SMB_COM_NT_CREATE_ANDX Client Request Extension

2.2.8 SMB_COM_NT_CREATE_ANDX Client Request Extension

An SMB_COM_NT_CREATE_ANDX request is sent by a client to open a file, or a named pipe on the target server, as specified in [CIFS] section 4.2.1. The new value NT_CREATE_REQUEST_EXTENDED_RESPONSE in the Flags field of the SMB_COM_NT_CREATE_ANDX request is used to trigger the new behavior defined in this specification. All other fields match their descriptions in the request structure as specified in [CIFS] section 4.2.1.

0	8	6	4
WordCount	AndXCommand	AndXReserved	AndXOffset
...	Reserved	NameLength
Flags
RootDirectoryFid
DesiredAccess
AllocationSize
...
ExtFileAttributes
ShareAccess
CreateDisposition
CreateOptions
ImpersonationLevel
SecurityFlags	ByteCount		Name (variable)
...

WordCount (1 byte): The word count for this request MUST be 0x18 (24), because there are 24 16-bit WORDs between the WordCount and the ByteCount fields.

AndXCommand (1 byte): The secondary SMB command in the packet. This value MUST be set to 0xFF if there are no additional SMB commands in the client request packet. Information about compounded requests is specified in [CIFS] section 3.12.

AndXReserved (1 byte): A reserved field. This MUST be set to 0 when this request is sent, and the server MUST ignore this value when the message is received. Information about compounded requests is specified in [CIFS] section 3.12.

AndXOffset (2 bytes): This field MUST be set to the offset in bytes from the start of the SMB header to the start of the WordCount field in the next SMB command in this packet. The field is valid only if the AndXCommand field is not set to 0xFF. Information about compounded requests is specified in [CIFS] section 3.12.

Reserved (1 byte): An unused value that SHOULD be set to 0 when sending this message. The server MUST ignore this field when receiving this message.

NameLength (2 bytes): This field MUST be the length, in bytes, of the Name field.

Flags (4 bytes): A set of flags that modify the client request. Unused bit fields SHOULD be set to 0 by the client when sending a request and MUST be ignored when received by the server. The Flags field in the SMB_COM_NT_CREATE_ANDX request MUST be used as follows.

Value	Meaning
NT_CREATE_REQUEST_OPLOCK 0x00000002	If set, the client is requesting an oplock. This flag is as specified in [CIFS] section 4.2.1.
NT_CREATE_REQUEST_OPBATCH 0x00000004	If set, the client is requesting a batch oplock. This flag is as specified in [CIFS] section 4.2.1.
NT_CREATE_OPEN_TARGET_DIR 0x00000008	If set, the client indicates that the target of the open is a directory. If the target does exist, it might require a delete access check for parent directory.
NT_CREATE_REQUEST_EXTENDED_RESPONSE 0x00000010	If set, the client is requesting extended information in the response.

RootDirectoryFid (4 bytes): If nonzero, this value is the Fid of an opened root directory, and the Name field MUST be handled as relative to the directory specified by this Fid. If this value is zero, the Name field MUST be handled as relative to the root of the share.

DesiredAccess (4 bytes): Access wanted. This value MUST be specified in the ACCESS_MASK format, as specified in [CIFS] section 3.7 and in the following table. If no value is specified for this field, it still allows a client to query attributes without actually accessing the file.

