2.2.4.64.1 Request

 SMB_Parameters
   {
   UCHAR WordCount;
   Words
     {
     UCHAR     AndXCommand;
     UCHAR     AndXReserved;
     USHORT    AndXOffset;
     UCHAR     Reserved;
     USHORT    NameLength;
     ULONG     Flags;
     ULONG     RootDirectoryFID;
     ULONG     DesiredAccess;
     LARGE_INTEGER AllocationSize;
     SMB_EXT_FILE_ATTR ExtFileAttributes;
     ULONG     ShareAccess;
     ULONG     CreateDisposition;
     ULONG     CreateOptions;
     ULONG     ImpersonationLevel;
     UCHAR  SecurityFlags;
     }
   }
 SMB_Data
   {
   USHORT ByteCount;
   Bytes
     {
     SMB_STRING FileName;
     }
   }
            


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

SMB_Parameters (49 bytes)

...

...

...

SMB_Parameters (49 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

WordCount

Words (48 bytes)

...

...

...

SMB_Data (variable)

...

WordCount (1 byte): This field MUST be 0x18.

Words (48 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

AndXCommand

AndXReserved

AndXOffset

Reserved

NameLength

Flags

...

RootDirectoryFID

...

DesiredAccess

...

AllocationSize

...

...

ExtFileAttributes

...

ShareAccess

...

CreateDisposition

...

CreateOptions

...

ImpersonationLevel

...

SecurityFlags

AndXCommand (1 byte): The command code for the next SMB command in the packet. This value MUST be set to 0xFF if there are no additional SMB commands in the client request packet.

AndXReserved (1 byte): A reserved field. This MUST be set to 0x00 when this request is sent, and the server MUST ignore this value when the message is received.

AndXOffset (2 bytes): This field MUST be set to the offset in bytes from the start of the SMB Header (section 2.2.3.1) to the start of the WordCount field in the next SMB command in this packet. This field is valid only if the AndXCommand field is not set to 0xFF. If AndXCommand is 0xFF, this field MUST be ignored by the server.

Reserved (1 byte): An unused value that SHOULD be set to 0x00 when sent and MUST be ignored on receipt.

NameLength (2 bytes): This field MUST be the length of the FileName field (see following) in bytes.

Flags (4 bytes): A 32-bit field containing a set of flags that modify the client request. Unused bit fields SHOULD be set to 0 when sent and MUST be ignored on receipt.

Name and bitmask

Meaning

NT_CREATE_REQUEST_OPLOCK

0x00000002

If set, the client requests an exclusive OpLock.

NT_CREATE_REQUEST_OPBATCH

0x00000004

If set, the client requests an exclusive batch OpLock.

NT_CREATE_OPEN_TARGET_DIR

0x00000008

If set, the client indicates that the parent directory of the target is to be opened.

RootDirectoryFID (4 bytes): If nonzero, this value is the File ID of an opened root directory, and the FileName field MUST be handled as relative to the directory specified by this RootDirectoryFID. If this value is 0x00000000, the FileName field MUST be handled as relative to the root of the share (the TID). The RootDirectoryFID MUST have been acquired in a previous message exchange.

DesiredAccess (4 bytes): A 32-bit field of flags that indicate standard, specific, and generic access rights. These rights are used in access-control entries (ACEs) and are the primary means of specifying the requested or granted access to an object. If this value is 0x00000000, it represents a request to query the attributes without accessing the file.

Name and bitmask

Meaning

FILE_READ_DATA

0x00000001

Indicates the right to read data from the file.

FILE_WRITE_DATA

0x00000002

Indicates the right to write data into the file beyond the end of the file.

FILE_APPEND_DATA

0x00000004

Indicates the right to append data to the file beyond the end of the file only.

FILE_READ_EA

0x00000008

Indicates the right to read the extended attributes (EAs) of the file.

FILE_WRITE_EA

0x00000010

Indicates the right to write or change the extended attributes (EAs) of the file.

FILE_EXECUTE

0x00000020

Indicates the right to execute the file.

FILE_READ_ATTRIBUTES

0x00000080

Indicates the right to read the attributes of the file.

FILE_WRITE_ATTRIBUTES

0x00000100

Indicates the right to change the attributes of the file.

DELETE

0x00010000

Indicates the right to delete or to rename the file.

READ_CONTROL

0x00020000

Indicates the right to read the security descriptor of the file.

WRITE_DAC

0x00040000

Indicates the right to change the discretionary access control list (DACL) in the security descriptor of the file.

WRITE_OWNER

0x00080000

Indicates the right to change the owner in the security descriptor of the file.

SYNCHRONIZE

0x00100000

SHOULD NOT be used by the sender and MUST be ignored by the receiver.

ACCESS_SYSTEM_SECURITY

0x01000000

Indicates the right to read or change the system access control list (SACL) in the security descriptor for the file. If the SE_SECURITY_NAME privilege is not set in the access token, the server MUST fail the open request and return STATUS_PRIVILEGE_NOT_HELD.

MAXIMUM_ALLOWED

0x02000000

Indicates that the client requests an open to the file with the highest level of access that the client has on this file. If no access is granted for the client on this file, the server MUST fail the open and return a STATUS_ACCESS_DENIED.

GENERIC_ALL

0x10000000

Indicates a request for all of the access flags that are previously listed except MAXIMUM_ALLOWED and ACCESS_SYSTEM_SECURITY.

GENERIC_EXECUTE

0x20000000

Indicates a request for the following combination of access flags listed previously in this table: FILE_READ_ATTRIBUTES, FILE_EXECUTE, SYNCHRONIZE, and READ_CONTROL.

GENERIC_WRITE

0x40000000

Indicates a request for the following combination of access flags listed previously in this table: FILE_WRITE_DATA, FILE_APPEND_DATA, SYNCHRONIZE, FILE_WRITE_ATTRIBUTES, and FILE_WRITE_EA.

GENERIC_READ

0x80000000

Indicates a request for the following combination of access flags listed previously in this table:  FILE_READ_DATA, FILE_READ_ATTRIBUTES, FILE_READ_EA, and SYNCHRONIZE.

AllocationSize (8 bytes): The client MUST set this value to the initial allocation size of the file in bytes. The server MUST ignore this field if this request is to open an existing file. This field MUST be used only if the file is created or overwritten. The value MUST be set to 0x0000000000000000 in all other cases. This does not apply to directory-related requests. This is the number of bytes to be allocated, represented as a 64-bit integer value.

ExtFileAttributes (4 bytes): This field contains the extended file attributes of the file being requested, encoded as an SMB_EXT_FILE_ATTR (section 2.2.1.2.3) data type.

ShareAccess (4 bytes): A 32-bit field that specifies how the file SHOULD be shared with other processes. The names in the table below are provided for reference use only. If ShareAccess values of FILE_SHARE_READ, FILE_SHARE_WRITE, or FILE_SHARE_DELETE are set for a printer file or a named pipe, the server SHOULD ignore these values. The value MUST be FILE_SHARE_NONE or some combination of the other values:

Name and bitmask

Meaning

FILE_SHARE_NONE

0x00000000

(No bits set.)Prevents the file from being shared.

FILE_SHARE_READ

0x00000001

Other open operations can be performed on the file for read access.

FILE_SHARE_WRITE

0x00000002

Other open operations can be performed on the file for write access.

FILE_SHARE_DELETE

0x00000004

Other open operations can be performed on the file for delete access.

CreateDisposition (4 bytes): A 32-bit value that represents the action to take if the file already exists or if the file is a new file and does not already exist.<119>

Name and value

Meaning

FILE_SUPERSEDE

0x00000000

(No bits set.)If the file already exists, it SHOULD be superseded (overwritten). If it does not already exist, then it SHOULD be created.

FILE_OPEN

0x00000001

If the file already exists, it SHOULD be opened rather than created. If the file does not already exist, the operation MUST fail.

FILE_CREATE

0x00000002

If the file already exists, the operation MUST fail. If the file does not already exist, it SHOULD be created.

FILE_OPEN_IF

0x00000003

If the file already exists, it SHOULD be opened. If the file does not already exist, then it SHOULD be created. This value is equivalent to (FILE_OPEN | FILE_CREATE).

FILE_OVERWRITE

0x00000004

If the file already exists, it SHOULD be opened and truncated. If the file does not already exist, the operation MUST fail.

FILE_OVERWRITE_IF

0x00000005

If the file already exists, it SHOULD be opened and truncated. If the file does not already exist, it SHOULD be created.

CreateOptions (4 bytes): A 32-bit field containing flag options to use if creating the file or directory. This field MUST be set to 0x00000000 or a combination of the following possible values. Unused bit fields SHOULD be set to 0 when sent and MUST be ignored on receipt. The following is a list of the valid values and their associated behaviors. Server implementations SHOULD reserve all bits not specified in the following definitions.

Name and bitmask

Meaning

FILE_DIRECTORY_FILE

0x00000001

The file being created or opened is a directory file. With this option, the CreateDisposition field MUST be set to FILE_CREATE, FILE_OPEN, or FILE_OPEN_IF. When this bit field is set, other compatible CreateOptions include only the following: FILE_WRITE_THROUGH, FILE_OPEN_FOR_BACKUP_INTENT, and FILE_OPEN_BY_FILE_ID.

FILE_WRITE_THROUGH

0x00000002

Applications that write data to the file MUST actually transfer the data into the file before any write request is considered complete. If FILE_NO_INTERMEDIATE_BUFFERING is set, the server MUST perform as if FILE_WRITE_THROUGH is set in the create request.

FILE_SEQUENTIAL_ONLY

0x00000004

This option indicates that access to the file can be sequential. The server can use this information to influence its caching and read-ahead strategy for this file. The file MAY in fact be accessed randomly, but the server can optimize its caching and read-ahead policy for sequential access.

FILE_NO_INTERMEDIATE_BUFFERING

0x00000008

The file SHOULD NOT be cached or buffered in an internal buffer by the server. This option is incompatible when the FILE_APPEND_DATA bit field is set in the DesiredAccess field.

FILE_SYNCHRONOUS_IO_ALERT

0x00000010

This flag MUST be ignored by the server, and clients SHOULD set this to 0.

FILE_SYNCHRONOUS_IO_NONALERT

0x00000020

This flag MUST be ignored by the server, and clients SHOULD set this to 0.

FILE_NON_DIRECTORY_FILE

0x00000040

If the file being opened is a directory, the server MUST fail the request with STATUS_FILE_IS_A_DIRECTORY in the Status field of the SMB Header in the server response.

FILE_CREATE_TREE_CONNECTION

0x00000080

This option SHOULD NOT be sent by the clients, and this option MUST be ignored by the server.

FILE_COMPLETE_IF_OPLOCKED

0x00000100

This option SHOULD NOT be sent by the clients, and this option MUST be ignored by the server.

FILE_NO_EA_KNOWLEDGE

0x00000200

The application that initiated the client's request does not support extended attributes (EAs). If the EAs on an existing file being opened indicate that the caller SHOULD support EAs to correctly interpret the file, the server SHOULD fail this request with STATUS_ACCESS_DENIED (ERRDOS/ERRnoaccess) in the Status field of the SMB Header in the server response.

FILE_OPEN_FOR_RECOVERY

0x00000400

This option SHOULD NOT be sent by the clients, and this option MUST be ignored if received by the server.

FILE_RANDOM_ACCESS

0x00000800

Indicates that access to the file can be random. The server MAY use this information to influence its caching and read-ahead strategy for this file. This is a hint to the server that sequential read-ahead operations might not be appropriate on the file.

FILE_DELETE_ON_CLOSE

0x00001000

The file SHOULD be automatically deleted when the last open request on this file is closed. When this option is set, the DesiredAccess field MUST include the DELETE flag. This option is often used for temporary files.

FILE_OPEN_BY_FILE_ID

0x00002000

Opens a file based on the FID. If this option is set, the server MUST fail the request with STATUS_NOT_SUPPORTED in the Status field of the SMB Header in the server response.

FILE_OPEN_FOR_BACKUP_INTENT

0x00004000

The file is being opened or created for the purposes of either a backup or a restore operation. Thus, the server can make appropriate checks to ensure that the caller is capable of overriding whatever security checks have been placed on the file to allow a backup or restore operation to occur. The server can check for certain access rights to the file before checking the DesiredAccess field.

FILE_NO_COMPRESSION

0x00008000

When a new file is created, the file MUST NOT be compressed, even if it is on a compressed volume. The flag MUST be ignored when opening an existing file.

FILE_RESERVE_OPFILTER

0x00100000

This option SHOULD NOT be sent by the clients, and this option MUST be ignored if received by the server.

FILE_OPEN_NO_RECALL

0x00400000

In a hierarchical storage management environment, this option requests that the file SHOULD NOT be recalled from tertiary storage such as tape. A file recall can take up to several minutes in a hierarchical storage management environment. The clients can specify this option to avoid such delays.

FILE_OPEN_FOR_FREE_SPACE_QUERY

0x00800000

This option SHOULD NOT be sent by the clients, and this option MUST be ignored if received by the server.

ImpersonationLevel (4 bytes): This field specifies the impersonation level requested by the application that is issuing the create request, and MUST contain one of the following values.

Impersonation is described in [MS-WPO] section 8.5.1; for more information about impersonation, see [MSDN-IMPERS].

Name and value

Meaning

SEC_ANONYMOUS

0x00000000

The application-requested impersonation level is Anonymous.

SEC_IDENTIFY

0x00000001

The application-requested impersonation level is Identification.

SEC_IMPERSONATE

0x00000002

The application-requested impersonation level is Impersonation.

SecurityFlags (1 byte): An 8-bit field containing a set of options that specify the security tracking mode. These options specify whether the server is to be given a snapshot of the client's security context (called static tracking) or is to be continually updated to track changes to the client's security context (called dynamic tracking). When bit 0 of the SecurityFlags field is clear, static tracking is requested. When bit 0 of the SecurityFlags field is set, dynamic tracking is requested. Unused bit fields SHOULD be set to 0 when sent and MUST be ignored on receipt. This field MUST be set to 0x00 or a combination of the following possible values. Value names are provided for convenience only. Supported values are:

Name and value

Meaning

SMB_SECURITY_CONTEXT_TRACKING

0x01

When set, dynamic tracking is requested. When this bit field is not set, static tracking is requested.

SMB_SECURITY_EFFECTIVE_ONLY

0x02

Specifies that only the enabled aspects of the client's security context are available to the server. If this flag is not specified, all aspects of the client's security context are available. This flag allows the client to limit the groups and privileges that a server can use while impersonating the client.

SMB_Data  (variable):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

ByteCount

Bytes (variable)

...

ByteCount (2 bytes): The length in bytes of the remaining SMB_Data. If SMB_FLAGS2_UNICODE is set in the Flags2 field of the SMB Header of the request, this field has a minimum value of 0x0003. If SMB_FLAGS2_UNICODE is not set, this field has a minimum value of 0x0002. This field MUST be the total length of the Name field, plus any padding added for alignment.

Bytes (variable):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

FileName (variable)

...

FileName (variable): A string that represents the fully qualified name of the file relative to the supplied TID to create or truncate on the server. If SMB_FLAGS2_UNICODE is set in the Flags2 field of the SMB Header of the request, the FileName string MUST be a null-terminated array of 16-bit Unicode characters. Otherwise, the FileName string MUST be a null-terminated array of extended ASCII (OEM) characters. If the FileName string consists of Unicode characters, this field MUST be aligned to start on a 2-byte boundary from the start of the SMB Header. When opening a named pipe, the FileName field MUST contain only the relative name of the pipe, that is, the "\PIPE\" prefix MUST NOT be present. This is in contrast with other commands, such as SMB_COM_OPEN_ANDX and TRANS2_OPEN2, which require that the "\PIPE" prefix be present in the pathname.