1.1 Glossary

This document uses the following terms:

8.3 name: A file name string restricted in length to 12 characters that includes a base name of up to eight characters, one character for a period, and up to three characters for a file name extension. For more information on 8.3 file names, see [MS-CIFS] section

ASCII: The American Standard Code for Information Interchange (ASCII) is an 8-bit character-encoding scheme based on the English alphabet. ASCII codes represent text in computers, communications equipment, and other devices that work with text. ASCII refers to a single 8-bit ASCII character or an array of 8-bit ASCII characters with the high bit of each character set to zero.

authentication: The ability of one entity to determine the identity of another entity.

blocking mode: Determines if input/output (I/O) operations will wait for their entire data to be transferred before returning to the caller. For a write operation, if blocking is enabled, the write request will not complete until the named pipe reader has consumed all of the data inserted into the named pipe as part of a write request. If blocking is not enabled, the write will complete as soon as the data has been inserted into the named pipe, regardless of when the data in the named pipe is consumed. For a read operation, if blocking is enabled, the read request will be suspended until the data is available to be read. If blocking is not enabled, the read will complete immediately, even if there is no data available to be read.

broadcast: A style of resource location or data transmission in which a client makes a request to all parties on a network simultaneously (a one-to-many communication). Also, a mode of resource location that does not use a name service.

byte mode: One of two kinds of named pipe, the other of which is message mode. In byte mode, the data sent or received on the named pipe does not have message boundaries but is treated as a continuous stream. [XOPEN-SMB] uses the term stream mode instead of byte mode, and [SMB-LM1X] refers to byte mode as byte stream mode.

Common Internet File System (CIFS): The "NT LM 0.12" / NT LAN Manager dialect of the Server Message Block (SMB) Protocol, as implemented in Windows NT. The CIFS name originated in the 1990's as part of an attempt to create an Internet standard for SMB, based upon the then-current Windows NT implementation.

connection: Each user that has a session with a server can create multiple share connections, or resource connections, using that user ID. This resource connection is created using a tree connect Server Message Block (SMB) and is identified by an SMB TreeID or TID.

deprecated: A deprecated feature is one that has been superseded in the protocol by a newer feature. Use of deprecated features is discouraged. Server implementations might need to implement deprecated features to support clients that negotiate earlier SMB dialects.

dialog: The exchange of messages between client and server over a given SMB connection.

discretionary access control list (DACL): An access control list (ACL) that is controlled by the owner of an object and that specifies the access particular users or groups can have to the object.

disk: A persistent storage device that can include physical hard disks, removable disk units, optical drive units, and logical unit numbers (LUNs) unmasked to the system.

Distributed File System (DFS): A file system that logically groups physical shared folders located on different servers by transparently connecting them to one or more hierarchical namespaces. DFS also provides fault-tolerance and load-sharing capabilities. DFS refers to the Microsoft DFS available in Windows Server operating system platforms.

Distributed File System (DFS) namespace: A virtual view of shares on different servers as provided by DFS. Each file in the namespace has a logical name and a corresponding address (path). A DFS namespace consists of a root and many links and targets. The namespace starts with a root that maps to one or more root targets. Below the root are links that map to their own targets.

Distributed File System (DFS) path: Any Universal Naming Convention (UNC) path that starts with a DFS root and is used for accessing a file or directory in a DFS namespace.

Distributed File System (DFS) referral: A DFS client issues a DFS referral request to a DFS root target or a DC, depending on the DFS path accessed, to resolve a DFS root to a set of DFS root targets, or a DFS link to a set of DFS link targets. The DFS client uses the referral request process as needed to finally identify the actual share on a server that has accessed the leaf component of the DFS path. The request for a DFS referral is referred to as DFS referral request, and the response for such a request is referred to as DFS referral response.

Distributed File System (DFS) referral request: The request for a DFS referral.

Distributed File System (DFS) referral response: The response to a Distributed File System (DFS) referral request.

encryption: In cryptography, the process of obscuring information to make it unreadable without special knowledge.

error code: An integer that indicates success or failure. In Microsoft implementations, this is defined as a Windows error code. A zero value indicates success; a nonzero value indicates failure.

exchange: A pair of messages, consisting of a request and a response.

Fid: A 16-bit value that the Server Message Block (SMB) server uses to represent an opened file, named pipe, printer, or device. A Fid is returned by an SMB server in response to a client request to open or create a file, named pipe, printer, or device. The SMB server guarantees that the Fid value returned is unique for a given SMB connection until the SMB connection is closed, at which time the Fid value can be reused. The Fid is used by the SMB client in subsequent SMB commands to identify the opened file, named pipe, printer, or device.

file: An entity of data in the file system that a user can access and manage. A file must have a unique name in its directory. It consists of one or more streams of bytes that hold a set of related data, plus a set of attributes (also called properties) that describe the file or the data within the file. The creation time of a file is an example of a file attribute.

file attribute: A 32-bit bitmask containing information on a file's properties. For instance, 0x00000001 is used for the read-only attribute.

file system control (FSCTL): A command issued to a file system to alter or query the behavior of the file system and/or set or query metadata that is associated with a particular file or with the file system itself.

flags: A set of values used to configure or report options or settings.

guest account: A security account available to users who do not have an account on the computer.

I/O control (IOCTL): A command that is issued to a target file system or target device in order to query or alter the behavior of the target; or to query or alter the data and attributes that are associated with the target or the objects that are exposed by the target.

information level: A number used to identify the volume, file, or device information being requested by a client. Corresponding to each information level, the server returns a specific structure to the client that contains different information in the response.

Internet Protocol version 6 (IPv6): A revised version of the Internet Protocol (IP) designed to address growth on the Internet. Improvements include a 128-bit IP address size, expanded routing capabilities, and support for authentication and privacy.

Internetwork Packet Exchange (IPX): A protocol (see [IPX]) maintained by Novell's NetWare product that provides connectionless datagram delivery of messages. IPX is based on Xerox Corporation's Internetwork Packet protocol, XNS.

little-endian: Multiple-byte values that are byte-ordered with the least significant byte stored in the memory location with the lowest address.

mailslot: A mechanism for one-way interprocess communications (IPC). For more information, see [MSLOT] and [MS-MAIL].

message mode: A named pipe can be of two types: byte mode or message mode. In byte mode, the data sent or received on the named pipe does not have message boundaries but is treated as a continuous Stream. In message mode, message boundaries are enforced.

named pipe: A named, one-way, or duplex pipe for communication between a pipe server and one or more pipe clients.

NetBIOS: A particular network transport that is part of the LAN Manager protocol suite. NetBIOS uses a broadcast communication style that was applicable to early segmented local area networks. The LAN Manager protocols were the default in Windows NT operating system environments prior to Windows 2000 operating system. A protocol family including name resolution, datagram, and connection services. For more information, see [RFC1001] and [RFC1002].

NetBIOS datagram service: An implementation of NetBIOS services in a datagram environment as specified in [RFC1001] section 17.

NetBIOS name: A 16-byte address that is used to identify a NetBIOS resource on the network. For more information, see [RFC1001] and [RFC1002].

NetBIOS Name Server (NBNS): A server that stores NetBIOS name-to-IPv4 address mappings and that resolves NetBIOS names for NBT-enabled hosts. A server running the Windows Internet Name Service (WINS) is the Microsoft implementation of an NBNS.

network address translation (NAT): The process of converting between IP addresses used within an intranet, or other private network, and Internet IP addresses.

non-blocking mode (of a named pipe): Determines if input/output (I/O) operations on a named pipe will return to the caller without waiting for the data transfer to complete. When non-blocking mode is set, read requests return with all data available to be read from the named pipe, up to the maximum read size set in the request; write requests return after writing data to the named pipe without waiting for the data to be consumed.

NT file system (NTFS): A proprietary Microsoft file system. For more information, see [MSFT-NTFS].

NT LAN Manager (NTLM): A Microsoft authentication protocol that is based on a challenge-response sequence for authentication. NT refers to the Windows operating system. For more information, see [MS-NLMP].

object store: A system that provides the ability to create, query, modify, or apply policy to a local resource on behalf of a remote client. The object store is backed by a file system, a named pipe, or a print job that is accessed as a file.

Obsolescent: A feature that has no replacement but is becoming obsolete. Although the use of obsolescent features is discouraged, server implementations might need to implement them to support clients that negotiate earlier SMB dialects.

obsolete: An obsolete feature is one that was introduced in an earlier dialect but that is no longer supported in the NT LAN Manager dialect. Support for obsolete features is to be avoided in new implementations.

open: A runtime object that corresponds to a currently established access to a specific file or a named pipe from a specific client to a specific server, using a specific user security context. Both clients and servers maintain opens that represent active accesses.

oplock break: An unsolicited request sent by a Server Message Block (SMB) server to an SMB client to inform the client to change the oplock level for a file.

opportunistic lock (oplock): A mechanism designed to allow clients to dynamically alter their buffering strategy in a consistent manner to increase performance and reduce network use. The network performance for remote file operations may be increased if a client can locally buffer file data, which reduces or eliminates the need to send and receive network packets. For example, a client may not have to write information into a file on a remote server if the client knows that no other process is accessing the data. Likewise, the client may buffer read-ahead data from the remote file if the client knows that no other process is writing data to the remote file.  There are three types of oplocks: Exclusive oplock allows a client to open a file for exclusive access and allows the client to perform arbitrary buffering. Batch oplock allows a client to keep a file open on the server even though the local accessor on the client machine has closed the file.  Level II oplock indicates that there are multiple readers of a file and no writers. Level II Oplocks are supported if the negotiated SMB Dialect is NT LM 0.12 or later. When a client opens a file, it requests the server to grant it a particular type of oplock on the file. The response from the server indicates the type of oplock granted to the client. The client uses the granted oplock type to adjust its buffering policy.

original equipment manufacturer (OEM) character: An 8-bit encoding used in MS-DOS and Windows operating systems to associate a sequence of bits with specific characters. The ASCII character set maps the letters, numerals, and specified punctuation and control characters to the numbers from 0 to 127. The term "code page" is used to refer to extensions of the ASCII character set that map specified characters and symbols to the numbers from 128 to 255. These code pages are referred to as OEM character sets. For more information, see [MSCHARSET].

original equipment manufacturer (OEM) character set: A character encoding used where the mappings between characters is dependent upon the code page configured on the machine, typically by the manufacturer.

path: When referring to a file path on a file system, a hierarchical sequence of folders. When referring to a connection to a storage device, a connection through which a machine can communicate with the storage device.

pipe instance: A request to open a named pipe by a client application. Multiple Server Message Block (SMB) clients can open the same named pipe. Each request to open the same named pipe is a pipe instance.

pipe state: A series of attributes that describe how the pipe interacts with processes for various input/output (I/O) operations and that indicate how much data is currently available to be read from the named pipe.

print job: The rendered page description language (PDL) output data sent to a print device for a particular application or user request.

process identifier (PID): A nonzero integer used by some operating systems (for example, Windows and UNIX) to uniquely identify a process. For more information, see [PROCESS].

raw read (on a named pipe): The act of reading data from a named pipe that ignores message boundaries even if the pipe was set up as a message mode pipe.

RPC client: A computer on the network that sends messages using remote procedure call (RPC) as its transport, waits for responses, and is the initiator in an RPC exchange.

RPC server: A computer on the network that waits for messages, processes them when they arrive, and sends responses using RPC as its transport acts as the responder during a remote procedure call (RPC) exchange.

security context: An abstract data structure that contains authorization information for a particular security principal in the form of a Token/Authorization Context (see [MS-DTYP] section 2.5.2). A server uses the authorization information in a security context to check access to requested resources. A security context also contains a key identifier that associates mutually established cryptographic keys, along with other information needed to perform secure communication with another security principal.

security descriptor: A data structure containing the security information associated with a securable object. A security descriptor identifies an object's owner by its security identifier (SID). If access control is configured for the object, its security descriptor contains a discretionary access control list (DACL) with SIDs for the security principals who are allowed or denied access. Applications use this structure to set and query an object's security status. The security descriptor is used to guard access to an object as well as to control which type of auditing takes place when the object is accessed. The security descriptor format is specified in [MS-DTYP] section 2.4.6; a string representation of security descriptors, called SDDL, is specified in [MS-DTYP] section 2.5.1.

Server Message Block (SMB): A protocol that is used to request file and print services from server systems over a network. The SMB protocol extends the CIFS protocol with additional security, file, and disk management support. For more information, see [CIFS] and [MS-SMB].

Server Service: The CIFS file sharing service. The Server Service registers a NetBIOS name with a suffix byte value of 0x20 and responds to SMB commands.

session: In Server Message Block (SMB), a persistent-state association between an SMB client and SMB server. A session is tied to the lifetime of the underlying NetBIOS or TCP connection.

session key: A relatively short-lived symmetric key (a cryptographic key negotiated by the client and the server based on a shared secret). A session key's lifespan is bounded by the session to which it is associated. A session key has to be strong enough to withstand cryptanalysis for the lifespan of the session.

share: A resource offered by a Common Internet File System (CIFS) server for access by CIFS clients over the network. A share typically represents a directory tree and its included files (referred to commonly as a "disk share" or "file share") or a printer (a "print share"). If the information about the share is saved in persistent store (for example, Windows registry) and reloaded when a file server is restarted, then the share is referred to as a "sticky share". Some share names are reserved for specific functions and are referred to as special shares: IPC$, reserved for interprocess communication, ADMIN$, reserved for remote administration, and A$, B$, C$ (and other local disk names followed by a dollar sign), assigned to local disk devices.

share connect: The act of establishing authentication and shared state between a Common Internet File System (CIFS) server and client that allows a CIFS client to access a share offered by the CIFS server.

SMB command: A set of SMB messages that are exchanged in order to perform an operation. An SMB command is typically identified by a unique command code in the message headers, although some SMB commands require the use of secondary commands. Within [MS-CIFS], the term command means an SMB command unless otherwise stated.

SMB connection: A transport connection between a Server Message Block (SMB) client and an SMB server. The SMB connection is assumed to provide reliable in-order message delivery semantics. An SMB connection can be established over any available SMB transport that is supported by both the SMB client and the SMB server, as specified in [MS-CIFS].

SMB dialect: There are several different versions and subversions of the Server Message Block (SMB) protocol. A particular version of the SMB protocol is referred to as an SMB dialect. Different SMB dialects can include both new SMB messages as well as changes to the fields and semantics of existing SMB messages used in other SMB dialects. When an SMB client connects to an SMB server, the client and server negotiate the SMB dialect to be used.

SMB message: A protocol data unit. SMB messages are comprised of a header, a parameter section, and a data section. The latter two can be zero length. An SMB message is sometimes referred to simply as an SMB. Within [MS-CIFS], the term command means an SMB command unless otherwise stated.

SMB session: An authenticated user connection established between an SMB client and an SMB server over an SMB connection. There can be multiple active SMB sessions over a single SMB connection. The Uid field in the SMB packet header distinguishes the various sessions.

SMB transport: Any protocol that acts as a transport layer for the SMB Protocol.

system access control list (SACL): An access control list (ACL) that controls the generation of audit messages for attempts to access a securable object. The ability to get or set an object's SACL is controlled by a privilege typically held only by system administrators.

Transmission Control Protocol (TCP): A protocol used with the Internet Protocol (IP) to send data in the form of message units between computers over the Internet. TCP handles keeping track of the individual units of data (called packets) that a message is divided into for efficient routing through the Internet.

tree connect: A connection between a CIFS client and a share on a remote CIFS server.

Unicode: A character encoding standard developed by the Unicode Consortium that represents almost all of the written languages of the world. The Unicode standard [UNICODE5.0.0/2007] provides three forms (UTF-8, UTF-16, and UTF-32) and seven schemes (UTF-8, UTF-16, UTF-16 BE, UTF-16 LE, UTF-32, UTF-32 LE, and UTF-32 BE).

Unicode character: Unless otherwise specified, a 16-bit UTF-16 code unit.

Unicode string: A Unicode 8-bit string is an ordered sequence of 8-bit units, a Unicode 16-bit string is an ordered sequence of 16-bit code units, and a Unicode 32-bit string is an ordered sequence of 32-bit code units. In some cases, it could be acceptable not to terminate with a terminating null character. Unless otherwise specified, all Unicode strings follow the UTF-16LE encoding scheme with no Byte Order Mark (BOM).

unique identifier (UID): A pair consisting of a GUID and a version sequence number to identify each resource uniquely. The UID is used to track the object for its entire lifetime through any number of times that the object is modified or renamed.

Universal Naming Convention (UNC): A string format that specifies the location of a resource. For more information, see [MS-DTYP] section 2.2.57.

User Datagram Protocol (UDP): The connectionless protocol within TCP/IP that corresponds to the transport layer in the ISO/OSI reference model.

virtual circuit (VC): A transport-level connection between a CIFS client and a server. Some references use the term "virtual connection" instead of "virtual circuit".

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.