Draft-leach-cifs-v1-spec-02

This document is an expired IETF Draft.
It is presented here for historical purposes only.
A copy of the original text only version of this document is also available on this site.


Network Working Group                    Paul J. Leach, Microsoft
INTERNET-DRAFT                           Dilip C. Naik, Microsoft
draft-leach-cifs-v1-spec-02.txt
Category: Informational
Expires September 13, 1997                         March 13, 1997



           A Common Internet File System (CIFS/1.0) Protocol

                           Preliminary Draft

                              (Annotated)

Status of this Memo
[This document is an expired draft.]
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, and
its working groups. Note that other groups may also distribute working
documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or made obsolete by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress".

To learn the current status of any Internet-Draft, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
ftp.isi.edu (US West Coast).

Distribution of this document is unlimited. Please send comments to the
authors at <[email protected]>. Discussion of CIFS is on the mailing
list <[email protected]>; subscribe by sending a message to
<[email protected]> with a body of "subscribe CIFS
[email protected]". There is a CIFS home page at
<http://www.microsoft.com/intdev/cifs>.


Abstract

This document describes the CIFS file sharing protocol, version 1.0.
Client systems use this protocol to request file and print services
from server systems over a network. It is based on the Server Message
Block protocol widely in use by personal computers and workstations
running a wide variety of operating systems.

Table Of Contents

STATUS OF THIS MEMO......................................................1
ABSTRACT.................................................................1
TABLE OF CONTENTS........................................................1
1 INTRODUCTION...........................................................5
 1.1 SUMMARY OF FEATURES.................................................5

Leach, Naik       expires September, 1997          [Page 1] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


  1.1.1  File access.....................................................5
  1.1.2  File and record locking.........................................6
  1.1.3  Safe caching, read-ahead, and write-behind......................6
  1.1.4  File change notification........................................6
  1.1.5  Protocol version negotiation....................................6
  1.1.6  Extended attributes.............................................6
  1.1.7  Distributed replicated virtual volumes..........................6
  1.1.8  Server name resolution independence.............................7
  1.1.9  Batched requests................................................7
2 PROTOCOL OPERATION OVERVIEW............................................7
 2.1 SERVER NAME DETERMINATION...........................................7
 2.2 SERVER NAME RESOLUTION..............................................8
 2.3 SAMPLE MESSAGE FLOW.................................................8
 2.4 MESSAGE FORMAT......................................................9
  2.4.1  Notation........................................................9
  2.4.2  SMB header.....................................................10
 2.5 CIFS PROTOCOL DIALECT NEGOTIATION..................................11
 2.6 MESSAGE TRANSPORT..................................................11
  2.6.1  Connection Establishment.......................................11
  2.6.2  Server-side Connection Procedures..............................12
  2.6.3  Connection Management..........................................12
 2.7 OPPORTUNISTIC LOCKS................................................13
  2.7.1  Exclusive Oplocks..............................................13
  2.7.2  Batch Oplocks..................................................14
  2.7.3  Level II Oplocks...............................................16
 2.8 SECURITY MODEL.....................................................17
 2.9 RESOURCE SHARE/ACCESS EXAMPLE......................................18
 2.10 AUTHENTICATION....................................................19
  2.10.1 Pre NT LM 0.12.................................................20
  2.10.2 NT LM 0.12.....................................................21
 2.11 DISTRIBUTED FILESYSTEM (DFS) SUPPORT..............................21
3 SMB MESSAGE FORMATS AND DATA TYPES....................................22
 3.1 SMB HEADER.........................................................22
  3.1.1  Flags field....................................................22
  3.1.2  Flags2 Field...................................................24
  3.1.3  Tid Field......................................................24
  3.1.4  Pid Field......................................................25
  3.1.5  Mid Field......................................................25
  3.1.6  Status Field...................................................26
  3.1.7  Timeouts.......................................................26
  3.1.8  Data Buffer (BUFFER) and String Formats........................26
 3.2 FILE NAMES.........................................................27
 3.3 WILDCARDS..........................................................28
 3.4 DFS PATHNAMES......................................................28
 3.5 TIME AND DATE ENCODING.............................................29
 3.6 ACCESS MODE ENCODING...............................................30
 3.7 ACCESS MASK ENCODING...............................................31
 3.8 OPEN FUNCTION ENCODING.............................................32
 3.9 OPEN ACTION ENCODING...............................................32
 3.10 FILE ATTRIBUTE ENCODING...........................................33
 3.11 EXTENDED FILE ATTRIBUTE ENCODING..................................33
 3.12 BATCHING REQUESTS ("ANDX" MESSAGES)...............................36
 3.13 "TRANSACTION" STYLE SUBPROTOCOLS..................................37
  3.13.1 SMB_COM_TRANSACTION and SMB_COM_TRANSACTION2 Formats...........38

Leach, Naik       expires September, 1997          [Page 2] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


  3.13.2 SMB_COM_NT_TRANSACTION Formats.................................40
  3.13.3 Functional Description.........................................42
 3.14 VALID SMB REQUESTS BY NEGOTIATED DIALECT..........................46
4 SMB REQUESTS..........................................................47
 4.1 SESSION REQUESTS...................................................48
  4.1.1  NEGOTIATE: Negotiate Protocol..................................48
  4.1.2  SESSION_SETUP_ANDX: Session Setup..............................51
  4.1.3  LOGOFF_ANDX: User Logoff.......................................56
  4.1.4  TREE_CONNECT_ANDX:  Tree Connect...............................56
  4.1.5  TREE_DISCONNECT:  Tree Disconnect..............................59
  4.1.6  TRANS2_QUERY_FS_INFORMATION: Get File System Information.......59
  4.1.7  ECHO: Ping the Server..........................................65
  4.1.8  NT_CANCEL: Cancel request......................................65
 4.2 FILE REQUESTS......................................................66
  4.2.1  NT_CREATE_ANDX: Create or Open File............................66
  4.2.2  NT_TRANSACT_CREATE: Create or Open File with EAs or SD.........69
  4.2.3  CREATE_TEMPORARY: Create Temporary File........................70
  4.2.4  READ_ANDX: Read Bytes..........................................71
  4.2.5  WRITE_ANDX: Write Bytes to file or resource....................72
  4.2.6  LOCKING_ANDX: Lock or Unlock Byte Ranges.......................73
  4.2.7  SEEK: Seek in File.............................................76
  4.2.8  FLUSH: Flush File..............................................78
  4.2.9  CLOSE: Close File..............................................78
  4.2.10 DELETE: Delete File............................................79
  4.2.11 RENAME: Rename File............................................80
  4.2.12 MOVE: Rename File..............................................81
  4.2.13 COPY: Copy File................................................83
  4.2.14 TRANS2_QUERY_PATH_INFORMATION: Get File Attributes given Path..84
  4.2.15 TRANS2_QUERY_FILE_INFORMATION: Get File Attributes Given FID...91
  4.2.16 TRANS2_SET_PATH_INFORMATION: Set File Attributes given Path....91
  4.2.17 TRANS2_SET_FILE_INFORMATION: Set File Attributes Given FID.....93
 4.3 DIRECTORY REQUESTS.................................................94
  4.3.1  DELETE_DIRECTORY: Delete Directory.............................95
  4.3.2  CHECK_DIRECTORY: Check Directory...............................95
  4.3.3  TRANS2_FIND_FIRST2: Search Directory using Wildcards...........96
  4.3.4  TRANS2_FIND_NEXT2: Resume Directory Search Using Wildcards....101
  4.3.5  FIND_CLOSE2: Close Directory Search...........................102
  4.3.6  NT_TRANSACT_NOTIFY_CHANGE: Request Change Notification........102
 4.4 DFS OPERATIONS....................................................104
  4.4.1  TRANS2_GET_DFS_REFERRAL: Retrieve Distributed Filesystem
         Referral......................................................104
  4.4.2  TRANS2_REPORT_DFS_INCONSISTENCY: Inform a server about DFS
         Error.........................................................107
 4.5 PRINT SPOOLING OPERATIONS.........................................107
  4.5.1  OPEN_PRINT_FILE: Create Print Spool file......................107
  4.5.2  GET_PRINT_QUEUE: Get Printer Queue Entries....................108
 4.6 MISCELLANEOUS OPERATIONS..........................................110
  4.6.1  NT_TRANSACT_IOCTL.............................................110
  4.6.2  NT_TRANSACT_QUERY_SECURITY_DESC...............................110
  4.6.3  NT_TRANSACT_SET_SECURITY_DESC.................................111
5 OBSOLESCENT SMB REQUESTS.............................................111

Leach, Naik       expires September, 1997          [Page 3] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


 5.1 CLOSE_PRINT_FILE:  CLOSE AND SPOOL PRINT JOB......................111
 5.2 CREATE: CREATE FILE...............................................112
 5.3 CREATE_DIRECTORY: CREATE DIRECTORY................................113
 5.4 CREATE_NEW: CREATE FILE...........................................113
 5.5 LOCK_AND_READ: LOCK AND READ BYTES................................114
 5.6 LOCK_BYTE_RANGE: LOCK BYTES.......................................115
 5.7 OPEN: OPEN FILE...................................................116
 5.8 OPEN_ANDX:  OPEN FILE.............................................118
 5.9 PROCESS_EXIT: PROCESS EXIT........................................119
 5.10 QUERY_INFORMATION:  GET FILE ATTRIBUTES..........................120
 5.11 QUERY_INFORMATION2: GET FILE INFORMATION.........................120
 5.12 READ: READ FILE..................................................121
 5.13 READ_MPX: READ BLOCK MULTIPLEX...................................122
 5.14 READ_RAW: READ RAW...............................................124
 5.15 SEARCH: SEARCH DIRECTORY USING WILDCARDS.........................126
 5.16 SET_INFORMATION: SET FILE ATTRIBUTES.............................128
 5.17 SET_INFORMATION2: SET FILE INFORMATION...........................129
 5.18 QUERY_INFORMATION_DISK: GET DISK ATTRIBUTES......................129
 5.19 TRANS2_OPEN2: CREATE OR OPEN FILE WITH EXTENDED ATTRIBUTES.......130
 5.20 TREE_CONNECT: TREE CONNECT.......................................132
 5.21 UNLOCK_BYTE_RANGE: UNLOCK BYTES..................................132
 5.22 WRITE: WRITE BYTES...............................................133
 5.23 WRITE_AND_UNLOCK: WRITE BYTES AND UNLOCK RANGE...................134
 5.24 WRITE_AND_CLOSE:  WRITE BYTES AND CLOSE FILE.....................135
 5.25 WRITE_MPX: WRITE BLOCK MULTIPLEX.................................136
 5.26 WRITE_PRINT_FILE: WRITE TO PRINT FILE............................138
 5.27 WRITE_RAW: WRITE RAW BYTES.......................................139
6 SMB SYMBOLIC CONSTANTS...............................................142
 6.1 SMB COMMAND CODES.................................................142
 6.2 SMB_COM_TRANSACTION2 SUBCOMMAND CODES.............................144
 6.3 SMB_COM_NT_TRANSACTION SUBCOMMAND CODES...........................145
 6.4 SMB PROTOCOL DIALECT CONSTANTS....................................145
7 ERROR CODES AND CLASSES..............................................146
8 LEGAL NOTICE.........................................................150
9 REFERENCES...........................................................150
10 SECURITY CONSIDERATIONS.............................................151
 10.1 SHARE LEVEL PROTECTION...........................................151
 10.2 PLAINTEXT PASSWORD AUTHENTICATION................................151
 10.3 LANMAN 2.1 (AND EARLIER) CHALLENGE/RESPONSE......................151
  10.3.1 Known Plaintext Attacks.......................................152
  10.3.2 Small Key Space...............................................152
  10.3.3 Chosen Plaintext Attacks......................................152
  10.3.4 Dictionary Attacks............................................152
  10.3.5 Badly Chosen Passwords........................................152
 10.4 NT LM 0.12 CHALLENGE/RESPONSE....................................153
 10.5 OTHER ATTACKS....................................................153
  10.5.1 Hijack connections............................................153
  10.5.2 Downgrade attack..............................................153
  10.5.3 Spoofing by Counterfeit Servers...............................154
  10.5.4 Storing Passwords Safely......................................154
11 AUTHORS' ADDRESSES..................................................154




Leach, Naik       expires September, 1997          [Page 4] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


1  Introduction

This document describes the file and print sharing protocol for a
proposed Common Internet File System (CIFS). CIFS is intended to provide
an open cross-platform mechanism for client systems to request file and
print services from server systems over a network. It is based on the
standard Server Message Block (SMB) protocol widely in use by personal
computers and workstations running a wide variety of operating systems.
An earlier version of this protocol was documented as part of the X/OPEN
(now Open Group) CAE series of standards [7]; this document updates the
specification to include the latest shipping versions, and is published
to allow the creation of implementations that interoperate with those
implementations.

Use of the Internet and the World Wide Web has been characterized by
read-only access. Existing protocols such as FTP are good solutions for
one-way file transfer. However, new read/write interfaces will become
increasingly necessary as the Internet becomes more interactive and
collaborative. Adoption of a common file sharing protocol having modern
semantics such as shared files, byte-range locking, coherent caching,
change notification, replicated storage, etc. would provide important
benefits to the Internet community.


1.1  Summary of features

The protocol supports the following features:

o File access

o File and record locking

o Safe caching, read-ahead, and write-behind

o File change notification

o Protocol version negotiation

o Extended attributes

o Distributed replicated virtual volumes

o Server name resolution independence

o Batched requests

o Unicode file names


1.1.1  File access

The protocol supports the usual set of file operations: open, close,
read, write, and seek.



Leach, Naik       expires September, 1997          [Page 5] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


1.1.2  File and record locking

The protocol supports file and record locking, as well as unlocked
access to files. Applications that lock files can not be improperly
interfered with by applications that do not; once a file or record is
locked, non-locking applications are denied access to the file.


1.1.3  Safe caching, read-ahead, and write-behind

The protocol supports caching, read-ahead, and write-behind, even for
unlocked files, as long as they are safe. All these optimizations are
safe as long as only one client is accessing a file; read-caching and
read-ahead are safe with many clients accessing a file as long as all
are just reading. If many clients are writing a file simultaneously,
then none are safe, and all file operations have to go to the server.
The protocol notifies all clients accessing a file of changes in the
number and access mode of clients accessing the file, so that they can
use the most optimized safe access method.


1.1.4  File change notification

Applications can register with a server to be notified if and when file
or directory contents are modified. They can use this to (for example)
know when a display needs to be refreshed, without having to constantly
poll the server.


1.1.5  Protocol version negotiation

There are several different versions and sub-versions of this protocol;
a particular version is referred to as a dialect.  When two machines
first come into network contact they negotiate the dialect to be used.
Different dialects can include both new messages as well as changes to
the fields and semantics of existing messages in other dialects.


1.1.6  Extended attributes

In addition to many built-in file attributes, such as creation and
modification times, non-file system attributes can be added by
applications, such as the author's name, content description, etc.


1.1.7  Distributed replicated virtual volumes

The protocol supports file system subtrees which look like to clients as
if they are on a single volume and server, but which actually span
multiple volumes and servers. The files and directories of such a
subtree can be physically moved to different servers, and their names do
not have to change, isolating clients from changes in the server
configuration. These subtrees can also be transparently replicated for
load sharing and fault tolerance. When a client requests a file, the

Leach, Naik       expires September, 1997          [Page 6] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


protocol uses referrals to transparently direct a client to the server
that stores it.


1.1.8  Server name resolution independence

The protocol allows clients to resolve server names using any name
resolution mechanism. In particular, it allows using the DNS, permitting
access to the file systems of other organizations over the Internet, or
hierarchical organization of servers' names within an organization.
Earlier versions of the protocol only supported a flat server name
space.


1.1.9  Batched requests

The protocol supports the batching of multiple requests into a single
message, in order to minimize round trip latencies, even when a later
request depends on the results of an earlier one.


2  Protocol Operation Overview

In order to access a file on a server, a client has to:

o Parse the full file name to determine the server name, and the
  relative name within that server.

o Resolve the server name to a transport address (this may be cached)

o Make a connection to the server (if no connection is already
  available)

o Exchange CIFS messages (see below for an example)

This process may be repeated as many times as desired. Once the
connection has been idle for a while, it may be torn down.


2.1  Server Name Determination

How the client determines the name of the server and the relative name
within the server is outside of the scope of this specification.
However, just for expository purposes, here are three examples.

In the URL "file://fs.megacorp.com/users/fred/stuff.txt", the client
could take the part between the leading double slashes and the next
slash as the server name and the remainder as the relative name -- in
this example "fs.megacorp.com" and "/users/fred/stuff.txt",
respectively.

In the path name "\\corpserver\public\policy.doc" the client could take
the part between the leading double backslashes and the next slash as



Leach, Naik       expires September, 1997          [Page 7] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


the server name, and the remainder as the relative name -- in this
example, "corpserver" and "\public\policy.doc" respectively.

In the path name "x:\policy.doc" the client could use "x" as an index
into a table that contains a server name and a file name prefix. If the
contents of such a table for "x" were "corpserver" and "\public", then
the server name and relative name would be the same as in the previous
example.


2.2  Server Name Resolution

Like server name determination, how the client resolves the name to the
transport address of the server is outside the scope of this
specification. All that is required by CIFS is that a CIFS client MUST
have some means to resolve the name of a CIFS server to a transport
address, and that a CIFS server MUST register its name with a name
resolution service known its clients.

Some examples of name resolution mechanisms include: using the Domain
Name System (DNS) [1,2], and using NETBIOS name resolution (see RFC 1001
and RFC 1002 [3,4]). The server name can also be specified as the string
form of an IPv4 address in the usual dotted decimal notation, e.g.,
"157.33.135.101"; in this case, "resolution" consists of converting to
the 32 bit IPv4 address.

Which method is used is configuration dependent; the default SHOULD be
DNS to encourage interoperability over the Internet.

Note: The name resolution mechanism used may place constraints on the
form of the server name; for example, in the case of NETBIOS, the server
name must be 15 characters or less, and be upper case.


2.3  Sample Message Flow

The following illustrates a typical message exchange sequence for a
client connecting to a user level server, opening a file, reading its
data, closing the file, and disconnecting from the server. Note: using
the CIFS request batching mechanism (called the "AndX" mechanism), the
second to sixth messages in this sequence can be combined into one, so
there are really only three round trips in the sequence, and the last
one can be done asynchronously by the client.












Leach, Naik       expires September, 1997          [Page 8] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Client Command             Server Response
 ========================== =========================================

 SMB_COM_NEGOTIATE          Must be the first message sent by client
                            to the server.  Includes a list of SMB
                            dialects supported by the client.  Server
                            response indicates which SMB dialect
                            should be used.
 SMB_COM_SESSION_SETUP_ANDX Transmits the user's name and credentials
                            to the server for verification.
                            Successful server response has Uid field
                            set in SMB header used for subsequent
                            SMBs on behalf of this user.
 SMB_COM_TREE_CONNECT       Transmits the name of the disk share the
                            client wants to access.  Successful
                            server response has Tid field set in SMB
                            header used for subsequent SMBs referring
                            to this resource.
 SMB_COM_OPEN               Transmits the name of the file, relative
                            to Tid, the client wants to open.
                            Successful server response includes a
                            file id (Fid) the client should supply
                            for subsequent operations on this file.
 SMB_COM_READ               Client supplies Tid, Fid, file offset,
                            and number of bytes to read.  Successful
                            server response includes the requested
                            file data.
 SMB_COM_CLOSE              Client closes the file represented by Tid
                            and Fid.  Server responds with success
                            code.
 SMB_COM_TREE_DISCONNECT    Client disconnects from resource
                            represented by Tid.


2.4  Message Format

Clients exchange messages with a server to access resources on that
server.  These messages are called Server Message Blocks (SMBs), and
every SMB message has a common format.


2.4.1  Notation

This specification makes use of "C"-like notation to describe the
formats of messages. Unlike the "C" language, which allows for
implementation flexibility in laying out structures, this specification
adopts the following rules.  Multi-byte values are always transmitted
least significant byte first. All fields, except "bit-fields", are
aligned on the nearest byte boundary (even if longer than a byte), and
there is no implicit padding. Fields using the "bit field" notation are
defined to be laid out within the structure with the first-named field
occupying the lowest order bits, the next named field the next lowest
order bits, and so on.




Leach, Naik       expires September, 1997          [Page 9] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


2.4.2  SMB header


typedef unsigned char UCHAR;          // 8 unsigned bits
typedef unsigned short USHORT;        // 16 unsigned bits
typedef unsigned long ULONG;          // 32 unsigned bits

typedef struct {
    ULONG LowPart;
    LONG HighPart;
} LARGE_INTEGER;                      // 64 bits of data

typedef struct  {
    UCHAR Protocol[4];                // Contains 0xFF,'SMB'
    UCHAR Command;                    // Command code
    union {
        struct {
            UCHAR ErrorClass;         // Error class
            UCHAR Reserved;           // Reserved for future use
            USHORT Error;             // Error code
        } DosError;
        ULONG Status;                 // 32-bit error code
    } Status;
    UCHAR Flags;                      // Flags
    USHORT Flags2;                    // More flags
    union {
        USHORT Pad[6];                // Ensure section is 12 bytes long
        struct {
            USHORT PidHigh;           // High part of PID
            ULONG  Unused;            // Not used
            ULONG  Unused2;
    } Extra;
    };
    USHORT Tid;                       // Tree identifier
    USHORT Pid;                       // Caller's process id
    USHORT Uid;                       // Unauthenticated user id
    USHORT Mid;                       // multiplex id
    UCHAR  WordCount;                 // Count of parameter words
    USHORT ParameterWords[ WordCount ];    // The parameter words
    USHORT ByteCount;                 // Count of bytes
    UCHAR  Buffer[ ByteCount ];       // The bytes
} SMB_HEADER;


All SMBs have identical format up to the ParameterWords fields.
Different SMBs have a different number and interpretation of
ParameterWords and Buffer.  All reserved fields in the SMB header must
be zero.

o Command is the operation code which this SMB is requesting, or
  responding to.

o Status.DosError.ErrorClass and Status.DosError.Error are set by the
  server and combine to give the error code of any failed server
  operation.  If the client is capable of receiving 32 bit error

Leach, Naik       expires September, 1997         [Page 10] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


  returns, the status is returned in Status.Status instead.  When an
  error is returned, the server may choose to return only the header
  portion of the response SMB.

o Flags and Flags2 contain bits which, depending on the negotiated
  protocol dialect, indicate various client capabilities.

o PidHigh is used in the NtCreateAndX request SMB
[The PidHigh field is described in the SNIA CIFS Technical Reference as an extention to the Pid field, to provide for 32-bit Process IDs. There is nothing in the description of the NT_CREATE_ANDX message that suggests a special usage of the PidHigh field in that request. Most likely, the field isn't used at all and should always be zero.]
o Tid identifies the subdirectory, or "tree", on the server which the
  client is accessing.  SMBs which do not reference a particular tree
  should set Tid to 0xFFFF.
[In practice, a value of 0x0000 is used rather than 0xFFFF *except* when sending an SMB_COM_ECHO. The value 0xFFFF is listed as the NULL Tid in several references, including Microsoft's LAN Manager 1.0 documentation.]

[Regarding the Uid: Microsoft's LAN Manager 1.0 documentation states that -2 (0xFFFE, presumably) is a reserved Uid value and should not be used. See page 4 of the Microsoft document. (I have not seen any other reference to this value with respect to the Uid field. --crh)]

o Pid is the caller's process id, and is generated by the client to
  uniquely identify a process within the client computer.

o Mid is reserved for multiplexing multiple messages on a single
  transport connection.  A response message will always contain the
  same value as the corresponding request message. The client MUST not
  have multiple outstanding requests to a server with the same Mid.


2.5  CIFS Protocol Dialect Negotiation

The first message sent from an CIFS client to an CIFS server must be one
whose Command field is SMB_COM_NEGOTIATE.  The format of this client
request includes an array of NULL terminated strings indicating the
dialects of the CIFS protocol which the client supports.  The server
compares this list against the list of dialects the server supports and
returns the index of the chosen dialect in the response message.


2.6  Message Transport

When using a reliable connection oriented transport, the CIFS protocol
makes no higher level attempts to ensure sequenced delivery of messages
between the client and server.  The transport must have some mechanism
to detect failures of either the client or server node, and to deliver
such an indication to the client or server software so they can clean up
state.  When a reliable transport connection from a client terminates,
all work in progress by that client is terminated by the server and all
resources open by that client on the server are closed. Message
transport is done using NETBIOS session service (see section 5.3 of RFC
1001 and section 4.3 of RFC 1002).


2.6.1  Connection Establishment

After the server name has been resolved to an IP address, then a
connection to the server needs to be established if one has not already
been set up. Connection establishment is done using the Call primitive
of the NETBIOS session service, which requires the client to provide a
"calling name" and a "called name". The calling name is not significant
in CIFS, except that an identical name from the same transport address

Leach, Naik       expires September, 1997         [Page 11] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


is assumed to represent the same client; the called name is always
"*SMBSERVER      ". Over TCP, the Call primitive results in a "Session
Request" packet to port 139 (see section 4.3.2 of RFC 1002).


2.6.1.1  Backwards compatability

If a CIFS client wishes to interoperate with older SMB servers, then if
the Call is rejected by the server, it can retry with a new called name.
The choice of the new called name depends on the name resolution
mechanism used. If DNS was used, the called name should be constructed
from the first component of the server's DNS name, truncated to 15
characters if necessary, and then padded to 16 characters with blank (20
hex) characters. If NETBIOS was used, then the called named is just the
NETBIOS name. If these fail, then a NETBIOS "Adapter Status" request may
be made to obtain the server's NETBIOS name, and the connection
establishment retried with that as the called name.


2.6.2  Server-side Connection Procedures

A CIFS server MUST register a NETBIOS Listen that accepts any calling
name on the name "*SMBSERVER     ".

In addition, if it wishes to support older SMB clients, it MAY have a
NETBIOS name and register a Listen on that name.


2.6.3  Connection Management

Once a connection is established, the rules for reliable transport
connection dissolution are:

o If a server receives a transport establishment request from a client
  with which it is already conversing, the server may terminate all
  other transport connections to that client.  This is to recover from
  the situation where the client was suddenly rebooted and was unable
  to cleanly terminate its resource sharing activities with the server.

o A server may drop the transport connection to a client at any time if
  the client is generating malformed or illogical requests.  However,
  wherever possible the server should first return an error code to the
  client indicating the cause of the abort.

o If a server gets a hard error on the transport (such as a send
  failure) the transport connection to that client may be aborted.

o A server may terminate the transport connection when the client has
  no open resources on the server, however, we recommend that the
  termination be performed only after some time has passed or if
  resources are scarce on the server.  This will help performance in
  that the transport connection will not need to be reestablished if
  activity soon begins anew. Client software is expected to be able to
  automatically reconnect to the server if this happens..

Leach, Naik       expires September, 1997         [Page 12] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


2.7  Opportunistic Locks

Network performance can be increased if the client can locally buffer
file data.  For example, the client does not have to write information
into a file on the server if the client knows that no other process is
accessing the data.  Likewise, the client can buffer read-ahead data
from the file if the client knows that no other process is writing the
data.

The mechanism which allows clients to dynamically alter their buffering
strategy in a consistent manner is knows as "opportunistic locks", or
oplocks for short.  Versions of the CIFS file sharing protocol including
and newer than the "LANMAN1.0" dialect support oplocks.

There are three different types of oplocks:

o An exclusive oplock allows a client to open a file for exclusive
  access and allows the client to perform arbitrary buffering

o A batch oplock allows a client to keep a file open on the server even
  though the local accessor on the client machine has closed the file.

o A Level II oplock indicates there are multiple readers of a file, and
  no writers.  Level II oplocks are supported if the negotiated dialect
  is NT LM 0.12 or later.

When a client opens a file, it requests the server to grant it a
particular type of oplock on the file.  The response from the server
indicates the type of oplock granted to the client.  The client uses the
granted oplock type to adjust its buffering policy.

The SMB_COM_LOCKING_ANDX SMB is used to convey oplock break and response
information.


2.7.1  Exclusive Oplocks

If a client is granted an exclusive oplock, it may buffer lock
information, read-ahead data, and write data on the client because the
client knows that it is the only accessor to the file.  The basic
protocol is that the redirector on the client opens the file requesting
that an oplock be given to the client.  If the file is open by anyone
else, then the client is refused the oplock and no local buffering may
be performed on the local client.  This also means that no readahead may
be performed to the file, unless the redirector knows that it has the
read ahead range locked.  If the server grants the exclusive oplock, the
client can perform certain optimizations for the file such as buffering
lock, read, and write data.







Leach, Naik       expires September, 1997         [Page 13] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


The exclusive oplock protocol is:


   Client                       <-> Server

   A               B
   ==============  ===========  === ================================

   Open ("foo")                 ->
                                <-  Open OK.  Exclusive oplock
                                     granted.
                   Open("foo")  ->
                                <-  oplock break to A
   lock(s)                      ->
                                <-  lock(s) response(s)
   write(s)                     ->
                                <-  write(s) response(s)
   close or done                ->
                                <-  open response to B



As can be seen, when client A opens the file, it can request an
exclusive oplock.  Provided no one else has the file open on the server,
then the oplock is granted to client A.  If, at some point in the
future, another client, such as client B, requests an open to the same
file, then the server must have client A break its oplock.  Breaking the
oplock involves client A sending the server any lock or write data that
it has buffered, and then letting the server know that it has
acknowledged that the oplock has been broken.  This synchronization
message informs the server that it is now permissible to allow client B
to complete its open.

Client A must also purge any readahead buffers that it has for the file.
This is not shown in the above diagram since no network traffic is
needed to do this.


2.7.2  Batch Oplocks

Batch oplocks are used where common programs on a client behave in such
a way that causes the amount of network traffic on a wire to go beyond
an acceptable level for the functionality provided by the program.

For example, the command processor executes commands from within a
command procedure by performing the following steps:

  o Opening the command procedure.

  o Seeking to the "next" line in the file.

  o Reading the line from the file.

  o Closing the file.

  o Executing the command.



Leach, Naik       expires September, 1997         [Page 14] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


This process is repeated for each command executed from the command
procedure file.  As is obvious, this type of programming model causes an
inordinate amount of processing of files, thereby creating a lot of
network traffic that could otherwise be curtailed if the program were to
simply open the file, read a line, execute the command, and then read
the next line.

Batch oplocking curtails the amount of network traffic by allowing the
client to skip the extraneous open and close requests.  When the command
processor then asks for the next line in the file, the client can either
ask for the next line from the server, or it may have already read the
data from the file as readahead data.  In either case, the amount of
network traffic from the client is greatly reduced.

If the server receives either a rename or a delete request for the file
that has a batch oplock, it must inform the client that the oplock is to
be broken.  The client can then change to a mode where the file is
repeatedly opened and closed.

The batch oplock protocol is:



   Client                    <->  Server

   A            B
   ===========  ============ ==== ===============================

   Open("foo")               ->
                             <-   Open OK.  Batch oplock granted.
   Read                      ->
                             <-   data
   <close>
   <open>
   <seek>
                             ->   read
                             <-   data
   <close>
                Open("foo")  ->
                             <-   Oplock break to A
   Close                     ->
                             <-   Close OK to A
                             <-   Open OK to B



When client A opens the file, it can request an oplock.  Provided no one
else has the file open on the server, then the oplock is granted to
client A.  Client A, in this case, keeps the file open for its caller
across multiple open/close operations.  Data may be read ahead for the
caller and other optimizations, such as buffering locks, can also be
performed.

When another client requests an open, rename, or delete operation to the
server for the file, however, client A must cleanup its buffered data
and synchronize with the server.  Most of the time this involves
actually closing the file, provided that client A's caller actually


Leach, Naik       expires September, 1997         [Page 15] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


believes that he has closed the file.  Once the file is actually closed,
client B's open request can be completed.


2.7.3  Level II Oplocks

Level II oplocks allow multiple clients to have the same file open,
providing that no client is performing write operations to the file.
This is important for many environments because most compatibility mode
opens from down-level clients map to an open request for shared
read/write access to the file.  While it makes sense to do this, it also
tends to break oplocks for other clients even though neither client
actually intends to write to the file.

The Level II oplock protocol is:



   Client                    <->  Server

   A            B
   ===========  ===========  ==== ====================================

   Open("foo")               ->
                             <-   Open OK.  Exclusive oplock granted.
   Read                      ->
                             <-   data
                Open("foo")  ->
                             <-   Break to Level II oplock to A
   lock(s)                   ->
                             <-   lock(s) response(s)
   done                      ->
                             <-   Open OK.  Oplock II oplock granted
                                   to B


This sequence of events is very much like an exclusive oplock.  The
basic difference is that the server informs the client that it should
break to a level II lock when no one has been writing the file.  That
is, client A, for example, may have opened the file for a desired access
of READ, and a share access of READ/WRITE.  This means, by definition,
that client A will not performed any writes to the file.

When client B opens the file, the server must synchronize with client A
in case client A has any buffered locks.  Once it is synchronized,
client B's open request may be completed.  Client B, however, is
informed that he has a level II oplock, rather than an exclusive oplock
to the file.

In this case, no client that has the file open with a level II oplock
may buffer any lock information on the local client machine.  This
allows the server to guarantee that if any write operation is performed,
it need only notify the level II clients that the lock should be broken
without having to synchronize all of the accessors of the file.

The level II oplock may be broken to none, meaning that some client that
had the file opened has now performed a write operation to the file.


Leach, Naik       expires September, 1997         [Page 16] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


Because no level II client may buffer lock information, the server is in
a consistent state.  The writing client, for example, could not have
written to a locked range, by definition.  Read ahead data may be
buffered in the client machines, however, thereby cutting down on the
amount of network traffic required to the file.  Once the level II
oplock is broken, however, the buffering client must flush its buffers
and degrade to performing all operations on the file across the network.
No oplock break response is expected from a client when the server
breaks a client from level II to none.


2.8  Security Model

Each server makes a set of resources available to clients on the
network.  A resource being shared may be a directory tree, named pipe,
printer, etc.  So far as clients are concerned, the server has no
storage or service dependencies on any other servers; a client considers
the server to be the sole provider of the file (or other resource) being
accessed.

The CIFS protocol requires server authentication of users before file
accesses are allowed, and each server authenticates its own users.  A
client system must send authentication information to the server before
the server will allow access to its resources.

The CIFS protocol defines two methods which can be selected by the
server for security:  share level and user level:


o A share level server makes some directory on a disk device (or other
  resource) available.  An optional password may be required to gain
  access.  Thus any user on the network who knows the name of the
  server, the name of the resource and the password has access to the
  resource.  Share level security servers may use different passwords
  for the same shared resource with different passwords allowing
  different levels of access.


o A user level server makes some directory on a disk device (or other
  resource) available but in addition requires the client to provide a
  user name and corresponding user password to gain access. User level
  servers are preferred over share level servers for any new server
  implementation, since organizations generally find user level servers
  easier to administer as employees come and go. User level servers may 
  use the account name to check access control lists on individual
  files, or may have one access control list that applies to all files
  in the directory.

When a user level server validates the account name and password
presented by the client, an identifier representing that authenticated
instance of the user is returned to the client in the Uid field of the
response SMB.  This Uid must be included in all further requests made on
behalf of the user from that client.  A share level server returns no
useful information in the Uid field.



Leach, Naik       expires September, 1997         [Page 17] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


The user level security model was added after the original dialect of
the CIFS protocol was issued, and subsequently some clients may not be
capable of sending account name and passwords to the server.  A server
in user level security mode communicating with one of these clients will
allow a client to connect to resources even if the client has not sent
account name and password information:

1. If the client's computer name is identical to an account-name known
on the server, and if the password supplied to connect to the shared
resource matches that account's password, an implicit "user logon" will
be performed using those values.

If the above fails, the server may fail the request or assign a default
account name of its choice.

2. The value of Uid in subsequent requests by the client will be ignored
and all access will be validated assuming the account name selected
above.


2.9  Resource Share/Access Example

The following examples illustrate a possible command line user interface
for a server to offer a disk resource, and for a client to connect to
and use that resource.

a) NET SHARE

The NET SHARE command, when executed on the server, specifies a
directory name to be made available to clients on the network.  A share
name must be given, and this name is presented by clients wishing to
access the directory.

  Examples:

     NET SHARE  src=c:\dir1\src  "bonzo"

     assigns password bonzo to all files within directory c:\dir1\src
     and its subdirectories with the share name src being the name used
     to connect to this resource.

  NET SHARE  c=c:\        " "        RO

  NET SHARE  work=c:\work  "flipper"  RW

     offers read-only access to everything on the C drive. Offers read-
     write access to all files within the C:\work directory and its
     subdirectories.

The above example is appropriate for servers operating as a share level
server.  A user level server would not require the permissions or
password, since the combination of the client's account name and
specific access control lists on files is sufficient to govern access.


Leach, Naik       expires September, 1997         [Page 18] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


b) NET USE

Clients can gain access to one or more offered directories via the NET
USE command.  Once the NET USE command is issued the user can access the
files freely without further special requirements.

  Examples:

  1.  NET USE  d: \\Server1\src  "bonzo"

     gains full access to the files and directories on Server1 matching
     the offer defined by the netname src with the password of bonzo.
     The user may now address files on Server1 c:\dir1\src by
     referencing d:. E.g. "type d:srcfile1.c".

  2.  NET USE  e: \\Server1\c

  3.  NET USE  f: \\Server1\work   "flipper"

     Now any read request to any file on that node (drive c) is valid
     (e.g. "type e:\bin\foo.bat").  Read-write requests only succeed to
     files whose pathnames start with f: (e.g. "copy foo f:foo.tmp"
     copies foo to Server1 c:\work\foo.tmp).

For user level servers, the client would not provide a password with the
NET USE command.

The client software must remember the drive identifier supplied with the
NET USE request and associate it with the Tid value returned by the
server in the SMB header.  Subsequent requests using this Tid must
include only the pathname relative to the connected subtree as the
server treats the subtree as the root directory (virtual root).  When
the user references one of the remote drives, the client software looks
through its list of drives for that node and includes the tree id
associated with this drive in the Tid field of each request.

Note that one shares a directory and all files underneath that directory
are then affected.  If a particular file is within the range of multiple
shares, connecting to any of the share ranges gains access to the file
with the permissions specified for the offer named in the NET USE.  The
server will not check for nested directories with more restrictive
permissions.


2.10  Authentication

An CIFS server keeps an encrypted form of a client's password.  To gain
authenticated access to server resources, the server sends a challenge
to the client, which the client responds to in a way that proves it
knows the client's password.

Authentication makes use of DES encryption [5] in block mode.  We denote
the DES encryption function as E(K,D), which accepts a seven byte key
(K) and an eight byte data block (D) and produces an eight byte

Leach, Naik       expires September, 1997         [Page 19] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


encrypted data block as its value.  If the data to be encrypted is
longer than eight bytes, the encryption function is applied to each
block of eight bytes in sequence and the results are appended together.
If the key is longer than seven bytes, the data is first completely
encrypted using the first seven bytes of the key, then the second seven
bytes, etc., appending the results each time.  In other words, to
encrypt the 16 byte quantity D0D1 with the 14 byte key K0K1,

    E(K0K1,D0D1) = E(K0,D0)E(K0,D1)E(K1,D0)E(K1,D1)

The EncryptionKey field in the SMB_COM_NEGPROT response contains an 8
byte challenge denoted below as "C8", chosen to be unique to prevent
replay attacks; the client responds with a 24 byte response denoted
"P24", and computed as described below. (Note: the name "EncryptionKey"
is historical -- it doesn't actually hold an encryption key.)

Clients send the response to the challenge in the SMB_COM_TREE_CONNECT,
SMB_COM_TREE_CONNECT_ANDX, and/or SMB_COM_SESSION_SETUP_ANDX request
which follows the SMB_COM_NEGPROT message exchange.  The server must
validate the response by performing the same computations the client did
to create it, and ensuring the strings match.

If the comparisons fail, the client system may be incapable of
encryption; if so the string may be the user password in clear text.
The server should try to validating the string as though it were the
unencrypted password.

The SMB field used to store the response depends upon the request:

     o Password in SMB_COM_TREE_CONNECT

     o Password in SMB_COM_TREE_CONNECT_ANDX

     o AccountPassword in SMB_COM_SESSION_SETUP_ANDX

(Note: again, the names are historical, and do not reflect this usage.)

The contents of the response to the challenge depends on the CIFS
dialect, as outlined in the following sections:


2.10.1  Pre NT LM 0.12

o The client and server both compute

    P16 = E(P14,S8)

        and

    P24 = E(P21,C8)

where:



Leach, Naik       expires September, 1997         [Page 20] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


  o P14 is a 14 byte string containing the user's password in clear
     text, upper cased, padded with spaces
[The 14 byte string is padded with nul bytes, not spaces.]
  o S8 is an eight byte string whose value is available from Microsoft
     upon request.
[The string is: "KGS!@#$%", or {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25} in hexidecimal.]
  o P21 is a twenty one byte string obtained by appending five null
     bytes to the string P16, just computed

  o C8 is the value of the challenge sent in the EncryptionKey field in
     the SMB_COM_NEGPROT response for this connection.


2.10.2  NT LM 0.12

The client and server both compute

    P16 = MD4(U(PN))

        and

    P24 = E(P21, C8)

where:

  o PN is a string containing the user's password in clear text, case
     sensitive, no maximum length

  o U(x) of an ASCII string "x" is that string converted to Unicode

  o MD4(x) of an octet string "x" is the 16 byte MD4 message digest [6]
     of that string

  o P21 and C8 are as above.


2.11  Distributed Filesystem (DFS) Support

Protocol dialects of NT LM 0.12 and later support distributed filesystem
operations. The distributed filesystem gives a way for this protocol to
use a single consistent file naming scheme which may span a collection
of different servers and shares. The distributed filesystem model
employed is a referral - based model. This protocol specifies the manner
in which clients receive referrals.

The client can set a flag in the request SMB header indicating that the
client wants the server to resolve this SMB's paths within the DFS known
to the server. The server attempts to resolve the requested name to a
file contained within the local directory tree indicated by the TID of
the request and proceeds normally. If the request pathname resolves to a
file on a different system, the server returns the following error:

  STATUS_DFS_PATH_NOT_COVERED - the server does not support the part
  of the DFS namespace needed to resolved the pathname in the request.

Leach, Naik       expires September, 1997         [Page 21] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


  The client should request a referral from this server for further
  information.

A client asks for a referral with the TRANS2_DFS_GET_REFERRAL request
containing the DFS pathname of interest. The response from the server
indicates how the client should proceed.

The method by which the topological knowledge of the DFS is stored and
maintained by the servers is not specified by this protocol.


3  SMB Message Formats and Data Types

This section describes the entire set of SMB commands and responses
exchanged between CIFS clients and servers.  It also details which SMBs
are introduced into the protocol as higher dialect levels are
negotiated.


3.1  SMB Header

While each SMB command has specific encodings, there are some fields in
the SMB header which have meaning to all SMBs.  These fields and
considerations are described in the following sections.


3.1.1  Flags field

This field contains 8 individual flags, numbered from least significant
to most significant, and have the following meanings:


























Leach, Naik       expires September, 1997         [Page 22] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Bit  Meaning                                           Earliest
===  ================================================  Dialect
                                                       ============

 0   When set (returned) from the server in the        LANMAN1.0
     SMB_COM_NEGOTIATE response SMB, this bit
     indicates that the server  supports the "sub
     dialect" consisting of the LockandRead and
     WriteandUnlock protocols defined later in this
     document.
 1   When on (on an SMB request being sent to the
     server), the client guarantees that there is a
     receive buffer posted such that a send without
     acknowledgment can be used by the server to
     respond to the client's request.
 2   Reserved (must be zero).
 3   When on, all pathnames in this SMB must be        LANMAN1.0
     treated as caseless.  When off, the pathnames
     are case sensitive.
 4   When on (in  SMB_COM_SESSION_SETUP_ANDX  defined  LANMAN1.0
     later in this document), all paths sent to the
     server by the client are already canonicalized.
     This means that file/directory names are in
     upper case, are valid characters, . and .. have
     been removed, and single backslashes are used as
     separators.
 5   When on (in  SMB_COM_OPEN, SMB_COM_CREATE and     LANMAN1.0
     SMB_COM_CREATE_NEW), this indicates that the
     client is requesting that the file be
     "opportunistically" locked if this process is
     the only process which has the file open at the
     time of the open request.  If the server
     "grants" this oplock request, then this bit
     should remain set in the corresponding response
     SMB to indicate to the client that the oplock
     request was granted.  See the discussion of
     "oplock" in the sections defining the
     SMB_COM_OPEN_ANDX and SMB_COM_LOCKING_ANDX
     protocols later in this document (this bit has
     the same function as bit 1 of Flags if the
     SMB_COM_OPEN_ANDX SMB).
 6   When on (in core protocols SMB_COM_OPEN_ANDX,     LANMAN1.0
     SMB_COM_CREATE and SMB_COM_CREATE_NEW), this
     indicates that the server should notify the
     client on any action which can modify the file
     (delete, setattrib, rename, etc.) by another
     client.  If not set, the server need only notify
     the client about another open request by a
     different client.  See the discussion of
     "oplock" in the sections defining the
     SMB_COM_OPEN_ANDX  and SMB_COM_LOCKING_ANDX SMBs
     later in this document (this bit has the same
     function as bit 2 of smb_flags of the
     SMB_COM_OPEN_ANDX SMB).  Bit6 only has meaning


Leach, Naik       expires September, 1997         [Page 23] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



     if bit5 is set..
 7   When on, this SMB is being sent from the server   PC NETWORK
     in response to a client request.  The Command     PROGRAM 1.0
     field usually contains the same value in a
     protocol request from the client to the server
     as in the matching response from the server to
     the client.  This bit unambiguously
     distinguishes the command request from the
     command response.


3.1.2  Flags2 Field

This field contains six individual flags, numbered from least
significant bit to most significant bit, which are defined below.  Flags
which not defined must be set to zero.


 Bit  Meaning                                          Earliest
 ===  ===============================================  Dialect
                                                       ============

 0    If set in a request, the server may return long
      components in path names in the response.
 1    If set, the client is aware of extended
      attributes.
 12   If set, any request pathnames in this SMB        NT LM 0.12
      should be resolved in the Distributed File
      System.
 13   If set, indicates that a read will be permitted
      if the client does not have read permission but
      does have execute permission.  This flag is
      only useful on a read request.
 14   If set, specifies that the returned error code   NT LM 0.12
      is a 32 bit error code in Status.Status.
      Otherwise the Status.DosError.ErrorClass and
      Status.DosError.Error fields contain the DOS-
      style error information.  When passing NT
      status codes is negotiated, this flag should be
      set for every SMB.
 15   If set, any fields of datatype STRING in this    NT LM 0.12
      SMB message are encoded as UNICODE.  Otherwise,
      they are in ASCII.


3.1.3  Tid Field

Tid represents an instance of an authenticated connection to a server
resource.  Tid is returned by the server to the client when the client
successfully connects to a resource, and the client uses Tid in
subsequent requests referring to the resource.

If the server is executing in share level security mode, Tid is the only
thing used to allow access to the shared resource. Thus if the user is
able to perform a successful connection to the server specifying the
appropriate netname and passwd (if any) the resource may be accessed



Leach, Naik       expires September, 1997         [Page 24] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


according to the access rights associated with the shared resource (same
for all who gained access this way).

If however the server is executing in user level security mode, access
to the resource is based on the Uid (validated on the
SMB_COM_SESSION_SETUP_ANDX request) and the Tid is NOT associated with
access control but rather merely defines the resource (such as the
shared directory tree).

In most SMB requests, Tid must contain a valid value. Exceptions include
prior to getting a Tid established including SMB_COM_NEGOTIATE,
SMB_COM_TREE_CONNECT, SMB_COM_ECHO, and SMB_COM_SESSION_SETUP_ANDX.
0xFFFF should be used for Tid for these situations.  The server is
always responsible for enforcing use of a valid Tid where appropriate.
[In practice, a value of 0x0000 is often used instead of 0xFFFF. Windows/9x systems will not respond to an SMB_COM_ECHO unless there is a valid TID *or* a TID of 0xFFFF is used.]


3.1.4  Pid Field

Pid uniquely identifies a client process.  Clients inform servers of the
creation of a new process by simply introducing a new Pid value into the
dialogue for new processes.

In the core protocol, the SMB_COM_PROCESS_EXIT SMB was used to indicate
the catastrophic termination of a process on the client.  In the single
tasking DOS system, it was possible for hard errors to occur causing the
destruction of the process with files remaining open.  Thus a
SMB_COM_PROCESS_EXIT SMB was sent for this occurrence to allow the
server to close all files opened by that process.

In the LANMAN 1.0 and newer dialects, no SMB_COM_PROCESS_EXIT SMB is
sent.  The client operating system must ensure that the appropriate
close and cleanup SMBs will be sent when the last process referencing
the file closes it.  From the server's point of view, there is no
concept of FIDs "belonging to" processes.  A FID returned by the server
to one process may be used by any other process using the same transport
connection and Tid.  There is no process creation SMB sent to the
server; it is up to the client to ensure only valid client processes
gain access to Fids (and Tids).  On SMB_COM_TREE_DISCONNECT (or when the
client and server session is terminated) the server will invalidate any
files opened by any process on that client.


3.1.5  Mid Field

Clients using the LANMAN 1.0 and newer dialects will typically be
multitasked and allow multiple asynchronous input/output requests per
task.  Therefore a multiplex ID (Mid) is used along with Pid to allow
multiplexing the single client and server connection among the client's
multiple processes, threads, and requests per thread.

Regardless of negotiated dialect, the server is responsible for ensuring
that every response contains the same Mid and Pid values as its request.
The client may then use the Mid and Pid values for associating requests


Leach, Naik       expires September, 1997         [Page 25] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


and responses and may have up to the negotiated number of requests
outstanding at any time to a particular server.


3.1.6  Status Field

An SMB returns error information to the client in the Status field.
Protocol dialects prior to NT LM 0.12 return status to the client using
the combination of Status.DosError.ErrorClass and Status.DosError.Error.
Beginning with NT LM 0.12 CIFS servers can return 32 bit error
information to clients using Status.Status if the incoming client SMB
has bit 14 set in the Flags2 field of the SMB header. The contents of
response parameters is not guaranteed in the case of an error return,
and must be ignored.  For write behind activity, a subsequent write or
close of the file may return the fact that a previous write failed.
Normally write behind failures are limited to hard disk errors and
device out of space.


3.1.7  Timeouts

In general, SMBs are not expected to block at the server; they should
return "immediately".  But some SMB requests do indicate timeout periods
for the completion of the request on the server.  If a server
implementation can not support timeouts, then an error can be returned
just as if a timeout had occurred if the resource is not available
immediately upon request.


3.1.8  Data Buffer (BUFFER) and String Formats

The data portion of SMBs typically contains the data to be read or
written, file paths, or directory paths.  The format of the data portion
depends on the message.  All fields in the data portion have the same
format.  In every case it consists of an identifier byte followed by the
data.




           Identifier       Description               Value
           ===============  ========================= =====

           Data Block       See Below                 1
           Dialect          Null terminated String    2
           Pathname         Null terminated String    3
           ASCII            Null terminated String    4
           Variable block   See Below                 5



When the identifier indicates a data block or variable block then the
format is a word indicating the length followed by the data.

In all dialects prior to NT LM 0.12, all strings are encoded in ASCII.
If the agreed dialect is NT LM 0.12 or later, Unicode strings may be


Leach, Naik       expires September, 1997         [Page 26] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


exchanged. Unicode strings include file names, resource names, and user
names.  This applies to null-terminated strings, length specified
strings and the type-prefixed strings.  In all cases where a string is
passed in Unicode format, the Unicode string must be word-aligned with
respect to the beginning of the SMB.  Should the string not naturally
fall on a two-byte boundary, a null byte of padding will be inserted,
and the Unicode string will begin at the next address.  In the
description of the SMBs, items that may be encoded in Unicode or ASCII
are labeled as STRING.  If the encoding is ASCII, even if the negotiated
string is Unicode, the quantity is labeled as UCHAR.

For type-prefixed Unicode strings, the padding byte is found after the
type byte.  The type byte is 4 (indicating SMB_FORMAT_ASCII) independent
of whether the string is ASCII or Unicode. For strings whose start
addresses are found using offsets within the fixed part of the SMB (as
opposed to simply being found at the byte following the preceding
field,) it is guaranteed that the offset will be properly aligned.

Strings that are never passed in Unicode are:

  o The protocol strings in the Negotiate SMB request.

  o The service name string in the Tree Connect And X SMB.

When Unicode is negotiated, bit 15 should be set in the Flags2 field of
every SMB header.

Despite the flexible encoding scheme, no field of a data portion may be
omitted or included out of order.  In addition, neither an WordCount nor
ByteCount of value 0 at the end of a message may be omitted.


3.2  File Names

File names in the CIFS protocol consist of components separated by a
backslash ('\').  Early clients of the CIFS protocol required that the
name components adhere to an 8.3 format name.  These names consist of
two parts:  a basename of no more than 8 characters, and an extension of
no more than 3 characters.  The basename and extension are separated by
a '.'.  All characters are legal in the basename and extension except
the space character (0x20) and:

     " . / \[]:+|<>=;,*?

If the client has indicated long name support by setting bit2 in the
Flags2 field of the SMB header, this indicates that the client is not
bound by the 8.3 convention.  Specifically this indicates that any SMB
which returns file names to the client may return names which do not
adhere to the 8.3 convention, and have a total length of up to 255
characters.  This capability was introduced with the LM1.2X002 protocol
dialect.




Leach, Naik       expires September, 1997         [Page 27] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


3.3  Wildcards

Some SMB requests allow wildcards to be given for the filename.  The
wildcard allows a number of files to be operated on as a unit without
having to separately enumerate the files and individually operate on
each one from the client.

If the client is using 8.3 names, each part of the name ( base (8) or
extension (3) ) is treated separately.  For long filenames the . in the
name is significant even though there is no longer a restriction on the
size of each of the components.

The ? character is a wild card for a single character. If a filename
part commences with one or more "?"s then exactly that number of
characters will be matched by the wildcards, e.g., "??x" equals "abx"
but not "abcx" or "ax".  When a filename part has trailing "?"s then it
matches the specified number of characters or less, e.g., "x??" matches
"xab", "xa" and "x", but not "xabc".  If only "?"s are present in the
filename part, then it is handled as for trailing "?"s

The * character matches an entire part of the name, as does an empty
specification for that part.  A part consisting of * means that the rest
of the component should be filled with ? and the search should be
performed with this wildcard character.  For example, "*.abc" or ".abc"
match any file with an extension of "abc".  "*.*", "*" or "null" match
all files in a directory.

If the negotiated dialect is "NT LM 0.12" or later, and the client
requires MS-DOS wildcard matching semantics,  UNICODE wildcards should
be translated according to the following rules:

    Translate the ? literal to >

    Translate the . literal to " if it is followed by a ? or a *

    Translate the * literal to < if it is followed by a .

The translation can be performed in-place.


3.4  DFS Pathnames

A DFS pathname adheres to the standard described in the FileNames
section.  A DFS enabled client accessing a DFS share should set the
Flags2 bit 12 in all name based SMB requests indicating to the server
that the enclosed pathname should be resolved in the Distributed File
System namespace. The pathname should always have the full file name,
including the server name and share name. If the server can resolve the
DFS name to a piece of local storage, the local storage will be
accessed. If the server determines that the DFS name actually maps to a
different server share, the access to the name will fail with the 32 bit
status STATUS_PATH_NOT_COVERED (0xC0000257), or DOS error
ERRsrv/ERRbadpath.


Leach, Naik       expires September, 1997         [Page 28] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


On receiving this error, the DFS enabled client should ask the server
for a referral (see TRANS2_GET_DFS_REFERRAL). The referral request
should contain the full file name.

The response to the request will contain a list of server and share
names to try, and the part of the request file name that junctions to
the list of server shares. If the ServerType field of the referral is
set to 1 (SMB server), then the client should resubmit the request with
the original file name to one of the server shares in the list, once
again setting the Flags2 bit 12 bit in the SMB. If the ServerType field
is not 1, then the client should strip off the part of the file name
that junctions to the server share before resubmitting the request to
one of servers in the list.

A response to a referral request may elicit a response that does not
have the StorageServers bit set. In that case, the client should
resubmit the referral request to one of the servers in the list, until
it finally obtains a referral response that has the StorageServers bit
set, at which point the client can resubmit the request SMB to one of
the listed server shares.

If, after getting a referral with the StorageServers bit set and
resubmitting the request to one of the server shares in the list, the
server fails the request with STATUS_PATH_NOT_COVERED, it must be the
case that there is an inconsistency between the view of the DFS
namespace held by the server granting the referral and the server listed
in that referral. In this case, the client may inform the server
granting the referral of this inconsistency via the
TRANS2_REPORT_DFS_INCONSISTENCY SMB.


3.5  Time And Date Encoding

When SMB requests or responses encode time values, the following
describes the various encodings used.

struct {
        USHORT Day : 5;
        USHORT Month : 4;
        USHORT Year : 7;
} SMB_DATE;



The Year field has a range of 0-119, which represents years 1980 - 2099.
The Month is encoded as 1-12, and the day ranges from 1-31

struct {
        USHORT TwoSeconds : 5;
        USHORT Minutes : 6;
        USHORT Hours : 5;
} SMB_TIME;



Leach, Naik       expires September, 1997         [Page 29] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


Hours ranges from 0-23, Minutes range from 0-59, and TwoSeconds ranges
from 0-29 representing two second increments within the minute.

typedef struct {
    ULONG LowTime;
    LONG HighTime;
} TIME;



TIME indicates a signed 64-bit integer representing either an absolute
time or a time interval.  Times are specified in units of 100ns.  A
positive value expresses an absolute time, where the base time (the 64-
bit integer with value 0) is the beginning of the year 1601 AD in the
Gregorian calendar.  A negative value expresses a time interval relative
to some base time, usually the current time.

typedef unsigned long UTIME;

UTIME is the number of seconds since Jan 1, 1970, 00:00:00.0.


3.6  Access Mode Encoding

Various client requests and server responses, such as SMB_COM_OPEN, pass
file access modes encoded into a USHORT.  The encoding of these is as
follows:

    1111 11
    5432 1098 7654 3210
    rWrC rLLL rSSS rAAA

 where:

    W - Write through mode.  No read ahead or write behind allowed on
        this file or device.  When the response is returned, data is
        expected to be on the disk or device.

    S - Sharing mode:
        0 - Compatibility mode
        1 - Deny read/write/execute (exclusive)
        2 - Deny write
        3 - Deny read/execute
        4 - Deny none

    A - Access mode
        0 - Open for reading
        1 - Open for writing
        2 - Open for reading and writing
        3 - Open for execute

    rSSSrAAA = 11111111 (hex FF) indicates FCB open (???)



Leach, Naik       expires September, 1997         [Page 30] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


    C - Cache mode
        0 - Normal file
        1 - Do not cache this file

    L - Locality of reference
        0 - Locality of reference is unknown
        1 - Mainly sequential access
        2 - Mainly random access
        3 - Random access with some locality
        4 to 7 - Currently undefined


3.7  Access Mask Encoding

typedef ULONG ACCESS_MASK;



The ACCESS_MASK structure is one 32 bit value containing standard,
specific, and generic rights. These rights are used in access-control
entries (ACEs) and are the primary means of specifying the requested or
granted access to an object.

The bits in this value are allocated as follows:


  Bits      Meaning
  0         Specific rights. Contains the access mask specific to the
  through   object type associated with the mask.
  15
  16        Standard rights. Contains the object's standard access rights
  through   and can be a combination of the following predefined flags:
  23


  Bit   Flag          Meaning


  16    DELETE        Delete access
  17    READ_CONTROL  Read access to the owner, group, and
                       discretionary access-control list (ACL) of the
                       security descriptor
  18    WRITE_DAC     Write access to the discretionary access-
                       control list (ACL)
  19    WRITE_OWNER   Write access to owner
  20    SYNCHRONIZE   Windows NT: Synchronize access


  Bits      Meaning









Leach, Naik       expires September, 1997         [Page 31] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



  24        Access system security (ACCESS_SYSTEM_SECURITY). This flag is
            not a typical access type. It is used to indicate access to a
            system ACL. This type of access requires the calling process
            to have a specific privilege.
  25        Maximum allowed (MAXIMUM_ALLOWED)
  26        Reserved
  through
  27
  28        Generic all (GENERIC_ALL)
  29        Generic execute (GENERIC_EXECUTE)
  30        Generic write (GENERIC_WRITE)
  31        Generic read (GENERIC_READ)

3.8  Open Function Encoding

OpenFunction specifies the action to be taken depending on whether or
not the file exists.  This word has the following format:

bits:

    1111 11
    5432 1098 7654 3210
    rrrr rrrr rrrC rrOO

where:

    C - Create (action to be taken if file does not exist).
    0 -- Fail.
    1 -- Create file.

    r - reserved (must be zero).

    O - Open (action to be taken if file exists).
    0 - Fail.
    1 - Open file.
    2 - Truncate file.


3.9  Open Action Encoding

Action in the response to an open or create request describes the action
taken as a result of the request.  It has the following format:

bits:

    1111 11
    5432 1098 7654 3210
    Lrrr rrrr rrrr rrOO

where:

    L - Lock (single user total file lock status).
    0 -- file opened by another user (or mode not supported by server).
    1 -- file is opened only by this user at the present  time.

Leach, Naik       expires September, 1997         [Page 32] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


    r - reserved (must be zero).

    O - Open (action taken on Open).
    1 - The file existed and was opened.
    2 - The file did not exist but was created.
    3 - The file existed and was truncated.


3.10  File Attribute Encoding

When SMB messages exchange file attribute information, it is encoded in
16 bits as:


   Value   Description
   ======= =====================

   0x01    Read only file
   0x02    Hidden file
   0x04    System file
   0x08    Volume
   0x10    Directory
   0x20    Archive file
   others  Reserved - must be 0




3.11  Extended File Attribute Encoding

The extended file attributes is a 32 bit value composed of attributes
and flags.


























Leach, Naik       expires September, 1997         [Page 33] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


Any combination of the following attributes is acceptable, except all
other file attributes override FILE_ATTR_NORMAL:


Name             Value Meaning
====             ===== =======
ATTR_ARCHIVE     0x020 The file has not been archived since it was
                       last modified. Applications use this
                       attribute to mark files for backup or
                       removal.
ATTR_COMPRESSED  0x800 The file or directory is compressed. For a
                       file, this means that all of the data in the
                       file is compressed. For a directory, this
                       means that compression is the default for
                       newly created files and subdirectories.
ATTR_NORMAL      0x080 The file has no other attributes set. This
                       attribute is valid only if used alone.
ATTR_HIDDEN      0x002 The file is hidden. It is not to be included
                       in an ordinary directory listing.
ATTR_READONLY    0x001 The file is read only. Applications can read
                       the file but cannot write to it or delete it.
ATTR_TEMPORARY   0x100 The file is temporary
ATTR_DIRECTORY   0x010 The file is a directory
ATTR_SYSTEM      0x004 The file is part of or is used exclusively by
                       the operating system.































Leach, Naik       expires September, 1997         [Page 34] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


Any combination of the following flags is acceptable:


Name             Value      Meaning
====             =====      =======
WRITE_THROUGH    0x80000000 Instructs the operating system to write
                             through any intermediate cache and go
                             directly to the file. The operating
                             system can still cache write
                             operations, but cannot lazily flush
                             them.
NO_BUFFERING     0x20000000 Requests the server to open the file
                             with no intermediate buffering or
                             caching; the server is not obliged to
                             honor the request. An application must
                             meet certain requirements when working
                             with files opened with
                             FILE_FLAG_NO_BUFFERING. File access
                             must begin at offsets within the file
                             that are integer multiples of the
                             volume's sector size; and must be for
                             numbers of bytes that are integer
                             multiples of the volume's sector size.
                             For example, if the sector size is 512
                             bytes, an application can request reads
                             and writes of 512, 1024, or 2048 bytes,
                             but not of 335, 981, or 7171 bytes.
RANDOM_ACCESS    0x10000000 Indicates that the application intends
                             to access the file randomly. The server
                             MAY use this flag to optimize file
                             caching.
SEQUENTIAL_SCAN  0x08000000 Indicates that the file is to be
                             accessed sequentially from beginning to
                             end. Windows uses this flag to optimize
                             file caching. If an application moves
                             the file pointer for random access,
                             optimum caching may not occur; however,
                             correct operation is still guaranteed.
                             Specifying this flag can increase
                             performance for applications that read
                             large files using sequential access.
                             Performance gains can be even more
                             noticeable for applications that read
                             large files mostly sequentially, but
                             occasionally skip over small ranges of
                             bytes.
DELETE_ON_CLOSE  0x04000000 Requests that the server is delete the
                             file immediately after all of its
                             handles have been closed.
BACKUP_SEMANTICS 0x02000000 Indicates that the file is being opened
                             or created for a backup or restore
                             operation. The server SHOULD allow the
                             client to override normal file security
                             checks, provided it has the necessary
                             permission to do so.

Leach, Naik       expires September, 1997         [Page 35] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



POSIX_SEMANTICS  0x01000000 Indicates that the file is to be
                             accessed according to POSIX rules. This
                             includes allowing multiple files with
                             names differing only in case, for file
                             systems that support such naming. (Use
                             care when using this option because
                             files created with this flag may not be
                             accessible by applications written for
                             MS-DOS, Windows 3.x, or Windows NT.)



3.12  Batching Requests ("AndX" Messages)

LANMAN1.0 and later dialects of the CIFS protocol allow multiple SMB
requests to be sent in one message to the server.  Messages of this type
are called AndX SMBs, and they obey the following rules:

o The embedded command does not repeat the SMB header information.
  Rather the next SMB starts at the WordCount field.

o All multiple (chained) requests must fit within the negotiated
  transmit size.  For example, if SMB_COM_TREE_CONNECT_ANDX included
  OPENandX SMB_COM_OPEN_ANDX which included SMB_COM_WRITE were sent,
  they would all have to fit within the negotiated buffer size.  This
  would limit the size of the write.

o There is one message sent containing the chained requests and there
  is one response message to the chained requests.  The server may NOT
  elect to send separate responses to each of the chained requests.

o All chained responses must fit within the negotiated transmit size.
  This limits the maximum value on an embedded SMB_COM_READ for
  example.  It is the client's responsibility to not request more bytes
  than will fit within the multiple response.

o The server will implicitly use the result of the first command in the
  "X" command.  For example the Tid obtained via
  SMB_COM_TREE_CONNECT_ANDX would be used in the embedded
  SMB_COM_OPEN_ANDX and the Fid obtained in the SMB_COM_OPEN_ANDX would
  be used in the embedded SMB_COM_READ.

o Each chained request can only reference the same Fid and Tid as the
  other commands in the combined request.  The chained requests can be
  thought of as performing a single (multi-part) operation on the same
  resource.

o The first Command to encounter an error will stop all further
  processing of embedded commands.  The server will not back out
  commands that succeeded.  Thus if a chained request contained
  SMB_COM_OPEN_ANDX and SMB_COM_READ and the server was able to open
  the file successfully but the read encountered an error, the file
  would remain open.  This is exactly the same as if the requests had
  been sent separately.

Leach, Naik       expires September, 1997         [Page 36] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


o If an error occurs while processing chained requests, the last
  response (of the chained responses in the buffer) will be the one
  which encountered the error.  Other unprocessed chained requests will
  have been ignored when the server encountered the error and will not
  be represented in the chained response.  Actually the last valid
  AndXCommand (if any) will represent the SMB on which the error
  occurred.  If no valid AndXCommand is present, then the error
  occurred on the first request/response and Command contains the
  command which failed.  In all cases the error information are
  returned in the SMB header at the start of the response buffer.

o Each chained request and response contains the offset (from the start
  of the SMB header) to the next chained request/response (in the
  AndXOffset field in the various "and X" protocols defined later e.g.
  SMB_COM_OPEN_ANDX).  This allows building the requests unpacked.
  There may be space between the end of the previous request (as
  defined by WordCount and ByteCount) and the start of the next chained
  request.  This simplifies the building of chained protocol requests.
  Note that because the client must know the size of the data being
  returned in order to post the correct number of receives (e.g.
  SMB_COM_TRANSACTION, SMB_COM_READ_MPX), the data in each response SMB
  is expected to be truncated to the maximum number of 512 byte blocks
  (sectors) which will fit (starting at a 32 bit boundary) in the
  negotiated buffer size with the odd bytes remaining (if any) in the
  final buffer.


3.13  "Transaction" Style Subprotocols

SMB_COM_TRANSACTION performs a symbolically named transaction.  This
transaction is known only by a name (no file handle used).
SMB_COM_TRANSACTION2 likewise performs a transaction, but a word
parameter is used to identify the transaction instead of a name.
SMB_COM_NT_TRANSACTION is used for commands that potentially need to
transfer a large amount of data (greater than 64K bytes).




















Leach, Naik       expires September, 1997         [Page 37] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


3.13.1  SMB_COM_TRANSACTION and SMB_COM_TRANSACTION2 Formats


 Primary Client Request           Description
 ===============================  ====================================

 Command                          SMB_COM_TRANSACTION or
                                  SMB_COM_TRANSACTION2
 UCHAR WordCount;                 Count of parameter words;   value =
                                  (14 + SetupCount)
 USHORT TotalParameterCount;      Total parameter bytes being sent
 USHORT TotalDataCount;           Total data bytes being sent
 USHORT MaxParameterCount;        Max parameter bytes to return
 USHORT MaxDataCount;             Max data bytes to return
 UCHAR MaxSetupCount;             Max setup words to return
 UCHAR Reserved;
 USHORT Flags;                    Additional information:
                                  bit 0 - also disconnect TID in TID
                                  bit 1 - one-way transaction (no
                                  response)
 ULONG Timeout;
 USHORT Reserved2;
 USHORT ParameterCount;           Parameter bytes sent this buffer
 USHORT ParameterOffset;          Offset (from header start) to
                                  Parameters
 USHORT DataCount;                Data bytes sent this buffer
 USHORT DataOffset;               Offset (from header start) to data
 UCHAR SetupCount;                Count of setup words
 UCHAR Reserved3;                 Reserved (pad above to word)
 USHORT Setup[SetupCount];        Setup words (# = SetupWordCount)
 USHORT ByteCount;                Count of data bytes
 STRING Name[];                   Name of transaction (NULL if
                                  SMB_COM_TRANSACTION2)
 UCHAR Pad[];                     Pad to SHORT or LONG
 UCHAR Parameters[                Parameter bytes (# = ParameterCount)
 ParameterCount];
 UCHAR Pad1[];                    Pad to SHORT or LONG
 UCHAR Data[ DataCount ];         Data bytes (# = DataCount)



 Interim Server Response          Description
 ===============================  ====================================

 UCHAR WordCount;                 Count of parameter words = 0
 USHORT ByteCount;                Count of data bytes = 0













Leach, Naik       expires September, 1997         [Page 38] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Secondary Client Request         Description
 ===============================  ====================================

 Command                          SMB_COM_TRANSACTION_SECONDARY

 UCHAR WordCount;                 Count of parameter words = 8
 USHORT TotalParameterCount;      Total parameter bytes being sent
 USHORT TotalDataCount;           Total data bytes being sent
 USHORT ParameterCount;           Parameter bytes sent this buffer
 USHORT ParameterOffset;          Offset (from header start) to
                                  Parameters
 USHORT ParameterDisplacement;    Displacement of these Parameter
                                  bytes
 USHORT DataCount;                Data bytes sent this buffer
 USHORT DataOffset;               Offset (from header start) to data
 USHORT DataDisplacement;         Displacement of these data bytes
 USHORT Fid;                      FID for handle based requests, else
                                  0xFFFF.  This field is present only
                                  if this is an SMB_COM_TRANSACTION2
                                  request.
 USHORT ByteCount;                Count of data bytes
 UCHAR Pad[];                     Pad to SHORT or LONG
 UCHAR                            Parameter bytes (# = ParameterCount)
 Parameters[ParameterCount];
 UCHAR Pad1[];                    Pad to SHORT or LONG
 UCHAR Data[DataCount];           Data bytes (# = DataCount)


[It was pointed out (by VL) that the addition of the Fid field in the SMB_COM_TRANSACTION2_SECONDARY request increases the WordCount from 8 to 9.]




























Leach, Naik       expires September, 1997         [Page 39] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Server Response                  Description
 ===============================  ====================================

 UCHAR WordCount;                 Count of data bytes; value = 10 +
                                  SETUPCOUNT
 USHORT TotalParameterCount;      Total parameter bytes being sent
 USHORT TotalDataCount;           Total data bytes being sent
 USHORT Reserved;
 USHORT ParameterCount;           Parameter bytes sent this buffer
 USHORT ParameterOffset;          Offset (from header start) to
                                  Parameters
 USHORT ParameterDisplacement;    Displacement of these Parameter
                                  bytes
 USHORT DataCount;                Data bytes sent this buffer
 USHORT DataOffset;               Offset (from header start) to data
 USHORT DataDisplacement;         Displacement of these data bytes
 UCHAR SetupCount;                Count of setup words
 UCHAR Reserved2;                 Reserved (pad above to word)
 USHORT Setup[SetupWordCount];    Setup words (# = SetupWordCount)
 USHORT ByteCount;                Count of data bytes
 UCHAR Pad[];                     Pad to SHORT or LONG
 UCHAR                            Parameter bytes (# = ParameterCount)
 Parameters[ParameterCount];
 UCHAR Pad1[];                    Pad to SHORT or LONG
 UCHAR Data[DataCount];           Data bytes (# = DataCount)


3.13.2  SMB_COM_NT_TRANSACTION Formats


 Primary Client Request           Description
 ===============================  ====================================

 UCHAR WordCount;                 Count of parameter words;   value =
                                  (19 + SetupCount)
 UCHAR MaxSetupCount;             Max setup words to return
 USHORT Reserved;
 ULONG TotalParameterCount;       Total parameter bytes being sent
 ULONG TotalDataCount;            Total data bytes being sent
 ULONG MaxParameterCount;         Max parameter bytes to return
 ULONG MaxDataCount;              Max data bytes to return
 ULONG ParameterCount;            Parameter bytes sent this buffer
 ULONG ParameterOffset;           Offset (from header start) to
                                  Parameters
 ULONG DataCount;                 Data bytes sent this buffer
 ULONG DataOffset;                Offset (from header start) to data
 UCHAR SetupCount;                Count of setup words
 USHORT Function;                 The transaction function code
 UCHAR Buffer[1];
 USHORT Setup[SetupWordCount];    Setup words
 USHORT ByteCount;                Count of data bytes
 UCHAR Pad1[];                    Pad to LONG
 UCHAR                            Parameter bytes
 Parameters[ParameterCount];
 UCHAR Pad2[];                    Pad to LONG
 UCHAR Data[DataCount];   Data
 bytes


Leach, Naik       expires September, 1997         [Page 40] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97





 Interim Server Response          Description
 ===============================  ====================================

 UCHAR WordCount;                 Count of parameter words = 0
 USHORT ByteCount;                Count of data bytes = 0



 Secondary Client Request         Description
 ===============================  ====================================

 UCHAR WordCount;                 Count of parameter words = 18
 UCHAR Reserved[3];               MBZ
 ULONG TotalParameterCount;       Total parameter bytes being sent
 ULONG TotalDataCount;            Total data bytes being sent
 ULONG ParameterCount;            Parameter bytes sent this buffer
 ULONG ParameterOffset;           Offset (from header start) to
                                  Parameters
 ULONG ParameterDisplacement;     Specifies the offset from the start
                                  of the overall parameter block to
                                  the parameter bytes that are
                                  contained in this message
 ULONG DataCount;                 Data bytes sent this buffer
 ULONG DataOffset;                Offset (from header start) to data
 ULONG DataDisplacement;          Specifies the offset from the start
                                  of the overall data block to the
                                  data bytes that are contained in
                                  this message.
 UCHAR Reserved1;
 USHORT ByteCount;                Count of data bytes
 UCHAR Pad1[];                    Pad to LONG
 UCHAR                            Parameter bytes
 Parameters[ParameterCount];
 UCHAR Pad2[];                    Pad to LONG
 UCHAR Data[DataCount];           Data bytes





















Leach, Naik       expires September, 1997         [Page 41] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Server Response                  Description
 ===============================  ====================================

 UCHAR WordCount;                 Count of data bytes;  value = 18 +
                                  SetupCount
 UCHAR Reserved[3];
 ULONG TotalParameterCount;       Total parameter bytes being sent
 ULONG TotalDataCount;            Total data bytes being sent
 ULONG ParameterCount;            Parameter bytes sent this buffer
 ULONG ParameterOffset;           Offset (from header start) to
                                  Parameters
 ULONG ParameterDisplacement;     Specifies the offset from the start
                                  of the overall parameter block to
                                  the parameter bytes that are
                                  contained in this message
 ULONG DataCount;                 Data bytes sent this buffer
 ULONG DataOffset;                Offset (from header start) to data
 ULONG DataDisplacement;          Specifies the offset from the start
                                  of the overall data block to the
                                  data bytes that are contained in
                                  this message.
 UCHAR SetupCount;                Count of setup words
 USHORT Setup[SetupWordCount];    Setup words
 USHORT ByteCount;                Count of data bytes
 UCHAR Pad1[];                    Pad to LONG
 UCHAR                            Parameter bytes
 Parameters[ParameterCount];
 UCHAR Pad2[];                    Pad to SHORT or LONG
 UCHAR Data[DataCount];           Data bytes


3.13.3  Functional Description

The SMB_COM_TRANSACTION command's scope includes named pipes and
mailslots.  Where the resource is unidirectional (such as class 2 writes
to mailslots), bit1 of Flags in the request can be set indicating that
no response is needed.  The other transactions accommodate IOCTL
requests and file system requests which require the transfer of an
extended attribute list.

The transaction Setup information and/or Parameters define functions
specific to a particular resource on a particular server.  Therefore the
functions supported are not defined by the protocol, but by client and
server implementations.  The transaction protocol simply provides a
means of delivering them and retrieving the results.

The number of bytes needed in order to perform the transaction request
may be more than will fit in a single buffer.

At the time of the request, the client knows the number of parameter and
data bytes expected to be sent and passes this information to the server
via the primary request (TotalParameterCount and TotalDataCount).  This
may be reduced by lowering the total number of bytes expected
(TotalParameterCount and TotalDataCount) in each (if any) secondary
request.


Leach, Naik       expires September, 1997         [Page 42] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


When the amount of parameter bytes received (total of each
ParameterCount) equals the total amount of parameter bytes expected
(smallest TotalParameterCount) received, then the server has received
all the parameter bytes.

Likewise, when the amount of data bytes received (total of each
DataCount) equals the total amount of data bytes expected (smallest
TotalDataCount) received, then the server has received all the data
bytes.

The parameter bytes should normally be sent first followed by the data
bytes.  However, the server knows where each begins and ends in each
buffer by the offset fields (ParameterOffset and DataOffset) and the
length fields (ParameterCount and DataCount).  The displacement of the
bytes (relative to start of each) is also known (ParameterDisplacement
and DataDisplacement).  Thus the server is able to reassemble the
parameter and data bytes should the individual requests be received out
of sequence.

If all parameter bytes and data bytes fit into a single buffer, then no
interim response is expected and no secondary request is sent.

The client knows the maximum amount of data bytes and parameter bytes
which the server may return (from MaxParameterCount and MaxDataCount of
the request).  Thus the client initializes its bytes expected variables
to these values.  The server then informs the client of the actual
amounts being returned via each message of the server response
(TotalParameterCount and TotalDataCount).  The server may reduce the
expected bytes by lowering the total number of bytes expected
(TotalParameterCount and/or TotalDataCount) in each (any) response.

When the amount of parameter bytes received (total of each
ParameterCount) equals the total amount of parameter bytes expected
(smallest TotalParameterCount) received, then the client has received
all the parameter bytes.

Likewise, when the amount of data bytes received (total of each
DataCount) equals the total amount of data bytes expected (smallest
TotalDataCount) received, then the client has received all the data
bytes.

The parameter bytes should normally be returned first followed by the
data bytes.  However, the client knows where each begins and ends in
each buffer by the offset fields (ParameterOffset and DataOffset) and
the length fields (ParameterCount and DataCount).  The displacement of
the bytes (relative to start of each) is also known
(ParameterDisplacement and DataDisplacement).  The client is able to
reassemble the parameter and data bytes should the server responses be
received out of sequence.

If a connectionless transport is being used, the transaction requests
must be properly sequenced in the Connectionless.SequenceNumber SMB
header field.  The Mid of any secondary client requests must match the
Mid of the primary client request.  The server responds to each request

Leach, Naik       expires September, 1997         [Page 43] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


piece except the last one with a response indicating that the server is
ready for the next piece.  The last piece is responded to with the first
piece of the result data.  The client then sends an
SMB_COM_TRANSACTION_SECONDARY SMB with ParameterDisplacement set to the
number of parameter bytes received so far and DataDisplacement set to
the number of data bytes received so far and ParameterCount,
ParameterOffset, DataCount, and DataOffset set to zero (0).  The server
responds with the next piece of the transaction result.  The process is
repeated until all of the response information has been received.  When
the transaction has been completed, the client must send another
sequenced command (such as an SMB_COM_ECHO) to the server to allow the
server to know that the final piece was received and that resources
allocated to the transaction command may be released.

The flow for these transactions over a connection oriented transport is:

1.     The client sends the primary client request identifying the total
bytes (both parameters and data) which are expected to be sent and
contains the set up words and as many of the parameter and data bytes
as will fit in a negotiated size buffer.  This request also identifies
the maximum number of bytes (setup, parameters and data) the server is
to return on the transaction completion.  If all the bytes fit in the
single buffer, skip to step 4.

2.     The server responds with a single interim response meaning "OK, send
the remainder of the bytes" or (if error response) terminate the
transaction.

3.     The client then sends another buffer full of bytes to the server.
This step is repeated until all of the bytes are sent and received.

4.     The Server sets up and performs the transaction with the information
provided.

5.     Upon completion of the transaction, the server sends back (up to)
the number of parameter and data bytes requested (or as many as will
fit in the negotiated buffer size).  This step is repeated until all
result bytes have been returned.

The flow for the transaction protocol when the request parameters and
data do not all fit in a single buffer is:














Leach, Naik       expires September, 1997         [Page 44] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Client                           <->  Server
 ===============================  ==== ==============================

 Primary TRANSACTION request      ->
                                  <-   Interim Server Response
 Secondary TRANSACTION request 1  ->
 Secondary TRANSACTION request 2  ->
 Secondary TRANSACTION request N  ->
                                  <-   TRANSACTION response 1
                                  <-   TRANSACTION response 2
                                  <-   TRANSACTION response m

The flow for the transaction protocol when the request parameters and
data does all fit in a single buffer is:


 Client                           <->  Server
 ===============================  ==== ==============================

 Primary TRANSACTION request      ->
                                  <-   TRANSACTION response 1
                                  <-   TRANSACTION response 2
                                  <-   TRANSACTION response m



The flow for the transaction protocol over a connectionless transport
is:

1.     The client sends the primary client request identifying the total
bytes (both parameters and data) which are expected to be sent and
contains the set up words and as many of the parameter and data bytes
as will fit in a negotiated size buffer.  This request also identifies
the maximum number of bytes (setup, parameters and data) the server is
to return on completion.  If all the bytes fit in the single buffer,
skip to step 4.

2.     The server responds with a single interim response meaning "OK, send
the remainder of the bytes" or (if error response) terminate the
transaction.

3.     The client then sends another buffer full of bytes to the server.
The server responds with an interim server response. This step is
repeated until all of the bytes are sent and received.

4.     The Server sets up and performs the transaction with the information
provided.

5.     Upon completion of the transaction, the server sends back (up to)
the number of parameter and data bytes requested (or as many as will
fit in the negotiated buffer size).

6.     The client responds with a transaction secondary request.  The
server sends back more response data. This step is repeated until all
result bytes have been returned.

7.    The client sends a sequenced request to the server such as
  SMB_COM_ECHO


Leach, Naik       expires September, 1997         [Page 45] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


The primary transaction request through the final response make up the
complete transaction exchange, thus the Tid, Pid, Uid and Mid must remain
constant and can be used as appropriate by both the server and the
client.  Of course, other SMB requests may intervene as well.

There are (at least) three ways that actual server responses have been
observed to differ from what might be expected.  First, some servers will
send Pad bytes to move the DataOffset to a 2- or 4-byte boundary even if
there are no data bytes; the point here is that the ByteCount must be
used instead of ParameterOffset plus ParameterCount to infer the actual
message length.  Second, some servers always return MaxParameterCount
bytes even if the particular Transact2 has no parameter response.
Finally, in case of an error, some servers send the "traditional
WordCount==0/ByteCount==0" response while others generate a Transact
response format.


3.14  Valid SMB Requests by Negotiated Dialect

The following SMB messages may be exchanged by CIFS clients and servers
if the "PC NETWORK PROGRAM 1.0" dialect is negotiated:


SMB_COM_CREATE_DIRECTORY        SMB_COM_DELETE_DIRECTORY
SMB_COM_OPEN                    SMB_COM_CREATE
SMB_COM_CLOSE                   SMB_COM_FLUSH
SMB_COM_DELETE                  SMB_COM_RENAME
SMB_COM_QUERY_INFORMATION       SMB_COM_SET_INFORMATION
SMB_COM_READ                    SMB_COM_WRITE
SMB_COM_LOCK_BYTE_RANGE         SMB_COM_UNLOCK_BYTE_RANGE
SMB_COM_CREATE_TEMPORARY        SMB_COM_CREATE_NEW
SMB_COM_CHECK_DIRECTORY         SMB_COM_PROCESS_EXIT
SMB_COM_SEEK                    SMB_COM_TREE_CONNECT
SMB_COM_TREE_DISCONNECT         SMB_COM_NEGOTIATE
SMB_COM_QUERY_INFORMATION_DISK  SMB_COM_SEARCH
SMB_COM_OPEN_PRINT_FILE         SMB_COM_WRITE_PRINT_FILE
SMB_COM_CLOSE_PRINT_FILE        SMB_COM_GET_PRINT_QUEUE


If the "LANMAN 1.0" dialect is negotiated, all of the messages in the
previous list must be supported.  Clients negotiating LANMAN 1.0 and
higher dialects will probably no longer send SMB_COM_PROCESS_EXIT, and
the response format for SMB_COM_NEGOTIATE is modified as well.  New
messages introduced with the LANMAN 1.0 dialect are:












Leach, Naik       expires September, 1997         [Page 46] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



SMB_COM_LOCK_AND_READ         SMB_COM_WRITE_AND_UNLOCK
SMB_COM_READ_RAW              SMB_COM_READ_MPX
SMB_COM_WRITE_MPX             SMB_COM_WRITE_RAW
SMB_COM_WRITE_COMPLETE        SMB_COM_WRITE_MPX_SECONDARY
SMB_COM_SET_INFORMATION2      SMB_COM_QUERY_INFORMATION2
SMB_COM_LOCKING_ANDX          SMB_COM_TRANSACTION
SMB_COM_TRANSACTION_SECONDARY SMB_COM_IOCTL
SMB_COM_IOCTL_SECONDARY       SMB_COM_COPY
SMB_COM_MOVE                  SMB_COM_ECHO
SMB_COM_WRITE_AND_CLOSE       SMB_COM_OPEN_ANDX
SMB_COM_READ_ANDX             SMB_COM_WRITE_ANDX
SMB_COM_SESSION_SETUP_ANDX    SMB_COM_TREE_CONNECT_ANDX
SMB_COM_FIND                  SMB_COM_FIND_UNIQUE
SMB_COM_FIND_CLOSE


The "LM1.2X002" dialect introduces these new SMBs:


SMB_COM_TRANSACTION2          SMB_COM_TRANSACTION2_SECONDARY
SMB_COM_FIND_CLOSE2           SMB_COM_LOGOFF_ANDX


"NT LM 0.12" dialect introduces:


SMB_COM_NT_TRANSACT           SMB_COM_NT_TRANSACT_SECONDARY
SMB_COM_NT_CREATE_ANDX        SMB_COM_NT_CANCEL
SMB_COM_NT_RENAME             SMB_COM_READ_BULK
SMB_COM_WRITE_BULK            SMB_COM_WRITE_BULK_DATA

4  SMB Requests

This section lists the "best practice" SMB requests -- ones that would
permit a client to exercise full CIFS functionality and optimum
performance when interoperating with a server speaking the latest
dialect as of this writing ("NT LM 0.12").

Note that, as of this writing, no existing client restricts itself to
only these requests, so no useful server can be written that supports
just them. The classification is provided so that future clients will be
written to permit future servers to be simpler.
















Leach, Naik       expires September, 1997         [Page 47] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.1  Session Requests


4.1.1  NEGOTIATE: Negotiate Protocol


Client Request                Description
============================  =======================================

UCHAR WordCount;              Count of parameter words = 0
USHORT ByteCount;             Count of data bytes; min = 2
struct {
   UCHAR BufferFormat;        0x02 -- Dialect
   UCHAR DialectName[];       ASCII null-terminated string
} Dialects[];



The Client sends a list of dialects that it can communicate with.  The
response is a selection of one of those dialects (numbered 0 through n)
or -1 (hex FFFF) indicating that none of the dialects were acceptable.
The negotiate message is binding on the virtual circuit and must be
sent.  One and only one negotiate message may be sent, subsequent
negotiate requests will be rejected with an error response and no action
will be taken.

The protocol does not impose any particular structure to the dialect
strings.  Implementers of particular protocols may choose to include,
for example, version numbers in the string.

If the server does not understand any of the dialect strings, or if PC
NETWORK PROGRAM 1.0 is the chosen dialect, the response format is


Server Response               Description
============================  =======================================

UCHAR WordCount;              Count of parameter words = 1
USHORT DialectIndex;          Index of selected dialect
USHORT ByteCount;             Count of data bytes = 0




















Leach, Naik       expires September, 1997         [Page 48] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


If the chosen dialect is greater than core up to and including
LANMAN2.1, the protocol response format is


Server Response               Description
============================  =======================================

UCHAR WordCount;              Count of parameter words = 13
USHORT  DialectIndex;         Index of selected dialect
USHORT  SecurityMode;         Security mode:
                              bit 0: 0 = share, 1 = user
                              bit 1: 1 = use challenge/response
                              authentication
USHORT  MaxBufferSize;        Max transmit buffer size (>= 1024)
USHORT  MaxMpxCount;          Max pending multiplexed requests
USHORT  MaxNumberVcs;         Max VCs between client and server
USHORT  RawMode;              Raw modes supported:
                               bit 0: 1 = Read Raw supported
                               bit 1: 1 = Write Raw supported
ULONG SessionKey;             Unique token identifying this session
SMB_TIME ServerTime;          Current time at server
SMB_DATE ServerDate;          Current date at server
USHORT ServerTimeZone;        Current time zone at server
USHORT  EncryptionKeyLength;  MBZ if this is not LM2.1
USHORT  Reserved;             MBZ
USHORT  ByteCount             Count of data bytes
UCHAR EncryptionKey[];        The challenge encryption key
STRING PrimaryDomain[];       The server's primary domain



MaxBufferSize is the size of the largest message which the client can
legitimately send to the server

If  bit0 of the Flags field is set in the negotiate response, this
indicates the server supports the SMB_COM_LOCK_AND_READ and
SMB_COM_WRITE_AND_UNLOCK client requests.

If the SecurityMode field indicates the server is running in user mode,
the client must send appropriate SMB_COM_SESSION_SETUP_ANDX requests
before the server will allow the client to access resources.  If the
SecurityMode fields indicates the client should use challenge/response
authentication, the client should use the authentication mechanism
specified in section 2.10.

Clients should submit no more than MaxMpxCount distinct unanswered SMBs
to the server when using multiplexed reads or writes (see sections 5.13
and 5.25)

Clients using the  "MICROSOFT NETWORKS 1.03" dialect use a different
form of raw reads than documented here, and servers are better off
setting RawMode in this response to 0 for such sessions.

If the negotiated dialect is "DOS LANMAN2.1" or "LANMAN2.1", then
PrimaryDomain string should be included in this response.



Leach, Naik       expires September, 1997         [Page 49] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


If the negotiated dialect is NT LM 0.12, the response format is


Server Response            Description
========================== =========================================

UCHAR WordCount;           Count of parameter words = 17
USHORT DialectIndex;       Index of selected dialect
UCHAR SecurityMode;        Security mode:
                            bit 0: 0 = share, 1 = user
                            bit 1: 1 = encrypt passwords
USHORT MaxMpxCount;        Max pending multiplexed requests
USHORT MaxNumberVcs;       Max VCs between client and server
ULONG MaxBufferSize;       Max transmit buffer size
ULONG MaxRawSize;          Maximum raw buffer size
ULONG SessionKey;          Unique token identifying this session
ULONG Capabilities;        Server capabilities
ULONG SystemTimeLow;       System (UTC) time of the server (low).
ULONG SystemTimeHigh;      System (UTC) time of the server (high).
USHORT ServerTimeZone;     Time zone of server (min from UTC)
UCHAR EncryptionKeyLength; Length of encryption key.
USHORT ByteCount;          Count of data bytes
UCHAR EncryptionKey[];     The challenge encryption key
UCHAR OemDomainName[];     The name of the domain (in OEM chars)



In addition to the definitions above, MaxBufferSize is the size of the
largest message which the client can legitimately send to the server.
If the client is using a connectionless protocol,  MaxBufferSize must be
set to the smaller of the server's internal buffer size and the amount
of data which can be placed in a response packet.

MaxRawSize specifies the maximum message size the server can send or
receive for SMB_COM_WRITE_RAW or SMB_COM_READ_RAW.

Connectionless clients must set Sid to 0 in the SMB request header.





















Leach, Naik       expires September, 1997         [Page 50] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


Capabilities allows the server to tell the client what it supports.  The
bit definitions are:


Capability Name      Encoding  Meaning
==================== ========  =====================================

CAP_RAW_MODE         0x0001    The server supports SMB_COM_READ_RAW
                                and SMB_COM_WRITE_RAW
CAP_MPX_MODE         0x0002    The server supports SMB_COM_READ_MPX
                                and SMB_COM_WRITE_MPX
CAP_UNICODE          0x0004    The server supports Unicode strings
CAP_LARGE_FILES      0x0008    The server supports large files with
                                64 bit offsets
CAP_NT_SMBS          0x0010    The server supports the SMBs
                                particular to the NT LM 0.12 dialect
CAP_RPC_REMOTE_APIS  0x0020    The sever supports remote API
                                requests via RPC
CAP_STATUS32         0x0040    The server can respond with 32 bit
                                status codes in Status.Status
CAP_LEVEL_II_OPLOCKS 0x0080    The server supports level 2 oplocks
CAP_LOCK_AND_READ    0x0100    The server supports the
                                SMB_COM_LOCK_AND_READ SMB
CAP_NT_FIND          0x0200
CAP_DFS              0x1000    This server is DFS aware





4.1.1.1  Errors

SUCCESS/SUCCESS
ERRSRV/ERRerror


4.1.2  SESSION_SETUP_ANDX: Session Setup

This SMB is used to further "Set up" the session normally just
established via the negotiate protocol.

One primary function is to perform a "user logon" in the case where the
server is in user level security mode.  The Uid in the SMB header is set
by the client to be the userid desired for the AccountName and validated
by the AccountPassword.













Leach, Naik       expires September, 1997         [Page 51] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


If the negotiated protocol is prior to NT LM 0.12, the format of
SMB_COM_SESSION_SETUP_ANDX is:


Client Request                 Description
============================== =====================================

UCHAR WordCount;               Count of parameter words = 10
UCHAR AndXCommand;             Secondary (X) command; 0xFF = none
UCHAR AndXReserved;            Reserved (must be 0)
USHORT AndXOffset;             Offset to next command WordCount
USHORT MaxBufferSize;          Client maximum buffer size
USHORT MaxMpxCount;            Actual maximum multiplexed pending
                                requests
USHORT VcNumber;               0 = first (only), nonzero=additional
                                VC number
ULONG SessionKey;              Session key (valid iff VcNumber != 0)
USHORT PasswordLength;         Account password size
ULONG Reserved;                Must be 0
USHORT ByteCount;              Count of data bytes;    min = 0
UCHAR AccountPassword[];       Account Password
STRING AccountName[];          Account Name
STRING PrimaryDomain[];        Client's primary domain
STRING NativeOS[];             Client's native operating system
STRING NativeLanMan[];         Client's native LAN Manager type



and the response is:


Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 3
UCHAR AndXCommand;                 Secondary (X) command;  0xFF =
                                    none
UCHAR AndXReserved;                Reserved (must be 0)
USHORT AndXOffset;                 Offset to next command WordCount
USHORT Action;                     Request mode:
                                    bit0 = logged in as GUEST
USHORT ByteCount;                  Count of data bytes
STRING NativeOS[];                 Server's native operating system
STRING NativeLanMan[];             Server's native LAN Manager type
STRING PrimaryDomain[];            Server's primary domain



If the server is in "share level security mode", the account name and
passwd should be ignored by the server.

If challenge/response authentication is not being used, AccountPassword
should be a null terminated ASCII string with PasswordLength set to the
string size including the null; the password will case insensitive. If
challenge/response authentication is being used (see section 2.10), then
AccountPassword will be the response to the server's challenge, and
PasswordLength should be set to its length.




Leach, Naik       expires September, 1997         [Page 52] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


The server validates the name and password supplied and if valid, it
registers the user identifier on this session as representing the
specified AccountName.  The Uid  field in the SMB header will then be
used to validate access on subsequent SMB requests.  The SMB requests
where permission checks are required are those which refer to a
symbolically named resource such as SMB_COM_OPEN, SMB_COM_RENAME,
SMB_COM_DELETE, etc..  The value of the Uid is relative to a specific
client/server session so it is possible to have the same Uid value
represent two different users on two different sessions at the server.

Multiple session setup commands may be sent to register additional users
on this session.  If the server receives an additional
SMB_COM_SESSION_SETUP_ANDX, only the Uid, AccountName and
AccountPassword fields need contain valid values (the server MUST ignore
the other fields).

The client writes the name of its domain in PrimaryDomain if it knows
what the domain name is.  If the domain name is unknown, the client
either encodes it as a NULL string, or as a question mark.

If bit0 of Action is set, this informs the client that although the
server did not recognize the AccountName, it logged the user in as a
guest.  This is optional behavior by the server, and in any case one
would ordinarily expect guest privileges to limited.

Another function of the Session Set Up protocol is to inform the server
of the maximum values which will be utilized by this client.  Here
MaxBufferSize is the maximum message size which the client can receive.
Thus although the server may support 16k buffers (as returned in the
SMB_COM_NEGOTIATE response), if the client only has 4k buffers, the
value of MaxBufferSize here would be 4096.  The minimum allowable value
for MaxBufferSize is 1024.  The SMB_COM_NEGOTIATE response includes the
server buffer size supported.  Thus this is the maximum SMB message size
which the client can send to the server.  This size may be larger than
the size returned to the server from the client via the
SMB_COM_SESSION_SETUP_AND X protocol which is the maximum SMB message
size which the server may send to the client.  Thus if the server's
buffer size were 4k and the client's buffer size were only 2K,  the
client could send up to 4k (standard) write requests but must only
request up to 2k for (standard) read requests.

The field, MaxMpxCount informs the server of the maximum number of
requests which the client will have outstanding to the server
simultaneously (see sections 5.13 and 5.25).

The VcNumber field specifies whether the client wants this to be the
first VC or an additional VC.

The values for MaxBufferSize, MaxMpxCount, and VcNumber must be less
than or equal to the maximum values supported by the server as returned
in the SMB_COM_NEGOTIATE response.

If the server gets a SMB_COM_SESSION_SETUP_ANDX request with VcNumber of
0 and other VCs are still connected to that client, they will be aborted

Leach, Naik       expires September, 1997         [Page 53] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


thus freeing any resources held by the server.  This condition could
occur if the client was rebooted and reconnected to the server before
the transport level had informed the server of the previous VC
termination.

If the negotiated SMB dialect is "NT LM 0.12" or later, the format of
the response SMB is unchanged, but the request is:


Client Request                 Description
============================== =====================================

UCHAR WordCount;               Count of parameter words = 13
UCHAR AndXCommand;             Secondary (X) command;  0xFF = none
UCHAR AndXReserved;            Reserved (must be 0)
USHORT AndXOffset;             Offset to next command WordCount
USHORT MaxBufferSize;          Client's maximum buffer size
USHORT MaxMpxCount;            Actual maximum multiplexed pending
                                requests
USHORT VcNumber;               0 = first (only), nonzero=additional
                                VC number
ULONG SessionKey;              Session key (valid iff VcNumber != 0)
USHORT                         Account password size, ANSI
CaseInsensitivePasswordLength;
USHORT                         Account password size, Unicode
CaseSensitivePasswordLength;
ULONG Reserved;                must be 0
ULONG Capabilities;            Client capabilities
USHORT ByteCount;              Count of data bytes;    min = 0
UCHAR                          Account Password, ANSI
CaseInsensitivePassword[];
UCHAR CaseSensitivePassword[]; Account Password, Unicode
STRING AccountName[];          Account Name, Unicode
STRING PrimaryDomain[];        Client's primary domain, Unicode
STRING NativeOS[];             Client's native operating system,
                                Unicode
STRING NativeLanMan[];         Client's native LAN Manager type,
                                Unicode



















Leach, Naik       expires September, 1997         [Page 54] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


The client expresses its capabilities to the server encoded in the
Capabilities field:


Capability Name           Encoding  Description
========================  ========= ================================

CAP_UNICODE               0x0004    The client can use UNICODE
                                     strings
CAP_LARGE_FILES           0x0008    The client can deal with files
                                     having 64 bit offsets
CAP_NT_SMBS               0x0010    The client understands the SMBs
                                     introduced with the NT LM 0.12
                                     dialect.  Implies CAP_NT_FIND.
CAP_NT_FIND               0x0200
CAP_ STATUS32             0x0040    The client can receive 32 bit
                                     errors encoded in Status.Status
CAP_LEVEL_II_OPLOCKS      0x0080    The client understands Level II
                                     oplocks



The entire message sent and received including the optional ANDX SMB
must fit in the negotiated maximum transfer size.  The following are the
only valid SMB commands for AndXCommand for SMB_COM_SESSION_SETUP_ANDX


SMB_COM_TREE_CONNECT_ANDX     SMB_COM_OPEN
SMB_COM_OPEN_ANDX             SMB_COM_CREATE
SMB_COM_CREATE_NEW            SMB_COM_CREATE_DIRECTORY
SMB_COM_DELETE                SMB_COM_DELETE_DIRECTORY
SMB_COM_FIND                  SMB_COM_FIND_UNIQUE
SMB_COM_COPY                  SMB_COM_RENAME
SMB_COM_NT_RENAME             SMB_COM_CHECK_DIRECTORY
SMB_COM_QUERY_INFORMATION     SMB_COM_SET_INFORMATION
SMB_COM_NO_ANDX_COMMAND       SMB_COM_OPEN_PRINT_FILE
SMB_COM_GET_PRINT_QUEUE       SMB_COM_TRANSACTION


4.1.2.1  Errors

ERRSRV/ERRerror     - no NEG_PROT issued
ERRSRV/ERRbadpw     - password not correct for given username
ERRSRV/ERRtoomanyuids    - maximum number of users per session exceeded
ERRSRV/ERRnosupport - chaining of this request to the previous one is
not supported













Leach, Naik       expires September, 1997         [Page 55] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.1.3  LOGOFF_ANDX: User Logoff

This SMB is the inverse of SMB_COM_SESSION_SETUP_ANDX.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 2
UCHAR AndXCommand;                 Secondary (X) command;  0xFF =
                                    none
UCHAR AndXReserved;                Reserved (must be 0)
USHORT AndXOffset;                 Offset to next command WordCount
USHORT ByteCount;                  Count of data bytes = 0



Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 2
UCHAR AndXCommand;                 Secondary (X) command;  0xFF =
                                    none
UCHAR AndXReserved;                Reserved (must be 0)
USHORT AndXOffset;                 Offset to next command WordCount
USHORT ByteCount;                  Count of data bytes = 0



The user represented by Uid in the SMB header is logged off.  The server
closes all files currently open by this user, and invalidates any
outstanding requests with this Uid.

SMB_COM_SESSION_SETUP_ANDX is the only valid AndXCommand. for this SMB.


4.1.3.1  Errors

ERRSRV/invnid  - TID was invalid
ERRSRV/baduid  - UID was invalid


4.1.4  TREE_CONNECT_ANDX:  Tree Connect


Client Request                     Description
=================================  =================================

UCHAR WordCount;                   Count of parameter words = 4
UCHAR AndXCommand;                 Secondary (X) command; 0xFF = none
UCHAR AndXReserved;                Reserved (must be 0)
USHORT AndXOffset;                 Offset to next command WordCount
USHORT Flags;                      Additional information
                                   bit 0 set = disconnect Tid
USHORT PasswordLength;             Length of Password[]
USHORT ByteCount;                  Count of data bytes;    min = 3
UCHAR Password[];                  Password
STRING Path[];                     Server name and share name
STRING Service[];                  Service name



Leach, Naik       expires September, 1997         [Page 56] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


The serving machine verifies the combination and returns an error code
or an identifier.  The full name is included in this request message and
the identifier identifying the connection is returned in the Tid field
of the SMB header.  The Tid field in the client request is ignored.  The
meaning of this identifier (Tid) is server specific; the client must not
associate any specific meaning to it.

If the negotiated dialect is LANMAN1.0 or later, then it is a protocol
violation for the client to send this message prior to a successful
SMB_COM_SESSION_SETUP_ANDX, and the server ignores Password.

If the negotiated dialect is prior to LANMAN1.0 and the client has not
sent a successful SMB_COM_SESSION_SETUP_ANDX request when the tree
connect arrives, a user level security mode server must nevertheless
validate the client's credentials as discussed earlier in this document.

Path follows UNC style syntax, that is to say it is encoded as
\\server\share and it indicates the name of the resource to which the
client wishes to connect.

Because Password may be an authentication response, it is a variable
length field with the length specified by PasswordLength.   If
authentication is not being used, Password should be a null terminated
ASCII string with PasswordLength set to the string size including the
terminating null.

The server can enforce whatever policy it desires to govern share
access. Typically, if the server is paused, administrative privilege is
required to connect to any share; if the server is not paused,
administrative privilege is required only for administrative shares (C$,
etc.). Other such policies may include valid times of day, software
usage license limits, number of simultaneous server users or share
users, etc.

The Service component indicates the type of resource the client intends
to access.  Valid values are:


Service   Description               Earliest Dialect Allowed
========  ========================  ================================

A:        disk share                PC NETWORK PROGRAM 1.0
LPT1:     printer                   PC NETWORK PROGRAM 1.0
IPC       named pipe                MICROSOFT NETWORKS 3.0
COMM      communications device     MICROSOFT NETWORKS 3.0
?????     any type of device        MICROSOFT NETWORKS 3.0



If bit0 of Flags is set, the tree connection to Tid in the SMB header
should be disconnected.  If this tree disconnect fails, the error should
be ignored.

If the negotiated dialect is earlier than DOS LANMAN2.1, the response to
this SMB is:



Leach, Naik       expires September, 1997         [Page 57] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Server Response                  Description
================================ ===================================

UCHAR WordCount;                 Count of parameter words = 2
UCHAR AndXCommand;               Secondary (X) command;  0xFF = none
UCHAR AndXReserved;              Reserved (must be 0)
USHORT AndXOffset;               Offset to next command WordCount
USHORT ByteCount;                Count of data bytes;    min = 3



If the negotiated is DOS LANMAN2.1 or later, the response to this SMB
is:


Server Response                  Description
================================ ===================================

UCHAR WordCount;                 Count of parameter words = 3
UCHAR AndXCommand;               Secondary (X) command;  0xFF = none
UCHAR AndXReserved;              Reserved (must be 0)
USHORT AndXOffset;               Offset to next command WordCount
USHORT OptionalSupport;          Optional support bits
USHORT ByteCount;                Count of data bytes;    min = 3
UCHAR Service[];                 Service type connected to.  Always
                                  ANSII.
STRING NativeFileSystem[];       Native file system for this tree



NativeFileSystem is the name of the filesystem; values to be expected
include FAT, NTFS, etc.

OptionalSupport bits has the encoding:


Name                           Encoding   Description
=============================  =========  ==========================

SMB_SUPPORT_SEARCH_BITS        0x0001

SMB_SHARE_IS_IN_DFS            0x0002



Some servers negotiate "DOS LANMAN2.1" dialect or later and still send
the "downlevel" (i.e. wordcount==2) response.  Valid AndX following
commands are


SMB_COM_OPEN              SMB_COM_OPEN_ANDX          SMB_COM_CREATE
SMB_COM_CREATE_NEW        SMB_COM_CREATE_DIRECTORY   SMB_COM_DELETE
SMB_COM_DELETE_DIRECTORY  SMB_COM_FIND               SMB_COM_COPY
SMB_COM_FIND_UNIQUE       SMB_COM_RENAME
SMB_COM_CHECK_DIRECTORY   SMB_COM_QUERY_INFORMATION
SMB_COM_GET_PRINT_QUEUE   SMB_COM_OPEN_PRINT_FILE
SMB_COM_TRANSACTION       SMB_COM_NO_ANDX_CMD
SMB_COM_SET_INFORMATION   SMB_COM_NT_RENAME

4.1.4.1  Errors

ERRDOS/ERRnomem
ERRDOS/ERRbadpath


Leach, Naik       expires September, 1997         [Page 58] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


ERRDOS/ERRinvdevice
ERRSRV/ERRaccess
ERRSRV/ERRbadpw
ERRSRV/ERRinvnetname


4.1.5  TREE_DISCONNECT:  Tree Disconnect

This message informs the server that the client no longer wishes to
access the resource connected to with a prior SMB_COM_TREE_CONNECT or
SMB_COM_TREE_CONNECT_ANDX.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0



The resource sharing connection identified by Tid in the SMB header is
logically disconnected from the server. Tid is invalidated; it will not
be recognized if used by the client for subsequent requests. All locks,
open files, etc. created on behalf of Tid are released.


Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0


4.1.5.1  Errors

ERRSRV/ERRinvnid
ERRSRV/ERRbaduid


4.1.6  TRANS2_QUERY_FS_INFORMATION: Get File System Information

This transaction requests information about a filesystem on the server.


 Client Request                     Value
 ================================== =================================

 WordCount;                         15
 TotalParameterCount;               2 or 4
 MaxSetupCount;                     0
 SetupCount;                        1 or 2
 Setup[0];                          TRANS2_QUERY_FS_INFORMATION



 Parameter Block Encoding           Description
 ================================== =================================

 USHORT Information Level;          Level of information requested



The  filesystem is identified by Tid in the SMB header.


Leach, Naik       expires September, 1997         [Page 59] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


MaxDataCount in the transaction request must be large enough to
accommodate the response.

The encoding of the response parameter block depends on the
InformationLevel requested.  Information levels whose values are greater
than 0x102 are mapped to corresponding calls to
NtQueryVolumeInformationFile calls by the server.  The two levels below
0x102 are described below.  The requested information is placed in the
Data portion of the transaction response.


 InformationLevel               Value

 =============================  ======

 SMB_INFO_ALLOCATION            1
 SMB_INFO_VOLUME                2
 SMB_QUERY_FS_VOLUME_INFO       0x102
 SMB_QUERY_FS_SIZE_INFO         0x103
 SMB_QUERY_FS_DEVICE_INFO       0x104
 SMB_QUERY_FS_ATTRIBUTE_INFO    0x105



The following sections describe the InformationLevel dependent encoding
of the data part of the transaction response.
































Leach, Naik       expires September, 1997         [Page 60] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.1.6.1  SMB_INFO_ALLOCATION


 Data Block Encoding Description
 =================== ================================================

 ULONG idFileSystem; File system identifier.  NT server always
                      returns 0
 ULONG cSectorUnit;  Number of sectors per allocation unit
 ULONG cUnit;        Total number of allocation units
 ULONG cUnitAvail;   Total number of available allocation units
 USHORT cbSector;    Number of bytes per sector


4.1.6.2  SMB_INFO_VOLUME


 Data Block Encoding Description
 =================== ================================================

 ULONG ulVsn;        Volume serial number
 UCHAR cch;          Number of  characters in Label
 STRING Label;       The volume label


4.1.6.3  SMB_QUERY_FS_VOLUME_INFO


 Data Block Encoding Description
 =================== ================================================

 LARGE_INTEGER       Volume Creation Time
 ULONG               Volume Serial Number
 ULONG               Length of Volume Label in bytes

 BYTE                Reserved

 BYTE                Reserved

 STRING Label;       The volume label






4.1.6.4  SMB_QUERY_FS_SIZE_INFO


 Data Block Encoding Description
 =================== ================================================

 LARGE_INTEGER       Total Number of Allocation units on the Volume
 LARGE_INTEGER       Number of free Allocation units on the Volume
 ULONG               Number of sectors in each Allocation unit

 ULONG               Number of bytes in each sector













Leach, Naik       expires September, 1997         [Page 61] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.1.6.5  SMB_QUERY_FS_DEVICE_INFO


 Data Block Encoding  Value
 ==================== ===============================================

 ULONG                DeviceType; Values as specified below
 ULONG                Characteristics of the device; Values as
                       specified below


For DeviceType, note that the values 0-32767 are reserved for the
exclusive use of Microsoft Corporation. The following device types are
currently defined:











































Leach, Naik       expires September, 1997         [Page 62] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



FILE_DEVICE_BEEP                0x00000001

FILE_DEVICE_CD_ROM              0x00000002
FILE_DEVICE_CD_ROM_FILE_SYSTEM  0x00000003
FILE_DEVICE_CONTROLLER          0x00000004
FILE_DEVICE_DATALINK            0x00000005
FILE_DEVICE_DFS                 0x00000006
FILE_DEVICE_DISK                0x00000007
FILE_DEVICE_DISK_FILE_SYSTEM    0x00000008
FILE_DEVICE_FILE_SYSTEM         0x00000009
FILE_DEVICE_INPORT_PORT         0x0000000a
FILE_DEVICE_KEYBOARD            0x0000000b
FILE_DEVICE_MAILSLOT            0x0000000c
FILE_DEVICE_MIDI_IN             0x0000000d
FILE_DEVICE_MIDI_OUT            0x0000000e
FILE_DEVICE_MOUSE               0x0000000f
FILE_DEVICE_MULTI_UNC_PROVIDER  0x00000010
FILE_DEVICE_NAMED_PIPE          0x00000011
FILE_DEVICE_NETWORK             0x00000012
FILE_DEVICE_NETWORK_BROWSER     0x00000013
FILE_DEVICE_NETWORK_FILE_SYSTEM 0x00000014
FILE_DEVICE_NULL                0x00000015
FILE_DEVICE_PARALLEL_PORT       0x00000016
FILE_DEVICE_PHYSICAL_NETCARD    0x00000017
FILE_DEVICE_PRINTER             0x00000018
FILE_DEVICE_SCANNER             0x00000019
FILE_DEVICE_SERIAL_MOUSE_PORT   0x0000001a
FILE_DEVICE_SERIAL_PORT         0x0000001b
FILE_DEVICE_SCREEN              0x0000001c
FILE_DEVICE_SOUND               0x0000001d
FILE_DEVICE_STREAMS             0x0000001e
FILE_DEVICE_TAPE                0x0000001f
FILE_DEVICE_TAPE_FILE_SYSTEM    0x00000020
FILE_DEVICE_TRANSPORT           0x00000021
FILE_DEVICE_UNKNOWN             0x00000022
FILE_DEVICE_VIDEO               0x00000023
FILE_DEVICE_VIRTUAL_DISK        0x00000024
FILE_DEVICE_WAVE_IN             0x00000025
FILE_DEVICE_WAVE_OUT            0x00000026
FILE_DEVICE_8042_PORT           0x00000027
FILE_DEVICE_NETWORK_REDIRECTOR  0x00000028
FILE_DEVICE_BATTERY             0x00000029
FILE_DEVICE_BUS_EXTENDER        0x0000002a
FILE_DEVICE_MODEM               0x0000002b
FILE_DEVICE_VDM                 0x0000002c



Some of these device types are not currently accesible over the network
and may never be accessible over the network. Some may change to be


Leach, Naik       expires September, 1997         [Page 63] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


accessible over the network. The values for device types that may never
be accessible over the network may be redefined to be just resrved at
some date in the future.

Characteristics is the sum of any of the following:


FILE_REMOVABLE_MEDIA         0x00000001
FILE_READ_ONLY_DEVICE        0x00000002
FILE_FLOPPY_DISKETTE         0x00000004
FILE_WRITE_ONE_MEDIA         0x00000008
FILE_REMOTE_DEVICE           0x00000010
FILE_DEVICE_IS_MOUNTED       0x00000020
FILE_VIRTUAL_VOLUME          0x00000040




4.1.6.6  SMB_QUERY_FS_ATTRIBUTE_INFO


 Data Block Encoding Description
 =================== ================================================

 ULONG               File System Attributes; possible values
                      described below
 LONG                Maximum length of each file name component in
                      number of bytes
 ULONG               Length, in bytes, of the name of the file system

 STRING              Name of the file system



Where FileSystemAttributes is the sum of any of the following:


FILE_CASE_SENSITIVE_SEARCH   0x00000001
FILE_CASE_PRESERVED_NAMES    0x00000002
FILE_PRSISTENT_ACLS          0x00000004
FILE_FILE_COMPRESSION        0x00000008
FILE_VOLUME_QUOTAS           0x00000010
FILE_DEVICE_IS_MOUNTED       0x00000020
FILE_VOLUME_IS_COMPRESSED    0x00008000




4.1.6.7  Errors

ERRSRV/invnid       - TID was invalid
ERRSRV/baduid       - UID was invalid
ERRHRD/ERRnotready  - the file system has been removed
ERRHRD/ERRdata      - disk I/O error
ERRSRV/ERRaccess    - user does not have the right to perform this operation
ERRSRV/ERRinvdevice - resource identified by TID is not a file system






Leach, Naik       expires September, 1997         [Page 64] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.1.7  ECHO: Ping the Server

This request is used to test the connection to the server, and to see if
the server is still responding.


 Client Request                     Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 1
 USHORT EchoCount;                  Number of times to echo data back
 USHORT ByteCount;                  Count of data bytes;    min = 1
 UCHAR Buffer[1];                   Data to echo



 Server Response                    Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 1
 USHORT SequenceNumber;             Sequence number of this echo
 USHORT ByteCount;                  Count of data bytes;    min = 4
 UCHAR Buffer[1];                   Echoed data



Each response echoes the data sent, though ByteCount may indicate no
data  If EchoCount is zero, no response is sent.

Tid in the SMB header is ignored, so this request may be sent to the
server even if there are no valid tree connections to the server.

The flow for the ECHO protocol is:


 Client Request                     <->  Server Response
 =================================  ==== ============================

 Echo Request (EchoCount == n)      ->
                                    <-   Echo Response 1
                                    <-   Echo Response 2
                                    <-   Echo Response n




4.1.7.1  Errors

ERRSRV/ERRbaduid    - UID was invalid
ERRSRV/ERRnoaccess  - session has not been established
ERRSRV/ERRnosupport - ECHO function is not supported


4.1.8  NT_CANCEL: Cancel request

This SMB allows a client to cancel a request currently pending at the
server.






Leach, Naik       expires September, 1997         [Page 65] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Client Request                     Description
================================== =================================

UCHAR WordCount;                   No words are sent (== 0)
USHORT ByteCount;                  No bytes (==0)



The Sid, Uid, Pid, Tid, and Mid fields of the SMB are used to locate an
pending server request from this session.  If a pending request is
found, it is "hurried along" which may result in success or failure of
the original request.  No other response is generated for this SMB.


4.2  File Requests




4.2.1  NT_CREATE_ANDX: Create or Open File

This command is used to create or open a file or a directory.


 Client Request                     Description
 =================================  ==================================

 UCHAR WordCount;                   Count of parameter words = 24
 UCHAR AndXCommand;                 Secondary command;  0xFF = None
 UCHAR AndXReserved;                Reserved (must be 0)
 USHORT AndXOffset;                 Offset to next command WordCount
 UCHAR Reserved;                    Reserved (must be 0)
 USHORT NameLength;                 Length of Name[] in bytes
 ULONG Flags;                       Create bit set:
                                    0x02 - Request an oplock
                                    0x04 - Request a batch oplock
                                    0x08 - Target of open must be
                                    directory
 ULONG RootDirectoryFid;            If non-zero, open is relative to
                                    this directory
 ACCESS_MASK DesiredAccess;         access desired
 LARGE_INTEGER AllocationSize;      Initial allocation size
 ULONG ExtFileAttributes;           File attributes
 ULONG ShareAccess;                 Type of share access
 ULONG CreateDisposition;           Action to take if file exists or
                                    not
 ULONG CreateOptions;               Options to use if creating a file
 ULONG ImpersonationLevel;          Security QOS information
 UCHAR SecurityFlags;               Security tracking mode flags:
                                    0x1 - SECURITY_CONTEXT_TRACKING
                                    0x2 - SECURITY_EFFECTIVE_ONLY
 USHORT ByteCount;                  Length of byte parameters
 STRING Name[];                     File to open or create



The DesiredAccess parameter is specified in section 3.7 on  Access Mask
Encoding.


Leach, Naik       expires September, 1997         [Page 66] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


If no value is specified, it still allows an application to query
attributes without actually accessing the file.

The ExtFIleAttributes parameter specifies the file attributes and flags
for the file. The parameter's value is the sum of allowed attributes and
flags defined in section 3.11 on  Extended File Attribute Encoding

The ShareAccess field Specifies how this file can be shared. This
parameter must be some combination of the following values:


Name              Value      Meaning
                  0          Prevents the file from being shared.
FILE_SHARE_READ   0x00000001 Other open operations can be performed on
                              the file for read access.
FILE_SHARE_WRITE  0x00000002 Other open operations can be performed on
                              the file for write access.
FILE_SHARE_DELETE 0x00000004 Other open operations can be performed on
                              the file for delete access.


The CreateDisposition parameter can contain one of the following values:


CREATE_NEW        Creates a new file. The function fails if the
                  specified file already exists.
CREATE_ALWAYS     Creates a new file. The function overwrites the file
                  if it exists.
OPEN_EXISTING     Opens the file. The function fails if the file does
                  not exist.
OPEN_ALWAYS       Opens the file, if it exists. If the file does not
                  exist, act like CREATE_NEW.
TRUNCATE_EXISTING Opens the file. Once opened, the file is truncated so
                  that its size is zero bytes. The calling process must
                  open the file with at least GENERIC_WRITE access. The
                  function fails if the file does not exist.


The ImpersonationLevel parameter can contain one or more of the
following values:


SECURITY_ANONYMOUS        Specifies to impersonate the client at the
                          Anonymous impersonation level.
SECURITY_IDENTIFICATION   Specifies to impersonate the client at the
                          Identification impersonation level.
SECURITY_IMPERSONATION    Specifies to impersonate the client at the
                          Impersonation impersonation level.
SECURITY_DELEGATION       Specifies to impersonate the client at the
                          Delegation impersonation level.


The SecurityFlags parameter can have either of the following two flags
set:




Leach, Naik       expires September, 1997         [Page 67] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



SECURITY_CONTEXT_TRACKING  Specifies that the security tracking mode is
                           dynamic. If this flag is not specified,
                           Security Tracking Mode is static.
SECURITY_EFFECTIVE_ONLY    Specifies that only the enabled aspects of
                           the client's security context are available
                           to the server. If you do not specify this
                           flag, all aspects of the client's security
                           context are available. This flag allows the
                           client to limit the groups and privileges
                           that a server can use while impersonating the
                           client.


The response is as follows:


 Server Response                    Description
 =================================  ==================================

 UCHAR WordCount;                   Count of parameter words = 26
 UCHAR AndXCommand;  Secondary      0xFF = None
 command;
 UCHAR AndXReserved;                MBZ
 USHORT AndXOffset;                 Offset to next command WordCount
 UCHAR OplockLevel;                 The oplock level granted
                                    0 - No oplock granted
                                    1 - Exclusive oplock granted
                                    2 - Batch oplock granted
                                    3 - Level II oplock granted
 USHORT Fid;                        The file ID
 ULONG CreateAction;                The action taken
 TIME CreationTime;                 The time the file was created
 TIME LastAccessTime;               The time the file was accessed
 TIME LastWriteTime;                The time the file was last written
 TIME ChangeTime;                   The time the file was last changed
 ULONG ExtFileAttributes;           The file attributes
 LARGE_INTEGER AllocationSize;      The number of byes allocated
 LARGE_INTEGER EndOfFile;           The end of file offset
 USHORT FileType;
 USHORT DeviceState;                state of IPC device (e.g. pipe)
 BOOLEAN Directory;                 TRUE if this is a directory
 USHORT ByteCount;                  = 0



The following SMBs may follow SMB_COM_NT_CREATE_ANDX:


   SMB_COM_READ    SMB_COM_READ_ANDX
   SMB_COM_IOCTL









Leach, Naik       expires September, 1997         [Page 68] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.2.2  NT_TRANSACT_CREATE: Create or Open File with EAs or SD

This command is used to create or open a file or a directory, when EAs
or an SD must be applied to the file.


 Request Parameter Block Encoding    Description
 =================================== ================================

 ULONG Flags;                        Creation flags (see below)
 ULONG RootDirectoryFid;             Optional directory for relative
                                      open
 ACCESS_MASK DesiredAccess;          Desired access
 LARGE_INTEGER AllocationSize;       The initial allocation size in
                                      bytes, if file created
 ULONG ExtFileAttributes;            The extended file attributes
 ULONG ShareAccess;                  The share access
 ULONG CreateDisposition;            Action to take if file exists or
                                      not
 ULONG CreateOptions;                Options for creating a new file
 ULONG SecurityDescriptorLength;     Length of SD in bytes
 ULONG EaLength;                     Length of EA in bytes
 ULONG NameLength;                   Length of name in characters
 ULONG ImpersonationLevel;           Security QOS information
 UCHAR SecurityFlags;                Security QOS information
 STRING Name[NameLength];            The name of the file (not NULL
                                      terminated)



 Data Block Encoding                 Description
 =================================== ================================

 UCHAR SecurityDescriptor[
 SecurityDescriptorLength];
 UCHAR ExtendedAttributes[EaLength];



 Creation Flag Name         Value   Description
 ========================== ======  ==================================

 NT_CREATE_REQUEST_OPLOCK   0x02    Level I oplock requested
 NT_CREATE_REQUEST_OPBATCH  0x04    Batch oplock requested
 NT_CREATE_OPEN_TARGET_DIR  0x08    Target for open is a directory
















Leach, Naik       expires September, 1997         [Page 69] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Output Parameter Block Encoding    Description
 ================================== ==================================

 UCHAR OplockLevel;                 The oplock level granted
 UCHAR Reserved;
 USHORT Fid;                        The file ID
 ULONG CreateAction;                The action taken
 ULONG EaErrorOffset;               Offset of the EA error
 TIME CreationTime;                 The time the file was created
 TIME LastAccessTime;               The time the file was accessed
 TIME LastWriteTime;                The time the file was last written
 TIME ChangeTime;                   The time the file was last changed
 ULONG ExtFileAttributes;           The file attributes
 LARGE_INTEGER AllocationSize;      The number of byes allocated
 LARGE_INTEGER EndOfFile;           The end of file offset
 USHORT FileType;
 USHORT DeviceState;                state of IPC device (e.g. pipe)
 BOOLEAN Directory;                 TRUE if this is a directory



See the description of NT_CREATE_ANDX for the definition of the
parameters.


4.2.3  CREATE_TEMPORARY: Create Temporary File

The server creates a data file in Directory relative to Tid in the SMB
header and assigns a unique name to it.


Client Request                     Server Response
================================== =================================

UCHAR WordCount;                   Count of parameter words = 3
USHORT reserved;                   Ignored by the server
UTIME CreationTime;                New file's creation time stamp
USHORT ByteCount;                  Count of data bytes;  min = 2
UCHAR BufferFormat;                0x04
STRING DirectoryName[];            Directory name



Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 1
USHORT Fid;                        File handle
USHORT ByteCount;                  Count of data bytes;  min = 2
UCHAR BufferFormat;                0x04
STRING Filename[];                 File name



Fid is the returned handle for future file access. Filename is the name
of the file which was created within the requested Directory.  It is
opened in compatibility mode with read/write access for the client.

Support of CreationTime by the server is optional.



Leach, Naik       expires September, 1997         [Page 70] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.2.4  READ_ANDX: Read Bytes


 Large File Client Request        Description
 ================================ ===================================

 UCHAR WordCount;                 Count of parameter words = 10 or 12
 UCHAR AndXCommand;               Secondary (X) command;  0xFF = none
 UCHAR AndXReserved;              Reserved (must be 0)
 USHORT AndXOffset;               Offset to next command WordCount
 USHORT Fid;                      File handle
 ULONG Offset;                    Offset in file to begin read
 USHORT MaxCount;                 Max number of bytes to return
 USHORT MinCount;                 Reserved
 ULONG Reserved;                  Must be 0
 USHORT Remaining;                Reserved
 ULONG OffsetHigh;                Upper 32 bits of offset (only if
                                   WordCount is 12)
 USHORT ByteCount;                Count of data bytes = 0



 Server Response                  Description
 ================================ ===================================

 UCHAR WordCount;                 Count of parameter words = 12
 UCHAR AndXCommand;               Secondary (X) command;  0xFF = none
 UCHAR AndXReserved;              Reserved (must be 0)
 USHORT AndXOffset;               Offset to next command WordCount 
 USHORT Remaining;                Reserved -- must be -1
 USHORT DataCompactionMode;
 USHORT Reserved;                 Reserved (must be 0)
 USHORT DataLength;               Number of data bytes (min = 0)
 USHORT DataOffset;               Offset (from header start) to data
 USHORT Reserved[5];              Reserved (must be 0)
 USHORT ByteCount;                Count of data bytes
 UCHAR Pad[];
 UCHAR Data[ DataLength];         Data from resource



If the negotiated dialect is NT LM 0.12 or later, the client may use the
12 parameter word  version of the request.  This version allows
specification of 64 bit file offsets.

If CAP_LARGE_READX was indicated by the server in the negotiate protocol
response, the request's MaxCount field may exceed the negotiated buffer
size if Fid refers to a disk file.  The server may arbitrarily elect to
return fewer than MaxCount bytes in response.

The following SMBs may follow SMB_COM_READ_ANDX:
SMB_COM_CLOSE


4.2.4.1  Errors

ERRDOS/ERRnoaccess
ERRDOS/ERRbadfid


Leach, Naik       expires September, 1997         [Page 71] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


ERRDOS/ERRlock
ERRDOS/ERRbadaccess
ERRSRV/ERRinvid
ERRSRV/ERRbaduid


4.2.5  WRITE_ANDX: Write Bytes to file or resource


 Client Request                   Description
 ===============================  ====================================

 UCHAR WordCount;                 Count of parameter words = 12 or 14
 UCHAR AndXCommand;               Secondary (X) command;  0xFF = none
 UCHAR AndXReserved;              Reserved (must be 0)
 USHORT AndXOffset;               Offset to next command WordCount
 USHORT Fid;                      File handle
 ULONG Offset;                    Offset in file to begin write
 ULONG Reserved;                  Must be 0
 USHORT WriteMode;                Write mode bits:
                                  0 - write through
 USHORT Remaining;                Bytes remaining to satisfy request
 USHORT Reserved;
 USHORT DataLength;               Number of data bytes in buffer (>=0)
 USHORT DataOffset;               Offset to data bytes
 ULONG OffsetHigh;                Upper 32 bits of offset (only
                                  present if WordCount = 14)
 USHORT ByteCount;                Count of data bytes
 UCHAR Pad[];                     Pad to SHORT or LONG
 UCHAR Data[DataLength];          Data to write



 Server Response                  Description
 ===============================  ====================================

 UCHAR WordCount;                 Count of parameter words = 6
 UCHAR AndXCommand;               Secondary (X) command;  0xFF = none
 UCHAR AndXReserved;              Reserved (must be 0)
 USHORT AndXOffset;               Offset to next command WordCount
 USHORT Count;                    Number of bytes written
 USHORT Remaining;                Reserved
 ULONG Reserved;
 USHORT ByteCount;                Count of data bytes = 0



A ByteCount of 0 does not truncate the file.  Rather a zero length write
merely transfers zero bytes of information to the file.  A request such
as SMB_COM_WRITE must be used to truncate the file.

If WriteMode has bit0 set in the request and Fid refers to a disk file,
the response is not sent from the server until the data is on stable
storage.

If the negotiated dialect is NT LM 0.12 or later, the 14 word format of
this SMB may be used to access portions of files requiring offsets



Leach, Naik       expires September, 1997         [Page 72] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


expressed as 64 bits. Otherwise, the OffsetHigh field must be omitted
from the request.

The following are the valid AndXCommand values for this SMB:


   SMB_COM_READ          SMB_COM_READ_ANDX
   SMB_COM_LOCK_AND_READ SMB_COM_WRITE_ANDX
   SMB_COM_CLOSE

4.2.5.1  Errors

ERRDOS/ERRnoaccess
ERRDOS/ERRbadfid
ERRDOS/ERRlock
ERRDOS/ERRbadaccess
ERRSRV/ERRinvid
ERRSRV/ERRbaduid


4.2.6  LOCKING_ANDX: Lock or Unlock Byte Ranges

SMB_COM_LOCKING_ANDX allows both locking and/or unlocking of file range(s).


 Client Request                     Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 8
 UCHAR AndXCommand;                 Secondary (X) command;  0xFF =
                                     none
 UCHAR AndXReserved;                Reserved (must be 0)
 USHORT AndXOffset;                 Offset to next command WordCount
 USHORT Fid;                        File handle
 UCHAR LockType;                    See LockType table below
 UCHAR OplockLevel;                 The new oplock level
 ULONG Timeout;                     Milliseconds to wait for unlock
 USHORT NumberOfUnlocks;            Num. unlock range structs
                                     following
 USHORT NumberOfLocks;              Num. lock range structs following
 USHORT ByteCount;                  Count of data bytes
 LOCKING_ANDX_RANGE Unlocks[];      Unlock ranges
 LOCKING_ANDX_RANGE Locks[];        Lock ranges



 LockType Flag Name            Value Description
 ============================  ===== ================================

 LOCKING_ANDX_SHARED_LOCK      0x01  Read-only lock
 LOCKING_ANDX_OPLOCK_RELEASE   0x02  Oplock break notification
 LOCKING_ANDX_CHANGE_LOCKTYPE  0x04  Change lock type
 LOCKING_ANDX_CANCEL_LOCK      0x08  Cancel outstanding request
 LOCKING_ANDX_LARGE_FILES      0x10  Large file locking format






Leach, Naik       expires September, 1997         [Page 73] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 LOCKING_ANDX_RANGE Format
 =====================================================================

 USHORT Pid;                        PID of process "owning" lock
 ULONG Offset;                      Offset to bytes to [un]lock
 ULONG Length;                      Number of bytes to [un]lock



 Large File LOCKING_ANDX_RANGE Format
 =====================================================================

 USHORT Pid;                        PID of process "owning" lock
 USHORT Pad;                        Pad to DWORD align (mbz)
 ULONG OffsetHigh;                  Offset to bytes to [un]lock
                                     (high)
 ULONG OffsetLow;                   Offset to bytes to [un]lock (low)
 ULONG LengthHigh;                  Number of bytes to [un]lock
                                     (high)
 ULONG LengthLow;                   Number of bytes to [un]lock (low)



 Server Response                    Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 2
 UCHAR AndXCommand;                 Secondary (X) command;  0xFF =
                                     none
 UCHAR AndXReserved;                Reserved (must be 0)
 USHORT AndXOffset;                 Offset to next command WordCount
 USHORT ByteCount;                  Count of data bytes = 0



Locking is a simple mechanism for excluding other processes read/write
access to regions of a file.  The locked regions can be anywhere in the
logical file.  Locking beyond end-of-file is permitted.  Any process
using the Fid specified in this request's Fid has access to the locked
bytes, other processes will be denied the locking of the same bytes.

