2.2.4.9.1 Client Request Extensions

An SMB_COM_NT_CREATE_ANDX request is sent by a client to open a file or device on the server. This extension adds the following:

  • An additional flag bit is added to the Flags field of the SMB_COM_NT_CREATE_ANDX request. The additional flag, NT_CREATE_REQUEST_EXTENDED_RESPONSE, is used to request an extended response from the server.

  • An additional parameter value is added to the ImpersonationLevel field. SECURITY_DELEGATION is added to allow the server to call other servers while impersonating the original client.

  • An additional flag bit is added to the CreateOptions field. The additional flag, FILE_OPEN_REPARSE_POINT, is used to open a reparse point file itself.

All other fields are as specified in [MS-CIFS] section 2.2.4.64.1.<48>

 SMB_Parameters
   {
   UCHAR WordCount;
   Words
     {
     UCHAR         AndXCommand;
     UCHAR         AndXReserved;
     USHORT        AndXOffset;
     UCHAR         Reserved;
     USHORT        NameLength;
     ULONG         Flags;
     ULONG         RootDirectoryFID;
     ULONG         DesiredAccess;
     LARGE_INTEGER AllocationSize;
     SMB_EXT_FILE_ATTR      ExtFileAttributes;
     ULONG         ShareAccess;
     ULONG         CreateDisposition;
     ULONG         CreateOptions;
     ULONG         ImpersonationLevel;
     UCHAR         SecurityFlags;
     }
   }
 SMB_Data
   {
   USHORT ByteCount;
   Bytes
     {
     SMB_STRING FileName;
     }
   }

SMB_Parameters

Words (48 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

AndXCommand

AndXReserved

AndXOffset

Reserved

NameLength

Flags

...

RootDirectoryFID

...

DesiredAccess

...

AllocationSize

...

...

ExtFileAttributes

...

ShareAccess

...

CreateDisposition

...

CreateOptions

...

ImpersonationLevel

...

SecurityFlags

Flags (4 bytes): A set of flags that modify the client request, as defined in the table below. NT_CREATE_REQUEST_EXTENDED_RESPONSE is new to MS-SMB. All other flags are included in the table for completeness. Unused bits SHOULD be set to zero by the client when sending a request and MUST be ignored when received by the server.

Name & bitmask

Meaning

NT_CREATE_REQUEST_OPLOCK

0x00000002

If set, then the client is requesting an oplock.

NT_CREATE_REQUEST_OPBATCH

0x00000004

If set, then the client is requesting a batch oplock.

NT_CREATE_OPEN_TARGET_DIR

0x00000008

If set, then the client indicates that the parent directory of the target is to be opened.

NT_CREATE_REQUEST_EXTENDED_RESPONSE

0x00000010

If set, then the client is requesting extended information in the response.

ImpersonationLevel (4 bytes): This field specifies the impersonation level requested by the application that is issuing the create request, and MUST contain one of the following values. The server MUST validate this field, but otherwise ignore it.

Impersonation is described in [MS-WPO] section 9.7; for more information about impersonation, see [MSDN-IMPERS].

Value

Meaning

SECURITY_ANONYMOUS

0x00000000

The application-requested impersonation level is Anonymous.

SECURITY_IDENTIFICATION

0x00000001

The application-requested impersonation level is Identification.

SECURITY_IMPERSONATION

0x00000002

The application-requested impersonation level is Impersonation.

SECURITY_DELEGATION

0x00000003

The application-requested impersonation level is Delegation.

CreateOptions (4 bytes): A 32-bit field containing flag options for creating a file or directory. In addition to the flags specified in [MS-CIFS] section 2.2.4.64, the following modifications and extensions apply to the CreateOptions field. FILE_OPEN_REPARSE_POINT is a new flag to SMB. The CreateOptions field MUST be set to 0x00000000 or to a combination of the flags specified in the [MS-CIFS] section 2.2.4.64 CreateOptions table and the following table. Unused bit fields SHOULD be set to 0 when sent and MUST be ignored on receipt. Server implementations SHOULD reserve all bits not specified in the [MS-CIFS] section 2.2.4.64 CreateOptions table and the following table.

Name and bitmask

Meaning

FILE_OPEN_REPARSE_POINT

0x00200000

If the file or directory being opened is a reparse point, open the reparse point itself rather than the target that the reparse point references.

Show: