET_SECURITY_DESC. Request Setup Format USHORT Fid; USHORT Reserved; SECURITY_INFORMATION SecurityInformation; Fid Specifies the identifier of the open file instance. Reserved Must contain the value 0. SecurityInformation Flags indicating which security descriptor components are being referenced. See the description of the like-named field in NT Query Security Descriptor. Request Parameters Format None. Request Data Format The request data buffer is the security descriptor. See the description of NT Create with Security Descriptor or EAs for the data format. Response Setup Format None. Response Parameters Format None. Response Data Format None. 4.5.9 NT Rename The NT Rename command allows the client to change the name of a file. This command is implemented as an NT Transact function. The function code for NT Rename is NT_RENAME. Request Setup Format None. Request Parameters Format USHORT Fid; USHORT RenameFlags; ASCII_OR_UNICODE NewName[]; Fid Specifies the identifier of the open file instance. RenameFlags Specifies flags: SMB_RENAME_REPLACE_IF_EXISTS When set, permits overwriting of existing files with the same name as NewName. Name Supplies the name of the file to be created or opened. The name is in either ASCII format or Unicode format, depending on the state of flag SMB_FLAGS2_UNICODE of Flags2 in the SMB header. The client may use Unicode only if the server indicates in the Negotiate response that it supports Unicode. Note that the name string is not null-terminated. The length of the name is TotalParameterCount - sizeof(Fid) - sizeof(RenameFlags). Request Data Format None. Response Setup Format None. Response Parameters Format None. Response Data Format None. 5. Outstanding Issues This section details unresolved issues and questions regarding the NT SMB protocol. 5.1 Network Code Page Do we need to expose client/server/network code page in the protocol, or is it enough to have this available at each node via some other mechanism? 5.2 FileLinkInformation Is adding a link a reasonable candidate for remoting? If so, what restrictions, if any, should be placed on the target name? The I/O specification says that the target name must be fully qualified. What does this mean over the network? 5.3 Flags2 vs. NT Create CreateOptions What happens when the SMB header Flags2 and NT Create AndX CreateOptions fields disagree about long filenames and extended attributes: SMB_FLAGS2_KNOWS_LONG_NAMES vs. FILE_EIGHT_DOT_THREE_ONLY and SMB_FLAGS2_KNOWS_EAS vs FILE_NO_EA_KNOWLEDGE? 5.4 Querying EAs Do we need a new SMB, or can we do everything with the current SMB? Note that NtQueryEaFile is a resumable API, and also allows the caller to start the scan at a specified EA index. 6. Revision History Original (subset) draft, Revision 0.9, March 1, 1991 First widely distributed draft, Revision 1.0, March 15, 1991 Major reduction in scope, Revision 2.0, August 22, 1991 Unknown changes, Revision 2.1, December 10, 1991 Updated to reflect current state of code, Revision 2.2, June 8, 1992 Minor fixes, Revision 2.21, June 11, 1992 Corrections concerning Unicode string alignment and NT Transact responses, Revision 2.22, June 19, 1992 added server CAP_LOCK_AND_READ capability, Revision 2.23, August 10, 1992 corrected SMB File Notify Action values, Revision 2.24, August 11, 1992 added server time fileds to Negotiate Response format, Revision 2.25, August 24, 1992 Microsoft Corporation Company Confidential Microsoft Corporation Company Confidential NT LAN Manager SMB File Sharing Protocol Extensions NT LAN Manager SMB File Sharing Protocol Extensions Microsoft Corporation Company Confidential Microsoft Corporation Company Confidential NT LAN Manager SMB File Sharing Protocol Extensions NT LAN Manager SMB File Sharing Protocol Extensions Microsoft Corporation Company Confidential Microsoft Corporation Company Confidential Microsoft Word 6.0 Normal Heading 1 Heading 2 Heading 3 Heading 4 Heading 5 Heading 6 Default Paragraph Font Prototype (type name) Prototype (proc name) Prototype (direction) Prototype (identifier) Prototype ("Parameters:") Footnote reference character List level 1 List level 2 Parameter values heading Parameter values list Simple list level 1 Simple list level 2 Parameter values subheading Paragraph 8 Parameter values sub-subhead Parameter values sublist Note Note (in level 1 list) Procedure name list List level 3 List level 4 Table of Contents level 5 Normal paragraph + keep next Underlined paragraph Hidden paragraph Paragraph 21 Prototype (declaration) Prototype (parameter list) Proto. (param list,para 2) Prototype (Return Value:) Second paragraph for P4 Table of Contents level 6 Running header Running footer Title page--document name Title page--author name Title page--revision number Paragraph 37 Definition of term Code example Diagram TOC 1 TOC 2 TOC 3 TOC 4 unicode messages smb_header cancel Dan Perry8\\plato\FINAL\SYS\NETWORK\MSNA-NT\SPECS\SMB\SMB-NT01.DOC @testing LPT1: winspool testing Letter N N N testing Letter N N N Times New Roman Symbol Arial Courier Times LinePrinter NT SMB specification NT SMB protocol Dan Perry Dan Perry