The proper method for using locks is not to rely on being denied read or
write access on any of the read/write protocols but rather to attempt
the locking protocol and proceed with the read/write only if the locks
succeeded.

Locking a range of bytes will fail if any subranges or overlapping
ranges are locked.  In other words, if any of the specified bytes are
already locked, the lock will fail.

If NumberOfUnlocks is non-zero, the Unlocks vector contains
NumberOfUnlocks elements.  Each element requests that a lock at Offset
of Length be released.  If NumberOfLocks is nonzero, the Locks vector
contains NumberOfLocks elements.  Each element requests the acquisition
of a lock at Offset of Length.

Timeout is the maximum amount of time to wait for the byte range(s)
specified to become unlocked.  A timeout value of 0 indicates that the
server should fail immediately if any lock range specified is locked.  A


Leach, Naik       expires September, 1997         [Page 74] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


timeout value of -1 indicates that the server should wait as long as it
takes for each byte range specified to become unlocked so that it may be
again locked by this protocol.  Any other value of smb_timeout specifies
the maximum number of milliseconds to wait for all lock range(s)
specified to become available.

If any of the lock ranges timeout because of the area to be locked is
already locked (or the lock fails), the other ranges in the protocol
request which were successfully locked as a result of this protocol will
be unlocked (either all requested ranges will be locked when this
protocol returns to the client or none).

If LockType has the LOCKING_ANDX_SHARED_LOCK flag set, the lock is
specified as a shared lock.  Locks for both read and write (where
LOCKING_ANDX_SHARED_LOCK is clear) should be prohibited, but other
shared locks should be permitted.  If shared locks can not be supported
by a server, the server should map the lock to a lock for both read and
write.  Closing a file with locks still in force causes the locks to be
released in no defined order.

If LockType has the LOCKING_ANDX_LARGE_FILES flag set and if the
negotiated protocol is NT LM 0.12 or later, then the Locks and Unlocks
vectors are in the Large File LOCKING_ANDX_RANGE format.  This allows
specification of 64 bit offsets for very large files.

If the one and only member of the Locks vector has the
LOCKING_ANDX_CANCEL_LOCK flag set in the LockType field, the client is
requesting the server to cancel a previously requested, but not yet
responded to, lock.

If LockType has the LOCKING_ANDX_CHANGE_LOCKTYPE flag set, the client is
requesting that the server atomically change the lock type from a shared
lock to an exclusive lock or vice versa.  If the server can not do this
in an atomic fashion, the server must reject this request.  NT and W95
servers do not support this capability.

Oplocks are described in the "Opportunistic Locks" section elsewhere in
this document.  A client requests an oplock by setting the appropriate
bit in the SMB_COM_OPEN_ANDX request when the file is being opened in a
mode which is not exclusive.  The server responds by setting the
appropriate bit in the response SMB indicating whether or not the oplock
was granted.  By granting the oplock, the server tells the client the
file is currently only being used by this one client process at the
current time.  The client can therefore safely do read ahead and write
behind as well as local caching of file locks knowing that the file will
not be accessed/changed in any way by another process while the oplock
is in effect.  The client will be notified when any other process
attempts to open or modify the oplocked file.

When another user attempts to open or otherwise modify the file which a
client has oplocked, the server delays the second attempt and notifies
the client via an SMB_LOCKING_ANDX SMB asynchronously sent from the
server to the client.  This message has the LOCKING_ANDX_OPLOCK_RELEASE
flag set indicating to the client that the oplock is being broken.

Leach, Naik       expires September, 1997         [Page 75] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


OplockLevel indicates the type of oplock the client now owns. If
OplockLevel is 0, the client possesses no oplocks on the file at all, if
OplockLevel is 1 the client possesses a Level II oplock.  The client is
expected to flush any dirty buffers to the server, submit any file locks
and respond to the server with either an SMB_LOCKING_ANDX SMB having the
LOCKING_ANDX_OPLOCK_RELEASE flag set, or with a file close if the file
is no longer in use by the client.  If the client sends an
SMB_LOCKING_ANDX SMB with the LOCKING_ANDX_OPLOCK_RELEASE flag set and
NumberOfLocks is zero, the server does not send a response.  Since a
close being sent to the server and break oplock notification from the
server could cross on the wire, if the client gets an oplock
notification on a file which it does not have open, that notification
should be ignored.

Due to timing, the client could get an "oplock broken" notification in a
user's data buffer as a result of this notification crossing on the wire
with a SMB_COM_READ_RAW request.  The client must detect this (use
length of msg, "FFSMB", MID of -1 and Command of SMB_COM_LOCKING_ANDX)
and honor the "oplock broken" notification as usual.  The server must
also note on receipt of an SMB_COM_READ_RAW request that there is an
outstanding (unanswered) "oplock broken" notification to the client and
return a zero length response denoting failure of the read raw request.
The client should (after responding to the "oplock broken"
notification), use a standard read protocol to redo the read request.
This allows a file to actually contain data matching an "oplock broken"
notification and still be read correctly.

The entire message sent and received including the optional second
protocol must fit in the negotiated maximum transfer size.  The
following are the only valid SMB commands for AndXCommand for
SMB_COM_LOCKING_ANDX:


    SMB_COM_READ       SMB_COM_READ_ANDX
    SMB_COM_WRITE      SMB_COM_WRITE_ANDX
    SMB_COM_FLUSH

4.2.6.1  Errors

ERRDOS/ERRbadfile
ERRDOS/ERRbadfid
ERRDOS/ERRlock
ERRDOS/ERRinvdevice
ERRSRV/ERRinvid
ERRSRV/ERRbaduid


4.2.7  SEEK: Seek in File

The seek message is sent to set the current file pointer for Fid.






Leach, Naik       expires September, 1997         [Page 76] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 4
USHORT Fid;                        File handle
USHORT Mode;                       Seek mode:
                                    0 = from start of file
                                    1 = from current position
                                    2 = from end of file
LONG Offset;                       Relative offset
USHORT ByteCount;                  Count of data bytes = 0



 The starting point of the seek is set by Mode:

     0  seek from start of file
     1  seek from current file pointer
     2  seek from end of file


The "current position" reflects the offset plus data length specified in
the previous read, write or seek request, and the pointer set by this
command will be replaced by the offset specified in the next read, write
or seek command.


Server Response                    Description
================================== =================================

 UCHAR WordCount;                  Count of parameter words = 2
 ULONG Offset;                     Offset from start of file
 USHORT ByteCount;                 Count of data bytes = 0



The response returns the new file pointer in Offset which is expressed
as the offset from the start of the file, and may be beyond the current
end of file.  An attempt to seek to before the start of file sets the
current file pointer to start of the file.

This request should generally only be issued by clients wishing to find
the size of a file, since all read and write requests include the read
or write file position as part of the SMB.  This request is
inappropriate for  very large files, as the offsets specified are only
32 bits.  A seek which results in an Offset which can not be expressed
in 32 bits returns the least significant.


4.2.7.1  Errors

ERRDOS/ERRbadfid
ERRDOS/ERRnoaccess
ERRSRV/ERRinvdevice
ERRSRV/ERRinvid
ERRSRV/ERRbaduid




Leach, Naik       expires September, 1997         [Page 77] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.2.8  FLUSH: Flush File

The flush SMB is sent to ensure all data and allocation information for
the corresponding file has been written to stable storage.  When the Fid
has a value -1 (hex FFFF) the server performs a flush for all file
handles associated with the client and Pid.  The response is not sent
until the writes are complete.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 1
USHORT Fid;                        File handle
USHORT ByteCount;                  Count of data bytes = 0



This client request is probably expensive to perform at the server,
since the server's operating system is generally scheduling disk writes
is a way which is optimal for the system's read and write activity
integrated over the entire population of clients.  This message from a
client "interferes" with the server's ability to optimally schedule the
disk activity; clients are discouraged from overuse of this SMB request.


Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0


4.2.8.1  Errors

ERRDOS/ERRbadfid
ERRSRV/ERRinvid
ERRSRV/ERRbaduid


4.2.9  CLOSE: Close File

The close message is sent to invalidate a file handle for the requesting
process.  All locks or other resources held by the requesting process on
the file should be released by the server.  The requesting process can
no longer use Fid for further file access requests.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 3
USHORT Fid;                        File handle
UTIME LastWriteTime                Time of last write
USHORT ByteCount;                  Count of data bytes = 0

[Regarding the LastWriteTime field: The older X/Open SMB specification lists both -1 and 0 as meaning that the server should use default time values. It seems--from testing--that Windows clients use -1, not zero, despite what this draft says.]

If LastWriteTime is 0, the server should allow its local operating
system to set the file's times.  Otherwise, the server should set the
time to the values requested.  Failure to set the times, even if



Leach, Naik       expires September, 1997         [Page 78] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


requested by the client in the request message, should not result in an
error response from the server.

If Fid refers to a print spool file, the file should be spooled to the
printer at this time.


Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0


4.2.9.1  Errors

ERRDOS/ERRbadfid
ERRSRV/ERRinvdevice
ERRSRV/ERRinvid
ERRSRV/ERRbaduid


4.2.10  DELETE: Delete File

The delete file message is sent to delete a data file.  The appropriate
Tid and additional pathname are passed.  Read only files may not be
deleted, the read-only attribute must be reset prior to file deletion.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 1
USHORT SearchAttributes;
USHORT ByteCount;                  Count of data bytes;    min = 2
UCHAR BufferFormat;                0x04
STRING FileName[];                 File name



Multiple files may be deleted in response to a single request as
SMB_COM_DELETE supports wildcards

SearchAttributes indicates the attributes that the target file(s) must
have.  If the attribute is zero then only normal files are deleted.  If
the system file or hidden attributes are specified then the delete is
inclusive -both the specified type(s) of files and normal files are
deleted.  Attributes are described in the "Attribute Encoding" section
of this document.

If bit0 of the Flags2 field of the SMB header is set, a pattern is
passed in, and the file has a long name, then the passed pattern  much
match the long file name for the delete to succeed.  If bit0 is clear, a
pattern is passed in, and the file has a long name, then the passed
pattern must match the file's short name for the deletion to succeed.






Leach, Naik       expires September, 1997         [Page 79] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0


4.2.10.1  Errors

ERRDOS/ERRbadpath
ERRDOS/ERRbadfile
ERRDOS/ERRnoaccess
ERRHRD/ERRnowrite
ERRSRV/ERRaccess
ERRSRV/ERRinvdevice
ERRSRV/ERRinvid
ERRSRV/ERRbaduid


4.2.11  RENAME: Rename File

The rename file message is sent to change the name of a file.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 1
USHORT SearchAttributes;           Target file attributes
USHORT ByteCount;                  Count of data bytes;    min = 4
UCHAR BufferFormat1;               0x04
STRING OldFileName[];              Old file name
UCHAR BufferFormat2;               0x04
STRING NewFileName[];              New file name



Files OldFileName must exist and NewFileName must not.  Both pathnames
must be relative to the Tid specified in the request.  Open files may be
renamed.

Multiple files may be renamed in response to a single request as Rename
File supports wildcards in the file name (last component of the
pathname).

SearchAttributes indicates the attributes that the target file(s) must
have.  If SearchAttributes is zero then only normal files are renamed.
If the system file or hidden attributes are specified then the rename is
inclusive -both the specified type(s) of files and normal files are
renamed.  The encoding of SearchAttributes is described in section 3.10
-  File Attribute Encoding.









Leach, Naik       expires September, 1997         [Page 80] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0


4.2.11.1  Errors

ERRDOS/ERRbadpath
ERRDOS/ERRbadfile
ERRDOS/ERRnoaccess
ERRDOS/ERRdiffdevice
ERRHRD/ERRnowrite
ERRSRV/ERRaccess
ERRSRV/ERRinvdevice
ERRSRV/ERRinvid
ERRSRV/ERRbaduid


4.2.12  MOVE: Rename File

The source file is copied to the destination and the source is
subsequently deleted.


 Client Request                     Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 3
 USHORT Tid2;                       Second (target) file id
 USHORT OpenFunction;               what to do if target file exists
 USHORT Flags;                      Flags to control move operations:
                                     0 - target must be a file
                                     1 - target must be a directory
                                     2 - reserved (must be 0)
                                     3 - reserved (must be 0)
                                     4 - verify all writes
 USHORT ByteCount;                  Count of data bytes;    min = 2
 UCHAR Format1;                     0x04
 STRING OldFileName[];              Old file name
 UCHAR FormatNew;                   0x04
 STRING NewFileName[];              New file name



OldFileName is copied to NewFileName, then OldFileName is deleted.  Both
OldFileName and  NewFileName must refer to paths on the same server.
NewFileName can refer to either a file or a directory.  All file
components except the last must exist; directories will not be created.

NewFileName can be required to be a file or a directory by the Flags
field.

The Tid in the header is associated with the source while Tid2 is
associated with the destination.  These fields may contain the same or
differing valid values. Tid2 can be set to -1 indicating that this is to



Leach, Naik       expires September, 1997         [Page 81] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


be the same Tid as in the SMB header.  This allows use of the move
protocol with SMB_TREE_CONNECT_ANDX.


 Server Response                    Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 1
 USHORT Count;                      Number of files moved
 USHORT ByteCount;                  Count of data bytes;    min = 0
 UCHAR ErrorFileFormat;             0x04  (only if error)
 STRING ErrorFileName[];            Pathname of file where error
                                     occurred



The source path must refer to an existing file or files.  Wildcards are
permitted.  Source files specified by wildcards are processed until an
error is encountered. If an error is encountered, the expanded name of
the file is returned in ErrorFileName.  Wildcards are not permitted in
NewFileName.

OpenFunction controls what should happen if the destination file exists.
If (OpenFunction & 0x30) == 0, the operation should fail if the
destination exists.  If (OpenFunction & 0x30) == 0x20, the destination
file should be overwritten.


4.2.12.1  Errors

ERRDOS/ERRfilexists
ERRDOS/ERRbadfile
ERRDOS/ERRnoaccess
ERRDOS/ERRnofiles
ERRDOS/ERRbadshare
ERRHRD/ERRnowrite
ERRSRV/ERRnoaccess
ERRSRV/ERRinvdevice
ERRSRV/ERRinvid
ERRSRV/ERRbaduid
ERRSRV/ERRnosupport
ERRSRV/ERRaccess
















Leach, Naik       expires September, 1997         [Page 82] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.2.13  COPY: Copy File


 Client Request                     Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 3
 USHORT Tid2;                       Second (target) path TID
 USHORT OpenFunction;               What to do if target file exists
 USHORT Flags;                      Flags to control copy operation:
                                     bit 0 - target must be a file
                                     bit 1 - target must be a dir.
                                     bit 2 - copy target mode:
                                     0 = binary, 1 = ASCII
                                     bit 3 - copy source mode:
                                     0 = binary, 1 = ASCII
                                     bit 4 - verify all writes
                                     bit 5 - tree copy
 USHORT ByteCount;                  Count of data bytes;    min = 2
 UCHAR SourceFileNameFormat;        0x04
 STRING SourceFileName;             Pathname of source file
 UCHAR TargetFileNameFormat;        0x04
 STRING TargetFileName;             Pathname of target file



The file at SourceName is copied to TargetFileName, both of which must refer
to paths on the same server.

The Tid in the header is associated with the source while Tid2 is
associated with the destination.  These fields may contain the same or
differing valid values. Tid2 can be set to -1 indicating that this is to
be the same Tid as in the SMB header.  This allows use of the move
protocol with SMB_TREE_CONNECT_ANDX.


 Server Response                    Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 1
 USHORT Count;                      Number of files copied
 USHORT ByteCount;                  Count of data bytes;    min = 0
 UCHAR ErrorFileFormat;             0x04 (only if error)
 STRING ErrorFileName;



The source path must refer to an existing file or files.  Wildcards are
permitted.  Source files specified by wildcards are processed until an
error is encountered. If an error is encountered, the expanded name of
the file is returned in ErrorFileName.  Wildcards are not permitted in
TargetFileName.  TargetFileName can refer to either a file or a direc-
tory.

The destination can be required to be a file or a directory by the bits
in Flags.  If neither bit0 nor bit1 are set, the destination may be
either a file or a directory.  Flags also controls the copy mode.  In a
binary copy for the source, the copy stops the first time an EOF
(control-Z) is encountered. In a binary copy for the target, the server


Leach, Naik       expires September, 1997         [Page 83] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


must make sure that there is exactly one EOF in the target file and that
it is the last character of the file.

If the destination is a file and the source contains wildcards, the
destination file will either be truncated or appended to at the start of
the operation depending on bits in OpenFunction (see section 3.7).
Subsequent files will then be appended to the file.

If the negotiated dialect is  LM1.2X002 or later, bit5 of Flags is used
to specify a tree copy on the remote server.  When this option is
selected the destination must not be an existing file and the source
mode must be binary.  A request with bit5 set and either bit0 or bit3
set is therefore an error.  When the tree copy mode is selected, the
Count field in the server response is undefined.


4.2.13.1  Errors

ERRDOS/ERRfilexists
ERRDOS/ERRshare
ERRDOS/ERRnofids
ERRDOS/ERRbadfile
ERRDOS/ERRnoaccess
ERRDOS/ERRnofiles
ERRDOS/ERRbadshare
ERRSRV/ERRnoaccess
ERRSRV/ERRinvdevice
ERRSRV/ERRinvid
ERRSRV/ERRbaduid
ERRSRV/ERRaccess


4.2.14  TRANS2_QUERY_PATH_INFORMATION: Get File Attributes given Path

This request is used to get information about a specific file or
subdirectory.


 Client Request             Value
 ========================== =========================================

 WordCount                  15
 MaxSetupCount              0
 SetupCount                 1
 Setup[0]                   TRANS2_QUERY_PATH_INFORMATION



 Parameter Block Encoding   Description
 ========================== =========================================

 USHORT InformationLevel;   Level of information requested
 ULONG Reserved;            Must be zero
 STRING FileName;           File or directory name




Leach, Naik       expires September, 1997         [Page 84] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


The following InformationLevels may be requested:


 Information Level                Value

 ================================ =====

 SMB_INFO_STANDARD                1
 SMB_INFO_QUERY_EA_SIZE           2
 SMB_INFO_QUERY_EAS_FROM_LIST     3
 SMB_INFO_QUERY_ALL_EAS           4
 SMB_INFO_IS_NAME_VALID           6
 SMB_QUERY_FILE_BASIC_INFO        0x101
 SMB_QUERY_FILE_STANDARD_INFO     0x102
 SMB_QUERY_FILE_EA_INFO           0x103
 SMB_QUERY_FILE_NAME_INFO         0x104
 SMB_QUERY_FILE_ALL_INFO          0x107
 SMB_QUERY_FILE_ALT_NAME_INFO     0x108
 SMB_QUERY_FILE_STREAM_INFO       0x109
 SMB_QUERY_FILE_COMPRESSION_INFO  0x10B



The requested information is placed in the Data portion of the
transaction response.  For the information levels greater than 0x100,
the transaction response has 1 parameter word which should be ignored by
the client.

The following sections describe the InformationLevel dependent encoding
of the data part of the transaction response.




























Leach, Naik       expires September, 1997         [Page 85] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.2.14.1  SMB_INFO_STANDARD & SMB_INFO_QUERY_EA_SIZE


 Data Block Encoding              Description
 ===============================  ====================================

 SMB_DATE CreationDate;           Date when file was created
 SMB_TIME CreationTime;           Time when file was created
 SMB_DATE LastAccessDate;         Date of last file access
 SMB_TIME LastAccessTime;         Time of last file access
 SMB_DATE LastWriteDate;          Date of last write to the file
 SMB_TIME LastWriteTime;          Time of last write to the file
 ULONG  DataSize;                 File Size
 ULONG AllocationSize;            Size of filesystem allocation unit
 USHORT Attributes;               File Attributes
 ULONG EaSize;                    Size of file's EA information
                                  (SMB_INFO_QUERY_EA_SIZE)


4.2.14.2  SMB_INFO_QUERY_EAS_FROM_LIST & SMB_INFO_QUERY_ALL_EAS


 Response Field       Value
 ==================== ===============================================

 MaxDataCount         Length of EAlist found (minimum value is 4)

 Parameter Block      Description
 Encoding             ===============================================
 ====================

 USHORT EaErrorOffset Offset into EAList of EA error

 Data Block Encoding  Description
 ==================== ===============================================

 ULONG ListLength;    Length of the remaining data
 UCHAR EaList[]       The extended attributes list


4.2.14.3  SMB_INFO_IS_NAME_VALID

This requests checks to see if the name of the file contained in the
request's Data field has a valid path syntax.  No parameters or data are
returned on this information request. An error is returned if the syntax
of the name is incorrect.  Success indicates the server accepts the path
syntax, but it does not ensure the file or directory actually exists.


4.2.14.4  SMB_QUERY_FILE_BASIC_INFO


 Data Block Encoding              Description
 ===============================  ====================================

 LARGE_INTEGER CreationTime;      Time when file was created
 LARGE_INTEGER LastAccessTime;    Time of last file access
 LARGE_INTEGER LastWriteTime;     Time of last write to the file
 LARGE_INTEGER ChangeTime         Time when file was last changed
 USHORT Attributes;               File Attributes







Leach, Naik       expires September, 1997         [Page 86] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.2.14.5  SMB_QUERY_FILE_STANDARD_INFO


 Data Block Encoding              Description
 ===============================  ====================================

 LARGE_INTEGER AllocationSize     Allocated size of the file in number
                                  of bytes
 LARGE_INTEGER EndofFile;         Offset to the first free byte in the
                                  file
 ULONG NumberOfLinks              Number of hard links to the file
 BOOLEAN DeletePending            Indicates whether the file is marked
                                  for deletion
 BOOLEAN Directory                Indicates whether the file is a
                                  directory



4.2.14.6  SMB_QUERY_FILE_EA_INFO


 Data Block Encoding              Description
 ===============================  ====================================

 ULONG EASize                     Size of the file's extended
                                  attributes in number of bytes



4.2.14.7  SMB_QUERY_FILE_NAME_INFO


 Data Block Encoding              Description
 ===============================  ====================================

 ULONG FileNameLength             Length of the file name in number of
                                  bytes
 STRING FileName                  Name of the file























Leach, Naik       expires September, 1997         [Page 87] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.2.14.8  SMB_QUERY_FILE_ALL_INFO


 Data Block Encoding              Description
 ===============================  ====================================

 LARGE_INTEGER CreationTime;      Time when file was created
 LARGE_INTEGER LastAccessTime;    Time of last file access
 LARGE_INTEGER LastWriteTime;     Time of last write to the file
 LARGE_INTEGER ChangeTime         Time when file was last changed
 USHORT Attributes;               File Attributes
 LARGE_INTEGER AllocationSize     Allocated size of the file in number
                                  of bytes
 LARGE_INTEGER EndofFile;         Offset to the first free byte in the
                                  file
 ULONG NumberOfLinks              Number of hard links to the file
 BOOLEAN DeletePending            Indicates whether the file is marked
                                  for deletion
 BOOLEAN Directory                Indicates whether the file is a
                                  directory
 LARGE_INTEGER Index Number       A file system unique identifier
 ULONG EASize                     Size of the file's extended
                                  attributes in number of bytes
 ULONG AccessFlags                Access that a caller has to the
                                  file; Possible values and meanings
                                  are specified below
 LARGE_INTEGER Index Number       A file system unique identifier
 LARGE_INTEGER CurrentByteOffset  Current byte offset within the file
 ULONG Mode                       Current Open mode of the file handle
                                  to the file; possible values and
                                  meanings are detailed below
 ULONG AlignmentRequirement       Buffer Alignment required by device;
                                  possible values detailed below
 ULONG FileNameLength             Length of the file name in number of
                                  bytes
 STRING FileName                  Name of the file




The AccessFlags specifies the access permissions a caller has to the
file and can have any suitable combination of the following values:















Leach, Naik       expires September, 1997         [Page 88] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Value                           Meaning

ILE_READ_DATA        0x00000001 Data can be read from the file
ILE_WRITE_DATA       0x00000002 Data can be written to the file
ILE_APPEND_DATA      0x00000004 Data can be appended to the file
ILE_READ_EA          0x00000008 Extended attributes associated
                                 with the file can be read
ILE_WRITE_EA         0x00000010 Extended attributes associated
                                 with the file can be written
ILE_EXECUTE          0x00000020 Data can be read into memory from
                                 the file using system paging I/O
ILE_READ_ATTRIBUTES  0x00000080 Attributes associated with the
                                 file can be read
ILE_WRITE_ATTRIBUTES 0x00000100 Attributes associated with the
                                 file can be written
ELETE                0x00010000 The file can be deleted
EAD_CONTROL          0x00020000 The access control list and
                                 ownership associated with the
                                 file can be read
RITE_DAC             0x00040000 The access control list and
                                 ownership associated with the
                                 file can be written.
RITE_OWNER           0x00080000 Ownership information associated
                                 with the file can be written
YNCHRONIZE           0x00100000 The file handle can waited on to
                                 synchronize with the completion
                                 of an input/output request



The Mode field specifies the mode in which the file is currently opened.
The possible values may be a suitable and logical combination of the
following:


Value                                       Meaning

FILE_WRITE_THROUGH           0x00000002     File is opened in mode
                                            where data is written to
                                            file before the driver
                                            completes a write request
FILE_SEQUENTIAL_ONLY         0x00000004     All access to the file is
                                            sequential
FILE_SYNCHRONOUS_IO_ALERT    0x00000010     All operations on the
                                            file are performed
                                            synchronously
FILE_SYNCHRONOUS_IO_NONALER  0x00000020     All operations on the
T                                           file are to be performed
                                            synchronously. Waits  in
                                            the system to synchronize
                                            I/O queuing and
                                            completion are not
                                            subject to alerts.






Leach, Naik       expires September, 1997         [Page 89] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


The AlignmentRequirement field specifies buffer alignment required by
the device and can have any one of the following values:


  Value                              Meaning

FILE_BYTE_ALIGNMENT      0x00000000  The buffer needs to be aligned
                                     on a byte boundary
FILE_WORD_ALIGNMENT      0x00000001  The buffer needs to be aligned
                                     on a word boundary
FILE_LONG_ALIGNMENT      0x00000003  The buffer needs to be aligned
                                     on a 4 byte boundary
FILE_QUAD_ALIGNMENT      0x00000007  The buffer needs to be aligned
                                     on an 8 byte boundary
FILE_OCTA_ALIGNMENT      0x0000000f  The buffer needs to be aligned
                                     on a 16 byte boundary
FILE_32_BYTE_ALIGNMENT   0x0000001f  The buffer needs to be aligned
                                     on a 32 byte boundary
FILE_64_BYTE_ALIGNMENT   0x0000003f  The buffer needs to be aligned
                                     on a 64 byte boundary
FILE_128_BYTE_ALIGNMENT  0x0000007f  The buffer needs to be aligned
                                     on a 128 byte boundary
FILE_256_BYTE_ALIGNMENT  0x000000ff  The buffer needs to be aligned
                                     on a 256 byte boundary
FILE_512_BYTE_ALIGNMENT  0x000001ff  The buffer needs to be aligned
                                     on a 512 byte boundary




4.2.14.9  SMB_QUERY_FILE_ALT_NAME_INFO


 Data Block Encoding   Description
 ===================== =================================
 ===                   ===

 ULONG FileNameLength  Length of the file name in number
                        of bytes
 STRING FileName       Name of the file



4.2.14.10 SMB_QUERY_FILE_STREAM_INFO


 Data Block Encoding              Description
 ===============================  ====================================

 ULONG NextEntryOffset            Offset to the next entry (in bytes)
 ULONG StreamNameLength           Length of the stream name in number
                                  of bytes
 LARGE_INTEGER StreamSize         Size of the stream in number of
                                  bytes
 LARGE_INTEGER                    Allocated size of the stream in
 StreamAllocationSize             number of bytes
 STRING FileName                  Name of the stream





Leach, Naik       expires September, 1997         [Page 90] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.2.14.11 SMB_QUERY_FILE_COMPRESSION_INFO


 Data Block Encoding              Description
 ===============================  ====================================

 LARGE_INTEGER                    Size of the compressed file in
 CompressedFileSize               number of bytes
 USHORT CompressionFormat         A constant signifying the
                                  compression algorithm used
 UCHAR CompressionUnitShift       Size of the stream in number of
                                  bytes
 UCHAR ChunkShift                 Allocated size of the stream in
                                  number of bytes
 UCHAR ClusterShift               Allocated size of the stream in
                                  number of bytes
 UCHAR Reserved[3]                Name of the stream


typedef struct {
    LARGE_INTEGER CompressedFileSize;
    USHORT CompressionFormat;
    UCHAR CompressionUnitShift;
    UCHAR ChunkShift;
    UCHAR ClusterShift;
    UCHAR Reserved[3];
} FILE_COMPRESSION_INFORMATION;


4.2.15  TRANS2_QUERY_FILE_INFORMATION: Get File Attributes Given FID

This request is used to get information about a specific file or
subdirectory given a handle to it.


 Client Request             Value
 ========================== ==========================================

 WordCount                  15
 MaxSetupCount              0
 SetupCount                 1
 Setup[0]                   TRANS2_QUERY_FILE_INFORMATION

 Parameter Block Encoding   Description
 ========================== ==========================================

 USHORT Fid;                Handle of file for request
 USHORT InformationLevel;   Level of information requested



The available information levels, as well as the format of the response
are identical to TRANS2_QUERY_PATH_INFORMATION.


4.2.16  TRANS2_SET_PATH_INFORMATION: Set File Attributes given Path

This request is used to set information about a specific file or
subdirectory.



Leach, Naik       expires September, 1997         [Page 91] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Client Request             Value
 ========================== =========================================

 WordCount                  15
 MaxSetupCount              0
 SetupCount                 1
 Setup[0]                   TRANS2_SET_PATH_INFORMATION

 Parameter Block Encoding   Description
 ========================== =========================================

 USHORT InformationLevel;   Level of information to set
 ULONG Reserved;            Must be zero
 STRING FileName;           File or directory name



The following InformationLevels may be set:


 Information Level           Value
 ==========================  =========================================

 SMB_INFO_STANDARD           1
 SMB_INFO_QUERY_EA_SIZE      2
 SMB_INFO_QUERY_ALL_EAS      4



The response formats are:


4.2.16.1  SMB_INFO_STANDARD & SMB_INFO_QUERY_EA_SIZE


 Parameter Block Encoding           Description
 ================================== =================================

 USHORT Reserved                    0

 Data Block Encoding                Description
 ================================== =================================

 SMB_DATE CreationDate;             Date when file was created
 SMB_TIME CreationTime;             Time when file was created
 SMB_DATE LastAccessDate;           Date of last file access
 SMB_TIME LastAccessTime;           Time of last file access
 SMB_DATE LastWriteDate;            Date of last write to the file
 SMB_TIME LastWriteTime;            Time of last write to the file
 ULONG  DataSize;                   File Size
 ULONG AllocationSize;              Size of filesystem allocation
                                     unit
 USHORT Attributes;                 File Attributes
 ULONG EaSize;                      Size of file's EA information
                                     (SMB_INFO_QUERY_EA_SIZE)











Leach, Naik       expires September, 1997         [Page 92] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.2.16.2  SMB_INFO_QUERY_ALL_EAS


 Response Field       Value
 ==================== ===============================================

 MaxDataCount         Length of FEAlist found (minimum value is 4)

 Parameter Block      Description
 Encoding             ===============================================
 ====================

 USHORT EaErrorOffset Offset into EAList of EA error

 Data Block Encoding  Description
 ==================== ===============================================

 ULONG ListLength;    Length of the remaining data
 UCHAR EaList[]       The extended attributes list




4.2.17  TRANS2_SET_FILE_INFORMATION: Set File Attributes Given FID

This request is used to set information about a specific file or
subdirectory given a handle to the file or subdirectory.


 Client Request             Value
 ========================== ==========================================

 WordCount                  15
 MaxSetupCount              0
 SetupCount                 1
 Setup[0]                   TRANS2_SET_FILE_INFORMATION

 Parameter Block Encoding   Description
 ========================== ==========================================

 USHORT Fid;                Handle of file for request
 USHORT InformationLevel;   Level of information requested
 USHORT Reserved;           Ignored by the server



The following InformationLevels may be set:


 Information Level                Value
 ================================ =====

 SMB_INFO_STANDARD                1
 SMB_INFO_QUERY_EA_SIZE           2
 SMB_SET_FILE_BASIC_INFO          0x101
 SMB_SET_FILE_DISPOSITION_INFO    0x102
 SMB_SET_FILE_ALLOCATION_INFO     0x103
 SMB_SET_FILE_END_OF_FILE_INFO    0x104



The two levels below 0x101 are as described in the
NT_SET_PATH_INFORMATION transaction.  The requested information is
placed in the Data portion of the transaction response. For the
information levels greater than 0x100, the transaction response has 1
parameter word which should be ignored by the client.




