Home Page Icon
Home Page
Table of Contents for
II. SMB: The Server Message Block Protocol
Close
II. SMB: The Server Message Block Protocol
by Christopher R. Hertel
Implementing CIFS: The Common Internet File System
Copyright
Dedication
Praise for Implementing CIFS
Bruce Perens’ Open Source Series
About Prentice Hall Professional Technical Reference
About the Cover Art
Foreword
Introduction: CIFS from Eight Miles High
0.1. First Impressions
0.2. What is CIFS?
0.2.1. A Recipe for Protocol Soup
0.3. The CIFS Community
0.3.1. Visiting the Network Neighborhood
0.3.2. Community Collaborations
0.4. Audience
0.5. Scope
0.6. Acknowledgements and Thanks
0.6.1. The Book
0.7. About the Author
0.7.1. Quick Story
0.8. License
I. NBT: NetBIOS over TCP/IP
1. A Short Bio of NetBIOS
1.1. NetBIOS and DOS: The Early Years
2. Speaking NetBIOS
2.1. Emulating “NetBIOS LANs”
2.1.1. The NetBIOS Name Service
2.1.2. The NetBIOS Datagram Service
2.1.3. The NetBIOS Session Service
2.2. Scope: The Final Frontier
2.3. Thus Endeth the Overview
3. The Basics of NBT Implementation
3.1. You Got the Name, Look Up the Number
3.1.1. Encoding NetBIOS Names
3.1.2. Fully Qualified NBT Names
3.1.3. Second Level Encoding
3.1.4. Name Service Packet Headers
3.1.5. The Query Entry
3.1.6. Some Trouble Ahead
3.1.7. Finally! A Simple Broadcast Name Query
3.2. Interlude
4. The Name Service in Detail
4.1. NBT Names: Once More with Feeling
4.1.1. Valid NetBIOS Name Characters
4.1.2. NetBIOS Names within Scope
4.1.3. Encoding and Decoding NBT Names
4.2. NBT Name Service Packets
4.2.1. Name Service Headers
4.2.2. Name Service Question Records
4.2.3. Name Service Resource Records
4.3. Conversations with the Name Service
4.3.1. Name Registration
4.3.1.1. Broadcast Name Registration
4.3.1.2. Unicast (NBNS) Name Registration
4.3.1.3. M and H Node Name Registration
4.3.1.4. Registering Multi-Homed Hosts
4.3.2. Name Query
4.3.2.1. Negative Query Response
4.3.2.2. Positive Query Response
4.3.2.3. The Redirect Name Query Response
4.3.2.4. A Simple Name Query Revisited
4.3.3. Name Refresh
4.3.4. Name Release
4.3.4.1. Name Release Response
4.3.5. Node Status
4.3.5.1. Node Status Response
4.3.6. Name Conflict Demand
4.3.6.1. Name Release Demand Revisited
4.4. Enough Already
5. The Datagram Service in Detail
5.1. Datagram Distribution over Routed IP Internetworks
5.2. The NBDD and the Damage Done
5.3. Implementing a Workable Datagram Service
5.3.1. Fragmenting Datagrams
5.3.2. Receiving Datagrams
5.3.3. Querying the NBDD
5.3.4. The Second Least Well Understood Aspect of NBT
6. The Session Service in Detail
6.1. Session Service Header
6.2. Creating an NBT Session
6.3. Maintaining an NBT Session
6.4. Closing an NBT Session
7. Where It All Went Wrong
7.1. The 0x1Dirty Little Secret
7.2. Twenty-five IPs or Less
7.3. Special Handling Required for 0x1B Names
7.4. Alternate Name Resolution
7.5. The Awful Truth
II. SMB: The Server Message Block Protocol
8. A Little Background on SMB
8.1. Getting Started
8.2. NBT or Not NBT
9. An Introductory Tour of SMB
9.1. The Server Identifier
9.2. The Directory Path
9.3. The File
9.4. The SMB URL
9.5. Was That Trip Really Necessary?
10. First Contact: Reaching the Server
10.1. Interpreting the Server Identifier
10.2. The Destination Port