Value	Meaning
FILE_READ_DATA 0x00000001	Indicates the right to read data from the file or named pipe.
FILE_WRITE_DATA 0x00000002	Indicates the right to write data into the file or named pipe beyond the end of the file.
FILE_APPEND_DATA 0x00000004	Indicates the right to append data into the file or named pipe.
FILE_READ_EA 0x00000008	Indicates the right to read the extended attributes of the file or named pipe.
FILE_WRITE_EA 0x00000010	Indicates the right to write or change the extended attributes to the file or named pipe.
FILE_EXECUTE 0x00000020	Indicates the right to execute the file.
FILE_READ_ATTRIBUTES 0x00000080	Indicates the right to read the attributes of the file.
FILE_WRITE_ATTRIBUTES 0x00000100	Indicates the right to change the attributes of the file.
DELETE 0x00010000	Indicates the right to delete or to rename the file.
READ_CONTROL 0x00020000	Indicates the right to read the security descriptor for the file or named pipe.
WRITE_DAC 0x00040000	Indicates the right to change the discretionary access control list (DACL) in the security descriptor for the file or named pipe. For the DACL data structure, see ACL in [MS-DTYP].
WRITE_OWNER 0x00080000	Indicates the right to change the owner in the security descriptor for the file or named pipe.
SYNCHRONIZE 0x00100000	SHOULD NOT be used by the sender and MUST be ignored by the receiver.
ACCESS_SYSTEM_SECURITY 0x01000000	Indicates the right to read or change the system access control list (SACL) in the security descriptor for the file or named pipe. For the SACL data structure, see ACL in [MS-DTYP]. If the SE_SECURITY_NAME privilege is not set in the access token, the server MUST fail the open with STATUS_PRIVILEGE_NOT_HELD.
MAXIMUM_ALLOWED 0x02000000	Indicates that the client is requesting an open to the file with the highest level of access that the client has on this file. If no access is granted for the client on this file, the server MUST fail the open with STATUS_ACCESS_DENIED.
GENERIC_ALL 0x10000000	Indicates a request for all the access flags that are previously listed except MAXIMAL_ACCESS and ACCESS_SYSTEM_SECURITY.
GENERIC_EXECUTE 0x20000000	Indicates a request for the following combination of access flags listed previously in this table: FILE_READ_ATTRIBUTES\| FILE_EXECUTE\| SYNCHRONIZE\| READ_CONTROL.
GENERIC_WRITE 0x40000000	Indicates a request for the following combination of access flags listed previously in this table: FILE_WRITE_DATA\| FILE_APPEND_DATA\| FILE_WRITE_ATTRIBUTES\| FILE_WRITE_EA\| SYNCHRONIZE\| READ_CONTROL.
GENERIC_READ 0x80000000	Indicates a request for the following combination of access flags listed previously in this table: FILE_READ_DATA\| FILE_READ_ATTRIBUTES\| FILE_READ_EA\| SYNCHRONIZE\| READ_CONTROL.

AllocationSize (8 bytes): The client MUST set this value to the initial allocation size of the file in bytes. The server MUST ignore this field if this request is to open an existing file. In other words, this field MUST be used only if the file is created, overwritten, or superseded. The client MUST be set to 0 in all other cases.

ExtFileAttributes (4 bytes): Extended attributes and flags for this file or directory. The field MUST be specified in extended file attribute encoding format, as specified in [CIFS] section 3.11.

ShareAccess (4 bytes): Specifies the sharing mode for the open. If ShareAccess values of FILE_SHARE_READ, FILE_SHARE_WRITE and FILE_SHARE_DELETE are set for a printer file or a named pipe, the server SHOULD ignore these values. <47> This field MUST be constructed using the following values:

Value	Meaning
FILE_SHARE_READ 0x00000001	When set, indicates that other opens are allowed to read this file while this open is present. This bit MUST NOT be set for a named pipe or a printer file. Each open creates a new instance of a named pipe. Likewise, opening a printer file always creates a new file.
FILE_SHARE_WRITE 0x00000002	When set, indicates that other opens are allowed to write this file while this open is present. This bit MUST NOT be set for a named pipe or a printer file. Each open creates a new instance of a named pipe. Likewise, opening a printer file always creates a new file.
FILE_SHARE_DELETE 0x00000004	When set, indicates that other opens are allowed to delete or rename this file while this open is present. This bit MUST NOT be set for a named pipe or a printer file. Each open creates a new instance of a named pipe. Likewise, opening a printer file always creates a new file.