Leach, Naik       expires September, 1997         [Page 93] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.2.17.1  SMB_FILE_DISPOSITION_INFO


 Response Field       Value
 ==================== ===============================================

 BOOLEAN              A boolean which is TRUE if the file is marked
 FileIsDeleted        for deletion



4.2.17.2  SMB_FILE_ALLOCATION_INFO


 Response Field       Value
 ==================== ===============================================

 LARGE_INTEGER        File Allocation size in number of bytes



4.2.17.3  SMB_FILE_END_OF_FILE_INFO


 Response Field       Value
 ==================== ===============================================

 LARGE_INTEGER        The total number of bytes that need to be
                       traversed from the beginning of the file in
                       order to locate the end of the file





4.3  Directory Requests


4.3.1  TRANS2_CREATE_DIRECTORY: Create Directory (with optional EAs)

This requests the server to create a directory relative to Tid in the
SMB header, optionally assigning extended attributes to it.


 Client Request             Value
 ========================== =========================================

 WordCount                  15
 MaxSetupCount              0
 SetupCount                 1
 Setup[0]                   TRANS2_CREATE_DIRECTORY

 Parameter Block Encoding   Description
 ========================== =========================================

 ULONG Reserved;            Reserved--must be zero
 STRING Name[];             Directory name to create
 UCHAR Data[];              Optional FEAList for the new directory







Leach, Naik       expires September, 1997         [Page 94] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Response Parameter Block   Description
 ========================== =========================================

 USHORT EaErrorOffset       Offset into FEAList of first error which
                            occurred while setting EAs


4.3.2  DELETE_DIRECTORY: Delete Directory

The delete directory message is sent to delete an empty directory.  The
appropriate Tid and additional pathname are passed.  The directory must
be empty for it to be deleted.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes;    min = 2
UCHAR BufferFormat;                0x04
STRING DirectoryName[];            Directory name



The directory to be deleted cannot be the root of the share specified by
Tid.


Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0


4.3.3  CHECK_DIRECTORY: Check Directory

This SMB is used to verify that a path exists and is a directory.  No
error is returned if the given path exists and the client has read
access to it.  Client machines which maintain a concept of a "working
directory" will find this useful to verify the validity of a "change
working directory" command.  Note that the servers do NOT have a concept
of working directory for a particular client.  The client must always
supply full pathnames relative to the Tid in the SMB header.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes;    min = 2
UCHAR BufferFormat;                0x04
STRING DirectoryPath[];            Directory path



Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0



DOS clients, in particular, depend on the SMB_ERR_BAD_PATH return code
if the directory is not found.


Leach, Naik       expires September, 1997         [Page 95] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.3.3.1  Errors

ERRDOS/ERRbadfile
ERRDOS/ERRbadpath
ERRDOS/ERRnoaccess
ERRHRD/ERRdata
ERRSRV/ERRinvid
ERRSRV/ERRbaduid
ERRSRV/ERRaccess


4.3.4  TRANS2_FIND_FIRST2: Search Directory using Wildcards


 Client Request                Value
 ============================  ==================================

 WordCount                     15
 TotalDataCount                Total size of extended attribute list
 SetupCount                    1
 Setup[0]                      TRANS2_FIND_FIRST2



 Parameter Block Encoding      Description
 ============================  ==================================
 ======

 USHORT SearchAttributes;
 USHORT SearchCount;           Maximum number of entries to return
 USHORT Flags;                 Additional information:
                               Bit 0 - close search after this request
                               Bit 1 - close search if end of search
                               reached
                               Bit 2 - return resume keys for each
                               entry found
                               Bit 3 - continue search from previous
                               ending place
                               Bit 4 - find with backup intent
 USHORT InformationLevel;      See below
 ULONG SearchStorageType;
 STRING FileName;              Pattern for the search
 UCHAR Data[ TotalDataCount ]  FEAList if InformationLevel is
                               QUERY_EAS_FROM_LIST















Leach, Naik       expires September, 1997         [Page 96] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Response Parameter Block      Description
 ============================  ==================================

 USHORT Sid;                   Search handle
 USHORT SearchCount;           Number of entries returned
 USHORT EndOfSearch;           Was last entry returned?
 USHORT EaErrorOffset;         Offset into EA list if EA error
 USHORT LastNameOffset;        Offset into data to file name of last
                               entry, if server needs it to resume
                               search; else 0
 UCHAR Data[ TotalDataCount ]  Level dependent info about the matches
                               found in the search



This request allows the client to search for the file(s) which match the
file specification.  The search can be continued if necessary with
TRANS2_FIND_NEXT2. There are numerous levels of information which may be
obtained for the returned files, the desired level is specified in the
InformationLevel field of the request.


 InformationLevel Name              Value
 =================================  ================

 SMB_INFO_STANDARD                  1
 SMB_INFO_QUERY_EA_SIZE             2
 SMB_INFO_QUERY_EAS_FROM_LIST       3
 SMB_FIND_FILE_DIRECTORY_INFO       0x101
 SMB_FIND_FILE_FULL_DIRECTORY_INFO  0x102
 SMB_FIND_FILE_NAMES_INFO           0x103
 SMB_FIND_FILE_BOTH_DIRECTORY_INFO  0x104



The following sections detail the data returned for each
InformationLevel. The requested information is placed in the Data
portion of the transaction response. Note: a client which does not
support long names can only request SMB_INFO_STANDARD.

A four-byte resume key precedes each data item (described below) if bit
2 in the Flags field is set, i.e. if the request indicates the server
should return resume keys.

















Leach, Naik       expires September, 1997         [Page 97] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.3.4.1  SMB_INFO_STANDARD


 Response Field                    Description
 ================================  ==================================

 SMB_DATE CreationDate;            Date when file was created
 SMB_TIME CreationTime;            Time when file was created
 SMB_DATE LastAccessDate;          Date of last file access
 SMB_TIME LastAccessTime;          Time of last file access
 SMB_DATE LastWriteDate;           Date of last write to the file
 SMB_TIME LastWriteTime;           Time of last write to the file
 ULONG  DataSize;                  File Size
 ULONG AllocationSize;             Size of filesystem allocation unit
 USHORT Attributes;                File Attributes
 UCHAR FileNameLength;             Length of filename in bytes
 STRING FileName;                  Name of found file


4.3.4.2  SMB_INFO_QUERY_EA_SIZE


 Response Field                     Description
 =================================  ==================================

  SMB_DATE CreationDate;            Date when file was created
  SMB_TIME CreationTime;            Time when file was created
  SMB_DATE LastAccessDate;          Date of last file access
  SMB_TIME LastAccessTime;          Time of last file access
  SMB_DATE LastWriteDate;           Date of last write to the file
  SMB_TIME LastWriteTime;           Time of last write to the file
  ULONG DataSize;                   File Size
  ULONG AllocationSize;             Size of filesystem allocation unit
  USHORT Attributes;                File Attributes
  ULONG EaSize;                     Size of file's EA information
  UCHAR FileNameLength;             Length of filename in bytes
  STRING FileName;                  Name of found file


4.3.4.3  SMB_INFO_QUERY_EAS_FROM_LIST

This request returns the same information as SMB_INFO_QUERY_EA_SIZE, but
only for files which have an EA list which match the EA information in
the Data part of the request.

















Leach, Naik       expires September, 1997         [Page 98] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.3.4.4  SMB_FIND_FILE_DIRECTORY_INFO


 Response Field                     Description
 =================================  ==================================

 ULONG NextEntryOffset;             Offset from this structure to
                                    beginning of next one
 ULONG FileIndex;
 LARGE_INTEGER CreationTime;        file creation time
 LARGE_INTEGER LastAccessTime;      last access time
 LARGE_INTEGER LastWriteTime;       last write time
 LARGE_INTEGER ChangeTime;          last attribute change time
 LARGE_INTEGER EndOfFile;           file size
 LARGE_INTEGER AllocationSize;      size of filesystem allocation
                                    information
 ULONG ExtFileAttributes;           Extended file attributes (see
                                    section 3.11)
 ULONG FileNameLength;              Length of filename in bytes
 STRING FileName;                   Name of the file




4.3.4.5  SMB_FIND_FILE_FULL_DIRECTORY_INFO


 Response Field                     Description
 =================================  ==================================

 ULONG NextEntryOffset;             Offset from this structure to
                                    beginning of next one
 ULONG FileIndex;
 LARGE_INTEGER CreationTime;        file creation time
 LARGE_INTEGER LastAccessTime;      last access time
 LARGE_INTEGER LastWriteTime;       last write time
 LARGE_INTEGER ChangeTime;          last attribute change time
 LARGE_INTEGER EndOfFile;           file size
 LARGE_INTEGER AllocationSize;      size of filesystem allocation
                                    information
 ULONG ExtFileAttributes;           Extended file attributes (see
                                    section 3.11)
 ULONG FileNameLength;              Length of filename in bytes
 ULONG EaSize;                      Size of file's extended attributes
 STRING FileName;                   Name of the file















Leach, Naik       expires September, 1997         [Page 99] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.3.4.6  SMB_FIND_FILE_BOTH_DIRECTORY_INFO


 Response Field                     Description
 =================================  ==================================

 ULONG NextEntryOffset;             Offset from this structure to
                                    beginning of next one
 ULONG FileIndex;
 LARGE_INTEGER CreationTime;        file creation time
 LARGE_INTEGER LastAccessTime;      last access time
 LARGE_INTEGER LastWriteTime;       last write time
 LARGE_INTEGER ChangeTime;          last attribute change time
 LARGE_INTEGER EndOfFile;           file size
 LARGE_INTEGER AllocationSize;      size of filesystem allocation
                                    information
 ULONG ExtFileAttributes;           Extended file attributes (see
                                    section 3.11)
 ULONG FileNameLength;              Length of FileName in bytes
 ULONG EaSize;                      Size of file's extended attributes
 UCHAR ShortNameLength;             Length of file's short name in
                                    bytes
 UCHAR Reserved
 WCHAR ShortName[12];               File's 8.3 conformant name in
                                    Unicode
 STRING FileName;                   Files full length name




4.3.4.7  SMB_FIND_FILE_NAMES_INFO


 Response Field                     Description
 =================================  ==================================

 ULONG NextEntryOffset;             Offset from this structure to
                                    beginning of next one
 ULONG FileIndex;
 ULONG FileNameLength;              Length of FileName in bytes
 STRING FileName;                   Files full length name



















Leach, Naik       expires September, 1997        [Page 100] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.3.5  TRANS2_FIND_NEXT2: Resume Directory Search Using Wildcards

This request resumes a search which was begun with a previous
TRANS2_FIND_FIRST2 request.


 Client Request                     Value
 ================================== =================================

 WordCount                          15
 SetupCount                         1
 Setup[0]                           TRANS2_FIND_NEXT2

 Parameter Block Encoding           Description
 ================================== =================================

 USHORT Sid;                        Search handle
 USHORT SearchCount;                Maximum number of entries to
                                     return
 USHORT InformationLevel;           Levels described in
                                     TRANS2_FIND_FIRST2 request
 ULONG ResumeKey;                   Value returned by previous find2
                                     call
 USHORT Flags;                      Additional information: bit set-
                                     0 - close search after this
                                     request
                                     1 - close search if end of search
                                     reached
                                     2 - return resume keys for each
                                     entry found
                                     3 - resume/continue from previous
                                     ending place
                                     4 - find with backup intent
 STRING FileName;                   Resume file name



Sid is the value returned by a previous successful TRANS2_FIND_FIRST2
call.  If Bit3 of Flags is set, then FileName may be the NULL string,
since the search is continued from the previous TRANS2_FIND request.
Otherwise, FileName must not be more than 256 characters long.


 Response Field                     Description
 ================================== =================================

 USHORT SearchCount;                Number of entries returned
 USHORT EndOfSearch;                Was last entry returned?
 USHORT EaErrorOffset;              Offset into EA list if EA error
 USHORT LastNameOffset;             Offset into data to file name of
                                     last entry, if server needs it to
                                     resume search; else 0
 UCHAR Data[TotalDataCount]         Level dependent info about the
                                     matches found in the search








Leach, Naik       expires September, 1997        [Page 101] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.3.6  FIND_CLOSE2: Close Directory Search

This SMB closes a search started by the TRANS2_FIND_FIRST2 transaction
request.


Client Request                     Description
================================== ==================================

UCHAR WordCount;                   Count of parameter words = 1
USHORT Sid;                        Find handle
USHORT ByteCount;                  Count of data bytes = 0



Server Response                    Description
================================== ==================================

UCHAR WordCount;                   Count of parameter words = 0
 USHORT ByteCount;                 Count of data bytes = 0


4.3.6.1  Errors

ERRDOS/ERRbadfid
ERRSRV/ERRinvid
ERRSRV/ERRaccess


4.3.7  NT_TRANSACT_NOTIFY_CHANGE: Request Change Notification


 Client Setup Words                 Description
 ================================== =================================

 ULONG CompletionFilter;            Specifies operation to monitor
 USHORT Fid;                        Fid of directory to monitor
 BOOLEAN WatchTree;                 TRUE = watch all subdirectories
                                     too
 UCHAR Reserved;                    MBZ



This command notifies the client when the directory specified by Fid is
modified.  It also returns the name(s) of the file(s) that changed.  The
command completes once the directory has been modified based on the
supplied CompletionFilter.  The command is a "single shot" and therefore
needs to be reissued to watch for more directory changes.

A directory file must be opened before this command may be used.  Once
the directory is open, this command may be used to begin watching files
and subdirectories in the specified directory for changes.  The first
time the command is issued, the MaxParameterCount field in the transact
header determines the size of the buffer that will be used at the server
to buffer directory change information between issuances of the notify
change commands.

When a change that is in the CompletionFilter is made to the directory,
the command completes.  The names of the files that have changed since
the last time the command was issued are returned to the client.  The
ParameterCount field of the response indicates the number of bytes that


Leach, Naik       expires September, 1997        [Page 102] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


are being returned.  If too many files have changed since the last time
the command was issued, then zero bytes are returned and an alternate
status code is returned in the Status field of the response.

The CompletionFilter is a mask created as the sum of any of the
following flags:


FILE_NOTIFY_CHANGE_FILE_NAME        0x00000001
FILE_NOTIFY_CHANGE_DIR_NAME         0x00000002
FILE_NOTIFY_CHANGE_NAME             0x00000003
FILE_NOTIFY_CHANGE_ATTRIBUTES       0x00000004
FILE_NOTIFY_CHANGE_SIZE             0x00000008
FILE_NOTIFY_CHANGE_LAST_WRITE       0x00000010
FILE_NOTIFY_CHANGE_LAST_ACCESS      0x00000020
FILE_NOTIFY_CHANGE_CREATION         0x00000040
FILE_NOTIFY_CHANGE_EA               0x00000080
FILE_NOTIFY_CHANGE_SECURITY         0x00000100
FILE_NOTIFY_CHANGE_STREAM_NAME      0x00000200
FILE_NOTIFY_CHANGE_STREAM_SIZE      0x00000400
FILE_NOTIFY_CHANGE_STREAM_WRITE     0x00000800



 Server Response                    Description
 ================================== ================================
                                     ==

 ParameterCount                     # of bytes of change data
 Parameters[ ParameterCount ]       FILE_NOTIFY_INFORMATION
                                     structures



The response contains FILE_NOTIFY_INFORMATION structures, as defined
below.  The NextEntryOffset field of the structure specifies the offset,
in bytes, from the start of the current entry to the next entry in the
list.  If this is the last entry in the list, this field is zero.  Each
entry in the list must be longword aligned, so NextEntryOffset must be a
multiple of four.


typedef struct {
    ULONG NextEntryOffset;
    ULONG Action;
    ULONG FileNameLength;
    WCHAR FileName[1];
} FILE_NOTIFY_INFORMATION;

Where Action describes what happened to the file named FileName:










Leach, Naik       expires September, 1997        [Page 103] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



FILE_ACTION_ADDED            0x00000001
FILE_ACTION_REMOVED          0x00000002
FILE_ACTION_MODIFIED         0x00000003
FILE_ACTION_RENAMED_OLD_NAME 0x00000004
FILE_ACTION_RENAMED_NEW_NAME 0x00000005
FILE_ACTION_ADDED_STREAM     0x00000006
FILE_ACTION_REMOVED_STREAM   0x00000007
FILE_ACTION_MODIFIED_STREAM  0x00000008



4.4  DFS Operations

4.4.1  TRANS2_GET_DFS_REFERRAL: Retrieve Distributed Filesystem Referral

The client sends this request to ask the server to convert
RequestFilename into an alternate name for this file.  This request can
be sent to the server if the server response to the NEGOTIATE SMB
included the CAP_DFS capability.  The TID of the request must be IPC$.
Bit15 of Flags2 in the SMB header must be set, indicating this is a
UNICODE request.


Client Request              Description
==========================  =========================================

WordCount                   15
TotalDataCount              0

SetupCount                  1
Setup[0]                    TRANS2_GET_DFS_REFERRAL



Parameter Block Encoding    Description
==========================  =========================================

USHORT MaxReferralLevel     Latest referral version number understood
WCHAR RequestFileName;      DFS name of file for which referral is
                            sought
















Leach, Naik       expires September, 1997        [Page 104] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Response Data Block         Description
==========================  =========================================

USHORT PathConsumed;        Number of RequestFilename bytes client
USHORT NumberOfReferrals;   Number of referrals contained in this
                            response
USHORT Flags;               bit0 - The servers in Referrals are
                            capable of fielding
                            TRANS2_GET_DFS_REFERRAL.
                            bit1 - The servers in Referrals should
                            hold the storage for the requested file.
REFERRAL_LIST Referrals[]   Set of referrals for this file

UNICODESTRINGE Strings      Used to hold the strings pointed to by
                            Version 2 Referrals in REFERRALS.



The server response is a list of Referrals which inform the client where
it should resubmit the request to obtain access to the file.
PathConsumed in the response indicates to the client how many characters
of  RequestFilename have been consumed by the server.  When the client
chooses one of the referrals to use for file access, the client may need
to strip the leading PathConsumed characters from the front of
RequestFileName before submitting the name to the target server.
Whether or not the pathname should be trimmed is indicated by the
individual referral as detailed below.

Flags indicates how this referral should be treated.  If bit0 is clear,
any entity in the Referrals list holds the storage for RequestFileName.
If bit0 is set, any entity in the Referrals list has further referral
information for RequestFilename - a TRANS2_GET_DFS_REFERRAL request
should be sent to an entity in the Referrals list for further
resolution.

The format of an individual referral contains version and  length
information allowing the client to skip referrals it does not
understand.  MaxReferralLevel indicates to the server the latest version
of referral which the client can digest.  Since each referral has a
uniform element, MaxReferralLevel is advisory only. Each element in
Referrals has this envelope:


REFERRAL_LIST element
======================================================================

USHORT VersionNumber        Version of this referral element

USHORT ReferralSize         Size of this referral element



The following referral element versions are defined:









Leach, Naik       expires September, 1997        [Page 105] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Version 1 Referral Element Format
======================================================================

USHORT ServerType           Type of Node handling referral:
                            0 - Don't know
                            1 - SMB Server
                            2 - Netware Server
                            3 - Domain

USHORT ReferralFlags        Flags which describe this referral:
                            01 - Strip off PathConsumed characters
                            before submitting RequestFileName to Node

UNICODESTRING Node          Name of entity to visit next



Version 2 Referral Element Format
======================================================================

USHORT ServerType              Type of Node handling referral:
                                0 - Don't know
                                1 - SMB Server
                                2 - Netware Server
                                3 - Domain

USHORT ReferralFlags           Flags which describe this referral:
                                01 - Strip off PathConsumed characters
                                before submitting RequestFileName to
                                Node

ULONG Proximity                A hint describing the proximity of this
                                server to the client. 0 indicates the
                                closest, higher numbers indicate
                                increasingly "distant" servers. The
                                number is only relevant within the
                                context of the servers listed in this
                                particular SMB.

ULONG TimeToLive               Number of seconds for which the client
                                can cache this referral.

USHORT DfsPathOffset           Offset, in bytes from the beginning of
                                this referral, of  the DFS Path that
                                matched PathConsumed bytes of the
                                RequestFileName.

USHORT DfsAlternatePathOffset  Offset, in bytes from the beginning of
                                this referral, of an alternate name
                                (8.3 format) of the DFS Path that
                                matched PathConsumed bytes of the
                                RequestFileName.

USHORT NetworkAddressOffset    Offset, in bytes from the beginning of
                                this referral, of the entity to visit
                                next.



The CIFS protocol imposes no referral selection policy.







Leach, Naik       expires September, 1997        [Page 106] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


4.4.2  TRANS2_REPORT_DFS_INCONSISTENCY: Inform a server about DFS Error

As part of the Distributed Name Resolution algorithm, a DFS client may
discover a  knowledge inconsistency between the referral server (i.e.,
the server that handed out a referral), and the storage server (i.e.,
the server to which the client was redirected to by the referral
server). When such an inconsistency is discovered, the DFS client
optionally sends this SMB to the referral server, allowing the referral
server to take corrective action.


Client Request                     Description
================================== ==================================

WordCount                          15
MaxParameterCount                  0
SetupCount                         1
Setup[0]                           TRANS2_REPORT_DFS_INCONSISTENCY



Parameter Block Encoding           Description
================================== ==================================

UNICODESTRING RequestFileName;     DFS Name of file for which
                                    referral was sought



The data part of this request contains the referral element (Version 1
format only) believed to be in error.  These are encoded as described in
the TRANS2_GET_DFS_REFERRAL response.  If the server returns success,
the client can resubmit the TRANS2_GET_DFS_REFERRAL request to this
server to get a new referral.  It is not mandatory for the DFS knowledge
to be automatically repaired - the client must be prepared to receive
further errant referrals and must not wind up looping between this
request and the TRANS2_GET_DFS_REFERRAL request.

Bit15 of Flags2 in the SMB header must be set, indicating this is a
UNICODE request.


4.5  Print Spooling Operations


4.5.1  OPEN_PRINT_FILE: Create Print Spool file

This message is sent to create a new printer file which will be deleted
once it has been closed and printed.











Leach, Naik       expires September, 1997        [Page 107] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 2
USHORT SetupLength;                Length of printer setup data
USHORT Mode;                       0 = Text mode (DOS expands TABs)
                                    1 = Graphics mode
USHORT ByteCount;                  Count of data bytes;  min = 2
UCHAR BufferFormat;                0x04
STRING IdentifierString[];         Identifier string



Tid in the SMB header must refer to a printer resource type.

SetupLength is the number of bytes in the first part of the resulting
print spool file which contains printer-specific control strings.

Mode can have the following values:


     0     Text mode.  The server may optionally
           expand tabs to a series of spaces.
     1     Graphics mode.  No conversion of data
           should be done by the server.


IdentifierString can be used by the server to provide some sort of per-
client identifying component to the print file.


Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 1
USHORT Fid;                        File handle
USHORT ByteCount;                  Count of data bytes = 0



Fid is the returned handle which may be used by subsequent write and
close operations.  When the file is finally closed, it will be sent to
the spooler and printed.


4.5.1.1  Errors

ERRDOS/ERRnoaccess
ERRDOS/ERRnofids
ERRSRV/ERRinvdevice
ERRSRV/ERRbaduid
ERRSRV/ERRqfull
ERRSRV/ERRqtoobig


4.5.2  GET_PRINT_QUEUE: Get Printer Queue Entries

This message obtains a list of the elements currently in the print queue
on the server.


Leach, Naik       expires September, 1997        [Page 108] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



  Client Request                     Description
  ================================== =================================

  UCHAR WordCount;                   Count of parameter words = 2
  USHORT MaxCount;                   Max number of entries to return
  USHORT StartIndex;                 First queue entry to return
  USHORT ByteCount;                  Count of data bytes = 0



StartIndex specifies the first entry in the queue to return.

MaxCount specifies the maximum number of entries to return, this may be
a positive or negative number.  A positive number requests a forward
search, a negative number indicates a backward search.


  Server Response                    Description
  ================================== =================================

  UCHAR WordCount;                   Count of parameter words = 2
  USHORT Count;                      Number of entries returned
  USHORT RestartIndex;               Index of entry after last
                                      returned
  USHORT ByteCount;                  Count of data bytes;  min = 3
  UCHAR BufferFormat;                0x01 -- Data block
  USHORT DataLength;                 Length of data
  UCHAR Data[];                      Queue elements



Count indicates how many entries were actually returned.  RestartIndex
is the index of the entry following the last entry returned; it may be
used as the StartIndex in a subsequent request to resume the queue
listing.

The format of each returned queue element is:


  Queue Element Member             Description
  ================================ ===================================

  SMB_DATE FileDate;               Date file was queued
  SMB_TIME FileTime;               Time file was queued
  UCHAR Status;                    Entry status.  One of:
                                    01 = held or stopped
                                    02 = printing
                                    03 = awaiting print
                                    04 = in intercept
                                    05 = file had error
                                    06 = printer error
                                    07-FF = reserved
  USHORT SpoolFileNumber;          Assigned by the spooler
  ULONG SpoolFileSize;             Number of bytes in spool file
  UCHAR Reserved;
  UCHAR SpoolFileName[16];         Client which created the spool file



SMB_COM_GET_PRINT_QUEUE will return less than the requested number of
elements only when the top or end of the queue is encountered.


Leach, Naik       expires September, 1997        [Page 109] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


Support for this SMB is server optional.  In particular, no current
Microsoft client software issues this request.


4.5.2.1  Errors

ERRHRD/ERRnotready
ERRHRD/ERRerror
ERRSRV/ERRbaduid


4.6  Miscellaneous Operations


4.6.1  NT_TRANSACT_IOCTL


This command allows device and file system control functions to be
transferred transparently from client to server.


  Setup Words Encoding        Description
  =========================== =========================================

  ULONG FunctionCode;         NT device or file system control code
  USHORT Fid;                 Handle for io or fs control.  Unless BIT0
                               of ISFLAGS is set.
  BOOLEAN IsFsctl;            Indicates whether the command is a device
                               control (FALSE) or a file system control
                               (TRUE).
  UCHAR   IsFlags;            BIT0 - command is to be applied to share
                               root handle.  Share must be a DFS share.



  Data Block Encoding         Description
  =========================== =========================================

  Data[ TotalDataCount ]      Passed to the Fsctl or Ioctl



  Server Response                    Description
  ================================== ==================================

  SetupCount                         1
  Setup[0]                           Length of information returned by
                                      io or fs control
  DataCount                          Length of information returned by
                                      io or fs control
  Data[ DataCount ]                  The results of the io or fs
                                      control


4.6.2  NT_TRANSACT_QUERY_SECURITY_DESC

This command allows the client to retrieve the security descriptor on a
file.





Leach, Naik       expires September, 1997        [Page 110] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



  Client Parameter Block             Description
  ================================== =================================

  USHORT Fid;                        FID of target
  USHORT Reserved;                   MBZ
  ULONG SecurityInformation;         Fields of descriptor to set



NtQuerySecurityObject() is called, requesting SecurityInformation.  The
result of the call is returned to the client in the Data part of the
transaction response.


4.6.3  NT_TRANSACT_SET_SECURITY_DESC

This command allows the client to change the security descriptor on a
file.


  Client Parameter Block Encoding    Description
  ================================== ==================================

  USHORT Fid;                        FID of target
  USHORT Reserved;                   MBZ
  ULONG SecurityInformation;         Fields of SD that to set



  Data Block Encoding                Description
  ================================== ==================================

  Data[TotalDataCount]               Security Descriptor information



Data is passed directly to NtSetSecurityObject(), with
SecurityInformation describing which information to set.  The
transaction response contains no parameters or data.


5  Obsolescent SMB Requests

This section lists the "obsolescent" SMB requests -- ones that are
superseded by "best practice" requests, either in function or
performance. Clients need not use them to get full function or
performance, however, servers do need to support them in order to
interoperate with existing clients.


5.1  CLOSE_PRINT_FILE:  Close and Spool Print Job

This message invalidates the specified file handle and queues the file
for printing.


  Client Request                     Description
  ================================== =================================

  UCHAR WordCount;                   Count of parameter words = 1
  USHORT Fid;                        File handle
  USHORT ByteCount;                  Count of data bytes = 0



Leach, Naik       expires September, 1997        [Page 111] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


Fid refers to a file previously created with SMB_COM_OPEN_PRINT_FILE.
On successful completion of this request, the file is queued for
printing by the server.


  Server Response                    Description
  ================================== =================================

  UCHAR WordCount;                   Count of parameter words = 0
  USHORT ByteCount;                  Count of data bytes = 0



Servers which negotiate dialects of LANMAN1.0 and newer allow all the
other types of Fid closing requests to invalidate the Fid and begin
spooling.


5.2  CREATE: Create File

This message is sent to create a new data file or truncate an existing
data file to length zero, and open the file.  The handle returned can be
used in subsequent read, write, lock, unlock and close messages.


  Client Request                     Description
  ================================== =================================

  UCHAR WordCount;                   Count of parameter words = 3
  USHORT FileAttributes;             New file attributes
  UTIME CreationTime;                Time file was created
  USHORT ByteCount;                  Count of data bytes;    min = 2
  UCHAR BufferFormat;                0x04
  STRING FileName[];                 File name



FileName is the fully qualified name of the file relative to Tid.

FileAttributes are encoded as described in "File Attribute Encoding",
section 3.10.

Server support of the CreationTime field is optional.  Encoding of these
fields is discussed in the "Time And Date Encoding" section.


  Server Response                    Description
  ================================== =================================

  UCHAR WordCount;                   Count of parameter words = 1
  USHORT Fid;                        File handle
  USHORT ByteCount;                  Count of data bytes = 0



Clients must have write permission on the file's parent directory in
order to create a new file, or write permission on the file itself in
order to truncate it.  The access permissions granted on a created file
will be read/write permission for the creator.  Access permissions for
truncated files are not modified.  The newly created  or  truncated file
is opened in read/write/compatibility mode.



Leach, Naik       expires September, 1997        [Page 112] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


5.3  CREATE_DIRECTORY: Create Directory

The create directory message is sent to create a new directory.  The
appropriate Tid and additional pathname are passed.  The directory must
not exist for it to be created.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes;    min = 2
UCHAR BufferFormat;                0x04
STRING DirectoryName[];            Directory name



Servers require clients to have at least create permission for the
subtree containing the directory in order to create a new directory.
The creator's access rights to the new directory are be determined by
local policy on the server.


Server Response                    Description
================================== =================================


UCHAR WordCount;                   Count of parameter words = 0

USHORT ByteCount;                  Count of data bytes = 0





5.4  CREATE_NEW: Create File

This message is sent to create a new data file or truncate an existing
data file to length zero, and open the file.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 3
USHORT FileAttributes;             New file attributes
UTIME CreationTime;                Creation time for created file
USHORT ByteCount;                  Count of data bytes;  min = 2
UCHAR BufferFormat;                0x04
STRING FileName[];                 File name



FileAttributes specify the attributes of the newly created file, their
encoding is described in the "Attribute Encoding" section of this
document.

CreationTime is  the creation timestamp the file should be given, server
support for these is optional.





Leach, Naik       expires September, 1997        [Page 113] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 1
USHORT Fid;                        File handle
USHORT ByteCount;                  Count of data bytes = 0



The returned Fid can be used in subsequent Fid-related messages.

The access permissions granted on a created file are read/write
permission for the creator.  Access permissions for truncated files are
not modified.  The newly created or truncated file is opened in
read/write/compatibility mode.


5.5  LOCK_AND_READ: Lock and Read Bytes

This  request is used to lock and "read ahead" the specified bytes of
the file indicated by Fid in the SMB header


Client Request                 Description
============================== =====================================

UCHAR WordCount;               Count of parameter words = 5
USHORT Fid;                    File handle
USHORT Count;                  Count of bytes being requested
ULONG Offset;                  Offset in file of first byte to read
USHORT Remaining;              Estimate of bytes to read if nonzero
USHORT ByteCount;              Count of data bytes = 0



Fid must refer to a disk file.  Count specifies the requested number of
bytes.  Offset specifies the offset in the file of the first byte to be
locked then read.  Note that this offset is limited to 32 bits, so this
client request is inappropriate for files having 64 bit offsets.

Remaining is advisory.  If the value is not zero, then it is taken as an
estimate of the total number of bytes that will be read, including those
read by this request.  This additional information may be used by the
server to optimize buffer allocation or read-ahead.  Remaining is not
included in the byte range to be locked.


Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 5
USHORT Count;                      Count of bytes actually returned
USHORT Reserved [4];               Reserved (must be 0)
USHORT ByteCount;                  Count of data bytes
UCHAR BufferFormat;                0x01 -- Data block
USHORT DataLength;                 Length of data



ByteCount is the number of bytes actually being returned. ByteCount may
be less than the count requested only if a read specifies bytes beyond


Leach, Naik       expires September, 1997        [Page 114] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


the current file size.  In this case only the bytes that exist are
returned.  A read completely beyond the end of file results in a
response of length zero.  This is the only circumstance when a zero
length response is generated.  A count returned which is less than the
count requested is the end of file indicator.

As in the core SMB_LOCK_BYTE_RANGE request,  if the lock can not be
immediately granted an error should be returned to the client.  If an
error occurs on the lock, the bytes should not be read.  If a Read
requests more data than can be placed in a message of the maximum-xmit-
size for the Tid specified, the server will abort the connection to the
client.


5.6  LOCK_BYTE_RANGE: Lock Bytes

The lock record message is sent to lock the given byte range.  More than
one non-overlapping byte range may be locked in a given file.  Locks
prevent attempts to lock, read or write the locked portion of the file
by other clients or Pids.  Overlapping locks are not allowed. Offsets
beyond the current end of file may be locked.  Such locks will not cause
allocation of file space.

Since Offset is a 32 bit quantity, this request is inappropriate for
general locking within a very large file.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 5
USHORT Fid;                        File handle
ULONG Count;                       Count of bytes to lock
ULONG Offset;                      Offset from start of file
USHORT ByteCount;                  Count of data bytes = 0



Locks may only be unlocked by the Pid that performed the lock.


Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0



This client request does not wait for the lock to be granted.  If the
lock can not be immediately granted (within 200-300 ms), the server
should return failure to the client









Leach, Naik       expires September, 1997        [Page 115] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


5.7  OPEN: Open File

This message is sent to obtain a file handle for a data file.  This
returned Fid is used in subsequent client requests such as read, write,
close, etc.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 2
USHORT DesiredAccess;              Mode - read/write/share
USHORT SearchAttributes;
USHORT ByteCount;                  Count of data bytes;    min = 2
UCHAR BufferFormat;                0x04
STRING FileName[];                 File name



FileName is the fully qualified file name, relative to the root of the
share specified in the Tid field of the SMB header.  If Tid in the SMB
header refers to a print share, this SMB creates a new file which will
be spooled to the printer when closed.  In this case, FileName is
ignored.

SearchAttributes specifies the type of file desired.  The encoding is
described in the "File Attribute Encoding" section.

DesiredAccess controls the mode under which the file is opened, and the
file will be opened only if the client has the appropriate permissions.
The encoding of DesiredAccess is discussed in the section entitled
"Access Mode Encoding".


Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 7
USHORT Fid;                        File handle
USHORT FileAttributes;             Attributes of opened file
UTIME LastWriteTime;               Time file was last written
ULONG DataSize;                    File size
USHORT GrantedAccess;              Access allowed
USHORT ByteCount;                  Count of data bytes = 0



Fid is the handle value which should be used for subsequent file
operations.

FileAttributes specifies the type of file obtained.  The encoding is
described in the "File Attribute Encoding" section.

GrantedAccess indicates the access permissions actually allowed, and may
have one of the following values:






Leach, Naik       expires September, 1997        [Page 116] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



   0  read-only
   1  write-only
   2 read/write

File Handles (Fids) are scoped per client.  A Pid may reference any Fid
established by itself or any other Pid on the client (so far as the
server is concerned).  The actual accesses allowed through the Fid
depends on the open and deny modes specified when the file was opened
(see below).

The MS-DOS compatibility mode of file open provides exclusion at the
client level.  A file open in compatibility mode may be opened (also in
compatibility mode) any number of times for any combination of reading
and writing (subject to the user's permissions) by any Pid on the same
client.  If the first client has the file open for writing, then the
file may not be opened in any way by any other client.  If the first
client has the file open only for reading, then other clients may open
the file, in compatibility mode, for reading..  The above
notwithstanding, if the filename has an extension of .EXE, .DLL, .SYM,
or .COM other clients are permitted to open the file regardless of
read/write open modes of other compatibility mode opens.  However, once
multiple clients have the file open for reading, no client is permitted
to open the file for writing and no other client may open the file in
any mode other than compatibility mode.

The other file exclusion modes (Deny read/write, Deny write, Deny read,
Deny none) provide exclusion at the file level.  A file opened in any
"Deny" mode may be opened again only for the accesses allowed by the
Deny mode (subject to the user's permissions).  This is true regardless
of the identity of the second opener -a different client, a Pid from the
same client, or the Pid that already has the file open.  For example, if
a file is open in "Deny write" mode a second open may only obtain read
permission to the file.

Although Fids are available to all Pids on a client, Pids other than the
owner may not have the full access rights specified in the open mode by
the Fid's creator.  If the open creating the Fid specified a deny mode,
then any Pid using the Fid, other than the creating Pid, will have only
those access rights determined by "anding" the open mode rights and the
deny mode rights, i.e., the deny mode is checked on all file accesses.
For example, if a file is opened for Read/Write in Deny write mode, then
other clients may only read the file and cannot write; if a file is
opened for Read in Deny read mode, then the other clients can neither
read nor write the file.











Leach, Naik       expires September, 1997        [Page 117] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


5.8  OPEN_ANDX:  Open File


 Client Request                     Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 15
 UCHAR AndXCommand;                 Secondary (X) command;  0xFF =
                                     none
 UCHAR AndXReserved;                Reserved (must be 0)
 USHORT AndXOffset;                 Offset to next command WordCount
 USHORT Flags;                      Additional information: bit set-
                                     0 - return additional info
                                     1 - exclusive oplock requested
                                     2 - batch oplock requested
 USHORT DesiredAccess;              File open mode
 USHORT SearchAttributes;
 USHORT FileAttributes;
 UTIME CreationTime;                Creation timestamp for file if it
                                     gets created
 USHORT OpenFunction;               Action to take if file exists
 ULONG AllocationSize;              Bytes to reserve on create or
                                     truncate
 ULONG Reserved[2];                 Must be 0
 USHORT ByteCount;                  Count of data bytes;    min = 1
 UCHAR BufferFormat                 0x04
 STRING FileName;



 Server Response                    Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 15
 UCHAR AndXCommand;                 Secondary (X) command;  0xFF =
                                     none
 UCHAR AndXReserved;                Reserved (must be 0)
 USHORT AndXOffset;                 Offset to next command WordCount
 USHORT Fid;                        File handle
 USHORT FileAttributes;
 UTIME LastWriteTime;
 ULONG DataSize;                    Current file size
 USHORT GrantedAccess;              Access permissions actually
                                     allowed
 USHORT FileType;                   Type of file opened
 USHORT DeviceState;                State of the named pipe
 USHORT Action;                     Action taken
 ULONG ServerFid;                   Server unique file id
 USHORT Reserved;                   Reserved (must be 0)
 USHORT ByteCount;                  Count of data bytes = 0



DesiredAccess describes the access the client desires for the file (see
section 3.6 -  Access Mode Encoding).

OpenFunction specifies the action to be taken depending on whether or
not the file exists (see section 3.8 -  Open Function Encoding).  Action


Leach, Naik       expires September, 1997        [Page 118] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


in the response specifies the action as a result of the Open request
(see section 3.9 -  Open Action Encoding).

SearchAttributes indicates the attributes that the file must have to be
found while searching to see if it exists.  The encoding of this field
is described in the "File Attribute Encoding" section elsewhere in this
document.  If SearchAttributes is zero then only normal files are
returned.  If the system file, hidden or directory attributes are
specified then the search is inclusive -- both the specified type(s) of
files and normal files are returned.

FileType returns the kind of resource actually opened:


 Name                       Value  Description
 ========================== ====== ==================================

 FileTypeDisk               0      Disk file or directory as defined
                                    in the attribute field
 FileTypeByteModePipe       1      Named pipe in byte mode
 FileTypeMessageModePipe    2      Named pipe in message mode
 FileTypePrinter            3      Spooled printer
 FileTypeUnknown            0xFFFF Unrecognized resource type



If bit0 of Flags is clear, the FileAttributes, LastWriteTime, DataSize,
FileType, and DeviceState have indeterminate values in the response.

This SMB can request an oplock on the opened file.  Oplocks are fully
described in the "Oplocks" section elsewhere in this document, and there
is also discussion of oplocks in the SMB_COM_LOCKING_ANDX SMB
description.  Bit1 and bit2 of the Flags field are used to request
oplocks during open.

The following SMBs may follow SMB_COM_OPEN_ANDX:


   SMB_COM_READ    SMB_COM_READ_ANDX
   SMB_COM_IOCTL

5.9  PROCESS_EXIT: Process Exit

This command informs the server that a client process has terminated.
The server must close all files opened by Pid in the SMB header.  This
must automatically release all locks the process holds.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0








Leach, Naik       expires September, 1997        [Page 119] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0



This SMB should not generate any errors from the server, unless the
server is a user mode server and Uid in the SMB header is invalid.

Clients are not required to send this SMB, they can do all cleanup
necessary by sending close SMBs to the server to release resources.  In
fact, clients who have negotiated LANMAN 1.0 and later probably do not
send this message at all.


5.10  QUERY_INFORMATION: Get File Attributes

This request is sent to obtain information about a file.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes;    min = 2
UCHAR BufferFormat;                0x04
STRING FileName[];                 File name



FileName is the fully qualified name of the file relative to the Tid in
the header.


Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 10
USHORT FileAttributes;
UTIME LastWriteTime;               Time of last write
ULONG FileSize;                    File size
USHORT Reserved [5];               Reserved - client should ignore
USHORT ByteCount;                  Count of data bytes = 0



FileAttributes are as described in the "Attributes Encoding" section of
this document.

Note that FileSize is limited to 32 bits, this request is inappropriate
for files whose size is too large.


5.11  QUERY_INFORMATION2: Get File Information

This SMB is gets information about the file represented by Fid.





Leach, Naik       expires September, 1997        [Page 120] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Client Request                     Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 2
 USHORT Fid;                        File handle
 USHORT ByteCount;                  Count of data bytes = 0



 Server Response                    Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 11
 SMB_DATE CreationDate;
 SMB_TIME CreationTime;
 SMB_DATE LastAccessDate;
 SMB_TIME LastAccessTime;
 SMB_DATE LastWriteDate;
 SMB_TIME LastWriteTime;
 ULONG FileDataSize;                File end of data
 ULONG FileAllocationSize;          File allocation size
 USHORT FileAttributes;
 USHORT ByteCount;                  Count of data bytes;  min = 0



The file being interrogated is specified by Fid, which must possess at
least read permission.

FileAttributes are described in the "File Attribute Encoding" section
elsewhere in this document.


5.12  READ: Read File

The read message is sent to read bytes of a resource indicated by Fid in
the SMB header.


Client Request                   Description
===============================  ====================================

UCHAR WordCount;                 Count of parameter words = 5
USHORT Fid;                      File handle
USHORT Count;                    Count of bytes being requested
ULONG Offset;                    Offset in file of first byte to read
USHORT Remaining;                Estimate of bytes to read if nonzero
USHORT ByteCount;                Count of data bytes = 0



Count is used to specify the requested number of bytes.

Offset specifies the offset in the file of the first byte to be read.
Note that this offset is limited to 32 bits, so this client request is
inappropriate for files having 64 bit offsets.

Remaining is advisory.  If the value is not zero, then it is taken as an
estimate of the total number of bytes that will be read, including those



Leach, Naik       expires September, 1997        [Page 121] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


read by this request.  This additional information may be used by the
server to optimize buffer allocation or read-ahead.


Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 5
USHORT Count;                      Count of bytes actually returned
USHORT Reserved [4];               Reserved (must be 0)
USHORT ByteCount;                  Count of data bytes
UCHAR BufferFormat;                0x01 -- Data block
USHORT DataLength;                 Length of data



ByteCount is the number of bytes actually being returned.  If Fid refers
to a disk file, ByteCount may be less than the count requested only if a
read specifies bytes beyond the current file size.  In this case only
the bytes that exist are returned.  A read completely beyond the end of
file results in a response of length zero.  This is the only
circumstance when a zero length response is generated.  A count returned
which is less than the count requested is the end of file indicator.

If a Read requests more data than can be placed in a message of the
maximum-xmit-size for the Tid specified, the server will abort the
connection to the client.


5.13  READ_MPX: Read Block Multiplex

The Read Block Multiplexed protocol is used to maximize the performance
of reading a large block of data from the server to the client while
still allowing other operations to take place between the client and
server in the meantime.  The NT server supports SMB_COM_READ_MPX only
over connectionless transports.


 Client Request                   Description
 ================================ ===================================

 UCHAR WordCount;                 Count of parameter words = 8
 USHORT Fid;                      File handle
 ULONG Offset;                    Offset in file to begin read
 USHORT MaxCount;                 Max bytes to return (maximum 65535)
 USHORT MinCount;                 Min bytes to return (normally 0)
 ULONG Reserved1;
 USHORT Reserved2;
 USHORT ByteCount;                Count of data bytes = 0



Fid identifies the resource being read, and may refer to a disk file or
a spooled printer.

Timeout is the number of milliseconds to wait for completion Fid refers
to a named pipe.




Leach, Naik       expires September, 1997        [Page 122] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Server Response                    Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 8
 ULONG Offset;                      Offset in file where data read
 USHORT Count;                      Total bytes being returned
 USHORT Reserved;
 USHORT DataCompactionMode;
 USHORT Reserved;
 USHORT DataLength;                 Number of data bytes this buffer
 USHORT DataOffset;                 Offset (from header start) to
                                     data
 USHORT ByteCount;                  Count of data bytes
 UCHAR Pad[];                       Pad to SHORT or LONG
 UCHAR Data[];                      Data (size = DataLength)



Other requests may be active between the client and server.  The server
responds with the one or more response messages as defined above until
the requested data amount has been returned.  Each response contains the
Pid and Mid of the original request and the Offset and Count of
describing the placement of the data within the file.

The client knows the maximum amount of data bytes which the server may
return (from MaxCount of the request).  Thus the client initializes its
bytes expected variable to this value.  The server then informs the
client of the actual amount being returned via each part of the response
in Count.  The server may reduce the expected bytes by lowering the
total number of bytes expected in Count in any response.

When the amount of data bytes received (sum of the DataLength fields)
equals the total amount of data bytes expected (smallest Count
received), then the client  has received all the data bytes.  This
allows the protocol to work even if the responses are received out of
sequence.

Note that DataLength being returned here can not be larger than the
smaller of the client's buffer size (as specified in MaxBufferSize on
the COM_SESSION_SETUP_AND_X client request SMB) or the server's buffer
size (as specified in MaxBufferSize of the COM_NEGOTIATE server response
SMB).

As is true in SMB_COM_READ, the total number of bytes returned may be
less than the number requested only if a read specifies bytes beyond the
current file size and Fid refers to a disk file.  In this case only the
bytes that exist are returned.  A read completely beyond the end of file
will result in a single response with a zero value in Count.  If the
total number of bytes returned is less than the number of bytes
requested, this indicates end of file (if reading other than a standard
blocked disk file, only ZERO bytes returned indicates end of file).

Once started, the Read Block Multiplexed operation is expected to go to
completion.  The client is expected to receive all the responses



Leach, Naik       expires September, 1997        [Page 123] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


generated by the server.  Conflicting commands (such as file close) must
not be sent to the server while a multiplexed operation is in progress.

The flow for the SMB_COM_READ_MPX protocol is:

client ---------------> Read MPX. request >---------------------> server
client <--------------< Read MPX response 1 with data <---------- server
client <--------------< Read MPX response 2 with data <---------- server
...
client <--------------< Read MPX response n with data <---------- server




5.14  READ_RAW: Read Raw

The SMB_COM_READ_RAW protocol is used to maximize the performance of
reading a large block of data from the server to the client.  This
request can be applied to files and named pipes.


Client Request                   Description
================================ ===================================

UCHAR WordCount;                 Count of parameter words = 8
USHORT Fid;                      File handle
ULONG Offset;                    Offset in file to begin read
USHORT MaxCount;                 Max bytes to return (maximum 65535)
USHORT MinCount;                 Min bytes to return (normally 0)
ULONG Timeout;                   Wait time if named pipe
USHORT Reserved;
USHORT ByteCount;                Count of data bytes = 0



Fid identifies the resource being read, and may refer to a disk file or
a named pipe.

Timeout is the number of milliseconds to wait for completion Fid refers
to a named pipe.

When the client issues this request, the client must guarantee that
there is (and will be) no other request to the server for the duration
of the SMB_COM_READ_RAW.  The server will respond, in one send, with the
raw data being read.  Thus the client is able to request up to 65,535
bytes of data and receive it directly into the user's buffer, since the
server response has no header or trailer.  Note that the amount of data
requested is expected to be larger than the negotiated buffer size for
this protocol.

The reason that no other requests can be active on the client's
connection to the server for the duration of the request is that if
other receives are present, there is normally no way to guarantee that
the data will be received into the user space, rather the data may fill
one (or more) of the other buffers.



Leach, Naik       expires September, 1997        [Page 124] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


The number of bytes actually returned is determined by the length of the
message the client receives as reported by the transport layer.  If the
request is to read more bytes than are present in the file, the read
response will be of the length actually read from the file.

If none of the requested bytes exist (EOF) or an error occurs on the
read, the server responds with a zero byte send.  Upon receipt of a zero
length response, the client should send a different type of request to
the server.  The response to that read will then tell the client that
EOF was hit or identify the error condition.

The number of bytes returned may be less than the number requested only
if a read specifies bytes beyond the current file size.  In this case
only the bytes that exist are returned.  A read completely beyond the
end of file results in a response of zero length.  If the number of
bytes returned is less than the number of bytes requested, this
indicates end of file (if reading other than a standard blocked disk
file, only ZERO bytes returned indicates end of file).

The transport layer guarantees delivery of all response bytes to the
client.  Thus no  SMB level confirmation protocol is required.  If an
error should occur at the clients end, all bytes must be received and
thrown away.  There is no need to inform the server of the error.

This message was introduced with the LANMAN1.0 SMB dialect.  Whether or
not this request is supported is returned in the response to
SMB_COM_NEGOTIATE.

The flow for reading a sequential file using SMB_COM_READ_BOCK_RAW is:


 Client Request                 Server Response
 ============================== =====================================

 SMB_COM_OPEN file              Success
 SMB_COM_READ_RAW
                                 raw data returned
 SMB_COM_READ_RAW
                                 more raw data returned
 SMB_COM_READ_RAW
                                 short (or 0 length) response returned
 SMB_COM_READ
                                 0 bytes returned indicating EOF
 SMB_COM_CLOSE                  Success



SMB_COM_READ_RAW has no way to return errors.  Because the response is
raw data only, a zero length response indicates EOF, a read error or
that the server is temporarily out of large buffers.  The client should
then retry using a different type of read request.  This request will
then either return the EOF condition, an error if the read is still
failing, or will work if the problem was due to a temporary server
condition.




Leach, Naik       expires September, 1997        [Page 125] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


If the negotiated dialect is NT LM 0.12 or later, and the response to
the SMB_COM_NEGOTIATE SMB has CAP_LARGE_FILES set in the Capabilities
field, a new format of  the SMB_COM_READ_RAW request is allowed which
accommodates very large files having 64 bit offsets.


 Client Request                   Description
 ================================ ===================================

 UCHAR WordCount;                 Count of parameter words = 10
 USHORT Fid;                      File handle
 ULONG Offset;                    Offset in file to begin read
 USHORT MaxCount;                 Max bytes to return (maximum 65535)
 USHORT MinCount;                 Min bytes to return (normally 0)
 ULONG Timeout;                   Wait time if named pipe
 USHORT Reserved;
 ULONG OffsetHigh;                Upper 32 bits of offset
 USHORT ByteCount;                Count of data bytes = 0

This form of the request is differentiated from the previous form of the
request by the WordCount field.  In this case, the final offset to read
from is used by combining OffsetHigh and Offset, the resulting value can
not be negative or the request will be rejected by the server.

SMB_COM_READ_RAW can not be used over connectionless transports.


5.15  SEARCH: Search Directory using Wildcards

This command is used to search directories.


Client Request                     Description
================================== =================================

UCHAR  WordCount;                  Count of parameter words = 2
USHORT MaxCount;                   Number of dir. entries to return
USHORT SearchAttributes;
USHORT ByteCount;                  Count of data bytes;  min = 5
UCHAR  BufferFormat1;              0x04 -- ASCII
UCHAR  FileName[];                 File name, may be null
UCHAR  BufferFormat2;              0x05 -- Variable block
USHORT ResumeKeyLength;            Length of resume key, may be 0
UCHAR  ResumeKey[];                Resume key



FileName specifies the file to be sought.  SearchAttributes indicates
the attributes that the file must have, and is described in the "File
Attribute Encoding" section of this document.  If  SearchAttributes is
zero then only normal files are returned.  If the system file, hidden or
directory attributes are specified then the search is inclusive@both the
specified type(s) of files and normal files are returned.  If the volume
label attribute is specified then the search is exclusive, and only the
volume label entry is returned.

MaxCount specifies the number of directory entries to be returned.




Leach, Naik       expires September, 1997        [Page 126] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 1
USHORT Count;                      Number of entries returned
USHORT ByteCount;                  Count of data bytes;  min = 3
UCHAR BufferFormat;                0x05 -- Variable block
USHORT DataLength;                 Length of data
UCHAR DirectoryInformationData[];  Data



The response will contain one or more directory entries as determined by
the Count field.  No more than MaxCount entries will be returned.  Only
entries that match the sought FileName and SearchAttributes combination
will be returned.

 ResumeKey must be null (length = 0) on the initial search request.
Subsequent search requests intended to continue a search must contain
the ResumeKey field extracted from the last directory entry of the
previous response.  ResumeKey is self-contained, for on calls containing
a non-zero ResumeKey neither the SearchAttributes or FileName fields
will be valid in the request.  ResumeKey has the following format:


Resume Key Field                   Description
================================== =================================

UCHAR Reserved;                    bit 7 - consumer use
                                    bits 5,6 - system use (must
                                    preserve)
                                    bits 0-4 - server use (must
                                    preserve)
UCHAR FileName[11];                Name of the returned file
UCHAR ReservedForServer[5];        Client must not modify
UCHAR ReservedForConsumer[4];      Server must not modify



FileName is 8.3 format, with the three character extension left
justified into FileName[9-11].  If the client is prior to the LANMAN1.0
dialect, the returned FileName should be uppercased.

SMB_COM_SEARCH terminates when either the requested maximum number of
entries that match the named file are found, or the end of directory is
reached without the maximum number of matches being found.  A response
containing no entries indicates that no matching entries were found
between the starting point of the search and the end of directory.

There may be multiple matching entries in response to a single request
as SMB_COM_SEARCH supports wildcards in the last component of FileName
of the initial request.

Returned directory entries in the DirectoryInformationData field of the
response each have the following format:





Leach, Naik       expires September, 1997        [Page 127] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Directory Information Field        Description
================================== =================================

SMB_RESUME_KEY ResumeKey;          Described above
UCHAR FileAttributes;              Attributes of the found file
SMB_TIME LastWriteTime;            Time file was last written
SMB_DATE LastWriteDate;            Date file was last written
ULONG FileSize;                    Size of the file
UCHAR FileName[13];                ASCII, space-filled null terminated



FileName must conform to 8.3 rules, and is padded after the extension
with 0x20 characters if necessary.  If the client has negotiated a
dialect prior to the LANMAN1.0 dialect, or if bit0 of the Flags2 SMB
header field of the request is clear, the returned FileName should be
uppercased.

As can be seen from the above structure, SMB_COM_SEARCH can not return
long filenames, and can not return UNICODE filenames.  Files which have
a size greater than 2^32 bytes should have the least significant 32 bits
of their size returned in FileSize.


5.16  SET_INFORMATION: Set File Attributes

This message is sent to change the information about a file.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 8
USHORT FileAttributes;             Attributes of the file
UTIME LastWriteTime;               Time of last write
USHORT Reserved [5];               Reserved (must be 0)
USHORT ByteCount;                  Count of data bytes;    min = 2
UCHAR BufferFormat;                0x04
STRING FileName[];                 File name



FileName is the fully qualified name of the file relative to the Tid.

Support of all parameters is optional.  A server which does not
implement one of the parameters will ignore that field.  If the
LastWriteTime field contain zero then the file's time is not changed.


Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0







Leach, Naik       expires September, 1997        [Page 128] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


5.17  SET_INFORMATION2: Set File Information


 Client Request                     Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 7
 USHORT Fid;                        File handle
 SMB_DATE CreationDate;
 SMB_TIME CreationTime;
 SMB_DATE LastAccessDate;
 SMB_TIME LastAccessTime;
 SMB_DATE LastWriteDate;
 SMB_TIME LastWriteTime;
 USHORT ByteCount;                  Count of data bytes = 0



SMB_COM_SET_INFORMATION2 sets information about the file represented by
Fid.  The target file is updated from the values specified.  A date or
time value or zero indicates to leave that specific date and time
unchanged.


 Server Response                    Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 0
 USHORT ByteCount;                  Count of data bytes = 0



Fid must be open with (at least) write permission.


5.18  QUERY_INFORMATION_DISK: Get Disk Attributes

The SMB_COM_QUERY_INFORMATION_DISK command is used to determine the
capacity and remaining free space on the drive hosting the directory
structure indicated by Tid in the SMB header.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0



Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 5
USHORT TotalUnits;                 Total allocation units per server
USHORT BlocksPerUnit;              Blocks per allocation unit
USHORT BlockSize;                  Block size (in bytes)
USHORT FreeUnits;                  Number of free units
USHORT Reserved;                   Reserved (client should ignore)
USHORT ByteCount;                  Count of data bytes = 0





Leach, Naik       expires September, 1997        [Page 129] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


The blocking/allocation units used in this response may be independent
of the actual physical or logical blocking/allocation algorithm(s) used
internally by the server.  However, they must accurately reflect the
amount of space on the server.

This SMB only returns 16 bits of information for each field, which may
not be large enough for some disk systems.  In particular TotalUnits is
commonly > 64K.  Fortunately, it turns out the all the client cares
about is the total disk size, in bytes, and the free space, in bytes.
So,  it is reasonable for a server to adjust the relative values of
BlocksPerUnit and BlockSize to accommodate.  If after all adjustment,
the numbers are still too high, the largest possible values for
TotalUnit or FreeUnits (i.e. 0xFFFF) should be returned.


5.19  TRANS2_OPEN2: Create or Open File with Extended Attributes

This transaction is used to open or create a file having extended
attributes.


Client Request                Value
============================  =======================================

WordCount                     15
TotalDataCount                Total size of extended attribute list
DataOffset                    Offset to extended attribute list in
                              this request
SetupCount                    1
Setup[0]                      TRANS2_OPEN2



Parameter Block Encoding      Description
============================  =======================================

USHORT Flags;                 Additional information: bit set-
                              0 - return additional info
                              1 - exclusive oplock requested
                              2 - batch oplock requested
                              3 - return total length of EAs
USHORT DesiredAccess;         Requested file access
USHORT Reserved1;             Ought to be zero.  Ignored by the
                              server.
USHORT FileAttributes;        Attributes for file if create
SMB_TIME CreationTime;        Creation time to apply to file if
                              create
SMB_DATE CreationDate;        Creation date to apply to file if
                              create
USHORT OpenFunction;          Open function
ULONG AllocationSize;         Bytes to reserve on create or truncate
USHORT Reserved [5];          Must be zero
STRING FileName;              Name of file to open or create
UCHAR Data[ TotalDataCount ]  FEAList structure for file to be
                              created




Leach, Naik       expires September, 1997        [Page 130] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


If secondary requests are required, they must contain 0 parameter bytes,
and the Fid in the secondary request is 0xFFFF.

DesiredAccess is encoded as described in the "Access Mode Encoding"
section elsewhere in this document.

FileAttributes are encoded as described in the "File Attribute Encoding"
section elsewhere in this document.

OpenFunction specifies the action to be taken depending on whether or
not the file exists (see section 3.7) .

Action in the response specifies the action as a result of this request
(see section 3.8).


 Response Parameter Block    Description
 ==========================  =========================================

 USHORT Fid;                 File handle
 USHORT FileAttributes;      Attributes of file
 SMB_TIME CreationTime;      Last modification time
 SMB_DATE CreationDate;      Last modification date
 ULONG DataSize;             Current file size
 USHORT GrantedAccess;       Access permissions actually allowed
 USHORT FileType;            Type of file
 USHORT DeviceState;         State of IPC device (e.g. pipe)
 USHORT Action;              Action taken
 ULONG Reserved;
 USHORT EaErrorOffset;       Offset into EA list if EA error
 ULONG EaLength;             Total EA length for opened file



FileType returns the kind of resource actually opened:


 Name                     Value  Description
 =======================  ====== =====================================

 FileTypeDisk             0      Disk file or directory as defined in
                                 the attribute field
 FileTypeByteModePipe     1      Named pipe in byte mode
 FileTypeMessageModePipe  2      Named pipe in message mode
 FileTypePrinter          3      Spooled printer
 FileTypeUnknown          0xFFFF Unrecognized resource type



DeviceState is applicable only if the FileType is FileTypeByteModePipe
or FileTypeMessageModePipe and is encoded as in section 3.9.

If an error was detected in the incoming EA list, the offset of the
error is returned in EaErrorOffset.

If bit0 of Flags in the request is clear, the FileAttributes,
CreationTime, CreationDate, DataSize, GrantedAccess, FileType, and
DeviceState have indeterminate values in the response.  Similarly, if



Leach, Naik       expires September, 1997        [Page 131] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


bit3 of the request is clear, EaLength in the response has an
indeterminate value in the response.

This SMB can request an oplock on the opened file.  Oplocks are fully
described in the "Oplocks" section elsewhere in this document, and there
is also discussion of oplocks in the SMB_COM_LOCKING_ANDX SMB
description.  Bit1 and bit2 of the Flags field are used to request
oplocks during open.


5.20  TREE_CONNECT: Tree Connect

When a client connects to a server resource, an SMB_COM_TREE_CONNECT
message is generated to the server. This command is almost exactly like
SMB_COM_TREE_CONNECT_ANDX, except that no AndX command may follow; see
section 4.1.4.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes;    min = 4
UCHAR BufferFormat1;               0x04
STRING Path[];                     Server name and share name
UCHAR BufferFormat2;               0x04
STRING Password[];                 Password
UCHAR BufferFormat3;               0x04
STRING Service[];                  Service name



The CIFS server responds with:


Server Response                  Description
================================ =================================

UCHAR WordCount;                 Count of parameter words = 2
USHORT MaxBufferSize;            Max size message the server handles
USHORT Tid;                      Tree ID
USHORT ByteCount;                Count of data bytes = 0



If the negotiated dialect is MICROSOFT NETWORKS 1.03 or earlier,
MaxBufferSize in the response message indicates the maximum size message
that the server can handle.  The client should not generate messages,
nor expect to receive responses, larger than this.  This must be
constant for a given server.  For newer dialects, this field is ignored.

Tid should be included in any future SMBs referencing this tree
connection.


5.21  UNLOCK_BYTE_RANGE: Unlock Bytes

This message is sent to unlock the given byte range.  Offset, Count, and
Pid must be identical to that specified in a prior successful lock.  If


Leach, Naik       expires September, 1997        [Page 132] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


an unlock references an address range that is not locked, no error is
generated.

Since Offset is a 32 bit quantity, this request is inappropriate for
general locking within a very large file.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 5
USHORT Fid;                        File handle
ULONG Count;                       Count of bytes to unlock
ULONG Offset;                      Offset from start of file
USHORT ByteCount;                  Count of data bytes = 0



Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0


5.22       WRITE: Write Bytes

The write message is sent to write bytes into the resource indicated by
Fid in the SMB header.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 5
USHORT Fid;                        File handle
USHORT Count;                      Number of bytes to be written
ULONG Offset;                      Offset in file to begin write
USHORT Remaining;                  Bytes remaining to satisfy
                                    request
USHORT ByteCount;                  Count of data bytes
UCHAR BufferFormat;                0x01 -- Data block
USHORT DataLength;                 Length of data
UCHAR Data[ Count ];               The data to write



Count specifies the number of bytes to be written.  Offset is the offset
in the file of the first byte to be written.  Since offset is 32 bits,
this request is inappropriate for general use in a very large file.
Remaining is advisory:  if the value is not zero, then it is taken as an
estimate of the number of bytes that will be written -including those
written by this request.  This additional information may be used by the
server to optimize cache behavior.

When Fid represents a disk file and the request specifies a byte range
beyond the current end of file, the file will be extended.  Any bytes
between the previous end of file and the requested offset are
initialized to 0.  When a write specifies a length of zero, the file is
truncated (or extended) to the length specified by the offset.



Leach, Naik       expires September, 1997        [Page 133] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 1
USHORT Count;                      Count of bytes actually written
USHORT ByteCount;                  Count of data bytes = 0



Count in the response indicates the actual number of bytes written, and
for successful writes will always equal the count in the request
message.  If the number of bytes written differs from the number
requested and no error is indicated, then the server has no resources
available with which to satisfy the complete write.

If a Write sends a message of length greater than the MaxBufferSize for
the TID specified, the server may abort the connection to the client.


5.23  WRITE_AND_UNLOCK: Write Bytes and Unlock Range

This request is used to first write the specified bytes and then unlock
them. The locked portion of a file is "safe" to write behind because no
other process can access the locked bytes until this process unlocks the
bytes.  Thus the client can buffer the locked bytes locally while they
are being updated, then when the unlock request is received submit this
protocol to both write and then unlock bytes.  Whether or not this SMB
is supported (along with SMB_COM_READ_AND_LOCK) is returned in bit0 of
the Flags field of the negotiate response.


Client Request                   Description
================================ ===================================

UCHAR WordCount;                 Count of parameter words = 5
USHORT Fid;                      File handle
USHORT Count;                    Number of bytes to be written
ULONG Offset;                    Offset in file to begin write
USHORT Remaining;                Bytes remaining to satisfy request
USHORT ByteCount;                Count of data bytes
UCHAR BufferFormat;              0x01 -- Data block
USHORT DataLength;               Length of data



Count specifies the number of bytes to be written.  Offset is the offset
in the file of the first byte to be written.  Since offset is 16 bits,
this request is inappropriate for general use in a very large file.
Remaining is advisory:  if the value is not zero, then it is taken as an
estimate of the number of bytes that will be written -including those
written by this request.  This additional information may be used by the
server to optimize cache behavior.  A value of 0 for Count is an error.

If the request specifies a byte range beyond the current end of file,
the file will be extended.  Any bytes between the previous end of file
and the requested offset are initialized to 0.




Leach, Naik       expires September, 1997        [Page 134] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 1
USHORT Count;                      Count of bytes actually written
USHORT ByteCount;                  Count of data bytes = 0



Count in the response indicates the actual number of bytes written, and
for successful writes will always equal the count in the request
message.  If the number of bytes written differs from the number
requested and no error is indicated, then the server has no resources
available with which to satisfy the complete write.

If a Write sends a message of length greater than the MaxBufferSize for
the TID specified, the server may abort the connection to the client. If
an error occurs on the write, the bytes remain locked.


5.24  WRITE_AND_CLOSE: Write Bytes and Close File

This request is used to first write the specified bytes and then close
the file.


 Client Request                     Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 6
 USHORT Fid;                        File handle
 USHORT Count;                      Number of bytes to write
 ULONG Offset;                      Offset in file of first byte to
                                     write
 UTIME LastWriteTime;               Time of last write
 USHORT ByteCount;                  1 (for pad) + value of Count
 UCHAR Pad;                         To force to doubleword boundary
 UCHAR Buffer[ Count ];             Data to write



 Client Request                     Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 12
 USHORT Fid;                        File handle
 USHORT Count;                      Number of bytes to write
 ULONG Offset;                      Offset in file of first byte to
                                     write
 UTIME LastWriteTime;               Time of last write
 ULONG Reserved[3];                 Reserved, must be 0
 USHORT ByteCount;                  1 (for pad) + value of Count
 UCHAR Pad;                         To force to doubleword boundary
 UCHAR Buffer[Count];               Data to write







Leach, Naik       expires September, 1997        [Page 135] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Server Response                    Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 1
 USHORT Count;                      Count of bytes actually written
 USHORT ByteCount;                  Count of data bytes = 0



Since clients can formulate the request in either of two ways, WordCount
must be used in order to correctly locate the data to be written.

Count specifies the number of bytes to be written.  Offset is the offset
in the file of the first byte to be written.  Since Offset is 32 bits,
this request is inappropriate for general use in a very large file.

If LastWriteTime and LastWriteDate are 0, the server should allow its
local operating system to set the file's times.  Otherwise, the server
should set the time to the values requested.  Failure to set the times,
even if requested by the client in this message, should not result in an
error response from the server.

If Count is 0, the file is truncated (or extended) to Offset.

If an error occurs on the write, the file should still be closed.


5.25  WRITE_MPX: Write Block Multiplex


 Client Request                     Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 12
 USHORT Fid;                        File handle
 USHORT Count;                      Total bytes, including this
                                     buffer
 USHORT Reserved;
 ULONG Offset;                      Offset in file to begin write
 ULONG Timeout;                     milliseconds to wait for
                                     completion
 USHORT WriteMode;                  Write mode:
                                     bit 0 - complete write to disk
                                     and send final result response
                                     bit 1 - return Remaining
                                     bit 7 - Connectionless mode
 ULONG RequestMask;                 Connectionless mode mask
 USHORT DataLength;                 Number of data bytes this buffer
 USHORT DataOffset;                 Offset (from header start) to
                                     data
 USHORT ByteCount;                  Count of data bytes
 UCHAR Pad[];                       Pad to SHORT or LONG
 UCHAR Data[];                      Data (# = DataLength)






Leach, Naik       expires September, 1997        [Page 136] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



 Server Response                    Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 1
 ULONG ResponseMask;                OR of all masks received
 USHORT ByteCount;                  Count of data bytes = 0



SMB_COM_WRITE_MPX is used to maximize the performance of writing a large
block of data from the client to the server.  The NT server supports
SMB_COM_WRITE_MPX only over connectionless transports, consequently bit7
of WriteMode in the request must be set.

Fid in the request must refer to either a file or a spooled printer.

Mask contains a bit mask indicating where in the transfer that the SMB
belongs.  The  response which contains the logical OR of all of the Mask
values received and is always generated.  All in this exchange use the
same SMB header Mid value but only final message is a connectionless
sequenced request (SequenceNumber is non-zero).

The server keeps a ResponseMask which is the logical or-ing of the
RequestMask value contained in each SMB_COM_WRITE_MPX received since the
last sequenced SMB_COM_WRITE_MPX.  The server only responds to the final
(sequenced) command, and this response contains the accumulated
ResponseMask. The client uses the ResponseMask received to determine
which packets, if any, must be retransmitted.  The server imposes no
restrictions on the values in the mask nor upon the order or contiguity
of the data being sent.  The client uses this behavior to only send the
missing parts in the next write sequence when retransmitting.  The next
SMB_COM_WRITE_MPX sequence sent must use a new SequenceNumber value or
the server will incorrectly respond with the mask from the previous
SMB_COM_WRITE_MPX command.

The flow is:


     Client             Sequence  <->  Server
                        Number
     =================  ========= ==== =====================

     SMB_COM_WRITE_MPX  0         ->
     SMB_COM_WRITE_MPX  0         ->
     ...
     SMB_COM_WRITE_MPX  S         ->
                        S         <-   SMB_COM_WRITE_MPX OK
     SMB_COM_WRITE_MPX  0         ->
     SMB_COM_WRITE_MPX  0         ->
     ....
     SMB_COM_WRITE_MPX  S+1       ->
                        S+1       <-   SMB_COM_WRITE_MPX OK



Other SMB requests can intervene during this protocol exchange.




Leach, Naik       expires September, 1997        [Page 137] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


A server response will be generated only after the sequenced
SMB_COM_WRITE_MPX has been received unless this SMB is received over a
connection oriented transport (in which case the error response is
immediately sent).

At the time of the request, the client knows the number of data bytes
expected to be sent and passes this information to the server in Count.
The server can use this information to reserve buffer space, if
possible.

If bit0 of WriteMode is clear, the request assumed to be a form of write
behind on the part of the client.  If an error occurs while writing data
to disk such as disk full, the next access of the file handle (another
write, close, read, etc.) will return the fact that the error occurred.
If bit0 of WriteMode is set, the server will collect all the data, write
it to disk and then send a final response indicating the result of the
write .  The total number of bytes written is also returned in this
response.


5.26  WRITE_PRINT_FILE: Write to Print File

This message is sent to write bytes into a print spool file.


Client Request                     Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 1
USHORT Fid;                        File handle
USHORT ByteCount;                  Count of data bytes;  min = 4
UCHAR BufferFormat;                0x01 -- Data block
USHORT DataLength;                 Length of data
UCHAR Data[];                      Data



Fid indicates the print spool file to be written, it must refer to a
print spool file.

ByteCount specifies the number of bytes to be written, and must be less
than MaxBufferSize for the Tid specified.

Data contains the bytes to append to the print spool file.  The first
SetupLength bytes in the resulting print spool file contain printer
setup data.  SetupLength is specified in the SMB_COM_OPEN_PRINT_FILE SMB
request.


Server Response                    Description
================================== =================================

UCHAR WordCount;                   Count of parameter words = 0
USHORT ByteCount;                  Count of data bytes = 0



Servers which negotiate a protocol dialect of LANMAN1.0 or later also
support the application of normal write requests to print spool files.


Leach, Naik       expires September, 1997        [Page 138] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


5.27  WRITE_RAW: Write Raw Bytes

The Write Block Raw protocol is used to maximize the performance of
writing a large block of data from the client to the server.  The Write
Block Raw command's scope includes files, Named Pipes, and spooled
output (can be used in place COM_WRITE_PRINT_FILE ).


 Client Request              Description
 ==========================  =========================================

 UCHAR WordCount;            Count of parameter words = 12
 USHORT Fid;                 File handle
 USHORT Count;               Total bytes, including this buffer
 USHORT Reserved;
 ULONG Offset;               Offset in file to begin write
 ULONG Timeout;
 USHORT WriteMode;           Write mode:
                             bit 0 - complete write to disk and send
                             final result response
                             bit 1 - return Remaining (pipe/dev)
                             (see WriteAndX for #defines)
 ULONG Reserved2;
 USHORT DataLength;          Number of data bytes this buffer
 USHORT DataOffset;          Offset (from header start) to data
 USHORT ByteCount;           Count of data bytes
 UCHAR Pad[];                Pad to SHORT or LONG
 UCHAR Data[];               Data (# = DataLength)



 First Server Response          Description
 ============================== =====================================

 UCHAR WordCount;               Count of parameter words = 1
 USHORT Remaining;              Bytes remaining to be read if pipe
 USHORT ByteCount;              Count of data bytes = 0



 Final Server Response              Description
 ================================== =================================

 UCHAR Command (in SMB header)      SMB_COM_WRITE_COMPLETE

 UCHAR WordCount;                   Count of parameter words = 1
 USHORT Count;                      Total number of bytes written
 USHORT ByteCount;                  Count of data bytes = 0



The first response format will be that of the final server response in
the case where the server gets an error while writing the data sent
along with the request.  Thus Count is the number of bytes which did get
written any time an error is returned.  If an error occurs after the
first response has been sent allowing the client to send the remaining
data, the final response should not be sent unless write through is set.
Rather the server should return this "write behind" error on the next
access to the Fid.



Leach, Naik       expires September, 1997        [Page 139] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


The client must guarantee that there is (and will be) no other request
on the connection for the duration of this request.  The server will
reserve enough resources to receive the data and respond with a response
SMB as defined above.  The client then sends the raw data in one send.
Thus the server is able to receive up to 65,535 bytes of data directly
into the server buffer.  The amount of data transferred is expected to
be larger than the negotiated buffer size for this protocol.

The reason that no other requests can be active on the connection for
the duration of the request is that if other receives are present on the
connection, there is normally no way to guarantee that the data will be
received into the correct server buffer, rather the data may fill one
(or more) of the other buffers.  Also if the client is sending other
requests on the connection, a request may land in the buffer that the
server has allocated for the this SMB's data.

Whether or not SMB_COM_WRITE_RAW is supported is returned in the
response to SMB_COM_NEGOTIATE.  SMB_COM_WRITE_RAW is not supported for
connectionless clients.

When write through is not specified ((WriteMode & 01) == 0) this SMB is
assumed to be a form of write behind.  The transport layer guarantees
delivery of all secondary requests from the client.  Thus no "got the
data you sent" SMB is needed.  If an error should occur at the server
end, all bytes must be received and thrown away.  If an error occurs
while writing data to disk such as disk full, the next access of the
file handle (another write, close, read, etc.) will return the fact that
the error occurred.

If write through is specified ((WriteMode & 01) != 0), the server will
receive the data, write it to disk and then send a final response
indicating the result of the write.  The total number of bytes written
is also returned in this response in the Count field.

The flow for the SMB_COM_WRITE_RAW SMB is:

client -----> SMB_COM_WRITE_RAW request (optional data) >-------> server
client <------------------< OK send (more) data <---------------- server
client  ----------------------> raw data >----------------------> server
client  <---< data on disk or error (write through only) <------- server


This protocol is set up such that the SMB_COM_WRITE_RAW request may also
carry data.  This is an optimization in that up to the server's buffer
size (MaxCount from SMB_COM_NEGOTIATE response), minus the size of the
SMB_COM_WRITE_RAW SMB request, may be sent along with the request.  Thus
if the server is busy and unable to support the raw write of the
remaining data, the data sent along with the request has been delivered
and need not be sent again.  The server will write any data sent in the
request (and wait for it to be on the disk or device if write through is
set), prior to sending the response.

The specific responses error class ERRSRV, error codes ERRusempx and
ERRusestd, indicate that the server is temporarily out of the resources

Leach, Naik       expires September, 1997        [Page 140] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


needed to support the raw write of the remaining data, but that any data
sent along with the request has been successfully written.  The client
should then write the remaining data using a different type of SMB write
request, or delay and retry using SMB_COM_WRITE_RAW.  If a write error
occurs writing the initial data, it will be returned and the write raw
request is implicitly denied.

The return field Remaining is returned for named pipes only.  It is used
to return the number of bytes currently available in the pipe.  This
information can then be used by the client to know when a subsequent
(non blocking) read of the pipe may return some data.  Of course when
the read request is actually received by the server there may be more or
less actual data in the pipe (more data has been written to the pipe /
device or another reader drained it).  If the information is currently
not available or the request is NOT for a pipe or the server does not
support this feature, a -1 value should be returned.

If the negotiated dialect is NT LM 0.12 or later, and the response to
the SMB_COM_NEGOTIATE SMB has CAP_LARGE_FILES set in the Capabilities
field, an additional request format is allowed which accommodates very
large files having 64 bit offsets:


 Client Request                     Description
 ================================== =================================

 UCHAR WordCount;                   Count of parameter words = 14
 USHORT Fid;                        File handle
 USHORT Count;                      Total bytes, including this
                                     buffer
 USHORT Reserved;
 ULONG Offset;                      Offset in file to begin write
 ULONG Timeout;
 USHORT WriteMode;                  Write mode:
                                     bit 0 - complete write to disk
                                     and send final result response
                                     bit 1 - return Remaining
                                     (pipe/dev)
 ULONG Reserved2;
 USHORT DataLength;                 Number of data bytes this buffer
 USHORT DataOffset;                 Offset (from header start) to
                                     data
 ULONG OffsetHigh;                  Upper 32 bits of offset
 USHORT ByteCount;                  Count of data bytes
 UCHAR Pad[];                       Pad to SHORT or LONG
 UCHAR Data[];                      Data (# = DataLength)



In this case the final offset in the file is formed by combining
OffsetHigh and Offset, the resulting offset must not be negative.







Leach, Naik       expires September, 1997        [Page 141] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


6  SMB Symbolic Constants


6.1  SMB Command Codes

The following values have been assigned for the SMB Commands.


















































Leach, Naik       expires September, 1997        [Page 142] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



SMB_COM_CREATE_DIRECTORY       0x00
SMB_COM_DELETE_DIRECTORY       0x01
SMB_COM_OPEN                   0x02
SMB_COM_CREATE                 0x03
SMB_COM_CLOSE                  0x04
SMB_COM_FLUSH                  0x05
SMB_COM_DELETE                 0x06
SMB_COM_RENAME                 0x07
SMB_COM_QUERY_INFORMATION      0x08
SMB_COM_SET_INFORMATION        0x09
SMB_COM_READ                   0x0A
SMB_COM_WRITE                  0x0B
SMB_COM_LOCK_BYTE_RANGE        0x0C
SMB_COM_UNLOCK_BYTE_RANGE      0x0D
SMB_COM_CREATE_TEMPORARY       0x0E
SMB_COM_CREATE_NEW             0x0F
SMB_COM_CHECK_DIRECTORY        0x10
SMB_COM_PROCESS_EXIT           0x11
SMB_COM_SEEK                   0x12
SMB_COM_LOCK_AND_READ          0x13
SMB_COM_WRITE_AND_UNLOCK       0x14
SMB_COM_READ_RAW               0x1A
SMB_COM_READ_MPX               0x1B
SMB_COM_READ_MPX_SECONDARY     0x1C
SMB_COM_WRITE_RAW              0x1D
SMB_COM_WRITE_MPX              0x1E
SMB_COM_WRITE_COMPLETE         0x20
SMB_COM_SET_INFORMATION2       0x22
SMB_COM_QUERY_INFORMATION2     0x23
SMB_COM_LOCKING_ANDX           0x24
SMB_COM_TRANSACTION            0x25
SMB_COM_TRANSACTION_SECONDARY  0x26
SMB_COM_IOCTL                  0x27
SMB_COM_IOCTL_SECONDARY        0x28
SMB_COM_COPY                   0x29
SMB_COM_MOVE                   0x2A
SMB_COM_ECHO                   0x2B
SMB_COM_WRITE_AND_CLOSE        0x2C
SMB_COM_OPEN_ANDX              0x2D
SMB_COM_READ_ANDX              0x2E
SMB_COM_WRITE_ANDX             0x2F
SMB_COM_CLOSE_AND_TREE_DISC    0x31
SMB_COM_TRANSACTION2           0x32
SMB_COM_TRANSACTION2_SECONDARY 0x33
SMB_COM_FIND_CLOSE2            0x34
SMB_COM_FIND_NOTIFY_CLOSE      0x35
SMB_COM_TREE_CONNECT           0x70
SMB_COM_TREE_DISCONNECT        0x71
SMB_COM_NEGOTIATE              0x72
SMB_COM_SESSION_SETUP_ANDX     0x73
SMB_COM_LOGOFF_ANDX            0x74
SMB_COM_TREE_CONNECT_ANDX      0x75

Leach, Naik       expires September, 1997        [Page 143] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



SMB_COM_QUERY_INFORMATION_DISK 0x80
SMB_COM_SEARCH                 0x81
SMB_COM_FIND                   0x82
SMB_COM_FIND_UNIQUE            0x83
SMB_COM_NT_TRANSACT            0xA0
SMB_COM_NT_TRANSACT_SECONDARY  0xA1
SMB_COM_NT_CREATE_ANDX         0xA2
SMB_COM_NT_CANCEL              0xA4
SMB_COM_OPEN_PRINT_FILE        0xC0
SMB_COM_WRITE_PRINT_FILE       0xC1
SMB_COM_CLOSE_PRINT_FILE       0xC2
SMB_COM_GET_PRINT_QUEUE        0xC3

6.2  SMB_COM_TRANSACTION2 Subcommand codes

The subcommand code for SMB_COM_TRANSACTION2 request is placed in
Setup[0].  The parameters associated with any particular request are
placed in the Parameters vector of the request.  The defined subcommand
codes are:


































Leach, Naik       expires September, 1997        [Page 144] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Setup[0] Transaction2           Value Description
Subcommand Code
=============================== ===== =============================

TRANS2_OPEN2                    0x00  Create file with extended
                                        attributes
TRANS2_FIND_FIRST2              0x01  Begin search for files
TRANS2_FIND_NEXT2               0x02  Resume search for files
TRANS2_QUERY_FS_INFORMATION     0x03  Get file system information
                                0x04  Reserved
TRANS2_QUERY_PATH_INFORMATION   0x05  Get information about a named
                                        file or directory
TRANS2_SET_PATH_INFORMATION     0x06  Set information about a named
                                        file or directory
TRANS2_QUERY_FILE_INFORMATION   0x07  Get information about a
                                        handle
TRANS2_SET_FILE_INFORMATION     0x08  Set information by handle
TRANS2_FSCTL                    0x09  Not implemented by NT server
TRANS2_IOCTL2                   0x0A  Not implemented by NT server
TRANS2_FIND_NOTIFY_FIRST        0x0B  Not implemented by NT server
TRANS2_FIND_NOTIFY_NEXT         0x0C  Not implemented by NT server
TRANS2_CREATE_DIRECTORY         0x0D  Create directory with
                                        extended attributes
TRANS2_SESSION_SETUP            0x0E  Session setup with extended
                                        security information
TRANS2_GET_DFS_REFERRAL         0x10  Get a DFS referral
TRANS2_REPORT_DFS_INCONSISTENCY 0x11  Report a DFS knowledge
                                        inconsistency


6.3  SMB_COM_NT_TRANSACTION Subcommand Codes

For these transactions, Function in the primary client request indicates
the operation to be performed.  It may assume one of the following
values:


 SubCommand Code                    Value Description
 ================================== ===== ===========================

 NT_TRANSACT_CREATE                 1     File open/create
 NT_TRANSACT_IOCTL                  2     Device IOCTL
 NT_TRANSACT_SET_SECURITY_DESC      3     Set security descriptor
 NT_TRANSACT_NOTIFY_CHANGE          4     Start directory watch
 NT_TRANSACT_RENAME                 5     Reserved (Handle-based
                                           rename)
 NT_TRANSACT_QUERY_SECURITY_DESC    6     Retrieve security
                                           descriptor info




6.4  SMB Protocol Dialect Constants

This is the list of  CIFS protocol dialects, ordered from least
functional (earliest) version to most functional (most recent) version:




Leach, Naik       expires September, 1997        [Page 145] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Dialect Name           Comment
====================== ========================================
=====

PC NETWORK PROGRAM 1.0 The original MSNET SMB protocol (otherwise
                        known as the "core protocol")
PCLAN1.0               Some versions of the original MSNET defined
                        this as an alternate to the core protocol
                        name
MICROSOFT NETWORKS     This is used for the MS-NET 1.03 product.  It
1.03                   defines Lock&Read,Write&Unlock, and a special
                        version of raw read and raw write.
MICROSOFT NETWORKS 3.0 This is the  DOS LANMAN 1.0 specific
                        protocol.  It is equivalent to the LANMAN 1.0
                        protocol, except the server is required to
                        map errors from the OS/2 error to an
                        appropriate DOS error.
LANMAN1.0              This is the first version of the full LANMAN
                        1.0 protocol
LM1.2X002              This is the first version of the full LANMAN
                        2.0 protocol
DOS LM1.2X002          This is the DOS equivalent of the LM1.2X002
                        protocol.  It is identical to the LM1.2X002
                        protocol, but the server will perform error
                        mapping to appropriate DOS errors.
DOS LANMAN2.1          DOS LANMAN2.1
LANMAN2.1              OS/2 LANMAN2.1
Windows for Workgroups Windows for Workgroups Version 1.0
3.1a
NT LM 0.12             The SMB protocol designed for NT networking.
                        This has special SMBs which duplicate the NT
                        semantics.



CIFS servers select the most recent version of the protocol known to
both client and server.  Any CIFS server which supports dialects newer
than the original core dialect must support all the messages and
semantics of the dialects between the core dialect and the newer one.
This is to say that a server which supports the NT LM 0.12 dialect must
also support all of the messages of the previous 10 dialects.  It is the
client's responsibility to ensure it only sends SMBs which are
appropriate to the dialect negotiated.  Clients must be prepared to
receive an SMB response from an earlier protocol dialect -- even if the
client used the most recent form of the request.


7  Error Codes and Classes

This section lists all of the valid values for
Status.DosError.ErrorClass, and most of the error codes for
Status.DosError.Error.

The following error classes may be returned by the server to the client.




Leach, Naik       expires September, 1997        [Page 146] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Class      Code Comment
=======    ==== ====================================================

SUCCESS    0    The request was successful.
ERRDOS     0x01 Error is from the core DOS operating system set.
ERRSRV     0x02 Error is generated by the server network file
                 manager.
ERRHRD     0x03 Error is an hardware error.
ERRCMD     0xFF Command was not in the "SMB" format.



The following error codes may be generated with the  SUCCESS error
class.


Class      Code Comment
=======    ==== ====================================================

SUCCESS    0    The request was successful.



The following error codes may be generated with the ERRDOS error class.




































Leach, Naik       expires September, 1997        [Page 147] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



Error           Code  Description
=============== ===== =============================================

ERRbadfunc      1     Invalid function.  The server did not
                        recognize or could not perform a system call
                        generated by the server, e.g., set the
                        DIRECTORY attribute on a data file, invalid
                        seek mode.
ERRbadfile      2     File not found.  The last component of a
                        file's pathname could not be found.
ERRbadpath      3     Directory invalid.  A directory component in
                        a pathname could not be found.
ERRnofids       4     Too many open files.  The server has no file
                        handles available.
ERRnoaccess     5     Access denied, the client's context does not
                        permit the requested function.  This includes
                        the following conditions:
                        invalid rename command
                        write to Fid open for read only
                        read on Fid open for write only
                        attempt to delete a non-empty directory
ERRbadfid       6     Invalid file handle.  The file handle
                        specified was not recognized by the server.
ERRbadmcb       7     Memory control blocks destroyed.
ERRnomem        8     Insufficient server memory to perform the
                        requested function.
ERRbadmem       9     Invalid memory block address.
ERRbadenv       10    Invalid environment.
ERRbadformat    11    Invalid format.
ERRbadaccess    12    Invalid open mode.
ERRbaddata      13    Invalid data (generated only by IOCTL calls
                        within the server).
ERRbaddrive     15    Invalid drive specified.
ERRremcd        16    A Delete Directory request attempted to
                        remove the server's current directory.
ERRdiffdevice   17    Not same device (e.g., a cross volume rename
                        was attempted)
ERRnofiles      18    A File Search command can find no more files
                        matching the specified criteria.
ERRbadshare     32    The sharing mode specified for an Open
                        conflicts with existing FIDs on the file.
ERRlock         33    A Lock request conflicted with an existing
                        lock or specified an invalid mode, or an
                        Unlock requested attempted to remove a lock
                        held by another process.
ERRfilexists    80    The file named in the request already exists.










Leach, Naik       expires September, 1997        [Page 148] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


The following error codes may be generated with the ERRSRV error class.


Error           Code  Description
=============== ===== =============================================

ERRerror        1     Non-specific error code.  It is returned
                        under the following conditions:
                        @ resource other than disk space exhausted
                          (e.g.  TIDs)
                        @ first SMB command was not negotiate
                        @ multiple negotiates attempted
                        @ internal server error
ERRbadpw        2     Bad password - name/password pair in a Tree
                        Connect or Session Setup are invalid.
ERRaccess       4     The client does not have the necessary access
                        rights within the specified context for the
                        requested function.
ERRinvnid       5     The Tid specified in a command was invalid.
ERRinvnetname   6     Invalid network name in tree connect.
ERRinvdevice    7     Invalid device - printer request made to non-
                        printer connection or non-printer request
                        made to printer connection.
ERRqfull        49    Print queue full (files) -- returned by open
                        print file.
ERRqtoobig      50    Print queue full -- no space.
ERRqeof         51    EOF on print queue dump.
ERRinvpfid      52    Invalid print file FID.
ERRsmbcmd       64    The server did not recognize the command
                        received.
ERRsrverror     65    The server encountered an internal error,
                        e.g., system file unavailable.
ERRfilespecs    67    The Fid and pathname parameters contained an
                        invalid combination of values.
ERRbadpermits   69    The access permissions specified for a file
                        or directory are not a valid combination.
                        The server cannot set the requested
                        attribute.
ERRsetattrmode  71    The attribute mode in the Set File Attribute
                        request is invalid.
ERRpaused       81    Server is paused.  (reserved for messaging)
ERRmsgoff       82    Not receiving messages.  (reserved for
                        messaging).
ERRnoroom       83    No room to buffer message.  (reserved for
                        messaging).
ERRrmuns        87    Too many remote user names.  (reserved for
                        messaging).
ERRtimeout      88    Operation timed out.
ERRnoresource   89    No resources currently available for request.
ERRtoomanyuids  90    Too many Uids active on this session.
ERRbaduid       91    The Uid is not known as a valid user
                        identifier on this session.
ERRusempx       250   Temporarily unable to support Raw, use MPX
                        mode.
ERRusestd       251   Temporarily unable to support Raw, use


Leach, Naik       expires September, 1997        [Page 149] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97



                        standard read/write.
ERRcontmpx      252   Continue in MPX mode.
ERRnosupport    65535 Function not supported.



The following error codes may be generated with the ERRHRD error class.


Error           Code  Description
=============== ===== =============================================

ERRnowrite      19    Attempt to write on write-protected media
ERRbadunit      20    Unknown unit.
ERRnotready     21    Drive not ready.
ERRbadcmd       22    Unknown command.
ERRdata         23    Data error (CRC).
ERRbadreq       24    Bad request structure length.
ERRseek         25    Seek error.
ERRbadmedia     26    Unknown media type.
ERRbadsector    27    Sector not found.
ERRnopaper      28    Printer out of paper.
ERRwrite        29    Write fault.
ERRread         30    Read fault.
ERRgeneral      31    General failure.
ERRbadshare     32    A open conflicts with an existing open.
ERRlock         33    A Lock request conflicted with an existing
                        lock or specified an invalid mode, or an
                        Unlock requested attempted to remove a lock
                        held by another process.
ERRwrongdisk    34    The wrong disk was found in a drive.
ERRFCBUnavail   35    No FCBs are available to process request.
ERRsharebufexc  36    A sharing buffer has been exceeded.




8  Legal Notice

Microsoft does not know of any third-party rights that are violated by
this contribution.  Microsoft makes no other representations regarding
this contribution.


9  References

[1] P. Mockapetris, "Domain Names - Concepts And Facilities", RFC 1034,
    November 1987

[2] P. Mockapetris, "Domain Names - Implementation And Specification",
    RFC 1035, November 1987

[3] Karl Auerbach, "Protocol Standard For A Netbios Service On A Tcp/Udp
    Transport: Concepts And Methods", RFC 1001, March 1987

[4] Karl Auerbach, "Protocol Standard For A Netbios Service On A Tcp/Udp
    Transport: Detailed Specifications", RFC 1002, March 1987




Leach, Naik       expires September, 1997        [Page 150] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


[5] US National Bureau of Standards, "Data Encryption Standard",
    Federal Information Processing Standard (FIPS) Publication
    46-1, January 1988

[6] Rivest, R. - MIT and RSA Data Security, Inc., "The MD4 Message
    Digest Algorithm", RFC 1320, April 1992

[7] X/Open Company Ltd., "X/Open CAE Specification - Protocols for
    X/Open PC Interworking: SMB, Version 2", X/Open Document Number:
    CAE 209, September 1992.


10  Security Considerations

There are four authentication mechanisms, each with their own strengths
and weaknesses, as well as attacks that are independent of the
authentication protocol.


10.1  Share level protection

In share level protection, there are no per-user passwords; knowledge of
the read or write password is what gives read or write access. Since the
passwords must be disclosed to be used, and hence known by many people,
the scheme is quite weak.

In addition, the passwords are sent in the clear over the network, so
they have all the weaknesses of clear text passwords in user level
security.


10.2  Plaintext Password Authentication

This authentication protocol sends the client's password in the clear.
It should be used only when needed for backwards compatibility, and only
where the chances of eavesdropping is deemed acceptable, such as
relatively isolated networks. Passwords sent to such servers should
never be the same as passwords used for more secure servers.


10.3  LANMAN 2.1 (and earlier) Challenge/Response

This authentication protocol is subject to the following
vulnerabilities:

o Known plaintext attack

o Small key space

o Chosen plaintext attack

o Dictionary attack

o Badly chosen passwords


Leach, Naik       expires September, 1997        [Page 151] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


These attacks, if successful, compromise the client's password, and
allow the attacker access to the client's files even after the client's
session has ended. Because of these attacks, it should be used only when
needed for backwards compatibility, or where the chances of
eavesdropping are deemed acceptable, such as relatively isolated
networks. It is more secure than plaintext password authentication,
because passwords are never seen in the clear on the network. Whenever
possible, the use of the NT LM 0.12 authentication is to be preferred.


10.3.1  Known Plaintext Attacks

Because the challenge is plaintext, an eavesdropper can acquire known
plaintext/ciphertext pairs. It can then test a guess at a password by
using it to generate a key, encrypting the plaintext, and comparing it
to the corresponding ciphertext.


10.3.2  Small Key Space

The combination of the use of only uppercase characters, the usual user
practice of  choosing passwords that have alpha and perhaps numeric
characters, plus the fact that the protocol treats the upper and lower
halves of the 14 bytes key almost identically means that the key space
is rather small. Enumerating 7 uppercase characters and digits leads to
a key space of 36**7, or 78.3 billion combinations. When this mechanism
was introduced nearly a decade ago, this was probably an adequately
large key space, but with today's much more powerful systems, it is now
small enough to make a brute force search feasible upon a
plaintext/ciphertext pair obtained via a known plaintext attack.


10.3.3  Chosen Plaintext Attacks

A "main-in-the-middle" or a counterfeit server can choose the challenge
"C8" which the client will then encrypt using a key derived from the
client's password. The ability to choose the plaintext to be encrypted
is known to make breaking many ciphers much easier.


10.3.4  Dictionary Attacks

The attacker can precompute the response for many common passwords to a
challenge of its choice, and build a dictionary of (response, password)
pairs. It can then use the chosen plaintext attack to acquire a response
corresponding to that challenge, and just look up the password in the
dictionary.


10.3.5  Badly Chosen Passwords

Passwords that are not long enough, or that are words in the language of
the clients, make the above attacks even easier by reducing the key
space even more.

Leach, Naik       expires September, 1997        [Page 152] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


10.4  NT LM 0.12 Challenge/Response

Because it uses MD4 to generate the keying material from the password,
and because it preserves the password's case, the key space of this
protocol is essentially the full 56 bits that single DES allows; this is
probably an acceptable length for most purposes (although future
dialects may use triple-DES for more assurance). However, it is still
subject to the same chosen plaintext and dictionary attacks as LANMAN
2.1 challenge/response if passwords are badly chosen. The only cure is
to make sure that passwords are well-chosen, and long enough to have at
least 56 bits of randomness.

Other considerations:

o Transforming the password into Unicode leaves a pattern of
  alternating zeros and characters in the input to MD4.  This may allow
  MD4 to be reversed much more easily, although there is currently no
  known way to exploit this.

o MD4 is known to be weak with respect to collisions.  There may be a
  way to exploit this to attack its one-wayness, or to exploit the
  collision properties to limit key search time, although there is
  currently no known way to do so.


10.5  Other attacks




10.5.1  Hijack connections

Any attacker that can inject packets into the network that appear to the
server to be coming from a particular client, can hijack that client's
connection. Once a connection is set up and the client has
authenticated, subsequent packets are not authenticated, so the attacker
can inject requests to read, write, or delete files to which the client
has access. Doing so require that the injected packets have the right
transport level sequence numbers, which can be tricky, especially if the
client is sending packets at the same time. It is significantly more
difficult to hijack a connection than to eavesdrop, and doing so only
permits the attacker to access files as the client for the duration of
the session.


10.5.2  Downgrade attack

A "man-in-the-middle" can remove the bit in the SMB_COM_NEGPROT response
that says the server supports challenge/response, thus fooling a client
into thinking that it should supply a plaintext password. This attack
can be mitigated if clients are able to be configured to require
challenge/response, either in general or for particular servers.



Leach, Naik       expires September, 1997        [Page 153] 


INTERNET-DRAFT            CIFS/1.0                  03/19/97


10.5.3  Spoofing by Counterfeit Servers

A counterfeit server is one that spoofs the DNS name resolution process
so that the client gets the counterfeit's IP address instead of the
genuine server's IP address, thus fooling the client into connecting to
the counterfeit while believing it is connecting to the genuine server.
Counterfeit servers are not detectable by the challenge/response
authentication mechanism, which only authenticates clients. A
counterfeit server can use the downgrade attack above to obtain a
client's password; it can also execute a denial of service attack by
denying the client's requests or returning bogus results. Counterfeit
server attacks can be mitigated by deployment of DNSSEC.


10.5.4  Storing Passwords Safely

The passwords used in any of the authentication mechanisms used by this
protocol have to be protected from access from over the network and from
physical access. If the server does not support access control at the
individual file level, but only at the file tree level, then password
files can not be placed in a file tree that is accessible from the
network, as all files in such a tree have to be at least equally
readable.


11  Authors' Addresses

Paul Leach
Dilip Naik
Microsoft
1 Microsoft Way
Redmond, WA  98052
[email protected]























Leach, Naik       expires September, 1997        [Page 154] 


Notes:

  1. As stated in the Status of this Memo section, It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress". This particular document expired a long time ago, and has lost its status as an Internet-Draft. As such, it is only of historical interest. Notes regarding this document may be inserted if they are relevant. (That is, when we have time, we'll add comments.)

  2. Microsoft's CIFS mailing list is now at: http://discuss.microsoft.com/archives/cifs.html. Subscription information may be found at http://discuss.microsoft.com/SCRIPTS/WA-MSD.EXE?SUBED1=cifs

  3. Microsoft's CIFS home page seems to be gone. (If you know where it went, please let me know.)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


[Contents] [W3C Validated] $Revision: 1.12 $