10.3. Transport Discovery
10.3.1. Run Naked
10.3.2. Using the NetBIOS Name
10.3.3. Reverse Mapping a NetBIOS Name
10.4. Connecting to the Server
11. SMB in Its Natural Habitat
11.1. Our Very First Live SMBs
11.2. SMB Message Structure
11.2.1. SMB Message Header
11.2.2. SMB Message Parameters
11.2.3. SMB Message Data
11.3. Case in Point: NEGOTIATE PROTOCOL
11.4. The AndX Mutation
11.5. The Flow of Conversation
11.6. A Little More Code
11.7. Take a Break
12. The SMB Header in Detail
12.1. The SMB_HEADER.STATUS Field Exposed
12.2. The FLAGS and FLAGS2 Fields Tell All
12.3. EXTRA! EXTRA! Read All About It!
12.4. TID and UID: Separated at Birth?
12.5. PID and MID Revealed
12.5.1. EXTRA.PidHigh Dark Secrets Uncovered
12.6. SMB Header Final Report
13. Protocol Negotiation
13.1. A Smattering of SMB Dialects
13.2. Greetings: The NEGOTIATE PROTOCOL REQUEST
13.3. Gesundheit: The NEGOTIATE PROTOCOL RESPONSE
13.3.1. NegProt Response Parameters
13.3.2. NegProt Response Data
13.4. Are We There Yet?
14. Session Setup
14.1. SESSION SETUP ANDX REQUEST Parameters
14.1.1. Virtual Circuits
14.1.2. Capabilities Bits
14.2. SESSION SETUP ANDX REQUEST Data
14.3. The SESSION SETUP ANDX RESPONSE SMB
15. Authentication
15.1. Anonymous and Guest Login
15.2. Plaintext Passwords
15.2.1. User Level Security with Plaintext Passwords
15.2.2. Share Level Security with Plaintext Passwords
15.3. LM Challenge/Response
15.3.1. DES
15.3.2. Creating the Challenge
15.3.3. Creating the LM Hash
15.3.4. Creating the LM Response
15.3.5. LM Challenge/Response: Once More with Feeling
15.4. NTLM Challenge/Response
15.5. NTLM Version 2
15.5.1. The NTLMv2 Toolbox
15.5.2. The NTLMv2 Password Hash
15.5.3. The NTLMv2 Response
15.5.4. Creating the Blob
15.5.5. Improved Security Through Confusion
15.5.6. Insult to Injury: LMv2
15.5.7. Choosing NTLMv2
15.6. Extended Security: That Light at the End of the Tunnel
15.6.1. The Extended Security Authentication Toolkit
15.7. Kerberos
15.8. Random Notes on W2K and NT Domain Authentication
15.8.1. A Quick Look at W2K Domains
15.8.2. A Few Notes about NT Domains
15.8.3. It’s Good to Have a Backup
15.8.4. Trust Me on This
15.9. Random Notes on Message Authentication Codes
15.9.1. Generating the Session Key
15.9.2. Sequence Numbers
15.9.3. Calculating the MAC
15.9.4. Enabling and Requiring MAC Signing
15.10. Non Sequitur Time
15.11. Further Study
16. Building Your SMB Vocabulary
16.1. That TREE CONNECT Thingy
16.2. SMB Echo
16.3. Readin’, Writin’, and ’Rithmatic
16.4. Transaction SMBs
16.4.1. Mailslots and Named Pipes
17. The Remaining Oddities
17.1. Opportunistic Locks (OpLocks)
17.1.1. OpLock Breaks
17.2. Distributed File System (DFS)
17.3. DOS Attributes, Extended File Attributes, Long Filenames, and Suchlike
18. That Just about Wraps Things Up for SMB
III. The Browse Service
19. A Beautiful Day in the Network Neighborhood
19.1. History: From Frontier Town to Bustling Metropolis
19.2. Sociology
19.3. Politics
19.3.1. When Is a Workgroup not a Workgroup?
19.3.2. Delegating Responsibility
20. Meet the Neighbors
20.1. Browse Service Clientele
20.1.1. Providers
20.1.2. Consumers
20.2. The Local Master Browser
20.3. Becoming a Backup Browser
20.4. Crossing the Street with the DMB
20.5. Elections