CreateDisposition (4 bytes): The action to take if a file does or does not exist. This field MUST be set to one of the following values.<48>

Value	Meaning
FILE_SUPERSEDE 0x00000000	If the file already exists, replace it with the file. If the file does not exist, create the file.
FILE_OPEN 0x00000001	If the file already exists, open the file instead of creating a new file. If the file does not already exist, fail the request, and do not create a new file.
FILE_CREATE 0x00000002	If the file already exists, fail the request, and do not create or open the file. If the file does not already exist, create the file.
FILE_OPEN_IF 0x00000003	If the file already exists, open the file. If the file does not already exist, create the file.
FILE_OVERWRITE 0x00000004	If the file already exists, open the file and overwrite it. If the file does not already exist, fail the request.
FILE_OVERWRITE_IF 0x00000005	If the file already exists, open the file and overwrite it. If the file does not already exist, create the file.

CreateOptions (4 bytes): The options to use if creating the file or directory. This field MUST be set to 0 or a combination of the following possible values. Unused bit fields SHOULD be set to 0 by the client when sending a request and SHOULD be ignored when received by the server.<49>

Windows server implementations reserve all bits not specified in the following table<50>.

Value	Meaning
FILE_DIRECTORY_FILE 0x00000001	The file being created or opened is a directory file. With this option, the CreateDisposition field MUST be set to FILE_CREATE, FILE_OPEN, or FILE_OPEN_IF. When this bit field is set, other compatible CreateOptions include only the following: FILE_WRITE_THROUGH, FILE_OPEN_FOR_BACKUP_INTENT, and FILE_OPEN_BY_FILE_ID.
FILE_WRITE_THROUGH 0x00000002	Applications that write data to the file MUST actually transfer the data into the file before any write request is considered complete. If FILE_NO_INTERMEDIATE_BUFFERING is set, the server assumes that FILE_WRITE_THROUGH is set in the create request.
FILE_SEQUENTIAL_ONLY 0x00000004	This option indicates that access to the file may be sequential. The server may use this information to influence its caching and read-ahead strategy for this file. The file may in fact be accessed randomly, but the server may optimize its caching and read-ahead policy for sequential access.
FILE_NO_INTERMEDIATE_BUFFERING 0x00000008	The file SHOULD NOT be cached or buffered in an internal buffer by the server. This option is incompatible when the FILE_APPEND_DATA bit field is set in the DesiredAccess field.
FILE_SYNCHRONOUS_IO_ALERT 0x00000010	This flag MUST be ignored by the server, and clients SHOULD set this to 0.<51>
FILE_SYNCHRONOUS_IO_NONALERT 0x00000020	This flag MUST be ignored by the server, and clients SHOULD set this to 0.<52>
FILE_NON_DIRECTORY_FILE 0x00000040	If the file being opened is a directory, the server MUST fail the request with STATUS_FILE_IS_A_DIRECTORY in the Status field of the SMB header in the server response.
FILE_CREATE_TREE_CONNECTION 0x00000080	This option SHOULD NOT be sent by the clients, and this option MUST be ignored by the server.
FILE_COMPLETE_IF_OPLOCKED 0x00000100	This option SHOULD NOT be sent by the clients, and this option MUST be ignored by the server.
FILE_NO_EA_KNOWLEDGE 0x00000200	The application that initiated the client's request does not understand extended attributes (EAs). If the EAs on an existing file being opened indicate that the caller SHOULD understand EAs to correctly interpret the file, the server SHOULD fail this request with STATUS_ACCESS_DENIED in the Status field of the SMB header in the server response.
FILE_OPEN_FOR_RECOVERY 0x00000400	This option SHOULD NOT be sent by the clients, and this option MUST be ignored if received by the server.
FILE_RANDOM_ACCESS 0x00000800	Indicates that access to the file may be random. The server may use this information to influence its caching and read-ahead strategy for this file. This is a hint to the server that sequential read-ahead operations may not be appropriate on the file.
FILE_DELETE_ON_CLOSE 0x00001000	The file SHOULD be automatically deleted when the last open request on this file is closed. When this option is set, the DesiredAccess field MUST include the DELETE flag. This option is often used for temporary files.
FILE_OPEN_BY_FILE_ID 0x00002000	Opens a file based on the FileId. If this option is set, the server MUST fail the request with STATUS_NOT_SUPPORTED in the Status field of the SMB header in the server response.
FILE_OPEN_FOR_BACKUP_INTENT 0x00004000	The file is being opened or created for the purposes of either a backup or a restore operation. Thus, the server may make appropriate checks to ensure that the caller is capable of overriding whatever security checks have been placed on the file to allow a backup or restore operation to occur. The server may choose to check for certain access rights to the file before checking the DesiredAccess field.
FILE_NO_COMPRESSION 0x00008000	When a new file is created, the file MUST not be compressed even it is on a compressed volume. The flag MUST be ignored when opening an existing file.
FILE_RESERVE_OPFILTER 0x00100000	This option SHOULD NOT be sent by the clients, and this option MUST be ignored if received by the server.
FILE_OPEN_REPARSE_POINT 0x00200000	If the file or directory being opened is a reparse point, this option requests that the server open the reparse point itself, rather than the target to which the reparse point points.
FILE_OPEN_NO_RECALL 0x00400000	In a hierarchical storage management environment, this option requests that the file SHOULD NOT be recalled from tertiary storage such as tape. A file recall can take up to several minutes in a hierarchical storage management environment. The clients can specify this option to avoid such delays.
FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000	This option SHOULD NOT be sent by the clients, and this option MUST be ignored if received by the server.

ImpersonationLevel (4 bytes): This field specifies the information given to the server about the client and how the server MUST represent, or impersonate, the client. Security impersonation levels govern the degree to which a server process can act on behalf of a client process. This field MUST be set to one of the following values.<53>

Value	Meaning
SECURITY_ANONYMOUS 0x00000000	The server cannot obtain identification information about the client, and it cannot impersonate the client.
SECURITY_IDENTIFICATION 0x00000001	The server can obtain security information about the client, such as security identifiers (SIDs) and privileges, but it cannot impersonate the client. This is useful for servers that export their own objects; for example, database products that export tables and views. Using the retrieved client-security information, the server can make access-validation decisions without being capable of using other services that are using the client's security context.
SECURITY_IMPERSONATION 0x00000002	The server can impersonate the client's security context on the server system. The server cannot impersonate the client on other remote systems.
SECURITY_DELEGATION 0x00000003	The server can impersonate the client's security context on the server system and on remote systems.

If the upper-layer protocols do not specify any of the previous values, the SMB client MUST default to SECURITY_IMPERSONATION.

SecurityFlags (1 byte): A set of options that specify the security tracking mode. These options specify whether the server is to be given a snapshot of the client's security context (called static tracking) or is to be continually updated to track changes to the client's security context (called dynamic tracking). When bit 0 of the SecurityFlags field is set to FALSE, static tracking is requested. When bit 0 the SecurityFlags field is set to TRUE, dynamic tracking is requested. Unused bit fields SHOULD be set to 0 by the client when sending a request and MUST be ignored when received by the server. This field MUST be set to 0 or a combination of the following possible values.<54>

Value	Meaning
SMB_SECURITY_CONTEXT_TRACKING 0x01	When set, dynamic tracking is requested. When this bit field is not set, static tracking is requested.
SMB_SECURITY_EFFECTIVE_ONLY 0x02	Specifies that only the enabled aspects of the client's security context are available to the server. If this flag is not specified, all aspects of the client's security context are available. This flag allows the client to limit the groups and privileges that a server can use while impersonating the client.

ByteCount (2 bytes): The number of data bytes in the Data buffer in this packet. If SMB_FLAGS2_UNICODE is set in the Flags2 field of the SMB header of the request, this field has a minimum value of 3. If SMB_FLAGS2_UNICODE is not set, this field has a minimum value of 2. This field MUST be the total length of the Name field plus any padding added for alignment.

Name (variable): A string that represents the name of the file to open or create on the server. If SMB_FLAGS2_UNICODE is set in the Flags2 field of the SMB header of the request, the Name string MUST be a null-terminated array of 16-bit Unicode characters. Otherwise, the Name string MUST be a null-terminated array of ASCII characters. If the Name string consists of Unicode characters, this field MUST be aligned to start on a 2-byte boundary from the start of the SMB header.