2.2.4.9.1 Client Request Extensions
An SMB_COM_NT_CREATE_ANDX request is sent by a client to open a file or device on the server. This extension adds the following:
An additional flag bit is added to the Flags field of the SMB_COM_NT_CREATE_ANDX request. The additional flag, NT_CREATE_REQUEST_EXTENDED_RESPONSE, is used to request an extended response from the server.
An additional parameter value is added to the ImpersonationLevel field. SECURITY_DELEGATION is added to allow the server to call other servers while impersonating the original client.
An additional flag bit is added to the CreateOptions field. The additional flag, FILE_OPEN_REPARSE_POINT, is used to open a reparse point file itself.
All other fields are as specified in [MS-CIFS] section 2.2.4.64.1.<49>
-
SMB_Parameters { UCHAR WordCount; Words { UCHAR AndXCommand; UCHAR AndXReserved; USHORT AndXOffset; UCHAR Reserved; USHORT NameLength; ULONG Flags; ULONG RootDirectoryFID; ULONG DesiredAccess; LARGE_INTEGER AllocationSize; SMB_EXT_FILE_ATTR ExtFileAttributes; ULONG ShareAccess; ULONG CreateDisposition; ULONG CreateOptions; ULONG ImpersonationLevel; UCHAR SecurityFlags; } } SMB_Data { USHORT ByteCount; Bytes { SMB_STRING FileName; } }
SMB_Parameters
Words (48 bytes):
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1AndXCommand
AndXReserved
AndXOffset
Reserved
NameLength
Flags
...
RootDirectoryFID
...
DesiredAccess
...
AllocationSize
...
...
ExtFileAttributes
...
ShareAccess
...
CreateDisposition
...
CreateOptions
...
ImpersonationLevel
...
SecurityFlags
-
Flags (4 bytes): A set of flags that modify the client request, as defined in the table below. NT_CREATE_REQUEST_EXTENDED_RESPONSE is new to MS-SMB. All other flags are included in the table for completeness. Unused bits SHOULD be set to zero by the client when sending a request and MUST be ignored when received by the server.
-
Name & bitmask
Meaning
NT_CREATE_REQUEST_OPLOCK
0x00000002
If set, then the client is requesting an oplock.
NT_CREATE_REQUEST_OPBATCH
0x00000004
If set, then the client is requesting a batch oplock.
NT_CREATE_OPEN_TARGET_DIR
0x00000008
If set, then the client indicates that the parent directory of the target is to be opened.
NT_CREATE_REQUEST_EXTENDED_RESPONSE
0x00000010
If set, then the client is requesting extended information in the response.
-
-
ImpersonationLevel (4 bytes): This field specifies the impersonation level requested by the application that is issuing the create request, and MUST contain one of the following values.
Impersonation is described in [MS-WPO] section 9.7; for more information about impersonation, see [MSDN-IMPERS].-
Value
Meaning
SECURITY_ANONYMOUS
0x00000000
The application-requested impersonation level is Anonymous.
SECURITY_IDENTIFICATION
0x00000001
The application-requested impersonation level is Identification.
SECURITY_IMPERSONATION
0x00000002
The application-requested impersonation level is Impersonation.
SECURITY_DELEGATION
0x00000003
The application-requested impersonation level is Delegation.
-
-
CreateOptions (4 bytes): A 32-bit field containing flag options for creating a file or directory. In addition to the flags specified in [MS-CIFS] section 2.2.4.64, the following modifications and extensions apply to the CreateOptions field. FILE_OPEN_REPARSE_POINT is a new flag to SMB. The CreateOptions field MUST be set to 0x00000000 or to a combination of the flags specified in the [MS-CIFS] section 2.2.4.64 CreateOptions table and the following table. Unused bit fields SHOULD be set to 0 when sent and MUST be ignored on receipt. Server implementations SHOULD reserve all bits not specified in the [MS-CIFS] section 2.2.4.64 CreateOptions table and the following table.
-
Name and bitmask
Meaning
FILE_OPEN_REPARSE_POINT
0x00200000
If the file or directory being opened is a reparse point, open the reparse point itself rather than the target that the reparse point references.
-