21. Infrastructure: The Mailslot and Named Pipe Abstractions
21.1. Meet the Plumbing: Named Pipes
21.2. The Mailslot Metaphor
22. The Talk on the Street
22.1. Making Sense of SMBtrans
22.2. Browse Service Mailslot Messages
22.2.1. Announcement Request
22.2.2. Host Announcement
22.2.3. Election Request
22.2.4. Get Backup List Request
22.2.5. Get Backup List Response
22.2.6. Local Master Announcement
22.2.7. Master Announcement
22.2.8. Domain Announcement
22.2.9. Become Backup Request
22.2.10. The Undocumented Reset
22.2.11. It’s All in the Delivery
22.3. RAPture
22.3.1. NetServerEnum2 Request
22.3.2. NetServerEnum2 Reply
22.3.3. On the Outskirts of Town
22.3.4. Transaction Fragmentation
22.3.5. RAP Annoyances
23. The Better Browser Bureau
23.1. Running an Election
23.1.1. Voting
23.1.2. The Ballot
23.2. Timing Is Everything
24. Samba Browse Service Enhancements
24.1. Automatic LANMAN
24.2. UnBrowsable
24.3. NBNS Wildcard DMB Queries and Enhanced Browsing
24.4. Remote Announce
24.5. Remote Browse Sync
24.6. DMB != PDC
25. It Can’t Happen Here
25.1. Misconfigured Hosts
25.2. Misconfigured Networks
25.3. Implementation Bugs
25.4. Troublemakers
25.5. Design Flaws
26. At Home in the Network Neighborhood
IV. Appendices
A. Making a Good Cup of Tea
A.1. Basics of Making Tea
A.2. About Tea
A.3. Nasty Habits
A.4. Decaffeinating Tea
B. Known NetBIOS Suffix Values
B.1. NetBIOS Name Suffix Bytes
B.2. Special Handling of NetBIOS Names in WINS
C. The SMB URL
C.1. The Origins of the SMB URL
C.2. Of Round Pegs, Square Holes, and Big Mallets
C.3. Form Versus Function
C.4. Additional Parts
C.5. A Simple SMB URL Parser
D. CIFS Technical Reference
Abstract
Intended Usage
DISCLAIMER OF WARRANTIES AND REPRESENTATIONS
LIMITATION OF LIABILITY
INTELLECTUAL PROPERTY RIGHTS
COPYRIGHT AND USAGE AGREEMENT
Acknowledgements
Table of Contents
1. Introduction
1.1. Summary of features
1.1.1. File access
1.1.2. File and record locking
1.1.3. Safe caching, read-ahead, and write-behind
1.1.4. File change notification
1.1.5. Protocol version negotiation
1.1.6. Extended attributes
1.1.7. Distributed replicated virtual volumes
1.1.8. Server name resolution independence
1.1.9. Batched requests
1.1.10. Obsolescence
2. Protocol Operation Overview
2.1. Server Name Determination
2.2. Server Name Resolution
2.3. Sample Message Flow
2.4. CIFS Protocol Dialect Negotiation
2.5. Message Transport
2.5.1. Connection Management
2.6. Opportunistic Locks
2.6.1. Oplock Types
2.6.1.1. Exclusive and Batch Oplocks
2.6.1.2. Level II Oplocks
2.6.2. Comparison with Other File Locking Methods
2.6.3. Oplock SMBs
2.6.3.1. Obtaining an Oplock
2.6.3.2. Releasing an Oplock
2.6.3.3. Revoking an Oplock
2.6.4. Other Issues
2.7. Security Model
2.8. Authentication
2.8.1. Overview
2.8.2. Base Algorithms
2.8.3. Authentication Algorithms
2.8.3.1. NT Session Key
2.8.3.2. LM Session Key
2.8.3.3. Response
2.8.3.4. MAC key
2.8.3.5. Message Authentication Code
2.8.4. Session Authentication Protocol
2.8.4.1. Plain Text Password
2.8.4.2. Challenge/Response
2.8.5. Message authentication code
2.8.6. Security Level
2.9. Distributed File System (DFS) Support
3. SMB Message Formats and Data Types
3.1. Notation
3.2. SMB header
3.2.1. Command field
3.2.2. Flags field
3.2.3. Flags2 Field
3.2.4. Tid Field
