Export (0) Print
Expand All

4.2 Previous File Version Enumeration

The following example shows how the client accesses a previous version of the share root folder. It is assumed that the client has already authenticated, established a tree connect to the target share, and opened a handle to the root directory, as specified in [MS-CIFS]. Thus, Frame 1 is not truly the first frame for the connection, but it is referred to as the starting point for this operation.

Previous file version enumeration sequence

Figure 5: Previous file version enumeration sequence

The first step is to enumerate the list of available snapshots on the server by using the FSCTL_SRV_ENUMERATE_SNAPSHOT command. The client requests the list of snapshots that are available on the server by using the root handle Fid. The server returns the list of snapshots in the format that is defined in the preceding figure. In this example, the server has one snapshot total for the root folder, the payload contains one snapshot string, the payload size is 0x34 bytes, and the snapshot name is @GMT-2006.04.26-04-08-27. The last 2 bytes of the payload are the snapshot strings 16-bit Unicode NULL delimiter.

FRAME 1. Client requests FSCTL_SRV_ENUMERATE_SNAPSHOTS

 Client -> Server: Command = SMB_COM_NT_TRANSACT
 NT IOCTL Function Code 0x00144064 FSCTL_SRV_ENUMERATE_SNAPSHOTS
 File ID (Fid) = 16391 (0x4007)
  

FRAME 2. Server response with list of snapshots

  
 Server -> Client: Command = SMB_COM_NT_TRANSACT
 NT status code = 0x0, STATUS_SUCCESS
 Payload contained in Data buffer as defined in section 3.1.5.4:
 00090:        01 00 00 00 01 00 00 00 34 00 00 00 40 00   ..........4...@.
 000A0:  47 00 4D 00 54 00 2D 00 32 00 30 00 30 00 36 00   G.M.T.-.2.0.0.6.
 000B0:  2E 00 30 00 34 00 2E 00 32 00 36 00 2D 00 30 00   ..0.4...2.6.-.0.
 000C0:  34 00 2E 00 30 00 38 00 2E 00 32 00 37 00 00 00   4...0.8...2.7...
 000D0:  00 00   
  

The client uses standard SMB commands to access the snapshot. The client also indicates in the header Flags2 that the name in the request is tokenized with the previous version information. This indicates to the server that the client is accessing a previous version of the path. The server processes the request and returns the path information for the snapshot directory rather than to the current directory.

FRAME 3. Client requests path information for snapshot 2006/04/26 04:08:27 AM

  
 Client -> Server: Command = SMB_COM_TRANSACTION2
 Flags2 Summary = 52231 (0xCC07)
   1100 1100 0000 0111
   ....  .1..  ....  ....  = File name is tokenized with Previous 
 Version Information
 Transact2 function = Query path info
 File name =\@GMT-2006.04.26-04.08.27
 00080:                                      5C 00 40 00   
 ……............\.@.
 00090:  47 00 4D 00 54 00 2D 00 32 00 30 00 30 00 36 00   G.M.T.-.2.0.0.6.
 000A0:  2E 00 30 00 34 00 2E 00 32 00 36 00 2D 00 30 00   ..0.4...2.6.-.0.
 000B0:  34 00 2E 00 30 00 38 00 2E 00 32 00 37 00 00 00   4...0.8...2.7...
  

FRAME 4. Server response with snapshot path information

  
 Server -> Client: Command = SMB_COM_TRANSACTION2
 NT status code = 0x0, STATUS_SUCCESS
 Data bytes = 40 (0x28)
  
  

Payload contains path information for specified snapshot version

Similar to its behavior during the query path exchange, the client specifies the previous version of the root folder in an open request. The server processes the request and returns an Fid for the specified previous version of the path.

FRAME 5. Client open request for version 2006/04/26 04:08:27 AM on "\"

  
 Client -> Server: Command = SMB_COM_NT_CREATE_ANDX
 Flags2 Summary = 52231 (0xCC07)
   1100 1100 0000 0111
   ....  .1..  ....  ....  = File name is tokenized with Previous 
 Version Information
 Create Disposition = Open:  If exist, Open, else fail
             File name =\@GMT-2006.04.26-04.08.27
  

FRAME 6. Server open root folder and returns Fid

  
 Server -> Client: Command = SMB_COM_NT_CREATE_ANDX
 NT status code = 0x0, STATUS_SUCCESS
 File ID (Fid) = 16392 (0x4008)
 Create Action = File Opened
  

These similar steps can be used to open a file rather than a directory on a remote volume. In that case, the @GMT token is contained in the relative path, such as \directory\@GMT-2006.04.26-04.08.27\file.txt. This path can be used to query attributes or to open a file. The resulting Fid is used to read its contents.

Likewise, the @GMT token path in the example can be used as part of a TRANS2_FIND_FIRST2 and TRANS2_FIND_NEXT2 to enumerate the contents of the volume at the time of the snapshot.

Show:
© 2016 Microsoft