2.2.4.9.1 Client Request Extensions

An SMB_COM_NT_CREATE_ANDX request is sent by a client to open a file or device on the server. This extension adds the following:

  • An additional flag bit is added to the Flags field of the SMB_COM_NT_CREATE_ANDX request. The additional flag, NT_CREATE_REQUEST_EXTENDED_RESPONSE, is used to request an extended response from the server.

  • An additional parameter value is added to the ImpersonationLevel field. SECURITY_DELEGATION is added to allow the server to call other servers while impersonating the original client.

  • An additional flag bit is added to the CreateOptions field. The additional flag, FILE_OPEN_REPARSE_POINT, is used to open a reparse point file itself.

All other fields are as specified in [MS-CIFS] section 2.2.4.64.1.<49>

 SMB_Parameters
   {
   UCHAR WordCount;
   Words
     {
     UCHAR         AndXCommand;
     UCHAR         AndXReserved;
     USHORT        AndXOffset;
     UCHAR         Reserved;
     USHORT        NameLength;
     ULONG         Flags;
     ULONG         RootDirectoryFID;
     ULONG         DesiredAccess;
     LARGE_INTEGER AllocationSize;
     SMB_EXT_FILE_ATTR      ExtFileAttributes;
     ULONG         ShareAccess;
     ULONG         CreateDisposition;
     ULONG         CreateOptions;
     ULONG         ImpersonationLevel;
     UCHAR         SecurityFlags;
     }
   }
 SMB_Data
   {
   USHORT ByteCount;
   Bytes
     {
     SMB_STRING FileName;
     }
   }

SMB_Parameters

Words (48 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

AndXCommand

AndXReserved

AndXOffset

Reserved

NameLength

Flags

...

RootDirectoryFID

...

DesiredAccess

...

AllocationSize

...

...

ExtFileAttributes

...

ShareAccess

...

CreateDisposition

...

CreateOptions

...

ImpersonationLevel

...

SecurityFlags

Flags (4 bytes): A set of flags that modify the client request, as defined in the table below. NT_CREATE_REQUEST_EXTENDED_RESPONSE is new to MS-SMB. All other flags are included in the table for completeness. Unused bits SHOULD be set to zero by the client when sending a request and MUST be ignored when received by the server.

Name & bitmask

Meaning

NT_CREATE_REQUEST_OPLOCK

0x00000002

If set, then the client is requesting an oplock.

NT_CREATE_REQUEST_OPBATCH

0x00000004

If set, then the client is requesting a batch oplock.

NT_CREATE_OPEN_TARGET_DIR

0x00000008

If set, then the client indicates that the parent directory of the target is to be opened.

NT_CREATE_REQUEST_EXTENDED_RESPONSE

0x00000010

If set, then the client is requesting extended information in the response.

ImpersonationLevel (4 bytes): This field specifies the impersonation level requested by the application that is issuing the create request, and MUST contain one of the following values.

Impersonation is described in [MS-WPO] section 9.7; for more information about impersonation, see [MSDN-IMPERS].

Value

Meaning

SECURITY_ANONYMOUS

0x00000000

The application-requested impersonation level is Anonymous.

SECURITY_IDENTIFICATION

0x00000001

The application-requested impersonation level is Identification.

SECURITY_IMPERSONATION

0x00000002

The application-requested impersonation level is Impersonation.

SECURITY_DELEGATION

0x00000003

The application-requested impersonation level is Delegation.

CreateOptions (4 bytes): A 32-bit field containing flag options for creating a file or directory. In addition to the flags specified in [MS-CIFS] section 2.2.4.64, the following modifications and extensions apply to the CreateOptions field. FILE_OPEN_REPARSE_POINT is a new flag to SMB. The CreateOptions field MUST be set to 0x00000000 or to a combination of the flags specified in the [MS-CIFS] section 2.2.4.64 CreateOptions table and the following table. Unused bit fields SHOULD be set to 0 when sent and MUST be ignored on receipt. Server implementations SHOULD reserve all bits not specified in the [MS-CIFS] section 2.2.4.64 CreateOptions table and the following table.

Name and bitmask

Meaning

FILE_OPEN_REPARSE_POINT

0x00200000

If the file or directory being opened is a reparse point, open the reparse point itself rather than the target that the reparse point references.