3.2.5. Pid Field
3.2.6. Uid Field
3.2.7. Mid Field
3.2.8. Status Field
3.2.9. Timeouts
3.2.10. Data Buffer (BUFFER) and String Formats
3.3. Name Restrictions
3.4. File Names
3.5. Wildcards
3.6. DFS Pathnames
3.7. Time And Date Encoding
3.8. Access Mode Encoding
3.9. Access Mask Encoding
3.10. Open Function Encoding
3.11. Open Action Encoding
3.12. File Attribute Encoding
3.13. Extended File Attribute Encoding
3.14. Batching Requests (“AndX” Messages)
3.15. “Transaction” Style Subprotocols
3.15.1. SMB_COM_TRANSACTION2 Format
3.15.2. SMB_COM_NT_TRANSACTION Formats
3.15.3. Functional Description
3.15.4. SMB_COM_TRANSACTION Operations
3.15.4.1. Mail Slot Transaction Protocol
3.15.4.2. Server Announcement Mailslot Transaction
3.15.4.3. Named Pipe Transaction Protocol
3.15.4.4. CallNamedPipe
3.15.4.5. WaitNamedPipe
3.15.4.6. PeekNamedPipe
3.15.4.7. GetNamedPipeHandleState
3.15.4.8. SetNamedPipeHandleState
3.15.4.9. GetNamedPipeInfo
3.15.4.10. TransactNamedPipe
3.15.4.11. RawReadNamedPipe
3.15.4.12. RawWriteNamedPipe
3.16. Valid SMB Requests by Negotiated Dialect
4. SMB Requests
4.1. Session Requests
4.1.1. NEGOTIATE: Negotiate Protocol
4.1.1.1. Errors
4.1.2. SESSION_SETUP_ANDX: Session Setup
4.1.2.1. Pre NT LM 0.12
4.1.2.2. NT LM 0.12
4.1.2.3. Errors
4.1.3. LOGOFF_ANDX: User Logoff
4.1.3.1. Errors
4.1.4. TREE_CONNECT_ANDX: Tree Connect
4.1.4.1. Errors
4.1.5. TREE_DISCONNECT: Tree Disconnect
4.1.5.1. Errors
4.1.6. TRANS2_QUERY_FS_INFORMATION: Get File System Information
4.1.6.1. SMB_INFO_ALLOCATION
4.1.6.2. SMB_INFO_VOLUME
4.1.6.3. SMB_QUERY_FS_VOLUME_INFO
4.1.6.4. SMB_QUERY_FS_SIZE_INFO
4.1.6.5. SMB_QUERY_FS_DEVICE_INFO
4.1.6.6. SMB_QUERY_FS_ATTRIBUTE_INFO
4.1.6.7. SMB_QUERY_CIFS_UNIX_INFO
4.1.6.8. SMB_QUERY_MAC_FS_INFO
4.1.6.9. Errors
4.1.7. ECHO: Ping the Server
4.1.7.1. Errors
4.1.8. NT_CANCEL: Cancel request
4.2. File Requests
4.2.1. NT_CREATE_ANDX: Create or Open File
4.2.1.1. Errors
4.2.2. NT_TRANSACT_CREATE: Create or Open File with EAs or SD
4.2.2.1. Errors
4.2.3. CREATE_TEMPORARY: Create Temporary File
4.2.3.1. Errors
4.2.4. READ_ANDX: Read Bytes
4.2.4.1. Errors
4.2.5. WRITE_ANDX: Write Bytes to file or resource
4.2.5.1. Errors
4.2.6. LOCKING_ANDX: Lock or Unlock Byte Ranges
4.2.6.1. Errors
4.2.7. SEEK: Seek in File
4.2.7.1. Errors
4.2.8. FLUSH: Flush File
4.2.8.1. Errors
4.2.9. CLOSE: Close File
4.2.9.1. Errors
4.2.10. CLOSE_AND_TREE_DISCONNECT
4.2.10.1. Errors
4.2.11. DELETE: Delete File
4.2.11.1. Errors
4.2.12. RENAME: Rename File
4.2.12.1. Errors
4.2.13. NT_RENAME:
4.2.13.1. Errors
4.2.14. MOVE: Rename File
4.2.14.1. Errors
4.2.15. COPY: Copy File
4.2.15.1. Errors
4.2.16. TRANS2_QUERY_PATH_INFORMATION: Get File Attributes Given Path
4.2.16.1. SMB_INFO_STANDARD & SMB_INFO_QUERY_EA_SIZE
4.2.16.2. SMB_INFO_QUERY_EAS_FROM_LIST & SMB_INFO_QUERY_ALL_EAS
4.2.16.3. SMB_INFO_IS_NAME_VALID
4.2.16.4. SMB_QUERY_FILE_BASIC_INFO
4.2.16.5. SMB_QUERY_FILE_STANDARD_INFO
4.2.16.6. SMB_QUERY_FILE_EA_INFO
4.2.16.7. SMB_QUERY_FILE_NAME_INFO
4.2.16.8. SMB_QUERY_FILE_ALL_INFO
4.2.16.9. SMB_QUERY_FILE_ALT_NAME_INFO
4.2.16.10. SMB_QUERY_FILE_STREAM_INFO
4.2.16.11. SMB_QUERY_FILE_COMPRESSION_INFO
4.2.16.12. SMB_QUERY_FILE_UNIX_BASIC
4.2.16.13. SMB_QUERY_FILE_UNIX_LINK
4.2.16.14. SMB_MAC_DT_GET_APPL
4.2.16.15. SMB_MAC_DT_GET_ICON
4.2.16.16. SMB_MAC_DT_GET_ICON_INFO
4.2.16.17. Errors
4.2.17. TRANS2_QUERY_FILE_INFORMATION: Get File Attributes Given FID
4.2.18. TRANS2_SET_PATH_INFORMATION: Set File Attributes given Path
4.2.18.1. SMB_INFO_STANDARD & SMB_INFO_QUERY_EA_SIZE
4.2.18.2. SMB_INFO_QUERY_ALL_EAS
4.2.18.3. SMB_SET_FILE_UNIX_BASIC
4.2.18.4. SMB_SET_FILE_UNIX_LINK
4.2.18.5. SMB_SET_FILE_UNIX_HLINK
4.2.18.6. SMB_MAC_SET_FINDER_INFO
4.2.18.7. SMB_MAC_DT_ADD_APPL
4.2.18.8. SMB_MAC_DT_REMOVE_APPL
4.2.18.9. SMB_MAC_DT_ADD_ICON
4.2.18.10. Errors
4.2.19. TRANS2_SET_FILE_INFORMATION: Set File Attributes Given FID
4.2.19.1. SMB_FILE_BASIC_INFO
4.2.19.2. SMB_FILE_DISPOSITION_INFO
4.2.19.3. SMB_FILE_ALLOCATION_INFO
4.2.19.4. SMB_FILE_END_OF_FILE_INFO
4.2.19.5. Errors
4.3. Directory Requests
4.3.1. TRANS2_CREATE_DIRECTORY: Create Directory (with optional EAs)
4.3.1.1. Errors
4.3.2. DELETE_DIRECTORY: Delete Directory
4.3.2.1. Errors
4.3.3. CHECK_DIRECTORY: Check Directory
4.3.3.1. Errors
4.3.4. TRANS2_FIND_FIRST2: Search Directory using Wildcards
4.3.4.1. SMB_INFO_STANDARD
4.3.4.2. SMB_INFO_QUERY_EA_SIZE
4.3.4.3. SMB_INFO_QUERY_EAS_FROM_LIST
4.3.4.4. SMB_FIND_FILE_DIRECTORY_INFO
4.3.4.5. SMB_FIND_FILE_FULL_DIRECTORY_INFO
4.3.4.6. SMB_FIND_FILE_BOTH_DIRECTORY_INFO
4.3.4.7. SMB_FIND_FILE_NAMES_INFO
4.3.4.8. SMB_FIND_FILE_UNIX
4.3.4.9. SMB_FINDBOTH_MAC_HFS_INFO
4.3.4.10. Errors
4.3.5. TRANS2_FIND_NEXT2: Resume Directory Search Using Wildcards
4.3.5.1. Errors
4.3.6. FIND_CLOSE2: Close Directory Search
4.3.6.1. Errors
4.3.7. NT_TRANSACT_NOTIFY_CHANGE: Request Change Notification
4.3.7.1. Errors
4.4. DFS Operations
4.4.1. TRANS2_GET_DFS_REFERRAL: Retrieve Distributed Filesystem Referral
4.4.1.1. Errors
4.4.2. TRANS2_REPORT_DFS_INCONSISTENCY: Inform a server about DFS Error
4.4.2.1. Errors
4.5. Miscellaneous Operations
4.5.1. NT_TRANSACT_IOCTL
4.5.1.1. Errors
4.5.2. NT_TRANSACT_QUERY_SECURITY_DESC
4.5.2.1. Errors
4.5.3. NT_TRANSACT_SET_SECURITY_DESC
4.5.3.1. Errors
5. SMB Symbolic Constants
5.1. SMB Command Codes
5.2. SMB_COM_TRANSACTION2 Subcommand codes
5.3. SMB_COM_NT_TRANSACTION Subcommand Codes
5.4. SMB Protocol Dialect Constants
6. Error Codes and Classes
7. Security Considerations
8. References
9. Appendix A -- NETBIOS transport over TCP
9.1. Connection Establishment
9.2. Connecting to a server using the NetBIOS name
9.3. Connecting to a server using a DNS name or IP address
9.3.1. NetBIOS Adapter Status
9.3.2. Generic Server Name
9.3.3. - Parsing the DNS Name (guessing)
9.4. NetBIOS Name character set
10. Appendix B -- TCP transport
11. Appendix C – Share Level Server Security
12. Appendix D – CIFS UNIX Extension
12.1. Introduction
12.2. Principles
12.3. CIFS Protocol Modifications
12.4. Modified SMBs
12.5. Guidelines for implementers
13. Appendix E – CIFS Macintosh Extension
13.1. Introduction
13.2. Principles
13.3. CIFS Protocol Modifications
13.4. Modified SMBs
13.5. Guidelines for implementers
14. Appendix F – API Numbers for Transact based RAP calls
Glossary
References
Books
Web
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
7. Where It All Went Wrong
Next
Next Chapter
8. A Little Background on SMB
Part II. SMB: The Server Message Block Protocol
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset