2.2.7.1.1 Request

The NT_TRANSACT_CREATE requestFILE_SEQUENTIAL_ONLY format is a special case of SMB_COM_NT_TRANSACT (section 2.2.4.62) SMB. The NT_TRANSACT_CREATE request specifics are described here.

 NT_Trans_Parameters
   {
   ULONG         Flags;
   ULONG         RootDirectoryFID;
   ULONG         DesiredAccess;
   LARGE_INTEGER AllocationSize;
   SMB_EXT_FILE_ATTR ExtFileAttributes;
   ULONG         ShareAccess;
   ULONG         CreateDisposition;
   ULONG         CreateOptions;
   ULONG         SecurityDescriptorLength;
   ULONG         EALength;
   ULONG         NameLength;
   ULONG         ImpersonationLevel;
   UCHAR         SecurityFlags;
   UCHAR         Name[NameLength];
   }
 NT_Trans_Data
   {
   SECURITY_DESCRIPTOR      SecurityDescriptor;
   FILE_FULL_EA_INFORMATION ExtendedAttributes[];
   }
  

SMB_Parameters:

WordCount (1 byte): This field MUST be 0x13.

Words (38 bytes): Array of USHORT

Function (2 bytes): USHORT This field MUST be NT_TRANSACT_CREATE (0x0001).

SetupCount (1 byte): This field MUST be 0x00.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

NT_Trans_Parameters (variable)

...

NT_Trans_Data (variable)

...

NT_Trans_Parameters (variable): The format of the parameters is very similar to the SMB_COM_NT_CREATE_ANDX command.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Flags

RootDirectoryFID

DesiredAccess

AllocationSize

...

ExtFileAttributes

ShareAccess

CreateDisposition

CreateOptions

SecurityDescriptorLength

EALength

NameLength

ImpersonationLevel

SecurityFlags

Name (variable)

...

Flags (4 bytes): ULONG A 32-bit field containing a set of flags that modify the client request. Unused bits SHOULD be set to 0 by the client when sending a message and MUST be ignored when received by the server.

Name and bitmask

Meaning

NT_CREATE_REQUEST_OPLOCK

0x00000002

Level I (exclusive) OpLock requested.

NT_CREATE_REQUEST_OPBATCH

0x00000004

Batch OpLock requested.

NT_CREATE_OPEN_TARGET_DIR

0x00000008

The parent directory of the target is to be opened.

RootDirectoryFID (4 bytes): ULONG If nonzero, this value is the FID of an opened root directory, and the Name field MUST be handled as relative to the directory specified by this FID. If this value is zero (0x00000000), the Name field MUST be handled as relative to the root of the share (the TID). The FID MUST have been acquired in a previous message exchange.

DesiredAccess (4 bytes): ULONG A 32-bit field containing standard, specific, and generic access rights. These rights are used in access-control entries (ACEs) and are the primary means of specifying the requested or granted access to an object. If this value is 0x00000000, it represents a request to query the attributes without accessing the file. If the value is not 0x00000000, the bits represent requests for the following types of access:

Name and bitmask

Meaning

FILE_READ_DATA

0x00000001

Indicates the right to read data from the file.

FILE_WRITE_DATA

0x00000002

Indicates the right to write data into the file beyond the end of the file.

FILE_APPEND_DATA

0x00000004

Indicates the right to append data to the file beyond the end of the file only.

FILE_READ_EA

0x00000008

Indicates the right to read the extended attributes of the file.

FILE_WRITE_EA

0x00000010

Indicates the right to write or change the extended attributes of the file.

FILE_EXECUTE

0x00000020

Indicates the right to execute the file.

FILE_READ_ATTRIBUTES

0x00000080

Indicates the right to read the attributes of the file.

FILE_WRITE_ATTRIBUTES

0x00000100

Indicates the right to change the attributes of the file.

DELETE

0x00010000

Indicates the right to delete or to rename the file.

READ_CONTROL

0x00020000

Indicates the right to read the security descriptor of the file.

WRITE_DAC

0x00040000

Indicates the right to change the discretionary access control list (DACL) in the security descriptor of the file.

WRITE_OWNER

0x00080000

Indicates the right to change the owner in the security descriptor of the file.

SYNCHRONIZE

0x00100000

SHOULD NOT be used by the sender and MUST be ignored by the receiver.

ACCESS_SYSTEM_SECURITY

0x01000000

Indicates the right to read or change the system access control list (SACL) in the security descriptor for the file. If the SE_SECURITY_NAME privilege ([MS-LSAD] section 3.1.1.2.1) is not set in the access token, the server MUST fail the open request and return STATUS_PRIVILEGE_NOT_HELD.

MAXIMUM_ALLOWED

0x02000000

Indicates that the client requests an open to the file with the highest level of access that the client has on this file. If no access is granted for the client on this file, the server MUST fail the open and return a STATUS_ACCESS_DENIED.

GENERIC_ALL

0x10000000

Indicates a request for all of the access flags that are previously listed, except MAXIMUM_ALLOWED and ACCESS_SYSTEM_SECURITY.

GENERIC_EXECUTE

0x20000000

Indicates a request for the following combination of access flags listed previously in this table:

FILE_READ_ATTRIBUTES, FILE_EXECUTE, SYNCHRONIZE, and READ_CONTROL.

GENERIC_WRITE

0x40000000

Indicates a request for the following combination of access flags listed previously in this table:

FILE_WRITE_DATA, FILE_APPEND_DATA, SYNCHRONIZE, FILE_WRITE_ATTRIBUTES, FILE_WRITE_EA, and READ_CONTROL.

GENERIC_READ

0x80000000

Indicates a request for the following combination of access flags listed previously in this table:

FILE_WRITE_DATA, FILE_APPEND_DATA, SYNCHRONIZE, FILE_WRITE_ATTRIBUTES, FILE_WRITE_EA, and READ_CONTROL.

AllocationSize (8 bytes): LARGE_INTEGER The client MUST set this value to the initial allocation size of the file in bytes. The server MUST ignore this field if this request is to open an existing file. This field MUST be used only if the file is created or overwritten. The value MUST be set to 0x0000000000000000 in all other cases. This does not apply to directory-related requests. This is the number of bytes to be allocated, represented as a 64-bit integer value.

ExtFileAttributes (4 bytes): This field contains the extended file attributes of the file being requested, encoded as an SMB_EXT_FILE_ATTR (section 2.2.1.2.3) data type.

ShareAccess (4 bytes): ULONG A 32-bit field that specifies how the file SHOULD be shared with other processes. The names in the table below are provided for reference use only. The value MUST be FILE_SHARE_NONE or some combination of the other values:

Name and bitmask

Meaning

FILE_SHARE_NONE

0x00000000

(No bits set.)

Prevents the file from being shared.

FILE_SHARE_READ

0x00000001

Other open operations can be performed on the file for read access.

FILE_SHARE_WRITE

0x00000002

Other open operations can be performed on the file for write access.

FILE_SHARE_DELETE

0x00000004

Other open operations can be performed on the file for delete access.

CreateDisposition (4 bytes): ULONG A 32-bit value that represents the action to take if the file already exists or if the file is a new file and does not already exist.

Name and Value

Meaning

FILE_SUPERSEDE

0x00000000

(No bits set.)

If the file already exists, it SHOULD be superseded (overwritten). If it does not already exist, it SHOULD be created.

FILE_OPEN

0x00000001

If the file already exists, it SHOULD be opened rather than creating a new file. If the file does not already exist, the operation MUST fail.

FILE_CREATE

0x00000002

If the file already exists, the operation MUST fail. If the file does not already exist, it SHOULD be created.

FILE_OPEN_IF

0x00000003

If the file already exists, it SHOULD be opened. If the file does not already exist, it SHOULD be created.

FILE_OVERWRITE

0x00000004

If the file already exists, it SHOULD be opened and truncated. If the file does not already exist, the operation MUST fail.

FILE_OVERWRITE_IF

0x00000005

If the file already exists, it SHOULD be opened and truncated. If the file does not already exist, it SHOULD be created.

CreateOptions (4 bytes): ULONG A 32-bit field containing flag options to use if creating the file or directory. This field MUST be set to 0x00000000 or a combination of the following possible values. Unused bit fields SHOULD be set to 0 by the client when sending a request and SHOULD be ignored when received by the server. Below is a list of the valid values and their associated behaviors.

Name and bitmask

Meaning

FILE_DIRECTORY_FILE

0x00000001

The file being created or opened is a directory file. With this option, the CreateDisposition field MUST be set to FILE_CREATE, FILE_OPEN, or FILE_OPEN_IF. When this bit field is set, other compatible CreateOptions include only the following: FILE_WRITE_THROUGH, FILE_OPEN_FOR_BACKUP_INTENT, and FILE_OPEN_BY_FILE_ID.

FILE_WRITE_THROUGH

0x00000002

Applications that write data to the file MUST actually transfer the data into the file before any write request qualifies as semantically complete.  If FILE_NO_INTERMEDIATE_BUFFERING is set, the server MUST process the request as if FILE_WRITE_THROUGH is set in the create request, even if not set by the client.

FILE_SEQUENTIAL_ONLY

0x00000004

This option indicates that access to the file MAY be sequential. The server can use this information to influence its caching and read-ahead strategy for this file. The file MAY in fact be accessed randomly, but the server can optimize its caching and read-ahead policy for sequential access.

FILE_NO_INTERMEDIATE_BUFFERING

0x00000008

The file SHOULD NOT be cached or buffered in an internal buffer by the server. This option is incompatible when the FILE_APPEND_DATA bit field is set in the DesiredAccess field.

FILE_SYNCHRONOUS_IO_ALERT

0x00000010

This flag MUST be ignored by the server, and clients SHOULD set it to 0.

FILE_SYNCHRONOUS_IO_NONALERT

0x00000020

This flag MUST be ignored by the server, and clients SHOULD set it to 0.

FILE_NON_DIRECTORY_FILE

0x00000040

If the file being opened is a directory, the server MUST fail the request with STATUS_FILE_IS_A_DIRECTORY in the Status field of the SMB Header (section 2.2.3.1) in the server response.

FILE_CREATE_TREE_CONNECTION

0x00000080

This option SHOULD NOT be sent by the clients, and this option MUST be ignored by the server.

FILE_COMPLETE_IF_OPLOCKED

0x00000100

This option SHOULD NOT be sent by the clients, and this option MUST be ignored by the server.

FILE_NO_EA_KNOWLEDGE

0x00000200

The application that initiated the client's request does not support extended attributes (EAs). If the EAs on an existing file being opened indicate that the caller SHOULD support EAs to correctly interpret the file, the server SHOULD fail this request with STATUS_ACCESS_DENIED (ERRDOS/ERRnoaccess) in the Status field of the SMB Header in the server response.

FILE_OPEN_FOR_RECOVERY

0x00000400

This option SHOULD NOT be sent by the clients, and this option MUST be ignored if received by the server.

FILE_RANDOM_ACCESS

0x00000800

Indicates that access to the file MAY be random. The server MAY use this information to influence its caching and read-ahead strategy for this file. This is a hint to the server that sequential read-ahead operations might not be appropriate on the file.

FILE_DELETE_ON_CLOSE

0x00001000

The file SHOULD be automatically deleted when the last open request on this file is closed. When this option is set, the DesiredAccess field MUST include the DELETE flag. This option is often used for temporary files.

FILE_OPEN_BY_FILE_ID

0x00002000

Opens a file based on the FID. If this option is set, the server MUST fail the request with STATUS_NOT_SUPPORTED in the Status field of the SMB Header in the server response.

FILE_OPEN_FOR_BACKUP_INTENT

0x00004000

The file is opened or created for the purposes of either a backup or a restore operation. Thus, the server can check to ensure that the caller is capable of overriding whatever security checks have been placed on the file to allow a backup or restore operation to occur. The server can check for access rights to the file before checking the DesiredAccess field.

FILE_NO_COMPRESSION

0x00008000

When a new file is created, the file MUST NOT be compressed, even if it is on a compressed volume. The flag MUST be ignored when opening an existing file.

FILE_RESERVE_OPFILTER

0x00100000

This option SHOULD NOT be sent by the clients, and this option MUST be ignored if received by the server.

FILE_OPEN_NO_RECALL

0x00400000

In a hierarchical storage management environment, this option requests that the file SHOULD NOT be recalled from tertiary storage such as tape. A file recall can take up to several minutes in a hierarchical storage management environment. The clients can specify this option to avoid such delays.

FILE_OPEN_FOR_FREE_SPACE_QUERY

0x00800000

This option SHOULD NOT be sent by the clients, and this option MUST be ignored if received by the server.

SecurityDescriptorLength (4 bytes): ULONG Length of the NT_Trans_Data.SecurityDescriptor field, in bytes.

EALength (4 bytes): ULONG Length of the NT_Trans_Data.ExtendedAttributes field, in bytes.

NameLength (4 bytes): ULONG Length of the Name field in characters.

ImpersonationLevel (4 bytes): ULONG This field specifies the impersonation level requested by the application that is issuing the create request, and MUST contain one of the following values.

Impersonation is described in [MS-WPO] section 8.5.1; for more information about impersonation, see [MSDN-IMPERS].

Name and value

Meaning

SEC_ANONYMOUS

0x00000000

The application-requested impersonation level is Anonymous.

SEC_IDENTIFY

0x00000001

 The application-requested impersonation level is Identification.

SEC_IMPERSONATE

0x00000002

 The application-requested impersonation level is Impersonation.

SecurityFlags (1 byte): UCHAR An 8-bit field containing a set of options that specify the security tracking mode. These options specify whether the server is to be given a snapshot of the client's security context (called static tracking) or is to be continually updated to track changes to the client's security context (called dynamic tracking). When bit 0 of the SecurityFlags field is set to 0, static tracking is requested. When bit 0 the SecurityFlags field is set to 1, dynamic tracking is requested. Unused bit fields SHOULD be set to 0 by the client when sending a request and MUST be ignored when received by the server. This field MUST be set to 0x00 or a combination of the following possible values. Value names are provided for convenience only. Supported values are:

Name and value

Meaning

SMB_SECURITY_CONTEXT_TRACKING

0x01

When set, dynamic tracking is requested. When this bit field is not set, static tracking is requested.

SMB_SECURITY_EFFECTIVE_ONLY

0x02

Specifies that only the enabled aspects of the client's security context are available to the server. If this flag is not specified, all aspects of the client's security context are available. This flag allows the client to limit the groups and privileges that a server can use while impersonating the client.

Name (variable): The name of the file; not null-terminated. If SMB_FLAGS2_UNICODE is set in the Flags2 field of the SMB Header of the request, this field MUST be an array of 16-bit Unicode characters. Otherwise, it MUST be an array of extended ASCII (OEM) characters. If the Name consists of Unicode characters, this field MUST be aligned to start on a 2-byte boundary from the start of the NT_Trans_Parameters.

NT_Trans_Data (variable): The NT_Trans_Data provides the Security Descriptor and Extended Attributes data, if any.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

SecurityDescriptor (variable)

...

ExtendedAttributes (variable)

...

SecurityDescriptor (variable): SECURITY_DESCRIPTOR The security descriptor to use when requesting access to the file. The self-relative form of a SECURITY_DESCRIPTOR MUST be used. See SECURITY_DESCRIPTOR ([MS-DTYP] section 2.4.6) for details. This field MUST be NT_Trans_Parameters.SecurityDescriptorLength in bytes.

ExtendedAttributes (variable): The extended attributes that SHOULD be applied to the new file MUST be in the format that is specified for FILE_FULL_EA_INFORMATION in ([MS-FSCC] section 2.4.15).<148>