Home Library Learn Samples Downloads Support Community Forums
This topic has not yet been rated - Rate this topic

4.2 Previous File Version Enumeration

The following example shows how the client accesses a previous version of the share root folder. It is assumed that the client has already authenticated, established a tree connect to the target share, and opened a handle to the root directory, as specified in [MS-CIFS]. Thus, Frame 1 is not truly the first frame for the connection, but it is referred to as the starting point for this operation.

518765d4-fbd7-421c-843a-43da9b57653f

Figure 5: Previous file version enumeration sequence

The first step is to enumerate the list of available snapshots on the server by using the FSCTL_SRV_ENUMERATE_SNAPSHOT command. The client requests the list of snapshots that are available on the server by using the root handle Fid. The server returns the list of snapshots in the format that is defined in the preceding figure. In this example, the server has one snapshot total for the root folder, the payload contains one snapshot string, the payload size is 0x34 bytes, and the snapshot name is @GMT-2006.04.26-04-08-27. The last 2 bytes of the payload are the snapshot strings 16-bit Unicode NULL delimiter.

FRAME 1. Client requests FSCTL_SRV_ENUMERATE_SNAPSHOTS

Client -> Server: Command = SMB_COM_NT_TRANSACT
NT IOCTL Function Code 0x00144064 FSCTL_SRV_ENUMERATE_SNAPSHOTS
File ID (Fid) = 16391 (0x4007)

FRAME 2. Server response with list of snapshots

Server -> Client: Command = SMB_COM_NT_TRANSACT
NT status code = 0x0, STATUS_SUCCESS
Payload contained in Data buffer as defined in section 3.1.5.4:
00090:        01 00 00 00 01 00 00 00 34 00 00 00 40 00   ..........4...@.
000A0:  47 00 4D 00 54 00 2D 00 32 00 30 00 30 00 36 00   G.M.T.-.2.0.0.6.
000B0:  2E 00 30 00 34 00 2E 00 32 00 36 00 2D 00 30 00   ..0.4...2.6.-.0.
000C0:  34 00 2E 00 30 00 38 00 2E 00 32 00 37 00 00 00   4...0.8...2.7...
000D0:  00 00

The client uses standard SMB commands to access the snapshot. The client also indicates in the header Flags2 that the name in the request is tokenized with the previous version information. This indicates to the server that the client is accessing a previous version of the path. The server processes the request and returns the path information for the snapshot directory rather than to the current directory.

FRAME 3. Client requests path information for snapshot 2006/04/26 04:08:27 AM

Client -> Server: Command = SMB_COM_TRANSACTION2
Flags2 Summary = 52231 (0xCC07)
  1100 1100 0000 0111
  ....  .1..  ....  ....  = File name is tokenized with Previous 
Version Information
Transact2 function = Query path info
File name =\@GMT-2006.04.26-04.08.27
00080:                                      5C 00 40 00   
……............\.@.
00090:  47 00 4D 00 54 00 2D 00 32 00 30 00 30 00 36 00   G.M.T.-.2.0.0.6.
000A0:  2E 00 30 00 34 00 2E 00 32 00 36 00 2D 00 30 00   ..0.4...2.6.-.0.
000B0:  34 00 2E 00 30 00 38 00 2E 00 32 00 37 00 00 00   4...0.8...2.7...

FRAME 4. Server response with snapshot path information

Server -> Client: Command = SMB_COM_TRANSACTION2
NT status code = 0x0, STATUS_SUCCESS
Data bytes = 40 (0x28)

Payload contains path information for specified snapshot version

Similar to its behavior during the query path exchange, the client specifies the previous version of the root folder in an open request. The server processes the request and returns an Fid for the specified previous version of the path.

FRAME 5. Client open request for version 2006/04/26 04:08:27 AM on "\"

Client -> Server: Command = SMB_COM_NT_CREATE_ANDX
Flags2 Summary = 52231 (0xCC07)
  1100 1100 0000 0111
  ....  .1..  ....  ....  = File name is tokenized with Previous 
Version Information
Create Disposition = Open:  If exist, Open, else fail
            File name =\@GMT-2006.04.26-04.08.27

FRAME 6. Server open root folder and returns Fid

Server -> Client: Command = SMB_COM_NT_CREATE_ANDX
NT status code = 0x0, STATUS_SUCCESS
File ID (Fid) = 16392 (0x4008)
Create Action = File Opened

These similar steps can be used to open a file rather than a directory on a remote volume. In that case, the @GMT token is contained in the relative path, such as \directory\@GMT-2006.04.26-04.08.27\file.txt. This path can be used to query attributes or to open a file. The resulting Fid is used to read its contents.

Likewise, the @GMT token path in the example can be used as part of a TRANS2_FIND_FIRST2 and TRANS2_FIND_NEXT2 to enumerate the contents of the volume at the time of the snapshot.

 
Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.